FCA to Supervise AML for Law Firms – What UK Legal Practices Must Do Now

By: |Published on: Oct 24, 2025|Categories: AML & Financial Crime| 0 comments

FCA to Supervise AML for Law Firms – What UK Legal Practices Must Do Now

The UK government has confirmed that AML/CTF supervision for law firms will transfer from the existing professional body supervisors to the Financial Conduct Authority (FCA) under the new Single Professional Services Supervisor (SPSS) model. For the legal profession, this is not a routine regulatory change — it is a structural shift from peer-style supervision to public enforcement by a statutory regulator.                                        

Why FCA AML Supervision Is a Major Shift for Law Firms

The FCA does not assess whether your policy “exists”; it assesses whether your controls operate in practice and whether they can be evidenced. What was formerly treated as a best-practice exercise becomes a regulatory risk and reputational exposure exercise.

Firms can no longer rely on interpretive leniency. The FCA will:

  • Publish AML failings openly

  • Expect governance proof, not policy wording

  • Test monitoring, not onboarding

  • Hold individuals accountable

The regulator is not looking for templates — it is looking for operational reality.

Assumption Risk: “We Already Comply”

Many firms believe “we already comply with the Money Laundering Regulations so we’re ready.” Under PBS oversight that assumption might have survived.Under FCA AML supervision, it won’t.

The FCA expects:

  • A risk-driven AML framework

  • Evidence of decisions and rationale

  • Senior partner accountability

  • Proactive governance, not reactive remediation

This is why most firms will need a FCA Supervision Readiness Assessment before the regime arrives — (/fca-supervision-legal)

What the FCA Will Examine Inside Legal Practices

Law firms should expect scrutiny of:

  • Business-Wide Risk Assessment (BWRA) quality and evidence trail

  • Source of funds vs source of wealth reasoning

  • EDD for PEPs and higher-risk jurisdictions

  • Ongoing monitoring and adverse media workflow

  • MLRO competence, oversight records, and escalation logs

  • File sampling and defensibility of client acceptance decisions

  • Whether TCSP-style legal work is governed to FCA standards

If you cannot show the reasoning, the FCA treats it as if it didn’t happen.

Risk Exposure: Enforcement and Reputation

Where PBSs have historically resolved failings discreetly, the FCA:

  • Issues public findings

  • Names the firm

  • Signals failings via searchable notices

For law firms, reputational risk is regulatory risk.

This change is not about paperwork — it is about defensibility.

What Law Firms Should Do Now

The most effective preparation is a FCA AML Regulatory Readiness Review — not a template update. The FCA will test:

  • Governance chain is evidenced

  • Risk assessment drives real controls and decisions

  • Monitoring is continuous, not onboarding-only

  • MLRO is empowered and accountable, not nominal

  • Files are defensible under inspection

This is about preparation before the FCA arrives — not firefighting after.

How AuthoriPay Supports Law Firms

AuthoriPay helps UK legal practices prepare for FCA supervision through:

  • FCA Supervision Readiness for Law Firms – (/fca-supervision-legal)

  • AML gap analysis tailored to legal risk – (/aml-gap-analysis)

  • Governance uplift and partner accountability mapping

  • File sampling to FCA inspection standard

  • Transition planning for SPSS migration

Request an FCA AML Regulatory Readiness Review for Your Practice

FAQs

1. When will the FCA take over AML supervision for law firms?
The transition is expected to begin once legislation is enacted during 2025, with phased migration into FCA supervision from 2025/26.

2. Will the SRA, Bar Council or Law Society still regulate AML?
No. AML supervision will move to the FCA under the SPSS model. Professional bodies will retain ethics and conduct roles only.

3. Does FCA AML supervision apply to all UK law firms?
Yes. All law firms currently supervised by a professional body supervisor for AML will fall under FCA AML supervision.

4. Will smaller or boutique law firms be treated differently?
Not on size — the FCA supervises on risk, not headcount. A small firm handling high-risk work can face more scrutiny than a much larger low-risk one.

5. Do we need new AML policies for FCA supervision?
Yes. PBS-style template policies will not satisfy FCA operating and evidential expectations and will require uplift or replacement.

6. What records will the FCA expect law firms to keep?
Evidence of risk rationale, CDD/EDD justification, ongoing monitoring, governance minutes, and MLRO oversight logs.

7. How should a law firm prepare now?
Begin with an FCA readiness assessment to benchmark current AML controls against the FCA’s future supervisory expectations.

8. How can AuthoriPay help law firms prepare?
By delivering FCA supervision readiness, governance uplift and file sampling to FCA inspection standard.

Get in Touch Today

About AuthoriPay

AuthoriPay is a specialised consultancy firm providing regulatory compliance support to UK firms in the Fintech and NPPS sectors. The co-founders have over 40 years combined experience working directly for regulated firms and the consultancy practitioners that they rely on. AuthoriPay has significant experience in providing a wide range of safeguarding services, from audits to remediation work following reviews from regulators. AuthoriPay is fully versed in all matters of safeguarding compliance. AuthoriPay and its consultants are members of the Association of Professional Compliance Consultants and Advisory member of the Canadian MSB association. AuthoriPay is a Leader of the UK Payments Association.

Submit a Comment

Your email address will not be published. Required fields are marked *