
Professional Services Firms are in for an AML shock
The UK's FCA is expected to take over the reigns on AML matters and they mean business
Professional Services Firms Are in for an AML Shock
For decades, law firms, accountants, and trust and company service providers have operated under a patchwork of AML supervision - overseen by their own professional bodies, with industry-familiar faces setting the rules. That world is ending.
What Is Happening
The UK government has confirmed one of the most significant changes to the country's anti-money laundering regime in recent years: the Financial Conduct Authority (FCA) will become the single supervisor for AML and counter-terrorist financing (CTF) compliance across professional services.
This means around 60,000 firms, including solicitors, accountants, and trust and company service providers (TCSPs) will move out from under the 22 professional body supervisors (PBSs) that currently oversee them, including bodies like the SRA and ICAEW. The FCA, which already supervises financial institutions, will absorb them all under one roof.
This isn’t a big surprise for many folk as FATF (in its 2018 Mutual Evaluation) identified "inconsistencies and weaknesses" across the UK's 22-supervisor professional services model as a significant vulnerability. This also directly resulted in the creation of OPBAS. The current system has produced inconsistent standards, weak enforcement, and a compliance culture that has not kept pace with the threats it faces.
HM Treasury's own AML supervision report for 2024–25 didn’t shed a good light on the industry: only 24% of accountancy firms and 29% of legal firms assessed were found compliant (with a further 59% and 45% respectively rated only "generally compliant"). Fines totalling over £2 million were issued across 338 separate fines (more than triple the total value issued in 2022–23) and yet compliance rates have barely improved.

How is the FCA Any Different?
The FCA operates in a fundamentally different way to the professional body supervisors that firms are accustomed to.
Registration and gatekeeping. Under the new model, all in-scope firms will be required to register with the FCA, which will have powers to accept, deny, suspend, or cancel registrations. The FCA will also be able to police the perimeter, proactively identifying unregistered firms carrying out in-scope activities. Until now firms have been used to automatic membership of a professional body acting as a de facto supervisor.
Fit and proper assessments. The FCA will apply fit and proper tests to professional services firms and their senior management, a standard that financial institutions know well, but that is new territory for many law and accountancy practices. Becoming a beneficial owner, officer or manager of an in-scope firm without prior FCA approval will constitute a criminal offence.
Hard enforcement tools. The FCA's toolkit is considerably more powerful than that of its predecessor bodies. Skilled person reviews (Section 166-style), formal directions, higher financial penalties, and public enforcement action are all on the table. The SRA's principal enforcement mechanism was disciplinary action through professional codes of conduct.
Data and intelligence. The FCA will maintain up-to-date risk profiles for each firm and sector, allocate supervisory resources on a risk-based basis, and engage in active intelligence-sharing with law enforcement. This is a much more analytical approach and applies a more surveillance-oriented model of supervision.
The dual regulation risk. One complexity that firms must navigate is that in some cases a breach of AML rules may also result in breach of Conduct Rules overseen by professional bodies (e.g. the SRA) meaning firms may find themselves facing two distinct forms of regulatory scrutiny.
As for timing: primary legislation is required, and the realistic expectation is that the FCA will not formally begin supervising professional services until 2028 at the earliest. However, how firms transform historical records and existing processes can make the difference between a swift, straightforward audit and a damaging appearance on the front page of industry media.
How to Prepare

The firms that emerge in the best shape from this transition will be those that use the next two to three years proactively, rather than waiting for formal changes to land. Here is what that preparation looks like in practice:
Get your AML books in order. The FCA will be looking for documented, defensible compliance. That means reviewing your firm-wide risk assessment (FWRA), your client and matter-based risk assessments, your CDD policies and procedures, and your SAR reporting track record. Gaps identified now are far better than gaps identified by a new regulator with hard enforcement powers trying to make a point.
Identify and close data gaps. Common weaknesses flagged in current supervisory reviews include expired documents, missing UBO information, incomplete onboarding files, and outdated risk ratings. If your client register has these issues, a systematic remediation programme is far preferable than dealing with a Section 166 enforcement notice.
Strengthen governance and reporting lines. The FCA will expect clear accountability for AML compliance at senior management level. Firms should be reviewing whether MLRO responsibilities, escalation procedures, and board-level oversight are fit for purpose under FCA expectations.
Prepare for a fit and proper assessment. Senior individuals with AML oversight responsibilities should start thinking now about how they will evidence competence, appropriate resourcing, and effective governance.
Document everything. The FCA's supervision model is evidence-based. Decisions, rationale, screening outcomes, risk assessments all of it needs to be documented, timestamped, and retrievable. If your onboarding packs are half-sitting between emails and Share Point it might be worth upgrading your systems.
Where AI Fits In
The demands being placed on professional services firms are operationally heavy. The volume of documentation, the complexity of ownership structures, the requirement for real-time screening, ongoing monitoring, and periodic reviews: these are not challenges that can be solved by adding headcount. Compliance is a linear scaling problem. The more clients you take on, the bigger the burden grows and compliance talent is expensive, hard to retain, and hard to deploy consistently at scale.
This is precisely the problem that AI-powered platforms like Steward are built to address.
Steward is an end-to-end AML compliance platform that automates the full lifecycle of client compliance from onboarding and identity verification to ongoing screening, periodic reviews, and case management. Rather than bolting AI onto an existing manual process, Steward is built from the ground up to handle the kind of complexity that professional services firms deal with every day:
AI-first audit of your current onboarding packs
KPI data readily available and actionable
Automated periodic reviews and remediation resolution
False positive management
Unravelling multi-layered corporate structures
UBO identification across multiple jurisdictions
AI-driven document review across languages
For firms preparing for FCA supervision, platforms like Steward can deliver scalability without the proportional cost growth.
To learn how Steward can help your firm prepare for FCA supervision, request a demo here.
From the blog
The latest industry news, interviews, technologies,
and resources.

Deepfakes Have Arrived at Investor Onboarding. Your Checks Haven't Noticed
Deepfake KYC fraud is surging - face swaps and camera injection now beat standard biometric onboarding. What funds, banks and wealth managers must change about identity verification.
Jul 17, 2026
arik oslerne
1 min read

AI KYC Remediation: How AI Agents Clear a Backlog, Task by Task
See how AI KYC remediation works task by task: alert adjudication, entity resolution, and perpetual KYC that stops backlogs reforming
Jul 16, 2026
Geoffrey Safar
1 min read

What Europe's New AML Regime (AMLA) Means for Funds
The EU's AMLR applies from 10 July 2027 and AMLA is already writing the rulebook. What the new EU AML regime means for funds, fund admins and private banks - and why waiting is a mistake
Jul 15, 2026
arik oslerne
1 min read

How to Reduce False Positives in AML Screening
Cut sanctions and PEP false positives in AML screening: why they happen, how to tune matching, and how to keep every dismissal auditable and defensible.
Jul 15, 2026
Geoffrey Safar
1 min read
Product