SRA AML Inspection — UK guide for law firms
The SRA's AML inspection methodology — routine rotation, thematic reviews, what the SRA asks for, five recurring focus areas, and the five-track enforcement framework.
By Mehmood Rajoka · Last updated 2026-06-08
TL;DR — Quick Summary
- •The Solicitors Regulation Authority (SRA) is the AML supervisor for the vast majority of England and Wales law firms — including all solicitor practices doing conveyancing, probate, trust and company services, and most commercial work covered by MLR 2017.
- •The SRA runs both routine and thematic AML inspections. Routine inspections operate on a 4-6 year rotation for most firms, with higher-risk firms (conveyancing-heavy, TCSP-active, sanctioned-jurisdiction-adjacent) seeing more frequent attention.
- •Inspections combine document review (firm-wide risk assessment, policies, MLRO/MLCO appointments, training records, CDD file samples, SAR register) with substantive client-file sampling — typically 10-30 files chosen across risk categories and partners.
- •The SRA publishes annual sector reviews highlighting consistent failings: source-of-funds evidence in conveyancing, beneficial-ownership tracing on corporate clients, MLR 2017 Reg 18 firm-wide risk assessment quality, and SAR pipeline operating reality.
- •SRA enforcement powers are substantial: SDT referrals, individual fines up to £25,000, firm fines exceeding £250m for traditional firms (under the new fining powers framework), conditions on practising certificates, and ultimate striking-off for serious cases.
Answer-first summary
What is an SRA AML inspection?
An SRA AML inspection is the supervisory enforcement mechanism the Solicitors Regulation Authority uses to verify that SRA-regulated law firms in England and Wales are operating an effective AML compliance programme under MLR 2017. Inspections combine desk-based document review (firm-wide risk assessment, policies, training, SAR register) with substantive client-file sampling — typically 10-30 files chosen across risk categories. Outcomes range from no-action through compliance direction, financial penalty, to Solicitors Disciplinary Tribunal referral with possible striking-off.
- Routine 4-6 year rotation, with higher-risk firms more frequent
- Conveyancing source-of-funds is the #1 thematic concern
- Five enforcement tracks: direction, SDT, individual fine, firm fine, PC conditions
- Mid-market firms face cross-partner consistency scrutiny
Four inspection trigger types
Routine rotation
Most SRA-regulated firms see a routine AML inspection every 4-6 years. The cycle is risk-rated — higher-risk firms (conveyancing-heavy, TCSP-active, trust work, sanctioned-jurisdiction exposure) see more frequent attention. Routine inspections combine a desk-based document review with on-site or video client-file sampling.
Thematic review
SRA publishes periodic thematic AML reviews — recent themes have included conveyancing source-of-funds quality, trust-and-company-service-provider standards, and economic crime resilience. Firms within scope of a thematic review get specific inspection focus on the theme's substantive areas.
Triggered inspection
Intelligence-driven inspection following a specific concern — SRA complaint, NCA SAR pattern, supervisory liaison referral, adverse media on a partner or client. Triggered inspections are typically narrower in scope but deeper in client-file sampling.
Post-enforcement follow-up
Following a prior SRA enforcement action or compliance direction, the SRA will follow up to verify remediation. Failure to demonstrate substantive remediation escalates the original finding rather than closing it.
What the SRA asks for
Ten standard items in the pre-inspection information request:
- 1Firm-wide AML risk assessment under MLR 2017 Reg 18 — current version, version history, annual review dates
- 2Written AML policies and procedures under Reg 19 — coverage of CDD, EDD, SAR escalation, training, monitoring, sanctions screening, beneficial ownership identification
- 3MLCO and MLRO appointment documents under Reg 21 — written appointment, role specification, cover arrangements
- 4Training records for the past 12-24 months — who was trained, on what, by whom, when, including any post-FCA-PS24/4 PEP-differentiation refreshers
- 5CDD file samples — 10-30 client files chosen across risk categories, partners, and work types. Conveyancing files attract particular focus where the firm has substantial property work
- 6SAR register — log of internal disclosures, MLRO decisions, external SARs filed, DAML moratorium matters, tipping-off-safe communication evidence
- 7Sanctions and PEP screening records — list coverage, ongoing monitoring cadence, match disposition evidence
- 8Source-of-funds evidence for higher-risk and conveyancing client files — the most-cited failing in recent SRA thematic reviews
- 9Beneficial-ownership records for corporate clients — PSC register cross-references, independent verification evidence, trace through corporate layers
- 10Compliance committee minutes, partnership-board AML reporting evidence — proof of senior-management engagement in the AML programme
Five recurring SRA AML thematic concerns
Conveyancing source of funds
The most-cited issue in SRA AML thematic reviews. Source-of-funds documentation in conveyancing files routinely fails the SRA standard. Documentary evidence (bank statements, sale contracts, gift letters with corroboration, mortgage statements) rather than verbal client representation. Material to firms with any conveyancing exposure.
Trust and company service providers (TCSPs)
Firms providing registered-office services, nominee director services, trust formation, or other TCSP activities face elevated SRA scrutiny — TCSP activities are highlighted in international AML thematic concerns and the SRA aligns its supervisory focus accordingly.
