Risk Outlook 2019/2020

Foreword

Welcome to the new Risk Outlook for 2019/20. We know that the Outlook is a valuable resource for Compliance Officers – it’s certainly one of the most visited pages of our website. It's important, I think, that it is also shared within firms so that everyone can play their role in managing risk.

The Outlook sets out what we think are the key risks and challenges faced by the profession. By sharing our views, and what we think can be done to address the issues, we hope to help you get to grips with the challenges. The impact on the users of legal services when things go wrong can be devastating and we all want to avoid that.

Our priority risks have not changed from the 2018/19 Risk Outlook, though we have reduced the number from ten to nine, merging cyber security with information security to reflect that information is increasingly a key asset that is vulnerable to attack in the same way money is.

Issues with money laundering are at the top of our priority list. As has been pointed out by the National Crime Agency, solicitors are on the frontline in the battle against money laundering. But far too many firms do not have the necessary systems in place to keep money launderers out of legal services. For example, some have not completed a basic risk assessment that should underpin a firm’s approach. This is not just poor practice – having a risk assessment is a legal requirement under 2017 government regulations. Compliance is essential and I urge you all to take the necessary steps as quickly as possible.

We all know how fundamental the work of solicitors is to every part of our society and our communities. We have a lot to be proud of but there is much more to do. Our Risk Outlook can help you to get it right in this fast changing and sometimes uncertain world. Make sure you use it, keeping you, your firm and your clients safe. 

Open all

How to use the Risk Outlook 2019/20

Our assessment of risk is based on a wide range of input from across the sector. By sharing our views on the priority risks, we can support your understanding of why they matter. And by raising awareness, you can reflect on how the risks impact your work.

The Risk Outlook is not guidance and does not contain exhaustive lists of obligations or actions. It is designed to help you by suggesting what you can do to manage risks and avoid harm to the public, the rule of law and the proper administration of justice.

To get the best value out of the Risk Outlook, you and your firm should:

  • understand what the risks are
  • recognise how the risks apply to you and your business
  • decide the actions you can take to mitigate against them.

Our priority risks this year are:

Meeting legal needs

Many people do not get the legal help they need, we want this to change especially for people who are vulnerable.

Anti-Money Laundering

Money laundering lets criminals profit from drug smuggling, people trafficking and terrorism. You can help to stop it.

Client money

Clients trust solicitors to look after their money. Keeping it safe is your responsibility.

Diversity in the profession:

The legal profession does not fully represent society. The legal market needs a diverse profession for building public trust in the effective administration of justice.

Information and cyber security

The information you hold is valuable. Cyberattacks remain a threat to your firm and your clients.

Integrity and ethics

Every aspect of your firm's culture and practices should reflect the ethical standards of a solicitor.

Investment schemes

Questionable investment schemes can have devastating consequences for their victims. You must not facilitate these.

Managing claims

People who have suffered a loss are entitled to seek justice, but badly handled or fraudulent claims harm the public’s trust in the legal system.

Standards of service

Those who do not meet the professional standards of behaviour and competence can affect people’s life, liberty and finances as well as public confidence in the rule of law.

Managing risks

In our "we recommend" section, we give practical advice that you and your firm can easily apply. We signpost to the latest guidance to make sure you know what is expected of you.

By putting in place the right controls at the right time, you can better manage the challenges you face. Where relevant, we also give details about potential changes we see on the horizon.

We all know that things can and do go wrong. While we would expect reports of rule breaches or misconduct to be made by compliance officers, everyone within a firm is responsible for making sure that concerns are raised.

We have published our policy on reporting concerns, setting out when and how solicitors should tell us about potential misconduct.

Why this risk matters

If you or your firm facilitates money laundering, then you are helping to fund serious and organised crime. By preventing money laundering, you and your firm play a major role in reducing the threat to the UK, its citizens and its institutions.

Who is at risk?

All solicitors and firms are exposed to money laundering. This is because they:

  • can legitimise a transaction
  • have access to financial markets
  • advise on property and business deals.

This makes them an attractive target for those seeking to launder the proceeds of crime.

We know the vast majority of law firms would never intentionally become involved in crime. By having the right training and processes in place, you can reduce your risk of unknowingly facilitating crime.

What is the impact?

If money laundering is not stopped, then criminals can finance their activities. The National Crime Agency (NCA) believes that hundreds of billions of pounds of money are laundered through the UK every year.1 This is the proceeds of exploitative and violent crimes such as people smuggling, drugs and firearm trafficking. Laundered money funds further crimes, political corruption and even terrorism.

The crimes that money laundering funds harm innocent people and can destroy lives. The activities of organised criminals cost the UK over £37bn each year.2 One major source of these funds is drug trafficking, which led to 2,917 deaths in the UK in 2018.3

If solicitors become involved, even unknowingly, then they are supporting this crime. The consequences for them include disciplinary and potential criminal proceedings. Public trust in the legal profession can also be harmed if solicitors are involved with organised crime groups.

Solicitors are ideally placed to detect money laundering, but many are leaving themselves and society at risk. By law, solicitors must carry out a full firm wide risk assessment. This should be the basis of their thinking about how they are exposed.

Yet our 2019 review found that more than a third had not made a full assessment. Without this, firms might have vulnerabilities that they do not know about. All firms must ensure that they have a full risk assessment in place and that they comply with the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017.4

Half of all the reports we receive about money laundering involve a firm not having carried out proper due diligence on a client or their funds.

The main tool for reporting suspicions is the Suspicious Activity Report (SAR).

  • The Financial Action Task Force remains concerned about a relatively low number of SARs filed by solicitors and other legal professionals5
  • Our own 2019 review of firms working on trust and company services found that only 17% had made any SARs in the past two years.
Case example: solicitor fined for failing to exercise due diligence

In 2018, a solicitor was fined £45,000 for failing to carry out proper due diligence. Two clients had instructed the solicitor to set up a company in the British Virgin Islands. The solicitor did not meet the clients and did not take any steps to check their identity.

As a result, the solicitor did not realise that they were close relatives of a foreign leader and were accordingly politically-exposed persons (PEPs). The solicitor did not carry out enhanced due diligence, although the instructions by their nature presented a higher risk of money laundering.

The Solicitors Disciplinary Tribunal (SDT) decided that, as the firm's Money Laundering Reporting Officer, the solicitor should have realised that they needed to carry out enhanced due diligence in the circumstances.

Case example: solicitor fined for failing to verify the source of funds for a transaction

In 2018, a solicitor was fined £12,500 for failing to verify the source of funds in a transaction. An investor approached the solicitor to act in a share purchase. They had been recommended to the solicitor by another investor. That investor was an existing client who the solicitor had known for over 35 years.

The solicitor did not update their due diligence checks on the existing client.

Both the new client and the existing one paid purchase money into the solicitor's client account. The solicitor did not investigate the source of these funds.

When the transaction failed, the clients instructed the solicitor to send all the money to the new client. The solicitor complied.

In paying out the money from multiple sources to a single client, the solicitor had failed to follow our warning notices about third party payments. They had also missed the warning sign that the clients had cancelled their instructions after moving substantial sums into the client account. As a result, they had acted where there was a risk of their client account being used for money laundering.

The solicitor accepted that they had not met their duties under the Money Laundering Regulations.

Spotlight on trust formation and company services

Trust and company services are an attractive field for money launderers. This is because criminals can misuse trusts and companies to hide the real ownership and control of assets and wealth.

We recently reviewed how firms working in this area were meeting their obligations. No firm was directly involved in money laundering or other crime. However, some were not doing enough to protect themselves. This put them at risk of unintentionally helping money launderers.

We recommend

To help you and your firm comply:

Know your obligations

You and your firm must comply with the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017.6

Keep up to date with our warning notices. We produce these to help firms understand the risks and how to manage them.

Have the right controls

The starting point for protecting yourself from money laundering is a firm wide risk assessment.

  • This is a legal requirement for all firms.
  • Your risk assessment should give you a comprehensive view of your services, clients and delivery channels. This is so that you can see how you are exposed.

You can protect yourself and your firm from inadvertent involvement in crime by making SARs.

You should make sure you and your firm's staff are all appropriately trained.

Understand your clients

It is important to understand your clients, and in particular to recognise when they or their cases involve higher than usual money laundering risks.

