CLOSE

close

CLOSE

EN

The SRA releases its 2025 AML annual report. What does it mean for your firm?

Recommended
The SRA releases its 2025 AML annual report. What does it mean for your firm?

The SRA releases its 2025 AML annual report. What does it mean for your firm?
FCA secures first-ever prosecution under the Data Protection Act: A warning shot for UK businesses?

FCA secures first-ever prosecution under the Data Protection Act: A warning shot for UK businesses?
Menopause support is no longer a perk: it’s a compliance issue, and the clock is ticking

Menopause support is no longer a perk: it’s a compliance issue, and the clock is ticking

The Solicitors Regulation Authority (SRA) just published its latest anti-money laundering (AML) annual report, and it offers a comprehensive snapshot of where the sector stands and where it’s heading. It provides data, analysis and clear expectations from the regulator at a time when AML enforcement, technology, and regulatory change are converging. 

 

For firms, this isn’t just another compliance bulletin. It’s a clear message that now’s the time to make AML part of everyday practice. That means using data intelligently, taking real ownership at leadership level and building a culture where compliance is second nature, not an afterthought.

 

AML in a changing regulatory landscape

 

The report lands at a pivotal moment. The UK remains a global financial hub and a prime target for money laundering, with an estimated £100 billion laundered through the UK or UK-linked structures each year.

 

The SRA’s supervisory scope continues to expand, with nearly two-thirds of regulated firms (around 5,700) falling within the Money Laundering Regulations (MLR). This is no longer a niche compliance area but a core element of risk management for the profession. Recent legislative developments, including the Economic Crime and Corporate Transparency Act, have sharpened the focus on professional “enablers” and introduced a new explicit regulatory objective to prevent and detect economic crime.

 

Meanwhile, the government’s planned transition of AML supervision to the Financial Conduct Authority (FCA) could fundamentally reshape oversight of the legal sector. Until then, the SRA continues to deliver proactive, data-led supervision, and the results are both impressive and sobering.

 

Key findings: Progress, pressure, and persistent gaps

 

This past year, the SRA conducted 935 AML supervisory engagements, a 72% increase on the previous year. These included onsite inspections, desk-based reviews, thematic reviews and independent audits.

 

The numbers tell a story of progress as well as challenges:

 

  • 270 firms (32%) were found non-compliant.

  • Only 47% of firm-wide risk assessments (FWRAs) met the required standard, down from 60% the previous year.

  • 19 firms had no FWRA at all and were referred for investigation.

  • 39% of client and matter risk assessments were judged ineffective or incomplete.

  • 18% of client files lacked proper source-of-funds documentation.

  • 311 of 823 firms had fully compliant AML policies, controls, and procedures.

 

These findings underline a sector under pressure. While many firms are working hard to comply, the regulator’s expectations and the sophistication of its oversight are rising faster than many practices can adapt.

 

Data-led supervision: The future is now

 

One of the report’s most important shifts is the move toward data-driven supervision. The SRA is now using analytics from thousands of inspection files to predict risk and identify firms that require intervention.

 

By 2026, the SRA plans to deploy AI analytics to cross-check AML compliance declarations and detect anomalies automatically. Supervisory intelligence will also be increasingly shared with the National Crime Agency (NCA), the FCA, OPBAS, and other professional regulators.

For firms, this means that “real-time compliance,” the ability to evidence due diligence, document rationale and show data integrity, will become the new standard.

 

Documentation alone won’t be enough. The SRA wants to see that firms understand risk, act on it, and can prove that human oversight complements digital systems.

 

Where firms are still falling short

 

The SRA’s findings highlight recurring issues that firms should review urgently:

 

1. Risk assessments are still the weakest link

  • 53% of firm-wide risk assessments were either incomplete or generic.

  • Many failed to connect to actual client data or transaction trends.

  • Firms over-rely on templates without tailoring to their services or jurisdictions.

2. Source of Funds (SoF) are on ongoing problem

  • 25% of files lacked adequate SoF evidence.

