- Who should we appoint as our COFA (compliance officer for finance and administration)?
- Other than compliance with the Solicitors Accounts Rules, what other examples of financial non-compliance may occur in law firms?
- What are the most common breaches of the rules in law firms?
- What do fee-earners need to do about financial compliance?
- What breaches should a COFA record in their breach register?
- How should the COFA be notified of breaches?
- What format should the breach register take?
- When do we need to report a breach to the SRA?
- How do we make sure the firm’s accounting systems are robust?
- How are cyber security issues affecting accounting systems in law firms?
- What compliance checks should the COFA undertake?
- How often should the COFA undertake internal reviews for Accounts Rules compliance?
- How should the COFA select which files they should review for Accounts Rules compliance?
- If the law firm COFA is absent for any reason, what should the law firm do?
- What responsibility does the COFA have if they suspect the law firm is in financial difficulty?
- As COFA, how do I protect myself?
- Does the firm need a client account?
- Does the firm need to have an accountant’s report prepared?
- What should the firm do to prepare for the work by the reporting accountant?
- What will the reporting accountant look at in terms of the practice’s accounting systems during their annual review work?
- What steps do I need to take before paying any residual client balances to charity?
- What steps can I take to prevent further residual balances occurring in the law firm?
- What are the rules on providing banking facilities through a client account?
- When would our reporting accountant need to qualify our Accountants’ Report and submit it to the SRA?
- What should the reporting accountant provide to the law firm after each year’s review?
- What is the likely impact of the revised SRA rules due in Spring 2019?
- How is the definition of client money due to change under the proposed new rules?
- What will the new rules mean for our accounting system and processes?
Rosy Rourke, legal sector director, Armstrong Watson, responds to questions about compliance with the Solicitors Accounts Rules and who needs to be involved.
1. Who should we appoint as our COFA (compliance officer for finance and administration)?
The COFA must be an employee, but not necessarily a manager of the practice. They need to be approved by the SRA for the role and to have consented to the role. Additionally, they must be of sufficient seniority within the practice to carry out the role. The COFA does not need to be a lawyer.
The role is largely concerned with the Solicitors Accounts Rules, so a good understanding of those is vital. In addition, the COFA should have a good understanding of finance in general and the financials of the practice.
Ultimately, who is appointed to the role will depend on the size of your practice and what suits the needs of the firm. Many sole practitioners will also be their own COFA. In large practices, the COFA will be a full-time role held by a finance partner/director or someone who leads the finance team. Whoever you choose, the COFA does require the right level of gravitas to fulfil the role.
2. Other than compliance with the Solicitors Accounts Rules, what other examples of financial non-compliance may occur in law firms?
Lawyers have an obligation to run their business and carry out their roles in accordance with proper governance and sound financial and risk management principles, so financial non-compliance should not regularly occur. However, some examples are:
- not filing statutory accounts with the relevant bodies on time;
- not filing tax returns on time;
- not paying tax liabilities on time;
- owners over-drawing where the practice cannot necessarily afford to fund those drawings.
3. What are the most common breaches of the rules in law firms?
In our experience, the most common breaches are as follows:
- Residual balances (Rule 14.4). At the end of a matter, small balances are often left in client account instead of being returned to the client. The rule states that the money should either be returned or, if there is good reason to retain it, the solicitor should write to the client to explain how much is being held and why, and write to confirm that annually thereafter. This is a recurring breach for many law firms. Depending on the extent of the breach, sometimes it is reportable to the SRA, and sometimes it is not.
- Transferring money for fees (Rule 17.3). Often solicitors fail to transfer money from the client account to the office account within 14 days (days not working days!) following a bill having been raised. The money in client account is automatically earmarked for costs as soon as a bill has been raised. For money not to be earmarked, there needs to be a good reason which has been communicated to the client and recorded with narrative on the client ledger.
- Bank account titles. Many law firms have difficulty ensuring that their client bank accounts have the correct titles. Words are often abbreviated, eg client to clt or limited to ltd, or if there is a maximum number of characters allowed within the title, the law firm name may be shortened.
4. What do fee-earners need to do about financial compliance?
Fee-earners have a lot to do in their everyday work, so can become over-reliant on the accounting team for compliance.
All fee-earners within the practice should have a good understanding of the rules. They should have regular training and updates on the rules to ensure ongoing compliance.
It is important to instil a firm-wide culture of financial compliance. The breach register, file reviews and health checks should be highlighted and discussed with the management of the practice to reinforce its importance to all.
5. What breaches should a COFA record in their breach register?
All breaches, no matter how minor, should be recorded in the breach register.
