The sorry tale of David McGrath – a warning to COLPs and COFAs?

Posted by Michelle Garlick, a partner in the professional risk team of Legal Futures Associate Weightmans LLP 

Garlick: COLPs and COFAs can be held personally responsible and accountable

Alarm bells are ringing in the financial services sector after a finding by the Financial Services Authority (FSA) against an individual with compliance oversight responsibilities in a brokerage firm.

If the Solicitors Regulation Authority (SRA), under its new enforcement powers, takes a similar approach, compliance officers for legal practice (COLPs) and for finance and administration (COFAs) had better beware.

The basic facts are these:

  • Mr McGrath was approved by the FSA to perform the compliance oversight controlled function at a brokerage firm.
  • The FSA had been conducting a thematic project into the management of client assets and money held by firms during which it issued ‘Dear Compliance Officer’ letters notifying firms to make adequate arrangements to protect client money and assets. It highlighted issues for firms to consider and warned firms that visits would take place.
  • The FSA visited and identified a number of weaknesses in client money processes and was concerned that the firm didn’t have in place adequate risk management systems to protect client money.
  • It was alleged and found against Mr McGrath that:
  1. He failed to take reasonable steps to ensure the firm complied with the relevant requirements and standards of the regulatory system in relation to accounting and treatment of client money, including failing to implement adequate risk management systems to ensure the protection of client money.
  2. He failed to demonstrate an appropriate knowledge of the rules to perform his compliance officer role (he relied on expert external advice but without equipping himself with the basic knowledge to assess the advice given by the external consultant or whether it was reasonable for him to rely on it)
  • The FSA viewed the failings as serious because his failings placed some client money at risk (even though no clients actually suffered any loss).
  • The breaches were neither deliberate nor reckless but instead demonstrated a lack of competence and capability.
  • The breaches had also not been identified through Mr McGrath’s own compliance monitoring but by third parties.

Mr McGrath was fined £3,000 and a prohibition order was also made prohibiting him from performing the compliance oversight controlled function. The fine would have been £20,000 had a discount not been applied to reflect the fact that Mr McGrath had agreed to settle at an early stage of the investigation and due to financial hardship.

Deterrence was one of the key reasons for imposing a financial penalty “to demonstrate to Mr McGrath and others the seriousness with which the FSA regards such behaviour”.

In his previous employment, Mr McGrath had worked in a compliance department but his duties had not encompassed handling client money issues. He had never previously been a compliance officer and had no formal compliance qualifications.

The report is unclear as to whether the firm/other senior managers were disciplined (it would seem somewhat perverse if they were not) but notwithstanding this, the sanctions appear harsh and arguably disproportionate with significant damage to his livelihood and reputation being caused.

Much of the wording in the findings have a very familiar ring to the SRA’s new approach to regulation and its enforcement strategy which is perhaps not surprising given that the outcomes-focused regulation model is based on that of the FSA.

So is this a sign of things to come under the new regulatory approach? The SRA has said it does not want to make COLPs/COFAs scapegoats and that firms will remain responsible for ensuring compliance but the rules do allow for the possibility of COLPs and COFAs being held personally responsible and accountable.

So potentially, a COLP/COFA could find themselves in the same position as Mr McGrath. A terrifying thought.

There are many lessons to take from this sorry tale, including the importance of who is chosen to fulfil the role, the personal responsibility of the COLP/COFA to equip themselves with sufficient knowledge and understanding of the Code of Conduct and regulations, and the need to monitor the operations of the business to ensure compliance and to self-report breaches if necessary.

It is, of course, hoped that the SRA will adopt its promised “grown-up” approach with the profession and work with firms to ensure that problems are rectified without going down the enforcement route.

There is, however, always the danger that the use of enforcement to act as a deterrent to others could be used. Would you want to be the guinea pig?

Weightmans’ Compl-I team has set up a COLP/COFA Helpline and offers in-house training on the new Code/handbook. For more information, please call 0161 233 7426


    Readers Comments

  • True to form, solicitors are tending to concentrate on the downside of change, whereas firms which are regulated by the FSA have learnt that the introduction of what the FSA refers to as controlled functions, including in particular that of Compliance Officer, are essential to the efficient management of a business. Furthermore, as the Law Society’s Law Management Section commented in its 2009 report, “Perhaps the main requirement for all the (ABS) options will be good and well developed management skills only found in a minority of firms at present”. Another important lesson from FSA is that controlled functions holders are responsible for their own shortcomings, but failings over which they have no direct control are the responsibility of the firm’s management as a whole. They are not regarded as fall guys.

  • Adam Smith says:

    “The report is unclear as to whether the firm/other senior managers were disciplined”.

    That would be because this is the action against Mr McGrath; the firm had already been fined – see

Leave a Comment

By clicking Submit you consent to Legal Futures storing your personal data and confirm you have read our Privacy Policy and section 5 of our Terms & Conditions which deals with user-generated content. All comments will be moderated before posting.

Required fields are marked *
Email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Loading animation