UK Regulatory Financial Services Compliance Specialist Services Provider ref PRA & FCA

compliance meaning-compliance officer-compliance definition-compliance

A compliance definition is difficult to obtain other than “We define compliance within our firm as the function of identifying relevant legislative, regulatory and best practice requirements and then implementing the required changes to our systems and controls to facilitate adherence to these obligations on an ongoing basis.”

However, every firm needs external perspective and Compliance Consultant – as a leading regulatory compliance specialist consultancy have many different and adaptable services to offer.

Contact us on 0203 815 7939

Shock Failings In Firms’ Regulated Complaint Handling Rules


complaint management fca system process failure customer service







 Are Firm’s Managing Complaints Efficiently And Learning The Lessons From ALL Complaints, Not Just Cherry Picking The Juicy Ones To Report?

The changes made to the FCA’s complaint handling rules in June 2016 are well documented.

In conclusion:

  • The ‘next business day rule’ has been extended to become a ‘three business day rule’ (where sending final response letters (FRLs) are required).
  • Firms must now send a ‘Summary Resolution Communication’ (SRC) in response to all complaints that are dealt with within three days of receipt.
  • The SRC must confirm that the complaint has been resolved and inform the customer of their rights to refer the matter to the Financial Ombudsman Service (FOS).
  • All complaints must be recorded and submitted to the FCA via their new ‘complaints return’.

The rules are designed to benefit customers by “ensuring that complaints are handled quicker, efficiently and transparently”. Firms do not need to try to resolve complaints on the same day in order to avoid reporting or sending the customer an FRL. Consequently, more time and greater consideration can be given to each individual complaint and the circumstances of the complainant. This should also support a more flexible operating model and relieve some operational triage and case management strains.

Firms lose the ability to resolve complaints without reporting them; nevertheless, where all complaints are logged and reported, firms should have access to management information (MI) that better shows their complaint population, and therefore root cause analysis (RCA) should certainly be more robust- revealing a more accurate understanding of the firm’s performance.

Presumably, there are positives for clients and the sector, but how are firms managing the changes?

call center-complaint-management-customer serviceTheoretically, where the firm is positive that complaints, which were being closed by the next business day, were identified and resolved fairly (and in-line with regulatory expectations), then the shifting to the new rules should be more straightforward. In this instance, the biggest change for the complaint handling department is logging the complaint correctly, and issuing an SRC to the consumer. This, however, still leads to an immediate need to present systems training to staff, and to update procedures to ensure SRCs are issued to customers in the correct manner.

The new reporting rules mean that there is now a record of every single dissatisfaction handled by the firm, and therefore fair customer outcomes and compliant complaint handling should be demonstrable in every instances. This has exposed some firms’ ability to appropriately identify and handle complaints in their front-line and client service departments, or those who do not handle complaints often. Reasons for this typically include:.

  • A training or capability gap.
  • Conflicting incentive schemes.
  • Inadequate processes and procedures.
  • Inadequate back up and oversight.
  • Issues with company conduct.

Unfortunately, this has also led to the inherent expectation that front-line staff, who might receive complaints infrequently, have the ability to serve as skilled complaint handlers. For some team members, this will feel like a change to their role, so firms ought to provide the appropriate support to individuals for them to execute effective complaint handling that meets regulatory requirements.

Additionally this, the regulatory definition of a complaint- and a firm’s treatment of it- has entered into the center stage. Previously, ‘minor’ or ‘immaterial’ complaints might be quickly dealt with and resolved without too much concern for whether the regulatory definition of a complaint had been met. Now that all complaints are recorded, firms need to be confident that complaints are being identified in line with regulatory expectations, resulting in ‘materiality’ coming into question. This serves to make the understanding of what is and isn’t a complaint an intrinsic part of the process, and comes at the same time as an increased reliance on non-skilled frontline staff to perform complaint handling.

These changes have also meant that firms’ operating models and controls have had to be increased, since added departments and complaint channels should be more closely monitored. Some firms have miscalculated the extent of the required changes.


