As the FCA’s scrutiny of financial promotions has intensified, the people who manage them have become more important — and more sought after. Financial promotions compliance has evolved from a sign-off task tacked onto a broader compliance role into a specialism in its own right, requiring a distinctive blend of regulatory knowledge, commercial awareness and judgement. This guide describes what the financial promotions compliance role involves, the skills it demands, how it fits within a regulated firm, and the career path it offers. It is written both for professionals considering the specialism and for firms trying to understand what they are recruiting.

What the Role Involves

A financial promotions compliance professional is responsible for ensuring that a firm’s marketing communications meet the FCA’s standard that promotions be fair, clear and not misleading. In practice the role spans reviewing and approving promotions before publication; advising marketing teams on what they can and cannot say; maintaining the firm’s financial promotions policies and procedures; keeping the records that evidence compliance; monitoring published promotions and external channels; and, increasingly, overseeing the promotions of third parties such as appointed representatives and influencers. The role applies the standard explained in our guide on applying the fair, clear and not misleading standard.

The work is a mix of detailed, document-level review and broader advisory and design work. On any given day the professional might assess a specific advertisement against COBS, advise on the wording of a campaign, update a procedure in response to new FCA guidance, and brief a marketing team on the rules for a new product launch.

The Skills That Matter

The role demands a particular combination of capabilities. The first is regulatory knowledge: a genuine command of COBS 4 and the wider financial promotions framework, available through the FCA Handbook, and an understanding of how the FCA interprets and applies it. The second is commercial awareness: an understanding of how marketing works and what the business is trying to achieve, because a compliance professional who only ever says no adds less value than one who can find the compliant route to the commercial goal.

The third is judgement. Much of financial promotions compliance is not black and white — it turns on the impression a promotion creates, the prominence of risk relative to reward, the suitability of a channel for a product. Applying the standard consistently to ambiguous material is a skill built through experience. The fourth is communication and influence: the ability to explain decisions to marketing teams and, when necessary, to hold the line under commercial pressure with the confidence and authority to make it stick. The fifth, increasingly, is digital fluency — understanding social media, influencer marketing and digital advertising well enough to assess promotions in those channels, as covered in our guide on social media financial promotions.

Where the Role Sits

Financial promotions compliance usually sits within the broader compliance function, reporting ultimately to the compliance oversight function holder — the SMF16 under the senior managers regime. In smaller firms, financial promotions may be one responsibility among several held by a generalist compliance officer; in larger firms, particularly those with heavy marketing activity, it may be a dedicated team. The accountability for the firm’s financial promotions ultimately rests with senior management, which is why the role connects closely to the senior manager regime and the reasonable steps framework.

The role also works in close partnership with the marketing function, and the quality of that relationship matters. The most effective financial promotions professionals are embedded enough in the marketing process to influence promotions from the draft stage rather than acting only as a final gate — which prevents many of the issues described in our guide on common financial promotions breaches.

The Career Path

The career path typically begins in a broader compliance role — a compliance analyst or officer position where financial promotions is one of several areas of responsibility. From there, professionals can specialise, taking on dedicated financial promotions responsibility and developing deep expertise in the area. Progression leads to senior financial promotions or compliance advisory roles, and ultimately toward compliance leadership — head of compliance or the SMF16 compliance oversight function, where financial promotions is one part of a wider remit.

Because financial promotions expertise is in demand and not abundant, professionals who develop genuine depth in it have strong prospects. The specialism is also portable across sectors — the principles apply whether the firm is an investment manager, a payments firm, a consumer credit lender or a wealth manager — which widens the range of opportunities. For those interested in the regulatory framework that surrounds the role, our guides on the SMF16 compliance oversight function and the wider SMCR provide useful context.

A Day in the Role

The practical texture of the role helps explain the skills it demands. A typical day might open with a queue of promotions awaiting review — an email campaign, a landing page update, a set of social posts, a brochure revision — each to be assessed against the standard and either approved, returned with required changes, or escalated. Mid-morning might bring an advisory conversation with marketing about a planned campaign, where the professional’s value lies in shaping the approach early rather than rejecting it late. The afternoon might involve updating a procedure in response to new FCA guidance, sampling live promotions to confirm they match what was approved, or briefing an appointed representative on the firm’s expectations.

