SRA AML inspection readiness: a step-by-step guide for COLPs and MLROs.
Based on the SRA AML Annual Report 2024/25, which inspected 833 firms and found 32.4% non-compliant. Every step below is drawn from what inspectors specifically cited as failure points.
Source: SRA AML Annual Report 2024/25 · HIGH confidence · All statistics primary source
Complete and maintain CMRAs for every active matter
MLR 2017 Reg 28(12)–(13) · LSAG 2025 §6.450% of non-compliant firms in 2024/25 had no client and matter risk assessments. Each CMRA must record: the client risk factors (type of client, business, source of wealth, PEP/sanctions status); the matter risk factors (transaction type, value, jurisdictions involved); the resulting risk rating (low/medium/high); and any enhanced due diligence triggered by that rating. The CMRA must be dated and signed by the responsible fee earner or MLRO.
Maintain an up-to-date firm-wide risk assessment (FWRA)
MLR 2017 Reg 18 · LSAG 2025 §4.219 firms in 2024/25 had no FWRA despite a 7-year-old duty. The FWRA must cover: the types of customers the firm services; the jurisdictions involved; the delivery channels; and the products and services provided. It must be reviewed when material changes occur (new fee earner, new practice area, change in client base) and at least annually. Inspectors will ask to see the FWRA and its version history.
Evidence ongoing monitoring under MLR 2017 Reg 28(11)
MLR 2017 Reg 28(11) · LSAG 2025 §6.8Only 67% of documented CMRAs showed evidence of ongoing monitoring. Ongoing monitoring is a specific legal duty, not informal vigilance. Evidence must show: that transactions were scrutinised throughout the matter; that documents and information were kept up to date; and that re-screens were triggered when appropriate (counterparty change, value change, passage of time on long matters). A log entry with date, trigger, and outcome is the minimum required.
Assemble your inspection-ready evidence pack
SRA AML Annual Report 2024/25 · Best practiceWhen an SRA inspection letter arrives, firms have limited time to produce: the FWRA and version history; CMRA completion rates by fee earner; source-of-funds documentation for a sample of matters; EDD logs for any high-risk matters; SAR consideration records; training records for all fee earners; and the firm's AML policies and procedures. Having this assembled before the letter arrives — not after — dramatically reduces the risk of appearing disorganised to inspectors.
Verify source-of-funds documentation is complete
MLR 2017 Reg 33 · LSAG 2025 §7.1Source-of-funds gaps appeared in 18–25% of inspected files. For each matter, you need evidence that the origin of funds used in the transaction has been verified — not just the client's identity. For residential purchases, bank statements showing the source of the deposit and any mortgage offer are typically required. For high-value matters or where funds originate from a business or overseas, more detailed evidence is needed. The SRA expects a documented rationale, not just a checkbox.
Related guides
Informational only. Not legal advice. All SRA statistics sourced from SRA AML Annual Report 2024/25. Last updated June 2026.
Book a free compliance health-check