The appointed representative regime was designed to widen access to regulated markets. But for principal firms, it comes with a burden of responsibility that many have consistently underestimated — and that the FCA has spent the last several years making significantly harder to ignore.

Following its thematic review and the sweeping changes introduced under PS21/3, the regulator has made clear that principal firms are fully accountable for the conduct, competence, and compliance of every AR they appoint. If your AR causes consumer harm, mis-sells a product, or breaches regulatory requirements, the consequences land with you — not just with them. That reality demands a policy and oversight framework that is genuinely fit for purpose.

In this episode, we walk through what a robust Appointed Representative Policy and Playbook looks like, why so many principal firms are still exposed, and how to build an oversight structure that satisfies regulatory expectations and protects your firm.

We cover:

— What the FCA's reforms to the AR regime actually require of principal firms, and the specific due diligence, oversight, and reporting obligations that came into force following PS21/3

— How to structure an AR appointment process that assesses fitness and propriety, business model viability, and regulatory risk before onboarding — not after problems emerge

— What your Appointed Representative Policy needs to contain, including governance responsibilities, monitoring frameworks, escalation procedures, and exit arrangements

— The ongoing oversight programme your firm needs to operate — how frequently to review AR activity, what management information to collect, and what triggers should prompt enhanced supervision or termination

— How to evidence that your ARs are operating within the scope of your permission and not straying into regulated activities you haven't authorised or don't hold permissions for

— Consumer Duty implications for principal firms — how the outcomes-focused framework applies across your AR network and what you need to do to demonstrate that customers are receiving good outcomes regardless of which entity they're dealing with

— Common failings identified by the FCA in thematic reviews of principal firm oversight, and the remediation steps firms have been required to take

— When and how to terminate an AR relationship — the process, the documentation, the regulatory notification requirements, and how to manage the transition to protect customers

Whether you oversee a single AR or manage a large network, the regulatory expectations are the same. This episode gives you a clear, practical playbook to meet them.

Resources mentioned in this episode:

— FCA PS21/3 — Strengthening the appointed representatives regime

— FCA AR Regime Thematic Review findings: fca.org.uk

— SUP 12 — Appointed Representatives sourcebook

The Compliance Playbook (free resource): https://bit.ly/CP202602A — practical guidance on SMCR responsibilities mapping, AML risk assessments, operational resilience planning, and more. Built by qualified regulatory consultants. No email capture, no sales pitch.

Subscribe, follow, and leave a review — it helps more compliance professionals find content grounded in real regulatory practice.

Have a topic you'd like covered? Visit complianceconsultant.org or connect on LinkedIn at linkedin.com/company/compliance-consultant-uk

Compliance Consultant — Making Compliance Work.

Consumer Duty has been in force since July 2023, and the FCA is no longer giving firms the benefit of the doubt. Supervisory visits, thematic reviews, and enforcement activity are all signalling the same message — having a Consumer Duty policy isn't enough. You need to evidence that your firm is consistently delivering good outcomes for retail customers, and that your board is sighted on the data that proves it.

In this episode, we're talking about the Consumer Duty Toolkit — what it contains, why a structured, ready-to-use framework is the most efficient way to embed the Duty properly across your firm, and what the FCA actually expects to see when it comes looking.

What we cover in this episode:

We start with the four outcomes at the heart of Consumer Duty — products and services, price and value, consumer understanding, and consumer support — and why firms that treat these as four separate compliance workstreams consistently struggle to demonstrate the joined-up, outcome-focused thinking the FCA is looking for.

We then look at what genuine embedding looks like in practice — the management information frameworks, the board reporting structures, the customer journey mapping, the complaints and feedback analysis, and the vulnerability identification processes that together give your firm a defensible evidence base.

We discuss the Consumer Duty Annual Board Report — one of the most important documents your firm will produce each year and one that is still being significantly underestimated by many smaller authorised firms. We cover what it needs to contain, how it should be structured, and the common gaps that leave firms exposed.

