From 1 January 2013, all firms (including ABS's) must have
an approved COLP in place, ready to assume responsibility for
compliance with their firm's regulatory and statutory
obligations. Legal practices are already supposed to be complying
with many of the regulatory requirements contained in the new
Handbook and it is the COLP who will be directly responsible should
the SRA come calling after 1 January.
A quick reminder of the COLP's duties. Under Rule 8 of the
SRA Authorisation Rules, the COLP must take reasonable steps to
ensure that their firm complies with all terms and conditions of
its authorisation (except any obligations imposed under the SRA
Accounts Rules); with all relevant statutory obligations; record
any failure to comply and make such records available to the SRA.
The COLP must also report any failures to comply to the SRA. The
questions of "what" and "when" to report are
beyond the scope of this article but reporting is a potentially
thorny issue for the COLP, who must make the final decision over
reporting. Such decisions are best documented in case of future
questioning by a regulator.
As COLPs must assume their responsibilities from 1 January, the
time between now and then should be used to plan more than just
Christmas celebrations as it is not too late to take effective
steps towards ensuring compliance. Taking some rudimentary steps
now will put all COLPs in good stead to assess their obligations
come 1 January and that is as good place to start.
Just as each firm is different, some firms will have in place
more mature systems for compliance than others. Some may not have
any. What is needed to be done to ensure the Rule 8 requirements
are met will therefore vary from firm to firm and there may be a
lot to do. But, there are a few universal steps that all COLPs can
be thinking about prior to 1 January. These are, in no particular
order, as follows.
Prepare a risk register, which documents the risks
facing the firm and assesses the impact on clients and the
firm of those risks;
Use the risk register to spot any gaps in the firm's
existing policies and procedures and make the necessary
Introduce a system for prompt internal reporting to the COLP of
breaches of the Handbook;
Collate and maintain a database of breaches of the
Decide who will carry out internal "spot" audits of
client files and put in place a system of grading compliance and
risk awareness, looking for indicators of good risk awareness such
as documenting important decisions, and the prompt use of the
firm's approved letters of engagement and terms of business;
Introduce and monitor a system to ensure that regulatory
deadlines are not missed and, in particular, that there are robust
processes in place for fulfilling undertakings, conflict checks,
business continuity planning, taking on new staff/contractors,
outsourcing and obtaining regulatory approval for key
The aim for any new COLP should be to create and/or nourish a
firm-wide culture of compliance. This is achieved by means of
effective reporting to the COLP (and on to the SRA), the monitoring
of internal structures and how risk is managed, ongoing training
and internal support and, above all, sharing out the responsibility
for the management of risk within each firm. Making a start now,
not from 1 January, will help. Good luck.
The content of this article is intended to provide a general
guide to the subject matter. Specialist advice should be sought
about your specific circumstances.
Specific Questions relating to this article should be addressed directly to the author.