Skip to main content

Mind the Gap: SRA Targets the "Disconnect" in AML Policies for 2025 Thematic Review

By

The SRA has confirmed that its 2026 AML thematic review will focus squarely on AML Policies, Controls and Procedures (PCPs) — and it’s not just another paperwork exercise.

This latest review follows previous deep dives into firm-wide risk assessments, client matter risk assessments, and source of funds. But the regulator says a familiar problem keeps resurfacing: firms have AML manuals, yet those policies often fail to translate into day-to-day behaviour.

In short, the SRA has identified a persistent disconnect between policy and practice.

Why the SRA Is Turning the Spotlight on PCPs

AML compliance has been a legal requirement for years — in some cases, decades. Yet supervisory work continues to reveal the same weaknesses:

  • Processes exist, but aren’t followed
    82% of firms referred for investigation had risk assessment processes in place; they simply were not being applied at client matter level.
  • Policies frozen in time
    Some firms still lack mandatory policies that have been required since 2003.
  • Generic, off-the-shelf manuals
    A recurring issue is firms relying on templated PCPs that bear little relation to their size, work type, or actual risk profile.
  • Collection without scrutiny
    Recent SAR reviews show that even where documents are on file, fee earners often fail to properly review them for red flags.

These findings highlight why independent AML audits are increasingly valuable. External reviewers are far more likely to spot where written policies diverge from real-world behaviour — particularly issues that have become “business as usual” internally.

What the SRA Will Be Looking At in 2026

This review goes well beyond checking whether a policy exists. The SRA will be examining how AML operates in practice, including:

Monitoring under Regulation 19

How effectively firms monitor compliance with their own PCPs — and whether that monitoring genuinely tests behaviour rather than confirming paperwork.

Independent AML audits often provide firms with a practical benchmark here, helping MLROs evidence that monitoring is robust, objective, and capable of identifying real gaps before the regulator does.

Understanding the “why”, not just the “what”

Whether staff understand the purpose behind the controls they are applying, or whether AML has become a tick-box exercise.

Quality of internal file reviews

The SRA has already found that a third of internal reviews failed to consider source of funds — one of the most effective AML controls. Independent audits can strengthen this process by stress-testing file reviews and highlighting where AML risks are being overlooked.

How Firms Should Prepare — Before the SRA Arrives

MLROs do not need to wait for the thematic review to start testing their controls. Practical steps firms should be taking now include:

  • Bridge the policy–practice gap
    Ensure that what is written in your PCPs genuinely reflects how fee earners work in practice. Independent AML audits are particularly effective at identifying this disconnect because they assess files, workflows, and staff understanding together.
  • Deliver targeted AML training
    Where internal reviews show recurring errors — such as weaknesses in ongoing monitoring — firms should move away from generic refresher training and focus on targeted interventions that address specific failures.
  • Treat client matter risk assessments as live documents
    Cleint Matter Risk Assessments should evolve as transactions progress, rather than being completed once and forgotten. Independent reviews frequently identify static risk assessments as an early warning sign of wider AML control failures.
  • Prioritise scrutiny over collection
    The aim is not simply to gather documents, but to understand them. External AML audits reinforce this message by focusing on decision-making and risk analysis, not just document presence.

What Comes Next

The SRA has confirmed it will use the findings from the 2026 thematic review to issue further guidance and support to the profession.

For firms that still view AML as a documentation exercise, this review is a clear warning: the regulator is increasingly focused on how controls are applied in reality.

Independent AML audits are no longer just a “nice to have”. They are fast becoming a practical way for firms to identify weaknesses early, strengthen compliance, and demonstrate a proactive approach to AML — long before the SRA comes knocking.

Labels:

Comments

Post a Comment

Popular posts from this blog

FCA AML Audit: Financial Regulator Takes Over Legal Oversight!

By
The UK government has dropped a regulatory bombshell that will fundamentally reshape your life, and yes, we are talking about the dreaded FCA AML audit. For years, you’ve been supervised by your legal peers, the SRA, but those days of relative comfort are drawing to a close. The big news? Responsibility for Anti-Money Laundering (AML) and Counter-Terrorist Financing (CTF) supervision for the legal and accountancy sectors is being handed over to the Financial Conduct Authority (FCA. That's right, the same folks who put the fear of God into the big banks are now coming for your conveyancing files. Cue the dramatic music. What does the FCA take-over actually mean? Forget the gentle nudge; prepare for the financial services full-body search. An FCA AML audit is likely to look a lot more like a detailed financial inspection and a lot less like a polite chat with the SRA. Think maximum emphasison: Ironclad AML documentation (no more "it's in my head" polici...
Post a Comment
Read more

December 2025: The SRA’s AML Audit Crackdown Has Arrived

By
The Solicitors Regulation Authority (SRA) isn't sending Christmas cards this year. They're sending in the AML auditors. Despite the upcoming shift where the FCA will assume wider AML regulatory oversight, the Solicitors Regulation Authority (SRA) is turning up the heat one last time. Forget a gentle warning—welcome to the AML Blitz of December 2025 . Let’s cut to the chase. SRA Chief Executive Paul Philip is clearly done with excuses. His public message is unambiguous: "We are still finding fairly basic deficiencies in AML arrangements within firms." Translation for the Partners: You might effortlessly navigate a complex, multi-million-pound merger, but somehow, you still haven't nailed your fundamental firm-wide risk assessment. The era of the gentle wrist-slap is officially over. The SRA has made it clear that fines are "continually going up." AML Compliance is no longer a 'nice-to-have'—it’s an expensive, enforced reality...
Post a Comment
Read more

FCA AML Audit: Why Solicitors Time to Rethink AML Compliance

By
If you’re a partner or a compliance officer at a law firm, I want you to take a quick second and think about your last AML review. Was it a check the box exercise to keep the SRA happy? If the answer is yes, we need to have a serious chat. The regulatory landscape for solicitors is shifting fast . The Financial Conduct Authority (FCA) is stepping onto the field with a much more active role, and they play a much tougher game than we've seen in the past. Today, we’re breaking down why the FCA AML Audit is the new essential safeguard—and why "good enough" policies just won't cut it anymore. Why the "Old Way" of AML is Riskier Than Ever Historically, many of us approached AML compliance through a traditional SRA lens. But let’s be real: that approach is becoming a major liability. The FCA’s style is risk-based, evidence-focused, and—most importantly outcome-driven. They don’t just want to see your manual; they want to see your proof. ...
Post a Comment
Read more