AML & Sanctions Data Collection: Are You Ready?

Helping You Navigate the July 2025 Questionnaire

Proactive preparation is key. We break down the SRA's data requirements so your firm can act decisively.

The SRA annual AML and Sanction Data Collection Questionnaire - July 2025
SRA AML and Sanctions Questionnaire July 2025
Contact Us

The Solicitors Regulation Authority (SRA) is conducting an annual data collection exercise in July 2025 to gather information from regulated firms regarding their compliance with anti-money laundering (AML) regulations and sanctions regimes. 


This exercise is a regulatory requirement and aims to provide the SRA with crucial data to inform its risk-based approach to supervision of the legal sector, allocate resources effectively, and adapt its approach to evolving risks.

Specimen Questionnaire Highlights:

The PDF specimen questionnaire is titled 'AML Data Collection exercise 2024', there is also a word version. 

The specimen questionnaire provides a detailed preview of the types of questions firms will be asked. It is structured with initial questions to determine which subsequent sections are relevant to the firm. The form is thus has a conditional format for some of the questions.


The main sections are:

A Summary of the Sections

Initial Q01: 

Asks if the firm carries out activities in scope of MLR 2017, listing specific activities such as buying/selling property or businesses, managing client money/securities/assets, opening/managing certain accounts, organizing company creation contributions, and providing tax-related aid/advice.

Initial Q02: 

Asks if the firm carries out Trust or Company Service Provider (TCSP) activities, outlining specific services.

Initial Q03:

Asks for the number of SARs submitted to the NCA in the last 12 months (including both defences against money laundering and intelligence-only reports).

Subsequent Sections (Conditional based on Initial Questions):AML Questions (Q04-Q14): If 'Yes' to Q01. 
Covers firm-wide risk assessments, policies/controls/procedures, employee training, percentage of MLR-in-scope matters and fee earners, largest client account deposit, percentage of matters with Enhanced Due Diligence/high risk, number of Politically Exposed Persons (PEPs) acted for, and number of times more than £5,000 has been returned from the client account. The definition of "relevant employees" for training is broad and includes administrative, reception, and finance staff.

Trust or Company Service Provider Questions (Q15-Q21): If 'Yes' to Q02. 

Asks about undertaking TCSP work for high-risk clients and the percentage of firm turnover represented by specific TCSP activities. 

If a firm has an AML firm-wide risk assessment (Q04 answered 'Yes'), it also asks if TCSP risks are addressed and what mitigation steps are taken.

Suspicious Activity Report Questions (Q22-Q27):If Q03 answered above '0'. 

Asks for the breakdown of SARs submitted by type (information-only, defence against money laundering) and the work areas featured in SARs (TCSP, buying/selling property/businesses, other MLR-in-scope work, out-of-scope services).

Sanctions Questions (Q28-Q44):Everybody needs to complete this section. 

Covers whether the firm has assessed sanctions risks, if clients have connections to specific listed countries, if the firm provides advice in specific work areas related to sanctions (Trade, Shipping, Aviation, Immigration, Financial Sanctions), how new and existing clients are checked for sanctions, if work has been carried out for designated persons (with or without a licence), the number of open matters involving designated persons, the number of licence applications made, if frozen assets belonging to designated persons are held, the total amount and number of clients for frozen assets, and the number of reports of designated persons, frozen assets, or sanctions breaches made to relevant bodies.

Accessing Online Form & Deadline

The data collection window opens in the first week of July 2025

The form will be accessible via an email to Compliance Officers and a direct link on the SRA webpage.

Access requires a mySRA login and a current relevant post and role at the firm recorded in mySRA

Submissions must be made via the online portal; email or hard copy submissions will generally not be accepted, "unless reasonable adjustments are agreed and applied."

The questionnaire must be completed by someone holding one of the following roles: Compliance Officer for Legal Practice, Authorised Signatory, Money Laundering Compliance Officer, or Money Laundering Reporting Officer.

What is the Magic Sauce? And How can you get it

  The magic sauce is detailed, granular data harvesting in preparation for the completion of the Questionnaire.

