In a recent announcement, the Solicitors Regulation Authority (SRA) has mentioned it will conduct its latest data collection exercise from July 7 to August 15, 2025. The data collection exercise aims to monitor compliance and enhance the SRA’s understanding of AML risk.
Adopting a Risk-Based Framework to Supervision
Established in January 2007, the SRA develops regulations and policies across the legal sector in England and Wales to protect consumers and safeguard the regulated legal environment. The SRA recently announced its latest Anti-Money Laundering (AML) and sanctions data collection exercise, enforcing stringent requirements for law firms operating in the UK.
We’re investing in the capability to act faster and smarter, strengthening our use of data to spot problems earlier and taking appropriate action where needed — Paul Philip, Chief Executive of the SRA
The SRA works hand-in-hand with the Office for Professional Body AML Supervision (OPBAS) to ensure a more collaborative and targeted approach to supervision in the legal sector. The OPBAS works under the Financial Conduct Authority (FCA) to minimize money laundering and terrorist financing in the UK.
What Law Firms in the UK Need to Know
Under this initiative, legal firms across England and Wales must submit accurate, up-to-date information regarding their AML and sanctions activities. According to the latest published announcement, all regulated firms must provide the SRA with information in regards to:
- Any work conducted within the scope of Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (MLR 2017). These activities include buying and selling property or business entities, and the management of clients’ money.
- The interactions they have with the sanctions regime, including information about any individual or entity under it.
- Provide complete Suspicious Activity Reports (SARs) that have been or will be submitted to the National Crime Agency (NCA) in the last 12 months.
The initial questionnaire includes questions regarding implementing AML controls, policies, and procedures. It also includes questions about AML training, the frequency of submitting SARs, and Enhanced Due Diligence (EDD) measures.
Compliance with MLR 2017
The MLR 2017 is a slew of regulations imposed to support the UK’s overall AML and Counter-Terrorism Financing (CFT) efforts. Under the MLR 2017, regulated companies must meet specific standards in Know Your Customer (KYC) and AML.
Law firms that fail to meet the compliance obligations in the MLR 2017 are subject to enforcement actions by HM Revenue & Customs (HMRC).
In 2024 alone, the SRA had issued 74 enforcement actions for inadequate AML controls, nearly double the amount in the previous year.
Companies operating in the legal sector must follow compliance obligations stated in the MLR 2017 regulations. Some of the latest updates mandate regulated law firms to adopt a risk-based approach and ongoing monitoring technology:
- Risk-Based Approach (RBA): Organizations must analyze and manage each customer’s profile risk, customize resources, and tailor more stringent KYC and AML controls where higher risk is identified. This includes running advanced screening checks on Politically Exposed Persons (PEPs), while enabling lower-risk clients to onboard efficiently.
- Customer Due Diligence (CDD): UK businesses must verify the identity of individuals accurately, including beneficial owners. CDD enables firms to tackle fraud at the initial onboarding stage through advanced checks such as document verification and liveness verification.
- Reporting Mechanisms and Internal Policies: Companies must have transparent, documented AML policies and provide frequent AML training to team members. Additionally, SARs must be submitted to the NCA in a timely manner.
- Ongoing Monitoring: Business relationships and transactions must be monitored and kept up to date on an ongoing basis. This supports law firms in providing accurate, auditable records of CDD and risk assessments.
According to the SRA 2024 AML Report, merely 22% of companies were reported to be compliant, underscoring significant gaps in the UK’s legal sector. As 2025 unfolds, firms in the legal sector must implement stronger KYC and AML infrastructure or risk dire consequences. For more information about how you can build a stronger compliance framework, speak to a member of the team.
