Complaints Handling Policy and Client Complaints Procedure

 

Last Update: 02/03/2026

 

Purpose

1.1 This Compliance Management Policy establishes the governance framework through which AIO Legal Services ensures compliance with all applicable legal, regulatory, professional and ethical obligations arising from the provision of legal services. The Policy is designed to ensure that the Firm operates with integrity, independence and accountability while maintaining the highest standards of professional conduct, protecting client interests, promoting public confidence in legal services and fulfilling its obligations under the CILEx Regulation regulatory framework and all other applicable legislation.

1.2 This Policy forms a fundamental component of AIO Legal Services’ overall governance, compliance and risk management framework. It establishes the systems, controls and procedures through which the Firm identifies, manages, monitors and mitigates legal, regulatory, operational and professional risks, while promoting a culture of compliance, continuous improvement and ethical decision-making throughout the organisation.

1.3 This Policy applies to all directors, consultants, employees, contractors, trainees, temporary personnel, agency workers and any other individual engaged by or acting on behalf of AIO Legal Services, regardless of their role or location. Every individual is personally responsible for complying with this Policy, all applicable legal and regulatory requirements, the Firm’s internal policies and procedures, and any professional obligations relevant to their role.

1.4 Compliance is regarded as an ongoing responsibility rather than a one-time exercise. Accordingly, AIO Legal Services will regularly review and update its compliance arrangements to reflect changes in legislation, regulatory guidance, judicial decisions, professional standards, emerging risks, technological developments and the evolving nature of the Firm’s legal practice. Appropriate monitoring, auditing, reporting and training arrangements will be implemented to support continuous compliance and to ensure that any deficiencies are identified and addressed promptly.

1.5 This Policy should be read alongside the Firm’s other governance documents, including its Anti-Money Laundering Policy, Data Protection Policy, Privacy Policy, Complaints Handling Policy, Equality, Diversity and Inclusion Policy, Risk Management Policy, Terms of Service and all other internal compliance procedures adopted by AIO Legal Services. Together, these documents form an integrated compliance framework designed to support lawful, ethical and effective legal practice

Regulatory Commitment

2.1 AIO Legal Services is committed to conducting its business with integrity, independence, competence and professionalism, while maintaining full compliance with all applicable legal, regulatory and professional obligations. Regulatory compliance is embedded within the Firm’s governance framework and forms an essential part of its day-to-day operations, strategic decision-making and risk management processes.

The Firm is committed to complying with, and where appropriate exceeding, the requirements of:

the Legal Services Act 2007;

the CILEx Regulation Authorisation Rules;

the CILEx Code of Conduct and all applicable CILEx Regulation Rules, Guidance and Regulatory Arrangements;

the CILEx Accounts Rules, where applicable;

the Proceeds of Crime Act 2002, the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017, the Terrorism Act 2000, the Sanctions and Anti-Money Laundering Act 2018, and all other applicable anti-financial crime legislation;

the UK General Data Protection Regulation, the Data Protection Act 2018, the Privacy and Electronic Communications (EC Directive) Regulations 2003 and other applicable data protection and privacy legislation;

the Equality Act 2010 and all applicable equality, diversity and inclusion obligations;

applicable consumer protection legislation, including the Consumer Rights Act 2015 and the Consumer Contracts (Information, Cancellation and Additional Charges) Regulations 2013, where applicable;

all applicable professional indemnity insurance requirements;

health and safety legislation and employment legislation where applicable;

taxation, accounting, company law and corporate governance obligations relevant to the operation of the Firm; and

all other applicable legislation, regulatory requirements, professional rules, court rules, practice directions and guidance relevant to the legal services provided by AIO Legal Services.

2.2 The Firm recognises that regulatory compliance extends beyond compliance with legislation alone. It includes maintaining effective governance arrangements, robust internal controls, sound risk management, ethical decision-making, competent supervision, appropriate record keeping, continuous staff training and a culture that encourages openness, accountability and early reporting of compliance concerns.

