Category Archives: Compliant Business Management

Is the FCA creating a new category of customer with the Vulnerable Customer Guidance?

compliance specialist vulnerable conduct risk

Is the FCA creating a new category of customer with the Vulnerable Customer Guidance?

compliance consultants london vulnerable customers

One of the key elements of the FCA’s remit is ensuring consumers have an appropriate degree of protection. Specifically at this time and central to their role, includes protecting vulnerable consumers.

Protection of the most vulnerable is a sign of an advanced society, but not necessarily if it removes individual responsibility or deprecates the need for autonomous decision making in lieu of expensive and cossetting rules. What of the expense of a provider of products, who will then have to increase costs to meet the imposed procedures and standards for this “category” of consumer. Could this then exclude the most vulnerable and financially deprived even further of the services of the society it forms part of?
The Guidance (FG21/1-Guidance for firms on the fair treatment of vulnerable customers) identifies in the introduction that “When we (the FCA) consider our consumer protection objective, we have regard to the general principle that consumers should take responsibility for their choices and decisions. However, we know that there are very real factors that might limit their ability to do so.”
The FCA obviously want vulnerable consumers to experience outcomes as good as those for other consumers and receive consistently fair treatment across the firms and sectors they regulate. Does the existing Conduct Risk and Treating Customers Fairly initiative, fail to cover this already?
Further, the “vision” as stated in point 1.7 of the Guidance states “We want to see the fair treatment of vulnerable customers embedded as part of a healthy culture throughout firms, not just on the frontline but also in areas such as product development. Firms’ senior leaders should create and maintain a culture that enables and supports staff to take responsibility for reducing the potential for harm to vulnerable customers. They should ensure that firms embed the fair treatment of vulnerable customers in their policies and processes throughout the whole customer journey. We have seen some good examples where commitment comes from the top and where there is a culture of feedback and learning from the frontline.”
In FG 21/1 the FCA state We expect firms to provide their customers with a level of care that is appropriate given the characteristics of the customers themselves. The level of care that is appropriate for vulnerable consumers may be different from that for others and firms should take particular care to ensure they are treated fairly.
Does this then mean that there is a comparable category of customers (predominantly retail based) that are considered as vulnerable at various times, so they overlap with normal and embedded TCF treatment rom time to time. With recent statements that nearly one third of UK adults are “vulnerable” due to the pandemic, this then puts the onus on firms to draw up a raft of assessment tools to test the vulnerability of every consumer, customer or client they have contact with. This also lends itself to those who may not be “natural persons” and act on behalf of incorporated bodies or even associations of firms that may display signs of vulnerability. This is a “should” and cannot be ignored, thus, perhaps a seperate regimen of assessment is needed?
Throughout their document, the regulator uses terms like 
Must: where an action is required by a Principle or rule. (25 appearances)
Should: where we think a firm ought to consider a course of action (not specified in a Principle) to comply with a Principle, but that does not necessarily mean they should follow a detailed or prescribed course of action. (207 appearances)
May: where an action is only one of several ways of complying with a Principle. (203 appearances)
To be fair, the “Must” references are predominantly concerning the Data Protection applicable references. However, this makes the should, even more poignant.
In the guidance document, under customer service, it states that firms should; 
  • Set up systems and processes in a way that will support and enable vulnerable consumers to disclose their needs. Firms should be able to spot signs of vulnerability.
  • Deliver appropriate customer service that responds flexibly to the needs of vulnerable consumers.
  • Make consumers aware of support available to them, including relevant options for third party representation and specialist support services.
  • Put in place systems and processes that support the delivery of good customer service, including systems to note and retrieve information about a customer’s needs.
To ram home the point, in the TCF section the FCA state; “Under Principle 6 we expect firms to have management information (MI) or measures in place to test whether they are treating their customers fairly, including delivering the 6 TCF outcomes. The MI should demonstrate to firms and to us that they are consistently treating customers fairly and delivering the TCF consumer outcomes.” Regrettably in, in our experience as a consultancy, many firms that we have seen wildly inadequate or outdated MI, some that has not been refreshed with contemporary data!
So how much of this can be consider necessary and how much is proportionate? 
The answer to that needs to be looked at under the “Must” statement, such as the Principles for Business PRIN 1.2.1G states that the extent to which firms meet their requirements under Principles 6, 7 and 9 will depend, in part, on the characteristics of the customers concerned. The relevant interests and needs that firms must have due regard to and what is reasonable care in the relevant circumstances will depend on those characteristics. The way to establish those characteristics is then to assess them, which requires a full process to identify any vulnerability on all customers. Therefore this means that every firm must instigate the requirements without fail, whether they deal with any of the categories of customer, consumer or client.
The requirements, of course, are welcome for the treatment of vulnerable customers, and I know first hand of the abuse that firms engage in from a close relative of mine and their treatment. But the requirements do not end at the consumer. Firms are required to ensure that staff are fully GDPR trained as when handling data, it should be managed appropriately. The ICO is clear that consent is not always needed to process data.
Product design should cater for vulnerable customers, and that has been echoed through time under the TCF regime. Customer services, KYC onboarding etc are required to have available systems and processes in a way that will support and enable vulnerable consumers to disclose their needs. Firms “should” be able to spot signs of vulnerability, which means that if you don’t have the systems or procedures in place, you are not conforming to a “should”, whereby the FCA think a firm ought to consider a course of action (not specified in a Principle) to comply with a Principle. Further, to deliver appropriate customer service that responds flexibly to the needs of vulnerable consumers, another part of the “should” means you need a written process that can be switched into on identification of any area of vulnerability. Don’t forget, someone may be vulnerable under more than one area.
Every firm also needs to readdress their communications to customers and encapsulate the possibility of vulnerability, and inform them of all facilities available. With that, staff skills and capability needs to be considered and evidenced (SMCR reasonable steps as well as TCF). Firms are required to embed the fair treatment of vulnerable consumers across the workforce. All relevant staff should understand how their role affects the fair treatment of vulnerable consumers. Alongside that role responsibility, frontline staff have to be able to demonstrate the necessary skills and capability to recognise and respond to a range of characteristics of vulnerability. As a good employer, firms should also offer practical and emotional support to frontline staff dealing with vulnerable consumers. These areas are often lacking in most firms we encounter, but there is now guidance on what is required and the areas that need to be interrogated for ways to enhance your service.


