Our Anti-Money Laundering work

English Cymraeg

Reporting period to March 2021

Foreword by Anna Bradley

Money laundering allows some of the worst crimes in society to be profitable. If criminals could not turn their earnings into legitimate funds, many crimes would become unattractive and we would all benefit.

In its latest threat assessment, the National Crime Agency (NCA) estimates that at least 70,000 people are engaged in serious organised crime in the UK, with upwards of £12bn in criminal cash generated annually. 

As the gatekeepers to purchasing property, setting up companies, providing tax advice and other key activities, the solicitors and firms we regulate have an essential role in making sure the proceeds of crime are kept out of our economy. There is no doubt, in my view, that the legal sector plays a key part in this fight against crime.

I know from our discussions with local law societies this year that meeting their anti-money laundering (AML) obligations is something that matters a lot to the profession. The overwhelming majority want to do the right thing, but there is still a small but nonetheless significant proportion of firms that are just not doing enough to prevent money laundering. As well as allowing criminals to profit from their actions, they undermine the trust consumers place in the profession, damaging confidence in the rule of law and the administration of justice.

We take our role as an AML supervisor very seriously, as this review of our work in 2020/21 demonstrates. In 2019, we increased resourcing in this area and set up an AML team bringing together staff with roles in preventing money laundering. The team includes policy specialists, investigations staff and a proactive supervision team. We also have a dedicated money laundering reporting officer and deputy to meet our obligations to identify and report suspicions of money laundering to the NCA.

The additional resources have allowed us to step up our supervision in this area to directly engage with more firms through 85 visits and 168 desk-based reviews. This increased engagement allowed us greater insight into how firms we supervise are working to prevent money laundering and meant we could bring more firms into compliance. Of those 85 firms visited, 45 were initially only partially compliant. We engaged with these firms, reviewed further documents, and assisted them in becoming compliant. Of the 168 firms that received desk-based reviews, 79 were partially compliant and we were effective in bringing those firms back into compliance. In this time, we made 39 suspicious activity reports to the NCA reporting on £180m of potentially criminal funds and have achieved 29 enforcement outcomes. We have conducted a further thematic review, this time into tax advice, and published additional helpful guidance in how to comply with the money laundering regulations.

There is of course much more to do. As well as taking forward our proactive firm supervision through firm visits, we have a thematic review into the role of money laundering compliance officers and reporting officers already underway, will be playing our part in the future of the money laundering regulations and, of course, continuing our enforcement work where it’s needed.

Most importantly, our commitment to stamping out money laundering is clear and I would therefore urge all firms and solicitors to take the steps needed to meet their obligations.

Anna Bradley
Chair of the SRA Board

Open all

Money laundering is when criminals 'clean' the proceeds (the financial gains) of crime. Criminals transform proceeds into assets, such as houses or businesses, or other seemingly legitimate funds, for example, money in a bank account. In some cases, laundered money is used to fund terrorism.

Money laundering makes these proceeds look like genuine sources of income, which criminals can then spend freely and without raising suspicion. Such criminals often make their money from serious crimes such as fraud, or people, wildlife and drug trafficking.

Organised crime costs the UK economy more than £100bn every year, and the National Crime Agency (NCA) believes there are 4,500 organised crime groups operating in the UK. This, along with a rise in terror attacks in the last 10 years, is why combatting money laundering is an international and UK priority, with UK legislation in place.

The information below details our work in this area and highlights:

Please note that we work to the legal year, 1 November 2019 to 31 October 2020, and that is currently covered in our corporate reporting. We include our AML work in our corporate reporting as part of our commitment to transparency about all the areas of our work. For all our corporate reporting, we are aiming to update the numbers regularly so everyone can access the most up-to-date information. We also report on our AML work to the Treasury on an annual basis.

We produce this additional report as part of our responsibility as an AML supervisor and our duty to report information to the Office for Professional Body Anti-Money Laundering Supervision under regulation 46A of the regulations. For this purpose, we are reporting on the fiscal year (6 April 2020 to 5 April 2021).

The Solicitors Regulation Authority (SRA)1 is the regulator of solicitors and law firms in England and Wales. We work to protect members of the public and support the rule of law and the administration of justice. We do this by overseeing all education and training requirements necessary to practise as a solicitor, licensing individuals and firms to practise, setting the standards of the profession and regulating and enforcing compliance against these standards. We are the largest regulator of legal services in England and Wales, covering around 90% of the regulated market. We oversee some 158,000 practising solicitors and around 10,000 law firms. We supervise 6,516 firms for the purpose of AML requirements.

The money laundering regulations we enforce come from the international standard-setting body the Financial Action Taskforce and EU directives – such as the Fourth Money Laundering Directive and the Fifth Money Laundering Directive (5MLD). These directives were brought into UK legislation through the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (as amended) (the regulations). In the future, following our exit from the EU, new UK legislation is more likely to come from recommendations made by the Financial Action Taskforce and the government.

The regulations set out the business types that offer services that could, potentially, be targeted by money launderers. They include banks, estate agents and some legal services.

Laundering money through the legal sector

Solicitors and law firms are attractive to criminals because they process large amounts of money, are trusted, and can make the transfer of money or assets appear legitimate. Most law firms work hard to prevent and to spot money laundering and take necessary action, but some get involved unknowingly. A very small number may even knowingly cooperate or work with criminals to launder money.

Some ways in which firms and solicitors become involved with money laundering, either knowingly or unknowingly, are:

  • Conveyancing – criminals use the proceeds of crime to buy houses to live in, rent or sell.
  • Setting up shell companies or trusts – solicitors and law firms are integral to such transactions.
  • Misusing client accounts – criminals will seek to misuse law firm client accounts to ‘clean’ laundered money.
  • Failing to carry out proper due diligence – money laundering can take place if firms and solicitors do not carry out sufficient checks on a client’s source of funds.
  • Failing to train staff – so that they know how to spot potential money laundering and who to report it to.

