Rebecca recently joined us in 2024 as a Senior Content Writer and has experience researching and creating multimedia content. With a keen interest in current and emerging industry affairs, Rebecca responds through a critical lens and, by promoting thought and discussion, aims to increase awareness of UKGI’s work.
FCA publishes review report about Principal firms’ oversight of ARs accusing many of taking a “tick-box approach” to compliance with new rules
The FCA has published a review report noting that, whilst Principals’ oversight of ARs has improved, some firms are taking a “tick-box approach” to compliance with the rules and relying on basic information, such as website checks or self-declarations from their ARs, to demonstrate effective oversight.
FCA Interim Head of Department for Appointed Representatives commented that some firms “aren’t getting the basics right” and have adopted a “bare minimum’ approach”.
The review was conducted by the regulator to assess Principal firms’ oversight of ARs and compliance with FCA rules following the implementation of the enhanced AR regime in December 2022. The new rules require firms to undertake annual reviews of each AR they appoint and annually self-assess their ability to oversee their AR. The analysis involved a telephone survey with 251 principals and in-depth assessments of documentation from 23 firms.
This article is the first of a two-part series and will explore key findings from the FCA’s review relating to principal firms’ self-assessments, annual-reviews and monitoring and oversight arrangements.
Report Findings
Self-assessments
The regulator’s in-depth assessment found that of the 83% of principals that had completed their self-assessments, only 52% were good quality. Some principals had not undertaken or properly documented their self-assessment and failed to effectively assess whether their arrangements to oversee ARs were effective, and their controls and resources were adequate.
The FCA noted that many firms failed to produce a detailed record for review and approval by the governing body and evidence that this review and sign off by the governing body had been undertaken annually. The FCA also noted many firms failed to document and address material deficiencies or concerns regarding compliance with SUP 12 with clear action plans. It also noted the use of templates omitting key points of a self-assessment, (i.e. an assessment of the adequacy of controls, resources, and the risk of consumer harm arising from AR activities or business).
The FCA recommended the following as good practice:
- Having a single document outlining material deficiencies or concerns in the principal’s AR oversight, and action plans to address gaps in compliance.
- Assessing effectiveness of AR oversight arrangements and whether controls and resources are adequate.
- Reviewing methods used to assess and verify the principal’s compliance with the FCA requirements.
- Using a broad range of MI (e.g. assessing staff turnover, changes to revenue and complaints rates, non-regulated activity and monitoring and oversight activity).
- Using a RAG (red-amber-green) rating system to group potential gaps in compliance and prioritise accordingly, including a timeline stating when gaps would be addressed.
- Assessing the risk of consumer harm or market integrity arising from AR activities or businesses.
- Discussing the document at board level and having it dated and signed off annually.
Annual Reviews
The FCA’s telephone questionnaire found around 90% of principals claimed to have completed their annual reviews; however, an in-depth assessment revealed only 82% of principals had completed their annual reviews, with 43% of these being good quality.
The regulator also found some principles could not evidence that they had undertaken an adequate annual review of information about their AR. The FCA attributed this to several factors: a poor audit trail, insufficient record-keeping, a reliance on limited information about their AR, or the use of an insufficient review template which omitted certain requirements under FCA rules or failed to cover key points regarding AR activities (set out in SUP 12.6A). Some principals were unable to demonstrate how they recorded or conducted their annual review or fulfilled their continuing obligations to assess their ARs. Also noted, was a lack of evidence-gathering when significant issues were identified, with issues not being escalated for consideration by governing bodies.
The regulator recommended the following as good practice:
- Having a strong understanding of AR business models, including any unregulated business conducted.
- Having a clear document reviewing any changes in an AR’s business model, senior management, or where an AR has been appointed by another principal.
- Embedding Consumer Duty compliance into the review, e.g. considering fair value assessments and training for staff on the Duty.
- Reviewing measures such as, ARs’ disaster recovery processes, ARs’ staff numbers, wind-down plans, data protection and GDPR compliance, IT security and back-up, and portals to keep track of training at ARs.
- Ensuring issues identified as part of ongoing monitoring of the AR are included in the review.
- Assess AR activity (e.g. by using quality assurance checks on AR client files and customer satisfaction surveys) to support the preparation of a full analysis of AR activity and business to feed into the annual review.
Monitoring, oversight and acting out of scope
The review found monitoring was insufficient in many firms, with insufficient analysis of the information and a failure to address issues identified via ongoing monitoring.
The FCA found that many firms failed to understand their AR’s business model and had insufficient resources to effectively monitor and oversee ARs. Some had an AR agreement which did not clearly state regulated activities the AR was permitted to carry out, and many boards and/or governing bodies failed to discuss AR oversight or make use of MI to identify and manage AR-related risks.
Many firms had also failed to undertake file reviews or observe interactions between ARs and consumers; in others, file reviews or calls with ARs were unrecorded and informal. Few firms checked consumer-facing materials to ensure ARs were not acting outside of scope.
The FCA recommended the following as examples of good practice:
- Proactively monitoring AR activities and potential unregulated activities, (i.e. by reviewing marketing materials/websites, scrutinising publicly available information such as Trustpilot reviews, and an AR's financial accounts and consumer contracts), with monitoring clearly documented, including any follow-ups with ARs.
- Conducting in-person visits to ARs, performing mystery shopping exercises and random file checks to ensure ARs are not acting outside of scope.
- Analysing monthly activity and comparing the AR’s activity report with the principal’s own data.
- Performing quarterly and ad hoc checks on ARs which feed into the annual review.
- Setting up alerts to identify changes to AR websites and linking AR marketing material directly to the principal’s website for a clear customer journey.
- Reviewing all new financial promotions to ensure compliance.
- Having a standard agenda item to discuss ARs at board meetings or relevant governance meetings, with discussions clearly recorded through detailed minutes. If issues are identified, appropriate action should be taken.
UKGI Group urges firms to assess their AR oversight arrangements against the areas for improvement and examples of good practice cited by the FCA in its review, and to act to remedy any gaps in their compliance with the regulator’s requirements and expectations.
Additional support
Get in touch with UKGI Compliance for further advice and guidance; our consultants can assist in reviewing AR oversight and identify how your business can develop and demonstrate effective self-assessments, annual reviews, monitoring and onboarding and termination processes.
Learn more
Our e-learning platform, the Development Zone, contains courses to help teams to assess and build knowledge on key areas- all whilst fulfilling CPD requirements. Why not check out our course ‘Appointed Representatives and Introducers’ following the FCA’s review to recap on key points and ensure your team has a strong knowledge of this topic?
If you are not a Development Zone user, get in touch with the team at devzone@ukgigroup.com to discuss our services and access a 14-day free trial to view the system and it's features for yourself- no commitment, no cost.