- Who should we appoint as our COFA (compliance officer for finance and administration)?
- Other than compliance with the Solicitors Accounts Rules, what other examples of financial non-compliance may occur in law firms?
- What are the most common breaches of the rules in law firms?
- What do fee-earners need to do about financial compliance?
- What breaches should a COFA record in their breach register?
- How should the COFA be notified of breaches?
- What format should the breach register take?
- When do we need to report a breach to the SRA?
- How do we make sure the firm’s accounting systems are robust?
- How are cyber security issues affecting accounting systems in law firms?
- What compliance checks should the COFA undertake?
- How often should the COFA undertake internal reviews for Accounts Rules compliance?
- How should the COFA select which files they should review for Accounts Rules compliance?
- If the law firm COFA is absent for any reason, what should the law firm do?
- What responsibility does the COFA have if they suspect the law firm is in financial difficulty?
- As COFA, how do I protect myself?
- Does the firm need a client account?
- Does the firm need to have an accountant’s report prepared?
- What should the firm do to prepare for the work by the reporting accountant?
- What will the reporting accountant look at in terms of the practice’s accounting systems during their annual review work?
- What steps do I need to take before paying any residual client balances to charity?
- What steps can I take to prevent further residual balances occurring in the law firm?
- What are the rules on providing banking facilities through a client account?
- When would our reporting accountant need to qualify our Accountants’ Report and submit it to the SRA?
- What should the reporting accountant provide to the law firm after each year’s review?
- What has the impact been of the revised SRA rules since 25 November 2019?
- How has the definition of client money changed under the new rules?
- What will the new rules mean for our accounting system and processes?
Rosy Rourke, legal sector director, Armstrong Watson, responds to questions about compliance with the Solicitors Accounts Rules and who needs to be involved. (Updated 25 November 2019)
1. Who should we appoint as our COFA (compliance officer for finance and administration)?
The COFA must be an employee, but not necessarily a manager of the practice. They need to be approved by the SRA for the role and to have consented to the role. Additionally, they must be of sufficient seniority within the practice to carry out the role. The COFA does not need to be a lawyer.
The role is largely concerned with the Solicitors Accounts Rules, so a good understanding of those is vital. In addition, the COFA should have a good understanding of finance in general and the financials of the practice.
Ultimately, who is appointed to the role will depend on the size of your practice and what suits the needs of the firm. Many sole practitioners will also be their own COFA. In large practices, the COFA will be a full-time role held by a finance partner/director or someone who leads the finance team. Whoever you choose, the COFA does require the right level of gravitas to fulfil the role.
2. Other than compliance with the Solicitors Accounts Rules, what other examples of financial non-compliance may occur in law firms?
Lawyers have an obligation to run their business and carry out their roles in accordance with proper governance and sound financial and risk management principles, so financial non-compliance should not regularly occur. However, some examples are:
- not filing statutory accounts with the relevant bodies on time;
- not filing tax returns on time;
- not paying tax liabilities on time;
- owners over-drawing where the practice cannot necessarily afford to fund those drawings.
3. What are the most common breaches of the rules in law firms?
Under the rules in place until 25 November 2019, in our experience, the most common breaches are as follows:
- Residual balances (Rule 14.4). At the end of a matter, small balances are often left in client account instead of being returned to the client. The rule states that the money should either be returned or, if there is good reason to retain it, the solicitor should write to the client to explain how much is being held and why, and write to confirm that annually thereafter. This is a recurring breach for many law firms. Depending on the extent of the breach, sometimes it is reportable to the SRA, and sometimes it is not.
- Transferring money for fees (Rule 17.3). Often solicitors fail to transfer money from the client account to the office account within 14 days (days not working days!) following a bill having been raised. The money in client account is automatically earmarked for costs as soon as a bill has been raised. For money not to be earmarked, there needs to be a good reason which has been communicated to the client and recorded with narrative on the client ledger.
- Bank account titles. Many law firms have difficulty ensuring that their client bank accounts have the correct titles. Words are often abbreviated, eg client to clt or limited to ltd, or if there is a maximum number of characters allowed within the title, the law firm name may be shortened.
Under the new rules it is likely that the first and final one of these will remain, but the second one will be entirely dependent on a firm’s individual policy.
4. What do fee-earners need to do about financial compliance?
Fee-earners have a lot to do in their everyday work, so can become over-reliant on the accounting team for compliance.
All fee-earners within the practice should have a good understanding of the rules. They should have regular training and updates on the rules to ensure ongoing compliance.
It is important to instil a firm-wide culture of financial compliance. The breach register, file reviews and health checks should be highlighted and discussed with the management of the practice to reinforce its importance to all.
5. What breaches should a COFA record in their breach register?
All breaches, no matter how minor, should be recorded in the breach register.
If a law firm has no breaches in its register during an accounting period, I’d question if the reporting processes are working effectively.
