Contact Sales
Legal

Legal Compliance Update

The Access Group provides the latest legal compliance news for law firms and solicitors in the UK.

See all updates:

Register for the webinar series

Compliance Legal Sector Legal Case Management Legal Practice Management

Posted 01/05/2025

Legal Compliance Update

June 2025

As expected the Solicitors Regulation Authority (SRA) has been very busy focusing on the conduct of those it regulates, however, it has itself been sanctioned by the Legal Services Board (LSB) over its conduct in the Axiom Ince scandal, with binding directions being placed on it in the following terms:

  • Improve how it identifies risks to consumers and be more proactive in responding to them. This includes risks arising from the corporate structure of law firms and from sales, mergers and acquisitions. 

  • Strengthen the regulation of client money and ensuring firms have effective safeguards in place. 

  • Strengthen controls to protect the public interest and consumer interest where there is a concentration of ownership, compliance and management roles in one person. 

This is the first time that the LSB has issued such directions to a front-line regulator under the Legal Services Act, which clearly shows how serious the issue is being taken.

Annual SRA AML/sanctions audit

The SRA has been sending emails to all firms telling them they must complete the annual questionnaire, which will provide insights into their levels of compliance with the relevant legislation; the questionnaire has 44 questions and will require COLPs and money laundering compliance officers to take time out to answer them.

The data collection exercise will run from 7 July to 15 August 2025

It will be interesting to see how many, if any, firms are subject to enforcement action after this exercise, and whether the SRA will start using its new unlimited fining powers against any firms that may be found to be non-compliant!

SRA fines

May saw the largest ever fine of £4m imposed by the SRA, however, the solicitor involved had already been declared bankrupt so it was never going to be paid; it appears the SRA wanted to grab the headlines and use the case as a deterrent for other solicitors who may want to step out of line in the future!

We also recently saw one of the largest fines (£120,000) being imposed for AML breaches, with the level of fine being largely determined by the fact that non-compliance had occurred over a 15 year period; the fine was nearly five times more than the average AML fine imposed to date.

In recent weeks the SRA has imposed fines on 12 firms for AML breaches, and has said that it will be clamping down on firms even harder as it says past fines have not acted as enough of a deterrent!

The most recent fines for AML non-compliance suggest that risk assessments and policies were still not in place at the end of 2024;. this was after a series of fines for AML breaches and came in the wake of several warnings about the importance of meeting AML requirements.

Some solicitors may balk at the level of scrutiny and sanctions they are being placed under, but the SRA says it under pressure from the Office for Professional Body Anti-Money Laundering Supervision (OPBAS) to act where firms are in breach.

Client due diligence and ‘Reliance’

It has become apparent that some firms are still being pressured by third parties and clients into accepting the client due diligence (CDD) undertaken by the third parties on their clients, in order to reduce costs and inconvenience, however, to do this the requirements of R39 must be complied with; to assist, here is an extract from the Legal Sector Affinity Group (LSAG) guidance:

Reliance has a specific meaning within the Regulations and relates to the process under R39 where, in certain circumstances, you may rely on another person to conduct CDD for you, subject to their agreement.

Reliance does not necessarily mean obtaining certified copies of documentation from other regulated professionals for due diligence purposes.

You should note that you remain liable for any non-compliance with CDD requirements when you rely on another person. For this reason, you should view reliance as a risk as, if things go wrong, it is you that will be held responsible. It may not always be appropriate to rely on another person, especially where there is a higher risk of money laundering, requiring enhanced due diligence measures.

In order to rely on another regulated person to apply CDD measures you must as a precondition, obtain from them all the information (though it should be noted not the underlying documentation) needed to satisfy the requirement to apply CDD measures in accordance with R28(2) to (6) and (10).

Subsequently you must:

    • enter into arrangements with the other person, which:
      • enable you to obtain from the other person immediately on request copies of any identification and verification data and any other relevant documentation on the identity of the client and/or its beneficial owner; and

      • require the other person to retain copies of the data and documents in accordance with R40; and

    • Obtain evidence to establish that the person relied upon, falls into the category of persons who may be relied upon as per R39(3) (regulated party).

New complaint rule

The SRA has proposed a new rule requiring firms to provide clients with a copy of their complaint procedures at the end of the matter (it should already be provided at the start); a further rule change would require solicitors to make sure complaints information was “clear, accessible and in a prominent place” on their websites.

