Imagine a frog in a pot of water that warms imperceptibly over time. It’s a familiar parable about gradual danger, and it offers a stark lesson for law firms on the subject that we know and love … AML compliance!
In practice, poor anti-money laundering controls usually creep in slowly. Look, we’ve all been there in any walk of life with managing risk, however, small risks accumulate until one day you realise you’re in hot water.
Solicitors, lawyers and senior partners may grow used to cutting a corner here or there, for example, delaying full risk assessments on every small conveyancing deal or skipping a detailed client check to close a sale, and find nothing bad happens, so they think it’s safe. All the while, your compliance officer is trying to juggle the balls and spin the plates without being aware there are niggling potential risks and breaches going on behind the scenes.
Our very own Amy Bell recently ran a webinar for Locktons and spoke passionately about Client Matter Risk Assessments and the need to be proactive.
We have to remember that the regulatory temperature is rising. The SRA reminds firms that any matter in scope triggers obligations…
“no matter how short in duration or scope… the appropriate level of client due diligence and a risk assessment must be carried out”
In other words, there is no de minimis exception. If firms relax standards bit by bit – trusting the status quo, relying on old practices, or failing to update their policies – they risk essentially sitting in tepid, heating water without noticing.
How do you know if you’re in scope? Read the SRA’s guidance HERE.
Money Laundering’s Slow Burn
Money laundering itself can be surprisingly mundane and routine. The work is insidious, yet subtle.
Economic and financial criminals (or the #baddies as Amy Bell calls them) increasingly move large sums through seemingly legitimate channels. How delightful are your client accounts for them? Sadly, the usual targets for money launderers are property purchases or corporate transactions, where dirty money is effectively “laundered” into the system.
In an era of high-value deals, even honest clients may inadvertently carry illicit funds, and it’s our job, as legal professionals, to spot them. Sadly, we’ve seen all too often, when firms become complacent there is a danger that suspicious activity is seen as a normal part of business, not a warning sign.
Cultural norms can creep in. If you’re a lawyer in a busy commercial team you might think that because you’ve dealt with a well paying client for years it’s ok to maybe wing the CDD and SOF checks.
You know them, have a great working relationship with them, might be a top biller because of that relationship. Why bother with lengthy ID checks every time? It’s the source of funds and the source of wealth you really do need to verify. If you are a junior associate or new to the role of COLP or MLRO, are you brave enough to challenge a partner’s relationship with a client who brings in vast amounts of funds into the firm?
Colleagues may joke about being bureaucrats or delay refreshers on training, reinforcing the idea that compliance is low priority. This is exactly the mindset that lets the pot warm up unnoticed. The SRA’s fining powers are in full use and rather than being complacent, wouldn’t it be better to maintain continual vigilance?
If AML controls slack then your risk indicators could drop to the bottom of the pile or worse, be forgotten.
Over time, your firm’s overall money-laundering deterrence is weaker, even though the actual work and transaction values stay high.
Our TEAL TRACKER is perfect for continued and effective reminders and alerts.
How to Master the Tricky World of the Source of Funds and Wealth
This is a great blog to read to help you with any awkward conversations!
Law Firm AML Complacency, Culture and Drift
By the time someone in the firm notices a problem, the culture of complacency may be too rooted as there’s been a resistance to change. Recent SRA enforcement highlights firms that have languished in non-compliance for years before a regulator stepped in.
We get it, practicing law, dealing with clients, dealing with partners, dealing with the other side and let’s not get started on the billable targets are exhausting enough, but whether you like it or not, compliance is your best friend.
You probably have read cases such as the law firm who repeatedly omitted conveyancing (75% of its work) from its firm-wide risk assessment. That omission persisted even after the firm had told the SRA its risk assessment was compliant back in 2020. It only implemented proper controls after an SRA inspection – long after the drill of neglect had set in.
The regulator noted that this firm’s failures (no independent audit, weak transaction monitoring, even a lack of partner training) “showed a disregard for statutory and regulatory obligations”. In blunt terms, the SRA said the firm’s problems “could have been avoided” by doing a proper risk assessment from the start . It fined them £20,000 and raised the fine to send a deterrent message.
