I read a bizarre and sad story recently about a solicitor disciplined by the Solicitors Disciplinary Tribunal following local newspaper reports of him hitting his 71-year old mother in the face with a saucepan. The local press suggested that the solicitor’s defence was that he had simply been watching snooker at the time and had thrown his arms up in disbelief when Ronnie O’Sullivan missed an easy shot and he just happened to be holding a saucepan full of dumplings at the time! It speaks volumes to the cavernous depths of my SRA compliance geekdom that what really leapt out at me was the additional rule breach finding that there had been a failure to report matters to the SRA. That seems a rather minor point to take in the circumstances but I do now regularly see the SRA adding the failure to report in for good measure when taking disciplinary action. While you hopefully do not need any support in the saucepan department, the hope of this article is to simplify what sort of problems do or do not need reporting to the SRA.
When do you need to report a ‘serious’ rule breach?
As a reminder, since the new rulebook came into effect in November 2019 the circumstances in which COLPs, COFAs & law firms need to report a regulatory problem to the SRA have been broadened significantly. The concept of a ‘material’ breach is now – like outcomes focused regulation – long gone (so 2012). Instead, the SRA is now asking law firms to consider whether a potential rule breach is ‘serious’. We have broken down what ‘serious’ means into a 5-step assessment below. It is worth stressing first however that we are now also concerned with potential rule breaches. The SRA discovered the hard way that asking lawyers to report rule breaches had the unintended consequence of only receiving reports once the firm had satisfied itself that there had in fact been a rule breach, regardless of how serious the allegations being investigated were. As often occurs with the SRA however, they have now somewhat overcorrected in my view.
SRA rules now require:
- (a) potential rule breaches to be referred to the regulator:
“You report promptly to the SRA… any facts or matters that you reasonably believe are capable of amounting to a serious breach…”[1] - (b) that even when those grounds are not satisfied, you should nonetheless report a matter to the SRA if you believe that it may be appropriate for the SRA to exercise its special investigative powers:
“Notwithstanding paragraph 7.7, you inform the SRA promptly of any facts or matters that you reasonably believe should be brought to its attention in order that it may investigate whether a serious breach of its regulatory arrangements has occurred or otherwise exercise its regulatory powers.”[2]
I know what you’re thinking: what on earth does that mean!? Though possibly with less whimsical language?
Many subject to the Code will not appreciate that the SRA has some special statutory powers allowing it to compel anyone to provide it with information and documentation it needs to assist in a misconduct investigation. I think the key point to bear in mind is that sometimes the SRA will be better placed than you to look into a potentially serious misconduct issue, so hand it over to them.
Note importantly however that it is not all potential rule breaches which must be reported. It is only those which you reasonably believe are capable of amounting to a serious breach. There is no obligation to report clearly spurious allegations for example.
In summary then:
- we are now concerned with ‘serious’ rule breaches, not ‘material’;
- you can no longer await the outcome of your own investigation to report. If on the face of it there could be serious misconduct involved then the regulator wants to know;
- look for situations where the SRA would simply be better placed to get to the bottom of things.
What is a ‘serious’ rule breach?
Now that we’re clear on the parameters of reporting serious rule breaches, what would make a breach or an alleged breach serious? As a reminder, if it is not serious then there is no need to report it to the SRA (though the position is a little messier for ABSs – see below).
There is no formal definition of a ‘serious’ rule breach. Instead, we have to consider the guidance provided in the SRA enforcement strategy and other SRA guidance and case studies.
Unfortunately, these are not easy reads so below I have extracted the key statements from those documents and turned them into a step-by-step process.
