Principles and risk-based regulation - Role of PII in risk m...

Learning Outcomes

This article examines risk-based regulation and the role of professional indemnity insurance (PII) in legal practice, including:

• The concept of risk-based regulation in legal practice
• Regulatory requirements for professional indemnity insurance (PII)
• PII as a risk management tool for solicitors and law firms
• Application to SQE1-style scenarios
• Ethical and regulatory implications of PII in practice
• The SRA’s minimum terms and conditions (MTCs)
• The duty to have “adequate and appropriate” cover
• Claims-made policies and notification duties
• Run-off cover on closure
• The interaction between PII, the SRA Principles and Codes of Conduct

SQE1 Syllabus

For SQE1, you are required to understand the principles of risk-based regulation and the role of professional indemnity insurance in managing risks in legal practice, with a focus on the following syllabus points:

• the concept and application of risk-based regulation in legal services
• the SRA's regulatory objectives and principles relevant to risk management
• the regulatory requirements for professional indemnity insurance (PII), including minimum terms and conditions
• the function of PII in protecting clients and the public interest
• the impact of PII on firm risk management and decision-making
• ethical and compliance considerations relating to PII and risk
• the SRA duty to be open with clients if things go wrong and the link with PII notification and claims handling
• run-off cover requirements on closure and the concept of a successor practice
• PII arrangements for freelance solicitors and non-commercial bodies
• how PII complements the SRA Compensation Fund in client protection

Test Your Knowledge

Attempt these questions before reading this article. If you find some difficult or cannot remember the answers, remember to look more closely at that area during your revision.

1. What is risk-based regulation and how does it influence the SRA's approach to supervising law firms?
2. Which of the following is a required feature of SRA-compliant professional indemnity insurance (PII)? a) Minimum cover of £1 million for all firms b) Cover for civil liability claims arising from professional practice c) Exclusion of claims arising from dishonesty d) No requirement for run-off cover
3. Why is PII considered essential for client protection in legal practice?
4. What are the consequences for a law firm that fails to maintain adequate and appropriate PII cover?

Introduction

Risk-based regulation is central to the modern supervision of legal services in England and Wales. The Solicitors Regulation Authority (SRA) uses this approach to identify, assess, and manage risks to its regulatory objectives, focusing resources on the most significant threats to the public interest and the integrity of the profession. Professional indemnity insurance (PII) is a key element of this system, providing financial protection for clients and supporting public confidence in legal services. In tandem with PII sits the SRA Principles and Codes of Conduct, which require firms to identify, monitor and manage material risks, act in each client’s best interests, and be open and honest when things go wrong. Understanding how these duties intersect with PII is fundamental to safe practice and to the SQE1 assessment.

Risk-Based Regulation: Principles and Application

Risk-based regulation means the SRA targets its regulatory activity at the areas of greatest risk to its objectives, such as protecting the public, upholding the rule of law, and maintaining trust in the profession. This includes both sector-wide risks (for example, money laundering in conveyancing or sanctions compliance) and firm-specific risks (such as financial instability or repeated service failures).

Key Term: risk-based regulation
A regulatory approach that identifies, assesses, and prioritises risks to regulatory objectives, focusing resources on the most significant threats.

The SRA's regulatory objectives include protecting consumers, supporting the rule of law, and encouraging an independent and effective legal profession. Risk-based regulation allows the SRA to:

• monitor firms for risks such as financial instability, poor systems, or high claims history
• require firms to implement risk management systems
• intervene or take enforcement action where risks are not managed
• focus supervision on practice areas or patterns of work that present higher harm (for example, high-value property or trust transactions vulnerable to fraud)

Firms are expected to manage their own risks proactively, including those relating to client money, conflicts, confidentiality, competence and professional negligence. The Codes of Conduct for Firms require identification, monitoring and management of material risks and the maintenance of systems and controls proportionate to the nature and scale of the business. The SRA combines this firm-based expectation with sector-wide analysis (including its Risk Outlook, thematic reviews and warning notices), enabling it to direct scrutiny where it is most needed, including in anti-money laundering compliance and client protection.

