What the SSB Law Collapse Teaches COLPs and Directors of Risk About Systems Failure

by | Oct 16, 2025

When a system fails, it’s rarely because of a single catastrophic event. More often, it’s the result of small, compounding errors—missed signals, flawed processes, and a lack of joined-up thinking. The recent Carson McDowell review for the Legal Services Board (LSB), examining the Solicitors Regulation Authority’s (SRA) handling of complaints about SSB Law, is a case study in how regulatory systems can break down, and what we can learn to avoid repeating the same mistakes.

Under the Legal Services Act 2007, the LSB and SRA have a statutory duty as follows:

  1. “In this Act a reference to “the regulatory objectives” is a reference to the objectives of—
  1. protecting and promoting the public interest;
  2. supporting the constitutional principle of the rule of law;
  3. improving access to justice;
  4. protecting and promoting the interests of consumers;
  5. promoting competition in the provision of services within subsection (2);
  6. encouraging an independent, strong, diverse and effective legal profession;
  7. increasing public understanding of the citizen’s legal rights and duties;
  8. promoting and maintaining adherence to the professional principles;
  9. promoting the prevention and detection of economic crime.”

It seems to us that the admitted failures in this case have undermined the public interest aspect.

The Pattern Behind the Problem

Between January 2019 and March 2024, the SRA received over 100 reports about SSB Law. Early warnings were missed; patterns of misconduct were mistaken for isolated service complaints. The SRA’s assessment threshold test (ATT)—designed to filter which reports warranted investigation—was applied in a way that failed to connect the dots. Instead of seeing a systemic issue, the SRA saw a series of unrelated grievances.

This is a classic “failure to see the forest for the trees.” When information is siloed, and staff lack access to the full picture, the system becomes blind to emerging risks. The SRA’s staff didn’t have a process to share intelligence about SSB’s unusual structure or rapid growth. By 2023, SSB had nearly 200 staff but fewer than 10 qualified solicitors—a red flag missed because no one was looking at the whole.

The Cost of Poor Process

The review found that the SRA’s investigations were often desk-based and ineffective. They relied on SSB to provide information, did not engage properly with complainants, and missed opportunities to follow up on critical lines of enquiry. Even when SSB’s financial instability was obvious—debts of £128m, high-interest loans, and defaulted payments—the SRA accepted reassurances at face value and closed the file.

This is a lesson in the danger of “tick-box” thinking. When process becomes a substitute for judgment, organisations lose the ability to respond to reality. The SRA’s managerial review scored the investigation as “exactly what we’re looking for,” despite clear evidence of financial distress. The system was working as designed, but the design was flawed.

For law firm COLPs and Directors of Risk, there are lessons to be learned from the SRA’s missteps, risk data needs to viewed in context. 

Bias and Blind Spots

One of the most troubling findings was the alleged “two-tier approach” to complainants. Reports from solicitors received more attention than those from lay clients, many of whom were vulnerable elderly, disabled, or non-native English speakers. Most client reports were closed without investigation, while those from law firms or barristers led to deeper scrutiny.

This highlights the importance of designing systems that are inclusive and user-friendly, especially for the vulnerable. If your process makes it harder for those most at risk to be heard, you’re not just failing them—you’re failing the purpose of regulation itself.

Again, COLPs and Directors of Risk have an excellent opportunity to reflect on how their regulator got it wrong and learn from regulators’ mistakes.

Four Lessons for Better Systems

The Carson McDowell review offers four key recommendations, but the underlying lesson is broader:

  1. Connect Information: Staff need access to all relevant data when assessing risk. Siloed information leads to missed patterns.
  2. Prioritise Vulnerability: Systems must be designed to recognise and respond to the needs of the vulnerable, not just the well-informed.
  3. Empower Investigation: Training and procedures should encourage curiosity and follow-up, not just compliance with minimum standards.
  4. Manage Transitions Thoughtfully: When firms close, the transfer of client files must be handled with care to protect public interest.

Final Thought

Regulatory failure isn’t just about missed rules—it’s about missed opportunities to learn, adapt, and improve. For law firms, this is a case in which, rather than criticising the regulator for its rather obvious failures (which is fun for 5 minutes but helps your business not at all), they should learn from their mistakes and avoid repeating the error.

The SSB Law case is a reminder that systems are only as good as their ability to see, connect, and act on the truth. The best systems are designed to learn from their own mistakes. The challenge now is to build a regulatory culture that does just that.

If you would like to review your complete system of managing risk, then you can commission us to review your firm’s approach and report to you on the strengths and weaknesses. Email us at: info@bennettbriegal.co.uk. This service is offered for a fixed fee reflecting the three to four days of work typically involved, so it is not cheap, but if something goes wrong, the value of an independent review of your whole approach to risk management is worth its weight in gold.