You should carry out due diligence checks on clients and keep this understanding up to date. A longstanding client's exposure and risks may have changed since they last instructed you.

You need to know when you need enhanced due diligence on a client, for example if they are a PEP.

Find more information

The UK National Risk Assessment may be a helpful source of information for carrying out firm-wide risk assessments.7 Our money laundering risk assessment sets out information on money laundering and terrorist financing risks to solicitors, which may also be useful for firm wide risk assessments.

The Government's 'Flag it up' campaign helps solicitors and accountants identify potential money laundering signs.8 You should find the NCA's guidance on the Defence against Money Laundering regime helpful for making good quality SARs.9

Our #staySHARP campaign is about raising awareness of the threat that money laundering poses to solicitors.

We have an Ethics Guidance helpline that offers advice on anti-money laundering (AML) regulation and supports the profession in compliance. The Legal Sector Affinity Group's guidance gives detailed information about how to comply with AML obligations.10

What we are doing

Regulating based on evidence

As an AML supervisor, we use a risk-based approach. Our dedicated AML team uses targeted investigations to look at specific areas of concern.

The Office of Professional Body Anti Money Laundering Supervision (OPBAS) oversees our work to supervise how firms are complying with their AML obligations.

We are a member of the Economic Crime Strategy Board. This helps to make sure that we co-ordinate our AML approach with other regulators and expert bodies.

Taking appropriate action

When we find that firms are not meeting their AML obligations, we will take action.

We began 172 investigations about AML compliance in the first three quarters of 2019, compared to 314 in the same period in 2018.

In the last five years, we have taken more than 60 cases to the SDT. This has led to more than 40 solicitors being struck off, suspended from practice or voluntarily coming off the roll.

Helping the public

We work in co-ordination with other bodies to help prevent money laundering. This helps to make sure that criminals cannot move money into the legitimate financial system.

On the horizon

The Government has produced its new Economic Crime Plan.11 This sets out the steps that it will be taking to prevent money laundering and other financial crimes.

  • As part of the plan, the Treasury is considering whether AML supervisors need new powers or guidance to strengthen the UK financial sanctions regime.12
  • They intend to finish this review by July 2020. It may lead to new obligations and potential penalties for firms.

The Government is reviewing the SAR regime and will finish in December 2020. This is to improve and increase money laundering detection and prevention.

  • Improvements to the SARs portal will include feedback, trends and information about outcomes.

By 2020, the Government intends to bring all cryptocurrencies into the scope of the AML regime. The Financial Conduct Authority (FCA) will supervise trading in these assets.

  • We are not aware of any solicitors involved in cryptocurrency trading. Firms must carry out the right checks on any clients who want to use these systems.

Why this risk matters

People trust solicitors to look after their money. Failing to keep their money safe has wider consequences for clients and for the reputation of the profession.

Who is at risk?

A loss of client money could affect anyone who places their money in a client account.

More than 7,000 law firms hold client money. Firms with poor systems and controls are more likely to breach our requirements for holding client money, or even to lose client money.

Everyone in your firm needs to take responsibility for keeping money safe, and the firm’s management need to be fully aware of client account issues. Some serious cases at the SDT have happened because managers did not know what employees were doing with client funds.

Some losses happen when a firm is failing, and a firm’s owners face debt payments or salary bills that they cannot pay. Solicitors must protect client money even in circumstances as personally challenging as these.

What is the impact?

Clients move large sums of money through their solicitors’ accounts. Although there are protections, from indemnity insurance to the SRA’s Compensation Fund, to cover eligible losses, the result of a loss of client money is not just financial.

The money clients entrust to their solicitors is there to fund transactions such as conveyancing, investments or business deals. If the money is not there when it is needed, the transaction could fail. This can cause great inconvenience and personal distress for the client.

Where one client cannot pay the completion funds in a house purchase, a whole chain may collapse. This can affect a large number of people.

We treat client money breaches particularly seriously. They can lead to proceedings before the SDT, with results that can include striking off. Missing client money is one of the grounds for intervention into a firm. The firm’s owners will be personally liable for the costs of this, and we will normally suspend their practising certificates.

Client money losses are expensive for the whole solicitors’ profession. A large part of the costs of disciplinary proceedings, interventions and the compensation fund are carried by the profession as a whole. Indemnity insurance claims relating to lost client money make that insurance more expensive for all solicitors. And of course, the entire profession suffers the reputational damage that happens when people can no longer trust solicitors.

Case example: Strike off for failing to notice employee's misuse of client money and submit accountant's report

The SDT decided to strike off a law firm director for failing to notice their employee was taking funds and misled regulators about the firm holding client money. The Tribunal found the solicitor paid very little attention to the finances of branch offices and had no control over the staff. The employee took money from the client account of a commercial client, and also allowed a third party to have access to the firm's client account.

Case example: Departure of practice manager leads to breaches

Two solicitors were fined a total of £16,001 and ordered to pay more than £20,000 in costs after improper transfers were made from the client account to the office account. A shortage of more than £110,000 was allowed, and they failed to remedy the issue once discovered. They admitted to the SDT that they had both taken time off for illness at the same time that their practice manager had left the firm. The Tribunal found the pair had failed to supervise client money, which was inevitably a serious matter.

We recommend

To help you and your firm comply:

Know your obligations

The Solicitors Accounts Rules set out the obligations all solicitors have when dealing with client money. We have produced guidance on the new Accounts Rules, which will be in force from 25 November.

If client money is lost or taken, then you must report this breach to us promptly. This is the case even where they have already replaced the money.

Under the new Accounts Rules, you will not need our approval to use a third-party-managed account, but you will need to tell us about it. Our guidance gives more information.

Have the right controls

It is vital to have good accounting systems in order to protect client money. Firms must:

  • vet, train and supervise staff
  • make sure everyone knows their responsibilities to keep client money safe
  • have a business succession plan and contingency plans for accounting staff
  • have systems for good account management and audit
  • have strong IT systems with good backups
  • reconcile accounts that are signed off by the compliance officer for finance and administration at least every five weeks
  • not allow the client account to be used as a banking facility
  • engage with us about any concerns.

Sound financial software can help to make it easier for smaller firms to monitor their accounts and verify transactions.

Protecting client money needs collective effort. All solicitors are responsible for keeping client money safe – not just the compliance officers. Partners and managers should ask themselves:

  • Could you prove staff understand and follow your policies?
  • Do staff understand the importance of keeping client money separate from the office account?
  • What do you do if staff fail to follow your policies?
  • Do you have systems that monitor money transfers, and who makes them?
  • Are the recommendations of your reporting accountants being applied?

Understand your clients

If you know and check your clients’ financial details, then you can make sure the client money that you send to them does actually reach them. This will protect against both theft and accidental loss.

One common threat is email modification fraud, where criminals falsify an email saying that you or your clients’ bank details have changed. If you tell your clients about this and make sure you know each other’s real details, then you can help them to protect themselves.

Find more information

The Law Society has produced advice for firms on preparing for the new Accounts Rules.13 And the Law Society's practice note on residual client balances gives more advice on what to do if you cannot trace a client.14

The Institute of Chartered Accountants of England and Wales offers a range of resources on issues relating to solicitors' accounts.15

The Department for Business Innovation and Skills (BIS) produced guidance on financial management for smaller businesses in 2012. This may be useful to any smaller solicitors' firm.16

What we are doing

Regulating based on evidence

From 25 November 2019, our new Accounts Rules will be in force. These simpler rules focus on the principles of keeping client money safe.

We are making it easier for firms to use third-party-managed accounts. This will let more firms avoid holding client money altogether.

Taking appropriate action

Our new enforcement strategy makes it clear that we treat misuse of client money as a particularly serious type of allegation.

We began 228 investigations into alleged breaches of the Accounts Rules in the first three quarters of 2019, compared to 378 in the same period in 2018. Nearly half of these involved a firm failing to account to its client or another party entitled to money.

In the first three quarters of 2019, we took regulatory action, including SDT referrals, on 70 cases of misappropriation of client money. This compares to 96 in the same period in 2018.

Solicitors who we refer to the SDT for client money breaches risk serious sanction, including striking off the roll, if they have been dishonest.

