Welcome back to COLP Insider. In this edition we meet Harbour Gate Legal LLP, our fictional firm with very real AML headaches, and their new MLRO (Amelia Price) – this was the topic of last week’s AML workshop. We also look at lateral hires through an AML lens, the messy reality of challenging behaviour in law firms, and why “doing some checks” on source of funds is no longer anywhere near enough.
On the horizon, there’s plenty for COLPs and COFAs to keep an eye on: the LSB’s new diversity consultation, more twists in Mazur (now with an AI angle), NCA headlines about Russian-linked money laundering, and the SRA moving from sanctions data-gathering to targeted follow-up. Add in fresh guidance on conflicts and a steady stream of AML fines, and 2026 is shaping up to be another busy year for compliance officers.
As ever, if anything here raises a question for your firm, you can simply reply to this email.
Jon and the team.
AML building blocks: lessons from Harbour Gate Legal
Using our fictional firm Harbour Gate Legal LLP and its new MLRO, Amelia Price, this piece joins the dots between FWRA, PCPs, CMRAs, CDD, training and independent audit. Instead of treating AML as a bundle of separate issues, we show how to build a coherent, risk-based framework that people actually follow in practice. If your AML controls feel more like a filing cabinet than a system, this is a good place to start.
Lateral hires – closing the CDD gap
New partners and teams can be great for business, but they also bring inherited clients, files and risks. In this article, Liz Bond looks at lateral hires through an AML and CDD lens: what you can (and can’t) rely on from a previous firm, how to deal with transferred files, and the questions you should be asking before you onboard a new book of work. It’s about closing the gaps before it’s too late.
Challenging behaviour in law firms
Every firm has them: people whose behaviour crosses the line from “difficult” to genuinely problematic. In this blog we explore what “challenging behaviour” looks like in practice, why it so often goes unaddressed, and how to respond in a way that protects your people, your culture and your regulatory position. It’s a practical look at a topic most firms prefer not to talk about.
Source of funds: doing some checks isn’t enough
Building on the SRA’s recent thematic review, this one is a real-world case study. We look at a recent £23,588 SRA fine for a firm acting for a high-risk PEP client, where “most” of the source of funds and source of wealth work was done – but small gaps and a lack of proper challenge still led to a breach. If your firm handles similar work, this is a useful walkthrough of what went wrong and how to avoid the same fate.
News and Guidance
LSB consultation: tackling barriers to a diverse profession
The Legal Services Board has opened a wide-ranging consultation on how regulators should promote a more diverse and inclusive legal sector. Progress on this front has been “slow and uneven”, with women, minority ethnic groups and disabled people still under-represented at senior levels.
The consultation runs to 2 March 2026 – worth a look for COLPs, HR and EDI leads alike.
Operation Destabilise: billion-dollar Russian laundering network exposed
The NCA has lifted the lid on the latest phase of “Operation Destabilise” – and it reads like the plot of a thriller. Investigators say a billion-dollar Russian-linked network operating in at least 28 UK towns and cities bought control of a Kyrgyz bank to help sanctioned actors move funds in support of the war in Ukraine.
UK criminal cash (including drugs money) was allegedly converted into crypto via “cash-for-crypto” exchanges, then pushed through the bank and other vehicles to Russian state and organised crime beneficiaries. So far there have been more than 120 arrests and over £25m in cash and crypto seized. For law firms, it’s another reminder that sanctions and high-end money laundering risk are never far away from seemingly domestic work.
Mazur, AI and the conduct of litigation
The Law Society has updated its Mazur practice note again – this time to flag the AI angle. The Society is now openly asking the SRA for urgent guidance on how AI tools can be used in litigation support without straying into the reserved activity of “conducting litigation”.
The concern is that if decisions taken by AI could be treated as if they were taken by a human fee-earner, firms may think twice before deploying tools that draft, file or manage contentious work. Until the SRA spells out a position, anyone experimenting with AI-driven litigation workflows will need to be cautious, keep supervision front and centre, and document their reasoning.
