We have a strong reputation in assisting clients with identifying and reviewing regulatory risks across regulated firms. Based on our deep knowledge and understanding of industry good practice and regulatory expectations, we have a detailed regulatory due diligence process that takes a comprehensive but commercial approach to identify regulatory business risks.

Successfully identifying risks can involve a significant volume of documents, on-site visits to your offices and close liaison with business teams by our regulatory consultants.

Amongst other areas, as part of our regulatory due diligence process, our team can provide deal support in terms of:

Pre-transaction due diligence (either purchase or sale side)
Back book sampling
Reviews of sales and advice outputs
Onboarding and Financial Crime controls

We will produce our findings in a format agreed with you, whether it's a dashboard, a go/no-go view of a detailed report. In our feedback, we will set out recommended control improvements and an analysis of the residual regulatory risks along with providing an agreed rating scale of our findings.

We will work with you to assess each risk in line with your internal risk framework and risk appetite, before suggesting and if desired, helping to implement mitigating systems and controls to reduce risk exposure. We can provide as much or as little support as you require and our team is able to support projects of all sizes, both in the UK and Globally.

Regulatory permissions

How does the firm's regulatory permissions align to the regulated activities to which it undertakes?
Does the firm's regulatory permissions ensure complete coverage of the regulated products and services that it provides?

Business servicing and outsourcing arrangements

Does the firm have any business servicing and outsourcing arrangements relative to the regulated activities it undertakes?
If it does, how does your firm monitor compliance of any outsourced service providers?

Relationships with regulatory bodies

Has the firm completed its periodic regulatory returns on times?
What correspondence has the firm had with regulatory bodies including any non-routine correspondence?
Have there been any breaches of regulatory requirements? How have these been recorded?
What is the materiality of any breaches?
Has your firm been subject to any regulatory intervention or censure?

Business conduct and culture

How does the firm and its approved persons discharge their regulatory obligations?
What's the firm's approach to compliance with FCA requirements, relative to their regulatory permissions?
Does the firm have a compliance manual and how does this discharge their regulatory obligations?
What are the firm's internal policies and procedures relative to their regulated activities?
How do these procedures comply with FCA requirements and mitigate regulatory risk?
How does the firm monitor its own compliance with FCA requirements?
What compliance monitoring activity does it undertake?
What's the firm's approach to ensuring that customer facing colleagues are trained and are competent to undertake regulated activities?
Does the firm have a training and competency (T&C) scheme?
What is the culture of the firm?
How does the firm's leadership behaviours and values, the firm's governance arrangements and their approach to managing and rewarding people place good customer outcomes at its core?

Governance and compliance oversight

Does the firm operate a Three Lined of Defence model and are these correctly constituted?
How do senior management gain assurance that their regulated activities comply with FCA requirements and are delivering good outcomes for outcomes?
What Management Information do they get?
What internal governance arrangements are in place, relative to the regulated activities to which the firm undertakes?
For example, what Board an internal Committees exist that specifically oversee the firm's regulated activities?
Do they have clearly defined Terms of Reference for each of these Committees? Does the firm have a governance and risk framework and how is this applied in practice?
What's the firm's approach to ensuring that customer facing colleagues are trained and are competent to undertake regulated activities?
Does the firm have a training and competency (T&C) scheme?
What's the firm's approach to record keeping?
Can they demonstrate how key commercial decisions that have a direct impact on the firm's regulated activities have been taken?
How does the firm stay abreast of the regulatory horizon / identify regulatory changes relative to firm's regulated activities and how are these implemented?

Approved Persons and Senior Managers and Certification Regime

How does the firm allocate Senior Management functions? Who is responsible for what?
Has the firm designates the Prescribed Responsibilities?
Does the firm have a clearly defined Responsibilities Map that sets out key areas of regulatory responsibility amongst control functions?
Are these included in job descriptions?
How does the firm determine who should be Certified?
How does the firm monitor compliance with the Conduct rules for all of its people?
And is the monitoring differentiated between staff and Senior Management?
What is the process for regulatory training in the firm?
How do key individuals maintain their knowledge and awareness in order to discharge their regulatory responsibilities?
Are Senior Managers meeting their regulatory obligations?
How is this demonstrated and evidenced?

Internal controls

What's the firm sales or credit broking process? Does it comply with regulatory requirements including relevant customer disclosures?
How does the firm identify and deal with customer complaints, relative to the regulated activities the firm undertakes?
Does the firm have a documented complaint handling the standard?
Does the firm comply with the FCA's Dispute Resolution (DISP) requirements relative to complaints received about the regulated activities is undertakes? Does the firm have a Business Continuity Plan?

Quality of regulated activity

Can the firm provide regulated sales data that demonstrates the amount and type of regulated activity the firm undertakes / has undertaken?
Can the firm provide full and complete customer records of all regulated sales or credit broking and debt management activity that it has undertaken?
Is there any evidence of potential mis-selling and or non-compliance with regulatory requirements in those customer records?
Can the firm evidence where sales have not gone ahead and have the underlying reasons investigated?
Is the firm and all of its representative's activity in line with its regulatory permission profile?

Anti-Money Laundering and Financial Crime

How does the firm meet its AML obligations and mitigate financial crime risk?
Does the firm have a financial crime risk framework? What it the firm's approach to undertaking financial crime risk assessments?
How does the firm identify emerging risks?
Is the firm's customer/client risk assessment adequate?
Does the firm perform the appropriate PEP and Sanctions checks on UBOs and relevant connected persons?
How does the firm's approach to KYC and CDD mitigate financial crime risks?
How does the firm's financial crime risk training support colleagues to discharge their regulatory obligations?