The risk management policy—regulatory requirements
The risk management policy—regulatory requirements

The following Practice Compliance guidance note provides comprehensive and up to date legal information covering:

  • The risk management policy—regulatory requirements
  • SRA Standards and Regulations
  • Why have a risk management policy?
  • What is a risk management policy?
  • What purpose does it serve?
  • Interaction with the risk register

There is a widely accepted definition of risk, ie:

Risk = probability x impact

So, for any given risk faced by your business, there are two questions:

  1. how likely is it that the risk will materialise, ie what’s the probability?

  2. if the risk does materialise, how bad will it be, ie what’s the impact?

SRA Standards and Regulations

General risk

You must identify, monitor and manage all material risks to your business.

This obligation extends to risks that may arise from a connected practice, ie a person or company, LLP or partnership etc that is connected to your firm by virtue of: 

  1. being a parent undertaking

  2. being jointly managed or owned, or having a partner, member or owner in common, or controlled by or, with your firm

  3. participating in a joint enterprise or across its practice generally, sharing costs, revenue or profits related to the provision of legal services with your firm, or