Role reversal?

Following publication in December of a thematic review of the compliance officer roles in law firms, the Solicitors Regulation Authority (SRA) has recently closed its consultation in relation to client money that considers changes to the roles of compliance officers for legal practice (COLPs) and compliance officers for finance and administration (COFAs). 

The proposals aim to strengthen accountability in law firms by separating the compliance officer roles from those directing management decisions, in response to certain issues arising from the 2023 failure of Axiom Ince.

Increased scrutiny

It isn’t only the recent failures of some larger law firms – including the collapse of both PM Law and Hunters Solicitors – that have intensified scrutiny over how legal businesses are run and managed. The consolidation of the market is continuing apace. According to the SRA, the number of solicitors has risen by 17% to a record 171,000, yet the number of law firms has fallen below 9,000 for the first time in recent history.

The SRA has published a thematic review on the growth strategies adopted by firms and plans to consult on increasing its oversight of changes in firms’ risk profiles, including those resulting from mergers and acquisitions. Recent months have also seen greater regulatory focus on particular business models, including delegation and supervision arrangements in litigation following the case of Mazur v Charles Russell Speechlys LLP [2025] EWHC 2341 (KB) and arrangements for the handling and funding of volume claims.

Governance framework

The SRA requires law firms to have effective governance structures, arrangements, systems and controls in place to ensure compliance with regulatory and legal requirements – and to understand, document, mitigate and monitor risks to the business. So, firms must have clear policies and procedures for delegation, authorising instructions, and escalation and reporting. 

Background to compliance officer roles

In 2011, the SRA not only brought in a range of practice requirements and controls relating to the conduct of legal businesses – including mandatory approvals for managers, owners and compliance officers – but also introduced the compliance officer roles (COLP and COFA) for all authorised law firms across the board, from sole practitioners to large global corporates. The roles of COLP and COFA have a statutory footing for licensed bodies across all legal regulators in England and Wales.

The COLP (who must be an authorised lawyer) is responsible for ensuring that the firm – and its managers, employees and owners – comply with the SRA’s regulatory requirements, and that serious breaches of these requirements are reported to the SRA. They also act as the SRA’s main contact point for communications and compliance matters. The COFA has parallel responsibilities in relation to the SRA’s Accounts Rules, which govern the handling of client money.

Compliance officers therefore play a key role in a law firm’s governance framework: ensuring that there are policies, procedures and systems in place to allow the firm to operate in compliance with the SRA’s regulatory requirements, that effective training is carried out and that there are processes for escalating, recording and reporting any breaches.

Too much of a shift?

It’s been argued, however, that responsibility for regulatory compliance has shifted too far on to the shoulders of the COLP. In his research paper (CEPLER Working Paper Series 02/2016), Professor Steven Vaughan coined the phrase “COLPing mechanism” to describe the concept of lawyers placing reliance on the firm’s COLP to act as the firm’s moral compass and “do compliance” for them. 

This issue was also highlighted in the SRA’s thematic review on professional obligations (December 2024), which stated: “There is a culture of reliance in some firms on compliance officers for legal practice (COLPs), compliance teams and external compliance companies … an unchecked reliance on others can encourage a lack of responsibility and a dependency on the knowledge and skills of others. This increases the pressure, stress and workload of others in the firm.”

Compliance officer thematic review

It’s perhaps inevitable that the burden of compliance is taking its toll on many COLPs, as evidenced in the SRA’s thematic review that looks at the experience of those in the role. The SRA visited 25 law firms, spoke with 36 individuals and reviewed compliance policies, internal breach logs, and learning and development records. As ever, a thematic review can only provide a snapshot, but while the findings in the SRA’s report are necessarily limited, they do provide valuable insights. 