Key Term: regulatory objectives
The statutory aims set out in the Legal Services Act 2007 that guide the SRA and other regulators, including protecting the public interest and promoting consumer protection.

Professional Indemnity Insurance (PII): Regulatory Requirements

Professional indemnity insurance is a mandatory requirement for all SRA-authorised firms and freelance solicitors providing reserved legal services. PII protects clients and third parties from losses caused by a firm's civil liability, such as negligence, breach of duty or breach of trust. It is part of a broader consumer protection framework that also includes the SRA Compensation Fund, which may provide discretionary grants where client money has been misappropriated and no insurance responds.

Key Term: professional indemnity insurance (PII)
Insurance that covers a law firm's civil liability to clients and others arising from professional services, including negligence and certain other claims.

The SRA Indemnity Insurance Rules set out the minimum terms and conditions (MTCs) for PII. Key features include:

• cover for all civil liability claims arising from professional practice
• minimum cover of £2 million for partnerships and sole practitioners, and £3 million for incorporated firms (companies and LLPs)
• no exclusion for claims arising from dishonesty or fraud by employees or partners (although the dishonest individual cannot personally benefit from cover)
• defence costs usually covered in addition to, or within, the limit depending on policy wording, but the MTCs are intended to ensure defence costs do not erode client protection unfairly
• run-off cover for firms that close, providing protection for at least six years
• cover typically written on a claims-made basis, with notification duties for claims and circumstances that may give rise to a claim
• “one claim” and aggregation provisions defining when multiple matters are treated as a single claim for limit and excess purposes

Firms must ensure their PII is "adequate and appropriate" for their practice, which may require higher cover than the minimum. Insurers may offer “top-up” cover beyond the MTC minimum to reflect higher exposures (for example, catastrophic conveyancing or corporate transaction losses).

Key Term: minimum terms and conditions (MTCs)
The SRA-prescribed requirements that all PII policies must meet, ensuring a baseline level of client protection.

Key Term: claims-made policy
A policy that responds to claims (or circumstances notified) during the policy period, regardless of when the work giving rise to the claim was done.

Key Term: adequate and appropriate
A requirement that the scope and limit of insurance must be sufficient for the size, nature and risk profile of the firm’s business, not merely the MTC minimum.

Run-off cover is compulsory where a firm closes without a “successor practice”. The premium for run-off is commonly a one-off percentage of the last annual premium, and cover lasts for at least six years to match limitation periods.

Key Term: run-off cover
Compulsory post-closure cover (minimum six years) for claims first made after a firm ceases practice, protecting former clients where no successor practice assumes liability.

Freelance solicitors who provide reserved legal services must have “adequate and appropriate” PII that provides a similar level of client protection; solicitors working only in non-reserved services outside authorised firms must explain clearly to clients the absence or limits of protection and how the services are regulated.

In addition to insured liabilities, firms must appreciate what is not covered. Typical exclusions under the MTCs include fines and penalties, trading debts, and deliberate or reckless misconduct by the insured firm. Nonetheless, claims by clients for loss arising from civil wrongs (for example, breach of trust in a completion that fails due to identity fraud) are within the broad civil liability wording.

Worked Example 1.1

A two-partner law firm arranges PII cover of £2 million, the minimum required for partnerships. The firm regularly handles commercial property transactions worth £10 million. Is this level of cover adequate and appropriate?

Answer:
No. Although the cover meets the minimum, it may not be adequate for the firm's risk profile. The firm should assess its typical transaction values and consider increasing its cover to reflect potential liabilities.

The Role of PII in Risk Management

PII is a core risk management tool for law firms. It provides a financial safety net for clients and the public if a firm is negligent or otherwise liable for civil claims. PII also supports the SRA's regulatory objectives by:

• ensuring clients are compensated if things go wrong
• maintaining public confidence in the legal profession
• encouraging firms to identify and manage risks to avoid claims
• embedding learning and continuous improvement, because recurring claims or poor notifications will impact premium, terms or insurability

Key Term: risk management
The process by which a firm identifies, assesses, and controls risks to its business, clients, and compliance obligations.