2.3 AIO Legal Services is committed to maintaining systems and procedures that enable the prompt identification, assessment, management and resolution of compliance risks. Where regulatory breaches, control failures or non-compliance are identified, the Firm will investigate the circumstances promptly, implement appropriate remedial action, take reasonable steps to prevent recurrence and, where required, make timely notifications to the relevant regulatory or competent authority.

2.4 The directors, consultants, employees, contractors and all other individuals acting on behalf of AIO Legal Services share responsibility for maintaining compliance with this Policy and are expected to conduct themselves in a manner that upholds the reputation, integrity and professional standing of the Firm and the wider legal profession.

Compliance Objectives

3.1 The primary objectives of this Compliance Management Policy are to establish and maintain an effective compliance framework that enables AIO Legal Services to meet its legal, regulatory and professional obligations while promoting a culture of integrity, accountability and continuous improvement throughout the Firm.

3.2 To achieve these objectives, AIO Legal Services seeks to:

promote a culture of ethical behaviour, professional integrity, independence and accountability across all areas of the Firm;

ensure ongoing compliance with all applicable legal, regulatory, professional and contractual obligations;

safeguard the interests, rights and confidential information of clients while maintaining public confidence in the legal profession;

identify, assess, monitor and manage legal, regulatory, operational, financial, reputational and professional risks through proportionate and effective compliance controls;

prevent regulatory breaches, professional misconduct, financial crime, conflicts of interest, data protection failures and other compliance failures before they occur wherever reasonably practicable;

establish effective governance arrangements, internal controls and documented procedures to support lawful, consistent and transparent decision-making;

ensure that compliance concerns, regulatory breaches, complaints, incidents and near misses are identified, reported, investigated and resolved promptly, fairly and appropriately;

maintain effective systems of supervision, oversight, quality assurance and management review to ensure that legal services are delivered competently, consistently and in accordance with professional standards;

ensure that all directors, consultants, employees, contractors and other individuals acting on behalf of the Firm understand their individual compliance responsibilities and receive appropriate training, guidance and support;

promote a proactive approach to compliance by encouraging the early identification and reporting of risks without fear of retaliation, while maintaining appropriate confidentiality and professional standards;

maintain accurate records demonstrating the Firm’s compliance with applicable legal, regulatory and professional requirements and supporting effective audit, inspection and regulatory oversight;

foster a culture of continuous improvement through regular monitoring, internal audits, lessons learned, policy reviews and the implementation of corrective and preventative actions; and

protect the reputation, integrity and long-term sustainability of AIO Legal Services by ensuring that compliance remains an integral part of the Firm’s governance, business planning and operational decision-making processes.

The Firm recognises that effective compliance is a shared responsibility. Every individual acting on behalf of AIO Legal Services is expected to contribute actively to achieving these objectives by conducting themselves in accordance with applicable law, professional obligations, the Firm’s policies and procedures, and the highest standards of professional and ethical conduct.

Compliance Governance Structure

4.1 Governance Framework

AIO Legal Services operates a proportionate governance and compliance framework designed to ensure effective oversight of the Firm’s legal, regulatory, financial and operational obligations. The governance structure promotes accountability, transparency, ethical decision-making and effective risk management, while ensuring compliance with the Legal Services Act 2007, the CILEx Regulation regulatory framework and all other applicable legal and professional requirements.

The Firm’s governance arrangements are designed to:

maintain effective regulatory compliance and professional standards;

safeguard client interests and confidential information;

promote ethical behaviour and professional independence;

identify, assess and manage legal, regulatory, operational and financial risks;

ensure appropriate supervision of legal services;

maintain effective financial governance and internal controls;

support business continuity and operational resilience; and

ensure that regulatory concerns are identified, investigated and addressed promptly.

Ultimate responsibility for the governance of AIO Legal Services rests with the Firm’s Authorised Person.

