Navigating the post-Mazur, FCA-led regulatory reset in UK legal services 

The UK legal sector is facing a wave of regulatory changes, driven by the recent Mazur judgment, the shift of AML supervision from the SRA to the FCA, and stricter anti-money laundering rules under Regulations 28 and 30A. At the same time, AI-driven complaints and Data Subject Access Request (DSAR) volatility are straining operational resilience. 

Together, these developments are forcing law firms across England and Wales to reassess long-standing assumptions about supervision, risk ownership and how legal work is delivered in practice. What previously sat in grey areas is now being tested more directly, increasing the importance of clear governance, documented decision-making and defensible operational structures. 

We recently held a roundtable event for senior leadership in legal compliance and this article explores key insights from those discussions, including why these changes matter and the potential risks they create.

What is the Mazur judgment? 

The Mazur judgment (September 2025) reaffirmed that conducting litigation is a reserved legal activity under the Legal Services Act 2007 (LSA), meaning it cannot be delegated to unauthorised individuals, even under supervision.  This interrupts a longstanding practice in which paralegals and CILEX members, without specific litigation rights, carried out formal litigation steps. 

The High Court decision in Mazur v Charles Russell Speechlys LLP has sharpened focus on how reserved legal activities, including the conduct of litigation and advocacy, are allocated within authorised firms. 

While the judgment clarifies the legal position, its real impact is being felt operationally, particularly in firms where historic working practices evolved faster than formal authorisation structures. 

Operational and talent impacts

The Mazur judgment is not just a legal technicality; it’s a structural shock for firms that relied on flexible resourcing models. The immediate fallout touches everything from case pipelines to billing forecasts. These include:

• Immediate redeployment risk for CILEX-qualified fee earners lacking litigation rights, with ripple effects across case pipelines, billing forecasts and client commitments. This includes chartered legal executives and other legal executives without practice rights, creating short-term resourcing gaps and pressure to reallocate work 
• Court-facing disruption, queries over Lawyer status, potential delays, costs disputes and system updates lagging behind reality. Increased scrutiny has highlighted where role clarity and authorisation records are not immediately evident 
• Legal services providers must ensure reserved acts, such as issuing proceedings and signing statements of case, are performed only by authorised individuals within an authorised firm, or via court-granted exemptions. 

Strategic response in the profession

In response, firms are walking a tightrope between urgent fixes and long-term resilience. The strategies emerging reflect a blend of pragmatism and foresight. These include:

• CILEX has secured permission to appeal and is fast-tracking standalone litigation rights through CILEX Regulation via portfolio and assessment routes, providing an essential bridge for continuity 
• Some firms are funding practising rights for affected staff, although this approach can be costly and carries retention risk 
• Firms are formalising supervision frameworks that clearly delineate reserved versus non-reserved activities, supported by updated training, controls and documentation

Anti-money laundering (AML) (Reg 28 and 30A)

Recent AML updates are shifting expectations away from procedural compliance towards demonstrable judgement and accountability.

Regulation 28 (customer due diligence)

Regulation 28 sets out the requirements for customer due diligence, including identifying clients, verifying beneficial ownership and assessing the level of money laundering risk associated with a matter.

In practice, this has led to:

• Heightened expectations on source-of-funds checks, especially third-party contributions 
• A move towards judgement-based risk assessments rather than generic enhanced due diligence triggers 
• Pooled Client Accounts (PCAs) assessed individually, with blanket assumptions no longer defensible

Regulation 30A (discrepancy reporting)

Regulation 30A requires firms to identify and report discrepancies in beneficial ownership information and to maintain appropriate records to support those disclosures.

This has resulted in:

•  Strengthened duties to report beneficial ownership discrepancies promptly and maintain audit trails 
• Extended checks against the Register of Overseas Entities for property-related matters

Implications for law firms

Together, Regulations 28 and 30A have implications for how law firms approach risk assessment, client onboarding and ongoing monitoring within their AML frameworks.

• Policies must demonstrate why a risk decision was made, not merely that a box was ticked 
• Auditability becomes central, with complete, contemporaneous records of risk scoring, rationale, escalation and monitoring 
• Technology is now an expectation, including sanctions screening and beneficial ownership verification, although human oversight remains essential

Among roundtable attendees, there was broad agreement that AML compliance is increasingly judged on narrative and evidence, not just technical adherence to process.

FCA oversight

The proposed transition of AML and counter-terrorist financing supervision to the Financial Conduct Authority (FCA) under the Single Professional Services Supervisor model marks a potential shift in how law firms are supervised. 

The aim is to streamline oversight across professional services providers and improve consistency in how money laundering and sanctions obligations are enforced across the legal sector. 

The Financial Conduct Authority’s supervisory approach differs from that of the Solicitors Regulation Authority,(SRA), raising questions about sector-specific understanding and the interaction between overlapping regulatory responsibilities. Even at this stage, many firms are assessing whether their AML frameworks, data and reporting would withstand a more FCA-style supervisory approach.

SRA repositioning

As its AML role reduces, in 2026 the Solicitors Regulation Authority is refocusing its regulatory priorities, including:

• A stronger emphasis on ethics within continuing professional development 
• Increased attention on AI adoption and its impact on legal practice 
• Rising operational pressure, reflected in higher AML fines and increasing volumes of misconduct reports

As regulatory focus shifts, this repositioning creates both pressure and opportunity for law firms. 

Opportunities for law firms, following SRA repositioning

As the SRA pivots towards ethics and technology, firms have a chance to turn regulatory pressure into strategic advantage. The most forward-looking opportunities lie in areas that strengthen trust and future-proof operations. These include:

• Use the SRA’s emphasis on ethics to refresh firm-wide ethical frameworks, particularly around client communications and transparency 
• Engage with consultations and guidance to help shape practical approaches to AI, DSAR handling and consumer protection

The AI and DSAR surge

AI has lowered the barrier for clients to submit formal complaints and broad DSARs, often aggressive yet imprecise. At the same time, transcription tools such as Teams and Zoom generate large volumes of personal data, expanding the scope of discovery, review and redaction. 

These trends are colliding most sharply at an operational level, particularly for teams already managing high volumes of sensitive data.

Operational consequences for law firms

The collision of AI-driven DSAR requests with strict statutory deadlines is creating a perfect storm for compliance teams. Beyond the sheer volume of data, firms face mounting cost pressures and heightened confidentiality risks that demand immediate attention. These include:

• Cost and timing pressure, as manual DSAR fulfilment is resource-intensive and subject to statutory deadlines 
• Privilege and confidentiality risks, where automated transcripts can capture sensitive or privileged material 
• Recruitment processes emerging as a DSAR hotspot, with emails and recordings increasing the volume of disclosable data

Smart responses to AI-driven DSAR pressure

In response to rising DSAR volumes and increased use of AI-enabled tools, firms are refining processes to manage risk, cost and regulatory compliance. These include:

• Deployment of AI-enabled DSAR platforms to support deduplication and redaction, while retaining human oversight as the final control 
• Implementation of transcription policies, including default-off settings for sensitive matters, time-bound retention and segregation of privileged material 
• Embedding of data minimisation by design across HR and recruitment workflows

Many firms view these measures not as innovation projects, but as essential controls to manage compliance and risk at scale.

A decisive regulatory reset for 2026

The post-Mazur landscape signals a decisive regulatory reset for legal services. With AML obligations tightened and changes in supervisory oversight on the horizon, law firms are navigating a convergence of regulatory, operational and technological challenges. 

For many, the priority is turning regulatory change into structured, sustainable practice that supports governance, talent strategy and long-term resilience, rather than reactive remediation.