If a law firm has no breaches in its register during an accounting period, I’d question if the reporting processes are working effectively.
6. How should the COFA be notified of breaches?
All employees within the practice should be aware of their obligations with regard to the Solicitors Accounts Rules. They should report any breach or suspected breach to the COFA immediately.
In addition, the systems and reporting lines that you have put in place should work to identify and highlight minor/trivial breaches with ease.
7. What format should the breach register take?
There is no prescriptive guidance on the format of the breach register, but it should be capable of being interrogated easily; for example, by filtering and categorising.
The register should also contain sufficient detail for the COFA to use it as a management tool to identify trends and issues. For example, the register might include the rule number and name as well as amounts, frequency and timings of rectification.
In its most simple format, Microsoft Excel will work for most practices.
8. When do we need to report a breach to the SRA?
When a breach should be reported is very subjective and is based on materiality.
When considering the materiality of a breach, the COFA should consider:
- the amounts involved;
- whether there is any loss to a client;
- whether there is a systematic failure in controls within the practice;
- whether it forms part of a pattern of breaches;
- how quickly it was discovered and rectified.
Whatever your decision on materiality, you must be comfortable that you can justify your decision. It would be useful to document that from a reporting accountant’s perspective.
If you decide a breach is material and should be reported, it isn’t necessarily the end of the world. This can in fact be an indication of good risk management. You should ensure the report is clear and transparent.
9. How do we make sure the firm’s accounting systems are robust?
As COFA you have responsibility for having systems in place which ensure sound financial and risk management of the practice. As such you need to have access to all management information systems and business information.
10. How are cyber security issues affecting accounting systems in law firms?
As everyone is aware, law firms are at particular risk of cyber crime due to the large amounts of client monies held and financial transactions undertaken. It is not just the accounting systems that are affected, but all systems within the law firm.
Specifically with regard to the accounting function, the following areas should be considered:
- How you communicate and collect client data such as bank details. Email may not be secure. Face-to-face meetings are the safest way, but letter is another option, or fax (if still used).
- Everyone in the firm needs to be given regular updates of the risks and ever-evolving technologies used by fraudsters, so that they can identify a potential scam and question instructions which may not feel quite right.
- Provide your bank details to clients in a secure manner at the outset of the transaction. Make it clear that this will not change during the course of the transaction.
- Check the practice’s bank statements on a regular basis. Highlight anything that seems unusual or cannot be identified with your bank immediately.
11. What compliance checks should the COFA undertake?
The role of COFA should not be treated as a one-off tick box exercise – it is a continuous, ongoing process of compliance. Every COFA should have systems in place to monitor that compliance.
Regular file reviews and health checks should be undertaken. This ensures that processes and procedures are being followed. It also encourages a culture of accountability and openness with fee-earners, which will allow effective supervision.
12. How often should the COFA undertake internal reviews for Accounts Rules compliance?
Ideally, as a minimum the COFA should review at least one file from every fee-earner over the course of a year. So the frequency will depend on the size of the practice.
That is not to say that a practice with two fee-earners should only have a review twice a year. Our suggestion would be monthly or at least quarterly reviews.
13. How should the COFA select which files they should review for Accounts Rules compliance?
How the sample is selected will be driven to some extent by the size and make up of your firm. As a minimum, a file from each department should be included in each review where possible.
When starting to implement the reviews, a good starting point for file selection would be any departments or fee-earners who regularly appear on your breach register.
14. If the law firm COFA is absent for any reason, what should the law firm do?
As with any role, there will be times when the COFA is absent for short periods, such as annual leave or short-term illness. As part of the COFA’s role, the ongoing compliance processes of the practice should be designed to be capable of continuing whilst the COFA is absent. This includes ensuring that any issues that arise are still identified and can be rectified without the COFA.
Occasionally, there will be circumstances where the COFA is unable to fulfil the role for a longer period of time, perhaps through long-term illness, or even on a more permanent basis such as dismissal. In these cases, you should immediately – and certainly within seven days – notify the SRA of the absence, select another suitable individual to undertake the role and apply for temporary emergency approval. As part of the temporary approval process, you must include the reason why temporary approval is required.
15. What responsibility does the COFA have if they suspect the law firm is in financial difficulty?
In addition to the COFA’s role relating to the SRA’s Accounts Rules, the COFA also has responsibilities to report the practice should it be in serious financial difficulties.
If you hold the role of COFA, you need to ensure that you have access to all information on the practice’s overall financial position in order to recognise if the practice is in difficulty.
The areas that should be focused on with regard to good financial management are the working capital and credit control procedures of the firm.
