Running a client money account has always been a cost of doing business for law firms. The reconciliations, the annual accountant's report, the compliance overhead, the fraud exposure - firms have absorbed all of it because there was no serious alternative. It was just part of how legal practice worked.
That's changing. Regulators, risk professionals, and the firms themselves are now asking whether there's a better way to protect client money: faster to operate, more secure by design, and less of a distraction from what law firms are actually there to do. This piece sets out what that alternative looks like - and why the shift is less disruptive than most firms assume.
What Is a Client Account, and What's the Problem with It?
A client account is a bank account held by a law firm in its own name, used to hold funds belonging to clients. Under SRA Accounts Rules, firms are required to keep client money separate from their own money and to reconcile those accounts regularly.
In principle, this is straightforward. In practice, it creates four distinct categories of risk.
Fraud and cyber crime. Client accounts are high-value targets. Authorised push payment (APP) fraud - where attackers impersonate solicitors or clients to redirect funds - has grown significantly in the legal sector. Business email compromise attacks targeting payment instruction emails are increasingly sophisticated. A client account held in the firm's name, managed through manual processes, is structurally exposed to these risks. And this applies to all firms, not just those with weaker controls.
Reconciliation overhead. SRA Accounts Rules require detailed, regular reconciliation of client funds. For firms handling high volumes of transactions - M&A completions, group litigation settlements, large-scale conveyancing - this is a significant and recurring operational cost. Finance teams spend time on compliance administration that adds no value to clients.
Regulatory reporting. Most SRA-regulated firms are required to produce an Annual Accountant Report confirming that client money has been handled in compliance with the Accounts Rules. This is an auditing cost that exists solely because the firm holds client money in its own name.
Concentration risk. Client accounts typically commingle funds from multiple matters and multiple clients. When something goes wrong - a reconciliation error, a fraud event, a firm failure - the exposure is collective, not isolated.
None of these risks are new. What has changed is the scale and sophistication of the threats, and the availability of a regulated alternative that addresses all four at once.
What the Axiom Ince Case Told Us
The collapse of Axiom Ince was not an anomaly. It was the most visible example of a structural vulnerability the SRA has been monitoring across the profession for years.
Axiom Ince was a large, well-resourced firm. Client funds were misappropriated at significant scale. The SRA's intervention depleted the profession's own Compensation Fund. The Legal Services Board subsequently sanctioned the SRA over its handling of the case.
The question the profession should take from this isn't "how did Axiom Ince let this happen?" It is: does the infrastructure most firms are using today adequately protect against the same risk of failure? The honest answer is that it depends entirely on the people inside the firm - not on the structure itself. That is the problem.
What Is a Third-Party Managed Account?
A Third-Party Managed Account (TPMA) is an account held and managed by an FCA-authorised payment institution, rather than by the law firm itself. The firm retains full control over the funds - directing when money moves, to whom, and under what conditions - but the regulatory and operational responsibility for safeguarding those funds sits with the TPMA provider.
This distinction matters. A law firm using a TPMA is not giving up control of client money. It is separating the function of handling funds (which remains with the firm) from the function of holding them (which transfers to a regulated specialist). The SRA's Consumer Protection Review, the consultation that closed in early 2025, drew out this distinction explicitly: law firms handle client money - they instruct on it, direct it, control its movement - but under a TPMA they no longer need to hold it. The firm's control is unchanged. Its compliance exposure is materially reduced.
Under the SRA's own rules, using a TPMA provider means the firm is no longer holding client money for the purposes of the Accounts Rules. This removes the requirement to produce an Annual Accountant Report - a direct and recurring cost saving.
How FCA Safeguarding Works, and Why It Matters
When client funds are held in a TPMA, they are subject to FCA safeguarding requirements under the Payment Services Regulations 2017. This is a meaningfully different level of protection from a standard client account at a high street bank.
Shieldpay is fully CASS 15 compliant as of 7 May 2026. For a full breakdown of what the new regime requires and what it means for law firms, see our CASS 15 compliance page.
Under FCA safeguarding rules:
- Funds are held in segregated, ring-fenced accounts entirely separate from the payment institution's own assets
- Those funds cannot be used for any other purpose
- In the event of the payment institution's insolvency, the safeguarded funds sit outside the estate and are returned to clients before any other creditors are considered
A standard client account held in a law firm's name at a bank is a deposit account. Its protection depends on the financial health of the firm holding it. If the firm fails, those funds become part of a more complex insolvency picture - as clients of Axiom Ince discovered. FCA safeguarding removes that dependency entirely. The funds are protected by regulatory structure, not by the firm's solvency.
What firms typically want to know before switching
Four questions come up consistently when firms first look at TPMA seriously. They're worth answering directly.
"We'll lose control of our client's money." No. The TPMA provider holds the funds but acts only on the firm's instructions. Every movement requires firm authorisation. Full audit trails and real-time visibility are standard.
"It will slow down transactions." The opposite is typically true. TPMA platforms automate reconciliation, KYC, and payment verification - the manual steps that introduce delays. At Shieldpay, setup takes 3-5 business days and transactions that previously required manual chasing are handled automatically.
"It's too expensive." The Annual Accountant Report cost alone represents a recurring overhead that a TPMA removes. When the full operational cost of client account management is modelled - finance team time, reconciliation, error correction, compliance administration - the cost comparison looks different.
"What if the TPMA provider fails?" Under FCA safeguarding rules, client funds held in a TPMA are ring-fenced and protected in an insolvency event. This is a stronger structural protection than a standard client account provides, not a weaker one.
What This Looks Like in Practice
Shieldpay is an FCA-authorised payment institution providing TPMA services to law firms across M&A, litigation, and real estate. We have processed over £18bn in transactions for more than 40 of the UK's top 100 law firms.
Our platform handles the full transaction lifecycle: automated KYC and AML verification, ring-fenced fund safeguarding with tier-1 banking partners Citi and ClearBank, conditional fund release management, and multi-party disbursement at scale - including to over 100,000 verified payees in a single transaction.
The question for most firms is not whether TPMA is viable. It demonstrably is. The question is how long the cost and risk of the status quo needs to compound before the conversation becomes urgent.
Further Reading
- Client Money and Change: Supporting Safeguards Across Legal Services - Shieldpay
- TPMA Myths Debunked: 10 Misconceptions Law Firms Need to Know - Shieldpay
- Shieldpay Third-Party Managed Account Solution
- Shieldpay is CASS 15 compliant - is your TPMA provider?
- CASS 15: What it means for payment institutions and the law firms that use them - Shieldpay
Laurence Potter is Chief Compliance Officer at Shieldpay, an FCA-authorised platform that verifies, holds, and disburses funds for law firms and financial institutions.
COMMENTS