In just a few weeks the new Solicitors Regulation Authority Handbook will be released and in less than eight months the new regulatory regime comes into force. Many law firms, and alternative business structures, are only just beginning to consider what outcomes-focused regulation will really mean for their daily practices. The answer owes much to form and only a little to substance.
The SRA’s outcomes-focused Handbook follows the example set by the Financial Services Authority, which began its move to more principles-based regulation (and in the process reduced the size of its handbook by about half) back in 2007. At first glance, the new slimline code seems to impose a far less hefty burden than the weightier 2007 Code of Conduct. The detailed strictures of the old rules have been replaced by an outline of the 10 mandatory ‘principles’, professional standards expected of the solicitor and firm at all times. The first six principles are broadly recognisable from rule 1 of the 2007 code. The final four are more vague, stating that you must ‘comply with your legal and regulatory obligations’, run your business ‘effectively and in accordance with proper governance and sound financial and risk management principles’, ‘encourage equality of opportunity and respect for diversity’ and ‘protect client money and assets’. These catch-all provisions seem ominously broad, but they effectively duplicate duties already imposed on solicitors through various legislative and regulatory frameworks. Their inclusion perhaps foreshadows a world where the Handbook acts as a comprehensive reference tool and a working document for those responsible for compliance.
The principles are then expanded upon in ‘outcomes’ – explanations of what the successful application of these professional standards should look like to the client. Whereas previously the Code of Conduct held the practice manager’s hand every step of the way, guiding them through the complex web of rules and regulations, the new code has decided that solicitors are now grown-ups and can be trusted to go it alone and make considered decisions on how best to translate the professional principle into the successful client outcome.
However, the profession has n0t been entirely cut loose. Rather than the lengthy guidance notes of old, the new Handbook lays out the expected outcomes and follows these up with a succinct list of ‘indicative behaviours’, whose presence they say ‘may’ indicate that your firm is acting in compliance with the principles. There is no overt didacticism here – the firm or organisation is, the Handbook states, free to achieve compliance in any way it wishes, though a lack of the ‘indicative behaviours’ may alert the SRA to the need to question you further on how and whether you are achieving compliance. There is also, sadly, no certainty – a firm displaying the indicative behaviours is given no assurance that it is compliant. The SRA gives itself a wide ambit when making decisions as to whether a firm has implemented sufficient compliance procedures – blind implementation of suggested procedures will not suffice.
The ‘indicative behaviour’ concept is a clear example of how the new Handbook’s flexible stance is intended to move away from the one-size-fits-all model towards a more individualistic approach advocated by the Handbook’s slogan ‘freedom in practice’. Thus the sole practitioner or two-partner practice will require a much smaller and simpler conflict identification system compared to a 1,000-lawyer international firm with a designated compliance department. But while the flexibility allows smaller firms to tailor their compliance to their structure and size, the outcomes emphasis means that a thorough evaluation of the risk profile of your firm and the suitability of current systems is essential and should be undertaken as soon as possible to ensure that you are ready for the Handbook’s arrival. Firms which have not reviewed their systems recently should use the Handbook as a catalyst for getting their compliance house in order. Now is the time to dig out and dust off your old policies – do they address all the necessary issues? Do they clearly ensure compliance to all 10 principles and enable you to consistently meet the required outcomes, or is there room for error or misinterpretation? Would you be able to justify your policies in an SRA investigation? Are you sure that your carefully structured policies are being implemented by all staff?
Whatever the size of firm, a broader Handbook undoubtedly necessitates more concentration on complex and specific internal policies – in one sense this is no longer about box-ticking but about creating your own boxes. Thus it is ironic that those who are already fully compliant with the old regulatory regime are, broadly speaking, unlikely to require major surgery to the substance of their compliance structures, but will still be forced to spend much time making sure those structures now speak the language of 'principles' and 'outcomes'. Many will find this a frustrating task, with those most compliant justifiably complaining that the new scheme is little more than a stylistic exercise.
One of the more substantial regulatory changes is that firms must designate a compliance officer for legal practice (COLP) who may be held responsible if compliance is not achieved. COLPs must take 'all reasonable steps' to ensure compliance with the terms and conditions of the authorised body's authorization, and any statutory obligations of the body, its employees or its managers in relation to the carrying on of the body's authorised activities. They are responsible for reporting to the SRA on any failure to comply with the body's obligations as soon as reasonably practicable. They are not responsible for ensuring compliance with the SRA's accounts rules. Yet even this is not as groundbreaking as it first appears. The guidance notes state that, even though the rules seem to impose ultimate responsibility on the COLP, the ‘existence of compliance officers in a firm…. [are] not a substitute for the firm’s and manager’s responsibilities’.
The SRA has warned that firms and organisations that fail to comply will face harsh sanctions
The new outcomes-focused approach, the SRA claimed in a report published in January, will be monitored through ‘targeted, proportionate, consistent supervision that varies according to different factors such as... risk profile'. The focus on a risk-based approach may bring cost-savings, but the current lack of clarity on how risks will be assessed, including the clear implication that this would have to entail some form of profiling, must be addressed to counter accusations of disproportionate targeting of minority firms. The SRA clearly states that 'equality and diversity implications will be considered' but to avoid another Ouseley Report they will need to ensure that their risk-assessment tools are fit for purpose.
The Law Society has expressed concern over the 'undisclosed cost of the proposals'. Firms that judge themselves at the upper end of the compliance scale now will have to spend no less time rewriting their compliance policies than firms who are failing under the current regime. One thing is clear – the SRA is keen to move to a more efficient and undoubtedly more punitive system of regulation, focusing on ‘those who can’t or won’t put things right’.
David McCluskey is a partner, and Catherine Fischl a trainee solicitor, at Peters & Peters Solicitors