FCA Takeover of AML Inspections: What Law Firms Need to Know

The UK Government announced in October 2025 that the Financial Conduct Authority (FCA) will take over AML supervision for all UK lawyers practising within the scope of the Money Laundering Regulations 2017 (MLRs). This change will alter the Solicitors Regulation Authority’s role and that of the CLC, but it does not mean lighter scrutiny. 

The FCA’s style of supervision is historically data-driven and explicitly “effectiveness”-oriented: inspectors are not unlikely to test not only whether controls exist, but also if they actually work in practice.

This article explains what firms need to know about this supervisory shift and, crucially, what it means for FCA AML inspections; how inspections will be selected, the key lines of enquiry inspectors will use, common failings to fix now, and practical steps firms can take to demonstrate that their controls are not just documented - they are effective.

Article Contents

1. Overview of the FCA Takeover: What We Know So Far
2. Who Will the FCA Inspect?
3. The FCA's AML Inspection Approach: Methods & Tools
4. What Could FCA AML Inspections Look For?
5. How To Prepare for an FCA Inspection
6. How to Respond to FCA Inspection Findings
7. FAQs

Overview of the FCA Takeover: What We Know So Far

It’s important to note that, at the time of writing in early 2026, there’s a great deal of speculation about this proposed takeover. Crucially, primary legislation is required for the transfer of supervision, so the change is unlikely to begin before 2028. However, here’s what we know so far:

Why This Is Happening

The UK Government is moving to place AML/CTF supervision for the legal sector under a single public supervisor to simplify a fragmented regime and raise supervisory consistency. The aim is to align professional services with other sectors in the scope of the MLRs and to ensure a single, outcomes-focused standard of oversight. 

Scale of the Change

Under the proposed single-supervisor model, the FCA will take on oversight of a very large cohort of firms; industry estimates put this at roughly 60,000 in-scope professional services firms, replacing supervision currently exercised by around 23 professional-body supervisors. This is a substantial expansion of FCA responsibilities and of the firms that will be subject to its AML toolkit.

The FATF Driver

Part of the policy impetus comes from international pressure: the Financial Action Task Force (FATF) has identified inconsistent supervision across professional bodies as a vulnerability in the UK’s AML framework. Bringing legal and other professional services firmly within the FCA’s supervisory perimeter is framed as a way to address those long-standing criticisms and strengthen the UK’s position in future mutual evaluations.

Who Will the FCA Inspect?

The proposed reforms mean that law firms carrying out work within the scope of the MLR will ultimately fall under AML/CTF supervision by the FCA rather than their existing professional body supervisor. In practice, this shifts day-to-day AML oversight for in-scope legal work into the same supervisory framework used for financial services firms.

However, this does not remove the role of the Solicitors Regulation Authority (SRA) or the Council for Licensed Conveyancers (CLC); they will still enforce their Principles, Standards and Regulations, meaning firms could face parallel scrutiny:

• The FCA assesses AML systems and controls under the MLRs
• The SRA / CLC investigates professional conduct breaches linked to the same issues

For law firms, this raises the possibility of overlapping supervision and an increased regulatory burden if misconduct touches both AML compliance and professional obligations.

The Office for Professional Body Anti-Money Laundering Supervision (OPBAS) currently oversees professional body AML supervisors to improve consistency and effectiveness. Moving AML supervision to the FCA is intended to reduce fragmentation at that level, but at firm level, interaction between the FCA and sector regulators like the CLC will still matter.

Personal Liability for MLROs

A further concern for compliance officers is personal regulatory exposure. Under the Financial Services and Markets Act 2000, the FCA already has strong enforcement tools, including the ability to fine individuals for misconduct (Section 66) and to issue prohibition orders preventing them from holding regulated roles (Section 56).

If similar powers are applied in the AML supervision of law firms, MLROs and senior compliance staff could face heightened personal risk where AML failings are serious or systemic. This is one reason many firms are closely watching how the supervisory model will operate in practice and what it will mean for governance accountability.

The FCA’s AML Inspection Approach: Methods & Tools

The FCA’s inspection model is intelligence-led and risk-focused, where selection can be driven by data and analytics rather than random sampling. This means inspections might tend to be fewer in number but more intensive when they happen. For example, one analysis found just 5% of FCA-supervised firms were inspected in 2024 versus 12% under the SRA, indicating the potential towards a move to fewer, deeper reviews.

An inspection may typically look like this:

• Intelligence-Led Selection: The FCA uses risk indicators and data to prioritise firms and sectors for review.
• Desk-based Reviews: Document and policy checks carried out remotely to scope issues before any visit.
• Data Requests: Targeted extracts, such as CDD samples, are used to run analytics and find anomalies.
• On-site Visits: In-person interviews and evidence review where deeper testing is needed.
• Targeted Thematic Reviews: Sector or topic-specific reviews that probe common vulnerabilities across many firms.

Risk-Based Supervision & the “Effectiveness” Test

As mentioned earlier, the FCA expects firms to show that AML controls work in practice, not simply that they exist on paper. Firms should be able to evidence active controls and clear escalation routes. This “effectiveness-oriented” expectation is a commonly cited differentiator between FCA supervision and the older professional-body model.

