The NCA has just issued (November 2025) updated guidance relating to SARs (Suspicious Activity Reports) and DAMLs (Defence Against Money Laundering) & DATFs (defence against terrorist financing) to help reporters seeking a defence under POCA or TACT. Here is a link to the relevant page on the website for the UK Finance Intelligence unit - the part of the NCA respomnsible for receiving, analysing and disseminating intelligence submitted through the Suspicious Activity Reports (SARs) regime: https://www.nationalcrimeagency.gov.uk/what-we-do/crime-threats/money-laundering-and-illicit-finance/ukfiu
Please see the guidance here:
Help from Us with AML Compliance?
From the beginning of this month, October 2025, those holding & wishing to hold a Criminal Legal Aid contract MUST:
a) register with the ICO as a Data Controller
b) Appoint a Data Protection Supervisor or Data Protection Officer
c) Have in place compliant policies (see listed below)
d) Train all staff on Data Protection obligations and information risk awareness - initially now, any new staff as they join and an ANNUAL training plan to maintain the level of staff awareness of obligations with policies and procedures.
e) Review at least annually all data protection and information security policies
f) Conduct Data Protection Impact Assessments where appropriate of any new system or projects
g) Conduct staff screening to ensure reliability
h) Maintain Access Records - who has access to personal data with audit trails
i) Maintain Adequate Physical Security to premises housing personal data
j) Implement Controlled Disposal of Records
k) Have Cyber Essentials accreditation
Policies & Plans the LAA state that you MUST now have:
We have only listed above those items which are Mandatory. There are other recommendations which you can read in the full document. Here is a link to it: https://hunningsconsultancy.co.uk/wp-content/uploads/2025/10/Provider_Data_Security_Requirements_v5_October_2025.pdf
You know that your LAA Contract Manager will check for this in their audit.
Why are they doing this?
The LAA is, very belatedly, getting itself into line to be compliant with the Data Protection Legislation (click here for training on this legislation: https://hunningsconsultancy.co.uk/hcl-launches-cpd-training-courses-data-protection-compliance/). The LAA is Data Controller. Legal Aid firms are Data Providers and also Data Controllers under the UK GDPR. As such the LAA wants to make sure that firms doing Criminal Legal Aid work have taken every reasonable and appropriate measure to maintain the security of the data you will be processing on its behalf or shall be processing in common with the LAA. Notice that this rationale will logically extend to any firm doing Legal Aid work, so, inlcuding Civil Legal Aid. We believe that the LAA has focused on Criminal Legal Aid purely because of the new contract that started in October 2025. We believe that all other areas of Legal Aid will follow. The legislation and all other factors are the same.
How we can help you be compliant?
Contact Us
Fill in the form on the web page or [email protected]
It has long been our wish to provide short, to-the-point training courses that people may access at their convenience to upskill on the areas of compliance that we cover.
We are at last able to do so. We have started with Data Protection. AML to follow.
The course title has a link that takes you directly to the course where you may pay, watch the course, take the quiz (75% pass rate required) & download your certificate. They are short by design as feedback is that this is what busy people want. 10-20 minutes each. The price for each is £30+VAT – except for the 4-Pack (£100+VAT) which is 4 courses in a bundle, designed to cover the 4 core pieces of legislation that govern Data Protection in the UK – to give grounding in this for staff. (The courses are angled at lawyers, but Data Protection compliance applies across all sectors of work, so the training is of universal application.)
Contact us for a deal if you wish to bulk buy - buy more than 10 viewings.
Data Protection Compliance
| List of HCL on-line CPD Courses – click on the course name to gain access | |
| GDPR £30+VAT | 4 Pack of Data Protection [this includes the 4 courses to the left, designed to be the basic Data Protection training for staff] £100+VAT |
| DPA (Data Protection Act 2018) £30+VAT | |
| PECR (Pivatcy & Electronic Commmunications Regulations) £30+VAT | |
| DUAA (Data Use & Access Act) £30+VAT | |
| Data Breaches | |
| Data Protection Compliance Update £30+VAT | |
| Cyber Security Awareness Update £30+VAT | |
Feel free to let us know of other courses you would find it helpful if we could provide.
Further Data Protection Assistance
We have a team of experts in this area who regularly provide guidance & assistance in Data Protection compliance. They will review and draft documents, policies and procedures, help if you receive a SAR (Subject Access Request), help if you suffer a Data Breach, provide more in depth training. They also act as external Data Protection Officers for a number of businesses (in the UK and abroard). Contact us for more information by filling in the form below or email Ingemar Hunnings, our lead consultant at: [email protected].
On 21st October 2025 the government announced that the supervision of compliance with anti-money laundering and counter-terrorism financing (AML/CTF) requirements for the professions would be consolidated under one body - the FCA.
