What the COFA Is, and Why Every Firm Must Have One

Every law firm regulated by the Solicitors Regulation Authority (SRA) in England and Wales must appoint a Compliance Officer for Finance and Administration (COFA). This is mandatory under the SRA Authorisation of Firms Rules and applies to every structure: sole practitioners, traditional partnerships, LLPs, and Alternative Business Structures (ABSs). A firm cannot be authorised, or remain authorised, without a named COFA.

The COFA is the individual personally accountable for the firm's compliance with the SRA Accounts Rules and the safe handling of client money. The role sits alongside the COLP (Compliance Officer for Legal Practice), who owns the wider regulatory picture. This guide goes deep on the COFA's finance and accounts duties specifically. If you want a side-by-side comparison of the two roles, read our COLP and COFA roles explained guide, which covers the appointment and conduct side at an overview level. Here we stay on the finance brief.

The distinction matters because the COFA carries a defined, evidence-based set of obligations: client money safeguarding, the five-weekly reconciliation, the annual accountant's report, breach reporting, and record-keeping. The SRA can and does take action against COFAs personally when those obligations are not met. Understanding the full scope is the difference between a defensible compliance position and an exposed one.

The Statutory and Regulatory Basis for the Role

The COFA is a required compliance officer for every SRA-regulated firm. The appointment requirement sits in the SRA Authorisation of Firms Rules; the substantive rulebook the COFA must enforce is the SRA Accounts Rules 2019, in force from 25 November 2019 and made under the Legal Services Act 2007 and the Solicitors Act 1974.

The COFA must be a manager of the firm (a partner, member, or director) or an employee with sufficient seniority and authority to discharge the role. The SRA expects the COFA to have a genuine working knowledge of the Accounts Rules, the firm's accounting systems, and the risks that attach to holding client money. A nominal appointment, where the named COFA has no real oversight of the client account, is itself a compliance weakness.

The duties draw on a small number of core rules. It is worth knowing them by number, because the SRA frames its expectations and its enforcement around them:

  • Rule 2: the definition of client money (what the firm must protect).
  • Rule 3 and Rule 3.3: the client account, and the prohibition on using it to provide banking facilities.
  • Rule 7: accounting to the client for a fair sum of interest.
  • Rule 8.3: the five-weekly reconciliation, signed off by the COFA or a manager.
  • Rule 12: the accountant's report (and the Rule 12.2 exemption).

Alongside the Accounts Rules, the COFA operates within the SRA Principles and the SRA Code of Conduct for Firms, which require effective systems and controls and the supervision of compliance. The role is regulatory, not a tax function; client money is never the firm's income, and the COFA's job is to keep it protected, accounted for, and unmixed with the firm's own money.

The COFA's Core Duties, Rule by Rule

1. Safeguarding client money and keeping it separate

This is the heart of the role. Client money (Rule 2) is money the firm holds or receives relating to regulated services, on behalf of a third party, as trustee or office-holder, or for fees and unpaid disbursements held before a bill is delivered. It must be held in a separate client account at a bank or building society branch in England and Wales, named to include the firm's name and the word "client", and kept strictly apart from the firm's own (office) money. The COFA is responsible for ensuring the systems that keep that separation intact actually work in practice.

The COFA must also enforce the Rule 3.3 banking-facility prohibition: the client account must not be used to provide banking facilities to clients or third parties. Every payment in, transfer, or withdrawal has to relate to the delivery of regulated services. A request to "park" funds in the client account, or to route a payment that has nothing to do with a legal matter, is a breach the COFA must refuse and, if it has happened, report. The client account must never go overdrawn: a debit balance on any client ledger means client money has been used that was not there, which is one of the most serious breaches the rules recognise. For the line between the two accounts, our guide on office account vs client account differences sets out the practical handling, and what counts as client money covers the Rule 2 boundary cases.

2. The five-weekly reconciliation (Rule 8.3)

Rule 8.3 requires the firm to reconcile its client accounts at least every five weeks. A reconciliation compares three figures that must agree: the bank statement balance, the firm's cash book balance, and the total of the individual client ledger balances. The reconciliation record must be signed off by the COFA or a manager, and that sign-off is the COFA's personal evidence that the client account was in order on that date.

Five weeks is a maximum, not a target. Running reconciliations monthly is safer, because it stops small discrepancies (an unallocated receipt, a posting error, a residual balance on a closed matter) from compounding between checks. The COFA's job is not only to sign the reconciliation but to investigate every difference it surfaces: an unidentified credit, a stale balance on a concluded file, or a ledger that will not balance are all things the COFA must chase down rather than carry forward. For the detail on timing and what a sound reconciliation looks like, see our guide on SRA client account reconciliation frequency.