Helping the public

Recovering lost money

Our rules are there to protect clients if a solicitor's misconduct means that they lose their money. They say:

  • We require all firms to have appropriate professional indemnity insurance (PII). This makes sure that clients are protected from loss in most cases.
  • PII does not cover solicitors against losses from their own dishonesty. In those cases, the insurer can refuse payment. This means that the solicitor must personally remedy the consequences of their own actions.
  • It is important that clients do not lose money through no fault of their own when the solicitor has been dishonest. This is one of the reasons why we maintain the compensation fund.
  • People can make a claim on the fund if the claim falls under our rules. It is a discretionary fund and we decide whether to make a grant on a case by case basis.
Handling unclaimed money

Every year, solicitors are unable to return £3m of client money, mostly because they cannot trace the client. Where this happens:

  • we can authorise a solicitor to pay unclaimed money to legal services charities
  • firms must make a written application to us with evidence of the steps they have taken to locate and contact the client.

Why this risk matters

More needs to be done to improve the representation of all groups especially in senior roles. A representative profession will support and maintain the public's trust while delivering effective administration of justice.

Who is at risk?

Despite decades of action, the senior levels of the profession do not reflect society. And large firms are the least representative. For example, a third of all partners are women but in firms with five or more branches, this reduces below 30%. And 20% of partners are black, Asian and minority ethnic (BAME) across all firms, but only 8% in large firms.

Firms without workplace cultures that promote equality, diversity and inclusion (EDI) have the highest risk of not treating staff and clients fairly or not making the best decisions for their business or clients.

The impact

Research shows that some members of the public do not trust the legal system to give them a fair outcome and that this is linked to a lack of diversity in legal professions.17

An unrepresentative legal profession can negatively impact:

  • the administration of justice, as a diversity of views and approaches supports an independent justice system and maintains the rule of law
  • standards of service, as allowing the most talented people to become solicitors and progress in their careers helps to maintain high standards
  • access to services, as some people might feel that the legal system is not accessible to them if solicitors do not share some social or cultural characteristics with wider society.

Spotlight on disability

Disability can affect anyone. For example:

  • one in four people will be affected by mental ill health during their life
  • 83% of all disabled people develop their disability during their working life.18

Under the Equality Act 2010, you are disabled if you have a physical or mental impairment that has a 'substantial' and 'long-term' negative effect on your ability to do normal daily activities. This definition includes visible and non-visible disabilities and long-term health conditions.

Disability status is under reported in the profession – only 3% of solicitors and partners said they had a disability in 2017, compared to 10% of everyone in employment. 

Some people make assumptions about disabilities which create barriers to progression in all professions.19 Therefore some people do not speak out about their disability or poor mental health.

There are different barriers for different groups in terms of entering and progressing in the profession. And some disabled people face multiple barriers.

We asked firms about the support available for disabled staff. We found:

  • only 20% had an action plan for disability inclusion and 3% had any disability initiatives
  • some solicitors were uncomfortable about saying they had a disability for fear of bringing attention to themselves or being judged as not being able to cope
  • some solicitors were unsure about what was defined as a disability.

Your firm can improve inclusion for disabled people. For example:

  • encourage staff and job applicants to ask for support and reasonable adjustments
  • create a culture where people feel able to talk about all disabilities
  • offer flexible-working and home working to help the work-life balance of all staff, particularly those with a disability and caring responsibilities
  • collect and monitor data on disability, along with other EDI data
  • give disability-awareness training.

We recommend

To help you and your firm comply:

Know your obligations

The Equality Act 2010 protects people from discrimination. And our rules encourage equality of opportunity and respect for diversity. You and your firm have an anticipatory duty to make reasonable adjustments for existing and potential clients and staff. You can read our guidance to find out more about your EDI obligations.

If your firm has 250 or more employees, you must meet the gender pay gap regulations.

Your firm must collect, report and publish data about the diversity of your workforce.

Have the right controls

Your firm needs to make a continued effort for wider representation in senior roles, for example by putting everyone on a level playing field. You can make sure that your recruitment and progression processes and practices:

  • combat indirect biases and discrimination
  • allow recruiters to judge candidates on their skills and experiences, independent of their protected characteristics
  • support an inclusive profession, for example mentoring schemes allow senior managers get to know and help different people with the talent to progress.

How your firm advocates for and practises inclusivity and diversity, including how you handle harassment, bullying and discrimination and how you support people from all backgrounds, underpins your workplace culture.

For best effects in creating a culture of acceptance and support, your firm needs an intersectional approach to diversity. For instance, the experiences of BAME men and BAME women vary considerably. Your firm should therefore consider:

  • having initiatives that include all groups of people
  • evaluating the success of the initiatives.

You could review the EDI data you collect and ask staff about their backgrounds and experiences to better understand how to support everyone to progress in their career, maintain high standards and best meet the needs of your clients.

Understand your clients

Diverse firms can better understand and respond to the experiences and needs of a wide client base. Asking people about their needs is the first step to improving accessibility. And making small, proactive adjustments can have a huge impact on reducing barriers for disabled people.

Find more information

Our resources on disability in the workplace gives real life examples about how to support staff.

LawCare is a free and confidential advisory and support service to help lawyers and their immediate families with mental health problems. And our wellbeing resources have more information about the support available.

The Law Society have information and opportunities through their communities and networks, which can help your professional development.20

Case example: Creating an inclusive work environment

Focusing on wellbeing in the workplace has helped a firm deliver an excellent service to their clients. They create a culture where people feel valued and can speak up about mental health. This leads to a healthy and productive work environment. To achieve this they:

  • have mental health awareness training for partners
  • include information in their monthly newsletters about mental health and wellbeing
  • have trained several Mental Health First Aiders and supported the 'Time to Talk Day', to encourage everyone to talk about mental health
  • organise and promote events, such as the 'Random Acts of Kindness Week'
  • hold exercise, relaxation and other wellbeing sessions during lunch.

They plan to go further by raising awareness about other issues in lunchtime sessions, such as dementia and menopause. And they plan to offer health checks and flu jabs.

"A law firm can be a busy and high-pressured environment to work in, so we make sure our team feel supported, and have access to help if and when they need it. Our commitment is something that runs throughout the business, with our managing partner and senior team playing an active role in leading on this."

Head of HR, medium sized law firm

What we are doing

Regulating based on evidence

EDI is considered throughout our Corporate Strategy and our work. And we are addressing our gender pay gap, which is much lower than the national average.21

We have increased our understanding of how to improve diversity at work. Our work in this area informs our regulations, supports our staff and sets a positive example for others. For example, we:

  • have moved up 48 places in the Stonewall Index
  • are working towards becoming a Level 3 Disability Confident employer and conducted two research projects into disability
  • held events for Black History Month, International Women's Day, Pride 2019 and have raised staff awareness of disabilities and intersectionality
  • participate in the Legal Professions Wellbeing Taskforce to support good mental health and wellbeing so everyone can maintain high standards.

We regularly collect and publish data about diversity in the profession through our Firm Diversity Data collection exercise. We also provide an online tool that allows firms to compare their profile with that of others.

Looking ahead, the Solicitors Qualifying Examination (SQE) means that everyone will meet the same high professional standards regardless of route into the profession. This should widen the talent pool, as people who choose 'earn as you learn' ways of becoming a solicitor will be able to enter the profession on the same terms as those choosing more traditional routes.

Taking appropriate action

We can take enforcement action when there is evidence of victimisation, discrimination or harassment by someone we regulate, both against colleagues and the public.

We have set up a dedicated team to investigate the reports we receive about harassment in the workplace.

Helping the public

The recommendations and case studies in our independent research into the experiences of disabled people in legal services support firms to make their services more accessible. As part of this, we hosted an event to hear from charities about the reasonable adjustments that firms can make for the public.

On the horizon

Diversity continues to be a focus for the Government. This includes:

  • reviewing whether the laws protecting people from sexual harassment in the workplace are effective22
  • creating the Office for Tackling Injustices which will explore if specific groups of people are unfairly discriminated against or held back from getting on in life, for example because of their socio-economic background, ethnicity, gender, disability and sexual orientation
  • encouraging FTSE companies to reach the target of 33% board positions going to women by 2020 - the number of FTSE 250 board positions currently held by women is up to 27.5%.23

You and your firm should keep up to date with the legislation and best practice in this area.

