Bulletins

Update 362: The FCA’s ongoing work in relation to Appointed Representatives (ARs)

  • Bulletin type: Regulatory update
  • Update number: 362

  • May 17, 2024

Background

Since the implementation of the new Appointed Representatives regime the FCA has carried out work to assess how well Principal firms oversee and monitor their ARs.  As soon as the new regime was introduced on 8th December 2022, the FCA wrote to Principal firms asking for information about their ARs.  Since then the FCA has continued to engage with Principal firms, for example, by carrying out short telephone interviews or more in-depth thematic work.

Recently, the FCA has undertaken some sector-specific assessments of the key harms and drivers of harm caused by ARs and Introducer Appointed Representatives (IARs).

The FCA’s expectations

There are over 9000 ARs in the insurance sector.  The FCA has a significant interest in ARs, acknowledging in their recent AR oversight webinar that they play a crucial role in financial services markets, and that the regime has many benefits (competition, market access, incubation of future authorised firms).  How Principals oversee ARs is of great interest to the FCA and has been for the last two and a half years

Historically, data has shown the FCA that the AR regime has caused significant issues and harm for consumers, so the FCA has an ongoing commitment to and focus on the oversight of ARs.

The FCA wants to improve Principals’ oversight of their ARs and has offered examples of good practices as well as areas for improvement it has seen in Principal firms’ due diligence checks and ongoing monitoring of ARs.

The publication of the FCA’ recent findings builds on its Policy Statement and work to improve the AR regime. The guidance the FCA’s examples refer to can be found in SUP 12: Application and purpose.

The guidance covers:

  • the initial appointment of ARs and IARs;
  • ongoing monitoring of ARs and IARs; and
  • ending AR and IAR relationships.

The FCA has highlighted that it will act where it identifies firms that do not have adequate oversight of their ARs. Therefore, all Principal firms who have ARs should consider the FCA’s findings and guidance, addressing any gaps in respect of their initial and ongoing monitoring of ARs.

What does this mean?

An AR carries on regulated activity under the responsibility of an authorised firm, known as the Principal.  The Principal firm is responsible for making sure the AR is fit and proper and complies with the FCA’s rules.  In essence, the Principal firm is the AR’s Regulator.

A Principal firm’s responsibilities

A Principal firm must:

  • have a written agreement with the AR, setting out what business it can carry out;
  • assess an AR before appointing it, to ensure it is fit and proper, financially stable and suitable to carry out business for the Principal firm;
  • notify the FCA when the Principal appoints new ARs, at least 30 days before the appointment takes effect;
  • review information on ARs’ activities, business and senior management regularly;
  • ensure data on ARs is up to date and notify the FCA of any changes;
  • take reasonable steps to ensure ARs act within the scope of their appointment;
  • ensure at all times that the Principal firm has the skills and resources to oversee its ARs, including if an AR’s business changes or expands;
  • provide complaints data and revenue information for ARs on an annual basis;
  • be clear on when and how to terminate an AR relationship;
  • ensure an AR continues to meet the necessary standards (such as the Consumer Duty); this applies to the regulated activities carried on by the AR for which the Principal firm has accepted responsibility;
  • have adequate financial resources taking into account the activities of the ARs (including IARs); and
  • hold compliant Professional Indemnity Insurance to cover the activities of the Principal firm’s current and former ARs (including Introducer Appointed Representatives).

Initial appointment and ongoing oversight of ARs

What outcomes does the FCA want?

The FCA wants Principal firms to have appropriate, proportionate and robust procedures, systems and controls to ensure they conduct appropriate due diligence checks on ARs, both on an initial and ongoing basis.  The FCA accepts that Principal firms struggle with ‘the Gateway’ when appointing ARs, but reminds potential Principals that it is not a ‘tick-box’ and that the additional scrutiny at the appointment stage is here to stay.  Going forward, Principal firms should expect additional challenge, particularly (for example) when the AR’s Approved Persons are ‘overseas’.

‘Full’ ARs

Principal firms should ensure, on an initial and ongoing basis, that their ARs are solvent, are suitable to act for the firm (including whether they are fit and proper), and have no close links which could prevent the effective supervision of the AR by the Principal firm (e.g., an unauthorised parent company becoming an AR of its authorised subsidiary).

Principal firms should also ensure that they have adequate controls over the ARs’ regulated activities, that they have enough resources to monitor and enforce compliance of the relevant requirements by the AR, and that the ARs’ activities do not or would not result in undue risk of harm to consumers or market integrity.

IARs

Principal firms should take reasonable care to ensure, on an initial and ongoing basis, that any IAR is suitable to act for the firm, and that its activities do not or would not result in undue risk of harm to consumers or market integrity.