We also address the ongoing monitoring obligation — because Consumer Duty isn't a one-time implementation project. It's a continuous cycle of outcome testing, data review, and remediation, and firms that haven't built that cycle into their compliance monitoring programme are accumulating regulatory risk with every passing quarter.

Why this matters right now:

The FCA has been explicit that its Consumer Duty supervisory work is moving from implementation assessment to outcomes scrutiny. Firms that were given time to embed the Duty are now expected to demonstrate it is working. The regulator has already written to firms in multiple sectors where its data suggests consumer outcomes are falling short, and formal action is following in cases where firms cannot evidence their position.

The stakes are significant. Consumer Duty failures can trigger requirements to withdraw products, remediate customers, and in serious cases result in public censure or financial penalties. Senior managers with board-level accountability for Consumer Duty outcomes face personal exposure where oversight has been inadequate.

The practical takeaway:

By the end of this episode, you'll have a clear picture of what a robust Consumer Duty framework looks like, where the most common gaps are, and how a structured toolkit can help your firm move from superficial compliance to genuine, evidenced good outcomes.

Our Consumer Duty Toolkit is available to download at complianceconsultant.org — built by qualified regulatory consultants who understand exactly what the FCA expects, and ready to implement across your firm immediately.

Who this episode is for:

Essential listening for compliance officers, MLROs, customer experience leads, product owners, and any senior manager or NED with Consumer Duty accountability at an FCA-authorised firm.

Compliance Consultant — Making Compliance Work.

Visit us at complianceconsultant.org or call us on 0800 689 0190.

References: FCA Consumer Duty — Finalised Guidance FG22/5; FCA Consumer Duty — Annual Review Requirements; PS22/9 A New Consumer Duty — Policy Statement; FCA Consumer Duty Implementation Review, 2024; Financial Services and Markets Act 2023.

Is your firm's Fair Value Assessment actually fit for purpose — or is it a compliance exercise dressed up as consumer protection?

Since Consumer Duty came into full force, the FCA has been unequivocal: firms must be able to demonstrate that the price customers pay is reasonable relative to the benefit they receive. That is not a box-ticking exercise. It is a structured, evidenced, and regularly reviewed assessment — and the regulator is watching closely.

In this episode, we cut through the complexity and get into the mechanics of what a genuinely robust Fair Value Assessment looks like. Whether you are an MLRO, a compliance officer, a senior manager with Consumer Duty accountability, or a board member trying to understand what "good" looks like, this episode gives you the practical grounding you need.

We cover:

— What "fair value" actually means under the Consumer Duty framework and why it goes well beyond simply checking your pricing

— The four Consumer Duty outcomes and how Fair Value sits within the broader obligation to deliver good outcomes for retail customers

— The FCA's supervisory expectations, including findings from thematic reviews and what the regulator has said firms are consistently getting wrong

— What a proper Fair Value Assessment Framework must contain — from product scope and cost analysis through to customer segmentation, distribution chain accountability, and outcome monitoring

— How to structure your assessment workbook so it is defensible under scrutiny, auditable, and genuinely useful as a management tool rather than a document that sits on a shelf

— Common failure points: weak evidence bases, unsupported assumptions, failure to consider vulnerable customers, and the absence of meaningful management information to evidence ongoing value

— The governance and sign-off requirements that sit behind a compliant assessment, including board-level attestation and the role of the Consumer Duty Champion

— How frequently your framework needs to be reviewed and what should trigger an out-of-cycle reassessment

— Practical tips for embedding fair value thinking into product governance, pricing decisions, and distribution arrangements from the outset

We also explore what the FCA's enforcement trajectory tells us about where the regulatory risk lies for firms that treat Fair Value as an afterthought — and why personal accountability under SMCR means that getting this wrong is not just an organisational risk, it is a career risk.

