Happy Friday! Here’s what’s inside this edition of COLP Insider.

We’ve got three fresh blogs to get your team thinking and acting. Sophie tackles the Mazur fallout with a calm, practical lens on what “conduct of litigation” really means for roles and supervision. Liz has decoded Rule 3.3 – the banking facility rule – using a real-world scenario to map risk and mitigation. And, building on this week’s PII webinar with Gary Horswell, we’ve set out a 10-point, plain-English framework you can lift straight into your renewal process.

The news and guidance section rounds up what matters without the noise: the latest on Mazur from both the Law Society and the SRA, practical Law Society notes on setting up a practice, supervision, professional undertakings and COLP/COFA duties, plus GDPR and cyber-insurance refreshers. We also highlight the Legal Ombudsman’s named “public interest decisions” and the ASA’s clampdown on “no win, no fee” group-claim ads.

There’s a short write-up of the PII webinar for those who couldn’t make it, with a link to the recording. If PII week usually involves midnight typing, this one’s for you.

Our disciplinary watch pulls out themes from the most recent SRA enforcement actions.

Finally, Compliance Corner looks at ongoing monitoring – how the SRA/LSAG frame it, why blanket time-based reviews may not be the best way to achieve compliance, suggesting a trigger-based approach may work better.

Skim what you need, and share the bits your colleagues will find most useful.

If you see us at the SRA COLP COFA conference, please say hi!

Jon and the team

“Occam’s Mazur” and the conduct of litigation

Sophie Cisler’s new article takes the heat out of the Mazur case and applies Occam’s razor: what actually changed, what didn’t, and how firms can respond without ripping up their litigation teams.

Read the article

The mystery of Rule 3.3: Is it or isn’t it a banking facility?

Liz Bond asks: when does a client account transaction become a prohibited “banking facility”?

This is one of the greyest of grey areas in the SRA Accounts Rules. This article contains a clear explanation of the rules, a mitigation checklist, and a sensible conclusion on when you can proceed without straying into Rule 3.3 territory.

Read the article

Solicitors PII renewal without the scramble: A practical framework

solicitors PII

Did you find yourself drafting proposal forms at midnight perilously close to renewal week? Eek! Our latest blog turns the latest webinar with Gary Horswell (Ntegrity) into a plain-English framework you can lift straight into your process.

Read the blog post

News and Guidance

Mazur v Charles Russell Speechlys: where the line is drawn (Law Society and SRA)
The High Court’s decision has spooked many in the profession. The Court restated the position in the Legal Services Act that only an authorised person may conduct litigation. Unqualified staff can support but not conduct litigation. The SRA has echoed this, stressing that supervision does not convert support staff into authorised persons – this is despite their previous incorrect advice. CILEX lawyers appear to be caught in regulatory no-man’s-land. For an in-depth review, see Sophie’s post above.

Life in the Law 2025 (LawCare)
A new wellbeing report has been published. The headlines are stark: 56% could leave their workplace within five years; 32% could leave the sector altogether; 59% report poor mental wellbeing, with long hours the standout driver. Psychological safety is middling, and bullying/harassment concerns persist. The most at-risk cohort is 26–35s, with women and carers showing higher burnout indicators. Well worth a read.

Advertising clampdown: ‘no win, no fee’ group-claim ads
The Advertising Standards Authority has issued three rulings against law firms (Johnson Law Group, KP Law, Jones Whyte). Issues with the adverts included: vague fee information, “up to £X” compensation figures without cohort-wide substantiation, landing pages inviting e-signing before terms were clear, and opaque lead-generation set-ups. This adds weight to the SRA’s concerns about high volume consumer claims firms.

Pooled client accounts (Law Society press release)
The proposed 2025 Money Laundering Regulations changes could force firms to produce full CDD to banking partners on underlying clients behind pooled accounts. The Society warns of substantial new burdens – especially for SMEs – and argues for risk-based controls over blanket rules.

Legal Ombudsman: public interest decisions
LeO now publishes quarterly, named decisions where there is serious or systemic failure – with entries staying live for 12 months. They say this isn’t about “naming and shaming” law firms, but a transparency drive using their statutory powers. Themes this round: costs transparency; conveyancing/probate requisitions and tax; immigration filing and updates; client money and non-co-operation; and probate administration errors.

