Ethics Q&A for COLPS and COFAs
Last updated 13 May 2013
This Q&A, prepared by our Ethics Guidance team, may help you fulfil your role or answer some of the issues you are facing.
Also see our FAQs for COLPs and COFAs.
Q1. What is the firm/recognised sole practitioner ("RSP") being asked in the nomination form?
A. The firm/RSP and the managers are being asked to confirm that they understand the obligations placed on them by SRA Authorisation Rules 2011 (rules 8.1, 8.2 and 8.5)/SRA Practising Regulations 2011 (rules 4.8 and 4.9) and will meet those obligations. Together, these rules place final responsibility on the firm and its managers for:
- compliance with the SRA's regulatory arrangements;
- compliance with any statutory obligations in relation to the body's carrying on of authorised activities;
- ensuring that there are suitable systems for ensuring compliance; and
- ensuring that suitable arrangements are in place to ensure the compliance officers are able to discharge their duties.
Q2. What is the nominee for the COLP/COFA role being asked?
A. The nominee is being asked to confirm
- that they understand the obligations placed on them by rule 8.5 of the SRA Authorisation Rules 2011,
- that they are satisfied that the manager will put in place suitable arrangements to discharge their responsibilities,
- that they meet the criteria to be qualified to undertake the role, and
- that they consent to undertake the role.
Who to appoint
Q3. I am a solicitor and will be nominated by a firm as its COLP. Am I deemed to be approved for this role given that I underwent a Criminal Records Bureau (CRB) check when I was admitted to the roll?
A. No, there are no deemed approvals for this role. All nominees are therefore subject to the Suitability Test.
Q4. Is there any advice you can offer us on the sort of people we should be nominating to the roles of COLP and COFA? Must it be the senior or managing partner?
A. Senior managers must satisfy themselves that the people they nominate have the necessary experience, skills and seniority within the firm to undertake these roles. Whilst some senior or managing partners might wish to take on these roles, firms, particularly larger firms, need to consider whether senior or managing partners will be able to devote the time necessary to the role.
Q5. Can a barrister be a COLP?
A. Yes. A COLP can be an individual who is a lawyer of England and Wales who is authorised by an Approved Regulator; or a Registered European Lawyer (REL) or European lawyer regulated by the Bar Standards Board.
Q6. As a non-lawyer already responsible for compliance in my practice, can I be the COLP?
A. No. A COLP must be an individual who is a lawyer of England and Wales who is authorised by an Approved Regulator; a Registered European Lawyer (REL) or European lawyer regulated by the Bar Standards Board.
A COLP may be able to delegate some of the day-to-day functions to other persons within the firm, but the responsibility of the role cannot be delegated.
Q7. How can a sole practitioner fulfil the COLP and COFA roles?
A. Regulation 4.8 of the SRA Practising Regulations 2011 requires a sole practitioner to have an individual who is designated as the COLP and as the COFA. Where the firm is a recognised sole practitioner, the designated individual could either be the sole practitioner, or an employee of the sole practitioner, provided they meet the relevant criteria and their designation is approved by the SRA. The same person can take on the role of both the COLP and the COFA.
Q8. Does the reference to an "individual" in rule 8 of the Authorisation Rules 2011 include a body corporate? Our partnership is primarily made up of limited company partners.
A. A body corporate cannot be an organisation's COLP or COFA. This is because Rules 8.5(b) and (f) of the SRA Authorisation Rules require the COLP and COFA to be an individual manager or employee, and this does not include a body corporate. Following this, the partnership will need to appoint an individual to this role.
In addition to this, each corporate partner will also need to appoint a COLP and COFA who is a manager or employee of that body (unless, in respect of a COLP, they come within rule 8.5(h) of the Authorisation Rules, and therefore the appointed COLP does not necessarily need to be a manager or employee of that body). If the COLP does not come within the scope of this rule, it may be possible to apply for a waiver from this requirement in respect of both a COLP and a COFA. Applications for a waiver should be made to the Ethics Guidance Team, view further information on the criteria that will be applied.
Q9. We are considering nominating an individual who is self-employed and will be "employed" by the firm via a Service Level Agreement with a fixed time commitment for which the firm would have exclusive right. It is intended that the individual will take up the post on a part-time basis. Is this acceptable?
A. In accordance with rule 8.5(d)(i) of the SRA Authorisation Rules 2011, a COLP must be an individual who is a manager or employee of the authorised body. It will be necessary to be satisfied that the individual comes within the definition of "employee" which is set out in the SRA Handbook Glossary. You should note that this is not a legal or tax definition so it is possible to come within the definition notwithstanding the fact that the individual may be remunerated on a self-employed basis.