This episode is essential listening if your firm:

— Has not reviewed its Fair Value Assessments since Consumer Duty implementation

— Is approaching an FCA supervisory visit or skilled person review

— Has received FCA feedback indicating concerns about product value or customer outcomes

— Is preparing its annual Consumer Duty board report and needs confidence that its fair value evidence base is solid

Resources mentioned in this episode:

Compliance Consultant's Fair Value Assessment Framework & Workbook is a ready-to-use, professionally structured toolkit built specifically for FCA-regulated firms. It combines a step-by-step assessment framework with a fully formatted workbook, enabling compliance teams to complete, evidence, and document their fair value obligations efficiently and to a standard that reflects current FCA expectations.

Visit complianceconsultant.org to find out more, or call us on 0800 689 0190.

When it comes to Politically Exposed Persons and high-risk customers, the gap between having an EDD process and having one that actually works is wider than most firms realise — and the FCA knows it.

Enhanced Due Diligence is one of the most scrutinised areas of AML compliance in UK financial services. The Money Laundering Regulations 2017 are explicit: certain customers require a materially higher standard of scrutiny, documented evidence, and ongoing monitoring. Yet supervisory findings, enforcement actions, and thematic reviews consistently reveal the same failures — inadequate identification of PEPs, superficial risk assessments, absent senior management approval, and monitoring arrangements that exist on paper but deliver nothing in practice.

In this episode, we go beyond the basics and examine what genuinely robust Enhanced Due Diligence looks like for PEPs and other high-risk customer categories. Whether you are an MLRO, a compliance officer, or a senior manager with AML accountability under SMCR, this episode gives you the practical framework to assess whether your current approach would withstand regulatory scrutiny.

We cover:

— The legal foundation: what the MLRs 2017 require for EDD and where FCA expectations go further than the minimum statutory standard

— Defining PEPs correctly: domestic versus foreign PEPs, the scope of family members and known close associates, and the common categorisation errors that create immediate regulatory exposure

— Why PEP status does not automatically mean refusal — and how to document a risk-based decision to onboard, decline, or exit a PEP relationship in a way that is fully defensible

— The EDD factors your workbook must capture: source of wealth, source of funds, nature of the business relationship, geographic risk, transaction profile, and adverse media findings

— Senior management approval requirements: who approves what, how that approval must be evidenced, and the governance trail regulators will look for

— Ongoing monitoring obligations: what "enhanced" monitoring means in practice, review frequency, and what should trigger an out-of-cycle reassessment

— The role of adverse media screening — why it is not optional and how to document your findings and decisions adequately

— Common EDD failures identified by the FCA and FATF, and how personal liability under SMCR applies when those failures are traced back to named individuals

This episode is essential listening if your firm:

— Has not reviewed its PEP and high-risk customer EDD procedures since the MLRs 2017 amendments

— Is preparing for an FCA supervisory visit, s166 skilled person review, or internal audit

— Has onboarded PEP relationships without a clearly documented, senior management-approved rationale

— Has not stress-tested its ongoing monitoring arrangements against actual transaction activity

Resources mentioned in this episode:

Compliance Consultant's PEP & High-Risk Customer Enhanced Due Diligence Workbook is a comprehensive, ready-to-use toolkit built for FCA-regulated firms and PSR-authorised payment service providers. It provides a structured EDD framework, fully formatted assessment workbook, and step-by-step guidance enabling compliance teams to complete, document, and evidence their EDD obligations to a standard that reflects current FCA and FATF expectations.

Built by qualified regulatory consultants who know exactly what "good" looks like — because they have seen what the alternative costs.

Visit complianceconsultant.org to find out more, or call us on 0800 689 0190.

The FCA and PRA's operational resilience framework is no longer a future obligation. The March 2025 implementation deadline has passed — and firms are now expected to be operating within their impact tolerances, not still mapping them.

