Are Your Intake and Conflicts Processes Ready for the Next Wave of Scrutiny?

If you speak to compliance leads at law firms today, there is a common thread running through most conversations: regulatory inspections now carry a different weight. The questions go deeper, the documentation requests are more specific, and the assumption that a written policy is sufficient has quietly stopped holding up in practice.

The SRA’s 2024-25 AML Annual Report reinforces this shift. Proactive firm engagements nearly doubled year on year, enforcement actions are rising, and regulators on both sides of the Atlantic are no longer signalling intent. They are acting on it.

And when regulators take action, they often uncover the same weak point. Not strategy, not firm culture, but intake and conflicts: the moment a new client first walks through the door.

Having a compliance programme is no longer the question. Whether it holds up under close inspection, today and not next quarter, that is the real test.

The Numbers Are Hard to Ignore

Whether your firm operates in the UK, the US, or across both markets, the enforcement picture tells the same story.

Only 22% of inspected UK law firms were fully AML-compliant as per the SRA Annual Report 2023-24, meaning nearly 8 in 10 firms showed compliance gaps.
74 enforcement actions were taken by the SRA in the 2023-24 reporting year, nearly double the prior year’s total, as confirmed in Gherson LLP’s analysis of the SRA Annual Report.
UK regulators have also stepped up enforcement. In 2025, the London office of Simpson Thacher & Bartlett agreed to a £300,000 AML settlement after failing to maintain required risk assessments and compliant policies for several years. Similar cases have highlighted recurring issues across firms, including missing risk assessments, weak AML policies, and inadequate source-of-funds checks.
£148 million in suspected criminal proceeds was covered by the 19 SARs submitted by the SRA to the National Crime Agency during the 2024-25 reporting period, almost double the £75 million reported the prior year, per the SRA AML Annual Report 2024-25.
$3.8 billion in global AML fines were issued across financial and professional services in 2025, per Fenergo’s 2025 Annual Enforcement Report.

In the UK, nearly a third of firms inspected were labelled non-compliant. In the US, FinCEN set a record with a $1.3 billion penalty against TD Bank in October 2024, the largest ever against a depository institution in US Treasury and FinCEN history. These are no longer warnings. They are fines, enforcement actions, and licence consequences across both jurisdictions.

What a Regulator Actually Checks

When an inspector arrives, the areas of scrutiny tend to follow a consistent pattern across SRA, FCA, and FinCEN-related reviews. Based on published enforcement findings and regulatory guidance, four themes surface repeatedly.

The consistent finding is not that firms lack policies. It is that they cannot always prove those policies were followed consistently, for every client, with a clear audit trail. That is an intake problem.

Intake Is Where Risk Gets In

Every compliance gap has a starting point. Almost always, it is the intake window: that short moment when a new client or matter is first evaluated before work begins.

When that process runs on emails, spreadsheets, or disconnected systems, it is not the people who fail. It is the process. There is no automated trigger. No built-in prompt. Just a task that someone had to remember to do manually.

The gaps that commonly appear in regulatory inspections, reflected in the findings of the SRA’s 2024–25 AML Annual Report, include:

Client or matter risk assessments missing or incomplete at onboarding
Client identity not properly identified or independently verified
Inadequate identification of beneficial owners in corporate clients
Source-of-funds checks either missing or not properly scrutinized
Client due diligence steps not consistently documented or evidenced

These are not rare exceptions. In thousands of file reviews conducted by the regulator, firms were repeatedly found to be missing risk assessments, failing to verify client identity properly, or not carrying out sufficient source-of-funds checks.

That is why intake matters so much. It is the point where compliance controls are either triggered consistently or quietly bypassed before a matter even begins.

Conflicts Has a Compliance Dimension Now

Conflicts checking used to be primarily about ethics and professional conduct. It still is. But regulators increasingly treat an incomplete or undocumented conflicts process as a governance failure.

A manual search, checking a finance system to see whether an existing client appears as an adverse party, simply does not hold up anymore. Here is why:

It does not capture corporate family structures or subsidiary relationships.
It is often disconnected from wider client due diligence and risk screening processes.
It produces no reliable, retrievable audit trail.
It depends on every individual applying the process consistently, every time.

