By Ed Marshall
Can we, just for five minutes, put AML to the side? Normal service will resume soon, I promise.
Here is a question for you: are we, as a profession, becoming so preoccupied with AML that we’ve forgotten the building blocks of legal compliance? That there’s more to it than AML? What else are we missing when we focus our limited resources on one area of compliance?
An imbalance in the compliance force
It’s fair to say that with the ongoing and constant focus from the SRA on money laundering spot checks, investigations, and findings, we could be forgiven for becoming blinkered. AML is, of course, highly important — and we are not suggesting it should be forgotten — but maybe its importance can, at times, be over-emphasised.
One of the core SRA Principles is maintaining the public trust in the legal profession, and that’s not achieved by simply having a good firm-wide risk assessment. A firm with a working and effective compliance outlook places just as much emphasis on client confidentiality, conflicts management, professional conduct, supervision, and client care as it does on AML.
When AML becomes the only compliance issue with serious internal traction, other duties may slip through the cracks — often going unnoticed until a complaint or audit reveals the oversight.
We’ve seen this firsthand. Firms where the AML policy is updated like clockwork, but the complaints are stacking up. Where there’s a template for onboarding new clients, but no process for supervising junior fee-earners or logging concerns about poor service.
The legal and regulatory risk isn’t any smaller in these areas — it’s just less likely you will be fined for them.
The risk of neglecting the fundamentals
When the compliance lens narrows too far, it distorts the overall risk picture.
Firms that over-rotate towards AML may find themselves:
Missing supervisory red flags that could have prevented service failings or negligence claims.
Ignoring staff wellbeing, contributing to burnout and ethical blind spots.
Failing to maintain clear lines around confidentiality or conflicts.
Overlooking basic client care obligations — timely communication, clear costs information, and accessible complaints handling – resulting in time-consuming Legal Ombudsman cases and poor client feedback.
These risks can be serious. But because they’re less tangible than client due diligence, and often don’t attract the same regulatory spotlight, they’re easier to let slide — until they become the subject of a formal investigation, an insurance claim, or a headline in the legal press.
Tick-box compliance culture
With AML audits and spot checks becoming more frequent, many firms have understandably prioritised demonstrating that the right policies, procedures, and records are in place. Despite the SRA’s insistence that AML compliance should be risk-based and thoughtful, the reality on the ground often feels very different.
In practice, the pressure to pass an audit means firms focus on what can be evidenced – completed forms, up-to-date risk assessments, records of training, and e-verification reports. This creates a strong incentive to view compliance through the lens of documentation rather than real-world judgement.
We’re not blaming firms for this. It’s an entirely rational response to a system that rewards evidence over insight. But the danger is that this tick-box mentality becomes embedded. It spreads into other areas of compliance – supervision, client care, complaints handling – where good management, professional judgement and ethical reasoning should take precedence over paperwork.
We’ve seen policies that say all the right things, but no one in the firm can explain what they mean in practice. File reviews where the right forms are present, but no one has asked why a client is acting in a particular way, or whether the legal work makes commercial sense.
Ticking the boxes might get you through an audit. But it won’t protect the firm – or the public – when the real risks come knocking.
Striking the balance
True compliance isn’t about perfecting one corner of regulation while ignoring the rest. A holistic compliance approach ensures that a firm meets its ethical and legal obligations across the board. That means covering everything – from AML to confidentiality, professional conduct, supervision, client care, and staff wellbeing.
The SRA itself has emphasised that AML does not override or replace other regulatory responsibilities. In fact, a firm that nails its money laundering processes but breaches other rules is still failing its regulatory duties and will fall foul of the regulator.
We need to steer clear of tunnel vision — where AML is both the beginning and the end of compliance. Let’s look at compliance holistically:
Are we checking and updating our office manual and/or policies regularly?
Is AML integrated into our overall compliance plan — not sitting in a silo?
Are our staff trained to think critically about their clients and the work being undertaken?
Do the leaders within the firm set the tone for compliance?
Are we paying enough attention to risk areas like supervision, complaints, conflicts, confidentiality, and client communication?
Have we, or our staff, become slaves to the tick-box compliance culture?
The bigger picture
AML is undoubtedly important, and the SRA has made its expectations unambiguous. We conduct enough AML audits to know there’s still plenty to do. However, the legal profession must guard against letting the AML agenda overshadow other compliance concerns.
Let’s not be short-sighted and fixate on AML alone. Let’s get back to the fundamentals of legal compliance. Balance is everything.
