Tracfin for fiduciary lawyers: the legal privilege paradox

Lawyers' subjection to anti-money-laundering and counter-terrorism-financing rules (AML-CTF) dates from the French law of 11 February 2004. Twenty years later, its application remains an uncomfortable topic for the profession. The Conseil National des Barreaux (CNB) published an updated guideline in September 2024, and the profession's Control Commission resumed targeted audits on firms with fiduciary activity.

The scope: broader than people think

Article L.561-3 of the French Monetary and Financial Code targets lawyers when they participate, in the name and on behalf of a client, in financial or real-estate transactions, or when they assist a client in preparing or carrying out transactions involving: real-estate purchase/sale, fund management, account opening, organizing capital contributions for company creation, company formation/management/direction, or trust constitution/management.

For a generalist firm doing corporate law, real-estate law or tax law, almost every file falls in scope. For a pure criminal-law firm or a classical family-law firm, the scope is very narrow. But in practice, few firms are 100% out of scope.

The legal-privilege paradox

Lawyers do not declare to Tracfin (the French FIU) directly — they declare to the Bâtonnier of the Bar, who forwards to Tracfin after filtering. Legal privilege is partly preserved: the suspicion declaration cannot target information collected as part of legal advice or judicial proceedings (except active participation in laundering). But the line between legal advice and financial advisory activity is thin, and that's where the audit risk sits.

The 6th AML-CTF directive (transposition into French law under way) introduces additional obligations: enhanced beneficial-ownership register, documented per-client risk classification, and — new — the obligation to be able to reconstruct the chronology of the lawyer's vigilance decisions on a file. It is this traceability that causes the most problems.

Three practices that secure the firm

Formalized risk mapping

The firm must produce annually an AML-CTF risk map: by client typology (natural person / legal entity / foreign structure), by transaction typology (formation / sale / trust), by jurisdiction (France / EU / third countries). This map feeds the risk classification applied to each file — low, standard, high. It must be dated, signed, and reviewed annually.

Continuous KYC, not just at onboarding

The classic mistake is to do KYC at file opening then forget. Vigilance is continuous: if the client changes structure, if an atypical transaction appears mid-mission, KYC must be re-evaluated. This re-evaluation must be documented — a simple comment in the file is not enough, you need a formal trace with date, reason, conclusion.

Audit trail of decisions

Every vigilance decision — declaration to the Bâtonnier or decision not to declare — must be justifiable after the fact. The reason ("transaction consistent with client activity", "no anomaly detected") must be traced. In an audit, this decision trail is what protects the lawyer. Without it, absence of declaration can be interpreted as a vigilance failure.

What the 6th directive prepares

The 6th AML-CTF directive and the AMLA regulation (European Anti-Money Laundering Authority) gradually enter into force in 2026-2027. For lawyers, this means: (1) European supervisory authority indirectly via national authorities, (2) a harmonized EU central beneficial-owner register, (3) cash-payment declaration thresholds unified at €10,000, (4) reinforced liability for firms operating in several member states.

For a law firm that wants to hold, the topic is no longer to avoid Tracfin — it's to industrialize an AML-CTF discipline that doesn't take more than 30 minutes per file on average, and that produces the trace audits need.