Category Archives: regtech

Compliance Support Services Explained

Once your organisation has accomplished authorisation, you’re dedicated to satisfy a variety of on-going FCA compliance responsibilities. Companies either pick our consultancy services to help resolve specific issues or to handle the effect and impact of new policy or we tailor a retainer agreement to satisfy their particular continuous requirements.

Retainer agreement
Our extremely skilled group of compliance specialists have market and regulatory backgrounds supplying an unique mix of skillsets and giving you the confidence that your continuous regulatory responsibilities will be satisfied to a high expert requirement.

With retainer service contracts separately tailored to your organisation we provide an agreed service delivery and schedule. Having operated in your sector, our professionals understand your compliance obstacles and opportunities. They share their backgrounds and understanding to solve issues; so you reap the benefits of a unique sum total of competence.
Supplying you with budget certainty and on-demand access to an extremely trustworthy compliance partner and a topic expert panel, usually, our retainer contracts include:
  • Compliance management; setting up and your Compliance Monitoring Programme, including automating it if required.
  • Compliance audits; independent bench-mark reviews and health-checks to make certain your systems, controls, policies and regulatory procedures are kept up to date
  • Documents/Governance; such as policies and written processes or procedures
  • Financial promotions including initial reviews and ongoing assessments or critiques, including video and social media marketing
  • Training; e.g., informing personnel on anti-money laundering or assisting senior management create a suitable governance framework
  • Regulatory reporting; consisting of GABRIEL returns and evaluation of prudential requirements
  • For Payment Services companies based on PSD2, we provide distinct service plans particularly created satisfy the increased regulatory needs and responsibilities.
  • And Capital Market companies gain from a specific methodology which permits us to craft a bespoke, flexible assistance package
  • Companies fall into the Asset Management, Broker Dealers & Traders, Corporate Finance, Crowdfunding, FinTech, Infrastructure, Investment Management, P2P Lending, Private Equity, Venture Capital and Wealth Management can all benefit from individual; and tailored packages.

Contact us today on 0207 097 1434 or email

    Compliance Support, Compliance Support Services, Compliance Support Specialist, Compliance Support Team, Compliance Support Tools, Ifa Compliance Support Services, Regulatory Compliance Support, Regulatory Compliance Support Services

    Safeguarding Accounts – How Well Do You Keep Yours?

    compliance fca regulatory authorisation registration

    In Summer 2019, the FCA Issued A Dear CEO Letter To All Payment Companies Regarding Their Safeguarding Accounts and Their Management of Them.

    Nearly 18 months on, have you changed your safeguarding methods?

    As A Reminder, The Key Findings Were;

    1. How well firms understood which funds are ‘relevant funds’

    The FCA‘s review found that some firms were completely unable to explain which payment services they were providing and some were unable to identify when they were issuing e-money, whilst some others were unclear as to whether they were acting as agent or distributor for another PSP. This meant they could not accurately identify relevant funds, and as such, they did not know if or whether they were safeguarding the correct amount of relevant funds.

    2. Effectiveness of firms’ safeguarding procedures and documentation

    The FCA expects firms to maintain sufficient records to demonstrate compliance with their safeguarding obligations, and to have a documented rationale for every decision they make about their safeguarding process and the systems and controls they have in place.

    The FCA found some firms relied on operational process documents which simply outlined the rules. The FCA considers that this does not sufficiently demonstrate a firm’s compliance with safeguarding obligations or record keeping requirements.

    3. How well firms met the FCA‘s expectations on segregating funds

    The obligation on firms to safeguard starts as soon as they receive relevant funds. The FCA expects firms to segregate relevant funds by receiving them into a separate account. Where, for customer convenience, any other funds are paid into the account, they should be removed as frequently as practicable throughout the day. In no circumstances should such funds be kept together overnight.

    The FCA found that not all firms complied with these requirements, and in particular, some did not attempt to segregate relevant funds on receipt.