Firms should reevaluate their complaint handling operating model whilst considering the FCA’s expectations around a ‘fair customer outcome – at the first possible opportunity’, and whilst also reviewing their “risk appetite”. They should be comfortable that complaints will be effectively identified and handled in every front-line area, with relevant evidence of good practice recorded and retained.

Regardless of the process for complaints a firm deems appropriate, as a minimum, complaints ought to be identified successfully by front-line staff, so a level of training, guidance and support is required on an immediate and ongoing basis to reduce ‘knowledge gap’ and ‘skill fade’ threats where complaint handling is not the day-to-day job.

The expectations of staff and the firm should be assessed so as to gain insight on effective ways to align the two. As part of its suite of training pertaining to complaints, firms should also aim to improve their staff members’s contextual knowledge around why effective complaint handling is vital across the industry today. They could also use this opportunity to review their complaint handling culture, and reaffirming the crucial elements of treating customers fairly, where appropriate.

Firms should ensure that they have a clear and, most notably, consistent interpretation of a complaint which gives context and meaning to the idea of ‘materiality’, using a broad spread of real examples in line with their risk appetite.

Firms’ operational controls under the former rules (including quality assurance (QA), training & competence (T&C), MI, RCA and governance arrangements) may never give the full understanding of complaint handling across the company, leading to an increased risk of unjustifiable customer outcomes and regulatory breaches.

Therefore, in order for the firm to show compliant complaint handling to the regulator, these operational controls have to be appropriately broadened (while ensuring a risk-based approach) to give a detailed view of complaint handling in all areas. This causes updated requirements for QA and RCA frameworks, T&C schemes, MI reports, scorecards, training programmes, governance structures and agendas; to name but a few.

Finally, firms should be satisfied that their systems and infrastructure allows them to record, report and handle complaints in line with regulatory expectations. This means ensuring that calls are recorded (i.e. interactions can be evidenced), all relevant individuals have access to the firm’s complaint handling system and the system has the capacity to support effective MI and RCA.


Alongside the initial challenges that were projected at the outset of PS15/ 19 and during the prior consultation, there have been some inadvertent issues arising through the pragmatic implementation of the rules which are more nuanced and tougher for firms to diagnose.

Firms wishing to gain assurance that they are reacting appropriately to these challenges can determine their strategy to the areas above to give themselves a richer picture. It is needless to say perfectly natural that problems should arise when such a significant change is executed, nonetheless it is the ability to react to these challenges with appropriate and proportionate action that will differentiate firms on the market.

If you need assessments of your complaints management, systems and controls or testing of embeddedness of your implementation, contact Compliance Consultant on

+44 (0) 203 815 7939

Questions To Ask [Important] – Regulatory Radar July 2017



MiFID II Regulatory Pieces Are Falling Into Place With The FCA

The final two pieces of UK legislation implementing MiFID II were laid before Parliament on 26th June which give the FCA powers to make certain of the changes to the handbook rules (such as the financial promotion rules) and to carry out certain administrative tasks linked to implementation (such as setting position limits).

 These are the:

Data Reporting Services Provider Regulations

Markets in Financial Instruments Regulations

With that in mind, I thought I would just remind you of what’s happened and what’s on the radar that you may need some assistance with the planning and implementation of.

See Our Special Offers At The Foot Of This Article

Save Money On Your AML Manual & Governance Review!

These areas are;

