In a recent article, we pointed out that the SRA Handbook and Code had been in force for nearly two years. Under this new regulatory framework, the SRA has termed the roles compliance officer for legal practice (COLP) and compliance officer for finance and administration (COFA). Since January 1st 2013, all practices must have a COLP and a COFA in place. The purpose of this article is to explain who can be a COFA, what the role of the COFA entails, as well as focusing on the recording and reporting requirements. It is worth pointing out that the role of COLP and COFA can be carried out by the same individual and this might may be appropriate in a smaller practice.
A COFA must be an individual who:
- is an employee or manager of the practice
- is of sufficient seniority and in a position of sufficient responsibility to fulfill the role
- is approved by the SRA for that role and
- has consented to undertake the role.
There is no definition as to what sufficiently senior or responsible might mean but unlike a COLP, the COFA does not need to be a lawyer. This allows practices greater flexibility about who they can appoint. The main reason for this is that the role relates primarily to the SRA’s Accounts Rules. Therefore the COFA will need a good understanding of the rules applying to solicitors, rather than just a general financial understanding.
The role of the COFA is a fundamental part of a practice’s compliance and governance arrangements. The responsibilities placed on a COFA are broad. While the responsibility for compliance ultimately rests with the managers of a practice, COFAs may also find regulatory action is taken against them where they fail to meet their responsibilities. That said, the SRA has stated that the COFAs will not be used as ‘sacrificial lambs’ for lack of a practice-wide compliance culture. Nevertheless, it is important that COFAs ensure that they are in a position to carry out their role effectively. Even though compliance ultimately rests with the managers of a practice, there may be situations when a COFA reports issues to the SRA which may be against the wishes of the managers of the practice.
In essence, the role of the COFA is to:
- take all reasonable steps to ensure compliance with the SRA’s accounts rules
- take all reasonable steps to record all failures to comply
- as soon as reasonably practicable, report any such failures to comply to the SRA, although in the case of non-material breaches, the practice will still be deemed compliant if they are reported as part of the Information Report required under Rule 8.7 of the Authorisation Rules.
In order to be in a position to discharge their role fully, the COFA’s must consider whether they:
- have access to all accounting records
- carry out regular checks on the accounting systems
- carry out file and ledger reviews
- ensure that the reporting accountant has prompt access to all the information needed to complete the accountant’s report
- take steps to ensure that breaches of the SRA Accounts Rules are remedied promptly
- can report all breaches, which are material either on their own or as part of a pattern, to the SRA and
- can monitor, review and manage risks to compliance with the SRA Accounts Rules.
In addition to the COFA’s role in relation to the SRA’s Accounts Rules, there is also a role for COFAs to report when the practice is in serious financial difficulties. COFAs should therefore also need to consider whether they are able to access information on the practice’s overall financial status and be in a position to make an assessment of that status.
The SRA’s guidance highlights that COFAs are responsible for implementing and overseeing systems for compliance in relation to the Accounts Rules. It suggests that practices should consider the following:
- a system for ensuring that only the appropriate people authorise payments from client account
- a system for ensuring that undertakings are given only when intended, and that compliance with them is monitored and enforced
- a system for ensuring appropriate checks on new staff or contractors
- a system for ensuring that basic regulatory deadlines are not missed e.g. submission of the practice’s accountant’s report, arranging indemnity cover, renewal of practising certificates and registrations, renewal of all lawyers’ licences to practise and provision of regulatory information
- a system for monitoring, reviewing and managing risks
- ensuring that issues of conduct are given appropriate weight in decisions the practice takes, whether on client matters or practice-based issues such as funding
- file reviews
- appropriate systems for supporting the development and training of staff
- obtaining the necessary approvals of managers, owners and COLP/COFA
- arrangements to ensure that any duties to clients and others are fully met even when Staff are absent.
COFAs are required to report all breaches in compliances to the SRA as soon as reasonably practicable. However, in the case of non-material breaches, the practice will still be deemed compliant if they are reported as part of the Information Report required under Rule 8.7 of the Authorisation Rules. When deciding if a breach or series of breaches are material the COFA should consider:
- the detriment, or risk of detriment, to clients
- the extent of any risk of loss of confidence in the practice or in the provision of legal services
- the scale of the issue
- the overall impact on the practice, its clients and third parties.
It is important to note that while a single breach may be trivial, if it part of series then it may be material. For this reason, a COFA will need systems to identify patterns of breaches. It is a requirement that COFAs must keep a record of all breaches in compliance. Practices should seriously consider putting in place a centralised reporting system to allow them to capture and record all breaches in compliance.
Finally, it is important that COFA’s consider their personal liability and are satisfied that appropriate safeguards are in place. It is for individual COFAs to reach an agreement with their practice as to the best way to protect against any potential liability. There are a number of potential options that you may want to consider, including:
- an indemnity agreement
- an amendment to your employment contract
- an endorsement on the practice’s professional indemnity insurance (PII) policy, or
- an insurance product (eg Directors’ and Officers’ (D&O) cover or a specific COFA product.
As we said in our previous article, compliance is an ever changing environment and there is a lot of work required to get everybody trained on new procedures. But it doesn’t stop there. Compliance is an ongoing project and it is so important that the COFA is properly equipped to deal with the challenges of remaining compliant.
Financial Eye Ltd