Mark, Author at Teal Compliance

failure to prevent fraud blog from Teal Compliance

Navigating the UK’s New Failure to Prevent Fraud Offence

Anti-Money Laundering, Audit, Blogs, Compliance Webinars, Legal Compliance, Regulatory Compliance, Risk Management / Mark

A significant shift in the UK’s corporate criminal landscape is approaching and Teal Compliance’s Fraud Team, headed up by Mark Heffer, is here to support you.

The new Failure to Prevent Fraud offence comes into force on 1 September 2025.

While the primary focus of this legislation is on large organisations, its implications extend further, touching upon the practices of smaller firms and their clients, particularly within the legal sector.

At Teal Compliance, our commitment lies in providing clear, authoritative guidance on evolving regulatory requirements. With Mark Heffer overseeing our fraud services, including comprehensive training, we aim to demystify these changes and equip you with the knowledge to navigate them effectively.

What is the New Failure to Prevent Fraud Offence?

Introduced by the Economic Crime and Corporate Transparency Act 2023 (ECCTA), the “Failure to Prevent Fraud” offence targets “large organisations” in the UK. An organisation falls into this category if it meets at least two of the following criteria in the financial year preceding the fraud:

More than 250 employees
More than £36 million turnover
More than £18 million in total assets

The core of the offence is straightforward: a large organisation can be held criminally liable, facing an unlimited fine, if an “associated person” (such as an employee, agent, or even a subsidiary) commits a specified fraud offence with the intention of benefiting that organisation or its clients, and the organisation did not have “reasonable procedures” in place to prevent it. A crucial point to note is that liability does not require the organisation’s senior management to have known about or authorised the fraudulent activity.

The specified fraud offences covered by the legislation are broad, encompassing various sections of the Fraud Act 2006 (e.g., fraud by false representation, fraud by failing to disclose information, fraud by abuse of position), as well as other offences like false accounting and cheating the public revenue.

The Defence of "Reasonable Procedures"

The only defence for an organisation against this offence is to demonstrate that it had “reasonable procedures” in place to prevent the fraud. The government’s official guidance, published in November 2024, outlines six key principles for these procedures, drawing parallels with the established “failure to prevent bribery” offence under the UK Bribery Act 2010:

Top-Level Commitment: A clear, demonstrable commitment from senior management to preventing fraud. This involves active leadership, clear messaging, and sufficient resourcing.
Risk Assessment: A thorough and regular assessment to identify the specific fraud risks the organisation faces, considering opportunities, motives, and rationalisations for fraudulent behaviour. This assessment should be dynamic and documented.
Proportionate Procedures: Implementing anti-fraud measures that are appropriate to the identified risks and the nature of the organisation’s business. These should be clear, practical, and effectively enforced.
Due Diligence: Conducting proportionate and risk-based due diligence on all “associated persons,” including employees, agents, and third parties acting on behalf of the organisation.
Communication (including Training): Ensuring that fraud prevention policies and procedures are clearly communicated throughout the organisation and that all staff receive adequate, ongoing training. This includes establishing effective whistleblowing mechanisms.
Monitoring and Review: Regularly monitoring and reviewing the effectiveness of fraud prevention procedures, making adjustments as risks evolve or new information comes to light.

Why This Matters for All Law Firms (and their Clients)

While the legal obligation for this new offence rests with large organisations, the principles underpinning it represent sound governance and risk management for all businesses. For smaller law firms, the relevance is multi-faceted:

Best Practice and Risk Mitigation: Adopting these principles, even if not legally mandated, strengthens your firm’s defences against fraud. Fraudulent activity can cause significant financial loss and reputational damage, irrespective of firm size. Proactive prevention is always more effective than reactive clean-up.
Client Protection: As trusted advisors, law firms often handle significant client funds and sensitive information. Implementing robust fraud prevention procedures directly enhances the protection of your clients’ interests, fostering greater trust and confidence.
“Associated Person” Implications: Smaller law firms and their clients could potentially fall within the definition of an “associated person” to a large organisation. If a small firm (or its client) provides services to a large organisation, and fraud is committed with the intention of benefiting that large organisation (or its clients), the large organisation could be liable if it lacked reasonable prevention procedures. This dynamic underscores the importance of clear communication and robust practices across the supply chain.
Evolving Regulatory Landscape: The trend in economic crime legislation is towards broader corporate accountability. What begins as a requirement for “large organisations” can often influence expectations and future regulations for smaller entities. Preparing now positions your firm ahead of the curve.
Operational Resilience: A comprehensive fraud prevention framework often involves a review of internal controls, processes, and governance. This can lead to broader improvements in operational efficiency and resilience.

Preparing for September 2025

The clock is ticking, and while the 1st September 2025 deadline might seem distant, establishing effective fraud prevention procedures requires dedicated effort.

WEBINAR REGISTRATION

Organisations, large or small, should be:

Conducting thorough risk assessments: Identify specific fraud vulnerabilities relevant to your operations and client base.
Reviewing existing policies: Assess whether current fraud prevention, anti-money laundering, and compliance procedures adequately address the risks highlighted by the new offence.
Developing a proportionate prevention plan: Tailor procedures to your firm’s size, complexity, and risk profile.
Investing in training: Ensure all staff, from partners to support teams, understand their role in preventing fraud and how to identify and report suspicious activities.
Documenting everything: Maintain clear records of your risk assessments, procedures, training, and ongoing reviews.

At Teal, Mark Heffer brings considerable expertise in financial crime and fraud prevention. His insights are invaluable for understanding the nuances of this new offence and translating the statutory guidance into practical, effective measures.

Whether you’re a large organisation directly in scope, or a smaller firm seeking to enhance your resilience and client protection, proactive engagement with these principles is paramount.

For further detailed guidance, the Solicitors Regulation Authority (SRA) and UK Finance have both published helpful insights and resources, which we recommend consulting.

The new Failure to Prevent Fraud offence represents a critical step in strengthening the UK’s fight against economic crime. By embracing its core principles, firms of all sizes can not only contribute to this vital effort but also safeguard their own integrity and future success.

Our

ABOUT MARK HEFFER

Drop us an email or get in touch HERE for more information on the subject of Fraud Prevention.

Navigating the UK’s New Failure to Prevent Fraud Offence Read More »

Managing people risk through better employee experience

Blogs, Regulatory Compliance, Risk Management / Mark

My name’s Amy Bell, and I’m the CEO and founder of Teal Compliance, and we host a number of free webinars, mainly monthly.

One of the reasons I think that culture and the environment that we work in is so important to running a successful law firm for compliance. If people aren’t happy, then they’re certainly not complying with what you ask them to do.

I welcomed Jane Gilchrist to join me in Teal’s Coffee Conversation on 14 May to talk about law firms and the people who keep them compliant.

You can catch up on the actual recording HERE or if you’re like our Head of Marketing, Elaine, then you’ll love a good read (and this is it!).

Here’s our conversation so it reads as a chat.

Amy Bell and Jane Gilchrist

I’m Jane Gilchrist. I’m one of the co-founders of the law coach collective. Prior to that I had a 20- year career across the legal sector, starting from being a clinical negligence fee earner working my way up to overseeing legal service delivery and global head of governance.

Jump forward and I’m now working with law firms and other professional service businesses, helping them get a really clear strategy for leadership and culture that genuinely supports their people. It helps them to grow and perform at their best.

The work we do is focused on helping firms to develop leadership roles to understand what those roles are, and what they need to deliver for the business. We then look at how we can develop their leadership pipeline to deliver tools that help them manage their people, the business risks, and of course to retain their talent. All of our work is there to align with their business strategy – I am not a tick box person.

FRAMEWORK of Coaching

A big part of what we do is focused around our implementation of a framework, which is a blended approach of learning and coaching. We really support people to take action in real time that’s relevant to their environment. Focusing on that framework being embedded so that it doesn’t stay in the training room, as we want to see change actually happen and so do our clients.

We focus a lot on those non- technical skills for lawyers who need these tools to succeed in their career, but also to help the firm develop the culture they strive for, so that they can all thrive.

We’re massively proud of what we’ve created. We’ve aligned our framework to the SRA competencies and also SRA guidelines. We’re recognised by the Leadership Institute, and we can also offer CPD accreditation against some of our coaching programs, which I think is pretty unique.

Are we helping our managers to manage people properly in the legal profession?

Amy Bell:

Are we actually giving their people the skills that they need to be people managers, because when we set off to be lawyers (like my daughter at the moment – she’s next door revising for her A levels; she’s going on to do a law degree ….. I’ve tried to talk her out of it!).

So my daughter wants to be a lawyer. Why? Because she wants to change the world. Like many of us, we’re attracted to the law because we like solving problems for people. We like taking a problem and applying the law to it and saying, this is the answer, we really like that. But when we end up working in a law firm we quickly realise that it’s often about people-politics.

We have to deal with so much people-politics in law, don’t we? We’ve got people underperforming or even overperforming, and we’ve also got to make a business that is profitable and works. Nobody really tells us that, they don’t let us into that little secret when we sign up for the LPC!

Those people who might not know this about me. I used to work in a law firm. I was there for 12 years, and for seven of those years I was Head of Learning and Development as well as anti-money laundering.

We need to look at our firm and our people within. Have our people actually got the skills to cope and to learn?

We wonder if we are training them properly or are we part of the problem? By this I mean, we might not be training them properly. By not training properly we create environments that people find challenging to work in.

Jane Gilchrist:

I think that’s a really important question. Are we part of the problem? And I think if I’m completely honest with you, from my experience of working in coaching, yes we are, however unintentionally.

We’ve seen all the stats around this subject. All of us will have seen those on accidental managers. Over 80% of managers have not had any formal leadership training.

Definition of what a Leadership Role is

I think a lot of it starts with firms not really defining what a supervisor or line manager partner, or whatever it’s called in each firm) team leader role is, and what it actually entails.

It’s rarely clearly defined. In reality, it’s a blend of supervising the quality of the legal work, isn’t it? And making sure that the client gets what they need, that they’re supported, that they meet all the compliance and regulatory requirements.

But a big part of it, as you said Amy, is actually developing the individuals that we are supporting and spotting potential risks, but also in terms of ourselves.

Role modelling the right behaviours is really important, so that we’re upholding the firm’s culture on a day to day basis. That’s where we could probably do a lot more to support people, for sure – the sweet spot.

Amy Bell:

Our Six Cs of Compliance aligns with what you’re saying.

The biggest C in our cog logo, is culture, which is at the bottom of our logo and it’s at the bottom because if you don’t have a culture that supports compliance, you can’t do all the other five bits, and it will all come tumbling down without a healthy and supportive culture.

One of the biggest challenges I believe we have in the legal profession is the fact that we haven’t got this dedicated people strategy. We’re not purposefully creating a culture. And if it happens, it’s more accidental than by design …

…. and then it starts to fall apart. If that one person who’s really great at it leaves, or gets promoted away from managing the people, then what?

Amy Bell:

One of the things I’ve always been interested in is progression through a law firm. In our profession it’s quite a hierarchical kind of structure.

In my experience, I have seen the way law firms work in that it’s often the people who get promoted to partner often are promoted because of their ability to earn fees and excel at practising the law. Suddenly, however, they now have to manage people and teams. Yet they haven’t been trained in leadership and management skills.

Jane Gilchrist:

I think just focusing on managers or line managers is a wasted opportunity. At the end of the day you lead yourself every day, don’t you? Whether you’re an admin assistant, whether you’re a trainee or whether you’re a senior partner, you lead yourself every day, you make decisions, you manage your time. You interact with colleagues, you interact with clients

Do you influence a healthy workplace environment?

Jane Gilchrist: I’ve definitely worked with managers before, where they’ve barrelled in in the morning, and that has either made the day for everyone, or broken the day before it’s even started. They’ll either come in and say good morning to everybody, or just go to their desk. And you know that you’re in for a difficult day ahead. The eggshell boss.

Giving people the skills really early throughout their career to understand their own effect on colleagues is important. For all of us, having an awareness of the way we act, what levels of emotional intelligence we have, how we understand our own influences and impact on others is a true skill.

Amy Bell: It’s about how to figure out how to communicate effectively isn’t it, and actually taking the time to do that, instead of assuming your colleagues know what is going on.

Jane Gilchrist: You say, people in compliance can feel that because they haven’t got a fee attached to their role that it’s really difficult for them to show how they add value, and they can immediately feel on the back foot with that. Yet they are so valuable to this business. They keep the firm safe!

Law Firms and the Hierarchical Politics

Back to hierarchy though. The first thing I would say about it is that I can see why it motivates people in the legal sector, because whatever route you’ve come in on, it’s all focused to get in that title at the end of it, isn’t it?

To be a solicitor.

Jane Gilchrist: Personally, I don’t massively have strong views on the hierarchy as long as it is cross functional, and that it’s enabling people, not stifling people.

What I see in the work I do is that there is a tension between apprentices between trainees in terms of who’s getting what work, how that all works, how their careers develop, whether anyone is a disadvantage to the other. And I think it all boils down to the fact that on your route into the profession, and to get to that title of a “solicitor”, it’s crystal clear to them.

But the career path to be a solicitor can be ambiguous and that throws in doubt and anxiety. People aren’t quite sure what they need to do to progress, or how they can put themselves in a better place to progress, and I think we should probably put a lot more focus around that and really define some milestones along the way, not just in terms of what they need to achieve in their career, but also things like behaviours, competencies, skills, and just make sure that it’s a really holistic view to supporting people on their legal career.

