Compliance roles under the spotlight

Last month, the Solicitors Regulation Authority (SRA) published its long-awaited thematic review of the compliance officer function, alongside a consultation proposing changes to strengthen the checks and balances provided by these roles.

Compliance officers for legal practice (COLPs) and compliance officers for finance and administration (COFAs) play a key role in understanding and maintaining regulatory compliance within firms, as well as recording and reporting regulatory breaches.

However, the SRA’s review highlights risks arising from the way these roles currently operate in practice, which has left compliance officers feeling undervalued and under-resourced.

SRA thematic review

The review was informed by visits to 25 firms and interviews with 36 individuals. The review’s key findings include:

• compliance roles are seen as a regulatory necessity, taken up by default – there is little competition for appointments and only 44% of compliance officers felt the role was acknowledged or valued.
• compliance officers typically hold multiple roles. All individuals interviewed held at least one additional position (including other compliance roles, or as fee-earners or supervisors), and around 75% were also owners of the firm.
• around 20% of compliance officers felt they didn’t have the resources that they needed to carry out their role effectively. Nearly half identified lack of time as their primary challenge. On average those spoken to spent only 26% of their time on compliance-related tasks.
• more than a quarter (27%) said they struggled to keep up with regulatory updates. Awareness of existing SRA guidance was limited: only 50% had read the SRA’s reporting and notification guidance, and just 19% had reviewed its enforcement strategy. One quarter had undertaken no training related to their compliance role in the previous 12 months.

SRA proposals

The consultation, which runs until 20 February 2026, seeks to strengthen accountability by separating the COLP and COFA roles from individuals who can unilaterally determine or direct significant management decisions within a firm.

The regulator acknowledges that this will not be practicable for all firms. As a result, the proposals are subject to minimum risk thresholds and would not apply to firms with an annual turnover below £600,000 and/or which held a client account balance of less than £500,000 at any point during the most recent reporting period.

There is also a limited exemption for sole owner-manager firms that are only captured because their client account balance exceeds £500,000. In these circumstances, the individual may continue to act as COLP, but not as COFA.

The SRA has also made the welcome commitment to developing additional guidance, tools and support for compliance officers.

Key points to consider

The consultation is a response to important issues arising from the Axiom Ince events. However, as the SRA has recognised, the review’s findings indicate that a more fundamental review of the compliance regime is needed. The SRA has indicated that this will follow evaluation of the consultation proposals once implemented.

In the meantime, firms and compliance officers may wish to engage actively with the consultation and consider:

• the proposed turnover and client balance thresholds as indicators of risk.
• how the roles might best be delivered in practice within the firm’s governance system as well as any challenges for sole owner-managers in appointing a separate COFA where the client balance threshold is met.
• how “unilateral “control over “significant” decisions should be understood in practice, given the absence of a detailed definition. And whether there are other scenarios which should be captured in order to safeguard the independence of the compliance function.
• what form of regulatory guidance and support would be most effective, and how best to raise awareness and strengthen compliance on the ground.

Firms may also wish to reflect more broadly on how they support compliance officers and create a culture where compliance is recognised as a shared responsibility. Areas to look at include:

• succession planning, reward and recognition - and how to demonstrate the value placed on the compliance officer role
• resilience, including the use of deputies or delegated responsibilities to avoid overreliance on a single individual
• training and development, and creating clear objectives and incentives to support ongoing regulatory awareness, and
• formalised systems and processes for record keeping and reporting, and for monitoring adherence to policies and compliance officer instructions across the firm.