Law firms in England and Wales that carry out work within the scope of the Money Laundering Regulations 2017 (MLR 2017) must comply with anti-money laundering (AML) requirements. The legal sector is classified as high-risk in the UK National Risk Assessment because solicitors handle large transactions, manage client accounts, create legal structures, and facilitate property purchases — all of which can be exploited to launder the proceeds of crime.

This guide covers what is specific to solicitors and law firms. It does not repeat the general AML obligations that apply to all regulated businesses. If you are new to AML compliance, start with the generic AML guidance before reading this sector-specific guide.

When this applies to your firm

Your firm falls within the scope of the MLR 2017 if it provides any of the following services as an independent legal professional:

Buying and selling real property (conveyancing, commercial property)
Buying and selling business entities (mergers, acquisitions, share transfers)
Managing client money, securities, or other assets
Opening or managing bank, savings, or securities accounts
Creating, operating, or managing trusts, companies, or similar structures
Providing tax advisory services involving the above

Practice areas that typically do not fall within scope include family law (unless involving financial settlements channelled through the firm), criminal defence, personal injury, and employment law. However, if any in-scope work is carried out by any part of the firm, the entire firm must have AML policies and procedures in place.

SRA anti-money laundering supervision of solicitors

The Solicitors Regulation Authority as professional body AML supervisor for solicitors and law firms in England and Wales under MLR 2017, including risk-based supervisory approach, thematic reviews, and OPBAS oversight by the FCA.

The Solicitors Regulation Authority (SRA) is designated as a professional body supervisor under Regulation 49 and Schedule 1 of the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017. The SRA supervises approximately 9,400 law firms in England and Wales for compliance with AML requirements. All solicitors' firms that provide services within scope of the MLR 2017 must comply with the SRA's AML supervisory requirements in addition to the regulations themselves.

The SRA adopts a risk-based approach to AML supervision. It assigns each supervised firm a risk rating based on factors including the firm's practice areas, client base, geographic exposure, and transaction types. Higher-risk firms receive more intensive supervision including on-site visits, file reviews, and mandatory reporting. The SRA conducts thematic reviews focusing on specific AML risks across the legal sector, such as property transactions, trust and company services, and source of funds verification.

The SRA's AML supervisory activity is itself overseen by the Office for Professional Body Anti-Money Laundering Supervision (OPBAS), which sits within the Financial Conduct Authority. OPBAS was established by the Money Laundering and Terrorist Financing (Amendment) Regulations 2019 to ensure consistent and effective AML supervision by professional body supervisors. OPBAS publishes annual reports assessing the quality of supervision by bodies including the SRA, and can direct supervisors to take specific action where standards are not met.

The SRA has enforcement powers under Regulation 58 of the MLR 2017 for breaches of the regulations. These include imposing civil penalties under Regulation 62, publishing details of enforcement action, suspending or revoking authorisation, and referring matters to the Solicitors Disciplinary Tribunal. In serious cases involving suspected money laundering offences, the SRA refers matters to law enforcement and the National Crime Agency.

SRA designation: Professional body supervisor under MLR 2017 Regulation 49 and Schedule 1
Firms supervised: Approximately 9,400 law firms in England and Wales
Supervisory approach: Risk-based; firms rated by practice area, client base, geography, and transaction type
SRA civil penalty power: Regulation 62, MLR 2017 (no statutory cap for professional body supervisors)
OPBAS oversight: FCA Office for Professional Body Anti-Money Laundering Supervision
OPBAS statutory basis: Regulation 49A, MLR 2017 (inserted by 2019 amendment regulations)
Jurisdiction: England and Wales only (Scotland - Law Society of Scotland; Northern Ireland - Law Society of Northern Ireland)
Legal professional privilege: Solicitors are not required to submit a SAR where information is subject to legal professional privilege (POCA 2002, s.330(6))

Firm-wide risk assessment

Before undertaking any work within the scope of the MLR 2017, your firm must complete a written firm-wide risk assessment. This is not a box-ticking exercise. The SRA expects the assessment to reflect your firm's actual practice, client base, and geographic exposure — not a generic template downloaded from the internet.

The firm-wide risk assessment is distinct from the client and matter risk assessments you carry out on individual instructions. It looks at your firm as a whole and determines where the greatest AML risks lie so you can direct your controls accordingly.

Firm-wide AML risk assessment for law firms

How solicitors' firms must conduct and document a firm-wide money laundering and terrorist financing risk assessment under MLR 2017 Regulation 18, incorporating SRA guidance and legal-sector-specific risk factors.

