Frank Maher, a partner at Liverpool law firm Legal Risk LLP, outlines the new requirements on law firms to appoint compliance officers and the difficult issues they raise for practices
Compliance with regulatory obligations imposed on law firms in England and Wales from 6 October 2011 rests on all ‘managers’ – the Legal Services Act 2007 (LSA) terminology for partners and sole practitioners. The Solicitors Regulation Authority (SRA) has made this clear in its new SRA Handbook.
In order to reinforce this, the SRA Authorisation Rules 2011 require firms to appoint two compliance officers. These are the Compliance Officer for Legal Practice (COLP), who must be a lawyer within certain specified categories, and the Compliance Officer for Finance and Administration (COFA). The titles of each are derived from the requirements for alternative business structures (ABSs) in the LSA which provides for the appointment of a Head of Legal Practice (HOLP) and Head of Finance and Administration (HOFA); in each case, for SRA-regulated ABSs, the respective appointments will combine.
For existing firms, these appointments must be made by 31 March 2012. ABSs will have to make appointments from when they are authorised. Other new practices will be required to nominate the compliance officers from 28 February 2012. Compliance officers will have to be authorised by the SRA from 31 October 2012. However, most firms will wish to have the appointments confirmed by 6 October 2011 both to ensure compliance and to enable a ‘dry run’ in the role.
Despite its title, the COFA’s obligations relate to compliance with the SRA Accounts Rules, which exist to protect client money, not to the financial management of the practice, nor to its administration.
Each must consent to their appointment.
Rule 8.5 of the SRA Authorisation Rules requires:
(c) The COLP of an authorised body must:
(i) take all reasonable steps to:
(A) ensure compliance with the terms and conditions of the authorised body’s authorisation except any obligations imposed under the SRA Accounts Rules;
(B) ensure compliance with any statutory obligations of the body, its managers, employees or interest holders in relation to the body’s carrying on of authorised activities; and
(C) record any failure so to comply and make such records available to the SRA on request; and
(ii) as soon as reasonably practicable, report to the SRA any failure so to comply which is material either taken on its own or as part of a pattern of failures so to comply.
Again these are onerous requirements and ostensibly the reference to ‘statutory obligations’ goes way beyond the expected role of a regulator of legal services and could extend, for example, to health and safety legislation in an overseas jurisdiction. I understand the intention of the SRA is that this applies to the Solicitors Act 1974, Administration of Justice Act 1985 and Legal Services Act 2007 but that is not what it says.
Rule 8.5 imposes broadly similar requirements on the COFA but in relation to the accounts rules only.
In each case there are requirements to maintain records of all breaches – whether or not the COLP or COFA is aware of them, though we suspect that a court would be prepared to interpret the rule more sensibly and limit its application to matters of which the COLP has knowledge – the law does not demand the impossible.
What is ‘material’ and hence requires reporting? Guidance note 10 provides:
“In considering whether a failure is ‘material’ and therefore reportable, the COLP or COFA, as appropriate, will need to take account of various factors, such as:
- the detriment, or risk of detriment, to clients;
- the extent of any risk of loss of confidence in the firm or in the provision of legal services;
- the scale of the issue;
- the overall impact on the firm, its clients and third parties.
The choice of appointment for COLP and COFA will present some difficult challenges for many law firms. For sole practitioners with no staff the choice will be obvious, as they will have to appoint themselves. But for the larger firm it is a significant challenge.
On the one hand, the SRA’s view appears to be that they wish to have a person nominated who is in charge of day-to-day compliance, but the reality is that that person may not be part of the top-level management. Note, however, that rule 8.5 requires that they be “of sufficient seniority and in a position of sufficient responsibility to fulfil the role”, so the difficulties are already becoming apparent even before one starts examining the position more closely.
Each of the COLP and COFA must be a manager (i.e. principal) or employee. This may present some issues for multi-national firms which have complex structures as, at present, the candidates within the firm may not be members or employees of all relevant constituent parts of the firm.
Options as candidate include:
(a) managing partner;
(b) risk/compliance partner/general counsel;
(c) risk/compliance manager (non-partner);
(d) claims and complaints officer and/or MLRO;
(e) another partner (or employee) who is none of the above;
(f) for COFA, the (non-partner) finance director;
(g) for COFA, some other (non-partner) senior member of the finance function;
(h) the COLP also being COFA.
The issues include:
(i) partner or non-partner, including whether the firm would accept a non-partner having a whistleblowing role of reporting to the SRA;
(ii) managing partner or someone else;
(iii) risk/compliance partner/general counsel as trusted adviser against “policeman role” of COLP;
(iv) whether the requirements to report breaches mean that staff cannot seek guidance from the COLP (or COFA) where they suspect they have breached the rules, meaning that firms should have a ‘shadow’ COLP;
(v) relationship of COLP to managing partner and the board;
(vi) access to management papers, whether the COLP should be a member of and attend the meetings of the management board, and whether the COLP needs to be an equity partner;
The issues overlap in part with some which have been considered in the past by US firms in their choice of general counsel.
Historically lawyers in even some of the larger law firms have had difficulties accepting the authority of senior non-fee-earning staff. Times may have changed, but firms will need to assess the extent of any cultural pockets of resistance in considering the ability of particular individuals to undertake the role. Full equity partners may seek to challenge the authority of others, and it is essential that any COLP who is not a full equity partner has the full authority of the managing partner.
Guidance note (vi) to rule 8 of the SRA Authorisation Rules says: “The firm must therefore ensure that any person designated as its COLP or COFA is of sufficient seniority, in a position of sufficient power and responsibility and has clear reporting lines to enable them to have access to all management systems and arrangements and all other relevant information including client files and business information.”
Each role will clearly involve significant responsibilities. The SRA Handbook imposes more regulation not less, with a myriad of requirements (not all new) in over 200,000 words (compared with just over 40,000 in the Solicitors’ Practice Rules 1990 and associated rules and codes in force at the time of Sir David Clementi’s review), including 10 requirements for policies, 14 monitoring requirements and 17 reporting and information requirements.
The COLP and COFA will be responsible for ensuring that these are all in place and subject to ongoing monitoring. So while responsibility for compliance rests on all partners, as the opening words of this article indicated, the duties of the COLP and COFA are onerous.
This article is adapted from Frank Maher’s book, ‘Risk and Compliance for Law Firms in a Changed World’, published by Ark Group