Data Analytics & Prioritisation

Recent reform proposals and analyses make clear the FCA intends to lean heavily on quantitative risk profiling and analytics to prioritise supervisory attention. Firms should therefore assume the regulator will use automated screening to highlight outliers. Therefore, good data, consistent reporting, and clean extracts truly matter.

What Could FCA AML Inspections Look For?

We expect examiners to assess governance and senior management ownership (including the role, resourcing, and independence of the MLRO), and to test whether board-level oversight is functioning in practice. 

Alongside this, there are several other fundamentals which will be assessed:

• Your Firm-Wide Risk Assessment (FWRA) will be reviewed to ensure it is properly documented at entity and service level, regularly updated, and actively used to shape client risk ratings, monitoring, and compliance resourcing.
• Customer Due Diligence (CDD) processes will be tested through file sampling to confirm that identity and beneficial ownership checks are robust, enhanced due diligence is applied to higher-risk clients, and ongoing monitoring is performed consistently.
• Transaction monitoring systems and escalation processes will be assessed to determine whether alerts are appropriately reviewed, investigated and documented, and whether suspicious activity decisions are timely and well supported.
• Suspicious Activity Report (SAR) handling will be scrutinised not only for volume but for quality, as recent work highlighted by the OPBAS emphasises that SAR narratives, rationale, and supporting detail must clearly demonstrate why suspicion was formed.
• Third-party and onboarding controls will be reviewed to ensure agents, introducers or outsourced providers are subject to proper due diligence, contractual safeguards and ongoing oversight.
• Recordkeeping arrangements will be checked to confirm that client records, risk decisions and monitoring outcomes are complete, accessible and retained in line with regulatory requirements.
• Internal audit, assurance testing, and management information will be evaluated to see whether the firm regularly tests AML controls (including and beyond the Regulation 21 independent audit requirement) and implements remediation where weaknesses are identified.

How To Prepare for an FCA Inspection

You should approach an FCA inspection just like other AML inspections, ensuring you have solid evidence for all your policies, processes, and procedures (PCPs). Our team at PDA Legal can carry out in-depth AML audits to help identify gaps before regulators do, working towards a stronger compliance culture within your firm. 

As a general approach, here’s what we suggest:

1. Acknowledge Notice & Confirm Scope: Immediately log the notification, confirm the inspection scope and timeframe, and note the FCA contact.
2. Run a Gap Analysis Against FCA Inspections: Map your existing AML framework against that which the FCA expects and flag high-risk gaps for immediate attention.
3. Assemble Evidence: Pull together key documents and data, so they’re ready to hand over, such as:
   1. AML policies and procedure documents
   2. Firm-wide and product/service risk assessments
   3. A selection of client files (high/medium/low risk) with CDD and UBO evidence
   4. Transaction monitoring outputs and alert logs
   5. Example SARs with decision notes and escalation records
   6. Internal audit reports and Regulation 21 independent AML audit reports
   7. Training records, appointment letters and role descriptions for MLRO/compliance staff
4. Identify & Brief Key Staff: Nominate a single point of contact for the visit, and brief the MLRO, Head of Compliance, and senior managers on likely questions and who will attend interviews.
5. Prepare Data Extracts & Access: Ensure data is extractable in usable formats (CSV/PDF), that queries are reproducible, and that a named data lead can run ad-hoc extracts if requested.
6. Run a Short Mock Interview: Walk through document requests, rehearse interviews with the MLRO and Head of Compliance, and practise answering probing questions about exceptions, escalations, and remediation.
7. Agree on an Internal Communications Plan: Brief relevant teams on confidentiality, who speaks to the regulator, and how internal queries will be routed during the inspection.
8. Track Everything During the Visit: Maintain a running log of documents provided, questions asked, attendees, outstanding actions, and any agreed deadlines.
9. Respond Promptly After the Visit: Convert inspection findings into a remediation plan with named owners, testing requirements, and evidence, then track progress and report to the board.

How to Respond to FCA Inspection Findings

If your firm receives findings after an FCA AML inspection, a prompt, structured, and well-evidenced response is essential to limit regulatory and reputational risk:

1. Review the findings carefully and assign each issue to a named owner with a clear action and deadline recorded.
2. Prioritise actions by risk level so issues affecting consumers, reporting obligations or systemic controls are addressed first.
3. Produce a concise remediation plan explaining the root cause, corrective steps and how effectiveness will be tested, and provide updates to the Financial Conduct Authority where required.
4. Keep objective evidence of fixes (updated policies, test results, training records) to demonstrate that controls now operate effectively in practice.
5. Update policies, procedures, and staff training so the issue is accounted for and cannot easily happen again.

Partner With PDA Legal to Establish Firm-Wide Compliance Today

Build a stronger compliance culture with expert guidance tailored to your firm’s risks and size. PDA Legal works alongside your team to deliver effective training and embed processes that stand up to regulatory scrutiny. 

Please contact our specialists today to arrange a FREE initial consultation, and we’ll help you put robust, firm-wide compliance in place with confidence. 

CONTACT US