Compliance Update July 2025

Jul 2, 2025 | Compliance Update

rule changes, tribunal trends, new guidance, deadlines – tick

Can you believe we’re already over halfway through 2025? Time flies when you’re having fun in the legal compliance world! While some of us might be diving into pool floats and sunscreen this summer, we’re diving in headfirst to deliver this Q3 compliance update. Grab your iced coffee—it’s time for the latest scoop (and no, not the ice cream kind).

New rules and guidance from SRA

SRA Business plan: The SRA has been consulting on its 2025-26 business plan due to “unforeseen and changing priorities” since the original corporate strategy for 2023 to 2026 was prepared. The consultation closed on 19/6/25 so no doubt we will be hearing further from the SRA shortly. The main focus is:

  1. the safeguarding of client money (following the Axiom Ince scandal);
  2. increasing concerns about high-volume consumer claims (in light of the recent collapse of various claims firms and the consequent impact on large numbers of consumers);
  3. concerns about the alleged deprioritising by solicitors of ethical behaviour and knowledge (following the Post Office scandal); and
  4. the 40% rise in SRA investigations (due to increased (in terms of volume, variety and complexity) misconduct reporting and the increase in the variety and complexity of misconduct concerns).

As part of the consultation, the SRA is seeking to increase its budget by £16.3 million, which is likely to impact the practising certificate fees by an overall rise for individuals of 2.4%.  For further details see the SRA’s website here or watch their webinar.

SRA AML Enforcement: The SRA’s webinar (from 7/5/25) offers insight into their AML enforcement approach in respect of AML breaches and expectations during inspections. It outlines likely outcomes and common triggers for referrals to the AML Investigations team, including incomplete Client & Matter risk assessments, outdated FWRAs and AML policies, and inadequate source of funds/wealth enquiries. If you have any concerns about your current level of compliance or an imminent SRA visit, do get in touch.

SRA’s fining powers: Following the (not particularly positive) feedback on its 2024 Financial Penalties Consultation, the SRA plans to revise its proposals and issue a further consultation later this year. One of their aims is to work with the SDT to explore opportunities to align their respective approaches to financial penalties (which would seem to be a sensible step!). In the meantime:

  • the proposal of Global turnover fines has been scrapped due to complexities – they will continue to focus on domestic turnover.
  • the proposal to cease issuing financial penalties for drink driving offences will go ahead, save in exceptional circumstances.
  • they are seeking to speed up their ability to issue unlimited fines in economic crime cases (such as money laundering, sanctions and fraud) pursuant to ECCTA 2023 by making technical changes to the fining guidance, including providing case studies to illustrate when the new powers will apply, thereby likely simplifying the LSB approval process. These powers face strong opposition from the Law Society so it will be interesting to see what results from the planned further consultation with the main and various local law societies. Potentially scary times for solicitors and law firms – watch this space.

Indefinite publication of SRA disciplinary outcomes? The SRA has confirmed that their new approach of basing publication lengths on the seriousness of the misconduct came into effect on 2/6/25 (following LSB approval in December 2024).  Previously the period was generally fixed at 3 years but longer periods (including an indefinite period) will become the norm for “the most serious outcomes”, with the SRA taking into account what is “fair, proportionate and best serves the public interest”. In “very rare” cases, the SRA may even decide not to publish a decision at all…  The SRA’s Guidance on Publishing regulatory and disciplinary decisions has been updated accordingly.

Guidance from the Law Society

Economic Crime Levy: For those firms with UK revenue of £10.2 million and above, this is a Law Society Guide for you, setting out who must pay, how much, how to pay and what happens if you don’t pay!

