SRA Compliance and Practice Management Software

Written by Andrew Donovan7 minutes well spent
Download This Article as a PDF
Loading ...
An illustration of files linking to a cloud with a lock symbol, which links to a laptop. The image indicates data security in the cloud.

For most law firms and legal practitioners, regulatory compliance is never far from mind. Can practice management software help lawyers to meet their regulatory requirements, including those set out by the Solicitors Regulation Authority (SRA)? In the guest post below, Andrew Donovan, founder of SRA compliance specialist firm, the Compliance Office, examines this issue. 

SRA requirements and practice management software

We don’t tend to think of lawyers as being especially vulnerable individuals in contract negotiations. As skilled negotiators, trained in the minutiae of contract law, shopping around for new tech or other law firm products should be easy, right? Wrong. My SRA compliance consultancy works exclusively with solicitors, and I frequently encounter lawyers with serious buyer’s remorse, trapped in a long-term contract. Why? Well, solicitors work with a lot of other solicitors and all of them are subject to special ‘fiduciary’ duties. This means that a solicitor’s client should receive the advice which is best for them, even if it is not the most profitable option for the law firm. Telling a white lie as a lawyer? That could literally end your career. No wonder then that some solicitors fall for sharp sales tactics—for a lot of them, it’s a whole new world. 

We help a lot of law firms and ABSs through the SRA authorisation process as they set up their law firm. We’re also keen to steer them towards tech solutions which will help in terms of SRA compliance without costing the earth. A question I often get asked is if the SRA require firms to use a particular type of case management or practice management system. The short answer is no, the SRA are not prescriptive about the tech you make use of. They do however emphasise in broad terms the need for systems to be effective in maintaining confidentiality and to form part of the infrastructure of a well-run firm. This does result in an unfortunate (but common!) position in which the SRA has set a high bar to be hit, without much in the way of guidance on how to achieve it. There are, however, a few factors which I always guide people to be mindful of.

1. Security features

I occasionally speak with a lawyer who tells me that their friend gets by with just a laptop and an Office365 subscription. If you’re on your own and reasonably tech-savvy, then yes, possibly, that could be okay for a while. However, if you’re not confident in how to encrypt and back up your data effectively and securely, then I wouldn’t dream of risking it. The Information Commissioner’s Office (ICO) and the SRA are likely to find significant fault if you lose your data, and with that sort of set up, it can so easily happen: theft, an accident, virus, ransomware attack etc.  

That’s not to say that all cloud-based case management systems are entirely fool-proof, but you should very quickly take a significant step up if opting for a law firm-specific case management/practice management system. Why? Because now your documents and emails are available anywhere with an internet connection and backed up, regardless of what happens to your laptop. On a practical level, I also find that the minute you need to begin working with another colleague, it’s a nightmare to manage. 

Having everything in one place in the cloud makes collaboration far simpler. However, that does not necessarily mean that you need to go to the other extreme and buy the most sophisticated and complex case management system out there. Once you are comfortable with the security basics, you can primarily be led by what will work for you and your budget. Demo the different platforms to find out which one has what you need without being over-engineered for those needs and be wary of solutions that you’re not allowed to test out for yourself. This is especially important if you’re being asked to sign up to long term contracts. I never cease to be amazed at the number of law firms who have signed up to costly 3-year binding contracts before they have actually used the product.  

Similarly, the answer to the vexed question of how to securely share documents with clients is also worth considering in the context of your individual business. If you are working with very sensitive information or need to exchange large volumes of data, look for a solution which enables you to ‘drop’ the data into a secure portal for accessing online. While email continues to be used routinely for confidential matters by lawyers, if an unprotected email goes to the wrong place containing very sensitive or voluminous confidential data regulatory action could well follow.

2. SRA compliance data & good matter management

Most law firms will be aware that the SRA expects them to keep logs of rule breaches and monitor other possible risk factors in their firm. Firms outsourcing SRA compliance support to my consultancy get access to our cloud-based logs for tracking key compliance issues: COLP & COFA rule breach logs, complaints, staff CPD, a gifts register, undertakings log etc. 

However, with small firms, the data can be more easily manageable, so a spreadsheet may be sufficient up to a point. If possible, look for a practice management system that allows you to customise the data you collect in it. We use Clio ourselves and make use of the ‘custom fields’ feature to help us track key information on our matters. You can then run reports on this data to get oversight of what is happening in the business. 

Similarly, you can make good use of the custom fields tools to check that client care letters have been sent, costs estimates are in place and being met, anti-money laundering checks have been completed etc. The custom fields can also be used to populate document production from a uniform set of precedents you can store in the system. 

Please, please, please, don’t input your client’s name and your contact details every single time you write a letter! Ultimately, a well set up system can actually remove the manual labour from compliance-focused file reviews and more manual matter management as well as enabling more uniform and efficient matter handling throughout the business.

3. Good business management

Finally, the right practice/case management system should enable you to run your business effectively and efficiently as well as your ‘files’. Ideally, the system would be good value for money while also allowing you to streamline processes and give strong insights into how the business is doing with management information reporting capabilities. 

It’s incredible how many law firms are still blind as to their real-time fee earner utilisation, for example. While the SRA is less prescriptive in these areas, if you get this right you will find hitting the right standards in the context of providing a proper standard of service while remaining profitable far simpler. 

Concluding thoughts

It is hard to conclude these thoughts without a slightly biased word on to whom we ultimately tend to direct law firms looking for a new case management/practice management system: Clio. While we don’t accept commissions for any individual client referral, I am biased in the sense that it is the platform we have ultimately chosen to use for our consultancy business and we love it. 

For start-ups in particular, I love that our clients are not going to be tied in for many years or charged set up costs. If for whatever reason it’s not the right fit for them, they’ve lost relatively very little. And for most, we know the platform is exactly what our clients will need from a case management/practice management system: secure, efficient, tailorable, works great with email and other tools such as DocuSign and great for data reporting and firm management too. 


About Andrew Donovan

Andy is a self-confessed SRA compliance geek. He literally helped write the book(s) on SRA compliance. While working at the SRA, Andy contributed to the drafting of the SRA Code of Conduct 2009 as well as the SRA Handbook 2011. Seeing a need in the market for a simpler set of compliance tools and keen to share knowledge more widely, Andy left the SRA in 2014 to establish the Compliance Office. Since then he has overseen the development of the Compliance Office into one of the leading SRA compliance consultancy services with a dedicated team of specialist consultants supporting law firms with their compliance and SRA authorisation. Andy has written extensively on the topic of SRA compliance including as a contributor to the ‘Law of Legal Services‘ published by LexisNexis. 

To learn more about Andrew Donovan and the services provided by the Compliance Office, visit


Categorized in: Business, Technology

PII costs a challenge?

Check out this free guide to solicitors' professional indemnity insurance for tips and techniques to getting the best deal.

Download for free