Initial appointment of ARs

What does good practice look like?

In its most recent thematic work, the FCA found that Principal firms that demonstrated good practice in overseeing and monitoring their ARs had a good understanding of the risks and harms involved in using an AR. They were also able to identify how the regulatory requirements translate to the business model used. These firms understood that the FCA’s rules set out minimum requirements, and used them as a starting point when designing effective approaches to appointing ARs. 

These firms also undertook robust quality assurance / auditing of their ARs and applied the same standards to the AR’s conduct as they did to their own firm.

Good practices included:

  • Checking open sources of information (e.g., LinkedIn, Google etc).
  • Conducting in-depth reviews of an Approved Person’s competence and suitability, evaluating the candidate’s employment history.
  • Being able to fully explain any concerns or risks, and the mitigating steps that the Principal may be taking.
  • Clear, documented procedures for onboarding ARs (e.g., a ‘manual’ which provided a detailed step-by-step guide to the sign-off process).
  • A clear scoring system which identified areas of concern and a hierarchy of governance approval.
  • Having appropriate documentary evidence and audit trails to show how the Principal firm was meeting its oversight obligations.
  • Providing training on an initial and ongoing basis to ARs about the regulated activity they undertake and the financial products they sell, as well as the regulatory expectations before they are appointed.
  • Greater due diligence when appointing ARs, such as:
    • conducting a thorough review of financial accounts and linked individuals on Companies House;
    • anti money-laundering and financial due diligence checks; and
    • considering what the AR’s unregulated activities will be and whether there was risk of consumer harm.
  • Early vetting of potential ARs using a compliance checklist.
  • Onsite visits to ARs, particularly any considered a higher risk.
  • Requiring ARs to complete a compliance call and training course before they start undertaking regulated activities.
  • Categorising potential ARs based on factors that affected conduct risk, using this to determine the frequency and type of monitoring the Principal firm would apply after appointment.
  • Demonstrating through the appointment procedures an understanding of the harms posed by the regime and how the rules and guidance in the FCA’s Handbook (SUP 12) aim to prevent these.

What does not-so-good practice look like?  Areas for improvements

Some Principal firms did not have an adequate understanding of the full requirements when appointing ARs and /or had poor systems and controls when conducting initial due diligence before appointing an AR.  In assessing Principal firms’ oversight of potential ARs, the FCA believes that some don’t get the basics right (e.g., open-source checks).

The FCA sees appropriate due diligence as ‘not a once and done job’ (e.g., criminal records checks only carried out at the appointment stage rather than on an ongoing basis).  Also, the FCA expects clear and comprehensive submissions when a firm is seeking to have an AR approved by the FCA.

Areas for improvement include:

  • Not undertaking criminal records or credit checks on the ARs.
  • A lack of up-to-date procedures.
  • When undertaking Companies House checks, simply matching individuals to company records and not analysing previous links with dissolved companies and / or company accounts to identify potential problems about an AR’s financial resilience.
  • Relying simply on automated checks when undertaking background searches on the AR and not using any human judgement or oversight.
  • Not undertaking any internet and/or open-source checks when conducting background checks on the AR.
  • Where an AR had been, or is currently, appointed to or by another Principal, not making any enquiries with the other Principal about the AR.
  • Failing to have an appropriate understanding of the required contract terms set out in SUP 12.5 (and legislation) for AR agreements.
  • Not considering the impact appointing an AR will have on the Principal firm’s financial and non-financial resources and its ability to effectively monitor its ARs. It’s important to note that this is both an initial and ongoing requirement.

Ongoing monitoring of ARs

What does good practice look like?

Principal firms with robust systems and controls to monitor their ARs could demonstrate a variety of methods by which they could satisfy themselves their ARs were complying with the relevant rules and regulations.

Monitoring procedures also focused on identifying and addressing potential individual consumer harm and improving procedures more generally for the future.

These firms had dedicated oversight staff, adjusted the resource as and when required, and had a clear structure around responsibilities and points of escalation.

While the number of oversight staff per AR didn’t always correlate to better oversight, the experience and knowledge of the individuals involved did. Oversight staff also had clear responsibilities which favoured a compliance function rather than a relationship management function.

