The new shape of compliance in UK law firms and the hiring gaps it’s creating

Law firm compliance is no longer a background control function designed to “keep the regulator happy”. Over the last few years, it has become a central operational and reputational pillar and one that firms are increasingly expected to evidence as robust, scalable and commercially aware.

What we are seeing now is not just incremental change, but a broader evolution in how compliance functions are designed, embedded and resourced. In turn it’s prompting firms to rethink where specialist compliance recruiters can add value.

What’s evolving in law firm compliance

Compliance is moving from oversight to operational integration

Regulatory scrutiny has intensified rather than plateaued. Whether through the SRA’s expanding enforcement activity or the anticipated transition of AML supervision to the FCA, firms are operating in an environment where “good faith” is no longer enough.

At the same time, AML and sanctions risk has become more complex and more embedded in day-to-day work. Issues such as beneficial ownership, source of funds and sanctions exposure are no longer confined to specialist teams; they increasingly sit within mainstream transactional workflows.

As a result, compliance is no longer a separate control function. It is becoming part of how legal work gets done.

Growth is exposing the limits of traditional models

International expansion, lateral hiring and multi-jurisdictional client onboarding are placing pressure on UK-centric compliance frameworks.

Firms are balancing differing regulatory expectations, time zones, data sources and risk appetites, all while trying to deliver consistency across the business. This is exposing the limits of smaller, generalist teams and forcing more deliberate thinking around scalability.

How this is reshaping compliance team structures

Roles are becoming more specialised and process-driven

While structures still vary across law firms, there is increasing alignment around functional responsibilities rather than traditional hierarchies.

The MLRO or head of compliance remains central, but the role is shifting towards governance, regulator engagement and strategic oversight rather than hands-on operational delivery.

Beneath that, work is typically split into clearer areas of ownership:

• Conflicts and onboarding
• AML and CDD
• Compliance operations (systems, workflows, MI)
• Sanctions and financial crime advisory

The critical shift is from reporting lines to process accountability. Firms are asking where risk sits, where workflows break down, and who owns each stage of decision-making.

Centralised vs embedded models remain a live debate

There is no single “correct” model. Some firms are centralising compliance to drive consistency and control. Others are embedding capability within practice groups to improve responsiveness and commercial alignment.

Both approaches can work, but only where there is clarity around decision rights, escalation points and accountability. Without that, firms risk duplication, delay or gaps in control.

What this means for hiring and capability gaps

Demand for judgement-led AML and sanctions professionals

Firms are not just hiring for technical knowledge. They are looking for individuals who can make decisions, manage complexity and engage with regulators where required.

That capability sits at the intersection of legal understanding, financial crime expertise and operational thinking – and remains in short supply.

A shortage of compliance managers, not just specialists

Many teams have strong technical capability but lack individuals who can run operations, manage workflows and build scalable controls.

This often leads to senior leaders being drawn back into day-to-day execution, limiting their ability to operate strategically.

Interim hiring is filling gaps, not solving them

Interim compliance resource is increasingly used during periods of regulatory pressure or operational strain.

However, the pool of experienced interim professionals is limited. Those who can operate effectively at pace command a premium, making this an expensive and short-term solution rather than a scalable fix.

Where firms are getting it wrong

Overloading senior compliance leaders

In many firms, MLROs remain the default escalation point for issues that should sit elsewhere. This concentrates risk, slows decision-making and contributes to burnout at senior level.

Building reactively rather than by design

Headcount is often added in response to audits, regulatory pressure or internal issues, rather than as part of a long-term model.

The result is a function that works hard but lacks cohesion and struggles to scale.

Underestimating execution risk

Firms often invest in policy and senior hires, but underinvest in systems, workflows and mid-level capability.

In practice, compliance failures tend to occur not at the point of interpretation, but at the point of execution, where processes are unclear or capacity is stretched.

What this means for law firms now

Compliance functions are becoming more embedded, more operational and more strategically visible.

Firms that treat compliance as core infrastructure, alongside finance, risk and technology, are better positioned to support growth and manage regulatory change.

Those that do not are more likely to face recurring challenges: hiring difficulties, overextended leadership and increased exposure to risk.

The question is no longer whether to invest in compliance, but how to do so in a way that is structured, scalable and aligned to the needs of the business.