Regulation and Compliance Office

Regulation and Compliance Office Helping law firms and regulated businesses navigate AML, compliance, and risk management with guidance.

Today marks the final implementation date for DUAA changes affecting how law firms handle cookies, complaints, and data ...
19/06/2026

Today marks the final implementation date for DUAA changes affecting how law firms handle cookies, complaints, and data requests.

If your website hasn't been reviewed since February 2026, there's a reasonable chance it's no longer compliant.

Many law firms are still operating websites with outdated cookie consent banners, no formal complaints procedure, or DSAR processes that don't meet the new standard.

Read our full DUAA guidance: https://bit.ly/4eT5Ks0

Estate agents operating in 2026 need AML controls that are inspection-ready. That doesn't mean over-complicated, but pra...
18/06/2026

Estate agents operating in 2026 need AML controls that are inspection-ready. That doesn't mean over-complicated, but practical, documented, and consistent.

If you want to reduce regulatory risk and stay ready for HMRC inspection, focus on these five areas (save this post).

Our team supports estate agents and other regulated businesses with AML compliance, from control reviews and documentation updates through to staff training and HMRC preparation.

Great feedback on a recent AML training session. Two hours, well-presented content, interactive delivery, and participan...
15/06/2026

Great feedback on a recent AML training session. Two hours, well-presented content, interactive delivery, and participants left with their compliance questions answered.

Congratulations to Dipesh Vaghela, Compliance Manager at RACO, for delivering engaging, practical AML training that resonates with participants.

Training that participants actually enjoy and find valuable is training that drives real compliance change.

For firms that reviewed their AI use policy and briefed staff in line with our team's earlier guidance, Rodney v Gee'z s...
12/06/2026

For firms that reviewed their AI use policy and briefed staff in line with our team's earlier guidance, Rodney v Gee'z should serve as confirmation that the right course has been taken.

The Rodney v Gee'z case has delivered a stark message, that if you haven't reviewed your AI use policy and briefed your staff, action is now critical.

Solicitors remain personally responsible for the accuracy of legal research, regardless of who conducts it. Statements of truth on documents containing AI-generated content carry significant personal regulatory risk. Open-source AI tools must never be used with client data under any circumstances.

Supervisors who fail to ensure their team understands AI risks may be treated as more culpable than the fee-earner who makes the error.

RACO's guidance on AI use has always been clear on these points. This case confirms why that guidance matters.

If your firm has not reviewed its AI use policy in line with RACO's guidance, briefed staff on AI risks, or verified your position on open-source vs closed-source tools, this must be actioned.

For firms on RACO's SRA Compliance Essentials or Risk & Compliance Management services, our team can support you with AI policy review, staff briefing, and verification of your current tool landscape.

Read our full guidance on what firms should be doing regarding generative AI use: https://bit.ly/43zhVUu

Regulated businesses hold vast amounts of sensitive material such as personal data, financial information, customer fund...
11/06/2026

Regulated businesses hold vast amounts of sensitive material such as personal data, financial information, customer funds, and transaction records.

This makes your sector one of the most heavily targeted in the UK and internationally.

RACO provides Cyber Essentials Application Services to regulated businesses, offering hands-on guidance throughout the process.

Read the full article to understand what Cyber Essentials means for your regulated business: https://bit.ly/4glhF2O

The CLC's new Ongoing Competence Code replaces the current CPD framework from 1 November 2026, and practices need to pre...
05/06/2026

The CLC's new Ongoing Competence Code replaces the current CPD framework from 1 November 2026, and practices need to prepare now.

Individual lawyers will be required to complete a minimum of eight ongoing competence activities per year, of which at least four will be assessed. Assessed activities can include formal training, peer feedback from senior colleagues, or written verification that learning has been understood and applied in practice.

Practices will need to report ongoing competence activity across key compliance personnel through a new Reporting of Ongoing Competence Return (ROCR) as part of licence renewal. There is no minimum number of activities for the practice itself, but learning and development must be recorded and reported as part of day-to-day governance and risk management.

