The SRA’s £68K fine against Scott-Moncrieff & Associates (ScoMo) is not just another AML enforcement headline. It is a clear reminder of how regulators are now assessing risk, intent and follow-through and of how little tolerance there is for firms that fail to adapt after being warned.

That the firm was founded and run by a former Law Society president only reinforces that regulatory expectations apply uniformly, and reputation is no shield.

The facts that matter

ScoMo, a pioneering virtual law firm operating as an alternative business structure (ABS), was fined after allowing approximately $23m to pass through its client account in circumstances where there was no proper link to underlying legal work.

A consultant solicitor acted for a client based in the Russian Federation in relation to the purchase of an asset valued at $22.5m from a Canadian company. The firm agreed to provide escrow services and general advice, but did not act on the sale and purchase agreement itself.

Despite this, the firm:

• Received three payments totalling $23.3m into its client account
  
• Paid $22.5m onward to the asset seller
  
• Made additional payments to an agent in Germany and a company in Estonia
  

The SRA concluded that this amounted to providing a banking facility, in breach of the SRA rules, and created a serious risk that the client account could be used for money laundering or other illicit purposes.

The deeper compliance failure: not just the payments

What elevates this case from a single breach to a cautionary tale is what the SRA uncovered alongside the account misuse. An inspection in 2022 found that none of the firm’s AML framework was compliant with the MLRs including:

• The firm-wide risk assessment
  
• Policies, controls and procedures (PCPs)
  
• Matter risk assessments
  
• Customer due diligence
  
• Ongoing monitoring
  

The SRA did not simply penalise and move on. It provided guidance and explicitly told the firm to fix the issues. A follow-up investigation in 2023 found that the firm’s PCPs still had not been brought into compliance, nor did they reflect the guidance previously given.

From a regulatory perspective, this matters.

What this tells us about today’s regulators

There are three clear signals from the SRA’s approach here.

Warnings now raise the stakes

This was not a “gotcha” enforcement. The SRA inspected, identified problems, gave guidance, and allowed time to remediate. When the same deficiencies persisted, the response escalated. Firms should assume that failure to act after regulatory engagement will be treated as an aggravating factor, not a neutral one.

Client account misuse is being framed as a systemic AML risk

The SRA repeatedly linked the banking facility breach to the risk of money laundering and terrorist financing even without a finding that laundering actually occurred. The regulatory threshold is now firmly about risk exposure, not just proven harm.

Seniority and stature offer no mitigation

The decision makes clear that experience cuts both ways. Where individuals should have known better, the regulator is willing to characterise conduct as wilful or reckless. That language was used explicitly in fining the responsible consultant solicitor 27% of his annual income.

Why the ABS point matters

The £68K fine exceeded the SRA’s usual £25K cap because ScoMo is an ABS, allowing penalties of up to £250m.

This is an important reminder that entity structure directly affects regulatory exposure. Firms operating as ABSs often chosen for flexibility and innovation, must also recognise the significantly higher financial risk when things go wrong.

Key takeaways for law firms

This case should prompt some necessary internal questions.

1. Are we crystal clear on when we should not use our client account?
Escrow services, convenience payments, or “helping a transaction along” are exactly where firms drift into danger. If the firm is not acting on the underlying transaction, client money should almost never be involved.

2. Do our AML policies actually reflect how we operate in practice?
Paper-compliant PCPs that are not embedded in day-to-day decisions are no longer enough. Regulators are looking for operational alignment, not just documentation.

3. What happens after an inspection?
An SRA visit should trigger a structured remediation plan, ownership at senior level, and documented implementation. Treating guidance as optional is now demonstrably risky.

4. Are consultants and fee-earners truly supervised?
Virtual and consultant-heavy models are not exempt from supervision obligations. If anything, this case shows they may attract more scrutiny.

Essentially, this is not a story about one firm’s failings. It is about regulatory patience wearing thin. The SRA is signalling that client accounts are a frontline AML control, repeated non-compliance will escalate consequences and risk exposure alone is sufficient for serious sanction. For law firms, the message is if your client account is ever easier to use than to refuse, your controls are not working.

And regulators are no longer willing to wait while firms figure that out.

The UK is overhauling its AML framework, with the FCA set to replace the SRA and others as the single AML supervisor. The change will unify oversight across law, accounting, and trust service firms, aiming for greater consistency and stronger enforcement. Our guide, From the SRA to the FCA: What the single professional services supervisor means for your firm, tells you everything you need to know about this. Get it here.