What's New
GRC for Law Firms
Monthly Compliance Update - January 2026 (Webinar)
On the first Thursday of each month, Brian Rogers hosts a 45-minute compliance update webinar for the legal profession. These sessions have proven very popular with our clients, attracting over 5,000 registrants for the live broadcast. These update webinars focus on current and upcoming events within the legal regulatory space.
Topics Covered:
SRA facing negligence claim
COLP thematic review report
Transfer of AML supervision
Client account interest consultation
Mazur update
Live Broadcast: 08/01/2026
CPD Hours: 1.0 hours
Horizon Scanning 2026? (Webinar)
Get ahead of the curve with our annual look at what's coming in 2026. Brian Rogers and Almina Robinson examine the regulatory shifts, key dates, and strategic considerations every firm needs on their radar.
Topics Covered:
Interest in Lawyers' Client Accounts consultation - closing soon, don't miss the 1-month deadline
Mazur appeal hearing scheduled for 24 February 2026 - potential implications for your practice
SRA complaints rules consultation withdrawn - understanding the impact
Live Broadcast: 15/01/2026
CPD Hours: 1.0 hours
Policies & Precedents for Law Firms
Terms of Business (v2.10)
Updated to reflect increases in FSCS deposit protection limits effective 01.12.25, as confirmed by the Prudential Regulation Authority.
Key Changes:
Standard deposit protection limit increases from £85,000 to £120,000 per person, per authorised firm
Temporary high balance protection (covering life events including property transactions for up to six months) increases from £1,000,000 to £1,400,000
Banking section (10.2) updated with new limits
Why This Matters:
Law firms need to update their terms to reflect increased client money protection thresholds.
Financial Management Policy (v2.5)
Updated to ensure continued compliance with current regulatory requirements and reflect the outcome of the SRA's client money consultation.
Key Changes:
Reference to the SRA Financial Services Rules (effective 11 April 2025) incorporated
Clarification of the five-week client account reconciliation requirement with mandatory COFA or manager sign-off
New guidance on financial controls for remote and hybrid working arrangements
Expanded fraud prevention measures covering payment verification, segregation of duties where feasible, and protections against redirection fraud and cybercrime
Why This Matters:
Enhanced controls help firms protect client money in modern working environments and comply with updated SRA requirements.
Supervision Procedures (v2.5)
Comprehensive updates reflecting the Mazur case, remote working realities, and AI-assisted work requirements.
Key Changes:
New section on reserved activities and litigation conduct - only authorised individuals can conduct litigation and other reserved activities (Mazur v Charles Russell Speechlys, Sept 2025). Non-authorised staff limited to supporting roles. Task allocation decisions must be documented
Enhanced remote supervision section - including regular communication, workload monitoring, feedback, and addressing proximity bias
New section on AI-assisted work supervision – supervisors remain accountable for AI outputs and must verify accuracy, ensure staff competence, and oversee confidential use
Training section expanded to cover reserved activities, remote supervision, and AI oversight. Risk-based supervision arrangements must be documented
Why This Matters:
Critical compliance update following the Mazur case and ensuring firms properly supervise modern working methods including AI use.
Third Party Services Procedures (v2.2)
Enhanced third-party management requirements including updated cybersecurity standards.
Key Changes:
Evaluation of performance section enhanced to include specific metrics (quality, timeliness, responsiveness and compliance)
ISO 27001 certification updated - third parties now required to hold ISO 27001:2022 certification (or Cyber Essentials/Cyber Essentials Plus) as the 2013 standard is no longer valid
New sections on cybersecurity requirements (including incident response and cyber insurance), supply chain and subcontracting arrangements (requiring prior approval), and anti-money laundering obligations for relevant third parties
Why This Matters:
Strengthens firms' third-party risk management to meet current security and compliance standards.
Data Protection Policy (v2.4)
Updated to reflect Data Use and Access Act 2025 provisions and clarify DSAR requirements.
Key Changes:
DSAR section updated - guidance added on the "reasonable and proportionate" search requirement (Section 78 DUAA 2025), clarifying that disproportionate searches are not required and documenting the approach to search scope
Data Use and Access Act 2025 notes added outlining provisions current requirements and expected 2026 commencements to help firms prepare for upcoming changes
Why This Matters:
Helps firms manage DSARs appropriately and prepare for upcoming legislative changes.
Data Protection Policy Supporting Documents (v2.7)
Added forward-looking guidance on Data Use and Access Act 2025.
Key Changes:
Notes outlining provisions current requirements and expected 2026 commencements to help firms prepare for upcoming changes
Why This Matters:
Ensures firms can prepare for forthcoming data protection legislative changes.
Data Protection Breach Reporting Procedure (v2.3)
Updated to reference Data Use and Access Act 2025.
Key Changes:
Notes outlining provisions current requirements and expected 2026 commencements
Why This Matters:
Keeps breach response procedures aligned with evolving legislation.
File and Case Management Procedures Manual (v3.4)
Enhanced supervision documentation requirements and streamlined confidentiality guidance.
