You are here:
  1. Home
  2. Support services
  3. Advice
  4. Practice notes
  5. Compliance officers

Compliance officers

Last updated: 22 April 2016
The Legal Services Act 2007 requires that a head of legal practice and head of finance and administration are appointed in each ABS. The roles are termed compliance officer for legal practice and compliance officer for finance and administration.

Legal status

This practice note is the Law Society's view of good practice in this area. It is not legal advice.

Practice notes are issued by the Law Society for the use and benefit of its members. They represent the Law Society's view of good practice in a particular area. They are not intended to be the only standard of good practice that solicitors can follow. You are not required to follow them, but doing so will make it easier to account to oversight bodies for your actions.

Practice notes are not legal advice, nor do they necessarily provide a defence to complaints of misconduct or of inadequate professional service. While care has been taken to ensure that they are accurate, up to date and useful, the Law Society will not accept any legal liability in relation to them.

For queries or comments on this practice note contact the Law Society's Practice Advice Service.

SRA Principles

There are ten mandatory principles which apply to all those the SRA regulates and to all aspects of practice. The principles can be found in the SRA Handbook.

The principles apply to solicitors or managers of authorised bodies who are practising from an office outside the UK. They also apply if you are a lawyer-controlled body practising from an office outside the UK.

Terminology

Must - A specific requirement in legislation or of a principle, rule, outcome or other mandatory provision in the SRA Handbook. You must comply, unless there are specific exemptions or defences provided for in relevant legislation or the SRA Handbook.

Should

  • Outside of a regulatory context, good practice for most situations in the Law Society's view.
  • In the case of the SRA Handbook, an indicative behaviour or other non-mandatory provision (such as may be set out in notes or guidance).

These may not be the only means of complying with legislative or regulatory requirements and there may be situations where the suggested route is not the best possible route to meet the needs of your client. However, if you do not follow the suggested route, you should be able to justify to oversight bodies why the alternative approach you have taken is appropriate, either for your practice, or in the particular retainer.

May - A non-exhaustive list of options for meeting your obligations or running your practice. Which option you choose is determined by the profile of the individual practice, client or retainer. You may be required to justify why this was an appropriate option to oversight bodies.

SRA Code - SRA Code of Conduct 2011

OFR - Outcomes-focused regulation

SRA - Solicitors Regulation Authority

COLP - Compliance officer for legal practice

HOLP - Head of legal practice

COFA - Compliance officer for finance and administration

HOFA - Head of finance and administration

The Law Society also provides a full glossary of other terms used throughout this practice note.

1 Introduction

1.1 Who should read this practice note?

Compliance officers for legal practice (COLPs) and compliance officers for finance and administration (COFAs).

Solicitors involved in the appointment of COLPs or COFAs and anyone considering taking on a compliance role may also find it useful.

1.2 What's the issue?

All practices authorised by the Solicitors Regulation Authority (SRA) must appoint a compliance officer for legal practice (COLP) and compliance officer for finance and administration (COFA). Practices authorised by the SRA include recognised bodies (partnerships, LLPs, companies), recognised sole practitioners, and licensed alternative business structures (ABSs). 

The SRA Authorisation Rules for Legal Services Bodies and Licensable Bodies outline the requirements for the roles of COLP and COFA. 

This practice note explains who can be a COLP and COFA and what these roles entail, as well as recording and reporting requirements.

2 Who can be a COLP or COFA?

The role of COLP and COFA can be carried out by the same individual in a practice.

2.1 Who can be a COLP?

A COLP must be an individual who:

  • is a lawyer of England or Wales; a registered European lawyer (REL) or European lawyer regulated by the Bar Standards Board
  • is an employee or manager of the practice
  • is approved by the SRA for that role
  • has consented to undertake the role
  • is authorised to do one or more of the reserved activities specified in the practice's certificate of authorisation 
  • has not been disqualified from acting as a head of legal practice (HOLP) - as defined in the Legal Services Act 2007
  • is of sufficient seniority and in a position of sufficient responsibility to fulfil the role

A person cannot be a COLP if they have been disqualified from acting as a HOLP.

