Updates to the SRA risk factors – what you need to know

The Solicitors Regulation Authority (SRA) sets out a risk outlook every year to highlight risks and challenges faced by law firms. As part of this annual outlook, the SRA provides guidance on what can be done to address these key industry issues and minimise risk for the future, wherever possible. Ultimately much of this preparation stems from education and best practice procedures being implemented across the organisation. However, before any of this can be done, firms must be fully aware of what updates have recently been made to the risk factors for 2018/2019. So, we’re sharing a breakdown this week of the main changes and considerations that have come into effect this year that you need to be aware of.

Managing claims
With this topic as a new inclusion, concerns around managing claims are threefold, addressing issues around payment protection insurance, personal injury referrals and holiday sickness compensation claims. It’s unsurprising that personal injury referrals have made this list, with 7% of all firms regulated by the SRA specialising in personal injury, 16% of which operate as an alternative business structure. Currently, the top five reasons for investigations in personal injury are: alleged insurance fraud (24%), client care and competence (19%), prohibited referral fees (9%), misleading court (8%) and cold calling (7%). According to the SRA, misconduct related to this particular service area is almost twice as likely to be referred to the Solicitors Disciplinary Tribunal than any other work, so firms operating within this area will need to be extra diligent and have a firm understanding of this year’s outlook.

However, holiday sickness claims are also a high priority this year thanks to investigations around improper links with claim management companies and payment referrals of claims. Unfortunately, there have been reports that claims are being filed without proper instruction from the client, and risk-specific client case verification, meaning that many holiday sickness claims are not genuine and suggest that a best-practice procedure is not in place in many cases.

Also, given its continued promotion in the mainstream media, payment protection insurance claims are also failing to meet high professional standards, especially when bringing claims for mis-sold PPI. Poor practice includes: making claims without the policy holder’s knowledge; acting without investigating whether the claim is legitimate; failing to properly identify clients and confirm their instructions; submitting false claims in the hope of a settlement; and charging unreasonable fees for work. The SRA has highlighted that firms who conduct cases utilising one or more of these practices risk facing regulatory action, meaning that there will be no room for negligence moving forward.

Cyber security
The second area highlighted this year is cyber security, with particular focus on email modification fraud and remote working in the height of a flexible working culture. According to the SRA, cybercrime is a continuously growing risk in the UK and is now widespread. This has been added to the list given that there were 157 reports in 2017, having increased by 52% in comparison to figures in 2016. The most popular cybercrimes and scams are said to include, email modification where criminals intercept emails between a firm and client; phishing and vishing meaning confidential information is obtained through a solicitor or staff member’s malware including viruses and ransomware; CEO fraud where criminals impersonate the head of a firm; and identify theft where fake firms copy the identity of a brand/ firm for benefit. Ultimately, the best way to combat this issue is through introducing secure technology systems, avoiding using any unsecure, public internet systems, and by keeping staff informed about best-practice for internet security. For example, teaching staff how to avoid phishing emails and any links that come from unverified sources should be common practice. Arming your firm with a qualified Certified Fraud examiner could also help to identify, investigate and prevent fraud occurring in this way.

However, these are not the only areas which have made the Risk Outlook for 2018/2019. In fact, the eight other risk factors included are:

  • Access to legal services
  • Standards of service
  • Investment schemes
  • Information security
  • Protecting client money
  • Money laundering
  • Independence and integrity
  • Equality and diversity

Following this review, firms should look to understand how these issues can potentially affect their organisation and consider what changes can be made internally to see real improvements and avoid future impact or repercussions. The best way to combat these issues completely is through effective education around the threats and through implementing a compliant, best practice approach for all team members across all firms, not simply the compliance managers. If you’d like to enhance your risk awareness training across your team in light of this, speak to a member of our team about our courses designed  to help you stay compliant and mitigate the risks. Call us on: 02920 451 000 or email us at

Get in Touch

View Courses

Enquiry Form

Call Me Back