Compliance Officer

Role and responsibilities of law firm COFAs

Subscribe

Following the introduction of the SRA’s new Standards and Regulations on 25 November 2019, the role of law firm compliance officers has never been more important.  Here we take a look at the role and responsibilities of Compliance Officers for Finance and Administration (COFAs).

At Armstrong Watson, we host the Leeds & Yorkshire COFA Forum and the Newcastle COFA Forum.  Both Forums are designed to provide COFAs with the opportunity to discuss their roles, share best practice and generally under ‘Chatham House Rules’ be as open as they can be in order to help each other.  In the sessions, we hear what the challenges are for COFAs and how they tend to overcome them.  We also share our experience in having acted for hundreds of law firms.

This article summarises some of the conclusions from our collective experience but is not intended to be a full list of all requirements.

Who should the COFA be?

The COFA should ideally be an employee or ‘manager’ within the law firm; so although I have been asked to be an outsourced COFA for law firms, I have declined the offers (although in truth, I probably wouldn’t have accepted even if I could, for reasons that will become clear in this article).  It is technically possible to have a COFA that is external to the firm, but if that is the case, then there are hurdles to jump through to be able to demonstrate that the COFA is close enough to the firm to be able to undertake the role properly, something that may be more difficult if they are not an employee or manager.

It is worth noting that ‘manager’ effectively means an owner of the firm.

Guidance notes issued by the SRA indicate that the individual appointed to this role needs to be sufficiently empowered, technically able and command enough authority within the firm to undertake the role effectively.

Discussions that I have had to-date with law firms have indicated that, in many cases, the role is being appointed to the finance director, the practice manager or a senior cashier. In many cases, it may be more appropriate for a senior member of the management team, such as the managing partner or finance partner, to take the role. The fact that the COFA needs power and respect within the firm will become clear in the responsibilities section of this article, and it means that in many cases, particularly in smaller firms, it is unlikely to be appropriate to appoint a cashier to this role.  In the larger firms, it is more likely that the finance director will take the role.

In the cases where firms are appointing a partner to the role, they may not have historically been involved in the day to day running of the finance function, and I have had many requests for support and training to bring such partners up to speed with their new responsibilities.

Main responsibilities

  1. Taking steps to ensure that the authorised body, its employees and managers comply with any obligations under the SRA Accounts Rules;
  2. Record all failures to comply and report such breaches of the SRA Accounts Rules to the SRA as soon as reasonably practical; and
  3. Ensuring the firm has systems and controls in place to enable the firm, its managers and employees, and anyone who has an interest in the firm to comply with the new SRA Standards and Regulations.

What that means in practice

Essentially that means that, amongst other things, the COFA needs to:

  • Have knowledge of the SRA Accounts Rules (which also changed on 25 November 2019) - we run update training courses on the Accounts Rules in-house at law firms throughout the UK) - https://www.armstrongwatson.co.uk/sectors/legal-sector/sra-training;
  • Ensure that everybody within the firm is aware of the Rules and how they impact on their day to day responsibilities;
  • Have a system for recording breaches of the Rules and for deciding what needs to be reported directly to the SRA and when.  Any material breaches will need to be reported on discovery, with licensed bodies (ABSs) having more onerous reporting obligations still; and
  • Ensure that the firm has the necessary systems and controls to minimise the risk of business failure, to reduce the risk of fraud, to safeguard the assets and to protect the people within the firm.

Systems

The COFA will need to review, possibly on at least an annual basis, the systems for compliance and ensure that they are appropriate, and then ensure that they are documented and circulated to all members of the team. This review and any findings and/or recommendations should be documented.

Training

In order to comply with the Rules, it is vital for all members of the team to have strong knowledge of the Rules, and in particular new entrants and those who process transactions. This is more important given the recent changes to the Rules. https://www.armstrongwatson.co.uk/sectors/legal-sector/sra-training

A central record of training needs and provision should be maintained.

File Reviews

Regular reviews of fee earners’ files and matter prints showing the financial audit trail will need to be carried out and the results recorded and analysed by the COFA. Any trends that are revealed will need to be acted upon and any breaches identified will need to be recorded on the breach register.

Breaches

A breach register should be maintained by the COFA and all breaches, however discovered, should be added to the register as they are discovered rather than on a periodic basis. The register should note what Rule has been breached, why, the matter number, the relevant dates and amounts, and how the breach has been corrected. It should also note whether the breach is considered ‘material’ or not, and why this conclusion has been reached.

There is no easy way to determine a ‘material breach’. The drivers are usually:

  • Whether the breach is due to a clerical/administrative error, or whether there is a systematic problem;
  • Whether there is any loss to client(s) or other third parties;
  • Whether the amount involved is significant;
  • Whether the breach could lead to a loss of confidence in the firm or the profession;
  • Whether the breach is isolated or repeated; and
  • Whether the breach was rectified upon discovery.

The breach register should be used as a tool to identify risk areas highlighted by trends in breaches, either by type, by department or by fee earner.  Because of that, the register should be maintained in a format that is capable of being viewed easily for trends, and for searching for repeat breaches. 

Checks and controls that could be implemented

There are many control procedures that could/should be implemented. They include:

Bank reconciliations

The COFA should review and sign to approve all monthly client and office bank account reconciliations to ensure that client funds are not being mistreated or misappropriated. Reconciling items may indicate an issue if they do not clear for long periods of time or if they have no explanation. Other areas of concern would be whether the reconciliation balances, is arithmetically correct and agrees to source documentation.

Client ledger balance reviews

Client ledger balance prints should ideally be reviewed on a weekly basis, and at least on a monthly basis, for any debit (overdrawn) balances and also for old residual balances. Reasons should be noted for the cause of the debit balances, the breach should be recorded on the breach register and corrected as soon as possible and underlying factors corrected. There is a requirement for client money to be returned promptly to clients at the conclusion of a matter, or for the client to be informed in writing if the firm is to hold on to their money for whatever reason. The review should cover matters that have been concluded and where client money is still held. Again, breaches should be recorded, repayments made or letters written as appropriate.

The client ledger balance reviews can also be used to identify money that should be transferred to the office account, and also money that has been transferred that shouldn’t have been (e.g. sweeping up).

Office ledger balance reviews

Under the new Rules, there is no longer a reference to ‘office’ accounts – instead they are referred to as ‘business’ accounts.  As people are used to referring to office accounts, I’ll continue in that vein here.  Office ledger balance prints should also ideally be reviewed on a weekly basis, and certainly at least on a monthly basis, to identify any credit balances, which show that the firm owes the client money rather than the other way around. Credit balances on office ledger are not necessarily a breach, but could indicate that there is a breach which again needs to be recorded and corrected.

Conclusion

The COFA role is not one to take on lightly. Those that do take on the role should be given the time, resources, authority and, most importantly, the support required to undertake the role properly and effectively.  There are insurance products that are available to protect COFAs in taking on such important, but potentially personally risky, roles.

The control mechanisms identified above are the least that should be implemented in all cases.  In most firms, there are far more control procedures and checks that should be carried out.  In the past, one could argue that they were desired, now they are absolutely necessary in order to comply with the new Rules and to protect the COF


Contact Andy Poole to discuss these issues in further detail, for support in taking on the COFA role, procedures to implement or to arrange Accounts Rules training for your firm by email to andy.poole@armstrongwatson.co.uk or by calling 07828 857830.

Email Andy

The deadline for April 2021 claims is 14 May 2021, so please submit claims to jrs@armstrongwatson.co.uk.