Why this risk matters

Your clients trust you with their most confidential and sensitive information, and their money. If yours is one of the 7,400 firms that hold client money, then this may be targeted by criminals. Cyberattacks remain amongst the most persistent and imminent threats to law firms. You need to take careful steps to protect your client's assets and data.

Who is at risk?

Everyone is at risk. As people have moved their business and social lives online, criminals have followed. The reports we receive about these attacks do not come from just one type of firm. We have seen attacks and successful breaches from every area of the market.

The large sums of money passing through client accounts are attractive to criminals. Although high-value fields such as conveyancing are obviously exposed, any client's transaction could be attacked.

While not all solicitors' firms hold client money, all hold confidential information. Any loss of this will harm the interests of clients.

We see a wide variety of incidents, the most common of which are:

  • email modification fraud – where a criminal intercepts and falsifies emails between a client and their firm, leading to bank details being changed and money being lost
  • phishing and vishing – where a criminal uses email or telephone to obtain confidential information. This often involves building a personal relationship with a solicitor or law firm employee
  • malware – harmful software that spies on or damages your system24
    • A particularly dangerous form, ransomware, encrypts files and demands a ransom in return for a decryption key.
  • CEO fraud – where a criminal impersonates a senior figure at a law firm
    • They can do this through hacking, purchasing a very similar email address or by impersonating their voice.
    • The aim is usually to deceive a staff member into making money transfers.
  • identity theft – where bogus firms copy the identity and brand of a law firm.

It may be better to ask when, not if, you will be targeted by online criminals. Ransomware and malware attacks can be hard to prevent. Criminals are using more sophisticated techniques to steal money or business information. It is not always easy to recognise phishing or a modified email.

Deliberate theft is not the only risk to your clients' information. Accidental losses of information can be just as damaging.

What is the impact?

Cyber criminals can steal large sums. In the first nine months of 2019, law firms reported a loss of around £4m of client money to this type of crime.

Losing money is likely to have a serious impact on your clients' lives and wellbeing. The costs to them are more than just numbers. They are people's house deposits, inheritance funds and life savings. Losing this money can seriously impact them at least in the short term, even if you replace it. Any loss of personal information could be damaging.

Cybercrimes are also expensive for businesses, including law firms. One study found that breaches cost the average business £4,180, rising to £22,700 for larger firms. This covers a wide range of potential losses. While a minor breach might only cause inconvenience, a major one can be very expensive. Some businesses have faced costs in the £m range to recover.

As well as the cost of remedying any losses, there are regulatory costs. Under the General Data Protection Regulation (GDPR), the Information Commissioner (ICO) can fine firms if they do not protect personal data. These fines can be up to €20m (£17.7m) or 4% of a firm's global turnover, whichever is higher.

Simply focusing on the financial cost of data breaches does not give a full picture of their effects. It can understate the actual cost to firms who fall victim to cybercrime.

Business delays

27% of businesses who identified a breach in 2019 lost staff time dealing with breaches or attacks. 19% had staff stopped from carrying out daily work.25

A ransomware strike could leave you unable to access any of your data for a long period. Even multinational corporations have been left without IT systems for days after this sort of attack.

This can mean transactions taking longer, increased costs and potentially more complaints.

Employee well-being and company culture

The most common cybercrimes work by tricking staff members. These people are also victims of the attack. In the short term they are likely to be stressed and worried about their job. If this leads to further issues it could harm the culture within teams, departments or the business as a whole.

Reputation

A successful cyberattack can have a serious impact on a firm's reputation. The legal market still largely depends on personal reviews and recommendations. News of a successful cyberattack either in the news or from a trusted source will inevitably concern potential clients.

We recommend

To help you and your firm comply:

Know your obligations

The Code of Conduct and Accounts Rules set out your obligations with regards to client money and confidential information.

You need to report any loss of client money or confidential information to us promptly. This is the case even if you have already replaced it. Under the GDPR, you must report any breach of personal data to the ICO within 72 hours.

Have the right controls. No guide can guarantee to protect you from all threats, but sensible practices can reduce the chance of a successful attack.26

General principles

  • Cyber security is central to an organisation's health and resilience, and this places responsibility firmly with the board of that organisation.27
  • Security that interferes with the ability to work of you and your staff is bad security.28 This is because staff will be tempted to work around obstacles.
  • No security measure is completely reliable, and attackers will sometimes succeed.
  • Have a plan to recover from cyber attacks and to be able to detect them when they happen.29
  • Try to minimise the harm that a single breach could cause.

Maintain your system

Keeping your IT equipment up to date is one of the most important and effective things you can do to improve your security.

  • Once a system is no longer supported by its manufacturer and is no longer kept updated, you should replace it. If you are not able to replace it straight away, then you should take steps to protect yourself in the short term.30
  • Software developers will update programs regularly – your systems are vulnerable until you install these updates.31
  • Use antivirus software.32
  • Make sure that your system has appropriate firewalls, and that they are switched on and working.

Back up your data

Consider where your backups are stored. Make sure you know how to restore your system from a backup.

  • Consider using secure cloud storage.
  • Back up your important data to protect it from loss due to an accident or a ransomware attack.
  • Make sure that you make backups frequently enough for them to be useful.
  • Ideally, you should have three copies of all your important data, on at least two separate devices and with one copy offsite.33

Working on the move

  • Encrypt laptops and have a system to track and delete data from tablets and phones remotely if they are lost or stolen. Some devices may come with this system built in.
  • Be careful about who can see or overhear what you are doing when working with sensitive information.
  • Public Wi-Fi hotspots can be insecure, and it is hard to prove that a hotspot belongs to who it claims. In most cases, modern websites (using HTTPS) will protect you from this risk.

Access controls

Your clients' confidential information and your own business data should be accessible to you but not to anyone you have not authorised.

  • Use two-factor authentication for email and log-ins where possible.
  • Make sure that you and all staff avoid predictable passwords, and consider using password managers.34
  • Control access to removable media such as flash drives.
  • Do not use an administrator account on your system for work that does not involve maintaining the IT system.
  • Screen-lock devices.

Training and testing

  • Log security incidents and weaknesses to make sure you know how you are exposed to cyberattacks.35
  • Use training to help build a culture of reporting, where staff feel comfortable coming forward with issues that they have encountered.36
  • Nobody can spot every phishing email. A no blame culture will help you to learn about attacks early enough to stop them causing more serious damage.
  • Test security systems to make sure that you are confident that they are working and that you know what to do in the event of an incident.
  • Use exercises to test your preparedness, resilience and responses.37

Understand your clients

Different clients may be vulnerable in different ways. Knowing which transactions may be particularly interesting to criminals may help you protect against loss.

  • High-value transactions, such as conveyancing, are more likely to be targeted by means such as email modification fraud.
  • Information on politically sensitive transactions may be of interest to activist groups and possibly to state-sponsored crime.
  • Information about new high-tech projects may be targeted for industrial espionage.

Find more information

The National Cyber Security Centre (NCSC)'s Small Business Guide gives cyber security advice covering issues from backups to avoiding phishing.38

Cyber Essentials is a certification scheme for businesses of all sizes that want to demonstrate how they are protecting data.39

The ICO produce guidance on your requirements under the GDPR. This includes advice on technical measures to protect yourself and your clients.40

The Law Society's advice on cyber security for solicitors discusses how to protect your systems and comply with the GDPR.

What we are doing

Regulating based on evidence

We are reforming the Accounts Rules. As part of this, we are making it easier for firms to use third-party-managed accounts for client money. This gives firms the option to avoid the exposure that a client account brings.

We work with experts and study incidents in order to understand the threat to firms we regulate. We use this to inform our work. We also use it to produce guidance, for example our report on technology and legal services.

Taking appropriate action

When we receive reports about cybercrimes, we take a proportionate view. We know that human and system errors are unavoidable. This means that the cybercriminals will sometimes get through.

In deciding how to handle a report of a breach, we will look at whether the firm's systems were robust enough and whether they had reasonable protective measures in place. We will take into account whether the solicitor reported the matter to us promptly, and whether they took reasonable steps to remedy the situation.

Helping the public

We have worked with the NCSC to come up with this best practice advice for firms to protect their clients.