There is no definition as to what sufficiently senior or responsible might mean. However guidance indicates that COLPs should have:

  • clear reporting lines between themselves and the governing body of the practice ie the partners, members or directors
  • access to all management systems and arrangements and all other relevant information.

There may be no one ideally positioned to take on the role within your practice. In many cases, those with sufficient seniority may not have detailed knowledge of the compliance systems.

One solution may be to appoint a more senior person who delegates some of the day-to-day functions (but not responsibility) to other members of staff. However, the COLP should monitor any work they delegate and there should be clear reporting lines between the COLP and those carrying out day-to-day functions on their behalf.

2.2 Who can be a COFA?

A COFA must be an individual who:

  • is an employee or manager of the practice
  • is approved by the SRA for that role
  • has consented to undertake the role
  • has not been disqualified from acting as a head of finance and administration (HOFA) - as defined in the Legal Services Act 2007
  • is of sufficient seniority and in a position of sufficient responsibility to fulfil the role

As noted in section 2.1, there is no definition as to what sufficiently senior or responsible might mean.

Unlike a COLP, the COFA does not need to be a lawyer. This allows practices greater flexibility about who they can appoint. 

The role relates to the SRA's Accounts Rules.

Therefore the COFA will need a good understanding of the rules applying to solicitors, rather than just a general financial understanding.

2.3 Nomination of COLPs and COFAs

All practices authorised by the SRA must appoint a COLP and COFA. The same individual may be appointed to carry out both roles. 

ABSs need to have individuals appointed to the roles of COLP and COFA when they are licensed by the SRA. Authorised bodies must apply to the SRA for COLPs and COFAs to be approved (Rule 14 SRA Authorisation Rules 2011), except in the case of sole practitioners and firms with an annual turnover of no more than £600,000, where deemed approval applies (Rule 13.3). Deemed approval means that the SRA must be informed of the nomination before the person takes up their post, but the SRA does not undertake an approval process in relation to these individuals.

Read the SRA's guidance on nominating COLPs and COFAs

3 The role of compliance officers

Compliance officers are a fundamental part of a practice's compliance and governance arrangements. They are instrumental in creating a culture of compliance throughout the firm. It is important that compliance officers ensure that they are in a position to carry out their role effectively.

The responsibilities placed on compliance officers are broad. While the responsibility for compliance ultimately rests with the managers of a practice, compliance officers may also find regulatory action is taken against them where they fail to meet their responsibilities. However, the SRA will not use COLPs and COFAs as 'sacrificial lambs' for lack of a practice-wide compliance culture (see section 6 on personal liability)

Even though compliance ultimately rests with the managers of a practice, there may be situations when a compliance officer reports issues to the SRA which may be against the wishes of the managers of the practice. 

3.1 The role of the COLP

In essence, the role of the (COLP) is to:

  • take all reasonable steps to ensure compliance with the terms and conditions of their practice's authorisation
  • take all reasonable steps to ensure compliance with any statutory obligations for example, the duties imposed by the Legal Services Act 2007, the Solicitors Act 1974 and the Administration of Justice Act 1985
  • take all reasonable steps to record failures to comply, in order to be able to recognise material failures that must be reported to the SRA
  • report material failures to comply to the SRA as soon as reasonably practicable. Only ABSs are required to report non-material breaches as part of the Information Report required under Rule 8.7 of the Authorisation Rules (Rule 8 guidance note vii).
 

3.1.1 SRA regulatory arrangements

COLPs should note that compliance with the conditions of the licence includes compliance with all the SRA's regulatory arrangements including those within the SRA Handbook. The SRA regulatory arrangements include all rules and regulations set by the SRA in relation to:

  • authorisation
  • practice
  • conduct
  • discipline
  • qualification of persons carrying on legal activities
  • accounts and
  • indemnification and compensation arrangements.

