(EDIT – since this COFA article was originally written in 2012, the regulatory regime for solicitors has had a major overhaul (see SRA Standards and Regulations), but the main thrust of the article remains valid. It has been updated for style and content.]
Missed that partners’ meeting when they appointed compliance officers and found yourself nominated as Compliance Officer for Finance and Administration (COFA)? It happens.
So what do you need to know before you enthusiastically/begrudgingly* take on the role? (*Delete as appropriate).
We have put together this list as a starting point for would-be COFAs. The usual disclaimer applies: this is just an overview and there is no substitute for reading the rules (in your case, the Principles, Code(s) of Conduct, Accounts Rules and Authorisation of Firms Rules).
1. Read “10 Things You Must Do as COLP”
Much of the content of that post will be relevant to your new position too:
- Negotiating protection for personal liability
- Analysing and auditing the business, from a client money perspective
- Putting in place risk management systems
- Have a compliance plan
- Train staff
- Record everything
- Keep everything under review
2. Become an Accounts Rules expert
The good news is that the new rules have been completely redrafted to make them more user friendly and outcomes-focused. The previous version always looked like a job half done.
They really have gone back to first principles with the 2019 Accounts Rules. The downside of course is that a lack of prescription brings with it a lack of certainty.
The SRA has tried to address this by publishing standalone Guidance. These guidance notes are a strange beast. They do not form part of the rules, so on the face of it are not mandatory. But every guidance note comes with the following health warning:
“We may have regard to [this guidance] when exercising our regulatory functions.”
Unfortunately, we have heard horror stories of individuals being appointed COFA with little or no understanding of, or interest in, their firm’s day-to-day transactions and accounting practices.
For anyone in that position, remember this: as COFA you will be responsible for your firm’s compliance with the rules and the position brings with it personal liability on a frightening scale. The SRA will wield the full range disciplinary sanctions (warnings, rebukes, conditions, striking off, publicity….) when needed.
So go on the training courses, invest in that manual and get your accounts staff to explain how they do things. Only then will you be ready to risk assess the accounts function, implement necessary changes and monitor for breaches.
3. Get to know your COLP counterpart
If you are performing both roles, firstly: brave you. Secondly: we think that it is possibly unwise unless either (a) you are a sole practitioner or very small firm (in which case you don’t have much choice), (b) your firm handles only small amounts of client money, or (c) you have no intention to earn much in the way of fees.
You cannot afford to play at being a compliance officer, and to do both roles is likely to take up a significant proportion of your time. Sorry, but it’s unavoidable.
Presuming that you are not performing both roles, it’s clear that COLP and COFA have to work together to ensure that the firm is fully compliant. For instance, a new Finance or IT system implemented without COFA input isn’t terribly likely to be a success.
Regular risk and compliance meetings are likely to be required. COLP and COFA should work as a team to present an audit trail that proves your firm has a strong compliance and risk management function.
You will also need to collaborate on reports to the SRA, annual renewals, PII renewal and internal systems.
On paper, the COLP’s responsibilities are much wider than the COFA’s. Most of the commentary and training available focuses on the COLP.
But that does not mean that your role is any less important to the firm, or that your personal responsibility is any less onerous. If there is a serious breach in the accounts function, it is potentially much more damaging than a breach in any other area of compliance.
Some smaller firms have appointed legal cashiers and practice managers as COFAs because they are the obvious choice in terms of their knowledge of the day-to-day transactions.
In many cases that will be the correct choice, but not all. Some individuals may not have the personal attributes necessary to take on the responsibility.
- Are they able to stand up for themselves against senior partners? Are they robust enough to report breaches to the SRA, even in the face of internal pressure not to?
- Do they have the necessary leadership qualities to implement and drive change?
- Do they even consent to taking the job? (NB. if the answer to that last one is a resounding “no” then they cannot be authorised).
On the other hand, would a partner without much knowledge of the Accounts Rules (other than “don’t plunder the client account) and no experience of bookkeeping be any more suitable? Possibly not, unless they have a skilled and supportive deputy in place.
