The SRA’s AML crackdown: Key takeaways for law firms in 2025

The Solicitors Regulation Authority (SRA) has kicked off the year at a blinding speed, issuing a significant number of fines to firms that have failed to meet regulatory requirements. Out of 50 disciplinary decisions so far, 16 have been related to AML non-compliance, with total fines amounting to £61,715. This highlights a growing trend of regulatory enforcement and underscores the importance of robust AML procedures for law firms in 2025.

Why Are Firms Being Fined?

The SRA has identified several key areas where firms are consistently falling short in their AML obligations. These include:

1. Failure to Conduct AML Risk Assessments
   A fundamental requirement for firms is to have a documented, firm-wide AML risk assessment. However, many firms either lacked this entirely or failed to conduct proper assessments of client and matter risks. Risk assessments are crucial for identifying potential money laundering threats and ensuring that firms apply appropriate due diligence measures. Without them, firms expose themselves to legal risks and regulatory penalties.
2. Inadequate AML Policies, Controls, and Training
   AML policies and internal controls are essential in preventing financial crime. Firms must implement thorough due diligence processes, provide staff training, and ensure that internal controls are in place to mitigate risks. Many firms that were fined had failed to do so, resulting in regulatory action.
3. Failure to Notify the SRA of Compliance Officer Changes
   When a firm’s Compliance Officer for Legal Practice (COLP) or Compliance Officer for Finance and Administration (COFA) changes, the SRA must be notified. Some firms neglected this requirement, leading to fines. Keeping the regulator informed of compliance officer changes is a basic but critical obligation.
4. Ongoing Non-Compliance Over Multiple Years
   Perhaps the most concerning trend is that some firms have been non-compliant for several years, with breaches stretching from as far back as 2017 to the present. This suggests that despite increasing regulatory scrutiny, some firms have failed to address compliance gaps over an extended period. Persistent failures not only invite higher penalties but also put firms at greater risk of reputational damage and potential enforcement actions beyond fines.
5. Higher Fines for Systemic Failures
   Firms with long-standing and widespread compliance failures have faced the biggest penalties. Those with systemic gaps in AML processes and policies were fined significantly more than firms with isolated breaches. The highest fine issued so far in this crackdown was £27,813, reinforcing the SRA’s message that long-term AML failures will not be tolerated.

Notable Firms Penalised

Several law firms have faced fines for their AML shortcomings. Some of the most notable cases include:

• Burch Phillips & Co – fined £3,740 for failing to conduct client and matter risk assessments.
• Gillespies – fined £2,755 for lacking a firm-wide risk assessment and AML policies.
• Edgar Cule & Evans – fined £1,657 for failing to maintain an AML risk assessment and controls.
• Harrison Thames Valley Solicitors LLP – fined £25,000 for missing risk assessments and AML policies.
• Tyndallwoods Solicitors Limited – fined £27,813 for widespread AML failures, including inadequate risk assessments.
• Richards Thomas LLP – fined £750 for failing to notify the SRA of compliance officer changes.

These cases serve as a stark reminder that firms must take AML compliance seriously to avoid similar penalties and potential reputational harm.

What This Means for Law Firms in 2025

The SRA’s increased enforcement action signals that law firms cannot afford to take a lax approach to AML compliance. With regulatory scrutiny only set to increase in 2025, firms must take proactive steps to strengthen their AML frameworks. Here’s what law firms should focus on:

1. Conduct a Thorough AML Risk Assessment
   Firms should ensure they have a comprehensive, documented AML risk assessment that covers both firm-wide risks and specific client and matter risks. This document should be regularly reviewed and updated to reflect evolving risks and regulatory expectations.
2. Implement Robust AML Policies and Internal Controls
   A firm’s AML policies should be clearly defined, regularly reviewed, and effectively implemented. Internal controls, such as monitoring transactions and ensuring proper client due diligence, are key to preventing financial crime.
3. Provide Regular AML Training for Staff
   Training should not be a one-time exercise. Continuous education on AML regulations, emerging risks, and compliance procedures is essential to ensure that staff understand their responsibilities and can identify potential red flags.
4. Keep the SRA Informed of Key Compliance Changes
   Firms must notify the SRA of any changes in compliance officers to avoid regulatory breaches. Ensuring that compliance leadership is actively engaged and accountable for AML processes is crucial.
5. Address Compliance Gaps Promptly
   If a firm identifies weaknesses in its AML processes, immediate corrective action should be taken. Waiting until an SRA inspection or regulatory fine is imposed can have serious financial and reputational consequences.

Final Thoughts: The Time to Act Is Now

The SRA’s AML crackdown sends a clear message—law firms must take AML compliance seriously or face significant penalties. With scrutiny expected to intensify in 2025, firms that have not yet reviewed and strengthened their AML policies and procedures should act immediately. Compliance is not just about avoiding fines; it’s about protecting the integrity of the legal profession and preventing financial crime.

For law firms, now is the time to assess their AML framework, train staff, implement strong policies and stay ahead of regulatory expectations. Failure to do so could result in costly fines, reputational damage, and further enforcement action from the SRA. By taking proactive steps now, firms can ensure they remain compliant, avoid regulatory pitfalls, and maintain trust with clients and regulators alike.