Under Regulation 18 of the Money Laundering Regulations 2017, every law firm that provides services within scope of the regulations must conduct a written firm-wide risk assessment of its exposure to money laundering and terrorist financing. This is distinct from individual client risk assessments and must cover the entire firm's operations. The SRA requires this assessment to be completed before commencing any work falling within the scope of the MLR 2017, and expects it to be reviewed at least annually or whenever there is a material change in the firm's risk profile.

The LSAG (Legal Sector Affinity Group) AML guidance, approved by HM Treasury under Regulation 18(6), provides sector-specific methodology for law firms. The firm-wide risk assessment must take into account the information published by the SRA, the UK National Risk Assessment, and any relevant FATF publications.

Identify practice areas within scope of MLR 2017 – Determine which of your firm's practice areas fall within the scope of the Money Laundering Regulations. The regulations apply to independent legal professionals participating in financial or real property transactions, or providing assistance in planning or executing transactions involving buying and selling real property or business entities, managing client money or assets, opening or managing bank accounts, creating or managing trusts, companies or similar structures, or acting as a trust or company service provider. Areas commonly in scope include conveyancing, commercial property, corporate and commercial, private client (wills, trusts, estates), tax advisory, and litigation (where handling settlement funds).
Assess client risk factors specific to legal services – Evaluate the risk profile of your client base considering factors particular to legal services. These include the proportion of clients who are individuals versus corporate entities, the number of clients based overseas or with overseas connections, the proportion of high-net-worth or ultra-high-net-worth clients, the volume of PEP clients, clients in high-risk industries, new clients versus established relationships, and clients introduced by third parties. The LSAG guidance provides a framework for scoring these factors.
Assess geographic risk exposure – Map your firm's geographic risk considering the jurisdictions where your clients are based, where their funds originate, where property or assets are located, and where counterparties operate. Cross-reference these against FATF high-risk and monitored jurisdictions, the EU/UK high-risk third-country lists, Transparency International's Corruption Perceptions Index, and the Basel AML Index. Firms with significant overseas client bases or cross-border transaction volumes face higher inherent risk.
Assess delivery channel and transaction risks – Consider how services are delivered and the types of transactions handled. Factors include the proportion of non-face-to-face client relationships, the use of intermediaries or introducers, average and peak transaction values, the complexity of structures created, the speed at which transactions are completed, and the volume of transactions involving third-party funding or gifts. Firms handling high volumes of property completions, trust formations, or corporate restructurings face higher delivery channel risk.
Evaluate existing controls and determine residual risk – Assess the effectiveness of your current AML controls against the inherent risks identified. Controls include your CDD and EDD procedures, client and matter risk assessment processes, transaction monitoring, staff training programme, MLRO oversight and resources, compliance monitoring and file reviews, and use of technology for screening and monitoring. Rate each control's effectiveness and calculate residual risk (inherent risk minus control effectiveness) for each risk category.
Document the assessment with required content – Produce a written risk assessment document that includes the methodology used, the risk factors considered, your risk ratings and scoring, the information sources consulted (including the SRA sectoral risk assessment and UK NRA), your control evaluation, residual risk ratings, and an action plan for any areas where residual risk is above your appetite. The SRA expects this document to be available for inspection and requires that it demonstrates genuine engagement with the firm's specific risks, not a generic template.
Obtain COLP/senior management approval and set review schedule – The firm-wide risk assessment must be approved by the firm's Compliance Officer for Legal Practice (COLP) or equivalent senior management. Record the approval and date. Set a review schedule of at least annually. The assessment must also be reviewed whenever there is a material change such as entering new practice areas, opening new offices, significant changes to the client base, or regulatory changes. The SRA may request the risk assessment during supervisory visits or desk-based reviews.

Statutory basis: MLR 2017 Regulation 18 (firm-wide risk assessment)
Approved guidance: LSAG AML Guidance for the Legal Sector (approved by HM Treasury under Reg 18(6))
Review frequency: At least annually, or on material change to the firm's risk profile
Approval requirement: COLP or senior management must approve the written assessment
SRA expectation: Must demonstrate genuine engagement with firm-specific risks, not a generic template
Information sources required: SRA sectoral risk assessment, UK National Risk Assessment, FATF publications, firm's own data
Penalty for non-compliance: SRA enforcement action; Regulation 86 criminal offence (up to 2 years imprisonment and/or unlimited fine)
In-scope practice areas: Conveyancing, commercial property, corporate/commercial, private client, tax advisory, litigation (where handling funds)

High-risk areas for law firms

Certain types of legal work carry higher inherent money laundering risk. Your firm-wide risk assessment and your client and matter risk assessments must reflect these elevated risks, and you must apply enhanced controls where they are present.