    4. How effectively agents and distributors were overseen

    Firms should have arrangements in place to ensure that relevant funds held by agents or distributors are safeguarded as soon as they are received.

    The FCA found that some firms did not take any measures to ensure that they were segregated on receipt. Other firms calculated their safeguarding obligation at the end of the business day on which e-money was issued and transferred funds into a safeguarding account the next business day. This meant that relevant funds were combined with other non-relevant funds overnight.

    5. Designating safeguarding accounts

    Accounts in which relevant funds or assets are placed must be designated in a way that shows it is a safeguarding account. If this is not possible, the FCA expects e-money and payment institutions to provide evidence (such as a letter) confirming the appropriate designation.

    The FCA found the account designations were not clear for several firms. Instead, the accounts were named according to their operational function or after the relevant agent or distributor.

    6. How effectively firms carried out reconciliations

    Firms must carry out internal and external reconciliations as often as necessary, considering the risks to which the business is exposed, and should have a clear explanation for their approach to reconciliations (which must be signed off by their board of directors).

    The FCA highlights that in no circumstances would it be acceptable for a firm to carry reconciliation less than once during each business day.

    The reconciliation should result in the amount of funds or assets safeguarded being:

    • sufficient to cover the amount that the institution would need to safeguard before the next reconciliation; and
    • not excessive – to minimise risks from commingling.

    The FCA found that several firms did not carry out internal and external reconciliations, or did so infrequently, or did not adjust the balance of their safeguarded accounts in a timely way when they identified discrepancies. This resulted in the commingling of funds overnight.

    7. The effectiveness of firms’ governance and oversight arrangements

    Firms must have in place effective risk management procedures, adequate internal control mechanisms and maintain relevant records. Firms should monitor these procedures through robust governance arrangements. In addition, organisational arrangements must be sufficient to minimise the risk of the loss or diminution of relevant funds or assets through fraud, misuse, negligence or poor administration.

    The FCA found some firms considered safeguarding risk only on an exceptions basis and would only revisit their processes if they identified a breach. In some cases, the FCA found controls to identify a safeguarding breach were not fit for purpose. This meant these firms did not adequately consider safeguarding when developing new products, leading to inadequate safeguarding processes.

    Dear CEO Letter and FCA attestation

    The FCA published a Dear CEO Letter on 4th July 2019 requiring all electronic money institutions and authorised payment institutions to review their safeguarding arrangements, to make sure they fully meet the requirements in the EMRs and PSRs (as applicable).

    The FCA has asked firms to:

    • attest to the FCA that they are satisfied that they meet the requirements in regulation 23 of the PSRs or regulation 20 of the EMRs by 31st July 2019. Firms that are un-able to attest by this date should contact the FCA to discuss next steps; or
    • notify the FCA immediately if they are non-compliant in any material respect and take prompt remedial action.

    The FCA will be conducting further work on firms’ safeguarding arrangements, and expects to see that firms have acted to review, and where necessary, remediate their processes. The FCA has said it will take appropriate action against firms with inadequate safeguarding arrangements.


    If you have any concerns about your procedures or want them independently checked, call us today on 0207 097 1434

    Original text from

    Safeguarding Accounts, Safeguarding Your Accounts

    Payment Initiation Services, Payment Intermediary Services, Payment Services Companies, Payment Services Explained, Payment Services Ii Directive, Payment Services Regulations 2017 Guidance, Payment Services Regulations 2019, Payment Services Regulations 2019 Uk

    UK Financial Services Compliance ‘Premium Access Retainer Service’


    We offer a Premium Access Retainer Service

    Providing Your Firm With Fast, Accurate, Experience Based Quality Answers So You Can Move Ahead With Your Business Efficiently and Profitably.

    We have a bespoke service starting from £600 pm.

    Our Full Services Obviously Has The Following 11 Benefits;

    1. You will get a response within 3 hours by phone or email/text.

    2. From PBR, S165 or S166 (we were appointed as skilled persons in 2012), we will advise and make recommendations regarding what is required.