16. As COFA, how do I protect myself?
As part of accepting and consenting to the role of COFA, you must consider your own personal liability. You should consider if you are satisfied that the practice has the appropriate safeguards in place.
You should also reach an agreement with the practice as to the best way to protect yourself against any personal liability. There are a number of options as to how you could do this, including an indemnity agreement, an endorsement on the practice’s PII policy, or a specific insurance product.
Ultimately, the responsibility for compliance rests with the managers of the practice but a COFA may find regulatory action is taken against them where they fail to meet their responsibilities. The SRA has stated that COFAs will not be ‘sacrificial lambs’ if a practice has a practice-wide culture of non-compliance. If this is the case, you should question if the role is being undertaken effectively, and whether a report should be made to the SRA, even if against the wishes of the managers of the practice.
17. Does the firm need a client account?
Under the current rules, if the practice is going to handle client money a client account is required.
The new rules due to be introduced in late 2018 provide some alternatives to the use of client accounts. (See 26, below.)
18. Does the firm need to have an accountant’s report prepared?
If a practice holds client money, it is usually required to obtain an accountant’s report within six months of the end of the accounting period.
There are some exceptions to the above, as follows:
- If a practice only holds money for legal aid, then a report will not be required.
- If during an accounting period the balance on the practice’s client account does not exceed £10,000 on average, and the maximum balance at any one time does not exceed £250,000, then a report will not be required.
The practice must still carry out reconciliations of the client accounts at least every five weeks. These reconciliations will be used to establish if the practice satisfies the exemption criteria above.
19. What should the firm do to prepare for the work by the reporting accountant?
Much of what the reporting accountant will require for their work should be readily available, as part of the month-end processes of the practice. The reporting accountant should make you aware of exactly what they require in advance of the work commencing. This will include a sample of files from your client matters listing which they will need to review.
The accountant will also need details of all the practice’s bank, building society etc accounts held or operated throughout the year.
You must provide all information that is requested by the accountant.
20. What will the reporting accountant look at in terms of the practice’s accounting systems during their annual review work?
The rules regarding what the reporting accountant should look are much less prescriptive now. What they look at and the work they perform will be based on their professional judgement of what they require in order to assess the risk to client monies.
Much of the focus of the reporting accountant is looking at the systems, processes and controls of the practice. The accountant is likely to want to document what systems and controls are in place in terms of the accounting and finance function, and to test them. The COFA and members of the finance function should be available throughout the on-site visit to help.
If the systems and controls of the practice are strong and through testing are determined to be working effectively, the accountant may assess that the risk to client money is lower. If so, the testing of the detailed individual transactions may be reduced in some areas.
The accountant is expected to submit their report to the SRA if the systems and controls of the practice are judged to be weak, or are not sufficient for the size and complexity of the practice.
21. What steps do I need to take before paying any residual client balances to charity?
Rule 14.3 of the SAR requires client monies to be returned to the client once their matter is complete. Although this sounds simple, there are many occasions where client funds remain unclaimed.
Since October 2014, residual client balances under £500 can now be dealt with by the practice without authorisation from the SRA. However, certain steps still need to be taken before paying that money to charity.
Firstly, you must establish who the owner of the funds is and make reasonable attempts to trace them. What is reasonable should be assessed with reference to the amount of funds held and the costs associated with tracing them.
If your client can be traced but fails to cash the cheque/provide instructions etc, you should advise the client that you will apply to the SRA for authority to pay the money to charity and will do so unless you hear to the contrary within a stated and reasonable amount of time. A record of the steps taken should be kept.
If your client cannot be traced, providing the balance is less than £500, you should donate the money to charity. You should maintain a central register which details the name of the client, the amount held, the name of the charity and the date the payment to charity was made.
Should the amount held exceed £500, then SRA approval is required. The SRA will need to know the name of the client, the amount held, the length of time the amount has been held and what attempts you have made to contact the owner.
22. What steps can I take to prevent further residual balances occurring in the law firm?
In order to prevent further residual balances occurring, the practice should have a robust file closure procedure that does not allow files and matters to be closed where client money is still held.
The practice should agree at the outset of the retainer about how surplus funds will be dealt with. This may be included in your client-care letter or terms and conditions.
Gathering additional information from clients to allow them to be traced, such as a national insurance number or their bank account details in order to make direct payments, may also be useful. Remember, being unable to trace your clients may be viewed as poor practice management.
Finally, if you are involved in a merger or acquire another law firm practice, you should not accept liability for any client money which does not have an accompanying client file and details.