Our work as an AML supervisor

The regulations name professional bodies with responsibilities for AML supervision. The Law Society is the named supervisor for solicitors in England and Wales and delegates regulatory activities to the SRA. This means we must effectively monitor the firms we supervise and take necessary measures, including:

  • making sure the firms we supervise comply with the regulations, and obtain the necessary approvals of their beneficial owners, offices and managers from us
  • adopting a risk-based approach and basing the frequency and intensity of our supervision on our risk assessments of firms
  • encouraging firms we supervise to report actual or potential breaches of the regulations. We do this through:

We must take appropriate measures to review:

  • the risk assessments carried out by firms (under regulation 18)
  • the adequacy of firms’ policies, controls and procedures (under regulation 19 to 21 and 24), and the way in which they have been implemented.

We enforce the money laundering regulations mentioned above and carry out our work as an AML supervisor through:

  • sharing and receiving information to prevent money laundering with other supervisors and law enforcement agencies
  • publishing guidance on the regulations
  • proactive supervision
  • investigating potential breaches of the regulations.

Supervision tools

We use several tools to supervise firms and improve compliance. Below are the types of steps we take and an explanation, including how we define the compliance level at a firm. These are used throughout the report.

Steps taken Compliance level at firm What this involves
Guidance issued Compliant Standard required in the regulations met, this includes cases where minor changes are necessary and we issue guidance or share best practice.
Engagement Partially compliant – where there are some elements of a firm’s controls that need improving, but there is some good practice and the firm is generally doing well at preventing money laundering.

We engage with some firms to help them refine their processes and bring them into full compliance.

When we talk about our process of engagement with a firm, this is where corrective action is required in one or more areas but is not so widespread that it requires a compliance plan. Depending on the extent of action, we need evidence or confirmation from the firm this has been rectified before we conclude our contact. After sending a letter of engagement, we expect the firm to resolve the issue identified and provide us with evidence this has been done. We can refer firms for a disciplinary investigation if they fail to act on our letter of engagement.

Compliance plan Partially compliant – in a number of areas or where the level of non- compliance is significant. A compliance plan sets out a series of actions that firms need to take, and by when, to bring them back into compliance with the regulations. We monitor the firm to make sure it has carried out all the actions. We require evidence that action has been taken. We can refer firms for an investigation if they fail to follow the plan.
Referred for investigation Non-compliant – examples include failure to carry out Customer Due Diligence (CDD), no firm-wide risk assessment in place, out of date policies or a failure to train staff on the regulations. We open an investigation into the firm, which may result in a sanction. Where necessary, we will also set up a compliance plan.

In this report we have set out some findings from our supervisory work by theme, such as customer due diligence, and the steps we have taken. We often identify more than one issue at a firm, so some firms are included in the figures for several themes throughout the report. This is particularly relevant for matters referred for disciplinary investigations where firms are often referred for investigation due to multiple breaches.

When making the decision on engagement or a referral, we consider a number of factors, such as:

  • The extent of the breaches and if they appear on multiple files.
  • The impact of the breach, for example a failure to risk assess files has led to insufficient due diligence being undertaken, or a failure to identify a politically exposed person (PEP).
  • Whether there is a systemic lack of compliance, for example a firm that does not have adequate policies, controls and procedures and is failing to comply with a significant number of the regulations.

Firms and individuals we regulate that fall in scope of the regulations

Just over six and a half thousand firms (6,516 as of 5 April 2021) fall within the scope of the money laundering regulations, around two-thirds of the total firms we authorise (9,947). As a professional body supervisor, we have a duty to make sure that the firms we supervise comply with the regulations and have appropriate controls in place to prevent money laundering.

We have separated the number of firms that fall in scope of the regulations in the table below because we are required to identify and supply to HM Treasury and our oversight supervisor, the Office for Professional Body AML Supervision (OPBAS), the number of firms we supervise for AML that are individuals. This is different to our definition of sole practitioner, where they may employ staff or work in conjunction with others.

Firms subject to the regulations 2020/21
Number of firms where there is more than one solicitor/Registered European Lawyer (REL) practising at the firm 5,222
Number of firms where there is just one solicitor/REL practising at the firm 1,294
Total number of firms we regulate that fall within scope of the regulations 6,516

Firms by risk

We are required under the regulations to create risk profiles for all the firms we regulate. This is to identify and prioritise risk. Our methodology looks at a range of factors to determine risk, including regulatory history and size. Where appropriate it also considers mitigation such as AML controls. We inspect firms at all risk levels via desk-based reviews, thematic projects, and visits, prioritising higher risk firms for our proactive work, as part of our risk-based approach. 

Number of beneficial owners, officers and managers

The regulations require beneficial owners, officers and managers (BOOMs) to be approved by us. They must get a Disclosure and Barring Service check and submit it to us when they first become a BOOM or take on a new role. The table below shows the total number of BOOMs we regulate as of 5 April 2021.

Number of BOOMs 23,430

Please note that the figures shown below for 2017–2020 follow our financial year (1 November to 31 October) and you can also find these in our suite of corporate reporting alongside reports on other aspects of our work. The figure shown for 2020/21 follows the tax year (6 April to 5 April), so there is some overlap in the numbers shown in the 2019/20 year and the 2020/21 year. We changed our approach for this report to follow the fiscal year, in accordance with our duty under regulation 46A of the regulations and subsequent guidance produced by OPBAS. This requires us to report on the number of reports we receive and types of enforcement cases we see. In future years, for consistency, we will continue to report on the tax year in this report.

Number of money laundering-related reports received

We receive reports about potential breaches of the regulations and money laundering activity from the profession and consumers. We monitor media and other reports for potential breaches, and we also receive intelligence from the NCA and other law enforcement bodies. The number of reports include where we have identified a potential breach of the regulations ourselves, for example through a visit to a firm.

We investigate suspected breaches of the money laundering regulations and cases of suspected money laundering.

