The SRA is right to devolve compliance responsibility to firms, but they still need guidance.
The Solicitors Regulation Authority needs to clear this COFA confusion up once and for all. Honestly, we’ve had the compliance officers for 10 months or so and still people are clueless – it’s about time there was a definitive statement on this crucial knowledge gap.
Just how are you supposed to pronounce COFA? Does it rhyme with sofa or offer? I heard both versions at yesterday’s SRA conference and no one seems to know for sure.
Which is tricky because, if your dear regulator has its way, you’ll need to speak with compliance bods a whole lot more in future.
Let’s not hear law firms criticised for their attitude to compliance – if 500 COLPs and COFAs were prepared to come to a joyless airport hotel for a conference then you can’t fault their commitment.
‘Devolution of risk management’ was the biggest buzzword at the packed conference in a vast space with all the atmosphere of a Johnstone’s Paint Trophy first round tie.
What devolution means in practice is firms taking more responsibility for making sure that they are compliant. It’s the SRA buying them a blazer and sending them off to big school, with instructions not to bother them at work unless it’s absolutely necessary.
The issue is whether the parent (played by the SRA, please keep up) has given their offspring all the tools needed to survive out on their own. And if they come back from school having failed their test because they weren’t prepared, what right has the parent got to punish them?
Chief executive Antony Townsend told the conference that ‘the onus is now on individual firms to manage their own risks and to ensure they provide competent and ethical legal services to the clients they serve’.
Law firms will hardly object to the SRA easing the box-ticking burden, but is more responsibility really a worthy sacrifice for more freedom?
The best firms will work with their COLP and COFA to manage risks and spot problems before they become a bigger issue. But there will be firms less committed to the process that place a greater accountability on their compliance officer to dig them out of trouble.
Many I spoke to yesterday felt they were ill-equipped to take on more responsibility (although to be fair, the conference was designed to address this). If anything they wanted more guidance from the regulator about how to spot warning signs and how to deal with the isolation from and suspicion of colleagues wary of a whistle-blower in their ranks.
Ultimately many simply didn’t trust the SRA when it said that early contact wouldn’t automatically lead to an investigation.
One COFA told me the standard response to any SRA question should always be one word if possible, lest you give the regulator reasons to ask more.
Devolution of responsibility is a worthy goal, and at its best will protect clients and firms better than mindlessly following processes will ever manage.
But the trouble with focusing on principles and outcomes over prescriptive orders is when that onus falls too heavily on individuals. Compliance officers cannot be expected to take on all the responsibility themselves.
John Hyde is a Gazette reporter