On the horizon

The legal profession is facing a growing number of regulatory changes – from a new anti-money laundering supervisor to amended rules around complaints handling. This article explores the key developments to have on your radar for the year ahead.

The FCA as new AML supervisor

Following a consultation in 2023, the government announced on 21 October 2025 that the Financial Conduct Authority (FCA) will take over as anti-money laundering (AML) supervisor for legal, accountancy and trust and company services providers, removing this responsibility from 22 separate supervisors, including the Solicitors Regulation Authority (SRA). 

At the time of writing, there are many unknowns, including when this change will occur and how much lead-in time firms will have. To be enacted, the change requires legislation and so also needs parliamentary time. Additionally, consultations on many aspects of the change will take place, one of which already closed on 24 December – the Anti-Money Laundering/Counter Terrorist-Financing (AML/CTF) Supervision Reform: Duties, Powers, and Accountability Consultation. With so much to be determined, it’s unlikely that the switch to the FCA will happen quickly – we may be looking towards the latter half of 2027 or 2028. 

Areas to consider are:

• Will firms be subject to dual regulation and punishment, first by the FCA for AML regulation breaches and then by the SRA for breaches of the SRA Standards and Regulations?
• Will the SRA retain its relatively newly given unlimited fines for economic crimes and what will FCA fines look like?
• How will supervision by the FCA be funded and will firms have to pay another fee in addition to what’s paid to the SRA – and will the fee paid to the SRA be reduced?
• Will the FCA understand legal practice and privilege, and will it have a dedicated team supervising law firms?
• Will law firms have to follow new guidance, and if so what will this guidance look like and will the legal profession feed into it? 
• Will firms still be obliged to continue following SRA warning notices?
• Will the FCA require much more data-sharing by firms and what data will it require?

Currently, it’s hard to prepare for FCA supervision as there are too many unknowns. The best steps firms can take are to ensure that their practice-wide risk assessments and policies, controls and procedures are as robust as possible and are being followed, and if they haven’t had an independent audit in more than two years, to commission one as soon as possible.

Dentons SDT case

In March 2025, on appeal by the SRA, the High Court overturned the Solicitors Disciplinary Tribunal’s (SDT) dismissal of the allegations against law firm Dentons for alleged breaches of the money laundering regulations. The court said that the SDT had erred in determining the allegations should be dismissed because the wrongdoing did not amount to professional misconduct. The High Court held that breaches of the SRA Standards in the Principles and Code of Conduct were established once the tribunal made a finding that the legislative requirements had not been met. Additionally, although inadvertent breaches and subsequent robust policies, controls and procedures are good mitigation, they didn’t justify the SDT’s dismissal of the case – and the case was re-referred to the SDT. 

However, in September 2025 Dentons was given permission to take its case to the Court of Appeal. Although it’s not known when the appeal will be heard, it’s likely to be early in 2026. The result will be closely watched by legal professionals everywhere.

Carter-Ruck privilege battle

Law firm Carter-Ruck has hit the headlines lately for a successful application to have a SLAPPs prosecution against a partner summarily dismissed at the SDT and has also gone to battle with the SRA in the High Court, having objected to the SRA examining privileged material under section 44B of the Solicitors Act 1974 production notices. In this matter the SRA was investigating Carter-Ruck’s alleged misconduct in relation to its work for a high-profile client.  

The SRA’s position is that it is entitled to see privileged material but only for its own regulatory purposes. 

The High Court needs to decide whether the relevant legislation in the absence of express overriding of privilege does so by necessary application. If the High Court does not decide in its favour, this could seriously impede the SRA’s investigations about conduct in relation to client matters unless the client waives their privilege. A legislative change to the Solicitors Act 1974 will also be needed.

Home Office consultation: UKFIU information order powers

An issue that may have slipped under your radar is the Home Office consultation in relation to the information order powers contained in section 339ZH of the Proceeds of Crime Act 2002 and section 22B of the Terrorism Act 2000. These powers were introduced to allow the UK Forensic Intelligence Unit (UKFIU) to compel businesses in the AML regulated sector that had submitted a money laundering or terrorist financing disclosure to provide specific further information about their client. The powers were amended by the Economic Crime and Corporate Transparency Act 2023 (ECCTA) so that they could be used to compel information for analysis purposes in non-disclosure contexts.