Is the FCA creating a new category of customer with the Vulnerable Person Guidance? We would have to say no, but the impact of dealing with any customers, consumers or clients needs to be minutely investigated and areas for improvement identified. This would be a fairly major project for most firms, and the worst part is, if they don’t take external opinion, they will continue to choke on their own exhaust. or call 0207 097 1434 to arrange an exploratory call.

compliance consultants london

Getting Ready For The 6AMLD

regulatory compliance consultants london

aml specialist consultants londonThe sixth anti-money laundering directive (6AMLD) is almost here. It has been n effect in EU member states since December 3, 2020, all financial institutions must implement the directive by June 3, 2021.

While there are fewer big changes than previous directives, 6AMLD brings clarity to specific regulatory details to close loopholes, toughen penalties, and encourage greater cooperation. Its goal is to empower financial institutions and states to do more in the fight against money laundering and the financing of terrorism.

UK financial services businesses

The UK has chosen to opt-out of abiding by further AML policy as the Government believes that domestic legislation is already mostly compliant with the Directive’s steps and, in most cases, goes even more than what 6AMLD proposes. For example, in the UK, the maximum penalty for money laundering is fourteen years, going beyond the new four-year minimum needed by 6AMLD; and aiding and abetting offenses of helping, motivating, and trying to launder money is currently a criminal matter.

However, it is essential to keep in mind that UK-based businesses in the monetary sector that operate within the EU jurisdiction will require to comply with the modifications set out in 6AMLD.

Access to clean and available international customer data for effective AML/ KYC screening

To be ready for 6AMLD, those in financial services require to know their clients, whoever they are. The key is to have access to billions of consumer records worldwide from trusted data streams; these consist of federal government firms, credit firms, and energy records for cross-check and verification purposes. It is particularly essential to obtain confirmation of important proof of address. Having access to up-to-date watch lists, such as politically exposed Persons (PEPs) information as part of this dataset is likewise essential.

