The role of compliance officer for finance and administration remains both underappreciated and imperfectly understood.
A year ago the Gazette reported that 600 firms had failed to nominate compliance officers as part of the Solicitors Regulation Authority’s new regime of risk-based regulation. By Christmas the regulator expressed its disappointment that around 250 firms had failed to complete the process – or even start it. This was on top of a ‘sizeable number of firms’ whose nominated individuals would not be approved. Two rebukes, 26 warnings and 618 letters of advice later, latest figures show that only 46 firms do not have a compliance officer in place. Not bad, considering this figure includes those firms in the process of changing the person in the role.
Along with COLPs (compliance officers for legal practice), the COFA (compliance officer for finance and administration) role was introduced by the SRA as part of its move to outcomes-focused regulation, with compliance officers taking up the positions on 1 January 2013. Creating the compliance officer regime, the SRA said, allows the regulator to ‘create a culture where the primary responsibility for managing compliance risk lies with the firms, and which encourages firms to have a clear focus for delivery of the regulatory outcomes’.
That leaves the SRA to focus on ‘those who cannot and/or will not deliver competent and ethical legal services, and on those who are capable and willing, but need support to manage particular compliance issues.’
The role
COFAs are responsible for ensuring systems and processes are in place to enable the firm, its managers and employees, and anyone who has an interest in the firm, to comply with the SRA Handbook requirements.
The types of systems needed, the SRA says, are not prescribed, as these depend on what is appropriate for the profile and size of the firm, its areas of risk, and the nature of its work and client base.
Ultimately, compliance is the responsibility of the firm, but COFAs must report material issues to the SRA.
The COFAs who are now in place are required to take all reasonable steps to:
- ensure that the authorised body, its employees and managers, comply with any obligations imposed under the SRA Accounts Rules.
- keep a record of any failure to comply and make this record available to the SRA.
Any material failure (either taken on its own or as a pattern of failures) must be reported to the SRA as soon as reasonably practicable, and recorded in the annual information report completed in accordance with rule 8.7(a) of the SRA Authorisation Rules.
Firms have to decide how the COFA will operate within the business structure. All firms are required to report back to the SRA with information on compliance issues, and the COFA is responsible for compiling this information. The information that needs to be reported back is laid down in Authorisation Rule 8.7. As well as the annual information report, firms must update the SRA, giving details of general changes that occur in respect of the firm.
‘Support, respect and confidence’
‘In my view the role of the COFA is much more straightforward than the role of the COLP. One has to ensure compliance with a set of rules which have varied little over many years, and with which I am very familiar, and to ensure that one keeps a very close eye on the financial stability of the firm, which again is something I have always done as a matter of course. Fortunately outcomes-focused regulation has little part to play in this.
‘It is vital to the role of COFA that the person fulfilling it is someone at the heartbeat of the firm’s finance function. It must be difficult for a partner with little day-to-day experience of the SRA Accounts Rules 2011 to know how best to make sure they are complied with and to know when breaches have occurred. It is also important that the COFA has the support, respect and confidence of the partners, so that procedures to ensure compliance with the SRA rules can be enforced, and, if necessary, breaches can be reported.
‘At Payne Hicks Beach we have always taken great pride in ensuring compliance with every aspect of the SRA rules. Therefore, the requirement to keep a log of breaches and to report material breaches has not changed our attitude to the need for everything to be spot on. We would, however, agree that more guidance as to what is a “material” breach would be helpful.
‘We have always provided training on the SRA rules to all our fee-earners and secretaries, but we carried out more extensive training than hitherto last autumn so that we were confident that everyone was fully familiar with the SRA rules, and knew that breaches would have to be reported. We took advantage of the “fear factor” to ensure everyone paid attention.
‘As well as support from inside the firm, I have benefited from belonging to the Solicitors Financial Management Group (SFMG), whose membership is made up of the finance directors of medium and large law firms, many of whom are COFAs at their own firms. The SFMG was founded by Arthur Swinson, one of my predecessors at Payne Hicks Beach, in 1973, and celebrated its 40th anniversary last February. Also, firms of accountants have played a vital role in organising meetings of COFAs where we can get together to share experiences and pick each other’s brains.’
Virginia Farquharson is director of finance and administration, and the COFA, at Payne Hicks Beach
The impact
Unlike the role of COLP, the role of COFA does not appear to have caused too many issues for the legal profession. As Virginia Farquharson, COFA at Payne Hicks Beach, explains opposite, the rules with which one has to ensure compliance are largely familiar and have varied little over the years.
Sole practitioner Sushma Awtani, of Awtani Immigration Solicitors, who is both COLP and COFA for her firm, concurs. ‘Ensuring that correct procedures are in place has always been a priority for me.’ she says. ‘As a COLP and COFA, I reviewed my current systems and procedures that were in place and refined them to comply with the SRA requirements.’
Indeed, of the 250 queries the Law Society’s Risk and Compliance Service has received in total about compliance officers, only around 40 have been about COFAs, the remainder being COLP-related.
