Compliance Audit Checklist

Comprehensive Regulatory Compliance Assessment

─────────────────────────────────────

SRA | LAW SOCIETY | FCA

─────────────────────────────────────

Version 1.0 - January 2026

England and Wales

Audit Information

Firm Details

Firm Name: _______________________

SRA Firm Reference Number: _______________________

Registered Office Address: _______________________

Number of Offices: _______________________

Number of Partners/Directors: _______________________

Number of Solicitors: _______________________

Total Staff: _______________________

Practice Areas: _______________________

Key Personnel

COLP Name and SRA ID: _______________________

COFA Name and SRA ID: _______________________

MLRO Name: _______________________

MLCO (Board Level) Name: _______________________

Senior Partner/Managing Director: _______________________

Audit Details

Audit Date: _______________________

Auditor Name: _______________________

Audit Type (Internal/External): _______________________

Period Under Review: _______________________

Previous Audit Date: _______________________

Scoring Key

☐ = Not Assessed / Not Applicable

☑ = Compliant

= Partially Compliant / Requires Attention
= Non-Compliant / Immediate Action Required

Part 1: Sra Compliance

ℹ The SRA regulates solicitors and law firms in England and Wales. Compliance with SRA Standards and Regulations is mandatory.

1.1 SRA Principles Compliance

SRA Principles 2019 (updated 2025) - The fundamental ethical requirements

Principle 1: Rule of Law

☐ Firm does not act where doing so would undermine the rule of law

☐ Solicitors do not mislead courts or abuse court processes

☐ Firm complies with court orders and undertakings

☐ Proper procedures for dealing with undertakings

Evidence reviewed: _______________________

Principle 2: Public Trust and Confidence

☐ No conduct that would bring the profession into disrepute

☐ Honest and professional dealings with all parties

☐ No discrimination or harassment

☐ Proper handling of complaints

Findings: _______________________

Principle 3: Independence

☐ Independence from improper external pressure

☐ No referral fee arrangements that compromise independence

☐ Independence from client pressure to act improperly

☐ Proper conflicts management

Principle 4: Honesty

☐ All communications truthful and accurate

☐ No misleading statements to clients, courts, or third parties

☐ Honest fee estimates and billing

☐ Accurate regulatory returns

Principle 5: Integrity

☐ Ethical behaviour in all professional dealings

☐ Proper handling of client money

☐ No improper financial dealings

☐ Proper management of conflicts of interest

Principle 6: Equality, Diversity and Inclusion

☐ EDI policy in place and communicated

☐ Recruitment and promotion practices fair

☐ Reasonable adjustments made for disabled clients/staff

☐ No discrimination in service delivery

☐ EDI data collected and monitored

☐ Equality Act 2010 compliance confirmed

Principle 7: Best Interests of Clients

☐ Client interests prioritised (subject to Principles 1-2)

☐ Proper advice given even if not what client wants to hear

☐ No unnecessary delay

☐ Competent service provided

1.2 SRA Code of Conduct for Solicitors

SRA Code of Conduct for Solicitors, RELs, RFLs and RSLs

Maintaining Trust and Acting Fairly (Rules 1.1-1.4)

☐ Rule 1.1: Do not unfairly discriminate

☐ Rule 1.2: Do not abuse position for personal benefit

☐ Rule 1.3: Perform undertakings within agreed timescales

☐ Rule 1.4: Only act on proper instructions from authorised persons

Dispute Resolution and Proceedings (Rules 2.1-2.7)

☐ Rule 2.1: Do not misuse/tamper with evidence

☐ Rule 2.2: Do not seek to influence witnesses improperly

☐ Rule 2.4: Do not mislead the court

☐ Rule 2.5: Draw court's attention to relevant cases and statutes

☐ Rule 2.6: Comply with court orders

☐ Rule 2.7: Do not abuse court processes

Service and Competence (Rules 3.1-3.5)

