Here we are with our final Compliance Update instalment of 2025. It’s another jam-packed one, so off we go…

 

New rules and guidance from SRA & Government

SRA Sectoral Risk Assessment

The SRA published its latest Sectoral Risk Assessment on Anti-money laundering and terrorist financing on 31/7/25, following the publication of the National Risk Assessment.  Firms should ensure they update their Firm Wide Risk Assessments (FWRA) to reflect these new documents as soon as possible. (For retainer clients we have updated our template documents to assist you with this). It includes a helpful “Summary of changes” section at the end setting out the key updates:

1. New emerging risks (capital flight from high-risk countries, client account issues, poor CDD scrutiny and changing firm business models).
2. Some of the previous “emerging risks” (vendor fraud, proliferation financing and supply chain risk) have been moved as they are now seen as ‘part of the risk landscape’.
3. Updates and additions to the Sanctions risk section.

For a summary of the main changes and recommended action points, please read our blog post.

National Risk Assessment of Money Laundering & Terrorist Financing 2025

The UK Government published its latest National Risk Assessment (NRA) in July setting out its assessment of the main ML&TF risks across the UK.  This then fed into the SRA’s Sectoral Risk Assessment referred to above.  The NRA is a long document (163 pages!) but the general conclusion is that the overall picture hasn’t changed dramatically. We’ve written a quick blog post summing up what’s useful as well as what to do next but the main points to be aware of are:

• The legal services sector remains high risk for money laundering, with the highest risk services still assessed to be conveyancing; trust & company services; misuse of client accounts
• Most of the big risks law firms face remain much the same, with some shifts of emphasis:
  • Cash-intensive businesses remain very high risk, with the Post Office’s cash banking facility being specifically referenced.
  • Money service providers remain high risk. Bear this in mind, particularly where clients operate internationally.
  • Cryptoassets are increasingly at risk of being used for money laundering.
• Some changes/ additions…
  • Sanctions evasion features more heavily.
  • Environmental crime, football clubs and agents, and Universities and educational establishments feature for the first time, with artificial intelligence and its involvement in identity fraud getting its own section.
  • Referrers and intermediaries receive greater prominence.
• What do you need to do?
  • Document that you have reviewed the latest NRA (and SRA risk assessment) in your FWRA and consider any risks your firm faces – tailored FWRAs are essential!
  • Ensure staff are aware of these high-risk issues through training and prompts on your client & matter risk assessments.
  • Have a quick read of the SRA’s summary too: SRA | Risk assessment raises awareness of money laundering issues | Solicitors Regulation Authority

HM Treasury Consultation – Improving the effectiveness of the MLRs

In September, the Government consulted on its draft amendment Regulations (and accompanying Policy Note) created to implement the proposed reforms set out in its July response to its 2024 consultation on the Money Laundering Regulations (MLRs). The aim of the proposed reforms is to reduce “unnecessary regulatory burdens” and “enhance the effectiveness of the UK’s AML framework”. The SRA’s summary of the July consultation response can be read here, with the Law Society’s disappointment at the limited proposals to improve life for firms expressed here. The key proposed changes which will affect law firms are:

• Enhanced due diligence (EDD) threshold: EDD will apply to “unusually complex or unusually large” transactions (a change from “complex or unusually large”, but most already interpreted the legislation this way, with “unusual” being defined by the firm);
• EDD by jurisdiction: Mandatory EDD measures will only apply to countries on the Financial Action Task Force’s (FATF) “Call to action” list (currently Iran, Myanmar and North Korea). For FATF’s “Increased Monitoring” countries, firms must take a risk-based approach to EDD. These jurisdictions however, should not be ignored or considered low risk. EDD will still need to be considered (see Reg 33(6)(c)) with carefully documented reasons for why a lower level of EDD was carried out than previously may have been the case;
• Source of funds: Ongoing confusion remains around when to assess source of funds, especially in relation to ongoing monitoring and the requirement in Reg 28(11) to consider them “where necessary” (outside of EDD requirements). No legislative change is proposed, but further guidance is expected. Watch for LSAG guidance updates and whether this will actually help firms;
• Pooled client accounts are to be made easier for banks to set up, but law firms may face tighter AML scrutiny, possibly increasing compliance burdens rather than easing them, particularly for those firms out of scope of the Money Laundering Regulations whose client due diligence processes may not be to the standard the banks may require. Read more here.

