Glossary of compliance terms for UK law firms
As a law firm in England and Wales, navigating the complex regulatory landscape is a critical part of practice success. Whether you’re a compliance officer, a managing partner, or a legal professional tasked with ensuring your firm meets its regulatory obligations, understanding key terminology is essential. This glossary provides clear, concise definitions of important compliance terms, from anti-money laundering processes to regulatory bodies and industry best practices.
ABS
An Alternative Business Structure (ABS) is a type of legal firm structure in England and Wales that allows non-lawyers to own or invest in law firms. It was introduced under the Legal Services Act 2007 to encourage innovation, competition, and consumer choice in the legal sector.
AML
AML refers to Anti-Money Laundering, and is the set of laws, regulations, and procedures designed to prevent criminals from disguising illegally obtained funds as legitimate income. It involves a range of controls that require regulated businesses such as law firms, accountancy practices, and financial institutions to identify and verify clients, monitor transactions, report suspicious activity, and maintain accurate records. The aim of AML is to detect and deter criminal activities like fraud, terrorism financing, tax evasion, and drug trafficking by making it harder for illicit money to enter the financial system undetected.
AML Audit
An AML audit is a thorough, independent review of a firm’s anti-money laundering (AML) policies, procedures, and controls to ensure they comply with legal and regulatory requirements. For law firms, this audit examines how effectively the firm identifies and manages money laundering risks, including client due diligence (CDD), suspicious activity reporting, staff training, and record-keeping. The AML audit helps identify gaps or weaknesses in the firm’s AML framework, enabling corrective actions to reduce risk and demonstrate compliance to regulators such as the Solicitors Regulation Authority (SRA) or the National Crime Agency (NCA). It can be conducted internally by compliance teams or externally by specialist consultants.
AML Inspection
An SRA AML inspection is a regulatory review carried out by the Solicitors Regulation Authority to ensure law firms are complying with anti-money laundering (AML) obligations under the Money Laundering Regulations 2017. The inspection typically involves a detailed examination of the firm’s policies, procedures, and controls, including the firm-wide risk assessment, client due diligence files, staff training records, and internal reporting systems. Its aim is to assess how effectively the firm identifies, assesses, and manages the risk of being unknowingly used for money laundering, particularly in high-risk practice areas like conveyancing and corporate law.
AML PCPs
An AML PCP (Anti-Money Laundering Practice-wide Risk Assessment and Compliance Plan) is a document that outlines how a professional services firm, such as a law or accountancy practice, assesses and manages its risks related to money laundering and terrorist financing. It forms part of the firm’s overall AML compliance framework and includes an evaluation of the firm’s exposure to risk based on its clients, services, delivery channels, and geographical reach. The PCP sets out the policies, controls, and procedures the firm has in place to mitigate these risks, ensuring compliance with AML regulations and demonstrating to regulators that the firm takes its legal obligations seriously.
CLC
The CLC stands for the Council for Licensed Conveyancers, which is a statutory regulatory body in England and Wales. It regulates licensed conveyancers and specialist property lawyers to ensure they provide safe, high-quality legal services to the public, particularly in conveyancing and probate. The CLC sets and enforces standards for education, professional conduct, and compliance with anti-money laundering (AML) and consumer protection regulations. It also oversees the management of client money, professional indemnity insurance, and risk management within regulated firms. Unlike the Solicitors Regulation Authority (SRA), which regulates a broad range of legal services, the CLC focuses specifically on property law and probate services.
Client due diligence
Client Due Diligence (CDD) is the process of verifying a client’s identity and assessing the risk they may pose in relation to money laundering or terrorist financing. It involves obtaining and checking key information such as the client’s name, address, date of birth, and the nature of their business or transaction. CDD is a legal requirement for regulated firms and is carried out before establishing a business relationship or completing certain transactions. It helps firms ensure they are not inadvertently facilitating criminal activity and includes ongoing monitoring to keep client information up to date and spot suspicious behaviour.
COFA (Compliance Officer for Finance and Administration)
The COFA is a key role within a law firm regulated by the Solicitors Regulation Authority (SRA). The COFA is responsible for ensuring the firm complies with its financial and administrative regulatory obligations, oversees adherence to the SRA Accounts Rules, which govern how client money is handled, and must report any material breaches to the SRA. The role is typically held by a senior member of the firm who has appropriate knowledge and authority, and it is essential for maintaining the integrity of the firm’s financial management and safeguarding client funds.
