Remote and hybrid working: PI implications for professional practices

~5 min read

Reviewed by Matthew Bartlett, Director · Last reviewed 01 July 2026

Hybrid working is now embedded in most professional practices. The three-days-in, two-days-home rhythm that emerged after 2020 has become a standard staffing model for solicitors, accountants, surveyors, IT consultants and independent financial advisers. The regulatory framework has not changed to accommodate it. The Financial Conduct Authority still expects firms to have adequate systems and controls under SYSC 4; the Solicitors Regulation Authority still expects effective supervision under the Standards and Regulations 2019; ICAEW still expects members to observe the Code of Ethics wherever they work. Professional indemnity insurance still responds to negligence in the same way. What has changed is the operational surface — and the questions PI insurers now ask on the proposal form.

Supervision at distance

Supervision is the area where regulators have shown the sharpest interest since 2020. SRA Standards and Regulations 2019 require managers to have effective supervision arrangements for the work carried out on behalf of clients — the physical location of the supervisee is not relevant, but the effectiveness of the arrangement is. ICAEW members are expected to maintain professional competence under the Code of Ethics, which means partners cannot delegate work to home-based juniors and assume it will land correctly. The Architects Registration Board sets similar expectations for architectural practices.

Firms adjust in several ways. Scheduled one-to-one review calls replace the ad-hoc corridor conversation. File-audit rotas are formalised so a partner sees a proportion of every fee earner's matters each month. Escalation triggers are documented so a junior knows when to stop and ring. Where the SRA or ICAEW examines a matter that has gone wrong, evidence of this discipline matters — the absence of it can be characterised as inadequate supervision.

File management — cloud versus local

PI cover conditions frequently oblige the insured to keep proper records and to be able to reconstruct the advice trail. A file that lives partly in a home-office drawer, partly in a personal email inbox and partly on a corporate document management system is a file that will be hard to defend. Most firms now standardise on a single cloud-hosted document platform with mandatory saving from home, and forbid local storage of client material on personal devices.

Data security and UK GDPR

UK GDPR obligations follow the data, not the desk. A solicitor reviewing a client file from a kitchen table is a controller processing personal data and is expected to have appropriate technical and organisational measures in place. That translates into full-disk encryption on the laptop, multi-factor authentication on every remote-access channel, a VPN or equivalent zero-trust arrangement, a clean-desk policy that extends to the home office, and clear rules on printing at home. The Information Commissioner's Office has indicated a breach originating from a home working arrangement will be assessed against the same standard as one from the office.

Supervising junior staff

Trainees are the cohort most exposed by hybrid working. The osmotic learning that used to happen — overhearing a partner's phone call, watching a redraft on a shared screen — does not happen when the trainee is at home. SRA rules require training principals to ensure the trainee receives proper training. ICAEW student regulations impose similar duties on training offices. ARB requires supervised experience for Part 3 candidates. Firms increasingly build structured shadowing days into the office rota so juniors are physically present when their supervisor is.

Home-office health and safety

Home-office health and safety sits mostly under employer's liability rather than PI. Where PI can intersect is when an unsuitable working environment contributes to a mistake — a solicitor advising on a complex transaction from a shared kitchen and missing a limitation date will find the environment cited in any subsequent claim narrative. Firms typically now conduct a documented home-working assessment for each hybrid member of staff.

Client meetings on Zoom and Teams

Video meetings are the default. From a PI evidence perspective, the question is what record survives. A short attendance note written up straight after the call is normally sufficient. Recording is permissible where all parties consent and the recording is stored under the firm's data retention policy, but a recording without consent is likely a UK GDPR breach and, for solicitors, a potential conduct issue.

How PI cover responds

Traditional PI wordings respond to negligent acts, errors or omissions in the conduct of the insured's professional business. The physical location of the negligent act is not usually a policy trigger. A junior associate who gives negligent tax advice from a home office is covered on the same basis as one who gives it from a desk in the office. Where hybrid working shows up is on the proposal form — insurers increasingly ask about remote-working policies, cyber controls, cloud storage, and supervision structures. Answering these questions carelessly can create a fair-presentation problem at the next renewal.

Worked example

A mid-tier solicitors firm operates a three-office, two-home hybrid model. A junior associate, working from home on a Wednesday, gives negligent tax advice on a corporate restructuring. The client relies on it. A £220,000 loss follows. The PI policy responds to the loss in the ordinary way — the negligence, not the location, is the trigger. Separately, the SRA opens a supervisory investigation into whether the firm's arrangements for reviewing junior work were adequate given the hybrid pattern. The two issues run in parallel. The insurer defends the claim; the firm defends the supervision arrangement to the regulator.

Practical safeguards

Firms most confident of their PI position tend to share several features. A written hybrid-working policy that ties into the file-review process. A single cloud document management platform with local storage disabled. Multi-factor authentication and full-disk encryption on all devices. A documented supervision framework with named supervisors and diary'd review points. A cyber policy alongside the PI policy so first-party costs of a data incident are not left on the balance sheet. And a habit of answering PI proposal-form questions on remote working carefully and completely.

Related guidance

For sector-specific PI context see the Apex Insurance Brokers pillar guides for solicitors, accountants, surveyors, architects, independent financial advisers and IT consultants.

Apex Insurance Brokers Limited is authorised and regulated by the Financial Conduct Authority. Firm reference number 724952. This entry is general information, not advice on any particular policy.

Looking at a PI policy and want a careful read of the wording?
Start a conversation