From a customer experience perspective, the checks leveraging this data should take place in real time to prevent slowing the consumer onboarding procedure. This data should also originate from a single source to avoid the requirement for many expensive providers in various markets. This issue frequently results in irregular ID data and supply chain management issues.

Regtech: MRZ and ORC ID document scanning and biometrics to support 6AMLD compliance

When it pertains to remote onboarding, banks need to use machine legible zone (MRZ) and optical character recognition (OCR) innovations to gather customer ID and extract important details. This ensures the ID is real and validated in real time. The image ID embedded in these scanned documents supports biometric ID confirmation, such as facial acknowledgment, which can likewise help securely speed up consumer engagements.

Nevertheless, the biometric innovation must provide liveness checks, such as eye motion, for proof of life confirmation. This is vital with scammers significantly utilizing creative approaches like 2D images and video playback to try to trick facial recognition technology and ‘prove’ they are the person they are impersonating. In fact, this process can result in money services (MSPs) and Payment Service Providers (PSP) organisations getting a due diligence report related to AML and KYC that can be used to show their compliance when it comes to regulatory checks.

To prevent money being laundered and prevent extreme sanctions, financial services companies operating within the EU needs to comprehend and be ready for 6AMLD by the June due date. Ideally, this must involve having access to billions of consumer records worldwide for cross-check and ID confirmation functions, helping recognize individuals throughout borders. They must also undertake document scanning with MRZ and ORC innovation, which will also allow delivery of biometrics that help to safely speed up engagement with customers. Embracing these procedures will decrease the concern of compliance and equip financial institutions for more stringent global policies in the future.


If you have any questions or want further assistance, please contact us by email – or call +44 (0) 207 097 1434

compliance consultants london

Payments Business? Have Your Say! Don’t Miss This

psd2 regulations security measures

Payments Business? Have Your Say! Don’t Miss This!

Get the lowdown on the FCA Strong Customer Authentication (SCA) Consultation Paper plans. Download the free brochure here.

If you have any areas of concern, please call us on 0207 097 1434 or email

Actual Google Review
Actual Google Review

Psd2 Strong Customer Authentication Regulation, Strong Customer Authentication, Strong Customer Authentication (Sca), Strong Customer Authentication (Sca) Requirements, Strong Customer Authentication (Sca) Uk

Training & Competence – T&C

Training & Competence – T&C

Training & Competence t&c

The importance of this section cannot be under stated. Due to the changes in this area and post-Brexit potential changes, we consider it prudent to provide a link to the FCA Handbook 

Additionally, you may find these points useful;

