Protecting the public: The SRA’s consumer protection review – Our thoughts  

The SRA recently launched a consumer protection review, aiming to ensure that consumers are protected when engaging with law firms, maintain public trust in legal services, and help to foster a more dynamic and competitive legal market.

The review follows an increasing number of interventions, most notably that of Axiom Ince where £60m of client funds went missing, which have called for a review of a number of aspects surrounding how law firms are regulated and deal with client money. Responses to the review have been invited from a range of stakeholders, as part of the consultation process. The below was our response to the SRA: 

“Fundamentally, the changes implemented following the introduction of the 2019 accounts rules put a lot more responsibility on the COFAs of law firms, with increased emphasis on self-regulation. Whilst, for the most part, this has proved to be successful, there have been notable exceptions. Legal professionals are heavily regulated and the SRAs code of conduct is very broad, but unfortunately, not every solicitor or firm will act in the best interests of the client, so there is the need for further controls to be introduced.  

From reading the review, there are two main areas which the SRA are considering in the wake of the loss of over £60m in client funds from law firm Axiom Ince. Whilst this has necessitated the largest intervention ever, it also forms part of an increasing pool of interventions conducted by the SRA, begging the question of whether the current regulatory system needs to be amended in order to ensure client money is protected.  

The first part of the review looks at the compensation fund. We note that, since the review began, the SRA have already announced substantial increases to both individual members, as well as law firms, in the year ahead. Whether this is a one-off increase, or will continue in future years, is yet to be determined.  

The second part of the review is in respect of the SRA looking to the future, considering how instances similar to Axiom Ince could be prevented from re-occurrence and, therefore, the SRA are seeking to identify and manage or mitigate risks in the marketplace to clients and client money. The areas under review here can be split into 3 main risk factors.  

The first risk factor to consider is that of managing the risks associated with the failure of firms resulting from poor trading results or cashflow. The SRA are proposing to bring together risk factors and ‘red flags’ identified from previous interventions. We would suggest that a ‘traffic light’ system could be a useful step towards increasing financial risk management.  

Unless a law firm is under serious review, the SRA currently receive minimal ongoing financial information in respect of the law firms under their governance. Whilst corporate law firms file accounts with Companies House, these are submitted well after the year end and, if no audit is required, very little information is provided within the filleted accounts. Unincorporated law firms will only share their detailed financial information with HMRC.  

At present, the SRA do not have the access to this information, nor the resource or capabilities to appropriately assess it. We would suggest that the SRA could therefore liaise more closely with regulatory bodies such as HMRC, to obtain information where payments such as VAT or PAYE are in arrears, as these scenarios could indicate early signs of cashflow problems. They could also seek information on firms’ outstanding loans and overdrafts periodically. This information could be pooled to create a risk profile, or risk flags, which can then be used as part of a traffic light, risk-rating system.  

This ‘traffic light’ system could then be used to help determine the information required to be provided to the SRA, and the regularity that this is provided. For instance, a firm may be determined to be high risk and, accordingly, be required to provide quarterly management data, inclusive of outstanding liabilities, to the SRA. This would tie in with the Making Tax Digital legislation due to be introduced in the coming years, which will require firms to provide timely management information to HMRC. This will better enable the SRA to assess the relevant risk factors on a more timely basis and take positive steps to mitigate the risk to consumers. 

The second factor to consider here is managing the risks involved in mergers and acquisitions. At various roundtable events discussing this paper, which members of this firm have participated in, a lot of the focus has been on rapidly expanding law firms reliant on M&A’s and consolidations, and how the risks can be mitigated. 

The SRA are proposing to ‘look at the sustainability of ownership models and corporate structures in the legal sector, and whether some carry more inherent risk.’, as well as considering enforcing increased transparency around structure. We would suggest that once the risk of ownership models have been considered, these could again be utilised as part of a traffic light system for categorising the risk of each firm.  

The SRA could also consider a more regimented process in relation to mergers and acquisitions. For instance, the Financial Conduct Authority (FCA) require that they must be notified ahead of any change in control. This process gives the FCA 60 working days to consider the proposal and make any relevant enquiries. Adopting a similar process for firms regulated by the SRA would give the regulator an opportunity to undertake due diligence work and safeguard clients in situations where a proposed change to ownership structure could carry higher risks.  

Having undertaken due diligence work ourselves on behalf of a number of law firm clients undertaking mergers and acquisitions, we have created a schedule a work which we would expect to be completed ahead of the process being completed, paying specific attention to systems and procedures relating to compliance and the protection of client money. This would include, as a minimum, reviews the of three-way reconciliations and evaluation of KPIs and general performance indicators in the periods up to the proposed completion date. Furthermore, the actual acquirer should be looking at the behaviours within the target law firm, as well as the styles of law being undertaken.  

