You are here:
  1. Home
  2. Support services
  3. Advice
  4. Practice notes
  5. Outsourcing


29 April 2015

This practice note includes:

  • an overview of outsourcing
  • examples of outsourcing activities, and other relevant information on confidentiality, management of your practice and risk assessment  

To access practice notes from the 1 June 2017 you will need a My Law Society account.

Registration is free and only takes a couple of minutes. Sign up now

Legal status

This practice note is the Law Society's view of good practice in this area. It is not legal advice.

Practice notes are issued by the Law Society for the use and benefit of its members. They represent the Law Society's view of good practice in a particular area. They are not intended to be the only standard of good practice that solicitors can follow. You are not required to follow them, but doing so will make it easier to account to oversight bodies for your actions.

Practice notes are not legal advice, nor do they necessarily provide a defence to complaints of misconduct or of inadequate professional service. While care has been taken to ensure that they are accurate, up to date and useful, the Law Society will not accept any legal liability in relation to them.

For queries or comments on this practice note contact the Law Society's Practice Advice Service.

Professional conduct

All of the SRA Code is relevant to this issue, but particularly:

  • Chapter 4 on Confidentiality and disclosure
  • Chapter 7 on Management of your business


SRA Principles

There are ten mandatory principles which apply to all those the SRA regulates and to all aspects of practice. The principles can be found in the SRA Handbook.

The principles apply to solicitors or managers of authorised bodies who are practising from an office outside the UK. They also apply if you are a lawyer-controlled body practising from an office outside the UK.

You must take into account all of the SRA's principles when you or your practice are thinking about entering an outsourcing arrangement and ensure that any arrangement does not prevent you from adhering to any of the principles. You should always bear in mind what the ten principles are and use them as your starting point when implementing the outcomes.

The following principles are particularly relevant to outsourcing arrangements:

  • Principle 5- provide a proper standard of service to your clients
  • Principle 7- comply with your legal and regulatory obligations and deal with your regulators and ombudsmen in an open, timely and co-operative manner
  • Principle 8- run your business or carry out your role in the business effectively and in accordance with proper governance and sound financial and risk management principles


Must - A specific requirement in legislation or of a principle, rule, outcome or other mandatory provision in the SRA Handbook. You must comply, unless there are specific exemptions or defences provided for in relevant legislation or the SRA Handbook.

Should - Outside of a regulatory context, good practice for most situations in the Law Society's view.

In the case of the SRA Handbook, an indicative behaviour or other non-mandatory provision (such as may be set out in notes or guidance).

These may not be the only means of complying with legislative or regulatory requirements and there may be situations where the suggested route is not the best possible route to meet the needs of your client. However, if you do not follow the suggested route, you should be able to justify to oversight bodies why the alternative approach you have taken is appropriate, either for your practice, or in the particular retainer.

May - A non-exhaustive list of options for meeting your obligations or running your practice. Which option you choose is determined by the profile of the individual practice, client or retainer. You may be required to justify why this was an appropriate option to oversight bodies.

SRA Code - SRA Code of Conduct 2011

2007 Code - Solicitors' Code of Conduct 2007

OFR - Outcomes-focused regulation

SRA - Solicitors Regulation Authority

IB -indicative behaviour

The Law Society also provides a full glossary of other terms used throughout this practice note

1 Introduction

1.1 Who should read this practice note?

Solicitors and practices that are thinking about entering into, or who have already entered into, an outsourcing arrangement.

1.2 What is the issue?

The Solicitors Regulation Authority (SRA) implemented outcomes-focused regulation (OFR) in October 2011. OFR is a move away from a rules-based approach to one that focuses on high-level outcomes governing practice and the quality of outcomes for clients.

The SRA has published a Handbook, which sets out all the SRA's regulatory requirements. It outlines the ethical standards that the SRA expects of practices and practitioners and the outcomes that the SRA expects them to achieve for their clients.

The SRA Handbook includes a Code of Conduct (the 'SRA Code'), which replaced the Solicitors' Code of Conduct 2007 (the '2007 Code'). The SRA Code establishes outcomes-focused conduct requirements and each chapter outlines outcomes and indicative behaviours (IBs).

The SRA Handbook and Code has been in force since 6 October 2011. Accordingly, the 2007 Code and all of its rules and guidance no longer apply to solicitors' conduct, save in respect of any review by the SRA of conduct taken prior to 6 October 2011 to which the 2007 Code will still be applied.