Climate change practice note for conveyancers: In May, the Law Society issued a new practice note for property lawyers, expanding on its 2023 guidance, to address how to advise clients on climate change risk. It covers physical (e.g. flooding, subsidence), transition (e.g. legal and market changes), and liability or legal risks (e.g. planning restrictions, rights of way). It provides practical guidance on how to limit liability such as documenting advice, conducting climate risk searches, and clarifying they are not surveyors and therefore can’t advise on technical or physical aspects of climate change. Given your indemnity insurance is unlikely to cover such advice, this is especially important. Sample report wording is also provided. Further commentary can be found here.

Money Laundering risks and threats: Whilst not particularly new (having been published in January), this tool is a useful resource to help firms understand current and emerging money laundering risks and threats – always helpful when considering your FWRA and keeping it up to date.

Hot topics

Anti-money laundering, sanctions & financial crime

SRA AML & Sanctions Data collection: Don’t forget that the SRA’s AML and Sanctions data collection exercise is running this month (yes, a lot earlier than last year!) with a deadline which we believe to be mid-August (we’ll keep you posted with confirmation). Remember it is a regulatory requirement for all firms (whether in or out of scope of the Money Laundering Regulations) to complete it!  Further information, including various questions and answers, can be found on the SRA’s website here. COLPs should be receiving the digital questionnaire and SRA portal access in their inbox (or junk mail!) now so look out for them!  If you haven’t already, we recommend that you check that your Firm Wide Risk Assessment (FWRA), policies, procedures and training (in relation to both AML and Sanctions) are up to date and tailored to your firm (and don’t forget to keep previous versions in a safe place).  Do get in touch if we can assist with any of this.

LSAG 2025 update: Just when you thought you were on top of your AML policies and procedures, the LSAG Guidance was updated on 23/4/25 to reflect HM Treasury’s approval of the December 2023 addendum.  You can read the full 2025 guidance here (including the Schedule of Amendments from page 221 onwards).  There is nothing dramatically new per se, but there is some clarification, and it is nice to have everything in one place .  For a summary of the changes see here.

High Risk Third Countries (HRTC): The list of High-Risk Jurisdictions for AML purposes changed on 13 June following the update to the Financial Action Task Force (FATF)’s ‘black’ and ‘grey’ lists. The updated lists can be found on the FATF website or the (now updated) Law Society website.  The lists now include British Virgin Islands (BVI) and Bolivia, with Croatia, Mali & Tanzania having been removed (but this doesn’t mean they are suddenly low risk!). The Money Laundering Regulations require EDD to be carried out on clients (and other parties) who are established in a country on the FATF lists so review your existing clients and matters and ensure you are complying. The addition of BVI may cause some headaches for firms as a lot of trusts and more complex structures are based there.

SRA AML inspections: These are coming thick and fast at the moment with increasing numbers of firms receiving the ‘dreaded letter’ from the SRA either notifying them of a desk-based review of their AML policies and procedures or an on-site review. The list of information being requested each time appears to be increasing. In April we provided a summary of what to expect (in advance and on the day) to our retainer clients, which can be accessed here. The Law Society also has a note on preparing for an AML visit here.

More proportionate anti-money laundering regime? The Government has announced that it will deliver a “clearer and more proportionate” AML regime (we can but hope!!), seeing the UK legal sector as “a national asset and an engine of economic growth” but recognising that AML checks are seen as a “major burden” to law firms.  There is no detail on what these changes will be yet but we are told that HM Treasury will “bring forward a package of changes to the MLRs aimed at improving their effectiveness” “before the end of this year”…we will no doubt all be waiting with baited breath!

Sanctions Risk: Is Your Firm Prepared? As enforcement activity increases, law firms of all shapes and sizes are under growing pressure to assess and mitigate their exposure to sanctions risks. Recent action from OFSI (Office of Financial Sanctions Implementation) — including a £465,000 fine against a law firm in March see our April quarterly update) and a £5,000 fine in April against a shipping company for failing to respond to an information request from OFSI, and a rebuke from the SRA for the London office of a leading US firm in June for failing to comply with licence conditions — signals a clear shift: sanctions compliance is no longer optional, it’s essential. Coupled with the SRA’s enhanced scrutiny (inspections and updated Guidance) and OFSI’s Legal Services Threat Assessment (see below), this is an area firms cannot afford to overlook.