☐ Rule 3.1: Only act where competent to do so

☐ Rule 3.2: Ensure service is competent and timely

☐ Rule 3.3: Maintain competence and knowledge

☐ Rule 3.4: Consider client attributes and circumstances

☐ Rule 3.5: Supervisor approval where required

Client Money and Assets (Rules 4.1-4.3)

☐ Rule 4.1: Proper safeguards for client money

☐ Rule 4.2: Proper safeguards for client assets

☐ Rule 4.3: Client money/assets not used for own benefit

Conflicts of Interest (Rules 6.1-6.2)

☐ Rule 6.1: Own interest conflict - do not act

☐ Rule 6.2: Current client conflict - do not act unless exceptions apply

☐ Written conflicts policy in place

☐ Conflict checks conducted on new matters

☐ Matters declined where conflicts cannot be managed

Client Identification and Information (Rules 8.1-8.11)

☐ Rule 8.1: Client identity established for all matters

☐ Rule 8.6: Clients given information to make informed decisions

☐ Rule 8.7: Best possible costs information provided

☐ Rule 8.9: Clients informed of right to complain

☐ Rule 8.10: Complaints procedure explained

☐ Rule 8.11: Legal Ombudsman details provided

1.3 SRA Code of Conduct for Firms

SRA Code of Conduct for Firms

Compliance and Business Systems (Rules 2.1-2.5)

☐ Rule 2.1: Effective governance structure

☐ Rule 2.2: Effective systems and controls

☐ Rule 2.3: Effective risk management

☐ Rule 2.4: Managers and employees competent and suitable

☐ Rule 2.5: Proper supervision of all staff

COLP and COFA (Rules 9.1-9.2)

☐ COLP designated and SRA approved

☐ COFA designated and SRA approved

☐ COLP has systems to identify compliance failures

☐ COLP remedies breaches promptly

☐ COFA ensures proper accounts procedures

☐ COLP/COFA report material breaches to SRA

☐ COLP/COFA have appropriate authority and resources

Information and Reporting to SRA (Rules 10.1-10.4)

☐ Cooperate with SRA investigations

☐ Report serious breaches to SRA promptly

☐ Provide information requested by SRA

☐ Do not attempt to prevent reporting

1.4 SRA Transparency Rules

SRA Transparency Rules 2018 (updated 2023)

Website Information - All Firms

☐ SRA digital badge displayed on website

☐ Badge links to SRA record

☐ Complaints procedure published

☐ Legal Ombudsman information provided (including 1-year time limit)

☐ SRA regulatory status stated

☐ Professional indemnity insurance details available

Price Information - Specified Services

ℹ Required for: Residential conveyancing, Probate (uncontested), Motoring offences, Employment tribunal, Immigration, Debt recovery (up to £100k), Licensing

☐ Total cost or average/range of costs published

☐ Basis for charges stated (fixed fee, hourly rate, etc.)

☐ Disbursements itemised or estimated

☐ VAT clearly stated

☐ Likely timescales provided

☐ Key stages of work explained

☐ Qualifications and experience of staff disclosed

1.5 SRA Accounts Rules

SRA Accounts Rules 2019

General Rules

☐ Client money kept separate from firm money

☐ Client money only in client account

☐ Client account properly designated

☐ Client money only used for client purposes

☐ Proper accounting records maintained

☐ Reconciliations performed at least every 5 weeks

☐ Client account bank letters on file

Client Account Operations

☐ Payments from client account properly authorised

☐ No payments from client account in excess of funds held

☐ Bills delivered before transfer to office account

☐ Client ledgers maintained for each client

☐ Third party managed accounts compliant

Interest and Residual Balances

☐ Interest policy in place and communicated

☐ Interest paid fairly to clients

☐ Residual balances returned promptly

☐ Small balance policy applied correctly

Accountant's Report

☐ Accountant's report obtained within 6 months of period end

☐ Report submitted to SRA if qualified

☐ Exemption from report properly claimed if applicable

Last report date: _______________________

Qualified/Unqualified: _______________________

1.6 Professional Indemnity Insurance

SRA Indemnity Insurance Rules 2023

☐ PII policy in force with qualifying insurer

☐ Minimum indemnity limits met:

