SRA enforcement strategy

1.1 Introduction

Our approach to enforcement is guided by our public interest purpose.

Our May 2014 policy statement (updated in November 2015) sets out our approach to regulation in order to meet the regulatory objectives and in particular, our public interest purpose.

It is important we regulate in a way that helps maintain and build public trust and confidence in solicitors. That means protecting consumers, setting and enforcing high professional standards, and supporting access to affordable legal services, the rule of law and the administration of justice.

As well as making sure solicitors are competent, we want to promote a culture where ethical values and behaviours are embedded.

Our SRA Principles and Codes of Conduct aim to drive high professional standards. Through them we seek to give a clear message to the public, regulated individuals and firms about what regulation stands for and what a competent and an ethical legal profession looks like.

We work in the public interest, protecting consumers, setting and enforcing high professional standards, and supporting access to affordable legal services, the rule of law and the administration of justice.

Our regulation therefore seeks to:

  • ensure a strong, competitive, and highly effective legal market
  • ensure a focus on quality and client care
  • promote a culture in which ethical values and behaviours are embedded.

Our codes provide a benchmark which solicitors1 and firms are expected to meet. In doing so, we will not second guess the approach they take or the way in which they choose to comply. We do, however, require all those we regulate to be familiar with our standards, explanatory guidance, and the law and regulation governing their work, and to be able to explain and justify their decisions and actions.

We have a number of regulatory tools at our disposal to support compliance. These include:

  • conducting thematic reviews of areas of risk
  • publishing a risk outlook highlighting our priority risks
  • providing advice and support through our Professional Ethics helpline and a range of toolkits and guidance
  • SRA Innovate, a service which helps legal services providers to develop their business in new ways.

However, the public and the profession have a right to expect that wrongdoing will be met by robust and proportionate sanctions, and that we as a regulator will enforce our standards or requirements evenly, consistently and fairly. We need to be accountable for our actions and to demonstrate that we will act fairly and proportionately.

This strategy explains how we use our enforcement powers, where there are concerns about failure to meet our standards or requirements. The strategy also provides clarity for the public, and for regulated individuals and firms, about what we expect of those we regulate.

All of our decision-makers are required to exercise their judgment on the facts of each case, on the basis of the guidance set out in this document and our suite of decision-making guidance, which also explains our approach to publishing our regulatory decisions.

Open all

We need others to alert us when things go wrong which may be the result of a breach of our rules by a solicitor or firm that we regulate. The public, clients and judiciary all play an important role and we provide resources to help them to make a report.

Solicitors and firms also play an important role: Our codes of conduct place obligations on those we regulate to report to us any facts or matters which they reasonably believe are capable of amounting to a serious breach of our standards or requirements. These include a duty to report, in similar circumstances, to another legal services regulator where a breach of their regulatory requirements is indicated.

Reporting behaviour that presents a risk to clients, the public or the wider public interest, goes to the core of the professional principles of trust and integrity. It is important that solicitors and firms let us know about serious concerns promptly, where this may result in us taking regulatory action. We do not want to receive reports or allegations that are without merit, frivolous or of breaches that are minor or technical in nature – that is not in anyone's interest. We do want to receive reports where it is possible that a serious breach of our standards or requirements has occurred and where we may wish to take regulatory action.

This strategy and supporting material explain the factors which we take into account to determine what makes a breach serious and therefore should be referred to when deciding whether and what to report to us.

When to report

Prompt reporting is important. We may have additional information relating to the issues, and/or may need to use our powers to investigate or take urgent steps to protect the public. This may include imposing practice restrictions or in the most serious cases of all using our intervention powers to close a firm.

Firms may wish to investigate matters themselves – and indeed we want to encourage firms to resolve and remedy issues locally where they can. However, where a serious breach is indicated, we are keen for firms to engage with us at an early stage in their internal investigative process and to keep us updated on progress and outcomes. And, we may nonetheless wish to investigate the matter, or an aspect of a matter, ourselves – for example because our focus is different, or because we need to gather evidence from elsewhere.

Early engagement also allows us to make sure that we can understand any patterns or trends, using information we already hold. Sometimes we will want to gather information regarding particular types of risk to consumers, to understand patterns and trends. An example is cybercrime: we would expect a firm to inform us about attacks against it, even where this may raise no concerns about the conduct, behaviour or systems of the firm or any regulated person, where proportionate to do so:  By way of example, some larger firms report that routine attacks are made against their computer systems every day but sophisticated IT systems are in place to counter these.  In such circumstances it is likely to be disproportionate to report each attempt made but we would still wish to be notified of any novel or significant attacks, or near misses.

Whether or not a matter should be reported is a matter of judgment, which will depend on the individual facts and circumstances. If you are unsure about whether to make a report, you should err on the side of caution and do so.

Who should report

If you are an individual solicitor, or registered European or foreign lawyer, any obligation to make a report to us will be satisfied if you provide the information to your firm's compliance officer (as appropriate), on the understanding that they will do so2 [#note2] . This avoids multiple or duplicate reports being made and allows compliance officers to use their expertise to make professional judgments in light of the facts (and following investigation, where appropriate). We would not require or expect the individual to check whether a report has subsequently been made, in those circumstances. However, if you believe a report should be made under our standards or requirements, you should be prepared to make a report yourself if you are not satisfied that they will take the same view. As the compliance officer, you may wish to explain to the relevant individual why you do not consider that the threshold for reporting has been met. This will help them to understand if there are reasons they might not have been aware of why a report is not required, and can help the firm to develop good practice this area.

