The SRA Standards and Regulations are here – What are the key changes?

The SRA Handbook was replaced by the SRA Standards and Regulations on 25 November 2019. The SRA has worked closely with the profession and the public to develop their proposals over the last four years, engaging with more than 35,000 people. The changes are set to modernise both SRA regulation and the legal market.

The key changes to the SRA Handbook to be aware of:

  1. Reduction in number of principles – Where the previous Handbook contained 10 Principles with accompanying notes, the SRA Standards and Regulations are constructed around seven principles that apply outside as well as inside practices. The principle to act in the best interest of the client has not changed, but a new principle of honesty has been added. The onus is now on you to interpret the Principles and use your better judgement as opposed to rigidly interpreting a narrow set of examples.
  2. Separate, Shortened Codes of Conduct – The previous Code of Conduct was too long, confusing and complicated, blurring the lines between individual and entity responsibilities. Therefore, it has been replaced with one Code of Conduct for individuals, and a separate Code of Conduct for firms. This will also make it easier for consumers to understand. The separate codes will also ensure a clear distinction between the expectations of individuals and those of the expectations of firms. The indicative behaviours which appeared in previous codes have been removed.
  3. Simplified Accounts Rules – The Accounts Rules introduced by the SRA Standards and Regulations have been simplified and contain a different definition of client money. They also include rules on the use of third-party managed accounts. The Accounts Rules are less prescriptive than previous rules which were overly complex; they focus on the key objective of safeguarding client money. Firms are still required to keep client money separate from firm money and ensure client money is only used for its intended purposes.
  4. Changes to the Insurance Distribution Directive – There is a new explicit requirement that all insurance contracts proposed must be consistent with the client’s demands and needs. Furthermore, if you advise on a certain product then you must provide a personalised recommendation explaining how the product recommended best meets the client’s needs.

How to prepare for the new SRA Standards and Regulations

  1. Update client documentation – Ensuring your compliance documentation is up to date will keep the regulator away, and show that you are fully compliant. You need to ensure these documents reflect the language change of the SRA Standards and Regulations.
  2. Update decision-makers – Managers, owners, compliance officers, supervisory teams and accounts teams are all affected by the changes to the SRA Standards and Regulations; make sure they are aware of the changes in their role. 
  3. Train all staff – Unless you are a compliance manager, it is unlikely you will be reading the SRA Standards and Regulations cover to cover. Relevant staff should be adequately trained in the sections of the SRA Standards and Regulations which apply to their law firm role. VinciWorks’ SRA training suite will help legal professionals, including support staff, to develop an understanding of the relevant regulations which apply to their specific role in the law firm. The suite includes four courses, including courses for accounts staff and senior staff such as owners, managers and compliance managers.
How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

“In a world older and more complete than ours they move finished and complete, gifted with extensions of the senses we have lost or never attained, living by voices we shall never hear.”

Picture of James

James

VinciWorks CEO, VInciWorks

Spending time looking for your parcel around the neighbourhood is a thing of the past. That’s a promise.

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.