Theme and variations
With the SRA about to roll out its new theme-based approach to supervision, the regulator's director for risk, Samantha Barrass, talks to Jean-Yves Gilg about how it will work in practice
Like benefit cheats found strutting their stuff on a YouTube video while claiming disability allowance, lawyers could end up before the Solicitors Regulation Authority if they discuss in internet chatrooms matters they should have reported to their regulator.
In the next few months, a new team within the SRA will start trawling social media platforms such as Twitter and Facebook for information that could indicate law firms might be in breach of reporting obligations.
'To be able to proactively identify emerging risks, we need information,' says SRA executive director Samantha Barrass. 'We can get it from various sources, including media scanning, which will involve checking the regional press but also looking at tweets and conversations in internet chatrooms '“ the full range of intelligence.'
The idea may sound left field but Barrass says this will help the regulator pick up signals that a solicitor or firm may be heading for regulatory trouble.
'A significant amount of work has been done to look at the whole history of what can go wrong to identify indicators we can use as flags,' Barrass continues. 'Quite often there can be early indicators in local discussions of a possible risk arising.'
Media scanning will be undertaken within the risk centre, a new team headed by risk director Andrew Garbutt. The team faces the monumental task of rating all 11,000 law firms on a risk scale, taking account of such factors as their size and client base, to determine their individual risk profile.
So far, little has changed in the way the regulator deals with regulatory breaches that have taken place. The defining feature of outcomes-focused regulation, however, is prevention: identifying risk before it occurs and stopping it before it materialises. This is what the risk centre has been busy working on. It has been a slow take off, with a transition team looking after firms that haven't yet been 'impact-rated', but the new regime should be in place by the end of the year.
Once live, the resulting risk matrix will hold details of all firms, cross-referencing their practice type, size, client base and work areas with a set of themes identified as potentially more likely to present regulatory risk.
Barrass stresses that the process doesn't in any way involve pre-judging whether firms comply with their regulatory obligations. 'All firms will be impact-rated, but not a negative way; this is just to assess the size of their risk footprint,' she says. 'This is to allow us to assess, if a firm suddenly disappeared overnight, what would be the regulatory headache in terms of regulatory risk.'
Keeping files on firms is old school regulation, regardless of whether the information is collected from direct interaction with the firm or from snooping around the internet. But according to Barrass this is just the starting point of a more sophisticated and more effective monitoring process. Equipped with matrix data, the SRA expects to be able to spring into action earlier and engage with a regulated entity before problems arise. It could be particularly useful with firms whose regulatory history is nil but that fall into a higher risk category or are active in one of the 'themes' the SRA has its eyes on. Doing the kind of work the regulator has concerns about could be sufficient to trigger an informal conversation with the SRA, in effect putting the firm on notice that it ought to exercise caution.
'It might not of itself lead us to take action but it will help an SRA supervisor decide whether this is something we might want to look at and be satisfied there is nothing ominous,' Barrass says.
Recent events such as law firm partners diverting cash from the office account under the cover of expense claims provide an example of how the new system would operate. Currently, the answer is to investigate the individual '“ and possibly also the firm '“ and build a case to take to the Solicitors Disciplinary Tribunal. Under the new regime, the SRA will also engage with the firm to discuss the systems that will be put in place to prevent similar breaches recurring.
Other warning bells may also get the regulator's attention if an event falls under one of the main four categories of concern (see box). A firm merging or being acquired, for instance, could be doing so because it is experiencing financial difficulty. This would be likely to raise the 'financial stability' flag at the SRA, prompting the SRA to maybe 'be a bit closer to this firm than normal '“ or maybe not'.
If it decides to look into the situation, the SRA will 'spend time' with the firm, a process that, as this stage, is not expected to follow a set format but will usually start with correspondence with the COLP enquiring about systems and controls. In the case of a merger, this will involve, among other things, looking at the transfer of client files and communication with clients as well as financial stability.
Unwritten script
Because OFR is all about pushing the responsibility for delivering regulatory obligations onto firms there is no script any of them can look at ahead of these conversations with the regulator. This doesn't mean that the regulator will have to start from scratch every time.
'There will be a particular checklist we'll want to go through but the primary starting point will be for the firm,' Barrass continues. 'What are they doing to assure themselves that the approach taken is consistent with delivery of their regulatory obligations? That's a big feature of what we'll be wanting to hear. We may have a checklist at the back of our mind but we won't give them a list and ask them to tick it off.'
Only if the firm isn't coming up with the kind of answer the SRA is expecting will it then start 'a more probing conversation about what we think might be missing'.
'It could be intrusive,' Barrass warns, 'and we may want to put our own experts in to see how their systems and control work.'
What Barrass is talking about is a deeper cultural change within the SRA. The regulator is still going through a major reorganisation which has seen jobs in the enforcement section being phased out to be replaced by financial services type supervision. In the next few months staff levels are set to shrink further while about 30 supervision posts are still to be filled. Ultimately, Barrass says, headcount should drop from the current 600 to stabilise around 550.
Of these only 100 will be based in the supervision section, which will be responsible for monitoring England and Wales' 11,000 firms. To achieve efficiency and focus Barrass is betting on the SRA's new theme-based approach.
She cites the mis-selling of payment protection insurance as an example of how she envisages it to work. After the Financial Services Authority secured the setting up of a compensation fund, a number of organisations came forward offering help to consumers. The way she talks about it, the SRA seems keen to avoid a repeat of 'the miners' compensation scandal'.
'We know from experience that the combination of big pots of compensation fund money and law firms sometimes means that there is an incentive to perhaps mis-sell legal services,' she says. 'We started getting odd signs '“ law firms holding themselves up in advertising as providing services to potential clients to help them get a bit of that cake. You don't need a law firm for this; you can go straight to the ombudsman.'
Barrass accepts that some people may find it more convenient to use a law firm but she says the SRA wrote to all the firms known to operate in this market '“ about 25 '“ reminding them of their obligations in terms of client care and acting in clients' interests. It warned clearly that a firm would be in breach of regulatory principles if it told clients it would be able to somehow get more money than if they applied to the ombudsman themselves.
In rolling out this new policy one major problem is likely to be unintentional non-compliance '“ 'unthinking non-compliance', as Barrass refers to it. 'The marketing department could get a bit excited,' she says, but 'getting a letter from us setting things out will prompt them to check the advertising they do doesn't take them in areas they shouldn't go.'
One segment of the profession likely to benefit from the theme-based approach is BME firms, many of which still believe are still unfairly targeted by the SRA. BME firms account for 15 per cent of all firms but represent 30 per cent of firms before the SDT. Paradoxically, according to Barrass, because their footprint is quite small, they will be regarded as low impact and unlikely as a group to be the target of SRA action.
'Profiling will be done automatically because we can't look at all 11,000 firms individually,' Barrass continues. The beauty of the system is that it is 'blind' to the social or ethnic makeup of a firm.
Instead, 'themes' the SRA will explore include firms with a vulnerable client base, including immigration, mental health, elderly clients and crime. This broad category is likely to be expanded depending on circumstances to include 'anyone who is socially, mentally or physiologically vulnerable'.
'We can all become vulnerable depending on the circumstances and what happens to us. That's a big theme. But the responsibility for judging whether your client base is vulnerable is the firm's own,' Barrass concludes.