6. How should the COFA be notified of breaches?
All employees within the practice should be aware of their obligations with regard to the Solicitors Accounts Rules. They should report any breach or suspected breach to the COFA immediately.
In addition, the systems and reporting lines that you have put in place should work to identify and highlight minor/trivial breaches with ease.
7. What format should the breach register take?
There is no prescriptive guidance on the format of the breach register, but it should be capable of being interrogated easily; for example, by filtering and categorising.
The register should also contain sufficient detail for the COFA to use it as a management tool to identify trends and issues. For example, the register might include the rule number and name as well as amounts, frequency and timings of rectification.
In its most simple format, Microsoft Excel will work for most practices.
8. When do we need to report a breach to the SRA?
When a breach should be reported is very subjective and is based on materiality.
When considering the materiality of a breach, the COFA should consider:
- the amounts involved;
- whether there is any loss to a client;
- whether there is a systematic failure in controls within the practice;
- whether it forms part of a pattern of breaches;
- how quickly it was discovered and rectified.
Whatever your decision on materiality, you must be comfortable that you can justify your decision. It would be useful to document that from a reporting accountant’s perspective.
If you decide a breach is material and should be reported, it isn’t necessarily the end of the world. This can in fact be an indication of good risk management. You should ensure the report is clear and transparent.
9. How do we make sure the firm’s accounting systems are robust?
As COFA you have responsibility for having systems in place which ensure sound financial and risk management of the practice. As such you need to have access to all management information systems and business information.
10. How are cyber security issues affecting accounting systems in law firms?
As everyone is aware, law firms are at particular risk of cyber crime due to the large amounts of client monies held and financial transactions undertaken. It is not just the accounting systems that are affected, but all systems within the law firm.
Specifically with regard to the accounting function, the following areas should be considered:
- How you communicate and collect client data such as bank details. Email may not be secure. Face-to-face meetings are the safest way, but letter is another option, or fax (if still used).
- Everyone in the firm needs to be given regular updates of the risks and ever-evolving technologies used by fraudsters, so that they can identify a potential scam and question instructions which may not feel quite right.
- Provide your bank details to clients in a secure manner at the outset of the transaction. Make it clear that this will not change during the course of the transaction.
- Check the practice’s bank statements on a regular basis. Highlight anything that seems unusual or cannot be identified with your bank immediately.
11. What compliance checks should the COFA undertake?
The role of COFA should not be treated as a one-off tick box exercise – it is a continuous, ongoing process of compliance. Every COFA should have systems in place to monitor that compliance.
Regular file reviews and health checks should be undertaken. This ensures that processes and procedures are being followed. It also encourages a culture of accountability and openness with fee-earners, which will allow effective supervision.
12. How often should the COFA undertake internal reviews for Accounts Rules compliance?
Ideally, as a minimum the COFA should review at least one file from every fee-earner over the course of a year. So the frequency will depend on the size of the practice.
That is not to say that a practice with two fee-earners should only have a review twice a year. Our suggestion would be monthly or at least quarterly reviews.
13. How should the COFA select which files they should review for Accounts Rules compliance?
How the sample is selected will be driven to some extent by the size and makeup of your firm. As a minimum, a file from each department should be included in each review where possible.
When starting to implement the reviews, a good starting point for file selection would be any departments or fee-earners who regularly appear on your breach register.
14. If the law firm COFA is absent for any reason, what should the law firm do?
As with any role, there will be times when the COFA is absent for short periods, such as annual leave or short-term illness. As part of the COFA’s role, the ongoing compliance processes of the practice should be designed to be capable of continuing whilst the COFA is absent. This includes ensuring that any issues that arise are still identified and can be rectified without the COFA.
Occasionally, there will be circumstances where the COFA is unable to fulfil the role for a longer period of time, perhaps through long-term illness, or even on a more permanent basis such as dismissal. In these cases, you should immediately – and certainly within seven days – notify the SRA of the absence, select another suitable individual to undertake the role and apply for temporary emergency approval. As part of the temporary approval process, you must include the reason why temporary approval is required.
15. What responsibility does the COFA have if they suspect the law firm is in financial difficulty?
In addition to the COFA’s role relating to the SRA’s Accounts Rules, the COFA also has responsibilities to report the practice should it be in serious financial difficulties.
If you hold the role of COFA, you need to ensure that you have access to all information on the practice’s overall financial position in order to recognise if the practice is in difficulty.
The areas that should be focused on with regard to good financial management are the working capital and credit control procedures of the firm.
16. As COFA, how do I protect myself?
As part of accepting and consenting to the role of COFA, you must consider your own personal liability. You should consider if you are satisfied that the practice has the appropriate safeguards in place.
