Open Consultation

Most consumers will only use a solicitor at a few points in their lives to help navigate big life events. This includes events which involve significant financial transactions, such as buying property, receiving money from an inheritance or personal injury settlement. It is important that people can trust solicitors with their money and their affairs. This means having the right regulatory protections and safeguards in place while ensuring that the sector overall offers a broad range of services to meet consumers' needs.

We also need to keep the regulatory regime under review and predict and respond to developments in the sector. Recently, both the number and size of firms that we have had to intervene into to protect the public has risen sharply, with increasing detriment to clients from client money having gone missing or being unavailable when it was needed to complete a transaction. A substantial proportion of regulatory breaches which we investigate concern issues around the handling of client money. So, we launched our Consumer Protection Review in February 2024 to examine whether we need to make changes.

There are some changes that we have already been able to make. These include issuing warning notices on mergers and acquisitions and on money missing from the client account; tightening up checks when reviewing firms' financial information and bank statements; reviewing processes for putting conditions on firm authorisations; and starting to put in place a new proactive investigations team.

This consultation exercise sets out our proposals and ideas for further changes we think are needed. These have been informed by the engagement and research that we have already undertaken.

Consumers are at the heart of this review. Therefore, we conducted in-depth research with consumers to help shape our understanding and positions. We also engaged with a full range of stakeholders through different events and exercises, and we have commissioned research on specific topics relating to consumer protection.

At the outset of our review, we made clear that no options were off the table. This allowed for open discussion and the exchange of ideas. We set out three key areas to prompt discussion and our engagement indicates that these were the right areas of focus.

We are now consulting on proposals and ideas in three areas:

• Part 1: The model of solicitors holding client money – should we be looking at ways to reduce the client money held by solicitors?
• Part 2: Protecting the client money that solicitors do hold – what controls, checks and balances are appropriate?
• Part 3: Delivering and paying for a sustainable Compensation Fund– how should payments from the profession be calculated and payments from the Fund to reimburse consumers be allocated?

We have also responded to feedback that 'consumer protection review' was an unhelpfully broad title.  We have adopted a title for this consultation exercise which we think better reflects the scope – client money in legal services: safeguarding consumers and providing redress.

The consultation papers include some firm proposals that we hope could be delivered relatively quickly. There are also more formulative ideas that require further development, which will be informed by feedback from this consultation. And in some areas, notably changes to the model of solicitors holding client money, we would need to work with partners to enable suitable alternatives.

This consultation will run until 21 February 2025.

Insights so far

As set out above, the proposals and ideas that we are consulting on have been informed by what we have heard from stakeholders so far as well as the external research and internal work that that we have done. Our engagement activity (see Annex A for more details), including roundtables with a full range of stakeholders, has given us some insights and ideas.

We have also drawn on five pieces of external research, covering:

• Consumer insights – expectations and preferences
• Future market developments – risks to client money
• Different approaches to managing client money
• Compensation schemes in other regulatory bodies and jurisdictions
• Online polling of consumer views

And we have considered our own proactive inspection work, data analysis and learnings from the recent failures that we have seen. The section below provides a high-level overview of what we have learnt.

Holding client money

We have heard mixed views about whether risks to consumers and firms could be significantly reduced if holding client money was not an assumed role of a law firm. There were also mixed views about whether the benefits outweigh potential disadvantages.

Some people, including the Legal Services Consumer Panel, supported the idea of alternatives to solicitors directly holding client money to reduce risk. Individual consumers and the public started out as sceptical about the potential benefits of alternatives, but the alternatives became more popular as people's knowledge about what they were increased.

Within the profession, some firms said that they were already looking to move away from holding client money to reduce risk and insurance costs. Others said that they were not opposed in principle but did not think that there were good, affordable alternatives available. But others were opposed – with questions over whether alternatives were more secure, concerns about limiting the service they offered to clients and whether involving a third party would add cost and delay.

We asked questions about firms being able to keep some of the interest that was made on the client money that they held. Consumers felt that as it is their money, they should receive any interest. As a minimum, the interest rates should reflect what they would have received in their own savings account. We heard that some firms used part of the interest to subsidise their operating costs and/or keep their fees down, or to improve their profitability. Some firms told us that they would not be able to remain in business without the money raised from interest on client accounts.

Through our inspection and investigations work, we have seen examples of firms who are not returning client money promptly at the end of a case, leading to high residual balances. We have heard from some compliance experts that this is not always treated as a priority by firms and their employees.

Our research highlighted examples of alternative arrangements for handling client money from different sectors and jurisdictions. It found that while there were no easily applicable models that could be lifted wholesale and applied to the legal sector in England and Wales, there were features that could help reduce risks to client money which should be explored further.

Protecting client money

Unsurprisingly, finding ways to reduce risks was seen as important by consumers and the profession. We heard lots of different ideas about controls and protections that we might improve. Among solicitors and compliance experts, there was a widespread view that the reporting accountants' external audit function for risks to client money could be strengthened. This was both with regard to making sure that firms complied with existing requirements and improving the consistency of how effective the audits are at identifying risks or problems. Our intervention and thematic review activity has shown a significant minority of firms not complying with requirements.

