Law Firm Compliance 2026 - Members' Virtual Conference

Introduction

Free to MBL members, this conference is designed specifically for smaller law firms seeking clear, practical guidance on the compliance challenges that will shape 2026. As regulatory responsibilities evolve and expectations increase around financial crime controls, data protection, corporate liability and the use of emerging technologies, firms need more than theory. They need realistic, proportionate steps they can implement straight away. The programme focuses on what smaller practices under 100 staff should be doing now to reduce risk, prepare for change and demonstrate robust governance, all delivered in a concise format that fits into a busy schedule. The event will be chaired by Peter Wright, bringing a practical, SME-focused perspective to the programme.

Conference Agenda

This 2.5 hour conference will cover the following:

10:00 - 10:35: Does AML Reform Spell the End of SRA Enforcement?

Amy Bell, Amy Bell Compliance Limited

The government has announced its intention to move supervision of AML of the legal sector to the FCA. This unexpected move needs a lot of thinking about and will take some time. In the meantime, many firms feel uncertain about the future.

In this session we will look at:

• Key differences between the legal and financial regulators approach to AML
• What we know about current plans - timing, SRA supervision until the change
• Where more clarity is needed - funding, interactions with the regulator
• Will there be double regulation?

By the end of this session, you will have an anticipated timeline of the changes, a list of practical steps to take now to prepare for the change, and key points about engaging with the SRA on AML in the meantime.

10:35 - 11:10: GDPR in Practice: What SME Law Firms Need to Get Right in 2026

Peter Wright, Solicitor & Managing Director, Digital Law

Data protection compliance remains a core regulatory risk for UK law firms, particularly for small and medium-sized practices handling high volumes of sensitive client data. This session will provide a concise, practical update on UK General Data Protection Regulation (“UK GDPR”), the new Data Use and Access Act 2025 (‘DUAA’) and UK data protection obligations, with a focus on areas most likely to attract regulatory scrutiny from both the ICO and the SRA.

Using real-world case studies drawn from law firms, the session will highlight common pitfalls and practical steps firms can take to strengthen compliance without unnecessary complexity or cost.

By the end of this session, attendees will be able to:

• Identify the most common data protection compliance gaps in SME law firms, including data retention, access controls, and use of third-party processors, illustrated through recent law-firm-focused case studies.
• Apply data protection compliance principles to everyday legal practice, using practical examples covering client onboarding, file management, remote working, and email security.
• Respond confidently to data breaches and subject access requests, understanding reporting thresholds, timescales, and how to evidence compliance through case study scenarios.
• Understand SRA expectations around data protection and information governance, including how data protection compliance supports duties under the SRA Principles and Codes of Conduct, and what the SRA looks for when issues arise.

Morning Break

11:20 - 11:55: Failure to Prevent and Changes to Corporate Legal Liability

Laurence Howland, Director, Buckles Solicitors LLP

The introduction in October 2023 of the Economic Crime and Corporate Transparency Act brought in a new corporate offence designed to hold companies responsible for fraud committed by its employees, contractors, and agents, as well as changes to some of the fundamental principles of corporate liability.

In this session, Laurence Howland will explain the significance of the new “failure to prevent” offence and how wider legislative changes bring growing risks for UK-based companies.

He will also explain what organisations need to do in order to avoid conviction and the significant associated financial penalties.

Learning outcomes:

• What is ‘failure to prevent’ and the new offence of failure to prevent fraud?
• Recent and proposed changes to the ‘identification doctrine’ and corporate liability
• How the legislation is likely to be applied and what you need to do about it

11:55 - 12:30: AI and Legal Practice: Compliance Issues

Jacob Turner, Fountain Court

In this session, Jacob Turner, a leading AI regulation barrister, will cover the key compliance issues arising from AI use by law firms. Jacob’s session will include a brief introduction to AI, the underlying technology and how it can go wrong, guidance from legal regulators on AI use and case studies of AI use in a legal context. The session will end with practical guidance as to how AI can be deployed in a legal context to maximise impact whilst minimising risk.

Learning outcomes:

• Understand what AI is, how it works and how it can malfunction
• Learn about regulatory guidance on AI use in the legal industry
• Discover practical tips for responsible AI use

Recording of live sessions: Soon after the Learn Live session has taken place you will be able to go back and access the recording - should you wish to revisit the material discussed.