See OFSI’s blog highlighting 3 key lessons:

  1. Know your exposure: Conduct a firm-wide sanctions risk assessment. Consider your clients, jurisdictions, and practice areas — UK-based firms are not immune.
  2. Implement and follow clear processes: Sanctions screening (including of beneficial owners and, preferably, connected third parties) should be built into your onboarding and due diligence processes.
  3. Understand ownership and control: Sanctions don’t stop at face-value relationships. Who ultimately controls the entity matters — and the risks aren’t always obvious.

Pro tip: Document everything: policies, rationale, findings and remember prompt reporting to OFSI can reduce penalties.  For more info, see the SRA’s free webinar and OFI’s video guidance: ‘Financial Sanctions: The Basics’ or contact us for training and template documents.

OFSI Legal Services Threat Assessment report:  OFSI’s first Legal Services Threat Assessment highlights the key role legal professionals play in UK financial sanctions compliance, especially in identifying suspected breaches by Designated (sanctioned) Persons (DPs) and their ‘professional enablers’.  Key points:

  1. Sanctions don’t just apply to Russia!
  2. UK trust & company services providers (TCSPs) (as well as smaller law firms) are under-reporting suspected sanctions breaches.
  3. Most non-compliance relates to breaches of OFSI licence conditions.
  4. Complex corporate structures, including trusts, are used to hide DPs’ assets – understanding your clients’ ownership and control structure is vital.
  5. DPs seek to avoid sanctions by transferring assets/ business interests to non-DPs.
  6. Protect yourselves (at the outset and throughout the retainer) by:
    a. Reviewing the ‘red flags’ in the report – particularly when an “intermediary jurisdiction” is involved, such as BVI, Cyprus, Guernsey and Switzerland, as well as the Isle of Man, Jersey, Cayman Islands, Austria and UAE.
    b. Refer to the 3 points in the OFSI blog
    c. Where relevant, understand/ comply with licence requirements.
    d. Report breaches of sanctions or licence conditions promptly.
    e. Remain alert for separate money laundering etc offences
    f. The UK Sanctions Regime is strict liability and the SRA strongly encourages firms to improve internal controls and staff awareness.


UK Russia Sanctions: New Regulations: Effective 24/4/25, the Russia (Sanctions) (EU Exit) (Amendment) Regulations 2025 significantly expand UK trade sanctions against Russia, aiming to restrict Russia’s access to certain goods, technology, software, and related services, with expanded lists including chemicals, metals, electronics, machinery, vehicles and plastics (as well as new import bans from Russia, including synthetic diamonds and helium). There are tighter controls on dual-use items (civilian tech with military potential, e.g. gaming consoles used to pilot drones) and four new categories of restricted technologies, including Energy (oil & gas), Industrial design and Business enterprise.

Law firms (particularly those handling commercial contracts and intellectual property) with clients in effected industries (e.g. financial services, technology, commodities) or involved in international trade with complex supply chains should consider how these changes affect them and their clients.  The government guidance relating to software sanctions includes some suggestions:

  • contract clauses that ensure restricted software and technology are treated in line with sanctions and to prevent them being made available to persons connected with Russia.
  • foster a more holistic approach to due diligence and risk assessment, seeking a greater understanding of the end users of goods, software, and technology.

And as always, conduct rigorous screening of clients and counterparties, especially if linked to high-risk sectors, Russia or “intermediary countries”. (see the OFSI Legal Service Threat Assessment Report piece above); update policies and procedures and ensure staff are well-informed, and report breaches to OFSI/ OTSI (and potentially the SRA).  If this may affect your firm, specialist legal advice is likely to be required.

