Law firms discuss SRA AML audits and Source of Funds challenges at VinciWorks Core Group meeting

On 16 January 2025, VinciWorks hosted the first AML Core Group meeting of the year, gathering leading law firms to exchange best practices for anti-money laundering compliance. Facilitated by Tom Evans from VinciWorks and Jen Dunlop from The Compliance Office, over two-dozen firms discussed and shared experiences around the latest AML trends and challenges. Delegates also heard from Pearl Moses, COLP and MLRO at Setfords, who shared her invaluable insights and answered questions about their recent SRA AML audit.

SRA AML proactive supervision and enforcement

Delegates reflected on the SRA’s recent escalation in inspections and enforcement. The SRA has doubled its firm engagements and increased site inspections by 34% and desk-based reviews by 350% in the past year. Its annual AML report revealed that only 22% of firms were fully compliant, with over £600,000 in fines issued in 2024. Notable cases highlighted included firms fined up to £25,000 for inadequate risk assessments and controls, reinforcing the SRA’s commitment to upholding regulatory standards.

Court of Appeal ruling on forced labour goods

The World Uyghur Congress v NCA ruling was another key topic of discussion. This decision potentially expands the scope of the Proceeds of Crime Act (POCA), holding businesses accountable for supply chain due diligence. Law firms advising clients in industries like fashion, retail, and manufacturing were urged to enhance their scrutiny of source of goods and to mitigate risks of association with forced labour practices. Further discussion was held around upcoming guidance from HM Treasury and the Law Society about the practical nature of the decision (and appeal) given the potential significance.

SRA AML training checklist

The meeting also addressed the SRA’s new AML training checklist. Delegates shared experiences of using the AML training checklist in their own firms, and how to tailor training to their risk profiles, ensuring ongoing staff engagement through practical tools such as quizzes and scenario-based discussions. The checklist emphasised the need for robust documentation and evidence of training, as these areas are increasingly scrutinised during inspections. Delegates discussed some ideas around best practice in training around AML, sanctions and Source of Funds / Source of Wealth checks.

SRA AML audit: insights from Pearl Moses from Setfords

Guest speaker Pearl Moses, COLP and MLRO at Setfords, provided a detailed and fascinating walkthrough of her firm’s experience with a recent SRA AML audit. She stressed the importance of preparation, including thorough reviews of policies, controls, and procedures (PCPs), staff training, and maintaining comprehensive documentation. Pearl’s tips for firms facing inspections included anticipating SRA requests, maintaining up-to-date records, and fostering a culture of compliance. She shared valuable experiences about strategies to promote engagement with the regulator, such as the value of independent audits and strategies for a successful meeting with the SRA.

Source of Funds and Source of Wealth checks

The second breakout session focused on Source of Funds (SoF) and Source of Wealth (SoW) compliance. Participants acknowledged ongoing client sensitivity and internal challenges around these checks, especially the frequency of reverifications and the balance between risk-based approaches and regulatory expectations. It was noted that inadequate SoF checks remain a leading cause of SRA investigations. Recent enforcement actions, such as the £27,000 fine issued to Tyndallwoods, underscored the consequences of failing to conduct proper SoF assessments.

Register for the next AML Core Group

The meeting concluded with a preview of upcoming resources and events, including VinciWorks’ guide to high-risk jurisdictions for money laundering and a webinar series on sanctions compliance. The next AML Core Group meeting is scheduled for 29 April 2025 at midday UK time, offering another opportunity for firms to engage in peer discussions and share their expertise.

To register your interest for the next AML core group, contact Tom Evans at [email protected]

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

“In a world older and more complete than ours they move finished and complete, gifted with extensions of the senses we have lost or never attained, living by voices we shall never hear.”