Regulatory Services

The core documents required for most consumer credit businesses are a compliance manual, terms and conditions, a privacy policy, a creditworthiness assessment policy, financial crime procedures, a Consumer Duty policy, and a complaints handling procedure. Depending on the products you offer, you may also need a Key Information Document, a pre-contract information pack, and a business continuity plan. We advise on which documents apply to your specific permissions and product set.

Yes. The FCA expects to see the core regulatory documentation as part of the authorisation application. This includes a compliance manual, financial crime procedures, a business continuity plan, and a disaster recovery plan at a minimum. Having well-drafted, business-specific documentation strengthens the application and reduces the risk of delays or additional information requests from the FCA.

The FCA's Consumer Duty sets a higher standard of consumer protection for retail financial services and came into force on 31 July 2023. It applies to all FCA-regulated firms that have a material influence on retail customer outcomes, which covers most consumer credit businesses. Firms must act to deliver good outcomes across four areas: products and services, price and value, consumer understanding, and consumer support. We draft Consumer Duty policies and advise on embedding the requirements across your business.

A creditworthiness assessment is a check carried out before entering into a regulated credit agreement to assess whether the customer can afford to repay without significant adverse effect on their financial situation. It is a legal requirement under the FCA's Consumer Credit sourcebook (CONC) for most consumer credit products. We advise on the requirements that apply to your specific products and draft the policy and procedures needed to demonstrate compliance.

The FCA expects regulated firms to review their regulatory documentation regularly and to keep it current as their business, products, and the regulatory framework change. Most firms review core documents such as the compliance manual and financial crime procedures annually as a minimum. A document status table helps track review dates and ownership. We advise on appropriate review frequencies for each document type and carry out reviews when needed.

A compliance monitoring programme sets out how your firm monitors its ongoing compliance with FCA requirements. It covers what is monitored, how frequently, who is responsible, how findings are recorded and escalated, and how the programme itself is reviewed. The FCA expects all regulated firms to have a risk-based compliance monitoring programme in place. We design and draft programmes proportionate to the size and complexity of your business.

An incident response plan should cover how your firm identifies and classifies significant incidents, internal escalation procedures, the circumstances in which the FCA must be notified, ICO notification requirements for personal data breaches, any obligations to communicate with affected customers, and how the incident is reviewed afterwards. We draft incident response plans for consumer credit businesses and make sure they connect properly with the business continuity plan and disaster recovery plan.

Yes. We review existing regulatory documentation for consumer credit businesses and other FCA-regulated firms, identifying gaps, outdated provisions, and areas that do not meet current FCA rules or guidance. We then advise on what needs to change and either update the documents or draft replacements. This is particularly useful ahead of an FCA supervisory visit or when the firm's business model or products have changed.