We understand that making such judgments can be difficult, and we are aware that internal pressures and influences may be at play. We want firms to give compliance officers, and others, support in discharging their duties and in exercising their judgment about what and when to report.

Further, our Codes of Conduct make it clear that those we regulate must not prevent any person from providing information to us3 and that anyone making or proposing to make a report to the SRA, must not be victimised, or subject to detrimental treatment, for doing so4. This is irrespective of whether any regulatory action is taken as a result of the report. It will ultimately be for us to decide whether regulatory action is necessary in the public interest, and we may decide it is not – for example, once we have investigated further – for good reason.

Getting help

If you need any help in reaching a decision whether to make a report, you can:

We will always discuss with those who contact us any needs or concerns they may have about involvement in our process, as well as provide regular updates about how we are handling their concerns. In particular, we are able to provide advice on what information may be provided to us and our powers to receive and consider confidential and privileged information.

Lawyers have a fiduciary relationship which brings obligations to clients. They also have obligations to the court and to members of the wider public who may be affected by their work (for example, as party to a dispute or in connection with the legal matter in hand) which are critical for the effective administration of justice and operation of the rule of law5.

Our role is to regulate in the public interest; to protect clients and consumers of legal services, and to uphold the rule of law and the administration of justice.

This means we focus on issues which present an underlying risk to the public interest, ensuring that any decision to investigate a complaint or report is a proportionate response to that risk.

Our actions are not designed to punish people for past misdemeanours. While the sanctions we impose may be punitive, they do not have that primary purpose. As Sir Thomas Bingham said in Bolton -v- Law Society:

"Thereis, in some of these orders, a punitive element: a penalty may be visited on a solicitor who has fallen below the standards required of his profession in order to punish him for what he has done and to deter any other solicitor tempted to behave in the same way. Those are traditional objects of punishment. But often the order is not punitive in intention...In most cases the order of the Tribunal will be primarily directed to one or other or both of two other purposes. One is to be sure that the offender does not have the opportunity to repeat the offence... The second purpose is the most fundamental of all: to maintain the reputation of the solicitors' profession as one in which every member, of whatever standing, may be trusted to the ends of the earth".6

The role of enforcement action can therefore be seen as:

  • protecting clients and the public: controlling or limiting the risk of harm, and ensuring the individual or firm is not able to repeat the offending or similar behaviour or is, at least, deterred from doing so
  • sending a signal to those we regulate more widely with the aim of preventing similar behaviour by others
  • maintaining and upholding standards of competence and ethical behaviour
  • upholding public confidence in the provision of legal services.

We recognise that both human and system error are unavoidable. And that to adopt a blanket response to non-compliance that does not take into account ethical behaviour, and the underlying purpose for the standard or requirement in question, can be counterproductive. Not only does it increase the regulatory burden, but risks inhibiting the development of shared values, the exercise of judgment and a culture of openness which allows for learning from mistakes.

Not every referral will lead us to open an investigation. Some cases fall outside of our regulatory remit. And we will not need to take action solely to address a breach that is minor in nature and where the evidence suggests that it is unlikely to be repeated and there is no ongoing risk.

Focus on serious issues

We focus our action on the most serious issues: our codes of conduct confirm that we will take action in relation to breaches which are serious, either in isolation or because they demonstrate a persistent failure to comply or a concerning pattern of behaviour. The concept of "serious breach" is described further below. However, this includes within it matters that can be described as serious "misconduct" - or conduct that is improper and falls short of ethical standards. It also includes other serious breaches of our standards or requirements - for example, those relating to failures of firms' systems and controls.

Taking account of aggravating and mitigating factors

Even where we have opened an investigation, we will not necessarily sanction all breaches, but will take into account the circumstances including any aggravating and mitigating factors, while ensuring that the wider public interest (including the protection of the public) is upheld. This means that if the circumstances indicate that there is no underlying concern in terms of the public interest, we will close the matter without (further) investigation. If appropriate, we can close the case with advice, which may include a warning that further breaches may result in a greater sanction being imposed in future.

The importance of constructive engagement

Our approach is to ensure that we only take those steps that are required in order to protect and promote the public interest. Therefore, when a case is subject to investigation, we will, if appropriate, seek to pursue methods of constructive engagement to support firms and individuals to achieve compliance.

Guidance, supervision and monitoring, coupled with an open, cooperative and constructive approach by firms and individuals, may lead us to decide against taking formal action. In those cases, we will expect the firm or individual to take prompt remedial action, agreed with us where necessary. In these circumstances, we will ask firms and individuals voluntarily to provide us with information and evidence of the steps taken to resolve matters.

For example, if a compliance officer for finance and administration (COFA) identifies a failure to pay to clients their residual balances and puts in place an action plan to remedy the breach, we may agree specific measures and targets in a compliance plan to which all the managers sign up. The plan would include regular updates to us so that we can monitor progress and escalate the matter if we have concerns about continuing risk.

