We recently hosted one of our most candid and engaging webinars to date: Compliance Officers Anonymous. The concept was simple — a safe, judgment-free space where compliance officers and law firm leaders could ask the burning questions that keep them up at night. No question was too awkward or too niche, and all contributions were treated sensitively and confidentiality.
The result was a lively, honest session covering everything from tricky billing complaints to redacting staff names in subject access requests. Here are the major themes:
Kicking off: the state of compliance culture
We began with a quick poll: How would you describe your compliance culture?
The majority described theirs as “mostly good with a few squeaky wheels”. This echoes our own experience — most teams are committed, but there are always pockets of resistance or misunderstanding that undermine broader efforts.
When costs catch up with you: historical billing complaints
Our first question: a probate matter where no initial cost estimate was given, interim bills were issued over the years, and a new fee earner eventually summarised costs — triggering client complaints.
The consensus? While it looks like an accounts rules issue at first, it’s fundamentally a client care problem. Even if no records can be found, it doesn’t automatically mean you must waive fees. An open conversation with the client about expectations and value is key.
Firms should also consider whether this is an isolated lapse or a systemic issue, especially if the original fee earner has left.
When the other side’s competence worries you
A practitioner shared concerns about the competence of a solicitor on the other side: sloppy emails, basic errors, and poor supervision.
When does concern become a duty to report?
Before going straight to the SRA, try raising it internally with their COLP or department head. If ignored, escalation may be necessary.
No one wants to “shop” another professional, but public protection comes first — and the Code of Conduct requires you to act if the incompetence poses a real risk.
Conflicts and own interest issues
Another question focused on a historical error leading to a possible own interest conflict. The client might be difficult, especially around costs.
Our gut feel was to step away now rather than having to do so later. Own interest conflicts don’t require an actual conflict – a significant risk is enough to prohibit acting.
Often the safest route is to step back and recommend the client seeks independent advice. It protects both the client and the firm.
AML: the biggest headache
Our second poll confirmed AML as the biggest compliance headache currently for Compliance Officers. Constant rule changes, SRA inspections, and fines make it a minefield.
One question highlighted clients refusing to provide UBO identification, citing privacy, and saying that other firms don’t take this approach.
Our message was that your risk profile is yours alone – what other firms do is irrelevant. Refusal to provide ID is a red flag, not a reason to relax requirements. The greater the resistance, the more you should push.
Ultra-high-net-worth clients often have teams ready to provide documents. Don’t be afraid to ask; in many cases, they are prepared and willing. You’re not going to be the first person to ask.
Regulated vs unregulated businesses
We also discussed directors running both regulated and unregulated businesses (e.g., conveyancing and estate agency).
It’s possible, but transparency and separation are critical. Clients must be free to choose alternatives.
Staff sharing is not prohibited but requires safeguards to protect confidentiality. Good compliance officers focus on practical solutions, not blanket “no” answers.
Balancing reporting duties with staff well-being
A particularly thoughtful discussion focused on protecting staff when mandatory reporting of their conduct is required.
Culture matters: reporting is about duty, not punishment. If you intend to stand by your colleague in the face of investigation, provide support, explain your remedial actions clearly to the SRA, and demonstrate ongoing supervision and training.
This approach often leads to more proportionate outcomes — and can even close investigations more quickly.
Redacting staff names in subject access requests
A late question tackled whether to redact staff names in data subject access requests (DSARs).
Fundamentally, DSARs entitle individuals to their own personal data, not necessarily everything in the file. Third-party data (like staff names) should generally be redacted unless there’s consent or another lawful basis to share. In some cases, that will of course be pointless – the client knows who their solicitor is, for example.
Post webinar reflections
One thread ran throughout: compliance officers carry immense weight. They juggle updates, policies, queries, training, and investigations — while trying to foster a positive culture.
So it’s no surprise that most respondents reported receiving “seriously?”-type compliance questions several times a week. But these questions are opportunities: chances to educate, reinforce policies, and build confidence.
The session confirmed that compliance is as much about culture as it is about rules. A culture of openness, support, and transparency will always handle challenges better.
If you missed the session, we hope this write-up offers practical comfort. A recording is available to COLP Insider newsletter subscribers. And if you’re awake at 3 a.m. wondering about reporting, redaction, or difficult clients — you’re not alone.
Want to join our next session?
Join the COLP Insider mailing list for invitations to our future free events and webinars.