Amy Bell: I could not agree more. I’ve just shared with you, haven’t. I’ve just come off a call with one of my team, a relatively new starter and one of the things that I did. And if you’ve listened to me talking about these kinds of coffee conversations before, you’ll know that when I started Teal I gathered all of the ideas of things that we hated from where we’ve worked in the past, and we would try and do the exact opposite!

One of the things that we do is we measure people on values, so they can say whether they disagree or not, I don’t mind, but there are. There is very precise and scientific analysis of my business to make sure that it is profitable. It works, and we want to put more money into delivering better solutions for clients.

We work so well as a team, all of us. We work well with our values and then we’re able to invest in our software or whatever, or new people to continue to grow whilst we look after each other. There’s a LOT of detail that goes into Teal as a business! There’s a whole management meeting every Friday morning where we go through a set of numbers, but my team doesn’t feel that they’re measured on numbers.

Do your firm’s core values align to your actual way of working?

Amy Bell: I don’t want my team to be distracted or feel that they’re measured based on numbers. What they’re measured on is good quality work which is being produced in timescales that work for the client, and that are at the standard we want and need. Part of the measurement is how their own values light up the team as a whole. If you haven’t got those core values that I started Teal with, how can anyone possibly be able to know what they’re expected to do?

Jane Gilchrist: It’s Important when you see firms who’ve got multi sites as well, so they might have branch offices. It’s easier to start from one point and educate and train your offices and teams the same thing in a consistent way but ultimately it’s about values.

For example, how can I actively demonstrate those values through my behaviours on a day-to-day basis? If I set them out really clearly and then help others, because it’s very different in different locations isn’t it? If you’re just working on your own, you’re not a line manager to anybody else. Then how you demonstrate those values will be slightly different to what they need to be. If you are managing a team, things like role modelling, oversight and supervision support all of those things. But also if you’re leading the firm in terms of clarity of vision, setting strategic goals, making sure that everything’s aligned can be different location to location.

Amy Bell: I’m very happy to share how we did it. I was just actually saying that. We put our values on our mousemats!

How Teal Compliance Recruits

Amy Bell: Like I said we don’t want pure replicas of existing team members, but need the values and ethos of those people to fit. How do we measure and track that our recruitment for like-minded professionals work?

We survey the team every month asking them to tell us who their Teal Stars are that have demonstrated the values this month. It’s nothing to do with the billing target. It’s nothing to do with productivity, because my logic is as long as you get people who are committed to doing good work and enjoy being here, then the rest will just follow efficiently. Generally people want to do a good job.

Jane Gilchrist: Yep! 100% believe that for sure, when you look at what some of the biggest people risks are and why people leave law firms. It’s because there is a mismatch between what the firm says the culture is and what they experience on a day-to-day basis. So, managers are often the missing link between those two things, but the more that we can enable and equip the managers with the right skills to be able to deliver that on a day to day basis and really think about their interactions with their teams, as well as how to get the most out of those, then deliver those values for pure visibility …. It makes a huge difference.

Amy Bell: And the role modelling point which you mentioned a couple of times, I think it’s just so important, because if you want to know the quickest way to trash a compliance program is to let a person of influence, whether that’s Jane Doe in legal accounts, Jane Doe-Mark Two on reception or John Doe, the Senior Partner of the business NOT show you up and be an effective role model.

Jane Gilchrist: I’ve been in team meetings before, where a director may have come in and said, “oh, well, this is the word that we’ve got from the powers that be. I don’t necessarily agree with it.” Nobody is going to take it seriously, and values are a bit the same, aren’t they? If we say integrity is our value. And then, you see a manager sort of talking poorly about somebody at the water cooler. Then it’s done.

Integrity – you’ve absolutely got to live and breathe it.

Tips for AML and People Management

Amy Bell: I’ve explained how we did it at Teal and how we continue to monitor ourselves, but can you give us any other good tips you’ve got for a firm that either has done this values exercise, and they’re not kind of feeling it? How would you go about it? How do you help people do that?

Jane Gilchrist: I think the biggest thing for me is to reflect on them really regularly. Sometimes firms will agree on their set of values, and they’re on the wall forevermore.

We want to know from them how they think they demonstrate their values to their team. If they can show us from their colleagues how they would be able to mirror those values is key to us.

I’ve actually sat with firms where we’ve had working parties, representatives from all across the firm, or roles or departments, and they’ve put post-it notes all over the wall in terms of what they think the values are and how they demonstrate them. And then when you see the same ones popping up again and again and again, they are absolutely your values.

How good are you at receiving feedback?

Amy Bell: One thing I think I recognise, because I’m rubbish at it, is receiving feedback, getting good feedback. Never mind bad stuff! I want to curl up in a corner and cry, and nobody ever taught me how to do it. Nobody ever taught me to, because as well as we’re not teaching people how to deliver it. We’re not teaching people how to receive it. NOTE for readers please read AMY’s personal blog to find out more.

Jane Gilchrist: Yes, and how to depersonalize it, because sometimes you only ever give feedback how you would like to receive it, not necessarily thinking about what’s going to be really important for them. What do they need to take from this? And let’s focus on that which can help to de-personalize it? And rarely are you giving feedback on an individual on a personal level.

You know you might be talking about behaviours that they’ve demonstrated at that particular time in that particular moment or a piece of work, and I think it’s really important to get that across so that people don’t feel that it’s a personal attack. It’s not easy to receive feedback, is it?

Particularly when it’s not great, but usually it feels like that, because it sometimes hits home.

You need to sit with it for a little while.

Amy Bell: It’s the combination of the person giving the feedback possibly tripping up over themselves when giving it, by that I mean the person receiving the feedback might not hear properly what the giver is intending for them to hear. Lost in translation. That is definitely a lesson I’ve learned in my career. I thought I had said something, but they heard something else.

Being able to communicate that really clearly, which can be really difficult if you’re scared of them bursting into tears or something. But they shouldn’t be bursting if it’s a two-way street in a healthy and safe place.

It comes back to psychological safety. That was a term that was used in the call I had with my new employee. It feels like a safe place for anyone to put their hand up and say, I don’t know how to do this. Why do I ensure my team and I work in this safe place?

Yes, we have got loads of rules as we are a compliance business, but our main rule between our team is that if you are stuck for 10 minutes, you ask for help.

Top Tips for Compliance and Psychological Safety

Amy Bell: Having the 10-minute Rule and then asking for help is our Number One Rule at Teal. It’s not efficient for you to sit there for longer than 10 minutes worrying about something. So that means it’s costing money. And it means other jobs are going to drift. And then clients aren’t going to get the service that they’re wanting to get.

That’s the first practical reason for it, if you need one!

But the real reason for it is, I don’t want anyone sitting there worrying so we literally have a dedicated communication channel like a lot of firms. We use Team for instant messaging and I can’t tell you how much we all use it and how quickly our cries for help are solved! We all use it, including me.

Questions like, can someone tell me the answer to “this”? Does anyone know “that”? etc.

The reason that we do that at all levels in the business is so everyone can see those questions and sees that it truly and really is safe to put your hand up and say, I don’t know.

We all collaborate on the answer, and the query is solved in minutes.

Remote Working and People Management

Amy Bell: We are a remote team here at Teal, in the main and this is one of the challenges I find which is why we had to find a genuinely great way of communicating. But one of the challenges that I find speaking to law firms these days is when they are still doing a good proportion of remote working and therefore managing supervision and support in that remote environment.

You simply can’t actually get body language from them can you?

Jane Gilchrist: Yeah, but it’s really difficult, isn’t it? It’s about getting to know your team and checking in on them on a regular basis. It’s about having a catch-up in the diary, whether that’s weekly or monthly. The fact your remote colleagues are used to you asking how they are! We have found that without those call catch ups it can become a little weird and people can become phone phobic.

The mobile goes or the Teams’ noise echoes out and we think what do they want?! But because you are used to having chats on the phone with catch ups, when the phone goes, it’s not scary or anxiety inducing, because you’re used to having them on the phone. You haven’t got that initial panic when their name pops up on teams.

If the usual scenario is radio silence, your team is definitely NOT going to come to you when they’ve done something wrong. And so sometimes we hear a lot about, “let’s share our wins”. Sometimes it’s about “let’s share some of our really big icky things”, “ or really awful conversations that I had to have to sort this out”.

Jane Gilchrist: I would self-refer to the managing partner and say, I’ve dropped the ball on this, how can we make this better? Just really talking about those sorts of things can massively start to normalise some of it.

Amy Bell: That’s exactly why I wanted to make sure I did things differently from my experience previously. We have a long running client that outsources their compliance to us. I have been working with them for 12 years now and I still remember the first time that we discussed this very subject with them. How to try and create a culture of people being able to put their hand up and say, I’m stuck without fear of reprisals.

My tip is that if you need a business reason for it, the 10 Minute Rule or just to feel safe to put your hands up and say you think you’ve mucked up, then you can justify it because by admitting something early on reduces the risk of professional indemnity claims! That’s a fact.

If a firm can evidence that the initial mistake was highlighted early on, and then what the firm’s attempt at rectification was, that’s a big tick for PII because insurers know that everyone, and every firm at some stage will make a mistake, it’s how you try and fix that mistake that counts.

Amy Bell: Anxiety and Solutions

Amy Bell: I’m going to tell you. I used to cock up pretty regularly. I had to have months off sick with stress from it, because I never felt confident enough in this hierarchical situation. Dog eat dog. Everyone’s trying to get the same job as a partner. I didn’t say anything. It made me ill.

When I came back from sick leave I started a group: Bring Out Your Dad meetings.

It was for peers, and I’m like, just bring the files you’re stuck on. We’ll workshop them together. There’ll be a great learning example for everybody else to just come along and listen to. So, we’re doing great training. But also, it means you won’t be stuck on that file anymore, and you won’t be waking up at 3am in the morning worrying yourself sick about it.

Jane Gilchrist: Similar actually in a team that I was running in, that we had a black box system. If you had a file that you absolutely had lost your way on you could put it in the black box. It gets passed on to somebody else. They would work it through, because it’s always easier to sort out somebody else’s difficult file than your own, isn’t it?

And quite often it’s never as bad as you think it is. Once you sit down and actually do the work; it just gets this nuclear field around it, and you know, as a coach people think, “you must be perfect” … absolutely not!

The shelf in the office…..

Amy Bell: I had that shelf. It was at the bottom. It was underneath the Law Gazette! They used to come every week. Those of you new lawyers will have no idea what we’re talking about if you’ve not had files, but for us that have been doing this law thing for a while, it’s the bottom shelf, covering dust behind the desk!

I’m like, what are those files behind your desk? Oh….so nobody else roots through them and sees I’m behind or stuck and I’m scared. And this is why the root cause analysis of things like complaints and claims is so important.

Spoiler Alert! The root cause analysis, if you don’t already know this, it’s likely to be 5 questions away….. In my experience. The FIVE WHYS is the root cause analysis model, which I love. It’s dead simple. Ask yourself why something happened five times.

You are going to unearth what was really underneath it. It’s pure psychology.

We use it in our TEAL TRACKER software. We have an analysis module that helps our clients digest these and then collate what their overall root cause analysis data is across their business.

For example, say the data says the cause of a problem was based on Human Error, the FIVE WHYS in the Tracker’s root cause analysis actually shows that it’s not really about human error. That’s not really the cause. Why did this highly trained, very expensive, skilled person make this silly mistake?

Answer? Usually resourcing lack of training, lack of capacity, taking on work they shouldn’t have taken because trying to keep someone happy like, there’s about 10 causes right? But they’re never just because they were careless. And what happened was I took out human error, but I did put in a lack of attention to detail.

And that’s where suddenly everything ended up in lack of attention to detail! I was like, this isn’t the right answer in reality. I dug deeper into our research model and though there’s another TWO WHYS after lack of attention to detail, like, why is a very busy person who’s well paid got a lack of attention to detail?

Too much work normally, and yet I was dissatisfied with that answer as it doesn’t really get to the cause to thereafter support the business or its people going forward.

The Tracker’s analysis started bringing out the true reasons.

So what our system does is it based on what you’ve said? The potential causes.

The Tracker then predicts what the cause might be, and you just have to pick from a list. If the actual cause that you really know of isn’t on the list, you can get it to regenerate more options for you, but based on your previous answer, it will.

That’s when we’re now getting more accurate root causes because “people” to blame aren’t coming up.

Obviously, we do want people to be driven by empathy, and we don’t want people to feel that they’re being blamed. But at the same time things are going to keep going wrong unless we tackle the root causes of them.

Jane Gilchrist: When they’ve got a reason like that, it’s clear it’s an operational reason. Then it makes that whole feedback piece much easier, because you’re giving feedback on why the process has failed, or where they might have some potential learning gaps. It’s far less personalised than you saying, “you’ve made a mistake here”.

Getting Managers Aligned with the Right Coaching Skills

Jane Gilchrist: Getting managers to have the right coaching skills is so important because they are learning through asking questions, rather than just giving answers.

Amy Bell: My skills as a manager really got upgraded when I learned about coaching instead of mentoring or just “showing”. When I started in the law it was kind of sit at the feet of your training principal and watch what they’re doing and do what they do.

Jane Gilchrist: We want to build capability, not dependency.

Managers don’t often understand coaching or how to coach people, and sometimes it can feel like it’s going to take a little bit longer than their schedules want. But you’ve got to be flexible haven’t you? We often want to fix things NOW, because there’s a deadline. We need to get it sorted today.

But then let’s have a debrief meeting tomorrow and understand how we could do that differently next time to have a think about it, and we’ll have a chat tomorrow. With this stance you’re much more likely to get a better response when you do that rather than just constantly telling people what to do, or them coming to you with a problem.