Mazur heads to the Court of Appeal
Legal Futures reports that the Court of Appeal has granted CILEX permission to appeal the Mazur decision, calling it an “important point of practice” for the whole profession. CILEX wasn’t involved in the original case, but it has been vocal about the impact on chartered legal executives and other non-authorised staff who routinely support litigation.
The appeal will focus on who can “conduct litigation”, and in what circumstances, against a backdrop of nervousness about traditional supervision models and access to justice. A hearing is expected in 2026, so Mazur will remain live for some time yet.
High-volume consumer claims: focus on SSB lessons, says Law Society
On high-volume consumer claims, the Law Society is urging the SRA not to reach for shiny new rules before fixing its own supervision. In response to the SRA’s discussion paper (prompted by the SSB Law collapse), Chancery Lane says the regulator should first address the failings highlighted by the LSB’s SSB review – including weak financial scrutiny and poor intelligence handling.
The Society supports better consumer protection, but warns against headline-grabbers like banning “no win, no fee”.
Sanctions: from data-gathering to targeted follow-up
Following its latest AML data collection, the SRA has set out what it plans to do with the sanctions information firms submitted – and some will be hearing more. Around 490 firms whose responses suggest weak controls (no written sanctions risk assessment and no screening of new clients) will receive letters with tailored guidance and signposts to good practice.
The SRA is also planning desk-based reviews of firms with higher sanctions exposure, based on their client base or services, and will continue to probe sanctions controls during AML inspections. In other words, we are moving from “tell us what you do” to “show us this is working”. If your last submission felt a bit box-ticky, now is the moment to get your house in order.
Compliance conference resources now live
The SRA has published the slide decks and other resources from this year’s COLP/COFA compliance conference. If you couldn’t attend, or your recollection is a blur of coffee and breakout rooms, this is an easy way to catch up on the regulator’s current thinking on AML supervision, high-volume claims, Mazur, client protection and AI.
The materials can also double as internal training for COLPs, COFAs and partners. You might find it useful to read our write-up: 11 things we learned at the SRA’s COLP COFA conference 2025.
Conflict of interests: updated Law Society practice note
Finally, the Law Society has refreshed its practice note on conflicts of interests, aimed at all SRA-regulated solicitors – including those working in unregulated businesses and as freelancers. It neatly pulls together the position on own-interest conflicts, client conflicts, and the interplay between confidentiality and disclosure.
The note re-emphasises the two narrow exceptions where you may act despite a client conflict (substantially common interest or competing for the same objective), and the conditions that must be met: informed consent, effective safeguards and an overall “is this sensible?” test. There is also practical guidance on information barriers, common conveyancing and lender scenarios, and the added complexities for in-house and freelance practice.
Compliance corner: How do we “ensure” people follow AML policies?
Q: Our AML policies, controls and procedures look good on paper, but in practice some case handlers – especially senior people – keep ignoring them. As COLP/MLRO, how are we supposed to “ensure” firm-wide compliance when the repeat offenders are the ones with the most clout?
A: I love this question – and you’re right, it is a very common problem.
The first thing to say is that you are not personally expected to guarantee perfect adherence. The SRA knows that people are human and that some will push the boundaries. What it does expect is that you put in place sensible systems, supervision and escalation. Your role is to make it easier to do the right thing than the wrong thing, and to show that when people don’t comply there is a predictable response.
A lot of this comes down to ownership. PCPs cannot just be “the MLRO’s rules”. They need to be clearly owned by the partners or board, who approve them formally and talk about them as part of how the firm does business. That includes backing you when you challenge non-compliance, even (especially) where the individuals involved are senior or influential. If the message from the top is that AML and other PCPs are non-negotiable, it becomes much harder for people to shrug them off as admin.
It is also worth testing whether you have made it as easy as possible for people to comply. If the key steps are buried in a 50-page manual and not reflected in your precedents and workflows, you will always be fighting an uphill battle. The more your PCPs are built into the way files are opened, risk-assessed, and progressed in the case management system, the less you are relying on fee-earners’ memories and goodwill. Alongside this, make sure people understand the “why” behind the rules, not just the steps themselves. It is easier to get pushback where the process looks like box-ticking.
