Welcome to the final COLP Insider of 2025, the Christmas jumper edition. Thanks for sticking with us through another year of consultations, warning notices and AML acronyms. We’ll be taking a short break after this issue and will be back in your inbox in January, once the mince pies and school plays have subsided.
In this edition we’ve got three new long reads to curl up with between matters: Sophie looks at why staff money worries are not just an HR issue but a live compliance risk; we return to Harbour Gate Legal LLP to follow Amelia Price as she adds COLP and COFA to her MLRO badge; and there’s a practical guide to life as an ACSP for firms facing the Companies House reforms.
Alongside that, we cover the SRA’s latest consumer protection proposals (including a possible return to universal accountants’ reports), fresh Mazur guidance, amongst other news. Compliance corner tackles the problem of misleading the court, and Disciplinary watch brings another crop of AML, undertakings and supervision cases to discuss with the team.
You’ll also find links to the latest webinar and workshop recordings below. Next month, we are planning a live session on how to interpret a reconciliation statement.
Have a restful break when it comes, and thanks again for reading and sharing COLP Insider this year. See you in January!
Jon and the team.
Beyond the balance sheet: Staff money worries are your firm’s risk
We tend to think of “financial risk” as something that lives in client account – but what about the money worries your own staff are carrying around with them? In this article, Sophie looks at new research on financial well-being in the profession, and argues that personal financial stress can drive over-billing, overwork and poor decision-making, with real consequences for quality, ethics and the firm’s bottom line. If you care about culture, competence and reputation, you may need to start treating staff finances as a live compliance issue.
Amelia’s next challenge: Our latest compliance webinar write-up
What should a brand new COLP/COFA focus on in their first year, especially when they’re already wearing the MLRO hat?
In our latest Harbour Gate webinar, we dropped in on fictional MLRO-turned-COLP Amelia Price as she gets to grips with complaints, client money, AI tools and the SRA’s shifting priorities. It’s a practical, story-led debrief from this week’s live webinar.
How to be an ACSP: a guide for law firms
Thinking about becoming an Authorised Corporate Service Provider, or wondering whether you really need to? Our new guide walks law firms through the Companies House reforms, what ACSP status actually involves, and how to build a compliant, joined-up process alongside your existing AML framework. If you intend to verify clients’ identity or file at Companies House, this is one to read as the new regime comes into play.
News and Guidance
SRA sets out next steps in drive to shore up consumer protection
The SRA is pressing ahead with plans to tighten the safeguards around client money, setting out detailed proposals on accountants’ reports and internal checks and balances in firms during a webinar to launch its latest consumer protection consultation.
Solicitors are being urged to respond to the consultation by 20 February 2026.
The measures form part of the second phase of the SRA’s wider consumer protection review, which is examining whether existing protections remain fit for purpose in a market characterised by consolidation, new ownership structures and increasingly complex financial arrangements.
While the regulator has parked some of the more fundamental questions, such as whether solicitors should keep interest earned on client money and even hold client money at all, it is clearly signalling that near-term changes to supervision and governance are on the way.
Déjà vu for accountants reports
A central plank of the consultation is the role of the external accountant in safeguarding client money.
The SRA revealed that a recent review of nearly 600 firms highlighted worrying gaps: some firms that should have obtained accountants’ reports had not done so; others were submitting them late; and there were cases where qualified reports were not being sent to the SRA at all.
The regulator’s conclusion is that it simply lacks reliable visibility over whether firms are complying with the accountants’ report regime. The current risk-based model, in which only qualified reports are submitted, is not giving the SRA the information it needs.
The consultation therefore proposes that:
- All accountants’ reports, qualified and unqualified, must be submitted to the SRA (i.e. back to the pre-2014 position)
- The standard report form will be amended to include a clear declaration from the reporting accountant that the work has been carried out in accordance with the SRA’s requirements, and whether the report is qualified.
- Every firm that holds client money will have to make an annual declaration, confirming it has obtained an accountant’s report where it is required to do so.
- The regulator is actively considering requiring the reporting accountant to submit the report directly to the SRA, rather than relying on firms to forward it.
- Fixed financial penalties may be introduced for late submission of reports, and for incomplete or inaccurate annual declarations.
The SRA also intends to update its guidance to reporting accountants..