High-risk areas for legal sector money laundering

Practice areas and scenarios that present elevated money laundering risk in the legal sector, as identified by the SRA, NCA, and LSAG guidance.

The legal sector is identified as high-risk for money laundering in the UK National Risk Assessment. Solicitors handle large sums, manage client accounts, create legal structures, and facilitate property transactions, all of which can be exploited by criminals seeking to launder the proceeds of crime. The SRA, NCA, and Legal Sector Affinity Group (LSAG) have identified specific practice areas and scenarios that require heightened vigilance.

Property transactions and conveyancing represent the single highest-risk area for solicitors. The UK property market is frequently targeted for money laundering because real estate can absorb large sums, property values can be manipulated, and transactions involve complex chains of parties. Solicitors conducting conveyancing must verify the source of funds for every property purchase, including funds from overseas, third-party contributions, and gifts. The SRA has taken enforcement action against firms that failed to question the legitimacy of funds in property transactions.

Trust and company service providers (TCSPs) create legal structures that can obscure beneficial ownership. Solicitors who form companies, create trusts, act as nominee shareholders, or provide registered office addresses are acting as TCSPs and must apply specific CDD measures under MLR 2017 Regulation 12. Complex corporate structures involving multiple jurisdictions present particular risk.

Client account misuse is a significant risk unique to the legal sector. Solicitors' client accounts are regulated bank accounts that offer a veneer of legitimacy. Criminals may seek to pass funds through client accounts with no genuine underlying legal transaction, or may instruct solicitors on sham transactions designed solely to move money. The SRA Accounts Rules require client money to be held only in connection with an underlying legal transaction or service.

Politically exposed persons (PEPs) require enhanced due diligence under MLR 2017 Regulation 35. Law firms acting for high-net-worth individuals, overseas clients, and those involved in government or public functions must screen for PEP status and apply enhanced measures including senior management approval and source of wealth verification.

High-value and unusual transactions should trigger additional scrutiny. These include transactions with no apparent economic rationale, instructions that change unexpectedly, rushed completions with pressure to move funds quickly, and transactions significantly above or below market value.

Jurisdictional risk arises when clients, funds, or transactions involve high-risk jurisdictions identified by the Financial Action Task Force (FATF) or the UK government. Cross-border transactions, particularly involving jurisdictions with weak AML controls, require enhanced due diligence.

Highest-risk practice area: Property transactions and conveyancing (identified in UK National Risk Assessment)
TCSP scope for solicitors: Company formation, trust creation, nominee services, registered office provision (MLR 2017 Reg 12)
Client account risk: Funds must relate to an underlying legal transaction or service (SRA Accounts Rules)
PEP enhanced due diligence: Mandatory for domestic, foreign, and international organisation PEPs plus family and close associates (MLR 2017 Reg 35)
Source of funds requirement: Must verify origin of funds for every property purchase, including third-party contributions and gifts
Source of wealth requirement: Must establish overall wealth origin for high-risk clients, PEPs, and enhanced due diligence cases
NCA SARs from legal sector (2022/23): Over 9,000 SARs submitted by the legal sector annually
Red flag indicators: No apparent economic rationale, rushed completions, unexplained third-party funding, below-market transactions

Client due diligence in practice

Client due diligence (CDD) must be completed before you establish a business relationship or carry out an occasional transaction within the scope of the MLR 2017. For law firms, this means before you begin substantive work on an instruction, not at the point of completion.

Source of funds in conveyancing

For every property purchase, you must verify the source of the funds being used. This goes beyond simply identifying where the money is being transferred from. You must understand how the client acquired the funds. Common sources include:

Sale of an existing property (verify through linked transaction records)
Mortgage (verify through the lender's offer letter)
Savings (verify through bank statements showing accumulation over time)
Gift from a family member (obtain a signed gift letter and verify the donor's source of funds)
Funds from overseas (verify through overseas bank statements, tax records, or employment documentation)
Inheritance (verify through grant of probate or estate accounts)

A client stating "savings" or "from my account" is not sufficient verification. You must obtain documentary evidence that supports the explanation. Where funds come from multiple sources, verify each one separately.