  1. 4th ML Directive was effected on Monday 26thJune and becomes the Money Laundering Regulations 2017 and affects all businesses, taking over from the 2007 version. This should have already been addressed with the appropriate changes to your AML policy and procedures, but seems to still be causing some firms slight issues, especially around their governance & risk identification and mitigation (risk register).
  2. MiFID II (that which we all love) is effective 3rd January and there are some fairly seismic shifts for many asset and fund managers. For advisers, there are several fairly minor but changes that need to be reviewed. There are also some subtly changes that some firms have overlooked such as “best execution” rules and the reporting. Fees and Costs are another area for consideration. As I am sure you are aware, changes to the right governance (CofI, Inducements etc) all need to be in place for the 3rdJan.
  3. I am sure your preparations for Senior Managers & Certification Regime (SMR or SM&CR) due to be rolled out over 2018 across all firms is well underway, despite not yet having the final rules, the foundations are still going to be the same as for banks. This is going to take huge preparation on the part of all sizes of firms, such as mapping their rules, responsibilities, allocation of roles, appropriate distinctions between functional allocation, appropriate training to directors, NEDs and staff, changes to employment contracts (more in 4 below), breach reporting policy and procedures, Board oversight of conduct related issues, revised KPIs etc, changes to governance and many other aspects that I could bore you with.
  4. Further to 3 above, the SM&CR HR element has to be planned well in advance for SM&CR changes due to employment law legislation. You will need, if you haven’t already, to review the Regulations that Impact People, such as and for example; Threshold Conditions (COND), Principles for Business (PRIN). Senior Management Arrangements, Systems and Controls (SYSC), Fit and Proper Test for Approved Persons (FIT), Principles and Code of Practice for Approved Persons (APER) and Training and Competence (TC).
  5. General Data Protection Regulation (GDPR) This is a European implementation 28th May 2018 ad will take some preparation – especially on the lead gathering, newsletter management, handling, storing and processing of data, appropriate age restrictions etc, disclosure and other aspects of data management.


Questions to ask


  1. Have we reviewed the definitions and procedures in accordance with the MLD4?
  2. Have we updated the CDD/EDD/SDD and Beneficial owner sections?
  3. Have we trained our staff on the changes?
  4. Is our policy up to date?
  5. Is our policy approved by the board?
  6. Would our AML/KYC/FC preparations or current arrangements stand up to independent external scrutiny?
  7. Do you need to review the ‘state of play’ within your firm?



  1. Transaction reporting – Legal Entity Identifiers – Do we understand the requirements?
  2. Information to clients – costs & charges – Are we clear on what changes are required and do we have a clear plan for making those changes appropriately?
  3. Reporting – Are we cear on the new reporting requirements?
  4. Are we happy that our existing systems can provide the new service?
  5. Advice – Are we happy with the new definition?
  6. Suitability – Are we comfortable that oour existing Suitability practices are adequate?
  7. Appropriateness – Are we comfortable that the products we sell are considered “non-complex” or do we need to make changes?
  8. Fair, clear and not misleading – if we provide future performance, do we comply with the new rules?
  9. Communication recording – Are we happy that we have a comprehensive method of recording the content and timings of communications and clearly identify the outcomes accurately?
  10. Inducements – Do we comply with the new rules? Are those we deal with complying with the new rules?
  11. Best execution – Have we made the appropriate changes in our documentation?
  12. Product governance: distribution – Have we enough information to ensure that the products and services we provide are not mis-sold?
  13. Client Agreements – Have we ensured we have a plan to amend agreements and terms & conditions documents appropriately?
  14. Have we trained our staff on the impending changes?
  15. Is our suite of policies up to date?
  16. Are our policies approved by the board?
  17. Would our MiFID II preparations or current arrangements stand up to independent external scrutiny?
  18. Do you need to review the ‘state of play’ within your firm?



  1. Have we planned, in good time, for all SMFs & CRs to receive training on the duty of responsibility, reasonable steps and the regulators’ guidance relative to them?
  2. What steps do we need to take to ensure our has the ability to provide and obtain regulatory references for SMF and Certified roles?
  3. Have we mapped our business against the regulator’s handbook so that we are aware of the impacting changes and where/who will be effected?
  4. Are our record keeping facilities set-up to retain relevant documentation for at least six years after an individual leaves the business?
  5. Have we identified potential conduct risks and implemented controls or mitigation measures?
  6. Is our risk register up to date?
  7. How do the board get made aware of conduct issues? (They are responsible for ALL conduct)
  8. Have we prepared a formal and robust documentation of the firm’s governance arrangements into responsibilities maps and statements of responsibilities, setting out board and committee structures, roles, responsibilities & escalation lines?
  9. Have we mapped existing SIF approvals onto the new SMF framework, and identifying staff potentially subject to the Certification Regime.
  10. Have we trained our staff on the impending changes?
  11. Would your SMR preparations or current arrangements stand up to independent external scrutiny?
  12. Do you need to review the ‘state of play’ within your firm?
  13. Is our Conduct Policy up to date?
  14. Is our policy approved by the board?