2017/18 (SRA financial year) 2018/19 (SRA financial year) 2019/20 (SRA financial year) 2020/21 (tax year)
235 197 196 273

The figures for 2020/21 show the impact of our proactive work. Although the number of referrals resulting from visits and desk-based reviews are relatively low, during this period there were 63 reports due to non-cooperation with our firm wide risk assessment declaration exercise. We undertook this exercise in December 2019, requiring all firms we supervise to complete a declaration to say whether they had a compliant firm wide risk assessment in place. This request was made under regulation 66 of the regulations. Sixty-three firms failed to respond despite numerous follow up contact and we reported these into our enforcement processes.

Types of reports received  

We record the reasons why a report has been made. In 2020/21 there were 273 money laundering related reports, with 336 reasons attached. Often, reports have more than one suspected breach that need investigating and these can change during the life of an investigation as we get more information. Read more information on our enforcement processes. These were the most significant reasons for AML reports we received:

Specific matter reason Count
failure to cooperate and comply with a request for information under regulation 66 63
failure to carry out source of funds checks where necessary to do so 38
failure to carry out/complete customer due diligence 32
failure to identify the client 24
failure to have proper AML procedures 19
failure to carry out ongoing monitoring 12

Number of money laundering-related matters resulting in an internal outcome

Where we see that firms or individuals have failed to comply with the money laundering regulations, we can take action. We refer more serious matters to the independent Solicitors Disciplinary Tribunal (SDT). For less serious matters, our internal outcomes include a letter of advice or rebuke, where we remind the individual or firm of their regulatory responsibilities, fining a firm or individual, or putting conditions on their practising certificate, limiting what they can do in their role.

2017/18 (SRA financial year) 2018/19 (SRA financial year) 2019/20 (SRA financial year) 2020/21 (tax year)
10 14 21 16

During 2020/21 we issued nine fines totalling £95,900. We made 16 internal decisions in total relating to money laundering concerns. Below is a breakdown of the type of outcomes:

SRA outcomes Count
Fine 9 (totalling £95,900)
Condition 2
Intervention 2
Letter of advice 1
Rebuke 1
Order against unadmitted individual (s43/s93) 1

Read more information on the type of decisions we can make, their purpose, and our enforcement strategy.

Number of money laundering-related cases brought to the SDT

In more serious matters, we prosecute a firm or an individual at the SDT. It has powers that we do not, including imposing unlimited fines, and suspending or striking solicitors off the roll.

2017/18 (SRA financial year) 2018/19 (SRA financial year) 2019/20 (SRA financial year) 2020/21 (tax year)
10 14 13 13

Below is a breakdown of the outcomes at the SDT for 2020/21:

SDT decision Count
Fine 5 (totalling £67,500)
Struck off 3
Suspended for a period 2
Suspended indefinitely 1
Order against an unadmitted individual (s43) 1
Rebuke 1

Themes from enforcement action

In total there were 29 enforcement outcomes in relation to money laundering. The most common area was for breaches of the regulations in relation to buying and selling property; 24 of the outcomes concerned this work area. Insufficient customer due diligence featured in 83% of those 29 outcomes.

The cases highlight specific CDD issues. Seven outcomes featured failure to conduct ongoing monitoring, and five failures to perform enhanced due diligence where it was required. It was also concerning to see in around two thirds of the outcomes (20), firms had also failed to establish the source of funds when required to do so.

We have identified three key themes that we believe contributed to these breaches:

  • Inadequate supervision or training of fee earners.
  • Inadequate policies controls and procedures, such as poor systems and processes to allow receipt of funds when no checks had been done.
  • Failures by individuals to follow compliant policies controls and procedures that were in place by the firm.

We include case studies of our enforcement action at the end of the report.

We submit a suspicious activity report (SAR) to the National Crime Agency (NCA), if we identify a suspicion of money laundering through our work.

2017/18 (SRA financial year) 2018/19 (SRA financial year) 2019/20 (SRA financial year) 2020/21 (tax year)
11 19 26 39

The increase in the number of SARs we have submitted to the NCA over the past four years reflects:

  • the presence of a dedicated money laundering reporting officer (MLRO) and AML team from 2018
  • increased staff training on when to submit an internal SAR to the MLRO for review
  • more proactive supervision of firms carrying out work that falls under the regulations.

The SARs we submitted were in relation to the following: 

  • property conveyancing
  • fraud
  • tax evasion
  • bogus investment schemes
  • clients / funds from high-risk jurisdictions
  • high-risk commodities (precious and scrap metals)
  • aborted property transactions
  • no underlying legal service or purpose for transaction
  • complex offshore company structures/trusts.

We alert the profession and key stakeholders where we see trends in criminal activity. In response to a rise in information we received about potential property fraud during the period, we published an alert on house sale fraud to raise the issue at the earliest opportunity and set out the red flags for others to be aware of.

We visit firms to monitor their compliance with the regulations for several reasons:

  • a proactive visit as part of our rolling programme
  • an onsite investigation where we have received a report about a firm
  • as part of thematic work, where we have an additional focus on particular aspects of firms’ AML activities.

We generally publish findings from our thematic reviews and visits.

Impact of Covid-19 on visits

Our AML visits usually take place onsite at the firm’s premises. In view of Covid-19 we adapted our approach to carry out our visits remotely during the pandemic.

Prior to the beginning of the pandemic, we had 27 AML visits scheduled until early summer 2020. Following the announcement of the national lockdown in March 2020, we decided to proceed with our interviews with the firms’ MLCOs and MLROs, which were already scheduled remotely, and postponed the file reviews and fee-earner interviews until we were able to return to onsite visits.

By late summer it became apparent that the lockdown would stay in place for some time and we began conducting the outstanding file reviews and fee earner interviews for these 27 firms remotely. We completed these by late autumn.

We know that there have been disruptions to the usual ways of working for firms and overall have observed that firms have adapted well to the changing circumstances. We are grateful to all the firms we engaged with for their cooperation during this difficult time.

Firm visits 2017–2021

2017/18 2018/19 2019/20 2020/21
73 140 75 85

The spike in visits in 2018/19 reflects our increased supervision of firms, following the introduction of new money laundering regulations in 2017/18.