Under the current framework, for the UKFIU to obtain an information order it must apply to the magistrates’ court. The Home Office argues that the UKFIU “has not felt able to use” the power to apply to the courts for information orders due to:

• the high volume of court applications that would be needed to meet current information demands
• the pace at which the UKFIU is expected to respond to international requests, and 
• the existing Code of Practice’s requirement to consider less intrusive means.

For these reasons – plus a lack of “expertise and resource challenges to prepare court applications” – the UKFIU considers that the current powers are not operationally practicable or sustainable. The Home Office has therefore sought views on its proposed changes to allow the UKFIU to issue such orders without judicial oversight, with an internal oversight mechanism in its place. 

Of concern is the UKFIU’s understanding of privilege and ensuring that such orders are drafted in a way that can be complied with. Orders can be appealed to the High Court by way of judicial review, which will be unpalatable for those in the legal profession, and if the proposed changes go ahead, we can expect to receive more information orders than before.

SRA consumer protection review

Readers will recall the SRA’s consultation on a wide range of topics under the banner of ‘consumer protection’ following the Axiom Ince fraud. Following their November 2024 consultation on holding client money, on 11 December 2025 the regulator set out for further consultation the specific measures it wants to take forward.

Headlines are that it’s unlikely that solicitors will be stopped from holding client monies, but proposals include that all law firm accountant’s reports will have to be submitted to the SRA in future, and if certain risk thresholds are met (£600k turnover and £500k client balance), the COLP and COFA role cannot be held by a person who can make unilateral management decisions. For sole owner-manager firms the proposal is that if the client account balance of £500k or more is held, even momentarily, a separate COFA will need to be appointed.

Potential AML regulatory changes in 2026

With the stated aim of improving their effectiveness, the UK government shared draft legislation amending the AML regulations and invited feedback by 30 September 2025. 

The proposed changes are to narrow the definition of high-risk third countries to those on the ‘Call for Action list’ set by the Financial Action Task Force (the ‘blacklist’). Therefore, if you act for a client established in one of these countries you must undertake specific enhanced due diligence (EDD). If this change is made, then if your client is established in the ‘Jurisdictions under Increased Monitoring’ list (the ‘grey list’), you don’t need to undertake specific EDD as set out in the regulations. However, firms must still consider the jurisdiction a client is established in, and so this change won’t greatly lessen the burden. (As a reminder, countries on the blacklist are Iran, Myanmar and the Democratic People’s Republic of Korea.)

A further proposed change is to apply EDD on transactions that are “unusually complex or unusually large” instead of “complex or unusually large”. Again, this isn’t much of a shift, especially as complexity is most likely viewed in the context of practice, and only unusually complex transactions would be deemed higher risk. 

Yet another proposal is a requirement on banks to take reasonable measures to understand the purpose of pooled client accounts and assess their risk and, if needed, put in place controls to manage this risk. To enable this, holders of pooled client accounts must, on request, provide the bank with information about the identity of persons whose funds are held in the account. This has the potential to increase the regulatory burden on banks and solicitors, with possible ‘de-banking’ of firms by banks if they refuse to provide due diligence they’ve gathered on their client. Firms will need to consider duties of confidentiality and legal privilege and how to address these, whether in the terms of business or by way of requesting express consent at the bank’s audit. 

SRA’s continuing competence report

The SRA published its annual assessment of continuing competence on 28 July 2025. Headline findings are that although solicitors kept their knowledge and skills up to date, they are not fully reflecting on all aspects of their practice and have limited awareness of warning notices and guidance. 

The SRA’s report states that its areas of focus in the next 12 months are investigating the continuing competence regime in firms that practise criminal and civil law. More firms will therefore be selected for review, and firms should ensure that staff record their continuing competence efforts, ready to supply to the SRA if needed.

Latest AML news from the SRA

The SRA published its annual AML report on 30 October 2025, which is rich with information on the SRA’s findings from its AML work. 

The report sets out that in total 935 firms were engaged with. Of these the SRA conducted 317 proactive inspections, 516 desk-based reviews, 71 engagements as part of thematic work and 25 AML audit reviews. 

