COLP and COFA: Roles, Responsibilities, and Reporting

Every SRA-authorised firm in England and Wales must appoint a Compliance Officer for Legal Practice (COLP) and a Compliance Officer for Finance and Administration (COFA). These are not optional titles. The SRA must approve both appointments before they take effect, and both officers carry personal regulatory responsibility for their areas of oversight.

This guide explains how the two roles work in practice, what happens when things go wrong, and how to handle your annual reporting obligations. If you are setting up a new firm, being appointed as a COLP or COFA, or reviewing whether your current arrangements are adequate, this guide will help you understand the scope of the roles and the systems you need to support them.

What the COLP does

The COLP is responsible for ensuring that the firm, its managers, and its employees comply with the terms and conditions of the firm's authorisation and with the SRA's regulatory arrangements. In practice, this means the COLP:

Monitors compliance with the SRA Principles, the Code of Conduct for Firms, and the Code of Conduct for Solicitors
Maintains a breach register recording every failure to comply, however minor
Assesses whether each recorded breach is material (requiring prompt SRA reporting) or non-material (recorded internally and reviewed for patterns)
Reports material breaches to the SRA as soon as reasonably practicable
Oversees the firm's systems for conflict checking, supervision, complaints handling, and training
Reviews the breach register at least quarterly to identify trends and systemic risks

What the COFA does

The COFA is responsible for ensuring compliance with the SRA Accounts Rules 2019. This covers all handling of client money. In practice, the COFA:

Ensures client account reconciliations are completed at least every five weeks
Monitors that client money is kept separate from office money at all times
Maintains a breach register for all failures to comply with the Accounts Rules
Reports material breaches to the SRA promptly
Oversees the annual accountant's report process and liaises with the reporting accountant
Ensures residual balances are returned to clients or paid to charity promptly

COLP and COFA Roles and Requirements

Compliance Officer for Legal Practice (COLP) and Compliance Officer for Finance and Administration (COFA) requirements: appointment, eligibility, responsibilities, reporting obligations and record keeping under the SRA Standards and Regulations.

Every SRA-authorised firm must designate a Compliance Officer for Legal Practice (COLP) and a Compliance Officer for Finance and Administration (COFA). These roles were introduced by section 90 of the Legal Services Act 2007 for licensed bodies (alternative business structures) and extended by the SRA to all authorised firms through the SRA Authorisation of Individuals Regulations and the SRA Authorisation of Firms Rules. Both officers must be approved by the SRA before they can take up the role.

Who can be a COLP or COFA:

COLP eligibility: Must be a manager or employee of the firm. In most cases the COLP must be a lawyer (solicitor, REL, or barrister) or, in a licensed body, the Head of Legal Practice (HOLP). The COLP must have sufficient seniority and authority within the firm to fulfil the role effectively.
COFA eligibility: Must be a manager or employee of the firm. The COFA does not need to be a lawyer, but must be suitably experienced in financial management and compliance. In a licensed body, this role is the Head of Finance and Administration (HOFA). The COFA must be approved by the SRA.
COLP core responsibilities: Ensure the firm and its employees and managers comply with the SRA Standards and Regulations. Take all reasonable steps to ensure the firm's compliance with its regulatory obligations, including the terms and conditions of authorisation. Record all failures to comply and report material breaches to the SRA promptly.
COFA core responsibilities: Ensure the firm and its employees and managers comply with the SRA Accounts Rules 2019. Take all reasonable steps to ensure compliance with obligations relating to client money, including proper client account management, reconciliation, and financial reporting. Record all failures to comply and report material breaches to the SRA promptly.
Record keeping obligations: Both the COLP and COFA must maintain records of all failures to comply with the SRA Standards and Regulations (COLP) or the SRA Accounts Rules (COFA). These records must be available for inspection by the SRA at any time and must be maintained throughout the period of authorisation.
Reporting obligations: Material failures to comply must be reported to the SRA promptly by the COLP or COFA as appropriate. Annual compliance declarations must be submitted via mySRA as part of the firm's annual renewal process. Failure to report material breaches is itself a regulatory breach.
Change notifications: The firm must notify the SRA of any change of COLP or COFA, including resignation, replacement, or any event that affects the officer's ability to fulfil the role. The replacement must be approved by the SRA before taking up the role.