Firm visit by type 2020/21

Rolling programme of firm visits As part of an onsite investigation Thematic work
69 6 10

Rolling programme of firm visits

Our approach

The visits involve interviewing the firm’s MLCO, MLRO and two fee earners (if applicable to the size and nature of the practice) using our AML questionnaire.

During the reporting year (2020/2021) in total, we interviewed 86 individuals who held the roles of MLCO and MLRO and 137 fee earners across 69 firms. On average, we spent between three to five hours interviewing the individuals at each firm.

We reviewed between four to eight files for each firm depending on the size and nature of the firm, inspecting a total of 349 files during the period.

We carried out 27 of our 69 AML visits before making the improvements outlined below, with 42 visits carried out using our refined approach.

Improving how we work

To continue taking a focused and effective approach to supervision, we refined our approach to onsite visits in autumn 2020, following the findings of our AML Visits 2019–2020. The key changes we made included:

  • Creating a pre-questionnaire for firms to complete ahead of our review, to allow us to tailor our visit to the firm’s work.
  • Requesting and reviewing the firm’s AML documents ahead of the visit to inform our questions during interviews.
  • Asking more questions to better understand a firm’s risk profile and how it links to the firm-wide risk assessment.
  • Asking more questions around customer due diligence and how the firm undertakes ongoing monitoring of matters.
  • Increasing the number of files we review and reviewing matter ledgers to gain a better understanding of transactions and appropriate receipt of funds.
  • Revising the format of our fee earner interviews to understand the fee earner’s knowledge of the firm’s policies, controls and procedures.

These new changes have made our supervision of the firm itself more robust, and we are also better able to understand themes across our supervised population.  

Findings from visits and follow-up steps taken

Our visits found the following levels of compliance among the 69 firms we visited as part of our rolling reviews:

Compliant Partially compliant Not compliant
16 45 8

We took the following steps with firms after our visits:

Steps taken Number of firms
Guidance issued 16
Letter of engagement 30
Compliance plan 15
Referred for investigation 8

Onsite investigations

We carried out six AML reviews alongside wider onsite inspection by our forensic investigation team. The approach we take in these reviews is the same as in a rolling firm visit. The outcomes of these investigations were:

No further action/no further action but guidance issued Ongoing investigation
4 2

Our findings from visits

Our key findings from our visits fall into the following categories:

  • customer due diligence (CDD)
    • identification and verification
    • client and matter risk assessments
    • source of funds checks
    • ongoing monitoring
  • policies controls and procedures
  • independent audit
  • screening and training.

We have seen some deficiencies in CDD and broken this down into specific requirements that make up CDD, such as matter risk assessments and source of funds checks. We have addressed these elements of CDD separately and provided statistics on what we are seeing below.

We continue to see firms struggling with independent audit and screening requirements with 49 out of 69 firms not carrying out an independent audit, and the same number requiring steps to be taken by the AML team to bring firms into compliance. In addition, 60% of policies, controls and procedures reviewed under our new process were either not compliant or only partially compliant. More detail on these areas is provided below.

Customer due diligence

To make sure firms are carrying out CDD, we review client files. Unless otherwise stated the detailed findings here are in relation to the 42 visits conducted under our revised process, under which we asked more questions, reviewed more files and have greater insight into the issues with CDD. The findings from the remaining visits were captured in our previous visits report.

CDD includes several parts:

  • Identification and verification: checking if the client is who they say they are, or in the case of a company, who controls it.
  • Client and matter risk assessments: understanding the transaction/matter and establishing the risk presented by the client and their transaction.
  • Source of funds checks: establishing where the money for the transaction comes from.
  • Ongoing monitoring: making sure the information is still correct, the level of risk is still within the firm’s tolerance, and whether further checks need to be undertaken.

To monitor compliance across the firm, we sample a mixture of open and closed files, and a variety of clients from individuals to trusts and companies. We also select files from the different practice areas that fall within scope of the regulations to give us a wider picture of compliance across different departments of the firm.

In 2020/21, we reviewed 241 files under our revised process, the findings of which can be found below.

Identification and verification

We found that firms were generally doing this aspect of CDD well. Of 241 files we checked, on 180 there were appropriate checks and documentation. We found 50 files that did not have appropriate identification and verification, including some of the following reasons:

  • There were no CDD documents at all.
  • ID was only obtained for one individual out of several individuals involved in the transaction.
  • The firm had not obtained information on the ultimate beneficial owner of a company.

The vast majority of firms (all but one) had a good policy for obtaining identification and verification, but where we identified problems, the process had not been followed.

Client and matter risk assessments

We reviewed 241 files; 33% did not contain a risk assessment, or the assessment was not complete and the risk had not been rated. For the 42 files that had not been rated, in most cases, the firm’s process was not compliant with the regulations or it had not been followed.

A similar theme emerged for the 37 files that did not contain a risk assessment at all. This tended to be where there was a failure to comply with the firm’s processes as opposed to the firm not having processes in place to risk assess the client and matter. 

Overall, we provided feedback to over a third (37%) of the firms we visited on their client and matter risk assessment process:

Steps taken Number of firms
Guidance issued 5
Letter of engagement 11
Compliance plan 6
Referred for investigation 5

Source of funds checks

This is an area where w saw a number of issues. Firms must have policies on source of funds and source of wealth checks, because there are some areas where the regulations require these checks and some areas where they are dependent on risk. Including this information is essential so staff are clear on when and how the checks should take place.

It is important that when firms are taking a risk-based approach, they are realistic about the risk posed by a case, and the risk of not doing these checks. The regulations require firms to understand the matter in hand, and this can be challenging if you do not understand the source of the funds. We have provided detailed information on the requirements and good and bad practice in our previous visits report.

Nearly a quarter of firms we visited did not have any information on source of funds and source of wealth checks in their policies.

Of 241 files, 76 had appropriate source of funds checks, but 103 files did not. In 62 files, source of funds checks were not required or the transaction fell through (although this might have happened at any stage of the process).

