Legal Compliance Update

High-volume consumer claims

Since the SSB scandal broke, the Solicitors Regulation Authority (SRA) has turned its attention to firms dealing with high-volume consumer claims, and recently said it had uncovered a significant amount of poor practice around litigation funding, referral arrangements, client care, and costs information, leading to it taking the exceptional step of requiring all of these firms to complete a mandatory declaration confirming they are compliant with its rules.

It will be interesting to see how many of these firms will eventually face enforcement action, including misleading the regulator by saying they are compliant when in reality they aren’t; a recent prosecution found a solicitor who misled the SRA to be dishonest!

Money laundering risks – consultant fee-share firms

The SRA has said that, “the decentralised nature of consultant-led law firms carries extra money laundering risks that mean compliance officers may need to be “more interventionist”; these firm structures can be of benefit to firms and solicitors, but their decentralised nature can carry risks. We have noted that it is sometimes difficult for these firms to keep a central anti-money laundering (AML) policy in operation, to monitor compliance, and to ensure a consistent standard across the firm.

Firms’ money laundering compliance and reporting officers (MLCOs/MLROs) “will need to be more vigilant and potentially more interventionist in order to make sure that the firm is not put at risk by non-compliance. Firms should also check the level of AML knowledge of new entrants to the firm and undertake training where needed. A new consultant who previously occupied a partnership role may, for example, be unfamiliar with AML processes because these were delegated to other staff.”

Feedback from ex-consultants suggests that this risk is real, and that some current consultants are leaving themselves exposed to potential enforcement action in the future.

Axiom Ince update

New evidence has recently come to light showing that during the SRA’s investigation it failed to check the firm’s statutory accounts, and failed to identify that audited accounts had not been submitted.

The accountancy practice that looked after the firm’s accounts was recently fined £2,200 for incompetence.

The failure to submit accounts should have raised real concerns for the SRA, leading to immediate action, but the firm was allowed to operate for a number of further months.

This scandal will continue to rumble on, especially as those charged with wrongdoing have pleaded not guilty, and won’t have their case heard until February 2027!

Competence reflection

The SRA is to consult on strengthening its continuing competence requirements over concerns that solicitors are not reflecting properly on what they do; the consultation will focus on reflection and the maintenance of professional ethics.

In its Annual Competence Assessment 2025, the SRA said, “We have also identified wider shortcomings in how some solicitors approach their obligation to maintain their competence. These include solicitors not fully reflecting on all aspects of their practice and limited awareness and use of our warning notices and guidance in maintaining competence. We outline in this report how we will address these issues.”

On the plus side, the SRA also said, “Our monitoring shows that most solicitors keep their knowledge and skills up to date. From the sample of solicitors and firms we engaged with over the last 12 months, we also know that most firms have effective systems and controls in place. And that the solicitors they employ are competent and capable of delivering good quality legal services.

Residual balances

A recent round of audits carried out by a leading firm of accountants has found that over 65% of law firms had broken the rules around residual balances, it said: “It seems to be a persistent challenge to get fee-earners to dedicate time to resolving residual balances, regardless of how significant the issue may be”.

The finding in effect means that over 65% of lawyers had not done their jobs right in the first place, in that they had not closed the client files properly!

A fee is not earned until a file has been properly closed and residual balances returned to the client, and therefore bonus payments based on earned fees should not be made unless these actions have been completed; if bonuses aren’t paid, then residual balances should be reflected in salary reviews.

The days of fee earners throwing billed files into a corner pending closure should have been long gone, but they are clearly alive and well in some firms according to the audit findings!

This month we focused primarily on anti-money laundering (AML) due to the recent publication of the UK’s National Risk Assessment of Money Laundering and Terrorist Financing, jointly developed by HM Treasury and the Home Office; the last assessment was published in 2020.

One of the key observations from the assessment is that ‘the volume of cases of suspected money laundering that involve lawyers has remained high, relative to the small number of regulated professionals’; ‘suspected money laundering’ isn’t a criminal offence under the Money Laundering Regulations, so when are we going to see this “volume” of suspected cases turn into prosecutions for ‘actual’ money laundering!