On the horizon

In 2020, Pay UK, the retail payments authority, will introduce the new Confirmation of Payee system.41

  • This is an additional security measure for the UK's Faster Payments scheme.
  • It will work by verifying account details against the name of the account holder and intended recipient.
  • The banks will be responsible for making sure that accounts are set up with the correct legal name and will be liable for any losses if they do not apply the system.
  • This aims to control bank transfer frauds. It will make email modification fraud much harder to commit.

Why this risk matters

The solicitors' profession depends on trust. If you do not act with integrity, it can harm public confidence in the whole legal system.

Who is at risk?

Solicitors owe duties to:

  • their clients
  • the court
  • their colleagues
  • the wider public interest.

Acting with integrity means more than not being dishonest. It means following the ethical standards of the profession.42 Every aspect of your firm's business practices and culture should reflect this.

What is the impact?

Both clients and third parties are affected when solicitors bring unjustified cases to courts and Tribunals. This creates unnecessary legal costs and wastes time. It can also lead to cases reaching the wrong outcome.

If you were to let your other interests influence the advice that you give to someone, then this could cause them harm. For example, they may enter a transaction that is not in their interests because they trust the information that they were given by a solicitor.

Failures of integrity can happen because a firm's culture does not encourage integrity. For instance, junior staff may not feel able to admit to mistakes. That can lead to staff trying to cover up problems rather than the firm being able to remedy them.

We treat cases of a lack of integrity or actual dishonesty particularly seriously. These cases are likely to lead to a referral to the SDT and if proved a serious sanction such as striking off the roll.

Spotlight on leaseholds

Although most houses are freehold, more than a million owner occupied homes are leasehold. More than two thirds of leasehold buyers told a survey for the National Association of Estate Agents that their property had been mis-sold to them.43

Two thirds of the surveyed leaseholders had used the solicitor recommended by the developer. Those who used their own solicitor were more likely to understand the issues involved. There have been reports of developers giving buyers incentives to use their recommended solicitor, such as discounts. Some may have suggested that buyers could only use a recommended solicitor.44 As well as the ethical implications of a solicitor accepting a referral in these circumstances, this suggests their advice was influenced by the interests of the developer.

Buyers of these properties have found themselves in properties that they cannot sell, meaning that they cannot move home if they need to. Many also have lease clauses that allow the freeholder to increase the ground rent. This means that the leaseholders face rapidly increasing costs. Nearly half of the leaseholders responding to the survey had not been told about this issue.

Spotlight on harassment and non-disclosure agreements (NDAs)

Harassment and NDAs are still receiving public and political attention. The involvement of solicitors in drawing up NDAs has caused public concern. Some NDAs have given the impression that the victim could not report their situation to the police or to regulatory authorities. This has enabled abusers to continue committing offences without being stopped. It has prevented the victim from seeking help.

NDAs have legitimate uses. However, solicitors must not draft inappropriate terms that have the aim or effect of preventing the reporting of wrongdoing to the appropriate authorities.

We also have concerns about harassment in firms. One survey found that 38% of female lawyers in the UK had been harassed.45

Case example: solicitor struck off for false legal aid claims

In 2018, a solicitor was struck off for seeking payment from the Legal Aid Agency for fictional cases. The solicitor had created false attendance notes for 30 non-existent mental health hearings. They had claimed £22,600 for these cases.

Our own investigation found another 15 files that had been falsified.

The SDT stated that the solicitor's misconduct had been of the highest order, and had caused colossal damage to the reputation of the profession. The solicitor was struck off the roll and the firm was fined £5,000 for supervision failings.

Case example: solicitor struck off for creating false documents on a file

In 2019, a solicitor was struck off for instructing a staff member to create and backdate false documents on a conveyancing file. The solicitor knew that their firm had lost the documents that the client had signed. They did not inform the client of this loss. Instead, they misled the client and the other party.

The SDT found that the solicitor had been deliberately dishonest, in a way that had implicated and affected others. It directed that the solicitor be struck off the roll. It made a section 43 order against the clerk.

We recommend

To help you and your firm comply:

Know your obligations

Acting with integrity is a fundamental principle of the solicitors' profession. You should understand your obligations in the Code of Conduct.

Keep up to date with our warning notices. We have issued a warning notice about the use of NDAs and have directed solicitors towards guidance on how to handle issues of sexual harassment in a firm.

You must not try to prevent anyone from reporting matters to us or to any other regulator.

Have the right controls

  • The actions and communications of managers should reflect the standards of the profession. This will help make sure staff work in an ethical way.
  • Compliance officers should take the lead in making sure that their firm meets its obligations.
  • Staff should feel able to report problems.
  • The Equality and Human Rights Commission (EHRC)’s guidance for employers may help with this.46

Understand your clients

When you analyse a client's case, you should be aware of any ways in which your duties as a solicitor might conflict with their instructions.

  • You should be willing to decline to act if following a client's instructions would mean you have to go against your duties.

Find more information

Our paper on  balancing duties in litigation gives examples of how solicitors' duties may conflict and how to manage these risks.

What we are doing

Regulating based on evidence

Our new Standards and Regulations focus on ethical standards. They support solicitors to use their own professional judgment.

Taking appropriate action

Our new enforcement strategy sets out the types of conduct that we will and will not accept. It also shows where we consider a particular form of misconduct to be especially serious.

In the first three quarters of 2019, we took regulatory action on 337 matters that involved a solicitor's integrity or ethics and referred 16 cases to the SDT. This compared to 382 in the same period in 2018, when we referred 13 cases to the Tribunal.

We began 37 investigations into reports of sexual harassment in the first three quarters of 2019, compared to 62 in the same period in 2018. We will be bringing three cases before the SDT in the third quarter of 2019.

We have consulted on our policy about when solicitors must report conduct issues to us.47 This includes guidance relating to NDA and harassment cases. And we have reviewed our whistleblowers' charter to make clear what we expect of solicitors and how we can protect them if they come forward with concerns.

Helping the public

As part of our contribution to the discussion, we have been liaising with the Equality and Human Rights Commission (EHRC) and the Women and Equalities Select Committee.

Contributing to this discussion helps us raise awareness for the public. This helps them understand what they can expect from legal help.

On the horizon

The Government is considering the introduction of legislation to restrict the scope of NDAs.48 This may include new enforcement measures, for example making non-compliant NDAs legally void.

The EHRC will publish technical guidance on confidentiality agreements. This will clarify the law relating to these agreements in the workplace. It will help firms identify best practices to follow in drafting NDAs.

We will be keeping our warning notice on NDAs under review in the light of these changes.

The Competition and Markets Authority (CMA) is investigating leasehold mis-selling and unfair terms.49 The Government has confirmed that it will consider further action in response to the report.

Why this risk matters

Dubious investment schemes can cause great harm to people. Despite warning notices and some high-profile cases, some firms are still involved. The victims of these schemes can lose their pensions or life savings.

Who is at risk?

Anyone with money to invest can be targeted by fraudsters. Research from a few years ago suggested that over-55s were the most likely group to be affected. The FCA has found that people over 65, with £10,000 or more in savings, were 3.5 times more likely to fall victim than the rest of the population.50

However, this profile might be changing. Recent research has found that the average age of an investment fraud victim was around 40 years old, calling into question if it is just the older generation that are targeted by these scams.51

You can see this change from the types of scams that are happening. For example, investment scams targeting Instagram users recently cost consumers more than £3m, with average losses of nearly £9,000 per person. The types of products offered are changing too, with promoters offering investments in cryptocurrencies and social media scams.52 Unlike schemes such as fine wine investments or land banking, many of these are clearly aimed at younger people.

You are also at risk from these schemes. Your involvement could help a fraudster to legitimise a transaction. People trust solicitors. Mentioning their regulated status, and associated compensation fund protections, lends more credibility to these schemes.

What is the impact?

The scale and nature of these schemes is constantly changing. What does not change are the lasting financial and wellbeing effects these scams have on their victims.

Even if the elderly are no longer the most likely to be targeted, they still seem to be affected far worse than younger generations. These people can, and often do, lose their savings, their health and their independence because of these scams.53

Case example – impact of scams

Age UK has written to tell us about the devastating effect these scams have on the elderly, particularly those with dementia. In one case, the health of an elderly woman with dementia deteriorated so badly, she was no longer able to live alone with the support of health visitors and had to move into a care home. Age UK largely attributed this to the distressing impact of being scammed.