Quite often I’ll hear that managers will say “just leave it with me / I’ll sort it out”. They may have sent something to their partner to “look at” but then the partner has totally amended it. They’ve not always had the feedback, or they’ve got it back with lots of red lines through it, and there’s no conversation about what was actually wrong.

Amy Bell: When I was running my budget for the training program that I talked about I built all the levels in the business. The most important course of learning first in the budget was coaching skills for managers.

It takes a little bit of time for people who’ve not been managed in that style to get used to it. But what ultimately happens is, people don’t come to you with problems. They come to you with a problem and three solutions, because they know that if they don’t come with a solution, you’re going to send them away again.

Are you a Micromanager?

People can feel micromanaged, especially in the legal sector.

Amy Bell: The person who is the micromanager probably doesn’t know they are doing just that. It’s not their intention.

Jane Gilchrist: Micromanagement makes people feel like they’ve not got any autonomy, doesn’t it? And when you look at what the drivers are, particularly in the legal sector, together with survey results, approximately 60% of employees value autonomy in the workplace but that jumps to a massive 90% for the legal sector.

If you give people the answers all the time without letting them research and find their own solutions whilst feeling safe to do so, is vital. They won’t feel micromanaged. Employees feel like they’re being disempowered as they haven’t got autonomy, whereas coaching helps to provide that to them.

I have clients come to me for 121 coaching and tell me that they asked their firm to invest in them and provide coaching. It’s often that they are told they will think about coaching as a firmwide initiative as they don’t want to invest in 121 because the coaching might not be CPD accredited. I have lawyers and professionals funding their own coaching because they know it helps them with their own career development. I find that the firms who don’t invest in 121 coaching see those individuals move to other firms.

Who wouldn’t want to empower their staff?

When we work with a new cohort of leaders, helping them to establish a peer group and coach each other, the benefits that they get from group coaching just means that it spreads far and wide across the firm. And that’s probably one of the biggest results that I see is that they’re able to have those conversations and support each other.

Amy Bell: That’s what we did in the firm I was in. We had 700 people, a thousand salary partners, next 1,000 a hundred salary partners next 700. So it was a lot. Obviously, all our salary partners wanted to get to equity partner status. They were of the ilk that they couldn’t make everyone an equity partner, you know nothing to go around! So it was like how are we going to make sure that the people that are applying or wanting to progress have got the best skills?

That was where the idea for the Training Academy came from!

We didn’t just need brilliant technical people or compliance people who are compliant. We need that as well. But we need people with great skills. And so, owing to the shape of the firm, we kicked off with coaching skills for the salary partners! The coaching then cascaded down the firm.

Coaching and people skills for best practice risk management is vital for a compliant firm.

To listen to ALL our previous webinars, you can watch them HERE.

About Jane Gilchrist

Executive and Leadership Coach ICF ACC | Coaching to support Leadership Performance

FOLLOW Jane on LinkedIn HERE

Managing people risk through better employee experience Read More »

Amy Bell explains why she had to give up fee earning and why she doesn't want others to ever be in her position

Why I had to give up fee earning and why I don’t want you to

Anti-Money Laundering, Audit, Blogs, Compliance Webinars, Legal Compliance, Regulatory Compliance, Risk Management / Mark

Amy Bell, Solicitor, CEO and Founder of Teal Compliance and AML Sorted.

I lasted eight years as a fee earner.

Now I’ll be the first to admit that it wasn’t just the job that led to my first major episode of depression. But do read on to hear about my personal dive into depression as a Solicitor and the “fee earning” jungle that changed everything in my career.

Amy Bell in Childhood

I had a difficult childhood, not the worst, but far from ideal. Couple that trauma with my undiagnosed neurodivergence (ND), my divorce, and having a bipolar parent who I had to care for.

I was living with a series of emotionally abusive authority figures that left me with a “try hard” attitude, and just trying to make people happy.

Amy Bell as a Fee Earner in a Law Firm

Everything from our childhoods mould us. We don’t know any different. So all the above made me an ideal team member, because I wanted to please and make people happy. I said “yes I’ll do that”, “yes, give that matter to me”, “yes, I’ll take that on” and so it goes on.

….. Until I was handling twice as many cases as anyone else.

All I wanted was to get to partner level, and every year I was a fee earner the bar got pushed further and further.

Whilst in my 1st year as a PQE I could see that 3rd year PQEs were being made up to partner level. I could see that my hard work would pay off in three years.

But by my 10th year, the firm had stretched out those promotion levels to between 10 and 12 years PQE (after a stint in associate and senior associate)! Partner status seemed against me.

It was dog eat dog, political back stabbing each other to get to the front of the “pick me” pack.

Nobody dared mess up, the pressure was immense.

The Realisation

That pressure? I dropped the ball. And I dropped it badly.

I begged the GP not to sign me off. I was scared of being busted for the files I was stuck on, that they’d see I wasn’t good enough. Yes, the classic case of “imposter syndrome”.

For five months I was broken.

What “Broken” looks like

After five months I was out of credit on every credit card, so it was my Dad who was paying my bills after I’d stopped being paid after four weeks.

I wasn’t ready mentally to go back to work, but back to work I did. I couldn’t afford not to.

But I couldn’t do it anymore.

I couldn’t pretend the system wasn’t broken, I couldn’t sit back and watch my friends when they came to tell me they couldn’t handle the pressure either and they wish they were as brave as me to stand up and ask for help.

I didn’t think there was anything brave about it, I didn’t have any choice, after all, my boss had threatened to have security remove me if I didn’t go home when I was signed off (she was just trying to help me, I know).

I tried my best to make it bearable, got an informal file swap going with my mate Claire (a great friend to this day). We’d swap each other’s hard files to stop them being a problem.

I set up meetings with peers once a month for everyone to come along with their tricky files so we could workshop the answer.

My inner drive to chase that partner status had gone. It was over, I thought my life in law was over.

I took the job in the Compliance Department just to escape the feeling of being a failure in the personal injury team.

I needed a job, and they needed someone to do training, so I took it and said goodbye to my ladder climbing.

From Fee Earning to a Love of Compliance

I was going to leave the law altogether.

I started Amy Bell Events and built a portfolio of wedding and event planning. I even had an event when I was rushed into hospital when I was having my daughter, Charlie.

But parenthood doesn’t mix well with the wedding season, so I stuck it out in law!

I started to learn about management models, about culture, about the safeguards which should be in place to protect the lawyers as well as the clients.

That drive to make a difference had returned.

And the rest as they say is history!

I loved my job as a fee earning solicitor in the early days, until it began to haunt me.

I realised how badly equipped I was but also how vulnerable the industry is if we don’t make sure we look after our people.

I’m not blaming the firm or the industry for what happened to me, we were then (20 years ago) miles behind in understanding the impact on people of dysfunctional work environments.

And now we know better and many places are doing better.

But I will tell you, if I shout out to my network and say “are you struggling with stress at work, book in for a chat” I can promise you my diary would be full pretty quickly (I know because I’ve done it!).

The Legal Profession and Mental Health

We’ve all got to do better to look out for each other. Because we can’t keep losing talented people from the law because they don’t feel safe, because risks aren’t managed, because they are exposed.

As mental health awareness week draws to a close, and I look at all the great stuff Team Teal has posted this week in our Teal Wellness channel, I’m so proud to see how openly we talk about mental health.

My brother started a campaign in his industry (advertising and marketing) to have one mental health first aider trained for every 10 employees. I’d love to see that campaign gather some pace in legal, because I really do believe we need to support our people before they crash.

Why I had to give up fee earning and why I don’t want you to Read More »

Why the boiling frog syndrome speaks to law firm AML compliance needs

The Boiling Frog of AML Compliance

Anti-Money Laundering, Audit, Blogs, Compliance Webinars, Legal Compliance, Regulatory Compliance, Risk Management / Mark

Imagine a frog in a pot of water that warms imperceptibly over time. It’s a familiar parable about gradual danger, and it offers a stark lesson for law firms on the subject that we know and love … AML compliance!

In practice, poor anti-money laundering controls usually creep in slowly. Look, we’ve all been there in any walk of life with managing risk, however, small risks accumulate until one day you realise you’re in hot water.

Solicitors, lawyers and senior partners may grow used to cutting a corner here or there, for example, delaying full risk assessments on every small conveyancing deal or skipping a detailed client check to close a sale, and find nothing bad happens, so they think it’s safe. All the while, your compliance officer is trying to juggle the balls and spin the plates without being aware there are niggling potential risks and breaches going on behind the scenes.

Our very own Amy Bell recently ran a webinar for Locktons and spoke passionately about Client Matter Risk Assessments and the need to be proactive.

We have to remember that the regulatory temperature is rising. The SRA reminds firms that any matter in scope triggers obligations…

“no matter how short in duration or scope… the appropriate level of client due diligence and a risk assessment must be carried out”

SRA

In other words, there is no de minimis exception. If firms relax standards bit by bit – trusting the status quo, relying on old practices, or failing to update their policies – they risk essentially sitting in tepid, heating water without noticing.

How do you know if you’re in scope? Read the SRA’s guidance HERE.

Money Laundering’s Slow Burn

Money laundering itself can be surprisingly mundane and routine. The work is insidious, yet subtle.

Economic and financial criminals (or the #baddies as Amy Bell calls them) increasingly move large sums through seemingly legitimate channels. How delightful are your client accounts for them? Sadly, the usual targets for money launderers are property purchases or corporate transactions, where dirty money is effectively “laundered” into the system.

In an era of high-value deals, even honest clients may inadvertently carry illicit funds, and it’s our job, as legal professionals, to spot them. Sadly, we’ve seen all too often, when firms become complacent there is a danger that suspicious activity is seen as a normal part of business, not a warning sign.

Cultural norms can creep in. If you’re a lawyer in a busy commercial team you might think that because you’ve dealt with a well paying client for years it’s ok to maybe wing the CDD and SOF checks.

You know them, have a great working relationship with them, might be a top biller because of that relationship. Why bother with lengthy ID checks every time? It’s the source of funds and the source of wealth you really do need to verify. If you are a junior associate or new to the role of COLP or MLRO, are you brave enough to challenge a partner’s relationship with a client who brings in vast amounts of funds into the firm?

Colleagues may joke about being bureaucrats or delay refreshers on training, reinforcing the idea that compliance is low priority. This is exactly the mindset that lets the pot warm up unnoticed. The SRA’s fining powers are in full use and rather than being complacent, wouldn’t it be better to maintain continual vigilance?

If AML controls slack then your risk indicators could drop to the bottom of the pile or worse, be forgotten.

Over time, your firm’s overall money-laundering deterrence is weaker, even though the actual work and transaction values stay high.

Our TEAL TRACKER is perfect for continued and effective reminders and alerts.

How to Master the Tricky World of the Source of Funds and Wealth

This is a great blog to read to help you with any awkward conversations!

Law Firm AML Complacency, Culture and Drift

By the time someone in the firm notices a problem, the culture of complacency may be too rooted as there’s been a resistance to change. Recent SRA enforcement highlights firms that have languished in non-compliance for years before a regulator stepped in.

We get it, practicing law, dealing with clients, dealing with partners, dealing with the other side and let’s not get started on the billable targets are exhausting enough, but whether you like it or not, compliance is your best friend.

You probably have read cases such as the law firm who repeatedly omitted conveyancing (75% of its work) from its firm-wide risk assessment. That omission persisted even after the firm had told the SRA its risk assessment was compliant back in 2020. It only implemented proper controls after an SRA inspection – long after the drill of neglect had set in.

The regulator noted that this firm’s failures (no independent audit, weak transaction monitoring, even a lack of partner training) “showed a disregard for statutory and regulatory obligations”. In blunt terms, the SRA said the firm’s problems “could have been avoided” by doing a proper risk assessment from the start . It fined them £20,000 and raised the fine to send a deterrent message.

So when we talk about the boiling-frog metaphor, the above example is a classic.

The firm didn’t collapse suddenly. Instead, year after year it failed to address its internal gaps. The First AML analysis of 2025 disciplinary cases makes the same point that firms with “systemic gaps” and “long-standing… compliance failures” have faced the harshest penalties. The highest fine to date was £27,813 – given for “widespread AML failures” including inadequate risk assessment, precisely the kind of entrenched lapse that happened slowly over time.

In total,16 out of 50 SRA disciplinary decisions recently related to AML breaches, with over £61k in fines imposed. The takeaway is clear in that persistent neglect of AML duties is now being punished, but it really doesn’t have to be onerous with training updates, easy software reminders, or outsourced compliance (see our SORTED programmes for different sized firms). Problems often build silently (thanks to shifting workplace culture or understaffing), but ultimately the SRA will notice and step in.

Regulatory Guidance and Enforcement

Fortunately, the guidance is clear – if only firms heed it, plus we are here, literally guiding and holding your hand.

In April 2025 the Legal Sector Affinity Group published a new AML guide (approved by HM Treasury), officially governing SRA firms. This updated LSAG guidance reiterates the basics that every firm needs a firm‑wide risk assessment, clear policies and procedures, up‑to-date CDD (customer due diligence) processes, and continuous training.

If you or your colleagues have received any of our training you’ll know that we really are experts and give practical advice that goes above and beyond the tick box boring exercises.

Regulators now stress that proactive compliance is the norm, it’s just how it is, which is why Amy and the whole team here at Teal Compliance are passionate about supporting firms and allowing their compliance officers a safe space to comply.

Analysts advise firms to focus first on a comprehensive, regularly-reviewed risk assessment (covering the firm itself and each type of client/matter).

Your policies and internal controls should be robust and embedded in daily work, not siloed documents on a shelf.
Staff training must be ongoing – the guidance emphasises that AML education is not a one-off checkbox but a continual process (for everyone from juniors up to partners).