  • Too many firms rely solely on bank statements or fail to verify the origins of funds for long-standing clients.

  • The SRA has announced a new thematic review on Source of Funds, making it a priority area for 2025.

3. Shortcuts persist in client due diligence (CDD)

  • 6% of reviewed files lacked identity verification documents.

  • Simplified due diligence is still misunderstood. Some firms apply it by default rather than after assessing risk.

  • Over-reliance on electronic verification without human checks is increasing vulnerability to fraud and deepfake risk.

4. Policies and procedures are often outdated and untested

  • 130 of 823 reviewed policies were non-compliant.

  • Gaps included missing reliance procedures, weak enhanced due diligence (EDD) measures, and outdated sanctions controls.

5. Sanctions compliance is better, but not perfect

  • 92% of firms now screen new clients against sanctions lists, but only 79% re-check existing ones.

  • Six firms were referred for sanctions-related breaches, often due to poor reporting to the Office of Financial Sanctions Implementation (OFSI).

The tone from the top really matters

 

The report makes it clear that compliance isn’t just a technical function but a cultural responsibility. 

 

Firms with structured, ongoing AML training and visible leadership engagement had significantly higher compliance levels. The SRA’s ROLE model (Relatable, Ongoing, Leadership-supported, Engaging) offers a simple but powerful framework for effective AML education.

 

Senior leadership must not only endorse compliance but also model it. The days of delegating AML entirely to a compliance officer are over. Partners and directors are expected to take ownership.

 

Technology, AI and the new compliance frontier

 

While technology has improved onboarding and monitoring, the SRA warns of growing risks from over-automation and vendor fraud. Criminals are increasingly exploiting AI and deepfake tools to falsify identification documents.

 

The message is that technology can support compliance, but not replace professional judgment. Firms should test the reliability of their digital verification systems, scrutinise vendors, and ensure human review remains part of every high-risk transaction.

The enforcement landscape: Fines are rising, fast

 

The SRA’s enforcement record shows a steep upward trajectory:

 

  • 137 internal enforcement outcomes, up from 74.

  • 14 disciplinary tribunal cases, with total fines of £953,000.

  • Fines through settlement agreements jumped from 9 to 58 cases.

  • The SRA’s fining powers have increased twelvefold since 2022.

 

Most breaches relate to FWRAs, client and matter risk assessments, and policies, procedures and controls. The regulator indicates a proportionate tone that allows for education and then enforcement. But repeat or serious breaches will face “zero tolerance” action.

 

What this means for your firm

 

If your firm falls under the MLR, this report is not optional reading. I’s a strategic resource. The SRA has made clear that AML compliance is now central to professional credibility and public trust.

 

Here’s what every firm should be doing now:

 

  1. Review and refresh your firm-wide and matter-level risk assessments. Tailor them to your actual client base, jurisdictions, and practice areas.

  2. Audit your source of funds procedures. Make sure there’s an audit trail that explains why funds are legitimate, not just what documents were collected.

  3. Update your AML policies and testing routines. Incorporate sanctions, EDD, and reliance procedures with clarity and accountability.

  4. Engage leadership in AML culture. Senior management should own, not outsource, compliance.

  5. Prepare for data-led supervision. Expect that the SRA, and eventually the FCA, will compare your declarations to real-world data.

  6. Invest in robust, human-verified technology. Digital tools must enhance, not replace, judgment and documentation.

The SRA’s 2025 AML Annual Report is more than a checklist. It’s a strategic roadmap for the profession. The legal sector is being asked not just to follow the rules but to demonstrate integrity through data, leadership, and behaviour. As the SRA transitions toward AI-driven oversight and the FCA prepares to take the reins, one thing is clear: compliance is no longer just about avoiding penalties. It’s also about earning trust.

 

In this volatile regulatory environment, the need for firms to adopt agile systems that can keep pace. This is why we developed Omnitrack, our workflow optimisation platform. It includes our AML Client Onboarding and Legal Compliance Suite solutions, all customisable to client process. Learn more here.