There’s a moment every COLP recognises. A partner leans back and says, “We’ve always done it this way.”
Or: “Don’t overthink it.”
Or (a personal favourite): “We’ll tidy it up later.”
It’s rarely said with malice. Often it’s said with confidence. And that’s exactly why it is dangerous.
Because when senior people normalise risk, everyone else follows. The junior fee earner learns how compliance is treated in the firm. The support team learns what corners can be cut. The culture shifts, quietly, until the firm is living with a risk appetite it never consciously chose.
The COLP’s job isn’t to win arguments. It’s to protect clients and the firm, and to make sure the firm’s decisions are defensible when someone external looks at them: the SRA, the Legal Ombudsman, the insurer, a lender panel, or a hostile opposing party. That means you have to be able to have the hard conversation calmly, quickly, and without turning yourself into the “Department of No”.
Why this is hard
Most COLPs don’t struggle because they don’t understand the rules. They struggle because the conversation is loaded.
You’re challenging someone senior. You’re often challenging someone who generates revenue. You may be challenging a friend. You may be challenging someone who hired you, or someone with a strong personality, or someone who is simply exhausted and wants the matter off their desk.
Add fee pressure, client pressure, and the natural human tendency to avoid awkwardness, and it’s no surprise that COLPs sometimes let things slide. The trap is that a small slide becomes a habit, and a habit becomes “how we do things”.
A helpful mindset shift is this: you’re not trying to prove someone wrong. You’re trying to convert a gut decision into a structured risk decision.
When you do that well, you get three benefits:
- You reduce the chance of harm to the client.
- You reduce the chance of harm to the firm.
- You create a clear record that you challenged, assessed, and took proportionate steps.
Some situations where this crops up
This conversation tends to arise in predictable places. Here are a few common ones.
“We’ll sort the AML later” – The partner wants to start work, money is coming in, and CDD/source of funds feels like a delay rather than a control. The COLP/MLRO instinctively knows this is how firms end up explaining themselves later.
High-volume work or aggressive marketing – The firm is pushing into claims, conveyancing, probate, or another volume area. The commercial model is moving faster than supervision, file review, and quality control.
Acting on the edge of the firm’s competence or risk appetite – Sanctions-adjacent work, politically exposed clients, complex cross-border structures, unusual funding routes, or a client who is plainly vulnerable but the matter “looks profitable”.
Supervision gaps – A new joiner, a firm merger, a busy team, and a partner who is comfortable letting juniors run. The warning signs are there, but nobody wants to say “this isn’t being supervised properly”.
In each of these scenarios, the partner usually has a story that makes sense to them: “this is how law firms work as a business”, “we can’t be precious”, “we’re not the only ones who do it”…
Your job is to bring the decision back to reality.
Impact, pattern, defensibility
When you feel the pressure rising in the conversation, come back to three questions.
Impact: who could be harmed and how? Is the client at risk (financially, emotionally, legally)? Are third parties at risk (beneficiaries, lenders, counterparties)? Is there a real possibility of loss or complaint? How “big” is the issue?
Pattern: is this a one-off or a sign of something bigger? The SRA is rarely interested in a single human error dealt with properly. It is very interested in serious issues, repeated weaknesses, cultural tolerance of shortcuts.
Defensibility: could we justify this to an external reviewer? Imagine explaining the decision to a regulator, an insurer, or the Legal Ombudsman. Not with legal gymnastics, but with a straight face. “We knew the risk, we took proportionate steps, we supervised properly, and we acted in the client’s best interests.”
You don’t need to quote rules to ask those questions. They’re business questions. They’re client questions. And they’re difficult to dismiss as “just compliance”.
A conversation framework
The easiest way to derail one of these conversations is to frame it as a binary argument: “you’re wrong and I’m right”, or “commercial versus compliance”. It triggers defensiveness, and you end up debating personalities rather than risk.
A better approach is to treat the discussion like any other business decision: get the facts, describe the risk in plain English, offer workable options.