4.2 Authorised Person

Ahmed Othman, CILEx Lawyer (CILEx Litigator) with authorised practice rights, is the sole Director and Authorised Person of AIO Legal Services. He retains overall responsibility for the strategic direction, governance, management and regulatory compliance of the Firm and is accountable for ensuring that AIO Legal Services operates in accordance with all applicable legal, regulatory and professional obligations.

The Authorised Person is responsible for, amongst other matters:

establishing and maintaining an effective governance, compliance and risk management framework;

ensuring compliance with the Legal Services Act 2007, CILEx Regulation requirements and all applicable legislation;

promoting a culture of integrity, ethical conduct, independence and regulatory compliance throughout the Firm;

ensuring that the Firm maintains appropriate policies, procedures, systems and internal controls;

overseeing legal, regulatory, operational, financial, cybersecurity and reputational risks affecting the Firm;

ensuring that appropriate resources are available to support compliance, supervision and risk management;

maintaining effective arrangements for client care, confidentiality, anti-money laundering compliance, data protection, complaints handling and conflicts of interest;

ensuring that all individuals acting on behalf of the Firm are appropriately supervised, trained and competent to perform their duties;

ensuring that material compliance issues, regulatory breaches and reportable events are investigated promptly and reported where required;

reviewing the effectiveness of the Firm’s governance arrangements and implementing continuous improvements where necessary; and

protecting the integrity, reputation and long-term sustainability of AIO Legal Services.

Although specific operational responsibilities may be delegated, the Authorised Person retains ultimate responsibility for ensuring that the Firm complies with all applicable legal, regulatory and professional obligations.

4.3 Compliance Manager for Practice Management (CPM)

The Compliance Manager for Practice Management (“CPM”) is responsible for overseeing the Firm’s operational and regulatory compliance arrangements and ensuring that legal services are delivered in accordance with applicable legislation, professional standards and internal policies.

The CPM’s responsibilities include:

monitoring ongoing compliance with the CILEx Regulation regulatory framework and all applicable professional obligations;

overseeing compliance with the Firm’s internal governance framework, policies and procedures;

promoting high standards of professional conduct, ethics and integrity throughout the Firm;

monitoring compliance with client care obligations, confidentiality requirements and professional duties;

overseeing the operation of the Firm’s complaints handling procedures and ensuring complaints are investigated and resolved appropriately;

monitoring conflicts of interest and ensuring appropriate conflict checking procedures are maintained;

reviewing legal, regulatory and operational risks affecting the Firm and recommending appropriate mitigation measures;

monitoring compliance with anti-money laundering, sanctions, data protection and information governance requirements in conjunction with other responsible persons where applicable;

overseeing regulatory reporting obligations and ensuring that reportable breaches, incidents and compliance failures are escalated where required;

maintaining and reviewing the Firm’s compliance policies, governance documents and operational procedures;

coordinating internal compliance reviews, audits and monitoring activities;

promoting staff awareness through compliance training and ongoing guidance; and

reporting significant compliance matters and emerging risks to the Authorised Person together with appropriate recommendations.

4.4 Compliance Manager for Accounts Management (CAM)

The Compliance Manager for Accounts Management (“CAM”) is responsible for overseeing the Firm’s financial governance arrangements and ensuring compliance with all applicable financial, accounting and regulatory requirements.

The CAM’s responsibilities include:

monitoring compliance with the applicable CILEx Accounts Rules and any other relevant financial regulations;

overseeing the Firm’s accounting systems, financial controls and internal financial governance arrangements;

ensuring that accurate accounting records are maintained in accordance with legal and regulatory requirements;

monitoring financial procedures, reconciliations, billing processes and financial reporting arrangements;

overseeing the safeguarding and proper management of any client money where applicable;

identifying and investigating financial irregularities, accounting deficiencies or control failures;

ensuring that any reportable financial breaches are promptly escalated and reported where required;

supporting compliance with taxation, financial reporting and corporate governance obligations;

maintaining appropriate financial records to facilitate audit, inspection and regulatory oversight;

reviewing financial risks affecting the Firm and recommending improvements to financial controls; and

working closely with the Authorised Person and other compliance functions to ensure effective financial governance across the Firm.