Failure to prevent fraud

As previously mentioned this new criminal offence, is due to come into force on 1/9/25 (with unlimited fines for those found liable). For further information on the specific fraud offences, how an organisation can be held liable, and steps to take to prepare, see the government guidance, the SRA information and The Law Society blog, How law firms and legal teams can prepare.  The new legislation only applies to “large organisations”, defined as one which meets at least 2 of the following criteria:

  • more than 250 employees
  • more than £36 million turnover
  • more than £18 million in total assets.

(measured by looking at the aggregate figures across any parent company and its subsidiaries, wherever in the world they are located).

This is unlikely to apply to most of our clients but if you think it might (for example because you are part of a larger group), please act now and do get in touch if you have any concerns.  Even if the new offence will not apply to your firm, fraud is still a risk to all firms and you may wish to consider implementing the measures recommended in the guidance in any event.

Law firm management

Cyber-attacks on the rise :  With rising cyber-attacks on law firms (and organisations in general – think M&S, the Co-op, Harrods and the Legal Aid Agency in recent months) securing IT systems is essential, not only to prevent data/ confidentiality breaches, ransom demands and prolonged system downtime, but also to avoid hefty fines from the Information Commissioner’s Office (ICO) and/ or the SRA.  Following the £60,000 ICO fine in April of a Merseyside-based law firm after a cyber-attack which exposed highly sensitive and confidential data on the dark web, now is the time to review your systems. While the firm is appealing, the ICO found that their systems were vulnerable to unauthorised access, highlighting the “need for all organisations to continually assess their cybersecurity frameworks and act responsibly in putting in place robust measures to prevent similar incidents.” Firms should implement MFA (multi-factor authentication) or equivalent protection (including for legacy platforms), scan for vulnerabilities, apply the latest security patches promptly, and comply with reporting obligations – 72 hours for personal data breaches.  The ICO website offers helpful guidance on how to understand security obligations and the duty for all organisations to report personal data breaches.  The SRA will also expect firms to report to them “where an attack has had, or has the potential to have, an impact on clients” as they reminded solicitors back in January last year.

Change of bank details: Following on from the above warning, do you remind your clients to query purported changes to your firm’s bank account details, for example in your Terms of Business and email footers?  If not, we strongly recommend you do.  With the increase in Cyber-attacks, firms are seeing an increase in fraudulent emails being sent to clients ‘advising them’ their bank details have changed and to send completion monies to the ‘new’ account details, leaving clients out of pocket and very unhappy.

Lawyer ethics in the spotlight:  With Axiom Ince and the Post Office scandal never far from the headlines, the profession is coming under continual criticism for losing sight of ethical obligations and focussing too heavily on the best interests of the client over the duties to the wider public.  Recent consultations are likely to result in further guidance/ warning notices from the SRA in due course:

  • LSB’s consultation into lawyer ethics: This closed in May and we are awaiting the results, but it is likely to result in the SRA increasing pressure on firms to improve ethics training for staff.
  • Taskforce on Business Ethics and the Legal Profession report: The report encourages firms to prioritise ethics when deciding who to represent (particularly those connected with kleptocracies, state capture and grand corruption, with a particular focus on Russia)…the ‘lawful but awful’ argument. It also criticised the current AML framework as insufficient to deal with these types of clients, proposing a “legitimate provenance of wealth test” to ensure credible explanations for client wealth to avoid facilitation by lawyers of kleptocracy and corruption.
  • Law Society In-house ethics framework: Published in May to help in-house solicitors uphold their ethical and legal obligations within their organisations, as well as to positively influence their organisations’ ethical culture, with the intention of complementing the SRA’s suite of in-house guidance notes.  These tools, resources and templates will no doubt be very much welcomed.

