For many firms, the Firmwide Risk Assessment is a document that sits in a digital drawer, updated only when the SRA sends a nudge. But as we move through 2026, the regulatory landscape has shifted. The Money Laundering and Terrorist Financing (Amendment) Regulations 2026 have arrived, and with them, a new set of expectations that make “copy-paste” compliance a dangerous game.
If your Firmwide Risk Assessment hasn’t been touched in twelve months, it’s no longer a shield, it’s a liability. Here is why it’s time for a refresh.
1. The “Familiarity Bias” Trap
The SRA’s latest reviews are clear: “knowing your client” is no longer enough. In the past, being a “relationship-driven” firm was a low-risk indicator. Today, regulators view over-reliance on long-standing relationships as a potential blind spot.
The Refresh: Your Firmwide Risk Assessment must explicitly state that personal knowledge never replaces objective documentary evidence. You must demonstrate “professional skepticism,” regardless of whether the client has been with you for twenty years or twenty minutes.
2. Crypto: From “Niche” to “Necessity”
Whether your firm targets tech-savvy clients or not, crypto-derived wealth is entering the property market. The 2026 Regulations have formalised the risks of Unhosted Wallets and the mandate for a clear “fiat-to-crypto-to-fiat” audit trail.
The Refresh: Your Firmwide Risk Assessment should now include a dedicated section on cryptoassets. It needs to distinguish between:
- Regulated Exchanges: Where oversight exists.
- Unhosted Wallets: Which require maximum scrutiny.
- Anonymizing Tools: Like “mixers,” which should be flagged as immediate deal-breakers.
3. “Live Monitoring” of SPVs and Control
The updated Schedule 6B has given regulators more power to scrutinise ownership structures. For conveyancers dealing with Special Purpose Vehicles (SPVs), the risk isn’t just who owns the company at the start, but who “controls” it by the end.
The Refresh: Move away from “snapshot” identity checks. Your FWRA should mandate a “Change in Control” check immediately prior to exchange. This ensures a last-minute shift in corporate power doesn’t pull your firm into a sanctions breach or a money-laundering scheme.
4. Alignment with National Security
AML compliance is no longer just a technical tick-box exercise; it is a pillar of the UK’s National Security Strategy. The 2026 amendments tighten the link between money laundering and sanctions.
The Refresh: Ensure your geographical risk section reflects the new “FATF Call for Action” terminology. If you act for overseas buyers, your Firmwide Risk Assessment must explain how you screen for more than just “high-risk countries,” but also for proxies acting for sanctioned individuals.
The Bottom Line: An outdated FWRA is an admission of complacency. By refreshing your assessment to include specific wording on crypto-trails, ownership shifts, and the mitigation of familiarity bias, you aren’t just pleasing the SRA, you are protecting your firm’s reputation and its future.