How are individual training needs identified and by whom?
Identifying the training needs for each role in the T&C scheme should start with the professional knowledge / qualifications required of that role. Professional bodies like the CII (Chartered Institute of Finance) and Chartered Institute for Securities and Investment (CISI) run both training programmes and provide qualifications. A second source of guidance is your professional trade body. Many trade bodies host interest groups on T&C that will enable networking and the opportunity to benchmark with other similar organisations. The third source of guidance should be your internal HR team. If you don’t already have the competency requirements defined for the roles in the T&C scheme, they should have the expertise to help you define what these are. HR should be a key resource for guidance on the competency requirements of each role beyond the core set of professional knowledge / qualifications. Once defined for each role, these competency frameworks form the basis for the identification of training needs that should be aligned by role. All that remains then is to organise any training needs in a logical sequence. On a final note, training needs can arise at any time and a key part to effective identification is supervisors who are trained and capable of not only spotting training needs but providing appropriate support to resolve them.
How are the learning objectives, timescales, responsibilities and measurements set defined for each training need identified?
This depends on the nature of the training needs. There is a great deal of discretion for firms to decide how they define and subsequently deliver their training. Professional bodies usually set annual standards for continuing professional development (CPD) for their members and many firms will also have their own in-house expectations too. These CPD requirements will often be split into structured versus unstructured learning. In fact, the FCA requires that retail investment advisers need to complete 35 hours of CPD each year. Successful completion of this CPD enables the individual to retain their Statement of Professional Standing (SPS). Beyond the CPD targets set by professional bodies, firms can and do set their own CPD requirements. This should be linked to the required measurements and timescales and be evidenced as part of the T&C Scheme arrangements.
In essence, any training identified should be noted via a SMART training plan that allows anyone looking at an individual’s development to be able to see when the need was identified, how will it be met and, when it is met, how will the change be measured.
What is in place to ensure training remains effective and up to date?
Training plans should be subject to regular review. There should be corporate training input that is managed by a central training team and typically will cover the provision of e-learning together with behavioural type inputs such as selling skills, handling difficult clients etc. Then you have the localised training that will tend to be managed by the T&C Supervisor. This is where small needs are identified through other T&C activities and then localised on the spot training is delivered to meet the need.  The trick here though is once again for a well-trained supervisor who can identify, manage and deliver against these needs, ensuring of course that everything is documented on the individual’s records, because if you can’t evidence it then in the eyes of the regulator it didn’t happen.
Who is responsible for ensuring training is timely, appropriate and evaluated?
At a localised level it is the T&C supervisor that needs to cater for the needs of the individual through either 1:1, group or referred training. Each training intervention should be evidenced through some type of Training Event Record that details what the training need is, what the proposed solution is and how this will be taken into the workplace. A structured approach of this nature then allows the T&C Scheme activity to be reviewed by the most senior overseer of the scheme to help ensure that training needs are either being met in the field or referred where a more formalised response is required.
How is training evaluated and by whom?
Who takes responsibility for making assessments about the competence and capabilities of individuals will vary across different organisations. However, responsibility for evaluating the effectiveness of training tends to fall to the staff member’s immediate line manager, dedicated T&C supervisors or, in some cases, a mix of both. Because whilst training is the input, the most effective way of evaluating its success is looking at the output and that means reviewing the individual whilst operational in role. The T&C scheme should define who assesses what activities and training will typically be evaluated at the point of delivery (by the training team) and at the point of use by the supervisory team.

If you need to create, review or execute your Governance. Risk or Compliance strategy, call us today on 0207 097 1434 or email

This guide is only an aide memoire and intended for information only for anyone appraising the documentation needed in an audit/compliance check. It is not to be considered as direct advice or intended to replace specific 1 to 1 engagement with your compliance and risk professional.

Why Is Document Version Control So Important?

Why Is Document Version Control So Important?

london compliance specialists regulatory PRA FCA


Why is Version Control Important?

Version control is important when documents are being created, and for any records that undergo a
lot of revision and redrafting or annual reviews. It helps us to track changes and identify when key decisions were
made along the way. It is particularly important for electronic documents that are being reviewed
by a number of different users.

Knowing which version of a document you are looking at is important if you are trying to find out which version of a policy is currently in force, or which version of a policy was in use at a particular time. It forms good records keeping practice which is particularly important in meeting our obligations under the Freedom of Information Act.

The aim of this document is to provide best practice guidance for applying version control to
different types of document at the University of Nottingham. This guidance covers best practice use
1. File Naming conventions
2. Version Numbers
3. Version Control Tables
4. Document control Tables

File Naming Conventions
At the simplest level you can use file naming conventions to identify the version of a document. Use
the file name of the document to determine both the version and status alongside the subject , for

Records Management Policy Draft v0.1

Records Management Policy Draft v0.3


Records Management Policy v1.0

Records Management Policy v1.1 (note: first revision – minor)

Records Management Policy v2.0

Remember to update the version number on the file name as well as the header (or footer) of the
document itself. It is easy to update a document and forget to rename the version number on either
the file name or the document which can lead to confusion.

Unless you don’t need to keep previous versions of the document, always save updated versions as
‘Read-only’ tag to ensure you are forced to create a new version the next time to go to update it.

File naming conventions alone will not tell you who made the change and what the change was. If it
is important to record this information use a version control table.

Version Numbers
Version numbering helps to distinguish one version of a document from another. For some
documents, you may decide that a simple numbering system consisting of consecutive whole
numbers is sufficient to help you keep track of which version you are working on. However,
documents that go numerous stages of development before a final version is reached, and for those
that are developed through input by multiple individuals, you may decide to adopt version numbers
to keep track of both minor and major changes to that document.

Minor Revisions
Minor revisions are small changes made to a document such as spelling or grammar
corrections, and other changes that… Minor revisions to a document are reflected by making
increments to the decimal number.

