Law Firm Compliance Q&A with Amy Bell

Q&A law firm compliance from 12 November 2025 update from Amy Bell

Date

Author: Amy Bell, CEO of Teal Compliance  

This session was packed with questions on law firm regulatory compliance and AML compliance insights, covering sanctions, charities, fraud, POCA, foreign funds and real world policy challenges.

Below is a detailed write up of the questions I was asked and my responses. As ever, I hope you find it useful and helpful. 

 

Contents

  • Why the FCA announcement still shaped the room
  • Sanctions checks and counterparties
  • What “good” CDD looks like for charities
  • Reasonable measures under the Failure to Prevent Fraud offence
  • PCPs, policies and version control
  • Chinese funds, foreign exchange rules and the real AML risk
  • FATF grey listing changes and what they mean
  • POCA risks when acting for regulated entities
  • Staff attestations and the behaviour drivers behind compliance
  • My Compliance That Works model
  • What is coming up next at Teal

This week’s Ask Me Anything Teal Talk

This week’s Ask Me Anything Teal Talk covered far more ground than I expected. Even though the FCA announcement landed on 21 October, it is still the first thing many firms want to talk about, so I opened with a short update and then parked the rest so we could focus on the questions people had brought with them.

As usual, the hour became a lively conversation about day to day compliance challenges and the reality of trying to run a law firm with shifting regulatory expectations. We talked sanctions, charities, fraud controls, foreign funds, PCPs, version control and human behaviour, and I answered as many questions as we could fit in.

Here goes!

Why the FCA announcement still shaped the room

Although I only touched briefly on the topic, the government decision to move AML supervision of law firms to the FCA continues to shape how firms are thinking about risk and resources. I encouraged attendees to keep an eye on consultation developments and reminded everyone to stay grounded in current rules for now. 

The important thing is not to panic. Regulation is shifting, but supervision changes take time and there will be plenty of opportunity to understand what the new expectations look like.

Sanctions checks and counterparties

One of the first questions was about other firms asking for your clients’ names, dates of birth and addresses so they can run sanctions checks on their own counterparties.

This is something firms should approach with caution.

My key points were:

  • You are not required to hand over that information.
  • If the client consents and providing it genuinely helps progress the matter, you can consider it.
  • Sharing CDD is risky. Once you start, it becomes very easy for counterparties to push for more.
  • Electronic verification reports are usually licensed only for your firm’s internal use, so sharing them often breaches contract terms.
  • Each firm is responsible for its own sanctions compliance.

The safest approach is to consider these requests case by case and always obtain explicit client consent before sharing anything.

What “good” CDD looks like for charities

A popular question was how far you need to go when dealing with a UK registered charity.

My answer was that the principles are the same as for any other entity. You need to understand the structure and identify who is in control.

My practical advice:

  • Many established charities are supervised and audited, so the risk can be low.
  • In low risk situations, simplified due diligence may be enough, provided this is justified.
  • For smaller or newly registered charities, obtaining ID for at least two trustees is sensible.
  • Always cross check through the Charity Commission register and the charity’s own website.
  • Charities can be misused for terrorist financing, so the risk assessment matters just as much as the documentation.

Reasonable measures under the Failure to Prevent Fraud offence

There were several questions about what counts as a reasonable step when preventing fraud in law firms, including whether DBS and credit checks are needed for all new staff.

My view is that screening should always be proportionate.

I explained that:

  • Focus enhanced screening on roles where fraud risk is genuinely higher, such as finance teams or anyone handling client money.
  • Credit checks can help flag financial stress, but they should never be used as a character judgment.
  • Decide ahead of time what your firm’s response will be if a check reveals something concerning.
  • Make sure supervisors can spot indicators of vulnerability. Stress, addiction, financial pressure and sudden behaviour changes can all increase risk.

The heart of this offence is about preventing harm, not creating fear, and your controls should reflect that.

PCPs, policies and version control

Someone asked whether full track changes need to be kept for policy updates.

The answer is no.

What matters is:

  • Clear version control so you can evidence which policy was in force at a particular time.
  • Usability. A huge policy document no one reads is not good compliance.
  • If you merge standalone guidance into an AML policy, make it easy to navigate.
  • A short key facts summary at the front can make a big difference.
  • Avoid adding content that you know will not be followed in practice.

