Part 5 - Professional risk - Changes in AML supervision

 Our risk partners Karen Eckstein Ltd have set out a summary of the impact of the proposed changes to AML supervision and what firms should be doing to prepare for the change

The Government’s announcement last October that the Financial Conduct Authority (FCA) will become the single professional services AML supervisor took a lot of people by surprise. The announcement was not expected to land when it did.

The Government launched a consultation in November 2025 on the powers the FCA will have under the new regime. That consultation has now closed, and the Government is expected to respond and move towards legislation in due course. So, whilst all the details are not yet to hand, the direction that the Government wants to move in when it comes to AML regulation and supervision is signalled by the consultation.

And that direction is important beyond AML, as it reflects a shift in regulatory style that is being observed across professional services: a move away from “do you have the right policy wording?” and towards “can you show this actually works, and that your team are consistently and correctly implementing it?”

It is no secret that a lot of lawyers felt frustrated with the SRA’s approach to AML supervision, as it was often noted that the SRA were heavy on the technical detail and light on the practical realities. There is similar feedback from firms in the accountancy sector too, where the challenge is often how to turn detailed regulatory expectations into workable, proportionate processes. It appears that the FCA takes a different approach, with a focus on data and the effectiveness of AML policies and procedures. If that is indeed the case, it would be reasonable to expect the FCA to want to see evidence that the controls firms have in place, evidence that they are effective on a day-to-day basis, rather than simply existing as a written policy.

However, this is where many firms might potentially run into issues, as their policies are not always supported by the right processes to help people apply them consistently. When that happens, AML can slip into being a tick-box exercise. The forms get completed, but the thinking behind the decisions isn’t always recorded, which means the firm can’t easily show its reasoning if challenged later.

Monitoring and supervision can become reactive, happening only when someone spots an issue or when a regulator or insurer asks to review files, rather than at regular intervals or proactively when something changes. At that point, firms may be able to say what they did and why, but they can’t necessarily evidence it clearly, because the rationale wasn’t captured at the time.

This is a time of regulatory change. The Economic Crime Act reforms, Companies House changes and ACSP obligations are hard to keep track of, causing a number of practical issues, with different retention periods creeping in for AML and IDVT, so firms need to have clear processes and procedures around what evidence they should keep, what they should  destroy and when, and  be clear as to who in the firm is responsible for what. It is very easy for these things to be missed and for firms to inadvertently become non-compliant with their AML and ACSP obligations.

With the Government’s decision to move towards the FCA as a single supervisor, professional services firms should be asking themselves:

• Does our AML policy match how we actually work in practice?

• Does it cover the practicalities, as well as the technical elements?

• Are our people confident in how to apply it day-to-day?

• Do we have processes and guidance that are easy for staff to follow (flowcharts, worked examples, prompts, etc)?

• How do we know the policy is being followed?

• How do we ensure that AML risk is reviewed at appropriate stages and when something changes?

• And importantly, could we evidence all the above, if asked?

Remember, as Karen Eckstein always says: if it’s not written down, it didn’t happen. You need to ensure that the work you are doing on AML is consistent, ongoing, and easy to evidence. The same applies in relation to your ACSP obligations. And, of course, that you have easy access to the relevant data relating to the steps taken.

It is recommended that all firms take this moment to review and refresh their AML and ACSP policies and, most importantly, their supporting processes and documentation, to ensure that, if asked, they could demonstrate that their AML and ACSP frameworks are understood and being consistently applied by staff.