Source of funds not evidenced. Risk assessment missing. ID verification incomplete. These are the SRA's top three CDD findings.
Client due diligence failures are the most common deficiency in SRA AML inspections. The 2024-25 data shows: 162 reports of failure to perform risk assessments, 101 reports of missing source of funds checks, and 40 reports of failure to identify or verify clients. The SRA found that 16% of reviewed files had no risk assessment, a further 39% failed to effectively evaluate money laundering risk, and many firms' systems permitted receipt of funds without completed CDD — a critical control gap. Your agent doesn't replace your ID verification platform (SmartSearch, Thirdfort, Credas) but wraps around the entire CDD process: ensuring every element is complete before the matter progresses, flagging EDD triggers, and generating the CDD record the SRA expects to see on file.
What Your Agent Actually Does
Your agent checks that every element of client due diligence is complete before the matter progresses — catching the gaps that SRA inspections consistently find.
Checks CDD completeness before matter progression
ID verified? Beneficial ownership identified? Source of funds documented? Risk assessment completed? Your agent checks every CDD element against MLR 2017 requirements and prevents the matter from progressing until each one is satisfied. No more receiving funds without completed due diligence.
Flags enhanced due diligence triggers
PEPs, high-risk third countries (FATF call-to-action list), unusually complex or large transactions, clients with complex ownership structures — your agent identifies EDD triggers from the client and matter data, ensuring enhanced checks are conducted when required under Regulation 33.
Validates source of funds documentation
The SRA found source of funds is one of the most common failures — documents collected but not properly analysed, explanations that don't match actual fund origins. Your agent checks that SOF documentation is present, internally consistent, and matches the transaction value.
Generates compliant CDD records
Each client file should contain a documented CDD record showing: what checks were done, when, by whom, what was found, and the risk assessment conclusion. Your agent generates this record from the verification data, creating the audit trail the SRA expects.
Monitors ongoing CDD obligations
CDD isn't a one-off check — MLR 2017 requires ongoing monitoring throughout the retainer. Long-running matters, changed client circumstances, unusual transactions mid-matter — your agent flags when existing CDD needs refreshing.
The real numbers.
| ID verification platform subscriptions (SmartSearch, Thirdfort) | £1,500–£4,000/year |
| Fee earner time on CDD per matter (20-40 min) | £1,500–£3,000/year |
| SRA enforcement risk for CDD failures | Variable (fines from £658 to £114,000+) |
| Realistic annual cost | £3,000–£8,000 |
| Agent build (one-off, configured to your CDD workflow and platforms) | £2,500–£4,000 |
| Monthly running costs (hosting + AI usage) | £80–£150/month |
| MLR and LSAG regulatory updates | Included in first year |
| Realistic first-year total | £3,460–£5,800 |
CDD failures account for more SRA enforcement actions than any other single category. The problem isn't that firms don't try — it's that the process has multiple steps, each with specific requirements, and any gap becomes an enforcement risk.
Your agent ensures nothing is missed. It doesn't replace your ID verification platform — it wraps around your entire CDD process, checking completeness and generating the documented record the SRA expects to find on every file.
Good fit / not a fit.
This works brilliantly for:
- Conveyancing firms handling property transactions (highest AML risk category)
- Firms that have had SRA findings related to CDD on file reviews
- COLPs who suspect CDD quality varies between fee earners
- Firms using SmartSearch, Thirdfort, or Credas and wanting a compliance wrapper
This probably isn't for you if:
- Your firm is outside the scope of MLR 2017
- You have a dedicated compliance team managing CDD on every file
- You already have a robust CDD workflow with zero SRA findings
Let's talk.
We'll start with your current CDD process, which verification platform you use, and whether you've had any SRA findings on file reviews. Usually a 15-minute conversation.
hello@nimblecroft.com