New SRA guidance on effective supervision

Findings from the SRA’s recent thematic review included the insight that firms need to have stronger evidence that supervision is taking place. Out of 76 files reviewed by the SRA, only 29 of them showed evidence of supervision taking place. Therefore, in their new guidance, the SRA has included a section on effective supervision that is applicable to all solicitors and firms that supervise individuals delivering legal services, including services that are provided by fee earners who are not directly regulated by the SRA.

The new guidance also stresses that merely having supervision in place is not sufficient to fulfil firms’ regulatory obligations; rather, supervision needs to be effective. Therefore, firms should take proactive steps to ensure that supervision is effective and that supervisors are being held accountable.

While the new guidance is not officially a ‘rule’ or ‘warning’, the guidance states that the regulator will “have regard to it” when exercising their regulatory functions, so it’s definitely prudent for solicitors and law firm leaders to take the new guidance seriously.

Mandatory rules under the Code of Conduct

The SRA’s mandatory rules in their Code of Conduct for Solicitors, RELs and RFLs in their 2019 rule book state that those that supervise or manage others providing legal services must “remain accountable for the work carried out through them” and must “effectively supervise work being done for clients”.

Rules under the SRA Code of Conduct for Individuals and for Law Firms

The SRA Code of Conduct for Individuals (3.5(a)) states that they must “have an effective system for supervising clients’ matters”, and the Code of Conduct for Law Firms states that managers are “responsible for compliance by your firm with this Code.”

The new Code of Conduct for Firms also states that they must ensure that the individuals they manage are competent to carry out their role, and that they must make sure their professional knowledge and skills, as well as their understanding of their legal, ethical and regulatory obligations are kept up to date.

What is the SRA guidance concerned with?

The SRA guidance on effective supervision is concerned with the following:

  • The new guidance highlights that there is a duty to supervise, and that firms and lawyers remain accountable for the work of those they supervise.
  • The new guidance highlights that there is no one size fits all approach – the appropriate level of supervision will have to be determined in each case separately depending on the details of the case and the risks involved in the work.
  • The new guidance is concerned with ensuring that there is direct supervision by qualified and experienced individuals who have clear oversight of all key stages and can provide robust assurance
  • The new guidance is concerned with making sure there are checks and balances in place to ensure supervision is effective in practice

Some potential problems with the new SRA guidance

Are firm partners being penalised with burdensome rules and expectations?

Sole practitioners and freelance solicitors do not have the regulatory duty to be supervised under the new guidance, yet senior staff, such as Partners/Director level lawyers, are under obligation to be supervised. This gives the feeling that those who choose to practice through a firm are being penalised and are subjected to more burdensome rules and expectations.

Who will supervise experienced senior partners?

Additionally, in the case of very experienced senior partners with niche knowledge, it could be hard to find a suitable supervisor.

Other areas of concern under the new guidance include:

High risk work

In high risk work carried out by junior staff, for example, where there is a high volume of work, a ‘sampling’ approach to supervision would not probably not be acceptable, due to the risks to clients. But it would be unrealistic for supervisors to go over every file.

Supervising a large group

In the case of a solicitor with their own regular work caseload who is also supervising ten or more paralegals in a high volume department, it seems unlikely that they would have the time be able to carry out effective supervision.

Complex work

In cases where complex work is involved, supervisors will have to look at key stages of the entire legal process, and not just the ‘end product’, and this would be very time consuming.

Remote work

In many firms, remote or hybrid work is now the norm, but supervision of remote work may not be considered adequate where the person being supervised is not familiar with the work or when their work has previously been problematic.

What should firms do to prepare?

Litigation and claims work

Those working in litigation and claims work should review the guidance carefully and assess their ratio of lawyers to unqualified individuals. If areas that require changes are identified, consider revamping or adopting a quality assurance procedure and process. Those working with self-employed individuals need to check whether they can legally offer the relevant services in this way.

All firms

All firms should review the guidance and consider adopting a quality assurance and supervision process. Consider how risky the SRA may view the work your firm does. 

Stricter duty on supervisors & managers more generally

Be aware that there is a clearly far stricter duty being imposed upon supervisors (i.e. anyone who supervises legal work, not just the partners) under the 2019 rules than had previously been the case to ensure that the work and knowledge of their team meet the required standards.

Systems and records which demonstrate compliance

Were something to go wrong in the firm, the supervisors and the partners would want to be able to demonstrate that reasonable quality assurance systems were in place and that their team have complied with the SRA’s new CPD regime. Therefore it’s important to make sure your firm has such systems in place.

Consequences of getting it wrong: a case study

The use of templates can exponentially increase errors as well as profit. A solicitor who relied on an out of date precedent has been fined £15,000 by the Solicitors Disciplinary Tribunal for giving the wrong advice on 115 matters. 

How can VinciWorks help?

Compliance Solution

Powered by Omnitrack, our SRA Compliance Management Suite allows businesses to collect the data they need efficiently and securely in one centralised location, taking the stress out of SRA compliance. Compliance teams, COLPs and COFAs can automate data collection, follow-up and reporting processes, and aggregate data via a single dashboard for management reporting and SRA audits, making it easy to capture the necessary data for annual declarations, risk assessments, Code of Conduct breaches, and more.

Consultancy Services

Founded by Andy Donovan, a former SRA legal policy advisor, Compliance Office’s team of consultants draws on years of experience and a proprietary set of tools and templates to help law firms with their compliance needs. VinciWorks recently partnered with Compliance Office to offer a full range of compliance training, software, and consultancy services. Compliance Office has many years of expertise in SRA conduct, money laundering and accounts rules, and keeps its pulse on the latest AML and SRA rules and requirements.

If you would like any guidance on anything SRA-related, fill out the contact form below.

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

“In a world older and more complete than ours they move finished and complete, gifted with extensions of the senses we have lost or never attained, living by voices we shall never hear.”

Picture of James

James

VinciWorks CEO, VInciWorks

Spending time looking for your parcel around the neighbourhood is a thing of the past. That’s a promise.

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.