Recognised Body: £2 million

Licensed Body: £1 million

Recognised Sole Practice: £500,000

☐ Aggregate limit adequate for firm's activities

☐ All areas of practice covered

☐ Run-off cover arrangements in place (if relevant)

Insurer: _______________________

Policy number: _______________________

Renewal date: _______________________

1.7 COLP and COFA Obligations

SRA Authorisation of Firms Rules - Rules 9.1, 9.2

COLP Checklist

☐ COLP designated and approved by SRA

☐ COLP has adequate seniority and authority

☐ COLP has appropriate resources

☐ COLP maintains register of compliance failures

☐ COLP ensures prompt remediation of breaches

☐ COLP reports material breaches to SRA

☐ COLP reports to management/board regularly

☐ COLP training and CPD up to date

☐ COLP oversees AML compliance (in coordination with MLRO)

COLP interview conducted: _______________________

COFA Checklist

☐ COFA designated and approved by SRA

☐ COFA has adequate seniority and authority

☐ COFA has appropriate resources

☐ COFA ensures Accounts Rules compliance

☐ COFA monitors client account activity

☐ COFA reviews reconciliations

☐ COFA reports material breaches to SRA

☐ COFA training and CPD up to date

☐ COFA monitors source of funds for client account receipts

☐ COFA liaises with MLRO on suspicious transactions

COFA interview conducted: _______________________

1.8 Competence and Supervision

SRA Competence Statement / Code of Conduct Rules 3 and 2.5

Individual Competence

☐ Competence assessed at recruitment

☐ Competence maintained through CPD

☐ CPD records maintained for all solicitors

☐ Specialist competence verified for specialist work

☐ Competence reviewed at appraisal

Supervision Arrangements

☐ Supervision policy in place

☐ All staff appropriately supervised

☐ Supervisors competent in supervised areas

☐ File reviews conducted regularly

☐ Trainee solicitors properly supervised

☐ Non-solicitor staff properly supervised

☐ Remote workers adequately supervised

☐ Supervision records maintained

1.9 Client Care and Service Standards

Code of Conduct Rules 3, 6, 8

Client Care Letters

☐ Client care letter issued at outset of matter

☐ Scope of work clearly defined

☐ Costs estimate or basis of charging explained

☐ Person responsible for matter identified

☐ Complaints procedure provided

☐ Legal Ombudsman details provided (including time limits)

☐ SRA contact details provided

☐ Regulatory status explained

☐ PII confirmation included

☐ Terms of business attached

☐ Data protection notice included

☐ Cancellation rights explained (if consumer client)

Vulnerable Client Provisions

SRA Code Rules 3.4 and 6.2 - Client attributes and circumstances

☐ Vulnerability assessment conducted

☐ Reasonable adjustments made

☐ Communication adapted to client needs

☐ Additional safeguards in place where required

☐ Capacity considerations documented

Part 2: Consumer Protection Compliance

ℹ Consumer protection legislation applies when acting for individuals outside their trade or business.

2.1 Consumer Rights Act 2015

Consumer Rights Act 2015 - Services to consumers

Service Standards

☐ Services performed with reasonable care and skill

☐ Service within agreed timescale

☐ Reasonable price if none agreed

☐ Information provided is binding

Unfair Terms Protection

☐ Terms of business reviewed for fairness

☐ No unfair terms in consumer contracts

☐ Key terms are prominent and transparent

☐ Consumer's statutory rights not excluded

2.2 Consumer Contracts Regulations 2013

Consumer Contracts (Information, Cancellation and Additional Charges) Regulations 2013

Distance/Off-Premises Contracts

☐ Pre-contract information provided

☐ 14-day cancellation right explained

☐ Model cancellation form provided

☐ If waiver of cancellation right, properly documented

☐ Durable medium confirmation provided

If not informed of cancellation right, period extends to 12 months + 14 days

2.3 Digital Markets, Competition and Consumers Act 2024

DMCCA 2024 - Enhanced consumer protection

Pricing Requirements

☐ All mandatory costs disclosed upfront

☐ No drip pricing (adding fees during transaction)

☐ Total price clearly stated at outset

☐ No hidden charges or fees

Consumer/Business Determination

☐ Consumer/business status determined at outset

☐ Status documented on file

☐ Appropriate protections applied

Part 3: Fca/aml Compliance

ℹ AML supervision is transitioning from SRA to FCA. Firms must comply with MLR 2017 and prepare for FCA supervision standards.