Operational resilience has moved from policy commitment to supervisory reality. Regulators expect firms to have identified their important business services, set meaningful impact tolerances, tested their ability to remain within those tolerances under severe but plausible disruption scenarios, and produced the self-assessment documentation to evidence it all. For many firms, the uncomfortable truth is that their self-assessment exists in name only — and a supervisory visit or operational incident would expose that quickly.

In this episode, we examine what a genuinely robust Operational Resilience Self-Assessment looks like, what the regulators are expecting to find, and why the firms most at risk are those that treat this as a documentation exercise rather than a genuine test of their ability to withstand disruption.

Whether you are a compliance officer, a chief operating officer, a risk manager, or a senior manager with operational resilience accountability under SMCR, this episode gives you the practical framework to assess whether your self-assessment would stand up to scrutiny.

We cover:

— The regulatory foundation: PS21/3, the FCA and PRA's joint policy statement, and what the supervisory expectations look like now the implementation deadline has passed

— Identifying important business services correctly: the common scoping errors that leave firms exposed and how to apply the customer harm lens the regulators expect

— Setting impact tolerances that are meaningful: why vague or untested tolerances are worse than none, and how to express tolerances in terms regulators and boards can interrogate

— Mapping and testing: what scenario testing must demonstrate, how to document the results, and what constitutes adequate evidence that your firm can remain within tolerance

— The self-assessment document itself: what it must contain, how it should be structured, and the governance sign-off requirements that sit behind it

— Third-party and outsourcing dependencies: how to identify and document concentration risk and what regulators expect firms to have done about it

— The role of the board and senior management: accountability under SMCR, the governance oversight requirements, and why operational resilience is not an IT or operations issue in isolation

— Lessons from FCA supervisory engagement and industry incidents — what has gone wrong for other firms and what your self-assessment should do differently as a result

— How operational resilience connects to your broader risk management framework, business continuity planning, and Consumer Duty obligations around service continuity

This episode is essential listening if your firm:

— Has not updated its self-assessment since the March 2025 implementation deadline

— Has set impact tolerances but not yet tested whether it can remain within them under realistic disruption scenarios

— Is approaching an FCA supervisory visit or internal audit of its operational resilience framework

— Has significant third-party dependencies that are not fully reflected in its mapping or scenario testing

Resources mentioned in this episode:

Compliance Consultant's Operational Resilience Self-Assessment Workbook is a comprehensive, ready-to-use toolkit built for FCA-regulated firms. It provides a structured self-assessment framework, fully formatted workbook, and step-by-step guidance that enables compliance, risk, and operations teams to complete, document, and evidence their operational resilience obligations to a standard that reflects current regulatory expectations.

Built by qualified regulatory consultants who know exactly what "good" looks like.

Visit complianceconsultant.org to find out more, or call us on 0800 689 0190.

Compliance Consultant — Making Compliance Work

An FCA supervisory visit is not a conversation. It is a structured regulatory assessment of your firm's systems, controls, and culture — and firms that treat it as an informal check-up are the ones that end up with the most uncomfortable outcomes.

Whether it arrives as a routine engagement, a Dear CEO letter follow-up, or a targeted thematic review, an FCA visit demands that your firm can demonstrate compliance, not just describe it. The regulator will want to see documented evidence, speak with key individuals, test your understanding of your obligations, and assess whether the tone from the top matches what is happening on the ground. The gap between what firms believe they have in place and what they can actually evidence under scrutiny is where regulatory risk lives.

In this episode, we walk through what genuine FCA supervisory visit preparation looks like — from the moment you receive notification through to post-visit remediation — and why firms that leave preparation to the final weeks are already behind.

Whether you are a compliance officer, an MLRO, a senior manager with regulatory accountability under SMCR, or a board member responsible for oversight, this episode gives you the practical framework to approach a supervisory visit with confidence rather than anxiety.