Another area where we commonly received ideas for improvement was around checks and balances within firms. For example, there was concern expressed about potential conflicts when managing partners were also holding key compliance roles. We received several suggestions about how we might strengthen the effectiveness of compliance roles, both in terms of structure and how the roles are carried out in practice. However, there was also some caution about the potential impacts of any changes on sole practices and small firms.

Similarly, we heard some stakeholders calling for more monitoring and checks on firms that significantly change their profile, particularly through the acquisition of other firms. Some pointed to potential areas of concern. Issues highlighted included smaller firms buying bigger firms. And where a firm buys another firm of a very different sort and takes on different areas of law, including areas where there are traditionally large amounts of client money held. Some pointed to tighter controls in operation in other sectors. However, some stakeholders warned against introducing checks that might unnecessarily slow down or dampen normal market behaviour, saying the benefits from a dynamic market are more common than risks.

Our research into emerging market developments highlighted a changing sector. We must continuously improve our data and capability to understand developments, and properly identify, assess and act on risks. For example, the research highlights increasing merger and acquisition activity. While this may be positive, an expanding firm that then fails - for example because of poor management or fraud - could result insignificant harm to more consumers. Our own proactive visits found no concerns with the accumulator model or acquisitions per se but identified that potential risks may arise from issues such as lack of capacity and expertise to successfully integrate people, systems and processes.

Compensation Fund

There was strong support for the compensation fund across the breadth of stakeholders that we spoke to. There was very little enthusiasm for reducing the existing eligibility and scope. Consumers favoured universal coverage, irrespective of wealth. Currently, individuals, small businesses and small charities can call upon the fund, as a last resort, if they have lost money because of the dishonesty or unethical actions of a solicitor.

In terms of contributions, it was largely accepted among solicitors that the whole profession benefited from the fund as it helped uphold its reputation. Some suggested that we should explore variable contributions based on factors such as risk, impact, size or turnover. Our data shows that although most of our interventions are into small firms, when we do intervene into large firms, the value of compensation fund claims is higher than the totality of those relating to small firms.

The research looking at other jurisdictions highlighted that there is lawyer theft and misappropriation in all jurisdictions where they have unfettered access to client money. Most cases are small and relate to mismanagement but there are examples of claims resulting from large-scale criminality. The majority of compensation schemes are funded by individual lawyer contributions. The research highlights one example of the level of contribution being weighted towards those that hold more client money. Our Compensation Fund is made up of annual contributions from all solicitors (except those employed by the Crown Prosecution Service) and firms that hold client money. Contributions are set on a flat fee basis. Contributions are currently split 50/50 between individual solicitors and firms.

Next steps

The consultation will be open until 21 February 2025. We will also be carrying out a series of engagement events.

It is important that we hear from you about the likely effectiveness of the propositions, the impacts that they might have and, if we proceed with them, how they might be developed to maximise the potential benefits while avoiding unintended consequences.

Who we have heard from already

Since launching the consumer protection review in February, we have gathered wide-ranging feedback and views from our stakeholders:

• Over 200 stakeholders attended 14 roundtable events or discussions with us. These included the legal profession, the finance and tech sectors, compliance professionals and three consumer representative group events. 
• 31 members of the public participated in four focus groups.
• A diverse group of 39 consumers collectively spent 350 hours giving us their in-depth views on consumer protections through a process of 'deliberative research'.
• We also gained insights from online polling conducted with 2,000 members of the public. 
• We received written responses to our consumer protection review discussion paper from over 20 stakeholders.
• We also commissioned research into how other jurisdictions and regulators manage client money and compensation funds, and future risks in the legal sector. The commissioned research has been published in full alongside this consultation.

In part 1 of our consultation – holding client money, we have set out our proposals on how we reduce the amount of money held by solicitors on behalf of their clients. We have also explained that we want to explore an ambition for the longer term to move away from the model of firms holding client money at all. Even if we decide that solicitors should not hold client money in the future, achieving this will take several years. In the meantime, we need to consider how we can better protect any client money that solicitors do hold as there are inherent risks in them doing so.

This part of our consultation explores what more we can do to identify problems when firms are holding client money. Through our engagement we heard suggestions that we could do this by strengthening our monitoring and checks, particularly on firms that significantly change their profile, for example through the acquisition of other firms. This might see them moving into new areas where significant amounts of client money will need to be handled by the firm and robust systems and processes will be essential. Or into areas where we are seeing increased instances of harm relating to client money.

We want to explore how we can improve our identification, assessment and monitoring of potential issues and whether there are current practices that are creating unnecessary risks. This means looking at emerging trends to identify features that might be causing harm. And where we do identify such features, we want to identify the firms with those features so we can target regulatory action and communication at them. Having good, timely data about firms is crucial to doing this successfully.

We also want to explore whether we need to strengthen current safeguards within firms and provided through external auditing by reporting accountants, as well as making sure that the current checks of systems and controls that we undertake when we authorise firms cannot be bypassed.

Therefore, in this consultation, part 2 – protecting the client money that solicitors hold, we explore our current rules, checks and balances which seek to protect the client money that solicitor firms hold. We consider how we might change the requirements for firms to notify us of changes to how they are organised and what they do, which may be relevant to identifying risks to client money.