3. Interest on client money (Rule 7)

Under Rule 7 the firm must account to the client or third party for a fair sum of interest on client money it holds. Fairness is judged on the amount held and the length of time it was held, and the firm may agree a different basis in writing with the client. The COFA's task is to ensure the firm has a clear, written interest policy, that it is applied consistently across matters, and that the de minimis threshold below which interest is not paid is set sensibly and documented. An absent or inconsistent interest policy is a frequent source of client complaints and SRA scrutiny. Our guide on handling client money interest under the SRA rules covers how to build and apply that policy.

4. The annual accountant's report and its exemption (Rule 12)

A firm that has held or received client money at any point during an accounting period must obtain an accountant's report for that period within six months of the period end (Rule 12). The COFA is responsible for instructing an independent reporting accountant (a firm registered with a recognised supervisory body such as the ICAEW or ACCA) and for keeping the firm's records in a state the accountant can audit and form an opinion on.

A firm is exempt from obtaining a report (Rule 12.2) only if, across the accounting period, all the client money it held was on an account whose balance did not exceed an average of £10,000 and a maximum of £250,000, or if all the client money held or received was money from the Legal Aid Agency. This is the exemption test that is most often stated incorrectly: it is an average of £10,000 and a maximum of £250,000, not any £250 figure. If your firm is near either limit, the COFA should track the averages and peaks across the year rather than assume the exemption applies.

A clean report is retained on the firm's file, not sent to the SRA. A report that is qualified to show non-compliance that places client money at risk must be delivered to the SRA within the six-month window. The COFA decides, with the accountant, whether the qualification crosses that threshold, and arranges delivery if it does. For the thresholds in detail, see the SRA accountant's report exemption thresholds and when an SRA accountant's report is required.

5. Reporting serious breaches to the SRA

The COFA must report serious breaches of the Accounts Rules to the SRA. A breach is serious where it puts client money at risk, where it reveals a systemic failure in the firm's controls, or where a run of individually minor breaches forms a pattern that points to a deeper problem. The report should be prompt and in writing, and should set out the nature of the breach, the clients and amounts affected, the steps taken to put it right and when client money was made good, and the controls changed to stop it happening again. Failing to report a serious breach can itself be a regulatory offence, so the COFA's judgment on materiality is a duty in its own right. Our guide on SRA breach notification, when and how walks through the materiality assessment and the reporting mechanics.

The Systems and Records a COFA Must Keep

The COFA is not judged on whether a breach ever happens. They are judged on whether they had a working system of oversight and acted on what it told them. In practice that means evidence, and the evidence sits in a small set of records the COFA must maintain and be able to produce on demand:

  • The reconciliation record. A signed five-weekly (or better, monthly) reconciliation, with the bank statement, cash book, and client ledger totals reconciled and any differences explained and cleared.
  • The breach register. Every breach logged, however small, with the date, the amount and clients affected, the remedy, and whether it was reported to the SRA. The register is the single most useful document a COFA can show: it demonstrates the firm sees its issues and fixes them.
  • The interest policy. A written, dated policy on when and how interest is paid to clients, applied consistently.
  • The accounting records. Client and office ledgers, kept separate, with records retained for at least six years after the matter concludes.
  • The accountant's report file. The instructions to the reporting accountant, the report itself, and a note of any qualification and how it was handled.

These records are also the COFA's personal protection. If the SRA ever investigates, a maintained breach register and a run of signed reconciliations are the difference between a COFA who can show reasonable steps and one who cannot. Our guide on common SRA Accounts Rules breaches and how to fix them sets out the issues these records most often catch.

Personal Accountability: What Is on the COFA Personally

The COFA is named to the SRA as an individual, and the SRA can take action against that individual directly, separately from any action against the firm. The outcomes range from a written rebuke or a fine, through conditions on a practising certificate, to referral to the Solicitors Disciplinary Tribunal in serious cases. The firm being sanctioned does not shield the COFA, and the COFA being sanctioned does not shield the firm; both can face consequences for the same failure.

The SRA's approach is outcomes-focused. It asks whether the COFA took reasonable steps: did they have adequate systems, did they run the reconciliations, did they keep a breach register, and did they act promptly when something went wrong. A COFA who can evidence all of that is in a strong position even if a breach occurred, because the rules accept that no system is perfect. A COFA who has signed nothing, logged nothing, and noticed nothing is exposed precisely because they cannot show they were doing the job. This is why the role cannot be nominal: the title carries the liability, so the title-holder must do the work.