Policies work best when they are simple, accurate and aligned to how people actually work.

Chinese funds, foreign exchange rules and the real AML risk

A question came in about funds from China and whether the country’s foreign exchange controls create a POCA issue.

This area has caused confusion for years, so I clarified the position.

The core points are:

  • Foreign exchange controls alone do not make the funds criminal property under UK law.
  • The real question is whether the underlying funds were the proceeds of crime.
  • Splitting transfers between relatives or using informal banking channels may create red flags, but not purely because of currency controls.
  • Your focus should always be on understanding the legitimate source of wealth.

FATF grey listing changes and what they mean

Another timely question was about the potential removal of the automatic link between FATF grey listing and high risk country treatment.

I encouraged firms to think more about real risk rather than relying on lists.

My guidance was:

  • Look at why a country is grey listed. Sometimes it is due to technical shortcomings rather than genuine laundering threats.
  • Use broader indicators like Transparency International scores, sanctions exposure and known typologies.
  • Clearly document your reasoning in case of any challenge.

A more thoughtful approach to jurisdiction risk is a positive step.

 

POCA risks when acting for regulated entities

There was also a question about whether acting for another regulated entity, such as a bank or another law firm, creates POCA risks when no funds pass through your client account.

My answer was that the risk is usually low.

I explained:

  • Regulated entities have their own oversight and controls.
  • You should still assess the transaction and the source of any funds being deployed.
  • Ordinary source of funds checks are usually enough.
  • A deeper dive is only needed if something unusual or inconsistent appears.

Staff attestations and the behaviour drivers behind compliance

 

A question came up about asking staff to sign to confirm they have read and understood policies.

My view is that this wording is not especially meaningful.

Staff saying they have read something does not guarantee that they will follow it. Staff confirming they will comply takes you much closer to the behaviour you want.

I always recommend wording that focuses on commitment to follow the policy, not just acknowledgment of receipt.

 

My Compliance That Works model

 

I ended the session with a reminder of the Compliance That Works framework that underpins how we help firms build strong and sustainable systems.

The six elements are:

  1. Clarity
  2. Capacity
  3. Communication
  4. Commitment
  5. Consistency
  6. Culture

Culture sits at the base because without leadership support and behavioural buy in, everything else collapses. I often say that training raises awareness for about five minutes before everyone goes back to sleep like a cat unless the culture supports the message.

What is coming up next at Teal

If you want to stay up to date with our compliance events, resources and guidance, keep an eye on our website and Eventbrite page where new sessions are added throughout the year.

See you soon,

Amy

Teal Compliance Services
Teal Compliance Specialisms
Teal Compliance Resources

More
articles

Testimonial from Right Legal
"We have been using Teal to support our compliance frameworks, and every aspect of our experience with them has been fantastic. From the training to the audits, and especially the ‘Ask Teal’ helpline, nothing is too much trouble, and you get quick support from some of the industry’s best compliance experts. Just having them there to support our continued growth takes a huge weight off my mind. Highly recommend to firms of all size and structure!"
Get in touch
Testimonial from Constantine Law
"We rely on Teal Compliance to provide responsive, practical compliance services to Constantine Law (we do not have an in-house compliance officer/function). I would encourage all solicitor firms without their own resource to engage with Teal: they know what they are doing and they provide peace of mind regarding day-to-day compliance matters as well as responses to unforeseen (tricky) compliance matters. They have become an indispensable partner to Constantine Law in our growth journey."
Get in touch
Testimonial from Streathers Solicitors
"We have worked with Teal for several years. They have provided us with AML training and also helped us put together our firm-wide AML risk assessment and our updated AML policy, along with assisting us with various issues as and when they arose. We have always found them to be very helpful, friendly, responsive and knowledgeable, and are happy to recommend them."
Get in touch
Testimonial from Streathers Solicitors
"We have had a relationship with Teal for a number of years and they have provided a valuable resource to our compliance team. Teal combine the delivery of a personal and friendly service with city level expertise."
Get in touch