International Conference of Legal Regulators

Location: Carlton Hotel, 76 Bras Basah Road

For the first time, the International Conference of Legal Regulators will be held in Asia, in the thriving metropolis of Singapore. Jane Malcolm, SRA Executive Director, External Affairs will lead a session on 'Legal Regulation in the Age of Data'. This session will include a general introduction to the potential uses of data by legal regulators, followed by a discussion on topics such as the infrastructure and methods to become a data-driven regulator, best practices and issues for regulators working with outside researchers, and the balancing between the protection of public interests and the need for regulation.

Proactive Risk Based Regulation at the SRA - Paul Philip


  • 1.

    The Solicitors Regulation Authority (SRA) is the regulator of solicitors and law firms in England and Wales. We work to protect consumers and support the rule of law and administration of justice. We do this by overseeing all education and training requirements necessary to practise as a solicitor, licensing individuals and firms to practise, setting the standards of the profession and regulating and enforcing compliance against these standards. We regulate approximately 170,000 individual solicitors and 10,400 firms. Those firms include a wide range of different practices, from sole practitioners to global entities. We employ around 600 staff in teams responsible for areas such as authorisation, supervision, investigations, enforcement, research and policy.

  • 2.

    We operate in a fast-changing market. Since 2012 alternative business structures (ABS) have allowed non-lawyers to own and manage regulated legal services firms. We are continuing our programme of liberalisation by reforming our rules to create a shorter, clearer, more targeted and easier to use Handbook 1. Further information is available on our website.

  • 3.

    We collect data through an annual process linked to issuing and renewing licenses to practise (known as practising certificates). As part of the process we question applicants about areas such as their location, employees, size, complaints received and areas of work. We also collect data throughout the year through the work of our staff on any new issues or changes in the market, such as how many firms are operating in a certain area of law, whether they are growing or contracting, and what areas of work attract more or fewer complaints. Beyond this, we get data from other bodies such as ombudsman, the Land Registry 2, banks, insurers, the Home Office 3, the courts and other regulators.

  • 4.

    Taken together, these data sources can help identify trends in the market. In this way we can use the data available to us for more than dealing with allegations of misconduct; it can also enable us to keep up with the market and regulate more effectively. For example, multi-disciplinary practices (MDPs) were designed to allow clients to access multiple professional services in one place. This business type was intended to be one of the key benefits of the reforms introduced by the Legal Services Act 2007. However, in comparison with ABS, the growth in MDPs was initially slow. Data collected from potential applicants and others indicated that part of the problem lay with our rules. This prompted us to conduct a review 4.

The role of data in regulation

  • 5.

    As was briefly explained above, we collect data to understand who we regulate and to carry out our work effectively. We need to be able to see who is working where, on what basis, and doing what, to:

    • Identify risk areas
    • Correctly attribute problems to the correct sources
    • Understand recurring issues
    • Make sure our regulation is in line with the better regulation principles of being targeted and proportionate.
  • 6.

    At all times, the public must have confidence in our work. This means we need to be able to access a range of information about a firm or a solicitor when there is a problem. This can be when we are deciding whether to investigate a firm or even close them down. When we take action we want to know who the individuals concerned are, where they are located, where they used to be and the areas where people have concerns.

  • 7.

    Data can also help us to spot market issues and to intervene where necessary. One example of this is in the area of unmet legal need. Our main purpose is to protect the public and support the rule of law and the proper administration of justice. A lack of access to legal services, particularly for those most in need or vulnerable, is therefore a significant concern for us.

  • 8.

    Research shows that many people with legal problems do not get help from a solicitor. More than half of UK adults faced a legal problem in the last three years. But only one-third of them got professional advice. And, only one in 10 took advice from a solicitor or barrister. People who are vulnerable are more likely to experience legal problems, but often do not seek help from solicitors.

  • 9.

    This risk is at the centre of our regulatory reform programme. There is little point in protecting the users of legal services through regulation if the costs of that protection mean fewer and fewer people can afford those services. We have already removed barriers to greater growth and innovation by changes to our regulations. As mentioned above, we have made it easier for multidisciplinary practices to operate in our legal market. Three of the 'big four' accountancy firms 5 have obtained alternative business structure licences from us to offer legal services to their clients. But there is more to do. Through our Looking to the Future programme, we are continuing to reform our regulation to make sure solicitors and firms have the flexibility to meet legal need.

  • 10.