Your Project Management May Look Like this

Phase 1: Planning & Preparation (Before July 2025)

  1. Understand Requirements & Scope:

    • Thoroughly read and understand the SRA guidance, specimen questionnaire (PDF & Word versions), additional information, and all linked resources.
    • Identify which sections/questions are relevant to the firm based on initial conditional questions (Q01, Q02, Q03).
    • Note that the Sanctions section (Q28-Q44) is mandatory for all firms.
    • Confirm roles responsible for completion (COLP, Authorised Signatory, MLCO, MLRO).

  2. Resource Allocation & Team Formation:

    • Identify key internal stakeholders and staff whose input will be required (e.g., finance, compliance, fee earners, administrative staff, reception).
    • Assign specific questions or sections to individuals/departments.
    • Determine if external support (e.g., AML consultants, SRA Ethics Helpline) will be needed for guidance.

  3. Data Identification & Sourcing Strategy:

    • For each question, identify the exact data points required.
    • Determine the source of this data (e.g., firm-wide risk assessments, client files, training records, SAR logs, client account ledgers, HR records).
    • Plan how to extract or collect this data efficiently. This is your "granular data harvesting" strategy.

  4. Timeline & Milestones:

    • Establish a project timeline with clear internal deadlines well ahead of the SRA's July 2025 submission window.
    • Set milestones for data collection completion, draft review, and final sign-off.

  5. Technology & Access Check:

    • Ensure the designated individual (COLP, Authorised Signatory, MLCO, MLRO) has a current mySRA login and that their post/role is correctly recorded in mySRA.
    • Anticipate how the online form will be accessed (via email link or SRA webpage link in July 2025).

Phase 2: Data Collection & Drafting (Leading up to/during July 2025 window)

  1. Data Gathering Execution:

    • Systematically collect all identified data points from the relevant sources.
    • For conditional sections, ensure prerequisites are met before data collection.
    • Pay particular attention to definitions (e.g., "relevant employees" for training, SAR types).

  2. Drafting Responses:

    • Input collected data into a draft version of the questionnaire (using the Word specimen).
    • Ensure responses are accurate and directly address each question.
    • For "nil returns," ensure these are clearly documented for relevant sections.

  3. Internal Review & Quality Assurance:

    • Conduct internal reviews of the drafted responses by relevant stakeholders (e.g., department heads, senior management).
    • Verify accuracy, completeness, and consistency of all data.
    • Check for any potential discrepancies or areas of concern.

Phase 3: Submission & Follow-up (July 2025 & Beyond)

  1. Final Review & Sign-off:

    • The designated individual (COLP, Authorised Signatory, MLCO, MLRO) conducts a final, comprehensive review.
    • Obtain necessary internal approvals before submission.

  2. Online Submission:

    • Access the online form via the SRA's provided link (email/webpage).
    • Carefully transfer all validated data from the draft to the online portal.
    • Adhere strictly to the submission deadline.
    • Note that email/hard copy submissions are generally not accepted unless specific reasonable adjustments are agreed.

  3. Record Keeping:

    • Save a copy of the submitted questionnaire for the firm's records.
    • Document the date and time of submission.

  4. Post-Submission Analysis & Improvement (Ongoing):

    • Review any insights gained during the data collection process that highlight areas for AML framework improvement.
    • Implement necessary changes to policies, controls, procedures, or training.
    • Use this exercise as a baseline for continuous AML compliance enhancement (the "ongoing process / cycle of review, refinement, and improvement").

Please Note: This project management example is offered solely for illustrative and informational purposes. It is not intended as a prescriptive or mandatory requirement for your data collection efforts. Your responses to your regulator are your sole responsibility.

What do you need?

Navigating the complexities of AML compliance demands foresight. 


We provide the clarity and control you need through a suite of targeted audit services:


  • Mock AML Audit: Your Strategic Advantage. This isn't just a practice run; it's a critical pre-assessment. Our Mock AML Audits simulate regulatory scrutiny, providing confidential insights into your framework's strengths and weaknesses before your formal Regulation 21 Audit—a document you must share with your regulator. Proactively identify vulnerabilities, allowing you to fortify your defenses on your terms.

  • Regulation 21 Audit: Formal Regulatory Assurance. We conduct independent Regulation 21 Audits, providing the essential third-party verification required to demonstrate your firm's compliance to the SRA.