You also need some way of knowing whether the PCPs are actually being followed. Regular file reviews or dip-sampling, and some simple data around key controls (for example, client and matter risk assessments, CDD, source of funds/wealth checks and timing) will show you where the gaps really are. Sharing those findings with teams, in a constructive way, often has more impact than another generic reminder email. Senior people tend to listen when data shows that their team is an outlier.
When it comes to repeat offenders, there is a point where this stops being a training issue and becomes a conduct or performance issue. If someone keeps ignoring agreed procedures after expectations have been clearly set, that should be addressed in one-to-ones, appraisals and, if necessary, through the formal management channels. Their non-compliance should not be glossed over just because they are a big fish. In serious or wilful cases, particularly where there is a real AML or sanctions risk, you may also need to consider whether their behaviour is reportable to the SRA.
None of this needs to be draconian. You can balance the “stick” with some “carrot”: sharing good practice examples, recognising teams and individuals who are doing things well, and using real SRA case studies to show why the rules matter. Over time, this helps to create a culture where following PCPs is simply seen as part of being a good lawyer.
Finally, do protect yourself. Keep a clear record of how the PCPs have been implemented, the training you have delivered, the monitoring you carry out, and the steps you have taken to address non-compliance. If the SRA ever looks at the firm, you want to be able to demonstrate that you took reasonable, proportionate action to secure adherence, even if some individuals chose to let everyone else down.
This is not legal advice. If you have a question you would like us to answer in this section, feel free to send it to info@jonathonbray.com
Free CPD
Next session: Harbour Gate returns – Amelia’s next challenge
We’re heading back to Harbour Gate Legal LLP for our final webinar of the year – this time, their MLRO, Amelia Price, has been asked to step up as COLP and COFA as well. Sensible move… but also a slightly terrifying one.
In this session, we’ll use Amelia’s fictional firm (who we met in our last workshop) as a springboard for some very real issues: what a new compliance officer should focus on in their first 6–12 months, and the regulatory themes we expect to dominate 2026.
Save the date: Wednesday 10 December, 12:00pm. Invitations will go out shortly – as always, existing clients get first refusal on the limited places, so keep an eye on your inbox if you’d like to join Amelia on her ongoing compliance journey.
Half-day AML workshop: recording now available
Thank you to everyone who joined us (and our friends at FirstAML) for last week’s half-day “AML building blocks” workshop. Using our fictional firm Harbour Gate Legal LLP and its new MLRO, Amelia Price, we walked through how the core elements of an AML framework actually fit together in practice, from FWRA and PCPs, to client/matter risk assessments, CDD, independent audit and training.
The session focused on turning AML from a collection of sub-topics and documents into a coherent, risk-based system: making FWRA genuinely firm-specific, simplifying PCPs so people actually follow them, driving consistency in CMRAs and source of funds checks, getting real value from Reg 21 audits, and moving beyond “tick-box” annual training to something that measures understanding and shapes culture.
If you missed it – or want colleagues to catch up – you can watch the recording here. The passcode is XS1z+g8W and the recording will be available for 30 days.
Disciplinary Watch
Another busy period for the SRA, with a familiar mix of AML fines and dishonesty cases – including several non-solicitors removed from the profession.
Ray Borley Dunkley LLP – £5,072 AML fine
Firm fined for sub-par AML policies, controls and procedures. A reminder that having “something on the shelf” is not enough – PCPs must be compliant and implemented.
John P Martin & Co – £3,340 for missing FWRA
No compliant firm-wide risk assessment meant a regulatory penalty. The FWRA remains the SRA’s first port of call when testing AML systems.
Richard Pearlman LLP – £20,048 SoF failure
Significant fine for failing “to conduct sufficient, or any, source of funds checks” on six matters. Source of funds is one of the main AML weak spots the SRA is targeting.
Charles Douglas Solicitors LLP – £23,588 PEP SoF/SoW breach
Fined for inadequate source of funds and source of wealth checks on a PEP client and associated businesses – we’ve written this one up separately in our blog.
