Practice management | Continuing uncertainty for COLPs and COFAs

One of the most persistent impressions formed at training sessions and lawyer compliance networking events is the degree of uncertainty that continues to surround the roles of COLP and COFA, often accompanied by apprehension of censure by the SRA for any perceived shortcomings. The continuing uncertainty is exacerbated by a fear of personal liability for what the reporting officer is or is not doing, or for 'letting the side down' by failing to perform the role correctly. Either way, there could follow potentially serious complications for the firm in then securing indemnity insurance on reasonable terms.

Such concerns are understandable, though the evidence to date suggests that the prophets of doom who were warning of showpiece disciplinary actions against luckless individuals in the early days of the regime as a deterrent to others have so far been proved wrong. We are now almost half a year into the full reporting regime and there is little to suggest that most COLPs and COFAs have received anything other than support and encouragement from their relationship managers, or when making contact with the regulator.

It is too early to banish all such fears altogether, however, not least because of the lingering uncertainty as to quite what it is that COLPs and COFAs are required to do, and how they should set about their roles.

System and controls

On whether duties are personal to you, at least, there is clear guidance from the SRA. Guidance note (vi) to rule 8 of the SRA authorisation rules (where the roles of COLP and COFA are dealt with) states that the existence of compliance officers in a firm and the requirements on them to ensure that the firm "is not a substitute" for the firms' and partners' responsibilities and main obligations.

The same guidance notes go on to state that although COLPs and COFAs are responsible for ensuring that the firm has a system and controls in place to enable the firm, as well as its partners and employees, to comply with them, "the firm and its managers are not absolved from any of their own obligations and remain fully responsible for compliance". Much the same point is made in relation to the COFA role in guidance note to rule 6 of the SRA accounts rules, which stresses that the individual responsibility of all partners to ensure compliance with the rules by themselves and the staff is not affected in any way by the appointment of the COFA. This is a message that has also been repeated at various SRA presentations, with one such announcement to the effect that the ultimate responsibility and culpability for regulatory compliance under outcomes-focused regulation (OFR) will lie with the "most senior people", and that they will be the first point of contact if "serious unresolved issues" come to light. Such messages have not deterred many reporting officers purchasing personal liability cover for their roles, however, as recommended by some, but not all, indemnity insurance brokers. It will be an interesting consideration for firms as to whether to renew such policies as we ?enter this year's indemnity insurance ?renewals season.

In determining how long to spend on compliance work the COLP and COFA will need to take into account their obligations to "take all reasonable steps" to ensure compliance with their areas of responsibility under the terms of the SRA authorisation rules: the duty to "actively" monitor for the achievement of the outcomes and financial stability at IB(10.1-2) will also be a relevant consideration. Technically, the duty to monitor the financial position of the firm falls to the COLP since it does not form part of the SRA accounts rules, but in practice it is likely to be adopted by most COFAs as part of their responsibilities.

On this issue there has been much less guidance from the SRA, with the result that many reporting officers are fearful that they are not properly meeting their responsibilities. The idea that some allocation of time should be set aside for the roles can be linked back to the regulator, with applicants to set up new practices commonly being asked how long each week they intend to devote to the roles, but such an approach shows little appreciation of how practice functions and could be seen to be impracticable. The answer to the question is surely that all must depend on the circumstances that prevail, with three main groups of firms emerging.

Less forgiving

In firms where there is a well established tradition of compliance monitoring, such as those that are largely legal aid firms or where Lexcel has been adopted, there will already be a file review programme across all departments. If the data from this exercise highlights few points of concern, and there are good grounds to believe that all of the necessary systems are working well, it would be fair for the COLP to adopt a light touch. They might ensure that the office manual has been subject to the annual review required by either Lexcel or the specialist quality mark and that a compliance plan and risk review have been adopted. Other than notifying partners and staff of compliance developments both at the SRA and within the firm, and making the time to attend all department and office meetings, there might be little else to do.

Where the firm has more recently adopted a compliance programme, and file reviews and other organised approaches to fee earning supervision are in their infancy, the COLP might expect to be much busier. Here they may supplement departmental file reviews with their own sampling checks and will also need to consider conducting some simple training meetings on systems such as conflicts checking, key dates monitoring and undertakings controls, either within the departments or at occasional lunchtime sessions.

Finally is the "at risk" group where, despite the obligations in the SRA handbook having been in place since late 2011, no organised compliance programme has yet been adopted. As time goes on the SRA might be expected to be less forgiving as to what they might regard as a blatant disregard to the principles that underpin the operation of the handbook and the outcomes that are set out in the code of conduct. Here urgent action will ?be required, and a hands-on approach should be adopted by the COLP. The programme should concentrate on the adoption of:

? a well drafted and recently reviewed ? office manual (preferably linked to at ? least one quality standard depending on ? the profile of the firm);

? a compliance plan, as suggested (but ? not required) by the authorisation ? rules, to be accompanied by a risk ? review; and

? a well functioning and up-to-date ? complaints system and file review ? programme. A client feedback ? programme will also be very helpful.

Whichever category the COLP may feel that they fall into the COFA is likely to ?have a clearer sense of how things are ?going in relation to accounts issues from ?the number and profile of non-compliances that feature in the annual accountants' report, along with the regular process of client account reconciliations. A growing concern is the policing of outstanding client account balances under rule 14 of the SRA accounts rules, however, and this might require more regular monitoring of matter print-outs to ensure that this area of the firm's responsibilities is under control.

'Material'

Finally is the issue of the recording and reporting of breaches. Notwithstanding the suggestion that the SRA may well decline to request the breach records from all firms as part of the practice renewal process the requirements to maintain such records and to make them available to the SRA on request will remain. There are complex programmes for this from various suppliers, but for most a simple document list or spreadsheet will suffice.

Those breaches that are "material" do, of course, need to be reported to the SRA "as soon as reasonably practicable". It is clear from the guidance that a breach could be material either because of the nature of that single breach or as a result of the cumulative nature of recurring breaches of the same kind. It is hard to imagine that an isolated failure to provide a costs update as required by O(1.13) could amount to a "material" breach, for example, but a persistent refusal by a partner or department to do so could eventually become so.

Unfortunately the SRA have refused to provide specific examples of what they might regard as being material breaches, contenting themselves instead to pointing out the sort of considerations that?would apply.
There seems to be little prospect of the SRA providing more detailed guidance on what might amount to material beaches of the chapters and outcomes of the code of conduct, with the result that many will err on the side of caution and report unnecessarily, perhaps bringing?unwelcome attention to themselves and their firm.