Labels

From SRA to FCA: Is This Financial Crime Review Your New Rulebook?

The FCA’s latest multi-firm review into business-wide risk assessments (BWRAs) and customer risk assessments (CRAs) was not aimed at law firms, but if you work in risk and compliance in a conveyancing practice, you should treat it as a sneak preview of your future.

Why? As is wifely known the government has now confirmed that the Financial Conduct Authority will become the single professional services supervisor for AML/CTF, taking over AML supervision of solicitors and other professional bodies, with the SRA’s AML role significantly reduced. 

So while the SRA will continue to regulate conduct and professional standards, when it comes to money laundering and terrorist financing, the watchdog looking over your conveyancing files will be the FCA.

This makes the FCA’s financial crime reviews suddenly very relevant to the legal sector. They give us valuable clues about:

  • what “good” looks like in the FCA’s eyes
  • how it thinks about risk assessments
  • what kind of governance, MI and documentation it expects to see

In other words today’s FCA review of banks and payment firms is tomorrow’s playbook for law firms.

Below, I will unpack the key themes from the FCA’s BWRA/CRA review and translate them into what they’re likely to mean in practice for conveyancing risk and compliance teams in a post-SRA-AML world.

A new supervisor, a new mindset

The Treasury’s decision to appoint the FCA as the single professional services supervisor for AML/CTF is meant to tackle concerns that the current system, with multiple professional body supervisors, including the SRA, is fragmented and inconsistent.

For conveyancing teams, that means:

  • More consistency of expectation across sectors, law firms measured against the kind of standards already familiar to banks, wealth managers and payment firms.
  • More emphasis on data, metrics and MI, the FCA likes numbers and trends, not just narrative.
  • More intensive, thematic supervision, think sector-wide reviews, information requests and cross-firm comparisons.

The BWRA/CRA review is a good example of how the FCA supervises, it picks a theme, samples different firms, benchmarks what it finds, and then publishes expectations and examples of good and poor practice. Expect something similar once law firms are in scope.

Tailored firm-wide risk assessments: templates won’t cut it

One of the FCA’s strongest messages is that too many firms have generic, box-ticking BWRAs that don’t really describe their actual business model, products or customers.

Translated into the conveyancing world, under FCA supervision this likely means:

  • No more generic AML FWRA copied from a template with a few property-words sprinkled on top.
  • Clear articulation of the specific financial crime risks arising from:
    • the types of property you deal with (high-value residential, new-build, commercial, mixed-use, auctions, etc.)
    • your client base (private individuals, corporates, overseas investors, HNW, PE/VC funds)
    • your channels (referrer-led work, panel work, online onboarding, volume remortgaging)
    • your geographical footprint and exposure to higher-risk jurisdictions.
  • Evidence-based conclusions on how each risk affects your firm, not just “high/medium/low” tick boxes, but why it’s high for your conveyancing practice.

If you have historically written your FWRA with an eye mainly on SRA thematic reviews, now is the time to revisit it through an FCA lens,  would this stand up if compared against the banks you deal with every day?


The FCA likes numbers – and will expect more from your conveyancing data

The review acknowledges that quantifying financial crime risk is hard, but it still criticises firms that rely only on vague narrative. It wants to see quantitative as well as qualitative analysis.

For conveyancing, that suggests the FCA will expect you to get much better at using your own data, for example:

  • % of matters rated high, medium and low risk – and how that’s changing over time
  • number and type of SARs raised, by office/team/referrer
  • share of instructions involving:
    • cash-only purchases
    • complex or offshore ownership structures
    • politically exposed persons
    • high-risk countries
  • time taken to complete CDD/EDD and to resolve escalations
  • outcomes of file reviews and thematic AML audits.

You do not need a bank-grade data warehouse, but you do need more than a spreadsheet pulled together once a year. The FCA’s review makes it obvious that firms that can’t show their risk profile in numbers as well as words will struggle.

