Help! I'm the new COFA
Taking on the role of compliance officer for finance and administration (COFA) requires sound knowledge and financial skills as well as firmwide teamwork, says Tracey Calvert
It might be an understandable assumption that the role of compliance officer for finance and administration (COFA) is less significant and arduous than that of the compliance officer for legal practice (COLP).
After all, you’re only required to consider the accounts rules – aren’t you? But nothing could be further from the truth. So if you’re taking on the role of COFA, what essential knowledge do you need?
The role of the COFA can be a less easy fit than that of the COLP. Whereas the COLP must be a lawyer and therefore has a good starting position from which to consider risk in terms of the firm’s legal practice, the position can be less clear cut for the COFA. The specification of the Solicitors Regulation Authority (SRA) is simply that a COFA must be employed within the firm.
In other words, as that is the only SRA criteria, the COFA might be a lawyer who needs to upskill their knowledge of the accounts rules; or a non-lawyer employee with financial knowledge but whose knowledge is not necessarily the right starting point in terms of understanding the SRA and regulatory relationships.
Consider the guidance issued by the SRA’s ethics guidance team in January 2015 to anyone considering accepting the COFA role: “You would be strongly advised to ensure that you acquire an in-depth knowledge of both the SAR [solicitors account rules] and the firm’s current procedures as soon as possible to enable you to comply with your obligations.
The role includes monitoring the effectiveness of the firm’s systems and procedures and amending them as required, maintaining a record of any breaches and determining which breaches are ‘material’ and must therefore be reported by you to the SRA as soon as reasonably practicable.
It will be difficult for you to do this without a good working knowledge of the SAR and it would therefore be sensible to discuss with the partners a suitable training programme before agreeing to take on the role.”
If you’re a lawyer accepting the role, it is therefore essential to understand what counts as the necessary knowledge required. This undoubtedly includes topics such as: what is client money and what isn’t; what constitutes a banking facility in breach of the accounts rules; signatory and withdrawal considerations, and so on.
If you are a non-lawyer, you will probably be more familiar with these topics; but how is your understanding of the role of the SRA, or risk management expectations and similar?
The SRA’s expectation of all-round knowledge and the potential consequences of a lack of it was recently demonstrated in a case before the Solicitors Disciplinary Tribunal (SDT). The SDT examined the conduct of a solicitor with more than twenty years’ post qualification experience. He was also a partner and a COFA.
During an investigation, the SRA found a number of account rule breaches and the solicitor had failed in his duties as a COFA. He did not know about the obligation to file qualified accountants’ reports to the SRA or the need to carry out reconciliations.
The SDT’s conclusion was that he had behaved with “manifest incompetence” in handling finances. He was fined £10,000 and ordered to pay £7,937.30 in costs for compliance related failings.
Thinking ahead to Autumn 2019, the COFA role will be covered in the code of conduct for firms under the new SRA standards and regulations, effective from 25 November.
As a COFA, your role is to take reasonable steps to ensure compliance with the 2019 accounts rules and make prompt reports of serious breaches to the SRA.
This means that the 2015 ethics guidance and the conclusions of the SDT in the above case are no less relevant today in terms of the knowledge needed by the COFA to make judgement calls about what constitutes a serious breach. In future, these same skills must be applied with reference to the shorter, more modern style of the new version of the accounts rules.
Nothing should be read into the brevity with which the SRA’s regulatory requirements will be expressed in future. Culling unnecessary language and removing over prescriptive requirements were two of the motivating factors behind the remodelling of the accounts rules.
Some critics would say the SRA needed to drag the language and its expectations into the twenty-first century. The streamlined 2019 accounts rules achieve this result. However, keeping client money safe (ie the role of the COFA) is no less important with a concise set of requirements than it was when the rules ran to 50 plus pages.
This means the COFA must still understand the meaning of client money; the dangers of banking services and similar; what records must be kept; and the bookkeeping evidence expected.
Also necessary is an awareness that accounts rules compliance is a team effort. Everyone in an authorised law firm has an individual duty to safeguard client money and assets and, furthermore, the style of the SRA standards and regulations implies that compliance responsibilities are shared by everyone in the firm.
This is the direct message delivered to law firm managers in standard 8.1 of the code of conduct for firms, which states: “If you are a manager, you are responsible for compliance by your firm with this Code. This responsibility is joint and several if you share management responsibility with other managers of the firm”.
The message is less direct but nevertheless applied to solicitors (and registered European lawyers and registered foreign lawyers) in their own code of conduct.
Consider for example, standard 3.6 which describes the detail of what’s expected of their managerial roles: “You ensure that the individuals you manage are competent to carry out their role, and keep their professional knowledge and skills, as well as understanding of their legal, ethical and regulatory obligations, up to date.”
Also, consider the language of the last SRA risk outlook issued in 2018: “All solicitors are responsible for keeping client money safe – not just the compliance officers.
Partners and managers should ask themselves:
- Could you prove staff understand and follow your policies?
- What do you do if staff fail to follow your policies?
- Do you have systems that monitor money transfers, and who makes them?
- Do staff understand the importance of keeping client money separate from the office account?
- Are the recommendations of your reporting accountants being applied?”
This means that your ‘to do’ list as COFA must include taking steps to acquire the necessary knowledge and financial skills; and ensure compliance is a team effort with everyone delivering accountability at a level appropriate to their position and role.
Making this happen will require you and your role to be visible. There will be no regulatory tolerance of a lack of awareness of the COFA title or the identity of the role holder.
Accountability will be more easily achieved with knowledge of the accounts rules, so firmwide training is advisable, on topics such as a reminder of the role of the SRA; the regulatory reach to everyone in the firm; risk management and essential knowledge about client money; and internal systems and procedures.
Keeping client money safe is a priority issue for the SRA; this will not change despite the launch of the standards and regulations.
The COFA’s role in overseeing appropriate internal compliance measures are in place and the consequences of breaches must be understood.
Tracey Calvert is a consultant at Oakalls Consultancy Ltd oakallsconsultancy.co.uk