Start by inviting the partner to explain what they want to do and why. Not in a patronising “tell me again” way, but in a genuine “help me understand the operational plan here” way. You’ll be surprised how often the act of articulating the plan exposes missing steps.
Once you’ve heard the plan, state the risk in practical terms. Avoid rule-citing unless you need it. Most senior people don’t respond well to a lecture, but they do respond to consequences. Talk in outcomes: client harm, complaints, insurer headaches, reputational damage, and defensibility if someone external asks questions later. The goal is to make the risk tangible.
Then shift quickly into “how do we do this safely?” rather than “we can’t do this”. Give options. Options reduce heat because they preserve agency. Often you only need two or three: pause and fix the missing control; proceed but with clear safeguards and tighter supervision; or stop/decline because it’s outside appetite. If you can present at least one option that protects commercial momentum while reducing risk, you’ll usually get far more traction.
Handling pushback without escalating
Most pushback sounds emotional, but it’s usually rooted in one of four fears: losing time, losing revenue, losing face, or losing control. If you can respond to the fear rather than the words, the temperature drops.
When you hear “you’re being too risk-averse”, what you’re really being told is “I think you’re slowing me down”. The best response is to anchor on proportionality. You’re not trying to eliminate risk; you’re trying to reduce avoidable risk to a level the firm can defend. A calm line like, “I’m not saying no — I’m saying yes, but safely, with the smallest control that we can justify later” often resets the dynamic.
When the pushback is “this will cost us the client”, you’re being invited into a false comparison: client loss today versus regulatory risk at some vague point in the future. Acknowledge the commercial pressure, then reframe the timeline. Complaints and negligence claims are not “future hypotheticals”; they are often the next step when things go wrong. The firm needs to choose which pain it prefers. You don’t have to be dramatic — just grounded: “I get the urgency. But if we take this risk and it unravels, we’ll lose more than the client.”
And when the pushback is personal — “you’re not a fee earner” or “you don’t understand the commercial reality” — it’s usually a status move, not a rational objection. The trick is not to take it. Bring it back to the firm’s ability to operate and the shared objective of staying in business. “My job isn’t to win fee arguments. My job is to keep us trading safely. If we can’t explain this decision later, it won’t matter how commercial it felt today.”
There’s one final pushback that deserves a specific response: “everyone does it”. Even if that were true (and it often isn’t), it’s irrelevant. Regulators don’t care that a bad habit is widespread. What matters is whether you can defend your decision and whether your firm is managing risks properly. A simple question like, “Would we be comfortable explaining that in writing to the SRA or our insurer?” usually ends the “everyone does it” line of attack.
Handled well, pushback becomes useful. It tells you what the partner values most in that moment — speed, revenue, certainty, control — and that helps you offer safeguards that meet the business need without compromising the firm’s fundamentals. The aim isn’t to win a debate. It’s to land a safe, workable decision that the firm can stand behind.
Evidence beats memory
One of the most underestimated parts of the COLP role is that, in a difficult moment, your future self needs evidence.
Good evidence doesn’t have to be a novel. It can be a short note that captures:
- What the issue was.
- The risks identified.
- The options considered.
- The decision taken and who owns it.
- The safeguards/actions and timescales.
- Any supervision steps agreed.
That single note can transform a regulatory conversation later. It shows you challenged, you thought, and you acted.
It also changes internal behaviour. When people know decisions will be recorded, they think more carefully about shortcuts.
This is just good risk management
A healthy firm isn’t one where COLPs never challenge. It’s one where challenge is normal, quick, and leads to better decisions.
In a healthy firm:
- Partners expect to explain their reasoning.
- COLPs don’t have to perform outrage to be heard.
- Safeguards are seen as business enablers, not friction.
- Risk decisions are recorded without drama.
- Patterns are spotted early, before they become regulatory events.
If you are having the difficult conversation every week with the same people on the same themes, it’s usually a systems issue, not a personality issue. Something in the firm’s incentives, supervision model, resourcing, or risk appetite is misaligned with what the firm says it believes.
That is where the COLP role becomes genuinely strategic: they aren’t just responding to incidents, but shaping the conditions that prevent them.