Watch this space for what happens next…

SRA Guidance on desk-based reviews

The SRA updated their guidance on desk-based reviews in August (although apparently it is a future update as it is dated 2026!). Given the uptick in AML inspections by the SRA, whether onsite or desk-based reviews, we thought this was worth a mention.

Law Society Economic Crime Conference – update

For those who missed the conference in September but want to know what happened, we have summarised the main sessions, and some of the focussed sessions here. Some stand out points:

• Client & Matter Risk Assessments (CMRAs) are still causing big problems for firms – ensure you have them, complete them and document how you reached your conclusions re risk….on all in-scope files!
• Firm Wide Risk Assessments (FWRAs) – reference the latest government National Risk Assessment (NRA) and SRA Sectoral Risk Assessment…and tailor them to your firm!
• Source of funds/ wealth – a helpful session with hints and tips for smaller firms.
• Ultimate Beneficial Owners (UBOs) – some helpful guidance on how far up the tree to go!
• Suspicious Activity Reports (SARs) – some thoughts from the NCA.

Hot topics

Anti-money laundering, sanctions & financial crime

FCA PEP guidance – updated

The FCA published its updated guidance on “The Treatment of politically exposed persons for anti-money laundering purposes” on 7/7/25.  Although you may wonder what this has got to do with you if you are not FCA authorised, Regulation 35(4)(b)(i) specifically states that any guidance issued by the FCA should be taken into account when assessing the extent of Enhanced Due Diligence (EDD) to carry out on clients. This is reinforced in the LSAG Guidance. Key takeaways:

• PEPs must be assessed individually. Firms should avoid blanket policies and are expected not to refuse clients solely because they are PEPs. Always document your rationale if you do refuse them.
• Truly prominent UK positions: Only treat truly prominent UK figures as PEPs (i.e. narrowing scope of the PEP definition will mean fewer UK PEP clients). Non-executive board members of central government and civil servants below Deputy Permanent Secretary specifically excluded as PEPs unless other criteria apply.
• UK PEPs must be recognised as lower risk (than international PEPs) with lower levels of EDD being applied (unless other high-risk factors apply).
• International PEPs from countries with strong anti-corruption regimes may also be considered lower risk (unless other high-risk factors apply).
• Financial Ombudsman Service (FOS) will consider this guidance when reviewing complaints from PEPs about unfair treatment.
• Electronic screening tools must be scrutinised. Not all flagged individuals will meet the legal definition of a PEP. If you treat such people as a PEP, record your justification.
• Policies should clearly define: EDD measures required; who can provide ‘senior management approval’; how domestic and non-domestic PEPs are treated differently.
• Family members of PEPs include spouses, civil partners, children (and their partners), parents and siblings. More distant relatives should be assessed using a risk-based approach.

New Threshold for Defence Against Money Laundering (DAML) SAR

As of 31/7/25, the threshold amount below which a DAML is not required before returning funds to a client in order to terminate a business relationship increased from £1,000 to £3,000. There are various conditions before this exemption can be relied upon, including that the firm must have complied with their duty to carry out CDD. Given this may not always be easy to say with certainty, the fact that the LSAG Guidance (16.4.4) refers to the exemption as being “extremely narrowly defined” and therefore “likely to apply very rarely” to law firms, and that an information-only SAR will still be required where there are suspicions about the proceeds of crime, most firms may decide to take the cautious approach and nonetheless seek a DAML at the same time as submitting the SAR even if the funds to be returned are less than £3,000.

Suspicious activity reporting – are you confident?