4.5 Combination of Compliance Functions

Where permitted by the CILEx Regulation Authorisation Rules and having regard to the size, structure and nature of the Firm, the roles of Compliance Manager for Practice Management and Compliance Manager for Accounts Management may be undertaken by the same individual.

Where a single individual performs both functions, AIO Legal Services shall ensure that appropriate systems of governance, oversight, internal control and independent review remain in place to enable each compliance function to be discharged effectively, objectively and in accordance with applicable legal and regulatory requirements.

The Firm shall keep its governance structure under regular review to ensure that it remains proportionate, effective and appropriate as the practice develops and as its regulatory obligations evolve.

Compliance Risk Management

5.1 AIO Legal Services adopts a proactive, risk-based approach to compliance management, recognising that the early identification, assessment and mitigation of compliance risks are essential to protecting clients, maintaining regulatory compliance and supporting the long-term success of the Firm. Compliance risk management is integrated into the Firm’s governance framework and forms part of its day-to-day operational and strategic decision-making processes.

5.2 The Firm is committed to identifying, assessing, monitoring, controlling and reviewing compliance risks on a continuous basis. Risk assessments are undertaken proportionately, taking into account the nature, complexity and scale of the Firm’s practice, the legal services provided, regulatory developments, emerging threats and the Firm’s overall risk appetite.

5.3 Compliance risks monitored by AIO Legal Services include, but are not limited to:

breaches of legislation, regulations or professional rules;

failures to comply with the CILEx Regulation regulatory framework;

client care failures and service quality deficiencies;

breaches of confidentiality or legal professional privilege;

personal data breaches and failures to comply with data protection legislation;

anti-money laundering, counter-terrorist financing and financial sanctions compliance failures;

fraud, financial crime and internal misconduct risks;

accounting, financial governance and financial management failures;

cybersecurity incidents, information security risks and technology failures;

conflicts of interest and professional independence risks;

professional negligence and civil liability risks;

litigation, regulatory investigations and disciplinary proceedings;

outsourcing and third-party supplier risks;

business continuity and operational resilience risks;

reputational risks arising from client matters, operational failures or regulatory action;

health and safety risks where applicable; and

any other legal, operational, financial or strategic risk capable of affecting the Firm, its clients or its regulatory obligations.

5.4 To support effective compliance risk management, AIO Legal Services maintains a comprehensive Risk Register which records the significant risks affecting the Firm together with:

the nature and source of each identified risk;

the likelihood and potential impact of the risk;

the existing control measures implemented by the Firm;

any additional mitigation measures required;

the individual responsible for monitoring the risk;

target dates for implementing corrective actions where appropriate; and

the current status and outcome of periodic risk reviews.

5.6 The Risk Register is reviewed regularly and updated whenever new risks emerge, material changes occur within the Firm, legislation or regulatory requirements change, significant incidents arise, or weaknesses in existing controls are identified. Risk assessments may also be undertaken following complaints, regulatory findings, internal audits, cybersecurity incidents, financial irregularities, data breaches or any other event capable of materially affecting the Firm’s compliance obligations.

5.7 Where a material compliance risk is identified, AIO Legal Services will take prompt and proportionate action to investigate the matter, implement appropriate corrective and preventative measures, allocate responsibility for remediation and monitor the effectiveness of those measures until the risk has been reduced to an acceptable level. Where required by law or regulation, the Firm will make appropriate notifications to the relevant regulator or competent authority.

5.8 Compliance risk management is regarded as a continuous process. The Firm regularly reviews its risk management framework, internal controls and governance arrangements to ensure that they remain effective, proportionate and responsive to changes in legislation, regulatory expectations, technological developments, cybersecurity threats and the evolving nature of the legal services provided by AIO Legal Services.

