You are here:
  1. Home
  2. News
  3. Blog
  4. It’s risky business without a risk register

It’s risky business without a risk register

06 June 2017

If you're not a Compliance Officer for Legal Practice (COLP), you might ask what a risk register is, and if you are a COLP, you should definitely have one. 


What is a risk register?

A risk register is simply a tool (commonly used in business generally) in which all the potential risks to a firm are identified and assessed according to priority. They are monitored and assessed within a time frame in order to mitigate those key risks.

It is good practice to record your regulatory risks, or your most serious risks, in a risk register as the SRA takes the view that firms demonstrating a responsible approach will be supported, making the need for enforcement action less likely.

Regulatory requirements

Risk registers form part of an existing knowledge base around the measurement and management of risk. From a regulatory perspective they became more prominent after the SRA introduced outcomes-focused regulation (OFR) with the SRA Handbook 2011. This risk-based approach emphasised the need for firms to manage their own risk, not through adherence to strict rules, but to general principles, outcomes and behaviours.

There is no strict obligation to have a risk register but the SRA Code of Conduct, Chapter 7, Outcome 7.3, requires that

‘you identify, monitor and manage risks to compliance with all the Principles, rules and outcomes and other requirements of the Handbook, if applicable to you, and take steps to address issues identified.’

To my mind, it would require several complex and connected documents to achieve the same desired outcome that a risk register would.

The advantages of a risk register

A risk register can be used as a tool to identify, assess and manage risk to acceptable levels. Actions can then be taken to reduce the probability and potential impact of specific risks.

Of all the areas of compliance that the SRA requires you to address, risk management is the least tangible. To avoid spending more time on it than you can afford, you need a well constructed register that can:

  • Improve your internal risk management processes
  • Heighten risk awareness across the firm
  • Prioritise the identification of risks and the mitigation of them
  • Operate as a useful management tool for making any strategic decisions for the firm as a whole
  • Provide support for the COLP and Compliance Officer for Finance and Administration (COFA) by ensuring systems are in place to meet the particular obligations of those roles
  • Reduce your PI insurance costs
  • Meet the obligations of the SRA

However, a risk register should not be a 'tick box' exercise. It's important that it's regarded both as a 'living' document in the firm's overall risk strategy and a proactive framework for continuously analysing and managing any shifting threats and challenges.

Monitoring the risk register

To meet the challenge of continuous monitoring and updating, the COLP should ensure that any changes feed into the firm's overall compliance plan and that there is buy-in from the strategic leadership within the organisation.

Useful tips for successful monitoring:

  1. Ensure that you capture new and emerging risk by keeping up-to-date. The SRA's 'Risk Outlook' is a useful guide to identifying high risk issues.
  2. It is important that someone owns the risk register (usually the COLP) and co-ordinates all the key players in the organisation to feed into it.
  3. Make sure the risk register has profile within the firm—it should be on the agenda at management meetings and have the buy-in of the most senior people in the organisation.
  4. It pays to involve different departments as well as support staff in contributing to the register—different areas of the business will face different risks.
  5. Used properly, the risk register can be a tool not just for monitoring risk but can reveal strategic opportunities for the firm that might not otherwise be apparent.

Priority risks

The challenge is to keep the register under review and to regularly capture any new and emerging risks. Any risks that do emerge need to be measured and action plans should be reassessed on a regular basis to ensure that targets are met.

Some of the key risks on our radar for 2017:

  • Continuing threats from cybercrime
  • Upcoming changes to data protection law
  • Implications of the changes in anti-money laundering, including the new Money Laundering Regulations and the recent Criminal Finances Act 2017
  • The challenges and uncertainty over Brexit
  • Forthcoming changes to the SRA Handbook

Benefits

A risk register template can provide a quick and easy framework that is simple to complete and ensures you include all the elements necessary to assess, treat and manage the risks facing your organisation. Risk registers make sense—and firms who manage their risk effectively are more likely to enjoy:

  • Fewer complaints and claims
  • A reputation for quality
  • Repeat business
  • Preferential PII premiums
  • Less management time spent dealing with the regulator
  • Less risk of incurring regulatory sanctions

This allows you to achieve a consistent level of quality over time.