The SRA underscores that being in scope is about the services provided, not simply holding client money, meaning that your law firm can’t slip below the radar by reclassifying work. Don’t forget, the SRA explicitly warns firms that even a short, simple matter can trigger full obligations.

What does this mean in practice? Simply put, law firms seriously have to work on cultivating an alert, risk-based culture, with the “tone from the top” view of compliance as an integral part of quality practice.

Our webinar with Amy Bell and Simon McCrum and what a partner looks like when it comes to culture, cashflow and compliance is worth a watch. WATCH HERE.

If a potential red flag arises (for instance, unusually large cash payments in conveyancing, or a client reluctant to provide full information), it must be treated as out-of-ordinary, not routine.

Time to Jump out of the Boiling Pot?

None of this blog is intended to alarm you and your colleagues, rather, it’s a wake-up call wrapped in a familiar metaphor.

By considering where your firm stands in that rising temperature, you can decide whether it’s time to jump. Are you reviewing risk assessments as new risks emerge (for example, new regions, new products, or new high-value clients)? Are your AML procedures championed by leadership, not seen as a grudge task? Do teams feel able to raise concerns (flipping the narrative from “Why question this again?” to “Yes, we need to check”)?

“Jumping out” means acknowledging any complacency or resource squeeze and taking action early. Can you add more staff to your compliance team? Does your current compliance officer cover COLP, COFA and MLRO and if so, what training and support do they receive? Can you organise refresher training? Are you in a firm that allows honest conversations about a healthy culture and therefore better risk management?

The updated SRA/LSAG guidance is on your side because it offers case studies and practical checklists to help identify seemingly innocuous, yet insidious gaps.

Why not embrace our advice and that of the SRA and the LSAG, by keeping your pot of water at a comfortably warm temperature, rather than a lethal one! In the end, reminding ourselves of the boiling‑frog fable isn’t scaremongering – it’s about staying vigilant.

What we recommend firms do is to stop and feel the temperature, is the heat rising without being noticed? If so, now’s the time for a quick dive or a firm clear-out of old habits. Jump before it’s too late, not after the pot is boiling.

The Boiling Frog of AML Compliance Read More »

Managing Risk with Mental Health Tips - Teal Compliance support Mental Health Awareness Week May 2025

Managing Risk with effective Mental Health Tips

Anti-Money Laundering, Audit, Blogs, Compliance Webinars, Legal Compliance, Regulatory Compliance, Risk Management / Mark

Reminder that we are not only your training partner but also your outsourced compliance and regulatory partner – find out more here.

The Law Gazette flagged up how the SRA’s got their eye on AML breaches this April, and seeing as it’s Mental Health Awareness Week an’ all, we thought we’d chip in with our two pence. Looking after yourselves and your staff isn’t just a nice thing to do, it’s a smart move for keeping your firm on the straight and narrow with AML and regulatory compliance.

Let’s make sure we’re not ending up on the SRA’s naughty step by keeping an eye out for each other.

With that in mind, here are our Handy Hints for risk management when it comes to culture and mental health.

Make it Safe to Talk - Risk Management Tip No. 1

We strongly recommend that you organise (yes, even prioritise) firm-wide discussions or workshops during Mental Health Awareness Week specifically linking well-being to work performance and error reduction.

We can’t emphasise enough that stress, anxiety, and burnout can significantly impair concentration and judgement. We’ve all been there at different times in our working lives. Working under pressure and in a stressful environment increases the risk of overlooking crucial compliance steps or making mistakes in complex AML processes like Source of Funds checks or client due diligence.

Working in a healthy culture where staff feel comfortable acknowledging when they are struggling is so important! LawCare Charity insights show that those under pressure or in a culture where they are afraid to talk in a safe environment are potentially more likely to make errors due to mental fatigue or stress.

If you don’t believe us, just are your PII contacts!

Promote Practical Wellbeing Strategies for High-Pressure Tasks - Risk Management Tip No. 2

Practical tips and tools to manage stress and improve focus, especially during peak workload periods (e.g., completion deadlines in conveyancing) can be really helpful.

This could include mindfulness exercises, time management techniques, or signposting to Employee Assistance Programs (EAPs) if you have them. Often we see in our audits that targets cause stress, together with the billable hour and WIP not being paid. Do you have mentoring systems in place to alleviate too many matters for one person? It’s easy to take your eye off the ball on one matter, where the SOF hasn’t been checked because the client has been with the firm for many years. Are they a priority? Yes, their checks are a priority, just as practising the law is.

When it comes to AML and regulatory compliance, why not frame the above strategies as tools to enhance accuracy and reduce errors in high-stakes compliance tasks? For example, really simple things like taking short breaks can improve concentration during complex AML risk assessments.

Lead by Example - Risk Management Tip No. 3

As law firm partners we encourage our clients who are senior partners, together with the MLRO/COLPs, to actively participate in Mental Health Awareness Week initiatives and openly discuss their own well-being.

When senior leaders demonstrate that mental health is a priority, it sends a powerful message that compliance and well-being are both valued.

Sending the message throughout the business (and your firm is a business), can reduce the stigma associated with seeking support and encourage staff to prioritise their own mental state. If you know your boss prioritises well-being and family for example, it ultimately leads to more careful and considered compliance practices overall.

By leading by example, senior management teams can foster a supportive and open culture where well-being is seen as integral to professional responsibility at all levels.

Empower with Knowledge - Risk Management Tip No. 4

Why not share resources (internal or external) during the week that explain the connection between mental health and cognitive function, particularly in detail-oriented tasks like regulatory compliance. The NHS has their 10 Stress Busters HERE .

Lockton has some great blogs on Mental Health and how a healthy culture helps keep a law firm’s claims at arm’s length.

In one of their articles, they talk about Psychological Safety.

“Supervision plays a vital role in helping supervisees feel psychologically and emotionally supported at work. In addition to supervising the quality of work, supervisors should encourage discussions about any worries, concerns, near misses, or development needs that their supervisees have. Creating a psychologically safe environment where supervisees feel confident to raise questions or concerns with their supervisor will not only help to mitigate ethical risks but also identify pressures that might be having a negative impact on wellbeing. “

Why HR and Risk Management Teams Should Collaborate on Wellbeing READ HERE

Did you know that conditions like anxiety or depression can affect memory, focus, and the ability to follow complex procedures, such as SAR reporting or adherence to SRA Accounts Rules?

As our own CEO does with Team Teal, why not educate staff on why prioritising their mental health isn’t just a personal matter but a crucial element of maintaining a safe and compliant work environment?

Thanks for reading and if you have any questions on how mental health and compliance are partners for the good, or would like to take advantage of our ASK TEAL service, you can get in touch HERE.

Team Teal

Managing Risk with effective Mental Health Tips Read More »

Regulation 21 and ongoing monitoring article from Teal Compliance

Regulation 21 and Ongoing Monitoring – an AML Compliance Reminder

Anti-Money Laundering, Audit, Blogs, Compliance Webinars, Legal Compliance, Regulatory Compliance, Risk Management / Mark

Rhiannon Davies, Associate and specialist in AML and Regulatory Compliance. This article is a debrief of the webinar and transcript I ran on 2 April 2025. You can watch the recording HERE.

Let’s kick off with AML audits and what the regulations say. Specifically, we’re looking at Regulation 21. It has a few key requirements, but I’ll focus on the part about independent audits.

You can read here about our outsourced AML Compliance and Regulatory Compliance SORTED programmes that cover the requirements too.

Regulation 21 and Independent Audits

We started off the webinar AML audits and what the regulations actually say.

Key requirements of Regulation 21
The role and purpose of independent audits
Defining “independent” and “size and nature”

The first requirement is appointing a Money Laundering Compliance Officer (MLCO). This must be someone in senior management, like a Board Director or equivalent (e.g. senior management). Why? They need to have enough authority to enforce policies, update training, and even decide on the firm’s risk appetite for clients and work types.

The second requirement involves screening employees—both before they join and during their tenure with the firm. I won’t go into detail on this today, but if you’re curious, LSAG 9.4 has some excellent guidance on how to approach it.

Now, onto the third part of Regulation 21—the independent audit function (there are loads of different terms for this function). This is where it gets interesting! Essentially, the audit assesses the adequacy and effectiveness of your firm’s AML policies, procedures, and controls within the firm. If issues are identified, the auditor provides recommendations and follows up to ensure compliance.

But here’s the thing—what does ‘independent’ really mean? And how does ‘size and nature’ factor into whether your firm needs this function? These are questions we get all the time.

‘Size and nature’ isn’t strictly defined in the regulations, which can make it tricky. The SRA, however, suggests that the majority of firms will require an independent audit function. For instance, if your firm handles conveyancing work, it’s almost certain you’ll need one. On the other hand, if you’re a sole practitioner without staff, you can probably justify not implementing one.

As for ‘independent,’ it doesn’t always mean external. That said, achieving true independence internally can be challenging. The auditor mustn’t be someone who sets or follows the firm’s AML policies, however, it needs to be someone with enough knowledge of AML which rules out many internal staff. Often, firms find they need to bring in external specialists to meet this requirement.

So, in summary to this section of the webinar, I said that if your firm doesn’t already have an independent audit function, now’s the time to assess your needs. And if you’re unsure where to start, I’m happy to point you toward some useful resources. Please feel free to email us: hello@tealcompliance.com

Introduction to Ongoing Monitoring

I’m grouping this with the previous topic because it’s a key area where we often find firms struggle, particularly fee earners. During our AML audits, we consistently observe challenges with the implementation of effective ongoing monitoring procedures. So, I’m going to delve into this in a bit more detail, referencing the regulations themselves.

Ongoing Monitoring: A Deeper Dive

Defining ongoing monitoring and its components
SRA guidance on ongoing monitoring
Challenges in implementing ongoing monitoring

Ongoing monitoring is split into two parts, firstly from a transaction point of view, where you need to keep an eye on the level of risk that the matter and the client is posing to the firm throughout the whole of the matter.

Secondly, it’s the reviewing identification documents for your existing clients and making sure you’re keeping them relevant and up to date. So any of those documents that you’re relying on, if they’ve expired, you’re getting new ones.

When we talk about ongoing monitoring, it involves both of those components.

Defining Ongoing Monitoring

Here’s a summary of the definition of ongoing monitoring – comprising two key components.

Transaction monitoring: this means continuously assessing the level of risk that the matter and the client pose to the firm throughout the duration of the case.
Periodic reviews of client identification documents to ensure their validity. Expired documents, for example, must be replaced.

Therefore, ongoing monitoring encompasses both the scrutiny of transactions and the maintenance of up-to-date client documentation.

SRA Guidance on Ongoing Monitoring

The SRA emphasises the mandatory nature of ongoing monitoring, as stipulated in Regulation 28(11) of the Money Laundering Regulations.

The SRA’s guidance highlights that any communication with a client has the potential to alter the risk profile of the matter, the client, or both.

Consequently, risk assessments should be re-evaluated at appropriate intervals and to reflect any changes in circumstances, such as alterations in beneficial ownership, the nature of the client’s business, or their address.

It’s worth noting that the SRA stresses the significance of ‘any communication‘ in this context. This underscores the need for comprehensive AML training for all staff, including support and reception personnel, as any interaction with a client could reveal suspicious activity. Essentially if any staff has a touch point with your clients, they need training.

The phrase ‘re-evaluated at appropriate intervals‘ requires careful consideration, as its interpretation can vary. While it’s clear that a reassessment is necessary when material changes occur (e.g., third-party funding, newly discovered links to high-risk countries etc), the challenge lies in demonstrating ongoing monitoring when no such changes are apparent.

Challenges in implementing ongoing monitoring

Why do we see so many firms struggle with ongoing monitoring? From our experience and training it looks like this:

Not understanding the purpose of ongoing monitoring
Doing it but not evidencing it, especially where nothing has changed
Not sure when it should be done
Ticking boxes without providing rationale
Not wanting to bother clients further
Forgetting about LSAG

We often hear about re-evaluation at appropriate intervals in ongoing monitoring.What does that exactly mean though, because there’s no definition!

“Best practice and with a risk based approach”, it could mean different things to different people and firms. Ultimately, it means there needs to be an update if anything on the matter has changed. For example, if a third party is now providing funds for the transaction, or say you’ve suddenly discovered the client’s got links to a country outside of the UK that would generally prompt you to relook at the risk assessment. This seems obvious right?

However, what about when nothing’s changed? How do you evidence that? How do you prove you’ve done your ongoing monitoring when absolutely nothing’s changed on the matter and you’re still as comfortable with the risk as you were at the very beginning of the matter?

That’s the bit where we often find we don’t have the evidence when we’re running an AML audit; so when we’re doing some of the file reviews, as a minimum, we’d recommend the following guidance via three points.

Three point ongoing monitoring guidance

Our three point guidance is where you assess the risk and emphasis is on the word minimum.

Think of it as a story because it has a beginning, a middle and an end.

Beginning stage: file opening

At this point, is there anything that you’ve seen or been told that doesn’t quite sit right with you? Are you not sure whether you want to proceed with the matter? Do you need some more information to make yourself more comfortable? Or are you happy to proceed at this time?

Either way, it needs to be noted on your risk assessment. And I must say, the majority of firms that we audit, the opening risk assessment is the one that’s often carried out well.

It’s the next stage where we see failures.

Middle stage – review of CDD documents

I’d normally suggest this part of your ongoing monitoring story is once you’ve reviewed the CDD documents from your client. This is the point when due diligence checks around your client’s evidenced source of funds (SOF) and source of wealth (SOW) are with you.