Step 1: Serious event checklist
Certain matters and facts are viewed as “inherently more serious” by the SRA and these are listed below in Step 1. Remember that we are concerned here with whether the facts or matters which are “capable” of being serious, not simply those which have already been proven beyond any doubt. When assessing potential rule breaches for our retainer clients we consider the following checklist first:
| Matters / allegations which indicate something is serious | Present | Absent |
| Abuse of trust | ||
| Taking unfair advantage of clients or others | ||
| Misuse of client money | ||
| Sexual misconduct | ||
| Violent misconduct | ||
| Lying, covering up or other dishonest behaviour | ||
| Criminal behaviour | ||
| Information security breaches | ||
| Adverse impact or potential impact for vulnerable individuals |
Examples of such serious matters would in my view include:
- your email or case management systems being hacked;
- an allegation of sexual misconduct;
- a criminal conviction including cautions, other than low level motoring issues;
- any form of dishonesty – do not make the mistake which Duncan Lewis Solicitors were reported to have made some years ago of thinking that suspected misappropriation of money by a non-solicitor could be dealt with purely as an ‘internal’ matter because no client funds are involved.
Step 2: Serious intent checklist
In the absence of serious events, it may still be possible for something to be serious by virtue of the intent or motivation of the solicitor or firm concerned. The second checklist we consider when assessing a client’s rule breach therefore is this one:
| Intentions and motivations which indicate something is more serious | Present | Absent |
| Technical knowledge or firm systems falling below a reasonable standard | ||
| A concerning lack of judgment | ||
| Failure to keep individual or firm wide knowledge and skills up to date | ||
| Serious or persistent failures in competency for job | ||
| Deliberate or premeditated act of misconduct | ||
| Recklessness (serious because the SRA considers that it involves inappropriate risk taking and a lack of regard for consequences) | ||
| Lack of integrity (much broader than dishonesty / lying and could include a broader category of conduct the public would expect better of from a solicitor) | ||
| Persistent misconduct |
Examples of such serious matters would in my view include:
- failing to declare and act upon an obvious own interest conflict;
- deliberately sharing confidential information with a friend because it’s just such a juicy story (even if the friend pinky swears not to tell);
- falling short of lying but still deliberately misleading clients, colleagues or the Court;
- repeated failures to comply with Court Orders;
- very offensive social media communications.
Note that a genuine mistake is unlikely to constitute a serious intention or motivation for these purposes, though could still be serious if by virtue of other considerations such as it falling into the table in Step1 above.
Step 3: Serious impact, harm or potential checklist
We then go on to consider what level of harm or impact the potential breach has caused or will likely cause:
| Intentions and motivations which indicate something is more serious | Present | Absent |
| Significant impact, such as in terms of financial loss, distress or physical harm caused to an individual or individuals | ||
| Less significant impact but in respect of a large number of individuals | ||
| Impact upon an individual’s personal dignity or autonomy, right to privacy, right to non-discriminatory behaviour (note that the SRA would view such matters as serious irrespective of whether there is actual harm, financial or otherwise) | ||
| No harm or impact occurred in practice but there was a real risk of significant harm / impact and this could reasonably have been anticipated | ||
| Note: there is an overlap with Step 2 in terms of behaviour and failing to anticipate potential impacts | ||
Examples of such serious matters not falling into other categories might include a relatively innocent human error which has unfortunately had a very significant or widespread impact. Personally, I do not typically consider a client email being sent to the wrong person a serious breach because typically little confidential information if any has been shared and / or the information is easily re-secured. However, I can easily imagine situations where the consequences of doing so would tip it over into ‘serious’ on the basis of the checklist above. If such a simple human error revealed the location of a vulnerable witness who was endangered as a result for example or if there was a leak of financial information about large numbers of people which appeared online, I would expect the regulator to be informed.
Step 4: Patterns and systemic problems checklist
| Other matters which may indicate seriousness | Present | Absent |
| A problem of this nature has now occurred repeatedly | ||
| There are systemic problems which should be capable of being remedied but we are not doing so |
The SRA has always stressed that a pattern of ‘non-serious’ rule breaches could eventually constitute a reportable problem. This is quite a difficult one to gauge in practice. In essence, we are asking ourselves whether there is a systemic or wider problem which has been allowed to persist. I personally tend not to worry too much about several similar human errors if the firm really has done all it can after the previous event, assuming that we are not concerned with one especially problematic human!
Step 5: Look at things as a whole and check your gut!
