So you’ve been nominated as your firm’s COLP or COFA – what next? Matthew Moore outlines the main steps for all firms to consider. The compliance plan will need to cover more than is listed in the handbook’s guidance notes. Management standards such as Lexcel may well play a useful role
For those newly nominated to one or other of the compliance officer roles as good a starting point as any is to check the main elements of the ‘job description’ which will be found in section 8 of the Authorisation Rules, the source of the requirement for the appointments.
Although the emphasis has understandably been on the reporting duties that will eventually arise there is, in the meantime, the need to ensure compliance with the terms and conditions of the practice’s authorisation – for the COLP in general and for the COFA in relation to the SRA Accounts Rules. The COLP must also ensure compliance with ‘any statutory obligations’, such as those dealing with money laundering and data protection.
A guidance note to this part of the Authorisation Rules suggests addressing these issues through a ‘compliance plan’, and it may well be that, refreshed from their summer holidays, this is top of the compliance ‘to do’ list for many of the newly appointed compliance officers.
For COFAs the job will be to check the accounting and reporting processes and procedures that are in place and, if the role is cover financial monitoring also, the quality of finance reports that are made available to the owners of the firm or the management team. The COLP will have a wider remit, and it is they who are most likely to have to set about drafting the evidence of compliance within the firm.
Managing the firm
The SRA regards the effective management of law firms as being not only in the proprietors’ best interests, but for clients and the wider profession also. Well managed firms provide better and more reliable services to clients and will create far fewer problems for the regulators (and therefore other firms) through practice failures.
Principle 8 therefore requires that: “you must run your business or carry out your role in the business effectively and in accordance with proper governance and sound financial and risk management principles”.
Others of the ten principles also have a bearing on the way in which firms are managed, notably the duty to comply with the regulator and ombudsman in an “open, timely and co-operative manner” (P7) and the need to encourage “equality of opportunity and respect for diversity” (P9). Finally, good standards of financial management are required to meet the principle that obliges firms to “protect client money and assets”.
The Authorisation Rules refer to chapter 7 of the Code of Conduct and the aim of the guidance note seems mainly to be to illustrate the sorts of issues that should be addressed rather than, as some have suggested, to set out a list of everything that the COLP will need to check. It is important to note that the contents of the compliance plan will vary according to the “size and nature of the firm, its work and its areas of risk”.
A quick glance at this list will suggest that it is as significant for what it does not say as for what it does. Many would regard the business plan as the obvious starting point for any concerted attempt to address all of the major issues within the firm that relate to client service and regulatory compliance, yet business strategy and marketing do not merit a mention. In other respects the list is strangely selective: is it only checks on new staff that are worthy of a mention in relation to personnel systems, as opposed to recruitment processes in general?
Likewise, training clearly deserves a mention, but why not review or appraisal processes or the increasingly adopted practice of ‘exit’ interviews as one step in ensuring an orderly departure of personnel? Why undertakings as an obvious issue of law firm risk but not key dates reminder systems? All in all, the issues that are mentioned are better seen as a ‘taster’ than a checklist.
Chapter 7 (‘Management of your business’) may well prove to be a more useful starting point, though even this is silent on such issues as business planning and performance review systems.
Rule 7 envisages a compliance monitoring system, again no doubt tailored to the size and sophistication of the firm. Logic would suggest that if the COLP and COFA are to meet their reporting responsibilities then they will need to screen for breaches of the Handbook (O(7.3)) and the financial stability of the firm (O(7.4), but the precise extent of these duties might be better found in the indicative behaviours of chapter 10. The need to monitor “actively” for compliance with the Handbook and for financial viability can be found at IB(10.1-2).
The new arrangements will probably best operate through the establishment of a ‘management information system’ which combines a new or enhanced duty to report concerns and known breaches to the COLP or COFA with a more active audit programme. In most firms file reviews will play a part, with O(7.8) requiring “regular checking of the quality of work by suitably competent and experienced people”. If the worst should happen, and the compliance officers find themselves questioned about a situation within their firm that they had no prior knowledge of, their best line of defence will be to show that they were unaware of the problem despite their management control system, rather than because of any obvious shortcomings within it.
Role of quality standards under OFR
An increasing number of firms have rekindled their interest in practice management programmes – the Law Society’s Lexcel scheme most obviously – as a means of marshalling the various improvements that may need to be addressed. Lexcel remains a voluntary process where law firms can be assessed for compliance with the practice management standards that comprise the basis of the award. Arguably the programme now comes into its own by providing a very much more thorough agenda for a compliance plan than that appearing at section 8(2) of the Authorisation Rules. In the absence of clear rules from the SRA as regulator the need for a clear internal rulebook becomes that much the greater.
Unfortunately the latest version of Lexcel – version 5 – provides only passing reference to the new obligations that now bear down upon firms. There is a need for an outsourcing policy and a procedure for referring clients to third parties – both of which are clearly inspired by new obligations that arose under the Code of Conduct – but the standard is silent on the need for compliance officers and their roles, partly because of the plan by the Law Society to market the standard internationally to jurisdictions where such roles do not exist. Lexcel does not therefore offer quite as much direct help with the drafting of the compliance plan as some might have hoped, but it does still provide an effective management agenda for most firms.
Colpline subscribers have access to a practical step-by-step checklist on ensuring compliance with the key management issues required by the Authorisation Rules and the Code of Conduct.
Drafting your compliance plan
Guidance note iii to Rule 8 of the SRA Authorisation Rules suggests the following items as those that will need to be considered in the drafting of your compliance plan:
Already registered? Login to access premium content