A Day in the Life of an AML Analyst, Hannah Song, Covington & Burling LLP

Welcome to our blog series – A Day in the Life – where we demystify risk and compliance careers by sharing the insights and experiences of professionals to offer a behind-the-scenes look at their workday.

Navigating a career in risk and compliance can be confusing - a title at one firm may have a very different set of responsibilities than at another. By pulling back the curtain, we hope to shed light on what different professionals in different environments do and the challenges they face, and to show how diverse and rewarding a career in risk and compliance can be.

We heard from Hannah Song, an AML Analyst at Covington & Burling LLP, an international law firm. She pulls back the curtain on what her role looks like and her experience within this industry.

How did you get into law firm risk and compliance? How did you first find out about this career path? Why did you choose to work in this space?

My first compliance role was with a corporate service and trust provider. It was only after moving on from that position that I found myself, somewhat unexpectedly, stepping into the legal industry. At the time it was only law firms recruiting for the level I was at, so I gave it a go and here I am still in law firm risk and compliance 6.5 years later and completing a law degree. I have continued with law firms as there are so many variations to what a firm’s risk appetite is depending on the practice areas and jurisdictions they cover, and I love learning about the different approaches that everyone takes. There are endless opportunities to grow and develop in law firm risk and compliance which can change your career in unexpected ways and for the better.

Tell us about your career journey so far and how it led you to your current role. What were the key roles and experiences that prepared you to get your current position?

Like many others I landed a role in compliance by chance. I remember going into the interview without fully understanding what the job role was. I had just returned to the UK after living in China for four years so had been applying for general admin roles just to get some income. I applied for a position that I initially thought was beyond my qualifications, as the job description required a law degree, something I didn't have. Still, I figured, why not give it a shot? Thankfully, I was offered the job, marking my entry into the world of compliance. During my time there, I completed multiple ICA courses, which significantly enhanced my understanding of both the role and the broader field of compliance. This role not only launched my career in compliance but also sparked a lasting passion for the field. It laid the foundation for my expertise, introducing me to various jurisdictions and regulatory frameworks—an area that continues to be a key interest of mine today.

When I joined Covington & Burling, I brought knowledge but lacked confidence. It was here that I found the environment to develop and strengthen that confidence. I began with lower-risk tasks, gradually demonstrating my abilities and progressing to more complex, higher-risk work. The risk appetite here was different so I was constantly asking questions and double checking my work with colleagues. Thanks to the strong and supportive team, my confidence flourished, leading to opportunities to contribute to audits, engage with clients, and build valuable relationships beyond my immediate team.

If you, like me, struggle with confidence, don’t hesitate to ask questions and share your thoughts. This process not only helps you build belief in yourself but also allows others to guide you in the right direction if your thinking needs adjustment. Embrace learning fearlessly—it’s the cornerstone of unlocking the confident person within you.

What does a typical day look like in your role? Tell us about your responsibilities and what you get up to on a day-to-day basis.

Most days involve working on new client or existing client new matter requests. This might require a full review which would mean researching the client, trying to obtain as many of the KYC documents from public sources as possible, running them through screening software, and analysing risks. If it is not possible to gather all the necessary KYC documents and information, I communicate with the lawyers to inform them of what is needed from the client. This often involves engaging in discussions with the lawyer to explain the purpose and rationale behind the KYC request. These conversations can get repetitive, but I quite like them as it’s an opportunity to get to know the lawyers and gives me opportunities to ask about their work. I have learned a lot through these discussions and encourage others to utilise phone calls more often; sometimes with technology and emails we forget that there are real people at the other end. 

Conversing with the legal secretaries is a daily occurrence too and these conversations can range from AML questions, difficulties with intapp, finding out what stage a request is at, etc. As with the lawyers, these calls are great opportunities to get to know the people behind the email addresses. 

As well as these daily tasks there are projects that I can work on and these can range from audit preparation, updating of policy and procedures, training, software testing, intapp development, etc. 

If someone shadowed you for a day, what do you think would surprise them the most?

Our work often goes unnoticed and can sometimes be viewed as an inconvenience, as our responsibilities may lead to delays or disruptions. Lawyers, secretaries, and clients are unaware of the extensive research we conduct before reaching out to request documentation or information. This is why one of the biggest surprises would likely be the sheer amount of effort involved before sending that dreaded KYC request email. They might also be surprised by the frequency with which regulations, guidance, policies, and technology evolve. This ever-changing landscape is one of the reasons I love my job—there’s always something new to learn, ensuring the work remains engaging and dynamic.