Palmer and Palmer Solicitors Limited – £5,681 AML shortcomings
Penalty for inadequate risk assessments and source of funds checks. Again, the basics of the AML framework are where firms are getting caught out.
Newnham & Jordan Solicitors Ltd – £8,477 AML fine
Another firm fined for failing to maintain a compliant firm-wide risk assessment. If your FWRA still looks like a generic template, take note.
Jonathan Ward – IT support manager banned
Non-solicitor IT support manager prohibited from the profession following a conviction for indecent assault.
Rachel Bingley-Wakefield – dishonest signature copying
Client support worker struck off for copying and pasting client signatures into conveyancing documents without their knowledge – found to be dishonest.
Carlene Hogg – false time recording
Client support assistant removed from the profession for dishonestly creating time entries that had not taken place and grossly exaggerating time spent.
Sheraz Hussain – strike-off for forged signature
Conveyancing case handler (not a solicitor) struck off for dishonestly copying a client’s signature from one loan document to another.
Neil Brown – misleading a client about expert evidence
Head of litigation (again, not a solicitor) struck off for misleading a client about instructing an expert and obtaining a medical report.
New support for COFAs and finance teams
We’re ramping up our support for COFAs and legal finance teams – with some serious firepower. Sean Hankin (almost 30 years regulatory experience and co-author of the current SRA Accounts Rules) and Liz Bond are now delivering bespoke masterclasses for COFAs and accounts staff, focused on what the regulator really expects in 2025.
Alongside the training, we’re offering client account health-checks to stress-test your systems before the SRA (or your reporting accountant) does, and targeted projects to clear stubborn residual balances in a way that keeps both the regulator and clients happy. If your client account keeps you awake at night – or you’d like to make sure it doesn’t – we’d be very happy to talk.
Most firms need an independent AML audit
What we do – contact us for further information about our services
- Outsourced COLP and COFA support
- COLP and COFA coaching
- Compliance audits
- NEW: Client account health checks
- NEW: Residual balance projects
- New firm and ABS applications
- Independent AML audits (Regulation 21)
- Training (online, remote, on demand)
- AML and GDPR workshops
- PII reviews
- Remote file reviews
- TPMAs
- Escrow accounts
- AML and sanctions searches
Older posts
It’s not me, it’s you: How to dump your client
In this piece, Sophie takes on a topic most firms would rather avoid – how (and when) to stop acting for a client who is costing you far more than they’re worth. From serial late-payers and scope-creepers, to bullies and boundary-pushers, she looks at the warning signs that it’s time to walk away and the regulatory points you need to have in mind when you do.
If you’ve ever found yourself saying “never again” after a nightmare matter, Sophie’s pragmatic approach to client disengagement is well worth a read.
Mazur and the conduct of litigation: who is really running your cases?
Who is really running your litigation files – the authorised litigator on the letterhead, or the experienced paralegal doing all the work?
In this article we unpack Mazur v Charles Russell Speechlys and what it really means for day-to-day practice. Mazur poses some uncomfortable questions about litigation models, job titles, supervision and even self-reporting to the SRA.
If your business model relies on non-authorised staff “running” cases under light-touch oversight, this is one to read before your next risk and governance meeting.
Source of funds: A source of fines
Is your “source of funds” work really as good as you think?
The SRA’s latest thematic review suggests otherwise, with more than one in ten relevant files showing no source of funds checks at all – and plenty more where fee-earners gathered paperwork but didn’t properly scrutinise it. This new article unpacks what the regulator actually expects on source of funds and source of wealth, why firms are still getting it wrong, and the practical steps you can take to keep your name off the fines list.
WhatsApp and solicitor-client communication: convenience at a cost?
Does your firm really know what’s happening in its WhatsApp chats?
WhatsApp feels like the perfect tool for busy lawyers and clients – quick, convenient and always to hand. But as we explore in this new blog, that convenience comes at a serious cost to supervision, record-keeping and confidentiality. When legal advice lives in private chat threads on personal phones, can you honestly say you still have a complete file, a defensible audit trail and control over client data?