    3. Your issues take priority over other work whilst we respond to your query; additional research or further work that may be required will be quoted on.

    4. Products like our best-selling Compliance Manual/AML Policy & Procedures are provided at a heavy discount typically around 40%.

    5. Any services we offer is again heavily discounted from 5  – 20%.

    6. Normal service is mainstream hours Monday to Friday but weekends and evenings are ad-hoc, although we often can be found working into the night or across the weekends at some point. Holidays excepted, but happy to take emergency calls.

    7. You will receive a monthly “Statement of account” before the next billing cycle or after a purchase.

    8. We work on a first come, first served basis, so anyone paying ‘Premium Retainer’ for the longer time, gets priority over the other Premium Retainer clients – if push comes to shove and we are snowed under.

    9. We occasionally have marketing promotions, and you get free gifts and/or free or heavily discounted event tickets for anything run by us.

    10. Also available for discussions on business strategy and marketing; areas we are also often asked about.

    11. 30 min telephone/video call per month to discuss your regulatory needs or issues.

    We only take on a maximum of 12 new clients per quarter. If you are too late for this quarter, we


    will add you to the list for the next quarter on a first-come-first-served basis.

    Monthly cost = £1,150 subject to firm size of less than 20 staff inc directors/partners.

      Risk Management – Governance, Risk & Compliance (GRC) Frameworks

      rissk management framework template

      Risk Management is an often overlooked or, even, misapplied process. Often seen as a tick the box exercise by many of the smaller thinking financial services companies. 

      Good risk management doesn’t just work with the obvious and known risks, but a good governance, risk and compliance (GRC) framework will provide the firm the process and ability to dig deeper, raise questions, and even reveal previously unidentified, clarified or identified risks. By having effective controls it can create a culture of risk awareness and greater voluntary adherence to your compliance framework.

      A good GRC framework will look at positive controls as well as negative areas of potentially unidentified risks or inefficiencies, but provide the rigour of a robust risk management framework template and process to manage whatever is found, with complete buy-in and ownership of the process owner impacted.
      So what benefit does having positive controls in any risk framework?
      Risk events or occurrences, can provide positive outcomes that are better known as ‘opportunities’.
      These can take the form of;
      • Increased revenues, clarity around processes, reductions in costs and thus regulatory capital.
      • A robust and appropriately scalable risk framework template improves the ability and capacity to change quickly and as well as embedding any organisational or regulatory adoptions. It also enables not only an increased ability to deliver strategy in an environment of preventative measures but provides a greater predictability of outcomes, measured against known capacity, workflow and previous outcomes.
      • Finally, a seasoned risk manager with good data for only a few months can soon assist in better decision making and resilience when business like hits them with the unannounced and inevitable curve-balls.

      Risk Management Framework Templates
      GRC Frameworks fit together with all types of project management as well as the lowest forms of product governance and serves to provide communication to all stakeholders so as to avoid crises. By continually monitoring, with review and revision as necessary, everyone can see how the firm is moving ahead and has confidence in its progress.
      Risk Management Framework Steps
      Once established and implemented for a firm and their specific size, idiosyncrasies and management style, a risk framework template typically does not require high overhead or senior management involvement.
      Initially, Risk Awareness Workshops would need to be hosted and facilitated by specialist consultants for the whole framework to be built, roles identified, governance formalised and the whole risk framework template explained to the staff.
      The adaptation of a firm’s existing Governance, Risk and Compliance Management frameworks, including relevant systems and processes, can be done in the background, remotely by the specialist firm. This work is than promoted and launched by the specific risk committee agreed upon, to finalise and transition the firm to the new digitally managed framework.

      Larger enterprises will take proportionately longer to implement, but having more data available will be beneficial as the faster learning over a greater number of projects or initiatives will be absorbed by their risk registers, translating into lessons learned.
      In one intervention, we were tasked to rewrite the risk framework of a FTSE100 company (see Case Studies). We maintained their risk rating with the risk agencies and saved them 18% of their regulatory capital; a mere £99M. If we ask to work for a percentage of savings, you will understand why.

