Operational Resilience: Is Your Firm Ready to Prove It Can Absorb Disruption — or Just Claim That It Can?

Appointed Representative Policy and Playbook: What Principal Firms Must Get Right Before the FCA Gets Involved

The appointed representative regime was designed to widen access to regulated markets. But for principal firms, it comes with a burden of responsibility that many have consistently underestimated — and that the FCA has spent the last several years making significantly harder to ignore. Following its thematic review and the sweeping changes introduced under PS21/3, the regulator has made clear that principal firms are fully accountable for the conduct, competence, and compliance of every AR they appoint. If your AR causes consumer harm, mis-sells a product, or breaches regulatory requirements, the consequences land with you — not just with them. That reality demands a policy and oversight framework that is genuinely fit for purpose. In this episode, we walk through what a robust Appointed Representative Policy and Playbook looks like, why so many principal firms are still exposed, and how to build an oversight structure that satisfies regulatory expectations and protects your firm. We cover: — What the FCA's reforms to the AR regime actually require of principal firms, and the specific due diligence, oversight, and reporting obligations that came into force following PS21/3 — How to structure an AR appointment process that assesses fitness and propriety, business model viability, and regulatory risk before onboarding — not after problems emerge — What your Appointed Representative Policy needs to contain, including governance responsibilities, monitoring frameworks, escalation procedures, and exit arrangements — The ongoing oversight programme your firm needs to operate — how frequently to review AR activity, what management information to collect, and what triggers should prompt enhanced supervision or termination — How to evidence that your ARs are operating within the scope of your permission and not straying into regulated activities you haven't authorised or don't hold permissions for — Consumer Duty implications for principal firms — how the outcomes-focused framework applies across your AR network and what you need to do to demonstrate that customers are receiving good outcomes regardless of which entity they're dealing with — Common failings identified by the FCA in thematic reviews of principal firm oversight, and the remediation steps firms have been required to take — When and how to terminate an AR relationship — the process, the documentation, the regulatory notification requirements, and how to manage the transition to protect customers Whether you oversee a single AR or manage a large network, the regulatory expectations are the same. This episode gives you a clear, practical playbook to meet them. Resources mentioned in this episode: — FCA PS21/3 — Strengthening the appointed representatives regime — FCA AR Regime Thematic Review findings: fca.org.uk — SUP 12 — Appointed Representatives sourcebook The Compliance Playbook (free resource): https://bit.ly/CP202602A [https://bit.ly/CP202602A] — practical guidance on SMCR responsibilities mapping, AML risk assessments, operational resilience planning, and more. Built by qualified regulatory consultants. No email capture, no sales pitch. Subscribe, follow, and leave a review — it helps more compliance professionals find content grounded in real regulatory practice. Have a topic you'd like covered? Visit complianceconsultant.org or connect on LinkedIn at linkedin.com/company/compliance-consultant-uk Compliance Consultant — Making Compliance Work.

Consumer Duty: Are You Evidencing Good Outcomes or Just Hoping for the Best?

Consumer Duty has been in force since July 2023, and the FCA is no longer giving firms the benefit of the doubt. Supervisory visits, thematic reviews, and enforcement activity are all signalling the same message — having a Consumer Duty policy isn't enough. You need to evidence that your firm is consistently delivering good outcomes for retail customers, and that your board is sighted on the data that proves it. In this episode, we're talking about the Consumer Duty Toolkit — what it contains, why a structured, ready-to-use framework is the most efficient way to embed the Duty properly across your firm, and what the FCA actually expects to see when it comes looking. What we cover in this episode: We start with the four outcomes at the heart of Consumer Duty — products and services, price and value, consumer understanding, and consumer support — and why firms that treat these as four separate compliance workstreams consistently struggle to demonstrate the joined-up, outcome-focused thinking the FCA is looking for. We then look at what genuine embedding looks like in practice — the management information frameworks, the board reporting structures, the customer journey mapping, the complaints and feedback analysis, and the vulnerability identification processes that together give your firm a defensible evidence base. We discuss the Consumer Duty Annual Board Report — one of the most important documents your firm will produce each year and one that is still being significantly underestimated by many smaller authorised firms. We cover what it needs to contain, how it should be structured, and the common gaps that leave firms exposed. We also address the ongoing monitoring obligation — because Consumer Duty isn't a one-time implementation project. It's a continuous cycle of outcome testing, data review, and remediation, and firms that haven't built that cycle into their compliance monitoring programme are accumulating regulatory risk with every passing quarter. Why this matters right now: The FCA has been explicit that its Consumer Duty supervisory work is moving from implementation assessment to outcomes scrutiny. Firms that were given time to embed the Duty are now expected to demonstrate it is working. The regulator has already written to firms in multiple sectors where its data suggests consumer outcomes are falling short, and formal action is following in cases where firms cannot evidence their position. The stakes are significant. Consumer Duty failures can trigger requirements to withdraw products, remediate customers, and in serious cases result in public censure or financial penalties. Senior managers with board-level accountability for Consumer Duty outcomes face personal exposure where oversight has been inadequate. The practical takeaway: By the end of this episode, you'll have a clear picture of what a robust Consumer Duty framework looks like, where the most common gaps are, and how a structured toolkit can help your firm move from superficial compliance to genuine, evidenced good outcomes. Our Consumer Duty Toolkit is available to download at complianceconsultant.org — built by qualified regulatory consultants who understand exactly what the FCA expects, and ready to implement across your firm immediately. Who this episode is for: Essential listening for compliance officers, MLROs, customer experience leads, product owners, and any senior manager or NED with Consumer Duty accountability at an FCA-authorised firm. Compliance Consultant — Making Compliance Work. Visit us at complianceconsultant.org or call us on 0800 689 0190. References: FCA Consumer Duty — Finalised Guidance FG22/5; FCA Consumer Duty — Annual Review Requirements; PS22/9 A New Consumer Duty — Policy Statement; FCA Consumer Duty Implementation Review, 2024; Financial Services and Markets Act 2023.