Monitoring and Review

6.1 AIO Legal Services maintains an ongoing compliance monitoring programme designed to assess the effectiveness of the Firm’s governance arrangements, internal controls, policies and procedures. Compliance monitoring forms an integral part of the Firm’s risk management framework and is intended to identify regulatory risks, control weaknesses, emerging issues and opportunities for continuous improvement before they result in regulatory breaches, client detriment or operational failures.

6.2 Compliance monitoring is conducted on a proportionate and risk-based basis, taking into account the size, nature and complexity of the Firm, the legal services provided, the level of regulatory risk presented by individual practice areas and any changes in legislation, professional standards or business operations.

6.3 The Firm’s monitoring activities may include, amongst other matters:

periodic reviews of client files to assess compliance with legal, regulatory, professional and internal procedural requirements;

review and analysis of client complaints, feedback and service quality issues to identify recurring themes and opportunities for improvement;

monitoring changes to legislation, case law, regulatory guidance, professional standards and industry best practice that may affect the Firm’s operations;

periodic review of anti-money laundering, counter-terrorist financing, sanctions compliance and customer due diligence procedures;

review of compliance with data protection legislation, confidentiality obligations and information security requirements;

assessment of conflict of interest procedures and the effectiveness of the Firm’s conflict management systems;

monitoring compliance with client care requirements, engagement procedures and professional conduct obligations;

periodic financial compliance reviews, including accounting procedures, financial controls and compliance with applicable regulatory requirements;

review of the adequacy and effectiveness of the Firm’s professional indemnity insurance arrangements and other appropriate insurance cover;

monitoring cybersecurity controls, information governance arrangements and business continuity procedures;

review of compliance training records, staff competence and ongoing professional development requirements;

monitoring the implementation and effectiveness of corrective and preventative actions arising from previous audits, incidents, complaints or regulatory findings; and

any additional monitoring activities considered necessary to maintain effective governance and regulatory compliance.

6.4 Compliance monitoring may be undertaken through scheduled reviews, thematic audits, management oversight, internal reporting, file sampling, incident analysis, risk assessments or other proportionate compliance assurance activities. Additional reviews may be conducted where material risks, regulatory concerns, complaints, significant incidents or legislative changes arise.

6.5 The results of all compliance monitoring activities shall be appropriately documented and, where necessary, incorporated into the Firm’s Risk Register, compliance records or management reports. Where deficiencies, control weaknesses or actual or potential regulatory breaches are identified, AIO Legal Services will promptly investigate the matter, determine the underlying causes, implement appropriate corrective and preventative measures, allocate responsibility for remedial actions and monitor their effectiveness until the issues have been satisfactorily resolved.

6.6 The Compliance Manager(s) and the Authorised Person shall periodically review the overall effectiveness of the Firm’s compliance monitoring programme to ensure that it remains proportionate, effective and responsive to changes in legislation, regulatory expectations, professional standards, emerging risks, technological developments and the evolving nature of the Firm’s legal practice. Lessons learned from monitoring activities, complaints, audits, incidents and regulatory developments shall be incorporated into the Firm’s policies, procedures, training programmes and governance arrangements to support a culture of continuous compliance and improvement.

Regulatory Breach Reporting

7.1 AIO Legal Services is committed to maintaining an open, transparent and proactive approach to regulatory compliance. The Firm recognises that the prompt identification, investigation and reporting of actual or suspected regulatory breaches are essential to protecting clients, maintaining public confidence in legal services and complying with its legal and regulatory obligations.

7.2 All directors, consultants, employees, contractors and any other individual acting on behalf of AIO Legal Services have a personal responsibility to report, without delay, any actual, suspected or potential breach of legal, regulatory, professional or internal compliance requirements of which they become aware. Reports should be made to the Compliance Manager for Practice Management (“CPM”) or, where appropriate, directly to the Authorised Person. No individual shall suffer any detriment for making a report in good faith, even where the concern is ultimately found not to constitute a regulatory breach.

