A recent investigation by the Solicitors Regulation Authority (SRA) found that not all firms are compliant with their anti-money laundering (AML) obligations. With the issue now on its radar, the SRA is considering implementing automatic fixed penalties for non-compliance. For law firms, it’s more important than ever to review existing processes to ensure they’re being adopted and regularly updated. Failures could result in disciplinary action, reputational damage, and large fines.

SRA investigations and penalties

The SRA recently carried out an investigation into firms to check their compliance with the AML requirements. It found that not only are some firms only partially compliant with their obligations, but there were some firms that were not compliant at all.

Given that these requirements came into force over 6 years ago, the SRA will no doubt be disappointed in their findings and will likely be looking to conduct further investigations of this kind. The SRA has also stated that it will consult on putting automatic fixed penalties in place for AML failings within the next year.

Firms and partners that fail to meet the requirements may be exposed to disciplinary action, with cases being referred to the Solicitors Disciplinary Tribunal (SDT) and potential monetary fines. A firm found to be non-compliant in 2017 was fined £50,000, with three of the partners also fined £10,000 each, one of the highest penalties the regulator has handed out for a traditional law firm. In recent developments at the start of 2024, the same firm and one of the partners have been fined further with the firm’s fine being extended to £500,000 following the case being referred to the Solicitors Disciplinary Tribunal.

Firms classified as an alternative business structure (ABS) may be open to even larger fines, as demonstrated recently where the SRA imposed a fine of over £100,000. Firms who are subject to investigation, or found to be non-compliant with AML requirements, are likely to also suffer reputational damage as a result as well as potentially having to pay the SRA’s legal costs where cases are escalated to the SDT.

Fines and penalties are not indemnified under the SRA Minimum Terms and Conditions of Professional Indemnity Insurance (exclusion 6.7), so the effect of multiple penalties could significantly impact firm’s bottom-line.

Anti-money laundering requirements

Since June 2017, certain firms regulated by the SRA in England and Wales are under a legal obligation under Regulation 28 (12) and (13) of the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (as amended by way of the Money Laundering and Terrorist Financing (Amendment) Regulations 2019, the Money Laundering and Terrorist Financing (Amendment) (EU Exit) Regulations 2020, and most recently, the Money Laundering and Terrorist Financing (Amendment) Regulations 2023), (MLRs), to take steps to identify risks of money laundering and terrorist financing by a client or a matter.

Firms are therefore required to have a written and tailored risk assessment, of which all staff are aware. They must also have a complete and documented client and matter risk assessment (CMRA) carried out by the relevant fee earner or those with sufficient knowledge, to determine:

  • Whether or not to accept the relevant client or matter.
  • The type of due diligence that should be carried out – where there is a situation that presents a higher risk of money laundering or terrorist financing, then enhanced due diligence (EDD) may need to be conducted. The need for EDD will vary dependent on the facts of the situation and risks involved. Examples of EDD include: seeking additional independent, reliable sources to verify provided or available information; taking additional measures to understand better the background, ownership and financial situation of the client and other parties to the transaction; taking further steps to be satisfied that the transaction is consistent with the purpose and intended nature of the business relationship; or increasing the monitoring of the business relationship, including greater scrutiny of transactions.
  • Any other steps that should be taken to mitigate the risks posed.

Overall, firms should:

  • Have effective systems in place to identify potential risks with any client and matter in scope of the MLR.
  • Consider risks identified within risk assessments.
  • Apply due diligence to each matter based on the risk posed by the relevant client and the work you will undertake for them.
  • Adequately document the risks, and the actions to mitigate them.
  • Ensure that documents (whether client provided, or your firm’s own records of decision making) are retained for the period required by the regulation, and are readily identifiable and accessible when required.
  • Be able to demonstrate that the extent of the measures you have taken are appropriate to the risks of money laundering and terrorist financing.
  • Have on-going monitoring and ensure that you are scrutinising transactions throughout the course of a business relationship (e.g., source of funds).

The SRA released a template that is useful for firms to use as a starting point for developing their CMRA’s. It’s important to note that this template should be tailored to your firm and reviewed and updated regularly.


Law firms are likely to find themselves under increasing pressure to meet their AML obligations, or otherwise face regulatory punishment. As such, this is a call to action to:

  • Check existing processes and risk assessment templates and update them accordingly.
  • Check that staff are aware of and complying with the obligations under the MLRs and any relevant firm policies relating to the MLRs.
  • Ensure that files for each client and matter contain a written and completed CMRA with sufficient information documented to back-up any risk scores given and decisions made.
  • Ensure that staff are trained to identify any red flags and appropriately escalate the matter.
  • Revisit completed CMRAs at key stages in the transaction to check for any changes in the assessment scores, and act accordingly.

For further information, please visit our Lockton for Solicitors page, or contact:

Tina Kooner Dhillon, Legal Group Executive, Vice President

E: tina.dhillon@lockton.com

Nicola Anthony, Risk Manager, Vice President

E: nicola.anthony@lockton.com

Brian Boehmer, Partner

E: brian.boehmer@lockton.com

Marc Rowson, Partner

E: marc.rowson@lockton