After nearly a decade shaping AML policy as the SRA Director of AML, Colette Best has a unique view of today’s compliance landscape. Now Director of AML at Kingsley Napley, she advises firms on how to stay compliant amidst constant change, balancing regulatory demands with commercial realities. 

We caught up with Colette to discuss the findings from our recent ‘The state of compliance 2025’ report. In this Q&A, we explore her thoughts on the report’s data - and what it means for law firms moving forward. 

Q: The survey shows that 84% of firms have updated their AML processes in the past year, yet only 60% feel very confident they’re keeping pace. Why do you think that gap exists?

A: In my view, it’s a combination of both volume and velocity. There are more regulations than ever before, and new ones are coming into effect increasingly frequently. 

Whether it’s LSAG updates to ECCTA changes, many firms are struggling to triage everything that’s changing. It’s made worse when all you see on LinkedIn are posts saying, “You must implement this immediately,” which creates a sense of urgency that isn’t always warranted.

The reality is, not every piece of guidance needs to be acted on overnight. That’s why I recommend that firms I work with block out a review window - say, two weeks in August - for policy updates, unless something critical arises. 

That approach helps avoid constant policy churn. Too-frequent updates exhaust both compliance professionals and fee-earners, who need stability to do things properly.

I think the biggest challenge for firms is prioritising and having the confidence to say, 'Yes, this is important, but I'm going to schedule it for three months' time'. The chances are, you're in a good place anyway - you just need to do a few simple things and you'll be ready to go.

Q: Over half of firms told us they’ve responded to the Economic Crime and Corporate Transparency Act. But in practice, many aren’t directly in scope. Why the rush?

A: It’s the same phenomenon - a tendency to act first, clarify later. The ‘failure to prevent fraud’ offence, for example, only applies to large organisations under the Companies Act definition. Yet many smaller firms are already updating policies “just in case”. This is very sensible, but doesn’t need to be completed to the same deadline as the larger firms affected by the new requirements. 

There’s an entire industry built around amplifying risk and urgency. My message to firms is: stay calm, check whether the change truly applies to you, and plan proportionately. 

You’re more likely to stay compliant if you prioritise thoughtfully rather than react to every headline immediately.

Q: 64% of firms say source of funds and wealth checks are their top compliance priority, but only a minority plan to automate them over the next year. Why the hesitation?

A: I’m actually not overly surprised by this. For straightforward transactions, automation can work beautifully. But for complex structures - corporates, trusts, or clients in less transparent jurisdictions - firms still see these checks as manual, nuanced work.

The challenge is that many firms don’t realise how much the technology has moved on. If you last went to market for a due diligence provider two years ago, you’d be amazed at what’s now possible. 

The pace of innovation is as fast as the pace of regulation - and firms don’t always have time to keep up with both.

There’s also a bandwidth issue. Compliance teams are “running to stand still”. They’re so busy getting through daily work that finding time to explore better tools sometimes feels like a luxury.

Q: Only a fifth of firms report genuine collaboration between fee-earners and compliance teams. What’s needed to change that dynamic?

A: It’s one of the hardest problems to crack. I’m actually surprised the figure is as high as 20%. When I talk to firms or speak at roundtables, no one feels they’ve solved it.

Culture is key. You need tone from the top - senior leaders consistently showing that compliance matters. When that message comes from partners, not just the compliance team, it sets the right tone across the firm.

Training also plays a part, but it has to resonate. For some people, it’s about understanding their role in preventing crime. For others, it’s about knowing what happens if the SRA finds a file without proper checks. Both are valid motivators.

And then there’s communication. Having an open dialogue between central compliance teams and fee-earners makes a big difference. Technology can help - especially where it reduces back-and-forth - but ultimately it’s about partnership, not process.

Q: Two-thirds of firms say they’re stretched or under-resourced, while only 22% have fully integrated tech stacks. Do you think those issues are related?

A: They’re connected, but slightly different. When firms say they’re under-resourced, it’s not always about budget. Often, it’s about recruitment and retention. 

Compliance is a competitive market. Good people are hard to find, and even harder to keep. That constant churn can leave teams feeling permanently short-staffed.

The tooling issue is more structural. Many firms are running legacy systems that don’t talk to each other. In some cases, the partnership model itself can slow big tech investments - because the costs hit this year’s profit distribution. So firms end up layering new tools on top of old ones instead of integrating properly.

There’s also a confidence gap. Some firms don’t realise what integrated platforms can now deliver. But if compliance systems could reduce duplication and manual checks, that would free up the very capacity firms say they’re lacking.

Q: The report found that only 9% of compliance teams describe their onboarding as excellent, and 84% say compliance steps affect client satisfaction. What helps smooth that experience?

A: I think the most important thing is to manage expectations right from the start. 

At Kingsley Napley, we tell clients upfront that there’s a process we go through to onboard them. We also make it clear exactly what we’ll need, when, and why. That transparency makes a big difference.

Clarity matters too. Clients are far more patient when they understand why they’re being asked for certain information. The Law Society used to have a great leaflet called “Why is my solicitor asking for this?” - it really helped to humanise the process.

Of course, even the best systems add some friction. Due diligence takes time. The goal isn’t to remove it entirely, but to make it as smooth and flexible as possible. That means offering alternatives where possible - video verification, certified copies, open banking data - rather than insisting on a single route.

From what I’ve seen, the firms that get this right tend to manage expectations well, explain the rationale clearly, and use tech to take the sting out of the process.

Q: You’ve mentioned how competitive the market for compliance talent has become. Are you seeing the role itself evolve?

A: Definitely. When I started, there wasn’t really a defined career path in compliance. Now there is. You can come in as an analyst, move up through manager and senior manager roles, and build a genuine long-term career.

What’s also interesting is where people come from. Some join straight from university because they’re drawn to the investigative side. Others move from fee-earning after deciding they still want to work in law but without billing pressures. That mix of backgrounds brings real depth.

Sanctions expertise is one area that’s grown fast. When the Russia-Ukraine conflict began, there were almost no sanctions specialists in the market. Those with experience could essentially name their price. That demand has stayed high, showing just how strategically important compliance has become.

Q: Finally, what distinguishes firms that are really getting compliance right?

A: Two things stand out. First, strong communication between fee-earners and the compliance team. When that relationship works, everything else follows.

Second, visible leadership support. In firms where partners actively back compliance - not just in words, but in behaviour - everyone knows it’s taken seriously. That sense of accountability changes the culture.

Good compliance isn’t about ticking boxes or avoiding fines. It’s about running a firm that’s safe, consistent and trusted by its clients. The firms that understand that are the ones setting the pace.

Q. We’ve recently seen the announcement that AML supervision for lawyers will move the FCA. Any advice for firms?

A: This change will need a lot of legislation and Parliamentary time to implement, so nothing will happen overnight. In the meantime, the government has said that firms that are compliant under the current regime should be compliant under the new one. 

With that in mind, keep your focus on compliance with the current legislation (which will not change significantly) and guidance (which may change in due course). 

Final thoughts

Compliance might feel like a constantly evolving challenge - something you’re always striving for, but never sure you’ve achieved. 

That’s why Colette’s advice is so powerful. 

Take a measured approach, invest where it reduces friction, and make compliance a shared responsibility across the firm. If you do those three things, you’ll be on the right track. 

For a deeper look at how firms across the UK are managing compliance in 2025, read our latest report here: ‘The state of compliance 2025’.

‍