Following on from the above assessment, the Solicitors Regulation Authority (SRA) has published its own sectoral assessment, identifying the following emerging risks:

• Capital flight from high-risk countries
• Client account issues (using it as a banking facility)
• Poor client due diligence
• Changing firm business models (including decentralized checks undertaken by consultant fee-share firms)
• Technology

Law firm client accounts have also been addressed by the national assessment, with it saying, “client accounts continue to be assessed as high risk as they can be misused by criminals to both move illicit funds and to provide a veil of legitimacy to the proceeds of crime”; the report goes on to say that the emergence of third party management accounts (TPMA) “may, in time, reduce the client account risk”. Many argue that moving from client accounts to TPMAs would just be moving the problem from one place to another and that fraud would not reduce; they also say that putting funds in one or two places increases the risk of cyber crime!

The government wants to improve the anti-money laundering regime by making a number of changes to it, but firms shouldn’t get too excited that it will reduce the day-to-day burdens around firm-wide, client and matter risk assessments, client due diligence, policies, controls and procedures, etc.; the proposed changes will include:

• Clarifying thresholds for Simplified Due Diligence (SDD)
• Refining triggers for Enhanced Due Diligence (EDD)
• Improving guidance on ongoing monitoring

On 31 July 2025, the threshold for submitting a Defence Against Money Laundering Suspicious Activity Report rose to £3,000 from £1,000 in line with the Proceeds of Crime (Money Laundering) (Threshold Amount) Order 2025; this means firms will not commit money laundering offences if the value of the criminal property in the proposed transaction is less than £3,000. One aspect of this is that firms can return money to a client to end the business relationship without committing a criminal offence if the value of the suspected criminal property is below £3,000.

A solicitor has been jailed for his part in helping to run two bogus investment schemes and for money laundering; one of these involved 150 clients and £6m.

Another solicitor has agreed to be struck off for various AML breaches with the Solicitors Disciplinary Tribunal saying it represented ‘widespread and fundamental non-compliance with critical regulations’ amounting to systemic failures. This potentially shows the SRA could be taking a far more robust approach to such breaches as more recent similar cases where only fines were imposed; the breaches were:

·       Inaccurately confirmed to the SRA that his firm had a firm wide risk assessment (FWRA) when it did not.

·       Failed to ensure that the firm had the FWRA or the required policies, controls and procedures (PCPs).

·       Failed to ensure the necessary scrutiny regarding the source of funds of 63 conveyancing clients.

·       Failed to ensure the firm had an adequate system for the application of customer due diligence (CDD) measures.

·       Failed to ensure residual client balances were returned to 54 clients.

·       Failed to obtain an accountant’s report for several accounting periods during which the firm held client money.

It is clear that the solicitor was not in proper control of his firm and it may be the culmination of the different breaches that led to the strike off.

It has become apparent that many firms are not carrying out counter-party due diligence, with some saying they don’t feel it is a matter for them as the firm acting for the counter-party will have undertaken their own due diligence. However, the Legal Sector Affinity Group guidance (5.16.3) says that in the sale/purchase of real property “firms must seek to understand all aspects of the matter, including undertaking appropriate due diligence on the parties involved in line with regulatory requirements, and understanding the source of funds/source of wealth used.”

Another area of concern that the SRA has identified is solicitors’ misunderstandings around sources of funds; the SRA has provided this question with a view to clarifying matters:

Is a source of funds check always required?

a) Yes, you must always carry out a source of funds check, or

b) It is required where necessary, based on a risk-based assessment and specific regulatory triggers (such as PEPs and high-risk third countries), or

c) It is only required if client money passes through your client account.

Correct answer: b

Why: If the client is a politically exposed person, you must apply a source of funds check under regulation 35. If the client or counterparty are established in a high-risk third country, you will need to check source of funds also.

In addition regulation 28(11)(a) requires firms to undertake a source of funds check 'where necessary', though this is not defined in the regulations. We interpret this as requiring a risk-based approach. This means your firm, client and matter risk assessments need to be considered when deciding if it is necessary.