Currently the supervisory system is made up of three public sector supervisors - the Financial Conduct Authority (FCA), the Gambling Commission and His Majesty’s Revenue and Customs (HMRC) - and 22 private sector professional body supervisors (PBSs) who supervise the legal and accountancy sectors. These supervisors ensure firms comply with the Money Laundering Regulations (MLRs). They help firms understand their obligations and take enforcement action if the MLRs are breached.
Following a consultation the government has decided to move the supervisory responsibilities from those 22 organisations (including the SRA) together to one supervisory body - the FCA. They will supervise firms that carry out activities within scope of the Money Laundering Regulations as Legal Service Providers (LSPs), Accountancy Service Providers (ASPs), and Trust and Company Service Providers (TCSPs). In practice, this means that all firms currently supervised for AML/CTF matters by a PBS, and all ASPs and TCSPs supervised by HMRC will be supervised by the FCA. WE are not sure if this will include Estate Agents and Letting Agencies (which are mentioned in the government document). This will become clearer over time.
When will this happen? The government has stated:
"implementation of this policy is subject to the passage of enabling legislation, confirmation of funding arrangements, and development of a detailed transition and delivery plan. As such, the date at which the FCA will commence supervision of the professional services sector will be heavily dependent on the availability of parliamentary time. To prepare for this, we will publish a separate consultation on the powers that the supervisor should have in early November."
Typically a consultation will take 3 months. We shall see. Then time has to be found for legislation. A 'detailed transition and delivery plan' will have to be agreed. So, we do not expect this to happen soon. But it will happen. In the meantime, we recommend firms continue to abide by the SRA guidance.
Link to the government announcement: https://hunningsconsultancy.co.uk/wp-content/uploads/2025/10/AML-HM-Treasury-FCA-211025-.pdf
Help from Us with AML Compliance?
The decision of the High Court in late September in Mazur & Anor v Charles Russell Speechlys LLP [2025] EWHC 2341 (KB) has thrown into question who may conduct litigation. Can a paralegal, litigation executive, trainee, or CILEX Fellow without independent practice rights — conduct litigation under the supervision of a solicitor? Many litigation departments are structured on this basis. Costs were disallowed because someone who was not a qualified representative had signed particulars of claim in a debt recovery matter, despite them being head of department.
On 1st October 2025 the SRA issued a statement on this:
"Our view is that the judgment in the recent case of Julia Mazur & Ora v Charles Russell Speechlys LLP doesn't change the position in law.
Sheldon J said the Legal Services Act (LSA) makes it clear that only regulated individuals can conduct litigation as it’s a reserved legal activity. Non-authorised individuals can support litigation – as they do in other areas – but only an authorised individual, such as a solicitor, should be conducting litigation.
This is the position that we have reflected in our existing guidance on effective supervision, published in November 2022. In that guidance, we say:
'People who are not themselves authorised to conduct litigation can only support authorised individuals to conduct litigation, rather than conducting litigation themselves under the supervision of an authorised individual.'
There is a distinction between conducting litigation and supporting litigation, but the boundary between the two activities will depend on the facts. Being engaged (whether as an employee or other contractor) by an authorised person who is permitted to conduct reserved activities does not automatically confer a right to conduct litigation on an employee or contractor who is not authorised. They are permitted to support litigation under appropriate supervision, not to conduct it.
Our guidance addresses many aspects to consider when assessing appropriate supervision arrangements. The onus is on firms to satisfy themselves that they are complying with the LSA, and only authorised individuals are conducting litigation. We recommend you should be recording your decision-making around the approach you are taking (see 'Recording supervision arrangements' in the guidance)."
They have referred to their guidance on supervision arrangements: SRA | Effective supervision | Solicitors Regulation Authority
This part seems to be particularly relevant:
"Reserved legal activities - litigation
LSA 2007 makes no provision for unauthorised people to carry out litigation under supervision. Therefore people who are not themselves authorised to conduct litigation can only support authorised individuals to conduct litigation, rather than conducting litigation themselves under the supervision of an authorised individual.
In our view, the consequence of the LSA 2007 restrictions on litigation is that an unauthorised person who is supporting litigation must be employed in the same firm as the authorised person who is conducting the litigation, rather than somewhere else."
It will be for each firm to decide, but it seems to us that it would be wise that any could documents should be signed by the supervising solicitor.
20th October 2025 update: the SRA drew together here there relevant advice: https://www.sra.org.uk/home/hot-topics/conducting-litigation/
Aspiring solicitors looking to qualify through the SQE route are required to have a minimum of 2 years' full time equivalent Qualifying Work Experience (QWE) confirmed to the SRA by an SRA regulated solicitor (or a COLP). But - what does 'full time' mean?
Hitherto we had always understood that the SRA did not want to give guidance on this - preferring the solicitor to use their judgement in the circumstances.
However, when helping an aspiring solicitor recently, Ingemar saw the page she was to fill in on her mySRA profile to request the SRA website to request the solicitor to do the confirmation. There the SRA stated that it regarded full time to be at least 32 hours a week.
So, there you have it. Some clarity.