Practical implementation: The COLP should establish systems and controls for monitoring compliance across the firm, including regular file reviews, supervision arrangements, complaints handling procedures, and risk registers. The COFA should implement controls over client account operations including signatory arrangements, reconciliation timetables (at least every five weeks per the SRA Accounts Rules), and procedures for handling residual balances.

Sole practitioners: In a recognised sole practice, the sole practitioner is normally both the COLP and the COFA. They must still maintain compliance records and submit annual declarations to the SRA.

Consequences of non-compliance: Failure to maintain adequate compliance systems, to keep proper records, or to report material breaches can result in regulatory action against both the individual officers and the firm. This may include conditions on the firm's authorisation, a rebuke, a fine of up to GBP 25,000 (individuals) or referral to the Solicitors Disciplinary Tribunal. In serious cases, the SRA may intervene in the firm's practice under Schedule 1 of the Solicitors Act 1974.

Who can be appointed

The COLP must be a lawyer (solicitor, REL, or other authorised person) who is a manager or employee of the firm. The COFA must be a manager or employee but does not have to be legally qualified. Both must:

Be individuals of suitable seniority and experience to carry out the role effectively
Have access to all the firm's files, systems, and financial records
Be approved by the SRA before taking up the role (apply via mySRA)

In smaller firms, one person can hold both roles, but you should consider whether that person realistically has time and expertise for both. In sole practices, the sole practitioner is usually both COLP and COFA by default, but approval is still required.

Record keeping obligations

Both officers must maintain detailed records. The SRA does not prescribe a format, but your records should be clear enough for an external reviewer to understand what happened, when, and what action was taken. As a minimum, each breach register entry should include:

Date the breach was identified
Description of the breach and the relevant rule or standard
Whether it is categorised as material or non-material
Root cause analysis (what went wrong and why)
Remedial action taken
Date the breach was reported to the SRA (if material)
Outcome and any follow-up required

Keep these records for at least six years. They form the evidential basis for your annual declarations and for any SRA investigation.

SRA mandatory reporting obligations

Mandatory reporting obligations for solicitors and law firms to the Solicitors Regulation Authority, including duty to report serious misconduct, material changes, PII claims, financial difficulties, and COLP/COFA compliance reporting requirements.

Solicitors and SRA-regulated firms in England and Wales have mandatory reporting obligations under the SRA Standards and Regulations (effective 25 November 2019). Failure to report can itself constitute a serious regulatory breach leading to disciplinary action, fines of up to GBP 25,000 for individuals or referral to the Solicitors Disciplinary Tribunal.

Duty to report own serious breach (paragraph 7.7)

Under paragraph 7.7 of the SRA Code of Conduct for Solicitors, RELs and RFLs, you must promptly inform the SRA if you become aware that you have committed a serious breach of your regulatory obligations. There is no fixed time limit stated, but the SRA expects notification as soon as reasonably practicable once you become aware. You must also inform the SRA if your conduct has resulted in, or is likely to result in, a claim on professional indemnity insurance.

Duty to report others (paragraph 7.8)

Under paragraph 7.8 of the SRA Code of Conduct for Solicitors, you must promptly inform the SRA if you become aware of any serious breach by another solicitor or other person regulated by the SRA, or if you become aware of circumstances that raise a serious risk to clients, the public, or the reputation of the profession. This reporting duty applies regardless of your relationship to the person whose conduct you are reporting, and even if the information was obtained during your employment.