Major Revisions
Major revisions are changes to a document that require the document to be re-approved
(either by an individual or a group). Major revisions are reflected by incrementing the whole
number by 1.

document control version control

compliance consultants london fca authorisations

document control version control

Remember – when electronically storing documents, it is often best practice to include the date at the front in reverse, as computers store files incrementally. So – 1st March 2021 becomes 20210301.


If you need to create, review or execute your Governance. Risk or Compliance strategy, call us today on

0207 097 1434 or email

This guide is only an aide memoire and intended for information only for anyone appraising the documentation needed in an audit/compliance check. It is not to be considered as direct advice or intended to replace specific 1 to 1 engagement with your compliance and risk professional.

FCA Fine? You may be in good company!

Compliance Monitoring Plan template

FCA Fine? You may be in good company!

Penalties for regulatory compliance breaches can be eye-watering in scale.

2020 largest Fines
1. Goldman Sachs International (fined £97m)
PRIN 2 and PRIN 3 breaches – Risk management failures

2. Lloyds Bank, BoS & The Mortgage Business (fined £64m)
PRIN 3 & 6 breaches – Poor handing of mortgage customers

3. Commerzbank (fined £37.8m)
PRIN 3 breaches – AML failings

4. Barclays (fined £26m)
PRIN 6, PRIN 3, and CONC rules breaches – unfair treatment of customers in the Retail Banking sector

5. Charles Schwab (fined £8.96m)
PRIN 10 and 11, CASS and Section 20 FSMA breaches – Safeguarding and Compliance Issues

6. Moneybarn (fined £2.8m)
PRIN 6 & 7 and CONC rules breaches – Unfair treatment of customers

How could these fines have been avoided?

The FCA’s ‘Principles for Business’ (PRIN) set out the fundamental obligations for firms under the regulatory regime.

According to the FCA principle 3, a firm ‘must take reasonable care to organise and control its affairs responsibly and effectively, with adequate risk management systems’.

This refers to a firm’s:

  • Robust governance arrangements – rules, practice and processes. How Can We Help? We can review your arrangements.
    Skills, knowledge and expertise of staff – in other words train people!
  • Outsourcing responsibilities – know your suppliers and make sure they are compliant. How Can We Help? We can review your arrangements.
  • Reasonable steps – under SMCR you need to ensure you have decision making fully and appropriately records. How Can We Help? We can review your arrangements.
  • Record-keeping – keep records, and make sure they are accurate and up-to-date. How Can We Help? We can review your arrangements.
  • Conduct Risk – keep records of any T&C breaches, mis-selling, product design etc. How Can We Help? We can review your arrangements.
  • Conflicts of interest – keep a compliance register to avoid issues. How Can We Help? We can review your arrangements. 

The FCA will identify potential or actual consumer harm caused by the actions of firms or markets and take action to address that conduct. These penalties should act as a clear warning to any companies who aren’t taking financial compliance as seriously as they should be.

If you would like to have any of your processes, files, procedures, governance or strategy planning reviewed, in confidence, we can be contacted on the above number. Or, just complete the form below.


    Fca Principles For Business Conflicts Of Interest, Fca Principles For Business Rules, Fca Principles For Business Smcr, Fca Principles For Business Sourcebook, Fca Principles For Business Tcf, Fca Principles For Business Treating Customers Fairly, Principles For Business, Principles For Business Sustainability, Principles For Business Vulnerable Customers

    Committee Terms of Reference – TOR

    Committee Terms of Reference (TOR)

    Committee Terms of Reference (TOR)


    Terms of Reference (TOR) form a foundation stone for the commencement of any workplace investigation. Much like a recipe, they set out the core people and components of the investigation, as well as the boundaries and methods to be utilised. Without solid terms of reference, an employer’s well-meaning attempt to gather information and fix a workplace problem can fail, or cause even more problems. As well as establishing an understanding of what is required and by when, TOR create an excellent framework for the more detailed investigation plan. Terms of reference can prevent such pitfalls as misunderstandings, unintended breaches of privacy, and negative effects on relationships. 