FCA to become Single Professional Services Supervisor (SPSS) for AML/CTF. Transition expected 2027. Begin preparation now.

3.1 Firm-Wide Risk Assessment

MLR 2017 Regulations 18 and 18A / LSAG 2025

Risk Assessment Existence and Quality

☐ Written firm-wide risk assessment (FWRA/PWRA) exists

☐ Risk assessment approved by senior management

☐ Risk assessment reviewed within last 12 months

☐ Review date and approver documented

FWRA date: _______________________

Last review date: _______________________

Risk Categories Covered

☐ Customer/client risk factors assessed

☐ Product/service risk factors assessed

☐ Delivery channel risk factors assessed

☐ Geographical risk factors assessed

☐ New products/services/technology assessed

☐ Transaction risk factors assessed

☐ Supply chain risk factors assessed (LSAG 2025)

Risk Assessment Quality

☐ Clear methodology documented

☐ Evidence base documented

☐ Risk ratings applied consistently

☐ Controls mapped to identified risks

☐ Residual risk assessed

☐ Actions identified for unacceptable risks

3.2 Customer Due Diligence (CDD)

MLR 2017 Regulations 27-30 / LSAG 2025 Part 1

CDD Policy and Procedures

☐ Written CDD policy exists

☐ CDD procedures documented

☐ CDD timing requirements understood (before acting)

☐ Staff trained on CDD requirements

Individual Client CDD

☐ Full name verified from photo ID

☐ Date of birth verified

☐ Residential address verified (document within 3 months)

☐ Electronic verification used appropriately

☐ Verification records retained

Sample files reviewed: _______________________

Corporate Client CDD

☐ Registered name and number verified

☐ Registered office verified

☐ Directors identified and verified

☐ Authorised signatories verified

☐ Authority to act confirmed (board resolution)

☐ Companies House searches conducted

☐ Confirmation statement within 14 days checked

3.3 Enhanced Due Diligence (EDD)

MLR 2017 Regulation 33 / LSAG 2025

EDD Triggers

☐ EDD policy documents triggers

☐ PEPs identified and EDD applied

☐ High-risk third countries identified and EDD applied

☐ Complex/unusual transactions flagged

☐ Higher-risk situations identified

EDD Measures Applied

☐ Senior management approval obtained

☐ Source of wealth established

☐ Source of funds established

☐ Additional verification measures applied

☐ Enhanced ongoing monitoring in place

☐ Shorter review periods set

☐ All EDD measures documented

3.4 Beneficial Ownership

MLR 2017 Regulations 5-6 / LSAG 2025 (>25% threshold)
LSAG 2025 change: Threshold changed from '25% or more' to 'MORE THAN 25%'

☐ Beneficial owners (>25%) identified for all corporate clients

☐ Ownership structure documented

☐ Complex structures investigated

☐ Nominee arrangements identified

☐ Where no BO identified, senior managing official verified

☐ Companies House PSC register checked

☐ Reasonable measures taken to verify BOs

3.5 Source of Funds and Source of Wealth

MLR 2017 / LSAG 2025 Part 1

Source of Funds

☐ Source of funds policy in place

☐ Source of funds identified for transactions

☐ Evidence obtained (bank statements, sale proceeds, etc.)

