The Solicitors Regulation Authority (SRA) acts as the supervisory authority for anti-money laundering (AML) compliance across the legal sector in England and Wales. If you are a solicitor in private practice, your firm is likely within scope of the Money Laundering Regulations 2017 (MLR 2017) and subject to SRA AML supervision. This article explains what that means in practice, what your firm must do to comply, and where the common pitfalls lie.
The SRA's role as AML supervisor is distinct from its general regulatory function under the SRA Standards and Regulations. While both sets of rules overlap, the AML supervision regime carries specific obligations that go beyond the SRA Accounts Rules. Failure to meet these obligations can result in fines, public reprimands, or in serious cases, closure of the practice.
Which Solicitor Firms Are Within Scope of SRA AML Supervision?
Not every solicitor firm is automatically within scope. The MLR 2017 apply to "relevant persons" who carry out "relevant business." For solicitors, relevant business includes:
- Conveyancing (buying and selling land or property)
- Managing client money, securities, or other assets
- Formation, operation, or management of companies, trusts, or similar structures
- Tax advice
- Acting as a formation agent or providing registered office services
If your firm does any of the above, you are within scope. Most high-street solicitor firms handling conveyancing or probate work will be caught. Even a sole practitioner conveyancer who handles client money is within scope. The SRA's AML supervision applies regardless of firm size.
Firms that only do litigation, employment law, or family law without handling client money or property transactions may fall outside scope. But the SRA expects all firms to assess their position annually. If you are unsure, the safest approach is to register with the SRA for AML supervision and comply with the regulations. The cost of non-compliance far outweighs the administrative burden.
Registration and Notification Under SRA AML Supervision
Every solicitor firm within scope must register with the SRA as an AML-supervised entity. This is done through the SRA's online portal. The registration fee is included in your annual SRA practising fee, so there is no separate charge for AML supervision itself.
You must also notify the SRA of any changes to your firm's AML compliance officer (the nominated officer, often the COFA or COLP) within 14 days. If your firm changes its structure, for example converting from a partnership to an LLP, you must update your registration.
Firms that fail to register face enforcement action. The SRA has publicly reprimanded firms for non-registration, and in some cases imposed fines of several thousand pounds. The SRA's AML supervision team actively cross-references its register against other data sources, including HMRC's money laundering supervision register.
What the MLR 2017 Require From Solicitor Firms
The core obligations under the MLR 2017 for solicitor firms are as follows:
Firm-Wide Risk Assessment
Every firm must prepare and maintain a written firm-wide risk assessment (FWRA). This document identifies the money laundering and terrorist financing risks specific to your practice. It must cover:
- The nature and size of your client base
- The types of services you offer
- The jurisdictions you deal with (including cross-border work)
- The delivery channels you use (e.g., online, in-person)
- Your internal controls and procedures
The FWRA must be reviewed at least annually, or more frequently if your firm's risk profile changes. A common mistake is treating the FWRA as a one-off document. The SRA expects it to be a living document, updated as your practice evolves.
Policies, Controls, and Procedures
Based on your FWRA, you must implement written policies, controls, and procedures (PCPs) to mitigate the identified risks. These must cover:
- Customer due diligence (CDD) procedures
- Enhanced due diligence (EDD) for higher-risk clients
- Ongoing monitoring of client relationships
- Internal reporting procedures (suspicious activity reports, or SARs)
- Record-keeping (retention for five years after the business relationship ends)
- Staff training
The PCPs must be approved by senior management (the partnership or board). They must be accessible to all staff and reviewed at least annually. The SRA's AML supervision team will ask for copies of your PCPs during a routine inspection.
Customer Due Diligence
You must carry out CDD before establishing a business relationship or carrying out a one-off transaction. For solicitor firms, this typically means:
- Identifying the client (name, date of birth, address)
- Verifying that identity using reliable, independent sources (passport, driving licence, utility bill)
- Identifying the beneficial owner if the client is a company or trust
- Understanding the purpose and intended nature of the business relationship
For conveyancing transactions, you must also verify the source of funds. This is a common area where firms fall short. Simply accepting a bank statement showing a balance is not enough. You need to trace the funds back to their origin, especially for large deposits or unusual patterns.
Enhanced Due Diligence
EDD applies when the client or transaction presents a higher risk. Examples include:
- Politically exposed persons (PEPs)
- Clients from high-risk third countries
- Complex or unusually large transactions
- Transactions with no obvious economic or legal purpose
EDD requires additional steps, such as obtaining senior management approval, establishing the source of wealth as well as source of funds, and conducting enhanced ongoing monitoring.
Internal Reporting and SARs
Every firm must appoint a nominated officer (often the COFA or COLP) to receive internal reports of suspicious activity. If the nominated officer suspects money laundering, they must submit a SAR to the National Crime Agency (NCA).
SARs must be submitted promptly. There is no de minimis threshold. Even a small transaction can be suspicious if the circumstances are unusual. The SRA's AML supervision team expects firms to have a clear internal reporting procedure and to train staff on how to spot red flags.