Good practices included:

  • Direct control of relevant sections of the AR website to ensure compliance of any financial promotions or statutory regulatory status disclosures.
  • The ability to limit or block access to a firm’s systems for failure to comply with the terms of the AR agreement or relevant rules and legislation.
  • Contacting consumers who had been introduced by an IAR to ensure the IAR did not act outside the limited regulated activities they can perform.
  • As part of quality audit, together with file checks, compliance staff also observing ARs’ interaction with consumers.
  • Getting consumer feedback to ensure ARs were not acting out of scope or mis-selling products.
  • Monitoring the AR’s financial position on an ongoing basis, not just at appointment stage, allowing firms to react to any significant events.
  • Where ARs were not conducting regulated activities, Principal firms engaging with ARs to understand the reasons for this, and considering whether the AR relationship needed to continue.
  • Using automated processes to identify outlier behaviours by the AR, which could lead to potential consumer harm (e.g., using a pre-determined set of parameters to identify and highlight any quotes which could have been poor value for further manual scrutiny).

What does not-so-good practice look like?  Areas for improvements

Firms with poor systems and controls were not able to demonstrate effective ongoing oversight of their ARs. Some firms did not have enough resources to adequately monitor the number of ARs they either had, or planned to have, in the near future.

The FCA found a potential conflict of interest between persons who were maintaining and developing commercial relationships with ARs while simultaneously being responsible for a compliance function involving the ongoing monitoring of the ARs. There was a risk that, because of commercial interests and relationships, these staff may also be unable to fulfil independent compliance obligations.

In particular, some firms could not adequately demonstrate how they were monitoring the activities of their ARs to ensure that these activities did not or would not result in undue risk of harm to consumers.

Areas for improvement include:

  • Firms not taking proactive steps to identify harm caused by their ARs and relying only on very limited management information to monitor AR conduct (e.g., only relying on complaints data instead of other metrics).
  • Not analysing the reasons why ARs were not undertaking any regulated activity for a long time or considering whether the AR relationship remained appropriate.
  • Not undertaking file reviews or observing interactions between ARs and consumers to ensure ARs were delivering good outcomes.
  • Not sufficiently considering potential conflicts of interest that might result in consumer harm or how to manage this (e.g., from staff / employee incentives or commission arrangements between companies).
  • Not conducting checks to ensure IARs were acting within the scope of their limited permitted activities (e.g., not going further than introducing and / or distributing non-real time financial promotions). This was a particular risk where IARs had interactive engagement with consumers.
  • Not updating AR arrangements to reflect changes in Companies House (e.g., not updating AR or trading names).
  • Not promptly terminating AR appointments when monitoring of Companies House data showed an AR company had been dissolved.
  • Not monitoring AR websites to ensure compliance of any financial promotions or statutory regulatory status disclosures. Some examples included:
    • ARs wrongly identifying themselves as a Principal firm;
    • ARs using the FCA logo on their website; and
    • ARs not appropriately disclosing their AR status.
  • Some firms said they were actively monitoring AR websites, but these websites had non-compliant statutory status disclosures; this pointed to a lack of understanding of firms’ obligations.
  • Not using feedback forms sent to consumers to appropriately monitor the risk of potential harm from their ARs.

Ending AR relationships

What outcomes does the FCA want?

The FCA wants Principal firms to be clear on when and how to end an AR relationship in line with the requirements in the FCA Handbook (SUP 12.8).

What does good practice look like?

  • Firms with robust systems and controls had appropriate and well-documented procedures to end AR relationships when appropriate.
  • Some firms could show they kept significant control of the regulated services they were permitting their ARs (and in particular IARs) to conduct. This was either through having direct control of the software used to provide quotes, where they could suspend or terminate access if the AR/IAR did not follow correct procedures, or through controlling promotions literature on websites which could easily be removed.  
  • Where an AR had not conducted regulated activities for some time and there were no valid reasons for this, firms terminated the AR relationship. 

What does not-so-good practice look like?  Areas for improvements

Some Principal firms:

  • did not check an AR’s website after termination to ensure it no longer stated that it was an AR of the firm or that it could no longer undertake regulated activities on behalf of the firm;
  • were not able to explain their termination policy and did not maintain up-to-date policies and procedures; or
  • did not notify the FCA to amend the Financial Services Register immediately after terminating a contractual arrangement. This is important, to ensure consumers don’t believe an AR continues to act on the Principal’s behalf.

The FCA’s next steps

The FCA is likely to continue with sector-specific thematic work in relation to Principal firms and their ARs, and will review the data it receives from Principal firms’ REP025 returns.  In addition, as indicated in the information above about the FCA’s expectations, the FCA will act where it identifies Principal firms that do not have adequate oversight of their ARs.

UKGI can help

UKGI has assisted many clients since the introduction of the enhanced Appointed Representatives regime in December 2022.  If you have any questions about, or need any support in relation to, the appointment and ongoing oversight of ARs and IARs, we will be happy to happy to discuss how we can assist.  Contact your usual UKGI Consultant, or the Technical Helpline at helpline@ukgigroup.com or on 01925 767888.