☐ Third party funding investigated

☐ Gift funding - giftor verified and source checked

☐ Loan funding - loan documentation obtained

☐ Complete audit trail maintained

Third Party Source of Funds (LSAG 2025)

☐ Third party identified

☐ Relationship to client understood

☐ Reason for contribution verified

☐ Third party ID verified (risk-proportionate)

☐ Third party source of funds verified

☐ Gift/loan documentation obtained

Source of Wealth (EDD)

☐ Source of wealth obtained for EDD clients

☐ Employment/business history documented

☐ Wealth accumulation explained and documented

☐ Consistency with client profile checked

3.6 PEP and Sanctions Screening

MLR 2017 Regulations 35-35B (PEPs) / SAMLA 2018 / Sanctions

PEP Screening

☐ PEP screening conducted on all clients

☐ PEP screening conducted on all beneficial owners

☐ Both foreign and domestic PEPs screened

☐ Family members and close associates considered

☐ Commercial PEP database used

☐ PEP screening results documented

☐ EDD applied to all identified PEPs

Screening provider: _______________________

Sanctions Screening

☐ Sanctions screening policy in place

☐ UK Sanctions List (OFSI) screening conducted

☐ UN sanctions lists screened

☐ EU sanctions lists screened (where relevant)

☐ US OFAC lists screened (where relevant)

☐ All parties to transactions screened

☐ Beneficial owners screened

☐ Screening conducted before acting

☐ Ongoing screening during relationship

☐ Screening results documented

☐ Match escalation procedures in place

Screening provider: _______________________

High-Risk Third Countries (FATF Lists)

☐ FATF Black List checked (DPRK, Iran, Myanmar)

☐ FATF Grey List checked regularly

☐ EDD mandatory for high-risk country connections

3.7 Property-Specific Requirements

☐ ROE checks conducted for overseas entity clients

☐ Overseas entity registration verified before property transactions

☐ Registered beneficial owners verified

☐ Non-compliance reported

Conveyancing AML

☐ All parties verified

☐ Source of deposit with complete audit trail

☐ Gift deposits - giftor verified and source checked

☐ Cash purchases - enhanced scrutiny applied

☐ Friday afternoon fraud procedures in place

3.8 Suspicious Activity Reporting

POCA 2002 / TA 2000 / MLR 2017

SAR Procedures

☐ SAR policy and procedures documented

☐ Staff trained on recognising suspicious activity

☐ Internal SAR escalation procedure in place

☐ MLRO decision-making documented

☐ External SARs filed with NCA when required

☐ Consent (DAML) obtained where required

☐ Tipping off prohibition understood

☐ Internal SAR register maintained

SAR Statistics

Internal SARs received (last 12 months): _______________________

External SARs filed (last 12 months): _______________________

Consent requests (last 12 months): _______________________

Matters declined due to suspicion: _______________________

3.9 MLRO/MLCO Governance

MLR 2017 Regulations 21 / LSAG 2025

MLRO Appointment and Authority

☐ MLRO formally appointed

☐ MLRO appointment notified to SRA

☐ MLRO has appropriate seniority

☐ MLRO has authority to make SAR decisions

☐ MLRO has adequate resources

☐ MLRO has adequate time allocation

☐ MLRO cannot be overruled on SAR decisions

☐ MLRO training and competence appropriate

MLRO name: _______________________

MLRO interview conducted: _______________________

MLCO (Board Level)

☐ MLCO appointed at board level

☐ MLCO understands AML responsibilities

☐ MLCO receives regular reports from MLRO

☐ Board receives AML reports

☐ Senior management engaged with AML

MLCO name: _______________________

MLRO Reporting

☐ MLRO produces regular reports

☐ Reports cover SAR activity

☐ Reports cover audit/review findings

☐ Reports cover training completion

☐ Reports cover regulatory developments

☐ Reports presented to senior management/board

Last report date: _______________________

3.10 AML Training

MLR 2017 Regulation 24

Training Programme

☐ AML training policy documented

☐ All relevant staff receive AML training

☐ Training provided at induction (within first week)