Finally, while the checklists above may identify a single incident or fact which would point towards a matter being serious and therefore would require a report to the SRA, the considerations overlap in practice. We should finally consider the combination of factors and whether it is something the regulator ought to know about i.e. where they may potentially want to monitor a situation, investigate a potentially serious problem or take action. Also, if you simply feel uneasy not telling the regulator about what has gone on, I would encourage you to listen to that instinct. Facts rarely look better when being rehearsed before the regulator, or indeed the Solicitors Disciplinary Tribunal (though I would think a Tribunal referral highly unlikely simply for a failure to report).
Tips for making reports
It is worth noting firstly that the new Code of Conduct introduced some welcome clarity that law firm staff need only report rule breaches to the COLP or COFA[3] in order to fulfil their own reporting duties. In big firms for example there is no need for hundreds of staff to send in their own report once word gets around!
If you do need to make a report to the SRA then you can send a letter to report@sra.org.uk. I always prepare a letter for the client to go to the regulator which sets out:
- factually what we know and why we are making the report;
- what harm or damage is possible and what steps the firm has taken or is taking to limit this;
- what steps the firm is taking to ensure that such a scenario does not arise again.
The intention is to reassure the SRA that the firm has things under control and that the SRA need not waste its precious resources looking into it any further! However, to be clear, there are situations in which the SRA should rightly investigate further. The report must not be in any way misleading. You need to state the facts as they are, albeit that you can reassure the regulator what you are doing to solve it yourselves. I have to say that in the vast majority of scenarios, this letter is sufficient for SRA purposes and they do not investigate matters any further.
If a matter is borderline, I have to say that on balance I typically tend to report it in order to avoid a later allegation of a separate rule breach for not having done so. It will depend upon the facts though, as well as the risk appetite of the firm.
If it is not a ‘serious’ rule breach then the SRA still encourages firms to keep a log of the rule breach. You can do that on a simple spreadsheet (perfectly adequate for small firms) or using an SRA compliance online tracker such as our Compliance Office in the Cloud. There is no need to report non-serious rule breaches to the SRA save for one unfortunate issue as regards ABS law firms. Sections 91(1)(b) and 92 of the Legal Services Act 2007 impose statutory duties on COLPs and COFAs (though they’re termed HOLPs and HOFAs in the legislation – don’t ask!) to report all rule breaches to the SRA as soon as reasonably practicable. The SRA were unable to relax this requirement when they relaxed the rules for other law firms in November 2019. The SRA used to have rule in place which stated that ‘as soon as reasonably practicable’ would be satisfied by an annual report by ABSs of their rule breaches. That has since gone but the SRA has displayed no interest whatsoever in receiving a report of all rule breaches from ABS law firms. Our current approach for retainer clients is to write to the SRA annually to inform them how many non-serious breaches have been logged that year and offering to send the log should they wish to see it. They have never asked to see such a log yet.
Other reporting duties
Thought that was it for SRA reporting duties? Unfortunately, not. We are just talking above about the duty to report serious potential rule breaches to the regulator. There are firstly a number of similar ‘judgemental call’ reporting duties which for completeness I have put below in Annex 1 (lifted largely from the SRA’s own guidance). There are also a number of strict events driven notifications too which I have not got into in this post, such as a firm being in financial difficulty, insolvency events generally or loss of eligibility as a law firm. This list again is pulled from the SRA website and is at annex 2. Some of the most common ones here are to obtain SRA approval of new partner appointments, money laundering and financial services changes.
Final thoughts
Unfortunately the SRA have not made it easy to find the information which COLPs, COFAs and law firm need to consider. Following the steps above will help you to consider the key points from the more detailed guidance and SRA Enforcement Strategy. If in doubt and for complex matter do consider digging out those documents and of course get in touch with us if you would like some professional support with it.
