Posted by Yazad Bajina, chief commercial officer at Legal Futures Associate Kord [1]
Baijina: Governance issue
The assumption has long been that a compliance officer for legal practice (COLP) or compliance officer for finance and administration (COFA) is personally exposed to the consequences of anti-money laundering breaches.
The reaction of many firms is to insulate the officer from liability.
But, except in cases of genuine personal wrongdoing, COFAs and COLPs have rarely been the individuals in the dock.
In a sense, when firms move to protect their officers, they’re misreading the situation. This is certainly how the regulator sees it.
Instead, they want firms to treat accountability as a structural question, not a personal one.
Finding fault
Assessment has shifted from the COLP to the structures in place around them.
Even if wrongdoing is confined to an individual mistake or to a single bad actor, the Solicitors Regulation Authority wants firms to examine the structure that allowed the error to happen.
These shifting assumptions come as the role of COLPs and COFAs steadily changes. Instead of simply being a regulatory overseer, these roles are becoming more like strategic risk owners, sitting within governance and leadership.
It’s a psychological shift as well as a strategic one. Firms are increasingly awake to the idea that compliance is a critical part of business operations, not just a regulatory tick-box exercise.
That, in turn, means accountability is no longer strictly concentrated within one office. It has shifted upwards and outwards. It now belongs to the leadership function as a whole.
This is good news. Firms can now take full ownership of their compliance.
The point of failure
But is this what’s actually happening? Are firms taking ownership of compliance, or are COLPs and COFAs still left holding the baby when things go wrong?
The SRA’s thematic work points to the latter. Rather than being embedded across the business, compliance is still concentrated in individuals.
This creates several problems.
Firstly, it leads to huge knowledge gaps across the business. Staff aren’t trained to recognise risk, with little awareness of how processes work and records are kept. If a COLP or COFA isn’t on top of every area of the business, they might miss the compliance gaps opening up across different teams.
Secondly, it means that, in the absence of the COLP or COFA – for instance, because of illness, sudden departure or even annual leave – the entire compliance strategy stalls.
And finally, it means that when the regulators come knocking, firms have little to show in the event of their compliance officer’s absence.
Structural accountability
This isn’t a simple staffing quirk, but a governance issue.
Firms need to apply a serious compliance strategy across every area of the business. That means systems, strategies and training that give more employees the ability – and the authority—to recognise risks, close gaps, and make reports to the risk owner.
It also applies at board level. Compliance reports shouldn’t be something simply delivered to senior executives; reporting should be part of every board-level discussion and decision.
Governance frameworks are increasingly important in business decision-making. Accountability that can be evidenced across a firm is a commercial signal as well as a regulatory or reputational one.
Standing up to scrutiny
Today, firms need to start asking themselves different questions.
The key one here is not whether a compliance officer is doing their job, but whether a firm’s accountability would stand up to scrutiny in their absence.
Having the right structures in place helps embed compliance and accountability across the business, from the most junior trainee right up to board level.