Cooperation with an investigation by a firm or individual will be relevant throughout the life of a case at key decision making stages and may in some cases inform the progress of the investigation – for example whether formal steps need to be taken to compel evidence, or whether we are able to agree disposal by way of a regulatory settlement agreement (see our guidance on the use of our investigation powers and on regulatory settlement agreements) - or indeed the ultimate outcome that is appropriate in the public interest (see further below and in the table at Annex A).

Where a formal response is required, we will take action that is proportionate to the risk, weighing the interests of the public against those of the individual or firm involved. We will consider the available sanctions and controls in turn, starting with the least restrictive. The full range of regulatory and disciplinary outcomes available to us (both sanctions and controls), their purpose and indicative criteria for their use, is in Annex A.

As we have said, our response will reflect the seriousness of any breach. Our assessment of seriousness will necessarily involve looking at past conduct and behaviour.

However, our assessment of any future risk will look forward as well as back. Mitigating features of a case which might be indicative of reduced or low future risk include:

  • expressions of apology
  • regret
  • remorse
  • no evidence of repetition of the misconduct, or a pattern of misconduct.

Further, we can take into account the systems in place and environment in which the events took place; and the responsibility or control the individual had over the matters in question. This allows us to respond robustly, but appropriately, to concerns raised in relation to solicitors working in diverse range of practice settings, including outside of an authorised body.

In taking into account mitigation, we will distinguish between "contextual" mitigation –which relates to the events giving rise to the alleged breach and has a bearing on the nature and seriousness of the breach - and personal mitigation – which relates to the background, character and circumstances of the individual or firm and which is usually more relevant to sanction.

Contextual mitigation might include features of the environment in which the solicitor was working and which affected their judgment or any action they were able to take. Personal mitigation might include:

  • testimonials or evidence of insight
  • cooperation with any investigation or audit processes or
  • remedial action taken since the events.

Sometimes information will be relevant to both: for example past misconduct or findings demonstrating a pattern of behaviour or a propensity to behave (for example) dishonestly.

We recognise the stressful circumstances in which many solicitors and firms are working and are aware that the health of the individual at the time of the events may have a significant bearing on the nature and seriousness of the alleged breach.

Further, we are aware of the impact that being complained about and going through an investigation can have on people – and that this can exacerbate or trigger health issues. We have procedures in place to support those going through our processes, to make sure that we are fair and take into account their health needs and make reasonable adjustments to enable them to participate fully.

The nature of the allegation

We see certain types of allegations as inherently more serious than others: for example, we will always take seriously allegations of abuse of trust, taking unfair advantage of clients or others, and the misuse of client money; as we will sexual and violent misconduct, dishonesty and criminal behaviour (described further below).

Information security is also of high importance to the public and protection of confidential information is a core professional principle in the Legal Services Act 20077.

However, there are some common factors that affect the view we take of how serious an allegation is as set out below.

Intent/Motivation

The seriousness of a breach may be dependent on the intention behind it. We will distinguish between people who are trying to do the right thing and those who are not.

Human and system error is inevitable and we will generally take no action where a poor outcome is solely the result of a genuine mistake. However, we may take action where a failure to meet our standards or requirements arises from a lack of knowledge which the individual should or could reasonably be expected to have acquired, or which demonstrates a lack of judgment which is of concern. We would take into account matters such as the experience and seniority of the individual involved (in other words, whether they knew, or should have known, better).

Where a firm or an individual has been a victim, for example, of cybercrime, our primary focus would not be to penalise them for any adverse outcomes arising. However, we are likely to review, for example, whether their systems and procedures were robust enough and reasonable protective measures were in place.

In relation to errors of law or professional judgment, generally we will not penalise a single negligent act or an omission without evidence of seriously or persistently poor levels of competence which demonstrate behaviour falling well below expected standards. We are likely to consider such matters as more serious where a firm or an individual has knowingly acted outside their competence or has failed to take reasonable steps to update their knowledge and skills, or those of their employees.

We will view more seriously events which demonstrate that the individual or firm has a deliberate or reckless disregard for their obligations. Recklessness is serious because it demonstrates inappropriate risk taking, and a lack of regard for the consequences of one's actions.

Conduct or behaviour which demonstrates a lack of honesty or integrity are at the highest end of the spectrum, in a "profession whose reputation depends on trust". The Courts have stated that any solicitor who is shown to have discharged his professional duties with anything less than complete integrity, probity and trustworthiness must expect severe sanctions to be imposed upon them by the Solicitors Disciplinary Tribunal. The most serious involves proven dishonesty.8

This is important because of the uneven relationship, which requires clients to place their trust in their lawyers, for example, because of the information asymmetry between them, or the access the lawyer has to the client's funds and often to sensitive personal information. Trust in the legal profession is also important to support the rule of law, because of the influence and impact the profession has upon the court process and the administration of justice.

When considering intent and motivation, we will consider factors such as whether the conduct was planned and premeditated, persistent or repeated. We will look at any benefit or advantage gained from the conduct and any response to the events including demonstrable insight and remedial action, or whether there has been an attempt to conceal a problem which can act as an aggravating factor, as well as being seen as an episode of dishonest misconduct in itself.