We will also explore steps we might take to mitigate the risks associated with dormant firms and changes we may introduce to the existing accountants' report requirements. And we set out our views about strengthening requirements for key decision makers in firms, including potentially separating roles and functions so that they are not held by one individual. In this document, we set out proposals and ideas for the future, on which we would like to hear your views.

What we want to achieve

We want to make sure we have better access to appropriate, timely information about firms to understand and address potential risks in the sector.

Our current approach

We currently collect and review information from law firms through different channels and at different points during a firm's regulatory lifecycle.

This starts when firms apply to us for their initial authorisation to carry out reserved legal activities. They are required to provide us with information that we use to consider their application, and determine whether to grant authorisation, in line with our Authorisation of Firms Rules (AFR). That information includes their proposed owners, their management and governance structures, and how they will be funded. It also includes the area(s) of law in which they intend to practise. As part of our authorisation process, we may ask specific questions and seek further information from applicants.

We will refuse authorisation if we are not satisfied with the suitability of the applicant's managers, interest holders, or management or governance arrangements. Or if we are not satisfied the applicant will comply with our regulatory arrangements. Further, we will refuse to grant authorisation if we believe that authorisation would not be in the public interest or is otherwise incompatible with the 2007 Legal Services Act's regulatory objectives. We may also place conditions on a firm's authorisation based on the information provided.

Each October, authorised firms submit an annual return through the Practising Certificate Renewal Exercise (PCRE). Through this process, we require firms to provide us with other categories of information about their business and the services it provides. This includes information about their turnover and a breakdown of the areas of work carried out by the firm as a percentage of that turnover. And also information about the number of client complaints that they have received. Each of the categories of information that we require is described in our PCRE guide.

Firms are also required to notify us at different points when certain things change. This is in addition to the requirement for solicitors and firms to report to us any facts or matters that they reasonably believe are capable of amounting to a serious breach of our regulatory arrangements.

Read our guidance on our current notification requirements. Examples of required notifications include telling us:

• that a firm is closing or being acquired
• that a firm is in serious financial difficulty
• about changes in the financial services they provide
• about changes to managers, owners and approved role holders including compliance officers
• that they are using a Third Party Managed Account.

We also proactively collect information on a thematic basis to help build our understanding of specific practices or activities. We may ask firms to provide information to help us ascertain law firm compliance in focused areas such as anti-money laundering regulations and our transparency requirements. We carry out firm inspections where we have intelligence about potential risk. And we will obtain information from solicitors and firms if they are subject to our investigation processes.

We collect information for different purposes. We use information provided through the annual PCRE return, notifications and our investigations to help us detect indicators of potential issues and which may result in us taking a closer look at a particular firm or area. This might be, for example, a high number of complaints relating to accounting practices or self-reported breaches in a particular area. Our information also tells us if a firm falls within the scope of additional regulatory provisions, such as the SRA Transparency Rules, requirements to inform the FCA of firms undertaking regulated financial services or being subject to our processes to support and monitor firms that are in financial difficulty or are closing.

This information can also help us identify characteristics within firms that would bring them within the scope of targeted communications or proactive work. Information from our proactive work helps us to identify trends of emerging harm and to better understand the causes of the harm so we can target our response. For example, we are seeing an increase in acquisitions across the market, and there have been examples of theft or mismanagement of client money in a small number of firms that might be categorised as 'accumulator firms'. Therefore, we have proactively visited accumulator firms and other firms growing through acquisition. Our visits found no concerns with acquisitions per se but identified that potential risks may arise from issues such as lack of capacity and expertise to successfully integrate people, systems and processes.

We act if we identify specific concerns. This includes putting conditions on an existing authorisation or revoking an authorisation. In relation to acquisitions, we have historically focused on closing firms to make sure that client accounts and files are disposed of properly, whilst we ask for and receive limited information about buying firms. However, we could potentially place conditions on the authorisation of the acquiring firm, or the firm being acquired, to prevent an unacceptable acquisition that was not in the public interest from taking place. This is in addition to introducing targeted monitoring and supervision requirements based on our assessment of risk.

Concerns and issues

While we have some good information to help us to identify risks, there are areas where we think this could be improved. In particular, some information is only collected at the initial authorisation stage and/or annually thereafter.

Under the SRA Code of Conduct for Firms Rule 3.8(a), firms are obligated to notify us of material changes to information previously provided to us. However, we do not specify the changes we expect to be notified about in detail. In practice, we are often not notified of changes that we may consider material in the context of protecting client money. This might include, for example, firms significantly changing the structure and governance arrangements which formed part of their authorisation application without informing us of this (beyond changes to managers, owners and approved role holders which our rules specifically set out they must do). Firms also change the areas that they work in, including providing services in new practice areas, without informing us until PCRE in October each year when they report their turnover information.

This makes it difficult to carry out our proactive regulatory activity. For example, if we identify a potential or heightened risk to client money in one particular area of law or from a particular governance structure, we need to be able to identify firms operating in that area of law or with that governance structure to be able to accurately target proactive activity to better understand and/or mitigate the risk. We might wish to commission firm inspections, request information from key individuals within those firms, or write to specific populations of firms about our regulatory compliance expectations.