COLP (Compliance Officer for Legal Practice)
A COLP (Compliance Officer for Legal Practice) is a senior individual within an SRA-regulated law firm who is responsible for ensuring the firm complies with all relevant legal and regulatory obligations, including the SRA Standards and Regulations. The COLP must maintain oversight of the firm’s systems and processes for managing risk, handling client matters appropriately, and upholding professional and ethical standards. They are also required to record and report any serious breaches of compliance to the Solicitors Regulation Authority. The COLP plays a vital role in promoting a culture of compliance and accountability within the firm.
Compliance training (for solicitors)
Compliance training for solicitors is mandatory education that ensures legal professionals understand and adhere to the regulatory, legal, and ethical standards required by the Solicitors Regulation Authority (SRA) and other relevant bodies. This training covers key areas such as anti-money laundering (AML), data protection, client confidentiality, professional conduct, and risk management. It helps solicitors stay up to date with evolving regulations, avoid breaches, and protect their clients and firm from legal or reputational harm. Regular compliance training is essential for maintaining professional competence and demonstrating a firm-wide commitment to best practice.
CQS
The Conveyancing Quality Scheme (CQS) is a recognised quality standard for SRA-regulated law firms in England and Wales that offer residential conveyancing services. Run by the Law Society, CQS provides a framework for firms to demonstrate best practice, high standards of client service, and robust risk management in property transactions. Accreditation helps build trust with clients, lenders, and insurers, showing that the firm follows consistent and transparent procedures. To maintain CQS status, firms must meet ongoing training, compliance, and audit requirements, reinforcing professionalism and reducing the risk of fraud in conveyancing.
CSO (Cyber Security Officer)
A Cyber Security Officer (CSO) is responsible for protecting a law firm’s digital infrastructure, data, and systems from cyber threats such as hacking, phishing, ransomware, and data breaches. The CSO develops and implements cybersecurity policies, monitors for vulnerabilities, responds to incidents, and ensures staff are trained on best practices. In regulated firms, the CSO plays a key role in safeguarding sensitive client information, maintaining regulatory compliance (e.g. with GDPR), and supporting business continuity. Their work helps minimise risk, protect the firm’s reputation, and ensure trust in the firm’s ability to handle confidential matters securely.
DAML – Defence Against Money Laundering
DAML (Defence Against Money Laundering) is a request submitted to the UK’s National Crime Agency (NCA) when a person or organisation, such as a solicitor or accountant, suspects that a transaction involves criminal activity and seeks consent before proceeding. It forms part of the Suspicious Activity Report (SAR) process under the Proceeds of Crime Act 2002. By submitting a DAML, the reporter protects themselves from committing a money laundering offence by ensuring they do not deal with potentially illicit funds without appropriate authorisation. The NCA has a set timeframe to respond, during which the transaction must be delayed.
Designated Person (re sanctions)
A Designated Person in the context of sanctions refers to an individual, entity, or ship listed under UK legislation as being subject to sanctions. These designated persons are included on official consolidated lists maintained by authorities such as the UK’s Office of Financial Sanctions Implementation (OFSI), and they are typically subject to asset freezes and other financial restrictions designed to prevent money flowing to and from them. The terms “listed,” “named,” or “designated” persons are often used interchangeably.