Setting up a practice: regulatory requirements (Law Society practice note)
If you are thinking of starting a new firm, read this updated Practice Note (or speak to us). You will need to decide your structure early (will you be a recognised body; sole practitioner; ABS; Ltd; LLP…?), plan SRA authorisation and PII, and get governance right from day one (COLP/COFA, supervision, risk systems). Client money, transparency and data protection must be right on Day One. Most new firms also have to register for AML supervision and get all their controls sorted, too.

Supervision (Law Society practice note)
This updated Practice Note reminds us that competent supervision is a regulatory and professional requirement. There is a close link with the Mazur case. The Law Society says that firms need to invest in supervisors, to ensure good client outcomes and maintain ethical standards. Build simple systems: named supervisors per area, file and ledger checks, and a clear route to raise concerns. Remote models are acceptable if controls are demonstrably effective.

Professional undertakings (Law Society practice note)
Another updated Practice Note says that undertakings should be treated as high-risk promises. The Law Society recommends that undertakings are drafted tightly, recorded centrally, and that staff are trained effectively. Courts can summarily enforce undertakings against solicitors and partnerships, not LLPs/limited companies – although the SRA can bring misconduct action against all regulated firms for breached undertakings. Watch hotspots in conveyancing, leases and litigation.

Compliance officers: COLP/COFA (Law Society practice note)
Every practice must have a designated COLP and COFA at all times – and these roles carry personal liability. Firms should internally define mandatory reporting protocols (“promptly” means as soon as reasonably practicable). Breaches should be logged, and role-holders have need to have unfettered access to management information, and independent discretion to make compliance decisions. Keep an eye out for possible limitations being imposed by the SRA – there is a governance risk if one individual hold multiple roles.

PII: struck off for trading without insurance (Law Society blog)
The Law Society reports on the sobering SDT case of a solicitor who carried on taking new work without cover and was struck off.

Cyber insurance for law firms (Law Society guide)
Cyber insurance is often described as a “no brainer”, but the relatively low take up in the profession suggests that there is confusion about the cover. What cyber buys that PII does not: your own costs like forensics, PR/crisis comms, data restoration, business interruption and ransomware support – usually with a 24/7 breach team.

GDPR for solicitors (Law Society guide)
Most firms are data controllers and need to register with the ICO. Comprehensive data protection controls needs to be in place, including robust processor contracts; and firms should be be breach-ready (remembering the strict 72-hour reporting window). Data maps, Privacy Notices and data protection impact assessments are all requirements.

Compliance corner: What does “ongoing monitoring “actually mean?

Q: We all know we must do “ongoing monitoring” for AML, but what does that really mean? How can we ensure it happens across the board without turning the firm into a box-ticking machine and effectively re-running onboarding multiple times?

A: You already know that ongoing monitoring is an important part of AML compliance – CDD is not “one and done”. But in practice it’s often the woolliest part of the framework. The regulatory idea is simple enough: keep scrutinising the relationship and the transactions so you spot when the risk profile changes, and keep your CDD “current and adequate” for that evolving risk. The SRA and LSAG both frame this as a proportionate, risk-based duty, not a calendar exercise for its own sake. In other words, you don’t earn points for reviewing a dormant low-risk matter every 90 days; you earn them for noticing when something material has changed and responding accordingly.

One way to operationalise that principle is to shift from “milestones and anniversaries” to clear triggers. First, event-based triggers: a new UBO or director appears, funds start coming from a different source, the matter crosses borders, urgency suddenly spikes, a PEP flag emerges, or a sanctions near-match needs resolving. Secondly, value-based triggers: a single payment or cumulative amounts pass sensible thresholds for your practice, or an unusual residual balance sits on the ledger. Thirdly, a risk-based cadence where it genuinely adds value: high-risk files get periodic pulse checks in addition to event and value triggers; medium-risk files might only warrant an occasional light touch; low-risk, one-off matters usually run on triggers alone. Finally, a dormancy trigger: if nothing has happened for a long period on a live file, add a brief sense-check (often no more than confirming that the risk picture is unchanged).

