Jen Dunlop
Posted by Jess Irwin, senior consultant, and Jen Dunlop, managing director, at Legal Futures Associate Compliance Office
The Solicitors Regulation Authority (SRA) has released its 2024-25 anti-money laundering report, a detailed review of the sector’s readiness to meet the obligations set out in the Money Laundering Regulations.
The scale of supervision this year is striking. The SRA carried out 935 proactive engagements in the year to 5 April 2025, including onsite inspections, desk-based reviews and thematic assessments. This represents a significant uplift in supervisory activity and gives a clear indication of the scrutiny firms can expect.
Almost a third of firms examined were assessed as non-compliant, with a further 54% only partially compliant. The SRA has repeated its view that all firms should expect AML scrutiny in the near future.
That expectation sits alongside the wider regulatory shift that will eventually bring legal and accountancy firms under the Financial Conduct Authority as a single AML supervisor. A period of sustained regulatory attention is now inevitable, and firms that invest time in strengthening controls will be better placed for this changing landscape.
Why AML oversight matters
The report sets out the wider context that shapes the SRA’s approach. The National Crime Agency (NCA) estimates that more than £100bn is laundered through the UK or UK corporate structures every year. Thousands of organised crime groups operate in the UK and legal services can be targets for the movement and concealment of illicit funds.
Conveyancing transactions remain an accessible route for criminals due to the large values involved. Trusts and company structures can obscure beneficial ownership, and client accounts can give the appearance of legitimacy to funds with criminal origins.
These systemic risks explain the sustained regulatory pressure on firms and the SRA’s emphasis on evidencing a risk-based approach.
The weaknesses the SRA highlighted
The report identifies six areas where firms struggled to meet core AML requirements. These findings provide a practical roadmap for firms that want to strengthen compliance.
1. Client and matter risk assessments
Client and matter risk assessments remain the single largest cause of SRA referrals – 16% of reviewed files did not include any assessment or included incomplete documentation, while a further 39% did not effectively evaluate the money laundering risk.
Firms often focus on operational or business risks rather than the financial crime risks mandated by the regulations.
The SRA expects each assessment to record the rationale for the risk rating and the due diligence steps required. Re-circulating the SRA’s warning notice and the firm-wide risk assessment can also reinforce the firm’s policy position and raise awareness of common red flags.
2. Source of funds and source of wealth
The SRA found repeated issues with the quality of source of funds and source of wealth checks. Documents were often collected but not analysed and in some cases explanations did not match the origin of funds actually received into client account.
Identifying unexpected fund flows remains one of the clearest indicators of potential criminal activity.
Firms should record why they are satisfied that the funds in a transaction are legitimate, probe further when the stakes are high, and monitor that the funds are received from the expected source.
3. Policies, controls and procedures
Policies often lacked sufficient detail or were not followed in practice. Critical areas such as risks posed by new technologies, reporting discrepancies to Companies House, ‘reliance’ (on third-party client due diligence (CDD) checks), simplified due diligence, products that favour anonymity, high-risk jurisdictions, and sanctions were frequently missing or inadequately addressed.
The SRA’s next thematic review will focus on regulation 19(3)(e), which requires firms to monitor and manage compliance. Now is an appropriate time for firms to review their own procedures and test whether their daily practices align with their written policies.
Regular file reviews, reporting mechanisms to senior management and clear checklists for staff all help raise standards.
4. Firm-wide risk assessments
Although the overall quality of firm-wide risk assessments has improved, many still lack the depth expected by the regulator. The assessment should be specific to the firm’s work types, client base and geographical profile.
The SRA expects firms to define what higher risk looks like within their own context, including large or unusually complex transactions. A well-drafted firm-wide risk assessment informs all other AML controls and lays the foundation for tailored due diligence.
5. Client due diligence
Identification and verification failures remain prevalent. Over-reliance on electronic verification systems can lead to the misconception that a positive verification result completes the CDD requirement.
The SRA expects fee-earners to consider the full report, including any indicators of politically exposed persons, sanctions exposure or adverse media.
Successful firms set clear expectations with clients, build controls into their systems to prevent matters from progressing without CDD, and carry out regular file reviews to ensure nothing is overlooked.
6. Enhanced due diligence
Enhanced due diligence and enhanced ongoing monitoring were not applied consistently. High-risk countries, politically exposed persons and complex or large transactions require greater scrutiny.
Client and matter risk assessment forms should prompt staff to identify high-risk factors, and the firm-wide risk assessment should help staff understand the specific risks relevant to their practice.
Key controls the SRA expects to see
1. Training and leadership engagement
The report reinforces the importance of regular AML training and visible support from senior management.
Training remains one of the most effective controls in developing the professional scepticism required within legal practice. Management engagement is equally essential since staff follow the tone and priorities set at the top of the organisation.
2. Independent audits
Independent audits are now routinely requested during inspections. Firms should view audits as an opportunity for improvement rather than a procedural requirement. Audits should include file reviews, and firms should be able to show that findings have been addressed.
3. Suspicious activity reports
The SRA is assessing the quality of suspicious activity reports (SARs) submitted across the sector. Firms should be familiar with the National Crime Agency guidance and the SRA’s updated warning notice.
During this reporting period, the SRA submitted 19 SARs of its own arising from inspections. Many involved conveyancing transactions, although the SRA also identified suspicious activity in areas such as litigation.
Firms should document reasons for decisions not to submit SARs, as these decisions may be examined later. Firms that fall outside the scope of the MLRs still have Proceeds of Crime Act obligations and should ensure those duties are understood.
4. Sanctions compliance
Sanctions compliance applies to every law firm. The regulator expects firms to have a sanctions risk assessment, clear screening procedures and a documented approach for dealing with positive matches.
The sanctions regime imposes strict liability and firms acting for sanctioned persons or entities must understand the Office of Financial Sanctions Implementation licence framework. Failures to follow licence reporting requirements remain the most common reason for SRA action in this area.
What the SRA’s direction of travel means for firms
The report shows a regulator with a clear focus on risk and data. The SRA is using information from annual data collections, public data and its own technology tools to identify exposure points. Firms can expect this approach to develop further.
For firms, the priority now is to translate policy into consistent practice. That means investing time in tailored risk assessments, exercising professional scepticism about client funds, reviewing firm-wide procedures and embedding AML awareness into daily workflows.
Strengthening these fundamentals will reduce the likelihood of adverse findings and prepare firms for the transition to future Financial Conduct Authority oversight.
AML supervision continues to evolve. Firms that engage with these findings now will be better placed to navigate the changing regulatory environment that lies ahead.
Leave a Comment