We recommend

To help you and your firm comply:

Know your obligations

You must not let promoters use your client account to avoid rules preventing improper movements of money. Rule 14.5 of the Accounts Rules prohibits you from allowing anyone to use your client account as a banking facility. There is no reason why money that an investor is paying to an investment scheme needs to pass through your client account.

You must make sure you do not mislead or take unfair advantage of anyone. For example:

  • do not agree to help make a scheme look as if it is a legal transaction when it is not, for example if an investment scheme uses the language of conveyancing
  • do not allow anyone to use your regulatory protections or status in promotional materials for a scheme
  • do not give anyone the impression that they are a client if they are not
  • remember that an honest investment scheme does not need a solicitor to give it credibility.

Our warning notices on investment schemes give detailed information on your obligations.

Have the right controls

The most important way to make sure you do not get involved in a dubious scheme is to carry out due diligence on any promoter who wants you to act in a transaction.

If you know the red flags of a questionable investment scheme, you will be in a better position to recognise them and avoid being involved.

It can help if you carefully analyse any complaints or contact from people who are not clients but are affected by a transaction. This may help you identify if the scheme is legitimate.

Understand your clients

Knowing how an investment client may be vulnerable will help you to protect their interests.

Find more information

The FCA’s Scam Smart page contains advice on recognising the warning signs of investment fraud.54

The Money Advice Service55 and Action Fraud also give advice on how to spot an investment scam.56

What we are doing

Regulating based on evidence

We have carried out a thematic review of cases where solicitors have been involved in questionable investment schemes.

This aimed to help us better understand the evolving nature of this risk, and how solicitors are unknowingly becoming involved.

Taking appropriate action

In the first three quarters of 2019, we began investigations into 30 cases involving questionable investment schemes, compared to 27 in the same period in 2018.

Where solicitors have become involved, we have taken action including referrals to the SDT. This has led to high fines, suspensions, and strike offs.

Helping the public

We have published guidance for the public to help them not to fall victim.

We are currently conducting research with the public. We are using this to help us understand what makes people fall for scams.

Why this risk matters

Firms have handled claims schemes poorly in the past and some continue to do so. From the miners' claims schemes in the 2000's to holiday sickness claims today, this harms trust in the solicitors' profession.

Who is at risk?

If you do not carry out the right checks on prospective clients, then you are at particular risk. This is particularly important where the case came through an introducer. Although most introducers act ethically, some do not. We have seen many reports of introducers approaching holidaymakers and encouraging them to bring false sickness claims.

The costs of poorly handled claims fall on the court system and ultimately on the public. This also increases the cost of insurance.

What is the impact?

Anyone who has been injured or suffered a loss is entitled to expect justice. If solicitors manage claims poorly, those clients may not receive a fair outcome. This can lead to further financial costs and have a damaging impact on people's lives.

If solicitors advance false claims, knowingly or unknowingly, then this has costs for the other party. It forces individuals and businesses to spend money and time defending against a case that should not have been brought. These cases also waste court time.

  • Between 2013 and 2018, compensation claims for holiday sickness rose by 500%. It was clear that a rise of this scale was not entirely due to genuine claims.
  • Dealing with false sickness claims cost travel businesses over £240m.57
  • The AA estimate that false whiplash claims cost every driver £35 per year in higher insurance costs.58
  • Some false claims have involved criminals staging car accidents.59 As well as the financial costs, this puts lives in danger.

Making false claims is fraud. As such, the claimants may face criminal prosecution, with sentences including imprisonment. Sometimes solicitors are knowingly involved or turn a blind eye. This can amount to dishonesty.60 It is likely to lead to a referral to the SDT. They may also face criminal proceedings themselves.

Case example: solicitor struck off for overcharging in negligence claims

In 2019, a solicitor was struck off for overcharging in negligence claims against the NHS. The solicitor had set a standard hourly rate that was more than four times the guideline rate. The court described their bills as "unreasonable and disproportionate". In one case, the solicitors' costs were reduced by 93%.

On appeal, the court found that the solicitor had knowingly set artificially high rates to inflate their profits. It found that this was dishonest. It also found that imposing charges of this level against the NHS would harm the public's trust in the solicitors' profession.

Case example: solicitor imprisoned after bringing fraudulent claim

A former solicitor was convicted of contempt of court in 2018. They had acted in a road traffic accident claim. To support the case, they had produced false documents that made their client's injuries seem more serious. They had worked with a GP who had agreed to modify their original report.

The deception was discovered when a paralegal in the firm mistakenly sent both the genuine evidence and the false evidence to the court.

The High Court described the solicitor as "thoroughly dishonest" and sentenced them to 15 months imprisonment.

The solicitor had voluntarily come off the roll before the prosecution.

We recommend

To help you and your firm comply:

Know your obligations

Chapter 9 of the Code of Conduct sets out your obligations when dealing with introducers.

Keep up to date with our warning notices. We use these to warn you about common risk factors in bringing claims.

Have the right controls

Carrying out proper due diligence on prospective clients and their cases will help you avoid being accidentally involved.

  • You should analyse the evidence for a client's claim at the start. This is a key part of building a case but should also reveal problems.

Do not bring any claim unless there is a sound basis for it.

Be careful to verify the source of any referral. This will help you make sure that the claim did not come from cold calling or other poor practices.

Understand your clients

Where a case involves an introducer, you need to be sure that they did not contact the client by cold calling.

You should make sure that you take instructions directly from the client.

Find more information

Our paper on balancing duties in litigation can help in identifying and handling situations where your duties may conflict.

The Association of British Insurers gives information about common types of fraud.61 This may help in recognising potentially false claims.

The Law Society has produced advice for the public on holiday sickness claims.62

What we are doing

Regulating based on evidence

We work together with the FCA in its role as the new regulator for claims management companies. We will share information and co-ordinate our work to make sure that we can properly investigate potential misconduct.

Taking appropriate action

We take targeted action where we find misconduct

In the first three quarters of 2019, we took regulatory action on 28 personal injury cases. We referred 15 of those cases to the Tribunal. This compares to 40 in the same period in 2018, which also led to 15 Tribunal referrals.

Helping the public

We give information for holidaymakers on the Legal Choices website. This helps the public understand if they need legal help.

On the horizon

We are replacing the interim fee cap for payment protection insurance cases. In its place, there will be a permanent fee cap for all claims about financial services.

We will consult on our proposed fee cap in 2020.

Why this risk matters

Many people are not getting the legal help they need. We all have a part to play in improving people's access to legal services.

Who is at risk?

Many people are not able to access legal services. Only one in ten of those with a legal problem get help from a solicitor or barrister.63 People who are more vulnerable are less likely to have access to legal services. For example, many people seeking asylum are unable to get the legal support they need to make their case for protection from violence or persecution.64

Whether people know to look for legal help depends on their knowledge, experience and understanding of the law. It also depends on the severity of their legal need and awareness of where to get help and the different ways that disputes can be resolved.

People who do not have the right information might not realise that they need legal help, or that they might be able to afford it. For example, 60% of small business owners and managers said that they do not use solicitors because they do not think they are affordable. But many overestimated the costs. 65 Small businesses are more likely to use a solicitor when they can see prices online.66

The impact

People have less confidence and trust in legal services if they think that legal help is not available to all groups of society.

When people do not get the legal help they need, people's lives can be harmed in both the short and long-term which can lead to financial costs. The harm can be greater when someone is vulnerable.

Without the right information people cannot make informed choices about whether or how to take action. Information needs to be clear and accessible so that people can understand their rights, know who can help them and how much it will cost. The CMA recommended that more information should be made available to the public by firms, and through comparison and education websites.

Your firm is missing out on clients if you do not share information about your services and prices.

We recommend

To help you and your firm comply:

Know your obligations

You must display prices and service information as part of our SRA Transparency Rules if you publicise that you work in certain areas of law. The information should be accessible, clear and concise and written in plain language, so it is easy to understand. Our guidance can help you to understand your obligations. It also gives example templates.