Trust and company service provider (TCSP) duties

If your firm creates companies, establishes trusts, provides nominee shareholders or directors, or provides a registered office address, you are acting as a trust and company service provider. TCSP activities attract specific CDD obligations under Regulation 12 of the MLR 2017, including identification and verification of all beneficial owners of the structures created. Given the opacity risk of complex structures, the SRA pays particular attention to TCSP work during supervisory reviews.

Enhanced due diligence

You must apply enhanced due diligence (EDD) in higher-risk situations. For law firms, the most common EDD triggers are:

Clients who are politically exposed persons (PEPs), their family members, or known close associates
Transactions involving high-risk third countries identified by the FATF or the UK government
Complex or unusually large transactions with no apparent economic or legal purpose
Non-face-to-face client relationships where the client has not been met in person

EDD requires senior management approval to establish or continue the business relationship, enhanced ongoing monitoring, and establishment of the source of wealth (the overall origin of the client's financial resources, not just the funds for the specific transaction).

Legal professional privilege and suspicious activity reporting

Solicitors occupy a unique position in the AML regime because of legal professional privilege (LPP). Understanding the boundary of this privilege is critical to complying with your reporting obligations without inadvertently breaching client confidentiality or, conversely, failing to report when required.

The general reporting obligation

Under section 330 of the Proceeds of Crime Act 2002 (POCA), a person in the regulated sector who knows, suspects, or has reasonable grounds for knowing or suspecting that another person is engaged in money laundering must submit a suspicious activity report (SAR) to the National Crime Agency (NCA) through the firm's Money Laundering Reporting Officer (MLRO). Failure to report is a criminal offence carrying up to 5 years' imprisonment.

The privilege exemption

Section 330(6) of POCA provides that the reporting obligation does not apply to information received in privileged circumstances. Information is received in privileged circumstances if it is communicated:

By a client (or their representative) in connection with the provision of legal advice, or
By a person seeking legal advice, or by a person in connection with legal proceedings

However, this exemption does not apply if the information is communicated with the intention of furthering a criminal purpose. This is known as the "crime/fraud exception" — if the client is seeking legal advice to facilitate money laundering, the privilege does not attach, and you must report.

In practice

If you form a genuine suspicion that your client is engaged in money laundering based on information received outside the scope of privileged communications (for example, through your own due diligence, source of funds checks, or observations about the transaction), you must submit a SAR. Where you are uncertain whether privilege applies, seek guidance from the firm's MLRO and, if necessary, from the SRA or the Law Society's practice advice service. Do not allow uncertainty about privilege to prevent you from reporting where you should.

Tipping off

Once a SAR has been submitted (or you know one has been submitted), it is a criminal offence under section 333A of POCA to disclose to the client or any third party that a report has been made, if that disclosure is likely to prejudice any investigation. The maximum penalty is 5 years' imprisonment. However, disclosure to another legal professional for the purpose of legal proceedings is not tipping off.

Penalties for AML Breaches

Criminal and regulatory penalties for failing to comply with Money Laundering Regulations 2017 and Proceeds of Crime Act 2002.

Non-compliance with AML obligations can result in criminal prosecution, unlimited fines, and imprisonment. The FCA and HMRC actively enforce these requirements.

Failure to register: £5,000 (summary) or unlimited fine (indictment)
Failure to conduct CDD: 2 years imprisonment and/or unlimited fine
Failure to submit SAR: 5 years imprisonment and/or unlimited fine
Tipping off: 5 years imprisonment and/or unlimited fine
Prejudicing investigation: 5 years imprisonment and/or unlimited fine
False/misleading information: 2 years imprisonment and/or unlimited fine
FCA regulatory sanction: Unlimited financial penalty

1. Appoint an MLRO with sufficient seniority

Designate a Money Laundering Reporting Officer who has the seniority and authority to make decisions about reporting suspicious activity. In smaller firms this is often a partner or the COLP. Notify the SRA of the appointment. Ensure a deputy MLRO is appointed to cover absences.
2. Complete your firm-wide risk assessment

Produce a written assessment of your firm's money laundering and terrorist financing risks covering all practice areas within MLR 2017 scope. Follow the LSAG guidance methodology. Ensure the assessment reflects your firm's actual work, not a generic template. Have it approved by the COLP or senior management.
3. Establish CDD policies and procedures