It may be possible for the role to be undertaken on a part-time basis. However, how feasible this will be will be dependent on the size and nature of the firm, its work and areas of risk.
Q10. Can the same individual fulfil both the roles of COLP and COFA?
A. Yes, in principle, however, these are important roles and both you and your compliance officers (before agreeing to take on the roles) must be satisfied that they will have sufficient time to fulfil their responsibilities. You will therefore need to take into account, for example, the size of the firm - the number of employees and branch offices, the locations of the firm, the complexity of the work undertaken and the firm's risk profile.
Q11. Does an in house practice need to appoint a COLP and COFA?
A. No, the rules only apply to authorised bodies and recognised sole practitioners.
Q12. What approach will the SRA take to approving nominations?
A. We will take a proportionate approach to approving nominations, looking particularly at two risks:
- that the nominated individuals are not qualified or suitable to undertake the role; and
- that the senior managers in firms and their nominees have not actively engaged in the nomination process and do not properly understand their regulatory obligations and/or have the capability to deliver them.
Individual COLP and COFA nominees will be checked and the degree of intensity will be risk based.
Q13. Are COLPs and COFAs ultimately responsible for all compliance issues in firms?
A. No, the SRA has made it clear that managers of the authorised bodies will ultimately be responsible and cannot delegate this responsibility to the COLP/COFA. However, Compliance Officers must take all reasonable steps to ensure compliance and also have specific responsibilities in regard to the recording and reporting of failures in compliance breaches. It is an important role and individuals can be fined if they are found to have failed to comply with their obligations under the Rules. If the COLP/COFA does not receive the necessary support from the managers, they should consider withdrawing their consent to undertake this role.
In an Authorised Body which is a Recognised Body, at present the SRA has the power to fine a COLP/COFA £2,000 under section 44D of the Solicitors Act 1974, with the SDT having unlimited fining powers. Where the firm is a Licensed Body (i.e. an ABS), the SRA's powers increase to £250million for the body itself, and for Authorised Persons within the ABS the limit is £50 million.
Q14. Is the COFA responsible for having systems in place in accordance with sound financial and risk management principles within the firm as required by Principle 8 of the SRA Principles 2011?
Q15. If the authorised body or sole practitioner has an overseas branch office, does the remit of the COLP/COFA role extend to these overseas activities?
A. The remit of the COLP and COFA extends to all offices of an authorised body and this will include any branch offices based outside England and Wales. This can be distinguished from a situation where there may be overseas firms operating as part of a group, but where some of the firms are not authorised by the SRA. Whilst solicitors may still practise in overseas practices (rule 1.2 of the Practice Framework Rules) there is no requirement for such firms to have a COLP or COFA.
Q16. Has the format of the annual report been finalised yet?
A. The format of the annual report has not yet been finalised. In a recent speech at the Law Society Risk and Compliance Conference, the Executive Director of Education and Training, Supervision, Authorisation and International Affairs, Samantha Barrass, indicated that as part of the SRA's Red Tape Initiative, the SRA is likely to dispense with the requirement that Authorised Bodies must submit an annual information report to the SRA. Read - Reporting requirements eased on non-material breaches.
Q17. When is the Annual Report required to be delivered to the SRA?
A. The SRA is in the process of determining when the Annual Report must be submitted to the SRA. This has not yet been decided and you will be notified in due course. You can sign up to receive regular updates from the SRA websites.
Q18. Is it expected that the Annual Report prepared by the COFA would be attached to the AR1 submitted by the firm's appointed Reporting Accountant?
Q19. Do you have any views over how long the period 'as soon as reasonably practicable' is, in respect of a COFA reporting 'material' breaches, particularly in larger law firms. Is there a maximum time limit?
A. We would expect the COFA to report a material breach to the SRA within 24 hours of it being discovered. You should not wait until the completion of any internal investigation before making your report.
Q20. Is a reporting accountant required to check an authorised body's register of breaches? Is there an obligation on the authorised body to provide the accountant with this information?
A. An authorised body is not obliged under the SRA Accounts Rules 2011 ("SAR") to provide a copy of the register of breaches to its reporting accountant, nor is the reporting accountant required to request a copy of and to review the register. Following this, the reporting accountant is not required to list the breaches uncovered by the firm's COFA in the accountant's report (unless of course those breaches are discovered by the accountant as part of his review of the accounting records under Part 6 of the SAR).
The reason for this is that the roles of a firm's COFA and its reporting accountant are intended to fulfil different functions. A firm's COFA is obliged to monitor and ensure on a day-to-day basis compliance with the SAR and to record any failure to comply. They must also report as soon as reasonably practicable to the SRA any failure to comply with these rules, unless the breaches are non-material in which case the firm must provide an annual information report. For proposed changes to the requirement to report non-material breach please see Q17 above.