Our information also limits our ability to identify and mitigate potential risk factors within firms. For example, a law firm that currently holds relatively low amounts of client money could move into a new area of law and begin to hold significantly higher amounts of client money within a short space of time. We might consider there could be engagement needed with that firm around its approach to handling, retaining and distributing large amounts of client money. At present, we might not find out about this change until the annual PCRE return.

Similarly, if one firm buys another firm or firms that undertake different areas of law and/or which hold significantly larger amounts of client money, we might not find out about this until very near to the completion of the sale or afterwards when we are notified of the change. Approvals are not required, unless it creates a new regulated entity that must be authorised.

Through our engagement work, some stakeholders, including law firms, have advocated strengthening our oversight. Some highlighted that this happens in other sectors without harm. One firm that had acquired another firm said that they were surprised by the minimal regulatory scrutiny they experienced.

What we are proposing

We are considering whether there are some changes to a firm's profile or operating model we should require information about prior to the change or within a specified period of time following the change. Profile changes might happen for a number of reasons, including when one authorised firm buys another.

Our starting point might be the key information that we require at the point of authorisation, such as collecting information on the areas in which the firms practise or intend to practise post-acquisition, current or proposed management or governance structures, or how the acquisition will be financed. We think that this could expand the range of useful information we have to help us to identify and manage any risks to client money. For example, we might want to contact compliance officers to explicitly ask whether they have concerns about the proposed changes and their impacts on the operation of the firm's client account. Or we might require "out of cycle" accountants' reports to understand if proposed changes might be placing client money held by the firm at a heightened risk.

Requiring notification of significant changes would also help to improve the accuracy of public-facing information about law firms through our Solicitors Register and through external sources, such as comparison websites that use our information sharing service.

There are important considerations here for the proportionality of any additional information requirements, and we may want to set criteria around when firms are required to provide information to us. For example, we may decide that it is unnecessary to require firms to notify us each time they begin offering services in new areas of law, and we might instead require notification only if a firm plans to generate turnover above a particular threshold or within certain areas of law.

We might decide to specify areas of law where notification is required. For example, we have recently issued a warning notice about representation on high volume financial service claims. We could require firms intending to begin providing services in this area to notify us so that we can satisfy ourselves that they have read and understood this warning notice and have the necessary processes and procedures in place to ensure compliance with our requirements. Or we might specify areas where significant amounts of client money usually pass through the client account.

We also need to consider what we do with the information and what action follows. For example, should we require that certain changes (such as an acquisition) require pre-approval before they take place? Or would risks associated with changes be better targeted through 'after the event' monitoring and supervision activities?

There are reasons to be cautious and we want to avoid unintended consequences. Changes in business model and profile, including through acquisitions, are natural responses by operators in any competitive and dynamic marketplace and there are often benefits to consumers. For example, where a law firm is struggling financially or a sole practitioner is retiring, being bought by another firm can maintain continuity for its clients. Sometimes, it may mean that the only supply of legal services within a particular area of law can be maintained within that geographical area. Firms beginning to provide services in new areas of law can increase both competition and access to justice.

We have heard some concerns that additional requirements or checks are unnecessary and may have negative consequences, such as putting off investors, or delaying time critical acquisitions so that the acquisition does not happen. These consequences may, for example, result in a firm, which is already in financial difficulty, collapsing, potentially to the detriment of clients and employees. However, other stakeholders raised doubts that our involvement would be disproportionately onerous or necessarily delay a transaction. They pointed to the fact that other parties, such as insurers, would require and scrutinise similar information for certain changes in any case.

The majority of the 100 or so mergers and acquisitions that happen each year do not result in regulatory breaches or substantive issues requiring us to act or intervene. Our inspections have found no systemic risks with acquisitions per se. They have highlighted specific risk factors at which we may best target our oversight in a way that adequately protects client money.

Any additional due diligence by us would focus on identifying features that may indicate regulatory risk, for example, capacity and capability to take on new areas of work, to integrate systems and processes and to have adequate controls in place given the new firm profile. This may include considerations around governance and financing. We would not be concerned with commercial choices and considerations beyond this.

Questions

Q1. Do you think that we should be more prescriptive around the information that we must be notified of outside of our annual practicing certificate renewal exercise? If so, what information should we require and what risks should we target?

Q2. Do you think certain changes should require pre-approval by us and/or after-the-event monitoring and supervision? If so, which changes should this apply to and what risks should we target?

Q3. What impacts might arise from notifying us of changes in advance? Please provide specific examples of where firms provide information about changes to other third parties, eg insurers.

What we want to achieve

We want to make sure that potential risks to client money and to client experiences more broadly are mitigated during situations where law firms do not provide legal services after initial authorisation, or stop providing legal services.

Our current approach

We consider applications for authorisation in line with our Authorisation of Firms Rules. Paragraph 1.1 of the Rules confirms the eligibility criteria for those applications, including that applicants intend to deliver legal services. The eligibility criteria also extend to circumstances where an applicant does not intend to deliver legal services but we are satisfied that it remains in the public interest for that applicant to be eligible to seek authorisation. For example, a body's authorisation validly forms part of a wider international structure where the firm is required to be authorised by us in order to operate in other countries.

There may also be specific extenuating circumstances that have occurred after authorisation, such as ill-health temporarily impacting a sole practitioner solicitor's ability to undertake legal services. During that period, a law firm may effectively become inactive for a duration. However, some firms who are authorised on the basis that they intend to deliver legal services do not go on to provide legal services to the public at all, while others cease trading for long periods of time while remaining authorised. We refer to these law firms as being dormant.