So when we talk about the boiling-frog metaphor, the above example is a classic.
The firm didn’t collapse suddenly. Instead, year after year it failed to address its internal gaps. The First AML analysis of 2025 disciplinary cases makes the same point that firms with “systemic gaps” and “long-standing… compliance failures” have faced the harshest penalties. The highest fine to date was £27,813 – given for “widespread AML failures” including inadequate risk assessment, precisely the kind of entrenched lapse that happened slowly over time.
In total,16 out of 50 SRA disciplinary decisions recently related to AML breaches, with over £61k in fines imposed. The takeaway is clear in that persistent neglect of AML duties is now being punished, but it really doesn’t have to be onerous with training updates, easy software reminders, or outsourced compliance (see our SORTED programmes for different sized firms). Problems often build silently (thanks to shifting workplace culture or understaffing), but ultimately the SRA will notice and step in.
Regulatory Guidance and Enforcement
Fortunately, the guidance is clear – if only firms heed it, plus we are here, literally guiding and holding your hand.
In April 2025 the Legal Sector Affinity Group published a new AML guide (approved by HM Treasury), officially governing SRA firms. This updated LSAG guidance reiterates the basics that every firm needs a firm‑wide risk assessment, clear policies and procedures, up‑to-date CDD (customer due diligence) processes, and continuous training.
If you or your colleagues have received any of our training you’ll know that we really are experts and give practical advice that goes above and beyond the tick box boring exercises.
Regulators now stress that proactive compliance is the norm, it’s just how it is, which is why Amy and the whole team here at Teal Compliance are passionate about supporting firms and allowing their compliance officers a safe space to comply.
Analysts advise firms to focus first on a comprehensive, regularly-reviewed risk assessment (covering the firm itself and each type of client/matter).
- Your policies and internal controls should be robust and embedded in daily work, not siloed documents on a shelf.
- Staff training must be ongoing – the guidance emphasises that AML education is not a one-off checkbox but a continual process (for everyone from juniors up to partners).
The SRA underscores that being in scope is about the services provided, not simply holding client money, meaning that your law firm can’t slip below the radar by reclassifying work. Don’t forget, the SRA explicitly warns firms that even a short, simple matter can trigger full obligations.
What does this mean in practice? Simply put, law firms seriously have to work on cultivating an alert, risk-based culture, with the “tone from the top” view of compliance as an integral part of quality practice.
Our webinar with Amy Bell and Simon McCrum and what a partner looks like when it comes to culture, cashflow and compliance is worth a watch. WATCH HERE.
If a potential red flag arises (for instance, unusually large cash payments in conveyancing, or a client reluctant to provide full information), it must be treated as out-of-ordinary, not routine.
Time to Jump out of the Boiling Pot?
None of this blog is intended to alarm you and your colleagues, rather, it’s a wake-up call wrapped in a familiar metaphor.
By considering where your firm stands in that rising temperature, you can decide whether it’s time to jump. Are you reviewing risk assessments as new risks emerge (for example, new regions, new products, or new high-value clients)? Are your AML procedures championed by leadership, not seen as a grudge task? Do teams feel able to raise concerns (flipping the narrative from “Why question this again?” to “Yes, we need to check”)?
“Jumping out” means acknowledging any complacency or resource squeeze and taking action early. Can you add more staff to your compliance team? Does your current compliance officer cover COLP, COFA and MLRO and if so, what training and support do they receive? Can you organise refresher training? Are you in a firm that allows honest conversations about a healthy culture and therefore better risk management?
The updated SRA/LSAG guidance is on your side because it offers case studies and practical checklists to help identify seemingly innocuous, yet insidious gaps.
Why not embrace our advice and that of the SRA and the LSAG, by keeping your pot of water at a comfortably warm temperature, rather than a lethal one! In the end, reminding ourselves of the boiling‑frog fable isn’t scaremongering – it’s about staying vigilant.
What we recommend firms do is to stop and feel the temperature, is the heat rising without being noticed? If so, now’s the time for a quick dive or a firm clear-out of old habits. Jump before it’s too late, not after the pot is boiling.