The requirement to do source of funds checks might apply even if no money is coming through your client account.

This month has seen yet more comings and goings at the top of the legal regulators, with the announcement that the new Chief Executive of the Solicitors Regulation Authority (SRA) will be Sarah Rapson, who will take up her post towards the end of 2025.

In the last 12 months the SRA will have seen the departure of its CEO, Deputy CEO and GC, and Head of Legal, with its Chair looking to leave in the next 12-18 months; she had wanted to leave sooner had it not been for these other top-level departures, but agreed to stay for a further two years to help ‘steady the ship’!  

Out of the blue came the announcement that Craig Westwood, Chief Executive of the Legal Services Board (LSB) had resigned from 1 July; this follows on from the immediate resignation of Alan Kershaw, the Chair, in February. We are still waiting for the publication of the SSB scandal report, and to see what the SRA does in terms of the enforcement action taken by the LSB in the wake of the Axiom Ince scandal, so new incumbents coming into both organisations are likely to face a real baptism of fire, especially when the SRA’s reputation with those it regulates appears to be in tatters!

We have also seen the departure of Kathryn Stone, Chair of the Bar Standards Board, who fired a salvo of criticism on her way out, saying, ““Legal services are a great UK success story marked by high levels of professional and ethical competence. Those services are manifestly not for the most part poorly regulated and it is deeply unhelpful to the reputation of a successful industry to say that they are. So how has this come about? I think the answer lies in the difficulty which an oversight regulator necessarily has in exercising its functions at one remove from the front-line. The board and executive of the oversight regulator are no more experienced than the boards and executives they are overseeing. Oversight gives responsibility, but it does not, in itself, give sharper insight into, or greater care for, the public interest. Still less does it give a better understanding of the challenges of front-line regulation.”

Seeing so many senior executives leaving, even when some have said it was for ‘personal reasons’, leaves many wondering whether there is something seriously wrong with the current legal regulatory framework, but whatever it is, we now need to see some calm, not only for the regulated sector, but also for legal service users who rely on regulators to protect them!

To add to the crisis, the Chair of the Legal Services Consumer Panel has said that the Legal Services Act 2007 is no longer fit for purpose and should be replaced by a new Act that better reflects the needs of consumers today. Even though the current government has promised to reduce the regulatory burden on business, we are unlikely to see a new Legal Services Act for some years, if at all.

Legislative and regulatory changes

·   The Legal Ombudsman is working on a blueprint for all firms to provide a standard response to complaints from clients; it has announced the development and pilot of its Model Complaints Resolution Procedure in an effort to create consistency across all firms. It will be interesting to see if a ‘one size fits all’ approach will work!

·   The Data (Use and Access) Act 2025 received Royal Assent on 19 June 2025. The Act amends, but does not replace, the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018 (DPA) and the Privacy and Electronic Communications Regulations (PECR). The requirements of the Act will be implemented over the next 12 months. Key changes include:

o   The Act introduces “recognised legitimate interests,” simplifying compliance for certain activities such as crime prevention and safeguarding, though its scope is limited.

o   The Act codifies the requirement for “reasonable and proportionate” searches when responding to data subject access requests, potentially reducing administrative burdens. There isn't anything specific about the cost of carrying out the request when considering your reasonable and proportionate efforts when completing a SAR. It's up to you to decide on whether you want to consider cost and what is reasonable for your organisation.

o   Restrictions on automated decisions are relaxed except for special category data, supporting innovation but requiring careful risk management.

o   New frameworks will enable more secure data sharing and digital identity verification, opening opportunities for innovation but demanding robust compliance.

o   The Information Commissioner’s Office (ICO) will be replaced by the Information Commission, with enhanced investigatory and enforcement powers.

·   Law firms that operate as a limited company or LLP will be required to reveal profit and loss figures from 2027 as part of the government’s drive to reduce fraud. Small companies (£1m - £10.2m annual turnover) will also have to file a director’s report. The option to file ‘abridged’ accounts will be removed.

·   From October 2025 all legal aid providers will be required to obtain Cyber Essentials certification to retain their Legal Aid Contracts with the Legal Aid Agency.