Key Changes:
New section clarifying that supervision activities should be appropriately recorded with examples. Reflects SRA Effective Supervision Guidance (December 2022) emphasising the need to demonstrate supervision is occurring
Confidentiality section streamlined - updated guidance on working away from the office
Why This Matters:
Helps firms demonstrate effective supervision to the SRA through proper documentation.
Client Care Policy (v3.4)
Enhanced to reflect modern client communication methods and security requirements.
Key Changes:
Communication response section enhanced with consolidated guidance on video calls, secure messaging platforms, and encrypted communications for sensitive matters, maintaining the established 24-hour response standard
New provisions address security protocols for video conferencing, client communication preferences, and appropriate use of secure communication methods based on matter sensitivity
Why This Matters:
Ensures client communication practices are secure and meet modern expectations while maintaining service standards.
Complaints and Reporting Policy (v3.4)
Light-touch update referencing regulatory developments.
Key Changes:
Note added referring to complaints handling being in flux due to recent SRA and LSB developments and recommending that firms keep the area under regular review to ensure continued compliance
Why This Matters:
Keeps firms alert to evolving complaints handling requirements.
Flexible, Remote and Hybrid Working Policy (v1.5)
Clarified flexible working procedures and enhanced remote working requirements.
Key Changes:
Clarified flexible working consultation procedures and right to appeal rights to align with Acas Code best practice
Made explicit the health and safety requirements for remote workers (DSE assessments, breaks, risk reviews)
Streamlined remote supervision sections to avoid duplication while maintaining all remote specific guidance
Added record-keeping requirement for supervision of junior staff
Updated remote working wellbeing guidance to focus on principles and support rather than prescriptive practice
Why This Matters:
Ensures firms' remote working arrangements comply with employment law and health & safety requirements.
Digital Identity Verification Process Policy (v1.4)
Updated to reflect UK Digital Identity and Attributes Trust Framework (DIATF) and HMLR Practice Guide updates.
Key Changes:
Policy now references the government's register of DIATF-certified providers and recommends prioritising certified providers when selecting identity check services
HMLR Practice Guide 81 was updated in June 2025, adding Section 5 which explains how to use digital identity verification when submitting applications to HMLR. New section added addressing how to document and confirm digital identity verification in HMLR applications
Enhanced due diligence guidance emphasises selecting DIATF-certified providers
Clarified that completing all four stages satisfies identification and verification requirements for Client Due Diligence checks under Money Laundering Regulations 2017
Why This Matters:
Helps firms use digital identity verification effectively and in compliance with HMLR and AML requirements.
Gifts Policy (v1.3)
Strengthened anti-bribery alignment and provided clearer guidance on borderline scenarios.
Key Changes:
Practical examples at three value thresholds (under £150, £150-£500, over £500) help staff quickly assess whether gifts are acceptable, require registration, or need approval
New decision-making framework provides three critical tests (intention, timing, transparency) to help assess borderline scenarios, with additional guidance on proportionality and relationship context
Enhanced guidance addresses high-risk scenarios involving public officials, politically exposed persons and opposing parties, reflecting specific Bribery Act 2010 offences
Why This Matters:
Clearer guidance reduces compliance risk by helping staff make better real-time decisions about accepting gifts.
SRA Transparency Rules Pack (v3.3)
Updated to reflect enforcement activity and best practice guidance.
Key Changes:
Reference to SRA enforcement action taken against firms for non-compliance
Signposting to SRA's updated pricing templates for best practice examples
Why This Matters:
Keeps firms informed of enforcement trends and current best practice for transparency compliance.
Additional P&P Maintenance Reviews
The following policies and documents have been reviewed and confirmed as current with no changes required:
Business Continuity Management Policy
Business Planning
Information Management & Security Policy
Information Management & Security Policy Supporting Documents
How Will This Be Made Available?
This release will be made available to relevant GRC for Law Firms and Policies & Precedents for Law Firms subscribers on November 13th 2025.
Retirements
The following content has been retired:
Monthly Compliance Update - January 2025 - Replaced with January 2026 edition
Horizon Scanning 2025 - Replaced with 2026 edition
What's Coming?
Next Release: 16th February 2026
CQS 2026 Training Courses - These courses will ensure conveyancing practitioners maintain compliance with the latest CQS protocol requirements and are approved by the Law Society of England and Wales.
Upcoming Releases:
26th March 2026 - Re-Design of Dealing with Suspicious Activity Reports (name change TBC)
Maintenance and updated content for Anti-Facilitating Tax Evasion for Law Firms, and PEPs and Sanctions.
Please note: Release dates are subject to change based on regulatory updates and production requirements.
Additional Information
We hope you enjoy this latest content release and if you have any queries, please take a look at our Access LMS Evo Help Centre.
If you would like to find out more information about our Legal Learning products or inquire on adding any of these products to your account you can find more information regarding this here.
Kind Regards,
Access Legal Learning Team