    Understanding the world solicitors and law firms operate in can help us to be more targeted in our interventions. We can do this in two ways. First, by using the information we receive to target our own regulatory resources to those firms or areas of the market that require our attention. For instance, we might gain a better understanding of the root causes of problems that we repeatedly see in our regulated community. This could allow us to prevent harm in the first place 6. Second, we can use information as a tool to support those we regulate to address the issues they face as part of their practice. This can be tailored towards specific issues such as cyber crime, or to a particular profile of firm. Again, this can help to prevent issues occurring.

  • 11.

    In this paper we set out a number of examples of how we use data here at the SRA.

Risk Outlook

  • 12.

    We published our first Risk Outlook in 2013, and have since published an update twice each year. Setting out our view of the risks and challenges confronting solicitors and law firms raises awareness of issues in the market, and how those we regulate can operate to minimise risks.

  • 13.

    We use both internal and external research when drafting the Risk Outlook. We support publication with more detailed papers on specific issues, such as IT security. Our latest Risk Outlook (attached at annex one) sets out eight priority risks that matter to all solicitors and all law firms. These risks, if not managed, can potentially harm the public, the rule of law and the proper administration of justice.

  • 14.

    Some of the risks appear each year; for example, lack of access to legal services, information security and protecting client money. Others are added in response to what we have seen in the market.

  • 15.

    We have included one new priority risk this year: solicitor involvement in questionable investment schemes. These schemes claim to offer high returns on investments in assets such as small plots of land or individual hotel rooms. Members of the public are asked to invest money by first paying it to a solicitor firm, who then passes the money on to the scheme operator. The involvement of solicitors provides a sheen of credibility to the scheme.

  • 16.

    We know that the number of solicitors who would willingly get involved in these schemes is very small, but the harm to the public and potentially the reputation of the profession is significant. We want to help everyone recognise and avoid these dubious schemes. In the latest Risk Outlook, we have set out information on the types of case we have seen, as well as highlighting the poor outcomes many investors face.

How we use data at the SRA - reactive and proactive approaches

  • 17.

    To tackle unethical behaviour and address market issues, we need to know where there are problems. There are two ways we can do this:

    • A reactive, casework approach led by complaints received about solicitors or firms, which we then prioritise and investigate if necessary
    • A proactive approach using a wide range of sources of information to try to spot where things are going wrong.
  • 18.

    We can also use a combination of these two approaches.

Reactive approach

  • 19.

    Much of our casework is led by the reports we receive from members of the public and from other solicitors, including whistleblowers. We receive around 1,000 reports every month.

  • 20.

    Clearly, we do not investigate all complaints. It very much depends on the level of seriousness, the risk of repetition and the implications. As a regulator, we need to balance what level of risk we can accept in the market and what level individuals should have to bear. For example, in road safety we absorb lots of risks collectively - road safety laws, road signs, police presence and enforcement. While these lower the risk of an accident they do not, and cannot, remove the possibility of it happening. Much is in the control of individual car drivers.

  • 21.

    As a regulator of legal services, there is also the risk of restricting access to legal advice and support. If we over-regulate, we impose costs on solicitors and firms that, in turn, have an impact on the price of legal services.

Proactive approach

  • 22.

    Data can help us target our regulation in a way that is proportionate to the risks posed. The data we receive can also help us to be more proactive. A good example of this is investment fraud, through dubious schemes such as those described above (at paragraph 15). This type of activity is not new, but we have seen evidence of an increase. Now we are aware that this is a reoccurring issue, we can start to take more proactive steps to prevent harm in the first place, rather than waiting for the cases to go through the system.

  • 23.

    We have issued a warning notice to firms setting out clearly what is and what is not acceptable. We have also included this as a risk in our Risk Outlook, a popular resource that outlines where we will focus our attention for the coming year and why. This inclusion helps highlight the possibility to firms that they may be targeted. As we get more information, we can also start to identify those firms that may be getting involved in high risk areas.

  • 24.

    Another example is anti-money laundering (AML), where we are required to use this data to risk assess firms, to target our regulation to the risks posed. The Money Laundering Regulations 2017 place new requirements on us as a supervisor. Under the regulations, we need to know which of the firms and solicitors we regulate are providing services that fall within the scope of the regulations.

  • 25.

    We need to know which firms offer AML-regulated services. And within those, we need to approve:

    • beneficial owners
    • officers
    • managers of firms.
  • 26.

    In addition to this HMRC will be compiling a register of Trust or Company Service Providers (TCSPs). We will pass them information on anyone that we regulate who falls within this category. In addition, we need enough information to be able to risk assess firms and target our monitoring appropriately.