Annex 1: ‘Judgement call’ reporting duties
The most common duty to report has been highlighted in bold. The COLP and COFA’s duty essentially replicate this duty to report ‘serious’ matters to the regulator. Staff duty is to report matters to the COLP COFA or directly to the SRA.
| Reporting obligations | Provision |
| To report to us (or to another approved regulator, if appropriate) any facts or matters that you reasonably believe are capable of amounting to a serious breach of regulatory arrangements by any person regulated by us or by another approved regulator (including you) |
– Paragraph 7.7, Code for Individuals – Paragraph 3.9, Code for Firms |
| To report promptly to us any facts or matters that you reasonably believe should be brought to our attention in order that we may (i) investigate whether a serious breach of our regulatory arrangements has occurred or (ii) exercise our relevant regulatory powers |
– Paragraph 7.8, Code for Individuals – Paragraph 3.10, Code for Firms |
| To not subject anyone to detrimental treatment for making or proposing to make a report or providing or proposing to provide information based on a reasonably held belief, irrespective of whether we or another approved regulator subsequently investigate or takes any action in relation to the facts or matters in question |
– Paragraph 7.9, Code for Individuals – Paragraph 3.12, Code for Firms |
| Adhere to additional requirements imposed on Compliance Officers which mirror the obligations set out at Paragraphs 7.7 and 7.8 of the Code for Individuals | – Paragraphs 9.1(d) and (e) and 9.2 (b) and (c), Code for Firms |
| To report to us any serious breach of the Overseas and Cross-border Practice Rules | – Rule 4.2, Overseas and Cross-border Practice Rules |
| To tell us about anything which raises questions as to your character and suitability, or any changes to any information disclosed to us previously in support of an application, on an ongoing basis | – Rule 6.5, Assessment of Character and Suitability Rules |
Annex 2: Strict notification requirements triggered by certain events
| Notification obligations | Provision |
| To notify us promptly if you are charged, convicted or cautioned with a criminal offence, become insolvent or become aware of any change to the information we hold about you. For firms, there is an additional obligation to report any indicators of serious financial difficulty or an intention to stop trading | – Paragraph 7.6, Code for Individuals – Paragraphs 3.6 and 3.8, Code for Firms |
| To adhere to notification obligations around deemed approval | – rules 13.4, 13.6, 13.10 and 13.11, Auth of Firms Rules |
| To inform us within seven days of becoming aware of a relevant event leading to the loss of eligibility of an authorised body | – rule 14.1, Auth of Firms Rules |
| To notify us of an event leading to an apportionment of periodical fees on succession | – rule 16.1, Auth of Firms Rules |
| To notify us about an individual starting a period of recognised training | – regulation 5.1(b), Education, Training and Assessment Provider Regulations |
|
To notify us if you are carrying on insurance distribution activities; and of any changes to information appearing on the Financial Services Register |
– rules 5.3 and 5.4 Scope Rules |
| In an overseas context to notify us if you or anyone for whom you are responsible is convicted of a criminal offence, subject to disciplinary action or is in serious financial difficulty. | – rules 4.3 and 4.6, Overseas and Cross-border Practice Rules |
|
To notify us promptly if you are charged, convicted or cautioned with a criminal offence, become insolvent or become aware of any change to the information we hold about you. For firms, there is an additional obligation to report any indicators of serious financial difficulty or an intention to stop trading |
– Paragraph 7.6, Code for Individuals – Paragraphs 3.6 and 3.8, Code for Firms |
| To adhere to reporting requirements in relation to insurance policy periods | – rule 8.1, IIR 2013 |
| To notify of any changes to the identity of a firm’s nominated Money Laundering Reporting Officer and Money Laundering Compliance Officer. | – regulation 21 |
| To notify of any new individuals that are considered a manager, beneficial owner or officer of the firm for AML Regs. Note SRA has said it wants to know if firm becomes subject to regs generally i.e. begins doing AML work. | – regulation 26 |
[1] 7.7 of the SRA Code of Conduct for Individuals. There are mirrored requirements in the Code of Conduct for Entities and also linked reporting obligations for the COLP & COFA in rule 9 of the Code for Firms.
[2] 7.8 of the SRA Code of Conduct for Individuals.
[3] 7.12 of the SRA Code of Conduct for Individuals, provided that it is on the basis that the COLP or COFA would then make an onward report as necessary.