Staff Training
All relevant staff must receive regular training on AML obligations. This includes solicitors, paralegals, trainees, and administrative staff who handle client due diligence or financial transactions. Training must be recorded and refreshed at least annually.
The SRA's AML supervision team will ask for evidence of training during inspections. A simple email reminder is not sufficient. You should maintain a training log showing dates, topics covered, and attendee names.
SRA AML Supervision Inspections
The SRA conducts routine and thematic inspections of solicitor firms to assess AML compliance. These inspections are separate from the SRA's general regulatory visits. The SRA's AML supervision team focuses specifically on the MLR 2017 obligations.
During an inspection, the SRA will typically:
- Review your FWRA and PCPs
- Sample client files to check CDD and EDD
- Interview the nominated officer and senior management
- Review staff training records
- Check SAR submission procedures
The SRA publishes its findings in thematic reviews. Recent reviews have highlighted common failings, including inadequate source of funds checks, poor record-keeping, and failure to update risk assessments. Firms that fail an inspection may receive a warning letter, a fine, or referral to the SRA's disciplinary tribunal.
Common Pitfalls in SRA AML Compliance
Based on our experience advising solicitor firms, the most common compliance gaps are:
- Outdated FWRA. Many firms prepare a FWRA when they first register but never update it. The SRA expects annual reviews and updates when your practice changes.
- Incomplete CDD. Firms often accept photocopies of passports without verifying them against the original. The SRA expects you to see the original document or use a certified copy from a regulated professional.
- Weak source of funds checks. For conveyancing, you need to trace the funds. A simple bank statement showing a balance is not enough if the funds came from a property sale, inheritance, or gift.
- No ongoing monitoring. CDD is not a one-off exercise. You must monitor client relationships throughout the retainer, especially for ongoing matters.
- Poor record-keeping. The MLR 2017 require you to retain CDD records for five years after the business relationship ends. Many firms fail to maintain a clear audit trail.
How a COFA Can Support SRA AML Compliance
The COFA (Compliance Officer for Finance and Administration) role is central to AML compliance in solicitor firms. While the COLP handles conduct issues, the COFA is responsible for financial compliance, including the SRA Accounts Rules and AML obligations. In many smaller firms, the same person holds both roles.
The COFA must ensure that the firm's AML policies are implemented and that staff are trained. They are the first point of contact for the SRA's AML supervision team. If the SRA finds a breach, the COFA may face personal regulatory action if they failed to take reasonable steps to prevent it.
We offer COFA compliance support for solicitor firms that need help preparing for SRA AML inspections or updating their FWRA and PCPs. Our team of legal-sector-specialist accountants can review your documentation and identify gaps before the SRA does.
Penalties for Non-Compliance With SRA AML Supervision
The SRA takes AML compliance seriously. Recent enforcement cases show fines ranging from a few thousand pounds for procedural breaches to over £100,000 for systemic failures. In the most serious cases, the SRA can intervene in a practice, effectively closing it down.
Beyond financial penalties, non-compliance can damage your firm's reputation. Clients and lenders increasingly expect solicitor firms to demonstrate robust AML procedures. A public reprimand from the SRA can affect your ability to secure professional indemnity insurance or retain lender panel appointments.
The SRA also shares information with other regulators, including HMRC and the NCA. A failure to submit SARs can lead to criminal prosecution under the Proceeds of Crime Act 2002.
Practical Steps to Strengthen Your SRA AML Compliance
If you are a solicitor or COFA reading this, here are five practical steps you can take this week:
- Review your FWRA. Check the date of your last review. If it is more than 12 months old, schedule an update.
- Audit your CDD files. Pull five recent client files and check that CDD was completed before the retainer started. Look for gaps in source of funds verification.
- Update your PCPs. Ensure your written policies reflect your current practice. If you have started doing cross-border work or accepting cryptocurrency payments, your PCPs must address these risks.
- Run a staff training session. Even a 30-minute session on red flags for money laundering can make a difference. Record attendance and keep a summary of what was covered.
- Check your SAR procedure. Does every staff member know how to report a suspicion internally? Is your nominated officer contactable and trained?
For a more detailed review of your AML compliance, consider our free firm health check. We assess your FWRA, PCPs, and CDD procedures against SRA expectations and provide a confidential report with recommendations.
Final Thoughts on SRA AML Supervision
SRA AML supervision is not a box-ticking exercise. It is a regulatory requirement that carries real consequences for non-compliance. The best approach is to integrate AML compliance into your firm's daily operations rather than treating it as an annual chore. A well-documented FWRA, robust CDD procedures, and regular staff training will protect your firm and your clients.
The SRA's AML supervision team is active and increasingly sophisticated in its inspections. Do not wait for a warning letter to take action. If you need help, speak to a legal-sector-specialist accountant who understands the MLR 2017 and the SRA's expectations.
For further reading, see our COFA fundamentals guide and our SRA Accounts Rules essentials.