With the exception of the Accounts Rules,COLPs must be in a position to be able to discharge these responsibilities.

3.1.2 General conditions of authorisation

General conditions are applied to all practice's authorisation (set out in  Rule 8 of the Authorisation Rules). These include conditions in relation to:

  • compliance with regulatory arrangements
  • suitable arrangements for compliance
  • management and control of a practice including approval of managers and owners
  • provision of information to the SRA

The range of general conditions placed on a practice's authorisation means that a COLP's responsibilities relate to a broad range of requirements. COLPs should become familiar with the general conditions as well as any additional conditions placed on their practice's licence.

3.1.3 Compliance systems

COLPs are responsible for ensuring systems are in place for compliance. COLPs may wish to consider the following: 

  • a system for ensuring that undertakings are given only when intended, and that compliance with them is monitored and enforced
  • a system for ensuring appropriate checks on new staff or contractors
  • a system for ensuring that basic regulatory deadlines are not missed, eg arranging indemnity cover, renewal of practising certificates and registrations, renewal of all lawyers' licences to practise and provision of regulatory information
  • a system for monitoring, reviewing and managing risks
  • ensuring that issues of conduct are given appropriate weight in decisions the practice takes, whether on client matters or practice-based issues such as funding
  • file reviews
  • appropriate systems for supporting the development and training of staff
  • obtaining the necessary approvals of managers, owners and COLP/COFA
  • arrangements to ensure that any duties to clients and others are fully met even when staff are absent.

The existence of the COLP does not detract from the practice's and managers' responsibilities and their obligations to comply with the SRA's regulatory arrangements.

3.2 The role of the COFA

The role of the COFA is to:

  • take all reasonable steps to ensure compliance with the SRA Accounts Rules
  • take all reasonable steps to record failures to comply, in order to be able to recognise material breaches of the SRA Accounts Rules that must be reported to the SRA 
  • report material failures to comply to the SRA as soon as reasonable practicable. Only ABSs are required to report non-material breaches as part of the Information Report required under Rule 8.7 of the Authorisation Rules (Rule 8 guidance note vii).

In order to be in a position to discharge their role fully, the COFA's must consider whether they:

  • have access to all accounting records
  • carry out regular checks on the accounting systems
  • carry out file and ledger reviews
  • ensure that the reporting accountant has prompt access to all the information needed to complete the accountant's report
  • take steps to ensure that breaches of the SRA Accounts Rules are remedied promptly
  • can report all breaches, which are material either on their own or as part of a pattern, to the SRA and
  • can monitor, review and manage risks to compliance with the SRA Accounts Rules.

In order to implement and oversee systems for compliance in relation to the SRA Accounts Rules, the COFA should consider the following:

  • a system for ensuring that only the appropriate people authorise payments from client account
  • a system for monitoring, reviewing and managing risks
  • ensuring that issues of conduct are given appropriate weight in decisions the practice takes, whether on client matters or practice-based issues such as funding
  • obtaining the necessary approvals of managers, owners and COLP/COFA
  • arrangements to ensure that any duties to clients and others are fully met even when staff are absent.

In addition to the COFA's role in relation to the SRA Accounts Rules, Outcome 10.3 of the SRA Code of Conduct implies that there is a role for COFAs to report to the SRA when the practice is in serious financial difficulties. COFAs therefore also need to consider whether they are able to access information on the practice's overall financial status and be in a position to make an assessment of that status.

3.3 The role of the COLP and COFA in smaller practices

The roles of COLP and COFA can be fulfilled by one person and this may be appropriate in smaller practices. 

However, those managing smaller practices should also remember that non-lawyers can take on the role of COFA. This provides practices with greater flexibility over who they might appoint, although care should be taken to ensure that those appointed have the relevant experience and knowledge.

The SRA highlights that 'what needs to be covered by a practice's compliance plan will depend on factors such as the size and nature of the practice, its work and its areas of risk'.