An overview of OFR can be found on the Law Society's website. This provides information on what the SRA Handbook contains, including a summary of the chapters in the Code of Conduct and a summary of the reporting requirements included throughout the Handbook.

Outsourcing is an increasingly growing area in legal service delivery. This practice note provides you with an overview of outsourcing in the SRA Code. It includes information on:

  • The SRA Handbook
  • Examples of outsourcing activities
  • Confidentiality
  • Management of your practice
  • Risk assessment
  • Equality and diversity

2 Examples of outsourcing activities

The SRA has provided some examples of outsourcing which the outcomes in the SRA Code are intended to capture. These include services which are critical to the delivery of legal activities, for example legal secretarial services and proofreading.

The following is not an exhaustive list:

  • activities which would normally been undertaken by a paralegal
  • initial drafting of contracts
  • legal secretarial services- digital dictation to an outsourced secretarial service for word-processing or typing
  • proofreading
  • research
  • document review
  • Companies House filing
  • due diligence, for example in connection with the purchase of a company
  • IT functions which support the delivery of legal activities
  • business process outsourcing

The examples are provided in the SRA handbook Q&A on outsourcing.

The SRA notes in Q&A 4 that the outsourcing provisions in the SRA Code do not apply if you use a specialist service to assist with the provision of legal services to a client, for example instructing counsel, medical experts, tax experts or accountancy services.

The SRA has highlighted that the outsourcing of business and legal processes is increasing. The SRA emphasised the possible lack of due diligence over outsourcing arrangements generally in its 2013/14 Risk Outlook and in its 2014/15 Risk Outlook, the SRA focused attention on the more narrow area of the outsourcing of IT systems because of its connection to cyber crime, an issue which itself remains one of the SRA's priority risks identified in its 2016/17 Risk Outlook.

3 Confidentiality

3.1 SRA Code

Outsourcing presents specific challenges to confidentiality. There is a risk outsourcing will result in loss of confidentiality and that information may be disclosed to third parties. You must make sure that the outcomes in chapter 4 of the SRA Code on Confidentiality and disclosure are adhered to when work is outsourced.

Chapter 4 is about the protection of clients' confidential information and the disclosure of material information to clients. There are specific provisions on outsourcing. One of the outcomes that must be met is:

'Outcome (4.1) you keep the affairs of clients confidential unless disclosure is required or permitted by law or the client consents'

Practices that are planning to outsource any work relating to confidential client information must take all necessary steps to ensure that the third party providing the service will keep that information confidential. This should include putting an adequate confidentiality agreement in place.

Chapter 4 also includes a specific IB on outsourcing. This is:

'IB (4.3) you only outsource services when you are satisfied that the provider has taken all appropriate steps to ensure that your clients' confidential information will be protected'

You should consider that outsourced providers will not be constrained by the same professional duties as solicitors and must therefore make providers aware of your professional duties in relation to outsourcing. In addition to having confidentiality agreements in place, you should consider auditing and checking the outsourcing provider's confidentiality processes.

The SRA published ethics guidance on client confidentiality in January 2015, which confirms that it is a firm's responsibility to consider the adequacy of protections against electronic information being destroyed or passed to a third party (including separate entities within a group) and especially if information is shared across different jurisdictions.

This guidance highlights that information stored via cloud computing may be more vulnerable and that firms will need to be able to demonstrate that they have consider the risks and that clients have consented to information being stored in a particular way.

3.2 Law Society good practice

In addition to taking all necessary steps to ensure information will be kept confidential by third parties, you should ensure that the client is aware, for example through the practice's terms and conditions, that such outsourcing may take place. You should also consider whether specific consent is needed from clients prior to outsourcing taking place.

The Law Society's practice note on client care outlines that it is good business practice to set out terms of business, including on the outsourcing of work. There is a risk that your outsourced provider may breach client confidentiality when you outsource work on client files. Drawing the client's attention to this risk may mitigate any breach of confidentiality which then occurs. However, you still risk regulatory action so should consider taking the steps outlined in 4.1

Examples of what you should include in your terms and conditions on outsourcing are outlined in the client care information practice note.

