LSAG Update: The webinar questions we didn't get to

SRA enforcement: Are historic breaches still a concern?

You asked: Is the SRA focusing on past compliance issues as much as current ones, or will improving our procedures now protect us from historic failings?

Yes, historic breaches remain very much within the SRA's enforcement remit. Enforcement actions often cover conduct spanning several years. The SRA has made it clear that retrospective failings can and do result in disciplinary proceedings, even where firms have since improved their procedures. Key considerations include:

• Severity of past misconduct: Repeated or systemic failures (e.g., not verifying the source of funds or not applying EDD) are likely to attract enforcement, regardless of more recent compliance.

• Remediation steps: Firms that have taken proactive steps to fix historic issues, improve systems, and demonstrate a culture of compliance may still face scrutiny, but are more likely to receive leniency.

• Ongoing obligations: The SRA is focused on whether the firm has learned from past failings and whether clients are currently protected.

In short, "getting it right now" doesn’t provide immunity from enforcement for historic breaches, but it may influence the level of sanction imposed.

Third-party checks: How far should firms go?

You asked: How thoroughly should we be checking third parties, especially when they're represented by another law firm, and what level of ID checks are needed for third-party funders?

AML obligations are fundamentally risk-based, and that includes any third-party contributors to a transaction, such as giftors. The focus should be on understanding the nature and origin of the third party’s funds, particularly where their contribution is material to the transaction your client is undertaking. The SRA has repeatedly flagged risks associated with accepting funds from unvetted third parties, especially in conveyancing, and the latest LSAG guidance has reinforced that firms must assess the specific risk posed by each contributor.

This means moving away from a one-size-fits-all SoF approach and instead tailoring enquiries based on the risk profile of the matter. The higher the risk, the greater the level of documentation expected. Accepting funds from an unrelated third party is a red flag in itself, and where the origin of funds is unclear, such as funds from pooled or mixed accounts, firms are not only permitted, but expected to seek a broader understanding of the third party’s wealth and source of contribution.

Clear policies, file notes, and supporting documentation should demonstrate that the steps taken were appropriate and risk-aligned, ensuring a defensible audit trail.

How far is “far enough”?

You asked: When a client's funds are from an old inheritance or long-term savings, or a gift of property equity, how far back should we investigate the source of funds? And how much detail is needed for third-party checks generally?

• You’re expected to go far enough to adequately mitigate the risk of money laundering.

• That means applying a risk-based approach, documenting your reasoning, and escalating concerns (e.g., through internal reporting) where appropriate.

• The key is to demonstrate you considered the risk, made reasonable enquiries, and kept a record of what you did and why.

You need to go back as far as is needed to build a clear picture of how the third party accumulated their money for the transaction. This is a case-by-case assessment and should reflect the level of risk you have identified in your client and/or matter risk assessment.

A third-party source of funds check should answer the questions: "How did the third party accumulate the funds to support this transaction?" This will need to go beyond where or who the funds have come from and look at why they have the money they do (eg is it employment income, or from another party).

Along with answering the question of who your client is, identifying where their source of funds originates is one of the most valuable checks you can do to protect your firm from the risk of money laundering and terrorist financing.

 Why is documenting AML decisions so important?

You asked: How important is documenting our AML decisions, and why is it so crucial?

Documentation is critical in AML compliance for three key reasons:

1. Evidence for regulators: If the SRA or law enforcement investigates, your documentation is the proof that you assessed risk, performed checks, and acted appropriately at the time in question.

2. Audit trail for internal reviews: Helps identify procedural gaps and supports internal training.

3. Protection for individuals: If things go wrong, clear records help demonstrate that a fee earner or compliance officer acted in good faith, in line with policy and regulation.

Without documentation, even good decisions can be treated as non-compliance.

Economic Crime Levy (ECL) registration deadlines

You asked: When do firms need to register for the Economic Crime Levy?

Firms subject to the levy must register with HMRC if they are supervised for AML purposes and had UK revenue over £10.2 million in the relevant financial year. Key points:

• Registration deadline: 30 September each year, following the end of the relevant financial year.

• Payment: Due by 30 September as well.

• Failure to register or pay on time may result in penalties and enforcement action.

Firms must register before they submit a return for the Economic Crime Levy. Firms are advised to do this as soon as possible, this is because payments for the levy are due by 30 September of every year. Learn more here and here.

Understanding sanctions risk for counterparties 

You asked: Regarding the risk of a sanctioned counterparty in a transaction, what evidence is required to show we've considered this risk?

If you're representing one party in a transaction, you have a responsibility to consider the sanctions risk posed by the counterparty. Regulators expect you to:

• Screen the other party (and potentially their beneficial owners) against published sanctions lists.

• Assess indirect risks, such as shell entities or intermediaries that could obscure sanctioned individuals.

• Retain evidence, such as:

  • Date and method of sanctions screening.

  • Name of the screening tool used (if applicable).

  • Any red flags considered, and the rationale for proceeding.

This documentation helps show that you have actively considered and mitigated sanctions risk, which is particularly critical in property, corporate, and cross-border transactions.

The SRA has a great resource on this: Complying with the UK Sanctions Regime.

AML Differences: Law Firms vs. Banks

You asked: Why are the banks not subject to the same AML checks when accepting money from clients?

Banks do do checks, they don’t get out of it and the same legislation applies. However, there are a few clear distinctions between how legal services and banking services operate that give a law firm a unique perspective and opportunity, potentially not afforded to a bank in the same way.

Remember that you would never know if a bank had a suspicion, flagged it internally for EDD or review or filed a SAR; as such, you need to gain comfort in your own right.

Regulation 28 of the MLR 2017 requires all regulated firms to conduct Customer Due Diligence (CDD) "to an extent that is appropriate to the risk".

Financial services firms, under FCA supervision and Joint Money Laundering Steering Group (JMLSG) guidance, can front-load their CDD at account opening. They then rely on continuous transaction monitoring rather than requesting documentary evidence for every incoming credit. In contrast, the Legal Sector Affinity Group (LSAG) guidance directs lawyers and conveyancers to examine each matter and understand "where did this pot of money come from, what are its origins?"

Banks do perform source of funds/wealth checks, but typically only at these higher-risk points:

• When onboarding high-risk customers

• When monitoring systems flag unusual credits or patterns

• When a relationship manager identifies an anomaly

For routine transactions (like salary payments or conveyancing completions), banks rely on automated monitoring and SAR obligations rather than manual evidence gathering. This approach is considered proportionate given their transaction volume and account history.

Why this matters for practitioners

• Don't rely on the banking system as proof that funds are legitimate; legal sector guidance identifies this as a risk and states, “It is not enough to know the money came from a UK bank account”. This is often referred to as the UK bank account myth.

• Do document your rationale whenever you decide that no further SOF evidence is required. The Regulator typically begins with "show me your risk assessment".

Conclusion

Navigating the ever-evolving landscape of AML compliance for law firms can feel like a maze, but you don't have to go it alone. We hope these answers to your unaddressed questions, straight from the experts, have helped clarify some of your most pressing queries from our recent LSAG update webinar. Staying informed and adopting a proactive, risk-based approach is key to protecting your firm and your clients from money laundering and fraud.