SRA compliance outsourcing starts with one simple fact: before a Compliance Officer for Legal Practice signs off on any outsourcing arrangement, they will have questions. That is not a barrier to outsourcing paralegal work, it is exactly how it should work. A COLP who asks nothing is not doing their job under the Code of Conduct for Firms. This piece sets out the questions a competent COLP actually asks, and what a properly structured answer looks like.
Why the COLP has to be involved at all
Under paragraph 9.1 of the Code of Conduct for Firms, a COLP must take all reasonable steps to ensure the firm complies with its regulatory arrangements, including those relating to supervision. The SRA’s own effective supervision guidance is explicit that this extends to services delivered by individuals who are not themselves authorised, wherever that work is actually carried out. Outsourcing does not remove the COLP from the picture. It just changes what they are checking.
The SRA’s Authorisation of Firms Rules explicitly lists outsourcing among the categories of professional and specialist business support a firm can use. It is a recognised, ordinary part of running a modern practice. The question a COLP asks is never “are we allowed to do this”, it is “have we structured it properly”.
SRA compliance outsourcing: the questions a COLP will actually ask
Who retains supervision, and how is that structured?
This is the first and most important question. The answer needs to be specific: a named, authorised fee earner directs and reviews the work, at every stage, before it is relied on or sent externally. This is the same principle the Court of Appeal confirmed in CILEX and others v Mazur and others [2026] EWCA Civ 369, which the SRA’s own supervision guidance now references directly: an unauthorised person can lawfully perform tasks within the conduct of litigation for and on behalf of an authorised individual, provided that individual retains responsibility. A vague answer here, such as “the outsourcing provider manages quality”, is the wrong answer. The firm’s own fee earner has to be the one exercising judgement.
Does the arrangement touch client money?
It should not. A properly structured outsourcing arrangement never gives the provider access to or control over client money, as defined in the SRA Accounts Rules. This is worth stating explicitly in the contract, not just assuming it is understood.
How is data protection handled?
A COLP will want to see a proper Article 28 Data Processing Agreement, not a general confidentiality clause. This should cover the specifics: what data is processed, for what purpose, what security measures are in place, and the mechanism for any international transfer if the provider’s staff are based outside the UK. See our How It Works page for how this is structured in practice.
Is there a conflict of interest risk?
A shared or pooled resource, where the same individual might work on matters for different firms with competing interests, is a real risk a COLP has to consider. A dedicated paralegal or team allocated to one firm only removes this risk by design, which is why it is worth asking specifically how staffing is structured before agreeing anything.
What happens if something goes wrong?
The contract should set out liability clearly, including what is covered by the firm’s own professional indemnity insurance and what, if anything, sits with the provider. This is a detail worth checking rather than assuming, since arrangements vary.
What a well-structured answer looks like on paper
In practice, a COLP is looking for a written agreement that covers: no handling of client money, a named supervising fee earner, a proper Data Processing Agreement with a defined international transfer mechanism where relevant, a dedicated team structure that avoids conflicts, and clear liability terms. Our Services page sets out what this looks like for outsourced paralegal support specifically, and our Pricing page has the flat-rate packages this typically sits under.
None of this is unusual scrutiny. It is the same due diligence a COLP would apply to any outsourced business support function, from IT to recruitment. The SRA’s guidance on COLP responsibilities is clear that firms must be able to demonstrate compliance with records, which is exactly what a well-documented outsourcing agreement provides.
Bringing your COLP up to speed?
We can send over the actual contract and DPA so your compliance review has something concrete to work from, before any commitment.
Request the paperworkGetting ahead of the questions
The firms that get through this stage fastest are the ones that bring the COLP in early, with the paperwork already answering these questions rather than reacting to them afterwards. If you are scoping this for your own firm, our FAQ page covers the questions we get asked most, and a short call is often the quickest way to get specific answers for your situation.