Do we as a company understand;


  1. WHY the personal data processed?
  2. Precisely WHOSE personal data is processed?
  3. For each data management process, WHAT and WHEN is personal data processed?
  4. And finally, precisely WHERE is personal data processed?
  5. Is Senior management aware of and regularly discuss data protection?
  6. Are our Data Protection policies and procedures (including retention and disposal schedules);
  • in place and appropriately approved?
  • adequately monitored?
  • clear and robust compliance trail?
  • regularly reviewed adequately?
  • communicated to staff?
  1. Are our Information Security policies and procedures:
  • in place and appropriately approved?
  • adequately monitored?
  • clear and robust compliance trail?
  • regularly reviewed adequately?
  • communicated to staff?
  1. Do we have formal mechanisms in place to identify breaches and handle incidents;
  • in place and appropriately approved?
  • adequately monitored?
  • clear and robust compliance trail?
  • regularly reviewed adequately?
  • communicated to staff?
  1. Do we have clear and accessible fair processing information given to individuals?
  2. Are all our new new projects and initiatives;
  • “privacy-proofed” at the planning stage?
  • reviewed during development, testing and delivery stage, i.e. pre- and post-implementation?
  • ‘Privacy impact assessments’ are conducted when necessary?
  1. Have we trained our staff on the impending changes?
  2. Would your GDPR preparations or current arrangements stand up to independent external scrutiny?
  3. Do you need to review the ‘state of play’ within your firm?

These issues will not be changing any more, if these are not addressed immediately by firms spending a little money now, they are going to be spending absolute fortunes at the last minute. All firms will have to demonstrate “on demand” that they have everything in place.

You may find these links useful and

Any firms that may need assistance with any of these areas can contact us for support on 0203 815 7939. Please be aware that our resources are limited and bookings for this work are already being placed. Depending on the size of your project, discounts of up to 20% are available.

If you would like any further information, please drop me a line.

Special Offers For Limited Number And/Or Date
If you want to get an up-to-date AML & CTF Manual, with 1/3rd Off please click on this link ( and use the code “CCMLD4” in the payment box for a full 1/3rd discount! Hurry because this only valid for the first 25!

If you want to take advantage of our policy checking offer, go to our special offer at but hurry, this is only on sale until the 21st July!

Birth of the Office for Professional Body Anti-Money Laundering Supervision (OPBAS)





On the 15th March 2017, the UK Government announced the creation of a new watchdog for anti-money laundering.

Named the Office for Professional Body Anti-Money Laundering Supervision (OPBAS), it aims to tackle the methods of financial criminals by both stepping up standards of anti-money laundering (AML) supervision and closing loopholes in guidance that can be exploited to move illicit funds.

The UK Government’s ‘Action Plan for Anti-Money Laundering and Counter-Terrorist Financing’, released in April 2016, included an objective to review and improve the effectiveness of AML and CTF supervision. Subsequently, between April and June 2016, HM Treasury undertook a review of the UK AML / CTF supervisory regime. The review involved an audit of the FCA, Serious Fraud Office (SFO), HM Revenue and Customs (HMRC) and the National Crime Agency (NCA).

A key theme running through the review was a lack of consistency and potential confusion caused by the number of supervisory bodies overseeing firms’ activity in this area. It also referred to the guidance provided by legal and accounting firms, which is sometimes conflicting in its message.

All of this has the potential to create loopholes that criminals can exploit – as such there is a need to seek a more consistent approach to both supervision and guidance. OPBAS will seek to better unify the various industry, regulatory and legislative approaches.