Apparently only 68% of law firms published their complaints procedure on their websites, despite it being a regulatory requirement, and even where they were, they could be hard to find; the SRA will develop guidance on this, such as “not requiring multiple clicks to access or that it should be linked from a home page”. These changes need to be approved by the Legal Services Board.

SRA Diversity Data Collection

The SRA requires firms to send in their diversity data from 9 June to 4 July 2025; Access Legal is, as usual, providing its Diversity Survey Tool to enable firms to anonymously collect data from their employees. Click here if you would like further details - https://survey.riliance.co.uk/

May 2025

April saw the publication of the latest Legal Sector Affinity Group (LSAG) guidance, which took  effect on 23 April 2025; the updated guidance consolidates many of the changes that have been made in the anti-money laundering sector since the last guidance was published in 2023.

However, this should not stop firms from reading the guidance and updating their firmwide risk assessments (FWRA) and associated documents and training accordingly. Helpfully, the guidance now has a specific section showing the 2025 amendments and updates (see pages 221-228).

So, what are the key changes to the guidance?

Here they are:

  • Wording used for beneficial owner shareholders changed from “25% or more” to “more than 25%”
  • New definition of a high-risk third country
  • Additional information about the Economic Crime Levy
  • Additional information about supply chain risk
  • New subsections relating to The Register of Overseas Entities, De minimis exemption and mixed property transactions
  • Updated guidance where you receive contributions from third parties towards source of funds
  • New regulation on domestic PEPs

However, we found two key errors in the guidance, which have been reported to the Solicitors Regulation Authority (SRA); the guidance will be updated in due course. The errors are:

  • 6.14.4 – appears in the amendments (top of p223) but not in the main guidance
  • 16.4 – these defences don’t appear in the main guidance (towards the bottom of p226)

Don’t forget that when you update your FWRA you need to keep a record of previous versions; the SRA has found a number of firms wanting over the last few years as they couldn’t produce previous versions going back many years!

Own-interest conflicts and handling complaints

We recently asked the SRA for clarity around whether an own-interest conflict could arise in the handling of a complaint, and after some going back and forth finally received clarification:

"A solicitor must not act if they have an own interest conflict or a significant risk of an own interest conflict (Paragraph 6.1 of the Code). An “own interest conflict” will arise where the solicitor’s personal interests, or their firm’s interests, conflict with those of a client.

Whether an own interest conflict exists is a matter for the solicitor’s professional judgment taking all of the circumstances into account. But normally it is rare for there not to be an own interest conflict where the solicitor or firm has made an error or failed to do something which could give rise to a negligence claim.

However, a complaint about poor service does not necessarily mean a solicitor has been negligent or that an own interest conflict exists. The solicitor will need to consider the circumstances of the complaint to decide whether a conflict does exist."

It is clear from the final paragraph that the SRA foresees that in some cases there could be an own-interest conflict, but leaves this, as usual, for firms to determine where this might be!

We have updated our complaints policy template to cover this point and have provided a suggested way of assessing whether an own-interest conflict may arise, for example, such a conflict probably won’t arise where there has just been a delay and only an apology is warranted, whereas a more serious complaint that could result in a fee reduction, compensation, potential referral to the Legal Ombudsman (LeO) may be considered to create such a conflict, as a firm will most likely be wanting to get rid of the complaint by rejecting it, or settling it for as little as it can get away with!  

To ensure a fair and independent view is taken over a complaint, some firms engage external consultants, and this may be a solution for those where there is an actual or serious risk of a self-interest conflict.

The takeaway from this is, update your complaints procedure to include a new initial step for when a complaint is received, which consists of assessing whether an own-interest conflict exists and what to do if there is one; update your complaints handling training for staff as well.

SRA review of the COLP regime

I attended a recent webinar run by the Legal Services Board (LSB) and during the discussion it was said that the SRA would be carrying out a review of the Compliance Officer for Legal Practice (COLP) regime to see whether it was fit for purpose, and whether any lessons could be learned from the financial services sector in relation to its Senior Managers regime.

The Senior Managers regime covers:

  • A Statement of Responsibilities
  • Regulatory references
  • Criminal records checks
  • Specific conduct rules

Firm partners and managers must be confident that their existing COLPs are undertaking their roles effectively, as liability for compliance is on a joint and several basis; COLPs cannot be seen as sacrificial lambs!

To assess whether COLPs are doing the ‘right thing’, each partner/manager should ask themselves a simple question, “Would I be happy to take over the role immediately?”; if the answer is ‘no’, then I suspect it is because of a fear of the consequences of getting it wrong, or the COLP has just been left to get on with everything with no effective oversight, or they know the COLP has just been filling the position to enhance their CV or career prospects and know there will be gaps in compliance!