Data Protection Officer (DPO)
A Data Protection Officer (DPO) is a mandatory role under UK GDPR for certain organisations, including law firms that process personal data on a large scale or handle special categories of sensitive data. In the context of UK law firms, the DPO serves as an independent expert responsible for monitoring compliance with data protection laws, conducting privacy impact assessments, and acting as the primary point of contact with the Information Commissioner’s Office (ICO). The DPO must have specialist knowledge of data protection law and practices, maintain independence from management when performing their duties, and cannot be dismissed or penalised for carrying out their tasks. Law firms typically require a DPO due to the sensitive nature of client data they handle, including legal advice privilege, confidential communications, and personal information processed during litigation, conveyancing, and other legal services. The DPO’s role is crucial for ensuring the firm meets its accountability obligations under UK data protection legislation, providing guidance to staff on data protection matters, and helping to build client trust through demonstrable compliance with privacy requirements
FATF
The Financial Action Task Force (FATF) is an intergovernmental organisation that sets international standards for combating money laundering, terrorist financing, and proliferation financing. The FATF identifies jurisdictions with weak measures to combat money laundering and terrorist financing in two FATF public documents that are issued three times a year and that are frequently referred to as the “black and grey” lists “Black and grey” lists. The “Black List” is a list of countries that are thought to pose a high risk of money laundering, terrorist financing and proliferation financing, due to their significant strategic deficiencies in that regard. The “Grey List” includes countries that have significant deficiencies in their AML/CFT regimes but have formally committed to working with the FATF to address these issues
FWRA (Firm Wide Risk Assessment for AML and Sanctions)
A Firm Wide Risk Assessment (FWRA) for Anti-Money Laundering (AML) and Sanctions is a comprehensive evaluation that organisations, particularly financial institutions and professional service firms, must conduct to identify, assess, and understand their exposure to money laundering, terrorist financing, and sanctions risks across their entire business operations. The FWRA involves systematically analysing various risk factors including the types of clients served, products and services offered, delivery channels used, and geographical areas of operation to determine the firm’s overall risk profile. This assessment serves as the foundation for developing appropriate risk management policies, procedures, and controls, helping firms allocate resources effectively and implement proportionate due diligence measures.
Enhanced due diligence
Enhanced Due Diligence (EDD) is a more rigorous level of background checking and risk assessment applied to high-risk clients or transactions, as part of a firm’s anti-money laundering (AML) procedures. It goes beyond standard due diligence and is typically required when dealing with politically exposed persons (PEPs), clients in high-risk jurisdictions, or where there are complex ownership structures, unusual transactions, or cash-intensive businesses.
KYB
KYB stands for Know Your Business and is a due diligence process used primarily by financial institutions, service providers, and regulated firms to verify the identity and legitimacy of a corporate client or business entity. KYB checks typically involve confirming the company’s registration details, ownership structure, beneficial owners, directors, and verifying that the business is not involved in illegal activities such as money laundering or fraud. KYB helps firms assess risks associated with onboarding new business clients, ensuring compliance with anti-money laundering (AML) regulations and preventing financial crime. It’s essentially the corporate equivalent of KYC (Know Your Customer).
KYC
KYC stands for Know Your Customer (or Client), a process used by financial institutions, law firms, accountancy firms, and other regulated businesses to verify the identity of their clients and assess potential risks of illegal activity, such as money laundering or terrorist financing. KYC involves collecting and verifying documents such as passports, proof of address, and information about the client’s source of funds and business activities. It is a key part of anti-money laundering (AML) compliance and helps firms ensure they are not inadvertently facilitating criminal activity. KYC checks are carried out both when onboarding new clients and periodically throughout the client relationship.
Law firm compliance handbook
A law firm compliance handbook is a comprehensive internal document that serves as the central reference guide for all compliance-related policies, procedures, and requirements within a law firm. The handbook typically consolidates the firm’s approach to meeting various regulatory obligations including anti-money laundering (AML) and counter-terrorist financing requirements, sanctions compliance, data protection (GDPR/UK GDPR), professional conduct rules, conflict of interest procedures, and client due diligence requirements. The compliance handbook is essential for demonstrating the firm’s commitment to regulatory compliance, supporting staff training and awareness, and providing a framework for consistent decision-making when compliance issues arise.
Legal practice compliance consultant
A legal practice compliance consultant is a specialised professional who provides expert advice and services to help law firms meet their regulatory obligations and maintain adherence to legal and professional standards. These consultants typically possess deep knowledge of legal sector regulations, including anti-money laundering (AML) requirements, data protection laws, professional conduct rules, and sanctions compliance, often combining legal qualifications with compliance expertise gained from working within law firms or regulatory bodies. They assist firms in developing, implementing, and reviewing compliance frameworks, conducting risk assessments, designing policies and procedures, providing staff training, and preparing for regulatory inspections or audits.
Lexcel
Lexcel is The Law Society’s legal practice quality mark for client care, compliance and practice management, designed to demonstrate excellence in law firm operations. Introduced by The Law Society of England and Wales in 1998, it employs the methodology of “plan, do, review” and establishes controls which must be documented, maintained, and overseen by suitable responsible persons. The accreditation covers various aspects of practice management including client care standards, regulatory compliance, file management, financial controls, and business continuity planning. Practices must have either Lexcel or the Specialist Quality Mark to hold a legal aid contract with the Legal Aid Agency, making it essential for firms seeking legal aid work.