However, some ideas have been dropped for now. The SRA has stepped back from introducing mandatory rotation of reporting accountants, acknowledging concerns about cost and practicality, and pointing instead to the independence requirements imposed by the accountants’ own professional bodies. Existing exemptions (for firms holding very low levels of client money, and for those that only hold Legal Aid Agency funds) are also set to remain.
Crucially, the SRA says its attention will continue to be focused on qualified reports, where the most serious issues are likely to be flagged. The regulator is not proposing routine detailed scrutiny of unqualified reports, although sampling is not ruled out.
Checks and balances: separating power from oversight
The second main strand of the consultation addresses what the SRA describes as a structural weakness in governance: the concentration of ownership, management control and regulatory roles in the hands of a single individual.
In a number of high-profile failures, one person has not only owned and run the firm, but also held the COLP, COFA and, in some cases, MLRO/MLCO posts. In these scenarios, the internal compliance roles can cease to operate as meaningful checks and balances, with obvious implications for the protection of client money.
The LSB’s independent review of the Axiom Ince scandal squarely highlighted this risk, and the SRA has clearly taken the point.
In its earlier, more high-level consultation the regulator floated the idea that anyone able to make unilateral management decisions affecting client money should be barred from acting as COLP or COFA. While there was broad support for the principle of stronger checks and balances, respondents raised serious concerns about proportionality, particularly for smaller firms and sole practitioners, and highlighted the diversity of governance models across the market.
The new proposals attempt to target the change more precisely.
The SRA now suggests that, in firms meeting certain size or risk thresholds, an individual who can “unilaterally determine or direct significant management decisions” should not also act as COLP or COFA. The proposed thresholds are:
- Annual turnover above £600,000; or
- A client account balance above £500,000 at any point in the previous period.
The position of sole practitioner and sole principal firms is particularly sensitive. The SRA proposes that where a sole-owner firm falls below the turnover threshold but above the client account threshold, the owner could still remain COLP but would need to appoint someone else as COFA. The regulator accepts that this is a significant change, likely to involve cost and complexity, and is explicitly seeking evidence on the real-world impact.
Notably, the SRA has resisted calls for a mechanistic definition of who counts as a “unilateral decision-maker”, such as specifying particular shareholding or voting-rights percentages. Instead, as with the long-standing “sufficient seniority and responsibility” test for compliance officers, firms will be expected to interpret and apply the concept in the context of their own governance structures and to be able to justify their analysis.
Given the fundamental challenges this would present, we would be surprised to see this element survive consultation.
A new focus on firm changes and consolidation
The third theme covered in the webinar was less a concrete proposal and more an indication of where the SRA is heading next.
At present, the regulator’s main regular data point post-authorisation is the annual practising certificate renewal exercise. Firms are required to notify certain material changes, but it is possible for a business to change its risk profile significantly, through rapid growth, acquisitions or shifts into new areas of work, without the SRA having timely sight of it.
Historically, where firms have been involved in acquisitions, the SRA’s focus has often been on the closing firm, where it ensures orderly transfer of files and client money, rather than on the acquiring firm and the risks that expansion might create. Recent failures, almost all involving issues around client money, have had poorly managed growth or integration as a common feature.
The regulator now believes it needs a more systematic, risk-based framework for monitoring firms that change risk profile. While this is not the subject of the current consultation, work is underway on a separate set of proposals for 2026.
Bigger issues parked…for now
Some of the more radical ideas that surfaced in the earlier stages of the consumer protection review are explicitly off the table in this consultation.
These include whether the traditional model of solicitors holding client money in a client account should be revisited altogether; the structure and funding of the compensation fund; the treatment of interest earned on client money (including whether it might be used for wider funding of the justice system); and the scope for greater use of third-party managed accounts or other outsourcing models.
The SRA says it has “banked” the feedback already received on these points and will return to them once the near-term measures have been finalised and the separate work on oversight of firm changes is further developed.
What happens next?
The consultation runs until 20 February 2026, with the SRA aiming to settle its final position on accountants’ reports and internal checks and balances later in the year, subject to the usual sign-off by the Legal Services Board.
The SRA has been keen to emphasise that earlier consultation responses have materially shaped this latest iteration. It is now looking for detailed, evidence-based feedback on the practicality and proportionality of the new proposals, particularly from smaller firms and sole practitioners who may find the separation of roles most challenging.