      Risk is definitely not a four letter word.

      To discuss your needs with digitally reducing your governance, risk and compliance framework call us on

      0207 097 1434

      or email


      More details on out Regtech Solution HERE

      FCA Authorisation Consultants London – PSD2

      FCA Authorisation Assessment Report

      Subscribe to download and stay updated.

      We use Sendinblue as our marketing platform. By Clicking below to submit this form, you acknowledge that the information you provided will be transferred to Sendinblue for processing in accordance with their
      terms of use

      Defining Reasonable Steps for FCA SMCR Protection Purposes

      reasonable steps framework smcr

      The FCA purposefully wrote existing guidance so that it is flexible and non-prescriptive, takes account of all relevant circumstances and recognises that what is reasonable is context-specific and will vary according to the facts of each individual case.

      The guidance already provides, in DEPP 6.2.9-E(8) to (12), (14),(15) & (18), a lengthy and expressly non-exhaustive list of considerations the FCA will take into account in assessing whether a Senior Manager’s actions were reasonable in all the circumstances.

      In addition to the points already noted above, that list includes factors the FCA believe relevant to, for example, delegation, the establishment of reporting lines, staff appraisal processes, role transition handovers, risk identification, expansions and restructurings, external professional advice, transaction monitoring and collective decision-making.

      The Duty of Responsibility will apply to a wide variety of situations, firms and Senior Manager roles within those firms. The FCA do not believe that they can go further and specify the detail of reasonable steps by Senior Managers in different roles in each of those situations within different types of firms.


      Evidencing compliance and administrative burden

      The Duty of Responsibility imposes no additional obligation on a Senior Manager to explain or justify to us relevant steps they took and/or did not take, nor to keep records supporting such an explanation or justification.

      As The FCA explained in CP17/42, as noted above and as The FCA’s existing relevant guidance in DEPP states, the burden of proof, in enforcing the Duty of Responsibility, lies on the FCA. The FCA will need to show that the relevant Senior Manager did not take the steps a person in their position could reasonably have been expected to take to avoid their firm’s relevant misconduct occurring or continuing.

      “It may, however, be in the interests of a Senior Manager to keep records of relevant steps they take, in case questions are raised, whether by their firm, its lawyers, auditors, insurers or customers, the FCA or another regulator. The FCA do not believe it is necessary to make that general point in The FCA’s DEPP guidance on the Duty of Responsibility.” – FCA PS18/16 P9

      Such records might be relevant not only to compliance with the Duty of Responsibility but also with The FCA’s Code of Conduct for Staff Sourcebook (COCON). COCON is part of the SM&CR and requires all Senior Managers, and many other staff of firms subject to the SM&CR, to act with due skill, care and diligence.

      Further, any relevant FCA investigation is likely to take into account that each Senior Manager is also under a COCON obligation to take reasonable steps to make sure that the business of the firm for which they are responsible complies with the firm’s record-keeping obligations imposed by the FCA’s Handbook.

      The FCA’s Handbook requires each firm to keep records allowing the FCA to monitor the firm’s compliance. This includes compliance with its obligations under the FCA’s Principles for Businesses to conduct its business with due skill, care and diligence and take reasonable care to organise and control its affairs responsibly and effectively.

      For the avoidance of doubt, those COCON obligations will not, when the SM&CR is extended, be new to those individuals currently carrying out roles, at insurers and FCA solo-regulated firms, that will need, under the SM&CR, to be filled by Senior Managers.

      All of those individuals are currently holders of Significant Influence Functions (SIFs) under The FCA’s Statements of Principle and Code of Practice for Approved Persons, which already require SIF holders to take such reasonable steps and act with due skill, care and diligence.

      A Senior Manager’s or SIF holder’s failure to take reasonable steps in relation to that record-keeping by their business, which includes record keeping in relation to their management of that business, may, quite apart from the Duty of Responsibility, amount to misconduct for which the FCA will take disciplinary action.