At this point, you’d be looking if anything has changed at all, i.e. have any risk factors changed from what you decided at the beginning? Does the evidence from your client match what they told you at the beginning? Does everything still make sense? And again, if not, you might need to ask further questions, or you might need to see some further evidence.

If everything is hunky dory, carry on and proceed with your matter. HOWEVER, don’t forget to document and evidence your checks and confirmations.

Even if nothing’s changed, documenting that you have still assessed that risk again, would evidence ongoing monitoring. Then I suggest a final risk assessment.

End stage – last minute changes

An assessment of the risk again, before you proceed with whatever it is that you’re doing that could end up being money laundering.

Before the actual transaction takes place (e.g. in conveyancing), before any money’s moved you have evidenced your final risk assessment.

Remember, the baddies are waiting for any last minute changes in the hope that you don’t ask any questions.

Financial criminals and money launderers thrive on last-minute transaction changes, banking on lawyers being under pressure to push deals through without thorough scrutiny. They count on urgency preventing deeper AML checks, allowing them to disguise their true source of funds or wealth. The pressure conveyancers were under in March because of the changes to Stamp Duty, was horrific, the baddies would have been rubbing their hands with glee.

Come what may, you have to maintain vigilance with risk assessments and ongoing monitoring whilst documenting every step to justify risk ratings. If it’s not written down and evidenced, in essence, it didn’t happen. You hear time and time again about SRA inspections and their fining powers when swooping in to check.

Practical Guidance on Risk Assessment Frequency

As a reminder on some practical tips to help with your ongoing monitoring for risk assessments, we’d say never to focus on thinking that after your initial first step of onboarding CDD to continue checking on changes or documents that don’t match your original docs.

Our recommendations would be:

Initial Assessment: This is conducted when the file is opened. At this stage, the primary focus is on determining whether to accept the client and, if so, the appropriate level of Customer Due Diligence (CDD). Any initial concerns or uncertainties should be thoroughly documented.
Interim Assessment: We advise conducting this assessment after reviewing the client’s CDD documentation, including source of funds and source of wealth evidence. The aim is to verify the consistency of the evidence with the client’s initial representations and to identify any emerging risk factors.

LSAG offers helpful guidance on documenting ongoing monitoring, including the issues considered, actions taken, reasons for decisions, and details like dates and individuals involved. Monitoring also involves reviewing and renewing client identification documents, especially for ongoing or long-term clients. Having said that, when reviewing client identification documents, it doesn’t mean you need to ask the client for them again for every matter but they must be reviewed for relevance and validity, such as checking for expired documents.

Challenges in Implementing Ongoing Monitoring

Changes in beneficial ownership, particularly further up the corporate structure, may not be immediately apparent, which makes ongoing monitoring crucial.

For corporate clients, drawing up a structure chart at the beginning of the relationship and confirming it at each new matter is really good practice. This would help with ensuring the beneficial ownership remains consistent. If a change is identified, such as a new beneficial owner, then you must follow appropriate identification and verification processes in line with your firm’s policies and procedures.

We get it, struggling with ongoing monitoring is common, which is why my colleagues and I want to support you and your colleagues.

Challenges range from a lack of understanding of the actual purpose of ongoing monitoring, assumptions based on long-standing client relationships, and inadequate documentation. For instance, staff might simply tick a box to indicate monitoring without detailing the rationale or evidence. There’s also a hesitation to bother clients for updated information, fearing complaints or loss of business.

My advice is clear, would you go to prison for a client? No – it’s not worth it.

I hope you found this blog helpful, and do watch the recording if you have time.

Rhiannon

Regulation 21 and Ongoing Monitoring – an AML Compliance Reminder Read More »

LSAG GUIDANCE UPDATE April 2025

Anti-Money Laundering, Blogs, Legal Compliance, Regulatory Compliance / Mark

Rhiannon Davies, Associate. Please note, the original post was on my LinkedIn feed.

The Legal Sector Affinity Group Anti-Money Laundering Guidance for the Legal Sector has been updated and takes effect from today, Wednesday 23 April 2025.

If you recall, there was an addendum published in December 2023 and the LSAG guidance has now been updated to reflect HM Treasury’s approval of this.

What has been updated in the LSAG Guidance?

There is detail on this within the guidance itself on pages 221 to 228 but here are a few:

⏩ Change to the wording used for beneficial owner shareholders from “25% or more” to “more than 25%”

⏩ New definition of high-risk third country following the removal of Schedule 3ZA from the Money Laundering Regulations

⏩ Additional information regarding the Economic Crime Levy – payable if your annual turnover exceeds £10.2 million.

⏩ Additional information on supply chain risk

⏩ New subsections relating to The Register of Overseas Entities, De minimis exemption and mixed property transactions

⏩ Updated guidance where you received contributions from third parties towards source of funds

⏩ Text added in reference to the new regulation on Domestic PEPs

What do you need to do as a Law Firm?

📖 Read the new guidance: the SRA website link goes to the 2023 version (I believe it is something to do with needed to clear your cache), so I recommend using the Law Society of Scotland link:

https://lnkd.in/enQt8Rb6

📖 Update your Firm/Practice Wide Risk Assessment to confirm that you have read and understood the new guidance.

📖 Document in your Firm/Practice Wide Risk Assessment, any actions you are going to be taking as a result of the changes.

📖 Update your other AML policies and procedures if required – this new guidance replaces the guidance issued in 2023 and the December 2023 addendum so make sure any references to either of these documents in your AML policies and procedures are removed and replaced with the 2025 guidance.

📖 Let staff know of any changes that you make to your AML policies and procedures.

LSAG Guidance Update April 2025 in detail

Paragraph 4.2.2: Changed “25% or more” to “more than 25%”.
Paragraph 4.7: Added information about the Economic Crime Levy (ECL) registration and payment requirements for businesses with over £10.2 million in annual turnover.
Paragraph 5.1.1: Added information on supply chain risk, emphasising understanding the end-to-end activities and identifying potential risks.
Paragraph 5.6.2.1: Amended to remove reference to Schedule 3ZA and substitute the new definition of high-risk third countries (HRTCs) based on FATF lists.
Paragraph 6.14.1: Clarified that the Economic Crime and Corporate Transparency Act 2023 (ECCTA) will not affect regulation 28(9).
Paragraph 6.14.4: Amended text regarding obtaining documents to verify name, address, and date of birth.
Paragraph 6.14.10: Amended text regarding identifying and understanding the ownership and control structure of legal entities.
Paragraph 6.14.11.4: Added a new subsection on The Register of Overseas Entities.
Paragraph 6.16.2: Changed “25% or more” to “more than 25%”.
Paragraph 6.17.2.1: Removed and substituted paragraphs, and further amended one paragraph on source of funds.
Paragraph 6.19.1: Amended to reference the new definition of high-risk third countries.
Paragraphs 6.19.3.1 to 6.19.3.3: Updated links to FCA guidance on politically exposed persons (PEPs) and added text on domestic PEPs.
Paragraph 12.6: Added links to guidance on discrepancy reporting.
Paragraph 13.4.3: Removed a redundant footnote.
Paragraph 16.4: Added two defenses introduced in ECCTA.
Paragraph 16.4.4: New subsection on the de minimis exemption.
Paragraph 16.4.5: New subsection on mixed-property transactions.
Paragraph 16.7.4: Added text on jurisdictional issues.
Paragraph 16.18.1: Changed “less than 25% ownership” to “25% or less ownership”.
Paragraph 16.18.2: Changed “ownership thresholds below 25%” to “ownership thresholds to 25% or less”.

Of course, if you are an ASK TEAL member, or you are a client of ours through our SORTED programmes you will be updated and advised accordingly.

If you’d like Teal Compliance support either for an audit or to work with us as your outsourced trusted compliance partner, please do get in touch, we’d love to hear from you.

Rhiannon

LSAG GUIDANCE UPDATE April 2025 Read More »

What does beneficial ownership mean for AML compliance

What does Beneficial Ownership mean for law firm AML compliance?

Anti-Money Laundering, Audit, Blogs, Legal Compliance, Regulatory Compliance, Risk Management / Mark

Whether you’re based in the UK or Australia (where our sister firm AML Sorted is based), are a law firm whose areas of law offer corporate and commercial law, you’re going to need to know what Beneficial Ownership means.

The UK and Australian governments and regulatory bodies are pretty clued up on these risks, which is why they’ve brought in some stringent anti-money laundering (AML) regulations. Understanding beneficial ownership information is a central requirement of those regulations, and it’s critical to your firm’s AML compliance and control structures.

Understanding beneficial ownership
Definition of an individual PSC of a UK company
Definition of a beneficial owner of an overseas entity
Examples of concealing beneficial ownership
Don’t rely on the corporate veil — lift it
Challenge vague answers
Document the risk rationale
Verify control, not just ownership
Watch for layered structures
US Legislation News

Understanding beneficial ownership

When we talk about ‘beneficial ownership,’ it’s all about figuring out who really owns or controls something, whether it’s a property or a company. It’s not just about the names on the official paperwork, ie…. the ‘legal owners.’ For specialists like us at Teal Compliance, and AML Sorted, we’re like detectives, digging deeper and deeper until the ownership and control is truly transparent. In another life instead of solicitors and AML compliance experts we’d be investigative journalists!

In the world of property and conveyancing, as an example, we’ve got to identify and check who’s actually pulling the strings and getting any benefit from a property deal, even if they’re not the ones listed on the deeds. Our job in AML compliance is to support you, the law firms and the MLROs, protect your bottom line and your reputation whilst ensuring financial criminals are held to account.

Identifying beneficial owners is really important when we’re trying to stop money laundering because criminals are sneaky. They often hide their dirty money by owning entities that are set up through complicated setups like shell companies and trusts. It makes it really hard for anyone to trace where the money really came from.

In this blog, when we use the acronym PSC, this means person with significant control.

Definition of an individual PSC of a UK company

In accordance with the Economic Crime and Corporate Transparency Act: beneficial ownership (last updated on 1st March 2024) the definition of an individual PSC of a UK company comes under Schedule 1A, where it states that if an individual (“X”) meets one or more of the following conditions in relation to a company (“Y”), they must be registered as a PSC in respect of Y:

X holds, directly or indirectly, more than 25% of the shares in company Y.
X holds, directly or indirectly, more than 25% of the voting rights in company Y.
X holds the right, directly or indirectly, to appoint or remove a majority of the board of directors of company Y.
X has the right to exercise, or actually exercises, significant influence or control over company Y.
The trustees of a trust or the members of a firm that, under the law by which it is governed, is not a legal person meet any of the other specified conditions in relation to company Y, or would do so if they were individuals, and, X has the right to exercise, or actually exercises, significant influence or control over the activities of that trust or firm.
1. If you want to dig deeper into LSAG’s definition of a beneficial owner when it comes to the topic of TRUSTS, law firms should verify settlors, beneficiaries, protectors, and the assets the trust holds (not just the trustee). You can read more under LSAG Section 6.14.12.2) or of course, get in touch with us or become an ASK TEAL client.

Definition of a beneficial owner of an overseas entity

Under paragraph 6 of Schedule 2 to the Economic Crime (Transparency and Enforcement) Act 2022, a person (“X”) is a beneficial owner of an overseas entity or other legal entity (“Y”) if one or more of the following conditions are met:

X holds, directly or indirectly, more than 25% of the shares in Y.
X holds, directly or indirectly, more than 25% of the voting rights in Y.
X holds the right, directly or indirectly, to appoint or remove a majority of the board of directors of Y.
X has the right to exercise, or actually exercises, significant influence or control over Y.
The trustees of a trust, or the members of a partnership, unincorporated association or other entity, that is not a legal person under the law by which it is governed meet any of the conditions specified above in relation to Y, and, X has the right to exercise, or actually exercises, significant influence or control over the activities of that trust or entity. Note: please reference 5.a above for more information on LSAG and trusts.

Examples of concealing beneficial ownership

The National Crime Agency’s (NCA) news page is full of crimes and it’s worth having a read to keep you and your compliance officers on their toes. The agency always says to keep a look out for changes in client circumstances. Are the international sanctions’ listings checked on a daily basis? If your client is an art dealer or auction house and your diligence measures flag up questions over their source of funds on their artwork, get them to check these red flags:

Attempts to transfer artwork or cultural property ownership to a family member, close contact, business associate or other intermediary, or
Attempts to sell artwork or cultural property quickly, or move it to another jurisdiction.

Be especially vigilant when dealing with front or shell companies, or intricate corporate or trust structures that obscure the ultimate beneficial owner. While it’s tempting to prioritise well-paying, existing clients, the heightened focus on combating money laundering means your firm faces significant risk if you’re flagged for inadequate AML compliance by the SRA.

Definition of Beneficial Owners: those that might benefit from their ownership of an entity or asset (eg a company.) You will need to identify and undertake reasonable measures to verify the identity of your clients, especially when dealing with high-risk clients or transactions.

Don’t rely on the corporate veil — lift it

Always identify the natural person(s) behind any legal entities. Shell companies and complex structures can hide risk — dig and keep digging, until you find the ultimate beneficial owner (UBO), not just the named shareholders.

If you are concerned about upsetting your client, find ways of carrying out your due diligence and be specific and clear about what you need at the outset.

Why not provide a list to your client with the information you need and if they push back have the back up to explain the purpose.

You should always ask for their details – see below (where applicable) to support and evidence your AML processes and controls. The SRA and your insurer will thank you for this….

Shareholder registers
Company structure charts
Trust deeds

Challenge vague answers

Here’s an example of what your MLRO might be up against….

Client: “Oh, the company is owned by a few investors.”

Reply with… “To comply with regulations, we need to identify the individuals who ultimately own or control the company. Could you please provide a list of all shareholders with more than 25% ownership, and details about anyone who has significant control over the company’s decisions? We really want to protect your own interests and this information will support this.”

