The FCA Takeover of AML Supervision for Law Firms
Why LegalFab provides the infrastructure the FCA expects
The UK Government’s decision to transfer Anti Money Laundering (AML) supervision for law firms from the Solicitors Regulation Authority (SRA) and other Professional Body Supervisors (PBSs) to the Financial Conduct Authority (FCA) marks a structural shift in how legal sector AML compliance will be monitored, evidenced, and enforced.
While the underlying Money Laundering Regulations 2017 (MLRs) remain unchanged, the FCA’s supervisory model is fundamentally different: data driven, analytics led, continuously monitored, and enforcement oriented. Law firms will be expected to demonstrate not only that AML controls exist, but that they operate effectively, consistently, and with full auditability.
LegalFab.ai is purpose built for this new regulatory environment. Its AI native Knowledge Fabric, perpetual KYC capabilities, agentic but explainable workflows, and unified governance architecture provide the infrastructure required to meet the FCA’s expectations for continuous monitoring, data integrity, and demonstrable compliance.
This paper outlines the regulatory shift, the operational implications for law firms, and why LegalFab.ai represents the most robust and future proof compliance platform for the FCA era.
1. The Regulatory Shift: From SRA to FCA Supervision
1.1 What Is Changing
The FCA will become the single AML/CTF supervisor for legal service providers. This brings:
- A financial-services-grade supervisory model
- Greater emphasis on data, analytics, and evidence Stronger enforcement powers
- Increased expectations for governance and senior manager accountability
- A shift from periodic audits to continuous monitoring
1.2 What Is Not Changing
- The MLRs remain the same.
- Core obligations—CDD, EDD, ongoing monitoring, risk assessments, SARs—are unchanged.
- The SRA will continue to regulate professional conduct, creating dual-regulation risk.
The transformation lies not in the rules, but in how compliance must be demonstrated.
2. FCA Supervision: What Law Firms Should Expect
2.1 Data-Driven, Evidence-Based Oversight
The FCA’s supervisory model is built on:
- Real-time data access
- Digital audit trails
- Analytics-based risk profiling
- Continuous monitoring of client and matter risk
- Demonstrable control effectiveness
Firms must be able to prove that AML controls work in practice, not merely that policies exist.
2.2 Stronger Enforcement Powers
The FCA may deploy:
- Inspections
- Skilled Person Reviews (s166)
- Fines and sanctions
- Potential restrictions on practice rights
- Senior manager accountability similar to SMCR
2.3 Increased Compliance Burden
Firms should anticipate:
- Higher supervisory fees
- Technology upgrades
- More robust governance structures
- Greater documentation and MI requirements
2.4 Dual Regulation
The SRA retains conduct oversight.
This creates:
- Overlapping obligations
- Increased scrutiny
- Potential for cross-regulator enforcement
3. FCA Expectations for AML Systems and Controls
Experienced AML professionals will recognise these as standard in financial services. For many law firms, they represent a step-change.
3.1 Customer Due Diligence & KYC
Systems must support:
- Identity verification
- Risk-based CDD (standard, simplified, enhanced)
- Ongoing monitoring triggers
- Sanctions, PEP, and adverse media screening
- Immutable audit trails
3.2 Transaction & Behavioural Monitoring
The FCA expects:
- Rule-based and ML-based detection
- Behavioural profiling
- Alerts for unusual patterns
- Case management for investigations
- Explainability of detection logic
3.3 Explainability & Model Governance
AI/ML must be:
- Transparent
- Explainable
- Version-controlled
- Bias-tested
- Fully documented
3.4 SAR Workflow Support
Systems must support:
- Internal SAR escalation
- Evidence capture
- QA processes
- MLRO oversight
3.5 Data Integrity & Governance
Firms must demonstrate:
- Immutable audit logs
- Role-based access controls
- Data lineage and provenance
- Secure storage and encryption
- GDPR-aligned handling
3.6 Risk Assessment & Reporting
Firms must maintain:
- Firm-wide risk assessments
- Dynamic client risk scoring
- MI dashboards
- Regulatory reporting capability
4. Why LegalFab.ai Is Purpose-Built for the FCA Regime
LegalFab.ai is not a legacy system retrofitted for AML. It is an AI-native, compliance-first platform designed to meet the FCA’s expectations for unified data, continuous monitoring, and explainable automation.
5. The Knowledge Fabric: FCA-Ready Data Unification
5.1 A Graph-Based Intelligence Layer
LegalFab’s Knowledge Fabric unifies:
- PMS, DMS, CRM
- Onboarding systems
- Sanctions/PEP data
- External intelligence sources
This creates a single source of truth for AML data.
Key capabilities
- Entity resolution across systems
- Relationship mapping (clients, UBOs, matters,
counterparties) - Multi-hop reasoning
- Real-time enrichment
- Full data lineage
This directly supports FCA expectations for data consistency, accuracy, and auditability.
6. Perpetual KYC: Meeting the FCA’s Demand for Continuous Monitoring
The FCA expects ongoing, risk-based monitoring, not periodic refresh cycles.
LegalFab’s perpetual KYC:
- Continuously updates client risk profiles
- Monitors ownership changes
- Tracks sanctions/PEP/adverse media updates
- Automatically triggers EDD workflows
- Maintains a complete audit trail
This aligns precisely with the FCA’s model for financial institutions.
7. Agentic AI Workflows: Explainable, Auditable, and Compliant
LegalFab uses Directed Acyclic Graphs (DAGs) to orchestrate AML workflows.
Why this matters
- Every step is logged
- Every decision is explainable
- Every data source is traceable
- Every workflow is auditable
This is essential for:
- Skilled Person Reviews
- FCA inspections
- Internal audits
- MLRO oversight
Unlike autonomous “black box” agents, LegalFab’s agentic workflows are controlled, transparent, and regulator-friendly.
8. MCP-First Integration: Eliminating Fragmentation
The FCA is deeply concerned about fragmented systems and inconsistent controls.
LegalFab’s Model Context Protocol (MCP) approach:
- Connects each system once
- Centralises governance
- Eliminates brittle point-to-point integrations
- Ensures consistent AML controls across the firm
This creates the unified compliance environment the FCA expects.
9. FCA-Ready Reporting, MI, and Evidence Packs
LegalFab can automatically generate:
- AML audit packs
- Risk dashboards
- Client/matter risk histories
- SAR preparation workflows
- Governance and lineage reports
This dramatically reduces the burden of FCA inspections and ongoing supervision.
10. Summary: Why LegalFab.ai Is the Strategic Solution for FCA Supervision
| FCA Requirement |
What the FCA Expects |
How LegalFab.ai Delivers |
| Continuous monitoring |
Ongoing, risk-based CDD |
Perpetual KYC + dynamic risk scoring |
| Data-driven supervision |
Analytics, entity resolution |
Knowledge Fabric unifies all AML data |
| Auditability |
Full logs, explainability |
DAG workflows with complete lineage |
| Governance |
Clear accountability |
Centralised permissions + MLRO dashboards |
| Consistency across systems |
No fragmentation |
MCP-first integration model |
| High-risk prioritisation |
Identify & escalate |
AI-driven risk detection & alerts |
LegalFab.ai provides the infrastructure the FCA expects, but which legacy systems cannot deliver. It enables firms to transition from SRA-style compliance to financial-services-grade AML governance, with:
- Unified data
- Continuous monitoring
- Explainable automation
- Full auditability
- Real-time MI
- Scalable, future-proof architecture