You are here:
  1. Home
  2. Advice
  3. Practice notes
  4. Compliance officers

Compliance officers

9 October 2013

1 Introduction

1.1 Who should read this practice note?

Compliance officers for legal practice (COLPs) and compliance officers for finance and administration (COFAs).

Solicitors involved in the appointment of COLPs or COFAs and anyone considering taking on a compliance role may also find it useful.

1.2 What's the issue?

The Solicitors Regulation Authority (SRA) implemented outcomes-focused regulation (OFR) on 6 October 2011. The Law Society has published a practice note giving an overview of OFR.

The Legal Services Act 2007 requires that a head of legal practice (HOLP) and head of finance and administration (HOFA) are appointed within each alternative business structure (ABS). The SRA have decided that all practices, including those which are not ABS must appoint someone to these positions.

In its new regulatory framework, the SRA has termed the roles compliance officer for legal practice (COLP) and compliance officer for finance and administration (COFA). It is the SRA Authorisation Rules for Legal Services Bodies and Licensable Bodies that outlines the requirements for these roles.

All recognised and licensed bodies must have a COLP and a COFA in place. ABSs will need to have individuals appointed to these roles when they are licensed by the SRA.

This practice note explains who can be a COLP and COFA, what the role of COLP and COFA entails, as well as recording and reporting requirements.
 

Top of page

1.3 Status of this practice note

Practice notes are issued by the Law Society for the use and benefit of its members. They represent the Law Society's view of good practice in a particular area. They are not intended to be the only standard of good practice that solicitors can follow. You are not required to follow them, but doing so will make it easier to account to oversight bodies for your actions.

Practice notes are not legal advice, nor do they necessarily provide a defence to complaints of misconduct or of inadequate professional service. While care has been taken to ensure that they are accurate, up to date and useful, the Law Society will not accept any legal liability in relation to them.

For queries or comments on this practice note, contact the Law Society's Practice Advice Service.

Top of page

1.4 Terminology

Must - A specific requirement in legislation or of a principle, rule, outcome or other mandatory provision in the SRA Handbook. You must comply, unless there are specific exemptions or defences provided for in relevant legislation or the SRA Handbook.

Should

  • Outside of a regulatory context, good practice for most situations in the Law Society's view.
  • In the case of the SRA Handbook, an indicative behaviour or other non-mandatory provision (such as may be set out in notes or guidance).

These may not be the only means of complying with legislative or regulatory requirements and there may be situations where the suggested route is not the best possible route to meet the needs of your client. However, if you do not follow the suggested route, you should be able to justify to oversight bodies why the alternative approach you have taken is appropriate, either for your practice, or in the particular retainer.

May - A non-exhaustive list of options for meeting your obligations or running your practice. Which option you choose is determined by the profile of the individual practice, client or retainer. You may be required to justify why this was an appropriate option to oversight bodies.

SRA Code - SRA Code of Conduct 2011

OFR - Outcomes-focused regulation

SRA - Solicitors Regulation Authority

IB - indicative behaviour

COLP - Compliance officer for legal practice

HOLP - Head of legal practice

COFA - Compliance officer for finance and administration

HOFA - Head of finance and administration

A glossary of other terms used throughout this practice note is available on the SRA website.

Top of page

2 SRA Principles

There are ten mandatory principles which apply to all those the SRA regulates and to all aspects of practice. The principles can be found in the SRA Handbook.

When thinking about how to meet the outcomes in the Handbook, you must consider the principles which apply across the Handbook including the SRA Code. You should always bear in mind what the ten principles are and use them as your starting point when implementing the outcomes.

Top of page

3 Who can be a COLP or COFA?

The role of COLP and COFA can be carried out by the same individual in a practice.

3.1 Who can be a COLP?

A COLP must be an individual who:

  • is a lawyer of England or Wales; registered European lawyer (REL) or European lawyer regulated by the Bar Standards Board
  • is an employee or manager of the practice
  • is of sufficient seniority and in a position of sufficient responsibility to fulfil the role
  • is approved by the SRA for that role
  • has consented to undertake the role
  • and is authorised to do one or more of the reserved activities specified in the practice's certificate of authorisation.

A person cannot be a COLP if they have been disqualified from acting as a HOLP.

There is no definition as to what sufficiently senior or responsible might mean. However guidance indicates that COLPs should have:

  • clear reporting lines between themselves and the governing body of the practice ie the partners, members or directors
  • access to all management systems and arrangements and all other relevant information.

There may be no one ideally positioned to take on the role within your practice. In many cases, those with sufficient seniority may not have detailed knowledge of the compliance systems.