What is clear is that the SRA regards both the visibility of accountants’ reports and the concentration of power within firms as live consumer-protection risks. While the most radical structural reforms are for another day, the direction of travel is clear.
Firms warned to fix Mazur fallout or face SRA enforcement
The SRA has warned firms they can expect enforcement action if they do not change their working practices in light of the High Court’s decision in Mazur v Charles Russell Speechlys, even though the ruling is now the subject of an appeal.
New guidance on the SRA’s website, badged as a “hot topic”, confirms that only authorised persons (or those falling within statutory exemptions) may conduct litigation under the Legal Services Act 2007. Non-authorised staff “can only support authorised individuals to conduct litigation”, not conduct it themselves under supervision.
The regulator acknowledges the profession’s “concern and confusion” after Mazur, which held that a non-authorised fee-earner employed by a law firm could not conduct litigation simply because they were supervised by a solicitor. The judgment has thrown into doubt long-standing models in high-volume work where paralegals and other non-qualified staff run cases day to day.
CILEX has already applied for permission to appeal to the Court of Appeal, arguing that the High Court interpreted the law too narrowly and warning of serious consequences for CILEX members and other non-solicitor litigators. Despite that, the SRA’s message is that firms cannot sit on their hands while the appeal plays out.
Sympathy window – then the stick
The guidance offers a limited “sympathy window” for past mistakes. Firms that conclude they have been operating incorrectly can self-report, and the SRA says it will take a sympathetic approach to genuine errors based on a mistaken view of the law, where the conduct pre-dates publication of its Mazur page on 20 October 2025.
It can only be concluded that it is a regulatory expectation that self-reports will be made. COLPs – sit up and take note.
But the tone hardens for those who carry on as before. In a clear warning shot, the regulator states that if firms are conducting reserved activities without authorisation and “have not addressed the implications of the judgment and our guidance”, they can expect the SRA to deploy its investigative and enforcement powers.
As always, the onus is on firms
The SRA concedes there is no “bright line” between supporting litigation and conducting it, and stresses that it is not giving legal advice or purporting to interpret the statute. Instead, it offers a series of factors firms should weigh, such as who has assumed ultimate responsibility for the litigation and who is exercising judgment over how it is progressed on a day-to-day and strategic basis. Courts, it says, will look at substance over form.
Firms are told to audit supervision arrangements, check the precise scope of practising rights for staff authorised by other regulators (such as some legal executives and barristers), and keep detailed records of their decision-making to comply with the Code of Conduct for Firms. The guidance cross-refers to the SRA’s existing material on effective supervision, enforcement strategy and bringing criminal proceedings.
Profession caught in the middle
The Law Society has already issued its own practice note on Mazur, spelling out who can conduct litigation, what work non-authorised staff can do, and the consequences of breach. It accepts there are still “grey areas” and calls for further clarity from regulators.
With an appeal bid underway and multiple bodies publishing overlapping guidance, practitioners could be forgiven for hoping for a period of regulatory forbearance.
The SRA’s latest intervention suggests otherwise: whatever happens in the Court of Appeal, firms that have not actively reviewed and, where necessary, re-engineered their use of non-authorised staff in litigation can now expect enforcement action.
Law Society updates client account guidance as FSCS limit rises to £120,000
The Law Society has updated its practice note on protection for client accounts to reflect a significant increase in the Financial Services Compensation Scheme (FSCS) limit for deposits held with failed banks and building societies. From 1 December 2025, the standard FSCS deposit protection limit rose from £85,000 to £120,000 per eligible claimant, with the temporary high balance limit increasing from £1m to £1.4m.
The revised guidance confirms that these higher limits apply to client money held in solicitors’ client accounts in the same way as to personal deposits. However, the cap remains per individual, per banking licence. Any personal funds a client holds with the same institution count towards the same £120,000 ceiling. Firms are reminded to consider how they structure client accounts across institutions, and to check which brands share a single banking licence via the FCA’s Financial Services Register.
The practice note reiterates that, provided money is placed in accordance with the SRA Accounts Rules, firms are unlikely to be liable in negligence if client funds are lost following the collapse of a deposit-taking institution. It also sets out good practice on making FSCS claims, including the need to obtain clients’ consent before disclosing their details, and on explaining to clients how their money is protected – particularly where balances may exceed the new limits or qualify as temporary high balances.