Concerns and issues

We are concerned that some firms continue to retain their authorisation even when they are no longer providing legal services. We have seen examples of dormant law firms being used in ways that we think are contrary to the public interest and may restrict the information we obtain to identify risks. We have yet to see suitable reasons beyond limited exceptions of public interest benefits for firms to retain their authorisation when they are not providing any legal services.

We are aware of dormant firms being advertised for sale with the value of the sale being described as the SRA authorisation itself (in the absence of any income from legal service delivery). The dormant firm's trading name is listed in the Solicitors Register and therefore appears to the public to be a law firm they might use.

A buyer might purchase that authorised firm and would not need to apply to the SRA for any further authorisation. Assuming that the buyer satisfies our conditions for law firm ownership and management, and we have approved its managers, owners and compliance officers, they could then begin to undertake legal services from that firm. As we have set out previously, we are concerned about firms being able to significantly change their profile, including through acquisition, without us having sufficient, timely information to allow us to identify, assess and act on risk. We are concerned that the current position in relation to dormant firms presents a particular issue in this regard.

We have seen examples of dormant firms being used by failing legal service businesses to leave behind debt and other liabilities. While we can and do take action in these situations to manage risks that may be posed to clients, this takes place after the dormant firm has already been acquired.

Proposals

We are already proactively engaging with owners of authorised bodies that do not appear to have a valid reason for recording zero turnover over an extended period of time. Following that engagement, we may seek to revoke authorisation in circumstances where we determine a firm has become ineligible to be authorised, and/or revocation is in the public interest.

Alongside this we propose to introduce a longer-term safeguard through creating an explicit provision to revoke authorisation where an authorised body has not provided legal services within 12 months (primarily evidenced by reporting zero turnover), unless there is a legitimate reason. This will draw a clear distinction between legitimate circumstances when an authorised body may declare zero turnover, and circumstances where SRA authorisations may instead be at risk of being used inappropriately and illegitimately. There would be an additional advantage to consumers as it would help to make sure the Solicitors Register and the Licensed Bodies register are as accurate and meaningful as possible for members of the public who use them.

There are circumstances where an authorised firm may be active in providing legal services but records zero turnover. For example, the body operates on a charitable basis or does not otherwise charge fees to its clients. Firms in this category would not be impacted.

There are further instances where a firm may record zero turnover and otherwise does not provide legal services which we would consider acceptable. For example:

• there is a clear rationale and it is in the public interest for the firm to be authorised and retain its authorisation – including if a related exception to the Authorisation of Firms Rules was agreed and remains applicable, or
• the authorisation holder otherwise notifies the SRA of a period of, and reasons for, recording zero turnover and the SRA has approved the expected duration.

Our criteria would then underpin proactive engagement with dormant law firms, that would:

• lead to us accepting a further period of not carrying out legal services only in exceptional circumstances, or
• taking appropriate regulatory action, including revoking a firm's authorised status.

Questions

Q4. To what extent to you agree or disagree with our proposed approach to addressing dormant firms - taking action where a firm has not provided legal services and/or recorded zero turnover for 12 months, unless legitimate circumstances apply?

Q5. Are there other circumstances not presented here where you think a law firm can legitimately record zero turnover for an extended period?

What we want to achieve

We want to make sure that the reporting accountants' regime is complied with and provides an effective external audit process for identifying accounting practices or other factors that put client money at risk.

Our current approach

Our rules require firms to obtain an annual accountants' report unless they are exempt under our rules. Reports must be prepared by an accountant who is a member of one of the chartered accountancy bodies and who is, or works for, a registered auditor. Reporting accountants are required to complete a form we prescribe confirming that they have carried out work to assess whether the firm has complied with the Accounts Rules in the report period. They must also confirm whether they have found significant breaches and/or significant weaknesses in the firm's systems and controls which have or may put client money at risk. If they have found significant breaches or weaknesses, they must qualify the report, and the firm is then required to submit the report to us.

Not all firms are required to commission accountants' reports; firms that do not hold client money, hold solely client money provided through legal aid, or have had an average client balance of no more than £10,000 over an accounting period and their client balance has not exceeded £250,000 at any point during that period, are exempt from obtaining an accountant's report. This exemption was introduced to minimise the regulatory burden placed on firms that hold small amounts of client money and focus our attention on the most material risks. Based on 2023-24 PCRE data, approximately 14% of firms fall within this exemption.

Prior to 2014, our rules required all firms holding client money to obtain reports and to submit these to us. Reporting accountants were required to qualify a report if there were any breaches of our Accounts Rules, rather than just breaches that put client money at risk. Over 50% of reports were qualified, but because many of the breaches were technical in nature with no client money being placed at risk, we investigated very few.

We introduced changes to make our rules more proportionate and stopped collecting information that we considered was not needed. We placed an emphasis on reporting accountants using their professional judgment when deciding whether to qualify reports, focusing on serious breaches. We then only required firms to submit reports to us if they were qualified – so our investigations could focus on the most substantive risks. An impact evaluation of the changes in 2018 found that, although only qualified reports were submitted and far fewer reports were being qualified, we took action in a similar number of cases as we did prior to the changes being implemented. This indicated that the changes had not impacted our ability to identify and act against firms that put client money at significant risk.