The National Crime Agency (NCA) has created a suite of six short (a few minutes) videos to demonstrate best practice when submitting SARs.  Whilst the content is very high-level, they provide a useful reminder of the main points to consider.  See here for the list of what the videos cover, including how to complete the trickier sections on the NCA portal, such as the ‘criminal/ terrorist property’ section and the ‘prohibited act’ section. The video on the ‘reason for suspicion’ section provides a helpful reminder of what to include, such as the who, how, what and why.  And the final video explains the process after you have submitted a DAML (Defence against money laundering), including a helpful calendar example of how to calculate the 7 working-day notice period before you can conclude you have a deemed defence. (The NCA also did a session on SARs at the Law Society’s Economic Crime Conference in September, which you can read about here).

Companies House – ID Verification

As of November 18, 2025, directors and Persons with Significant Control (PSCs) will be required to verify their identity before they can establish companies or file documents with Companies House. This mandate is a key part of the Economic Crime and Corporate Transparency Act 2023 (ECCTA), which aims to transform Companies House from a passive repository into a more reliable and accurate source of information. The change is designed to improve corporate transparency and make the UK less attractive for illicit financial activities. While these identity checks will eventually be extended to others and are intended to increase confidence in the data, it is important to remember that you should never rely solely on information from Companies House. Government guidance notes on the subject include the following: “When you need to verify your identity for Companies House” and “Verifying your identity for Companies House”.

“Virtual squatting”

Something that may be impacted by the new mandatory Companies House ID verification referred to above is “virtual squatting”.  This is where criminals use law firms’ addresses as their registered office address without their knowledge or CDD having been carried out. If you’re interested in finding out more, it’s worth giving the UKFIU podcast (episode 23) a listen. In the meantime, we recommend that firms implement a process for checking their address at Companies House on a regular basis to ensure that those people using their address are the ones which should be (i.e. are legitimate clients for whom CDD has been completed)!

Failure to prevent fraud

This new criminal offence brought in by ECCTA is now in force (as from 1/9/25)! It applies to “large organisations” (those with at least 2 of the following criteria: more than 250 employees, more than £35 million turnover, more than £18 million total assets, which is measured by looking at the aggregate figures across any parent company and its subsidiaries, wherever in the world they are located), with unlimited fines for those found liable if an “associated person” commits fraud intended to benefit the organisation and the organisation lacked reasonable fraud prevention procedures.  “Large organisations” must obviously take this very seriously, but even smaller organisations are being encouraged to ensure fraud is on their radars and to think about the sorts of things which may amount to fraud.  Overbilling by fee earners (even where the partners aren’t aware it is happening), including where this arises from over-recording of time, misrepresenting a firm’s green credentials or diversity record to win clients, and ‘fraud by silence’ such as deliberately not notifying a client about a data breach to stay instructed, may all amount to fraud under ECCTA.

OFSI online reporting forms

In July, the Office of Financial Sanctions Implementation (OFSI) launched a new suite of online forms for submitting licence applications and mandatory reports, including those for suspected sanctions breaches, to notify OFSI if you hold frozen assets for a designated person, and licence reporting requirements. The aim being to modernise and streamline OFSI’s services. While use of the online forms is not yet mandatory, OFSI is encouraging all firms to begin using them as soon as possible.

New sanctions guidance

The world of Sanctions is constantly evolving and getting increasingly complex.  To assist, the Government issued some new guidance at the end of September: “Starter guide to UK Sanctions”, which is worth a read. It provides an overview of the different UK sanctions regimes and how you can breach them amongst other things.  Although there are no prescribed methods of client due diligence, or obligations in relation to beneficial owners or counterparties when it comes to sanctions, the guidance includes a section on this topic, including the sentence, “Strong due diligence on counterparties and internal governance is essential”.  Do bear this in mind when reviewing your sanctions policies and procedures.

