Thursday, October 17, 2019

Reporting breaches to the SRA under the new Standards and Regulations

The introduction of the SRA Standards and Regulations on 25 November 2019 will see new issues coming into focus for you and your firms over the reporting of serious breaches to the SRA.

  • Requirement 7.7 for solicitors states, “You report promptly to the SRA or another approved regulator, as appropriate, any facts or matters that you reasonably believe are capable of amounting to a serious breach of their regulatory requirements by any person regulated by them (including you)”.
  • Requirement 7.8 for solicitors states, “Notwithstanding 7.7, you inform the SRA promptly of any facts or matters that you reasonably believe should be brought to its attention in order that it may investigate whether a serious breach of its regulatory arrangements has occurred or otherwise exercise its regulatory powers”.
  • Requirement 7.10 for solicitors states, “Any obligation under this section or otherwise to notify or provide information to the SRA will be satisfied if you provide information to your firm’s COLP or COFA, as and where appropriate, on the understanding that they will do so”.
  • Requirements 3.9 and 3.10 for firms mirror 7.7 and 7.8 above.

The issues arise where:

  • A breach cannot be determined one way or another and you may be obliged to report it to the SRA so it can investigate and make a determination; what benchmark(s) will you adopt to ensure you comply with Requirement 7.8?
  • An employee reports what they believe to be something that falls within the above Requirements and needs to know that they will have complied personally with their reporting duties. The SRA has confirmed that an employee will only have complied with 7.10 if they reasonably believed the COLP/COFA would make a report to the SRA and therefore did not do so themselves; this will put employees in an unenviable position, in that by reporting matters directly to the SRA because they don’t believe their COLP/COFA will do so they will face the wrath of their firm, alternatively they would face the wrath of the SRA if they didn’t report (as was the case in the Emily Scott case who got struck off for failing to report at the time the issues arose)!

So, what should you think about doing to address the above issues?

  • Train all your staff on how to identify a breach and how to assess its seriousness.
  • Review your firm’s reporting and communication lines so employees can report breaches as and when appropriate.
  • Review your firm’s processes for assessing the seriousness of breaches.
  • Agree benchmarks where you would want to report breaches to the SRA so it can determine seriousness.
  • Provide employees with the confidence that if they report something to the COLP/COFA it will be dealt with appropriately; this may include a discussion with the person reporting if it is felt that it is not a reportable matter.
  • Where an employee still believes a matter should be reported to the SRA (even if it to just cover their backs to stop an Emily Scott scenario arising) allow them to report without any repercussions (in any event, you have an obligation under the new regime not to subject any person to detrimental treatment for making or proposing to make a report).

The management and reporting of breaches after 25 November will be much more complicated so you need to plan now for how it will impact on you and your firm. For firms using the Riliance Risk and Compliance system, the risk register and breach register should be used to manage issues relating to this topic.

Riliance has recently run and recorded a number of webinars on handling breaches under the new Standards, so if you would like more information about how you can access these please contact us, or visit or events page for information on future webinars.