Concerns and issues

Based on instances of non-compliance identified during investigations and thematic reviews, we do not believe that all firms are complying with Accounts Rules' requirements to obtain an annual accountants' report, nor to submit any qualified reports to us. We intend to strengthen the independence and robustness of the reporting accountants' requirements to ensure the approach taken by reporting accountants is sufficient to highlight potential risks.

Since the impact evaluation in 2018, the number of qualified accountants' reports submitted to the SRA has declined significantly.

Between 2018 and 2023, the number of qualified accountants' reports decreased by around 58%. While some of this decline may relate to decreased numbers of firms holding client money, and to changes to the criteria for a report to be qualified, we do not know that this is the case – we do not have fixed mechanisms available to detect or quantify systematic non-compliance. We have been monitoring the decrease and published a news article in March 2023 to remind firms of their obligations.

The decreased numbers of qualified accountants' reports suggests that some firms are not commissioning a report at all or are not sending their qualified reports to us. Our recent thematic review into the probate sector found that two out of 25 firms had not complied with our rules. Separately, our Forensic Investigations team conducted 244 inspections in 2023, which identified 25 firms (10%) in breach of our accountants' reports requirements. Of these, 13 firms had failed to obtain an accountant's report, nine obtained or submitted reports late and three failed to submit qualified reports to us.

Recent Rates of Non-Compliance with Accountants' Reports Requirements

While these samples are small and not necessarily representative of the overall law firm population, we consider that they indicate an unacceptable level of non-compliance. These critical aspects of our Accounts Rules are designed to ensure independent, professional oversight of firms holding significant amounts of client money to safeguard consumers, and we expect a high level of adherence from the profession.

If firms do not obtain an accountant's report there is a risk to client money as firms may avoid scrutiny, meaning both poor practice and fraudulent behaviour cannot be identified by reporting accountants. We rely on firms to obtain an accountant's report and submit it to us if qualified, and we do not currently have a mechanism to systematically detect non-compliance with these requirements. If firms do not obtain an accountant's report, fail to provide us with a qualified report, or do not provide reports within our required timeframes, we will not have access to information which could prompt further review of a firm's handling of client money.

Through consultation and engagement to date, a range of stakeholders have suggested strengthening the role of reporting accountants in protecting client money. This has included support for re-introducing requirements for all reports (whether qualified or not) to be submitted, or the introduction of an independent system for reporting accountants to confirm their involvement in preparing reports and the outcome of their assessment.

We have heard the independence of some reporting accountants questioned, especially when they are reliant on income from a small number of firms. The consistency of the audits has also been questioned, including around what breaches lead reports to be qualified.

Proposals

We propose to amend our requirements for accountants' reports to give us greater insight, and to improve compliance and our ability to monitor compliance.

We are seeking views on three possible options:

• Re-introduce the requirement for non-exempt firms to submit their accountants' reports to us. Submission or a report would enable us to confirm that reports have been produced, while also enabling us to make a risk-based decision to only review qualified reports in detail.
• Introduce an annual declaration for reporting accountants, who must confirm they have provided a report and declare whether it was qualified.
• Introduce an annual declaration for firms, who must confirm (a) whether they are required to obtain an accountant's report, (b) whether they have obtained an accountant's report, and (c) whether the report was qualified or not.

Each option has pros and cons. Introducing an annual declaration for firms would be consistent with practices in some other areas eg compliance with continuing competence and AML requirements. A positive requirement to declare compliance is a trigger for firms to make sure that they are taking the necessary steps. It would also alert us to firms who declare that they are not complying. However, it would be a self-declaration process, which relies on the honesty of the firms so may not help us identify bad actors. We could potentially support this approach with spot checks.

Re-introducing the requirement for firms to provide their accountant's report to us provides the greatest certainty that firms are complying with the Accounts Rules. We would only review qualified reports as a matter of course, however all reports would be available to us to obtain intelligence and insights into firms' accounting practices on a targeted basis. As now, we would review every qualified report. We would explore the resource implications as electronic filing and other innovations would likely make this less resource intensive than in the past, but there is still a question about whether this requirement would increase regulatory costs.

We intend to investigate whether there is a case for requiring firms to change their reporting accountant periodically, to help safeguard their independence.

We are also considering whether to retain, amend or remove the existing exemption criteria from obtaining an accountant's report. This could include:

• removing the exemption – require all firms to submit an accountant's report, except those that hold no client money or only legal aid money
• amend the exemption to clarify the reconciliation period and remove the £250,000 maximum to simplify calculations of whether a firm falls within the exemption
• retain the existing exemption unchanged.

We do not wish to place disproportionate burdens on small firms, however, we do think there are opportunities to clarify existing rules. This could include, for example, clarifying the reconciliation period for ease of understanding whether the £10,000 threshold is met. Firms receiving legal aid funding are overseen by the Legal Aid Agency, so we would retain their exemption to prevent adding possibly duplicative layers of scrutiny. We would like to understand if there are any clear reasons why this exemption should not be retained.