Fair Value Under the Microscope: What the FCA Really Expects From Your Assessment Framework

Is your firm's Fair Value Assessment actually fit for purpose — or is it a compliance exercise dressed up as consumer protection? Since Consumer Duty came into full force, the FCA has been unequivocal: firms must be able to demonstrate that the price customers pay is reasonable relative to the benefit they receive. That is not a box-ticking exercise. It is a structured, evidenced, and regularly reviewed assessment — and the regulator is watching closely. In this episode, we cut through the complexity and get into the mechanics of what a genuinely robust Fair Value Assessment looks like. Whether you are an MLRO, a compliance officer, a senior manager with Consumer Duty accountability, or a board member trying to understand what "good" looks like, this episode gives you the practical grounding you need. We cover: — What "fair value" actually means under the Consumer Duty framework and why it goes well beyond simply checking your pricing — The four Consumer Duty outcomes and how Fair Value sits within the broader obligation to deliver good outcomes for retail customers — The FCA's supervisory expectations, including findings from thematic reviews and what the regulator has said firms are consistently getting wrong — What a proper Fair Value Assessment Framework must contain — from product scope and cost analysis through to customer segmentation, distribution chain accountability, and outcome monitoring — How to structure your assessment workbook so it is defensible under scrutiny, auditable, and genuinely useful as a management tool rather than a document that sits on a shelf — Common failure points: weak evidence bases, unsupported assumptions, failure to consider vulnerable customers, and the absence of meaningful management information to evidence ongoing value — The governance and sign-off requirements that sit behind a compliant assessment, including board-level attestation and the role of the Consumer Duty Champion — How frequently your framework needs to be reviewed and what should trigger an out-of-cycle reassessment — Practical tips for embedding fair value thinking into product governance, pricing decisions, and distribution arrangements from the outset We also explore what the FCA's enforcement trajectory tells us about where the regulatory risk lies for firms that treat Fair Value as an afterthought — and why personal accountability under SMCR means that getting this wrong is not just an organisational risk, it is a career risk. This episode is essential listening if your firm: — Has not reviewed its Fair Value Assessments since Consumer Duty implementation — Is approaching an FCA supervisory visit or skilled person review — Has received FCA feedback indicating concerns about product value or customer outcomes — Is preparing its annual Consumer Duty board report and needs confidence that its fair value evidence base is solid Resources mentioned in this episode: Compliance Consultant's Fair Value Assessment Framework & Workbook is a ready-to-use, professionally structured toolkit built specifically for FCA-regulated firms. It combines a step-by-step assessment framework with a fully formatted workbook, enabling compliance teams to complete, evidence, and document their fair value obligations efficiently and to a standard that reflects current FCA expectations. Visit complianceconsultant.org to find out more, or call us on 0800 689 0190.

PEPs, High-Risk Customers & EDD: Are You Managing the Risk or Just Creating the Paperwork?

