On May 12, 2025, Teal Compliance’s founder, Amy Bell, hosted a comprehensive webinar for Lockton’s clients, offering a crucial update on the ever-evolving world of compliance for UK law firms. This session was a treasure trove of insights, delving into everything from Companies House reforms and client matter risk assessments to the new fraud offence and the latest LSAG changes.
For compliance officers, MLROs, and MLCOs, staying ahead of these regulatory changes is paramount. This blog post distils the key takeaways, illuminating the critical areas you need to focus on to protect your firm and maintain a robust compliance culture.
Companies House Reforms: Driving Data Accuracy
Amy kicked off the session by revisiting the Economic Crime and Corporate Transparency Act. A long-standing concern has been the lack of validation for information filed with Companies House, making it difficult to rely on the PSC (Persons with Significant Control) register. Criminals, as we know, exploit this by creating shell companies.
The solution? The introduction of the Authorised Corporate Service Provider (ACSP) concept. Law firms can become ACSPs, filing on behalf of clients and, crucially, verifying their identity. This offers Companies House a level of assurance about the accuracy of the data.
Key Takeaway: While your AML checks will largely get you there, be aware that the ACSP verification standard is “to verify” rather than “take all reasonable steps,” meaning it’s a slightly tougher bar. The Law Society has not yet issued a similar caution as they did for the Register of Overseas Entities. For ongoing updates, Amy recommends following David Winch, an AML advisor in the accountancy world, on LinkedIn.
Mastering Client Matter Risk Assessments (CMRAs): Beyond the Tick Box
Client Matter Risk Assessments are a cornerstone of AML compliance for transactional matters, as required by Regulation 28(12)(a)(ii). The SRA previously issued a warning notice and a template, but Amy highlighted common struggles with its implementation.
“What we need to avoid is some sort of process where people just tick No, no, no, no, no or yes, yes, yes, yes, yes, without really engaging with the questions.”
Amy argued that overly long or granular templates (like the SRA’s seven-page document, which includes questions on niche areas like proliferation financing) can lead to frustration and, paradoxically, non-compliance.
Practical Takeaways:
- Split the Form: Break down long forms into smaller, digestible sections.
- Anchor Points: Revisit the risk assessment after key information comes in, like source of funds/wealth, not just at the outset.
- Show Your Working: Encourage lawyers to provide reasoning for their risk assessments, especially when a matter isn’t flagged as high risk but might be expected to be. As Amy puts it, “You get points for showing you’re working out for climate risk assessment. It’s the same concept.”
- Prompts, Not Just Questions: Use explanatory notes and training to guide lawyers on the significance of risk factors, rather than trying to cram every permutation into the form itself. This allows for “just-in-time learning.”
- Monitor and Review: If you change your CMRA process, “If you change it, train it.” And critically, regularly review a sample of completed assessments to ensure the new process is working as intended. “You definitely don’t want us to be the first people to find it.”
Fraud on the Horizon: New Corporate Offence & Sham Litigation
Failure to Prevent Fraud
From September 1st, the new corporate offence of Failure to Prevent Fraud takes effect. This is the third in a trilogy (following bribery and tax evasion) where a business can commit an offence if someone associated with it commits fraud, unless the business has “proportionate risk-based procedures” to prevent it.
Who’s Affected? This applies to larger firms meeting two of three criteria: more than 250 staff, over £36 million turnover, or over £18 million in assets. Amy warned that firms acquiring other businesses can quickly reach these turnover figures.
Defence: A defence is available if firms have proportionate fraud prevention procedures, covering policy, risk assessment, training, due diligence, and regular monitoring. While cyber and client fraud are often top of mind, Amy stressed the importance of internal fraud risk.
“The one area where I think, on reflection my time in practice, and what I know of my client is that these internal staff frauds, a lot of people think will never happen to them… those procedures are absolutely in the policies, but they’re not being followed, and nobody’s checking that they’re being followed.”
Broader Impact: Even smaller firms not directly caught by this offence should pay attention. The SRA’s regulatory objective has expanded to include a wider definition of economic crime, encompassing fraud. Amy predicts: “I wouldn’t be surprised if all firms will be expected to review their firm and think about fraud exposure and start to put policies and procedures in place.”
Sham Litigation Guidance
Amy also discussed new guidance on Sham Litigation, where criminals abuse the court system to launder money, often leveraging a court order to legitimise funds.
Red Flags to Watch For:
- Unusual clients with “information overload” who seem to know what due diligence you need before you ask.
- Clients instructing firms far from their home address or the defendant’s address.
- Suspicious referral sources (“that firm hates us”).
- Unusual payment preferences or urgency in settlement.
- Clients chasing very old, previously unpursued debt.
- Unreliable appointment attendance (clients not showing interest in their own litigation).
Action for Firms: Ensure your litigation colleagues, who often have a “lighter touch” AML training, are aware of this specific risk.
Sanctions & Data Protection: Staying Vigilant
Sanctions Guidance
The SRA has issued its third version of sanctions guidance. Key points include:
- Re-screening: The guidance now explicitly states that firms “should consider doing a recheck of all clients and related parties… should sanctions change.” This is a significant operational task for many.
- Strict Liability: Breaching sanctions is a strict liability offence. While attempts to avoid breaching are considered for fines, there’s no “reasonable steps” defence like in AML.