Document the risk rationale

Keep clear notes on why a client is low, medium, or high risk, especially if beneficial ownership is complex. You’ll thank yourself during audits or inspections.

Our own software, the TEAL TRACKER, supports your documentation and evidence in this regard because it includes a high-risk client register, an undertakings register, incident management tracker, file reviews and more.

Here’s the framework we are aligning ourselves to, and knowing which legislation your tracking and note taking adhere to will help you and your team.

Money Laundering Regulations 2017: These regulations are the cornerstone of AML compliance in the UK and place a legal obligation on firms to identify beneficial owners.

Economic Crime (Transparency and Enforcement) Act 2022: This Act introduced the Register of Overseas Entities, further emphasizing the importance of beneficial ownership transparency, especially in relation to UK property.

Proceeds of Crime Act 2002 (POCA): This is the legal backbone of the UK’s fight against money laundering and places stringent obligations on law firms to be vigilant, to have strong AML controls, and to report suspicious activity.

Companies Act 2006 (in particular Schedule 1A): In this act, it defines “People with Significant Control” (PSCs) for UK companies, which is closely related to the concept of beneficial ownership.

Verify control, not just ownership

Control can be exercised in various ways, and it’s important to look beyond just shared ownership.

A person can be an ultimate beneficial owner (UBO) if they exercise significant control, even if their shareholding is below 25%, for example when your client is an LLP. Check for influence via voting rights, directorships, or veto powers.

Red flags to be on high alert for include:

Nominee Directors or Shareholders: The use of nominees to hold shares or directorships.

Lack of Transparency: Reluctance to provide information or vague answers about ownership and control.

Inconsistent Information: Discrepancies between information provided by the client and information from other sources.

Why not do your research and look into their confirmation statements, do they have information on control of beneficial ownership on their websites, or are Board Minutes available to you?

Check on the Registers for Beneficial Owners website, and run a check on the background and relationships of the company’s directors and senior management.

Watch for layered structures

Multiple holding companies across jurisdictions may indicate masking of the truth! You’d want to understand the chain until you reach a human being. We appreciate that layered ownership structures can feel like untangling a particularly tricky ball of wool, but the key is to break it down step by step—each layer tells part of the story.

What would you do in the following scenarios?

Multiple Layers of Ownership where ownership is divided across several entities, often spanning different jurisdictions (e.g. Company A owns Company B, which owns Company C, and so on).
Use of Shell Companies, which are entities that exist only on paper, with no significant business activities, often used to add layers of ownership without transparency.
Circular Ownership, which occurs when entities within the structure own shares in each other, creating a loop that obscures the ultimate beneficial owner (UBO).
Offshore Jurisdictions are entities registered in jurisdictions with high levels of secrecy and minimal disclosure requirements are often included to complicate tracking.
Nominee Directors or Shareholders (as mentioned above), can be individuals or entities who are listed as directors or shareholders but act on behalf of the true owners without having actual control or interest.
Frequent Changes – watch out for regular changes in ownership, directors, or shareholders because these can make it harder to establish a clear picture of control.
Trusts and Foundations are legal arrangements that can be used to conceal the identity of the true owners by placing assets under the control of trustees or foundations.

The above structures are often red flags for money laundering, tax evasion, or other illicit activities. In these circumstances, your enhanced due diligence (EDD) measures, such as verifying the identities of beneficial owners and understanding the ownership structure, are crucial to back you and your practice up.

US Legislation News For Information

It’s worth noting that the US has also stepped up its efforts in corporate transparency, introducing new provisions that came into effect on 1st January 2024. These rules now require certain corporate entities in the States to report information about their beneficial owners.

Much like the corporate transparency legislation we’ve seen introduced in other parts of the world, including our own measures here in the UK, the overarching goal is to make it tougher for those with illicit intentions to conceal their activities behind shell companies or other murky ownership structures. The hope is that this increased transparency around who really owns and controls these entities will be a significant weapon in the ongoing fight against money laundering and the financing of terrorism.

To wrap this article up, the one thing I urge you to remember, is that it’s up to you to take reasonable measures to verify the identity of the beneficial owner.

For more information on the Register of Overseas Entities, you can click here to read more. The ROE came into force in the UK on 1 August 2022 through the new Economic Crime (Transparency and Enforcement) Act 2022.

Thanks for reading and if you have any specific questions on this subject or would like to take advantage of our ASK TEAL service, you can get in touch HERE.

Tom Hughes

Senior Associate

What does Beneficial Ownership mean for law firm AML compliance? Read More »

SARs - understanding suspicious activity with key insights and reporting tips from Teal Compliance and Amy Bell

SARs – Understanding Suspicious Activity: Key Insights and Reporting Tips

Anti-Money Laundering, Audit, Blogs, Legal Compliance, Regulatory Compliance, Risk Management / Mark

Teal Compliance explains the signs of suspicious activity in law firm compliance and risk management.

Before I kick off this blog, I’m going to remind you (or explain to you if you are new to the role of an MLRO or COLP) what suspicious activity actually means when it comes to law firm compliance and risk management.

In the context of anti-money laundering (AML) compliance, “suspicious activity” refers to behaviour, transactions, or patterns of conduct that give rise to a suspicion that money laundering or other criminal activity might be taking place.

Persons working in the regulated sector are required under part 7 of the Proceeds of Crime Act 2002 (POCA) and the Terrorism Act 2000, taking into account relevant guidance provided by your regulator, for example the SRA and the Law Society of England and Wales.

If you hold a client account, carry out work in trust and company formation, or offer conveyancing as a legal service, you are more likely to be targeted by financial criminals. Our ASK TEAL service is extremely helpful and supportive for defining suspicious activity, understanding reasonable grounds, inappropriate use, responsibilities of the MLRO / MLCO (depending on size of firm), and the process around reporting economic crime.

To get an idea of the amount of reports submitted, the UK Financial Intelligence Unit (UKFIU) receives over 460,000 SARs per year and stores them in a secure central database.

Before I crack on with more guidance and examples of suspicious activity, here’s a reminder of acronym meanings:

SOW – source of wealth
SOF – source of funds
SAR – suspicious activity report
MLRO – money laundering reporting officer
MLCO – money laundering compliance officer
AML – anti-money laundering
CDD – customer due diligence
DAML – defence against money laundering

This blog is predominantly for the legal profession and we’re kicking it off with Section 12 of The Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (Regulations), Section 12 definition.

AML Guide: Independent legal professionals/trust/company service providers

So, when we’re talking about ‘independent legal professionals’ in these regulations, what we’re really referring to is a firm or a solo lawyer, you know, someone who’s running their own show, providing legal or notarial services to other people. But, and this is important, it’s specifically when they’re involved in financial or property deals.

Think things like:

the buying and selling of real estate and property or business entities;
Management of client money, securities or assets;
the opening or management of bank, savings or securities accounts;
anything to do with setting up, running, or managing a company, when money’s involved; or
the creation, operation or management of trusts, companies, foundations or similar structures.

When you ever read someone that ‘participates’ in a transaction for these rules, what we’re talking about is if they’re helping out with the planning or actually making the transaction happen. Essentially, if they’re acting for the client in some way during the whole thing. It’s about being involved, not just watching from the sidelines.

And then, when we get to ‘trust or company service provider’ that’s a firm who’s running a business and offering these specific services to clients. Now, the key here is, it’s only when we’re actually providing these services that we fall under that definition. So, basically, if I’m providing these services:

forming a firm (The SRA’s definition – forming any entity that, whether or not a legal person, is not an individual and includes a body corporate and a partnership or other unincorporated association)
acting, or arranging for another person to act
- as a director or secretary of a company
- as a partner of a partnership; or
- in a similar capacity in relation to other legal persons;
providing a registered office, business address, correspondence or administrative address or other related services for a company, partnership or any other legal person or legal arrangement;
acting, or arranging for another person to act,
- as a trustee of an express trust or similar legal arrangement;
- or a nominee shareholder for a person other than a company whose securities are listed on a regulated market.

Here’s Section 12’s specifics from source READ HERE.

What is the Definition of Suspicious Activity?

So, what exactly counts as ‘suspicion’ in our line of work?

Well, it’s a lower hurdle than you might think. In the case of R v Da Silva the present standard is set. Lord Justice Longmore said,

“So, probably, ‘knowing’ will not arise and what will arise instead is ‘suspecting’, which is a very different state of mind to knowing. To suspect something, you have a state of mind that is well short of knowing that the matter that you suspect is true. It is an ordinary English word. Members of the jury, if the Crown can show that the defendant said to herself, ‘I suspect that this money is the proceeds of criminal conduct, but it may be, on the other hand, that it is not’, that would fall within the definition of ‘suspicion’. The dictionary definition, which I direct you is relevant to the meaning of the word, is this. The dictionary definition of ‘suspicion’: ‘an act of suspecting, the imagining of something without evidence or on slender evidence, inkling, mistrust’. Therefore, any inkling or fleeting thought that the money being paid into her account 9950 might be the proceeds of criminal conduct will suffice for the offence against her to be proved.”

Essentially, if there’s a possibility, beyond just a far-fetched one, that something’s amiss, you’ve got a reportable suspicion. Of course, a simple ‘gut feeling’ isn’t enough, but if you’re thinking ‘there’s a chance this isn’t right,’ it’s time to take action.

I’m often asked about examples and how far back in the SOF you should be looking at suspicious activity work or actions. The answer is…it depends…because no two clients are the same and no two matters are the same. I’d start by some training on this to begin with, and thereafter have a clear protocol in your policies for firmwide use and follow with proactive controls. Better safe than sorry right?

Suspicious activity may include:

Unusual or inexplicable transactions: Let’s say you’re a conveyancer and your client has passed on admin and payments to a proxy third party. Why? Maybe the purchase price is much higher than current market value. Is your retainer set out £1,000 but they are insistent they’d like to be retained at £10,000? There are a variety of red flags to watch out for here.

Inconsistent behaviour: We would urge you to be on high alert for inconsistent purchaser behaviour in conveyancing or commercial entities. Are they changing key details, are they hard to get hold of, putting off replying to urgent requests? Time to investigate them further!

Deceptive and secretive clients: Got a client that seems evasive? Is the client avoiding questions? Is the client providing incomplete or false information? Why did the client choose your firm?

Exploitation of professional services: You will have been hiding under a rock if you don’t realise that financial criminals target us in the legal services to hide the origins of their illicit funds, i.e. dirty cash. Remember this case of a well paying and long standing corporate client who manipulated their instructing firm and chugged £4.1m through the client account for use of a banking account? The firm was fined £36k by the SRA. Legal Futures article can be read HERE.

A suspicion does not require certainty or concrete proof of money laundering. Instead, it arises when, based on the available information you have, a reasonable person concludes that there is something unusual warranting further investigation.

You’ll no doubt have read the latest cases for firms being fined for breaching AML conditions, like the firm where two partners were fined £50k for offering a banking facility to their wealthy client. In 2023 – 2024 alone, the SRA “submitted 23 SARs, performed 237 proactive inspections, and 258 desk-based reviews, and brought enforcement action against a combined total of 78 firms and individuals.”

This is Teal’s original blog, which has more information to delve into: “AML Definition of Suspicion”

Please note that failure to file a SAR after suspicion is raised is an offence under UK law. You can read the full Law Society guidance HERE.

Key Indicators of Suspicious Activity

The following are some classic examples of what to look out for in terms of red flags.

Unusual Transactions

Large, unexpected deposits with no clear explanation.
Multiple small transactions that together exceed a threshold.
Use of complex legal structures (e.g., trusts, offshore companies) without clear rationale.

Client Behaviour

Reluctance to provide identification or supporting documentation.
Insistence on confidentiality without clear reason.
Clients seeking to use cash for large transactions.

High-Risk Jurisdictions

Funds originating from or being sent to high-risk jurisdictions (e.g., countries known for corruption or weak AML controls)
Keep your “Black and grey” lists pinned to your desktop for continued updates.

Conveyancing and Real Estate

Over or under valuation of property compared to market norms.
Use of funds from unverified sources, particularly cash deposits.

Obligations for Law Firms

Under the AML regime, solicitors and law firms must:

Conduct Customer Due Diligence (CDD): Verify the client’s identity and the source of funds.
Monitor Transactions: Look for unusual patterns or behaviours.
Report Suspicious Activity: File a Suspicious Activity Report (SAR) to the UK Financial Intelligence Unit (FIU) within the National Crime Agency (NCA) if suspicious activity is identified.

Scenarios of Suspicious Activity

Here are some examples that will give you some insights into what and how organised crime can work:

Scenario 1: High-Value Cash Deposit for a Property

A solicitor is instructed by a new client to assist in purchasing a property worth £1.5 million. The client insists on paying £1 million in cash and provides vague explanations for the source of funds. Despite requests for supporting documentation, the client refuses to provide details.

Red Flags: Large cash payment, lack of source-of-funds evidence, and unwillingness to cooperate.

Action: The solicitor would usually file an internal suspicious activity report to their MLRO and then it is the responsibility of the MLRO to decide whether a SAR needs to be made to the NCA.

Scenario 2: Use of Offshore Companies

A client establishes an offshore company and instructs a solicitor to assist with purchasing several properties. The company is registered in a jurisdiction with weak AML controls, and the client is vague about the ultimate beneficial owner (UBO).

Red Flags: Complex structures without legitimate purpose, high-risk jurisdiction, and lack of transparency regarding UBOs.

Action: The solicitor must conduct enhanced due diligence (EDD), request documentation to identify the UBO, and must speak to their MLRO, and then file a SAR if suspicions persist.

