Solicitors beware. There was a sinister and unexpected change in the SRA’s tone towards law firm compliance at the annual COLP COFA conference, held on 18 October 2023.
As 800 practitioners filed into the Birmingham conference hall, they were perhaps expecting to hear the latest updates from the SRA about its strategic ambitions, its work on financial crime, technology and AI, CILEX regulation and access to legal services.
These topics were indeed covered in the keynote speeches and breakout sessions. But as important as these updates may have been, they were entirely overshadowed by the apparent shift in the SRA’s rhetoric and enforcement focus.
Fines, fines and more fines
Increased SRA fining powers and the change in the burden of proof at the SDT have been well documented. Anecdotally, this is already resulting in fewer cases reaching the tribunal for full hearing.
This has clearly emboldened the regulator. In an alarming shot across the bow, the Chief Executive, Paul Philip, said that the SRA will issue many more regulatory fines for non-compliance, at a much more significant level, and on an automatic basis.
Automatic fines leave very little room for subjectivity in the implementation of rules, possibly moving the profession away from broad ‘principles’ and back towards a system of tick box compliance. A similar approach has been taken with the SRA Transparency Rules. Firms are regularly picked up for very minor infringements by the SRA’s team of website checkers, breaches which arguably pose no real risk to the public.
Mr Philip could barely contain his excitement that, following almost ten years of lobbying for more enforcement power, the SRA will soon be rewarded with unlimited AML fining powers by the government.
And it soon became apparent that the regulator intends to extend this use of fines as an enforcement tool to wider compliance issues.
“You will see very very significant fines coming forwards for AML in the short term,” Mr Philip told the audience, “and if I have my way, for all sorts of misdemeanours”.
Given that SRA fines and public naming-and-shaming go hand in hand (see for example the recent cases of DKLM LLP and Hattens Solicitors, each fined over £12,000), the increasing level and regularity of fines is not the only thing to be concerned about. These are not admonishments handed out in private. They are intended to act as deterrents to other firms. The resulting damage to reputation inflicted by a regulatory fine is hard to quantify.
There is also potentially an unintended consequence for mandatory self-reporting. The SRA’s Codes of Conduct and Enforcement Strategy requires solicitors to report “serious concerns promptly, where this may result in us taking regulatory action”. If we know that fines (i.e. regulatory action) are routinely dished out for systematic breaches of the money laundering framework, does that mean that hitherto ‘administrative’ breaches of rules will become classed as ‘serious’ and therefore reportable? There is certainly an argument that the self-reporting bar will be lower.
If that sounds ominous you won’t like the next part.
More self-regulation and partner accountability
“Where we find people doing the types of things you shouldn’t be doing,” Mr Philip continued, “I truly believe…the partners in that firm must take some sort of responsibility for self-regulation. The profession knows who the bad lawyers are…We will try and use fines as a way of instilling self-regulation.”
The SRA is clearly taking aim at partner-level lawyers, to ensure they take a more active role in ensuring that the firm is in compliance with all of its regulatory obligations.
Of course, all SRA regulated firms already have directly accountable Compliance Officers, who it can be presumed are also included as targets for accountability. Despite being assured from the outset that Compliance Officers would not be treated as ‘sacrificial lambs’, this new pronouncement does sound like a shift in focus, if not policy.
In line with Mr Philips’ warning, it would not be surprising if we see more parallel enforcement action against partners, COLPs and COFAs when an employed ‘bad apple’ within the firm faces serious disciplinary action. Perhaps even for less serious or persistent breaches of SRA rules.
The trouble is of course that the wider partnership generally has little control or oversight over risk and compliance. That function tends to be delegated to the Compliance Officers, a Head of Risk or compliance team.
That may have to change. In the interests of self-preservation, all partners should ensure that they are regularly briefed on compliance issues, possibly as part of the partnership meeting agenda. Partners also need to take responsibility for knowing their way around the maze of rules and regulations applicable to their firm, and the systems and controls that are in place.
Solicitors will have to pay for high profile law firm failures
It is likely that the SRA Board has quite a lot on its collective mind at the moment, embroiled as it is in another huge scandal involving the failure of a high growth law firm. In just the last two years we have seen costly interventions into Kingly Solicitors, Metamorph Group companies and now Axiom Ince.
In the wake of the latest collapse, Mr Philip signalled that the profession should be prepared to pay a significant top-up levy to cover any shortfall in the Compensation Fund.