What constitutes a serious breach

The SRA has not provided an exhaustive definition of what amounts to a serious breach. However, its enforcement strategy and warning notices indicate that serious breaches include: dishonesty or lack of integrity; misuse of client money; discrimination or harassment; acting without authorisation; failing to maintain professional indemnity insurance; significant non-compliance with the SRA Accounts Rules; sexual misconduct; and conduct that undermines public confidence in the profession. The SRA applies a proportionality and risk-based assessment when considering reports.

Firm-level reporting (Code of Conduct for Firms)

Under the SRA Code of Conduct for Firms, authorised firms must ensure effective governance and compliance systems are in place. Paragraph 3.1 requires firms to have effective compliance arrangements, and paragraph 3.2 requires a Compliance Officer for Legal Practice (COLP) and a Compliance Officer for Finance and Administration (COFA). The COLP must report material failures in compliance to the SRA, and the COFA must report any failure to comply with the SRA Accounts Rules. Firms must cooperate fully with the SRA and other regulators under paragraph 7.3.

COLP and COFA reporting requirements

The COLP is responsible for taking all reasonable steps to ensure the firm complies with the terms of its authorisation, the SRA's regulatory arrangements, and legislation applicable to the firm. The COLP must maintain a record of non-compliance and report material breaches to the SRA promptly. Similarly, the COFA must ensure the firm complies with the SRA Accounts Rules and report any breaches. Both roles carry personal responsibility; failure to fulfil COLP or COFA duties can result in regulatory action against the individual as well as the firm.

Material changes to firm information

Firms must notify the SRA of material changes to information held about them, including changes to: the firm name or trading name; principal office address; COLP or COFA appointment; partners, members, directors, or managers; the nature of the firm's practice; the addition or removal of practising addresses. Notifications must be made through the mySRA portal promptly when changes occur.

Claims on professional indemnity insurance

Both individual solicitors (under paragraph 7.7 of the Code of Conduct for Solicitors) and firms must inform the SRA of any circumstances where their conduct has resulted in, or is likely to result in, a claim under their professional indemnity insurance. Additionally, firms must notify the SRA if they are unable to obtain PII or if their cover is not renewed. The SRA also requires notification if the insurer avoids or repudiates the policy.

Financial difficulties

Firms must report financial difficulties that could affect their ability to continue operating or to meet their regulatory obligations. This includes insolvency, inability to pay debts as they fall due, entry into administration or liquidation, or significant shortfalls on client account. The COFA has a specific duty to report any issues relating to the proper management and protection of client money.

Self-reporting obligations

Individual solicitors must also report matters affecting their character and suitability to hold a practising certificate. This includes criminal charges and convictions (including motoring offences resulting in a custodial sentence), bankruptcy or IVA, county court judgments, and disciplinary findings by other regulators or professional bodies. These are assessed under the SRA's Suitability Test (part of the SRA Assessment of Character and Suitability Rules).

Consequences of failure to report

Failure to comply with reporting obligations is itself a breach of the SRA Standards and Regulations. The SRA may take enforcement action including: imposing conditions on practising certificates; issuing a written rebuke; imposing a financial penalty of up to GBP 25,000 on individuals; referring the matter to the Solicitors Disciplinary Tribunal (which has unlimited fining powers and can strike a solicitor off the Roll); or in the most serious cases, intervening into a firm. The SRA's enforcement strategy states that failure to self-report or to cooperate with SRA investigations will be treated as an aggravating factor.

Duty to report own serious breach: Immediate notification to SRA required under Code of Conduct for Solicitors paragraph 7.7
Duty to report others' serious breach: Immediate notification to SRA required under Code of Conduct for Solicitors paragraph 7.8
COLP reporting duty: Must record and report material failures in compliance to SRA promptly
COFA reporting duty: Must report any failure to comply with SRA Accounts Rules to SRA promptly
Material changes notification: Firm name, address, COLP/COFA, partners/directors, practice addresses — via mySRA portal
PII claims notification: Must inform SRA of any conduct resulting in, or likely to result in, a PII claim
Financial difficulties notification: Must report insolvency, inability to pay debts, administration, client account shortfalls
Self-reporting (character and suitability): Criminal charges/convictions, bankruptcy, IVA, CCJs, other regulatory findings
Maximum SRA fine (individuals): GBP 25,000 (Solicitors Act 1974, section 44B)
Maximum SRA fine (firms/licensed bodies): GBP 250 million (Legal Services Act 2007, section 95)
SDT fining power: Unlimited (since Legal Services Act 2007)
Aggravating factor: Failure to self-report or cooperate treated as aggravating factor in enforcement decisions

