Skip to main content

FCA AML Audit: The SRA Is Out, the FCA Is In

By

For years, law firms prepared for AML scrutiny with one regulator in mind: the SRA. That era is over.

The UK Government has confirmed a fundamental shift in supervision. AML and counter-terrorist financing oversight is moving from the SRA to the Financial Conduct Authority (FCA).

This is not a cosmetic change. It is a full regulatory reset.

If your firm is still thinking in terms of an internal review, an FCA AML audit will feel very different, financially, operationally, and reputationally.

What Makes an FCA AML Audit Different

The SRA regulates professional standards. The FCA enforces financial crime controls. That distinction matters.

An FCA AML audit is not designed to guide or educate. It is designed to assess risk to the financial system and determine whether enforcement action is required.

This is precisely why firms can no longer rely on internal reviews alone. An FCA AML audit will expect to see independent challenge, most commonly through a Regulation 21 independent AML audit.

For most firms, a Regulation 21 independent AML audit represents the best return on investment in preparing for FCA scrutiny. It delivers the maximum regulatory assurance for the least disruption, cost, and management time.

Firms should expect:

  • far deeper information requests
  • formal interviews and compelled responses
  • tight regulatory deadlines
  • outcomes driven by deterrence, not improvement

This is the same regulator that fines banks at scale. Law firms are entering that world.

The End of the Soft-Touch AML Era

Historically, SRA AML supervision has focused on remediation. The FCA’s mindset is different. During an FCA AML audit, good intentions carry little weight. What matters is evidence.

Investigators will focus on:

  • quality of risk assessments
  • source of funds and source of wealth controls
  • ongoing monitoring of clients and matters
  • whether AML policies actually operate in practice

In this environment, a Regulation 21 independent AML audit moves from best practice to baseline expectation. It is also the most efficient way for firms to identify and fix issues before an FCA AML audit does it for them.

Reputation Risk During an FCA AML Audit

Many law firms underestimate how exposed they are reputationally. The FCA uses publicity as a regulatory tool. Even without a formal approach to naming and shaming, FCA Warning Notices, Decision Notices, and Final Notices attract national media attention.

An FCA AML audit can move from a regulatory process to a public issue rapidly. Firms that can point to a recent Regulation 21 independent AML audit are in a far stronger position to reassure clients, lenders, and counterparties when scrutiny intensifies.

Why Early FCA AML Audits Will Be High Profile

New regulatory regimes need visible enforcement. The FCA will want to demonstrate authority over the legal sector early. Firms with higher-risk work, historic compliance gaps, or previously fined firms by the SRA are likely to be prioritised.

One of the first questions investigators will ask is whether the firm has commissioned a Regulation 21 independent AML audit, and what action was taken as a result. No firm wants to become the first high-profile case study in the legal sector.

Double Jeopardy: FCA and SRA at the Same Time

The SRA is not disappearing. While the FCA will oversee AML systems and controls, the SRA will continue to regulate solicitor conduct and discipline individuals. This creates the real possibility of parallel investigations.

A firm could face an FCA AML audit at organisational level while partners, MLROs, or COLPs face personal scrutiny from the SRA. In both scenarios, a Regulation 21 independent AML audit is one of the clearest ways to evidence governance, oversight, and reasonable steps.

Powers Law Firms Are Not Used To

The Treasury consultation indicates the FCA will be given significant authority. Proposals include powers to intervene in firm ownership and control structures, including forcing changes where individuals are linked to financial crime concerns.

Under this level of scrutiny, regulators will expect firms to evidence not just compliance activity, but independent testing of AML systems. A Regulation 21 independent AML audit remains the most proportionate and cost-effective way to do that.

Preparing for an FCA AML Audit Now

The consultation closes on 24 December, with legislation expected to follow. Firms that wait for formal transition will be too late. Key questions firms should be asking now:

  • would our AML framework withstand enforcement-led scrutiny
  • can we respond quickly to compulsory information notices
  • do we have a current Regulation 21 independent AML audit
  • do partners understand their personal exposure
  • do we have a strategy if an FCA notice becomes public

Practical steps to take:

  • commission or refresh a Regulation 21 independent AML audit
  • stress-test AML systems, not just written AML policies
  • rebuild and evidence audit trails
  • review historic SRA audit outocmes with transition in mind
  • plan for crisis communications as part of AML governance

The Bottom Line

An FCA AML audit will be tougher, faster, and far more public than anything most law firms have experienced. For firms looking for the highest return on limited time and budget, a Regulation 21 independent AML audit remains the best way to prepare for FCA scrutiny.

Firms that prepare now will control the narrative. Firms that wait will be reacting under pressure. If you are concerned about your firm’s readiness for an FCA AML audit, the time to act is before the FCA makes contact, not after.

Labels:

Comments

New comments are not allowed.

Popular posts from this blog

Argie Bargie over Home Information Packs

By
In response to a question from Conservative MP David Amess on what methodology would be used to use to evaluate the effectiveness of the Home Information Pack programme, Communities and Local Government Minister Ian Austin was involved in heated argument. The wording of the debate ( reported in Hansard ) makes interesting reading, so I thought I would share it with you : Mr. David Amess (Southend, West) (Con): What methodology his Department plans to use to evaluate the effectiveness of the home information pack programme; and if he will make a statement. Mr. Andrew Mackay (Bracknell) (Con): What methodology his Department plans to use to evaluate the effectiveness of the home information pack programme; and if he will make a statement. Mr. David Jones (Clwyd, West) (Con): What methodology his Department plans to use to evaluate the effectiveness of the home information pack programme; and if he will make a statement. The Parliamentary Under-Secretary of State for Communities and Local...
Post a Comment
Read more

Paperwork is not a shield: Why your SRA aml audit demands more than just a dusty manual

By
The Solicitors Regulation Authority continues its aggressive crackdown on financial crime with a recent fine issued against Whiteheads Solicitors (Staffordshire) Ltd . This decision serves as a stark reminder that the regulator is looking far beyond simple paperwork during an SRA aml audit . The firm was fined 2,584 GBP plus 600 GBP in costs following an investigation into its compliance with the Money Laundering, Terrorist Financing and Transfer of Funds Regulations 2017. While the firm had a firm-wide risk assessment and general policies in place, the SRA identified critical failures at the matter level. Key compliance failures included: Failure to conduct adequate client and matter risk assessments . The SRA found a consistent pattern where the firm failed to sufficiently assess client matter risk levels as required by Regulation 28. Inadequate scrutiny of source of funds . In one specific property transaction, the firm failed to properly investigate the origin of funds provided by ...
Post a Comment
Read more

The High Street Practitioner’s Guide to Surviving the FCA

By
For a sole practitioner or the MLRO in a small high-street firm, "AML compliance" often feels like just another mountain of paperwork standing between you and your actual work. When you are juggling a heavy conveyancing caseload, a sensitive probate matter, and the day-to-day survival of your practice, the last thing you need is a new regulator with a reputation for being data-heavy and "zero-tolerance." But the ground is shifting. As the Financial Conduct Authority (FCA) takes over AML supervision from the SRA, the "high-street way" of doing things—relying on long-standing local reputations and gut instinct—is being replaced by a requirement for hard, documented proof. The end of "I’ve known them for years" In a small town, you often act for the same families for generations. You know their business, their parents, and their reputation. Under the old mindset, that felt like enough. Under the FCA, it isn’t. T...
Post a Comment
Read more