Complaints: The SRA has launched another consultation (which runs until 25/7/25 with changes expected to be introduced in late autumn) on proposed changes to their rules on how law firms define and deal with complaints, including telling clients how to complain at the end of matters as well as the start, and making sure complaints information is “clear, accessible and in a prominent place”.  There have been some choice comments about how often law firms will have to seemingly invite complaints, but the position has not been helped by the Legal Services Consumer Panel’s latest survey showing that only 51% of clients who used a lawyer knew how to make a complaint about poor service.  Have your say before it’s too late by responding to the consultation here. In the meantime, the Legal Ombudsman’s series of articles on common themes and trends seen with in the complaints it receives is a useful resource.

Tribunal trends and cases of interest

When solicitors slip up… big and small-time

  • Using offensive and rude nicknames for colleagues left an in-house solicitor with a £15,000 fine and an order to pay £16,000 in costs. The allegations came to light when a complaint was made during an exit interview . A disciplinary meeting followed, and the matter was later picked up by the SRA when an article entitled ‘BNP Paribas London executive keeps job despite naming Asian colleague “Hu She”’ was published in the press.
  • Misleading clients in three personal injury cases by suggesting their failed claims ️ had been successful (when he knew / ought to have known they had failed) led a law firm director to be struck off.
  • The Serious Fraud Office arrested a solicitor after suspicion of AML offences, which also led to the SRA carrying out its own investigation. It found that the solicitor had allowed the firm to be used as a £30 million banking facility . The SDT tribunal decided that although the misconduct ‘fell within the range to merit striking off from the roll’, an indefinite restriction order in addition to a 12-month suspension was agreed.
  • A solicitor from Cornwall has been sentenced to three years in prison after defrauding her employer of £160,000. She’d redirected over 300 client payments into her personal bank account and the fraud was discovered after clients received bills for payments they had already made, prompting an investigation by Hereford CID and West Mercia’s economic crime unit. The solicitor is now facing disciplinary action by the SRA.
  • A firm has been fined over £36,000 for failing to comply with AML rules from 2019 to 2024. The SRA found no proper client or matter risk assessments on reviewed files, despite the firm doing high-risk conveyancing work. Although no harm was caused, and the risk of repeat issues is low, the SRA said the firm showed disregard for regulations. The original fine of £52,318 was reduced due to cooperation, remediation, and no financial gain. The firm, now compliant and remorseful, also paid £600 in costs. It remains financially stable.
  • It gets worse…another firm has been fined nearly £64,000 for AML breaches lasting six years. The SRA found the firm had failed to establish and maintain AML policies, controls and procedures, including failing to conduct client and matter risk assessments. They were fully compliant by June 2024 but the fine was for the historic breaches. And there are many other recent fines of similar or even more eye-watering amounts!
  • There is often talk about there never being any actual money laundering in the cases where the SRA fines firms huge sums for AML breaches…well, a solicitor has been charged with money laundering offences. He pleaded not guilty at Westminster Magistrates’ court in June. We will no doubt be hearing more about this as the trial progresses.
  • A former head of finance at a Solicitors firm has been disqualified by the SRA for failing to disclose a winding-up order and grossly underreporting the firm’s debts. Despite knowing about a £340,000 debt and an impending insolvency, she told the SRA in February 2023 that liabilities were only £4 million—when they actually exceeded £26 million . The claims firm collapsed in June 2023, with more than £35 million owed to creditors and over 70 staff losing their jobs. The SRA found her unfit for compliance roles and ordered her disqualification and ordered her to pay £600 in costs.
  • The High Court ‍⚖️ordered a barrister and the solicitors who instructed her be referred to their regulators after they included five fake case citations in court pleadings. The judge called their actions improper, negligent – suggesting potential AI misuse. A wasted costs order was issued, with both parties fined £2,000. The judge stressed the seriousness of fabricating legal references and highlighted the damage to legal profession integrity. They also stressed that lawyers will face serious consequences for misusing Artificial Intelligence before the courts in future and that “practical and effective measures must now be taken by those within the legal profession…and by those with the responsibility for regulating the provision of legal services…must ensure that [those] providing legal services… understands and complies with their professional and ethical obligations and their duties to the court if using artificial intelligence.” And a reminder to all that Google produces AI results without you having to specifically use a tool like ChatGPT.  Check your sources carefully!
  • A solicitor whose firm acted for both sides in litigation over a debt, despite him being told (by his paralegal) of the obvious conflict , has been suspended for six months and ordered to pay £17,800 costs. Rather surprisingly the solicitor (who was also the COLP and COFA) thought it was ok to act for Client A seeking to recover a debt owed to them for which default judgment was obtained, and being instructed to enforce the debt, and then agreeing to act for the debtor in an application to set aside the judgment 4 days later!
  • And then there was another case where a solicitor was suspended for not disclosing own-interest conflict. In this case, the solicitor was acting for 25 clients buying properties from a property development company ️which went into administration before the properties had been built and resulted in the clients losing their reservation fees and 70% of the purchase price prior to completion. With various links between the solicitor’s firm and the property development company, not least that his wife was a director of the company, there was a clear own-interest conflict which should have prevented the firm acting.  He also failed to adequately advise the clients (who he shouldn’t have been acting for!) of the risks of inherent in such investment schemes, including insolvency.  He was suspended for 6 months and ordered to pay £40,000 costs.
  • A case where a partner of a large law firm was fined £14,000 (and ordered to pay costs of £19,000) for wrongly approving £2.2m in payments to a developer which later went bust leaving a lot of out-of-pocket buyer clients highlights the importance of effective supervision strategies and a reminder that the buck stops at the top. The partner relied on the paralegal who requested sign-off on the payments to have checked the contractual provisions and put the necessary protections in place (such as deposit warranty insurance) rather than scrutinising the requests/ checking the position himself.