Of the 833 firms who received proactive inspections or desk-based reviews, 270 were deemed non-compliant, 451 partially compliant and 112 compliant. Those that were deemed non-compliant were referred for investigation. 

The SRA also conducted a review of independent audits, and the report sets out that it’s started a three-year cyclical programme to review the outcomes of large firms’ last independent audit. Of the 25 firms who were asked to provide their independent audit report the following findings were made:

• 22 had an independent audit carried out in the last two years. 
• 24 involved a review of PCPs and a sample of files. 
• All 25 firms met the recommendations made in the audit report. However, six firms were referred for desk-based review or inspection as the audit noted missing client due diligence on files. 

The report is too lengthy to summarise here, but all money laundering reporting officers and compliance officers can learn from the SRA’s findings. 

The SRA also published its thematic review on source of funds and wealth compliance on 5 November 2025, which found that in some firms there was inadequate scrutiny of documents, missing audit trails, missing source of funds checks and information given that didn’t correspond to the monies received. The thematic review report sets out for firms what the SRA expects and what good practice looks like. 

As announced at the SRA’s COLP / COFA conference on 21 October 2025, the next AML thematic review will focus on the adequacy of policies, controls and procedures and what happens on the ground. Firms should ensure their practice-wide risk assessment, AML policy, client and matter risk assessment and any accompanying documentation is up to date and being followed.

Changes to the SRA Transparency Rules

Following its thematic review into first-tier complaints handling, the SRA opened a consultation (which ended on 1 August 2025) on its proposed amendments relating to complaints compliance. 

The SRA published its response to the consultation in October 2025, and it will proceed with its proposed new requirement for solicitors to provide complaints information at the conclusion of the matter, on request and if a complaint is made. Further, the SRA will update the Transparency Rules to include that complaints information is clear, accessible and in a prominent place on a firm’s website – and will provide guidance on the term ‘prominent’ – while the Legal Services Board’s definition of a complaint will be added to the SRA Standards and Regulations. 

The SRA will also provide further guidance and will start to collect timeliness data on complaints handling during 2026, after which it will consider whether to publish this data. 

Revised deadlines for ACSPs

The Economic Crime and Corporate Transparency Act 2023 introduced a requirement for law firms who wish to file documents at Companies House or incorporate companies on behalf of clients to become an authorised corporate service provider (ACSP). However, the time by which they must become one has been pushed back to spring 2026.  

In addition, from November 2025, when incorporating a new company it’s compulsory to verify the identity of new directors and persons with significant control (PSCs), with a 12-month transition period to verify the identity for the 7 million or so existing directors and PSCs. These persons can verify their identity directly with Companies House or use an ACSP to do so. 

While firms may be comfortable filing documents and incorporating companies as an ACSP they need to carefully consider if they wish to identify their client and confirm this to Companies House, a government department. There is no risk-based approach with this identification process (unlike that allowed by the AML regulations) and it may not be possible – for contractual and reliance reasons – for the firm to use its preferred third-party identification and verification platform provider to assist them.

Mazur case: conduct of litigation

Last, but not least, in September 2025 the case of Mazur v Charles Russell Speechlys LLP [2025] EWHC 2341 (KB) sent shockwaves through the profession by confirming that non-authorised persons cannot carry on the reserved legal activity of the conduct of litigation simply by virtue of being an employee of an authorised firm. Further, a non-authorised person cannot carry out the conduct of litigation under the supervision of an authorised person; instead, a non-authorised person can support an authorised person in undertaking the conduct of litigation. 

Although the difference between conducting and assisting is open to interpretation, there are certain tasks that will be conducting and not assisting, such as issuing legal proceedings or defending them. Interpreting the law in this area has become complicated, as evidenced by the fifth iteration of the Law Society practice note within just one month of publication. 

And things may change yet again: the Legal Services Board is reviewing whether the regulators informed the professions accurately as to the position and the Chartered Institute of Legal Executives has been given permission to challenge the ruling in the Court of Appeal (and to which the Law Society has intervened as an interested party), which should be heard in early 2026. 

However, we are where we are, and firms who have non-authorised persons conducting litigation must amend their practices. If they don’t, they’ll be committing a criminal offence, and this will almost certainly require reporting to the SRA.