Manual processes weakening AML compliance in law firms

AML compliance remains a top concern for law firms heading into 2025. This follows the Solicitors Regulation Authority’s (SRA) latest report, which states it issued over £1.5m in fines within its first two years using enhanced fining powers.

Firms often handle hundreds, thousands, or even tens of thousands, of matters annually. If just one of those cases hasn’t been properly assessed, the consequences can be significant. We’re talking about substantial fines that, for a medium-sized firm, could account for a noticeable percentage of revenue.

The regulator’s push to increase its fining power in 2025 is understandably causing concern among firms, who are keen to ensure their AML compliance processes are airtight. However, firms need to look beyond the immediate threat and start addressing deeper, more systemic issues within their operations. 

Many AML processes are outdated and heavily manual, leaving firms vulnerable. The deficiencies in how AML risks are managed will become increasingly evident, exposing firms not only to AML risks but to regulatory scrutiny.

Manual processes remain the root cause 

AML compliance has long been a manual process. Analysts gather information, review it, contact clients, analyse the returned data, and assess whether additional information is needed based on the client’s risk level. This typically involves screening tools and corporate information aggregators spread across various subscriptions and platforms. When repeated tens of thousands of times a year, this process quickly becomes resource-intensive.

The problem with manual processes is that they inherently create a ripple effect of inefficiencies. Since manual compliance processes are often spread across disjointed systems, AML compliance becomes slow and time-consuming. The client onboarding experience suffers, and the firm feels the impact:

• Billable work gets delayed.
• Operational costs skyrocket.
• Disjointed systems create inefficiencies.
• It becomes harder to foster a compliance-first culture.
• Processes can’t scale.
• The competitive edge is lost.

Delaying billable work is one of the most significant consequences of manual AML processes. Fee earners can’t start work and, as a result, view AML compliance as a hindrance. The firm’s bottom line also takes a hit because matter work must begin for the firm to start billing clients.

Global standard amid divergent regulations

Many firms face the challenge of balancing global, unified compliance programmes with addressing local legal and compliance risks. Last year, the Financial Action Task Force (FATF) flagged inconsistent implementation of AML standards across jurisdictions as a major global challenge, particularly for multinational firms operating in regions with varying risk thresholds. 

This inconsistency can lead to two approaches, neither of which is ideal: adopting a uniform set of higher due diligence standards that may sometimes exceed requirements, or implementing a nuanced, jurisdiction-specific strategy. The latter involves triaging clients based on risk levels and applying tailored due diligence according to applicable AML rules.

While a triaged approach offers efficiency and precision, it demands a significant investment in highly specialised compliance personnel who can navigate these complexities. Balancing these competing demands is going to be one of the most pressing challenges for law firms in 2025. 

Inefficiencies and misallocation of resources

When AML analysts manually research each client to tick AML compliance boxes, they often spend the same amount of time on every client, regardless of the client’s risk level. This leads to a disproportionate focus on low and medium-risk clients, diverting attention away from higher-risk cases.

Compliance personnel are both highly skilled and expensive. Their efforts should be concentrated on the areas of greatest risk to ensure AML compliance is efficient and scalable. For larger firms, the time spent onboarding clients under this model can add up to millions of hours annually.

It increases workloads for in-house compliance and client-facing teams but also strains client relationships. It can delay billable work or consume fee-earner time with AML queries, ultimately impacting the firm’s bottom line. The reality is that this “gold-standard” approach to AML compliance is unsustainable.

The cultural impact of manual processes

“I honestly believe the vast majority of solicitors are not doing it [non-compliance] deliberately and you are busy people,” said SRA chief executive Paul Philip in 2023. “But it is an important element and we are going to be coming down harder.”

The largest part of money laundering risk is during the relationship. Clients can clear the hurdles at the beginning, but once they’re in, it’s essentially free reign.

Unless a partner, who may not have the right incentives or training to spot red flags, identifies suspicious activity, it can slip through the cracks. The real issue is the disconnect between manual systems and the ongoing management of client relationships, leaving firms vulnerable to risks that may emerge later on,

Fee-earners need to feel connected to the AML due diligence process. However, when the process is manual and disconnected from the broader client relationship, it can leave them feeling isolated and unmotivated. This lack of ownership makes it harder to spot money laundering risks in the day-to-day operations of the firm.

Fee-earners play a critical role in identifying potential issues within client matters. In 2025, it’s more important than ever for firms to build stronger collaboration between compliance teams and fee-earners, fostering a culture that supports engagement and shared responsibility.

The case for Initial Due Diligence

Compliance can only manage AML risk by applying risk-based measures when they have a comprehensive understanding of a client’s risk level from the start. Having this broader view upfront ensures that potential risks are identified early, allowing for appropriate actions such as monitoring, reporting, or escalating issues for further investigation.

Only automation can enable this quickly and at scale. 

Advances in AI technology, such as Machine Learning (ML) and Natural Language Processing (NLP), now empower compliance teams to conduct deeper due diligence further upstream. AI is not only improving the accuracy of risk assessments but also reducing the cost and time involved. 

For a medium-sized firm, compliance spending can represent 1.5-2% of total revenue. One firm calculated that delays in the client intake process were costing them £1.2 million in lost partner fees annually. By automating AML due diligence upfront, compliance teams can clear low-risk clients for fee-earners to open client matters sooner. Firms like this could save significant amounts.

With manual processes minimised, compliance teams can also scale onboarding operations, take on more clients, and improve their ability to manage AML risk. Their capacity has grown, allowing them to consistently apply a risk-based approach to clients, ensuring the right AML controls are in place to manage them better. 

Given the volume of matters that firms handle, it’s statistically inevitable that mistakes will occur. Automated systems provide an auditable and consistent process, ensuring AML compliance tasks are completed correctly every time.

Most importantly, automated systems can divert limited time and resources away from lower-risk clients and matters to higher-risk clients and matters, as well as ongoing monitoring efforts.