It is hardly news anymore: the SRA is on an AML warpath…again. Fines are up, patience is down, and the “unlimited” fining power is being flexed. But if you think a five-figure check to the regulator is your biggest problem, think again.
The real “death blow” isn’t the fine. It’s the email that arrives some weeks later from your Lender Panel Manager.
“As part of our ongoing due diligence checks…”
That is how it starts. It’s polite, professional, but likely terminal for your conveyancing department. Lenders are no longer just asking if you were sanctioned; they are demanding to know why you didn’t catch the breach yourself.
If you’ve received a notice like the one above, you aren’t just filling out a form you’re fighting for your firm’s lender panel survival. Here’s what the lenders are actually looking for in your answers:
The “Red Flags” Lenders Are Hunting For
1. The “Undiscovered” Gap Lenders are specifically asking questions along the following lines: “How did this go undiscovered prior to the SRA investigation?”
The Subtext: If your internal audits didn’t catch it, your systems are broken. They want to see that you’ve moved from “manual spot-checks” to robust, tech-enabled oversight.
2. The Conveyancing Connection “Were any residential conveyancing clients directly affected?”
The Subtext: This is a binary risk assessment. If the AML breach happened in your conveyancing seat, there was a direct threat to the lender’s security. You need to prove the breach was administrative, not a failure of actual “Source of Funds” (SoF) verification.
3 The “Happiness” Factor “Has your regulator confirmed they are happy?”
The Subtext: Lenders don’t want to be the ones to “supervise” you. If the SRA has not given you a clean bill of health, the lender will likely “suspend” your panel membership indefinitely to play it safe.
How to Respond (Before the Panel Door Slams Shut)
If you are in the crosshairs, “we’ve updated our manual” isn’t a good enough answer. You need an expert such a Lexsure to help you respond but if you want to save money here are a few free tips:
- Be Brutally Transparent: Provide the full decision document. They already have the SRA RSS feed; if you hide a detail, you lose the “integrity” test.
- The “Human Error” vs. “Systemic Failure” Defence: Distinguish between a one-off mistake by a rogue employee and a failure of firm-wide policy.
- Evidence of Investment: Show them the receipts. Did you hire a new Compliance Officer? Did you implement AI-driven AML software such a digital CMRAs ? Lenders want to see that you’ve spent money to fix the problem.
The Bottom Line
In 2026, an AML breach is a commercial contagion. The SRA might take your money, but the lenders can bring your business down. When that due diligence email hits your inbox, treat it with more urgency than the SRA investigation itself.
Of course, prevention is the best policy. In today’s unforgiving regulatory climate, treating an SRA AML Audit or FCA AML Audit as a “wait and see” event is effectively an exit strategy is potentially an exit strategy. By the time a lender or their panel manager sends that due diligence email, the damage to your reputation, and your cash flow, is already done. Protecting your firm in 2026 requires more than a dusty AML policy folder; it demands proactive, tech-led AML oversight and a culture where compliance is viewed as a competitive advantage rather than a bureaucratic hurdle. Do not wait for the “possible sanction” flag to fly. Protect your processes now, or risk being locked out of the market.