So, you’ve had an AML audit — maybe it was carried out internally, maybe by a consultant, or perhaps even (gulp) by the SRA. And to be blunt, it didn’t go the way you hoped.
If it was the SRA knocking, you may now be facing a Compliance Plan or even a referral to the investigation team. But even a critical report from your own team or an external expert can feel like a body blow.
It’s a hard thing to go through. But it’s also entirely human.
You may be familiar with the Kübler-Ross Change Curve, originally applied to grief but now widely used to understand emotional reactions to significant change. It turns out, the same emotional rollercoaster shows up when a law firm is forced to face up to its AML failings.
Below, we’ve mapped out what that process often looks like, stage by stage — and the feelings that come with it.
The compliance change curve
| Stage | Typical mindset and emotional response |
|---|---|
| Shock | “We work so hard on our AML… how did this happen?” |
| Denial | “Our FWRA is fine… I reviewed it last year. This must be wrong.” |
| Anger | “The SRA just want to fine people. This is impossible.” |
| Depression | “It’s too much. I’m exhausted. This isn’t why I became a lawyer.” |
| Experimentation | “Maybe I’ll ask someone for help. Should we try e-verification?” |
| Decision making | “Let’s fix this properly. Standardised templates, proper training.” |
| Integration | “We’re doing it. Staff are engaged. We’re actually compliant.” |
Stage one: Shock
“I can’t believe it. We’ve never had an issue before.”
You’ve poured effort into your AML policies. You’ve trained your team. You thought everything was under control. And then the audit lands. The initial reaction is disbelief. Surely this is a mistake?
Stage two: Denial
“The auditor doesn’t understand our setup. We’re a local firm — we know our clients.”
This is where you start rationalising the findings. Maybe they picked unrepresentative files. Maybe they’re being overly picky. Surely that risk assessment form you designed is fine — even if it is a bit short?
Stage three: Anger
“This is all just red tape. Why aren’t the big firms getting fined instead of us?”
Frustration bubbles up. The rules feel unreasonable. Compliance is taking over your working life, and clients don’t appreciate the extra admin. It’s tempting to lash out — at the regulator, the system, or even your own team.
Stage four: Depression
“This is overwhelming. How can we ever fix all this?”
This is the low point. Everything feels like a slog. You’re chasing people to complete CMRAs, updating policies, reading SRA guidance at midnight. It can feel like your role has shifted from lawyer to compliance officer overnight.
Stage five: Experimentation
“We need help. Maybe it’s time to look at outsourcing or new tech.”
Slowly, a glimmer of hope. You start exploring options — maybe reaching out to compliance consultancies, trialling electronic verification providers, or looking at training providers who actually get it.
Stage six: Decision making
“This is what we’re doing. Everyone will follow the same process.”
You’ve stopped firefighting and started rebuilding. Your approach becomes proactive. You overhaul your documents. You train your team. You make AML part of the workflow — not an afterthought.
Stage seven: Integration
“I can’t believe we’ve come this far. It’s working.”
And then… things click. The new processes are embedded. CMRAs are appearing on files. Staff are asking the right questions. You even submit your first Suspicious Activity Report. There are still hiccups — but you’re on top of them. The hard work is paying off.
Final thoughts
Change is difficult. Especially when it comes with scrutiny and risk of regulatory enforcement. But it’s not impossible.
We’ve helped plenty of firms through this journey. If you recognise any of these stages, you’re not alone — and you don’t have to do it alone either.
Speak to us to find out how we can support your AML compliance transformation.