The accountability is heightened in the smallest firms, where the sole practitioner is usually both COLP and COFA and there is no one to share the load. The duties do not shrink with the firm; they concentrate. A sole practitioner COFA still owns the five-weekly reconciliation, the separation of client and office money, the breach register, the interest policy, and the accountant's report.

Free interactive tool

Free SRA compliance and client account accounting tool

Check your SRA client account reserve

Our interactive tool is built for a larger screen. Tell us your firm's numbers and a specialist solicitors' accountant will send your figure and the sensible next step, with no obligation.

Want this checked against your firm's specific situation?

Leave your details and a one-line summary. A specialist solicitor accountant will reply within one working day, with no obligation.

Practical Steps to Discharge the Role Well

The COFA role rewards a steady routine far more than occasional heroics. The following habits keep a firm compliant and keep the COFA defensible:

  • Run reconciliations monthly, not every five weeks. The rule sets a maximum; the safer cadence is shorter, so errors are caught while they are small.
  • Investigate every difference. A reconciliation that "nearly" balances is not balanced. Chase unidentified credits and stale residual balances to zero.
  • Log every breach. Use the breach register for everything, including the trivial. The register is your evidence of oversight, and the pattern it reveals is what tells you whether to report.
  • Hold a clear, written interest policy. Apply it consistently and review it when interest rates move materially.
  • Prepare for the accountant's report before the accountant arrives. Reconcile, clear residuals, and document any breach and its remedy in advance, so the report is clean.
  • Train fee-earners and cashiers. Most Accounts Rules breaches start at the fee-earner's desk. Annual refresher training on client money is good practice and reduces the COFA's workload.
  • Escalate early. If something looks wrong and you are not sure, raise it with management and take advice. Sitting on a possible breach is worse than reporting one that turns out to be minor.

You can use our SRA client account reserve calculator to sense-check your client money position against the rules, and a specialist solicitor-sector accountant can review your systems before the annual report. Our COFA compliance support service offers reconciliation review, breach-register health checks, and accountant's-report preparation, and our solicitor accountants team works exclusively with law firms.

Common Pitfalls the COFA Should Watch For

The breaches that most often land on a COFA's desk are predictable, which means they are preventable:

  • Late or skipped reconciliations. Treating five weeks as a target rather than a backstop lets small errors accumulate.
  • Mixed money. Holding office money in the client account, or vice versa, is a fundamental breach. So is leaving fees in the client account after the bill is delivered.
  • Banking-facility requests. Routing a payment through the client account that does not relate to a legal matter breaches Rule 3.3, even when the client asks for it.
  • Residual balances. Small leftover client balances on concluded matters that are never returned or dealt with become a compliance and reporting issue over time.
  • Assuming the report exemption applies. Firms near the thresholds sometimes assume they are exempt without tracking the average and maximum balances across the year, then find they needed a report.
  • An interest policy in name only. A policy that is written but not applied consistently invites complaints and scrutiny.

When to Bring in External Support

No COFA is expected to resolve every complex transaction or marginal judgment alone. Where a particular receipt is hard to characterise, where a reconciliation will not clear, or where you are weighing whether a breach is serious enough to report, taking advice from a solicitor-sector accountant or a compliance consultant is the prudent course. External support is most valuable before the annual accountant's report, when a specialist review can surface and fix issues while there is still time, and at the point a possible serious breach arises, when an experienced second view on materiality protects both the firm and the COFA personally.

Conclusion

The COFA owns the firm's financial compliance: client money safeguarding, the five-weekly reconciliation under Rule 8.3, the interest obligation under Rule 7, the accountant's report under Rule 12, and the duty to report serious breaches. The role carries real personal accountability, but that accountability is manageable through a small set of disciplined habits, a maintained breach register, and a run of signed reconciliations that evidence genuine oversight.

If you hold the COFA role, or you are about to take it on, the safest position is the one you can prove: systems that work, records you keep, and prompt action when something goes wrong. For the wider regulatory context that sits alongside the finance duties, see our COLP and COFA roles explained guide. If you would like a specialist to review your firm's client money systems before your next accountant's report, speak to a legal-sector accountant. Every firm is different, and tailored advice is always the safest route.

The SRA client account toolkit

A working reconciliation and reserve model with live formulas, plus a plain-English guide to the SRA Accounts Rules. Enter your email to unlock both.

Instant access on this page. We will only use your email to send you the odd genuinely useful update, and you can opt out any time.