Skip to main content

Mind the Gap: SRA Targets the "Disconnect" in AML Policies for 2025 Thematic Review

By

The SRA has confirmed that its 2026 AML thematic review will focus squarely on AML Policies, Controls and Procedures (PCPs) — and it’s not just another paperwork exercise.

This latest review follows previous deep dives into firm-wide risk assessments, client matter risk assessments, and source of funds. But the regulator says a familiar problem keeps resurfacing: firms have AML manuals, yet those policies often fail to translate into day-to-day behaviour.

In short, the SRA has identified a persistent disconnect between policy and practice.

Why the SRA Is Turning the Spotlight on PCPs

AML compliance has been a legal requirement for years — in some cases, decades. Yet supervisory work continues to reveal the same weaknesses:

  • Processes exist, but aren’t followed
    82% of firms referred for investigation had risk assessment processes in place; they simply were not being applied at client matter level.
  • Policies frozen in time
    Some firms still lack mandatory policies that have been required since 2003.
  • Generic, off-the-shelf manuals
    A recurring issue is firms relying on templated PCPs that bear little relation to their size, work type, or actual risk profile.
  • Collection without scrutiny
    Recent SAR reviews show that even where documents are on file, fee earners often fail to properly review them for red flags.

These findings highlight why independent AML audits are increasingly valuable. External reviewers are far more likely to spot where written policies diverge from real-world behaviour — particularly issues that have become “business as usual” internally.

What the SRA Will Be Looking At in 2026

This review goes well beyond checking whether a policy exists. The SRA will be examining how AML operates in practice, including:

Monitoring under Regulation 19

How effectively firms monitor compliance with their own PCPs — and whether that monitoring genuinely tests behaviour rather than confirming paperwork.

Independent AML audits often provide firms with a practical benchmark here, helping MLROs evidence that monitoring is robust, objective, and capable of identifying real gaps before the regulator does.

Understanding the “why”, not just the “what”

Whether staff understand the purpose behind the controls they are applying, or whether AML has become a tick-box exercise.

Quality of internal file reviews

The SRA has already found that a third of internal reviews failed to consider source of funds — one of the most effective AML controls. Independent audits can strengthen this process by stress-testing file reviews and highlighting where AML risks are being overlooked.

How Firms Should Prepare — Before the SRA Arrives

MLROs do not need to wait for the thematic review to start testing their controls. Practical steps firms should be taking now include:

  • Bridge the policy–practice gap
    Ensure that what is written in your PCPs genuinely reflects how fee earners work in practice. Independent AML audits are particularly effective at identifying this disconnect because they assess files, workflows, and staff understanding together.
  • Deliver targeted AML training
    Where internal reviews show recurring errors — such as weaknesses in ongoing monitoring — firms should move away from generic refresher training and focus on targeted interventions that address specific failures.
  • Treat client matter risk assessments as live documents
    Cleint Matter Risk Assessments should evolve as transactions progress, rather than being completed once and forgotten. Independent reviews frequently identify static risk assessments as an early warning sign of wider AML control failures.
  • Prioritise scrutiny over collection
    The aim is not simply to gather documents, but to understand them. External AML audits reinforce this message by focusing on decision-making and risk analysis, not just document presence.

What Comes Next

The SRA has confirmed it will use the findings from the 2026 thematic review to issue further guidance and support to the profession.

For firms that still view AML as a documentation exercise, this review is a clear warning: the regulator is increasingly focused on how controls are applied in reality.

Independent AML audits are no longer just a “nice to have”. They are fast becoming a practical way for firms to identify weaknesses early, strengthen compliance, and demonstrate a proactive approach to AML — long before the SRA comes knocking.

Labels:

Comments

Post a Comment

Popular posts from this blog

Argie Bargie over Home Information Packs

By
In response to a question from Conservative MP David Amess on what methodology would be used to use to evaluate the effectiveness of the Home Information Pack programme, Communities and Local Government Minister Ian Austin was involved in heated argument. The wording of the debate ( reported in Hansard ) makes interesting reading, so I thought I would share it with you : Mr. David Amess (Southend, West) (Con): What methodology his Department plans to use to evaluate the effectiveness of the home information pack programme; and if he will make a statement. Mr. Andrew Mackay (Bracknell) (Con): What methodology his Department plans to use to evaluate the effectiveness of the home information pack programme; and if he will make a statement. Mr. David Jones (Clwyd, West) (Con): What methodology his Department plans to use to evaluate the effectiveness of the home information pack programme; and if he will make a statement. The Parliamentary Under-Secretary of State for Communities and Local...
Post a Comment
Read more

Paperwork is not a shield: Why your SRA aml audit demands more than just a dusty manual

By
The Solicitors Regulation Authority continues its aggressive crackdown on financial crime with a recent fine issued against Whiteheads Solicitors (Staffordshire) Ltd . This decision serves as a stark reminder that the regulator is looking far beyond simple paperwork during an SRA aml audit . The firm was fined 2,584 GBP plus 600 GBP in costs following an investigation into its compliance with the Money Laundering, Terrorist Financing and Transfer of Funds Regulations 2017. While the firm had a firm-wide risk assessment and general policies in place, the SRA identified critical failures at the matter level. Key compliance failures included: Failure to conduct adequate client and matter risk assessments . The SRA found a consistent pattern where the firm failed to sufficiently assess client matter risk levels as required by Regulation 28. Inadequate scrutiny of source of funds . In one specific property transaction, the firm failed to properly investigate the origin of funds provided by ...
Post a Comment
Read more

The High Street Practitioner’s Guide to Surviving the FCA

By
For a sole practitioner or the MLRO in a small high-street firm, "AML compliance" often feels like just another mountain of paperwork standing between you and your actual work. When you are juggling a heavy conveyancing caseload, a sensitive probate matter, and the day-to-day survival of your practice, the last thing you need is a new regulator with a reputation for being data-heavy and "zero-tolerance." But the ground is shifting. As the Financial Conduct Authority (FCA) takes over AML supervision from the SRA, the "high-street way" of doing things—relying on long-standing local reputations and gut instinct—is being replaced by a requirement for hard, documented proof. The end of "I’ve known them for years" In a small town, you often act for the same families for generations. You know their business, their parents, and their reputation. Under the old mindset, that felt like enough. Under the FCA, it isn’t. T...
Post a Comment
Read more