Why file quality has become an AML issue for the SRA
The SRA has shifted from tick-box AML checks to file substance. Here is what inspectors now look for and why weak file quality is now an enforcement risk.
Arvind Manimaran · 1 July 2026 · 6 min read
For years, the informal test of AML compliance in many firms was whether the right forms existed. Was there a policy? Was there an identity check on file? Were the boxes ticked? The Solicitors Regulation Authority's supervision has moved decisively past that. The question inspectors now ask is not whether the paperwork exists, but whether the file holds together: whether it tells a coherent, evidenced story of how risk was assessed and managed. File quality, in other words, has become an AML issue in its own right.
From documents to substance
The clearest evidence of this shift is in how the SRA reports its findings. It reviewed 5,873 files in 2024/25, and its criticisms are increasingly about the quality of what those files contained rather than the mere presence of a document (SRA AML Annual Report 2024/25).
Take client and matter risk assessments. The report does not simply count the files that lacked one. It distinguishes between files with no or incomplete assessment (around 950 files, or 16%) and a much larger group where an assessment existed but failed to effectively evaluate the money-laundering risk (SRA AML Annual Report 2024/25). A document was present. It just did not do its job. Under the old tick-box mindset, that file passed. Under the SRA's current approach, it fails.
An AML form that exists but does not actually assess risk now counts as a failing, not a pass.
The same logic runs through the SRA's treatment of source of funds, where the criticism is often not the absence of checks but checks that were carried out and then not scrutinised. A bank statement on file with no evidence anyone interrogated it is a quality failing, not a completeness one.
What inspectors now look for
The practical consequence is that an SRA file review has become a test of substance. Broadly, inspectors are looking for a file that demonstrates joined-up thinking across a few connected questions.
Does the file assess risk, not just record data?
A compliant client and matter risk assessment (required under MLR 2017, Reg 28) has to reach a conclusion about risk and justify it. Recording the client's name, the matter type and a jurisdiction is data collection. Weighing those factors and arriving at a reasoned risk rating, and then acting on it, is risk assessment. Inspectors want to see the second thing.
Is there a thread from risk to action?
Good files are internally consistent. A matter rated high risk should show enhanced due diligence, deeper source-of-funds enquiry and, often, senior sign-off. When a file rates a matter high risk and then proceeds exactly as a low-risk matter would, the inconsistency is itself a red flag. The SRA looks for the thread connecting the risk assessment to what actually happened on the file.
Is the CDD proportionate and evidenced?
The regime is risk-based, so inspectors are not looking for maximal documentation on every file. They are looking for due diligence that is proportionate to the assessed risk and, crucially, evidenced: recorded in a way that a third party could follow. An enquiry a fee-earner remembers making but never wrote down does not survive a file review.
Is it contemporaneous?
Substance includes timing. Risk assessments and CDD are meant to inform whether and how the firm acts, which means they should be done at the right point, at onboarding and updated as the matter develops, not reconstructed after the fact. A file assembled retrospectively to satisfy an inspection tends to reveal itself.
Why the shift happened
Two forces pushed the SRA in this direction. The first is that tick-box compliance simply does not stop money laundering. A firm can hold a perfect set of forms and still wave through a suspicious transaction, because the forms were never used to think. The regulations were always intended to drive judgement, not administration, and the SRA's supervision has caught up with that intent.
The second is the enforcement environment. With 151 enforcement outcomes in 2024/25 and total fines of roughly £1.5 million (SRA AML Annual Report 2024/25), the regulator has both the mandate and the resources to look closely. Superficial compliance is easy to detect once someone actually reads the file rather than checking a register.
For smaller firms, this shift is double-edged. On one hand, it is not about buying more software or generating more paperwork; a lean firm can produce a high-quality file. On the other, quality depends on consistent professional judgement applied on every matter, which is exactly what is hardest to guarantee when a handful of people are carrying the whole compliance load alongside fee-earning.
Why it matters
The move from tick-box to substance changes what "being compliant" means. It is no longer enough to have the documents; the documents have to do real analytical work and connect to one another. A firm that measures its compliance by counting completed forms is measuring the wrong thing, and, increasingly, measuring something the SRA will look straight past.
The firms most exposed are not the ones with empty files. They are the ones with full files that do not actually assess risk. That is a harder problem to see from the inside, which is precisely why file quality has become the frontier of AML enforcement.
Sources
- SRA, Anti-Money Laundering Annual Report 2024-25: www.sra.org.uk/sra/research-publications/aml-annual-report-2024-25
- SRA, Anti-Money Laundering Annual Report 2024-25 summary: www.sra.org.uk/sra/research-publications/aml-annual-report-2024-25-summary
- The Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017, Reg 28: www.legislation.gov.uk/uksi/2017/692/regulation/28
- Legal Sector Affinity Group (LSAG), Anti-Money Laundering Guidance for the Legal Sector
Written by Arvind Manimaran. This article is educational and does not constitute legal advice. Regulatory positions should be verified against current SRA guidance and primary legislation.
Book a free compliance health-check