Overall, the Law Society is signalling that while the increased FSCS limits strengthen the safety net for client funds, firms still need to be proactive in monitoring where money is held, updating their terms of business and client communications, and ensuring their internal records would support swift and accurate FSCS claims if a bank or building society were to fail.
Law Society sounds alarm over rising threats to solicitors
Threats, abuse and intimidation towards solicitors are becoming “systemic and rising”, the Law Society has warned in new research which suggests the personal safety and wellbeing of lawyers is increasingly at risk simply for doing their jobs.
Half of those surveyed had seen their firm or organisation receive threats or abuse in the past 12 months, while more than a quarter had been personally targeted. Nearly two in five felt their personal safety was at risk because of their work, with criminal, social welfare, and advocacy/litigation practitioners most exposed. One in eight had considered leaving the profession as a result. This figure was higher among women, Black, Asian and minority ethnic solicitors, and those in the first 15 years of practice.
Threats most commonly arose from current or recent cases and were delivered by email, verbally or via social media, often around court buildings or online. Respondents reported harassment, stalking, damage to property and malicious complaints to regulators. While many firms have introduced stronger physical and cyber security, lone-worker policies and staff training, almost a fifth of affected solicitors said their employer had taken no action, and 45% of those threatened had not adopted any personal safety measures.
The report calls for more structured support from both firms and the profession’s institutions.
UK sanctions Russian spy agency over Skripal attack – check your screening tools
The government has imposed sweeping new sanctions on Russia’s military intelligence agency, the GRU, in response to the Dawn Sturgess Inquiry’s finding that Vladimir Putin personally ordered its Salisbury operations in 2018. The UK has now designated the GRU in its entirety, alongside 11 individuals linked to Russian state-sponsored hostile activity, including eight cyber military intelligence officers. These officers are said to have targeted Yulia Skripal with “X-Agent” malware years before the Novichok attack and to have been involved in wider destabilisation activity across Europe.
For law firms, this is primarily a sanctions-screening issue. Make sure your sanctions tools are up to date, that the GRU and named individuals are captured, and that any clients or counterparties with Russian state, defence or cyber links are properly risk-assessed. Firms handling cross-border litigation, arbitration, corporate or banking work with a Russia angle should be particularly alert to new hits or near-matches triggered by this update.
Government unveils anti-corruption drive targeting “professional enablers”
The government has published a new UK Anti-Corruption Strategy 2025 which puts “corrupt lawyers, accountants and bankers” firmly in the crosshairs, promising to “hunt down” professional enablers who facilitate bribery and illicit finance.
Launched by Justice Secretary and Deputy Prime Minister David Lammy, the strategy pledges an extra £15m for the City of London Police’s domestic corruption unit, expanded use of sanctions, and a 2026 global summit on illicit finance. Ministers also signal that US-style financial incentives for whistleblowers are “on the table” as part of a wider review of the UK whistleblowing framework.
The plan builds on November’s parallel strategy for large-scale tax fraud and folds in existing commitments, including moving AML supervision of professional services to the FCA and deploying AI in complex investigations by the Serious Fraud Office. Anti-corruption champion Margaret Hodge will lead a review of stolen assets held through opaque structures, while the National Crime Agency’s kleptocracy unit is promised further support.
For law firms, the direction of travel is clear: more focus on financial crime in all its guises.
Compliance corner: “Everyone does it…don’t they?”
Q: I’m really stressed about something that’s happened on one of my cases and I don’t know what to do.
I’m about 3 years’ qualified in a busy commercial disputes team. We’re acting for a big, long-standing corporate client and this case has already cost them a fortune in fees. Trial is in six weeks, so everyone is on edge.
At the CMC last week the judge absolutely tore into the other side for their late disclosure and basically warned them that he’d “take a dim view” of any more delays.
Then the next day a partner tells me there’s a batch of emails on the client’s system that we didn’t properly review because of time pressure and from what she’s seen, they could undermine a key part of our witness evidence.
