Legal sector under the spotlight for economic crime compliance

15 October 2021

In November 2020 the Solicitors Regulation Authority (SRA) published a report articulating the outcomes from their sectoral Anti-Money Laundering (AML) visits which took place during 2019 and 2020. They identified key areas for enhancement including requirements to:

  • Undertake an independent audit to assess the design and effectiveness of AML controls;
  • Perform matter risk assessments to identify higher risk practices or red flags which need to be understood and appropriately mitigated; and
  • Check and understand clients’ source of funds to evaluate the risks associated with client transactions.

As a result of this, the SRA concluded that almost two third of firms visited (47 of 74) required further engagement to course-correct their AML practices, and nine firms were referred to the SRA’s dedicated AML Investigations Team to determine if breaches had occurred and subsequently what sanction was required.

Fast-forward 6 months to June 2021 and the SRA confirmed its stance with respect to AML, by levying enforcement action against six firms in its supervisory portfolio which had failed to implement sufficient AML policies, procedures and controls over a year after the UK’s Money Laundering Regulations (MLRs) were updated.

Now, in October 2021, the SRA noted at the Law Society AML and financial crime conference that only 16 firms which were subject to virtual SRA visits in 2020-21 were fully compliant with their AML obligations. Eight were deemed not compliant to an extent which required referral to the AML Investigations Team for investigation.

It’s evident that the SRA continues to maintain high expectations amongst its supervisory portfolio with respect to AML. So, what does this means for the legal sector in terms of translating regulatory obligations into effective operational processes to play their part in the UK’s ongoing fight against financial crime?


Legal firms continue to be an attractive target for criminals looking to launder criminal proceeds, as they provide legitimacy to transactions and often handle large amounts of money as part of their primary business activities.

Now more than ever, as a result of COVID-19 and a continued shift towards remote working, the risk of criminals seeking to exploit any weaknesses in firms may be heightened and practitioners will need to be mindful that criminals continue to explore new ways of bypassing the checks and balances put in place to prevent money laundering (as well as other forms of economic crime).

During the course of the reviews carried out by the SRA, thematic regulatory breaches, shortcomings and common deficiencies were identified which require urgent remediation to bolster legal firms’ efforts to prevent and deter illicit activity. These include:

Governance and Oversight:

  • Poor ‘tone from the top’, senior management and committee feedback and challenge
  • Inadequate oversight by the Second and Third Lines of Defence (Compliance teams and Internal Audit functions respectively)

Risk Assessment:

  • Poorly designed Enterprise-Wide Risk Assessments (EWRA)
  • Unclear and inadequate approach to Customer and/or Matter Risk Assessments, without consideration of all pertinent risks.

Policy and Procedures:

  • Internal guidance is misaligned with legal requirements, supervisory expectations, and industry standards

  • Unclear reference to and articulation of customer and matter risk assessments within policies and procedures

Customer Due Diligence (CDD):

  • Inadequate and inconsistent approach to sanction screening all parties related to a client relationship, including beneficial owners and controllers – during the visits conducted by the SRA in 2019-20, out of 74 firms reviewed seven firms never checked clients for sanctions.
  • Unclear and inconsistent customer risk rating, impacting on firms’ ability to apply proportionate AML controls which are commensurate to the level of risk identified
  • Inadequate or absent checks conducted on clients’ source of funds – during the virtual visits conducted by the SRA in 2020-21, almost half of files reviewed (103 out of 241 ) did not contain appropriate source of funds checks and nearly a quarter of firms (17 out of 69) did not have sufficient policies and procedures covering source of funds protocols

Ongoing Monitoring and Suspicious Activity Reporting (SARs):

  • Inconsistent SAR approach, this refers to both internal and external SARs
  • Lack of proactive periodic monitoring for medium and low risk clients
  • Lack of formal and consistent ongoing monitoring of transactions

Training and Awareness:

  • Training is  not sufficiently risk-based, nor tailored for those undertaking specific roles and responsibilities, especially for those in key AML-related roles
  • Lack of a ‘training needs assessment’, to formally define which training should be undertaken by staff in different roles/teams.

What are the consequences for non – adherence?

It is important to note that the SRA continually monitors firms within its supervisory remit and highlights the importance for the sector to adhere to all pertinent legal requirements, supervisory expectations, and industry standards.

Non-compliance to these could result in disciplinary action including:

  • Fines
  • Reprimands
  • Prohibition Orders
  • Revocation of Recognised Body Status
  • Variation of conditions on practising certificate
  • Suspension (for a fixed or indefinite period)
  • Imprisonment

Disciplinary action can bring high costs for firms to remediate the deficiencies to enhance and sustain their AML framework. Also, firms must consider the potential reputational damage and possible loss of current and future business which could arise through poor AML compliance.

What should firms be doing?

The legal sector is obliged to ensure adherence to regulations and industry best practice, and the SRA comment that the sector on the whole is committed to doing the right thing and playing their part in the domestic and international fight against economic crime.

A lack of understanding of risk, a lack of focus on compliance, and taking a tick-box approach (without critical evaluation of risk) demonstrates weakened controls and leads to a higher risk of being exploited by criminals. Therefore, legal firms would benefit from taking a proactive approach to ensure that the aforementioned gaps and deficiencies are appropriately addressed, and that appropriate processes, controls and systems are suitably implemented and well embedded.

How can BDO help?

Our Economic Crime Advisory team has a wealth of knowledge and diverse expertise across both the Financial Services (FS) and non-FS sectors. By understanding our clients’ unique needs and business models, we can not only help to develop any specific AML controls , but also develop a complete, holistic, and robust AML framework from the ground up, to ensure full compliance with the legal requirements, supervisory expectations, and industry standards.

BDO’s Economic Crime Advisory team work closely with firms in the legal sector to support them with the practical implementation of their anti-financial crime obligations. Our team brings extensive experience in reviewing and helping legal firms to enhance their AML frameworks, including risk assessments, policies and procedures, EWRA and compliance monitoring. We also have a track record in the provision of tailored AML training to staff as well as Senior Management, which can be delivered onsite or on a remote-basis. This positions us well to focus on any specific framework gaps as well as our clients’ AML controls across all three lines of defence. 

We have a deep understanding of legal business models and the specific environments in which legal practices operate, and our team benefits from members who have previously worked in legal firms and regulatory bodies. This enables us to act as a strategic partner, providing clear advice which is both balanced and constructive.

Please do not hesitate to contact a member of our Economic Crime Advisory team if you have any questions regarding how your economic crime framework can be optimised to meet the expectations of the SRA.