COFA responsibilities – the processes every firm should have in place

Published by Max Masters on 27 July 2021

Share this article

The role of the COFA (Compliance Office for Finance and Administration) is most certainly a challenging one for firms of any size. The larger firms may not dedicate sufficient overheads to implementing appropriate systems and procedures, but those that do certainly see the benefits of this.

Many in small and medium size firms experience difficulty in dedicating sufficient time to this role when juggling their many other responsibilities, whether that be looking after clients, credit control, AML or dozens of other things.

Irrespective of size, it is a very important role and the time needs to be taken to understand the key requirements. If you can do the next three things it would clearly demonstrate a robustness of your systems, as well as being a learning curve to help tweak and develop your processes.

Implement formal written policies and procedures

Consequentially, it became more important for these firms to document their systems and procedures in order to evidence that the SRA Rules have been considered and to legitimise their approach. In our experience, some firms were quick to finalise these written policies and are able to demonstrate that these are adhered to, but there are still a large number of firms where this documentation is yet to be drafted.

For any firms that have not implemented these formal written policies yet, we would strongly recommend that you do so at the earliest opportunity, particularly in relation to the following:

  • Electronic payments
  • Receipt and payment of cash
  • Three-way reconciliations
  • Dealing with client’s own accounts
  • Transfer of costs
  • Process on completion of the matter

These policies would demonstrate that the firm has robust systems in place and, therefore, a good understanding of the Accounts Rules. This would greatly assist in ensuring the safety and security of client funds!

COFA register of breaches

It is not sufficient to just have the formal documentation in place, it needs to be regularly monitored to ensure that the policies are complied with across the firm; this is where the COFA register of breaches becomes useful.

Many specialist solicitor softwares are able to produce a register of breaches but we rarely see these being used appropriately. The most useful of these registers are maintained separately – often on excel. As well as including the details of the breach (eg date, matter reference, description), they will often include the following:

  • Weakness identified
  • Remedial action taken – we would suggest that recommendations are made on how similar breaches can be prevented in the future
  • Part of a pattern of recurring breaches?

These breaches should also be reviewed to consider whether, heaven forbid, the firm should self-report to the SRA.

Maintaining the register in a timely manner is a great practice to have in place, but that in itself is meaningless if subsequent steps aren’t taken to address the issues and weaknesses. The register should be reviewed frequently, alongside the notes of systems and procedures in order to determine whether some further training might be required, if there is a weakness in the systems that needs to be addressed or even if the systems and procedures are inappropriate for your firm so need to be amended.

A further step which would demonstrate good corporate governance would be for the COFA to regularly report the findings of the COFA register to the management board of the firm. This would ensure that all relevant parties are aware of the issues and can make informed decisions.

Internal checks

The firm does not have to wait for the Reporting Accountants or the SRA to visit in order to determine whether systems and procedures are adhered to appropriately. COFAs should be undertaking their own internal checks throughout the year.

File reviews can be undertaken to assess adherence to the processes listed above in the written policies. Naturally, this won’t work if the written policies aren’t in place!

Evidencing that this work is undertaken will demonstrate to your Reporting Accountant that you take the protection of client money seriously. Given that Reporting Accountants are allowed to plan based on ‘professional judgement’ many, like ourselves, will take this into account when planning. As a result, they may determine that there is a lower risk. Lower risk may mean less work and lower fees!

In summary, we appreciate that the majority of COFA’s are juggling a lot of roles, so feel free to seek support from other members of your team to undertake these checks – just ensure that they are all aware of the intricacies of the Accounts Rules and that this process is overseen and reviewed by the COFA.

The written policies and procedures as well as a robust COFA register of breaches are two of the fundamental responsibilities of the COFA. Therefore, it is really important that these are implemented as soon as possible, if they are not already.  Please seek assistance from your Reporting Accountant if there is anything you are unsure about or if you are struggling to dedicate the time to implement these.

If you would like to discuss your business’s COFA responsibilities, then please get in touch with us.

Share this article

Email Max

    • yes I have read the privacy notice and am happy for Kreston Reeves to use my information

    View teamSubscribe

    Subscribe to our newsletters

    Our complimentary newsletters and event invitations are designed to provide you with regular updates, insight and guidance.

      • Business, finance and tax issuesPersonal finance, tax, legal and wealth management issuesInternational business issuesCharity and not-for-profit issues

      • Academies and educationAgricultureFinancial servicesLife sciencesManufacturingProfessional practicesProperty and constructionTechnology

      • yes I agree I have read and accept the privacy policy and am happy for Kreston Reeves email communications I have selected above

      You can unsubscribe from our email communications at any time by emailing [email protected] or by clicking the 'unsubscribe' link found on all our email newsletters and event invitations.