OFR, Risk and Stayin’ Alive

This is the final part of the recent article by Tony Guise.


Risk…what is it good for?  Absolutely everything.  Risk is the basis of regulation in the future.

The SRA will apply a formula, under what is known as risk-based regulation (RBR), to arrive at a risk rating of all the regulated entities for which it is responsible:

risk = impact x probability

This may become highly controversial as, in all probability, qualifying insurers will seek to learn the SRA’s risk rating before underwriting a firm’s risk. Challenges to firms’ risk ratings will therefore assume great importance, and this will need to be managed through an, as yet absent, appeals process.  There is much uncertainty at present as the SRA have recently resiled from their previous position whereby they would communicate risk ratings to firms.  They now say that once the criteria have been published firms can work out their risk ratings for themselves!  Nevertheless we expect underwriters to be very interested in the risk rating accorded by the SRA to any firm when renewing their professional indemnity insurance.

It is worth noting that the SRA regulates almost 11,000 law firms at present. It is still developing the methodology for arriving at risk ratings and still lacks the IT to make it all happen. Risk ratings are therefore unlikely to trouble any firm at the 2011 renewal. However, it is coming and £20m has been set aside to fund the new computer systems required to handle the data.

Some examples provided by the SRA themselves may help to illustrate the new approach:

OFR in practice: Example 1


Venn LLP is a national law firm outsourcing disclosure. The regulator assesses its profile in the profession as being in the medium to high probability range of a breach of confidentiality occurring, and it therefore puts the impact as high. This is addressed by way of a SRA relationship manager being in regular contact with the firm to ensure appropriate steps are taken to address any possible breach of client confidentiality either, for example, through individual breaches by people, or via hacking.

OFR in practice: Example 2


Nokes & Co is a two-partner firm receiving claims via a referral company. Complaints have been received by the SRA from neighbouring solicitors firms and from members of the public about a lack of transparency in respect of referral fees. Relationship management takes place on a smaller scale, to deal with the specific concern. While the probability of a breach is significant the firm is small, its profile in the profession relatively low, and the impact therefore lower, leading to an overall risk rating of medium. The referral fees issue is dealt with by the SRA meeting with the partners, to ensure that the firm is committed to doing the right thing.

Real life examples confirm that risk is far from fictional and can be expensive:

Risk in real life: Example 1

Andrew Crossley tried to take advantage of the new market for the delivery of legal services by accepting instructions from a client to write letters demanding £500 compensation from persons whom it accused of illegally downloading and sharing material from the internet in breach of his client’s IP rights.  His fee was based on a contingency at 65% of the recoveries achieved.  Striking out the claims the Judge ruled that this approach was too entrepreneurial.

The collapse of these claims has led Crossley to the SDT, and gives pause for thought when considering taking advantage of the SRA’s Freedom in Practice approach.

In a separate but equally chilling development, Crossley’s firm’s server was hacked leading to the dissemination of thousands of confidential names and addresses of those accused of breaching his client’s IP rights.  Whilst his firm has ceased this has not prevented the Information Commissioner from investigating the breach of Data Protection laws and recently fined Crossley £1,000 for the breach.  The Information Commissioner made it clear that had Crossley been trading the fine would have been £200,000.  The ICO’s investigation found serious flaws in ACS Law’s IT security system:

  • Mr Crossley did not seek professional advice when setting up and developing the IT system
  • His IT systems did not include basic elements such as:
  • A firewall and access control
  • ACS Law’s web-hosting package was only intended for domestic use
  • Mr Crossley had received no assurances from the web-host that information would be kept secure
  • While the firm should have been aware of their obligations under the Data Protection Act, they continued to act negligently and failed to ensure that appropriate technical and organisational measures were in place to keep personal information secure.

The answer is to take professional advice.  Running a law firm is a risky business but with proper preparation those risks can be managed effectively.

Risk in real life: Example 2

W acted for a two partner firm of conveyancers who decided to merge with a larger firm to enable them to compete more effectively in the new legal market.

Prior to the merger the firm decided to bill all of its remaining WIP to ensure that the current partners would enjoy the benefits of the WIP themselves rather than sharing the fees with their new partners in the merged entity.  Unfortunately they failed to send the bills prior to transferring funds on account from client account to office account.  That is a serious breach of rules 19 and 22 of the Solicitors Accounts Rules, 1998 which the SRA characterise as acting dishonestly.  If proven, such an allegation usually results in being struck off.

This breach was picked up on a routine SRA investigation and led to a 4 year nightmare which only ended in the SDT and after the merger became a de-merger.  Fortunately we defeated the allegation of dishonesty and the outcome was a fine of £15,000 and a costs order of about £20,000 plus endless hours of otherwise chargeable time lost in the preparation of their defence.

The Tribunal’s decision is SDT number 10294-2009 for March 2010 and is at:


The lesson is caveat emptor!  Make sure prior to a merger you take care to carry out regulatory due diligence on accounts rules compliance and general conduct.


Visiting Manchester to take part in a Law Society Question Time event, Des Hudson, Chief Executive of the Law Society of England and Wales, said profitability and turnover among law firms increased during 2010.  Hudson predicted more mergers during 2011 and 2012 and urged caution amongst law firms.

Mergers can be fraught with issues which trap the unwary.  This article illustrates some of the problems and the need for careful business planning not only in the commercial sense but, from 6 October 2011, in order to meet regulatory obligations.  If you are contemplating a merger then seek early advice about the regulatory implications.

Our VERACITY product can assist [LINK TO FLIER] to address the regulatory, accounting and IT issues which always arise both before, during and after merger.  Stay safe, take advice!


Tony is a Director of GUISE Solicitors Limited a specialist law firm advising about risk and compliance issues. www.guisesolicitors.co.uk

Back to the top ↑