Smaller practices should consider carefully where there are risks to compliance and how these can be mitigated. Systems and processes should be proportionate. Overly complex systems are often by-passed and can become ineffective.

4 The reporting requirements

COLPs and COFAs are required to report material breaches in compliance to the SRA as soon as reasonably practicable. The SRA has indicated that as soon as reasonably practicable in most cases means immediately.

However, as is noted in 3.1 and 3.2 above, ABSs are required to report non-material breaches as part of the Information Report required under Rule 8.7 of the Authorisation Rules (Rule 8 guidance note vii).

4.1 What is 'material'

When deciding if a breach, or series of breaches are material the COLP or COFA should consider:

  • the detriment, or risk of detriment, to clients
  • the extent of any risk of loss of confidence in the practice or in the provision of legal services
  • the scale of the issue
  • the overall impact on the practice, its clients and third parties.

It is important to note that while a single breach may be trivial, if it part of series then it may be material. For this reason, a compliance officer will need systems to identify patterns of breaches.

Compliance officers must remember that the SRA Code covers a wide range of issues including business management and financial stability and should notify the SRA if they believe the practice is in serious financial difficulty.

4.2 Other reporting requirements

There are a series of other reporting requirements that are placed on the practice such as informing the SRA about changes to the practice. While these requirements are placed on the practice it is likely that in many cases the COLP will take on the role of reporting these issues to the SRA. 

4.3 Keeping records

COLPs and COFAs should keep a record of breaches in compliance, in order to be able to recognise material failures that must be reported to the SRA. It is for the firm to decide how breaches are recorded and monitored. Practices may consider putting in place a centralised reporting system to allow them to capture and record breaches in compliance. 

While data on all breaches may be difficult to collect, particularly in larger organisations, it can be valuable. The data may highlight areas where the risk of non-compliance is higher and allow the practice to put in place measures to mitigate against the risk of further non-compliance. The data can also be used to measure the effectiveness of interventions to improve compliance.

It is also important that the data is captured in such a way that the COLPs and COFAs can identify any patterns of breaches which may be material and must be reported to the SRA. This will be easier in smaller practices, where there are likely to be fewer breaches reported. 

5 Contingency planning

The SRA guidance highlights the need to have in place arrangements to ensure that any duties to clients and others are fully met even when staff are absent. As with all areas of the business practices should give consideration to how they will manage the absence of a compliance officer (e.g. due to holiday or illness, or retirement). 

If the practice ceases to have a compliance officer it will need to:

  • inform the SRA,
  • designate another manager or employee to replace its previous compliance officer and
  • make an application to the SRA for temporary approval of the new COLP or COFA, as appropriate.

This should be done immediately or in any event within seven days. Where a compliance officer is likely to be absent for a significant length of time they may need to be replaced. The practice should discuss whether replacement is appropriate action with their supervision team at the SRA.

6 Your personal liability

As noted in section 3 above, the SRA has made statements to the effect that COLPs and COFAs will not be used as 'sacrificial lambs' where there is a lack of a firm-wide compliance.

Rather, the SRA sees compliance officers as the formal points of contact for compliance in a practice. While the managers of a practice continue to bear the ultimate responsibility for a practice's compliance, compliance officers may also face regulatory action personally where they fail to meet their responsibilities.

For this reason, it is important that compliance officers consider their personal liability and are satisfied that appropriate safeguards are in place. It is for individual compliance officers to reach an agreement with their practice as to the best way to protect against any potential liability.

There are a number of potential options that you may want to consider, including:

  • an indemnity agreement
  • an amendment to your employment contract
  • an endorsement on the practice's professional indemnity insurance (PII) policy, or
  • an insurance product (eg Directors' and Officers' (D&O) cover or a specific COLP/COFA product).

6.1 Indemnity agreements

Many compliance officers entering into indemnity agreements with their practice to document their role and clarify how it will operate. This agreement can include a list of the compliance officer's duties and confirmation from partners that the officer can access relevant business information. These clauses could also be added to your employment contract.