Overall, the report highlights risks arising from the way in which the compliance officer roles currently function. The central findings include:

• Such roles are seen as a regulatory necessity, taken up by default. There’s little competition for compliance officer appointments and a markedly low turnover rate (with 42% having stayed in the role since it was introduced); 39% feel it is of no career benefit. 
• Knowledge of the requirements of the roles is poor. Only one COLP the SRA spoke to could outline all the material requirements of their role. 
• Many (27%) find it hard to keep up with regulatory updates. Compliance officers spoken to had limited awareness of SRA resources and guidance – only half had read the SRA’s reporting and notification guidance, and just a fifth had reviewed its enforcement strategy. 
• A quarter of compliance officers had not undertaken any training related to their compliance role within the previous 12 months.

This is not to criticise individual COLPs or to undermine the hard work they carry out on a day-to-day basis, much of which is laid bare in the report. 

Strikingly, the report highlights that some compliance officers are left feeling isolated, especially when compliance issues conflict with business priorities, with over half feeling stressed because of the role: “This was driven by the high level of personal responsibility they felt for making sure that systems were in place to prevent regulatory breaches. Further stressors included the lack of time, support and internal resourcing for compliance officers. Almost half (47%) felt that their role was not acknowledged or valued by their firm.”

Where next?

Against this backdrop, the SRA recognises that there’s a strong case for undertaking a more fundamental review of the compliance regime, following the evaluation of the current proposals. These focus solely on individuals who unilaterally control significant management decisions in a firm, prohibiting them from holding the COLP or COFA role (subject to minimum thresholds).

As such, the proposals are likely to have limited impact, as they fail to address the need for greater bandwidth between compliance officers and senior leaders, or stronger checks and balances on executive decision-making. Nor do they address the reality of the position in most law firms – the review found that all compliance officers held at least one other role and that around 75% were also owners of the firm – or that, for those compliance officers interviewed as part of the review, independence was not highly rated as an important skill for the role. 

One alternative would be to look in more depth at how the compliance role operates in practice. Currently, the SRA’s approval process checks that the person is appropriately embedded in the firm (they must be a manager or employee) and that they are in a position of sufficient seniority and influence to be able to safeguard compliance across the firm, as well as having the time and expertise to fulfil their role. 

However, greater focus could usefully be given to the environment they operate within; the resources available to them (such as the appointment of deputies or processes to allow tasks to be delegated); and the governance arrangements in place to safeguard against undue influence and arbitrary decision-making (reporting procedures, processes to ensure free and unimpeded access to information, decision-making criteria and delegations).

Support from the SRA

The SRA has committed to producing further support, guidance and resources, all of which are welcome. This and previous thematic reviews have made it clear that many of its existing materials are not being viewed, and therefore it’s important that the SRA continues to raise awareness through its communication channels. 

The SRA has also indicated that it will consult on strengthening its continuing competence requirements, and so may feel that the compliance officer community is clearly indicated for mandatory training. However, mandatory training on professional obligations across the sector would help drive a greater shared understanding of the requirements for regulatory compliance, together with creating a shared sense of responsibility – a compliance culture.

In the meantime, law firms should look carefully at how they support compliance officers. In addition to the areas above, they may want to consider promoting the value of the role through reward and recognition, with objectives and incentives that support time spent on learning and development, plus succession planning and appointing delegates to avoid overreliance on a single person. Formalised processes for checking that staff are following policies and compliance officer instructions on the ground help to drive a compliance culture.

Balancing act

More widely, the SRA is developing its risk and intelligence capability and its oversight model. As discussed above, it is due to consult on greater controls and scrutiny around changes in firm profile. It has also indicated that it will be looking at what complaints it takes forward and those it doesn’t. A clear published framework to improve clarity and consistency over reporting will help alleviate this key area of anxiety for compliance officers. A focus on data governance is also of increasing importance to ensure that firms can support adoption of technology and AI and reduce the risks of inaccurate or biased outcomes.

However, making sure that clients and the public are adequately protected, while supporting economic growth and access to justice, is a hugely important but difficult balancing act. The SRA faces the challenge of rising numbers of complaints, plus public expectations that it will remove risk from the system and keep a downward pressure on its costs and those it imposes on firms – and ultimately the consumers of legal services.   

This is a timely reminder for all firms that have overall responsibility for the proper running of their business, to have systems in place to identify, manage and mitigate risk – which will help them to ensure they’re fit for the future.