Harm and impact

We take into account the harm caused by the individual or firm's actions and the impact this has had on the victim. This will be fact sensitive and depend on individual circumstances. We will look at the numbers of victims, the level of any financial loss or any physical or mental harm. We will also consider behaviour which harms an individual's personal autonomy and dignity, and treat fundamental rights to privacy and non-discriminatory treatment as at the higher end of seriousness, irrespective of any financial or other harm.

We also take into account harm that could reasonably have been anticipated to arise from the conduct or behaviour in question. This directs our focus onto behaviour that represents a risk, even if harm may not have materialised. For example, a solicitor may seek to mislead the court by creating a false document, which, in the event, is not relied upon in court and does not result in a different outcome for the parties.

For this reason, the question of whether harm materialised is not determinative of whether we will take action: we may take action where no harm has arisen where the behaviour gave rise to a real risk of harm, or other aggravating features are present; and we may decide not to take action where harm arose from a genuine mistake or where other mitigating features are present.

However, in some cases, the actual harm suffered will increase the seriousness of the conduct, and either lead to a more serious outcome (for example, if a solicitor misuses client funds and this leads to a large number of clients suffering hardship and distress as a result) or will lead us to the decision that the case requires us to take action to maintain public confidence.

Vulnerability

As described above, solicitors and clients have an uneven relationship, but not all clients are the same.

Some clients will be more susceptible to harm, for example, as a result of:

  • barriers preventing access to legal services, or the lack of choice of legal provider, for example due to cost or geographical location
  • the situation giving rise to the need for advice, for example, involvement in a sensitive family matter
  • the effect of a poor outcome leading to a greater impact, such as loss of personal liberty, or deportation in an asylum case
  • their personal attributes or circumstances, such as a health issue or learning disability.

Vulnerability is not static: it may be short term, or permanent; and may result from the structure of the market, the nature of the legal services, the client's personal circumstances, or a combination of factors.9 Corporate clients may have large in-house teams and be sophisticated purchasers of legal services - but may also be vulnerable in some transactions or circumstances.

We consider it an important part of our role to protect those who are less able to protect themselves and will consider an allegation to be particularly serious where the client's – or a third party's – vulnerability is relevant to the culpable behaviour. This may be because:

  • the solicitor took advantage of the person's vulnerability to, for example, provide misleading information
  • of the raised awareness the solicitor should have had about the need, for example, to communicate effectively or ensure that the client is in a position to protect their own rights or
  • of any enhanced impact on the client as a result of their vulnerability which the solicitor could and should have anticipated.

Role, experience and seniority

We recognise that certain stages in an individual's career can present a steep learning curve - such as becoming a trainee, a newly qualified solicitor, or a partner for the first time. We would expect solicitors to gain a deeper understanding of appropriate behaviour and of the law and regulation governing their work, as their career progresses. And for those with more seniority and experience to have higher levels of insight, foresight, more knowledge and better judgment.

Part of being fair and proportionate is ensuring that those within an organisation, with real control and influence over the situation, are held accountable. The context in which professionals work, the culture of an organisation and pressure from peers and managers, is likely to have significant impact on their actions and decisions10. Therefore, we recognise that a person's inexperience or relatively junior role within an organisation may impact on their ability to take appropriate action, although will not be an answer to serious misconduct such as dishonesty.

Regulatory history and patterns of behaviour

Once we have identified a breach of our standards or requirements, a key factor when deciding what to do next will be whether the behaviour forms part of a pattern of repeated misconduct or regulatory breaches. This can indicate a propensity to commit certain breaches of our standards or requirements, or a failure in systems and controls, or an unwillingness or inability to learn lessons. This may result in our taking action even if such breaches on their own might be regarded as less serious.

For this reason, we will review our records for previous complaints and findings against the individual or firm. This will include information about any findings made by other courts, tribunals and regulatory bodies as well as previous SRA matters resulting in, for example, a financial penalty or closure of a case with an advice or a warning, and previous disciplinary matters before the Tribunal where allegations were found proved, together with any sanction imposed.

Remediation

When assessing the risk of future harm, factors such as the length of time since the events, insight into the conduct or behaviour, and any remedial action taken, are relevant to our decision whether to investigate an allegation and, if so, what action to take. For example, a firm with weak systems may have been a victim of a cyber-attack, and promptly taken action to ensure that this could not happen again. A timely self-report and early engagement provides us with evidence of that insight and gives us confidence that the firm has an ethical culture and the ability to manage risk.

However, there are some kinds of conduct for which such considerations have less relevance. For example, where the misconduct indicates a lack of honesty or integrity, we may consider that the matter cannot be remediated or that in any event, action is necessary in order to uphold public confidence in the legal profession. As stated in Bolton -v- The Law Society:

Because orders made by the Tribunal are not primarily punitive, it follows that considerations which would ordinarily weigh in mitigation of punishment have less effect on the exercise of this jurisdiction than on the ordinary run of sentences imposed in criminal cases. ... All these matters are relevant and should be considered. But none of them touches the essential issue, which is the need to maintain among members of the public a well-founded confidence that any solicitor whom they instruct will be a person of unquestionable integrity, probity and trustworthiness… The reputation of the profession is more important than the fortunes of any individual member. Membership of a profession brings many benefits, but that is a part of the price.

