The benefits of a decent FCA compliance consultant

A high-quality consultant does far more than just send you a template for a compliance manual. They’ll be deeply involved in the practical application of the rules to your specific business model.

• Refining Authorisations: They make sure your permissions match what you’re actually doing. I’ve carried out audits where activities were being carried out that weren’t technically authorised for, or on the flip side holding permissions they didn’t need. The latter can lead to additional audit work being paid for that isn’t needed.
• Controls: They would go beyond providing a CASS rule mapping document for you to complete. They’d review the controls to confirm they cover what is needed and test if they work. I’d also expect suggestions of improvements, for example to onboarding clients, the reconciliation process or an effective breaches register that demonstrates any actions taken.
• Regulatory Liaison: If the FCA has questions or is planning a visit, a consultant who speaks the regulator’s language can be invaluable. They help you prepare your responses in a way that is transparent and meets the FCA’s expectations, but can also protect you from providing information that the FCA doesn’t need.

When you are looking to appoint a consultant, or tendering for a new one, you need to dig a little deeper than just checking their website and seeing what Chat GPT or Gemini have to say!

• Who is actually doing the work? Many large consultancies lead with a senior partner but delegate the actual work to a junior associate. You need to know that the person looking at your files has the experience to spot a problem and understand what contacts your assigned team has with the FCA?
• What is their experience in your specific sub-sector? The FCA handbook covers a wide range of firms, a consultant who specialises in insurance mediation won’t be right for a high-frequency crypto trading platform.
• How do they handle the ‘grey areas’? The FCA handbook is rarely black and white. You want a consultant who can provide a reasoned, risk-based opinion. Directing you to sections of the Handbook and asking you to make the decision without additional context from their experience is not enough.
• Obtain a template of a recent control review they have conducted? Seeing the type of advice they provide will help you see the value they can add to your business.

This is the most important distinction for me as an auditor. I am often asked by clients what they should do in a specific situation, whilst I can answer this from an audit perspective, there is always a danger that I end up marking my own homework.

The consultant helps you create your CASS policies, they might help you perform your daily reconciliations, and they will certainly help you draft your CASS Resolution Pack.

As your CASS auditor, my job is to independently verify that the work the consultant (and your team) has done is compliant.

• I cannot tell you exactly how to fix a specific reconciliation error, as that would impair my independence.
• I can tell you that it is wrong and why, but the consultant is the one who helps you implement the fix.
• What I will often do though is look at the result before the actual CASS audit commences, this way you still get the confidence that any changes made are going to prevent the same breach arising.

The important value point here is that if a consultant is doing their job well, the CASS audit should be straightforward because the evidence I need is already organised and compliant.