You are here:
  1. Home
  2. News
  3. Blog
  4. It’s risky business without a risk register

It’s risky business without a risk register

06 June 2017

If you're not a Compliance Officer for Legal Practice (COLP), you might ask what a risk register is, and if you are a COLP, you should definitely have one. 

What is a risk register?

A risk register is simply a tool (commonly used in business generally) in which all the potential risks to a firm are identified and assessed according to priority. They are monitored and assessed within a time frame in order to mitigate those key risks.

It is good practice to record your regulatory risks, or your most serious risks, in a risk register as the SRA takes the view that firms demonstrating a responsible approach will be supported, making the need for enforcement action less likely.

Regulatory requirements

Risk registers form part of an existing knowledge base around the measurement and management of risk. From a regulatory perspective they became more prominent after the SRA introduced outcomes-focused regulation (OFR) with the SRA Handbook 2011. This risk-based approach emphasised the need for firms to manage their own risk, not through adherence to strict rules, but to general principles, outcomes and behaviours.

There is no strict obligation to have a risk register but the SRA Code of Conduct, Chapter 7, Outcome 7.3, requires that

‘you identify, monitor and manage risks to compliance with all the Principles, rules and outcomes and other requirements of the Handbook, if applicable to you, and take steps to address issues identified.’

To my mind, it would require several complex and connected documents to achieve the same desired outcome that a risk register would.

The advantages of a risk register

A risk register can be used as a tool to identify, assess and manage risk to acceptable levels. Actions can then be taken to reduce the probability and potential impact of specific risks.

Of all the areas of compliance that the SRA requires you to address, risk management is the least tangible. To avoid spending more time on it than you can afford, you need a well constructed register that can:

  • Improve your internal risk management processes
  • Heighten risk awareness across the firm
  • Prioritise the identification of risks and the mitigation of them
  • Operate as a useful management tool for making any strategic decisions for the firm as a whole
  • Provide support for the COLP and Compliance Officer for Finance and Administration (COFA) by ensuring systems are in place to meet the particular obligations of those roles
  • Reduce your PI insurance costs
  • Meet the obligations of the SRA

However, a risk register should not be a 'tick box' exercise. It's important that it's regarded both as a 'living' document in the firm's overall risk strategy and a proactive framework for continuously analysing and managing any shifting threats and challenges.

Monitoring the risk register

To meet the challenge of continuous monitoring and updating, the COLP should ensure that any changes feed into the firm's overall compliance plan and that there is buy-in from the strategic leadership within the organisation.

Useful tips for successful monitoring:

  1. Ensure that you capture new and emerging risk by keeping up-to-date. The SRA's 'Risk Outlook' is a useful guide to identifying high risk issues.
  2. It is important that someone owns the risk register (usually the COLP) and co-ordinates all the key players in the organisation to feed into it.
  3. Make sure the risk register has profile within the firm—it should be on the agenda at management meetings and have the buy-in of the most senior people in the organisation.
  4. It pays to involve different departments as well as support staff in contributing to the register—different areas of the business will face different risks.
  5. Used properly, the risk register can be a tool not just for monitoring risk but can reveal strategic opportunities for the firm that might not otherwise be apparent.

Priority risks

The challenge is to keep the register under review and to regularly capture any new and emerging risks. Any risks that do emerge need to be measured and action plans should be reassessed on a regular basis to ensure that targets are met.

Some of the key risks on our radar for 2017:

  • Continuing threats from cybercrime
  • Upcoming changes to data protection law
  • Implications of the changes in anti-money laundering, including the new Money Laundering Regulations and the recent Criminal Finances Act 2017
  • The challenges and uncertainty over Brexit
  • Forthcoming changes to the SRA Handbook


A risk register template can provide a quick and easy framework that is simple to complete and ensures you include all the elements necessary to assess, treat and manage the risks facing your organisation. Risk registers make sense—and firms who manage their risk effectively are more likely to enjoy:

  • Fewer complaints and claims
  • A reputation for quality
  • Repeat business
  • Preferential PII premiums
  • Less management time spent dealing with the regulator
  • Less risk of incurring regulatory sanctions

This allows you to achieve a consistent level of quality over time.