  • 27.

    We have also started to look at how we might use data collected by other organisations or that is publicly available. For example, we regularly share information with and receive information from law enforcement agencies and other regulators where firms are regulated by more than one regulator.

  • 28.

    In relation to conveyancing we have started to use information from a number of sources, including the Land Registry, to build up a picture of the conveyancing market.

Conveyancing case study

  • 29.

    Better data can help us to identify the firms and the situations that most put consumers at risk. For example, there are issues with conveyancing work that impact on consumers. Over 40% of the value of professional indemnity insurance claims arise from conveyancing. We are drawing together many different data sources that will help us better understand the issues and profile the firms most likely to be causing harm. This will help us target monitoring, and to provide guidance (or put out warning notices) about common areas of bad practice.

  • 30.

    For example, we are working with the Land Registry who have large amounts of data from their interactions with solicitors from entries to the register. This will help identify common errors that solicitors make. It also provides information on the firms making the most errors. We can cross-tabulate this information with risk indicators from other sources, such as Legal Ombudsmen Complaints data, to help is identify firms that we may need to proactively engage with.

Other ways we use data

Thematic reviews

  • 31.

    We set up our Regulatory Management Thematic Team in May 2015. The team undertakes projects to consider and respond to risks within the legal sector. These risks may be current, emerging or potential risks and will have a common theme. They usually carry out proactive work.

  • 32.

    The Thematic Team works across our organisation to develop our understanding of thematic risks. It also works closely with individuals and firms to raise standards among those we regulate and uphold the core professional principles. The team aims to reduce the likelihood of thematic risks occurring and their impact on the public and people we regulate. They also ensure that our work remains relevant and proportionate; striking the right balance between reducing regulatory burdens and protecting consumers.

  • 33.

    A thematic project is likely to have four major elements:

    • Proactive engagement with individuals and firms through site visits and telephone calls
    • Collecting and analysing information about thematic risks and sharing this information with the public, the profession and SRA staff
    • Assurance visits to assess firms' compliance with our Handbook
    • Engagement with other regulators, professional bodies and local law societies.
  • 34.

    Since its inception our thematic team has completed reviews in areas including asylum, personal injury and advocacy in criminal practice. In 2017 the team is working on the following projects:

    • Equality, diversity and inclusion: we want to understand what is being done, and what more could be done, to improve the representation of female and black and minority ethnic solicitors in senior roles e.g. as partners and/or directors
    • Conveyancing: we aim to improve our understanding of the way the real estate and conveyancing markets have developed around existing regulatory frameworks. We will also consider solicitor errors in submissions made to the Land Registry
    • Payment protection insurance: we will review the increasing concern about solicitors involved in making these claims
    • Anti-Money Laundering and Counter Terrorist Funding: we will review a sample from the profession to review firm’s processes and procedures. We will also look at firm's preparations for the new money laundering regulations.
    • The annual report for the Financial Conduct Authority.

Research programme

  • 35.

    Our research programme supports our reform programme by helping us to see where reform is necessary. We use our data for all the research we do - both internally and working with external researchers. Research is also integral to our evaluation of the impacts of our interventions. For example, after reforming the restrictions on solicitor involvement with separate businesses we have collected data on an annual basis to understand the impact on the market and test whether any of the concerns put forward have come to fruition. Often with policy changes, it is not possible to fully assess all the impacts before implementation. Post implementation evaluation is therefore fundamental to determine whether there have been any negative impacts and to help us to learn as a regulator.

  • 36.

    We also work jointly to commission research with other regulators such as our innovation in legal services report, commissioned with the Legal Services Board. This report has led to our SRA Innovate programme, through which we are supporting firms that want to organise themselves or offer services in ways that are restricted by our current rules.

  • 37.

    Combining our research with the thematic review process has proven to be an effective way of targeting our regulatory resources - particularly in relation to supervision. For example, research focusing on the experiences of clients and solicitors in the areas of asylum and personal injury led to a thematic review involving visits to high risk firms. Rather than visiting all firms that do this sort of work we could focus on the areas where the risks were highest. These reviews have led to us taking regulatory action against some firms as well as providing guidance on good and bad practices identified.

Ideas for the future

  • 38.

    We need to continually evaluate the way in which we regulate and, in particular, where we target our resources. We must also consider if we have the balance right between proactive and reactive regulation. Data can help us to shift more resources into proactive regulation so that we can prevent harm from occurring in the first place.

  • 39.