Effective claims prevention and preparation form part of a firm’s PII strategy. Firms should maintain matter-level file hygiene, diarise key dates, use reliable identity verification and controls in conveyancing, ensure supervision at appropriate levels, and align engagement terms to the actual scope of retainer. When issues arise, early notification of “circumstances” to insurers is essential under claims-made policies and helps avoid coverage disputes; late or prejudicial admissions can jeopardise cover and will be relevant to compliance with the duty to be open and honest with clients and the SRA.

PII interacts with complaints-handling. Poor service may lead to LeO complaints, redress, or fee refunds; where service failures produce loss caused by breach of duty, a civil claim may follow. Firms must maintain an internal complaints process and be able to explain to clients how complaints are handled, the role of the Legal Ombudsman and, when appropriate, the route to civil redress.

A brief distinction: PII indemnifies civil liability owed by firms to clients and others; the SRA Compensation Fund provides discretionary grants primarily to replace client money misappropriated by a defaulting practitioner where insurance does not respond. Both mechanisms contribute to client protection and market stability.

PII and Ethical Responsibilities

Maintaining adequate PII is not just a regulatory requirement—it is an ethical obligation. Solicitors must act in the best interests of each client and safeguard client money and assets. PII demonstrates a firm's commitment to client protection and professional accountability. It also complements the duty to run the business with proper governance, financial stability and risk management.

Key Term: best interests of the client
The duty to put the client's interests first, including taking steps to protect them from foreseeable harm.

The SRA Codes impose further expectations that directly affect PII and claims handling. Firms and individuals must be open and honest with clients if things go wrong and the client suffers harm; they must explain what has happened, the likely impact, and whether the client may have a claim. They must also ensure accurate publicity and not mislead clients about the protections available, including informing clients on request about PII arrangements and displaying the SRA digital badge on the firm’s website.

Undertakings present a particular PII risk. They are enforceable promises and a core feature of legal practice (notably in property transactions). Breach of an undertaking can give rise to civil liability and regulatory consequences. Well-designed processes for giving, tracking and discharging undertakings are essential to control this risk and stabilise PII costs.

Worked Example 1.2

A solicitor misses a court deadline, causing a client to lose a valuable claim. The client sues for negligence. The firm's PII policy covers the loss, compensating the client and protecting the firm's financial stability.

Answer:
This example shows how PII operates as a safety net for both clients and the firm, fulfilling regulatory and ethical duties.

PII and Firm Decision-Making

PII requirements influence firm management decisions, including:

• which practice areas to offer (some areas attract higher premiums or excesses, for example conveyancing, private client and corporate work with higher fraud or transactional risk)
• client acceptance policies and matter-scoping (firms may decline high-risk clients or restrict the retainer to manageable tasks)
• investment in risk controls (such as staff training, dual authorisation on client account, ID verification tools, and robust file reviews)
• supervision models and competence mapping to ensure the right people do the right work
• resource allocation to ensure compliance and claims prevention, including AML systems and controls
• selection of top-up cover and stress testing exposure to aggregation risk (multiple similar claims being treated as “one claim”) versus separate limits
• transparency and communications, including website obligations and informing clients about PII and complaints arrangements

Firms with poor claims records may face higher premiums, higher excesses, narrower terms or difficulty obtaining cover, which can threaten viability. Good claims hygiene—prompt notifications, cooperation with insurers, centralised learning from claims and near misses, and avoiding unnecessary admissions—can materially improve a firm’s profile.

Worked Example 1.3

A firm receives multiple negligence claims in one year. Its insurer increases the premium and requires the firm to implement stricter risk management procedures. The firm invests in new case management software and staff training to reduce future claims.

Answer:
This scenario illustrates how PII requirements can drive improvements in firm risk management and influence business strategy.

