AML – Renewed SRA Risk Assessment Warnings

anti-money laundering

The SRA’s announcement at the end of October that it had found that a fifth of law firms fail on money laundering compliance and would be be writing to the 7,000 firms that fall under the scope of the Money Laundering Regulations to ask them to confirm they have a firm risk assessment in place, has focused the minds of many firms that, up until now, had possibly been a little more complacent than they should have been. Any firm that does have anti-money laundering concerns may care to know that the Infolegal Subscriber Hub materials will enable firms to comply with the SRA’s recently reported expectations.

By way of background the SRA, along with the other mainstream legal and accountancy regulatory bodies in the UK, is a designated supervisory body in relation to the Money Laundering Regulations 2017 and is therefore accountable to HM Treasury to ensure that the regulations are being complied with in relation to those that it regulates. The international monitoring body, the Financial Action Task Force (‘FATF’), took a positive view of the legal provisions that are in place in its 2018 survey of the UK but was critical of the resources available to the National Crime Agency and also the degree of inconsistency between the various professional supervisory bodies. That, and of course the seriousness of the consequences of money laundering and terrorist financing, has resulted in greater governmental pressure to show that an effective regime is in place in all solicitors’ firms.

An earlier thematic review by the SRA of a limited number of firms caught by the regulations through being ‘trust and company service providers’ produced the worrying result that the SRA regarded all but one half of the firms involved in the survey as being non-compliant with some at least of their responsibilities (see our article from earlier this year “Money Laundering Compliance – What the SRA Expects“). This triggered a further and more general survey of 400 firms and that was duly reported by the regulator on the 29th October. It was announced that 21% of the firms had been judged to be non-compliant with the requirement for a risk assessment, which is an all-important aspect of AML compliance as the entire regulatory regime is stated to be risk-based. It is therefore provided at regulation 18 of the The Money Laundering, Terrorist Financing and Transfer of
Funds (Information on the Payer) Regulations 2017 (MLR) that a risk assessment must be undertaken by all practices that are subject to the regulations as a result of their work types and, crucially, that each firm’s policy and procedures on this topic must be seen to have been shaped by that risk assessment.

The findings were that 40 firms had submitted something which did not amount to a risk assessment at all, so far as the SRA were concerned, and a further 43 had provided one that was not fully compliant with all of the regulation 18 criteria. A valid risk assessment should also show that the SRA’s own risk assessment required of it by regulation 17 has been addressed. The further particular factors set out in regulation 18 are:

  • The firm’s client base;
  • The location of the firm and the areas where it is active;
  • The range of services provided and the nature of its transactions in particular; and
  • How the firm’s services are delivered (and so whether in person in all cases or remotely).

Further guidance on the regulatory requirements will be found at paras 2.3-2.5 of the Legal Sector Affinity Group AML Guidance – the official and HM Treasury approved guidelines for the legal profession. (

The SRA News Release of the 29th October stated that the SRA had found that two thirds of firms were using templates and that some of these were judged to be low quality. The News Release said that, whilst it was recognised that using a template can be helpful in ensuring compliance that “too many firms appeared to take a ‘copy and paste’ approach, without thinking through the specific risks and issues faced by their firm” and that there should be some specific tailoring performed by each firm.

With the threat of ‘strong action’ where there are ‘serious concerns’ a more than likely outcome for those that have not taken the necessary steps, all firms should be giving serious thought not only to whether they have complied but the manner and extent of that compliance.

Firms seeking to ensure that they meet the regulatory requirements can, by becoming Infolegal members, access our template AML risk assessment form together with the necessary guidance in order to enable them to tailor that which they do to the specific needs and requirements of their circumstances.

A further factor to bear in mind is that one of the main failings commented upon by the SRA in their first report on trust and company service providers was a failure to have conducted, or to have updated, AML training. Infolegal provides to all of its members video training modules which include AML training for fee earners and admin/secretarial staff which will enable firms to address the requirements for training at regulation 24, and also those contained in the CQS core standards from the Law Society.

Alternatively, if you would be interested in arranging for face-to-face in-house training and/or expert advice on your policy, systems and controls please email Infolegal Director Matt Moore at

Share on social media