This works best when it’s visible at file level. At inception, the fee earner could be asked to write a single sentence naming the monitoring triggers that will matter for this client and this matter.

Because practice areas behave differently, the trigger mix should vary. Conveyancing tends to be short-cycle, so event and value triggers do almost all the heavy lifting (e.g. exchange and completion; gifted deposits; third-party payments). In private client and probate, watch for large interim distributions, asset realisations and executor changes. Corporate and commercial files cold be flagged by ownership changes, related-party deals and cross-border flows.

None of this needs to be overly burdensome. Automate re-screening for higher-risk clients and on defined events. Name a monitoring owner (usually the supervisor) so responsibility is clear. Train for “light-touch OK” outcomes: not every trigger demands a full CDD refresh, but every trigger deserves a recorded decision. And resist the false comfort of plastering time-based milestones across every file – reserve them for where they are warranted by risk, not habit.

Whatever controls you land upon, record them in the AML policy. That is what the SRA auditors are looking for at the moment – although no doubt they will start looking at whether those controls are followed in practice.

Risk areas to avoid would include:

Overly systemised ongoing monitoring requirements that generate noise rather than insight
AML policy being silent on ongoing monitoring
Nobody being clearly accountable for ongoing monitoring
Lack of evidence on the file that it has been completed

This is not legal advice. If you have a question you would like us to answer in this section, feel free to send it to info@jonathonbray.com

Free CPD

Recording: Solicitors’ PII market update

PII renewal without the scramble

This session focused on doing the simple things early and well so your professional indemnity renewal isn’t a last-minute firefight. We opened with market context: while renewals now happen year-round, a large tranche of firms still bunch around the autumn peak, putting pressure on brokers, underwriters and finance teams. The practical approach is to start early, leaving around 16 weeks to produce a compelling evidence-led proposal for insurers.

A recurring theme was the one-page renewal narrative: a concise statement of who you are, what’s changed since last year, your key exposures, and the specific controls you’ve strengthened. Underwriters reward clarity and proof over vague assertions and lack of detail.

Common pitfalls came up repeatedly: vague or copy-pasted answers, late or partial submissions, and narratives that haven’t caught up with reality (new services, panel terms, staffing changes). For higher-risk practices (e.g. conveyancing, high volume claims) the message was to show you understand risk and offer evidence of mitigation. Small firms were reminded that lean controls can still be persuasive if they’re specific and evidenced.

Broker engagement was another strand: speak to your broker before you submit to sense-check issues and target markets. After submission, be responsive; and don’t be afraid to get a second opinion.

If you missed it – or want colleagues to catch up – watch the recording here.

Save the date: AML workshop (places limited)

Date: Wednesday 19 November, morning (09:00–12:30)
Format: Live virtual, practical and interactive
Who should attend: MLROs, MLCOs, COLPs/COFAs, managing partners, onboarding leads and anyone responsible for AML systems.

We’re planning a focused half-day session on how to assemble the core building blocks of AML compliance so they actually work together in practice.

Working agenda:

Firm-wide risk assessment
Policies and controls
Client/matter risk assessment
CDD and source of funds
Independent audit
Training

Registration details and full agenda to follow. If you have a thorny CDD/source-of-funds scenario you’d like covered, reply with a brief outline and we’ll try to build it into the Q&A.

Disciplinary Watch

Here’s what has tripped firms up recently, and what you can learn…

The SRA is beating a familiar drum with its AML fines. Maples Solicitors (£29,647) and CF Law (£16,880) were both fined for missing or inadequate matter risk assessments across multiple files, with CF Law also carrying historic firm-wide risk assessment (FWRA) issues. Pearcelegal (£12,958), Photiades (£25,000), Vine Orchards (£20,234), Robert Simon & Co (£7,847), Morgan Kelly (£4,407) and Cameron Clarke (£6,730) join the list for FWRA and control failings, with Johnson Crilly (£7,294) singled out for not keeping AML training records. It has become apparent from this regular pattern of enforcement that the SRA is looking into the paper trail of risk assessment and training as much as the core AML documents. If your FWRA and AML policy are okay but your files are missing matter-level risk assessments, or you cannot evidence staff training, you are still exposed.