Worked Example 1.4

A small company-structured firm decides to close without a buyer. It has ongoing matters and a clean claims record. What must it do about PII?

Answer:
The firm must arrange run-off cover for at least six years in line with the MTCs unless there is a successor practice assuming responsibility. It should notify its insurer of any known circumstances, inform clients, manage orderly file transfer and protect client money. Failure to secure run-off would leave former clients exposed and may trigger SRA enforcement.

Worked Example 1.5

A conveyancing team handled a series of transactions in which the same identity fraud methodology was used by impostors. Several buyers suffer loss and sue. The insurer asserts an aggregation clause applies, treating all claims as “one claim”. Why does this matter?

Answer:
Aggregation may mean a single limit and excess apply to all those claims. This can benefit the insured if multiple excesses would otherwise apply, but it can also concentrate exposure against one limit, risking exhaustion. Awareness of aggregation risk informs decisions about top‑up cover, excess levels and risk controls.

Worked Example 1.6

A freelance solicitor offers contract review services outside an authorised firm and does not carry out reserved activities. They do not hold PII. What should they communicate to clients?

Answer:
They must clearly explain whether and how their services are regulated and whether they have insurance. If they do not have PII, that should be stated transparently so clients can make an informed choice. If they later decide to carry out reserved activities, they must obtain adequate and appropriate PII.

Compliance and Enforcement

The SRA monitors compliance with PII requirements. Firms must:

• arrange and maintain compliant PII at all times
• provide evidence of cover to the SRA on request
• notify the SRA promptly if unable to obtain or maintain cover and cease practice if cover lapses
• arrange run-off cover on closure unless a successor practice exists
• be open with clients about their PII arrangements (for example, insurer name and contact details on request), display the SRA digital badge and publish required transparency information
• handle claims and complaints properly, including early notification to insurers and clear client communication

Failure to comply may result in enforcement action, including fines, conditions on practice, suspension, or intervention. Practising without PII is a serious breach; firms must cease new work immediately and take steps to protect clients, including informing clients and transferring files or funds as appropriate. Insurers will expect cooperation, adherence to notification provisions and non-prejudicial conduct. Admitting liability or settling without consent can prejudice cover.

To support compliance, firms should maintain a central log of potential and actual claims, integrate learning from complaints and claims into training, and regularly reassess whether their cover remains adequate and appropriate for their evolving risk profile.

Exam Warning

Failure to maintain adequate and appropriate PII is a serious regulatory breach. Firms without cover must cease practice and may be subject to SRA intervention. For SQE1, be prepared to identify the regulatory consequences of non-compliance.

Key Point Checklist

This article has covered the following key knowledge points:

• Risk-based regulation targets the most significant risks to the SRA's regulatory objectives.
• Professional indemnity insurance (PII) is mandatory for all SRA-authorised firms and freelance solicitors providing reserved legal services.
• PII must meet the SRA's minimum terms and conditions (MTCs) and be adequate and appropriate for the firm's risk profile.
• PII policies are claims-made; prompt notification of claims and circumstances is essential to preserve cover.
• Run-off cover of at least six years is required on closure unless a successor practice assumes responsibility.
• Aggregation provisions can treat multiple similar claims as “one claim”, affecting limits and excesses and informing top‑up decisions.
• PII protects clients and the public by providing compensation for civil liability claims, supporting public confidence in legal services.
• Maintaining PII is both a regulatory and ethical obligation; firms must be open with clients if things go wrong and explain potential claims.
• PII requirements influence firm risk management, decision-making, governance and investment in controls.
• Firms must cease practice if they cannot maintain cover and cooperate with insurers and the SRA on claims and compliance.
• PII complements the SRA Compensation Fund in delivering client protection.

Key Terms and Concepts

• risk-based regulation
• regulatory objectives
• professional indemnity insurance (PII)
• minimum terms and conditions (MTCs)
• claims-made policy
• adequate and appropriate
• run-off cover
• risk management
• best interests of the client