One solution may be to appoint a more senior person who delegates some of the day-to-day functions (but not responsibility) to other members of staff. However, the COLP should monitor any work they delegate and there should be clear reporting lines between the COLP and those carrying out day-to-day functions on their behalf.

Top of page

3.2 Who can be a COFA?

A COFA must be an individual who:

  • is an employee or manager of the practice
  • is of sufficient seniority and in a position of sufficient responsibility to fulfil the role
  • is approved by the SRA for that role and
  • has consented to undertake the role.

A person cannot be a COFA if they have been disqualified from acting as a HOFA.

As noted above, there is no definition as to what sufficiently senior or responsible might mean.

Unlike a COLP, the COFA does not need to be a lawyer. This allows practices greater flexibility about who they can appoint. The role, as set out by the Authorisation Rules, relates to the SRA's Accounts Rules.

Therefore the COFA will need a good understanding of the rules applying to solicitors, rather than just a general financial understanding.

Top of page

4 The role of compliance officers

The roles of compliance officers are a fundamental part of a practice's compliance and governance arrangements.

The responsibilities placed on compliance officers are broad. While the responsibility for compliance ultimately rests with the managers of a practice, compliance officers may also find regulatory action is taken against them where they fail to meet their responsibilities.

The SRA has stated that COLPs and COFAs will not be used as 'sacrificial lambs' for lack of a practice-wide compliance culture (for more information see section 8 on personal liability).

Read the full SRA statement.

It is important that compliance officers ensure that they are in a position to carry out their role effectively. Even though compliance ultimately rests with the managers of a practice, there may be situations when a compliance officer reports issues to the SRA which may be against the wishes of the managers of the practice.

4.1 The role of the COLP

In essence, the role of the (COLP) is to:

  • take all reasonable steps to ensure compliance with the terms and conditions of their practice's authorisation
  • take all reasonable steps to ensure compliance with any statutory obligations for example, the duties imposed by the Legal Services Act 2007, the Solicitors Act 1974 and the Administration of Justice Act 1985 (for further information about the extent of the obligation under this provision read our compliance officer FAQs)
  • take all reasonable steps to record all failures to comply. 
  • report material failures to comply to the SRA as soon as reasonably practicable. Only ABSs are required to report non-material breaches as part of the Information Report required under Rule 8.7 of the Authorisation Rules.

COLPs should note that compliance with the conditions of the licence includes compliance with all the SRA's regulatory arrangements including those within the Handbook. The SRA regulatory arrangements include all rules and regulations set by the SRA in relation to:

  • authorisation
  • practice
  • conduct
  • discipline
  • qualification of persons carrying on legal activities
  • accounts and
  • indemnification and compensation arrangements.

With the exception of the Accounts Rules,COLPs must be in a position to be able to discharge these responsibilities.

General conditions will be applied to all practice's authorisation and the conditions are set out in Rule 8 of the Authorisation Rules. These include conditions in relation to:

  • compliance with regulatory arrangements
  • suitable arrangements for compliance
  • management and control of a practice including approval of mangers and owners
  • provision of information to the SRA

The range of general conditions placed on practice's authorisation means that a COLP's responsibilities relate to a broad range of requirements. COLPs should become familiar with the general conditions as well as any additional conditions placed on their licence.

COLPs are responsible for ensuring systems are in place for compliance. The SRA have provided guidance on the systems it might expect to see practices put in place. It suggests that practices should consider the following:

  • a system for ensuring that undertakings are given only when intended, and that compliance with them is monitored and enforced
  • a system for ensuring appropriate checks on new staff or contractors
  • a system for ensuring that basic regulatory deadlines are not missed e.g., submission of the practice's accountant's report, arranging indemnity cover, renewal of practising certificates and registrations, renewal of all lawyers' licences to practise and provision of regulatory information
  • a system for monitoring, reviewing and managing risks
  • ensuring that issues of conduct are given appropriate weight in decisions the practice takes, whether on client matters or practice-based issues such as funding
  • file reviews
  • appropriate systems for supporting the development and training of staff
  • obtaining the necessary approvals of managers, owners and COLP/COFA
  • arrangements to ensure that any duties to clients and others are fully met even when staff are absent.

The existence of the COLP does not detract from the practice's and managers' responsibilities and their obligations to comply with the SRA's regulatory arrangements.

Read the Authorisation Rules guidance on the SRA website.