Overall, 25 of the 69 firms we visited required steps to be taken, seven of which were referred for investigation where source of funds deficiencies formed part of the reasons for referral:

Steps taken Number of firms
Letter of engagement 13
Compliance plan 5
Referred for investigation 7

Overall, we found there is a lack of source of funds information and evidence available on files. Understanding the source of funds is crucial to understanding the risk of the transaction. While several firms were able to provide an explanation of the enquiries they made, on a large proportion of files there was no audit trail.

The Legal Sector Affinity Group (LSAG) guidance has been updated and now provides further detail on source of funds information and evidence. We will continue to point firms towards the guidance. We will also continue to remind firms of their ongoing obligations to monitor transactions and scrutinise source of funds where necessary.

In April 2021 we further refined our process for inspecting compliance with source of funds requirements to capture the type of information firms record on files. This will help us draw a detailed analysis on the type of information being collected by firms going forward.

Ongoing monitoring

When we assess firms' ongoing monitoring, we consider:

  • How firms ensure the CDD obtained is still appropriate to the risk level.
  • Whether the risk level needs changing and if that triggers the need for additional checks.
  • Whether a reactive process exists if something changes to trigger the need for CDD to be renewed. This could be if the instruction from the client changes, or new information comes to light about those involved in a transaction.
  • How CDD is kept up-to-date and renewed if documentation is no longer appropriate or valid.

We saw a mixed picture on ongoing monitoring. We took steps (detailed below) with 16 out of 42 firms on ongoing monitoring. This included where their policies did not provide sufficient information on when ongoing monitoring should be done and what checks should be carried out, or where we identified issues on files. The steps taken are as follows:

Steps taken Number of firms
Guidance issued 2
Letter of engagement 5
Compliance plan 5
Referred for investigation 5

Just under half of firms had a policy on when or how CDD should be renewed (22 out of 42). In relation to the firms that did not set out in their policy when CDD should be renewed, we took the following steps:

Steps taken Number of firms
Guidance issued 3
Letter of engagement 7
Compliance plan 4
Referred for investigation 6

Policies, controls and procedures

Fifty-five per cent of the policies we reviewed required steps to be taken. After the implementation of the 2019 amendment regulations, we found nearly half of the policies we reviewed (29) had not been updated to reflect the changes this required.

The biggest concern was where the file reviews did not reflect the requirements in the firm’s own policies, controls and procedures (PCPs) and what the MLCO told us about the process that should be followed. We saw this at 22 of the 69 firms we visited in the period. This suggested the firm’s PCPs were not being followed.

A review of the policies under our revised process (42 firms) showed the following levels of compliance and omissions:

Compliant (guidance issued) Partially compliant (engagement or compliance plan) Not compliant (referred for investigation)
17 17 8

There were areas that we have found were routinely missing in the policies we see but are mandatory in regulation 19. Below is a table of some of the most common omissions.

Omission from policy as required by regulation 19 Count
No information on high-risk third countries 15
No information on the additional measures, where appropriate, to prevent the use for money laundering or terrorist financing of products and transactions which might favour anonymity 14
No information on the firm’s position on reliance 13
No information on simplified due diligence and if it is permitted 10
No information on enhanced due diligence requirements 9

Even if firms do not permit reliance or simplified due diligence (SDD), this must be explicit in their policies. In addition to this being a legal requirement, where the policy is silent on these areas, those conducting CDD may decide to undertake SDD or rely on another’s CDD when it is not appropriate to do so, and so do not meet the detailed requirements around these in the regulations. If a firm does permit SDD or reliance, it must make sure its policy sets out its process, what documents and information needs to be obtained, and reflects the requirements in the regulations.

Monitoring compliance with policies, controls and procedures

Since we have made refinements to our visits process, we now consider how firms monitor compliance with their PCPs. We found that 29 of the 42 firms were carrying out file reviews to monitor compliance with their PCPs and the regulations and keeping records of the file reviews they carried out.

For those firms where there were no records of monitoring compliance, we are reminding them of their obligation under regulation 19(3)(e) of the regulations to monitor and manage compliance with PCPs. This requirement is on all firms in scope of the regulations, and not dependent on their size or nature.

Independent audit

The number of firms failing to implement an independent audit function remains high (49 out of 69 firms visited in the period). We continue to engage with firms where an audit is required due to their size and nature, to ensure they implement an independent audit function and review the results once it has been carried out.

The independent audit function is important as it can help firms identify how adequate and effective their PCPs are, and if they need any changes.

An analysis of our latest firm visits data showed all firms who were placed on a compliance plan or referred for investigation had not implemented an independent audit function. Having an independent audit function in place helps to identify weaknesses in the firm’s procedures and make sure they are rectified.

We have provided detailed information on this requirement including good and bad practice in our previous visits report.

In terms of updated findings in this area, we have found that where an audit had been carried out, there were some instances where it did not meet the requirements of regulation 21:

Non-compliance with independent audit requirements Count
Reviews had been carried out but they were insufficiently robust or were not formalised 15
Failure to examine and evaluate the effectiveness of the firm’s policies, controls and procedures (lacked an element of testing via file reviews) 10
Failed to examine and evaluate the adequacy of the firm’s policies, controls and procedures (lacked a thorough review of the policies against the requirements and firm needs) 5
Lacked independence (carried out by persons involved in the creation of the policies) 3


Forty-nine out of 69 firms received feedback on screening measures. Most firms were carrying out screening on appointment of new employees.

An analysis of the screening checks carried out for new employees showed that the following were undertaken:

Check undertaken for new employees Count
Qualifications 61
References 67
Regulatory history 45
Disclosure and Barring Service (DBS) checks 51

In relation to existing employees, we are still seeing firms failing to carry out screening checks on an ongoing basis as required by the regulations. Only nine out of the 69 firms had checked the regulatory history of existing employees.

Regulatory history checks can be done on our Solicitors Register tool on our website, or by calling or emailing our contact centre. This service is free and we would encourage firms to use this tool both at appointment and periodically on a risk-basis.