If your case management system does  not currently capture the risk factors you need for that kind of analysis, this is a concrete “to-do” before the supervisory baton passes fully from SRA to FCA.


BWRA ↔ CRA: your firm-wide and matter-level assessments must talk to each other

A big theme in the FCA review is that the BWRA and CRA often sit in silos. The FCA wants them to work in harmony:

  • Firm-wide risk assessments should inform how you design your customer/matter risk assessments.
  • The aggregated customer/matter risk profile should feed back into the firm-wide assessment.

For conveyancing, that probably means the FCA will expect to see:

  • A clear link between the risks identified in your FWRA (e.g. heavy reliance on referrers in certain regions, complex investor structures, off-plan developments) and the factors and weightings in your client/matter risk tool.
  • Evidence that changes in your book of business, say, a growing overseas investor portfolio  are picked up in both:
    • your firm-wide assessment; and
    • your operational controls (more EDD, more checks on source of funds/wealth, different acceptance criteria).

If your current FWRA and client/matter risk assessment were written at different times by different people and don’t obviously hang together, that is a gap the FCA would likely seize upon.


Capacity and scalability: growth must not outpace AML controls

The FCA’s review puts real weight on capacity, is the compliance and financial crime function able to support the firm’s current activities and growth plans?

In a busy conveyancing department, that probably sounds uncomfortably familiar. Under FCA supervision, you should expect more scrutiny around:

  • whether the size and experience of your AML/compliance team matches:
    • transaction volumes
    • the complexity and risk profile of your work
    • the number of offices/locations;
  • whether proposed growth (new offices, big new referrer relationships, new product lines like bulk investor acquisitions or build-to-rent schemes) has been tested against your AML capacity before you launch.

The FCA’s message is blunt, growth must not run ahead of your financial crime controls. That’s a step up from SRA rhetoric, and conveyancing teams should plan their resourcing and business cases accordingly.


Joined-up risk appetite, controls and monitoring

The FCA’s review criticises firms where the BWRA is treated as an annual paper exercise with no real impact on day-to-day decisions.

The direction of travel is clear,  the FCA wants a joined-up risk framework, where:

  • the BWRA sets a clear, documented risk appetite, including what kinds of higher-risk work the firm is prepared to take on and what it will refuse;
  • that risk appetite flows through to:
    • client and matter acceptance criteria;
    • referrer due diligence and panel management;
    • transaction monitoring (red flags within property transactions);
    • file review and QA frameworks; and
    • escalation and approval processes.

For conveyancing, expect questions like:

  • “Show us where your BWRA has led you to change your risk appetite for certain types of property, clients or funding structures.”
  • “Show us the MI your senior management sees and does it actually allow them to challenge whether the firm is operating within its stated risk appetite?”

If your FWRA currently sits in a folder, dusted off once a year for the SRA’s benefit, that’s not going to fly with the FCA.


Financial crime risk at the heart of business decisions, not an afterthought

The FCA’s review also makes it clear that financial crime risk should be central, not peripheral, to business strategy.

In practical terms, for conveyancing risk and compliance teams that means:

  • being involved early in decisions about:
    • new service lines, panels and referral arrangements;
    • new geographic markets or investor segments;
    • major tech or process changes (e.g. new digital onboarding tools, AI-driven ID&V).
  • ensuring the MLRO and/or Head of Risk & Compliance sit on relevant committees so they can:
    • explain the financial crime implications of growth plans; and
    • secure the investment needed in systems and people.

Under the SRA, firms have sometimes been able to “explain later” if AML considerations were not fully factored into a business decision. The FCA tends to expect you to demonstrate the decision-making trail and the AML lens applied at the time.


CRA as critical infrastructure – not just “tick box” onboarding

A striking message from the FCA is that customer risk assessment is an essential component of being able to do business at all. If you can not assess customer risk, you can not meet your regulatory obligations.