A reporting accountant has a different role in relation to SAR compliance: his role is to carry out an independent series of tests and checks as specified in Part 6 of the SAR once a year (or more frequently if the authorised body is subject to a condition requiring a more frequent submission of accountant's reports). His role is not to oversee the work of the firm's COFA.
However, outside of their role as the reporting accountant, the accountant may be able to assist the firm in considering breaches identified by the COFA and advising on any problems with its accounting systems and procedures. Carrying out this additional work once the accountant's report is completed will remove the danger that the accountant will lose his independence of approach when preparing the accountant's report.
Q21. In Chapter 10 of the Code, the SRA refers to a general obligation on firms and individuals to report "serious" breaches "promptly" to the SRA, whereas a COLP/COFA needs to report "material" breaches as "soon as reasonably practicable". What is the difference between "material" and "serious", and "promptly" and "as soon as reasonably practicable"?
A. In practice there is no difference. The firms and the COLPs and COFAs need to exercise common sense and judgement on what matters need to be raised immediately with the SRA and those which do not. The starting point is the SRA Principles and whether these have been or may have been compromised in a way that the firm is worried about. A failure may be material either of itself or as part of a pattern of failures to comply. When deciding whether the matter is reportable, points to consider are:
- how prolonged is this issue?
- how severe is the problem?
- are clients' interests at risk?
- is there a risk to client money?
- can you still say that you are being open with the SRA if you keep this information to yourself?
If in doubt, firms and their COLPs and COFAs should contact the SRA anyway. You can do this by emailing us.
Q22. What is the difference between the reporting requirements in Chapter 10 of the Code (O(10.4), and the obligations on COLPs and COFAs to report material breaches in rule 8.5 of the SRA Authorisation Rules 2011. What is the time limit for reporting under both of these sets of requirements?
A. The reporting requirements in Chapter 10 cover a wide range of obligations. They apply to not only COLPs and COFAs, but also to "you"; generally - see Chapter 13 in the SRA Code of Conduct. For example, Chapter 10 could apply to an employee working in a firm, whether they are qualified or not.
Absence or leaving
Q23. Is there a process for emergency approval of a COLP or COFA?
A. If an authorised body ceases to have a COLP or COFA for whatever reason e.g. incapacity of COLP or COFA, the authorised body must immediately and within seven days notify the SRA and appoint another COLP or COFA.
If you have sufficient notice that the firm's COLP or COFA is going to leave, we would expect you to apply in advance for approval of the new compliance officer. You should allow at least a month for this process to be completed.
If you do not have sufficient notice, you should contact the SRA as soon as possible requesting temporary emergency approval of the compliance officer and you should explain your reasons for the request.
Where a compliance officer is likely to be absent for any length of time they may need to be replaced. Your practice should discuss with the SRA whether replacement is appropriate action for you to take.
Q24. What happens if the COLP or COFA leaves the firm after the SRA has approved their nomination?
A. Firms should ensure that, if their Compliance Officer is to leave the firm, steps are taken immediately to identify and obtain approval for a new Compliance Officer. However, rule 18 of the SRA Authorisation Rules 2011 does allow for temporary emergency approval for Compliance Officers in limited emergency situations.
Q25. Is it advisable to appoint a deputy COLP/COFA in case one of the compliance officers leaves or is absent?
A. The only requirement under rule 8.5 of the SRA Authorisation Rules 2011 ('AR') is to appoint a COLP or a COFA and such appointments must first be approved by the SRA under Part 4 AR. Whilst compliance officers may delegate their day-to-day functions, they cannot delegate their responsibility for meeting their obligations under rule 8.5. Accordingly, the role of a 'deputy' is not formally recognised and the SRA will not approve such persons unless and until an application is made for them to become the COLP or COFA.
From a practical point of view, there may nevertheless be good reasons to appoint a deputy compliance officer. For example, guidance note (xi) to rule 8 of the SRA Authorisation Rules highlights the need to deal with the unexpected absence of a compliance officer. Depending on the size and complexity of the firm, the appointment of a deputy may be an effective way of controlling the risk to compliance in such circumstances and contribute towards achieving outcomes (7.2) - (7.4) of the SRA Code of Conduct 2011.
However, whilst it is accepted that compliance officers will sometimes be absent (e.g. standard holidays or temporary illness), you will need to consider carefully whether the firm is still compliant if the compliance officer is unable to fulfil his or her responsibilities for more than a short period and thus, whether this triggers the need to notify the SRA under rule 8.7 AR. If so, then you will need to apply for a new compliance officer to be appointed, even if only on a temporary basis (see rule 18 AR on making an application for temporary emergency approval). In exercising your judgement, you should take into account of all the circumstances, including the size and complexity of the firm.