An active regulator
The SRA's tough new approach to regulation is too intrusive, says David Mayhew
It will not have escaped your attention that the regulator is in a very busy phase of activity: seven Consultation Papers with response deadlines in March or April 2008 and a further three for June and July; policy statements on settlements in and publication of regulatory and disciplinary decisions; a strategy statement and so on. What does this tell us about the new world ushered in by the Legal Services Act 2007?
Risk-based approach
The SRA has emphasised it is adopting 'a risk-based approach to regulation'. This represents a paradigm shift in regulatory intent: from reactive (relying on complaints as the mechanism for identifying problems) to proactive (monitoring the regulated activities to identify potential threats to the regulatory objectives defined in s1 of the Act). The 'risk' in risk-based regulation is the risk that the regulator will not achieve such statutory objectives.
Risk assessment requires information about regulated activities. Here we see the first real impact on solicitors: firms will be required to produce information on the dynamics of their business, such as ownership details, turnover, work type, negligence claims, instances of serious misconduct and financial stability (Consultation Paper 7, paragraphs 2.9-2.11). The SRA is considering underpinning this periodic submission of information with an overarching requirement on firms to deal openly with the regulator, citing the Financial Services Authority's requirement on firms to cooperate and 'disclose to the FSA appropriately anything relating to the firm of which the FSA would reasonably expect notice.' (Principle 11 of the FSA's Principles for Businesses).
Already the Solicitors' Code of Conduct 2007 includes reference to obligations 'to co-operate with and report information to the [SRA]' (Rule 5.01(1)(c)).
You will have noted the reference to 'firms'. Here again is a significant shift in regulatory style: making law firms the first point of day-to-day regulation. The SRA will have jurisdiction over 'authorised persons', that is, the business entity, be it partnership, incorporated body, sole practitioner or in-house practice, as well as over managers and employees of an authorised person. And employees are not limited to qualified lawyers '“ your secretary will also be caught by the new regulatory net.
The focus on firms enables the regulator to be more intrusive in its requests for information. It also enables its enforcement activities to be multi-focused, targeting not only the misconduct of the individual lawyer(s), but also the management failings of the firm. The Code of Conduct has been drafted with this in mind: Rule 5, Business Management, deals with 'the supervision and management of a firm or in-house practice, the maintenance of competence and the internal business arrangements essential to the proper delivery of services to clients'.
So, for example, where there is a failure to act properly which is the responsibility of more than one partner, or engages the firms systems, action may well be taken against the firm, either alone or together with the individual lawyers involved. In the Freshfields' Marks & Spencer conflict case, the regulator was only able to impose a penalty on one partner; and yet tellingly the headline of the SRA's press release read 'City law firm fined for misconduct'.
Deeper understanding
Risk-assessment leads the regulator to identify areas of concern on which to concentrate resources. This does not mean simply waiting for things to go wrong and engaging in enforcement. It also involves deepening the regulator's understanding of the area of risk by, for example, thematic reviews which coordinate a range of regulatory activities designed to investigate, understand and address a particular risk.
The SRA has already demonstrated such technique in its project on referral fees (Referral Arrangements Compliance Project) at the end of 2006, following widespread concern about non-compliance with the rules which liberalised fee sharing and payments for referrals. Visits to firms were made, reports prepared, and santions taken, followed by an information and education programme (remember the 'WARNING' card sent out in February 2007) and the publication of edited versions of the Board Reports on the compliance, enforcement and information campaigns in July and December 2007. The SRA Board agreed to develop new approaches during 2008, with ideas mooted for consideration including: approval or accreditation to enter into referral arrangements; annual reports; model agreements; increased targeting and monitoring to achieve a critical mass of data; and precluding costs recovery or requiring repayment of deductions as part of the outcome of complaints or enforcement action.
Each of these strands of possible regulatory activity would involve greater intrusion into the affairs of the solicitor's practice. They illustrate the development in the SRA's thinking about regulatory policy, and deploying a range of regulatory tools such as education, persuasion or rules (the FSA routinely refers to its 'regulatory toolbox').
A new benchmark
Thematic work will not be limited to the retail end of legal services. The FSA's review of controls for the handling of confidential information in the context of mergers and acquisitions has recently focused on those involved in M&A work who are beyond that regulator's immediate reach, including lawyers, PR advisors, printers and accountants. The FSA has published a voluntary code of good practice as guidance of what is expected of unregulated service providers and other market participants (see FSA's Market Watch No. 27, June 2008). Solicitors fall outside its scope, being regulated by the SRA: the handling of confidential information and the need for risk management are covered by the Code of Conduct (Rules 4.01 and 5.01(1)(1)). Nonetheless it will likely become a benchmark against which the standards will be interpreted in the M&A context. The SRA said in its press release of 5 June 2008 in response to the publication of the Principles of Good Practice that it 'supports the FSA's objectives in raising standards in this sector'. Do not be surprised if inter-regulator co-operation leads the SRA to conduct a thematic review of City firms' systems and controls to test compliance with these standards.
We are clearly in for a more dynamic form of regulation. Inevitably this will increase the cost and the burden of regulation. While this will worry the profession, it is the increasing intrusiveness of regulation which firms will find irksome. Bigger firms may already have a risk management function able to absorb these pressures but smaller firms may struggle.