However, since we have made refinements to our visits process it is encouraging to see in respect of the assessment of existing employees’ skills knowledge and experience:

  • 34 out of the 42 firms were carrying out appraisals
  • 28 out of the 42 firms were carrying out file reviews.

Overall, our analysis shows firms are better at screening new employees, but still falling short in relation to ongoing screening measures for existing employees. We are starting to see an improvement in this area and our refined approach enables us to better capture the types of checks being carried out. It is also encouraging to see firms are taking a risk-based approach to DBS checks for example, a number are including DBS checks both on appointment (51 firms) and for existing staff (38 firms). 

We continue to remind firms to carry out regulatory history checks for existing employees where necessary.


Overall we observed some good practice in this area, with 50 firms carrying out their most recent training within the last year. We also found that 62 MLCOs had received additional AML training.

However, we identified concerns with training records as follows:

Training records issue Count
Failure to provide training records or evidence of training having taken place 8
Record did not show who had completed the training 6
Record did not show when training had taken place 2
Record did not show what training had been provided 2

It is important firms can produce records as required by the regulations to show who has received training, when it took place and what it covered. If there is no record, it is hard for you to monitor your own compliance with the regulations and to evidence to us that it has taken place.

Firms should think about what level of training their staff need depending on their role, and if it is sufficiently tailored to their processes and procedures and risk appetites. Firms should also consider the knowledge and skills of the person providing the training and whether the training is up-to-date with the law.

We carry out desk-based reviews as one of the key tools we use to review and assess the adequacy of firm-wide risk assessments and PCPs.

Our reviews are either:

  • Firm-wide risk assessment reviews – to assess firms’ compliance with regulation 18 of the regulations.
  • Full desk-based reviews – this involves reviewing the firm-wide risk assessment, the firm’s AML PCPs, the client and matter risk assessments and a sample of the firm’s files to assess compliance with the firm’s AML PCPs and the regulations.

We carried out 168 reviews in 2020/21: 98 firm-wide risk assessment reviews and 70 desk-based reviews.

Firm-wide risk assessment reviews

To decide if a firm-wide risk assessment was compliant, we looked at whether it took into account key areas required by the regulations:

We also considered whether the firm-wide risk assessment was tailored to the firm and its specific AML risks.

Findings from firm-wide risk assessment reviews and steps taken

Our reviews found the following levels of compliance:

Compliant Partially compliant Not compliant
38 50 10

We took the following steps with firms following our review of their firm-wide risk assessment:

Steps taken Number of firms
Guidance issued 38
Engagement 40
Compliance plan 8
Referred for investigation 12 (we then also carried out a full desk-based review on two firms)

Desk-based reviews

Our desk-based reviews involve an in-depth analysis of the firm-wide risk assessment and AML PCPs. This allows us to assess whether the risk assessment aligns with the client and matter risk assessments and if the AML policies are effective and are being complied with.

We review between four and eight files for each firm, depending on the size of the firm, type of work they do and nature of clients. For larger firms, or those doing a high volume of regulated work, we are likely to review eight files. On occasion we may also ask to see further files, if we have not been able to complete our assessment on the ones provided, or need to see a bigger picture of what is happening, for example if we have selected files where the transaction fell through. Of the 70 desk-based reviews we started in 2020/21, 45 have been completed and 25 are ongoing.

Findings from desk-based reviews and steps taken

Our reviews found the following levels of compliance:

Compliant Partially compliant Not compliant Review ongoing Pursued for non-co-operation
10 29 6 25 1

We took the following steps with 46 firms following the reviews (these figures include a firm that did not co-operate with our request and was subsequently referred):

Steps taken Number of firms
Guidance issued 10
Engagement 22
Compliance plan 7
Referred for investigation 7

We identified similar themes as we did in relation to the firm visits in respect of areas of CDD we categorised above.

Policies, controls and procedures

We saw similar themes again around omissions in policies we assessed as part of a desk-based review as follows:

Deficiencies in policies Count
Had not been updated to reflect the changes from the 2019 amendment regulations 28
No information on the additional measures, where appropriate, to prevent the use for money laundering or terrorist financing of products and transactions which might favour anonymity 23
No information on high-risk third countries 20
No information on simplified due diligence and if it is permitted 17
No information on the firm’s position on reliance 14
No information on enhanced due diligence requirements 9

Firm-wide risk assessment

We reviewed 45 firm-wide risk assessments (FWRA) as part of our detailed desk-based reviews. The FWRAs showed the following levels of compliance.

Compliant Partially compliant Not compliant
22 17 6

An analysis of the FWRAs showed that in some instances all five risk factors required by regulation 18 were not covered in full. A breakdown of number of firms that omitted the mandatory risk areas across both our FWRA reviews and desk-based reviews is provided below:

Mandatory risk factor Number of firms omitted from FWRA

Transaction risk

Firms did not sufficiently explore transactional risk, such as how many high value transactions the firms deal with, the typical size and value of a transaction, whether transactions are large or complex, and the type of payments accepted, for example, cash payments or payments from third parties.


Delivery channel risk

Firms did not assess how they deliver their services and whether there is a likelihood that this risk changed due to Covid-19. It was difficult to determine from the risk assessments reviewed whether firms meet their clients, if they offer services that are not face-to-face, and if they do, how they deliver those services, for example, by email or video meetings.


Geographical risk

There was a lack of detail on where the firm’s clients and transactions are based and if any of the firm’s clients have overseas connections. Most risk assessments focused only on setting out the likelihood of dealing with a client from a high-risk jurisdiction and failed to address the geographical locations the firm do deal with and if these are local or national.


Client risk

Firms failed to set out the type of clients they deal with. For example, whether these clients are individual or companies, if any of the companies have complex structures, whether the clients are predominantly new or long-standing clients, if any clients pose a higher risk such as politically exposed persons.


Products and service risk

Many firms are failing to list all the services they provide that are within scope of the regulations. A cross check against the firm’s website and information we gather during our practising certificate renewal exercise shows a disconnect between the FWRA and the products and services provided.