Top of page

4.2 The role of the COFA

The role of the COFA is to:

  • take all reasonable steps to ensure compliance with the SRA's accounts rules
  • take all reasonable steps to record all failures to comply
  • report material failures to comply to the SRA as soon as reasonable practicable. Only ABSs are required to report non-material breaches as part of the Information Report required under Rule 8.7 of the Authorisation Rules.

In order to be in a position to discharge their role fully, the COFA's must consider whether they:

  • have access to all accounting records
  • carry out regular checks on the accounting systems
  • carry out file and ledger reviews
  • ensure that the reporting accountant has prompt access to all the information needed to complete the accountant's report
  • take steps to ensure that breaches of the SRA Accounts Rules are remedied promptly
  • can report all breaches, which are material either on their own or as part of a pattern, to the SRA and
  • can monitor, review and manage risks to compliance with the SRA Accounts Rules.

IN addition to the COFA's role in relation to the SRA's Accounts Rules, the SRA's Quick guide to outcomes focused regulation also implies that there is a role for COFAs to report when the practice is in serious financial difficulties.

COFAs should therefore also need to consider whether they are able to access information on the practice's overall financial status and be in a position to make an assessment of that status.

The SRA's guidance highlights that COFAs are responsible for implementing and overseeing systems for compliance in relation to the Accounts Rules. The SRA has provided guidance on the systems it might expect to see practices put in place. It suggests that practices should consider the following:

  • a system for ensuring that only the appropriate people authorise payments from client account
  • a system for ensuring that undertakings are given only when intended, and that compliance with them is monitored and enforced
  • a system for ensuring appropriate checks on new staff or contractors
  • a system for ensuring that basic regulatory deadlines are not missed eg submission of the practice's accountant's report, arranging indemnity cover, renewal of practising certificates and registrations, renewal of all lawyers' licences to practise and provision of regulatory information
  • a system for monitoring, reviewing and managing risks
  • ensuring that issues of conduct are given appropriate weight in decisions the practice takes, whether on client matters or practice-based issues such as funding
  • file reviews
  • appropriate systems for supporting the development and training of staff
  • obtaining the necessary approvals of managers, owners and COLP/COFA
  • arrangements to ensure that any duties to clients and others are fully met even when staff are absent.

Read the Authorisation Rules guidance on the SRA website.

Top of page

5 The role of the COLP and COFA in smaller practices

The roles of COLP and COFA can be fulfilled by one person and this may be appropriate in smaller practices. 

However, those managing smaller practices should also remember that non-lawyers can take on the role of COFA. This provides practices with greater flexibility over who they might appoint, although care should be taken to ensure that those appointed have the relevant experience and knowledge.

The SRA highlights that 'what needs to be covered by a practice's compliance plan will depend on factors such as the size and nature of the practice, its work and its areas of risk'.

Smaller practices should consider carefully where there are risks to compliance and how these can be mitigated. Systems and processes should be proportionate. Overly complex systems are often by-passed and can become ineffective.
 

Top of page

6 The reporting requirements

COLPs and COFAs are required to report material breaches in compliances to the SRA as soon as reasonably practicable. The SRA has indicated that as soon as reasonably practicable means within 24 hours. Read the SRA's statement

However, as is noted in 4.1 and 4.2 above, ABSs are required to report non-material breaches as part of the Information Report required under Rule 8.7 of the Authorisation Rules.

6.1 What is 'material'

When deciding if a breach, or series of breaches are material the COLP or COFA should consider:

  • the detriment, or risk of detriment, to clients
  • the extent of any risk of loss of confidence in the practice or in the provision of legal services
  • the scale of the issue
  • the overall impact on the practice, its clients and third parties.

It is important to note that while a single breach may be trivial, if it part of series then it may be material. For this reason, a compliance officer will need systems to identify patterns of breaches.

Compliance officers must remember that the SRA Code covers a wide range of issues including business management and financial stability and notify the SRA if they believe the practice is in serious financial difficulty.

Top of page

6.2 Other reporting requirements

There are a series of other reporting requirements that are placed on the practice such as informing the SRA about changes to that practice. While these requirements are placed on the practice it is likely that in many cases the COLP will take on the role of reporting these issues to the SRA. Read our summary of reporting requirements.

6.3 Keeping records

It is a requirement that COLPs and COFAs must keep a record of all breaches in compliance. Practices may consider putting in place a centralised reporting system to allow them to capture and record all breaches in compliance.

While data on all breaches may be difficult to collect, particularly in larger organisations, it can be valuable. The data may highlight area where the risk of non-compliance is higher and allow the practice to put in place measures to mitigate against the risk of further non-compliance. The data can also be used to measure the effectiveness of interventions to improve compliance.