She says she doesn’t want to stir this up now because it will “muddy the waters”, that the other side have been worse than us on disclosure and the judge has already slapped them, so why would we “shoot ourselves in the foot”. She keeps saying our disclosure searches were “proportionate” and that we shouldn’t go looking for trouble, if the emails ever surface, we’ll deal with it then. She also makes a not-very-subtle point that if we raise this with the client now, there’s a real risk they’ll walk and take their very large annual spend with them.
I feel sick about it. On one hand, I can just about see the argument that we haven’t “found” the documents yet. On the other hand, I know full well that if we actually look properly, those emails will have to be disclosed and our witness evidence will have to change. It feels like we’re deliberately not looking so we don’t have to deal with the fallout.
I honestly don’t know where that leaves me. Am I supposed to just do what the partner says and keep my head down?
A: Parking the CPR side of this and looking at it purely through the ethics/compliance/professional duties angle, you are absolutely right to be uncomfortable. Once you know there is likely to be emails on the client’s system that contradict a key point in your witness evidence, you are no longer dealing with a technical disclosure question. You are in the territory of misleading the court.
The SRA Principles put the court and the administration of justice at the top of the pecking order, before the client and certainly before the firm’s fee income. You are expected to act with honesty and integrity and not to let the court be misled, including by silence or omission. If you knowingly sit back while evidence you are putting forward is incomplete or misleading, you are taking a personal regulatory risk. There is no “get out of jail free card” because a partner told you to do it.
So, can you just follow instructions and keep your head down? No, that would be dangerous.
In practical terms, I would go back to the partner and be very clear (and calm) that your concern is about your professional duties, not about second-guessing her litigation strategy. You can say, in your own words, something like: “I am worried that if we don’t review these emails properly, we are at risk of misleading the court and breaching the SRA Codes. I’m not comfortable being in that position.” Anchor it in ethics and the regulatory framework, not in a personal disagreement.
It may help to frame it as risk management: coming clean now and fixing the evidence may be painful but is still less damaging than being caught out.
If, after that conversation, the partner still insists on doing nothing and expects you to go along with it, I think you have to escalate. That usually means the COLP or whoever holds the risk/compliance role, or another senior partner you trust. Their job is to referee these issues and protect the firm (and its people) from regulatory trouble.
None of this is easy. It feels disloyal and risky to push back against a partner on a big client matter. But your professional duties are personal.
So, listen to your instincts. Raise the concern, propose a proper way through, involve the compliance function if you have to, and keep a note of what you have done. If you are forced to choose between keeping a valuable client happy and complying with your duties to the court and the profession, you should choose the latter.
This is not legal advice. If you have a question you would like us to answer in this section, feel free to send it to info@jonathonbray.com
Free CPD
New recording: Harbour Gate returns – Amelia’s next challenge
This week we headed back to Harbour Gate Legal LLP for our final webinar of the year – this time, their MLRO, Amelia Price, has been asked to step up as COLP and COFA as well. Sensible move… but also a slightly terrifying one.
In this session, we used Amelia’s fictional firm (who we met in our half day workshop) as a springboard for some very real issues: what a new compliance officer should focus on in their first 6–12 months, and the regulatory themes we expect to dominate 2026.
Watch the recording (Passcode: BtMhpe5%)
Recording still available for half-day AML workshop
Thank you to everyone who joined us (and our friends at FirstAML) for November’s half-day “AML building blocks” workshop. Using our fictional firm Harbour Gate Legal LLP and its new MLRO, Amelia Price, we walked through how the core elements of an AML framework actually fit together in practice, from FWRA and PCPs, to client/matter risk assessments, CDD, independent audit and training.
The session focused on turning AML from a collection of sub-topics and documents into a coherent, risk-based system: making FWRA genuinely firm-specific, simplifying PCPs so people actually follow them, driving consistency in CMRAs and source of funds checks, getting real value from Reg 21 audits, and moving beyond “tick-box” annual training to something that measures understanding and shapes culture.
If you missed it – or want colleagues to catch up – you can watch the recording here. The passcode is XS1z+g8W and the recording will be available for 14 days.
Disciplinary Watch
A flurry of AML fines and conduct decisions this fortnight underline the SRA’s continuing focus on systems and supervision.
Market Street Law Limited was fined £11,271 for failing to have compliant anti-money laundering policies, controls and procedures (PCPs) in place, leaving the firm exposed to money laundering and terrorist financing risk.