LSAG Guidance
LSAG guidance refers to anti-money laundering guidance produced by the Legal Sector Affinity Group (LSAG), which comprises legal sector regulators and representative bodies. This guidance is designed to help legal professionals and firms comply with the Money Laundering Regulations 2017 (as amended) and covers various aspects of AML compliance specific to the legal sector. This guidance is HM Treasury-approved and serves as the authoritative reference for legal sector AML compliance, helping firms understand their obligations under money laundering regulations, implement appropriate controls, and maintain compliance with requirements such as customer due diligence, suspicious activity reporting, and record-keeping. The guidance is regularly updated to reflect changes in legislation and regulatory expectations, making it an essential resource for law firms’ compliance frameworks.
MLCO (Money Laundering Compliance Officer)
A Money Laundering Compliance Officer (MLCO) is a designated senior individual within a firm who has specific responsibility for overseeing and managing the organisation’s anti-money laundering (AML) and counter-terrorist financing (CTF) compliance program. Under the UK Money Laundering Regulations, firms in the regulated sector, including law firms, are required to appoint an MLCO who must have sufficient knowledge, skills, and experience to effectively discharge their responsibilities. The MLCO must have sufficient seniority and authority within the organisation to influence decision-making and implement necessary changes, and they are personally accountable for ensuring the firm’s AML compliance framework is effective and proportionate to the risks faced. This role is distinct from but may work closely with other compliance functions such as the firm’s Data Protection Officer or general compliance officer.
MLR (Money Laundering Regulations 2017, as amended 2019)
The Money Laundering Regulations 2017 (as amended in 2019) are the primary UK legislative framework that implements the EU’s Fourth and Fifth Anti-Money Laundering Directives into domestic law, establishing comprehensive requirements for preventing money laundering and terrorist financing across various sectors. These regulations apply to legal professionals and a wide range of businesses, for example, banks, accountants, estate agents, casinos, requiring them to implement robust systems and controls to detect and prevent money laundering activities. The regulations are enforced by various supervisory authorities depending on the sector (the SRA for law firms in England and Wales), with non-compliance potentially resulting in significant financial penalties, criminal prosecution, and reputational damage, making adherence to these requirements essential for all firms operating within the regulated sectors
MLRO (Money Laundering Reporting Officer)
A Money Laundering Reporting Officer (MLRO) is a senior individual within a regulated business, typically in financial services, law, or accountancy, responsible for overseeing the firm’s compliance with anti-money laundering (AML) regulations. Their key duties include receiving and reviewing internal reports of suspicious activity, deciding whether a Suspicious Activity Report (SAR) should be submitted to the National Crime Agency (NCA), maintaining appropriate AML policies and procedures, and ensuring that staff are trained and aware of their legal obligations. The MLRO acts as the firm’s main point of contact with external authorities on AML matters and plays a crucial role in protecting the business from financial crime.
NCSC
The NCSC stands for the National Cyber Security Centre. It is a UK government organisation that provides advice and support on how to avoid computer security threats. Part of GCHQ (Government Communications Headquarters), the NCSC works with businesses, public sector organisations, and the general public to improve the UK’s cyber resilience. It offers guidance on protecting against cyber attacks, responding to incidents, and securing digital systems and data. The NCSC plays a key role in national security by helping to detect, prevent, and respond to cyber threats.
New law firm applications
New law firm applications refer to the process by which individuals or entities apply to establish a new legal practice, seeking authorisation from a regulatory body such as the Solicitors Regulation Authority (SRA) in England and Wales. This involves submitting detailed information about the proposed firm’s structure, ownership, compliance measures, business model, and key personnel, including designated roles such as the Compliance Officer for Legal Practice (COLP) and Compliance Officer for Finance and Administration (COFA). The application must demonstrate that the firm will operate ethically, meet all regulatory requirements, and have appropriate systems in place to manage risk, client confidentiality, and anti-money laundering obligations.
