The Solicitors Regulation Authority (SRA)’s first thematic review of compliance officer roles (COLPs and COFAs) published on 11/12/25, highlights risks affecting firms’ compliance effectiveness.
The review covered only 25 firms (out of 9,000), so findings may not fully represent the profession, but general themes and challenges emerged, which anyone who has ever worked in a law firm, particularly in a compliance role, is likely to be able to relate to.
Key issues for compliance officers
- Time constraints, particularly where juggling other roles, with compliance officers spending only 26% (on average) of their time on compliance-related tasks, impacting their ability to fulfil their responsibilities.
- Lack of support from the rest of the firm and management, with compliance wrongly being seen as the sole responsibility of compliance officers, increasing stress and exposing firms to risk if they are unavailable or leave. (Don’t forget that everyone in the firm is personally accountable for compliance with regulatory requirements).
- Insufficient resources/ prioritisation of role-specific training and continuing competence.
- Lack of recognition: Feeling unacknowledged and undervalued by the firm.
Notable findings
- COLP and COFA roles are generally split between individuals (an acknowledgement that both roles are too much for one person/ require different skill sets?), requiring strong communication.
- Compliance officers stay in role for years (seemingly due to lack of volunteers, not enthusiasm for the role!).
- Few compliance officers received acknowledgement or financial incentives, and succession planning was largely lacking.
- 75% of compliance officers were also firm owners, raising independence concerns (how easy is it to police your own compliance when your business is at stake?) (See the SRA’s Consumer Protection Review section below for further SRA thoughts on how to address this issue).
- Many COLPs couldn’t list their 5 role-obligations (paragraph 9.1, Code of Conduct for Firms). In better news, most COFAs could list their 3 role-obligations (paragraph 9.2).
- Record keeping (required by paragraph 2.2) was generally poor.
- Systems, controls and processes (required by paragraph 2.1) looked better, with most firms having a formal office manual and internal compliance policy, and file review systems in place to monitor compliance, but breach documentation (including the rationale for remedial action and/ or decision not to report to the SRA) was weak. Expect further SRA scrutiny.
- Engagement with SRA resources and role-specific training weren’t great.
Recommendations for firms and compliance officers in light of the review
- Value compliance roles to boost morale, well-being and your compliance culture. Investing in effective compliance systems improves efficiency, strengthens a firm’s reputation, and ensures clients receive consistent and high-quality services (not to mention it keeps the SRA off your back!).
- Educate staff that compliance is a firm-wide responsibility. The SRA Standards & Regulations don’t only apply to compliance officers!
- Appoint deputies to ease the burden and provide cover for absences
- Succession planning is key (especially as the SRA is currently taking up to 3 months to approve applications).
- Understand your reporting and notification obligations and make use of SRA resources (see resources section of the Thematic Review), including their annual conference, webinars, YouTube channel and the Professional Ethics Team.
- Keep detailed records of breaches, associated decision making and rationale for remedial action and use these records to identify risks, learn from mistakes, and provide evidence of decisions not to report externally to the SRA.
- Keep records of your learning & development, including (vitally) role-specific training.
- Explore tech solutions for compliance management (help to avoid drowning in spreadsheets!).
- Conduct regular file reviews and spot checks to detect issues early on/ prevent bad habits forming, and regularly audit policies and procedures (either internally or using an external auditor).
The SRA plan to undertake a more fundamental review of the effectiveness of the compliance officer regime in the longer term…yet another review, but will anything change for compliance officers?