Stacey Bryant, Apricty Law, PDF Chair
As a new business owner, the dive into compliance has been an interesting one. It’s fair to say the journey has swung from “how hard can it be” to suddenly having a newfound respect for those whose role it is to specialise in all things compliance.
The SRA’s Compliance Officer’s Conference held in Birmingham’s ICC in October, was extremely well attended and very well run. Conference sessions covered everything from AML to AI and cyber risks, and from client money to data and professional ethics.
The day was packed but my key takeaways and messages from the SRA include:
SQE – Not withstanding much criticism, the SRA is firmly of the opinion the 66% pass rate out of the 30,000 who have taken the SQE to date is “just right”. They consider it reflects the high quality of the assessment, the importance of the role of a Solicitor and this being a “high stakes” profession. The SRA indicated they were pleased to see this supporting better social mobility.
LSB Report – the SRA Acknowledges and accepts the findings of this report and identified that increased resources were required to address the increased number of complaints they receive against members – ultimately leading to increased fees required from the profession.
Client Money – the SRA was very clear in their opinion that the cost to the profession would be significantly reduced if Solicitors did not hold client money. Proposals are being developed to consult on whether Solicitors should hold client money and whether they should be able to receive interest on that money. Questions were also raised as to whether arrangements concerning accountant reports should be changed following the Axiom Ince affair. The SRA was clear any change should be risk based following a consideration of all data. This is therefore very much still a case of “watch this space”. The SRA acknowledges the market for TPMAs is still not sufficiently mature.
Mazur – Notwithstanding the potentially significant impact for many, the position of the SRA appears to merely be:
Non-admitted staff can be authorised following further training,
Mazur does not change the law,
What constitutes litigation will be fact specific, and
Further guidance will be issued after discussion with the LSB.
Data – Trends need to be identified in respect of those areas where there is a higher risk. The SRA specifically referenced conveyancing and high-volume consumer claims. The aim is apparently to ensure the increased demand for data is focused on those higher risk areas and not unnecessarily increasing the burden for others.
AML – the key messages here included:
there has been increased supervisory oversight
breaches identified include:
- failure to perform a client / matter risk assessment
- failure to identify source of funds
- failure to have a firm wide risk assessment
- failure to ensure template risk assessments are tailored to address specific risks
out of 135 firms referred in respect of client / matter risk assessments, 82% had a process but failed to follow it – a disconnect between what a firm’s AML policy required and what was actually implemented.
AI – Firms were cautioned to ensure the use of AI was as a support tool and not as a substitute for proper legal advice. Great care should be exercised where client data and AI is concerned to ensure compliance with data protection, confidentiality and privilege. Firms should ensure they have an appropriate AI risk assessment and an audit trail of use.
Cyber Security – cyber-attacks against British law firms has increased by 77% last year according to SRA statistics. 3/4 of reports against firms concerned conveyancing. Clicking on links sent in emails remained the most common route to a cyber-attack. Most recent high-profile attacks (M&S, Co-Op etc) identified supply chains as being areas of weakness – for law firms, this could include case management, accountancy and HR packages etc. Training for all staff is essential as is a business continuity plan. If attacked, the SRA’s clear advice was the sooner you act the more likely you are able to contain the damage. A firm should immediately engage with the SRA, your insurer and with clients as appropriate.
yber Security – cyber-attacks against British law firms has increased by 77% last year according to SRA statistics. 3/4 of reports against firms concerned conveyancing. Clicking on links sent in emails remained the most common route to a cyber-attack. Most recent high-profile attacks (M&S, Co-Op etc) identified supply chains as being areas of weakness – for law firms, this could include case management, accountancy and HR packages etc. Training for all staff is essential as is a business continuity plan. If attacked, the SRA’s clear advice was the sooner you act the more likely you are able to contain the damage. A firm should immediately engage with the SRA, your insurer and with clients as appropriate.
Professional Ethics – this was without doubt the most interesting session I attended and with some challenging questions being raised of the SRA. It is important firms ensure their culture is one where there is psychological safety and where honesty and integrity remain central. Firms should ensure any bonus schemes in place are not driving poor behaviours and aren’t setting unsustainable performance targets.
Overall, this was a very interesting conference and one I would highly recommend, if only as a very important reminder of the systems of compliance and regulation that underpin our profession and which set high standards for a very good reason – to keep our clients safe and to uphold the integrity of our profession.
Ultimately, many of those who attended were also very critical of the SRA, especially in light of the Axiom Ince affair, and made it clear they must do better to support members.
Interestingly, at no point during the conference, was any comment made as to the announcement by the Government that afternoon concerning responsibility for AML passing to the Financial Conduct Authority – this is likely to have significant implications for the profession and undoubtedly a “watch this space” for 2026.