A solo attorney has the same compliance obligations as a 30-attorney firm. The same trust accounting rules. The same client communication requirements. The same CLE deadlines, the same conflicts procedures, the same data security duties. The difference is that a 30-attorney firm has staff to help execute them.
You don't.
Most compliance guides written for law firms assume there's someone to delegate to. This one doesn't. It's built for practitioners who are handling intake, billing, client calls, and case work in the same day and need a compliance system simple enough to actually use. For the full compliance framework, see our law firm compliance guide for small firms.
How to Use This Checklist
The checklist is split into quarterly reviews and an annual sign-off. Quarterly tasks take 30 to 60 minutes each. The annual sign-off takes about two hours once a year.
Document completion by dating and initialing each section in a physical binder or a shared document. If the state bar ever investigates a complaint, your documented compliance review is evidence that you were operating systematically. "I do this informally" doesn't help you in a disciplinary proceeding. A dated record does.
Set four calendar events at the start of each year: first week of January, first week of April, first week of July, and first week of October. One hour blocked for compliance review. The quarters that feel busiest are usually the ones where compliance problems are building.
Q1 Checklist: January through March
- Trust account: Run January three-way reconciliation. Bank statement plus client ledger plus check register must match. See our attorney trust account rules guide for the reconciliation process.
- CLE audit: Pull your state bar CLE transcript for the prior year. Confirm all credits were reported correctly. Identify how many hours you need for the current reporting period.
- Malpractice insurance: Review your current coverage limits. Compare against the types of matters you're handling. If you've added a new practice area, confirm coverage extends to it.
- Conflicts database: Update with all matters opened and closed in the prior year.
- Client contact audit: Pull a list of every active matter. Flag any where the last client communication was more than 30 days ago. Send updates this week.
- Software review: Are you using any new tools that weren't in your practice last year? Confirm each one has a data processing agreement if it touches client information.
Q2 Checklist: April through June
- Trust account: Complete April and May three-way reconciliations. Check for any trust balances that have been sitting without activity for more than 90 days.
- IOLTA reporting: Many states require IOLTA reporting in spring. Check your state bar's calendar and file if required.
- CLE check: Are you on track to complete required hours by your state's deadline? If you're more than 30% short at the midpoint of your reporting period, schedule courses now.
- Client communication sweep: Repeat the Q1 client contact audit. Any matter with no communication in 30 days gets an update this week.
- AI policy review: If you've added any AI tools since January, update your written AI use policy. If you don't have one yet, write a one-page policy that covers which tools you use, how client data is handled, and what review process you apply to AI-generated work.
- Overdue invoices: Pull a report of invoices past 60 days. Follow up on each one. Persistent non-payment often precedes billing complaints.
Q3 Checklist: July through September
- Trust account: Complete July and August reconciliations. Run a trust account balance report against your outstanding retainer obligations. They should match within rounding.
- File retention review: Identify closed matters that have reached their state-mandated retention period. Follow your destruction protocol.
- Cybersecurity audit: Review access credentials for every firm account. Remove access for any former staff, contractors, or vendors. Confirm multi-factor authentication is enabled on email, practice management, and cloud storage.
- Data backup test: Confirm that your client files can actually be restored from your backup system. Most solos have backups configured. Far fewer have tested whether the restore process works.
- Advertising review: Check your website, Google Business Profile, and any directory listings. Confirm that all claims are accurate and that testimonials are properly labeled.
- CLE final check: If your reporting period ends December 31, you want to be at 80% of required hours by October 1.
Q4 Checklist: October through December
- Malpractice renewal: Most policies renew November 1. Application should be submitted by October 1.
- Trust account year-end: Complete October and November reconciliations. Run a year-end review of all trust account transactions. Any unexplained entries need to be resolved before year-end.
- CLE completion: Finish all required hours before December 15. Give credits two weeks to process and appear in your state bar account.
- Unclaimed property check: Some states require attorneys to report client funds held in trust for more than a specified period. Check your state's rules.
- Year-end billing: Confirm that all earned fees have been invoiced. Any outstanding retainer balances that should have been drawn down need to be reconciled before December 31.
- Incident response review: Has anything happened this year that might constitute a data security incident or a potential malpractice situation? Address it before year-end.
Annual Sign-Off Tasks
These happen once a year, typically in December or January.
- Update your written data security policy to reflect current tools and vendors.
- Update your AI use policy to reflect any tools added or removed during the year.
- Review your engagement letter template. Confirm the fee arrangement, scope of representation, and billing procedures are accurate.
- Pull your malpractice insurance certificate and confirm coverage limits.
- Review your client intake form. Confirm it captures everything needed for a conflicts check and that the information collected complies with current data privacy requirements.
- Document that you completed the annual review. Date it. Initial it. Keep it with your other compliance records.
The 5 Solo Compliance Mistakes That Cause Most Problems
Trust account errors from informal accounting. Solo practitioners who handle their own bookkeeping often develop informal habits: keeping earned fees in trust a little longer than necessary, not reconciling monthly because nothing seems wrong. These habits are trust accounting violations. Track your compliance KPIs including trust account metrics on a weekly basis.
Letting client communication slide when caseload spikes. When a solo is busy, client calls go to voicemail and emails sit unanswered. Two days becomes four becomes two weeks. The attorney is actually doing the work. The client feels ignored and calls the bar. Track average client response time as a hard limit, not a suggestion.
No written policies for anything. Data security policy: verbal. AI use policy: informal. File retention policy: memory-based. Written policies exist for two purposes: they force you to commit to a specific approach, and they're evidence in a disciplinary investigation. "I handle things professionally" is not evidence. A dated written policy is.
CLE procrastination until December. Schedule two CLE courses per quarter instead of ten in November. Same hours, zero risk of missing the deadline due to processing delays.
No written AI use policy in 2026. If you've used any AI tool for anything related to a client matter, you need a written policy. ABA Formal Opinion 512 (2024) makes clear that the attorney is fully responsible for AI-assisted work product. A written policy demonstrates you had a system for oversight.
Solo practitioners are at higher compliance risk than larger firms not because they're less ethical but because every compliance task lands on one person. The firms that stay out of trouble have automated the parts that can be automated, so the attorney's attention goes where it actually matters. If you want to see what a compliance-supporting system looks like for a solo practice, book a free audit call.