From November 2019, you must display the SRA-regulated clickable logo on your website to help the public know that you are regulated and have the protections that regulation gives.

Have the right controls

Your firm's systems and processes can do more to support more people to access legal services and therefore act as a control for this risk. For example, your firm could:

  • go further than the current transparency rules and proactively share more information about services and prices
  • share information with organisations that support people with legal needs so it reaches a wide variety of people
  • train staff who engage with the public to help people better understand services and prices
  • offer unbundled services in a clear and structured way, as this allows more people to get legal help when they need it because of the reduced cost
  • include a link to the Legal Choices website, which offers information on the different types of legal help available.

Understand your clients

You can support people and potentially increase your client base in many ways, including:

  • ask people if they need any reasonable adjustments
  • show images of, and information about, your office building on your website so people can plan their visit
  • ask for feedback about how information has been presented to see if you can improve it. The language used by legal professionals and the ways of communicating are a major barrier to people understanding and engaging with legal services.

It is important to understand what your clients can afford and how they can pay. Solicitors said that conditional fee agreements, fixed fees, capped fees, retainers and loyalty schemes are more in the interest of the client than hourly fees – all of which are used by many firms. 67 So hourly billing might not be the best for all of your clients.

Find more information

Explore how to use plain language that people can understand better, including in client care letters.68

The Law Society has practice notes and examples about how some firms are meeting our transparency rules.69

What we are doing

Regulating based on evidence

Our new Standards and Regulations make sure costs are more visible to the public and give more flexibility, including allowing solicitors to:

  • practise reserved legal activities on an individual freelance basis
  • offer non-reserved activities to the public when working in unregulated businesses

As set out in the Bridge Group's report, the SQE is likely to improve diversity of the profession70 and therefore could also broaden access to legal services as people are more likely to find solicitors approachable. And our changes to work based experience means that aspiring solicitors can build up their track record of practice by working in law clinics and other places that offer support.

Case example: Waiver helps improve access to employment law

We granted a waiver so that the qualified solicitors in an unregulated business could offer employment law services to their clients in their capacity as solicitors. Without a waiver, the business would have had to outsource some legal services, leading to additional costs.

We set certain conditions to maintain the protection of the public, including making sure:

  • they have professional indemnity insurance similar to regulated firms
  • that clients are told about the way the services are regulated and the protections available to them.

Our new regulations allow solicitors to provide services in this way without needing a waiver, which will make it easier for people to get help from a solicitor.

Taking appropriate action

Earlier this year, we looked at a sample of firms' websites. We did this to see how they were sharing the information they need to publish under the new transparency rules. Some firms were not publishing the information they needed to. We have contacted them to let them know what areas they needed to work on. We will take action if firms do not comply.

Helping the public

We are making it easier for people to find and choose the legal service that meets their needs by sharing our information:

  • We are developing materials that will help people know what they should expect from their solicitor and how they are protected.
  • We are developing a digital register with information about solicitors and their practice.  
  • We have published market-level data on complaints made to firms.
  • We work jointly with other legal regulators to continue to make sure Legal Choices meets people's needs. This website helps people to better understand the problems that might need professional legal advice and the options available to them.
  • We support the development of comparison websites offering meaningful and relevant information in the legal market.
  • Our SRA Innovate initiative gives a safe space for firms who want to offer services in new ways that could benefit people and businesses needing legal services. We have also granted waivers to our rules to allow new business models and to allow some solicitors working in-house to extend their services.

We are working with the Innovation Foundation Nesta on the Legal Access Challenge. This is funding eight digital technology services to help more people access legal services when they need them. The finalists include:

  • a chatbot to deliver free, early legal help and advice on community care and welfare benefits to the people who need it most
  • a package of tools to help women and children protect themselves from violence
  • a one-stop-shop to help people exercise their digital rights and access redress when online services fail them.

A core part of the 18-month programme is also to help build a community of innovators who want to use technology to widen access to legal services.

"We want the Challenge to move things on and open up legal services. This is about much more than simply offering funding to those with good ideas. We know that innovators need support and networks to turn their ideas into reality, so we are creating those networks for them. It's all part of building the momentum that will further encourage innovation in legal services. Whether you're a charity with a good idea or a tech firm looking to partner with a legal expert, I'd encourage you to get involved."

Anna Bradley, Chair of the SRA Board

On the horizon

The Law Centres Network is creating practical digital tools to help spread its services nationwide and make the most of lawyers' time.71 It plans to develop simple innovations and share what it learns, which could also help your firm communicate effectively and efficiently with your clients.

Enhancing access to justice is also the aim of the £6bn court reform programme and new online digital services. The courts are testing and adapting these online services based on feedback from those who use them. This is likely to affect how people work with you and your firm and might increase the need for unbundled services.

Why this risk matters

If you do not meet high professional standards of behaviour and competence, this could cause harm to the public and to the trust they place in the profession.

Who is at risk?

Anyone is at risk of receiving a poor standard of service. And many people do not know what to expect from their solicitor and what to do if something goes wrong. People who are vulnerable or in a vulnerable situation are more at risk because the impact, as set out below, is often greater for them.

The impact

Poor standards of service can affect people’s life, liberty and finances. For example, someone can get sent to prison or lose access to their children if the solicitor has not maintained their legal skills and knowledge and not given an appropriate standard of service.

The public’s confidence in the rule of law and the overall effectiveness of the legal system can also be negatively affected by poor standards of service.

The reports we receive about possible misconduct relating to standards of service are often about:

  • poor costs information
  • acting without instructions or refusing instructions
  • not releasing documents to the client.

Around two in three of these reports come from the public and more than one in five are from the profession. Other reports are from organisations such as the police, The Legal Ombudsman (LeO) and government departments.

We recommend

To help you and your firm comply:

Know your obligations

You and your firm have a duty to maintain high standards of service provision and competence in line with our Standards and Regulations.72 You must reflect on your practice, keep core technical, ethical and legal skills and knowledge up to date and meet our continuing competence requirements.

Our transparency rules require all firms and some individual solicitors to publish their complaints handling procedure, including information about LeO and us, on their website.

  • Firms and solicitors without a website must make this information available on request.
  • This is in addition to the information about complaints that you have to give your clients as part of our Codes of Conduct for firms and for individual solicitors.

Have the right controls

You and your firm can improve your client care by giving appropriate, clear information when you are instructed and throughout the work in a format that is suitable for people’s needs.73 Our client care letters guidance will help you.

You can encourage a culture of learning to improve standards in service, for example by supporting staff training in communication skills, as well as core skills and knowledge.

Not placing blame on fee-earners for complaints means that they can respond productively and share how they have learned from complaints.74

Your firm could train staff how best to respond to dissatisfied clients before a complaint is made and to manage complaints effectively. This can help your firm maintain high standards, along with a workplace culture that aims to continuously improve both competence and client care.

"Whether you agree with a complaint or not, they often provide a unique perspective on how a customer has experienced your service, so it is important to respond to them correctly and take the time to learn from them. I would encourage firms to use the guidance that we share on our website to help you get your complaint handling right first time and to prevent complaints happening in the first place."

Chief Ombudsman, Legal Ombudsman

Understand your clients

Understanding the needs of each client means that the right service can be given to each person and clients are more likely to be satisfied with your service. This means you are more likely to retain clients, be recommended to others more and have fewer complaints.

Most people (87 per cent) using a solicitor are satisfied with the service they receive.75 People value solicitors that:

  • understand their needs and treat them fairly
  • are efficient and progress the work in a timely way
  • keep them informed and give clear information about costs.76

As highlighted in ‘Diversity in the Profession’ profession’ and ‘Meeting legal needs’, it is important to ask people about their needs so that you can be flexible and try to meet these.

Find more information

Our continuing competence resources give useful information to help you reflect on the ongoing quality of your practice.

Keep up to date with our guidance. This will help you comply with the required standards, including how to publish complaints procedures and engage with online reviews.

LeO has further resources on giving a good standard of service and responding to complaints.

What we are doing

Regulating based on evidence

Our new Standards and Regulations and the SQE aim to make high standard services more consistent across the profession.

Our annual First- Tier Complaints report helps the profession to understand the most common causes of complaints, so they can address any areas of weakness in their firms. For example, most complaints received by firms are about delay, failing to advise and excessive costs. Many of these can be resolved through better communication.