Relationship with legal practice and our core regulatory jurisdiction – other regulators

We operate within a wider framework of bodies that are currently providing oversight and redress in this sector. We are aware that our regulation will overlap with others where individuals regulated by other regulators such as, for example, barristers or members of the Chartered Institute of Legal Executives (CILEx) are working alongside solicitors in a firm we regulate. Further, the Legal Ombudsman (LeO) deals with service complaints about regulated lawyers and legal service providers. We have arrangements with LeO to make sure that there is a clear understanding about the type of complaints that should be handled by LeO in the first instance, and which by us.

Individuals and firms we regulate will also commonly be subject to other, non-legal, regulatory jurisdictions. They will be subject to the Information Commissioner's Office (ICO) in relation to their handling of personal data, or, for example, the Institute of Chartered Accountants in England and Wales (ICAEW) where working in or as an accountancy multi-disciplinary practice.

We will not investigate an issue which is the jurisdiction of another regulator or prosecuting authority, unless it also raises an issue which is core to our regulatory role and public interest purpose. The closer the matter is to our role and purpose, the more likely it is that we will take action. For example, enforcement of data protection legislation is a matter for the ICO, but if a data protection breach also involves the disclosure of confidential client information, then we will investigate that as a regulatory offence. More guidance on our approach to taking forward an investigation where there are parallel proceedings.

Private life

Our key role is to act on wrongdoing which relates to an individual or a firm's legal practice. We will not get involved in complaints against a solicitor which relate solely to, for example, their competence as a school governor or their involvement in a neighbour dispute. However, our Principles set out the core ethical values we require of all those we regulate and apply at all times and in all contexts – and apply both in and outside of practice (as the context permits).

We are concerned with the impact of conduct outside of legal practice including in the private lives of those we regulate if this touches on risk to the delivery of safe legal services in future11. The closer any behaviour is to professional activities, or a reflection of how a solicitor might behave in a professional context, the more seriously we are likely to view it. For example, an allegation of financial impropriety against a solicitor when acting as a Member of Parliament, will raise a question as to their fitness to manage client funds. However, we will also be interested in matters that are so serious that they are capable of damaging public confidence, such as dishonest or discriminatory conduct in any context.

As stated above, the Principles apply outside of practice but only insofar as the context permits: So for example, the obligation to act in a client’s best interests relates to their best legal interests in any matter in which you act for them; and would not extend to how you behave towards them in a personal or social matter.

In addition, whilst the Principles apply outside of practice to individuals who are not themselves authorised (such as employees or non-lawyers holding roles that are approved by us - such as managers of firms), we will take their role into consideration. Our interest in employees relates to their role as an employee and any behaviour that touches on their suitability as such, which will generally derive from their conduct in practise. When it comes to other role holders, we will also consider their wider fitness or suitability to be approved in that role; and, for example, to have management or control over a legal business. So conduct such as mishandling funds relating to a non-legal business or appointment, will potentially bring our regulation into play.  

In both cases, in addition to a breach of the Principles, we have separate powers to restrict their ability to engage in legal practice where the behaviour of a non-authorised person outside of practice has resulted in a criminal offence.

Criminal convictions

We will always investigate criminal convictions or cautions whether or not these relate to the individual's practice, given the importance of rule-abiding behaviour and public confidence in those involved in the overall effectiveness of our criminal justice system.

However, we continue to take a proportionate approach to our regulation and are less likely to be concerned about behaviour which is at a low-level in terms of seriousness (for example, actions that result in fixed penalty notices, or minor motoring offences). We will take more seriously convictions for drink driving, assault and other offences against the person, and property offences. At the most serious end of the spectrum are convictions resulting in custodial sentences, particularly those relating to dishonesty, fraud, bribery and extortion; those associated with terrorism, money laundering or obstructing the course of justice (such as perjury or witness tampering) or facilitating or concealing serious or organised criminality by others; or those involving violence, sexual misconduct or child sexual abuse images.

The factors set out in section 2.2 are not the only factors which may affect our view of seriousness, and do not all have to be present.

For example, when a matter raises serious integrity issues, judgments about harm have less impact: a case involving dishonest behaviour which does not directly harm another party, such as providing false details in a CV or reference, will still be viewed by us as behaviour which is fundamentally incompatible with the practice of law.

There are also some types of misconduct which are actionable without evidence of intent or harm, such as the use of a client account as a banking facility or involvement in a transaction which bears the hallmark of fraud, because of the significant link between those behaviours and the risk of the solicitors and law firms being used willingly or unwillingly to facilitate crime.

In many cases the factors will be interlinked. For example, a client or third party's vulnerability might provide an opportunity to take unfair advantage, indicating intentional misconduct, or exacerbating the impact of their behaviour.

During an investigation, we will consider the position of both the firm and the individuals working within that firm in order to reach an informed decision as to whom we should be seeking to enforce against.

Our principles set out the values we expect all those we regulate to uphold; however, we have separate codes of conduct and authorisation requirements for solicitors and for firms we regulate. And we have certain standards and requirements (such as those relating to the operation of client accounts) that apply solely to firms.

Where obligations apply equally to firms and individuals, we are able to take enforcement action, in the public interest, against both or either, where there has been a serious breach.

