For many law firms, receiving a fine resulting from an SRA AML Audit is seen as a big disciplinary blow, a public “black mark” and a hit to the profit and loss account. However, as we move through 2025 and into 2026, a much more clinical and commercially devastating threat has emerged.
The real danger isn’t the five-figure check you write to the SRA; it’s the email that arrives a few weeks later from one or more of the lender panel managers.
The Future Landscape: A Surge in Enforcement
The SRA is has been on an AML warpath for some time now. By October 2025, the regulator had already issued 35 fines totalling over £565,000. These penalties weren’t reserved for major law firms; they hit firms of all sizes, from small high-street practices to mid-tier firms.
The data reveals a consistent pattern of failure in “the fundamentals”:
- Missing Firm-Wide Risk Assessments : Firms failing to document the specific risks inherent to their practice.
- Defective AML Policies and Procedures : Relying on “dusty” templates that are never actually applied in practice.
- Client & Matter-Level Gaps : A failure to bridge the gap between firm policy and the client matter risk assessments.
While these statistics represent a regulatory “crackdown,” they also serve as a high-frequency “RSS feed” for mortgage lenders who, under pressure from the FCA, are increasingly risk-averse.
The “Death Blow”: When the Panel Manager Calls
Lenders are no longer content to let the SRA be the sole arbiter of professional standards. When an SRA fine is made public, it triggers an automatic due diligence process from panel managers.
The email every Senior Partner now dreads begins with: “As part of our ongoing due diligence checks…” This is the start of a survival battle for your conveyancing department. Lenders are hunting for three specific red flags:
- The “Undiscovered” Gap: Lenders want to know why your internal AML audits didn’t catch the breach before the SRA did. If your systems failed to flag the issue, the lender views your entire risk management framework as “broken.”. In the future, some may well want to know why your Reg 21 independent AML audit did not pick up on this.
- The Conveyancing Connection: If the AML breach occurred within your property department, it represents a direct threat to the lender’s security. You must be able to prove that the failure was administrative, rather than a systemic failure .
- The “Happiness” Factor: Lenders have no desire to supervise law firms. If the SRA hasn’t explicitly confirmed they are “happy” with your remediation, a lender may wish to suspend your lender panel membership indefinitely to play it safe.
From “Existence” to “Effectiveness”
The SRA’s shift in 2025 is clear: it is no longer enough for AML policies to exist; they must be effective.
To survive both the SRA and FCA and the lender panel review, the MLRO must move away from the idea of an AML checklist for law firms or “tick-box” compliance. Protecting your firm in this unforgiving climate requires:
- Evidence of Investment: Showing lenders that you have spent money on Independent AML Audits, tech-led AML oversight and digital Client Matter Risk Assessments (CMRAs).
- Brutal Transparency: Hiding details of an SRA decision is a guaranteed way to lose the “integrity test” with a lender.
- A Culture of Compliance: Treating AML as a competitive advantage that secures your place on lender panels, rather than a bureaucratic hurdle.
The Bottom Line
In 2025, an AML fine is a commercial contagion. The SRA might take your money, but the lenders can take your business.
Firms that treat an SRA AML audit as a “wait and see” event are essentially inviting an exit strategy. The only way to prevent the “panel door” from slamming shut is to ensure your AML compliance framework is robust, defensible, and, most importantly, already in action before the regulator knocks.