Scenario 3: Unusually Structured Payments

Corporate client instructs a law firm to hold funds in a client account as part of a commercial transaction. The funds are received in multiple instalments from unrelated third parties, and the client can’t provide a satisfactory explanation.

Red Flags: Multiple third-party payments, no legitimate business explanation.

Action: Conduct CDD on all parties involved, report to their MLRO, and refuse to proceed if concerns remain, and consider filing a SAR.

Scenario 4: Evasive Client Behaviour

A client seeks advice on setting up a trust but is reluctant to disclose the purpose or the source of the funds. The client requests frequent meetings but provides contradictory information about their income and assets.

Red Flags: Lack of transparency, contradictory information, and attempts to obscure the trust’s purpose.

Action: Ask further questions, verify the information provided, and if suspicions persist, file a SAR.

ALWAYS report suspicious activity to your MLRO come what may.

What triggers a suspicious activity report (SAR) in the UK?

Here’s the deal. There are these laws we have to follow, right? Part 7 of the Proceeds of Crime Act (POCA) and the Terrorism Act. Basically, if you’re working in a regulated field – and that’s us – you have to file a Suspicious Activity Report if you have a sniff that someone’s trying to launder money, evade tax or fund terrorism.

If you, as a law firm, suspects that a client’s SOW or SOF is suspicious, you have to:

Conduct further inquiries to clarify the situation.
Document all findings and decisions.
Consider whether to file a Suspicious Activity Report (SAR).

Reporting Suspicious Activity (SAR)

The above triggers would mean then that you, as an MLRO, or compliance officer, overseeing compliance in your firm should report suspicions straight away to the NCA and SRA (if regulated by the SRA) as follows.

National Crime Agency (NCA):

Yes, as a law firm, you are legally required to report suspicious activity to the NCA via a SAR. The NCA has made this easy to do, as they have a secure SAR portal that you can submit a Suspicious Activity Report.

It shouldn’t surprise you that the SAR portal is SECURE.

Solicitors Regulation Authority (SRA):

While a legal practice has to primarily report suspicious activity to the NCA, it also has obligations to the SRA. Doesn’t everything?!

If the suspicious activity involves a breach of SRA rules or raises concerns about the firm’s compliance, they must report this to the SRA.

Aligning to the SRA’s guidance, you’ve got to report all serious breaches of the money laundering regulations to them. Schedule 4 (12) of the regulations state that supervisors have to collect all information regarding the number of contraventions of these Regulations committed by supervised persons.

A reminder of what constitutes as a Serious Beach

serious or persistent compliance failures involving safeguards designed to prevent money laundering
clear risks of money-laundering activity taking place, or
where there has been potential loss or harm to businesses or individuals.

ASK TEAL is the perfect support solution and service for you, where our compliance consultants and associates are on hand to guide you through your query. Please find out more HERE.

The SRA has its ETHICS HELPLINE to help if unsure: 0370 606 2577

Amy's Reminders and Key Takeaways

Further to the Law Society Risk & Compliance Conference 2025, there is a clear requirement for law firms to conduct better and more robust AML protocols. Don’t rely on a template and not tailor it to your clients and areas of work.

Always conduct thorough CDD and escalate to EDD where necessary.

Please be vigilant about client behaviour, source of funds, and high-risk jurisdictions.

Report suspicions promptly through a SAR, even if it means delaying or refusing a transaction. It’s just not worth the risk.

If there’s one thing I’ve learned in my years working with law and AML, it’s this: meticulous record-keeping is your ultimate defence when demonstrating compliance.

Suspicious Activity Resources Reminder

Proceeds of Crime Act 2002: The primary legislation governing SARs together with the Terrorism Act 2000 (TACT).
Money Laundering Regulations 2017: Sets out AML obligations for law firms. These regs were amended with:
- the Money Laundering and Terrorist Financing (Amendment) Regulations 2019 which came into force on 10 January 2020. This implemented broad changes to the regulations.
- the Money Laundering and Terrorist Financing (Amendment) (EU Exit) Regulations 2020 made narrow changes mainly to the requirements around trust registration.

When we draft Firm Wide Risk Assessments for clients we also refer to the 2023 amendments which you can read HERE. This amendment was made so that domestic PEPs are treated as lower risk than overseas PEPs, although to be clear, EDD does need to be applied in both instances.

SRA Anti-Money Laundering Guidance: Provides detailed guidance on AML compliance.
NCA SAR Portal: The online platform for filing SARs.

Thanks for reading, and please get in touch with any questions, you know I’m always happy to help.

Amy (with a big dollop of help from Rhiannon!)

SARs – Understanding Suspicious Activity: Key Insights and Reporting Tips Read More »

Open Banking Landscape for Law Firms in 2025

Anti-Money Laundering, Blogs, Legal Compliance, Risk Management / Mark

Head of Legal at Armalytix, Tom Lyes, joined Amy Bell for a Coffee Conversation to discuss what the Open Banking landscape for Lawyers looks like in 2025.

The following is an abridged version of the webinar and I am jumping to the questions that came at the end of the webinar to start off this blog as they will set the pace for the rest of it!

In the webinar, Tom discussed:

Where are we now with Open Banking?
What’s next?
How the cases for lawyers are maturing beyond resi property into new disciplines such as Family Law and Commercial
How Armalytix has evolved by delivering the same output to a lawyer irrespective as to whether a client can use Open Banking or not
Open Banking in other jurisdictions

I was thrilled that Tom joined me in the conversation of open banking because I am an advocate for leveraging technology in law firms. I’ve known Tom for ages and value his insights and experience and this blog gleans information and guidance from our Coffee Conversation held on 20 March 2025.

At its core, open banking is all about making it easier and safer for businesses to connect directly with banks. Think of it as a way to share financial data and access bank services, like setting up payments, without all the usual hassle. The whole idea is to make things more transparent and generally simpler for businesses, and their clients / customers.

The back story is that open banking came about when Europe brought in the law called PSD2 back in 2018. The aim was basically three things:

to give people more control and understanding of their finances;
to offer more payment options; and
to boost competition and innovation, which ultimately leads to a better experience for everyone.

When we talk about law, finance, regulations, risk management and couple them with innovation that’s when we really shake things up in the legal sector. For Armalytix, it means they can set up lawyer payments using what they call a ‘straight-through’ process. Which means payments can go directly from A to B, with way less paperwork and faff. It’s making things much smoother, and honestly, it’s about giving clients back time they more often than not, don’t have much of.

You can catch up on the full recording HERE.

As always, the questions came in fast and furious at the end of the webinar, and I wanted to start with a couple of topics that were pertinent to the whole conversation and are trending too; AI and Training being the two most stand out.

I’ve literally been asked about AI policies so many times for law firm compliance in conjunction with regulations. The question of what AI processes Armalytix use was always going to come up. As I am in the midst of drafting AI policies I was also intrigued as to what Tom and his team were doing on this subject.

Question: What function does AI have in Armalytix technology, and how does the law firm and their client gain confidence that the AI is not “imagining” experimental data?

Tom’s response: Most of our open banking journeys don’t really use AI. AI is probably used in our statement scanning, in that we’ve taught the machine to be able to recognize a bank statement from a bank. This means we can recognize that it’s a (for example) Monzo bank statement. We ask it if we can recognize if the documentation is a Nationwide bank statement. That’s where AI comes in.

One of the questions that we get asked is around obvious use cases that we see in the legal sector around AI, being the summarising of information. We could, in theory, run these reports and start to teach AI to provide written summaries of those. Further to Teal’s innovation day and conversations around AI last year however, clients and our wider audience seemed really nervous about that the summarisation aspect. In particular, from an AML point of view, the response to our summarisation proposal was the worry that AI would read the summary but not look at the underpinning data.

Broadly speaking, and from the feedback Teal received, as yet, we haven’t pursued anything further on this front, although I think over a period of time, AI and people’s perceptions will change as they become more comfortable with AI summarisations of large amounts of information.

On this topic, it led me to another question. As an auditor and adviser to law firms, I find myself talking to clients about the software they bring in to assist with their AML and also for use cases. One of Teal’s leading questions for clients implementing software seems simple, do you know how it works? I always ask who trains who in the firm and does it come from the source?
I put this question to Tom.

Question: What are the key things that you would say a user needs to make sure they’ve done with training in this regard, and would they know how to explain it, say, if I came knocking at their door as an auditor?

Tom’s response: We would break the onboarding project into two parts.

If you’re going to bring any technology or process into a firm, you’ve got to align that with what you’re telling your clients, and you also have to align that internally so people know why.

I can see that the best run projects are where the people leading the projects can clearly explain to people internally, “why are we doing this”? It might only be two or three key points, but people just need to understand that. Get your team to come on the journey with you

The second part is around training. Lawyers get reports, but they don’t necessarily understand how to interpret that data, so the need for training is key. I always say that the focus of the training is on what the report is telling you at a high level.

Question: What do you define as risky in a firm wide risk assessment?

Tom’s Response: We have something called our Risk Insight, which is unique to each firm, i.e., not from our analytics. We give people the ability to build those insights within our environment, so that when someone reviews a report, they’re effectively reviewing something initially that says these are the risks in our practice that they deem risky.

Tailored risk insights help a firm to get a flavour as to what they are going into before they are thrown into the analytics. For example, overseas money coming into client account on a residential property transaction.

From going into firms to audit my associates and I see instances where training can decrease its efficiency. By this I mean that sometimes we see firms who rely on their own staff to train new colleagues coming into the firm. Training from the source should be for everyone. We ask our clients if everyone in the firm has received the same level of training as the people who initially received it?

Armalytix runs its Analytics 101, which is a bi-weekly session where firms who have new users are invited to bring those new users along. It’s an open training session. All new users can find out exactly how the reporting side of things work, and with bigger firms, we do a slightly more nuanced and customised version of that as well.

Essentially training is absolutely crucial, because if you’re a team that’s responsible for delivery of a project, it’s probably going to fall back on you if the training has become diluted.

Whenever a firm brings in new technology, there are always going to be teething issues but technology evolves too. So, the challenges come in a two-pronged process that requires consistent decisions around training and investing highly in that.

That’s not to say everybody’s appetite for risk is the same, but from my experience, if you give structure and consistency your risk is less.

Tom spoke about monitoring and in particular, the AML world – what does it look like from his perspective in terms of end client support requests? He said that if he could see a firm that was onboarded recently as a client of Armalytix, they have a barometer on what the monitoring should look like.

We went onto speak about evolving products for open banking, AML and risk management. Simply put, we all need refresher courses from time to time, including new features as an example. But also, and this goes for any software, what I see is firms expecting their current users to train any new colleagues coming in, as if by osmosis. I mentioned this above I know, but it is a real issue Teal is seeing. What if I come in to audit and ask you or your colleagues to explain to me how a search works in an audit? And what does the audit check? I might ask how they know what to do with the results of the search? I could go on, but it highlights to me that all training ideally for risk management, should always come straight from the source, and by the provider.

Question: How long does Armalytix store data? Is it stored outside the UK? Is it done via an app? And if so, do clients need to keep the app on their phone?

Tom’s response: No, it’s not an app, we are web based, which means that clients can do the journey on a desktop and on their mobile (and it’s fully mobile compatible). From a data storage point of view, we store it for what we’re legally asked to store it for in terms of number of years, because it’s our journey and different to the law firm, as the end client is our end client. When the client comes into our analytics, they have to sign up at the end of the journey, or once the firm has shared a report. They could request at any point for their data to be deleted.

In those instances, we’d naturally make sure that we would communicate with the end client’s law firm to make sure they have a copy of the report downloaded for their own purposes. We would confirm that the end client has requested directly from Armalytix to delete the data.

All the data is stored within the EU at the AWS, which is a well-versed method of data storage, using Amazon web servers.

Teal Tracker is a software service and I understand Tom’s procurement questions because as providers we have to have everything ready to go to those who might need to view it for due diligence purposes. The SRA are becoming increasingly interested in what due diligence law firms are carrying out on their suppliers too, which is why I was particularly interested to hear what Tom was saying about regulations and the differences in regulation. The notes on this are further down in the blog.

As a law firm and if you’re using a provider for open banking or another service, if you don’t know firstly, that provider’s regulatory stance, and second how many parties are involved in the delivery of that service, and you aren’t aware of their processes it can be extremely detrimental to your risk management policies.

Tom and I were agreeing that if a software a law firm uses “goes down” and you can’t get access to the data, it may not be the analytics that’s crashed, it may well be the bank (as an example). There are layers to verify and check. If the SRA comes knocking asking you if you’ve done your due diligence on your service provider, will you have the reports at hand?

From a supplier perspective, Tom said that they have a data pack that sets out 90% of what Armalytix would expect to be asked as part of a DPI. He said he would expect law firm suppliers to be proactive on this front if you asked that question. It’s a pretty good sign of what type of supplier you’re working with, if they’re proactive about covering this topic! Worth a conversation with your current supplier maybe?

Question: If we’re using open banking software, do you still recommend obtaining original ID documents? Can we just rely on the ID docs being uploaded through the checks?

Amy’s response: I think his question is probably for me. I think the question might be about ID and Verification, as in the identity of a client, which is out with your service. If you’re going to use a software provider to help with the identification verification step of your client’s due diligence and you’re only going to use that software service, it has to be in accordance with the regulations; it has to be secure from fraud and misuse.

Now, if the reality is that those systems are using a biometric check or a document verification by looking at the image of the document, combined with external data lookups then it is actually going to be much more robust of a check. It’s more effective than you eyeballing a document that you’ve been given and you don’t know if it’s a forgery or not.

