SRA Accounts Rules: what every firm still gets wrong
Most law firms treat SRA Accounts Rules compliance as a bookkeeping exercise, but the rules impose a structural discipline on client money that bookkeeping alone cannot satisfy.
SRA Accounts Rules: what every firm still gets wrong
Compliance with the SRA Accounts Rules is widely misread as a matter of accurate record-keeping, yet the rules impose obligations that reach far deeper into a firm's operating model. Firms that treat the rules as a bookkeeping discipline tend to pass routine compliance reviews and still carry material regulatory exposure, because the most consequential failures are structural rather than arithmetical. The thesis of this essay is straightforward: the persistent errors that draw SRA scrutiny and, in serious cases, intervention are not errors of calculation. They are errors of governance, process design, and organisational culture. Understanding that distinction is the starting point for any firm that wants to move from technical compliance to genuine protection of client money.
What the market usually gets wrong
The dominant misconception is that the SRA Accounts Rules are satisfied once a firm can demonstrate that its client account balance reconciles to its client ledger at the end of each reporting period. That view is understandable. The rules are expressed partly in accounting language, the reporting mechanism involves a reporting accountant's certificate, and the most visible enforcement actions tend to feature shortfalls in client account. It is natural to conclude that the rules are, at their core, about the numbers adding up.
They are not. The 2019 revision of the SRA Accounts Rules was deliberately simplified in its drafting, but the simplification was designed to shift responsibility onto firms rather than to reduce the substance of what is required. The rules now place an explicit obligation on managers and compliance officers to ensure that client money is kept safe. That obligation is not discharged by a monthly reconciliation. It is discharged by maintaining systems, controls, and a culture that make misappropriation, misapplication, and error structurally unlikely rather than merely detectable after the fact.
The firms that get into difficulty are rarely those whose bookkeepers have made arithmetic mistakes. They are firms where the governance around client money has been allowed to become informal, where authorisation controls have eroded under operational pressure, where the COFA role has been treated as a title rather than a function, and where the reporting accountant's annual visit has become the primary assurance mechanism rather than one layer in a broader control environment. Each of those conditions can exist alongside a reconciliation that balances perfectly every month.
What actually changes when you look at the operating layer
When a firm examines its client money controls at the operating layer rather than the reporting layer, several structural vulnerabilities tend to become visible that routine reconciliation does not expose.
The first is the authorisation gap. Many firms have formal payment authorisation policies that require dual sign-off for client account disbursements above a certain threshold, but those policies are frequently undermined in practice by informal arrangements, by the use of shared login credentials, or by a culture in which a senior fee earner's instruction is treated as sufficient authority regardless of the written policy. The reconciliation will not reveal this because the payments are real and correctly recorded. The vulnerability is that the control designed to prevent unauthorised transfers is not functioning as designed.
The second is the residual balance problem. Client accounts accumulate small residual balances when matters close without a final distribution being made. Over time, those balances can become significant in aggregate. The rules require firms to deal with residual balances promptly and, where a client cannot be located, to follow a defined process before transferring funds to a charity under the SRA's prescribed scheme. Many firms allow residual balances to accumulate for extended periods without a systematic review process, which creates both a compliance failure and a practical difficulty when the balances eventually need to be resolved.
The third is the office-to-client transfer discipline. Firms are permitted to transfer money from office account to client account to fund disbursements in advance of receiving client funds, but the rules impose conditions on when and how this is done. The operational reality in many firms is that these transfers are made informally and inconsistently, with the result that the firm is, in effect, using its own money to fund client matters in a way that is not properly documented and not reviewed as part of the compliance function's oversight.
The fourth, and arguably the most consequential, is the COFA's actual authority. The Compliance Officer for Finance and Administration is personally responsible under the regulatory framework for ensuring that the firm's systems and controls are adequate. In many firms, the COFA is a senior partner or finance director who has the title but not the operational time or the organisational authority to investigate concerns, require process changes, or escalate to the SRA when a breach is identified. The rules require self-reporting of material breaches. A COFA who lacks genuine authority within the firm is structurally unlikely to make that call.
Commercial consequences
The commercial consequences of getting the SRA Accounts Rules wrong are not limited to regulatory sanction, though the sanctions themselves are serious. The SRA has the power to intervene in a firm's practice, which means taking control of client files and client money. Intervention is a terminal event for most firms. It destroys client relationships, triggers professional indemnity claims, and generates costs that typically exceed any recoverable assets. The reputational damage extends to the individuals involved, not merely the entity.
Short of intervention, the consequences of identified compliance failures include conditions on a firm's practising certificate, requirements to appoint a reporting accountant on a more frequent basis, and the reputational damage that flows from any public regulatory record. For firms seeking to grow through merger, acquisition, or lateral hire, a compliance history that includes accounts rules failures is a material due diligence issue that affects valuation and deal structure.
For funders and investors who provide capital to law firms or to litigation finance arrangements that depend on law firm infrastructure, the quality of a firm's client money controls is a direct indicator of operational risk. A firm that cannot demonstrate robust governance around client account is a firm whose other operational controls are also likely to be weaker than they appear on paper. The accounts rules compliance position is, in that sense, a proxy for the quality of the firm's management infrastructure more broadly.