We would take action against an individual where they were personally responsible. This addresses the risk they, as an individual, present to clients or to the wider public interest. It also ensures that specific action can be taken (such as striking off the Roll or imposing conditions on their practising certificate), to ensure that they cannot avoid accountability and/or repeat similar behaviour simply by moving firms. Further, firms may cease to exist, deliberately or otherwise, and therefore where an individual is directly culpable, we will generally proceed against them in order to mitigate that risk. This is more likely where the practice is small and may, in effect, have no separation from its principal or partners.

However, we will usually take action against a firm alone, or in addition to taking action against an individual, where there is a breach of the code of conduct for firms or of our other requirements. For example:

  • to mark the firm's responsibility and to hold it to account for the breach, especially where it is not possible or proportionate to establish individual responsibility.
  • when the events demonstrate a failure which relates to the culture, systems, supervision arrangements or processes for which the firm, as a whole, should be held accountable.
  • to encourage a culture of compliance and management of future risk.
  • when firm-specific action is appropriate. This might include a fine to remove the benefit obtained from the wrongdoing, suspension or revocation of the firm's authorisation, or firm-based conditions or compliance plans. Examples of the latter might include: requirements relating to the firm's governance or oversight arrangements, mandatory remedial action such as establishing compliance systems or reporting to us of accounting records, or restrictions to prevent certain work being carried out or funds being held.

This ensures that the firm as a whole is responsible for future compliance and the management of risk.

As indicated above, we are able to take action in relation to systemic failure and this function is likely to become increasingly relevant as reliance upon information technology and artificial intelligence increases.

Employees and role-holders – managers, owners and compliance officers

A finding against a firm is not a finding of personal misconduct against the partners or other managers. We can, however, take disciplinary action against employees and managers responsible for a breach by their firm and can impose control orders preventing them from working in a law firm without our approval. And we have specific powers in relation to approved role-holders (which include managers and compliance officers within a firm), which include withdrawing or imposing conditions on their approval, as well as disqualifying people from taking up those roles. Read more guidance on our powers against non-authorised persons.

Generally, we will only hold managers to account for the actions of the firm (as opposed to their own conduct or behaviour) where they had a responsibility for - or should have known about and should have intervened into - the relevant events.

Introduction

This table sets out the powers available to us when we take enforcement action against a regulated individual or firm for a breach of our regulatory requirements or for conduct which falls below the standards set out in our Principles and Codes of Conduct.

These include both sanctions and controls. The former are broadly intended to discipline the person to prevent similar behaviour by them or others, maintain standards and uphold public confidence in the profession. The latter are broadly intended to protect clients or the public by controlling or limiting the risk of harm.

Whilst not covered by the table below, our powers include interim or immediate protective measures as well as those which follow a finding. For example, we will take immediate action to suspend a person's practising certificate following certain events, such as a conviction for certain serious offences. We can also impose conditions on an interim basis where these are necessary and proportionate to address an identified risk pending a final outcome in the case. We are also able to intervene into a firm to protect clients' money or files in certain circumstances (see our guidance on intervening to protect clients).

We also have the power to take certain action against people who, although not authorised by us directly as individuals, are involved in a firm that we regulate. These include the power to restrict their future employment or to prevent them holding certain roles in a firm. These powers are set out in our guidance on the regulation of non-authorised persons and approved role holders.

The powers set out in the table below and guidance highlighted in the paragraphs above can in some cases effectively act as both a sanction and a control (for example, a decision to impose a warning, restrict a non-authorised person from employment in a law firm, or suspend a person's practising certificate). And they can be used in combination, where appropriate. For example, it may be appropriate to rebuke or fine a firm's employee for misleading a client, and also to restrict their future employment (as above).

The factors set out in the table below indicate some of the features which may lead us towards or away from imposing a particular sanction or control in any given circumstance. They do not comprise an exhaustive list and not all of the factors set out need to be present for us to consider that the relevant sanction or control is appropriate.

Some of the powers set out in the table below can only be exercised by the Solicitors Disciplinary Tribunal (SDT), such as the power to strike a solicitor off the roll or to impose greater than a specified level of fine on a solicitor or traditional law firm. The SDT has set out its approach to sanctions. However, the factors in the table below will help us to decide whether such a sanction is appropriate and to refer the matter to the SDT accordingly. Further information about the circumstances in which we will refer a matter for adjudication by the SDT is set out in our guidance.

Letters which contain advice and warning
PurposeFactors in favourFactors against

To respond to a minor regulatory breach which is not sufficiently serious to require action to protect the public/public interest, to restrict the regulated person's ability to practise or to rebuke or impose a fine.

To advise the regulated person that they have breached our requirements/ standards and to explain how these apply to the situation in question.

To warn the regulated person that should the conduct/behaviour be repeated or the situation continue, more serious action is likely to be taken. The warning may be taken into account in any future proceedings.

To promote understanding of our regulatory arrangements, and to raise standards by encouraging positive behaviour.