☐ Annual refresher training provided

☐ Role-specific training for fee earners

☐ Specialist training for MLRO

☐ Training updated for LSAG 2025 changes

☐ Training covers CDD/EDD/SARs/sanctions/tipping off

Training Records

☐ Training records maintained for all staff

☐ Training completion rates monitored

☐ Non-completion followed up

☐ Training effectiveness assessed

Completion rate: _______________________

3.11 Record Keeping

MLR 2017 Regulation 40

CDD Records

☐ CDD records retained for 5 years from end of relationship

☐ Copies of ID documents retained

☐ Verification evidence retained

☐ Risk assessments retained

☐ Records retrievable without undue delay

Transaction Records

☐ Transaction records retained for 5 years

☐ Supporting evidence retained

☐ Audit trail maintained

SAR Records

☐ Internal SAR records maintained

☐ SAR decision rationale documented

☐ Records retained securely

3.12 Economic Crime Levy

Finance Act 2022 / Economic Crime Levy

☐ ECL registration completed (if turnover >£10.2m)

☐ ECL payment made by deadline

☐ Exemption documented in PWRA (if below threshold)

3.13 FCA Transition Preparation

Preparing for Single Professional Services Supervisor

Gap Analysis

☐ Gap analysis against FCA expectations conducted

☐ Governance gaps identified

☐ Documentation gaps identified

☐ Process gaps identified

☐ Training gaps identified

☐ Remediation plan in place

Gap analysis date: _______________________

SMF17 Preparation (if applicable)

☐ MLRO assessed against FCA SMF17 criteria

☐ Training needs identified

☐ Experience and competency documented

☐ Time commitment adequate

☐ Prepared for potential FCA authorisation

Part 4: Law Society Compliance

ℹ The Law Society provides guidance, accreditation schemes, and best practice standards.

4.1 Practice Management Standards

Governance and Leadership

☐ Clear management structure documented

☐ Partnership/shareholder agreement in place

☐ Business plan current and reviewed annually

☐ Risk register maintained and reviewed

☐ Management meetings held regularly and minuted

Financial Management

☐ Financial reporting to management regular

☐ Budgets set and monitored

☐ Cash flow managed properly

☐ Credit control procedures effective

☐ WIP and lock-up monitored

4.2 Accreditation Schemes

Conveyancing Quality Scheme (CQS)

☐ CQS accreditation current (if applicable)

☐ CQS protocol followed for residential transactions

☐ CQS annual assessment completed

CQS membership number: _______________________

Other Quality Marks

☐ Wills and Inheritance Quality Scheme (WIQS) - if applicable

☐ Family Law Panel membership - if applicable

☐ Personal Injury Panel membership - if applicable

☐ Criminal Litigation Accreditation - if applicable

Accreditations held: _______________________

4.3 Professional Development

☐ CPD policy in place

☐ CPD records maintained for all qualified staff

☐ Specialist CPD completed for accredited areas

☐ Training needs identified and addressed

☐ Technical updates circulated to staff

Part 5: Cross-regulatory Requirements

5.1 Data Protection (GDPR/DPA 2018)

☐ Data protection policy current

☐ Privacy notice published on website

☐ Privacy notice provided to clients

☐ Lawful basis for processing established

☐ Subject access request procedures in place

☐ Data retention policy compliant

☐ Data breach procedures in place

☐ ICO registration current

☐ Staff trained on data protection

☐ Data processing agreements with suppliers

ICO registration number: _______________________

5.2 Complaints Handling

SRA Code for Firms Rule 7 / Legal Ombudsman scheme

☐ Complaints policy documented

☐ Complaints procedure published on website

☐ Complaints procedure provided to clients

☐ Complaints logged and tracked

☐ Complaints investigated within 8 weeks

☐ Outcomes communicated to complainants

☐ Legal Ombudsman signposted (1 year time limit, 6 years from act)

☐ Complaints data analysed for trends

☐ Learnings implemented

Complaints received (last 12 months): _______________________

Complaints referred to LeO: _______________________

5.3 Equality, Diversity and Inclusion

SRA Principle 6 / Equality Act 2010

☐ EDI policy in place

☐ EDI data collected (workforce)

☐ EDI data reported to SRA

☐ Recruitment procedures fair and unbiased

☐ Promotion procedures fair

☐ Reasonable adjustments policy in place

☐ EDI training provided

☐ Pay gap reporting (if applicable)

