Following the recent batch of FCA BRA workshops, we have gathered some useful feedback from clients.

• Business plans. Even though not a rule requirement, the FCA expect to see one. In truth, most firms don’t have one. It is a question on our audit that firms often fail. Please note the FCA stance.
• Internal file checks. Again, this is something we strongly recommend. There should be a balance of internal and external checks.
• Regular board meetings. These should be documented and should review what’s happened using management information, but should also look forward and anticipate (proactive planning).
• Checklists. They like them.
• Reliance on compliance consultants. As we always make clear, we are here to advise and assist but ultimately, regulatory responsibility lies with the regulated firm. Don’t trust any compliance consultancy that tells you otherwise.
• Management Information. As we’ve been saying for a very long time, MI is very important. The MI review should be documented and should focus on areas of risk.
• Dominant person risk. Is there someone in a lofty position that won’t listen or makes all the decisions?
• Resource risk. Needs managing. Is compliance, for example, allocated sufficient resource.
• Clear reporting lines. Important.
• Data protection. The FCA suggests that files should be stored in fire proof, locked cabinets, not on show.