It is clear from recent SRA sanctions around AML non-compliance, that some COLPs (and MLRO/MLCOs) have not been doing their jobs as they should have been, and if the number of cases was extrapolated across the sector, it suggests many other firms are in the same position, even if they hold accreditations (the vast majority of firms sanctioned held and continue to hold CQS or Lexcel, or both)!

ICO visits to law firms

We have become aware that the Information Commissioner’s Office may be visiting some law firms to check on the levels of compliance with data protection legislation; we have been unable to get confirmation of this, but just in case it is true, firms are advised to check that their data protection policies, controls, procedures and training programmes are up to date.

SRA Diversity Date Collection Exercise 2025

The SRA recently announced that it will be collecting diversity data again in the Summer, but has not fixed any dates yet; the last exercise took place in 2023. Frims need to start preparing for the exercise so that when the SRA does confirm the return period they are able to act appropriately.

As in previous years, Access Legal will be providing its data collection tool to assist firms collecting data on an anonymous basis; Find further details here.

April 2025

What a busy month it’s been for regulators!

The Legal Services Board (LSB) recently published its annual Regulatory Performance Assessment, in which it said that the Solicitors Regulation Authority (SRA) and the Bar Standards Board (BSB) had fallen short of expected standards.

In brief, the finding of ‘insufficient assurance’ means that the LSB has serious concerns which these regulators need to take immediate action to address; the ratings are:

  • SRA
    • Well led – partial assurance
    • Effective approach to regulation – partial assurance
    • Operational delivery – insufficient assurance
  • BSB
    • Well led - insufficient assurance
    • Effective approach to regulation – partial assurance
    • Operational delivery - insufficient assurance

Both the Law Society and Bar Council have criticised their regulatory arms over the LSB’s assessment that their performance was inadequate and needed urgent improvement, which is somewhat surprising bearing in mind their past comments around being unable to do this due to the Internal Governance Rules (IGRs); as far as I am aware the IGRs have not changed, so what makes it okay to criticise now but not in the past!

The LSB has also proposed new requirements on legal regulators to strengthen ethical standards from the start of lawyers’ careers, but has said that it recognised that this was not a job for regulation alone. It’s CEO has said that, “It must form part of a holistic approach that will transform workplace and leadership culture; equally importantly, our evidence highlights that lawyers need an environment in which they feel supported and empowered to maintain these duties, particularly in the face of competing pressures. This includes fostering strong professional support systems that help practitioners navigate complex ethical decisions.”

A recent report published by the Taskforce on Business Ethics and the Legal Profession has said that law firms should adopt a ‘legitimate provenance of wealth test’ when taking on clients related to kleptocracy, state capture and grand corruption as part of an ethics-based approach that goes beyond legal or regulatory tests; this would require clients to provide “credible explanations” for their money and address gaps in the anti-money laundering (AML) framework. The report recommends a ‘comply or explain’ approach, and not for firms to simply ask “Can we defend this at a tribunal?” but instead “Can we defend this in public?”

It will be interesting to see how firms approach acting for such clients, where what they are being asked to do is lawful but may be considered by some as awful!

The SRA has won its High Court appeal in relation to a recent finding in the Solicitors Disciplinary Tribunal, where a firm said that its breach of the AML regulations was “inadvertent” and did not amount to professional misconduct. The judge said the SRA only had to prove that rule breaches were serious, reprehensible and culpable where such a test was “inherent in the rule in question”.

Other news

The City of London Law Society has said that the SRA's proposals to change how client money is held show further evidence of its instinct to overregulate, and that they threaten to harm the sector. The SRA has said that no firm decision has yet been made on scrapping the client account. Speaking at a recent conference, an SRA executive director said it was important to explore options, but nothing has been decided; she went on to say, ‘It is not a fait accompli but it is important to engage and think about these options, I don’t think there is a question of this happening today or this year but there is the potential for things to be developed.’

A judge recently ruled that a solicitor cannot base a victimisation claim against her law firm at the employment tribunal on it reporting her to the SRA; there has always been a question over whether employees facing disciplinary action could claim their firm had prejudged the outcome of the process because it had complied with its regulatory obligation to report serious misconduct, or other information that the SRA may wish to be made aware of so it can investigate further. This case may provide firms with the comfort they were looking for.