  • AML File Review: Validating Practical Implementation. Policies are foundational, but execution is everything. Our AML File Reviews meticulously examine client files to assess the practical application and effectiveness of your anti-money laundering policies, controls, and procedures (PCPs).

  • AML Staff Interviews: Assessing Operational Vigilance. Beyond documented procedures, we engage with your staff through AML Staff Interviews to evaluate their understanding, training effectiveness, and the consistent implementation of your firm's AML PCPs.

  • Focused Audit Areas: Targeted Risk Mitigation. Address specific concerns with precision. Our Focused Audits pinpoint and resolve challenges within particular areas of your AML framework, enable you to target improvement and robust compliance where it matters most.

Do you want a free informal chat?

📬Would you like and informal chat?

📬Book your discovery call.

📬No obligation on you to progress further.

📬Contact us today - don't miss out. 

FAQ

Who, Why...

Alexander Christian: Anti-Money Laundering Services

5W1H

Some FAQ

Who?

Firms must provide information regardless of their involvement in work within scope of the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (MLR 2017), any contact or involvement with the sanctions regime or designated persons, or the submission of suspicious activity reports (SARs)

Even if a firm is not involved in one or more of these regimes, it is still a regulatory requirement to complete the form. In such cases, firms can submit a nil return.
Specifically, the section covering Sanctions questions (Q28 to Q44) needs to be completed by everyone (meaning all firms participating in the exercise)

Why?

1.Risk-Based Supervision: The SRA's own regulator, the Office for Professional Body Anti-Money Laundering Supervision (OPBAS), requires the SRA to take a risk-based approach to supervision. Collecting accurate data from firms is essential for the SRA to effectively supervise the legal sector in this manner
2.Understanding Risk Distribution: The collected data allows the SRA to see the distribution of risk across the legal profession. This helps them understand where the risks lie.
3. Informing Regulatory Actions: Understanding the risk distribution informs the SRA's programme of inspections and their guidance. This data helps them better allocate their resources.
4.Maintaining Up-to-Date Information: The SRA needs this data to be up to date and relevant so that their approach to supervision can evolve and adapt. Even if a firm isn't involved in work within the scope of the Money Laundering Regulations 2017 (MLR 2017) or doesn't have contact with the sanctions regime, completing the form (including a nil return if applicable) helps the SRA keep their information current.
5.Assessing Exposure and Involvement: Requiring all firms to answer, even those not directly involved in MLR 2017 scope work or sanctions, helps the SRA refresh data on which firms are or are not in scope. The sanctions section specifically helps the SRA see how exposed the profession is to the risk of sanctions and understand how many firms carry out work in this area.
6.Regulatory Requirement and Legal Powers: The SRA has the authority to require this data collection. It is a regulatory requirement made under Rule 3.3 of the SRA Code of Conduct for Firms, which requires firms to respond promptly and provide full and accurate information. Additionally, section 111A of the Legal Services Act 2007 allows the SRA to proactively request information to prevent or detect economic crime.

What?

Here is a brief summary:  

1. Complete the online questionnaire. It is a regulatory requirement for firms to complete this form.
2. Provide information on three key areas:
◦ Work firms carry out within the scope of the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (MLR 2017).
◦ Any contact or involvement they have with the sanctions regime and any persons who are designated under it.
◦ The submission of suspicious activity reports (SARs) to the National Crime Agency.
3. Submit a return even if not involved in MLR 2017 scope work or sanctions contact. Firms that are not involved with one or more of these regimes can submit a nil return. However, the sanctions questions (Q28 to Q44) need to be completed by everyone participating in the exercise, regardless of whether the firm has had contact with the sanctions regime.
4. Ensure the questionnaire is completed by someone holding a specific role at the firm, such as a Compliance officer for legal practice, Authorised signatory, Money Laundering Compliance Officer, or Money Laundering Reporting Officer.
5. Access the online form using a mySRA account with a current relevant post and role at the firm recorded in mySRA
6.  Answer questions to the best of their knowledge, providing the most precise information possible. The SRA will accept estimates if exact figures are not available. Specific guidance is provided for rounding percentages
7. Submit the completed form via the online portal when it opens in July 2025. Submissions will not be accepted via email or hard copy post unless reasonable adjustments are agreed.
8. Provide data aiming for the previous twelve calendar months before submission, or as close as possible. 