23. What are the rules on providing banking facilities through a client account?
A practice must not provide banking facilities through its client account. Any client money transaction must be related to an ongoing legal transaction or to a service as part of your regulated activities.
Throughout your relationship with the client, you should question why you are receiving or holding funds and for what purpose. Your client account is not there for the client’s convenience.
The rules reduce the risk of money laundering through the client account. In addition, by providing banking facilities to a client you may inadvertently be helping them shield monies from an insolvency situation or facilitating financial, tax or benefit fraud.
24. When would our reporting accountant need to qualify our Accountants’ Report and submit it to the SRA?
Since November 2015, the SRA has modified its approach to the accountant’s report, and now only requires qualified reports to be submitted. Your accountant will be expected to use professional judgement when preparing the report and in deciding if it should be submitted.
The SRA’s view is that reports should only be submitted where the breach is material and client money is at risk. A material breach may be one where there is intention to breach the rules, or if there is a significant weakness in the processes and controls in the practice which has led to the breach.
Most firms will have trivial non-reportable breaches. These should still be monitored by the practice in their breach register and reviewed by the reporting accountant, as repetitive trivial breaches may indicate poor systems and controls.
In addition, under the current rules, all ‘cease to hold’ reports (if your firm ceases to hold client money) must also be delivered to the SRA. This applies whether a report is qualified or not, and even if the practice still exists but has only changed its legal entity (such as on incorporation).
25. What should the reporting accountant provide to the law firm after each year’s review?
The reporting accountant must provide the COFA of the practice with a signed copy of the report, whether qualified or unqualified. The COFA should ensure that all managers of the practice have access to and have seen the report. The report must be signed and delivered to the COFA within six months of the end of the accounting period.
There is no longer a checklist for completion by the reporting accountant.
I would expect the reporting accountant to provide the practice with a management letter which details any breaches (reportable or non-reportable) found through their work, together with pro-active suggestions for improvement. In addition, any best practice points where systems and processes could be improved would also be detailed.
Although it may be agreed with the reporting accountant that they will submit any reports that are required to be submitted to the SRA, the ultimate responsibility for delivery is with the practice itself.
26. What is the likely impact of the revised SRA rules due in Spring 2019?
The new rules were published in draft by the SRA in June 2017.
Although there is a lot of change, ultimately the underlying principles remain the same. Further guidance is still to be issued on the exact implementation, but the main areas of change are expected to be as follows:
- A revised definition of client money.
- Obligation to notify a client of bill of ‘costs’ prior to transfer, rather than ‘fees’. The definition of ‘costs’ includes disbursements, so it would seem that it will not be allowable to transfer funds from client to office to cover paid disbursements without delivering a bill to the client.
- Under the new rules, monies from the Legal Aid Agency can still be paid into office account. What has changed is the need to either pay unpaid disbursements within 14 days or transfer the unpaid amounts from office to client account. The funds can now remain in the office account until required. It would still constitute a breach should a practice hold funds indefinitely by delaying payments intentionally.
- Only ‘cease to hold’ reports where a practice has shut down and closed its client account will be required to be submitted to the SRA.
- If the only client money that a firm holds is payment in advance for fees and disbursements, these monies can be paid into office account. This treatment is optional and is for those firms that do not wish to operate a client account. If you have a client account and wish to continue to operate it, then you can continue as you currently do.
- The introduction of third party managed accounts as an alternative to holding client monies.
27. How is the definition of client money due to change under the proposed new rules?
The definition of client money is no longer changing as originally proposed. Rather than change the entire definition of client money, the revised Rule defines the client money which must be held in client account. Included in the definition is monies paid in advance for fees and disbursements before a bill has been raised.
An exemption is provided for firms where the only client monies held are for advance fees or disbursements. Those monies can now be held outside of client account, so a client account is no longer required.
The revised Rule allows firms to continue to deal with client money in the same way as they currently do.
To help protect clients where advance payments for fees and disbursements are held in office accounts, the client must be informed upfront. The COFA is required to monitor the processes and controls within a firm operating under the exemption. The SRA has confirmed that clients will still have access to the compensation fund for those monies should the worst happen.
28. What will the new rules mean for our accounting system and processes?
Exactly what the impact of the new rules will be is still to be determined. Matters will become clearer once additional guidance in the form of toolkits is released by the SRA.
From what we currently know, there are no substantial changes to the rules that should require your accounting systems and processes to be changed. If they are currently working effectively, it is likely that they will not need to be changed at all.
As part of good financial management of a practice, systems and processes should be reviewed regularly for any potential improvements – whether as part of updated regulation, or for efficiency and effectiveness.