Annual reporting to the SRA

Each year, as part of the firm's renewal, the COLP and COFA must submit annual declarations via mySRA. These declarations confirm whether there have been any material compliance failures during the year. The SRA uses these declarations as a risk indicator. If you declare a material breach, expect the SRA to make further enquiries.

Prepare for the annual declaration by:

Reviewing the breach registers in full before the declaration deadline
Discussing any borderline breaches with the firm's management to agree the correct categorisation
Confirming that all material breaches reported during the year have been resolved or are being actively managed
Ensuring the firm's compliance and risk records are up to date

Managing non-compliance within your firm

When a breach occurs, the compliance officer's role is to record, assess, and manage the response. The following approach helps maintain a proportionate and defensible process:

Investigate promptly: Establish the facts before deciding on categorisation. Speak to the individuals involved and review the relevant files.
Categorise honestly: The temptation to classify everything as "non-material" is risky. If the SRA later discovers an unreported material breach, the consequences for the compliance officer are significantly worse than if it had been reported promptly.
Take remedial action: Fix the immediate problem, then address the systemic cause. If the breach arose because a system failed, update the system. If it arose because of individual conduct, address it through supervision or disciplinary procedures.
Report when required: Material breaches must be reported to the SRA as soon as reasonably practicable. There is no fixed deadline, but days rather than weeks is the SRA's expectation.

Escalation procedures

Not every issue can be resolved at the compliance officer level. You should have a clear escalation path:

Routine matters: The compliance officer records the breach and manages the response within their authority
Significant matters: Escalate to the managing partner or management board before reporting to the SRA
Matters involving the compliance officer themselves: Escalate to the senior partner or another designated person. The firm must have a plan for this scenario.
Matters involving the firm's viability: If a breach threatens the firm's authorisation or solvency, involve all managers immediately and take independent legal advice if needed

SRA Code of Conduct for Firms

Key obligations under the SRA Code of Conduct for Firms. Covers compliance and business systems, COLP and COFA roles, governance and management, cooperation with regulators, information and reporting requirements.

The SRA Code of Conduct for Firms sets out the standards and business controls expected of all SRA-authorised firms, including recognised sole practices, recognised bodies, and licensed bodies (alternative business structures). It came into effect on 25 November 2019. The Code places obligations on the firm itself as an entity, as well as on its managers and compliance officers.

The Code is organised into the following areas:

Compliance and business systems (paragraphs 2.1-2.5): Firms must have effective governance structures, systems and controls to ensure compliance with SRA regulatory requirements. Firms must identify, monitor and manage all material risks, including those to clients and the business.
COLP and COFA appointment (paragraph 9.1): All authorised firms must appoint a Compliance Officer for Legal Practice (COLP) and a Compliance Officer for Finance and Administration (COFA). These roles must be held by a manager or employee of the firm who is approved by the SRA.
Managers' responsibilities (paragraphs 2.1-2.3): Managers of the firm (partners, members, directors) are responsible for ensuring the firm complies with the Code. They must actively engage with compliance and ensure adequate supervision and training of all staff.
Service to clients (paragraphs 3.1-3.6): Firms must ensure that their clients receive a proper standard of service, including competent handling of matters, keeping clients informed of progress, timely responses, and a written complaints procedure.
Client money and assets (paragraphs 4.1-4.3): Firms must comply with the SRA Accounts Rules 2019 when holding client money. They must ensure client money is kept separate in client accounts, proper accounting records are maintained, and accountant's reports are delivered when required.
Conflicts of interest (paragraphs 6.1-6.5): Firms must have effective systems for identifying and managing conflicts of interest, including own interest conflicts and conflicts between current clients. Where a conflict cannot be managed, the firm must decline to act for one or more of the affected clients.
Cooperation and information (paragraphs 7.1-7.9): Firms must cooperate with the SRA and other regulators, respond promptly to requests for information, and report material changes (such as changes to management, financial difficulties, or potential claims on PII). The firm must not attempt to prevent any person from reporting matters to the SRA.
Financial stability and insurance (paragraph 5.1): Firms must maintain appropriate professional indemnity insurance in accordance with the SRA Indemnity Insurance Rules and ensure they can meet financial commitments as they fall due.