5.4 Information Security

☐ Information security policy in place

☐ Access controls implemented

☐ Encryption used for sensitive data

☐ Secure email available

☐ Password policy enforced

☐ Multi-factor authentication enabled

☐ Anti-malware protection current

☐ Patch management in place

☐ Security awareness training provided

☐ Cyber insurance in place

☐ Cyber Essentials certification (if applicable)

5.5 Business Continuity

☐ Business continuity plan documented

☐ Plan reviewed within last 12 months

☐ Key risks identified

☐ Recovery procedures documented

☐ Backup systems in place

☐ Alternative working arrangements planned

☐ Plan tested

☐ Staff aware of BCP procedures

Last BCP test date: _______________________

Part 6: Audit Summary and Action Plan

6.1 Compliance Summary

SRA Compliance Status

Overall SRA compliance rating (1-5): _______________________

Critical findings: _______________________

High-risk findings: _______________________

Medium-risk findings: _______________________

Consumer Protection Status

Overall consumer protection rating (1-5): _______________________

Key findings: _______________________

FCA/AML Compliance Status

Overall AML compliance rating (1-5): _______________________

Critical findings: _______________________

FCA readiness assessment: _______________________

6.2 Risk Register

Critical Risks Identified

Risk 1: _______________________

Risk 2: _______________________

Risk 3: _______________________

High Risks Identified

Risk 1: _______________________

Risk 2: _______________________

Risk 3: _______________________

6.3 Remediation Action Plan

Immediate Actions (0-30 days)

Action 1: _______________________

Owner: _______________________

Due date: _______________________

Short-Term Actions (1-3 months)

Action 1: _______________________

Owner: _______________________

Due date: _______________________

Medium-Term Actions (3-6 months)

Action 1: _______________________

Owner: _______________________

Due date: _______________________

6.4 Audit Sign-Off

Auditor name: _______________________

Auditor signature: _______________________

Date: _______________________

Reviewed by (Management): _______________________

Date: _______________________

Next audit due: _______________________

Appendix: Regulatory Reference Guide

SRA References

SRA Principles 2019 (as amended 2025)

SRA Code of Conduct for Solicitors, RELs, RFLs and RSLs

SRA Code of Conduct for Firms

SRA Accounts Rules 2019

SRA Transparency Rules 2018 (as amended)

SRA Authorisation of Individuals Regulations

SRA Authorisation of Firms Rules

SRA Indemnity Insurance Rules 2023

SRA Competence Statement

Consumer Protection References

Consumer Rights Act 2015

Consumer Contracts Regulations 2013

Digital Markets, Competition and Consumers Act 2024

Equality Act 2010

FCA/AML References

Money Laundering Regulations 2017 (as amended)

Proceeds of Crime Act 2002

Terrorism Act 2000

Sanctions and Anti-Money Laundering Act 2018

Economic Crime and Corporate Transparency Act 2023

LSAG Anti-Money Laundering Guidance 2025

FCA Financial Crime Guide

Key Websites

SRA: www.sra.org.uk

Law Society: www.lawsociety.org.uk

FCA: www.fca.org.uk

Legal Ombudsman: www.legalombudsman.org.uk

NCA: www.nationalcrimeagency.gov.uk

OFSI: www.gov.uk/ofsi

FATF: www.fatf-gafi.org

Audit Information​

Part 1: Sra Compliance​

Part 2: Consumer Protection Compliance​

Part 3: Fca/aml Compliance​

Part 4: Law Society Compliance​

Part 5: Cross-regulatory Requirements​

Part 6: Audit Summary and Action Plan​

Appendix: Regulatory Reference Guide​

Audit Information

Part 1: Sra Compliance

Part 2: Consumer Protection Compliance

Part 3: Fca/aml Compliance

Part 4: Law Society Compliance

Part 5: Cross-regulatory Requirements

Part 6: Audit Summary and Action Plan

Appendix: Regulatory Reference Guide