Contents
How to build operational resilience for long term gains
Managing risk and safeguarding financial stability are key challenges for modern law firms. At the heart of this responsibility lies the role of the COFA, which has grown from regulatory necessity into a driver of operational resilience and cultural change.
To explore how COFAs can strengthen their firm’s resilience and build a robust risk management culture, Osprey Approach has drawn on insights and lessons learned from compliance and legal experts who have joined its Empowering Law Firm Leaders podcast and Build Better Habits webinar series.
The COFA Role: driving compliance culture
By embedding compliance into everyday practice, COFAs help firms build resilience that protects both clients and the business.
Kate Burt, founder of compliance consultancy HiveRisk, highlights the importance of a values-led approach: “Have a set of principles that say we are going to build compliance into the engine of everything we do.” Her message reframes compliance not as a tick-box exercise but as a firm-wide mindset.
Kate also stresses the value of principles and perspective. “Look at the customer experience and put yourself into the customer’s shoes. What does the client really need to know? And then what’s the small print?”
By treating compliance as part of the client experience, firms avoid a tick-box mentality and create a culture where resilience is embedded, not bolted on.
Building better compliance habits
Resilient firms treat compliance as a habit, not an afterthought. Eloise Butterworth, compliance manager at Lester Aldridge, highlights the importance of balancing regulation with service: “You need to make them feel special in this process. They’re paying you for a service, and they want that service to be of a good standard.
“The number one key here is adequately resourcing your firm.”
David Rawson, Head of Product at InfoTrack UK, agrees, and emphasises that design and process are key, recommending to “ensure compliance almost by design.”
By focusing on repeatable behaviours and consistent systems, firms reduce risk and strengthen resilience across their operations.
How to benefit from the shifting PII landscape
Resilience also matters in the professional indemnity insurance (PII) market. The latest Howden Solicitors Market Report (July 2025) revealed easing premium rates, with averages falling from 4.6% to 4.25% of turnover. Even smaller firms – traditionally seen as higher risk – benefited, with reductions of around 7%.
This softening of the market is attributed to increased insurer appetite and the introduction of new providers, but firms still need to present themselves as low-risk prospects. A robust approach to client money management, clear reporting, and strong compliance systems are key differentiators in negotiations with insurers.
Kate believes that insurers increasingly value evidence of strong governance: “Reflect on your own practice and say, ‘What can we put right?’” Firms with transparent reporting and a proactive approach to risk management position themselves as low-risk prospects, strengthening their hand at renewal.
Make your data valuable – and use it
Operational resilience depends on timely, transparent data. Real-time visibility of client and office accounts allows COFAs to identify potential breaches, unreconciled balances, or unusual transactions before they escalate.
David highlights the role of automation in managing risk: “Make that which can be automated, automatic. Make that which needs to have specific thought flagged in the right way.”
Graham Moore, managing director at Katchr, emphasises that firms often fail to use their full data potential: “Most are just scraping the surface. Data-driven decision-making is always going to be more effective than relying on hunches.”
But he cautions that even with the right tools, progress is impossible without confidence in the numbers. “Our experience is the vast majority of law firms just don’t trust the quality of their data. If they don’t trust the data, they’re never going to trust the outcomes. Quite rightly – garbage in, garbage out.”
Embedding management information into routine practice strengthens control; by running monthly reconciliations, exception reports, and dashboards, compliance shifts from a position of reactive checks to one of continuous oversight.
Embedding resilience for the future
As the regulatory and insurance environments evolve, the COFA’s role will remain central to how firms build strength and stability. Compliance is no longer a back-office function: it is the foundation of operational resilience and long-term success.
By aligning people, processes, and systems, COFAs can embed a culture of resilience that not only reduces risk but also strengthens competitive advantage. The COFA of today is not simply a guardian of compliance but a driver of resilience, steering firms through uncertainty with confidence and clarity.
Related Articles
How modern law firms can mitigate risk and stay compliant with legal tech
For the final episode of series 2 of Build Better Habits, our expert panel shared their practical advice on how to mitigate risk and stay compliant with legal tech.
Find Out More
How legal tech can help solicitors stay compliant with SRA Accounts Rules
Advice and guidance from legal accounting expert Alex Simons, from The Law Factory, on how your legal tech can assist in meeting the requirements of the SRA Accounts Rules.
Find Out More
How to be CQS Compliant part 3: The 10 common compliance pitfalls most SME law firms face and how to overcome them
This guide covers the common compliance pitfalls SME law firms typically face when staying CQS compliant and how to overcome them.
Find Out More