Compliance training in professional services: where HR protects the licence to practise

Compliance training in professional services: where HR protects the licence to practise

Professional services firms in accounting, legal, audit and advisory operate on trust. Clients pay for expertise, confidentiality and ethical conduct, and they pay a premium for it.

At the same time, regulatory expectations keep tightening, particularly around anti-money laundering, data protection and professional ethics. The Solicitors Regulation Authority (SRA), the Financial Reporting Council (FRC), the ICAEW, the Chamber of Advocates, the Malta Institute of Accountants, the FIAU, and the wider EU AML framework all sit in the same room as the partner team now.

For HR leaders, this creates a direct responsibility.

Is your workforce consistently trained to meet regulatory standards while maintaining the level of professional integrity clients expect?

Why compliance training in professional services needs a cultural focus

Professional services environments are knowledge-driven and client-focused:

• Employees handle sensitive client information, often material to litigation, deals or financial reporting
• Advice directly drives financial, tax and legal outcomes
• Reputation is built over years and can be lost in a week
• Regulatory scrutiny is continuous, not episodic
  
  

In this context, compliance training has to go beyond reciting rules. It has to shape professional judgement, ethical behaviour and decision-making under pressure. A junior fee-earner who freezes at a KYC red flag is a regulatory event waiting to happen.

The compliance areas HR cannot leave to chance

1. Anti-money laundering and client due diligence

AML sits at the centre of professional services compliance, and supervisors enforce it.

In the UK, the Money Laundering Regulations 2017 and the Proceeds of Crime Act 2002 apply. For legal firms, the SRA supervises and the Legal Sector Affinity Group (LSAG) Guidance is the operational handbook. For accountants, supervisory bodies include ICAEW, ICAS, ACCA, CIMA and the AAT, applying the CCAB Anti-Money Laundering Guidance.

In Malta, the Prevention of Money Laundering Act (Chapter 373) and the PMLFTR set the framework, with the FIAU as supervisor. The FIAU Implementing Procedures Part II for the Legal Profession and for Accountancy and Audit are the operational rulebook.

Across the EU, the new AML Regulation (Regulation (EU) 2024/1624) and the Anti-Money Laundering Authority (AMLA) in Frankfurt are reshaping the supervisory model that flows through to Maltese firms.

Employees should be trained on client onboarding, customer due diligence and enhanced due diligence, source of funds and source of wealth, ongoing monitoring, and reporting obligations to the NCA in the UK or the FIAU in Malta. Auren provides dedicated Anti-Money Laundering training for professional services firms covering UK and Maltese requirements.

Failure here results in regulatory fines, supervisory action and, in serious cases, loss of professional licence for individuals and firms.

2. Professional ethics and conduct

Ethical behaviour is the foundation of the licence to practise.

In the UK, the SRA Standards and Regulations 2019 and the SRA Codes of Conduct (for Solicitors and for Firms) apply to legal practice. For accountants, the ICAEW Code of Ethics, ICAS Code of Ethics, ACCA Code of Ethics and Conduct, and the FRC Ethical Standard for auditors all draw on the IFAC IESBA International Code of Ethics for Professional Accountants.

In Malta, the Chamber of Advocates Code of Ethics and Conduct applies to advocates, and the Accountancy Profession Act (Chapter 281) with the Accountancy Board governs accountants, again with the IESBA Code adopted through the MIA.

Training has to cover conflicts of interest, confidentiality, independence (particularly for auditors), and professional judgement in grey areas. Ethical failures sit on permanent records and follow individuals across firms.

3. Data protection and confidentiality

Client data in professional services is some of the most sensitive in any sector: litigation files, M&A drafts, tax positions, board minutes, personal financial information.

In the UK, UK GDPR and the Data Protection Act 2018 apply, with the ICO as regulator. In Malta, the Data Protection Act (Chapter 586) sits alongside EU GDPR with the IDPC as regulator. Professional legal privilege adds a further layer.

Employees should be trained to manage sensitive information, apply legal professional privilege correctly, follow GDPR requirements, handle subject access requests, and follow the 72-hour breach notification timeline. Data breaches in professional services damage client relationships immediately, and often end them. The patterns are similar in adjacent regulated sectors. Our guide on compliance training in financial services covers parallel issues.

4. Regulatory and professional body compliance

Most roles in professional services are governed by a regulator and a professional body, often both.

In the UK, that includes the SRA, BSB, FRC, ICAEW, ICAS, ACCA, CIMA, AAT, CILEx and CIPFA. Each has CPD requirements, conduct rules and registration obligations. The Senior Managers and Certification Regime (SMCR) reaches into financial-services-adjacent firms.

In Malta, the Chamber of Advocates, the Accountancy Board, the MIA and the MFSA where licensed work is in scope, all impose CPD, conduct and registration obligations.

Employees should be trained on their CPD obligations, registration status, professional indemnity insurance requirements, and the conduct rules that apply to their role and seniority. Failure to comply can result in disciplinary action, suspension of practising rights and personal sanctions.

The real cost of non-compliance

Non-compliance in professional services has consequences that travel:

• Regulatory sanctions and fines from the SRA, FRC, ICAEW, ICAS, ACCA, MIA, FIAU or other supervisors
• Loss of professional licences, individually and firm-wide
• Legal liability and civil disputes, often uninsured at the upper edge
• Loss of client trust and the referrals that depend on it
• Damage to firm reputation that affects recruitment, lateral hires and PI premiums
• Personal entries on regulatory registers that follow individuals through their career
  
  

In a sector where relationships and referrals drive growth, these risks directly affect long-term success.

What regulators expect today

Regulators expect firms to demonstrate a strong compliance culture, not produce a training matrix on demand. That means:

• Continuous training, refreshed against regulatory and ethical guidance changes
• Clear, documented policies
• Effective monitoring with audit trails
• Evidence that employees understand and apply requirements in practice
  
  

Compliance has to be embedded into how professionals work and make decisions, particularly under time pressure.

What HR leaders should do now

Deliver scenario-based and ethics-driven training. Real compliance moments do not arrive labelled. They show up as a client asking for an aggressive structure, a referrer offering an unusual fee arrangement, or a junior questioning a partner's call. Training should rehearse those moments, not just describe the rules.

Ensure continuous professional development. Compliance is not static. HR should track CPD obligations against the relevant body (SRA, ICAEW, ACCA, MIA, Chamber of Advocates) and align internal training to count where possible.

Align training with professional standards. Training should reflect the expectations of the relevant regulator and professional body, and reference them explicitly. It builds credibility internally and stands up to external review.

Strengthen internal controls and awareness. Every employee should understand internal policies, reporting mechanisms (including how to raise an SAR or escalate an independence threat), and the compliance procedures that apply to their work. Clear communication reduces risk and protects individuals.

Measure behaviour and compliance outcomes. Track the right signals: audit findings, near-miss reports, time to escalate a concern, SAR submission accuracy, and adherence to professional standards. Completion rates alone tell you very little.

Compliance as a competitive advantage

In professional services, compliance and reputation are tied together. Firms that invest in effective compliance training build stronger client relationships, retain talent, secure cleaner audits, and differentiate themselves with the type of client that buys on trust.

Compliance becomes a driver of long-term value, not a cost line.

HR as a guardian of professional integrity

Compliance in professional services is not only about meeting regulatory requirements. It is about maintaining trust, ensuring quality, and protecting the reputation of individuals and firms.

HR plays a central role in developing professionals who operate with integrity, competence and accountability when the room gets difficult.

Try this for free

If your compliance training does not influence how your professionals actually make decisions, it is not protecting your business.

Try our free course: https://www.aureninstitute.com/course/pay-transparency-in-the-eu-a-practical-guide-for-hr-leaders

Auren Institute. Compliance, Done Right.