Often these software solutions have multiple anti-fraud steps built in, which is, of course, why you had to get the original documents in the first place to make sure it wasn’t a fraud!

The only caveat I’d give is that some firms are still concerned about the wording in the UK Finance mortgage lenders’ handbook for conveyancers (around seeing and taking a copy of a document), which tends to infer that you’ve actually handled the original and you’ve taken a copy of it.

Open Banking and User ID and Verification

It’s all about interpretation and managing risk when it comes to the UK Finance Handbook. We are hoping that UK Finance will amend their handbook to take into account this, because that wording has been there since I’ve been a solicitor (too long to remember!).

I do know that a request has gone into UK Finance for them to review those ID requirements, which are essentially anti-fraud measures and on the fraud subject, I think it was super interesting in the webinar when Tom talked about Armalytix using it to discharge a Dreamvar fraud (if you’re not a conveyancer or into vendor fraud, Dreamvar was a small property firm who unknowingly purchased a house from a fraudster who impersonated the true owner, leading to a £1.1 million loss and legal repercussions for involved solicitors).

In the Coffee Conversation webinar, Tom referred to the process where you have to make sure you’re sending the money to a bank account properly constituted in the name of the client for the last 12 months. I was so happy to hear that he and his team do this, because a lot of people are still focused solely on the Safe Harbour Id checks that look for the biometric check of the passport, which is an anti-fraud measure. If you’re in conveyancing you’ll get this but if you’re not, Safe Harbour is a set of really solid guidelines and standards that HM Land Registry put together, based on this UK Government Good Practice Guide, GPG 45.

Areas of law and fraud opportunities

I was thinking about Tom’s comments in our online event about which departments in a law firm or service area where lawyers would be looking at bank accounts in particular for their clients. Commercial litigation and embezzlement zoned into my thoughts.

When it comes to forensic accounting and examination of this example, we often see litigators or criminal lawyers double checking when their clients are accused of money laundering. Could you imagine a time when software could be used to defend people accused of money laundering?!

When it comes to software, which departments in your law firm waste time looking at bank statements, when they could be using software instead? Software would be more accurate (humans and numbers when you’re under pressure!), and time efficiency, making the whole process more cost effective for everyone.

I did say to Tom that I did think they might have some aspects to think about when it came to white collar fraud, especially private prosecutions, because lawyers would be pouring over financial data (including the bank statements!).

Open Banking Landscape for Lawyers in 2025

Where does open banking support lawyers?

I’m going to talk a little bit about the open banking landscape for lawyers in 2025, and Amy mentioned other use cases where open banking is supporting lawyers, rather than just something that powers and supports an AML type journey.

Open banking is the technology that empowers us in law firms. For that to happen, we have to be directly regulated by the FCA. In layman’s terms it means that we directly connect into 90% of UK current accounts through the big nine banks.

We’ve really focused over the last few years on raising the bar in terms of new innovations around open banking and source of funds.

AML is broadly our background. That’s what we’re most well known for. And lots of you will know that open banking can be really supportive in a source of funds check in terms of that middle piece of understanding, does that client have the money you need to see for that transaction and analysing the data that’s contained within.

Through open banking, you can get a set amount of data, whether that be 3, 6, 12 months or even longer on some higher risk matters. What open banking is able to do is analyse the data on cash, incoming transactions, and outgoing transactions.

We try to really focus on how we can do a better job at collecting as much as we can from the end client in that initial data grab. We’re one of the first providers to get access to Metro, and also for the Co-op which is now live, which is something we are proud of.

There are now 11.7 million active users of open banking enabled products in the UK that would cover use cases like ours, where we’re doing a one off to go get some information. If you think about how you might make a payment to an account number and sort code on your mobile (where you set someone up as a payee) open banking can speed up that, and there are businesses that have started to use that technology to really harmonise payments’ process.

When we looked at AML affordability investigation, or whatever you’re using open banking for, there are some key principles to get early client adoption from.

How to get law firm clients to come on board with open banking?

My first piece of advice would be to brace enough to TELL your clients, not ask them.

You’re the lawyer, you’re in control of the process, not your client. So, I’d say you have to be brave enough to tell your clients where vulnerabilities might come in.

If you have vulnerable clients or clients with no capacity then you require a Plan B.

I would say however, if you can get that message clear about you controlling the process and focusing on vulnerabilities, as well as understanding your client demographic, you should be looking to achieve an 80% to 90% success rate of sign-ups. I always say to law firms that if they can get their clients to understand the why, what’s the use case, why they have to do what you’re asking of them, when’s it going to happen, what it looks like, etc., they are more likely to understand the process and adopt the on boarding process of open banking with you.

New law firm client security questions

Security around finances and software are important to all of us.

For example, you might want to talk about security to your clients and how moving from manual to digital is safer. You might say that previously they would have emailed you their bank statements. It’s not particularly secure or safe for them or you as a firm. By giving your client an effective secure framework understanding, will mean they will be more likely to agree to open banking.

Law Firm Training for AML and Client Buy In

It’s no good adopting new technology into a firm if your staff don’t know how it works, and more importantly understand what the data is telling them.

When we work with firms who have centralised teams, we actually focus a bit more there on the “how things work” training angle, showing them what the user journey looks like, and what are some of the core messages around that?

If I was training a group of lawyers who would just purely be reviewing the reports, I would focus on reading the data and understanding what it is telling them.

Our feedback that we receive from leadership levels is about our articulated creation and of the consistency and process that we deliver. MLROs I speak to who will be at the top of the top of the chain for any queries, and will often say that when they get a report now, they’re broadly able to answer it much faster because it comes to them in a consistent format.

Come what may, I think it’s important to choose a provider that is FCA regulated, and who can handle any of the support queries generated. We focus all that on live chat.

What's next in the open banking world?

Many of you may have heard about “open finance” because the subject has been around for some while now. The term broadly represents an evolution of open banking beyond traditional banking to gather financial data.

The progression of open finance in the UK is linked closely to legislative development called the Data (Use and Access) Bill READ HERE) which is at the House of Lords stage and galloping towards Royal Assent at a fast pace (as at 1 April 2025).

This bill covers an awful lot of things around the ecosystem of financial data, and hopefully, what we in the professional services’ sector are hoping for here is that it creates structure and a framework as to what the future of open finance may look like.

Bear in mind, even when the bill becomes an act, changes won’t be immediate. Open finance is also a big cost for businesses to open up their API infrastructures without necessarily a reward, so although open finance is exciting in general for progress, just don’t expect anything too quickly.

We are also starting to see people grasp that open banking can be used for better verification of data. Many of our clients put their clients through an open banking journey with us, and therefore when it comes to 12 months of bank statement checks in a conveyancing matter for example, we can immediately report to our client as to whether their client’s bank account has actually been open for 12 months, as well as who the account owner is and what type of account it is.

What about those who can't or won't use open banking?

Good looks like 80% to 90% of those able to use open banking, but what about those people who fall out of that in all of the use cases?

We understand that not all clients can connect via open banking, and when they don’t, people are left dealing with a manual process which leads to delays in accuracies, more admin and less time for the good stuff. Earlier this year, we began embarking on our process of rolling out statement scanning, which is used as a combination of OCR and AI, but is generally used to support cases where open banking doesn’t work.

Family Law and Open Banking

Armalytix does a lot of work in the accountancy sector, especially working with insolvency practices. There’s a real clear use case here where in insolvency, the bank accounts may have been frozen, therefore they can’t be used through open banking. An insolvency practice will have those physical statements needed for some analysis, and the easiest way for them to do that is uploading them in the residential property world, you’re probably looking at things like gift donors, and vulnerable clients here.

Certainly, the technology is used more broadly in accounting than it is legal. But our main focus in the legal sector at present is in the family law space.

When asked about GDPR when requesting bank statements from the other side, it’s worth remembering that you, as the family lawyer, become the data controller, and as a data controller, you have a right to appoint a sub processor, and that agreement has to naturally cover that.

What jurisdictions are open banking processes in?

One of the questions I get frequently asked is open banking and jurisdictions other than the UK, and this is very appropriate as Amy is currently sat in the middle of Sydney, Australia!

As a provider, we currently only connect into UK bank accounts. There’s a number of reasons behind this, but if I start with Europe and post-Brexit, it has become more difficult for UK companies to obtain open banking licences, because of regulations and legal changes, such as having to have a presence in Europe etc. Unless you have a big European client base, the overall demand is pretty low (from our client base), so we never really pressed on with moving over jurisdictions.

If we start going a bit further afield, the jurisdictions that you might love us to give you some analysis on but probably never will be able to because they won’t open their doors to open banking are countries like China and Dubai, and I don’t anticipate them onboarding this process any time soon.

Outside the EU, two major jurisdictions that have opted for a regulatory-driven approach when it comes to open banking are Hong Kong and Australia. Australia’s open banking initiative, known as the Consumer Data Right (CDR), focuses on data sharing and consumer control.

I’m really keen to see how Australia handles the prescriptive side of Source of Funds (SOF) requirements. I’m sure Amy will keep us updated on the work she and AML Sorted are doing there. What’s fascinating about Australia, compared to the UK or Europe, is their banking landscape. It’s more consolidated, with their four major banks all mandated to implement these standards. Plus, even the smaller banks have followed suit, and they had some of the necessary infrastructure already in place. It’s quite different from the US, which is far more complex due to the sheer number of banks.

This link is totally independent to the work we do but it’s handy for a global look at which countries use open banking. https://www.openbankingmap.com/

What areas of law does open banking support?

Instead of tackling one problem at a time, firms are now using Open Banking to significantly reduce the time spent on bank statement analysis across multiple departments. By focusing on individual areas, they can achieve quicker and more impactful results.

What we are seeing more of are firms who offer:

Family and Divorce law
Conveyancing
Probate and Estate Administration
Commercial Litigation
Insolvency and Bankruptcy
Criminal Law (Financial Crime)

You can watch the full recording HERE.

Armalytix is an FCA regulated entity that works with Lawyers and Accountants to help them understand their clients’ finances.

Catch Up! You can watch all of Teal Compliance’s previous legal webinars here.

CLICK HERE TO WATCH

This link is totally independent to the work we do but it’s handy for a global look at which countries use open banking. https://www.openbankingmap.com/

Need Support or Advice?

If you would like to get hold of Tom, please email him directly: tom@armalytix.com, and if you have any questions of me or my associates, just drop me a line. My door is always open!

GET IN TOUCH HERE.

You're not alone, Teal Compliance is your partner in compliance and risk management support.

Start with your legal compliance audit
Anti-money laundering | Data Protection | Regulatory Compliance

Click Here

Open Banking Landscape for Law Firms in 2025 Read More »

Mark

What is the New Failure to Prevent Fraud Offence?

The Defence of "Reasonable Procedures"

Why This Matters for All Law Firms (and their Clients)

Preparing for September 2025

Amy Bell and Jane Gilchrist

FRAMEWORK of Coaching

Are we helping our managers to manage people properly in the legal profession?

Definition of what a Leadership Role is

Do you influence a healthy workplace environment?

Law Firms and the Hierarchical Politics

Do your firm’s core values align to your actual way of working?

How Teal Compliance Recruits

Tips for AML and People Management

How good are you at receiving feedback?

Top Tips for Compliance and Psychological Safety

Remote Working and People Management

Amy Bell: Anxiety and Solutions

Getting Managers Aligned with the Right Coaching Skills

Are you a Micromanager?

About Jane Gilchrist

Amy Bell in Childhood

Amy Bell as a Fee Earner in a Law Firm

The Realisation

What “Broken” looks like

From Fee Earning to a Love of Compliance

The Legal Profession and Mental Health

Money Laundering’s Slow Burn

Law Firm AML Complacency, Culture and Drift

Regulatory Guidance and Enforcement

Time to Jump out of the Boiling Pot?

Make it Safe to Talk - Risk Management Tip No. 1

Promote Practical Wellbeing Strategies for High-Pressure Tasks - Risk Management Tip No. 2

Lead by Example - Risk Management Tip No. 3

Empower with Knowledge - Risk Management Tip No. 4

Regulation 21 and Independent Audits

Introduction to Ongoing Monitoring

Defining Ongoing Monitoring

SRA Guidance on Ongoing Monitoring

Challenges in implementing ongoing monitoring

Three point ongoing monitoring guidance

Beginning stage: file opening

Middle stage – review of CDD documents

End stage – last minute changes

Practical Guidance on Risk Assessment Frequency

Challenges in Implementing Ongoing Monitoring

What has been updated in the LSAG Guidance?

What do you need to do as a Law Firm?

LSAG Guidance Update April 2025 in detail

Contents

Understanding beneficial ownership

Definition of an individual PSC of a UK company

Definition of a beneficial owner of an overseas entity

Examples of concealing beneficial ownership

Don’t rely on the corporate veil — lift it

Challenge vague answers

Document the risk rationale

Verify control, not just ownership

Watch for layered structures

US Legislation News For Information

AML Guide: Independent legal professionals/trust/company service providers

What is the Definition of Suspicious Activity?

Suspicious activity may include:

Key Indicators of Suspicious Activity

Unusual Transactions

Client Behaviour

High-Risk Jurisdictions

Conveyancing and Real Estate

Obligations for Law Firms

Scenarios of Suspicious Activity

Scenario 1: High-Value Cash Deposit for a Property

Scenario 2: Use of Offshore Companies

Scenario 3: Unusually Structured Payments

Scenario 4: Evasive Client Behaviour

What triggers a suspicious activity report (SAR) in the UK?

Reporting Suspicious Activity (SAR)

National Crime Agency (NCA):

Solicitors Regulation Authority (SRA):

Amy's Reminders and Key Takeaways

Suspicious Activity Resources Reminder