James Penn, compliance consultant at global legal and compliance recruitment agency Taylor Root, says the advent of the COFA has had relatively little impact on recruitment (‘often existing partners or the finance director will be appointed from within the firm’), but looking more widely at the day-to-day responsibilities inherent in the introduction of the officer roles, ‘the changes have virtually created a new market’.
He says: ‘There has been a huge amount of hiring within risk and compliance teams in the past few years, and coupled with other regulatory changes and changing attitudes to risk (such as anti-bribery and a focus on data protection) firms have been very actively trying to hire staff.’ He says the market has ballooned. ‘Given there is a shortage of skills in these key risk and compliance areas, salaries have risen accordingly, and risk and compliance within firms is now starting to be seen as a genuine alternative career path with the legal sector,’ he adds.
Who can be a COFA?
Firms are afforded a degree of flexibility in who they can appoint as the COFA. Unlike the COLP, the COFA does not need to be a lawyer.
The COFA must:
- be an individual;
- be a manager or an employee of the authorised body (or be an approved COLP and/or COFA (as appropriate) in a related authorised body);
- consent to their designation as the COLP and/or COFA;
- be of sufficient seniority and responsibility to fulfil the role;
- not be disqualified from being a head of legal practice (HOLP) or head of finance and administration (HOFA) – as appropriate.
When approving nominations, the SRA looks at two issues in particular:
- Are the nominated individuals qualified and/or suitable for the role?
- Have senior managers in firms and their nominees actively engaged in the nomination process and properly understood their regulatory obligations and/or have the capability to deliver them?
‘I noticed some delegates on my training courses who had been nominated as COFAs who would quite often be junior people,’ says Peter Warner, managing director of Warner Consulting, who provides advice and training on risk and compliance issues. ‘One or two did not feel confident that they had access to all the relevant financial information and financial accounts at their firms.’
What the COFA should be asking, Warner argues, is: ‘Have I got sufficient power within the firm to make a report and to get a senior member of the firm to agree to take a particular course of action?’
Risk and Compliance Service
Members of the Law Society’s Risk and Compliance Service get access to a full suite of services, including free, dedicated advice for compliance officers for legal practice (COLPs) and compliance officers for finance and administration (COFAs).
COLPs and COFAs can submit their enquiry to the service’s panel of regulatory compliance experts and practitioners, and the Society will stand behind the advice provided. For more information see the Law Society website.
The SRA reinforces that cautionary message, saying senior managers should be confident that the individuals have sufficient seniority and responsibility in the firm to fulfil the COFA role.
All COFA nominations go through an automated verification process that involves checking the information submitted in the nomination forms against information already held about the individual. Problems encountered during the nomination process have included failure to declare criminal convictions (‘the nature of the convictions is irrelevant, not declaring them – even offences considered minor – is the big issue,’ an SRA spokesperson notes), or people being nominated when they already have regulatory issues against their name and, therefore, cannot operate to the level of seniority required of a compliance officer.
The SRA has had to take action against firms that have continually failed to engage with the SRA, either by refusing to respond to correspondence or to re-nominate a suitable candidate. Rebukes and warnings count as official sanctions on a firm’s record and carry a £600 costs charge.
Personal liability
The COFA is the focal point, the SRA says, of identifying risk within a firm. ‘What the regime does not do, however, is remove any responsibility for the compliance away from others in the firm,’ the regulator adds. ‘The aim is to build a firm-wide culture of compliance, shared by everyone we regulate. Neither COLPs nor COFAs will be sacrificial lambs if regulatory action needs to be taken against others in the firm.’
However, ‘COFAs should seek indemnity from the firm,’ Warner warns. ‘Insurance can cover them to a degree, in terms of SRA fines and defence costs should a matter escalate to the Solicitors Disciplinary Tribunal. But what insurance cover does not protect is reputational damage if the matter is publicised, or if a COFA is prevented from holding a compliance role in the future, or is suspended from their role.’
‘The emergence of the COLP and the COFA brought with it a wave of concern from those being nominated for the role regarding their personal obligations,’ says Calum MacLean, UK risk manager at insurance broker Lockton. ‘This was particularly marked in the early period when there was a lot of uncertainty about the requirements and how they would be implemented and enforced.’
He adds that, at a time when firms are facing increased financial difficulty, ‘fear of management being held accountable for decisions made in the run-up to a collapse has also caused firms to seek adequate protection from liability’.
All of which means, the SRA says, that developing the role of the COFA is ‘a vast learning curve both for compliance officers themselves and the SRA.’
Warner concludes: ‘Firms need to be much more aware at a senior level of the importance of the role of the COFA and their responsibilities, together with the potential liability that attaches to the role.’
- More than 360 people have signed up to attend the first COLPs and COFAs Conference in Birmingham on 16 October. The first plenary session, ‘How I see the role of a compliance officer’, will be addressed by SRA executive director Samantha Barrass. The second plenary will be on ‘being aware of the hazards’ with SRA executive director Richard Collins. A series of workshops will also take place throughout the day. For more information see the SRA website.
The SRA site has two case studies – examples received by the regulator earlier this year*. It has outlined the factors that COFAs should consider when reaching a decision on whether a breach is material or non-material.
* The cases are not from firms identified in this feature
Monidipa Fouzder is a Gazette sub-editor
No comments yet