Case Study: Why Australian Law Firms Must Train Staff in the New AML Regime

Background: Learning from Recent Compliance Failures

A recent professional training announcement in the UK highlights a serious compliance issue facing law firms working under anti-money-laundering (AML) regulations*. According to the Solicitors Regulation Authority (SRA), in a recent review of law firm files, 19% did not include a required client and matter risk assessment, and a further 12% contained ineffective assessments. This means that 31% of matters reviewed were either non-compliant or inadequately documented.

The SRA also reported that where firms failed to carry out appropriate risk assessments, they were often found to have wider shortcomings in AML compliance. In a single year (August 2024 to July 2025), firms were fined more than £950,000 for inadequate AML controls and documentation.

The UK example offers a clear warning: inadequate AML risk assessment practices expose law firms to regulatory sanctions and, more importantly, to the risk of facilitating financial crime.

What Firms in Australia Need to Know

Australia is introducing a new AML regime for the legal profession, significantly expanding obligations for law firms, lawyers, and support staff. Under this regime, firms will be required to undertake:

• Client risk assessments
• Matter risk assessments
• Customer due diligence (CDD) procedures
• Ongoing monitoring
• Source of funds and source of wealth checks

These processes are not optional; they form the backbone of a risk-based AML compliance framework. As observed in the UK example, failure to properly assess and document risk can lead to regulatory action and fines.

 What the UK Example Demonstrates

The UK experience shows several important points that are directly relevant to Australian firms:

1. Risk Assessments Aren’t Being Done Properly
   Even where regulations exist, firms frequently fail to perform the required risk assessment or do them poorly. This is usually not deliberate, but a result of insufficient training, unclear processes, and a lack of understanding of what good compliance looks like.Australian firms must anticipate similar gaps if staff aren’t trained on how to assess risk properly, both at client and matter levels.
2. Regulatory Authorities Take Compliance Seriously
   In the UK, regulators did not simply issue warnings, they imposed substantial fines on firms for AML failures.Under the new Australian regime, the Australian Transaction Reports and Analysis Centre (AUSTRAC) will be empowered to enforce compliance, including through sanctions or civil penalties.
3. Training Must Be Firm-Wide, Not Just for Compliance Officers
   The UK case emphasised that while ultimate responsibility sits with the firm’s compliance officers (MLRO/MLCO), everyone who works on a matter needs to understand risk assessment and AML controls, including fee earners and support staff.Australian firms must plan training programs that reach across all levels — from partners and senior lawyers to juniors and finance and administration staff.

Key Takeaways for Law Firms in Australia

1. New AML requirements are imminent and comprehensive.
   Australia’s AML reform will require firms to implement a range of compliance measures that go beyond traditional know-your-client checks.
2. Training is not optional — it’s essential for compliance.
   The UK example shows that even well-established firms can fall short without structured, recurring training and clear internal processes.
3. Poor compliance has real consequences.
   Fines and regulatory scrutiny in the UK demonstrate what can happen when firms fail to comply. Early training in risk assessment and AML processes will reduce regulatory, reputational, and operational risks.

Build AML Competency Now

The UK’s experience with client and matter risk assessments offers a practical lens for understanding why training, documentation, and a firm-wide AML mindset are crucial. Australian law firms should use this as a catalyst to begin, or accelerate, training programs that will support compliance under the new AML regime.

Without this preparation, firms risk exposure to regulatory sanctions, damage to reputation, and, at the most serious end, the potential facilitation of financial crime through inadequate procedures.

How GRC Solutions Can Help

GRC Solutions offers specialist eLearning programs tailored for law firms to meet the new Australian AML requirements. Our courses cover client and matter risk assessments, enhanced due diligence, ongoing monitoring, and reporting obligations. Designed for all levels of staff, from partners and senior lawyers to junior solicitors and administrative teams, the eLearning modules are interactive, practical, and scenario-based, ensuring staff not only understand the regulatory requirements but can apply them in day-to-day legal practice.

The Salt® Learning Management System (LMS) is designed to assist organisations manage their compliance training. With flexible online delivery, progress tracking, and the ability to align training with firm-specific policies and procedures, Salt® LMS helps law firms build a culture of compliance and confidently meet AUSTRAC expectations under the new AML regime. The system also offers CPD Point Collection, allowing firms to attach CPD points to AML training modules. Learners can complete their mandatory AML training while simultaneously earning and recording their CPD points in one streamlined system.

*Source: https://www.legalfutures.co.uk/associate-events/dg-legal-completing-client-and-matter-risk-assessments-course-3