  • Isolated incident
  • No actual or lasting harm to consumers or third parties, or harm that could easily have been anticipated to result from the conduct
  • Breach minor or no more than moderate in nature
  • A degree of insight and understanding of the purpose of the regulatory standard/requirement
  • Apology/acknowledgment of breach/situation rectified as soon as possible
  • Negligible or low risk of repetition
  • Evidence of insight and remediation, such as apology; self report; acknowledgement of breach, situation rectified; cooperation with the SRA

Where closure with no action is appropriate, eg:

  • Issues relate solely to an inadvertent breach, or for some other reason there is no underlying concern about the individual or firm's conduct or behaviour that needs to be addressed or recorded - and therefore no regulatory action is required.

Where a more serious outcome is warranted to protect the public/public interest, eg:

  • Dishonesty/lack of integrity/abuse of trust
  • Evidence of repetition of conduct/behaviour in question, particularly if previously warned/advised to stop
  • Evidence of a history of previous warnings suggesting a pattern of wilful disregard or recklessness of regulatory obligations
  • Conduct/behaviour would tend to damage public confidence in the delivery of legal services
  • Intentional failure to comply/cooperate with regulatory obligations
Rebuke12
PurposeFactors in favourFactors against

To sanction the regulated person for a breach of standards/requirements, but where the issues are only of moderate seriousness and do not require a higher level of response to maintain standards/uphold public confidence.

To deter the individual and others from similar behaviour in future.

  • No lasting significant harm to consumers or third parties
  • Conduct or behaviour reckless as to risk of harm/regulatory obligations
  • Breach rectified/remedial action taken, but persisted longer than reasonable/ only when prompted
  • Low risk of repetition
  • Some public sanction required to uphold public confidence in the delivery of legal services
    • Any less serious sanction/outcome would be appropriate to protect the public/public interest

    Where a more serious outcome is warranted to protect the public/public interest; eg:

    • Dishonesty/lack of integrity/abuse of trust
    • Evidence of repetition of conduct/behaviour in question, particularly if previously warned/advised to stop
    • Intentional failure to comply/cooperate with regulatory obligations

    Conditions13 - Individual

    (The factors to be taken into consideration, below, relate to conditions imposed as a final sanction and not interim conditions)

    PurposeFactors in favourFactors against

    To control the risk of harm arising from a repetition of a breach of our regulatory standards/ requirements.

    To restrict or prevent the involvement of an individual in certain activities or engaging in certain business agreements/associations or practising arrangements.

    To require an individual to take certain steps.

    To facilitate closer monitoring of an individual through regular reporting.

    • Risk of serious harm or breach in the absence of conditions being imposed
    • Sufficient insight to enable compliance with conditions
    • Conduct/behaviour is likely to be repeated in the absence of control/support
    • Conditions available which address the risk of repetition/harm, and which are reasonable and proportionate, realistic and measurable
    • Evidence demonstrates person unsuitable for a particular role or activity which should be restricted
    • Risk can be managed/matters remediated or rectified without formal regulatory intervention

    Where a more serious outcome is warranted to protect the public/public interest; eg:

    • Dishonesty/lack of integrity/abuse of trust
    • No conditions available which can manage the underlying conduct or behaviour
    • Previous history of failure to comply with regulatory obligations/evidence unable or willing to comply with conditions
    • Evidence unable/not competent to continue in legal practice at all
    • Continued practice, albeit restricted, would tend to damage public confidence in the delivery of legal services
    • Intentional failure to comply/cooperate with regulatory obligations

    Conditions – Firm

    (The factors to be taken into consideration, below, relate to conditions imposed as a final sanction and not interim conditions)

    PurposeFactors in favourFactors against

    To control the risk of harm arising from a repetition of a breach of our regulatory standards/ requirements.

    To restrict or prevent a firm, or one of its managers, employees, or interest holders from undertaking certain activities.

    To limit or prevent risks arising from a business agreement or an association which the firm has or is likely to enter into, or a business practice which the firm has or is likely to adopt.

    To require the firm to take certain steps.

    To facilitate effective monitoring of the firm through regular reporting.

    • Nature of breach relates to systemic/procedural issues
    • No lasting significant harm to consumers or third parties
    • Risk of serious harm or breach in the absence of conditions being imposed
    • Sufficient insight to enable compliance with conditions
    • Conduct/behaviour is likely to be repeated in the absence of control/support
    • Conditions available which address the risk of repetition/harm, and which are reasonable and proportionate, realistic and measurable
    • Evidence demonstrates firm, or person in firm, unsuitable for a particular activity which should be restricted
    • Risk can be managed/matters remediated or rectified without formal regulatory intervention

    Where a more serious outcome is warranted to protect the public/public interest; eg:

    • Dishonesty/lack of integrity/abuse of trust
    • No conditions available which can manage the underlying conduct or behaviour
    • Previous history of failure to comply with regulatory obligations/evidence unable or willing to comply with conditions
    • No individual in firm who is willing and capable of implementing and monitoring compliance with conditions
    • Evidence that firm is unable to continue to operate or it would damage public confidence if it was to do so
    • Intentional failure to comply/cooperate with regulatory obligations
    Financial penalty
    PurposeFactors in favourFactors against

    To sanction the regulated firm or individual for a serious breach of standards/ requirements, but where protection of the public/public interest does not require suspension or a striking off.

    To deter the firm or individual and others from similar behaviour in future.

    For the level of fine, see the indicative fining guidance published by the SRA from time to time.