While all the firms we visited had a FWRA in place, we found that there is a general misunderstanding among our supervised population on the information that should be set out in a FWRA. We are finding the continued need to engage with firms to update their FWRA to better reflect the risks of their firm being used to launder money.

Examples of some of the weaknesses we identified are:

  • We are continuing to see template FWRA being used without being tailored to the firm and its specific risks.
  • Firms talking about the services they do not provide, and not including all of the services they do provide that are in scope of the regulations.

We continue to engage with firms and provide feedback to bring their FWRA into compliance. Where a FWRA requires amendments, we review a revised copy before concluding our engagement. Where a risk assessment is not compliant, we will consider if making a referral to the investigation team is appropriate. We have produced detailed guidance on FWRAs, and will be delivering a webinar later in the year on this area.  

Emerging risks

While the past 12 months have been far from stable due to the pandemic, the key risks and areas relating to money laundering and terrorist financing remain largely as they were in 2019/20. They mostly concern property conveyancing, dubious investment schemes and unwitting facilitation of money laundering via poor controls in firms.

We assess emerging risks through a range of sources, such as:

  • through our investigative work
  • reports from law enforcement agencies or other authorities
  • our proactive visits to firms.

Conveyancing and dubious investment schemes

The two areas where we continue to see the most risks relating to money laundering are conveyancing, including vendor fraud (where fraudsters try and sell a property without the consent or knowledge of the owner) and dubious investment schemes. We updated our investment scheme warning notice in August 2020. We also issued an alert on vendor fraud in November 2020.

Evading currency controls

There is growing awareness of the risks posed by currency offshoring where the government places restrictions on money moving in and out of the country.

The example most frequently cited is the ‘Daigou’ system of shadow banking used to offshore wealth from China, often through chains that include cash produced by criminal activity. We have spotted a mix of issues within this, including concerns about the source of funds, but also an unwarranted suspicion of whole ethnic groups on the basis of the capital controls present in a given country.

Furlough and bounce back loan schemes

In terms of Covid-related fraud, we have seen a few issues in relation to both furlough and bounce-back loan schemes but not at a volume that we would consider to represent a significant threat in our area. More cases may begin to emerge once bounce-back loans become repayable or once interest becomes payable after 12 months.


A broader related risk is the risk of a law firm being compromised by criminals who may use the services of the firm to clean illicit funds.

While not specifically a money laundering issue, we have also found the personal injury market remains a consistent source of fraud reports.

Further information

We set out the areas where we think there is the greatest risk of money laundering in our sectoral risk assessment.

Areas of focus and the year ahead

In the coming fiscal year we will continue to help firms to put robust controls in place to prevent them from being used by criminals, and will take robust action where firms are failing in their responsibilities under the regulations.

In the next fiscal year we hope to be able to return to onsite, rather than virtual visits. This is, of course, dependent on the effects of the pandemic lessening.

In the coming year we will focus on: 

  • Improving how we risk-rate firms: we want to be able to take a more nuanced and timely approach to assessing the risk of firms being used by money launderers.
  • Increasing the number of visits to firms and desk-based reviews, to gain a richer understanding of AML systems, processes and procedures in place.
  • Researching how firms most effectively use their MLRO and MLCO role holders through a thematic review. We will then publish guidance for the profession to share good practice and practical guidance on achieving the requirements on these role holders. 
  • Continuing to bring enforcement action against firms that are not meeting their responsibilities under the regulations.
  • Continuing to provide targeted and timely guidance for firms through a programme of lunchtime webinars focused on discrete AML topics.
  • Monitoring the areas mentioned above, under emerging risks, and considering what next steps we might need to take.

Guidance we have published in last year:

Anti-money Laundering Visits report 2019-2020
Setting out the trends and issues encountered as a part of our proactive AML supervision visits to firms.

Tax Adviser Guidance:

An original piece of work, informed by our thematic review of tax advisers we supervise.

Trust or Company Service Provider AML Guidance
An original piece of work setting out the main risks of this work and the operational differences in how we supervise these firms.

Revised Sectoral Risk Assessment
An update to our original risk assessment, taking account of new trends we have encountered.

Our other AML resources:

Money laundering regulations and who they apply to

What does my firm need to do?

How we regulate money laundering

Other relevant sector guidance:

Published by the Legal Sector Affinity Group

Legal Sector Affinity Group Guidance – Part 1
The main AML guidance for the legal sector.

Legal Sector Affinity Group 

Barristers – to be read independently of Part 1

TCSPs – to be read in conjunction with Part 1

Notaries – to be read in conjunction with Part 1

Part 2 (barristers, Trust or Service Company Providers and Notaries)

Covid-19 and Preventing Money Laundering/Terrorist Financing in Legal Practices
A short note setting out issues relevant for firms around the global pandemic including economic pressures and challenges in completing client due diligence.

Published by the National Crime Agency:

Guide to submitting better quality SARs
Guidance on how to ensure your SAR is dealt with efficiently by making sure it has all the information needed.

SARs Online User Guidance
Guidance for those submitting a SAR online.

List of frequently asked questions about the SARs regime.

SARs Glossary Codes
Up to date list of all the glossary codes to include on your SAR.

Produced by HM Government:

UK National Risk Assessment
National assessment of AML risk, setting out issues in several areas of work including legal and trust and company service work.

SRA AML Webinars

Anti-money laundering: what we learnt from law firm visits – 16 March 2021 
We visited 74 firms to check on their money laundering systems. Two thirds were told to make changes to the way they work. Would yours pass?

Watch our free webinar to get practical advice on how to help keep the proceeds of crime out of legal services. You will hear about the types of issues - and good practice - we have seen from our visits to review practice within law firms.

With a focus on examples from the everyday issues you face, this webinar offers support to make sure you are doing the right things to keep your firm and the public safe. Areas we found that needed the most work included:

  • independent audit
  • screening of employees
  • matter risk assessments
  • source of funds checks.

AML: what tax advisers need to know – 16 February 2021
Last year, the money laundering regulations changed and so did the definition of 'tax advisers'.