4 Management of your practice

4.1 SRA Code

Chapter 7 in the SRA Code on Management of your business sets out requirements on the management and supervision of your practice. When considering how to meet the outcomes in this chapter you should take into account the size and complexity of your practice and the type of work you undertake. Chapter 7 covers:

  • governance
  • systems and controls
  • monitoring risk
  • monitoring financial stability
  • complying with relevant legislation
  • training of staff
  • supervision
  • outsourcing

There are two outcomes in chapter 7 that specifically reference outsourcing. Outcome 7.9 prohibits you outsourcing reserved legal activities to a person who is not authorised to conduct such activities.

Outcome 7.10 refers to the outsourcing of 'legal activities or any operational functions that are critical to the delivery of any legal activities'. Operational functions that are critical to the delivery of legal activities may include initial drafting of contracts, research, document review, due diligence and IT functions. This outcome outlines that you must ensure such outsourcing:

  1. does not adversely affect your ability to comply with, or the SRA's ability to monitor your compliance with, your obligations in the Handbook;
    If you outsource work you must ensure that this does not adversely affect compliance with any of the requirements in the Handbook and that it does not affect the SRA's ability to monitor or regulate.
  2. is subject to contractual arrangements that enable the SRA or its agent to obtain information from, inspect the records (including electronic records) of, or enter the premises of, the third party, in relation to the outsourced activities or functions;
    You must ensure that the SRA can obtain access to relevant information if necessary. You must secure rights of inspection for the SRA in all outsourcing contracts that cover legal activities or operational activities that are critical to the delivery of legal activities. You should ensure that the outsourced provider with whom you have the agreement is aware of your professional obligations in this area.
  3. does not alter your obligations towards your clients; and
    You must ensure that any outsourcing arrangement does not affect your professional obligations towards your clients, including the requirements set out in chapter 1 of the SRA Code on Client care. You should consider whether it is in your client's interest to outsource and should inform clients about any arrangements which are made in relation to outsourcing (see section 3 on Confidentiality). You will need to carefully consider the contents of your client care letter to ensure that it includes all relevant information.
  4. does not cause you to breach the conditions with which you must comply in order to be authorised and to remain so.

4.2 Law Society good practice

As noted above, the SRA has not defined outsourcing but outcome 7.10 refers to outsourcing of 'legal activities' and 'operational functions that are critical to the delivery of any legal activities'. However, you must bear in mind that at all times practices must remain responsible for any work that is outsourced.

In the Law Society's view, you should also ensure that any outsourcing that is not critical to the delivery of legal services does not affect your ability to comply with your obligations in the Handbook. Non critical outsourcing activities might include branding activities such as graphics and design, social media activity, cleaning and office maintenance.

You should consider and monitor the regulatory risks of outsourcing arrangements to your practice. One of the IBs (7.3) in chapter 7 sets out that you may tend to show that you have achieved the outcomes by:

'IB (7.3) identifying and monitoring financial, operational and business continuity risks including complaints, credit risks and exposure, claims under legislation relating to matters such as data protection, IT failures and abuses and damages to offices

Outsourcing carries specific risks and further information on risk assessment and the specific risks of outsourcing is outlined below.

5 Risk Assessment

The SRA has emphasised the need for practices to take a risk-based approach to compliance and managing their business. This will mean practices identifying and assessing risk. You may find the Law Society practice note 'OFR: an overview' helpful for a general overview of risk assessment.

There are specific risks in relation to outsourcing and practices must thoroughly assess any risks before making the decision to outsource. These risks must be monitored throughout the term of the outsourcing and not just at the outset of the outsourcing arrangement. The level of risk will depend on the particular type of outsourcing eg whether the practice is outsourcing an administrative function or whether it is outsourcing legal activities.