The questionnaire itself, based on the specimen provided, requests detailed information across various sections, including:
• Initial questions to determine if the firm carries out MLR 2017 in-scope activities or Trust or Company Service Provider (TCSP) activities, and the number of SARs submitted.
• If applicable, questions about AML firm-wide risk assessments, policies, procedures, and training.
• Data related to MLR 2017 in-scope work, such as percentage of open matters and fee earners involved
• Questions about client account activity, including the largest single deposit and frequency of large returns of money.
• Information on Enhanced Due Diligence, high-risk clients, and Politically Exposed Persons (PEPs)
• If applicable, questions about TCSP work, including whether risks are addressed in the risk assessment and turnover percentage from specific TCSP services
• If applicable, questions about the breakdown of submitted SARs by work area (TCSP, real property/business entities, other MLR scope, out of scope)
• Questions about sanctions risks and compliance, including whether risks are assessed, client connections to listed countries, methods for checking new and existing clients, work for designated persons (with or without licences), open matters with designated persons, licence applications made, holding of frozen assets (including value and number of clients), and reports made to OFSI or other bodies.
This request is made under the SRA's regulatory powers, specifically Rule 3.3 of the SRA Code of Conduct for Firms and section 111A of the Legal Services Act 2007, which allow the SRA to request information to prevent or detect economic crime.
Where?

•  The online form will not be available directly within your mySRA account.
•  Instead, during the data collection period, which opens in the first week of July 2025, you should look for a 'Log in' link that will appear on the relevant SRA web page.
•  Compliance officers will also receive an email containing a direct link to the questionnaire once the collection window is open.
•  You will need to use your mySRA login details to access the form via this link.
•  All submissions must be made through this online portal; submissions via email or hard copy post will not be accepted, unless reasonable adjustments have been agreed.

When?

The data collection window will not open until the first week of July. Compliance officers will be notified by email when the window for returning the information is open, and a direct link will be provided. This exercise is distinct from the annual practising certificate renewal, which is due in October 2025.  Firms should aim to provide data for the twelve calendar months prior to submission, or as close as possible.

How?

Here's a breakdown of how firms are to complete the exercise:
1.  Accessing the Form: The online form is not available directly within your mySRA account. Instead, you will need to access it via a 'Log in' link that will appear on the relevant SRA web page during the data collection period. Compliance officers will also receive an email with a direct link to the questionnaire once the window is open you will need to use your mySRA login details to access the form through this link. Access requires you to have a current relevant post and role at the firm recorded in mySRA.

2. When to Complete: The data collection window will not open until the first week of July. The online portal for submissions will open in July 2025.

3. Who Completes it: The questionnaire must be completed by someone at your firm holding one or more of the following roles: Compliance officer for legal practice, Authorised signatory, Money Laundering Compliance Officer, or Money Laundering Reporting Officer.

4.  Information Required: You must provide information on work carried out within the scope of the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (MLR 2017), any contact or involvement with the sanctions regime and designated persons, and the submission of suspicious activity reports (SARs) to the National Crime Agency.

5.Completing All Sections (where applicable)
You will answer initial questions (Q01-Q03) to determine which sections of the questionnaire apply to your firm. 
If you answer 'Yes' to carrying out MLR 2017 in-scope activities (Q01), you will complete the AML questions (Q04 to Q14). 
If you answer 'Yes' to carrying out Trust or Company Service Provider (TCSP) services (Q02), you will complete the TCSP questions (Q15 to Q21).

6. Mandatory Sanctions Section: Importantly, the Sanctions questions (Q28 to Q44) must be completed by everybody participating in the exercise.

7. Nil Returns: If your firm is not involved with one or more of the MLR 2017 or sanctions regimes, you will still need to answer the initial questions and potentially provide a nil return for certain sections (though sanctions are mandatory). This helps the SRA keep their information up to date.

