The SRA may have stepped back from immediate, sweeping change to the client account model, but it has kept the regulatory spotlight firmly on COFAs.
Its latest consumer protection consultation continues to emphasise safeguarding client money and floats potential changes in areas such as accountants’ reports, eligibility criteria for COLP and COFA roles, and increased oversight where a firm’s risk profile changes.
That direction of travel is significant for anyone in, or thinking of taking on, a COFA role. The consultation activity, together with the lessons the regulator has drawn from high-profile failures (including Axiom Ince), is a reminder that the SRA is actively re-examining whether existing arrangements do enough to prevent loss of client money and to detect problems early.
What this means in practice is that the COFA role is becoming more exacting. It is no longer enough for the COFA to be a “recipient” of finance information or to rely on periodic external assurance from reporting accountants.
In Accounts Rules investigations, interviewing the COFA has become routine, and investigators will look at competence, evidence of training, supervision, written guidance and the effectiveness of internal controls.
A practical way to think about COFA oversight is “client account health”. The reconciliation bundle is often where risk is first visible. Can the COFA understand them, interrogate them, and evidence that they have done so?
Examples of what we mean by this include: checking the extraction date and supporting records; ensuring it is a proper three-way reconciliation (and that designated deposit accounts are included); scrutinising outstanding and un-presented items, especially late receipts; understanding and challenging adjustments and unexplained differences; spotting patterns in shortages and breaches and ensuring shortages are corrected immediately; reviewing residual balances and their distribution across the firm; and taking a hard look at suspense, sundry and miscellaneous ledgers that can conceal risk.
There is also the reporting decision. Where something has gone wrong, internal pressure can push towards delay or minimisation. Ultimately, the reporting decision sits with the COFA, and the regulator will expect a structured assessment of intent, sums, speed of detection and remediation, harm (including potential harm), and whether there is a wider pattern.
Free webinar: 21 January 2026
On 21 January we’re running a COFA-focused webinar on one of the most critical Accounts Rules controls: client account reconciliations. We’ll cover the mechanics of a “clean” reconciliation, the common red flags and horrors, and the judgement calls COFAs face when the numbers don’t feel right. The session includes expert insight from two former SRA Forensic Investigators.
In-person COFA masterclasses in 2026: expressions of interest now open
We will also be running in-person COFA masterclasses throughout 2026. These sessions will go beyond the theory and into the realities of reviewing reconciliation packs, challenging anomalies, building repeatable controls, and evidencing COFA oversight in a way that stands up under scrutiny.
If you would like early access to dates and locations, we are now taking expressions of interest.
