The Role of the COFA
All practices authorised by the Solicitors Regulation Authority (SRA) must appoint a Compliance Officer for Finance and Administration (COFA) and Compliance Officer for Legal Practice (COLP). The purpose of this article is to explain who can be a COFA, what the role of the COFA entails, as well as focusing on the recording and reporting duties required by the COFA.
It is worth pointing out that the role of COLP and COFA can be carried out by the same individual and this might may be appropriate in a smaller practice. Firms will need to take into account the size and nature of the practice, areas of risk and nature of the work carried out.
A COFA must be an individual who:
- is an employee or manager of the practice
- is of sufficient seniority and in a position of sufficient responsibility to fulfill the role
- is approved by the SRA for that role
- has not been disqualified from acting as a Head of Finance and Administration (HOFA)
- has consented to undertake the role.
There is no definition as to what sufficiently senior or responsible might mean but unlike a COLP, the COFA does not need to be a lawyer. This allows practices greater flexibility about who they can appoint. The main reason for this is that the role relates primarily to the SRA’s Accounts Rules, therefore, the COFA will need a good understanding of the rules applying to the finances and accounts of solicitors, rather than just a general financial understanding. Often, a COFA will have a strong financial rather than legal background, such as accountancy or book-keeping.
COFAs need to be appointed by a firm and the appointment needs to be authorised by the SRA, in most cases, except for sole practitioners, where deemed approval will apply – in other words, there is no formal authorisation process for sole practitioners- they just need to notify the SRA that they will be the COFA before the post is taken.
The role of the COFA is a fundamental part of a practice’s compliance and governance arrangements. The responsibilities placed on a COFA are broad. While the responsibility for compliance ultimately rests with the managers of a practice, COFAs may also find regulatory action is taken against them where they fail to meet their responsibilities. It is important that COFAs ensure that they are in a position to carry out their role effectively. Even though compliance ultimately rests with the managers of a practice, there may be situations when a COFA reports issues to the SRA which may be against the wishes of the managers of the practice as a whole.
In essence, the role of the COFA is to:
- take all reasonable steps to ensure the firm’s compliance with the SRA’s accounts rules
- take all reasonable steps to record all failures to comply
- ensure that a prompt report is made to the SRA of any serious breach of the SRA’s accounts rules
- In addition, ABSs are required to report non-serious breaches to the SRA as part of the Information Report required under Rule 8.7 of the Authorisation Rules.
It is important to note that the SRA Standards and Regulations do not specify what is meant by the word “prompt” and we would encourage firms to document their own interpretation of this in their own policies and procedures, so that there is a benchmark for them to be audited against. For example, a firm may wish to document that they consider “prompt” to mean within 2 working days in this context, but this should be considered carefully in line with the guidance from the SRA that they consider the phrase “reasonably practicable” to mean “immediately”.
In order to be in a position to discharge their role fully, the COFA’s must consider whether they:
- have access to all accounting records
- carry out regular checks on the accounting systems
- carry out file and ledger reviews
- ensure that the reporting accountant has prompt access to all the information needed to complete the accountant’s report
- take steps to ensure that breaches of the SRA Accounts Rules are remedied promptly
- can report all breaches, which are serious, either on their own or as part of a pattern, to the SRA and
- can monitor, review and manage risks to compliance with the SRA Accounts Rules
- monitor constantly the financial stability and viability of the practice
In relation to this last point, COFAs should also consider whether they are able to access information on the practice’s overall financial status and be in a position to make an assessment of that status. As mentioned above, COFAs should be aware that they may have to make such a report to the SRA against the wishes of their fellow management team.
COFAs are responsible for implementing and overseeing systems for compliance in relation to the Accounts Rules. It is suggested that practices should consider having the following:
- a system for ensuring that only the appropriate people authorise payments from client account
- a system for ensuring that basic regulatory deadlines are not missed e.g. submission of the practice’s accountant’s report, arranging indemnity cover
- a system for monitoring, reviewing and managing risks
- a system ensuring that issues of conduct are given appropriate weight in decisions the practice takes, whether on client matters or practice-based issues such as funding
- file reviews where consideration is given to the accounting records and movement of money on the client side of a client matter ledger
- appropriate systems for supporting the development and training of staff
- obtaining the necessary approvals of managers, owners and COLP/COFA
- arrangements to ensure that any duties to clients and others are fully met even when staff are absent.
When deciding if a breach or series of breaches are serious, the COFA should consider:
- the detriment, or risk of detriment, to clients
- the extent of any risk of loss of confidence in the practice or in the provision of legal services
- the scale of the issue
- the overall impact on the practice, its clients and third parties.
It is important to note that while a single breach may be trivial, if it part of a series of similar breaches, then it may become serious for that reason. A COFA will therefore need systems to identify patterns of breaches. As stated above, it is a requirement that COFAs must keep a record of all breaches. Practices should seriously consider putting in place a centralised reporting system to allow them to capture and record all breaches in compliance. This information will be useful to determine if there are any patterns arising where procedures need to be put in place to prevent these breaches occurring in the future, and it will also identify key areas where the risk to the firm is highest.
Care should be taken to establish cover for absence of the COFA and also other key finance staff. A firm should consider appointing a Deputy COFA although this is not strictly necessary. If absence is expected to be long-term, the firm should think about replacing the COFA. This should be written into the firm’s polices and procedures. If the firm cease to have a COFA due to sickness or other absence, the firm must, within 7 days:
- inform the SRA
- designate a replacement COFA
- make an application to the SRA for approval of the new COFA
Finally, it is important that COFA’s consider their personal liability and are satisfied that appropriate safeguards are in place. It is for individual COFAs to reach an agreement with their practice as to the best way to protect against any potential liability. There are a number of potential options that you may want to consider, including:
- an indemnity agreement – documents their role and provides clarification, and states that the COFA has a right to seek personal independent legal advice in this role at the expense of the firm
- an amendment to your employment contract
- an endorsement on the practice’s professional indemnity insurance (PII) policy, or
- an insurance product (eg Directors’ and Officers’ (D&O) cover or a specific COFA product.
Compliance is an ongoing project and it is important that the COFA is properly equipped to deal with the challenges of remaining compliant. If you would like to discuss any aspect of compliance further with one of our experienced advisors, please contact us using the question form below.