Create documented procedures for client identification and verification, beneficial ownership identification, source of funds verification, source of wealth checks for high-risk clients, PEP screening, and ongoing monitoring. Procedures must cover both standard and enhanced due diligence and set out clear escalation routes.
4. Implement matter risk assessments

Require a documented risk assessment for every client and matter within the scope of the MLR 2017. Use the risk assessment to determine the level of CDD required (simplified, standard, or enhanced). The SRA provides a template, but adapt it to your firm's practice areas.
5. Set up SAR procedures and train all staff

Establish a clear internal process for staff to report suspicions to the MLRO. Provide initial AML training to all staff on joining and at least annually thereafter. Training must cover recognition of suspicious activity, the firm's reporting procedures, legal professional privilege boundaries, and the tipping off offence.
6. Establish record keeping and monitoring

Set up systems to retain all CDD records, risk assessments, SARs, and training records for at least 5 years. Conduct regular compliance monitoring through file reviews and sample testing. Document your monitoring findings and any corrective actions.
7. Prepare for SRA supervisory engagement

Ensure your firm-wide risk assessment, policies, procedures, training records, and compliance monitoring evidence are readily accessible. The SRA may conduct desk-based reviews, request specific documentation, or carry out on-site visits. Higher-risk firms should expect more frequent supervisory contact.

What happens next

AML compliance is not a one-off exercise. After implementing these measures, you must:

Review and update your firm-wide risk assessment at least annually, or when your practice areas, client base, or risk profile change materially
Refresh staff training at least annually, covering new typologies and any changes to your procedures
Conduct regular compliance monitoring through file reviews, testing whether CDD is being completed correctly and SARs are being filed appropriately
Respond promptly to any requests from the SRA, whether for documentation, information, or corrective action
Monitor updates from the SRA, NCA, and LSAG for changes to guidance, thematic findings, or emerging risks

ℹ️ Consent SARs and conveyancing completions

If you suspect the funds in a property transaction are the proceeds of crime, you must submit a SAR and request consent from the NCA before proceeding to completion. The NCA has 7 working days to respond. If consent is refused, a further 31-day moratorium applies. Proceeding without consent risks committing a principal money laundering offence under sections 327-329 of POCA 2002. Build this timeline into your completion schedule.

Official guidance and legislation

SRA AML Guidance and Support
SRA guidance on AML compliance for solicitors' firms
sra.org.uk
SRA AML Guidance by Topic
SRA guidance articles on money laundering including LSAG sector guidance
sra.org.uk
Money laundering regulations - your responsibilities
GOV.UK overview of AML obligations including suspicious activity reporting
gov.uk
Money Laundering Regulations 2017
Full text of the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017
legislation.gov.uk
Proceeds of Crime Act 2002
POCA 2002 including money laundering offences and reporting obligations
legislation.gov.uk
FCA OPBAS
Office for Professional Body Anti-Money Laundering Supervision
fca.org.uk

UNDER CONSTRUCTION

Guvnor

Anti-money laundering compliance for law firms

When this applies to your firm

Firm-wide risk assessment

High-risk areas for law firms

Client due diligence in practice

Source of funds in conveyancing

Trust and company service provider (TCSP) duties

Enhanced due diligence

Legal professional privilege and suspicious activity reporting

The general reporting obligation

The privilege exemption

In practice

Tipping off

1. Appoint an MLRO with sufficient seniority

2. Complete your firm-wide risk assessment

3. Establish CDD policies and procedures

4. Implement matter risk assessments

5. Set up SAR procedures and train all staff

6. Establish record keeping and monitoring

7. Prepare for SRA supervisory engagement

What happens next

ℹ️ Consent SARs and conveyancing completions

Compliance Assistant

🚧 UNDER CONSTRUCTION

When this applies to your firm

Firm-wide risk assessment

High-risk areas for law firms

Client due diligence in practice

Source of funds in conveyancing

Trust and company service provider (TCSP) duties

Enhanced due diligence

Legal professional privilege and suspicious activity reporting

The general reporting obligation

The privilege exemption

In practice

Tipping off

1. Appoint an MLRO with sufficient seniority

2. Complete your firm-wide risk assessment

3. Establish CDD policies and procedures

4. Implement matter risk assessments

5. Set up SAR procedures and train all staff

6. Establish record keeping and monitoring

7. Prepare for SRA supervisory engagement

What happens next

ℹ️ Consent SARs and conveyancing completions

Related guides in this sector

UNDER CONSTRUCTION