There is also a client-facing dimension that is increasingly relevant in the context of Consumer Duty thinking. Clients who place money with a law firm are entitled to expect that the firm's systems are designed to protect their funds, not merely to account for them accurately. A firm that can demonstrate genuine control discipline around client money is in a stronger position to articulate its value proposition to sophisticated clients and to institutional counterparties. For a broader perspective on how regulatory obligations intersect with client-facing duties, the Consumer Duty and Regulation pillar sets out the relevant framework in detail.
Where the market is likely to move next
The SRA has signalled consistently that its supervisory approach will become more risk-based and more focused on the governance and culture of regulated firms rather than on transactional compliance. That direction of travel has several practical implications for how firms should be thinking about their accounts rules position.
First, the reporting accountant's certificate is likely to become less central as a compliance mechanism and more of a baseline expectation. Firms that rely on the annual certificate as their primary assurance mechanism will find that the SRA's supervisory engagement increasingly looks behind the certificate to ask questions about how the firm's controls actually operate day to day. Firms that can answer those questions with reference to documented processes, regular internal review, and a COFA who is genuinely active in the role will be in a materially better position than those that cannot.
Second, the intersection between accounts rules compliance and anti-money laundering obligations is becoming more operationally significant. The movement of client money through a law firm's client account is a potential vector for money laundering, and the SRA's supervisory approach increasingly treats the two regulatory frameworks as connected rather than parallel. Firms that have strong client money controls and strong AML controls tend to have them for the same reason: they have invested in governance infrastructure rather than treating each regulatory requirement as a separate compliance task.
Third, the growth of alternative business structures, third-party managed accounts, and technology-enabled payment platforms is changing the operational landscape for client money. Some of these developments offer genuine improvements in control and transparency. Others introduce new risks that the accounts rules framework was not designed to address directly. Firms that are early in evaluating these options should treat the accounts rules implications as a primary consideration rather than an afterthought. For further reading on how regulatory frameworks are adapting to operational change, the writing index contains adjacent analysis that is directly relevant.
What this means in practice
The practical implication of this analysis is that firms need to audit their client money controls at the operating layer, not the reporting layer. That means asking different questions from the ones that a routine compliance review typically asks.
Instead of asking whether the reconciliation balances, ask whether the people who authorise payments from client account are genuinely independent of the people who initiate them, and whether that independence is enforced by system controls rather than by convention. Instead of asking whether residual balances are recorded, ask whether there is a systematic process for reviewing and resolving them on a defined timetable. Instead of asking whether the COFA has signed the required declarations, ask whether the COFA has the time, the information, and the organisational authority to act on concerns when they arise.
Firms that find gaps at the operating layer should treat those gaps as priority remediation items rather than as matters to be noted and monitored. The SRA's enforcement record demonstrates that the firms that face the most serious consequences are not those that identified problems and fixed them. They are those that identified problems, recorded them, and allowed them to persist.
The accounts rules are not complicated. They require firms to keep client money safe, to account for it accurately, and to return it promptly when it is no longer needed. The difficulty is not in understanding the rules. It is in building and maintaining the organisational infrastructure that makes compliance a structural outcome rather than a periodic exercise. Firms that have made that investment are better regulated, better managed, and better positioned commercially than those that have not.
For firms that want to understand how this kind of operational discipline connects to broader regulatory strategy, the about page sets out the analytical approach that underpins this work, and the contact page is the appropriate starting point for a more detailed conversation about a specific firm's position.
The SRA Accounts Rules reward firms that take governance seriously and expose those that do not. That is not a criticism of the rules. It is precisely what a well-designed regulatory framework should do.
Continue reading
This essay sits within the broader consumer duty, regulation, and legal-market boundaries theme, with nearby routes into the archive, related background pages, and Craig's wider point of view.
Fact ledger
Reviewed 24 April 2026 · Primary keyword: sra accounts rules
The 2019 revision of the SRA Accounts Rules simplified the drafting and placed an explicit obligation on managers and compliance officers to ensure that client money is kept safe, shifting responsibility onto firms rather than reducing the substance of what is required.
Firms that treat the simplified rules as a lighter-touch regime are misreading the regulatory intent; the personal accountability of COFAs and managers is now more explicit, not less, making governance failures a direct route to individual regulatory sanction.
The SRA has the power to intervene in a firm's practice, which involves taking control of client files and client money, and intervention is widely regarded as a terminal event for most firms affected.
The commercial stakes of accounts rules non-compliance extend well beyond financial penalties; firms and their funders should treat the intervention risk as an existential operational concern that warrants investment in preventive governance infrastructure.
The SRA's supervisory approach is increasingly risk-based and focused on the governance and culture of regulated firms, with the reporting accountant's certificate treated as a baseline expectation rather than a primary assurance mechanism.
Firms that rely on the annual accountant's certificate as their principal compliance evidence are likely to face more intensive supervisory scrutiny as the SRA's engagement moves behind the certificate to assess day-to-day control effectiveness.