Law Firms

SRAOPBASFCA (incoming AML supervisor)
SRA thematic review · 2026

Only one COLP in 25 could describe their own obligations.

The SRA's 2026 thematic review found that only one COLP in 25 could describe their own regulatory obligations in full. I know mine. But knowing and evidencing are two different things — and the SRA is now explicitly interested in the difference.

When the inspection notice lands, the question is whether your breach log, SAR trail and COLP decisions exist as a coherent system of record — or as fragments you hope align.

Register →Do you need us? →

2

The regulatory landscape

COLPs and COFAs carry personal accountability for systems and controls, breach reporting, and AML compliance coordination. The SRA expects a live breach log, meaningful MLRO engagement, and firm-wide risk assessments that reflect the practice you actually run — not a generic law-firm template.

AML inspections focus on the MLRO's reasoning for SAR decisions (including decisions not to report), the defensibility of CDD files the SRA selects, and whether your risk assessment describes your client base, services and geographic exposure with specificity.

Professional body supervision is converging with OPBAS standards; the direction of travel for many firms includes transition to FCA AML supervision. FCA supervisory technique, investigative patience and penalty levels are not the same as historical SRA AML visits — firms should prepare for higher evidential density in the file.

The thematic stress visible in the 2026 review — knowledge gaps at COLP level, stressed compliance officers, and uneven documentation — is not a people problem alone. It is a systems problem: can the firm prove, file by file, that the COLP and MLRO discharged their duties in real time?

3

What regulators look for

On an SRA AML inspection, the MLCO and MLRO are expected to be available. Inspectors review the documents you have already submitted, then select client files. They ask for the SAR decision log and may review NCA submissions. They are looking for reasoning captured when the decision was made — not a narrative written after the visit was scheduled.

COLP interviews test whether oversight is operational: how breaches are escalated, how repeat issues are surfaced to management, and whether the COLP can evidence challenge and follow-through. A breach log that only records "serious" issues misses the pattern-recognition duty the SRA expects.

Where firms are transitioning toward FCA AML supervision, investigators will compare policy to file: does the firm-wide risk assessment describe high-risk practice areas honestly, and do CDD files show assessment — not just collection?

4

What Evidentia gives you

COLP and MLRO decision records

Structured, immutable entries for material COLP decisions, breach log updates and MLRO SAR determinations — with reasoning at the time of decision, mapped to SRA expectations.

Inspection-selected files

When the SRA picks files, you produce a consistent narrative: what was known, what was decided, what was escalated — without re-writing history under pressure.

FCA-transition posture

A board-grade evidence base that already looks like FCA-density documentation — not a scramble when supervision transfers.

5

The evidence gap

Most firms we speak to can describe good intent. The COLP challenged the partner. The MLRO made a judgment on a borderline SAR. But the contemporaneous record of that challenge — in a form that can be handed to a supervisor — often does not exist.

The gap is structural: email is not a breach log; minutes written by someone else are not proof of what you personally decided; reconstruction is not evidence when the SRA compares dates.

6

Key enforcement facts

Only one COLP in 25 could describe their own regulatory obligations in full — SRA thematic review, 2026.

52% of compliance officers reported feeling stressed about their role — same review.

FCA sole AML supervision for professional services firms is confirmed direction of travel — prepare for a different supervisory lens.

Find out whether your current approach would withstand scrutiny.

Do you need us? →

Join the founding cohort

Join the founding cohort. Your sector is pre-selected below — change it if needed.