When a regulator asks how a specific client was onboarded and cleared, a spreadsheet printout will not answer that question.

Reactive compliance is no longer sufficient. Firms need proactive, documented controls applied consistently from the moment of first client contact.

What Good Technology Actually Does Here

Purpose-built risk and compliance platforms embed compliance directly into the workflow. They embed it into the process itself, from the first client interaction through to matter close.

In practical terms, this typically means:

Conflicts checks run against full corporate hierarchies, not just individual names. Screening against sanctions and politically exposed person lists can be integrated into the intake workflow, with searches and decisions logged for audit.
Intake forms adjust dynamically based on client and matter type. Where a higher-risk profile is identified, enhanced due diligence steps can be triggered automatically and AML risk scoring captured within the same system.
Monitoring continues beyond onboarding, supporting ongoing review across the life of the client or matter.

This is no longer limited to large global firms. Firms of many sizes are adopting structured intake and compliance platforms because regulators increasingly expect consistent processes, clear documentation, and a defensible audit trail.

What "Audit Ready" Actually Means

The term appears frequently in compliance discussions. In practice, audit readiness means one thing: if a regulator asks about a client or matter today, the firm produces clear answers supported by evidence.

Consider the questions regulators often raise during inspections.

Was this client screened against sanctions lists before the matter opened?
Who approved the conflict clearance, and when?
Was a CDD risk score calculated, and did it trigger enhanced due diligence?
If the matter was flagged high risk, what steps were taken and by whom?
Can each decision appear in a single documented audit trail?

These questions mirror the type of enquiries raised by supervisory bodies such as the SRA and other AML regulators during inspections. Firms with structured systems retrieve the information in minutes. Others spend days reconstructing records across emails, spreadsheets, and disconnected tools.

Audit readiness shows up in the way intake and conflicts processes are structured. The checklist below highlights practical controls regulators expect to see during reviews.

Good Compliance Pays for Itself

Compliance budgets often appear as a cost center with no direct return. Firms with mature compliance processes tend to view it differently because strong controls improve both risk management and daily operations.

Well-structured intake and conflicts workflows bring clear operational benefits:

Clients onboard faster because the process follows a defined workflow rather than scattered emails and follow ups.
Institutional relationships remain stronger because counterparties expect evidence of rigorous due diligence.
Regulatory inspections run smoother because documentation already exists instead of being rebuilt under pressure.
Future rule changes are easier to absorb because the compliance infrastructure already supports new requirements.

As noted in the Intapp AML/CTF compliance guide, firms that respond to regulatory change by strengthening client onboarding, risk assessment, and monitoring processes often improve operational efficiency alongside compliance.

You can explore this idea further in our blog From Intake to Insight: Turning Matter Intake into a GRC Control Point, which explains how structured intake processes support governance, risk management, and regulatory oversight.

Where Helm360 Fits In

Selecting the right technology is only part of the challenge. Making it work with your firm’s risk policies, matter types, and internal workflows requires careful implementation.

Helm360 is a partner of Intapp, supporting law firms with the implementation and optimization of technology used across finance, risk, and practice management environments.

Typical engagement areas include:

Implementation and consulting: Supporting project delivery, system implementation, and technical configuration of legal technology platforms.
System integration: Connecting Intapp platforms with financial and practice management systems such as Elite 3E, ProLaw, and Aderant.
Data migration and conversion: Migrating historical client and matter data during system upgrades or platform transitions while maintaining data integrity.
Quality assurance and automated testing: Validating implementations and upgrades through structured QA processes and automated testing.
Application managed services :Providing ongoing support and optimization for law firm systems.

Helm360 also maintains SOC2 and ISO 27001 certifications, supporting the security and governance standards many law firms expect from their technology partners.

Implement Intake and Compliance Technology That Works for Your Firm

If your firm is reviewing how intake, conflicts, and AML processes operate in practice, Helm360 helps implement and support technology aligned with your firm’s workflows and regulatory requirements.