You may also want to consider obtaining an indemnity agreement from your practice stating that you have a right to seek independent external legal advice, for your personal use, at the expense of the practice.

Another provision that could be included is an indemnity from the practice for liabilities arising from the role to the extent permissible by law, including payment of the compliance officer and third party's legal costs.

6.2 Professional indemnity insurance

It is also important to consider your potential exposure and examine the coverage already offered by your practice's insurance. Every practice must obtain a PII policy, in accordance with the SRA's minimum terms and conditions (MTC).

Firms are required to assess and purchase the level of PII that is appropriate for the firm (SRA Code, outcome 7.13). The total amount of PII you need will depend on your firm's size and exposure to risks. You should seek advice from your broker and/or insurer to ensure that you have a sufficient level of cover for your firm.  For further information to assist in your decision about whether or not you firm needs excess layer insurance, see the Law Society's advice on assessing and purchasing the appropriate level of cover.  

As a compliance officer for the practice, you will be an 'insured' under the MTC policy and therefore will be covered for any civil liability (eg professional negligence) arising from your work in private legal practice to extent that any such liability is covered by the MTC.

The MTC provides a broad range of cover, however, there are a number of significant exclusions that may expose compliance officers to liability. For example, defence costs for disciplinary proceedings by the SRA or Solicitors Disciplinary Tribunal (SDT) are not covered by the MTC.

Some insurers are prepared to include cover for these defence costs in addition to the MTC policy. Therefore, compliance officers should check, firstly, whether their practice has this additional cover either as an endorsement on its PII policy or as part of its D&O insurance policy; and, secondly, whether your role as compliance officer is covered under that policy.

For further information about the scope of the MTC, see the Law Society's PII practice note.

 6.3 Other insurance products

There are a number of specific insurance products that target compliance officers. You should read carefully the terms of any insurance policy and satisfy yourself that the policy will cover a potential risk to which you are exposed that is not covered by any indemnity agreement or other insurance policy provided by your practice.

There is an open question as to the extent to which any of the above options will be able to protect a compliance officer against fines and penalties to which they may be exposed. There is a general legal principle that no person should recover an indemnity against liability resulting from their own unlawful conduct.

There is no simple way to determine whether a particular fine or penalty will be covered by an insurance policy or indemnity agreement as each case will turn on its own facts. You may want to bear this principle in mind when considering whether a fine or penalty is insurable under law.

For further information about professional indemnity insurance see our PII advice pages.

7 More information

7.1 Law Society services

7.2 Law Society products

7.3 Solicitors Regulation Authority 

Professional Ethics Helpline for advice on conduct issues.
Webpage on COLPs and COFAs

Did you find what you were looking for?
What were you looking for?
Did you use the site search?

Feedback from you will help us improve out website. If you would like us to contact you please leave your contact details.

Practice Advice Service

The Practice Advice Service provides a dedicated support line for Law Society members and employees of law firms. Call us on 020 7320 5675.

> Contact the Practice Advice Service
Previous versions

Previous versions of this page are available below:

Related content

Recommended

Find a solicitor
Stand out to potential clients

Enhance your Find a Solicitor profile. It’s free to do – try it today.

Stand out to potential clients > More
My Law Society
Register for My Law Society

Tailor the information you receive from the Law Society website, the Gazette and Gazette Jobs.

Register for My Law Society > More
Lasting powers of attorney
Lasting Powers of Attorney, 3rd edition

This popular guide focuses on practical issues and potential pitfalls in the relevant law.

Lasting Powers of Attorney, 3rd edition > More
COLPs Toolkit 2nd edition
COLPs Toolkit, 2nd edition

This toolkit contains draft policies, checklists and other instruments demonstrating due diligence.

COLPs Toolkit, 2nd edition > More
Professional Development Centre
New bite-sized eLearning

Try our new range of 10-15 minute eLearning courses for free today. Find out more.

New bite-sized eLearning > More