The risk management policy—regulatory requirements

The following Practice Compliance practice note provides comprehensive and up to date legal information covering:

  • The risk management policy—regulatory requirements
  • SRA Standards and Regulations
  • General risk
  • Financial risk
  • Why have a risk management policy?
  • What is a risk management policy?
  • What purpose does it serve?
  • Interaction with the risk register

The risk management policy—regulatory requirements

There is a widely accepted definition of risk, ie:

Risk = probability x impact

So, for any given risk faced by your business, there are two questions:

  1. how likely is it that the risk will materialise, ie what’s the probability?

  2. if the risk does materialise, how bad will it be, ie what’s the impact?

SRA Standards and Regulations

General risk

You must identify, monitor and manage all material risks to your business.

This obligation extends to risks that may arise from a connected practice, ie a person or company, LLP or partnership etc that is connected to your firm by virtue of: 

  1. being a parent undertaking

  2. being jointly managed or owned, or having a partner, member or owner in common, or controlled by or, with your firm

  3. participating in a joint enterprise or across its practice generally, sharing costs, revenue or profits related to the provision of legal services with your firm, or

  4. common branding

Financial risk

You must:

  1. actively monitor your financial stability and business viability—once you are aware that you will cease to operate, you effect the orderly wind-down of your activities

  2. identify, monitor and manage all material risks to your business, including those which may arise from your connected practices

The SRA does not provide guidance about how you should achieve this.

Popular documents