OFSI
OFSI stands for the Office of Financial Sanctions Implementation, a part of HM Treasury in the UK. OFSI is responsible for implementing and enforcing financial sanctions, which are restrictions put in place by the UK government to achieve foreign policy and national security objectives. These sanctions can apply to individuals, entities, and countries and may involve asset freezes, restrictions on financial services, or trade-related measures. OFSI provides guidance to businesses and individuals on complying with sanctions regulations, processes licence applications for permitted transactions, and has the authority to investigate breaches and impose civil penalties where appropriate.
OFSI Search
An OFSI search would be used during the KYC (Know Your Customer) process to check whether a client, beneficial owner, or connected party is listed on the UK sanctions list maintained by the Office of Financial Sanctions Implementation (OFSI) OFSI Consolidated List Search
Outsourcing
In the context of a law firm compliance consultant, outsourcing refers to the practice of engaging an external expert or consultancy to manage certain compliance functions on behalf of the law firm, rather than handling them entirely in-house. This can include services such as anti-money laundering (AML) checks, risk assessments, regulatory reporting, policies and procedures drafting, training, file audits, or acting as an external COLP or COFA support. Outsourcing allows law firms – particularly smaller firms or those without dedicated compliance teams – to meet their regulatory obligations efficiently and cost-effectively, while benefiting from the expertise and up-to-date knowledge of a specialist. However, responsibility for compliance always remains with the law firm, so it’s crucial that outsourcing arrangements are clearly defined and properly managed.
PEPs
PEPs, or Politically Exposed Persons, are individuals who hold prominent public positions or have held such positions in the past, along with their close associates and immediate family members. Due to their influence and access to public funds, PEPs are considered to present a higher risk of involvement in money laundering, bribery, or corruption. Examples include heads of state, government ministers, senior judges, high-ranking military officers, and executives of state-owned enterprises. In the context of KYC (Know Your Customer) and AML (Anti-Money Laundering) compliance, firms are required to identify PEPs and apply enhanced due diligence measures to mitigate the increased risk associated with doing business with them.
Risk management for law firms
Risk management for law firms involves identifying, assessing, and mitigating the various risks that could impact the firm’s ability to operate effectively, comply with regulations, and protect its clients and reputation. Key areas of risk include regulatory compliance (such as anti-money laundering, data protection, and SRA standards), client and matter risk (conflicts of interest, client due diligence, and file management), financial risk (fraud, billing errors, or mismanagement of client money), reputational risk, cybersecurity threats, and professional negligence.
SAR - Suspicious Activity Report
A Suspicious Activity Report (SAR) is a formal report submitted by regulated firms, including law firms and financial institutions, to the relevant authorities (such as the UK’s National Crime Agency (NCA)) when they identify or suspect that a transaction or activity may involve money laundering, terrorist financing, or other criminal conduct. The SAR details the suspicious behaviour, the parties involved, and any relevant information uncovered during due diligence. Filing a SAR is a legal obligation under anti-money laundering (AML) regulations and must be done without “tipping off” the client or involved parties. SARs help authorities detect, investigate, and prevent financial crime
SAR - Solicitors Accounts Rules
The Solicitors Accounts Rules (SAR) are a set of regulatory requirements established by the Solicitors Regulation Authority (SRA) in the UK that govern how solicitors must manage and handle client money and accounts. These rules ensure that client funds are kept separate from the firm’s own money, properly recorded, and safeguarded to prevent misappropriation or fraud. The SARs cover areas such as maintaining accurate client account records, timely reconciliation, proper use of client accounts, and reporting any discrepancies or irregularities. Compliance with the Solicitors Accounts Rules is essential to maintain trust, protect clients’ interests, and meet the firm’s regulatory obligations.
Source of funds
Source of funds refers to the origin of the money a client uses in a transaction or business relationship. In compliance and anti-money laundering (AML) processes, verifying the source of funds means understanding and documenting where the client’s money comes from i.e. earnings, inheritance, sale of assets, or loans, to ensure it is legitimate and not derived from criminal activity. This is a crucial step in risk assessment during client onboarding and ongoing monitoring, helping firms prevent involvement in money laundering, terrorist financing, or other financial crimes. Clear evidence of source of funds is often required before completing significant transactions or establishing certain business relationships.