      To Help Us Help You With Your Reasonable Steps Call 0207 097 1434 TODAY!

      And If You Want To Automate Your Compliance Monitoring &/or Risk Management




      Compliance Monitoring – How We Can Help You Get It Right

      Compliance Monitoring Plan template

      Compliance monitoring

      fca authorisation specialists


      Is your compliance monitoring up to scratch?

      The answer is probably ‘no’ if you’re not sure of the answer to these questions:

      • Is compliance–monitoring considered important in your firm?
      • Is it an integral part of your planning and resourcing?
      • Is it aligned to your risks?
      • Are the right people conducting your compliance monitoring?
      • Do you know who your compliance monitoring stakeholders are and understand their needs?
      • How do you currently evidence the “Reasonable Steps” needed for SMCR?
      • Conduct Risk Assessment (Get Your Checklist Here)

      We can help

      Our clients ask us to help with every area of compliance.monitoring. We can review your existing framework, work with you to build an effective monitoring plan from scratch, or undertake provide independent challenge and assurance.

      Putting together a bespoke compliance monitoring framework

      When we look at a compliance.monitoring framework we get into the detail.  We look at each sourcebook of the FCA Handbook, chapter by chapter, against your regulatory permission to identify all applicable rules. For each rule we have a high-level test and, where appropriate, a compliance ‘deep dive’ test.  We can then work with you to develop a bespoke compliance monitoring programme (CMP) which is relevant and proportionate to your business.

      Creating a compliance monitoring plan

      If you’re newly authorised, you will have submitted a template CMP but that is only the start. We can help you create and digitise your first CMP – tailored specifically to your activities.

      If your plan is no longer fit for purpose we can put together a new one

      Reviewing your compliance monitoring programme

      We can assess whether your current programme is up to scratch. We can look at the whole framework and suggest improvements, for example how you test compliance against particular rules. Or we can review your control framework against particular areas, for example senior management arrangements, or best execution. With the SMCR coming into the picture, it is more important than ever to make sure you understand, identify and mitigate your risks.

      Our ongoing service

      The responsibility for compliance monitoring is yours – but we can make it easier. Once we’ve designed a compliance.monitoring programme for you we can carry out regular checks and flag any issues, giving you comfort you’ve got it covered. We follow these five steps.

      1. Assessment – Getting to understand the scope of what you do and your key risk areas.
      2. Planning – Designing a tailored annual compliance monitoring schedule, taking a risk-based approach.
      3. Testing – Carrying out periodic compliance monitoring visits prioritising high risk areas – however often you need.
      4. Reporting – Rating your compliance with each area of your framework and setting out gaps which need attention
      5. Remediating – Advising you on how to reduce your risk and working with you fix problems.

      Why Not Get Your Conduct Risk Stress Check-list 

      Just click on the picture below!

      Conduct Risk Check List Template
      Click on the picture to download yours today!

      Why Not Download our FREE Brochures

      You May Also Be Interested In

      Compliance Monitoring Plan Template

      FCA Authorisations Requirements – Compliance Monitoring Plan

      Compliance Consultant

      ‘Making Compliance Work’

      Contact Us Today!

        Steps Toward Strategic Risk Management

        strategic risk making compliance work

        Strategic risk management is a crucial but often overlooked aspect of enterprise risk management (ERM). While ERM has traditionally focused on financial and, more recently, operational risk, the fact is that strategic risk is far more consequential.

        Studies of the largest public companies indicate that strategic risks account for approximately 60 percent of major declines in market capitalisation. Operational risks have just half that impact (about 30 percent), and financial risks generate about 10 percent.

        Why do many ERM programs seem to stand these priorities on their heads? Part of the reason is ERM’s roots in corporate finance, but it is also true that until recently, strategic risks were difficult to measure, not to mention evaluate, against one another on an apples-to-apples basis.


        What is strategic risk?

        It may be easiest to describe strategic risk by what it is often confused with—operational risk. Good operations mean doing things right, while good strategy means doing the right things. Strategic risk arises when a company fails to anticipate the market’s needs in time to meet them.

