(short version)
Why “tick-box” approaches no longer pass the test.
Why This Warning Notice Matters
On 18 October 2023, the SRA issued a Warning Notice highlighting persistent weaknesses in Client & Matter Risk Assessments (CMRAs).
The findings were stark:
📉 In 2019/20, 29% of reviewed files had no written matter risk assessment.
📉 By 2022/23, 51% were deemed ineffective.
The regulator linked this directly to wider AML compliance failings — from incomplete due diligence to missed enhanced checks.
⚠️ In other words: the CMRA is not just paperwork. It is the front line of your AML defence.
👉 Question for your firm: Could your CMRAs withstand scrutiny today?
Where Firms Are Falling Short
The SRA found recurring weaknesses across the profession:
❌ Assessments missing entirely or done incorrectly
❌ Risk ratings with no rationale behind them
❌ Tick-box answers instead of thoughtful judgments
❌ CMRAs not aligned with the firm-wide risk assessment
❌ Over-reliance on generic templates
❌ EDD requirements ignored or undocumented
These aren’t technicalities. They’re systemic weaknesses that open the door to regulatory action, penalties, or worse.
The Standards You Must Meet
The Warning Notice points directly to the Codes of Conduct and the Money Laundering Regulations 2017:
Solicitors (Code 7.1): You must keep up to date and comply with the MLRs, POCA, and Terrorism Act.
Firms (Code 2.1): You must monitor and enforce compliance with the MLRs across your practice.
MLRs (Reg 28, 30, 33): Risk assessments must guide CDD/EDD, be tailored case by case, and be kept under review.
📌 Translation: A CMRA isn’t optional, and it isn’t “once and done.” It must be:
✔️ Tailored
✔️ Comprehensive
✔️ Aligned with your FWRA
✔️ Documented and updated
What the SRA Expects in Practice
The regulator’s message was clear:
Do the CMRA at the start of each matter.
Make fee-earners responsible — but monitor their compliance.
Record the rationale for the risk rating, due diligence level, and mitigation.
Update assessments if new information arises.
Use templates wisely — tailor them to your firm and avoid off-the-shelf forms.
Train staff so risk scoring is applied consistently and correctly.
Anything less is unlikely to meet the regulatory standard.
The Consequences of Getting It Wrong
The Warning Notice also flagged enforcement action:
🚨 Disciplinary action for failing to scrutinise or update client files
🚨 Criminal prosecution in serious cases
🚨 Impending fixed financial penalties for firms that fail to undertake CMRAs
This isn’t a theoretical risk. The SRA has made clear: continued non-compliance will cost firms money.
Turning Compliance Into Strength
The takeaway? A CMRA isn’t about forms. It’s about thinking, documenting, and demonstrating judgment.
At Alexander Christian, we help firms:
🔹 Review existing CMRA processes against regulatory expectations
🔹 Run file reviews to identify weaknesses in practice
🔹 Deliver look-back assessments to spot systemic risks
🔹 Provide remediation support that aligns your CMRAs with your FWRA and PCPs
Independent insight means you don’t just meet the regulator’s standard — you build confidence in your compliance culture.
Your Next Step
Book your Consultation
Client & Matter Risk Assessments are the granular proof of compliance. Regulators only need a sample to judge your entire firm.
👉 Contact Alexander Christian today to arrange a confidential discussion about your CMRA processes.
Because in AML compliance, the regulator is already watching.
Source & Credit:
Credit given to: SRA for their Guidance and Templates
Further Reading:
The SRA provides several resources to assist firms, including:
- SRA template client and matter risk assessment
- Client and matter risk assessment thematic review
- Firm-wide risk assessment guidance (updated September 2023)
- SRA webinar | Anti-money laundering: matter risk assessments
- SRA anti-money laundering annual report 2022-23
- Legal Sector Affinity guidance (2023)
- Professional Ethics helpline for further assistance.
Disclaimer
This post is not intended to be legal or regulatory advise. Nor is it intended to be construed as such. You must seek independent legal advice from a firm that undertakes such work for your individual circumstances.
Please note that SRA often overwrite their guidance, with their latest guidance, so the references in this post may become out of date, please ensure that you go to their website and social media sites for the latest information and guidance. We cannot warrant for accuracy or completeness.