We gather evidence through our independent research, for example about solicitors’ complaints processes, conveyancing services and presenting information about costs and regulatory protections. These have informed how we support firms to improve their information about price, service, complaints and quality. And our research about the experiences of disabled people when choosing and using legal services will help us support solicitors to improve their service and information provision for all groups of people.

Taking appropriate action

Most solicitors meet the high standards expected of them and uphold the rule of law and administration of justice. Where solicitors do not comply with their professional obligations, we will investigate and take action as appropriate. For example, we might:

  • work with the firm to help them address issues
  • take enforcement action for serious issues
  • refer some of the reports we receive to LeO, where it is more appropriate for them to investigate or when the client wants to seek redress.

Our Upholding Professional Standards report sets out how complaints to us are handled, how we conduct investigations, and how we decide whether and what sort of regulatory action is necessary. And our enforcement strategy topic guide on standards of service sets out the differences between what we investigate and what LeO investigate.

We can investigate a solicitor or firm where there is a pattern of concerns about poor service standards, in line with our enforcement strategy. For example, several reports about a firm failing to reply to their clients can indicate wider competence issues or even an abandoned firm. We will take action where appropriate.

If firms are not complying with our continuing competence requirements, we might decide to take regulatory action.

Helping the public

Our new Codes of Conduct for solicitors and firms will also help people understand the standards they can expect. And we have shared other information, for example, an easy to read leaflet that tells young people how solicitors can help them.

If a member of the public reports a concern to us that we cannot help with, we will let them know if there is another organisation that might be able to assist them.

  1. Money laundering and terrorist financing, NCA, 2019
  2. Understanding and addressing the impact of money laundering,  Chartered Institute of Taxation, 2017
  3. National strategic assessment of organised crime, NCA, 2019
  4. Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017
  5. Money laundering evaluation United Kingdom 2018, Financial Action Task Force, 2019
  6. Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017
  7. National Risk Assessment of money laundering and terrorist financing, Home Office, 2017
  8. Flag it up, HM Government, 2019
  9. Defence against money laundering, NCA, 2018
  10. Anti Money Laundering guidance for the legal sector, Legal Sector Affinity Group, 2018
  11. Economic Crime Plan, HMG, 2018
  12. Economic Crime Plan, HMG, 2018
  13. Be prepared, Law Society, 2019
  14. Residual client balances, Law Society, 2019
  15. Solicitors Accounts Rules -- what you need to know, ICAEW, 2019
  16. Financial management for SMEs, BIS, 2012 (PDF, 10 pages, 1.2MB)
  17. The Lammy Review An independent review into the treatment of, and outcomes for, Black, Asian and Minority Ethnic individuals in the Criminal Justice System, 2017
  18. Mental health facts and statistics, Mind and Disability Confident employer scheme and guidance,  DWP, 2016
  19. 'Presumed incompetent: Perceived lack of fit and gender bias in recruitment and selection' in Handbook of Gendered Careers in Management: Getting In, Getting On, Getting Out, M. Heilman, F. Manzi and S. Braun, 2015; 'Editorial: Researching Gender, Inclusion and Diversity in Contemporary Professions and Professional Organizations' in Gender, Work and Organization 19, no. 5, D. Muzio and J. Tomlinson, 2012
  20. Communities and divisions, The Law Society’
  21. Gender Pay Gap Report, The Law Society Group, 2018
  22. Consultation on Sexual Harassment in the Workplace, Government Equalities Office and The Rt Hon Penny Mordaunt MP, 2019
  23. FTSE 350 urged to keep up the pace to meet women on boards target, Department for Business, Energy & Industrial Strategy and Kelly Tolhurst MP, 2019
  24. Mitigating malware, NCSC, 2019
  25. Cyber Security Breaches Survey 2019, Department for Digital, Culture, Media & Sport, 2019
  26. Cyber security training for staff now available, NCSC, 2019
  27. Board toolkit, NCSC, 2019
  28. You shape security, NCSC, 2019
  29. Small business guidance: response and recovery, NCSC, 2019
  30. Obsolete platforms, NCSC, 2019
  31. Time to KRACK the security patches out again, NCSC, 2017
  32. Small Business Guide, NCSC, 2019
  33. Offline backups in an online world, NCSC, 2019
  34. Three random words or #thinkrandom, NCSC, 2016
  35. Logging made easy, NCSC, 2019
  36. Cyber security training for staff, NCSC, 2019
  37. Exercise in a box, NCSC, 2019
  38. Small Business Guide, NCSC, 2019
  39. Cyber Essentials, Cyber Aware
  40. Guide to the General Data Protection Regulation, ICO, 2019
  41. Confirmation of Payee, Pay UK, 2019
  42. Wingate & Anor v The Solicitors Regulation Authority, [2018] EWCA Civ 366
  43. Leasehold and commonhold reform, House of Commons Briefing Paper, 2019
  44. Leasehold reform: twelfth report of session 2017–2019, Housing Communities and Local Government Committee, 2019
  45. Bullying and harassment in the legal profession, International Bar Assocation, 2019
  46. Sexual harassment and the law: guidance for employers, Equality and Human Rights Commission, 2019
  47. Reporting concerns: our post consultation position, SRA, 2019
  48. Crack down on misuse of non-disclosure agreements in the workplace, DBEIS, 2019
  49. CMA launches consumer law investigation into leasehold market, Competition and Markets Authority, 2019
  50. A quantitative analysis of victims of investment crime, FCA, 2014 (PDF, 24 pages, 903KB)
  51. DeLiema, M., Mottola, G. R., & Deevy, M. (2017). Findings from a Pilot Study to Measure Financial Fraud in the United States.
  52. FCA warns of increased risk of online investment fraud, FCA, 2018
  53. Applying the brakes – Slowing and stopping fraud against older people, AgeUK, 2014
  54. Scam Smart, Financial Conduct Authority, 2019
  55. How to spot an investment scam, Money Advice Service, 2019
  56. A-Z of fraud: investment fraud, Action Fraud, 2018
  57. Move to end bogus holiday sickness claims, Ministry of Justice, 2017
  58. Is claiming for whiplash a pain in the neck?, AA, 2018
  59. Cash for crash, Association of British Insurers, 2019
  60. In Barlow Clowes v Eurotrust [2005] UKPC 37.
  61. Cash for crash, Association of British Insurers, 2019
  62. Holiday sickness, Law Society, 2018
  63. Legal problem and resolution survey 2014 to 2015, Ministry of Justice, 2017
  64. Tipping the scales: access to justice in the asylum system, Refugee Action, 2018
  65. Price transparency in the legal services market: A study of small businesses with legal issues, Europe Economics and YouGov for the SRA, 2018
  66. The legal needs of small businesses 2013-2017, Legal Services Board, 2018
  67. Pricing models: Who pays in the lawyer-client relationship? Bellwether report, Lexis Nexis, 2018
  68. Check out resources such as: Plain English campaign: Research into Client Care Letters, Research into Client Care Letters, Optimisa Research for the Legal Services Consumer Panel, 2016, CILEx Regulation Limited, Costs Lawyer Standards Board, Council for Licensed Conveyancers, Institute of Chartered Accountants in England and Wales, Intellectual Property Regulation Board, Legal Services Consumer Panel, Master of the Faculties and SRA, 2016
  69. Price and service transparency, The Law Society, 2019
  70. National Lottery funding to boost Law Centres' digital capabilities, Law Centres Network, 2019
  71. Legal Services Act 2007
  72. Understanding consumer experiences of conveyancing legal services, IFF for the SRA, 2018;
  73. Research into Client Care Letters, Optimisa Research for the legal regulators and the Legal Services Consumer Panel, 2016
  74. Research into the experiences and effectiveness of solicitors' first tier complaints handling processes, London Economics and YouGov for the SRA. 2017;
  75. The Language of Complaints, IFF Research for the Legal Ombudsman, 2017
  76. Tracker survey 2019, Legal Services Consumer Panel, 2019 The riddle of perception: Bellwether report, Lexis Nexis, 2016 and Race to Evolve: Bellwether report,and Research into the experiences and effectiveness of solicitors' first tier complaints handling processes, London Economics and YouGov for the SRA and LeO, 2017