This webinar looks at the background of the changes and the useful guidance we have published to help firms understand their obligations. We also offer practical advice on how tax adviser services are provided in the legal sector following from our firm visits to review money laundering practice.

Compliance Officers Conference

Anti-money laundering: what you need to know – 23 November 2020
Gain insight into the current anti-money laundering landscape, including:

  • what we have found from law firm visits
  • common problem areas for firms
  • Legal Sector Affinity Group guidance
  • sectoral risk assessment
  • upcoming 6th money laundering directive
  • next steps for Suspicious Activity Reports (SARs).

You can also hear key insights from external agencies.

Anti-money laundering: practical tips for managing AML risks 25 November 2020

Learn what law firms need to do to help keep the proceeds of crime out of legal services. With a focus on practical examples from the everyday issues law firms face, this session offers support to make sure you are doing the right things to keep your firm and the public safe.

You will also hear about the types of issues - and good practice - the SRA has seen from its recent round of visits to review AML practice within law firms.

Anti-money laundering: what you need to know – 20 May 2020

Preventing money laundering is a key priority for the SRA and is an important part of solicitors’ professional obligations. This webinar explains what legislation applies to your firm, introduces the requirements in the money laundering regulations, explains suspicious activity reporting and how to implement a risk-based approach to preventing money laundering.

Case study 1: Ms Levinzon

We assessed Ms Levinzon’s firm’s compliance with money laundering regulations as part of a thematic review. Ms Levinzon was the only remaining partner of the firm. The review found initial failings of:

  • a lack of understanding of fundamental concepts of AML
  • no AML systems or processes
  • poor customer due diligence practices including ID and verification, source of funds and source of wealth checks
  • poor record keeping.

We then conducted an in-depth forensic inspection of the firm, its overall AML compliance and individual matters to assess how an inadequate approach to AML at firm level had caused failings and breaches on individual cases. The firm closed following the inspection.

Ms Levinzon subsequently admitted to allegations of:

  • failing to have in place a firm-wide risk assessment (Reg 18 MLRs 2017)
  • failing to have in place an adequate AML policy (Reg 19 MLRs 2017)
  • failure to provide and undertake AML training (Reg 24 MLRs 2017)
  • failure to identify politically exposed persons (Reg 14(5) MLRs 2007)
  • failure to undertake enhanced customer due diligence (Regs 14(1) and 14(4) of MLRs 2007)
  • failure to conduct ongoing monitoring and scrutiny of transactions including source of funds checks (Reg 8 of MLRs 2007)
  • inadequate record keeping (Reg 19 of MLRs 2007)
  • using the firm’s client account as a banking facility with other associated Accounts Rules breaches.

On 14 July 2020 the Solicitors Disciplinary Tribunal approved an agreed outcome. Ms Levinzon was suspended from practising as a solicitor for nine months, and for two years thereafter agreed to not be a manager or owner of a firm, not hold a compliance role at a firm, and not hold or receive client money. She also had to complete training on AML and our Accounts Rules.

Case study 2: Mr Kinch

We received a report from a company that provided a corporate loan of £830,000, subject to a solicitor’s undertaking, to clients of Mr Kinch and his firm SDK Law. The loan remained unpaid for a period of two years, despite the undertaking that stated it should have been paid back within five banking days on request.

We conducted an in-depth forensic inspection of the firm, which resulted in the firm being intervened into (shut down).

Mr Kinch subsequently admitted to allegations of:

  • failing to conduct adequate customer due diligence and source of funds checks (Regs 7 and 8 of MLRs 2007)
  • using the firm’s client account as a banking facility
  • failing to perform an undertaking
  • acting in and/or facilitating schemes that bore the hallmarks of dubious transactions and potential money laundering.

Mr Kinch admitted that his conduct was reckless.

On 4 August 2020 the Solicitors Disciplinary Tribunal approved an agreed outcome that Mr Kinch be suspended from practising as a solicitor for 15 months, and for three years thereafter not be a sole manager or owner of a firm, not hold a compliance role at a firm, and not hold or receive client money.

Case study 3: Mr Crabb

We received information that Mr Crabb’s firm, Austin Ryder & Co, may have acted in numerous fraudulent property transactions.

We conducted an in-depth forensic inspection of the firm, which resulted in the firm being acquired by a different firm with new managers, where Mr Crabb was employed solely as a consultant and not an owner or manager.

Mr Crabb subsequently admitted to allegations of:

  • failing to conduct adequate ongoing monitoring and scrutiny of transactions (Reg 8 of MLRs 2007)
  • acting contrary to the Council for Mortgage Lenders’ handbook
  • failing to comply with his own firm’s AML policies and procedures.

Mr Crabb accepted a regulatory settlement agreement, which we published on 3 November 2020. Mr Crabb accepted a fine of £2,000 and applied to have his name removed from the Roll of Solicitors, with an undertaking that he would not apply for re-admission to the Roll in the future.

Case study 4: Mr Grumbridge

We received information that Mr Grumbridge’s firm, M C Grumbridge, may have been breaching our Accounts Rules.

We conducted an in-depth forensic inspection of the firm, which resulted in the firm closing down and Mr Grumbridge retiring.

Mr Grumbridge subsequently admitted to allegations of:

  • failing to have in place a firm-wide risk assessment (Reg 18 MLRs 2017)
  • failing to implement internal AML policies, controls and procedures appropriately (Reg 19 MLRs 2017)
  • failing to conduct adequate customer due diligence and enhanced customer due diligence on exemplified matters (Regs 7 and 14 of MLRs 2007 and Regs 27, 28 and 33 of MLRs 2017)
  • failing to conduct adequate source of funds checks (Reg 28 MLRs 2017)
  • using the firm’s client account as a banking facility, with other associated Accounts Rules breaches.

Mr Grumbridge accepted a regulatory settlement agreement, which we published on 11 December 2020. Mr Grumbridge accepted a fine of £2,000 and applied to have his name removed from the Roll of Solicitors with an undertaking that he would not apply for re-admission to the Roll in the future.