December 28, 2023

Regulation images


Every industry has specific legislations that apply to it. The role of a Regulator is important for the regulation of governance of any sector. The Regulator has the task of overseeing, monitoring and enforcing laws, rules and regulations. There are two types of regulation – self-regulation and government regulation. Self-regulation involves the voluntary adherence to a set of rules, guidelines or ethical standards. Self-regulation works by establishing internal policies and guidelines. To ensure compliance with the regulations, the relevant regulators monitor and demand systematic reporting by implementing periodic audits.

Government regulation refers to the creation and enforcement of laws and rules passed by the government. Government regulations also include the formation of different regulatory agencies with powers granted by the government to operate within specific sectors. These agencies are equipped with legal rights to release or suspend/withdraw licenses and permits and enforce the legislation accordingly. In legal practice, the Legal Practice Act 28 of 2014  (LPA) provides for the establishment of a Legal Practice Council (LPC) to regulate the affairs of legal practitioners and to set norms and standards.

How to regulate

There are two ways to regulate – through a risk-based approach or a rule-based approach. A risk-based regulatory approach is an approach ideal for enforcement of compliance with the regulatory requirements, and to protect against non-compliance. A risk-based approach means that supervisory agencies must understand the compliance risk to which regulated subjects are exposed and must take the appropriate mitigation measures per the level of risk. Risk-based regulation aims at making the regulatory response tailored to the specifics of each risk.

Risk-based enforcement is about focusing on outcomes rather than specific rules and processes as the goal of regulation. Focusing on outcomes entails a paradigm shift from a traditional conception of regulatory enforcement based on finding and punishing violations towards an approach where the law is the last resort (OECD “6 Risk-based regulation”, accessed 28 December 2023). The regulations are flexible and the approach does not include fixed rules and systems. A risk-based approach to supervision helps to improve the effectiveness and efficiency of regulation and also improves accountability. A rule-based regulatory approach refers to rules, guidelines and laws that govern the activities of organisations, e.g. complaint procedure. A rule-based approach corresponds to the letter of the law.

 How to enforce regulations

Enforcement can be categorized into non-legal and legal enforcement. Non-legal enforcement techniques include forceful or light-touch enforcement, and legal enforcement includes criminal or civil prosecution. Enforcement takes place through various instruments. In legal practice, available supervisory tools are ad-hoc inspections; and compliance returns. The LPC or the Board is empowered through s 87(2) (a) of the LPA to satisfy itself that the requirement of keeping proper trust accounting records is complied with and may conduct ad hoc inspections where necessary.

The need for such inspections may be triggered by a specific event, which may expose the sector to an increased compliance risk or happen as a result of the discovery of certain information, e.g., if a practitioner fails to distribute funds for a client. Tools focused on achieving regulatory outcomes are central to the efforts to make regulatory delivery more effective and efficient. Forceful enforcement is compelling obedience from law firms. In this approach of enforcement, the regulations become mandatory. With light-touch enforcement, law firms may be required to issue a separate declaration as an annexure to the annual report, such as maintaining a compliance risk management programme (CRMP).

Ethical compliance mechanisms promote a principled-based or the carrot approach which corresponds to the spirit of the law.  Legal compliance mechanisms tend to promote a rule-based approach which corresponds to the letter of the law. A rule-based approach may not necessarily be well suited for sector-wide regulatory non-compliance or where there is significant exposure to compliance risk, e.g. failure to file the audit report or if a cheque that has been drawn on the client’s trust account has been returned for insufficient funds, and may be used as the last resort.

The LPC needs to respond to non-compliance with regulatory requirements in ways that are appropriate to the violations involved and target enforcement and implementation efforts in the areas that pose the highest risk. Effective enforcement requires the availability of effective, proportionate and dissuasive sanctions in the event of non-compliance. In legal practice, the effectiveness of enforcement mechanisms depends on the general institutional environment. Weak resolution mechanisms give rise to the non-observance of mandatory legal rules. Much depends on the competence and regulatory style of the LPC, which may be more active or passive (Klaus J Hopt ‘Comparative Corporate Governance: The State of the Art and International Regulation’, accessed 28 December 2023)). Competence and regulatory style of improving supervision and enforcement of regulatory requirements stiffen enforcement practices and powers of supervisory agency.

The responsibility of regulators does not end with the publication of the rule ( OECD ‘Reducing the risk policy failure: Challenges for Regulatory compliance’ (2000), accessed 28 December 2023)).  Rules are only as good as their enforcement. Regulations should support effective enforcement, and law firms need some form of supervision. It is essential that regulators can react in timely and appropriate compliance enforcement when non-compliance occurs, and apply robust supervisory measures when breaches are identified. Regulators should take action relating to securing compliance with regulatory requirements in the event of a breach.

Regulation must be appropriate to risk and enforcement commensurate with the breach.  The frequency and intensity of supervision should be adjusted in line with the risk exposure of the sector. “Embedding risk-proportionality at the core of the regulatory systems is the most effective way to give them adequate legitimacy, resilience, agility and effectiveness” (OECD “6 Risk-based regulation”, (op cit.)). The intensity of regulatory enforcement and proportionality of enforcement measures are at the core of efforts to encourage compliance and to make regulatory supervision more effective, and efficient.

The LPC has a strong incentive to operationalise the risk-based approach to regulatory compliance supervision. Regulatory compliance requirements in legal practice may be enhanced by increasing the responsibilities of the practitioners and making them more accountable. The risk-based regulatory enforcement will enable law firms to become or remain compliant across the legal practice regulatory landscape.


Please note that our blog posts are informal commentaries on developments in the law at the time of publication and not legal advice.

About the author 

Sipho Nkosi

Sipho Nkosi is an experienced Legal Professional with a demonstrated history of working in the legal services industry. A strong legal professional with a B Proc degree focused in Law from the University of Natal (Howard College), with a keen interest in corporate governance and a profound insight into Compliance Risk Management. Skilled in litigation and procedural law, and an affiliate member of the Compliance Institute Southern Africa.

{"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}