We cover:

— Understanding the visit: the different types of FCA supervisory engagement, what each signals about the regulator's concerns, and how to interpret the notification you receive

— The preparation timeline: what needs to happen immediately, what needs to happen in the weeks prior, and the common preparation mistakes that create unnecessary regulatory risk

— Document readiness: the policies, procedures, registers, MI, and board papers the FCA will typically request — and how to ensure they are current, consistent, and evidence actual practice

— Individual preparation: how to brief your MLRO, senior managers, and board members, what the FCA expects from key function holders, and how SMCR accountability maps onto visit interviews

— Common examination areas: AML and financial crime controls, Consumer Duty implementation, complaints handling, operational resilience, and governance arrangements

— The culture question: how the FCA assesses whether compliance is genuinely embedded or performative — and what signals examiners look for beyond the documentation

— Managing the visit itself: how to handle information requests, respond to examiner questions accurately, and avoid the well-intentioned answers that create additional lines of inquiry

— Post-visit: how to interpret feedback, respond to findings constructively, and turn remediation into a genuine compliance improvement rather than a repeat exercise

This episode is essential listening if your firm:

— Has received FCA notification of an upcoming supervisory visit or thematic review

— Has not conducted a structured internal readiness assessment against current FCA priorities

— Has senior managers who have never been interviewed by a regulator and do not know what to expect

— Has previously received FCA feedback and wants to ensure remediation is fully evidenced

Resources mentioned in this episode:

Compliance Consultant's FCA Supervisory Visit Preparation Playbook is a comprehensive, ready-to-use toolkit for FCA-regulated firms. It provides a structured preparation framework, document readiness checklists, individual briefing guides, and post-visit remediation templates — everything your firm needs to approach regulatory scrutiny in an organised, evidenced, and confident manner.

Built by qualified regulatory consultants who know exactly what "good" looks like.

Visit complianceconsultant.org to find out more, or call us on 0800 689 0190.

Compliance Consultant — Making Compliance Work.

Every regulated firm has a compliance risk register. Far fewer have one that genuinely reflects their risk profile, drives management decision-making, or would survive scrutiny from the FCA, an internal auditor, or a skilled person examiner.

A compliance risk register is not a spreadsheet exercise. It is the foundation of your firm's entire risk management framework — the document that should tell your board, your senior managers, and your regulator exactly what risks your firm faces, how severe they are, what controls are in place to manage them, and whether those controls are actually working. When it is built properly, with meaningful heat mapping that reflects real likelihood and impact assessments, it becomes one of the most powerful governance tools a compliance function can own. When it is built poorly, it becomes a liability.

In this episode, we examine what a genuinely effective Compliance Risk Register looks like, how heat mapping should work in practice, and why the firms that treat risk registers as an annual formatting exercise are the ones most likely to be caught out when something goes wrong.

Whether you are a compliance officer, an MLRO, a risk manager, or a senior manager with governance accountability under SMCR, this episode gives you the practical framework to assess whether your risk register is fit for regulatory scrutiny.

We cover:

— The regulatory expectation: what the FCA expects a compliance risk register to demonstrate and how it features in supervisory visits, s166 reviews, and governance assessments

— Risk identification: how to ensure your register captures the full spectrum of regulatory, operational, conduct, and financial crime risks relevant to your firm's actual business model

— Likelihood and impact scoring: how to apply consistent, defensible criteria that produce meaningful risk ratings rather than subjective or politically influenced assessments

— Heat mapping in practice: how to build and interpret a compliance heat map that gives your board and senior management genuine visibility of your risk landscape

— Inherent versus residual risk: why the distinction matters, how to assess control effectiveness honestly, and what regulators think when residual scores look suspiciously low

— Linking risks to controls: how your register should connect to your compliance monitoring programme, your audit findings, and your management information framework

— Consumer Duty and conduct risk: how to incorporate customer outcome risks into your register in a way that reflects the FCA's current supervisory priorities

— Dynamic risk management: how frequently your register should be reviewed, what should trigger an out-of-cycle update, and how to evidence that it is a living document rather than an annual exercise

