Skip to main content

FCA AML Audit: The SRA Is Out, the FCA Is In

By

For years, law firms prepared for AML scrutiny with one regulator in mind: the SRA. That era is over.

The UK Government has confirmed a fundamental shift in supervision. AML and counter-terrorist financing oversight is moving from the SRA to the Financial Conduct Authority (FCA).

This is not a cosmetic change. It is a full regulatory reset.

If your firm is still thinking in terms of an internal review, an FCA AML audit will feel very different, financially, operationally, and reputationally.

What Makes an FCA AML Audit Different

The SRA regulates professional standards. The FCA enforces financial crime controls. That distinction matters.

An FCA AML audit is not designed to guide or educate. It is designed to assess risk to the financial system and determine whether enforcement action is required.

This is precisely why firms can no longer rely on internal reviews alone. An FCA AML audit will expect to see independent challenge, most commonly through a Regulation 21 independent AML audit.

For most firms, a Regulation 21 independent AML audit represents the best return on investment in preparing for FCA scrutiny. It delivers the maximum regulatory assurance for the least disruption, cost, and management time.

Firms should expect:

  • far deeper information requests
  • formal interviews and compelled responses
  • tight regulatory deadlines
  • outcomes driven by deterrence, not improvement

This is the same regulator that fines banks at scale. Law firms are entering that world.

The End of the Soft-Touch AML Era

Historically, SRA AML supervision has focused on remediation. The FCA’s mindset is different. During an FCA AML audit, good intentions carry little weight. What matters is evidence.

Investigators will focus on:

  • quality of risk assessments
  • source of funds and source of wealth controls
  • ongoing monitoring of clients and matters
  • whether AML policies actually operate in practice

In this environment, a Regulation 21 independent AML audit moves from best practice to baseline expectation. It is also the most efficient way for firms to identify and fix issues before an FCA AML audit does it for them.

Reputation Risk During an FCA AML Audit

Many law firms underestimate how exposed they are reputationally. The FCA uses publicity as a regulatory tool. Even without a formal approach to naming and shaming, FCA Warning Notices, Decision Notices, and Final Notices attract national media attention.

An FCA AML audit can move from a regulatory process to a public issue rapidly. Firms that can point to a recent Regulation 21 independent AML audit are in a far stronger position to reassure clients, lenders, and counterparties when scrutiny intensifies.

Why Early FCA AML Audits Will Be High Profile

New regulatory regimes need visible enforcement. The FCA will want to demonstrate authority over the legal sector early. Firms with higher-risk work, historic compliance gaps, or previously fined firms by the SRA are likely to be prioritised.

One of the first questions investigators will ask is whether the firm has commissioned a Regulation 21 independent AML audit, and what action was taken as a result. No firm wants to become the first high-profile case study in the legal sector.

Double Jeopardy: FCA and SRA at the Same Time

The SRA is not disappearing. While the FCA will oversee AML systems and controls, the SRA will continue to regulate solicitor conduct and discipline individuals. This creates the real possibility of parallel investigations.

A firm could face an FCA AML audit at organisational level while partners, MLROs, or COLPs face personal scrutiny from the SRA. In both scenarios, a Regulation 21 independent AML audit is one of the clearest ways to evidence governance, oversight, and reasonable steps.

Powers Law Firms Are Not Used To

The Treasury consultation indicates the FCA will be given significant authority. Proposals include powers to intervene in firm ownership and control structures, including forcing changes where individuals are linked to financial crime concerns.

Under this level of scrutiny, regulators will expect firms to evidence not just compliance activity, but independent testing of AML systems. A Regulation 21 independent AML audit remains the most proportionate and cost-effective way to do that.

Preparing for an FCA AML Audit Now

The consultation closes on 24 December, with legislation expected to follow. Firms that wait for formal transition will be too late. Key questions firms should be asking now:

  • would our AML framework withstand enforcement-led scrutiny
  • can we respond quickly to compulsory information notices
  • do we have a current Regulation 21 independent AML audit
  • do partners understand their personal exposure
  • do we have a strategy if an FCA notice becomes public

Practical steps to take:

  • commission or refresh a Regulation 21 independent AML audit
  • stress-test AML systems, not just written AML policies
  • rebuild and evidence audit trails
  • review historic SRA audit outocmes with transition in mind
  • plan for crisis communications as part of AML governance

The Bottom Line

An FCA AML audit will be tougher, faster, and far more public than anything most law firms have experienced. For firms looking for the highest return on limited time and budget, a Regulation 21 independent AML audit remains the best way to prepare for FCA scrutiny.

Firms that prepare now will control the narrative. Firms that wait will be reacting under pressure. If you are concerned about your firm’s readiness for an FCA AML audit, the time to act is before the FCA makes contact, not after.

Labels:

Comments

New comments are not allowed.

Popular posts from this blog

How Often Should Your Firm Conduct an Independent AML Audit?

By
In the world of AML compliance, there is a significant difference between doing your work and proving that your work is effective. Anti-Money Laundering (AML) compliance is no longer a "set it and forget it" task. For firms regulated under the Money Laundering Regulations (MLR 2017), the requirement for an independent AML audit is a critical hurdle. But a common question persists among MLROs and Compliance Officers: How often do we actually need to do this? 1. The Regulatory Starting Point: "When Appropriate" The law (specifically Regulation 21 of the MLR 2017) states that a relevant person must establish an independent audit function "where appropriate, with regard to the size and nature of its business." While the legislation doesn’t give a hard calendar date, the consensus among regulators—including the SRA and the Legal Sector Affinity Group (LSAG)—is that for most firms, an audit should be conducted at least every 2 yea...
Post a Comment
Read more

FCA AML Audit: Financial Regulator Takes Over Legal Oversight!

By
The UK government has dropped a regulatory bombshell that will fundamentally reshape your life, and yes, we are talking about the dreaded FCA AML audit. For years, you’ve been supervised by your legal peers, the SRA, but those days of relative comfort are drawing to a close. The big news? Responsibility for Anti-Money Laundering (AML) and Counter-Terrorist Financing (CTF) supervision for the legal and accountancy sectors is being handed over to the Financial Conduct Authority (FCA. That's right, the same folks who put the fear of God into the big banks are now coming for your conveyancing files. Cue the dramatic music. What does the FCA take-over actually mean? Forget the gentle nudge; prepare for the financial services full-body search. An FCA AML audit is likely to look a lot more like a detailed financial inspection and a lot less like a polite chat with the SRA. Think maximum emphasison: Ironclad AML documentation (no more "it's in my head" polici...
Post a Comment
Read more