For conveyancing departments, under the FCA this is likely to translate into:

  • CRA/client-matter risk assessment tools being treated as business-critical systems – with:
    • documented back-up and manual workarounds;
    • inclusion in business continuity and disaster recovery planning;
    • clear ownership and change-control processes.
  • regulatory concern if matters are opened and progressed without completed risk assessments “because we were busy” or “the system was down”.

If your current process treats the client/matter risk rating as something admin “just completes” to satisfy SRA file reviewers, that attitude will need to shift.


Beyond fraud: the FCA will expect a broader view of financial crime in conveyancing

The FCA is clearly worried that some firms focus too heavily on fraud against the firm or its clients, and not enough on the wider financial crime issues like money laundering, sanctions evasion, bribery and corruption, and proliferation/terrorist financing.

In a conveyancing context, an FCA approach is likely to expect:

  • a comprehensive view of how property can be used for:
    • laundering criminal proceeds;
    • hiding sanctioned individuals’ assets;
    • facilitating corruption and embezzlement;
    • supporting terrorist or proliferation-related activity.
  • risk assessments that talk explicitly about these risks, not just mortgage fraud or identity fraud.

This aligns with the government’s rationale for creating a single professional services supervisor, the aim is to strengthen the UK’s defences against illicit finance by raising standards consistently across sectors.


Governance, documentation and challenge: the FCA will want to see the trail

Finally, the FCA review returns again and again to governance and documentation:

  • Senior management must see and approve BWRAs.
  • Committees should receive meaningful MI on CRA outputs and financial crime risk.
  • There should be evidence of challenge – from the MLRO, non-executives and other senior leaders  and of the actions taken as a result.
  • Risk assessment methodologies should be reviewed regularly, with updates triggered by emerging risks, not just a calendar reminder.

Conveyancing firms used to SRA engagement will find the FCA more demanding on:

  • the quality of minutes and decision records;
  • the explicit link between issues identified, actions agreed, owners and deadlines;
  • the cycle of “identify → decide → act → evidence → re-assess”.

If your governance file is light on written challenge and heavy on “noted” and “agreed”, now is a good time to start raising the bar.


So what should conveyancing risk and compliance teams do now?

If you are in-house risk/compliance for a conveyancing practice or department, you do not need to wait for the formal handover of AML supervision to get ready. The FCA’s BWRA/CRA review is already telling you what to expect.

Some practical next steps:

  • Re-base your FWRA/BWRA in FCA-style language
    • Describe your business model, client base and property work clearly.
    • Spell out inherent risks and controls.
    • Add quantitative measures wherever possible.
  • Align your client/matter risk assessment with your FWRA
    • Check that the risk factors and weightings reflect the risks identified at firm-wide level.
    • Make sure high-risk categories match your stated risk appetite and drive stronger controls.
  • Upgrade your MI and data
    • Start capturing the risk data you’ll wish you had when the FCA knocks: risk ratings, SARs, red-flag statistics, referrer analysis, etc.
    • Build simple dashboards or reports that senior management can actually use.
  • Stress-test capacity and resourcing
    • Map current AML workload against staff, skills and systems.
    • Identify the pinch points and build a case for investment before volumes grow further.
  • Tighten governance and documentation
    • Ensure the FWRA and key AML reports go to the right committees/people.
    • Improve minutes and action tracking so challenge and follow-through are clearly recorded.
  • Broaden the financial crime lens
    • Refresh training and risk assessments so they cover the full spectrum of financial crime relevant to property not just fraud and ID theft.


The FCA is showing its hand – law firms should pay attention

The FCA’s BWRA/CRA review may appear to sit firmly in the world of banks and payment firms.  However with AML supervision set to move from the SRA to the FCA, it also offers a preview of the standards and style of supervision that conveyancing practices will face.

If you use this period before the formal transition to align your FWRA, CRAs, governance and MI with FCA expectations, you will not just be “SRA-compliant”, you will be ahead of the curve for the next chapter of AML supervision in the legal sector.

Labels:

Comments

Post a Comment