Written byHubSecure Editorial Team

Practical guides for secure client portals, RBAC, onboarding and regulated client operations.

Reviewed byHubSecure Security & Compliance Review

Reviewed for security positioning, workflow accuracy and implementation clarity.

Last updatedMay 7, 2026

Checked against the current HubSecure marketing site and product positioning.

A conflict of interest arises when a professional's duty to one client is — or could be — compromised by an obligation to another client, a personal interest, or a business relationship. For law firms and financial advisors, managing conflicts is not just an ethical obligation; it is a regulatory requirement with serious consequences for non-compliance.

The SRA Codes of Conduct, FCA COBS rules, MiFID II Article 23, and equivalent regimes across Europe all require documented conflict identification, management, and in some cases client disclosure. This guide covers the full cycle.

Related HubSecure buying path

Document Collection & Vault guidesecure document collectionSecure Vault moduleDropbox comparisondocument collection software guideGuide Librarybook a workflow demo

Related AML/KYC and compliance monitoring resources

Continue with AML/KYC monitoring module, compliance workflows, HubSecure for legal teams, HubSecure for finance teams, security and trust center.

Related use case

This guide belongs to the AML and KYC Guides cluster. Continue with the product hub for aml and kyc.

Types of Conflict: Understanding the Landscape

High risk

Own-interest conflict

The firm or an individual has a financial or personal interest that conflicts with the client's interest. Examples: acting for a client in a transaction where the firm holds shares in the counterparty; advising a borrower where the firm has a lending relationship with the lender.

High risk

Conflict between two clients

The firm acts for two clients with directly opposing interests in the same matter or related matters. The classic example: acting for both buyer and seller in a property transaction. Under SRA rules this is a "conflict of interest" that typically cannot be managed — you must decline one instruction.

Medium risk

Former client conflict

Confidential information obtained during a previous client relationship could be used to harm that client if the firm now acts against them. This is sometimes called a "conflict arising from a former client" and requires a separate analysis even after the matter has closed.

Medium risk

Personal conflict

A fee earner or advisor has a personal relationship with a party to the matter — family member, personal creditor, social connection — that could impair their objectivity. May be managed by recusal of that individual, but must be logged.

Manageable

Commercial conflict

Acting for competing businesses in unrelated matters. Generally permissible with appropriate information barriers (ethical walls), provided neither client's confidential information is relevant to the other's matter.

Regulatory Framework

SRA Codes of Conduct (England & Wales)

Paragraph 6 of both the Solicitor Code and Firm Code prohibits acting where there is a "conflict of interest" between clients, and requires "effective systems and controls" to identify conflicts. Non-compliance can result in fines, suspension, or strike-off.

FCA COBS 11.3 / MiFID II Article 23

Investment firms must take "all appropriate steps to identify and to prevent or manage" conflicts of interest. Where prevention is not possible, firms must disclose the conflict in sufficient detail — but FCA guidance cautions that disclosure alone is not a substitute for management. Firms must maintain a written conflicts of interest policy and a conflicts register.

EU AMLA and AML Directives

AML compliance officers and UBO verification officers must be independent from the business units they oversee. A compliance officer with a personal or financial stake in a client relationship presents a conflict that must be managed before the relationship can proceed.

GDPR implications

The conflicts register processes personal data (names of clients, counterparties, related persons). This must be covered in your RoPA. The lawful basis is typically Article 6(1)(c) — legal obligation. Access must be restricted to those with a legitimate need.

What Your Conflicts Register Must Contain

There is no single prescribed format, but the following fields represent best practice and are sufficient to satisfy SRA, FCA, and MiFID II audit inquiries:

Field Purpose Retention
Conflict ID Unique identifier for cross-referencing with matter file Life of matter + 6 years
Date identified Shows the check was run before or at client inception Life of matter + 6 years
New client / matter The proposed client and matter description Life of matter + 6 years
Conflict party Existing or former client / related party with potential conflict Life of matter + 6 years
Conflict type Own-interest / client-client / former-client / personal / commercial Life of matter + 6 years
Risk assessment High / Medium / Low with brief rationale Life of matter + 6 years
Action taken Declined / Information barrier / Disclosure / Approved (with reasoning) Life of matter + 6 years
Approver Name and role of the partner / compliance officer who approved the action Life of matter + 6 years
Client disclosure Was the conflict disclosed to the client? Date and method Life of matter + 6 years

The Conflict Check Process

A conflict check must run before any substantive engagement with a prospective client. Running it at the time of engagement letter is too late — information shared in the initial consultation may already have created obligations.

Step 1: Identify all relevant parties. For a legal matter this includes the prospective client, all counterparties, directors and UBOs, and any guarantors. For financial advice this includes the client, their connected persons, and any corporate entities in the transaction chain.

Step 2: Search the conflict register and matter database. Cross-reference all identified parties against existing and former clients, open matters, and any previous conflict entries. The search should include phonetic matching (to catch spelling variations) and corporate group relationships.

Step 3: Assess and categorise the result. If no conflict is found, document that the check was run and record a nil-conflict result. This is as important as recording a positive finding — it is your evidence that due diligence was performed.

Step 4: Escalate positives for partner / compliance review. Any positive match must go to a senior partner or the Compliance Officer immediately. The decision to proceed, decline, or manage must be made by a senior qualified person — not the fee earner handling the matter.

Step 5: Implement the management mechanism. Information barriers must be genuinely implemented — separate file access, instructions to staff, a log of who is privy to each matter. A verbal instruction to "stay in your lane" is not a barrier.

When You Must Decline

Under SRA rules, some conflicts simply cannot be managed. If a conflict of interest between two current clients means you cannot act in both their best interests simultaneously, you must decline one instruction — usually the later one. Obtaining both clients' informed consent does not cure this type of conflict.

Similarly, under MiFID II, if a conflict "cannot be managed with reasonable certainty that the risk of damage to the interests of the client will be prevented," the firm must refrain from acting — disclosure alone is not sufficient.

Document every decline decision carefully. The absence of a matter on your files does not prove you declined — a dated entry in the conflict register does.

HubSecure

Conflict checks built into client onboarding

HubSecure's CRM runs conflict checks automatically at the start of every new client onboarding flow — searching across active matters, former clients, and UBO records. Every check is logged with timestamp and approver for your audit trail.

Book a demo → Legal solution