The Importance of Compliance Due Diligence...

Many insurance brokers are looking to grow their business via acquisitions, whether it be through buying a local rival or as part of a wider expansion plan.

There are numerous steps that must be taken as part of the acquisition process, from discussions with the Financial Conduct Authority regarding Change in Control, to negotiating finance deals to fund the venture.

One of the most important, yet often misunderstood steps in the process is due diligence, which can take many forms depending on the target company and circumstances.

Typically, due diligence is a process by which a potential acquirer examines and evaluates a target company, its assets, finances, structure, processes, and any other key matters, in order to make an informed decision about the acquisition.

General business acquisitions tend to follow a uniform process, which can be conducted by a third party to ensure objectivity. This third-party specialist would be familiar with common business factors, so for example, establishing the financial status of a target company is a relatively straightforward process.

If an acquisition is being funded by a bank or other third party, there will also be some financial due diligence undertaken on your firm by that party in connection with the lending application / process.

But whilst certain business functions can be examined by any credible third-party specialist, when it comes to the highly regulated insurance industry, due diligence is a much more complicated matter…

What is Compliance Due Diligence?

So, you are seeking to acquire a business. You have engaged a specialist to conduct the due diligence, and have established that the financials are robust, and the company is a good ‘fit’. Full steam ahead then?

Not quite…

How do you know if the target company is operating correctly from a compliance perspective? Do they have any skeletons in their closet?

This is where Compliance Due Diligence comes in, and it’s one of the most vital steps in the acquisition process, to ensure you are not buying problems further down the line.

How Can Compliance Be Examined?

What exactly do you know about the business you are acquiring? How good is their compliance regime? Do they undertake regular staff training? These are just a few of the many questions you need to ask.

This is where good compliance due diligence will be vital and could save having to deal with some nasty surprises at a later date, which may be costly, time consuming, and may even have a negative impact on your hard-earned reputation.

I would suggest that you need to engage with the selling firm in this matter as soon as you reach a point in the process where both sides are reasonably certain that they wish to do a deal, but before you get to drawing up a ‘Heads of Agreement’. This may be the same time as you start the FCA notification process.

You will need to be looking at various aspects of the compliance regime and typically a due diligence exercise should start with a review of some of the common areas, such as:

  • Client Money Procedures
  • TCF and Conflicts Management
  • Training & Competence
  • Sales Processes (including renewal and midterm adjustments)
  • Systems & Controls
  • Data Security
  • Complaints and PI covers

This is by no means a definitive list!

You also need to ensure that the target firm is up to date as far as some of the newer FCA thinking is concerned. What have they done for instance about Conduct Risk, Corporate Governance, Financial Crime, Cyber Risks, The Insurance Act, and so on?

Good due diligence is not just about asking “have you got an x, y or z scheme or policy?”

Consider Training and Competence. You want to know how effective the scheme is, what training has been undertaken and how is it monitored and judged for effectiveness. There needs to be a high-level review, which drills down into the target’s processes and cultures. This may involve reviews of staff training files, CPD logs and even interviews with the supervisors and staff themselves (a word of caution here, this can be difficult and you need to have a cover in place to ensure that the real purpose of the exercise is not revealed). This could also extend to a review of client files to ensure processes are followed.

An area such as this could be vital to the enlarged entity going forward, if you are taking on the staff from the selling broker. You need to be confident that they can do the job not only to the required regulatory standards, but also to your own.

There are a number of areas where you need to drill down to a greater depth and these will be revealed to a degree following the initial questioning, which will hopefully have started to identify areas of possible weaknesses as well as strengths.

In some areas, it can be quite difficult to judge the position from just a set of questions and you need to be looking at some of the systems and control areas.

How do they manage their Business Continuity Planning for example, or, how robust are their IT systems? Such information will give you insights into how the businesses are managed.

A good due diligence exercise may well last several days ‘on site’ just for the compliance aspect and time should be allowed for drawing up a suitable report. All of this will inevitably have a monetary cost, but should produce a detailed picture of what you are buying at least from a regulatory perspective, potentially saving you money and time in the longer term.

In the worst case, after the due diligence exercise, you may feel that this is a deal you do not want to do… 

Due diligence is not just about the compliance aspects. There is HR to consider also. Will you be taking on staff from the target? What about TUPE? For further information on HR due diligence, please visit:


There are numerous other business considerations and RWA Solutions can bring its expertise to bear if you are looking to acquire, merge, or sell. And If you are considering any form of deal, speak to RWA at the earliest opportunity and they will be able to guide you not only in the FCA Change in Control process but also in the matter of overall due diligence.

Terence Clark

About the author

Terence has over 35 years' experience in the Financial Services environment, covering general insurance, investments and mortgages.

Before joining RWA, Terence worked for a large PLC insurance brokerage in Manchester, overseeing some 20 acquisitions. He served as Compliance Director at RWA from 2011 to 2018 and has worked with insurance broking firms of all sizes across the UK. He has a particular interest in Financial Crime and the protecting the insurance broker. Terence previously served as Executive Chairman of the Association of Professional Compliance Consultants (APCC), the professional body for the compliance consultancy sector.

Get RWA Insight In Your Inbox

Regular business news and commentary delivered direct to your inbox each week. Sign up here