    • Conduct/behaviour caused/had potential to cause significant harm
    • Direct control/responsibility for conduct/behaviour
    • Conduct planned/pre-meditated
    • Wilful or reckless disregard of risk of harm/regulatory obligations
    • Breach rectified/remedial action taken, but persisted longer than reasonable/ only when prompted
    • Fine appropriate to remove financial gain or other benefit as a consequence of the breach
    • Any less serious sanction/outcome would be appropriate to protect the public/public interest
    • Evidence of insufficient means of the person directed to pay to pay

    Where a more serious outcome is warranted to protect the public/public interest; eg:

    • Continued practice would tend to damage public confidence in the delivery of legal services
    Suspension of a solicitor from practice by the SDT
    PurposeFactors in favourFactors against
    To protect the public/public interest by preventing an individual from practising as a solicitor, in circumstances which do not justify striking them off the roll.

    Suspension can be for a fixed term or for an indefinite period. The length of the suspension reflects the seriousness of the findings and the length of time needed for the solicitor to remediate. An indefinite suspension marks conduct falling just short of striking off the roll.

    To sanction the regulated person for a serious breach of standards/ requirements.

    To deter the individual and others from similar behaviour in future.

    To show the public the consequences for a solicitor who commits serious misconduct.

    • Conduct/behaviour caused/had potential to cause significant harm to consumers or third parties
    • Dishonesty/lack of integrity
    • Abuse of trust or exploitation of vulnerability
    • Misconduct involving the commission of a criminal offence
    • Direct control/responsibility for conduct/behaviour
    • Conduct planned/pre-meditated
    • Wilful or reckless disregard of risk of harm/regulatory obligations
    • Breach not rectified/no remedial action taken
    • Misconduct which continued over a period of time or was repeated
    • Any less serious sanction/outcome would be appropriate to protect the public/public interest

    Where a more serious outcome is warranted to protect the public/public interest; eg:

    • Protection of the public/public interest requires a striking off
    • Remaining on the roll would tend to damage public confidence in the delivery of legal services
    Striking off the roll by the SDT
    PurposeFactors in favourFactors against

    To protect the public/public interest by preventing an individual from practising as a solicitor.

    To sanction the regulated person for a serious breach of standards/ requirements.

    To deter the individual and others from similar behaviour in future.

    To signpost conduct or behaviour which is fundamentally incompatible with continued practice in the profession and to show the public the consequences for a solicitor who commits the most serious misconduct.

    • The seriousness of the misconduct is at the highest level, such that a lesser sanction is inappropriate
    • Conduct/behaviour caused/had potential to cause significant harm to consumers or third parties
    • Dishonesty/lack of integrity
    • Abuse of trust or exploitation of vulnerability
    • Misconduct involving the commission of a criminal offence
    • Direct control/responsibility for conduct/behaviour
    • Conduct planned/pre-meditated
    • Wilful or reckless disregard of risk of harm/regulatory obligations
    • Breach not rectified/no remedial action taken
    • Misconduct which continued over a period of time or was repeated
    • Any less serious sanction/outcome would be appropriate to protect the public/public interest
    Suspension or revocation of firm's authorisation
    PurposeFactors in favourFactors against

    To protect the public/public interest by removing a firm's authorisation either permanently or temporarily.

    To sanction the firm for a serious breach of standards/ requirements.

    To act as a deterrent to the firm and others.

    To show the public the consequences for a firm that commits the most serious misconduct.

    • The body has failed to demonstrate or maintain the requirements for (ongoing) authorisation, including the provision of information or payment of fees required under the standards and regulations
    • Conduct/behaviour caused/had potential to cause significant harm to consumers or third parties
    • Direct control/responsibility for conduct/behaviour
    • Conduct planned/pre-meditated
    • Wilful or reckless disregard of risk of harm/regulatory obligations
    • Breach not rectified/no remedial action taken and there is in effect no viable alternative to safeguard public protection
    • Any less serious sanction/outcome would be appropriate to protect the public/public interest
    1. Solicitor includes RELs and RFLs where the context permits.
    2. 7.12 of the SRA Code of Conduct for Solicitors, RELs and RFLs
    3. 7.5 of the SRA Code of Conduct for Solicitors, RELs and RFLs; and 3.11 of the SRA Code of Conduct for Firms
    4. 7.9 of the SRA Code of Conduct for Solicitors, RELs and RFLs; and 3.12 of the SRA Code of Conduct for Firms
    5. "Lawyers … have a duty to their clients, but they may not win by whatever means". Lord Hoffman, Arthur J S Hall –v- Simons [2002] 1 AC.
    6. Bolton –v- The Law Society [1993] EWCA Civ 32, para 15
    7. Section 1(3)(e) Legal Services Act 2007
    8. Bolton –v- The Law Society [1993] EWCA Civ 32, para 13
    9. see Recognising and Responding to consumer vulnerability, Legal Services Consumer Panel, October 2014
    10. see Designing Ethics Indicators for Legal Services Provision, Richard Moorhead et al, UCL Centre for Ethics and Law
    11. In the case of Pitt and Tyas v GPhC [April 2017] the court held that a Regulator could regulate the behaviour of a professional in to both their professional and private life.
    12. SDT refers to this as a reprimand
    13. SDT refers to this as a Restriction Order