Several non-lawyers have been removed or barred from the profession. Emma Charlotte Pearce was “struck off” after stealing from vulnerable clients; Zara Dee Simpson, a PA, kept a £250 staff wedding collection and is now banned; Sam Ulegede misled the Court by implying his firm acted for a client when it did not (he was acting in his personal capacity); Yasmin Machin, a licensed conveyancer, posed as a colleague and made false representations. Paul Gerard, a paralegal, made the familiar career-ending error of amending documents to cover mistakes, and was banned.

Solicitor Ming Fai Tam (aka Matthew Tam) was fined £17,083 after acting for overseas buyers in around 312 off-plan, buyer-led investment purchases across 10 schemes. The SRA’s forensic review found he failed to warn clients about core risks: buying from SPVs with no trading history; unusually high deposits (30–100%) that could be lost; “buy-back” promises that only work if the developer has the cash; and rental guarantees that depend on completion. The schemes largely collapsed – builds stalled or income never arrived.

Training your team: Anti-money laundering

The SRA expects that all ‘relevant employees’ practicing within the scope of the Money Laundering Regulations (MLRs) must receive robust anti-money laundering (AML) training. Now is the time to ensure your firm is compliant. Failure to meet these obligations can result in significant fines and regulatory action.

Our comprehensive AML training is designed to equip your team with the knowledge and practical skills needed to identify, prevent, and report suspicious activities, safeguarding your firm from risk. Ensure your firm stays ahead of regulatory requirements and avoids potential pitfalls by enrolling your team today.

Formats available: Online | In person | On-demand

Don’t miss out—request a free quote today!

Most firms need an independent AML audit

In line with the SRA’s guidance, law firms must not only train their staff but also ensure the effectiveness of their AML controls through regular audits. An independent AML audit is crucial for identifying gaps in your firm’s anti-money laundering controls and ensuring adherence to regulatory standards.

Our expert team conducts thorough reviews of your AML systems and processes, providing actionable insights and recommendations to strengthen your firm’s compliance framework. Stay compliant, avoid regulatory penalties, and maintain the trust of your clients.

Included in the fixed fee:

In-depth analysis of AML policies and controls
Team interviews
File reviews
Customised report and recommendations
Debrief

Formats Available: Online | In person | Hybrid

Act Now: Contact us for a free consultation and safeguard your firm against AML risks

What we do – contact us for further information about our services

Outsourced COLP and COFA support
COLP coaching
Compliance audits
New firm and ABS applications
Independent AML audits (Regulation 21)
Training (online, remote, on demand)
AML and GDPR workshops
PII reviews
Remote file reviews
TPMAs
Escrow accounts
AML and sanctions searches

Older posts

Solicitors’ ethics: Houston, we have a problem

We need to change the conversation around ethics, says Sophie Cisler. This article asks hard questions: when does “common practice” become misconduct? When do blurred lines of behaviour become serious ethics breaches? And do ethical lapses make a solicitor a bad person?

If you think ethics is just about obvious wrongs, this will challenge you. Humans are imperfect – and some of us might have gone off course without realising.

Read the full piece for a fresh view on what ethics looks like in practice — and what we must do to get it right.

Read the article

Solicitors’ PII market update: Lessons from the 2025 insurance renewals

What did the 2025 PII renewal season really teach us? Premiums looked softer for some firms, but insurers are sharpening their focus on risk, compliance culture and financial stability. Some firms sailed through, others hit unexpected hurdles. In this interview with Gary Horswell, we look at what you’ll want to know before your next renewal.

Read the article

Proposed amendments to the Money Laundering Regulations

Coming soon: Changes to the MLRs. The government’s draft amendments to the Money Laundering Regulations are finally here — but are they as disruptive as rumours suggested? The much anticipated simplifications around client due diligence look modest at best, whilst stricter rules for pooled client accounts has the potential to cause serious complications.

Read the update

Start typing and press Enter to search