Law firm management

SRA Action Plan to comply with LSB Directions following Axiom Ince

In May, the LSB gave directions to the SRA as part of its enforcement action in respect of the SRA’s acts and omissions as highlighted in the Axiom Ince review report. In July, the SRA provided its implementation plan detailing the steps it will take to comply. The plan includes sections on Governance, Risk and Supervision. Of particular note:

• Proposals to prevent individuals being able to hold multiple ownership, management and compliance roles (including retrospective application) – a relief for those partners expected to wear all the compliance hats or a headache for smaller firms with fewer partners to choose from?
• Possible return to all firms having to file annual accountants reports so the SRA have a better idea of financial stability issues (rather than only having to file qualified reports).
• Changes to where and when firms must notify the SRA of possible sales, mergers or acquisitions to assist with risk-based scrutiny of firms by the SRA (before someone runs off with the contents of the client account).
• Improving internal SRA guidance when considering firm interventions, including using Compliance Plans as a potential alternative and seeking greater consistency of approach.

More SRA consultations on the horizon to look out for.

Residual balances

According to a leading firm of accountants, two-thirds of law firms are breaking the residual balance rules! The challenge of getting fee earners to clear their client account balances when ‘there is no longer any proper reason to hold the funds’ (SRA Accounts Rule 2.5) is not new but is something the SRA are increasingly concerned about, including in relation to possible money laundering implications.  Make sure you have processes in place to deal with your residual balances (the Law Society has recently updated its practice note, which is worth a read)…the longer they are left, the more difficult they are to deal with⌛.

One concern from the profession is that the SRA have been angling to do away with solicitors’ client accounts for a while now, but that appears to have been put on hold…for the time-being at least…with the immediate focus now on making changes to the current system…read more here.

High-volume consumer claims work – SRA Declarations and a lot more…

Following the SRA’s thematic review in August (born out of the collapse of high-volume claims firms such as SSB Law Ltd and concerns about harm to consumers), which concluded that some firms are not heeding their guidance and warning notices relating to claims work (see here for the full report and here for the summary report), the SRA has ramped up its focus on such firms, making it clear they will take ‘robust action’ where they see poor practice:

1. They advised in August that they were contacting all firms ‘active in the high-volume claims sector’ requiring completion of a mandatory declaration by 3/10/25 confirming they understand and are following the SRA’s rules in this area. (Hopefully all of you who fall into this category made the deadline).
2. The Thematic Review sets out Key findings by area, including concerns about client care (at the outset and throughout) and funding arrangements/ ATE insurance. It includes helpful “Checklists for firms/ solicitors” throughout, which might be a helpful starting point to ensure compliance.
3. They published a Discussion Paper in September: “How can the high-volume consumer claims market work better for consumers?” focussing on many of the same concerns as the Thematic Review: client transparency; third party funding; ATE insurance; ensuring regulation keeps pace with the market; working with other regulators (such as FCA) to improve consumer protection. Expect further SRA guidance and Warning Notices imminently, including (but not limited to) on ‘no win, no fee’ agreements, with the suggestion there may be a ban on the label’s use, and on use of litigation funding.

Pro-tips

• If firms identified areas for improvement as part of the declaration exercise, it would be wise to take immediate action, before the SRA come to investigate.
• Re-read the SRA’s existing resources in this area: Guidance on representing clients during claims for financial services or products; Guidance on claims management activity; Warning notice on high-volume financial services claims; Warning Notice: Prohibited marketing practices (particularly in light of the recent Advertising Standards Authority rulings regarding 3 law firms over misleading websites and online advertisements for group actions).
• Look out for the promised new SRA resources and read them asap.
• Look out for the recording of the SRA’s Discussion webinar on 2/10/25 for hints and tips on how to deal with the challenges and SRA concerns.

Further thoughts

We shall have to wait and see what comes out of the SRA’s declaration exercise, but one does wonder whether this is the new tool for the SRA….regulation by declaration One thing is for sure, such exercises must be taken seriously, with questions answered carefully and accurately, otherwise they may come back to bite you…the last thing firms need on top of any breaches related to the original concerns is an allegation of lack of integrity/ dishonesty.