The Law Society's Risk and Compliance Service offers a subscription member service as well as bespoke advisory solutions for legal businesses

Follow Risk and Compliance on Twitter

Tags: business

About the author

Pearl Moses is Head of Risk & Compliance at the Law Society

Follow Risk and Compliance

  • Share this page:
Authors

Adam Johnson | Adele Edwin-Lamerton | Alex Barr | Alex Heshmaty | Alexandra Cardenas | Amanda Carpenter | Amanda Jardine Viner | Amy Heading | Andrew Kidd | Andy Harris | Anna Drozd | Annaliese Fiehn | Anne Waldron | Asif Afridi and Roseanne Russell | Bansi Desai | Barbara Whitehorne | Barry Wilkinson | Becky Baker | Ben Hollom | Bob Nightingale | Caroline Roddis | Caroline Sorbier | Catherine Dixon | Ciaran Fenton | David Gilroy | David Yeoward | Douglas McPherson | Dr Sylvie Delacroix | Duncan Wood | Eduardo Reyes | Elizabeth Rimmer | Emily Miller | Emma Maule | Gary Richards | Gary Rycroft | Graham Murphy | Hayley Stewart | Ignasi Guardans | James Castro Edwards | Jayne Willetts | Jeremy Miles | Jerry Garvey | Jessie Barwick | Joe Egan | Jonathan Andrews | Jonathan Smithers | Julian Hall | Julie Ashdown | Julie Nicholds | Karen Jackson | Kate Adam | Kayleigh Leonie | Keiley Ann Broadhead | Kerrie Fuller | Kevin Poulter | Larry Cattle | Laura Devine | Leah Glover and Julie Ashdown | LHS Solicitors | Lucy Parker | Mark Carver | Mark Leiser | Markus Coleman | Martin Barnes | Matthew Still | Meena Toor | Melissa Hardee | Neil Ford | Nick Denys | Nick Podd | Pearl Moses | Penny Owston | Peter Wright | Philippa Southwell | Preetha Gopalan | Rachel Brushfield | Ranjit Uppal | Richard Coulthard | Richard Heinrich | Richard Messingham | Richard Miller | Richard Roberts | Rita Oscar | Rob Cope | Robert Bourns | Robin Charrot | Rosy Rourke | Saida Bello | Sam De Silva | Sara Chandler | Sarah Austin | Sarah Crowe | Sarah Henchoz | Sarah Smith | Shereen Semnani | Sophia Adams Bhatti | Steve Deutsch | Steve Deutsche | Stuart Poole-Robb | Susan Kench | Suzanne Gallagher | Tom Ellen | Tony Roe Solicitors | Vanessa Friend

Tags

access to justice | anti-money laundering | apprenticeships | archive | artificial intelligence | Autumn Statement | bid process | brand | Brexit | British Bill of Rights | Budget | business | careers | centenary | charity | city | communication | Conservatives | conveyancing | court closures | court fees | courts | CPD | criminal legal aid | cyber security | David Cameron | development | Diversity Access Scheme | diversity and inclusion | education and training | elderly people | emotional resilience | employment law | equality | European Union | Excellence Awards | finance | George Osborne | human rights | human trafficking | immigration | in-house | International Womens Day | Investigatory Powers Bill | IT | Jeremy Corbyn | justice | knowledge management | Labour | law management | Law Society | leadership | legal aid | legal professional privilege | LGBT | Liberal Democrats | library | Liz Truss | Magna Carta | mass data retention | mediation | members | mention | mentoring | merger | modern slavery | morale | National Pro Bono Week | Parliament | party conferences | personal injury | Pii | politics | president | pro bono | productivity | professional indemnity insurance | represent | retweet | risk | rule of law | security | social media | social mobility | SRA | staff | strategy | stress | talent | tax | tax credits | team | technology | Theresa May | Time capture | training | Twitter | UKIP | value proposition | website | wellbeing | Westminster weekly update | wills