The SRA’s 2024–25 AML report makes uncomfortable reading. 426 potential breaches reported. 151 enforcement actions issued. 32.4% of inspected firms found to be non-compliant. Almost double the breach figures from the previous year.
The instinct is to look for bad actors. But that is not what the data shows. The common thread running through the majority of these failures is something far more mundane: manual processes that cannot be consistently executed at scale.
What the SRA data actually tells us
The SRA’s 2024–25 report does not paint a picture of firms deliberately facilitating financial crime. What it reveals is that most failures occur at client due diligence during onboarding, the routine, repeatable part of every matter, not in complex money laundering schemes.
That distinction matters. If the risk were concentrated in unusual or high-value transactions, the solution would be specialist expertise and heightened oversight. But when failures cluster around standard CDD, the problem is structural. It is a process problem.
Why manual CDD is inherently unreliable
Every manual step in a compliance process depends on an individual executing it correctly, every time. Different fee earners apply different standards. Risk flags get raised in a conversation but not documented. CDD checks are performed but recorded inconsistently, or not at all.
None of this is malicious. It is simply what happens when a firm relies on people rather than process to carry the compliance burden.
The SRA does not grade on effort. It expects the same standard on every matter, from every fee earner, on every occasion. Manual processes cannot guarantee that, and the inspection data shows exactly what happens when they fall short.
The cost of getting it wrong
The direct consequences of an enforcement action are well understood: fines, practice restrictions, regulatory censure. The indirect costs are less discussed but often more damaging. Management time diverted into responding to the SRA. Reputational exposure with clients and referrers. Heightened scrutiny on every subsequent inspection.
The investment required to systemise a CDD workflow is modest by comparison. Firms that treat compliance infrastructure as a cost to be minimised are, in practice, taking on considerably more financial and reputational risk than those who build it properly.
What a robust AML/KYC process actually looks like
The structural answer to a structural problem is a structured process. That means the same CDD steps, the same documentation requirements, and the same risk parameters applied to every matter, regardless of who is handling it.
In practice, a well-designed compliance workflow does several things consistently. It applies risk parameters defined by the firm’s compliance team, not left to individual judgement. It surfaces anything outside those parameters automatically, so it reaches a supervising lawyer rather than being quietly noted and forgotten. And it creates a complete, timestamped audit trail that is exportable and ready for inspection at any point.
Critically, the lawyer’s judgement is not removed from this process. It is protected. Human oversight stays exactly where the SRA expects it, the difference is that the process around it becomes reliable.
How Karli delivers this in practice
Karli is Kyanite’s automated CDD and AML workflow tool, built specifically for law firms operating under the SRA framework.
Every matter follows the same onboarding process regardless of which fee earner handles it. Risk flags are surfaced automatically and routed to the supervising lawyer for a decision. The audit trail is complete from the moment onboarding begins, with every step documented and timestamped.
For compliance officers preparing for SRA inspection, that means the evidence of a consistent, properly executed CDD process is already built. For managing partners, it means compliance is no longer dependent on individual discipline, it is embedded in how the firm operates.
Ready to review your current process?
If the SRA’s 2024–25 data has prompted questions about how consistently your firm’s CDD process is being applied, we would welcome a practical conversation.
Book a compliance-focused walkthrough of Karli with our team. We will look at your current onboarding workflow, identify where inconsistency risk sits, and show you how a structured, automated process addresses it.
Many firms assume AML failures happen because someone ignored the rules. The reality is usually far less dramatic. Most AML findings stem from incomplete risk assessments, inconsistent client due …
Law firms spend a lot of time discussing retention. When lawyers leave, the conversation usually focuses on salaries, flexible working, culture or recruitment challenges. Those things matter. …
In most professional service sectors, the competitive battleground has already shifted. Technical expertise is assumed. What clients choose between is the experience around it: how quickly you respond, how clearly …
There is a legitimate tension at the heart of legal AI adoption. Law firms know they need to modernise. The administrative cost of onboarding a single client manually runs to …
Reputation in legal services is usually discussed in terms of legal outcomes. Winning cases, strong client relationships, recognised expertise. These things matter enormously. But they are not the only things …
Most managing partners have a reasonable handle on their firm’s costs. Salaries, rent, software licences, professional indemnity. What tends to escape scrutiny is the cost of manual client onboarding, not …
Most managing partners, if asked to rate their firm’s client experience, would point to the quality of the legal work. The advice. The outcomes. The relationships. They would be right …
People are the most powerful lever in any organisation. Yet many businesses unknowingly limit performance by allowing talent misalignment to persist. Despite investing in recruitment, development and culture, leaders often …
In 2026, legal clients aren’t just looking for excellent legal advice, they’re also expecting smooth, responsive, professional service at every stage of the client journey. Prompt replies, clear communication, seamless onboarding, and consistent updates aren’t “nice to have” …
The best CEOs share one defining strength: the ability to make high-quality decisions quickly and confidently. In a world where markets shift overnight and disruption is constant, decision-making has become a competitive …