Motor finance commission claims

On a similar theme….In late July, ahead of the Supreme Court’s landmark ruling, which found car dealers owed no fiduciary duty to customers but upheld one case which means that commission paid by consumers may be repayable in specific circumstances, the SRA and FCA issued a warning to law firms and claims management companies over poor practices in motor finance commission claims.  Concerns included failing to act in clients’ best interests, such as failing to advise them of their termination rights and fees payable on termination, inaccurate marketing materials, misleading information on the likelihood of success or potential value of a claim and improper sharing of client data. They also stressed that firms should inform clients about a likely FCA-led free compensation scheme before signing retainers, even though such a scheme had not yet been established (and still hasn’t, although the consultation publications is expected imminently).

Following the Supreme Court decision in August, the SRA released a Statement reiterating its expectations of firms, including assessing the impact of the Judgment on clients, communicating this clearly, and again highlighted the proposed redress scheme. It also published its Motor finance commission compensation claims: A guide for consumers explaining the ruling and what motor finance customers should expect from their legal representatives. If you are involved in such claims, we strongly recommend reviewing the SRA’s guidance.

Conduct of litigation – who can carry it out?

Unqualified employees of law firms can support a solicitor in conducting litigation but cannot conduct litigation even if they are supervised by a solicitor. This was the conclusion of the High Court in a ruling in September considering whether an unqualified member of a litigation team could “conduct litigation”, a reserved legal activity under the Legal Service Act 2007 (LSA), under the supervision of a qualified solicitor.  Such activities can only be carried out by an “authorised” or “exempt” person otherwise a criminal offence is committed. The distinction was drawn between “conducting litigation” and “assisting in the conduct of litigation” with the key question being “who has assumed responsibility for the conduct of the litigation and exercises professional judgment in respect of it?”, which will be a “question of fact and degree”. If you rely heavily on non-authorised staff to run litigation files, we recommend that you check your supervision and sign-off policies and ensure they do not have ultimate responsibility for them. For further detail, see our blog post on the subject here.

Practising Certificates/ firm authorisation renewals

A quick reminder for all solicitors and law firms that the 2025 SRA practising certificate and firm authorisation renewal window opened on 1st October and closes on 31st October. Double-check your mySRA details are up to date; reset any forgotten usernames or passwords; download an authenticator app so you’re ready to verify your identity (greater SRA security this year ). The good news is that there are no new questions in this year’s renewal application, which you can see here (for either individual or bulk renewal processes): SRA | Practising certificate renewals (2025/26) | Solicitors Regulation Authority. Don’t forget that renewing your practising certificate includes a declaration confirming that you remain competent to perform your role. Here is a reminder of what the SRA expect: SRA | Understanding your continuing competence requirements | Solicitors Regulation Authority.

Continuing competence – SRA’s annual assessment

On the same theme, the SRA published its latest Annual Assessment of continuing competence 2025 in July. Given the SRA’s role is to protect the public by ensuring solicitors are competent throughout their careers, they take this issue, and the annual declarations made, very seriously. There were some positive findings that most solicitors and firms do take steps to maintain their competence. However, the SRA also identified consistent challenges and shortcomings among some solicitors, including limiting training to technical legal knowledge and neglecting ethical and professional duties, insufficient meaningful reflection on the training carried out, and limited use of SRA resources, such as Warning Notices and Guidance notes (something the SRA gets most offended by). Another SRA bug-bear is solicitors simply listing the learning and development activities with the completion date. They want to see evidence of what you thought of the training, how you will use it in your everyday practice, and whether you need further training in that area (or any other area).

Due to increased competence-related reports in these areas, this year’s assessment focusses on criminal and civil law. We have previously seen thematic reviews on landlord & tenant and family law, as well as high volume consumer claims, so we expect similar for civil and criminal lawyers over the next year. As part of these reviews, the SRA will want to see training records so now is the time to get these in order (or up and running if necessary). In addition, the SRA will be launching (another!) consultation on proposals to strengthen its continuing competence regime, with a specific focus on embedding reflection and maintaining professional ethics, and exploring new ways to increase awareness of their resources.