The Law Society's Risk and Compliance Service offers a subscription member service as well as bespoke advisory solutions for legal businesses

Follow Risk and Compliance on Twitter

Tags: business

About the author

Pearl Moses is Head of Risk & Compliance at the Law Society

Follow Risk and Compliance on Twitter

  • Share this page:

Adam Johnson | Adele Edwin-Lamerton | Ahmed Aydeed | Alex Barr | Alex Heshmaty | Alexa Lemzy | Alexandra Cardenas | Amanda Adeola | Amanda Carpenter | Amanda Jardine Viner | Amy Bell | Amy Heading | an anonymous sole practitioner | Andrew Kidd | Andrew McWhir | Andy Harris | Anna Drozd | Annaliese Fiehn | Anne Morris | Anne Waldron | anonymous female solicitor | Asif Afridi and Roseanne Russell | Bansi Desai | Barbara Whitehorne | Barry Wilkinson | Becky Baker | Ben Hollom | Bhavisha Mistry | Bob Nightingale | Bridget Garrood | Caroline Marlow | Caroline Roddis | Caroline Sorbier | Carolyn Pepper | Catherine Dixon | Chris Claxton-Shirley | Christina Blacklaws | Ciaran Fenton | CV Library | Daniel Matchett | Daphne Perry | David Gilroy | David Yeoward | Douglas McPherson | Duncan Wood | Elijah Granet | Elizabeth Rimmer | Emily Miller | Emily Powell | Emma Maule | Floyd Porter | Gary Richards | Gary Rycroft | Graham Murphy | Gustavo Bussmann | Hayley Stewart | Hilda-Georgina Kwafo-Akoto | Ignasi Guardans | James Castro Edwards | Jane Cassell | Jayne Willetts | Jeremy Miles | Jerry Garvey | Jessie Barwick | Joe Egan | Jonathan Andrews | Jonathan Fisher | Jonathan Smithers | Jonathon Bray | Julian Hall | Julie Ashdown | Julie Nicholds | June Venters | Justin Rourke | Karen Jackson | Kate Adam | Katherine Cousins | Kaweh Beheshtizadeh | Kayleigh Leonie | Keiley Ann Broadhead | Kerrie Fuller | Kevin Hood | Kevin Poulter | Larry Cattle | Laura Bee | Laura Devine | Laura Uberoi | Leah Glover and Julie Ashdown | Leanne Yendell | Lee Moore | LHS Solicitors | Linden Thomas | Lucy Parker | Maria Shahid | Marjorie Creek | Mark Carver | Mark Leiser | Markus Coleman | Martin Barnes | Mary Doyle | Matt Oliver | Matthew Still | Max Rossiter | Melissa Hardee | Michael Henson-Webb | Neil Ford | Nick Denys | Nick O'Neill | Nick Podd | Nikki Alderson | Oz Alashe | Patrick Wolfe | Paul Rogerson | Pearl Moses | Penny Owston | Peter Wright | Philippa Southwell | Preetha Gopalan | Prof Sylvie Delacroix | Rachel Brushfield | Rafie Faruq | Ranjit Uppal | Ravi Naik | Remy Mohamed | Richard Collier | Richard Coulthard | Richard Heinrich | Richard Mabey | Richard Messingham | Richard Miller | Richard Roberts | Rita Gupta | Rob Cope | Robert Bourns | Robin Charrot | Rosa Coleman | Rosy Rourke | Sachin Nair | Saida Bello | Sally Azarmi | Sally Woolston | Sam De Silva | Sara Chandler | Sarah Austin | Sarah Crowe | Sarah Henchoz | Sarah Smith | Shereen Semnani | Shirin Marker | Siddique Patel | Simon Day | Sofia Olhede | Sonia Aman | Sophia Adams Bhatti | Sophie O'Neill-Hanson | Steve Deutsch | Steve Thompson | Stuart Poole-Robb | Sue James | Susan Kench | Suzanne Gallagher | The Law Society Digital and Brand team | Tom Chapman | Tom Ellen | Tony Roe | Tracey Calvert | Umar Kankiya | Vanessa Friend | Vicki Butler | Vidisha Joshi | William Li | William McSweeney