    There are no hard and fast rules regarding how and when TOR should be drafted. Some employers start with a Statement of Complaint and flesh out the terms of the proposed investigation based upon this central concern. Others call upon the services of a workplace investigator to actually assist in drafting TOR, particularly where a workplace problem is vast, sensitive, and/or complex. Sometimes it is important to wait and collate some preliminary materials prior to pinning down the exact terms of the investigation. In any event, it is important to start working on your TOR sooner rather than later, and certainly once a workplace investigation is confirmed.  
    Below are typical sections of a ToR document. Each section needs to be customized to the unique needs of your committee. More formal committees usually need more formal information and instructions
    Committee Name
    Official name of the committee or group
    Can be standing, ad hoc (special project) or advisory (related to another board, committee or project)
    Describe the purpose of the committee (what the committee will do, why it was created)
    Clearly describe what is in and out of scope for the committee
    Describe the decision making authority of the committee (decides, approves, recommends, etc.)
    Type and number of members, how members are appointed, how the chair and co-chair are appointed and a list of members (Name and functional role)
    Meeting arrangements
    Meeting frequency and location, meeting procedures (if applicable), quorum, details about agendas and minutes (how these will be distributed, available online, who prepares them, etc.), communication between meetings.
    Describe whom the committee will report to, in what format, how often
    Resources and budget
    Describe the available resources (people, rooms, equipment, etc.) available to the committee, Describe the funds available to the committee
    Describe the requested/required committee output
    State the ToR review frequency and next review date

    If you need to create, review or execute your Governance. Risk or Compliance strategy, call us today on

    0207 097 1434 or email

    This guide is only an aide memoire and intended for information only for anyone appraising the documentation needed in an audit/compliance check. It is not to be considered as direct advice or intended to replace specific 1 to 1 engagement with your compliance and risk professional.

    Treating Customers Fairly – TCF Checklist

    Treating Customers Fairly – TCF

    Treating Customers Fairly TCF Checklist

    The FCA no longer carries out TCF specific visits, however this does not mean that they think it is any the less important. It does mean that by now they expect the principles of TCF to be embedded in all firms and to be the bed rock of their business models. The principle is to ‘put the customer first’ in everything which we do. Therefore, if during a visit or an interview they get the impression that TCF is no longer a priority, they will certainly investigate further and this is where you will need FCA compliance consultant by your side.

    TCF applies to both Product Providers and Intermediaries. Broadly, the Regulator intends that:

    Product Providers should ensure that:
    • their products are appropriately designed for the target market
    • the marketing material is clear, fair, not misleading, and likely to be understood easily by those reading it
    • the product should perform according to the expectations given
    An Intermediary’s primary responsibility is to ensure that:
    the customer has all appropriate information in an understandable format, which means;
    For advice sales:
    • the clients’ attitude to investment risk and capacity for loss has been properly established
    • the product is suitable for the customer
    • the product is affordable
    • the post sales service meets the expectations created
    The TCF exercise, which all regulated firms should undertake no less than annually, is essentially a “Gap Analysis.” For the purposes of Risk Management, the FCA expectations could be broken down into 6 key areas:
    1. Senior Management Responsibilities
    2. Communication with Clients
    3. The Advice Process
    4. The Post Advice Process
    5. Disclosure and Payment for Services
    6. Staff Competence
    The following is a non-exhaustive list for your guidance.
    The TCF Outcomes Management Statement
    • TCF is central to our corporate culture
    • Senior management can demonstrate how TCF is embedded in our business strategy
    • The fair treatment of customers is central to our Firm’s culture
    • Senior management practice what they preach and re-inforce TCF on a day to day basis
    • Senior management have undertaken a TCF audit / gap analysis
    • An action plan has been agreed and is/has been implemented
    • Critical elements of TCF are included within our MI. This is regularly reported and acted on
    • Staff routinely share best practice and can explain what TCF looks like to them
    • Adherence to TCF practices are rewarded
    • Remuneration policy and staff rewards support TCF
    • Actions taken demonstrate adherence to TCF obligations are recorded
    • Feedback processes are in place to gauge client satisfaction
    • Responsibilities for TCF are clear, e.g. for taking action, monitoring results / identifying improvement areas
    • Staff are engaged, motivated and trained in what TCF means
    • Everyone within the business is truly client focused
    • All our people are well trained for the roles they perform
    Products and services marketed….meet the needs of identified customer groups and are marketed accordingly 
    • Advisers are able to identify target markets for specific products
    • Financial promotions are regularly reviewed for relevance and clarity
    • Advisers/managers demonstrate their knowledge of products
    • The sign-off process for advertising and promotions is rigorous
    • We are confident in our expertise to recommend and manage in our chosen markets
    • Our promotions are targeted to ensure they are aimed at the right clients
    Consumers are provided with clear information and are kept appropriately informed before, during and after the point of sale
    • TCF principles are reflected within T&C documentation, e.g. observation form
    • Content of documentation is not overly technical, e.g. suitability letter
    • Clients can clearly see the advice given and why, e.g. it isn’t buried in other documentation
    • Clients always understand the benefits of the advice / products recommended
    • Clients always understand the limitations and risks associated with the advice / products recommended
    • Documentation (such as suitability letters) are always tailored to individual clients
    Advice is suitable and takes account of their circumstances
    • Attitude to risk is clearly identified, understood by the client, documented, and matched by recommendations
    • Advice covers, where appropriate, non-income earning recommendations, e.g. National Savings, utilizing IHT annual allowance, repayment of debt
    • Soft facts are always collected on the fact find — not only what, but why?
    • Knowledge of adviser / supervisor products and associated advice areas is spot on —this is current and has been objectively assessed
    • There is no sales bias
    • Clients fully understand the status of the adviser and clearly understands the merits of the different remuneration methods
    • `Know your customer’ requirements are fully documented, e.g. limited advice or `client not prepared to disclose’ are the exception rather than the rule
    • We take time to understand our clients’ needs
    • We regularly review our stance on investment and technical issues
    • The fact find document readily captures all of the information we need about the clients circumstances for us to fully advise them.  
    Consumers are provided with products that perform as firms have led them to expect and the associated service is both of an acceptable standard and as they have been led to expect
    • Advice process includes a measurement of client satisfaction
    • Service standards (where agreed with a client) are met, e.g. time to write a report
    • Ongoing client reviews are always conducted as agreed with the client
    • Advice to existing clients is always the same as that to potential new clients, e.g. some advisers would not now recommend WP investments to new clients — what do we do about existing clients with WP investments?
    • Client reviews / contact methods are established with each client
    • Whatever client contact is agreed, this is followed through for both new and existing clients
    • Information is reviewed for relevance, accuracy, and clarity
    • Ensure clients expectations match provider service
    • Clients regularly complement us on our service
    Consumers do not face unreasonable post-sale barriers imposed by firms to change product, switch provider, submit a claim or make a complaint 
    • Complaints data / client feedback is reviewed to identify TCF issues
    • Staff and advisers know what a complaint is defined as and what to do when one is received
    • Service standards are in place and adhered to
    • Complaints investigated in a impartial manner without confrontation
    • Complaints processes in place and regularly reviewed (as applicable)
    • All client data is accurate, up-to-date, easy to use and accessible
    • Our database enables most client queries to be dealt with by support staff
    • Our software supports the main advice and business process

    If you need to create, review or execute your Governance. Risk or Compliance strategy, call us today on

    0207 097 1434 or email

    compliance consultants london
    This guide is only an aide memoire and intended for information only for anyone appraising the documentation needed in an audit/compliance check. It is not to be considered as direct advice or intended to replace specific 1 to 1 engagement with your compliance and risk professional.

    FCA Regulatory Assessment Audit

    FCA Regulatory Assessment Audit



    Other Posts In This Series

    The Back-Office System and Procedures

    The Back-Office System & Procedures

    The Back-Office System & Procedures

    Bringing in clients (New Business) seems to be the most exciting thing there is, right? That’s why there are so many marketing agencies popping up. Content strategy, copywriting, ads… they all are sexy.

    Doing the work is not as fun, but that’s how you get paid — so you give it a pass.