4. Don’t become a banking facility
Whenever the SRA issues a Warning Notice it means they have given up giving guidance and require compliance. Or else.
The ‘improper use’ of the client account is one of these areas. Simply put, solicitors are not regulated as banks and so must not provide banking facilities. Processing money through a solicitor’s client account has the potential to hide transactions from the financial system’s AML controls and the insolvency process.
Rule 3.3 of the Accounts Rules says:
“You must not use a client account to provide banking facilities to clients or third parties. Payments into, and transfers or withdrawals from a client account must be in respect of the delivery by you of regulated services”.
Your client account should only contain funds that are closely connected to a piece of legal work. It matters not how sophisticated your client is, or how reasonable it might seem to be asked to facilitate additional receipts and payments. The rule and case law are clear.
You should ask yourself questions such as:
- Is there a real need for this money to come into our client account?
- Is there any justification for us to make payments to, or receive money from, third parties?
- Could the funds pass directly between the parties?
- Would it be more appropriate for this money to be held by a regulated institution?
We suggest that you are particularly vigilant when asked to act as an ‘escrow’ account. Unless there is a closely linked legal transaction, this is unlikely to be appropriate.
5. Ensure billing procedures are correct
Note that in order to be enforceable, bills must be “signed by the solicitor or on his behalf by an employee of the solicitor authorised by him to sign, or enclosed in, or accompanied by, a letter which is signed…” (Solicitors Act 1974, as amended by the Legal Services Act 2007). If it is routine for the accounts staff to sign bills or letters, it would be advisable to make a record of their authority to do so.
Also don’t forget to review the standard bill wording you send out on every invoice. Often a blind spot.
6. Provide great financial information
Part of your role as COFA will be to provide usable management information to decision makers. Even if you have a dedicated Finance Director, the COFA will be responsible for analysing the monthly client account reconciliation statements and reporting risks and compliance issues to the management team.
It is good practice to avoid sending raw financial data, since reams of decimal places are likely to be misunderstood or discreetly ignored.
Instead, you should summarise the data, interpret trends, present findings clearly and recommend any necessary action.
7. Get full authority and access
Put simply, a compliance officer must not be hindered in seeking out necessary information to monitor compliance. And they must be able to make reports to the SRA when necessary.
This applies equally to COLP and COFA. From an accounts point of view, you will need to ensure that you have access to all files and ledgers and it is worth putting this into a Compliance Officer Agreement with your firm.
8. Train your staff
Rules change, people come and go. It is important that you, and any accounts staff, are always up to speed on the SRA requirements. It is after all a popular place to start looking for non-compliance.
Having a good training program is surely a part of the “reasonable steps” required of the COFA (see Rule 9.2 of the Code of Conduct for Firms).
In addition, we think there is value in educating fee-earners about the main responsibilities of the accounts function. You might just find that this reduces errors, mistakes and having to chase people up. If nothing else, it gives a better understanding of the overall commercial context of practice management.
9. Monitor the firm’s financial stability
The SRA places a huge emphasis on financial stability. Rule 2.4 of the Code of Conduct for Firms says that firms must “…actively monitor [their] financial stability and business viability”.
It’s a recurring theme in the regulator’s assessment of risk in the profession. When a firm ‘goes pop’ there are risks to transactions, documents, money, undertakings and the public at large. Financial instability can lead to solicitors making dishonest decisions to prop up their business.
Although business viability is not strictly COFA territory (it is the responsibility of all of the management team), many COFAs oversee the entire finance function. That puts them in a prime position of accountability.
Take this one step further and look at the SRA reporting requirements. Rule 3.6 of the Code of Conduct for Firms requires prompt notification of “any indicators of serious financial difficulty”. Where does that duty kick in? It’s a judgment call, ultimately. But there is always going to be a natural tendency to avoid telling the SRA – it’s pretty easy to convince yourself that things aren’t that bad or will soon turn a corner. It will not be a comfortable decision to make.
You could use something like the financial stability monitoring tool to make an objective decision about where that reporting line is. Putting that in place while times are good is going to take a difficult decision out of your hands should hard times come along.
Want further guidance? Feel free to ask us a question.