    There are some ways in which we could develop our proactive regulation. For example:

    • Using data to predict which firms are likely to have regulatory issues and pose risks to consumers.
    • Using data to identify where there might be risks to professional standards in high risk areas.
    • Increasing the quantity and quality of information available to consumers of legal services. This could help them navigate the market more effectively and judge for themselves the level of risk they are prepared to take.

Predicting behaviour

  • 40.

    We have already started to use data, such as the complaints a firm or a solicitor has received to predict which firms are likely to have regulatory action brought against them. We have been able to calculate, for instance, which firms we will bring cases against at the Solicitors Disciplinary Tribunal. The more data we have, the more accurate these predictions can be.

  • 41.

    Combined with developments in IT, there is the possibility of automatically identifying the firms that will have issues and will therefore need close supervision. We could also draw on data held by other regulators or available in the public domain.

Quality of criminal advocacy

  • 42.

    Advocacy is a high-risk practice area. The consequences of poor advocacy are significant: for example, loss of liberty. External stakeholders regularly voice concerns about standards of criminal advocacy, yet no objective evidence exists that demonstrates the nature and scale of the problem. As a result, we are unable to target our actions at risky providers. This results in a prescriptive, restrictive, blanket approach that places unnecessary burdens on competent individuals and firms.

  • 43.

    It is important we begin to understand on an ongoing basis who is practising criminal advocacy, how they use their rights and what poor practice looks like in relation to service delivery. We need qualitative and quantitative data to help us identify where there could be risks to standards that we might need to investigate further. For example, we might wish to monitor trial outcomes as well as the reports we receive about individual advocates. We also need to analyse trends to identify, monitor and target risks within this market. This will also help us allocate our resources more effectively.

Regulatory data and consumer choice

  • 44.

    In December 2016, the Competition and Markets Authority (CMA) published its final report on the legal services market. It concluded that competition in the market is not working well and called for consumers and small businesses to have access to more information, to help them make informed choices when purchasing legal services.

  • 45.

    We are currently consulting on our proposals to publish more of the regulatory data we hold about solicitors and firms we regulate. We are also consulting on asking the solicitors and firms we regulate to publish more information on the legal services they provide. This includes:

    • requiring firms to publish their price for services in certain areas and a description of the services they offer
    • requiring firms to make information on our regulatory protections available including a digital badge which verifies that we regulate the firm
    • publishing the data we have on complaints made against firms we regulate
    • publishing the areas in which a law firm practises
    • publishing a register that holds our key regulatory data about the solicitors and firms we regulate.
  • 46.

    Over time, as consumers become more informed it may reduce the level of regulation needed, as consumers will be able to make their own judgements about the services they want to use.


  • 47.

    Data plays a valuable role in our day-to-day regulation. However, data driven regulation is not without its challenges. The burden of imposing data requirements on those we regulate is significant. Data is not free. There are costs associated with its collection and storage and, ultimately, any costs can be passed on to the consumer. We therefore need to be satisfied that any data we ask for has a clear regulatory purpose and we can justify its use.

  • 48.

    In the UK, the new General Data Protection Regulations (GDPRs) - introduce new rights and obligations in relation to personal data. Data is personal if it identifies an individual. A large part of our work does not involve the use of personal data because it will either be anonymous, in the form of a pseudonym or relates to firms and not individuals. We use our data to spot patterns, rather than to identify individuals. Therefore, we envisage that the GDPRs will not impact significantly on our work.


  • 49.

    We are still in the early days of data use, and still have much of its potential to explore. However, we need to avoid thinking the use of data is free. Collecting and storing data creates costs. But supplementing what we collect with data supplied by others enables us to build a fuller picture of the legal market overall, and the risks and bad practice that may arise.

  • 50.

    Technology will allow us to reduce the costs associated with using data, as will learning from other regulators and different markets. As an organisation the SRA is open to learning by trial and error. Our aim is to target our regulation to leave the best firms and solicitors alone, while also identifying poor practice and dealing with it quickly and robustly.



1. For more information on our review of our regulatory approach see

2. HM Land Registry records land and property ownership in England and Wales. For more information see

3. More information on the Home Office Government department is available here

4. By an MDP we mean a business that delivers reserved legal services with other professional services, such as accountancy, land and housing management, corporate services or financial services. For more information about this review see here

5. These are Ernst & Young LLP, PricewaterhouseCoopers LLP and KPMG LLP

6. A recent article published on the GMC blog explored similar issues, including how data can be used as a 'before the event' intervention to prevent issues from occurring in the first place. See