7.3 Upon receiving a report, the Compliance Manager shall promptly:

acknowledge and record the reported concern;

undertake or coordinate an appropriate investigation into the circumstances surrounding the matter;

assess the nature, seriousness, impact and potential regulatory implications of the breach;

identify any immediate action necessary to protect clients, confidential information, client money (where applicable), the Firm or the public interest;

determine the root cause of the breach or control failure;

implement appropriate corrective and preventative measures designed to reduce the risk of recurrence;

maintain appropriate records of the investigation, findings, actions taken and lessons learned;

update the Firm’s Risk Register where appropriate; and

determine whether the matter constitutes a reportable event requiring notification to CILEx Regulation or any other competent authority.

7.4 Where a regulatory breach involves financial crime, data protection, information security, cyber incidents, professional misconduct, financial irregularities or any other specialist area, the Compliance Manager shall coordinate with the relevant responsible individual or external professional adviser to ensure that the matter is investigated appropriately and that all applicable legal and regulatory reporting obligations are satisfied.

7.5 Where required by law or regulation, AIO Legal Services will notify CILEx Regulation, the Information Commissioner’s Office, the National Crime Agency, the Office of Financial Sanctions Implementation or any other competent authority without undue delay and within any applicable statutory or regulatory time limits. The Firm will cooperate fully with any regulatory investigation, inspection or enquiry and will provide complete, accurate and timely information where required.

7.6 All regulatory breaches, whether reportable or not, shall be documented in the Firm’s compliance records together with details of the investigation, decisions reached, corrective actions implemented and any improvements made to the Firm’s governance, policies or procedures. Compliance trends and recurring issues shall be monitored as part of the Firm’s ongoing risk management and continuous improvement programme.

7.7 AIO Legal Services recognises that the objective of regulatory breach reporting is not solely to satisfy reporting obligations but also to strengthen the Firm’s governance framework, improve compliance systems and promote a culture of openness, accountability, continuous learning and regulatory excellence.

Complaints Management

8.1 AIO Legal Services recognises that effective complaints management is an essential component of good governance, client care and regulatory compliance. The Firm is committed to handling all complaints fairly, independently, promptly and professionally, with the objective of achieving an appropriate resolution while identifying opportunities to improve the quality of its legal services, internal controls and overall client experience.

8.2 The Firm maintains a documented Complaints Handling Policy and Client Complaints Procedure which establishes clear processes for the receipt, investigation, management and resolution of complaints in accordance with applicable legal, regulatory and professional requirements.

8.3 The Firm’s complaints management framework is designed to ensure that every complaint is:

acknowledged promptly and handled courteously and professionally;

investigated fairly, impartially and objectively by an appropriately authorised individual who has not been directly involved in the subject matter of the complaint where reasonably practicable;

assessed on its individual merits, taking into account all relevant evidence, applicable legal and regulatory requirements, and the circumstances of the matter;

resolved efficiently, transparently and within the timescales established by the Firm’s Complaints Handling Policy and any applicable regulatory requirements;

communicated clearly to the complainant, including the reasons for any decision reached and details of any available rights of review or escalation;

recorded securely and confidentially within the Firm’s complaints management records; and

monitored to identify recurring issues, systemic weaknesses, emerging risks and opportunities for service improvement.

8.4 Complaints may arise from clients, prospective clients, former clients, regulators, third parties or any individual affected by the Firm’s services or conduct. All complaints shall be treated seriously regardless of their nature, complexity or perceived significance.

8.5 Where a complaint indicates the existence of a regulatory breach, professional misconduct, financial irregularity, data protection incident, conflict of interest, anti-money laundering concern or other compliance issue, the matter shall be referred promptly to the appropriate Compliance Manager and the Authorised Person for further investigation and, where necessary, appropriate regulatory reporting.