During the consultation period, we will work with accountancy and audit bodies to explore arrangements that provide more robust safeguards around the independence and effectiveness of the reporting accountant audit function. This will include reviewing our rules, guidance and reporting forms.

We intend to strengthen the guidance provided to reporting accountants to be more specific about what issues and Accounts Rules breaches should result in a qualified report, as well as investigate options for how issues should be reported to generate useful insights and intelligence to inform risk-based monitoring and greater supervision. We are aware that accountants' reports cannot 100% guarantee that client money is protected – sophisticated fraud will likely include mechanisms to evade accountants' scrutiny – however we wish to ensure they are as effective a tool as possible.

Questions

Q6. Which of these three options for improving compliance with our requirements for accountants' reports and our ability to monitor this do you prefer and why?

• Re-introduce the requirement for non-exempt firms to submit their accountants' reports to us.
• Introduce an annual declaration for reporting accountants
• Introduce an annual declaration for firms

Q7. What are your views on whether we should consider requiring firms to periodically change their reporting accountant to safeguard independence, and if so, how often we should require this?

Q8. Should we retain the existing exemption from obtaining an accountant's report, amend it, or remove it?

What we want to achieve

We want to make sure that our regulatory requirements provide for effective checks and balances around decisions within law firms relating to the receipt, retention and distribution of client money.

Our current approach

As well as authorising solicitors and law firms, we assess and approve people to undertake particular roles within law firms in line with our Authorisation of Individuals Regulations and our Approval of role holders guidance. These are positions of responsibility and trust. There are specific obligations that role holders are accountable for. These roles include:

• Managers
• Owners (those with a material interest)
• Compliance officer for legal practice (COLP)
• Compliance officer for finance and administration (COFA)

Managers are ultimately responsible for how their firm is run and its legal services are delivered, and for making sure the firm complies with all legislative and regulatory requirements. Managers hold the authority to make decisions within firms, including around accessing and handling client money. We define managers as: the sole principal in a recognised sole practice; a member of an LLP; a director of a company; a partner in a partnership; or in relation to any other body, a member of its governing body.

Owners are required to not do anything which causes the firm, or anyone in it, to breach their own regulatory obligations. While law firm owners can potentially exert significant influence over the business, they would not normally have significant involvement in the day-to-day running of the firm, including decisions around accessing and handling client money, unless they are also a manager.

Compliance officers play an important role in making sure that regulatory obligations are complied with and for reporting potential breaches of those obligations to us. This includes making sure that processes and systems drive compliance with regulatory arrangements around, and safeguard, client money. Specifically, the COLP must take all reasonable steps to ensure that the firm and all people involved with it comply with the regulatory arrangements (except obligations imposed by the SRA Accounts Rules) and the terms and conditions of authorisation. They must promptly report any potential breaches to the SRA . The COFA has similar responsibilities, specifically relating to the Accounts Rules. The SRA Code of Conduct for Firms confirms requirements for compliance officers, including that they have sufficient seniority and responsibility to undertake the role effectively.

In order to be approved, the role holders are subject to eligibility and suitability checks, described in our  Assessment of character and suitability rules. We require Disclosure and Barring Service certificates and certificates of good standing for different roles.

Applicants are required to provide information about how they will safeguard regulatory compliance and meet any specific requirements for the role. This is unless they are deemed to be approved under the SRA Authorisation of Firms Rules - for example, because they are an authorised lawyer with no adverse regulatory history, or they have previously been or are currently approved for a similar role in another organisation. Where someone is deemed approved, we must be notified  (in line with our notification process) but no other application or formal approval decision is required. Compliance officers cannot be deemed approved in firms with turnover above £600,000.

After considering the required information from individuals, we may approve, approve with conditions, or refuse applications. We may also withdraw approval where we receive notification that, or information which shows that, a person no longer meets the character and suitability requirements.

We are not prescriptive about how each firm complies with, and meets, their compliance obligations. However, paragraph 2.1 of the SRA Code of Conduct for Firms requires firms to have effective governance structures, arrangements, systems and controls in place so that compliance officers can undertake their duties fully.

There are further defined roles that require approval under anti-money laundering regulations. These are beneficial owners, officers and managers (BOOMs), and prescribed anti money laundering compliance roles – the Money Laundering Reporting Officer and Money Laundering Compliance Officer. These roles are focused on preventing money laundering and connected activity rather than protecting client money. They are subject to separate legislative arrangements and safeguards and not within the scope of this consultation.

Concerns and issues

Through our investigations we have seen examples where a lack of effective checks and balances around client money within law firms may have made it easier for it be stolen, used inappropriately, or be inadequately protected. It is impossible for regulation to entirely prevent sophisticated and concerted criminality. However, we are considering whether checks and balances relating to client money, and scrutiny of internal practices and handling of client funds, might be strengthened.

We are concerned that there are risks when a firm has an owner / manager who has significant power within, and control over, the firm and who also holds the key compliance roles. From PCRE 2023-24 to 21 August 2024, 2,412 SRA-regulated firms that were not defined as sole practitioners operated with a single manager/owner who also held all the compliance roles – COLP, COFA and money laundering officers – concurrently. That is more than one quarter of all SRA-regulated law firms. We expect this, by definition, to also be typical of sole practitioners.

This risks that decisions relating to client money are taken by single senior individuals, without additional or adequate scrutiny by other appropriate individuals within firms, negating the checks and balance element of the compliance roles.

