Earlier this month, the Solicitors Regulation Authority (SRA) unveiled its 2024-25 Business Plan, outlining its strategic priorities for the year ahead.
Aimed at improving standards and safeguarding the public, the plan focuses heavily on risk-based regulation, better use of data, and taking a proactive stance on key challenges like Anti-Money Laundering (AML) and sanctions compliance.
In this article, we take a look at what compliance teams in SRA-regulated firms need to know and share some practical steps to align their processes with the SRA’s Business Plan, covering key areas such as risk management, the use of technology, and adhering to stricter AML and sanctions requirements.
Proactive, risk-based regulation
A core theme of the SRA’s new Business Plan is a shift toward proactive, risk-based regulation and a more targeted approach, focusing on areas with higher regulatory risks or where consumers are least likely to report issues.
“In 2024-25 we will continue to regulate proactively and strive towards a full-market understanding of AML, compliance approaches, risks and sanctions, and other core information.
“Our AML response will adapt and flex in response to emerging issues and changes that may arise around financial crime, making sure that law firms understand, and comply with, their duties.”
With this new approach to regulation, firms must be prepared. Stuart Tite, Compliance Officer at Kingsley Bond explains more: “The SRA’s shift towards proactive investigations will continue, with firms targeted based on their risk profile that will be developed using the new data environment the SRA has been building, with a focus on areas where consumers are least likely to report issues and using horizon scanning with market data to enhance that targeting.
“The SRA will supplement this with a new team of proactive investigators who will use this data to target firms of a certain size and profile for onsite and desk-based reviews.
“All firms should be asking themselves if they are really ready for this new proactive approach.”
“The SRA’s shift towards proactive investigations will continue, with firms targeted based on their risk profile that will be developed using the new data environment the SRA has been building. All firms should be asking themselves if they are really ready for this new proactive approach.”
– Stuart Tite, Compliance Officer at Kingsley Bond
And yet, there may be some disparity in resources and data access between these firms and the SRA. For firms to successfully adapt, there needs to be a concerted effort to provide them with the tools and information they require. Stuart noted, “Many firms will struggle with this without the resources and data-rich environment of a large organisation such as the SRA. The SRA must do more to make risk profiling information more accessible before these changes are made, including a grading scheme to help firms analyse where they should be based on factors such as growth, reports from clients, practice areas and industry trends.
“With firms already struggling under the weight of increasing scrutiny and heightened expectations of expertise, the SRA must ameliorate good standards with increased transparency. For now, firms must take a clinical focus on compliance and Anti-Money Laundering policies, controls and procedures.”
This involves focusing resources on firms and areas most exposed to financial crime risks, especially in relation to AML and sanctions compliance. Firms will need to shift AML frameworks towards a risk-based approach to ensure their compliance processes align with this strategy.
Key actions:
- Risk assessments: Conduct comprehensive firm-wide risk assessments that evaluate the inherent risks of your firm’s services, clients, and jurisdictions. This should include periodic reviews to ensure risks are managed effectively as they evolve.
- Client risk profiling: Introduce comprehensive client risk assessments during onboarding and on an ongoing basis. Any clients associated with higher-risk jurisdictions or industries should trigger enhanced due diligence (EDD) procedures.
- Tailored policies: Develop or refine AML policies that cater to specific services or client bases. For example, firms that operate in real estate or conveyancing must have more stringent checks, as these areas are particularly vulnerable to financial crime.
Increased focus on AML and sanctions compliance
AML has long been a top priority for the SRA. In its Business Plan, the regulatory body has made it clear that its focus on AML will only intensify in the coming year.
As HM Treasury reviews the future of AML supervision, the SRA will respond accordingly, with a continued focus on ensuring that law firms meet the growing regulatory demands.
The plan includes the implementation of a proactive sanctions supervision programme, ensuring that firms remain compliant with UK and international sanctions regimes. This will be supported by data-sharing under the SRA’s Memorandum of Understanding with the Office of Financial Sanctions Implementation (OFSI), which highlights how critical sanctions compliance has become within broader AML efforts.
For compliance leaders, the implication is clear: law firms must ensure robust systems are in place for real-time tracking of both AML and sanctions regulations. At a time when fines for breaches are reaching an all-time high, any instance of non-compliance could lead to severe reputational and financial consequences.
Key actions:
- Update AML procedures: Ensure your AML procedures reflect the latest legislative requirements and guidance. This should include integrating sanctions screening and ongoing monitoring processes that are clearly documented and regularly updated.
- Training and awareness: Conduct regular training sessions for staff on how to identify suspicious activities and apply AML procedures. Given the evolving nature of financial crime, employees need to be up to date with the latest red flags and reporting requirements.
- Sanctions screening tools: Implement or improve your firm’s sanctions screening tools to ensure compliance with international sanctions regimes. This is crucial as the SRA will use data from the Office of Financial Sanctions Implementation (OFSI) to proactively supervise firms.
Using data and technology for AML compliance
The Business Plan outlines the potential for technology to drive better regulatory outcomes for firms supervised by the SRA. As a result, the authority will seek to expand its use of data analytics and AI to identify trends, risks, and areas where regulatory intervention is needed. This builds on the SRA’s belief that credible regulation needs to be informed by accurate, real-time data.
Firms must now consider their own use of data and technology in compliance functions. Many law firms lag behind other sectors in adopting technology to enhance regulatory compliance. But compliance teams should take this opportunity to review their systems and identify how to optimise and automate data collection and compliance processes to improve client onboarding, monitoring, and reporting.
“Technology and innovation have the potential to transform how legal services are delivered, and to help consumers access the services they need in the way that suits their needs.”
What’s more, the SRA will support smaller firms in adopting technology to improve their service delivery and compliance capabilities. For compliance officers in small and medium-sized firms, this could mean more accessible resources and helpful guidance to adopt tech solutions that streamline AML processes and client risk assessments.
Key actions:
- Adopt RegTech solutions: Implement regulatory technology (RegTech) solutions to automate routine compliance tasks such as client onboarding, Know Your Customer (KYC) and Know Your Business (KYB) checks, identity verification, and ongoing monitoring. Automation not only reduces the risk of human error but also frees up valuable time for compliance staff.
- Real-time reporting: Implement real-time, simple reporting systems for suspicious activity reports (SARs) to allow for immediate escalation of potential risks and a quicker response to regulatory changes, such as the introduction of new sanctions or AML rules.
The SRA’s 2024-25 Business Plan represents a clear shift towards more data-driven, proactive regulation, with a particular focus on AML compliance and sanctions monitoring.
With increasing scrutiny and the ever-growing complexity of financial crime regulations, the onus is on compliance leaders to ensure their firms are equipped to respond to new challenges. Implementing positive change in line with the Business Plan will not only reduce the risk of regulatory breaches but also demonstrate a commitment to higher ethical standards across the legal sector – ultimately safeguarding industry’s reputation and public trust.