OPBAS will have overall responsibility for the various supervisory organisations involved to ensure consistency of approach.#compliance-#fca-regulatory-uk-financial service-consultancy-consultantcy

It will also set out how these bodies can comply with supervisory standards once they are updated to incorporate requirements of the EU’s 4th Anti-Money Laundering Directive (4AMLD), due to be implemented by the UK on the 26th July 2017.

More specifically, OPBAS’s objectives are to:

  • Raise standards and ensure a consistent approach to AML supervision
  • Provide guidance to professional AML supervisory bodies on how to comply with their obligations in line with the updated money laundering regulations
  • Hold enforcement powers to penalise breaches of regulation made by professional AML supervisory bodies
  • Facilitate collaboration between supervisors and law enforcement in terms of tackling money laundering and terrorist financing


OPBAS is due to be legislated for by the end of this year and operational from the start of 2018, and we can anticipate new guidance to be released shortly after this.


OPBAS will become operational several months after the updated money laundering regulations are implemented, but firms will not want to wait until this time to make sure they are compliant.

money-laundering-2017-hmrc-fca-regulation-impact-how t0The new office will sit within the FCA and operate in line with its existing governance structure. AML supervision is already an area of strong focus for regulators and was earmarked as a priority by the FCA in its 2016 / 17 Business Plan as it looked to broaden its Systematic Anti-Money Laundering Programme (SAMLP). This focus will increase into 2017 / 18.

Not only is the focus increasing in terms of regulatory output; the level of insight FCA receives back on these issues continues to increase with the implementation of REP-CRIM financial crime reporting in January 2017. This extra insight being gained by regulators will serve to enhance their view – this may manifest itself in further changes to supervision, and firms will need to continue to keep abreast of any developments.

The creation of OPBAS will mean increased scrutiny of professional AML supervisory bodies in terms of how they supervise AML and CTF compliance. This will create a knock-on effect for firms themselves, which could quickly feel the effects of this closer supervision. Following some uncertainty in terms of AML guidance from a supervisory point of view, the intention of regulators will be to ensure enforcement action is taken should deficiencies be identified – this has been a well-documented challenge in the current regulatory environment.

With the Government response on how money laundering regulations will be incorporated due in April, supervisory bodies may arguably be left with little time to interpret the regulations and revise their rules and guidance for firms in time for the 26th July and 4AMLD. This could in turn challenge firms’ ability to prepare for the changes. Staying abreast of developments in this space with the aim of prompt but proportionate action (when appropriate) should be firms’ current focus.

To help with your Anti-Money Laundering procedures as well as other Compliance support services, please contact us on 0203 815 7939


So Remarkably Simple, Yet Detailed and Thorough Compliance Risk Management Reference System


Remarkably Simple Compliance: How Are You Impacted?

An indispensable step for any Compliance Officer is the identification of your business departments and the impacting regulations.

With an increasing amount of regulatory bodies, the changing regulatory scenery and recently the Senior Managers and Certification Regime (awaiting further consultation), putting managers directly in the firing line, risk and compliance functions are really feeling the pressure to ensure they are completely knowledgeable about what their firms must do to manage compliance.

Nonetheless, if you picture providing the optimal compliance service that is practical to your firm each and every single day, then you must understand how and where your firm stands. The primary step is identifying the high-level activities and must now tease out the more detailed aspects and duties of being a Compliance Officer.

To undertake this you could take a ncompliance-risk-management-function-consultant-consultancyew notebook and address the following rough sections;

  • Each entity within your group including appointed reps, introducer appointed representatives or other subsidiary or joint-venture partners that your firm may have taken part in business with;
  • Each business unit and support sections within each entity;
  • If a group, what are the distinct reporting lines and what differences/similarities could there be?
  • External suppliers including anything that maybe outsourced from IT to Para-planning, Legal to Banking;
  • The regulatory legal system where you are operating, for most this will be the UK and at most Europe nevertheless many firms today offer offshore investment services.

