17 June 2026
Preparing for a New Era of AML Regulation
What FCA oversight means for your law firm and how to get ahead of it.
Following the UK government’s announcement in October 2025 that the Financial Conduct Authority (FCA) will become the single professional services supervisor for anti-money laundering (AML) and counter-terrorism financing (CTF), the legal sector is now wondering what this change means for them in practice. The direction of travel is now confirmed, the FCA will become the sole AML supervisor for all in-scope law firms in England and Wales. Full implementation is not expected until around 2029, subject to the passage of enabling legislation, but the framework is set and the time to prepare is now.
This article looks at the likely implications and the steps you can take right now.
Why FCA Involvement Matters
Currently, AML supervision for law firms in England and Wales sits with a number of professional body supervisors such as the Solicitors Regulation Authority (SRA). While the current framework has provided sector-specific supervision for many years, the government has indicated that it sees value in moving toward a more centralised supervisory model for AML and CTF oversight across professional services. The FCA is known for its data-driven and risk-based supervisory approach, with detailed expectations around systems, controls, governance, and evidenced compliance. For law firms, this represents a change, moving from a professional body supervisory model to one that is more closely aligned with the supervisory style seen in financial services.
What to Expect: The Key Changes
When FCA takes over supervision, firms should expect several changes in how compliance is assessed and enforced.
Proactive supervision
Firms may see a more proactive supervisory style including thematic reviews across specific practice areas (conveyancing and corporate are likely targets), data requests, benchmarking exercises, and audits based on risk indicators.
Evidence, not just policy
Simply having policies in place will not be enough. Firms will need to demonstrate how those policies are applied, how decisions are made, and how risk is assessed. Detailed audit trails, clear rationale for risk ratings, and evidence of genuine management oversight will all be expected.
Senior accountability
If we look at the FCA’s Senior Managers and Certification Regime (SMCR), firms may see clearer allocation of AML responsibilities to named individuals, greater personal accountability for compliance failures, and an expectation that compliance is rooted at the highest levels of decision-making, not delegated to a single compliance officer.
A New Enforcement Approach
Firms should expect regulatory expectations to focus on governance, controls, record keeping and demonstrable compliance. As with any regulator, enforcement outcomes are likely to depend on the seriousness of breaches, the effectiveness of controls, and how firms respond when issues are identified.
Dual Regulation: Navigating Two Supervisors
Under the new regime, the FCA will take sole responsibility for AML and CTF supervision. However, the SRA will retain responsibility for professional conduct: compliance with the Solicitors Accounts Rules, client care obligations, and wider professional regulatory standards.
In practice, this means firms will operate under two regulators simultaneously, the FCA governing AML systems and controls, and the SRA professional conduct. They will inevitably overlap, for example, in the governance of client accounts, but they have specific requirements and enforcement approaches. Firms should expect enquiries from both and be sure they can clearly demonstrate compliance that will satisfy each regulator.
Client account oversight
Misuse of a client account, such as using it as a banking facility, is a direct breach of Rule 3.3 of the Solicitors Accounts Rules, which strictly prohibits using client money for anything other than payments that directly relate to the underlying transaction. Under the SRA, such an incident could trigger an investigation to determine whether it was an isolated error or indicative of wider control failures.
At the same time, with the FCA as AML supervisor, the same transaction could be examined from a financial crime perspective. If the breach is isolated and there are no suspicious patterns in the client’s funds, the FCA may conclude that the firm’s AML controls are adequate and close its enquiry quickly.
Being cleared by one regulator does not satisfy the other. The SRA investigation could continue for months, requiring explanations, remediation plans, and evidence of strengthened governance, even after the FCA has long ago closed its enquiry.
A single Rule 3.3 breach can place a firm under two regulatory lenses at once, with differing perspectives, timelines, and potential outcomes. Proactive risk management and clear audit trails are the only way to navigate this dual framework efficiently and confidently.
The Cost of dual supervision
The move to FCA supervision will mean a change in how AML oversight is funded. Currently, the cost of supervision is incorporated within practising certificate fees, meaning firms pay for it indirectly as part of a bundled regulatory charge with relatively little visibility as to the specific cost of AML oversight.
The FCA currently operates on a “user pays” basis, recovering its costs from the firms it regulates through specific, separate fees. In practice, this is likely to mean law firms paying an AML regulatory charge, potentially structured as a combination of fixed and variable elements linked to size, activity, and risk profile.
The result is a more transparent but possibly more expensive model, particularly for larger or higher-risk practices, and one that may, at least in the short to medium term, create a dual cost burden as firms continue to fund SRA regulation through practising certificate fees while also paying separately for FCA AML supervision. One possible consequence of the move to FCA supervision is that firms outside the scope of the AML regulations may no longer indirectly contribute toward AML supervisory costs through practising certificate fees. Whether this ultimately results in lower regulatory costs for those firms will depend on the final funding model adopted.
Expected Timeline
The government has previously signalled an intention to move AML supervision of legal and other professional services to the FCA, but the King’s Speech did not include any reference to this reform, and no detailed legislative timetable has been set.