        A company that has unmatched manufacturing processes will still fail if consumers no longer want its products. That was the lesson even the most efficient buggy whip makers learned once Henry Ford introduced the Model T in 1908. Cellphone handset makers faced a similar existential crisis when the Apple® iPhone® arrived on the scene.

        What is strategic risk management?

        Strategic risk management is the process of identifying, quantifying, and mitigating any risk that affects or is inherent in a company’s business strategy, strategic objectives, and strategy execution. These risks may include:

        • Shifts in consumer demand and preferences
        • Legal and regulatory change
        • Competitive pressure
        • Merger integration
        • Technological changes
        • Senior management turnover
        • Stakeholder pressure

        As my colleague and industry expert James Lam says, strategic risk is the big stuff, and prioritising strategic risk management means sweating the big stuff first.

        Strategic risk is a bell curve

        Like any risk, strategic risk falls along a classic bell curve, with results along the x-axis and likelihood along the y-axis. The expected result of a given strategy would represent the peak of this curve. Most strategic planning considers only this peak while ignoring the slopes to either side.

        But imagine two strategic initiatives, each with a similar expected result. One falls along a narrow, steep curve, indicating a low risk of failure and little upside opportunity. The other is represented by a wider bell, with greater chances of both under- and over-performance. Which to choose? The answer depends on an individual company’s appetite for risk.

        Strategic risk management: shifting the curve

        Now imagine a third curve with that same expected result. This one rises steeply from the left but slopes more gently downward on the right. Here, downside risk has been minimised, and upside opportunity increased. That is the goal of strategic risk management: to shape the curve in a way that favors success.

        Measuring and managing strategic risk

        As the saying goes, you can’t manage what you can’t measure. So, in order to understand how to manage strategic risk, we will begin by examining how to measure it. A key tenet of ERM is measuring risk with the same yardsticks used to measure results. In this way, companies can calculate how much inherent risk their initiatives contain.

        Strategic risk can be measured with two key metrics:

        1. Economic capital is the amount of equity required to cover unexpected losses based on a predetermined solvency standard. Typically, this standard is derived from the company’s target debt rating. Economic capital is a common currency with which any risk can be quantified. Importantly, it applies the same methodology and assumptions used in determining enterprise value, making it ideal for strategic risk.
        2. Risk-adjusted return on capital (RAROC) is the anticipated after-tax return on an initiative divided by its economic capital. If RAROC exceeds the company’s cost of capital, the initiative is viable and will add value. If RAROC is less than the cost of capital, it will destroy value.

        Managing strategic risk involves five steps which must be integrated within the strategic planning and execution process in order to be effective:

        1. Define business strategy and objectives.There are several frameworks that companies commonly use to plan out strategy, from simple SWOT analysis to the more nuanced and holistic Balanced Scorecard. The one thing that these frameworks have in common, however, is their failure to address risk. It is crucial, then, that companies take additional steps to integrate risk at the planning stage.
        2. Establish key performance indicators (KPIs) to measure results. The best KPIs offer hints as to the levers the company can pull to improve them. Thus, overall sales makes a poor KPI, while sales per customer lets the company drill down for answers.
        3. Identify risks that can drive variability in performance. These are the unknowns, such as future customer demand, that will determine results.
        4. Establish key risk indicators (KRIs) and tolerance levels for critical risks. Whereas KPIs measure historical performance, KRIs are forward-looking leading indicators intended to anticipate potential roadblocks. Tolerance levels serve as triggers for action.
        5. Provide integrated reporting and monitoring. Finally, companies must monitor results and KRIs on a continuous basis in order to mitigate risks or grasp unexpected opportunities as they arise.

        See Also

        Operational Risk

        Strategic Risk

        Compliance Consultant

        ‘Making Compliance Work’

        Contact Us Today!

        [ninja_form id=1]


        Current Activity
        Another Happy Client
        Another Happy Client