Risks that are specific to outsourcing are:

  • SRA Handbook - ensuring compliance with all the requirements in the Handbook, including the principles and Code of Conduct. Outsourcing providers may not be constrained by the same professional duties as solicitors, for example in relation to confidentiality and conflicts of interests, so you may want to consider whether restrictions/safeguards need to be introduced in contracts.
  • Client care - is outsourcing always in the client's interests? Is there a risk that you may not meet the requirements, and provide the standard of service, as outlined in chapter 1 of the SRA Code on Client care? Can you meet outcome 7.10 in chapter 7 of the SRA Code and ensure outsourcing does not alter your obligations towards your clients?
  • Lack of confidentiality - there is a risk that confidentiality will not be protected and information could be disclosed to third parties. This is outlined in section 3 above.
  • Conflicts of interest - there are a limited number of outsourcing providers. This increases the risk of the provider being involved in the same matter thus resulting in a conflict of interests and possibly compromising your independence. You should consider what process could be put in place to prevent this.
  • Quality of service - are there risks to the quality of the work provided by outsourcing providers and are you getting the same quality of work as if you had done it yourself? How will you assess the quality of work provided?
  • Your business - you may face a risk to your business if your outsourcing provider fails to deliver.
  • The third party/outsource provider - have you carried out due diligence on the potential supplier? Are there any marketing or branding issues, e.g. is the third party/outsource provider using the name of your firm on their own website? Will your arrangement affect your ability to comply the separate business outcomes in the SRA Code?
  • Other regulatory risks - these might include data protection (see the Law Society Data protection practice note and Information security practice note and the SRA's Silver Linings: cloud computing, law firms and risk, November 2013 and Spiders in the web: The risks of online crime to legal business March 2014 and bribery (see the Law Society Bribery Act 2010 practice note).

The SRA handbook Q&A on outsourcing provides a diagram to help you identify all the possible risks.

Having identified the specific risks that outsourcing presents, you may find it helpful to consider the following questions:

  • What activities, either legal activities or operational functions, do you want to outsource and why?
  • Which outsource provider are you intending to use and how will this arrangement work?
  • How will you monitor the quality of the outsourced work? Whom will the work be undertaken by and what is the level of expertise of those who undertake it?
  • How will you monitor compliance with the Handbook, including compliance with client care, confidentiality, conflict of interest, and equality and diversity requirements?
  • How will you highlight any relevant working relationships you may have with third party suppliers and ensure that your policies are aligned with data protection laws in both the United Kingdom and the European Union?

The systems and process your practice has in place play an important role in enabling compliance.

6 Equality and diversity

Practices should consider equality and diversity requirements when entering into outsourcing arrangements. Chapter 2 in the SRA Code on Equality and diversity is about encouraging equality of opportunity and respect for diversity and preventing unlawful discrimination in your relationship with clients and others.

7 More information

7.1 Advice and support

7.1.1 Practice advice

The Law Society provides support to solicitors on a wide range of areas of legal practice. The service is staffed by solicitors and can be contacted on 020 7320 5675 from 09:00 to 17:00 on weekdays.

Vist the Practice Advice Service website.

7.1.2 Other

Solicitors Regulation Authority's Professional Ethics Helpline for advice on conduct issues

Guide to outsourcing - Have you considered using legal process outsourcing (LPO) services but are not sure where to start? The Law Society's guide explains the basics, highlights key issues to consider and profiles the experience of firms that have used LPO both onshore and offshore.

Download the guide (PDF 500Mb)

7.1.3 Law Society Consulting

If you require further support, Law Society Consulting can help. We offer expert and confidential support and guidance, including face-to-face consultancy on risk and compliance. Please contact us on 020 7316 5655, or email

Find out more about our consultancy services

7.1.4 SRA resources

SRA handbook Q&A on outsourcing.

The resources tab throughout the Handbook is also a source of information.


Did you find what you were looking for?
What were you looking for?
Did you use the site search?

Feedback from you will help us improve out website. If you would like us to contact you please leave your contact details.

Practice Advice Service

The Practice Advice Service provides a dedicated support line for Law Society members and employees of law firms. Call us on 020 7320 5675.

> Contact the Practice Advice Service
Previous versions

Previous versions of this page are available below:

Related content


In-house Division annual conference 2017

Calling all in-house lawyers - attend interactive panels and workshops relevant to your industry.

In-house Division annual conference 2017 > More
Contentious Probate Handbook
Contentious Probate Handbook

Covers all aspects of the law and practice relevant to probate disputes.

Contentious Probate Handbook > More
Lasting powers of attorney
Lasting Powers of Attorney, 3rd edition

Updated and expanded, this practical guide covers developments in law and practice since 2011.

Lasting Powers of Attorney, 3rd edition > More
Boundary Disputes, 2nd Edition
Boundary Disputes, 2nd edition

A concise exposition of the law of boundary disputes.

Boundary Disputes, 2nd edition > More