When it comes to Politically Exposed Persons and high-risk customers, the gap between having an EDD process and having one that actually works is wider than most firms realise — and the FCA knows it. Enhanced Due Diligence is one of the most scrutinised areas of AML compliance in UK financial services. The Money Laundering Regulations 2017 are explicit: certain customers require a materially higher standard of scrutiny, documented evidence, and ongoing monitoring. Yet supervisory findings, enforcement actions, and thematic reviews consistently reveal the same failures — inadequate identification of PEPs, superficial risk assessments, absent senior management approval, and monitoring arrangements that exist on paper but deliver nothing in practice. In this episode, we go beyond the basics and examine what genuinely robust Enhanced Due Diligence looks like for PEPs and other high-risk customer categories. Whether you are an MLRO, a compliance officer, or a senior manager with AML accountability under SMCR, this episode gives you the practical framework to assess whether your current approach would withstand regulatory scrutiny. We cover: — The legal foundation: what the MLRs 2017 require for EDD and where FCA expectations go further than the minimum statutory standard — Defining PEPs correctly: domestic versus foreign PEPs, the scope of family members and known close associates, and the common categorisation errors that create immediate regulatory exposure — Why PEP status does not automatically mean refusal — and how to document a risk-based decision to onboard, decline, or exit a PEP relationship in a way that is fully defensible — The EDD factors your workbook must capture: source of wealth, source of funds, nature of the business relationship, geographic risk, transaction profile, and adverse media findings — Senior management approval requirements: who approves what, how that approval must be evidenced, and the governance trail regulators will look for — Ongoing monitoring obligations: what "enhanced" monitoring means in practice, review frequency, and what should trigger an out-of-cycle reassessment — The role of adverse media screening — why it is not optional and how to document your findings and decisions adequately — Common EDD failures identified by the FCA and FATF, and how personal liability under SMCR applies when those failures are traced back to named individuals This episode is essential listening if your firm: — Has not reviewed its PEP and high-risk customer EDD procedures since the MLRs 2017 amendments — Is preparing for an FCA supervisory visit, s166 skilled person review, or internal audit — Has onboarded PEP relationships without a clearly documented, senior management-approved rationale — Has not stress-tested its ongoing monitoring arrangements against actual transaction activity Resources mentioned in this episode: Compliance Consultant's PEP & High-Risk Customer Enhanced Due Diligence Workbook is a comprehensive, ready-to-use toolkit built for FCA-regulated firms and PSR-authorised payment service providers. It provides a structured EDD framework, fully formatted assessment workbook, and step-by-step guidance enabling compliance teams to complete, document, and evidence their EDD obligations to a standard that reflects current FCA and FATF expectations. Built by qualified regulatory consultants who know exactly what "good" looks like — because they have seen what the alternative costs. Visit complianceconsultant.org to find out more, or call us on 0800 689 0190.

Operational Resilience: Is Your Firm Ready to Prove It Can Absorb Disruption — or Just Claim That It Can?

The FCA and PRA's operational resilience framework is no longer a future obligation. The March 2025 implementation deadline has passed — and firms are now expected to be operating within their impact tolerances, not still mapping them. Operational resilience has moved from policy commitment to supervisory reality. Regulators expect firms to have identified their important business services, set meaningful impact tolerances, tested their ability to remain within those tolerances under severe but plausible disruption scenarios, and produced the self-assessment documentation to evidence it all. For many firms, the uncomfortable truth is that their self-assessment exists in name only — and a supervisory visit or operational incident would expose that quickly. In this episode, we examine what a genuinely robust Operational Resilience Self-Assessment looks like, what the regulators are expecting to find, and why the firms most at risk are those that treat this as a documentation exercise rather than a genuine test of their ability to withstand disruption. Whether you are a compliance officer, a chief operating officer, a risk manager, or a senior manager with operational resilience accountability under SMCR, this episode gives you the practical framework to assess whether your self-assessment would stand up to scrutiny. We cover: — The regulatory foundation: PS21/3, the FCA and PRA's joint policy statement, and what the supervisory expectations look like now the implementation deadline has passed — Identifying important business services correctly: the common scoping errors that leave firms exposed and how to apply the customer harm lens the regulators expect — Setting impact tolerances that are meaningful: why vague or untested tolerances are worse than none, and how to express tolerances in terms regulators and boards can interrogate — Mapping and testing: what scenario testing must demonstrate, how to document the results, and what constitutes adequate evidence that your firm can remain within tolerance — The self-assessment document itself: what it must contain, how it should be structured, and the governance sign-off requirements that sit behind it — Third-party and outsourcing dependencies: how to identify and document concentration risk and what regulators expect firms to have done about it — The role of the board and senior management: accountability under SMCR, the governance oversight requirements, and why operational resilience is not an IT or operations issue in isolation — Lessons from FCA supervisory engagement and industry incidents — what has gone wrong for other firms and what your self-assessment should do differently as a result — How operational resilience connects to your broader risk management framework, business continuity planning, and Consumer Duty obligations around service continuity This episode is essential listening if your firm: — Has not updated its self-assessment since the March 2025 implementation deadline — Has set impact tolerances but not yet tested whether it can remain within them under realistic disruption scenarios — Is approaching an FCA supervisory visit or internal audit of its operational resilience framework — Has significant third-party dependencies that are not fully reflected in its mapping or scenario testing Resources mentioned in this episode: Compliance Consultant's Operational Resilience Self-Assessment Workbook is a comprehensive, ready-to-use toolkit built for FCA-regulated firms. It provides a structured self-assessment framework, fully formatted workbook, and step-by-step guidance that enables compliance, risk, and operations teams to complete, document, and evidence their operational resilience obligations to a standard that reflects current regulatory expectations. Built by qualified regulatory consultants who know exactly what "good" looks like. Visit complianceconsultant.org to find out more, or call us on 0800 689 0190. Compliance Consultant — Making Compliance Work