You should also reach an agreement with the practice as to the best way to protect yourself against any personal liability. There are a number of options as to how you could do this, including an indemnity agreement, an endorsement on the practice’s PII policy, or a specific insurance product.
Ultimately, the responsibility for compliance rests with the managers of the practice but a COFA may find regulatory action is taken against them where they fail to meet their responsibilities. The SRA has stated that COFAs will not be ‘sacrificial lambs’ if a practice has a practice-wide culture of non-compliance. If this is the case, you should question if the role is being undertaken effectively, and whether a report should be made to the SRA, even if against the wishes of the managers of the practice.
17. Does the firm need a client account?
Under the new rules that came into force on 25 November 2019, you no longer require a client account if the only client money received by you is advance payments for fees and unpaid disbursements (not including disbursements for which your client is liable, such as SDLT).
You also need to make sure that your client has been properly advised and given sufficient information about where their money will be held. You should explain that it will not be held on account for them, and may be held and used as part of the firm’s own money in their business account. The client can, therefore, make an informed decision about whether they wish their money to be held outside a client account or to consider an alternative.
A further option under the new rules would be the use of a third-party managed account.
18. Does the firm need to have an accountant’s report prepared?
If a practice holds client money, it is usually required to obtain an accountant’s report within six months of the end of the accounting period.
There are some exceptions to the above, as follows:
- If a practice only holds money for legal aid, then a report will not be required.
- If during an accounting period the balance on the practice’s client account does not exceed £10,000 on average, and the maximum balance at any one time does not exceed £250,000, then a report will not be required.
The practice must still carry out reconciliations of the client accounts at least every five weeks. These reconciliations will be used to establish if the practice satisfies the exemption criteria above.
19. What should the firm do to prepare for the work by the reporting accountant?
Much of what the reporting accountant will require for their work should be readily available, as part of the month-end processes of the practice. The reporting accountant should make you aware of exactly what they require in advance of the work commencing. This will include a sample of files from your client matters listing which they will need to review.
The accountant will also need details of all the practice’s bank, building society etc accounts held or operated throughout the year.
You must provide all information that is requested by the accountant.
20. What will the reporting accountant look at in terms of the practice’s accounting systems during their annual review work?
The rules regarding what the reporting accountant should look are much less prescriptive now. What they look at and the work they perform will be based on their professional judgement of what they require in order to assess the risk to client monies.
Much of the focus of the reporting accountant is looking at the systems, processes and controls of the practice. The accountant is likely to want to document what systems and controls are in place in terms of the accounting and finance function, and to test them. The COFA and members of the finance function should be available throughout the on-site visit to help.
If the systems and controls of the practice are strong and through testing are determined to be working effectively, the accountant may assess that the risk to client money is lower. If so, the testing of the detailed individual transactions may be reduced in some areas.
The accountant is expected to submit their report to the SRA if the systems and controls of the practice are judged to be weak, or are not sufficient for the size and complexity of the practice.
Following the new rules introduced on 25 November 2019, in addition to the above focus on systems, processes and controls, the Reporting Accountant also needs to examine the practice’s policies. Any testing undertaken needs to be tailored to the practice’s own policies in order to determine if the practice is following its own policies and procedures.
Given the absence of any transitional arrangements regarding the new rules, testing needs to be split into before and after the rule change, creating additional work for the Reporting Accountant.
21. What steps do I need to take before paying any residual client balances to charity?
Under the new rules that came into force on 25 November 2019, Rule 2.5 requires you to ensure that client money is returned promptly to the client as soon as there is no longer any proper reason to hold those funds.
Rule 5.1 governs withdrawals from a client account, and specifically 5.1 (c) states that you can only withdraw client money from a client account ‘on the SRA’s prior written authorisation or in prescribed circumstances’.
In October 2019 the SRA issued a statement with regard to these prescribed circumstances:
- The balance does not exceed £500 on any one client matter.
- The balance is paid to a charity of your choice.
- You have taken reasonable steps to return the money to the rightful owner.
- The steps taken in the above have been recorded and retained for six years.
- You keep appropriate accounting records, including:
- A central register of the rightful owner, the amount, name of charity and charity number and the date of payment;
- all receipts from the charity and confirmation of any indemnity provided against any legitimate claim subsequently made for the sum they have received.
- You do not deduct from the residual balance any costs incurred in attempting to trace or communicate with the rightful owner.
- For amounts over £500, SRA approval is required before removing from client account.
22. What steps can I take to prevent further residual balances occurring in the law firm?
In order to prevent further residual balances occurring, the practice should have a robust file closure procedure that does not allow files and matters to be closed where client money is still held.
The practice should agree at the outset of the retainer about how surplus funds will be dealt with. This may be included in your client-care letter or terms and conditions.
Gathering additional information from clients to allow them to be traced, such as a national insurance number or their bank account details in order to make direct payments, may also be useful. Remember, being unable to trace your clients may be viewed as poor practice management.