    But the Back-Office is not generally thought of as sexy. It’s a crucial component if you want to take your business to seven plus figures.
    What does Back-Office include?
    This system manages every foundational element that is needed to run a business — other than your New Business and Production teams.
    I’m talking about things such as legal, HR, rent, administrative and operational support, etc.
    Anything that is essentially non-billable and doesn’t directly contribute to your revenue is what I would leave under back-office.
    Effectively Managing The Back-Office.
    Something that I really try to make emphasis on throughout my content is that every system is comprised of people, processes, and tools. And the Back-Office is no exception.
    In the beginning, for many companies, one or two people were in charge of every single aspect of this system (in all systems, really). They are the ones signing contracts, sending invoices, finding contractors, hiring employees, etc.
    They think that they are working on the business. But, over time, things got more complex. They can’t do everything anymore, so they have to start hiring other people and delegating. They need processes and procedures to be the “go to” document to explain what to do when they are not there. It goes without saying, but people are a HUGE determinant factor of your success.
    You can help your people by setting up a process that optimised their efforts and minimises costs. But someone has to design that process. It can either be you or someone from your management team — but it has to be done.
    If you can document step by step the actions of your legal and hiring processes, for example, the business becomes less “You-dependent”.
    How will you generate candidates when there’s an available position at your company? Who will contact them? How many rounds of interviews will they have to go through? Who are the final decision-makers?
    It may seems like you are wasting a couple of hours to get that on a piece of paper. However, trust me: you’ll realise how much quicker and sustainable you can scale and grow after you have every system documented in detail. Note: having clearly defined guidelines will also help you make less emotional decisions.
    Think of tools as any apps, software, and other tech or old-school solutions that make your life easier.
    I’m sure you are already using them in some way: to improve the communication within your team, to onboard employees, to create invoices, etc.
    Automation will help you reduce the number of people your company needs to operate. It can even fully eliminate repetitive tasks from your daily to-do list.
    A couple of examples:
    You could send contracts through DocuSign to your new clients so that you can get that out of the way much faster. And you could automate sending the onboarding material as soon as they sign. Have a recurrent invoice sent at the end of every month. Obviously much easier, faster, and cheaper, right?
    Understanding the Real Cost of Your Back-Office:
    As I said before, the business owner/CEO– will usually manage the whole Back-Office system in the early days. That’s totally normal, but, as you grow, things will change. You’ll have more clients, you’ll expand your business, and you’ll need more employees to fill that need.
    But beware to not run into this issue:
    1. As you scale up, your back-office will also scale up.
    2. And you don’t want to underestimate how much it’s going to cost you.
    Yes, in the very beginning, it will only take time and effort — but not money. Which, obviously, is still a huge expense. But what happens when instead of sending one invoice, you need to send 10? Or you have to hire not one individual, but two or more? You can only service a certain amount of business areas while maintaining your quality standards.  
    Of course, when you have someone in charge of that, these costs have to now be factored into the equation. I’ve seen plenty of business owners that they didn’t plan for this and guess what happened?
    Their profit margins got screwed up and they realised they weren’t charging enough.
    Just as a reminder, this goes like this: revenue – cost to produce everything – everything else.
    Well, everything else will naturally increase over time as your business grows. You’ll want to reduce it as much as you can through automation, processes, and high-performing people, but it will happen.
    As long as you’re not just throwing unnecessary bodies and it comes from a place of growth, the back-office is a price that you should be willing and capable to assume. Just make sure you account for it and doesn’t come as a scary surprise.
    The Back-Office System Summary:
    • The Back-Office System includes anything that is essentially non-billable and doesn’t directly contribute to your revenue. I.e. legal, HR, rent, administration, and operational support.
    • As you grow, you’ll need to find people to take over every element in the system. Use the leverage from well-designed processes and tools to increase your output efficiency.
    • There’s a real cost of managing the Back-Office, especially as you scale. Make sure you factor it into your prices and profit targets.

    If you need to create, review or execute your Governance. Risk or Compliance strategy, call us today on

    0207 097 1434 or email

    We Accept Crypto
    Ask Us For Details
    This guide is only an aide memoire and intended for information only for anyone appraising the documentation needed in an audit/compliance check. It is not to be considered as direct advice or intended to replace specific 1 to 1 engagement with your compliance and risk professional.
    Current Activity
    Another Happy Client
    Another Happy Client