…and the SRA’s hasn’t been on its best behaviour either…

  • Law Society boss Ian Jeffery says the Solicitors Regulation Authority (SRA) needs to act fast to win back the trust of the legal profession. His comments came after the Legal Services Board gave a damning review of the SRA’s performance. Jeffery accused the regulator of neglecting the risks of so-called ‘accumulator firms’ such as the collapsed Axiom Ince while it focused on increasing its fining powers and proposing regulatory expansion. He called on the SRA to get back to basics and improve how it handles risk.
  • The Legal Services Board’s (LSB) long awaited ⏳directions following the report into the Axiom Ince scandal which severely criticised the SRA’s handling of the affair (which saw the disappearance of £60m of client money from the firm), were published at the end of May. Further commentary can be found here but a summary of the requirements include:
    1. Governance changes – better SRA Board-level oversight of regulatory risk and intelligence activity;
    2. Strengthening risk functions – proactively identify and respond to risk;
    3. Strengthening authorisation controls – will we see an end to one person wearing all the compliance hats?
    4. Stronger regulation of client money – are we closer to the scrapping of the client account?
    5. Better oversight of sales, mergers and acquisitions of firms.
    6. SRA to intervene earlier in firms.

Firms are likely to see a flurry of activity from the SRA over the next 12 months. Watch this space!

Important information about these updates

The copyright in this material belongs to the Compliance Office Ltd, a limited company, company no. 09133668, registered office: 20 Grosvenor Place, London, SW1X 7HN.  You may not distribute or commercially exploit the content and you may not transmit it or store it in any other website or similar system. The Compliance Office Ltd and its authors do not offer solicitor or legal services, are not a law firm and do not provide legal advice.  This material is general in nature and is intended to assist the reader by drawing some relevant regulatory provisions to his or her attention. The material is not exhaustive and is not a substitute for considering the relevant provisions directly or for legal advice on an individual’s specific circumstances.  In particular, it does not include every new rule change, decision, deadline, guidance or other material which may be relevant to you.  While care is taken to ensure the complete accuracy of the information as at the date of publication, this cannot be guaranteed.  The Compliance Office Ltd, its author(s) and administrators will not be liable for any loss or damage of any nature arising from the use of this material and such liability is excluded to the fullest extent permitted by law.