We would suggest that such due diligence work should be considered compulsory and shared with the SRA before any mergers or acquisitions take place, to evidence that the acquiring law firm has considered the impact of, and is effectively planning for, the change in organisation structure. This may also include business plans and cashflow forecasting reports. If such a system were to become a mandatory part of the merger/ acquisition process, this would provide additional reassurance to clients and consumers that client money is protected despite changes to organisational structures.  

Finally, the ways to ensure the protection of client money needs to be considered. The SRA are considering a wide range of options here, as far reaching as restricting firms from holding client money in some circumstances. This could be prohibitively restrictive for legal firms, as well as expensive and time consuming to implement. Such an approach could create more questions than answers, given that billions of pounds of client funds are held by regulated firms at any one time. The lack of firms choosing to use TPMA’s illustrates that they are unwilling to relinquish control of client accounts. 

Solicitor firms are unlikely to respond well to such a change. Firstly, it would remove the revenue legal firms are able to generate from earning interest on client funds which has increased significantly over the last two years. Secondly, the loss of control when passing on responsibilities to a third party would greatly impact upon how efficiently solicitors can do their jobs, particularly in respect of firms who undertake work in areas of law with tight deadlines, such as conveyancing. Inevitably, this would have a knock-on effect on the end consumer. 

Restricting firms from holding client monies could therefore be considered a knee-jerk reaction where there are, instead, instances where the SRA could better use its powers to prohibit or even remove the option of a client account for specific firms deemed to be high risk.  

We would instead suggest that, in the first instance, there are a few smaller changes which would help with the protection of client money. These include mandatory submission of AR1 forms, even where they are not qualified. This would ensure that the SRA had confirmation that all firms that need a report have obtained one, and that qualified reports are not being withheld from the regulator. For firms not obtaining a report because they have fallen below the de-minimis limits, annual checks on the mySRA portal could be used to confirm that solicitors have re-considered their responsibilities on an annual basis and have not unknowingly tripped the de-minimis limit.  

We would also note that firms were previously required to notify the SRA of their Reporting Accountant (RA) and to inform them of any changes. Under the current Rules, the SRA has no awareness of who the RA is unless a qualified report is submitted. This lack of transparency increases the risk of the required client money examination not being undertaken to a sufficient standard, if at all.  

COFA responsibilities are, of course, hugely important to consider here. There should be an increased emphasis on the training and support available to COFAs. There are training courses available online, some of which offer short exams at the end, which can be used to demonstrate the COFAs understanding of their responsibilities. Such training courses could be made an element of mandatory annual compliance for COFAs.  

Furthermore, increased emphasis could be placed on the COFA Register of Breaches, ensuring COFAs are assessing patterns and weaknesses in systems and procedures, and taking appropriate remedial action to strengthen the protection of client funds. This is a hugely important tool for firms to utilise if the continued focus is on self-regulation. In our experience, our clients who have robust, regularly updated and reviewed COFA Register of Breaches are able to greatly improve their systems and processes by identifying weaknesses. Those who do not continue to encounter trivial breaches of the client money rules on a regular basis and are at higher risk of reportable breaches occurring. 

We do, however, appreciate that sole traders and smaller firms will have difficulties where they are unable to dedicate sufficient resource to the COFA role. Naturally, there will be bigger focus on their fee earner responsibilities. Whilst the smaller firms will be dealing with less clients, they may still be holding significant sums of client funds, so the risk to the consumer must not be ignored.  The mandatory training courses and submission of AR1s to the SRA, as mentioned previously, will help to alleviate the inherent risks of COFAs not being able to dedicate the appropriate time to the role.  

As practices grow in size, the COFA should then be replaced by a separate, dedicated, person who has the time and skills to dedicate to increased responsibilities in this area. This seems particularly important given that the reliance of self-reporting has unfortunately not ensured the protection of client funds in the case of Axiom Ince. 

Conclusion

Of course, all of these factors do overlap considerably, and it is challenging to consider these in isolation. Ultimately, any steps that can be taken by the regulator to better manage financial risk of law firms and the risks associated with growing, or certain types of organisational structures will be a step in the right direction to protecting the consumer. There are a wide range of options that must be considered to ensure client money is protected, and these must be actionable, practical and in the best interests of the consumer.  

In the short term, we believe that there are relatively simple steps which could be implemented to mitigate the risk to consumers in respect of client money, including mandatory AR1 submissions, updates to the mySRA portal and further training and support available for COFAs.  

In the medium to long term, there are a number of further possibilities to help protect consumers in respect of managing the risk of failing firms and the inherent risks associated with mergers and acquisitions. This may include requirements for due diligence work to be undertaken and submitted, closer contact with other regulatory bodies and implementing a traffic light system to determine risk.”