SRA AML Audits: Are You Audit Ready?
Webinar Notes
2025-02-27
SRA AML Audits: Is Your Firm Audit Ready?
Welcome, and thank you for joining today’s webinar focused on SRA AML audits, upcoming SRA email assessments, and the critical question every law firm should be asking:
Are you truly ready for a SRA AML audit ?
It’s encouraging to see such a strong turnout. A review of the attendee list shows that the majority of you are Compliance Officers and Money Laundering Reporting Officers (MLROs). That alone underlines how relevant and timely the topic of SRA audits is.
Would this many compliance professionals have attended a similar AML Audit session in 2023? Probably not.
The sharp increase in interest is being driven by one clear factor: rising SRA AML penalties. The regulatory environment has changed, and firms are now under far greater scrutiny than ever before.
The Growing Reality of the SRA AML Audit Programme
Law firms broadly fall into two categories:
- Around 1,200 firms that have already been through an SRA AML audit
- The much larger group that has not yet been audited for AML compliance
According to recent statements from the Solicitors Regulation Authority, the SRA expects to carry out between 750 and 1,000 AML audits this year alone.
At Lexsure, we expect that all firms within scope will undergo an SRA AML audit within the next three years. The SRA is actively expanding its assessment teams and recruiting aggressively to support this enforcement programme.
If your firm has not yet been audited, you are, in many ways, fortunate. You still have time to prepare.
As the proverb goes, the best time to plant a tree was 100 years ago. The second best time is today.
Now is the time to act.
Why SRA AML Audits Are Getting Tougher
Firms being audited by the SRA today are now held to much higher standards than those audited just two years ago. Penalties are more severe, expectations are clearer, and the SRA is far less forgiving.
This is because the SRA has now published extensive guidance, thematic reviews, and enforcement decisions. The more information the regulator provides, the harder it is to argue ignorance or misunderstanding.
In short, the more guidance that exists, the more culpable non-compliance becomes.
This shift is increasingly reflected in the language used within SRA decision notices outcome letters and compliance plans.
Even firms that have already undergone an SRA AML audit should not be complacent. We are now seeing second AML audits, confirming that SRA reviews are becoming cyclical rather than one-off events.
Real-World Experience From the Front Line of SRA AML Audits
My name is Simon Seaton, and I am a Lead AML Auditor at Lexsure and not the SRA.
Over the past year, I’ve spent a significant amount of time supporting MLROs and managing partners who have received the call or email no firm wants.
It usually arrives mid-afternoon on a Friday.
The SRA email confirms that the firm has been selected for an AML audit, either desktop-based audit or onsite inspection. While the format may differ, the emotional reaction is always the same.
Very few firms are genuinely SRA AML audit ready when that notification arrives.
For many high-street firms, the concern is stark. A significant fine could close the firm.
That fear is echoed regularly on LinkedIn and other professional forums, where compliance officers openly express how overwhelmed they feel by AML obligations.
Preparing for an SRA AML audit is difficult, and many firms are now actively seeking help.
Why This Webinar Exists
AML regulation has been evolving for more than 20 years. Outside the top 500 firms, many lawyers feel overburdened and unfairly targeted. Fines are rising, and compliance is often viewed as a necessary evil.
Yet MLROs and compliance officers carry a responsibility that is both professional and personal. It is a role many did not actively choose, but one that carries serious consequences if things go wrong.
The purpose of today’s session is simple:
- To provide insight you will not find elsewhere
- To explain where the SRA is really focusing its AML enforcement
- To help you prepare intelligently for an SRA AML audit
How Lexsure Predicts SRA AML Audit Focus Areas
At Lexsure, we analyse four core data sources:
- The SRA AML data collection exercise
- Analysis of AML fines and enforcement trends
- Guidance notes and thematic reviews
- Post-audit outcome letters and referral correspondence
Together, these form a reliable blueprint of where firms are being caught out.
Today’s SRA AML Audit Agenda
This session is structured around five key areas:
- What the SRA requires before an AML audit
- The consequences of an adverse SRA AML audit
- What SRA data reveals about decisions and fines
- The highest-risk AML compliance areas
- Practical, low-cost steps firms can implement immediately
What Happens When the SRA Contacts You
The clearest explanation of what the SRA expects does not come from guidance notes alone. It comes from the audit notification letters sent directly to firms.
These letters typically request:
- Policies, Controls and Procedures
- Firm-Wide Risk Assessment
- Proliferation Financing Risk Assessment
- Client Matter Risk Assessments
- Lists of recently opened and closed matters
For desktop audits, firms are currently being given as little as seven days to respond.
The SRA now routinely asks when documents were first drafted and last updated. These dates are cross-checked against the AML data collection exercise, making consistency critical.
Why SRA AML Audit Outcomes Matter Beyond Fines
Recent fines now average more than £25,000. However, financial penalties are often not the greatest risk.
Insurers and lenders increasingly ask whether a firm has undergone an SRA AML audit and what the outcome was. Some request copies of correspondence.
An adverse audit can result in higher insurance premiums, removal from lender panels, and lasting reputational damage.
AML compliance is now widely viewed as a proxy for overall firm reliability.
The SRA’s Current AML Enforcement Focus
Analysis of recent enforcement decisions shows that:
- Most fines relate to firms with one to five partners
- Enforcement activity has increased sharply quarter on quarter
- Client Matter Risk Assessments are currently the highest-risk area
Previously, the SRA focused on PCPs and then firm-wide risk assessments. Today, client matter risk assessments are where most firms are failing.
Looking ahead, the next areas of focus are likely to include source of funds, source of wealth, sanctions compliance, and training effectiveness.
The Single Most Important AML Action Firms Can Take
Every open and future file should have a properly completed Client Matter Risk Assessment.
This assessment should be completed at onboarding, reviewed during the matter, and reassessed at file closure.
This requirement is firmly embedded within Regulation 28 of the Money Laundering Regulations 2017.
Data shows that risk profiles change in approximately five percent of matters as transactions progress. Static assessments are no longer sufficient.
Final Advice for SRA AML Audit Readiness
Firms should be transparent with the SRA and avoid attempting to conceal errors. Templates should be tailored, not copied wholesale. Policies must be reviewed and updated at least annually.
Firm-wide risk assessments, client matter risk assessments, and policies must be integrated and consistent. Independent AML audits are a practical and effective protective measure.
Most importantly, compliance officers should protect themselves by documenting advice and escalating risks appropriately.
Next Steps and Support
Following this webinar, participants will receive access to AML resources, recorded training sessions, and optional free consultations with Lexsure’s AML audit team.
If you have questions about SRA AML audits, audit preparation, or compliance risks, seek guidance early rather than waiting for issues to escalate.
Thank you for joining today’s session, and we wish you every success moving forward.