Price transparency: Since December 2018 (expanded subsequently), firms must publish pricing information for specified legal services on their website. These include residential conveyancing, probate, motoring offences, immigration (certain applications), employment tribunal claims, licensing applications for business premises, and debt recovery up to GBP 100,000. Pricing must include total costs, the basis of charges, any disbursements, VAT, and whether any conditional or damages-based fee arrangements are available.

Diversity data reporting: Firms with 10 or more partners or equivalent are expected to collect and report workforce diversity data to the SRA every two years. This covers characteristics including age, disability, ethnicity, religion, sex, sexual orientation, gender identity, socio-economic background, and caring responsibilities.

Enforcement: Breach of the firm Code may result in regulatory action including conditions on the firm's authorisation, a written rebuke, a financial penalty of up to GBP 25,000 imposed by the SRA, or referral to the Solicitors Disciplinary Tribunal. For licensed bodies (ABS), the SRA may impose financial penalties of up to GBP 250 million under section 95 of the Legal Services Act 2007.

How this connects to your wider compliance framework

The COLP and COFA roles do not operate in isolation. They sit at the centre of your firm's compliance framework and connect to:

Risk management: The breach registers feed into the firm's overall risk register. Patterns in breaches may indicate systemic weaknesses in training, supervision, or systems.
Professional indemnity insurance: Your insurer may ask about compliance failures at renewal. Accurate breach records help you provide truthful and complete disclosure.
Regulatory inspections: If the SRA conducts a desk-based review or a visit, the compliance officer's records will be the first thing they examine.
Succession planning: If a COLP or COFA leaves or becomes incapacitated, you must apply to the SRA to approve a replacement promptly. Have a deputy arrangement in place.

Penalty:

A COLP or COFA who fails to report a material breach, or who records breaches dishonestly, faces personal regulatory action from the SRA. This can include conditions on their practising certificate, a fine, suspension, or referral to the Solicitors Disciplinary Tribunal. The SRA has made clear that it expects compliance officers to act with integrity even when that means reporting failings within their own firm.

Official guidance and legislation

SRA Guidance for Solicitors
SRA practical guidance including compliance officer expectations and responsibilities
sra.org.uk
SRA Authorisation of Firms Rules 2019
Rules covering firm authorisation, including compliance officer requirements
sra.org.uk
SRA Accounts Rules 2019
Rules for handling client money that the COFA must oversee
sra.org.uk
Legal Services Act 2007
Primary legislation establishing compliance officer requirements for licensed bodies
legislation.gov.uk
mySRA portal
Portal for compliance officer approval applications and annual declarations
sra.org.uk

UNDER CONSTRUCTION

Guvnor

COLP and COFA: Roles, Responsibilities, and Reporting

What the COLP does

What the COFA does

Who can be appointed

Record keeping obligations

Annual reporting to the SRA

Managing non-compliance within your firm

Escalation procedures

How this connects to your wider compliance framework

Compliance Assistant

🚧 UNDER CONSTRUCTION

What the COLP does

What the COFA does

Who can be appointed

Record keeping obligations

Annual reporting to the SRA

Managing non-compliance within your firm

Escalation procedures

How this connects to your wider compliance framework

Related guides in this sector

UNDER CONSTRUCTION