Leeper Prosser Solicitors Limited received an £8,426 fine after six sampled files were found without compliant client and matter risk assessments (CMRAs), a reminder that file-level risk assessments are not optional.
Rothwell and Evans Limited was hit with the largest fine in this batch (£19,013) for a combination of AML failings: an inadequate firm-wide risk assessment (FWRA), deficient PCPs and weaknesses in customer due diligence and source-of-funds checks.
Elgee Pinks LLP received a smaller fine of £2,987 for non-compliant PCPs.
Nigel Hedley was rebuked for failing to discharge a property-related undertaking within a reasonable time.
Helen Therese Freely was also rebuked after instructing a trainee to backdate a deed – a stark illustration that document manipulation is treated as misconduct.
Jermaine Strong, a road traffic accident claims handler, is now subject to a section 43 order after “misdirecting client funds” – in plain English, pocketing client money. He cannot work in an SRA-regulated firm without prior approval.
Non-lawyer Susana Mason has been removed from the profession following conviction, after she drove while under the influence of alcohol and distracted by her mobile phone, causing a collision that left the other driver with catastrophic injuries.
Litigation consultant Baykal Suruk (not a solicitor) has been barred for dishonesty after receiving, and keeping, £12,000 from a client.
Law firm recruiter Craig Travers is barred from working in SRA-regulated practice following his conviction for grooming.
Finally, sole practitioner Masood Ahmed was rebuked for poor supervision of unqualified staff, which led to incorrect and incoherent documents being sent to the court, a reminder that supervision is a personal duty under para 3.5 of the Code of Conduct.
New support for COFAs and finance teams
We’re ramping up our support for COFAs and legal finance teams – with some serious firepower. Sean Hankin (almost 30 years regulatory experience and co-author of the current SRA Accounts Rules) and Liz Bond are now delivering bespoke masterclasses for COFAs and accounts staff, focused on what the regulator really expects in 2025.
Alongside the training, we’re offering client account health-checks to stress-test your systems before the SRA (or your reporting accountant) does, and targeted projects to clear stubborn residual balances in a way that keeps both the regulator and clients happy. If your client account keeps you awake at night – or you’d like to make sure it doesn’t – we’d be very happy to talk.
Most firms need an independent AML audit
What we do – contact us for further information about our services
- Outsourced COLP and COFA support
- COLP and COFA coaching
- Compliance audits
- NEW: Client account health checks
- NEW: Residual balance projects
- New firm and ABS applications
- Independent AML audits (Regulation 21)
- Training (online, remote, on demand)
- AML and GDPR workshops
- PII reviews
- Remote file reviews
- TPMAs
- Escrow accounts
- AML and sanctions searches
Older posts
AML building blocks: lessons from Harbour Gate Legal
Using our fictional firm Harbour Gate Legal LLP and its new MLRO, Amelia Price, this piece joins the dots between FWRA, PCPs, CMRAs, CDD, training and independent audit. Instead of treating AML as a bundle of separate issues, we show how to build a coherent, risk-based framework that people actually follow in practice. If your AML controls feel more like a filing cabinet than a system, this is a good place to start.
Lateral hires – closing the CDD gap
New partners and teams can be great for business, but they also bring inherited clients, files and risks. In this article, Liz Bond looks at lateral hires through an AML and CDD lens: what you can (and can’t) rely on from a previous firm, how to deal with transferred files, and the questions you should be asking before you onboard a new book of work. It’s about closing the gaps before it’s too late.
Challenging behaviour in law firms
Every firm has them: people whose behaviour crosses the line from “difficult” to genuinely problematic. In this blog we explore what “challenging behaviour” looks like in practice, why it so often goes unaddressed, and how to respond in a way that protects your people, your culture and your regulatory position. It’s a practical look at a topic most firms prefer not to talk about.
Source of funds: doing some checks isn’t enough
Building on the SRA’s recent thematic review, this one is a real-world case study. We look at a recent £23,588 SRA fine for a firm acting for a high-risk PEP client, where “most” of the source of funds and source of wealth work was done – but small gaps and a lack of proper challenge still led to a breach. If your firm handles similar work, this is a useful walkthrough of what went wrong and how to avoid the same fate.