Source of wealth
Source of wealth refers to the origin of a client’s entire accumulated wealth or overall financial resources, rather than just the specific funds used in a single transaction. It involves understanding how the client has legitimately acquired their total assets over time – such as through employment income, business profits, investments, inheritance, or property sales. In anti-money laundering (AML) and compliance processes, verifying source of wealth helps firms assess the client’s financial background and the legitimacy of their wealth, especially for high-net-worth individuals or when dealing with large or complex transactions. This deeper level of scrutiny supports effective risk management and helps prevent the firm from being used to launder illicit wealth.
SRA Accounts Rules
The SRA Accounts Rules (also known as SARs) are a specific set of regulations issued by the Solicitors Regulation Authority (SRA) that govern how solicitors and law firms in England and Wales must handle client money and maintain their accounts. These rules ensure that client funds are kept separate from the firm’s own money, properly recorded, and protected against misuse or misappropriation. The rules cover requirements for opening and operating client accounts, record-keeping, reconciliation, dealing with payments, and reporting any irregularities or breaches. Compliance with the SRA Accounts Rules is essential for maintaining client trust, meeting regulatory obligations, and avoiding disciplinary action or financial penalties.
SRA Audit
An SRA audit is a formal inspection or review conducted to ensure a law firm’s compliance with the Solicitors Regulation Authority (SRA) rules, particularly focusing on financial and practice management standards. This audit often involves a thorough examination of the firm’s client accounts, adherence to the SRA Accounts Rules, and overall regulatory compliance, including anti-money laundering (AML) procedures and risk management. The SRA may require an audit as part of routine regulation, in response to concerns, or after complaints. The firm must provide relevant documentation, records, and explanations during the audit. The purpose is to protect clients’ money and uphold professional standards within the legal sector
SRA Code of Conduct – for Firms & for Solicitors/RELs
The SRA Code of Conduct sets out professional standards and ethical obligations for both law firms and individual solicitors or Registered European Lawyers (RELs), but the rules differ to reflect their distinct roles:
SRA Code of Conduct for Firms focuses on the responsibilities of law firms as entities. It covers how firms must manage their business to ensure compliance with regulatory requirements, including maintaining effective systems and controls, ensuring proper handling of client money, managing risks, promoting equality and diversity, and delivering competent legal services. Firms must also ensure that they have appropriate governance and that all individuals within the firm comply with the SRA’s principles.
SRA Code of Conduct for Solicitors and RELs
This applies to individual lawyers and sets out their personal professional duties. This includes acting with integrity, maintaining client confidentiality, providing competent service, avoiding conflicts of interest, upholding the rule of law and the proper administration of justice, and complying with all regulatory requirements. Individual solicitors must also uphold the reputation of the profession through their conduct
SRA Consulting
SRA consulting refers to the professional advisory services provided to law firms and legal practices to help them comply with the Solicitors Regulation Authority’s (SRA) regulatory framework. This includes guidance on meeting the SRA Codes of Conduct, implementing anti-money laundering (AML) procedures, managing client money in accordance with the SRA Accounts Rules, preparing for SRA audits and inspections, and developing effective risk management and governance systems. SRA consulting also often involves training staff, reviewing internal policies, handling regulatory reporting, and supporting firms in addressing any compliance issues. The goal is to ensure law firms operate ethically, reduce regulatory risk, and maintain their authorisation to practice.
UK Sanctions Regime
The UK Sanctions Regime is a legal framework established by the UK government that imposes serious and extensive financial and trade restrictions on individuals, entities, and countries to promote national security, foreign policy, and international peace objectives. It includes measures such as asset freezes, travel bans, restrictions on financial transactions, and trade embargoes targeting those involved in terrorism, human rights abuses, or destabilising activities. The regime is enforced primarily by the Office of Financial Sanctions Implementation (OFSI).
Unbundled legal services
Unbundled legal services (also known as limited scope representation) allow clients to hire a lawyer to handle specific parts of their legal matter rather than the entire case. Instead of full representation, the lawyer might provide discreet services such as drafting documents, giving legal advice on a particular issue, or representing the client at a specific hearing. This approach makes legal help more affordable and accessible by letting clients manage some tasks themselves while getting professional support where it matters most. It also gives clients greater control over costs and involvement in their case.
Contact any of our law firm compliance consultants
Or complete the form below
Explore our services
Catch up on our the latest law firm compliance news below
The SRA wants solicitors to record their learning and have annual ethics conversations. Here’s what that actually means.
Read More »