— SMCR accountability: how risk register ownership maps to Senior Manager responsibilities and why named accountability matters when control failures are traced back through the governance framework

This episode is essential listening if your firm:

— Has a risk register that has not been substantively updated since Consumer Duty implementation

— Produces heat maps that show predominantly green or amber ratings regardless of actual control effectiveness

— Is preparing for an FCA supervisory visit, s166 review, or internal audit of its risk framework

— Has senior managers who cannot articulate the firm's top compliance risks without referring to a document

Resources mentioned in this episode:

Compliance Consultant's Compliance Risk Register with heat mapping is a comprehensive, ready-to-use toolkit for FCA-regulated firms. It provides a structured risk identification framework, consistent scoring methodology, fully formatted heat mapping tools, and governance templates that enable compliance teams to build and maintain a risk register that reflects genuine regulatory best practice.

Visit complianceconsultant.org to find out more, or call us on 0800 689 0190.

Payment service providers operate in one of the most rapidly evolving regulatory environments in UK financial services. Yet the compliance risk registers many PSR-authorised firms rely on were built for a different business model, a different regulatory framework, or — in some cases — barely built at all.

A compliance risk register is not optional for payment institutions, e-money institutions, or registered account information service providers. It is the foundation of your firm's risk management framework — the document that should tell your board, your senior managers, and your regulator exactly what risks your firm faces, how they are controlled, and whether those controls are working. Without heat mapping that genuinely reflects your risk profile, your firm is managing risk it cannot see.

In this episode, we examine what a genuinely effective PSR-specific Compliance Risk Register looks like, why payment firms face a distinct set of regulatory risks that generic frameworks consistently fail to capture, and how heat mapping should function as a real decision-making tool rather than a colour-coded formality.

We cover:

— The PSR regulatory landscape: FCA authorisation requirements, Payment Services Regulations 2017 obligations, and what the regulator expects a payment firm's risk framework to demonstrate

— Payment-specific risks your register must capture: safeguarding failures, agent oversight, APP scam liability, strong customer authentication, operational continuity, and financial crime exposure

— Likelihood and impact scoring: applying consistent, defensible criteria that reflect regulatory reality rather than organisational optimism

— Heat mapping in practice: building a compliance heat map that gives your board genuine visibility of your PSR risk landscape

— Inherent versus residual risk: how to assess control effectiveness honestly and what examiners think when residual scores look implausibly low

— Safeguarding as a risk category: reflecting safeguarding obligations accurately within your register given the FCA's intensifying supervisory focus on payment firm failures

— Dynamic risk management: review frequency, out-of-cycle update triggers, and evidencing that your register is a living governance document rather than an annual exercise

— AML and financial crime risk: embedding MLRs 2017 obligations within your PSR risk framework and ensuring your register reflects your firm's specific exposure

This episode is essential listening if your firm:

— Is a payment institution, e-money institution, or AISP that has not reviewed its risk register against current FCA and PSR supervisory priorities

— Has a risk register adapted from a generic template that does not reflect payment-specific regulatory obligations

— Is preparing for an FCA supervisory visit or s166 review, or is subject to the FCA's heightened scrutiny of the payments sector

— Has experienced safeguarding, fraud, or operational failures not adequately reflected in its current risk profile

Resources mentioned in this episode:

Compliance Consultant's PSR Compliance Risk Register with heat mapping is a ready-to-use toolkit built specifically for payment institutions and e-money institutions. It provides a PSR-specific risk identification framework, consistent scoring methodology, fully formatted heat mapping tools, and governance templates enabling compliance teams to build and maintain a risk register that reflects genuine regulatory best practice for the payments sector.

Built by qualified regulatory consultants who know exactly what "good" looks like.

Visit complianceconsultant.org to find out more, or call us on 0800 689 0190.

Compliance Consultant — Making Compliance Work.