8.6 Complaint records shall be reviewed periodically as part of the Firm’s compliance monitoring and risk management programme to identify trends, recurring themes, root causes and opportunities to strengthen governance, policies, procedures, supervision and staff training. Lessons learned from complaints shall, where appropriate, be incorporated into the Firm’s risk assessments, compliance reviews and continuous improvement initiatives.

8.7 The handling of complaints shall be conducted confidentially and in accordance with applicable data protection legislation, legal professional privilege, duties of confidentiality and the Firm’s internal governance policies. All complaint records shall be retained in accordance with the Firm’s Records Management Policy and any applicable legal, regulatory and professional retention requirements.

8.8 AIO Legal Services regards complaints not only as an opportunity to resolve individual concerns but also as a valuable mechanism for strengthening regulatory compliance, improving service quality, reducing operational risk and maintaining the confidence of clients, regulators and the wider public.

Anti-Money Laundering Compliance

9.1 AIO Legal Services is committed to maintaining effective systems and controls to prevent the Firm from being used to facilitate money laundering, terrorist financing, proliferation financing, sanctions evasion or any other form of financial crime. The Firm adopts a risk-based approach to anti-money laundering (“AML”) compliance and maintains comprehensive Anti-Money Laundering, Counter-Terrorist Financing and Financial Sanctions policies and procedures that comply with applicable legislation, regulatory requirements and recognised best practice.

9.2 The Firm’s AML framework is designed to ensure compliance with the Proceeds of Crime Act 2002, the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017, the Terrorism Act 2000, the Sanctions and Anti-Money Laundering Act 2018 and all other applicable legal, regulatory and professional obligations.

9.3 To achieve these objectives, AIO Legal Services shall:

undertake firm-wide and matter-specific money laundering and financial crime risk assessments;

conduct customer due diligence (“CDD”), enhanced due diligence (“EDD”) and ongoing monitoring where required by law or the Firm’s risk assessment;

verify the identity of clients, beneficial owners, authorised representatives and other relevant persons using appropriate documentary, electronic or other reliable verification methods;

obtain and assess information relating to the source of funds, source of wealth and the purpose and intended nature of the business relationship where required;

undertake sanctions screening, politically exposed person (“PEP”) screening and adverse media screening where appropriate;

monitor transactions, instructions and client activity, where applicable, to identify unusual, suspicious or high-risk activity;

maintain appropriate customer due diligence records, risk assessments, screening results and compliance documentation in accordance with applicable legal and regulatory retention requirements;

provide ongoing AML, financial sanctions and financial crime training to all relevant personnel;

maintain effective internal reporting procedures for suspicious activity and ensure that concerns are escalated promptly to the appropriate Compliance Manager or nominated individual;

submit Suspicious Activity Reports (“SARs”), Defence Against Money Laundering (“DAML”) requests or any other reports required by law to the appropriate competent authority where the relevant legal threshold is met;

cooperate fully with law enforcement agencies, regulators and other competent authorities where disclosure is required or authorised by law; and

review and strengthen AML controls continuously in response to legislative changes, regulatory guidance, emerging financial crime risks and lessons learned from internal monitoring and external developments.

9.4 No legal matter shall be accepted or continued where AIO Legal Services is unable to complete the customer due diligence required by law or where continuing to act would expose the Firm to unacceptable legal, regulatory or financial crime risk. The Firm reserves the right to refuse instructions, suspend work or terminate its engagement where customer due diligence cannot be satisfactorily completed, where misleading or incomplete information has been provided, or where continuing to act would be inconsistent with its legal or regulatory obligations.

9.5 The Firm recognises that effective anti-money laundering compliance is a continuous process. Accordingly, its AML policies, procedures, risk assessments and internal controls shall be monitored and reviewed regularly to ensure that they remain effective, proportionate and fully compliant with evolving legislation, regulatory expectations, financial sanctions requirements and recognised best practice. Where deficiencies are identified, appropriate corrective and preventative measures shall be implemented without undue delay to strengthen the Firm’s financial crime compliance framework.

