So far in 2026, SRA AML audits have continued to unleash a wave of Regulatory Settlement Agreements (RSAs), signaling a zero-tolerance approach to static, generic, or missing Firmwide Risk Assessments (FWRAs).
The Cost of Non-Compliance
In the first quarter of 2026, financial penalties for AML-related failures have reached record levels. Analysis of recent settlements reveals a clear pattern of enforcement:
- Average Fine Range: Most regulatory settlements in early 2026 have fallen between £7,500 and £25,000. This represents a significant uptick in the SRA’s use of its expanded fining powers for traditional firms.
- Duration of Breaches: The SRA is consistently penalizing “persistent disregard.” Many 2026 settlements cite compliance gaps lasting between four and seven years, proving that historical negligence is no longer being “written off” by the regulator.
- The Remediation Factor: Even where firms have updated their Firmwide Risk assessment after an investigation began, the SRA is still imposing heavy fines to reflect the period of past non-compliance. Prompt remediation may reduce the fine, but it no longer prevents it.
Key Trends in 2026 Settlements
Analysis of these 2026 regulatory settlement agreements reveals three recurring “red flags”:
- The “Template Trap”: A significant number of recent settlements involve firms that adopted the SRA’s FWRA template but failed to tailor it. An undated, generic Firmwide Risk Assessment does not constitute a “documented and compliant” assessment. It must reflect the firm’s specific client base, services (e.g., exact conveyancing volume), and geographic reach.
- The “Conveyancing Bullseye”: Nearly all major fines in 2026 have targeted firms where conveyancing accounts for 20% to 90% of turnover. Because the SRA views property transactions as high-risk, any gap in the FWRA leads to an automatic escalation in the penalty bracket due to “high harm potential.”
- Failure to “Review and Update”: Regulation 18 of the MLR 2017 requires firms to keep their FWRA under constant review. In 2026, the SRA is strictly checking timestamps. Assessments that fail to reflect the 2025 Legal Sector Affinity Group (LSAG) Guidance or the latest SRA Sectoral Risk Assessment are being treated as non-compliant.
FWRA Strategy for Firms
Based on 2026 trends, here is how firms should be fortifying their position:
- Make it a Living Document: Review the Firmwide Risk Assessment annually or whenever the firm undergoes a major change (e.g., a new partner, new practice area, or the adoption of AI-driven onboarding tools). If you subscribe to an AML policy notification service, ensure it includes mandatory updates to your FWRA.
- Connect the FWRA to PCPs: Your Policies, Controls, and Procedures (PCPs) as well as Client Matter Risk Assessments must be a direct response to the risks identified in your FWRA. If your assessment identifies high-net-worth foreign clients as a risk, but your PCPs lack specific Enhanced Due Diligence (EDD) steps, the SRA will view both as deficient.
- Document the “Why”: If you decide a certain risk factor—such as “Delivery Channel” or “Geographic Risk”,doesn’t apply to your practice, you must record the reasoning. In many 2026 cases, the SRA penalised firms for “unrecorded risk considerations.”
The bottom line: The 2026 enforcement data is clear. The SRA is no longer accepting “we are working on it” as a valid excuse. The FWRA is the foundation of your entire AML framework. Without a tailored, up-to-date assessment, the rest of your compliance structure, no matter how much staff training you provide, is at risk of heavy regulatory sanction.