What are the most rewarding aspects of your job?

Successfully passing audits! Some might think it’s unusual, but I genuinely enjoy audits. Don’t get me wrong, they require a lot of effort, often involving repetitive administrative tasks. However, I appreciate the valuable insights they provide, particularly in understanding the workload differences between clients. There’s a unique satisfaction in receiving that email confirming a successful audit.

Additionally, I love the appreciation from lawyers and legal secretaries when I’ve been able to assist them.

What are the biggest challenges you face in your job?

The decreasing availability of public company registries has made work more challenging—not just for me, but for everyone in the industry. It impacts the software we rely on, as outdated information reduces reliability, and it complicates client research for onboarding and ongoing monitoring. Lawyers also feel the strain, as they must engage more frequently with the compliance department. Meanwhile, clients bear the burden of increased KYC requirements, which can lead to service delays.

Beyond this, there is often a lack of awareness within most law firms about the role of the compliance department. If people better understood the scope and importance of our work, it would foster stronger relationships between compliance teams, lawyers, legal secretaries, and management.

What are the most valuable lessons you’ve learned while working in law firm risk and compliance?

I've learned countless valuable lessons, but one of the most important is the power of effective communication. When lawyers or clients understand the reasoning behind our requests for documentation or information, they are far more cooperative. Equally important is recognising any restrictions the client may face; some companies have policies that explicitly prevent them from sharing certain documents. As a result, adaptability is crucial; I strive to find alternative solutions that meet compliance requirements while accommodating what the client can provide.

On the subject of communication, sometimes a single phone call can prevent the frustration of exchanging ten back-and-forth emails!

What skills and attributes do you think are needed to excel in a law firm risk and compliance career?

Adaptability is essential, as the landscape is constantly evolving—what was effective last year may no longer be efficient today. Staying up to date with regulatory changes, advancements in technology, and emerging criminal tactics is crucial for progressing in a law firm’s risk and compliance career.

Attention to detail is equally important, especially when criminals leverage technology to outmanoeuvre security measures. This skill is also vital when navigating different jurisdictions, each with its own set of rules and regulations.

Above all, as you advance in your career, becoming a great leader is just as important as technical expertise. The best teams succeed not just because of their skills, but because they are guided by a leader who believes in them, fosters growth, and provides opportunities to learn and develop.

What are your future plans for your career? Where do you see yourself in 5 years?

I am currently studying for a law degree part-time and plan to complete the SQE, with the goal of seeing my name on the SRA register—an achievement I take great pride in, as I am pursuing it alongside a full-time job.

Career-wise, my goal is to become an MLRO or deputy MLRO within the next five years, and my long-term aspiration is to lead a compliance department. Throughout my career, I have focused on building a deep knowledge base and strengthening my confidence to ensure I am fully prepared for the next steps—steps I am now actively taking.

How do you think the risk and compliance space will change over the next 10 years? What challenges do you think law firm risk and compliance professionals will face in the future?

The next decade is bound to bring significant changes. Take technology, for example—AI has rapidly become accessible to the masses, and compliance software currently has a major gap that could evolve dramatically within this period. While technology enhances compliance efforts, it also aids criminals in laundering money more effectively. As advancements continue, legislation must adapt to keep pace, ensuring AML remains ahead of emerging threats, addressing data privacy concerns, and strengthening cybersecurity measures.

On the geopolitical front, shifting global dynamics may lead to countries once considered low risk becoming high-risk, affecting firm risk appetites, sanctions policies, and regulatory approaches.

I also hope to see law firms separating their conflicts and AML departments, allowing each area the attention it deserves. While AML is just as critical as conflicts, it is often treated as a secondary concern. As regulations tighten and audits become more rigorous, collaboration between compliance professionals, conflicts teams, and AML specialists will be essential to maintaining preparedness.

Finally, with the growing influence of LinkedIn and an increasing focus on cultivating positive work cultures, I hope that in 10 years, risk and compliance leaders will continue leading by example—empowering and inspiring the next generation of professionals in the field.

 

Thank you for taking the time to read this day in the life of a compliance professional!

We hope these pieces can offer useful insights, as there’s a lot to learn from each professional’s perspective, so make sure to explore the rest of the series to gain even more insights. 

If you’re curious to learn more - or you just want to chat about your next step in compliance - don’t hesitate to reach out. We’re here to discuss opportunities, provide support, and help you navigate your journey in compliance. 

Get all the latest law firm risk and compliance news in your inbox with our free monthly newsletter. Join our network on LinkedIn and check out our podcast!

We're here to keep you in the loop!