Data Protection and Information Security

10.1 AIO Legal Services is committed to protecting the confidentiality, integrity, availability and security of personal data, confidential information and all information assets entrusted to the Firm. Effective data protection and information security are fundamental to maintaining client confidence, complying with legal and regulatory obligations and protecting the Firm from legal, financial, operational and reputational risks.

10.2 The Firm maintains a comprehensive information governance framework designed to ensure compliance with the UK General Data Protection Regulation, the Data Protection Act 2018, the Privacy and Electronic Communications (EC Directive) Regulations 2003 and all other applicable legal, regulatory and professional requirements relating to data protection, confidentiality and information security.

10.3 To safeguard personal data and confidential information, AIO Legal Services shall implement and maintain appropriate technical, organisational and physical security measures, including:

secure electronic and physical storage of confidential information and client files;

role-based access controls to ensure that information is accessible only to authorised individuals with a legitimate business need;

secure document management systems, encryption, password protection, multi-factor authentication and other appropriate cybersecurity safeguards;

network security controls, malware protection, firewalls, vulnerability management and ongoing monitoring of information systems where appropriate;

secure transmission, handling, retention and disposal of personal data and confidential information in accordance with the Firm’s Records Management Policy;

documented procedures for identifying, reporting, investigating and responding to actual or suspected personal data breaches and cybersecurity incidents;

business continuity, disaster recovery and secure data backup arrangements designed to maintain the availability and resilience of critical information systems;

appropriate due diligence and contractual safeguards when engaging third-party processors, technology providers and cloud service providers;

regular staff awareness programmes, mandatory training and ongoing guidance relating to confidentiality, data protection, cybersecurity and information security responsibilities; and

periodic reviews, audits and testing of the Firm’s information security controls to ensure their continued effectiveness and compliance with applicable legislation and recognised best practice.

10.4 All directors, consultants, employees, contractors and any other individuals acting on behalf of AIO Legal Services are responsible for protecting the confidentiality and security of the information to which they have access and must comply with the Firm’s information governance policies, confidentiality obligations and security procedures at all times.

10.5 Any actual or suspected data protection breach, cybersecurity incident, unauthorised disclosure of confidential information or other information security concern must be reported immediately in accordance with the Firm’s incident reporting procedures. Such incidents shall be investigated promptly, appropriate corrective and preventative measures shall be implemented, and regulatory notifications shall be made where required by applicable law.

10.6 AIO Legal Services maintains separate Data Protection, Privacy and Information Security policies which provide detailed guidance on the collection, processing, storage, sharing, retention, protection and disposal of personal data and confidential information. These policies form part of the Firm’s wider compliance and governance framework and shall be read in conjunction with this Compliance Management Policy.

Training and Competence

11.1 The firm shall ensure that all personnel maintain appropriate levels of competence and professional knowledge.

Training may include:

Regulatory compliance.

AML requirements.

Data protection.

Client care.

Professional ethics.

Risk management.

Cybersecurity awareness.

11.2 Training records shall be maintained and reviewed periodically.

Record Keeping

12.1 The firm shall maintain appropriate records relating to:

Compliance reviews.

Risk assessments.

Complaints.

AML checks.

Regulatory notifications.

Training activities.

Policy reviews.

12.2 Records shall be retained in accordance with applicable legal and regulatory requirements.

Policy Review

This policy shall be reviewed annually or sooner where:

Regulatory requirements change.

Significant business changes occur.

Material compliance issues arise.

CILEx Regulation issues updated guidance.

The Compliance Manager shall be responsible for ensuring that reviews are completed and documented.

Responsibility for Compliance

Compliance is the responsibility of every individual working within or on behalf of AIO Legal Services Ltd. All personnel are expected to act with integrity, professionalism and accountability and to support the firm’s commitment to regulatory compliance and the protection of clients and the public interest.