Beneficial ownership of corporate clients
The 'natural person at the top' requirement under Reg 28(3). The SRA routinely finds files where beneficial ownership identification stopped at the immediate parent company rather than tracing to the natural person.
MLR 2017 Reg 18 firm-wide risk assessment quality
Generic template risk assessments without firm-specific tailoring are the #1 finding. Risk assessments not updated for the 2022 proliferation financing addition, the 2023 FCA PS24/4 PEP differentiation, or the 2023 Companies House reform are common.
SAR pipeline operational reality
Policy documents describing the SAR pipeline don't translate into file-level evidence. The SRA tests whether staff can explain the escalation path and whether MLRO decision-making is documented contemporaneously rather than reconstructed retrospectively.
Five SRA enforcement tracks
Compliance direction
Formal direction requiring specific remediation within a fixed period (typically 90 days). Failure to remediate escalates to formal sanction. Published in the SRA's enforcement record.
Solicitors Disciplinary Tribunal (SDT) referral
For serious or systemic failures, SRA refers to the independent Solicitors Disciplinary Tribunal. The SDT can impose suspension, conditions on practising certificate, or striking-off. Decisions are public and permanent on the firm's compliance history.
Individual financial penalty
SRA's own fining powers extend to £25,000 per individual under the standard framework. Higher fines available against firms and via SDT referral. Published with the firm and individual name.
Firm financial penalty
Firm-level fines under the 2023 enhanced SRA fining powers framework can reach substantial amounts — exceeding £250m theoretically for the largest firms. Practical fines vary by case but are significantly higher than the pre-2023 regime.
Conditions on practising certificate
Conditions restricting the scope of a solicitor's practice (e.g. no conveyancing work, no client account handling) are sometimes used as an alternative to suspension. Public on the SRA's Find A Solicitor register.
FAQ
Answer-first summary
What is an SRA AML inspection?
An SRA AML inspection is the supervisory enforcement mechanism the Solicitors Regulation Authority uses to verify that SRA-regulated law firms in England and Wales are operating an effective AML compliance programme under MLR 2017. Inspections combine desk-based document review (firm-wide risk assessment, policies, training records, SAR register) with substantive client-file sampling — typically 10-30 files chosen across risk categories and partners. Outcomes range from no-action through compliance direction, individual and firm financial penalties, and (for serious cases) Solicitors Disciplinary Tribunal referral with possible striking-off.
Answer-first summary
How often does the SRA inspect?
Routine inspections operate on a 4-6 year rotation for most firms. Higher-risk firms (conveyancing-heavy, TCSP-active, trust-and-corporate-services-active, sanctioned-jurisdiction-adjacent) see more frequent attention. Thematic inspections target firms within scope of an SRA thematic review (e.g. recent themes have included conveyancing source-of-funds quality, TCSP standards, economic crime resilience). Triggered inspections — driven by SRA complaint, NCA SAR pattern, supervisory referral, or adverse media — can come at any time regardless of the routine cycle.
Answer-first summary
What does the SRA focus on in AML inspections?
Five recurring focus areas. Conveyancing source-of-funds documentation quality — the most-cited issue in SRA thematic reviews. Trust and company service provider standards. Beneficial-ownership tracing on corporate clients (the natural-person-at-the-top requirement under Reg 28(3)). MLR 2017 Reg 18 firm-wide risk assessment quality (generic template assessments are the #1 finding). SAR pipeline operational reality — whether the policy documents translate into file-level evidence.
Answer-first summary
What happens if the SRA finds AML breaches?
Five enforcement tracks. Compliance direction (formal direction to remediate within typically 90 days). Solicitors Disciplinary Tribunal referral (for serious or systemic failures, with possible striking-off). Individual financial penalty (up to £25,000 under the standard SRA fining framework, more via SDT). Firm financial penalty (under the 2023 enhanced fining powers framework, substantially higher than pre-2023). Conditions on practising certificate (restricting the scope of practice). Published on the SRA's enforcement record. Right of reply applies before formal action; appeals to the SDT or the High Court depending on enforcement track.
Answer-first summary
How should a mid-market law firm prepare for SRA inspection?
Treat preparation as continuous, not last-minute. Keep the firm-wide risk assessment under annual review with documented review dates and tailored content (not generic template). Maintain CDD file consistency across partners and offices — supervisors will compare. Run mock inspections every 18-24 months internally — pick 10 random files and stress-test them against the standard SRA inspection checklist. Diarise training refreshers. Make sure the policies document reflects actual operating reality. The firms that pass SRA inspection cleanly are the ones whose AML programme runs operationally year-round rather than scrambling to evidence in the inspection notification window.
Answer-first summary
Does the SRA inspection differ for mid-market firms?
The substantive standards are the same — MLR 2017 + POCA + the SRA's Standards and Regulations apply consistently. The operational reality differs: mid-market firms face higher scrutiny on cross-partner consistency (does Office A apply the same EDD triggers as Office B?), structured AML governance (is there a documented compliance committee with senior partner engagement?), and bulk-operation evidence (KYC remediation projects, client-base risk-distribution analytics). The SRA expects mid-market firms to have evolved governance beyond the sole-practitioner-MLRO model.