- Herbert Smith Freehills Fine: A recent £465,000 fine for six payments out of its Moscow office in breach of sanctions underscores the SRA’s willingness to take action.
Firm Action: Even if you perceive your sanctions risk as low, you should capture this in your firm-wide risk assessment. Amy noted the absence of a “sanctions compliance regime” similar to AML, creating a unique challenge.
Data Protection: Lessons from a £60k ICO Fine
Amy shared insights from a recent ICO fine of £60,000 against DPP Law Limited, a Liverpool law firm, following a “brute force attack” on a legacy case management system. The firm took 43 days to report the breach, only discovering it when the NCA notified them their data was for sale on the dark web.
“For the grace of God, go many of us. It could happen to us.“
Lessons Learned:
- Legacy Systems: Don’t neglect the security of old or decommissioned systems.
- Reporting Procedure: Have a tried-and-tested breach reporting procedure. “You don’t want to have an ICO breach and then wonder, Who do I speak to?”
- Stress Test: Regularly stress-test your firm’s incident response plan, know who to call, how to deliver client work if systems are down, and how to contact staff.
LSAG Updates: A Deep Dive into AML Nuances
Amy provided a rapid-fire update on the latest changes to the Legal Sector Affinity Group (LSAG) guidance, often clarifying “fuzzy” areas.
Key Changes:
- UBO Definition: Changed from “25% or more” to “more than 25%”, a small but significant shift impacting who is a Beneficial Owner.
- Economic Crime Levy: New guidance on this levy, payable by large businesses (turnover exceeding £10.2 million).
- Supply Chain & High-Risk Third Countries: Incorporates existing SRA guidance on supply chain and aligns the high-risk third-country list directly with FATF (Financial Action Task Force) plenary meetings (Feb, June, Oct).
- Reliance on PSC Register: LSAG clarifies that the Economic Crime Act does not yet change the rule that you cannot solely rely on the PSC register for UBO verification.
- Verification Standards: For private individuals, you now need to verify address as well as name and date of birth (e.g., passport plus utility bill).
- Beneficial Owner Verification: The guidance clarifies that verification of beneficial owners should be to “equivalent standards” as natural persons, meaning confirming they are a real person, not just connected to the company.
- Source of Funds (SOF) & Source of Wealth (SOW): Emphasis on understanding the third party’s underlying source of wealth if they are funding the transaction, not just the client’s. LSAG also reiterates that SOF isn’t just about having the money; it’s about whether the funds might be proceeds of crime. “It may be difficult to determine the source of funds without some basic understanding of the underlying source of wealth.”
Culture, Risk, and the Regulator’s Lens: Amy’s Soapbox Moments
Amy often brought the discussion back to the underlying culture of compliance and how the SRA operates.
“I will say again, get a second opinion.”
Amy repeatedly stressed the importance of getting a second opinion if your firm receives a decision for investigation or disciplinary finding from the SRA. She noted instances where misunderstandings lead to fines, or firms accept fines as a “commercial decision” even when clear evidence on file could refute the SRA’s claim (e.g., a CMRA was done, but the form wasn’t filled in).
Professional Ethics vs. Morals: A particular “soapbox” for Amy was the “political blurring” of professional ethics and morals. She expressed concern about criticising law firms for who they choose to act for, arguing it’s “very dangerous territory to get into” for the rule of law.
“Is the tail wagging the dog? Here is the Axiom in disaster. Now, painting us all in a picture that we don’t deserve, and you’ve already done time.”
Amy challenged the narrative that solicitors cannot be trusted, citing the example of Axiom Ince being an isolated incident that shouldn’t paint the entire profession as untrustworthy.
Consistency of SRA: Simon also questioned the SRA’s consistency, citing a firm fined for “15 years of AML failures.”
“15 years! Where’s the SRA been in 15 years? Surely they’ve got to have some responsibility for that result, because they’ve not looked at the firm.”
He urged the SRA to “up their game” in communicating expectations clearly, especially given the stress placed on compliance professionals.
Culture & Technology: The discussion also touched on the dangers of over-reliance on technology (“the system says so”) without understanding how it works, the importance of knowing your software contract renewal dates (“you would not believe the amount of people… who have missed the renewal date”), and the critical role of independent AML audits, with Amy advocating for prescribed standards similar to Qatar’s regulatory approach.
Conclusion: Proactive Compliance is Your Firm’s Best Defence
Amy Bell’s webinar provided a powerful reminder that the compliance landscape is dynamic and challenging. From new corporate offences and evolving AML guidance to the critical need for robust internal controls and clear communication, law firms must remain vigilant and proactive.
A strong compliance culture isn’t just about ticking boxes; it’s about embedding ethical practice, managing risk, and maintaining client trust. For firms navigating these complexities, expert guidance is invaluable.
Feeling overwhelmed by the sheer volume of regulatory updates? Or need a practical plan to implement these changes effectively?
At Teal Compliance, we specialise in transforming complex regulatory requirements into actionable, practical solutions for UK law firms. Whether you need a comprehensive AML audit, a review of your risk assessments, bespoke training, or strategic advice on the latest SRA and LSAG updates, our team of experts is here to support you.
Contact Teal Compliance for a confidential discussion about your firm’s compliance needs – Gary Yantin will offer you peace of mind!
Invest in your firm’s compliance, build confidence, and stay ahead of the curve!