Finally, if you are involved in a merger or acquire another law firm practice, you should not accept liability for any client money which does not have an accompanying client file and details.
23. What are the rules on providing banking facilities through a client account?
A practice must not provide banking facilities through its client account. Any client money transaction must be related to an ongoing legal transaction or to a service as part of your regulated activities.
Throughout your relationship with the client, you should question why you are receiving or holding funds and for what purpose. Your client account is not there for the client’s convenience.
The rules reduce the risk of money laundering through the client account. In addition, by providing banking facilities to a client you may inadvertently be helping them shield monies from an insolvency situation or facilitating financial, tax or benefit fraud.
24. When would our reporting accountant need to qualify our Accountants’ Report and submit it to the SRA?
Your accountant will be expected to use professional judgement when preparing the report and in deciding if it should be submitted.
The SRA’s view is that reports should only be submitted where the breach is material and client money is at risk. A material breach may be one where there is intention to breach the rules, or if there is a significant weakness in the processes and controls in the practice which has led to the breach.
Most firms will have trivial non-reportable breaches. These should still be monitored by the practice in their breach register and reviewed by the reporting accountant, as repetitive trivial breaches may indicate poor systems and controls.
In addition, under the current rules, all ‘cease to hold’ reports (if your firm ceases to hold client money) must also be delivered to the SRA. This applies whether a report is qualified or not, and even if the practice still exists but has only changed its legal entity (such as on incorporation).
25. What should the reporting accountant provide to the law firm after each year’s review?
The reporting accountant must provide the COFA of the practice with a signed copy of the report, whether qualified or unqualified. The COFA should ensure that all managers of the practice have access to and have seen the report. The report must be signed and delivered to the COFA within six months of the end of the accounting period.
There is no longer a checklist for completion by the reporting accountant.
I would expect the reporting accountant to provide the practice with a management letter which details any breaches (reportable or non-reportable) found through their work, together with pro-active suggestions for improvement. In addition, any best practice points where systems and processes could be improved would also be detailed.
Although it may be agreed with the reporting accountant that they will submit any reports that are required to be submitted to the SRA, the ultimate responsibility for delivery is with the practice itself.
26. What has the impact been of the revised SRA rules since 25 November 2019?
The new rules came into force on 25 November 2019.
Although there was a lot of change, ultimately the underlying principles have remained the same. The focus is still on keeping client money safe.
The main areas of change were as follows:
- A revised definition of client money.
- Obligation to notify a client of a bill of ‘costs’ prior to transfer, rather than ‘fees’. The definition of ‘costs’ includes disbursements, so it would seem that firms are not allowed to transfer funds from client to office to cover paid disbursements without delivering a bill to the client.
- Under the new rules, monies from the Legal Aid Agency can still be paid into office account. What has changed is the need to either pay unpaid disbursements within 14 days or transfer the unpaid amounts from office to client account. The funds can now remain in the office account until required. It would still constitute a breach should a practice hold funds indefinitely by delaying payments intentionally.
- Only where a practice has shut down and closed its client account are ‘cease to hold’ reports required to be submitted to the SRA.
- If the only client money that a firm holds is payment in advance for fees and disbursements, these monies can be paid into office account. This treatment is optional and is for those firms that do not wish to operate a client account. If you have a client account and wish to continue to operate it, then you can continue as you previously did.
- The introduction of third-party managed accounts as an alternative to holding client monies.
As mentioned above in question 20, there are no transitional arrangements. Therefore it is vital that your practice has followed the new rules - and any new internal policies and procedures - immediately following the rule change on 25 November 2019. It is important that all partners, fee-earners and accounts/cashier staff are fully up to date and aware of the new rules.
27. How has the definition of client money changed under the new rules?
Rather than change the entire definition of client money, the revised Rule defines the client money which must be held in client account. Included in the definition is monies paid in advance for fees and disbursements before a bill has been raised.
An exemption is provided for firms where the only client monies held are for advance fees or disbursements. Those monies can now be held outside of client account, so a client account is no longer required.
The revised Rule allows firms to continue to deal with client money in the same way as they did previously.
To help protect clients where advance payments for fees and disbursements are held in office accounts, the client must be informed upfront. The COFA is required to monitor the processes and controls within a firm operating under the exemption. Clients will still have access to the SRA's compensation fund for those monies should the worst happen.
28. What will the new rules mean for our accounting system and processes?
Every practice should be reviewing and updating their policies and procedures and considering any updates required to these in order to implement the new rules.
This process should be well underway, as time should also be taken to consider the impact of the updates on your systems and controls - to ensure that they can support the required changes.
All fee earners, management and finance departments should be fully trained in the new rules. In addition, training is required around the impact the rules will have on your policies, procedures, systems and controls, to ensure that everyone is prepared to implement and be compliant from 25 November 2019.