It’s been an interesting two years since the FCA took over regulation of the consumer credit sector.

During this time we have seen significant evolvement of the interpretation of the rules and best practice in their application, both from the firms and the regulator.

However there are some things which have not changed.

There are still 11 principles, six customer outcomes, and there is still the requirement for firms to have and maintain adequate corporate governance measures including a regulatory business plan and a full suite of firm specific policy documents.

These should be updated and maintained, and most importantly reflect the way your business actually interprets, has embedded, and lives and breathes the regulatory regime on a day-to-day basis to evidence fair customer outcomes.

I am increasingly horrified by the advice that has and is still being given to some firms in relation to the FCA authorisation and ongoing regulatory requirements.

Let’s look for example at limited permission v full permission.

Depending on the nature and scope of your firm’s regulated activity you will be required to apply for either limited or full permissions.

The issue I am most concerned about for the purposes of this article is the advice that has and is being given to limited permission firms.

We are speaking to increasing numbers of limited permission firms who, as part of the audit and gap analysis work we do for our clients, are confused when we ask to see their policy documentation and regulatory business plan.

“We don’t need any of those, we were advised it was not necessary as we are applying for limited permission”.

When we ask who advised them of this it is invariably advice they have been given by an outsourced consultancy.

Most such firms did not actually complete the application for themselves, merely answered a series of questions from their chosen consultancy who then completed the application on their behalf.

Therefore the individual firm would likely not have actually read the conditions and guidance that goes with it.

I have been asked by a number of recent clients to confirm the requirement to have a regulatory business plan as they are adamant they were advised they did not need to have one.

So shocked were they when I showed them the section on the limited permission application form, which clearly states the FCA expectation that I have agreed to publish this article as confirmation.

For all limited permission firms, the FCA requires you to have a regulatory business plan available.

Section 7 of the application makes this point clearly.

I quote: “You must confirm you have available a regulatory business plan.

“It is important that this is tailored to the applicant firms business, otherwise it may lead to delays.”

Section 7 then goes on to list the suggested content of the business plan as:

  • The background to the business
  • Why the applicant firm wishes to carry on regulated activities at this time
  • Whether the applicant firm has identified has identified a particular business opportunity or identified a specific customer base
  • Any long-term strategy and expansion plans for the business generally
  • Where customers will be sourced from (eg existing client base or purchase of existing book of business) including the use of any lead generators or brokers
  • The applicant firms plans in relation to financial promotions and communications. This should include how they will ensure these are compliant with CONC 3
  • Current business lines being transacted with any existing clients
  • The types of products or credit a lender or broker offers and the types of services or debt solutions that a debt manager offers and any other services (both regulated and non-regulated) that the applicant firm will be selling. You should identify the areas that the applicant firm may specialise in
  • What experience the governing body or senior management of the applicant firm have of the type of regulated activities the applicant firm wishes to carry on
  • The background and experience of all the persons performing significant influence controlled functions and how this will help them with their role. This should include employment background. You must enclose copies of any relevant qualifications / examinations
  • Details of all fees that could be payable by the customer and how they are explained to the customer

After listing the basic suggested content (and it goes without saying that FCA suggested content is a good idea to include) it then lists additional suggestions for:

  • All lenders
  • Brokers
  • Counselling, adjusting and credit information
  • Firms which are intending to be a principal

Lastly, section 7.1 is the confirmation with the question:

  • Please tick this box to confirm that the Applicant has a business plan in place that covers the above points

Why then are such a high number of Limited Permission firms under the impression they do not need these documents? It is very clear on the application that this is a requirement.

What is also concerning is the majority of these firms are also unaware of the requirement to have other required documentation as part of their authorisation, for which the submission required ticking a box to confirm the documents were available.

Limited permission applications did indeed mean that there was no requirement to SUBMIT the documents at the point of application, however the principles for business and the rules apply exactly the same to ALL firms.

What is also concerning is that the majority of these firms have also trusted their GABRIEL returns to the same third party.

GABRIEL exists to give the FCA an insight into the marketplace and intelligence on the firms operating within.

The data gathered via GABRIEL will be used as part of the FCA ongoing supervision and enforcement teams.

GABRIEL, like the application process, is not merely a ‘box ticking exercise’ but is something to be taken very seriously with the data submitted being carefully considered and checked to ensure it is an accurate reflection of your business.

Getting through the authorisation gateway is only the beginning.

We have seen historically from other sectors that the real work and intrusion by any regulatory body only begins in earnest anything from 12-18 months post authorisation, where firms are then expected to prove that the information provided as part of their application is accurate.

It could be argued that this falls under Principle 11 – relations with regulators: “A firm must deal with its regulators in an open and cooperative way, and must disclose to the regulator appropriately anything relating to the firm of which that regulator would reasonably expect notice.”

If you have identified you don’t have the correct documentation and do nothing to put this right, if the regulator were to discover this you could be at risk of non-compliance with Principle 11.

An important point to remember.

The FCA will not accept poor quality of advice from a third party as a reason for non-compliance.

The business and its controllers are ultimately responsible and liable. I would urge any limited permission firm to revisit their application and ensure they have the correct documentation which has been pledged to the FCA, and that it is current and up to date.

Principle 3 – management and control – states: “A firm must take reasonable care to organise and control its affairs responsibly and effectively.”

Of course, there is always a place for third party compliance support.

In my opinion, compliance is not something that can be completely outsourced as the ultimate responsibility for non-compliance rests with the business itself.

Compliance should be built into your business proposition as way of ensuring all customers receive a fair outcome whilst retaining a competitive advantage. This cannot be done unless your business fully understands the implications and expectations the FCA regime imposes upon it.

Author: Andrew Smith (pictured), managing director, Consumer Credit Advisory Services (CCAS)