8.  Providing Data: The SRA understands that firms store data differently. You should answer to the best of your knowledge and provide the most precise information possible. The SRA will accept estimates if exact figures are not available. Specific guidance is provided for rounding percentages (e.g., round up anything over 0% to 1%, or round to the nearest whole number if straddling a boundary). The data should cover the previous twelve calendar months before submission, or as close as you are able

9. Submission: All submissions must be made via the online portal. The SRA will not accept submissions via email or hard copy post, unless reasonable adjustments have been agreed.

10.  Preparation: A specimen version of the questionnaire is available for download to help firms prepare in advance of the collection window opening.

The requirement to complete this exercise is made under the SRA's regulatory powers, specifically Rule 3.3 of the Code of Conduct for Firms and section 111A of the Legal Services Act 2007, which permit the SRA to request information to prevent or detect economic crime. This is a separate exercise from the annual practising certificate renewal.

Source and Further Reading:

    📖  SRA Firm anti-money laundering and sanctions data requirements

    📖  Specimen Questionnaire

    📖  SRA Scope of the Money Laundering Regulations

    📖  SRA Warning Notice

    📖  Regulation 18 - FWRA/ PWRA

    📖  Regulation 18A - Proliferation Financing Risk Assessments

    📖  Regulation 19 - Policies, Controls and Procedures

    📖  Regulation 24(2) - Training 

    📖  FCA - para 2.16 - Who is a PEP

    Further Engagement:

    Speak to:

    - SRA - Ethics Helpline or designated department

    - Law Society - Practice Assistance Helpline

    - Law Care - if you require peer to peer emotional support 

    - AML consultants

    Acronyms and Phrases 

    Acronyms and Phrases mentioned

    Acronyms and Phrases  Explanation
     AMLAnti-Money Laundering 
    Authorised Signatory An individual authorized to sign documents on behalf of a firm.
     COLP Compliance Officer for Legal Practice (COLP): A required role within a law firm responsible for overall compliance with regulatory requirements.
     Designated PersonIndividuals or entities who are subject to sanctions under the sanctions regime.
     FCAFinancial Conduct Authority
     Legal Services Act 2007 Legal Services Act 2007: The legislation that established the SRA and the framework for regulating legal services in England and Wales.
     MLCO Money Laundering Compliance Officer (MLCO): A required role within a law firm responsible for compliance with money laundering regulations.
     MLRO Money Laundering Reporting Officer (MLRO): A required role within a law firm responsible for receiving and considering internal suspicious activity reports and submitting SARs to the NCA.
     mySRA The online portal used by solicitors and firms to interact with the SRA.
     Nil returnA submission to the SRA's data collection indicating that a firm is not involved in a specific regulated activity.
     PCPPolicies, Controls and Procedures
     PEPPolitically Exposed Person
     OPBAS Office for Professional Body Anti-Money Laundering Supervision (OPBAS): The body that supervises the anti-money laundering and counter-terrorist financing performance of professional body supervisors, such as the SRA.
     RegulationSpecific Regulations under the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (MLR 2017): The primary UK legislation outlining the requirements for firms to prevent money laundering and terrorist financing.
     Risk Based Approach SupervisionA method of regulation where resources and attention are focused on areas or entities considered to pose a higher risk.
    Sanctions Regime The set of laws and regulations imposing restrictions on individuals, entities, or countries, often for foreign policy or national security reasons.
     SARs Suspicious Activity Reports - Reports made to the National Crime Agency (NCA) when there are grounds to suspect money laundering or terrorist financing.
    There are three types of SARs
    - Information Sars
    - DAML - The term used by the UKFIU to describe an authorised disclosure in which the suspicion relates to money laundering – see above, where a reporter seeks a defence to an offence under the Proceeds of Crime Act 2002.
    - DATF - The term used by the UKFIU to describe an authorised disclosure in which the suspicion relates to terrorism financing – see above, where a reporter seeks a defence to an offence under the Terrorism Act 2000. 
    TCSPTrust or Company Service Provider 





    Disclaimer:

    This post does not represent legal or regulatory advice.

    Please see our disclaimer page

    Categories -
    AML
    Tags -
    AML Sanctions Legal Regulation Best Practice Guidance Due Diligence Identification Verification LSAG Red Flags Regulation