Formulating a risk management policy
Formulating a risk management policy

The following Practice Compliance guidance note provides comprehensive and up to date legal information covering:

  • Formulating a risk management policy
  • Regulatory requirements
  • Interaction with the risk register
  • Key features of the risk management policy
  • Implementing your risk management policy
  • Monitoring and reviewing your risk management policy

A risk management policy outlines the risks posed to a business and provides a set of actions to be taken to both prevent the risk from occurring and reduce the impact of the risk should it happen.

This Practice Note provides a guide to the features usually included in a risk management policy.

Regulatory requirements

You must run your business or carry out your role in the business effectively and in accordance with proper governance and sound financial and risk management principles.SRA Principle 8

The SRA does not define the risk management principles that it expects you to employ when running your business. Instead, it describes outcomes you must achieve in order to comply with the SRA Principles. The most relevant outcome requires you to identify, monitor and manage risks to compliance with the SRA Handbook and take steps to address issues identified. SRA Code of Conduct 2011, O(7.3)

Although there is no strict regulatory requirement to develop a risk management policy, doing so will allow you to identify, monitor and manage your risks and will provide evidence to the SRA that you are:

  1. running your business in accordance with sound risk management principles, and

  2. managing risks to compliance with the SRA Handbook

An up-to-date, comprehensive risk management policy will be a very useful tool in any dialogue with the SRA.

Having such a document will make it much easier for the SRA to engage with you with a view to resolving any compliance issues. The SRA has said on many occasions that firms demonstrating a responsible approach will be supported, making the need for enforcement action less likely. Firms without a