Risk Q&A

For an explanation of our risk-based approach to regulation, please see the Regulatory Risk Framework.

Below is a series of questions and answers that we will continue to build upon over time.

Questions and answers

Open all

All incoming reports are risk-assessed to inform prioritisation and action. For example, a report, series of reports, or information from the police may identify that there is an issue that needs to be address ed immediately. If this is the case, we will apply the resources necessary to address the situation and take effective action in accordance with our overall policies and proportionate to the issue that has arisen.

Our incoming reports risk assessment methodology sets out how we will risk assess incoming reports.

All relevant information gathered by the SRA is recorded and available to inform further risk assessments at individual, firm, sector and market level.

As a risk-based regulator, our allocation of resource should be proportionate to the risk that a firm presents to us achieving the regulatory objectives.

Our Regulatory Risk Framework outlines our approach to managing risks posed by firms and individuals.

The assessment of firm’s footprint is not a measure of the quality of the firm.

Successful, innovative firms delivering high-quality legal services can be assessed as having a large footprint, affecting a need for us to actively regulate the firm's delivery of a business model, the failure of which has the potential to impact on our achievement of the regulatory objectives.

We use the firm’s footprint to allocate a suitable supervisory approach to the firm to each firm. This is in recognition that a one-size-fits-all approach is not appropriate to the range of firms delivering legal services to consumers.

The "risk score" will, of course, fluctuate, and in isolation will not be informative, but a firm will know the level of engagement we believe is proportionate to the risks presented by them based on our assessment.

But, we recognise the time and cost associated with the provision of data to the SRA and therefore regularly assess the relevance of our regulatory information to ensure that we are being proportionate in imposing information requirements on those we regulate, whilst securing sufficient data to inform accurate and timely risk assessment.

Operational risks generated by the SRA’s activities, including our activities to control regulatory risks, are identified and managed separately to the regulatory risks cause by the market that we regulate and other external factors. The Risks that we manage under our Regulatory Risk Framework are listed in our Regulatory Risk Index.

Print page to PDF