What the COFA’s in for

The introduction of the so called ‘Tesco Law’ provisions of the Legal Services Act on 6 October 2011 have been well trumpeted and this is not surprisingly the number one issue being discussed by law firms and their advisers at the present time. That is very closely followed by other issues currently impacting the legal sector, including legal aid reform; personal injury reform; difficult trading conditions; and regulatory reform.

I have included regulatory reform at the end of that list as it doesn’t quite get the juices flowing as much as the other issues that directly impact on the commercial aspects of the business of running law firms.

I can quite understand that approach, and in fact although I much prefer working with firms on more strategic issues, I also regularly help firms with compliance issues.

In addition to Tesco Law becoming possible from 6 October, the rigid rules based regulation of providers of legal services was replaced by ‘outcomes focused regulation’. As part of this, firms are required to appoint a compliance officer for legal practice (‘COLP’) and a compliance officer for finance and administration (‘COFA’).

In this article, I discuss the responsibilities of the COFA and some tips on how to carry out the role.

Who should the COFA be?

The COFA should be an employee or ‘manager’ within the law firm; so although I have been asked to be an outsourced COFA for law firms, I have declined the offers (although in truth, I probably wouldn’t have accepted even if I could, for reasons that will become clear in this article).

It is worth noting that ‘manager’ effectively means an owner of the firm.

Guidance notes issued by the SRA indicate that the individual appointed to this role needs to be sufficiently empowered, technically able and command enough authority within the firm to undertake the role effectively.

Discussions that I have had to-date with law firms have indicated that, in many cases, the role is being appointed to the finance director, the practice manager or a senior cashier. In many cases, it may be more appropriate for a senior member of the management team, such as the managing partner or finance partner, to take the role. The fact that the COFA needs power and respect within the firm will become clear in the responsibilities section of this article, and it means that in many cases, particularly in smaller firms, it is unlikely to be appropriate to appoint a cashier to this role.  In the larger firms, it is more likely that the finance director will take the role.

In the cases where firms are appointing a partner to the role, they may not have historically been involved in the day to day running of the finance function, and I have had many requests for support and training to bring such partners up to speed with their new responsibilities.

Main  responsibilities

  1. Taking steps to ensure that the authorised body, its employees and managers comply with any obligations under the SRA Accounts Rules;
  2. Record all failures to comply and report such breaches of the SRA Accounts Rules to the SRA as soon as reasonably practical; and
  3. Ensuring the firm has systems and controls in place to enable the firm, its managers and employees, and anyone who has an interest in the firm to comply with the new Handbook’s requirements on them.

What that means in practice

Essentially that means that, amongst other things, the COFA needs to:

  • Have knowledge of the SRA Accounts Rules (which also changed on 6 October – we run update training courses on the Accounts Rules in-house at law firms throughout the UK);
  • Ensure that everybody within the firm is aware of the Rules and how they impact on their day to day responsibilities;
  • Have a system for recording breaches of the Rules and for deciding what needs to be reported directly to the SRA and when.  Any material breaches will need to be reported as soon as practical, whilst non-material breaches will be reported on an annual basis; and
  • Ensure that the firm has the necessary systems and controls to minimise the risk of business failure, to reduce the risk of fraud, to safeguard the assets and to protect the people within the firm.


The COFA will need to review, possibly on an annual basis, the systems for compliance and ensure that they are appropriate, and then ensure that they are documented and circulated to all members of the team. This review and any findings and/or recommendations should be documented.


In order to comply with the Rules, it is vital for all members of the team to have strong knowledge of the Rules, and in particular new entrants and those who process transactions. Although some of the Rules have been updated to reflect outcomes focused regulation, the majority of the Rules have remained rigid. A central record of training needs and provision should be maintained.

File Reviews

Regular reviews of fee earners’ files and matter prints showing the financial audit trail will need to be carried out and the results recorded and analysed by the COFA. Any trends that are revealed will need to be acted upon and any breaches identified will need to be recorded on the breach register.


A breach register should be maintained by the COFA and all breaches, however discovered, should be added to the register as they are discovered rather than on a periodic basis. The register should note what Rule has been breached, why, the matter number, the relevant dates and amounts, and how the breach has been corrected. It should also note whether the breach is considered ‘material’ or not, and why this conclusion has been reached.

There is no easy way to determine a ‘material breach’. The drivers are usually:

  • Whether the breach is due to an clerical/administrative error, or whether there is a systematic problem;
  • Whether there is any loss to client(s) or other third parties;
  • Whether the amount involved is significant;
  • Whether the breach could lead to a loss of confidence in the firm or the profession;
  • Whether the breach is isolated or repeated; and
  • Whether the breach was rectified upon discovery.

The breach register should be used as a tool to identify risk areas highlighted by trends in breaches, either by type, by department or by fee earner.

Checks and controls that could be implemented

There are many control procedures that could/should be implemented, many of which are best practice in any event, and already required under the SRA Guidelines for Accounting Systems and Controls. They include:

Bank reconciliations

The COFA should review and sign to approve all monthly client and office bank account reconciliations to ensure that client funds are not being mistreated or misappropriated. Reconciling items may indicate an issue if they do not clear for long periods of time or if they have no explanation. Other areas of concern would be whether the reconciliation balances, is arithmetically correct and agrees to source documentation.

Client ledger balance reviews

Client ledger balance prints should ideally be reviewed on a weekly basis, and at least on a monthly basis, for any debit (overdrawn) balances and also for old residual balances. Reasons should be noted for the cause of the debit balances, the breach should be recorded on the breach register and corrected as soon as possible and underlying factors corrected. There is now a requirement for client money to be returned promptly to clients at the conclusion of a matter, or for the client to be informed in writing if the firm is to hold on to their money for whatever reason. The review should cover matters that have been concluded and where client money is still held. Again, breaches should be recorded, repayments made or letters written as appropriate.

The client ledger balance reviews can also be used to identify money that should be transferred to the office account, and also money that has been transferred that shouldn’t have been (e.g. sweeping up).

Office ledger balance reviews

Office ledger balance prints should also ideally be reviewed on a weekly basis, and at least on a monthly basis, to identify any credit balances, which show that the firm owes the client money rather than the other way around. Credit balances on office ledger are not necessarily a breach, but could indicate that there is a breach which again needs to be recorded and corrected.


The COFA role is not one to take on lightly. Those that do take on the role should be given the time, resources, authority and, most importantly, the support required to undertake the role properly and effectively.

The control mechanisms identified above are the least that should be implemented in all cases.  In most firms, there are far more control procedures and checks that should be carried out.  In the past, one could argue that they were desired, now they are absolutely necessary in order to comply with the new Rules and to protect the COFA.

Contact Andy Poole to discuss these issues in further detail, for support in taking on the COFA role, procedures to implement or Accounts Rules training courses by email to andy.poole@armstrongwatson.co.uk or by calling 07828  857830.

If you like this article and would like our FREE updates sent straight to your inbox then subscribe to our monthly newsletter