A realistic, indicative roadmap would now be:
- 2026–2027: If the policy is taken forward, legislation would need to be introduced when parliamentary time allows, most likely via a broader financial services legislative vehicle. However, timing and scope remain unconfirmed.
- 2027–2028: FCA design work, policy development and consultation would be expected during this phase, including development of supervisory approach and operational framework (subject to legislation being passed).
- 2028 onwards: Earliest plausible transition period for implementation planning, firm onboarding and build-out of the FCA supervisory regime for in-scope professional services firms.
- Full implementation: Not expected before the late 2020s and remains dependent on legislation, parliamentary scheduling and detailed implementation planning.
Firms should not take this as grounds for delay, the gap between now and 2029 is the opportunity firms have to close compliance weaknesses and build solid frameworks. While this feels like plenty of time, firms should remember the build up to the introduction of GDPR legislation, there is always more to do than you think.
The Practical Steps to Take Now
Given the confirmed direction of change, the most effective approach is to focus on fundamentals. Firms do not need to wait for a final framework before acting, in fact, waiting is the riskiest strategy of all.
The message from the SRA is clear, the regulator may be changing, but the AML regulations are not. Staying (or getting) compliant is the number one priority. The SRA’s own data from its 2024–25 Anti-Money Laundering Annual Report makes sobering reading. Of 451 firms reviewed:
• 355 (79%) received feedback on their Firm-Wide Risk Assessment
• 323 (72%) received feedback on their AML policy
• 222 (49%) received feedback on their Client/Matter Risk Assessment
• 193 (43%) received feedback on source of funds procedures
• 8% of MLROs/MLCOs audited did not have a sufficient understanding of their role
These are not unique cases, they reflect gaps across the profession. The work to close them starts now.
1. Conduct a gap analysis. Assess your current AML frameworks against FCA-style expectations. Are your policies applied consistently in practice? Is there a sufficient audit trail? Can you evidence your decision-making at every level?
2. Strengthen governance. Ensure clear, named accountability for AML at senior level. Increase leadership engagement with compliance, it cannot remain a back-office function.
3. Improve your documentation. Record the reasoning behind decisions, not just the outcome. Standardise how AML considerations are captured across the firm.
4. Check for patterns. If the same issues recur, investigate why, is the message being misunderstood, or is there a system weakness that needs addressing. Adapt your policies or training accordingly.
5. Invest in meaningful training. Move beyond generic annual tick-box training. Tailor content to specific roles and risk exposure. Test understanding, not just attendance. Ensure catch-up sessions are attended by anyone unable to attend the first session.
6. Review your technology. Think about your current systems. Can they support the data capture and reporting that FCA-style regulation will require. Reducing reliance on manual processes can only be a positive for firms.
7. Arrange an independent audit. If you have had one recently, check that recommended improvements have been implemented. If it has been a while, organise one now, it is one of the clearest signals to any regulator that your compliance culture is serious.
8. Engage with advisors and insurers. Early engagement with partners who understand the legal sector, such as LawInsure and Avenue, can help you tailor your approach, identify gaps, and build systems that satisfy both regulatory and insurer expectations.
The Opportunity
It would be easy to read this as nothing but a burden, but firms that act early, strengthen governance, embed genuine risk management, and build robust compliance frameworks, will not just be better prepared for regulatory change. They will be better businesses.
Stronger processes reduce the risk of fraud and financial crime. Better governance builds client trust. And robust, evidenced compliance is increasingly a factor in professional indemnity positioning: insurers are looking for more than policies on a shelf. Firms that can demonstrate the quality of their AML controls are likely to find that reflected in how their risk is assessed and priced, making early investment in compliance a commercial advantage, not just a regulatory necessity.
The concerns expressed by so many firms at the Law Society conference are understandable, but uncertainty is not a reason to wait. The firms that will navigate this transition most effectively are those that start now, rather than waiting for the final framework before reviewing their existing arrangements.
How Avenue Can Help
Avenue works with law firms across every element of practice management, from strengthening compliance frameworks and AML processes to sharpening financial strategy, streamlining operations, and building the leadership structures that allow firms to grow with confidence. Whether you need clearer governance, better financial reporting, support with day-to-day practice management, a plan for scaling, or guidance through a merger or exit, we bring practical, hands-on expertise to every stage of your firm’s journey. Having worked inside law firms, not simply advising them from the outside, we understand the real pressures of managing a practice alongside delivering legal work.
If you would like a confidential conversation about where your firm stands and what practical steps make sense for your size and risk profile, we would be glad to help.
The opinions and views expressed in the above articles are those of Avenue only and are for guidance purposes only.
The Walbrook Building 25 Walbrook London, EC4N 8AW
Privacy Policy - Do Not Sell or Share My Personal Information (U.S. Residents Only)
Arthur J. Gallagher (UK) Limited is authorised and regulated by the Financial Conduct Authority. Registered Office: The Walbrook Building, 25 Walbrook, London EC4N 8AW. Registered in England and Wales. Company Number: 119013.