Complaints

In August, the Legal Services Consumer Panel urged the Legal Services Board to take a stronger role in compelling the Legal Ombudsman to publish complaint decisions in full. LeO appears to have taken this on board with numerous cases published in recent weeks. The LSCP argued that limited publishing of cases falls short, undermines transparency, and erodes trust. It said cost and operational challenges are outweighed by consumer need for accountability, consistency, and fairness.

Equality, diversity & inclusion

The SRA has updated its guidance on Encouraging equality, diversity and inclusion, emphasising the importance of SRA Principle 6 and providing further support to the profession in understanding expectations in practice.  It provides examples of conduct which could raise a regulatory issue and guidance on the role of managers to challenge behaviour which could amount to bullying, harassment or unfair discrimination. Annex 2 includes some practical suggestions for actions law firms can take to encourage and safeguard EDI. The SRA state that the suggestions are not mandatory, but that they expect larger firms to be undertaking many of them.

 

Tribunal trends and cases of interest

When solicitors slip up… big and small-time

 

• Acting on both sides of transaction led a solicitor to be suspended for nine months after the Solicitors Disciplinary Tribunal found serious misconduct in his handling of an elderly, vulnerable client’s property transfer. He’d acted for both parties in the nil-consideration transfer, failed to assess the client’s mental capacity properly, ignored a lasting power of attorney, and did not advise independent legal advice. He also overcharged, with fees equal to a quarter of his firm’s turnover, and mismanaged client money. Though he later reversed the transfer and refunded fees, the SDT ruled his failures posed grave risks, breached trust, and undermined public confidence.
• A senior associate was struck off and ordered to pay £5,200 in costs for dishonestly inflating timesheets, over several years. She’d recorded implausible hours, including 23 in one day, often on cases where bills were fixed or already agreed. The Solicitors Disciplinary Tribunal found her conduct harmed colleagues by reducing their fee allocations, which affected salaries, bonuses and promotions, and misled the firm on staffing and income needs.
• An office manager who took nearly £550,000 from the firm was banned from working in the profession. He diverted loan funds, issue fees, forged his employer’s signature, and deceived funding providers.
• A firm manager firm manager was fined £32,500 and restricted from senior legal roles for five years after breaching anti-money laundering rules. He failed to verify the £3m+ funds of a politically exposed person and misused the firm’s client account. The SDT deemed his failings serious, culpable, and reprehensible.
• Dishonestly altering an email before forwarding it to a client to hide a mistake, led a solicitor to be suspended and ordered to pay £12,500 in costs. The SDT found his actions dishonest but accepted “exceptional circumstances” meant strike-off was disproportionate. No client suffered harm, and medical evidence showed personal strain.
• Fabricating and backdating a client-care letter to improve a disclosed file saw a managing partner suspended for 12 months. He must also pay £25,000 costs. The SDT ruled his misconduct serious, rejecting a proposed three-month suspension as too lenient.
• A solicitor was struck off after dishonestly deleting a client’s email to hide his failure to act, then denying receipt to both client and supervisor. Late to the profession, he said he felt ‘out of his depth’ while working remotely, before the misconduct. The SDT found deliberate misconduct; he must also pay £5,000 costs.
• The High Court has ruled that a partner (also deputy AML officer) at a law firm “dishonestly assisted” in misappropriating a company’s funds (to the tune of £2.4m) and laundering them through the firm’s client account, by turning a blind eye to money laundering issues. This is cautionary tale in not skipping source-of-funds checks for clients you think are legitimate. Whilst there was no suggestion that the solicitor had actual knowledge of the underlying fraud, the Court held that “reckless disregard” for his source of funds obligations “constitutes strong evidence of dishonesty”. The key takeaway is that ignorance is not bliss in the AML world, and robust compliance checks are vital!