Workflow Templates for Law Firm: Law Firm Compliance Checklist

Intake and Conflicts

Audit a sample of new-matter intakes

Pull 10 matters opened in the last 90 days from Clio / MyCase / iManage. For each, confirm the intake form captured client identity (government ID), matter type, opposing parties, related entities, and witnesses. Missing opposing-party data is the top reason conflicts get missed downstream.

Re-run conflicts on the audit sample

Re-run each sampled matter through the conflicts database against current clients, former clients, adverse parties, and witnesses. Document any hits the original intake missed — these become the basis for a Rule 1.7 / 1.10 remediation conversation with the responsible attorney.

Escalate any missed-conflict matters to the managing partner

Imputation under Rule 1.10 means a missed conflict can disqualify the firm. The managing partner decides whether to seek a written waiver, screen the affected attorney, or withdraw. Document the decision in the matter file and the conflicts log.

Verify engagement letters are countersigned and on file

For each open matter, the DMS should hold a countersigned engagement letter with scope, fee structure, retainer terms, and dispute-resolution clause. An unsigned letter is the most common factual basis for a fee dispute or bar grievance.

Trust Account and IOLTA

Run the three-way IOLTA reconciliation

Reconcile book balance, bank balance, and the sum of individual client ledgers — all three must match to the penny. Discrepancies even of a few dollars indicate a posting error or, worse, commingling. Use Clio Trust, CosmoLex Trust, or Tabs3 Trust depending on the firm's stack.

Investigate any reconciliation variance

Trace every transaction in the variance period. Common causes: bank fees posted to IOLTA (a Rule 1.15 violation in most states), retainer disbursed before funds cleared, or a client ledger posting to the wrong matter. Resolve before the next month closes.

Check each client ledger for negative balances

Any client ledger below zero is a Rule 1.15 violation. Most state bars are notified by the bank automatically on IOLTA overdraft, triggering a disciplinary referral. Pay particular attention to matters where retainers were disbursed on the same day funds were deposited.

Obtain partner sign-off on the IOLTA reconciliation

Data Security and Confidentiality

Review DMS access logs for terminated staff

Pull the NetDocuments / iManage / SharePoint access list and cross-check against HR's active-employee roster. Any lingering credentials for departed attorneys, paralegals, or contract reviewers must be revoked the same day. Lateral departures are the highest-risk category.

Confirm MFA is enforced on all firm accounts

Model Rule 1.6(c) requires reasonable safeguards on client information. MFA on email, DMS, PMS, and trust-accounting platforms is table stakes. Pull the admin report from Microsoft 365 / Google Workspace and identify any account without MFA enrolled.

Verify litigation holds are still active

For each open matter under hold, confirm custodians are still receiving hold notices and that auto-deletion policies in Outlook and OneDrive are suppressed for those custodians. A missed custodian is the textbook spoliation sanction scenario.

Test the off-site backup restore

Restore a sample matter file from the most recent backup to a sandbox environment. Backups that have never been tested often fail when needed. Document the restore time and any data loss observed.

Records Retention

Pull the matter list past the state retention minimum

Most state bars set a 5–7 year minimum after matter close, with longer schedules for trust-account records (often 7+) and certain matter types (estate planning, real estate). Filter the closed-matter report by close date plus the applicable retention period.

Flag estate, real estate, and minor-client matters

Estate-planning files often retained for the life of the testator plus a tail; real estate closing files typically held 10+ years; matters involving minors retained until the minor reaches age of majority plus the SOL tail. These cannot be destroyed on the standard schedule.

Approve the destruction list

Billing Hygiene

Review pre-bill edit completion rates by attorney

Pull the prior-month pre-bill report from Clio / Tabs3 / LeanLaw. Every pre-bill should show responsible-attorney edits before issuance. Unedited pre-bills with verbose junior-associate narrative are the leading driver of fee disputes and write-downs.

Spot-check trust-to-operating transfers

Each transfer from IOLTA to operating must correspond to an issued, client-approved invoice. Transfers ahead of invoice issuance are a Rule 1.15 violation regardless of whether the work was performed. Sample 10 transfers from the prior month.

Review aged accounts receivable over 90 days

Aged AR over 90 days is both a cash-flow problem and a relationship-quality signal. Coordinate with responsible attorneys before sending collections letters — fee suits often draw a malpractice counterclaim.

CLE and Malpractice Renewals

Pull each attorney's CLE transcript from the state bar

Annual hours vary by state (commonly 12–15), with separate ethics hours and, in some states, mandatory diversity or mental-health hours. Confirm transcripts against the state's compliance period — calendar year, birth-month cycle, or admission-anniversary cycle.

Identify attorneys behind on CLE hours

Schedule make-up CLE before the deadline

Book affected attorneys into Lawline, Practising Law Institute (PLI), or state-bar on-demand programming. Suspension for non-compliance is typically automatic at the deadline — there is no grace period in most jurisdictions.

Confirm malpractice carrier renewal is in process

Most states require malpractice coverage to practice in firm form, and some require client disclosure of non-coverage. Begin the renewal application 60 days before policy expiration — late submissions can leave the firm with a coverage gap or a tail-coverage problem.