Beyond the FCA licence: Proactive Due Diligence in Financial Services

The risky assumption that a firm’s regulation by the Financial Conduct Authority (FCA) is synonymous with its perpetual compliance and solidity is akin to believing that the existence of speed laws and traffic enforcement guarantees the absence of road accidents or reckless driving. Just as speed laws set the parameters for safe driving without ensuring it, FCA regulation provides a framework for financial conduct without guaranteeing a firm’s ongoing adherence or operational integrity.

Let’s expand on this analogy: imagine you’re crossing a busy one-way street in the heart of London. The presence of traffic lights, pedestrian crossings, and even patrolling police offers a degree of safety and order. But would you step off the curb without looking both ways? Hopefully not, because you understand that despite regulations, an inattentive driver or an unforeseen hazard could always be just around the corner. Similarly, when engaging with vendors, FCA approval is a good starting point, but it’s not an all-clear signal. It reflects a moment in time, not a perpetual state.

Your vendors or outsource providers who are regulated have passed a comprehensive test of their business model, their finances, and their character. Getting authorised is not easy. But regulation, like a driver’s license, is not a permanent badge of competence (not everyone can be a driving god like us, right?). It’s a license to operate, which can be revoked if rules are broken. And much like on the road, infractions, negligence, or changes in conditions can lead to performance issues or operational mishaps that put your business at risk.

Consider the due diligence process as the act of “looking both ways.” Is the vendor still compliant with the latest regulatory updates? Have there been any significant changes in their business model, management team, or service quality? Are there any “warning signals” such as significant client complaints or operational disruptions? Just recently we heard that the FCA had interrogated firms with high turnover of MLROs – that’s the kind of “look both ways” risk assessment that could keep you from being run over.

Conducting thorough due diligence is about verifying that the vendor not only understood the rules at the outset but continues to follow them diligently. This means assessing the vendor’s financial health, operational resilience, data security measures, and compliance with ongoing regulatory obligations. It also includes understanding their business continuity plans, their risk management frameworks, and the robustness of their internal controls.

In emphasising the necessity of rigorous due diligence, let us be clear: this is not a critique of the Financial Conduct Authority or its regulatory framework. The FCA’s role is not to provide guarantees — and rightly so, as the sheer scope of such a task would require an impractical army of supervisors and an unsustainable financial burden. Besides, for them to spot the bad actors and act immediately, they would need to be all over your business, too.

The instances of failure within the regulated financial services are, more often than not, attributable to the lapses or oversights of the industry participants themselves. These entities fall short of adhering to the regulatory expectations laid out by the FCA, leading to the very mishaps the regulator seeks to prevent. It falls upon each participant within the financial ecosystem to uphold these standards diligently and to engage in due diligence that protects all stakeholders involved. Therefore, while the FCA lights the way for compliance and good practice, the responsibility to navigate this path safely and effectively rests with us — the industry professionals committed to integrity, excellence, and the trust of those we serve.

In conclusion, while FCA regulation is an essential benchmark for vendor compliance, it is not a perpetual guarantee. It’s a vigilant, ongoing process that ensures the vendors you engage with are not only compliant today but on an ongoing basis.

The question then of course, is “how do we do this quickly, efficiently and reliably”. The answer lies with VENDOR iQ.