The scale of the potential liability is eye-watering. The intervention, it is reported, could amount to £15m. Claims on the Compensation Fund could be several times that, depending on whether insurance and frozen assets cover any of the losses. And there is currently just £18m in the fund.
This additional levy could conceivably be in the hundreds of pounds per practising solicitor, which was described by Mr Philip as an increasing overhead of being in business.
One delegate asked whether the SRA had been “asleep at the wheel”. The response from the regulator was that they were confident everything that they could have done was done. Whether that is accurate will surely be subject to separate scrutiny when the dust has settled.
There is something of an ethical conundrum here too. Should struggling high street and traditional practices be expected to pay for the largesse of failed mega-deals and bail out the Compensation Fund losses caused by externally-funded consolidators?
It may sound unfair, and in many ways it is. The unfortunate fact is that the damage to the profession of not meeting claims of the Compensation Fund could be far greater in the long term.
Mr Philip hinted that consolidators and highly acquisitive firms could be subject to more scrutiny in the future, which would at least reduce the likelihood of future recurrence.
New AML warnings
The SRA also used the conference to castigate lawyers for persistent breaches of the Money Laundering Regulations. A new Warning Notice on client and matter risk assessments, and associated AML resources were published on the same day of the conference to reinforce the message.
The focus of the regulator’s ire is that firms are not conducting ‘effective’ risk assessments on clients and transactions. As many as 51% of risk assessments checked by the AML investigation team during a thematic review were not compliant with the Money Laundering Regulations. “This remains an area where improvement is necessary”, says the Warning Notice.
Of particular concern to the SRA are client and matter risk assessments which are:
- not completed when they should be
- tick-box based, without space forcing the fee earner to record their rationale
- based on templates which are not tailored to the firm-wide risk assessment
- reliant on complicated risk-scoring systems that are not consistently completed or understood
- seen as a one-time event, rather than being kept under review
There are a lot of ways to get this wrong in the eyes of the regulator.
We saw a similar approach when their focus was on firm-wide risk assessments, and we could reasonably expect the SRA to start issuing automatic fines for non-compliant documentation linked to this Warning Notice too.
This also fits with the theme of self-regulation. Unlike firm-wide risk assessments, client and matter risk assessments are case-specific documents, produced by the fee earner dealing with the legal work. They do not generally become a management issue unless a high risk is identified.
Compliance Officers, MLROs and the wider management team are unlikely to have eyes on each individual risk assessment. They rely on their team to produce compliant documentation, especially in higher volume departments. File reviews and spot checks can only ever scratch the surface.
A system of accountability based on self-regulation will require firms to show they have systems in place to ensure that the front line teams are complying with the SRA’s interpretation of the legislation, in order to avoid automatic regulatory fines. This may involve re-educating teams about client and matter risks assessments and possibly redesigning the means of capturing risk information. Internal enforcement will also be required – think carrots and sticks.
The SRA’s findings on client and matter risk assessments are consistent with our own experience. We very often see ‘onboarding’ forms containing little more than cursory information, and it is not uncommon for nothing at all to be documented. This is particularly true of transactions which the file handler considers to be ‘run of the mill’. Experienced conveyancers, for example, are sometimes liable to understate the AML risks in a transaction – perhaps because they are not unusual risks for that type of work. In light of the new Warning Notice, this is not an acceptable position.
Bear in mind that the new SRA template is 7 pages long, which is an indication of the amount of information firms are expected to collect on each client and matter. A quick nod towards risk assessment is not going to be acceptable to the SRA.
All firms should anticipate being subjected to an SRA AML audit. If firms and partners want to avoid heavy fines and penalties, client and matter risk assessments have to be taken more seriously.
It’s fair to say that the conference was audibly shocked by some of the pronouncements in the keynote. The chatter in the breakout areas was dominated by a mix of anger and surprise at the tone of the delivery.
Make no mistake, this was not a regulator seeking to win hearts and minds. In previous conferences they have tried to encourage dialogue and engagement with the profession, that being seen to be a better way to achieve compliance.
There was none of that this year. This was a regulator seeking to assert its authority, taking confidence from its new fining powers. It would appear that they have lost patience with nudging firms towards compliance. They make no secret of the fact that their approach to enforcement is getting tougher.
We can expect more of the same, if the current SRA Board survives once the dust has settled on the Axiom Ince scandal.