A further important consideration here is making sure that compliance officers are themselves empowered and well-supported to undertake their duties, and that those duties are articulated and understood by everyone working in law firms. Through our engagement with compliance officers and professionals we heard calls for increased support in this regard, including clearer expectations about the duties of COLPs and COFAs. That could include clarifying 'sufficient seniority' and other responsibilities to compliance officers themselves, but also to managers and owners.

Proposal one

We think that we must address the risks associated with an individual having significant power and control within a firm also holding the key compliance roles.

Therefore, we propose that any manager (including owner managers) who can unilaterally make management decisions on behalf of the firm that impact on the receipt, retention and distribution of client money should not be able to hold a key COLP or COFA role within the firm. This will provide additional safeguards, and checks and balances, by making sure that multiple people are always involved in decisions, or checking the compliance of decisions, relating to the handling and safekeeping of client money.

Proposal two

Our stakeholder engagement work heard views that additional separation between individuals with power and control over a firm and compliance roles may have potential benefits. However, we also heard concerns about potential disproportionate impacts that these changes could have on smaller firms. We also appreciate that it is more difficult to separate out roles in sole practitioner and very small firms, because there are fewer people that will meet the requirements internally.

Therefore, we particularly welcome views on whether there are alternative arrangements that could provide appropriate safeguards within smaller firms. For example, the external commissioning of compliance roles or enhanced independent audit of relevant decisions and activity.

Questions

Q9. To what extent to do you agree or disagree that any manager that can unilaterally make decisions that impact client money handling should not also be able to hold a COLP or COFA role? Please explain your answer and include any suggestions for ensuring appropriate internal checks and balances.

Q10. Do you think this proposal should apply equally to all law firms, or should certain law firms – such as sole practitioners – be exempt if certain conditions are met? If so, what should these conditions be? Please explain the reasons for your answer.

Our second proposal under this section is to build a new support package for compliance officers that will help to improve the effectiveness and impact of compliance roles. This would be informed by our ongoing stakeholder engagement activities and could deep-dive into a number of areas – such as whistleblowing.

We need to understand different approaches to improve the effectiveness and impact of compliance roles in mitigating risks to consumers in practice.

To inform this we will use feedback we receive during this consultation alongside our engagement with role holders, including through our current thematic review into the role of compliance officers, to build our understanding of issues that compliance officers face. We will consider insights from our thematic review to understand more about how compliance officers are selected, the support they receive from their firms, and approaches they take currently to make sure their firms are compliant.

Alongside the development of this support package, we would also look to strengthen and confirm expectations around systems and processes all law firms must have in place to make certain their compliance officers are positioned to operate and carry out their duties effectively. This would be relevant to all law firm employees, but particularly so for owners and managers of law firms.

Questions

Q11. To what extent do you consider our proposals to build and launch a package of support for compliance officers, and to strengthen our expectations for law firms to support their compliance officers, are sufficient? Are there issues we should target to enable compliance officers to meet their responsibilities effectively?

Q12. In the context of this consultation, do you agree with our assessment of equality, diversity and inclusion considerations in our impact assessment? If not, what else do you think we should consider?

We have produced a draft initial equality impact assessment Consumer Protection Review consultation (PDF 15 pages, 242KB), covering all three parts of the Client money in legal services: safeguarding consumers and providing redress consultation.

Q1. Do you think that we should be more prescriptive around the information that we must be notified of outside of our annual practicing certificate renewal exercise? If so, what information should we require and what risks should we target?

Q2. Do you think certain changes should require pre-approval by us and/or after-the-event monitoring and supervision? If so, which changes should this apply to and what risks should we target?

Q3. What impacts might arise from notifying us of changes in advance? Please provide specific examples of where firms provide information about changes to other third parties, eg insurers.

Q4. To what extent to you agree or disagree with our proposed approach to addressing dormant firms - taking action where a firm has not provided legal services and/or recorded zero turnover for 12 months, unless legitimate circumstances apply?

Q5. Are there other circumstances not presented here where you think a law firm can legitimately record zero turnover for an extended period?

Q6. Which of these three options for improving compliance with our requirements for accountants' reports and our ability to monitor this do you prefer and why?

Q7. What are your views on whether we should consider requiring firms to periodically change their reporting accountant to safeguard independence, and if so, how often we should require this?

Q8. Should we retain the existing exemption from obtaining an accountant's report, amend it, or remove it?

Q9. To what extent to do you agree or disagree that any manager that can unilaterally make decisions that impact client money handling should not also be able to hold a COLP or COFA role? Please explain your answer and include any suggestions for ensuring appropriate internal checks and balances.

Q10. Do you think this proposal should apply equally to all law firms, or should certain law firms – such as sole practitioners – be exempt if certain conditions are met? If so, what should these conditions be? Please explain the reasons for your answer.

Q11. To what extent do you consider our proposals to build and launch a package of support for compliance officers, and to strengthen our expectations for law firms to support their compliance officers, are sufficient? Are there issues we should target to enable compliance officers to meet their responsibilities effectively?

Q12. In the context of this consultation, do you agree with our assessment of equality, diversity and inclusion considerations in our impact assessment? If not, what else do you think we should consider?