External Solicitor QWE Confirmation Service
Where you do not have a solicitor to confirm your QWE - we can help. Here is a link to the service: https://hunningsconsultancy.co.uk/qwe-external-confirming-solicitor-service-for-employers/ Or just fill in the form below. We have helped over 150 aspiring solicitors from all over the world with confirmeding or signing off their QWE to the SRA. Here is a link to a YouTube video with more info: https://www.youtube.com/watch?v=elyc0suQI18&t=11s
When will you be exempted from the QWE requirement, which forms part of the steps to be completed to qualify as a solicitor of England & Wales through the SQE route? Until recently we thought this was pretty clear: all qualified lawyers were automatically exempt.
However, recently we have learned that the approach of the SRA is more nuanced. It may be that people are talking about this from differing viewpoints. So, we have sought clarification from the SRA to get this clarified and nail this down.
In summary, although not quite using their wording, the situation is:
a) if you are qualified as a lawyer in any jurisdiction and take and pass the SQE1, you are automatically exempted from the QWE requirement
BUT
b) if you use a pass of the old LPC exam to obtain an exemption from the SQE1 exam, you will NOT be exempt from the QWE requirement, even if you are a qualified lawyer.
We have put below the initial clarification, then the further questions we put to the SRA and then the further clarification received from the SRA.
We hope this will be of help. Should you need assistance with confirmation or sign off of your QWE, for example if you do not have a solicitor or COLP in your organisation - then WE CAN HELP. Here is a link to our External Solicitor Confirmation Service: https://hunningsconsultancy.co.uk/external-qwe-certification-service-2/
Initial from the SRA to our enquiry:
Further questions we put to the SRA:
The SRA's further clarification:
The Ministry of Law has published a "Guide for Using Generative Artificial Intelligence in Legal Sector" for consultation (closing 30 September 2025).
The write that the purpose is "to set out general principles and good practices to encourage responsible, ethical and effective use of generative artificial intelligence (“GenAI”) in Singapore’s legal services sector. The aim is to support the legal services sector in harnessing the potential of GenAI, while being mindful of professional obligations in the delivery of legal services."
Here is a link to the document: https://hunningsconsultancy.co.uk/wp-content/uploads/2025/09/AI-Usage-Guide-Singapore-Min-of-Law-Guidance-Sept-2025.pdf
They see a real opportunity for AI to enhance the work of the legal sector. Good reading with diagrams & examples.
AI & Data Protection
Should you like to discuss the uise of AI with regard to Data Protection compliance - feel free to reach out (fill in the form below). We have consultants specialising in Data Protection compliance.
On 31st July 2025 the threshold amount for submitting a defence against money laundering (DAML) has been increased from £1,000 to £3,000. Certain conditions need to be met. See below:
In the context of the Proceeds of Crime Act 2002 (POCA), a DAML (Defence Against Money Laundering) is a mechanism that allows individuals and businesses to seek consent from the National Crime Agency (NCA) to proceed with transactions that might otherwise be prohibited under POCA due to concerns about handling criminal property. Essentially, a DAML is a request for "appropriate consent" from the NCA to avoid committing a money laundering offense when dealing with potentially tainted funds. The threshold is specifically designed to reduce low-value Suspicious Activity Reports (SARs) and streamline law enforcement efforts.
If you need help with AML & POCA:
AML & Sanctions Training: https://hunningsconsultancy.co.uk/aml-training-when-are-you-required-to-do-this/
Independent AML Audit: https://hunningsconsultancy.co.uk/independent-aml-audit/
Practice or Firm Wide Risk Assessment Review: https://hunningsconsultancy.co.uk/aml-review/
Help with an SRA AML Audit or inspection: https://hunningsconsultancy.co.uk/sra-audits-inspections-assistance/
The SRA published this report on 31st July. Suprisingly it is written so as to be realtively easy to read. We recommend that all owners snd compliance officers of law firms do so. Here is a link to the document: https://www.sra.org.uk/sra/research-publications/aml-risk-assessment/
The document sets out information on money laundering, terrorist financing and proliferation financing risk that we consider most relevant for firms the SRA supervise.
The SRA writes: "All firms that are within scope of the Regulations must comply with all the regulatory requirements. This includes taking appropriate steps to identify, assess and maintain a written record of their risk of being used for money laundering or terrorist financing.
Firms must have regard to this risk assessment, and any updates, when creating and maintaining their own written risk assessment as required by Regulations 18 and 18A of the Regulations, along with a comprehensive knowledge of their business and clients.
We may ask to see your firm's risk assessment."
The most common weaknesses we have observed included inadequate:
If you need help:
AML & Sanctions Training: https://hunningsconsultancy.co.uk/aml-training-when-are-you-required-to-do-this/
Independent AML Audit: https://hunningsconsultancy.co.uk/independent-aml-audit/
Practice or Firm Wide Risk Assessment Review: https://hunningsconsultancy.co.uk/aml-review/
Help with an SRA AML Audit or inspection: https://hunningsconsultancy.co.uk/sra-audits-inspections-assistance/