Each CLC practice must designate a person responsible for reporting ongoing competence activity to the CLC by 31 October 2027.

Read the full article to understand what the new Code means for your CLC practice and what you need to prepare now: https://bit.ly/4e8Ufv6

The SRA has announced significant reforms to how law firms hold and report on client money.All firms holding client mone...
05/06/2026

The SRA has announced significant reforms to how law firms hold and report on client money.

All firms holding client money will soon be required to submit annual accountants' reports, whether qualified or not. Late or non-submission will carry fixed penalties.

Additionally, for larger or higher-risk firms, individuals who run the firm will no longer be able to oversee compliance as COLP and COFA.

🔗 Read the full article to learn more and connect with our team: https://bit.ly/3S2MRd9

HMRC is penalising regulated businesses for getting the AML basics wrong.Estate agents. Accountants. TCSPs. High-value d...
03/06/2026

HMRC is penalising regulated businesses for getting the AML basics wrong.

Estate agents. Accountants. TCSPs. High-value dealers. Across every sector, the same failures keep appearing in enforcement notices:

❌ Incomplete or outdated risk assessments

❌ Customer due diligence that doesn't work in practice

❌ Policies and procedures that don't match how the business actually operates

❌ Staff training that's missing or unrecorded

If you operate in a regulated sector, you need to know what HMRC is penalising in your industry and what you should be doing now.

Read the full article to understand sector-specific penalties and how to reduce your AML compliance risk: https://bit.ly/43c6GkQ

When we begin working with sole practitioners across conveyancing and Probate, we often see the same compliance gaps rep...
01/06/2026

When we begin working with sole practitioners across conveyancing and Probate, we often see the same compliance gaps repeatedly.

🔹First, firm-wide risk assessments that are either missing entirely or copied from templates that don't reflect how the practice actually operates. Your FWRA needs to assess your specific clients, services, and risks – not generic scenarios that could apply to any firm.

🔹Second, client and matter risk assessments that become tick-box exercises rather than meaningful evaluations. When you're managing the entire caseload yourself, it's easy to rush through customer due diligence. However, that's exactly when mistakes happen and regulatory exposure increases.

🔹Third, policies that exist on paper but aren't actually followed in practice. If your AML policy says one thing but you're doing something different day to day, you're exposed when the regulator reviews your files.

Sole practitioners don't have the luxury of delegating compliance to someone else. But you also don't need over-complicated systems designed for firms ten times your size.

You need practical, proportionate frameworks that work for how you actually run your practice. Follow our page and connect for more 🤝

Scottish law firms operate in an environment where sanctions compliance sits alongside AML obligations, client due dilig...
27/05/2026

Scottish law firms operate in an environment where sanctions compliance sits alongside AML obligations, client due diligence requirements, and increasingly complex geopolitical considerations.

With the Law Society of Scotland and FCA supervision both emphasising outcome-focused compliance, firms must demonstrate that their sanctions controls actually prevent breaches.

Every compliance officer and practice manager in Scottish law firms should review their sanctions screening processes, escalation procedures, training frequency, and breach reporting mechanisms against OFSI's guidance.

RACO provides sanctions compliance support to Scottish law firms, including control reviews, guidance on screening configuration, and training to ensure staff understand their obligations in practice.

Save this post and follow our page to stay updated with the latest compliance insights 📌

Address

Mary Sheridan House, 11-19 St Thomas Street
London
SE19RY

Opening Hours

Monday 9am - 5pm
Tuesday 9am - 5pm
Wednesday 9am - 5pm
Thursday 9am - 5pm
Friday 9am - 5pm

Telephone

+442039858550

Website

Alerts

Be the first to know and let us send you an email when Regulation and Compliance Office posts news and promotions. Your email address will not be used for any other purpose, and you can unsubscribe at any time.

Contact The Business

Send a message to Regulation and Compliance Office:

Shortcuts

Share

Category