FCA Compliance Audits and Health Checks.
Independent compliance audits give Boards and senior management clearer assurance that controls are working in practice, not just on paper. They help firms test governance, evidence compliance with FCA expectations, and identify gaps early across Consumer Duty, operational resilience, onboarding, delegated authority, and wider oversight arrangements.
Why Firms Need Independent Audits
An external review of compliance controls is one of the clearest ways to assess whether your framework is actually delivering against FCA expectations. Independent audits give senior management additional assurance, help identify hidden weaknesses before they become reportable issues, and provide credible challenge where internal teams may be too close to day-to-day operations.
That need has become sharper in current FCA priority areas. Firms are expected to monitor and evidence good outcomes under Consumer Duty, not simply assume that policies are enough. They are also expected to understand operational vulnerabilities, test whether important business services can remain within tolerance, and remediate gaps where resilience arrangements fall short.
Health checks are also a useful response to supervisory correspondence, Dear CEO letters, thematic concerns, internal incidents, control drift after growth, and changes in product, distribution or delegated authority models. A well-scoped review can help a firm move from assumption to evidence and from reactive fixes to better-governed assurance.
RRCA HEALTH CHECKS.
At RRCA, our health checks are conducted by industry experts who take their time to understand the firm's values, operational principles and challenges. This results in an approach that scrutinises the internal controls from a practical perspective, upholding FCA expectations.
During our work, we undertake a robust review of the policies and procedures and hold discussions with key stakeholders in the business. Our reports are always presented to include:
A clear risk rating approach
Justification of our findings (positive or negative) in plain English
Clear guidance of how to remedy any shortfalls
A document structure allowing multi-user contribution
Follow-up meetings to provide further guidance and support
We can review compliance framework, including policies, procedures, resourcing, and reporting, to assess how well they meet ever-evolving regulatory expectations and interpretations.
Our expert team is here to assist with a comprehensive regulatory audit, health checks or a review of specific operational areas.
YOU MAY ALSO BE INTERESTED IN.
At RRCA we provide a comprehensive and tailored service, meeting individual needs and FCA obligations. Whether you are a start-up or an established firm, our expert consultants are here to provide guidance and support.
You can find ample information on our website or if you prefer, simply contact us for an obligation free and confidential discussion about your needs.
Our Audit Services
Once we understand the nature of the breach, the likely regulatory implications, and the firm’s immediate priorities, we help structure the response, evidence trail, and remediation plan.
Regulatory Health Checks (focused & general)
We carry out broader framework reviews and targeted health checks depending on the issue. That can include governance, compliance monitoring, policies and procedures, reporting lines, resourcing, controls design, and how well regulatory obligations are embedded in practice.
Coverholder Audits (Lloyd’s / binder audits)
We conduct reviews of delegated authority and binder-related controls, including bordereaux handling, underwriting authority, claims processes, sanctions screening, complaints handling, reporting, and governance. The focus is on whether operational delivery aligns with contractual and regulatory expectations.
Client On-boarding Reviews
We review the sales and onboarding journey to assess compliance with disclosure requirements, suitability or appropriateness expectations where relevant, financial promotions rules, AML controls, sanctions processes, and customer communications. This is particularly useful where onboarding has evolved quickly or across multiple channels.
Consumer Duty Assurance Reviews
We review whether firms can evidence good customer outcomes across governance, monitoring, fair value, consumer understanding, support, and product oversight. These reviews are particularly useful where Boards need stronger assurance or where management information does not yet give a clear view of outcomes.
Appointed Representative Audits
We help principal firms assess onboarding, oversight, reporting, monitoring, and governance across AR arrangements. These reviews are designed to test whether supervision is proportionate, evidenced, and aligned to FCA expectations for delegated distribution and controlled activities.
Product Development Risk Reviews
We provide independent challenge on product governance, target market thinking, conduct risk, approval processes, oversight forums, and management information. These reviews help firms assess whether product development and change processes are properly governed and capable of evidencing good customer outcomes.
What Our Audit Reports Include
Our reports are designed to be useful for management action, not just file completion. They are written in plain English, structured for practical follow-up, and tailored to the needs of the firm, its permissions, and the specific control area under review.
Risk-rated findings
A clear assessment of severity and prioritisation so management can focus effort where it matters most.
Remediation guidance
Practical recommendations on how to close gaps, strengthen controls, and improve evidence of compliance.
Plain-English justification
Clear explanations of why a finding matters from a regulatory, operational, and governance perspective.
Follow-up support
Time with stakeholders to discuss findings, answer questions, and help shape realistic next steps.
Frequently Asked Questions - FAQ
How long does a compliance health check take?
A focused review can often be completed in a matter of days, while broader audits will take longer depending on scope, document quality, stakeholder availability, and whether testing is required. A good project should start with clear scoping so the firm understands timing, workstreams, and expected outputs from the outset.
If you need a fast-turn review for a Board meeting, regulatory response, or specific control concern, RRCA can help define a proportionate scope quickly.
What is a coverholder audit?
A coverholder audit is a review of delegated authority arrangements and binder-related controls. It usually examines whether underwriting, claims, bordereaux, reporting, sanctions, complaints, governance, and oversight processes are operating in line with contractual requirements and regulatory expectations.
These reviews are especially valuable where firms want independent assurance over delegated models or need clearer evidence for internal oversight.
Do we need an independent audit if we already have internal compliance?
Often, yes. Internal compliance teams are essential, but an external audit can provide independent challenge, identify blind spots, and give Boards additional assurance that controls are working as intended. This is particularly helpful where the firm has grown quickly, introduced new products, changed distribution, or needs stronger evidence on Consumer Duty or operational resilience.
Is a compliance audit disruptive to the business?
A compliance audit or health check should be structured and proportionate, so it does not create unnecessary disruption. The scope, timing, document requests, interviews, and expected outputs should be agreed at the start, allowing the firm to plan around day-to-day business activity.
RRCA aims to make the process focused, practical, and efficient. Reviews can be tailored to a specific area, such as Consumer Duty, governance, financial promotions, complaints, compliance monitoring, or operational resilience, or they can cover the wider compliance framework. The result is a clear view of risk and improvement areas without placing excessive burden on internal teams.
How much does an audit or compliance health check cost?
The cost of an audit or compliance health check depends on the scope, complexity, size of the firm, number of regulated activities, and the level of review required. A focused review of one area, such as Consumer Duty, governance, complaints, or compliance monitoring, will usually be more cost-effective than a wider review of the full compliance framework.
RRCA will agree the scope and expected outputs at the outset so the firm has clarity on cost, timing, and deliverables before work begins. The aim is to provide proportionate, practical assurance without unnecessary cost or over-engineering.
Can an audit or compliance health check be completed remotely?
Yes. Many audits and compliance health checks can be completed remotely using secure document review, video meetings, and structured information requests. Remote reviews can be efficient and flexible, particularly where the work involves reviewing policies, procedures, governance records, monitoring reports, risk assessments, MI, and Board papers.
Where useful, RRCA can also provide in-person support, especially for workshops, interviews, onsite testing, or Board and senior management discussions. The approach can be tailored to the firm, the scope of the review, and the level of assurance required.