The Detailed Rules Mapping
Now to the details and heart of the matter. If you get yourself a spread sheet with the column titles referencing the handbooks starting with SYSC, COBS, BIPRU, INSPRU, etc. and with rows complete the titles of functions including trading desks, middle office, settlement and other areas of activity. For retail distribution perhaps its, life sales, pensions sales, investment sales, mortgages etc. across the top. Your grid will soon materialise. From this basic grid you can identify where the relevant handbooks would link with your firm and those who run it, and if it is not applicable, note why not.

compliance-risk-management-consultancy-fca-pra-specialist-expert-regulatoryThere is, needless to say, a need to understand business units in your very own firm whether these units take the form of sales teams or expert areas with their own specific advisers you will obviously want to understand certain basics alongside the above;

  • senior management compliance concerns
  • specific product services or functions
  • the main activity for income generation
  • anything considered as a unique selling point
  • any point of sale or post sale documentation used if different to the principal
  • target client base or segment
  • methods of advertising and marketing
  • IT systems
  • most valued clients
  • top deals of the previous 1 Year
  • complaints.
  • obstacles.
  • governance; policies and procedures and how they may differ to the principal.
  • conflicts of interest, regulatory issues in the last 1 Year, risks, regulatory contact the last One Year.
  • any major transformations in the last 12 months; and.
  • Any major updates planned for the next One Year.

At this stage it may also be worth considering risk management and mitigation programs to be carried out for each legislative section you may have responsibility for within your firm. You might like to consider covering the broad list below;.

  • Specific responsibility if the need is for anybody apart from the compliance officer.
  • A gauge or measure somehow of how the firm is influenced by this legislation and particularly the sub-parts affected.
  • What you think about the key risks to be.
  • The controls you have identified in relation to each risk.
  • Any weaknesses in the control framework that may must be addressed; these may possibly be risk rated.
  • An action plan prepared and designed to address any weaknesses that you may have uncovered in your investigations. You should without a doubt ensure that you record and track progress regularly.
  • A review frequency for when you are planning to revisit your current findings. More complicated areas are probably to need a more frequent visit.
  • The overall risk rating you apply to this specific area of legislation and this should take into account the seriousness of penalties or frequency they are imposed by the regulator.

compliance-consultant-risk-management-fca-rules-mapping-praWith the application of the Regulatory and Risk Based Footprint Mapping, in addition to the Compliance Consultant Charting Tool, it is easily demonstrated where the regulatory component requirements impact your firm at differing levels within your organisation. The impact is identified, mitigation measures implemented and controls recorded for future inspection, reference or supply to the regulator on demand.

Your Fully reportable database of’ regulations to operations’ will give you fast access to any segment of regulation ensuring that you always have a clear understanding of all your obligations, mapped activities and ownership. A vital compliance tool that ensures Senior Management not only sleep at night but they are comforted that they are “Making Compliance Work”.

Its not all child’s play, but it can be made simple by using the right consultancy!

Ask us for details at go to our website

or call us on

0203 815 7939

Poor Conduct & Legacy Issues Kill Your Business Growth

strategy-fca-compliance-consultant- london

Poor Conduct Kills Your Strategy & Growth


Find Out More About Pathfinder Evolution Here!

Regulatory Compliance Benchmark Audit

smr-smcr-senior managers-compliance-fca-#compliance-nda-audit-regulatory


Visit our site at, email or call

0203 825 7939

Increasing Cost of Compliance And How To Reduce It

compliance-fca-regulatory-uk-financial services-effective-efficient

Regulatory Compliance Costs Can Be Mitigated

#compliance-#fca-regulatory-uk-financial service-consultancy-consultantcy

We Guarantee To Beat Any Like For Like Quote By

At Least 5%

Fields marked with an * are required

Project Risk? Minimise Your Risks With The Experts

compliance consultant consultancy support

Why Take A Chance?

smr-smcr-senior managers-compliance-fca-#compliance-nda-confidential

We Operate With FULL Non-Disclosure Agreements

Remedial Compliance Consultancy Specialist Work


Fields marked with an * are required