It is also important that the data is captured in such a way that the COLPs and COFAs can identify any patterns of breaches which may be material. This will be easier in smaller practices, where there are likely to be fewer breaches reported. However, in larger practices there may need to be some system of categorisation of breaches e.g. by rule breached or area of law, to allow the COLP or COFA to identify patterns of breaches that may need to be reported to the SRA.

Top of page

7 Contingency planning

The SRA guidance highlights the need to have in place arrangements to ensure that any duties to clients and others are fully met even when staff are absent. As with all areas of the business practices should give consideration to how they will manage the absence of a compliance officer. If the practice ceases to have a compliance officer it will need to:

  • inform the SRA,
  • designate another manager or employee to replace its previous compliance officer and
  • make an application to the SRA for temporary approval of the new COLP or COFA, as appropriate.

This should be done immediately or in any event within seven days Where a compliance officer is likely to be absent for a significant length of time they may need to be replaced. The practice should discuss whether replacement is appropriate action with their supervision team at the SRA.

Top of page

8 Your personal liability

As noted in section 4 above, the SRA has made statements to the effect that COLPs and COFAs will not be used as 'sacrificial lambs' where there is a lack of a firm-wide compliance.

Rather, it sees compliance officers as the formal points of contact for compliance in a practice. While the managers of a practice continue to bear the ultimate responsibility for a practice's compliance, compliance officers may also face regulatory action personally where they fail to meet their responsibilities.

For this reason, it is important that compliance officers consider their personal liability and are satisfied that appropriate safeguards are in place. It is for individual compliance officers to reach an agreement with their practice as to the best way to protect against any potential liability.

There are a number of potential options that you may want to consider, including:

  • an indemnity agreement
  • an amendment to your employment contract
  • an endorsement on the practice's professional indemnity insurance (PII) policy, or
  • an insurance product (eg Directors' and Officers' (D&O) cover or a specific COLP/COFA product).

8.1 Indemnity agreements

Many compliance officers are entering into indemnity agreements with their practice to document their role and clarify how it will operate. This agreement can include a list of the compliance officer's duties and confirmation from partners that the officer can access relevant business information. These clauses could also be added to your employment contract.

You may also want to consider obtaining an indemnity agreement from your practice stating that you have a right to seek independent external legal advice, for your personal use, at the expense of the practice.

Another provision that could be included is an indemnity from the practice for liabilities arising from the role to the extent permissible by law, including payment of the compliance officer and third party's legal costs.

8.2 Professional indemnity insurance

It is also important to consider your potential exposure and examine the coverage already offered by your practice's insurance. Every practice must obtain a PII policy, in accordance with the SRA's minimum terms and conditions (MTC).

As a compliance officer for the practice, you will be an 'insured' under the MTC policy and therefore will be covered for any civil liability (eg professional negligence) arising from your work in private legal practice to extent that any such liability is covered by the MTC.

The MTC provides a broad range of cover, however, there are a number of significant exclusions that may expose compliance officers to liability. For example, defence costs for disciplinary proceedings by the SRA or Solicitors Disciplinary Tribunal (SDT) are not covered by the MTC.

Some insurers are prepared to include cover for these defence costs in addition to the MTC policy. Therefore, compliance officers should check, firstly, whether their practice has this additional cover either as an endorsement on its PII policy or as part of its D&O insurance policy; and, secondly, whether your role as compliance officer is covered under that policy.

For further information about the scope of the MTC, see the Law Society's PII practice note.

8.3 Other insurance products

There are a number of specific insurance products that target compliance officers. You should read carefully the terms of any insurance policy and satisfy yourself that the policy will cover a potential risk to which you are exposed that is not covered by any indemnity agreement or other insurance policy provided by your practice.

There is an open question as to the extent to which any of the above options will be able to protect a compliance officer against fines and penalties to which they may be exposed. There is a general legal principle that no person should recover an indemnity against liability resulting from their own unlawful conduct (Holman v Johnson).

There is no simple way to determine whether a particular fine or penalty will be covered by an insurance policy or indemnity agreement as each case will turn on its own facts. You may want to bear this principle in mind when considering whether a fine or penalty is insurable under law.

For further information about professional indemnity insurance see our PII advice pages.

Top of page

9 More information

9.1 Law Society services

9.2 Law Society products

9.3 Other products

Solicitors Regulation Authority's Professional Ethics Helpline for advice on conduct issues.

Top of page

 
 
 

Related content

Previous Versions

Previous versions of this page are available below: