Reglo logoReglo
Firm-wide risk assessment

A risk assessment that
reflects your firm.

Generic, outdated firm-wide risk assessments are one of the most common SRA AML findings. Reglo keeps your FWRA aligned to your actual clients, services, jurisdictions, and delivery methods — and linked to the policies and controls it should drive.

30-min demo callHumans approve every change

A template firm-wide risk assessment that doesn't reflect your firm — or your controls — is a finding waiting to happen.

The SRA frequently finds FWRAs that are generic, not updated as clients, services, jurisdictions, or delivery methods change, and inconsistent with day-to-day controls, policies, and client files. The expectation is a genuinely risk-based framework, not a compliance document. Reglo keeps the FWRA current and connected to the policies and training it drives.

Who this is for

For whoever owns the FWRA

MLROs

Be able to explain how the firm identifies, assesses, and mitigates risk — with a FWRA that backs it up.

COLPs and risk leads

Keep the FWRA, policies, and controls telling one coherent, current story.

Department heads

Ensure higher-risk work and delivery methods are reflected, not averaged away.

How Reglo helps

From regulatory change to audit-ready

1

Map risk to your actual practice

Reflect your real client base, services, jurisdictions, and delivery methods — not a generic template — and keep it current as they change.

2

Link the FWRA to policies and controls

Connect each risk to the policies, procedures, and training meant to mitigate it — so the assessment drives the controls, not just describes them.

3

Keep it review-ready

Version history, approval records, and consistency checks mean the FWRA you submit reflects the firm's approved, current position.

What you get

What a credible FWRA looks like with Reglo

Specific, current, and aligned to your controls.

Specific to your firm

Built around your clients, services, jurisdictions, and delivery channels — not a downloaded template.

Kept up to date

Prompts and version control keep the FWRA current as your practice and risk profile change.

Aligned to policies

Each identified risk links to the policies, procedures, and training that mitigate it.

Consistent with files

Keep the FWRA, controls, and matter-level risk assessments coherent — the consistency the SRA tests for.

Common gaps firms discover too late

Why FWRAs attract SRA attention

Generic templates

An FWRA that could belong to any firm and doesn't reflect actual risk.

Out of date

Not updated for new clients, services, jurisdictions, or delivery methods.

Disconnected from controls

Inconsistency between the FWRA, day-to-day controls, policies, and client files.

Evidence Reglo helps you keep ready

Make your FWRA defensible

  • A current FWRA mapped to clients, services, jurisdictions, and delivery methods
  • Links from each risk to the policies and controls that mitigate it
  • Version history showing how the assessment has evolved
  • Approval records for each FWRA update
  • Alignment checks against policies and training
  • A clear trail connecting the FWRA to the rest of the framework

This replaces overhead — it doesn't need a new budget line.

Keeping an FWRA genuinely current and aligned usually means periodic consultant reviews and significant MLRO time. Reglo keeps it connected to your policies and controls year-round, reducing that recurring overhead.

  • Hours of policy admin, attestation chasing, and evidence assembly handed back to the firm — not a new headcount.
  • Typically less than the billable time firms lose to manual policy updates and audit preparation each month.
  • Guided onboarding: we migrate your policies and map your sources — no IT project, no six-month rollout.

Common questions

Why do generic firm-wide risk assessments create SRA risk?

The SRA expects a genuinely risk-based framework specific to your firm. A template FWRA that doesn't reflect your actual clients, services, jurisdictions, and delivery methods — or that contradicts your controls and files — is one of the most common findings.

How often should the FWRA be updated?

Whenever the firm's risk profile changes — new client types, services, jurisdictions, or delivery methods — and reviewed regularly besides. Reglo keeps version history and prompts so updates aren't missed.

Can Reglo write our firm-wide risk assessment for us?

Reglo helps structure, align, and keep the FWRA current and version-controlled, and links it to the policies it drives. The risk judgement remains with your MLRO and compliance team — AI drafts and organises; your team decides.

Related solutions

More for law firm compliance

AML compliance

AML policies, training, and attestations.

SRA AML inspection prep

Be ready before an inspection begins.

SRA desk-based review

Respond to document requests with confidence.

Source of funds evidence

Evidence SoF/SoW on the file.

Policy version control

Approved versions and timestamped audit trails.

MLRO & MLCO software

AML evidence, escalations, and review readiness.

See how Reglo would work for your firm

Book a demo and we'll show you how Reglo keeps your policies, training, attestations, and audit-ready evidence aligned — against your real compliance setup. Your team stays in control; humans approve every change.

30-min callNo commitment