The SRA AML data collection exercise: What is it for and what does it mean for law firms?

The Solicitors Regulation Authority (SRA) has recently launched a significant data collection exercise aimed at gathering detailed information from law firms about their anti-money laundering (AML) practices.

This initiative is part of the SRA’s ongoing efforts to strengthen its regulatory oversight and ensure that law firms are effectively managing the risks associated with money laundering and terrorism financing. The window for firms to complete the form is from 8 August to 23 September 2024.

But what exactly is this data collection exercise for, and what does it mean for your law firm? Let’s break it down.

What is the SRA trying to achieve?

The primary goal of the SRA’s data collection exercise is to enhance the regulator’s understanding of the AML risks within the legal sector. By gathering data directly from law firms, the SRA can assess how well firms are implementing AML regulations and identify any areas where further guidance or enforcement may be needed.

The data collected may also be used to:

• Monitor compliance: The SRA will analyse the responses to ensure that firms are meeting their obligations under the Money Laundering Regulations. This includes assessing whether firms have adequate risk assessments, policies, and training in place.
  
  
• Identify high-risk firms: Firms that provide certain services, such as trust and company service provision (TCSP), or those that handle large amounts of client money, may be flagged as higher risk. The SRA may use this data to prioritise inspections or to focus their regulatory efforts on these firms.
  
  
• Inform future guidance: The insights gained from this data collection may be used to update or refine the SRA’s guidance to the legal sector, ensuring that it addresses emerging risks and common compliance challenges.

In essence, this exercise is about taking the temperature of the legal profession’s AML compliance. The SRA wants to ensure that law firms are not just meeting the letter of the law but are genuinely committed to preventing financial crime.

What does this mean for your law firm?

For law firms, the SRA’s data collection exercise is more than just a regulatory requirement—it’s a wake-up call. The questions posed in the questionnaire provide a clear indication of what the SRA considers important, and firms should take note.  Here’s what your firm should consider:

Evaluate your Firm-Wide Risk Assessment

The questionnaire places significant emphasis on whether firms have a comprehensive and up-to-date firm-wide risk assessment. If your firm hasn’t revisited its risk assessment recently, now is the time. Make sure it accurately reflects the current risks your firm faces and includes considerations for newer threats like proliferation financing.

Review your AML policies and procedures

The SRA is interested in how your firm’s policies and procedures align with regulatory requirements. This is your opportunity to audit these documents, ensuring they cover all necessary areas, including simplified due diligence, reliance on third parties, and record-keeping. If there are gaps, address them before completing the questionnaire.

Enhance data collection and reporting

The questionnaire asks for detailed data, such as the percentage of high-risk clients and the largest single deposit into your client account over the past 12 months. If you struggled to find this information, consider developing better data collection and reporting systems. This not only helps with the questionnaire but also strengthens your overall compliance framework.

Prioritise employee training

The SRA is keen to know when your employees last received AML training. Ensure that all relevant staff—not just fee earners—are regularly trained and understand their role in your firm’s AML strategy. Training should be ongoing, with refresher courses provided at least annually.

Prepare for increased scrutiny

Firms that report low levels of suspicious activity, or that engage in high-risk activities like TCSP, may find themselves under increased scrutiny from the SRA. There has long been concern that firms who don’t report to the NCA may be missing red flags of Money Laundering.

Be prepared for potential follow-up questions or even inspections. Having robust documentation and a clear understanding of your firm’s AML practices will be crucial, as well as addressing your mind to why you have low numbers of SARs. This could be because you don’t proceed with anything which looks risky, it might be that your procedures discourage the criminals from instruction you, or it might be that you know your client’s well, and that there is little risk of AML. 

Reflect on the broader implications

Beyond just answering the questionnaire, law firms should reflect on what the questions indicate about the SRA’s regulatory priorities. The focus on sanctions compliance, for example, suggests that the SRA views this as a critical area of risk. If your firm hasn’t fully integrated sanctions checks into its AML procedures, now is the time to do so. There is also new guidance from the SRA on Sanctions which you should review. 

Preparing to answer the Questionnaire

Answering the SRA’s questionnaire isn’t just about compliance—it’s about demonstrating that your firm is committed to upholding the highest standards of professional conduct. To prepare:

• Gather your data: Make sure you have easy access to all the data requested in the questionnaire. This might involve running reports from your practice management system, reviewing client files, or consulting with your compliance team.
  
  
• Involve key stakeholders: Don’t complete the questionnaire in isolation. Involve your MLRO, compliance team, and senior management to ensure that all responses are accurate and reflect the firm’s current practices.
  
  
• Audit your responses: Before submitting the questionnaire, audit your responses to ensure they are accurate and consistent with your firm’s documented procedures. If there are discrepancies, address them now rather than waiting for the SRA to point them out.

The SRA’s data collection exercise is a clear signal that the regulator is ramping up its efforts to ensure compliance across the legal sector. For law firms, this is both a challenge and an opportunity. By taking the questionnaire seriously and using it as a tool to improve your AML practices, you can not only satisfy the SRA’s requirements but also strengthen your firm’s defences against financial crime.

Remember, this isn’t just about ticking boxes—it’s about demonstrating that your firm is proactive, diligent, and fully committed to compliance. 

This guest essay was written by Amy Bell, Founder at Teal Compliance.  Teal is a network of expert consultants providing risk management support & training to law firms.