What distinguishes the strong professional across all of this is the ability to move fluently between detail and judgement — to apply a precise rule to a specific phrase one moment, and to weigh the overall impression of a whole campaign the next. The role rewards people who are comfortable holding both registers at once, and who can carry the marketing team with them rather than being seen purely as an obstacle.

Tools and Continuing Development

The role increasingly involves technology — promotions review and logging systems, and a growing range of tools that screen marketing content against regulatory requirements before it reaches human review. A modern financial promotions professional benefits from being comfortable with these tools while understanding their limits: technology can flag obvious issues at scale, but the judgement calls that define the role still require a human. Staying current also means tracking the FCA’s evolving expectations, which shift as new channels, products and risks emerge — the rise of finance influencers and the tightening of high-risk investment rules being recent examples. Professionals who invest in continuing development, whether through formal compliance qualifications or active engagement with FCA publications, build the depth that the senior roles require.

What Firms Should Look For

Firms recruiting for financial promotions compliance should look beyond a checklist of regulatory knowledge. The candidates who succeed combine that knowledge with commercial understanding, sound judgement on ambiguous material, the confidence to challenge, and increasingly digital fluency. Sector familiarity helps, as does experience of the firm’s specific product types and channels. The role is too important — and the exposure from getting promotions wrong too significant — to fill with regulatory knowledge alone.

How FD Capital Helps

FD Capital recruits compliance professionals across the full range of FCA-regulated firms, including the financial promotions specialists who keep firms’ marketing compliant. Every candidate is personally assessed by Adrian Lawrence FCA, whose chartered-accountant background gives FD Capital a depth in regulated-finance assessment that generalist recruiters cannot match.

Related guides: Fair, Clear and Not Misleading | Common Financial Promotions Breaches | Social Media Financial Promotions | AR Financial Promotions | Financial Promotions Record Keeping

A compliant financial promotion that cannot be evidenced is, from a supervisory perspective, almost as exposed as a non-compliant one. The FCA expects firms not only to communicate promotions that are fair, clear and not misleading, but to keep records that demonstrate they did — what was approved, by whom, on what basis, and when. When the regulator asks a firm to account for a promotion, the record is the answer. This guide sets out what the FCA expects of financial promotions record keeping, why it matters as much as the promotion itself, and how to build a record-keeping discipline that stands up to scrutiny.

Why Record Keeping Matters

Financial promotions record keeping serves three purposes. It evidences compliance, giving the firm the means to demonstrate to the FCA that a promotion met the standard and was properly approved. It supports the firm’s own governance, providing the audit trail that lets senior managers satisfy themselves the process is working. And it underpins accountability, because under the senior managers regime an individual is responsible for the firm’s financial promotions, and that person needs records to evidence that they took reasonable steps. The FCA’s record-keeping expectations sit within COBS and the wider Handbook, available through the FCA Handbook.

The connection to senior manager accountability is important. The reasonable steps defence under the senior managers regime depends on being able to show what was done. A compliance oversight function holder asked to account for a promotion that went wrong will rely heavily on the records of how the firm’s process operated.

What the FCA Expects You to Keep

While the precise requirements vary by activity, the FCA’s expectations centre on a firm being able to reconstruct the life of a promotion. In practice, a robust record should capture the promotion itself in its final, published form; the approval — who approved it, when, and confirmation that it met the fair, clear and not misleading standard; the basis for any claims made, particularly performance figures or comparisons, with the supporting evidence; the intended audience and channel; and any subsequent amendments or withdrawals and the reasons for them.

For firms approving the promotions of others — including unauthorised firms under the financial promotion approval regime, or appointed representatives — the records must also evidence the due diligence and ongoing monitoring behind that approval. This connects to the principal-firm responsibilities covered in our guide on AR financial promotions and principal firm liability.

How Long to Keep Records

Retention periods depend on the type of business and the relevant Handbook provisions, with some categories of promotion subject to longer retention than others. As a general discipline, firms should retain financial promotions records for the period required by the applicable rules and, where there is any doubt, err toward longer retention rather than shorter. The cost of keeping a record is trivial against the cost of being unable to produce one when the FCA asks. Firms should confirm the specific retention requirements that apply to their permissions and product types rather than assume a single blanket period.

The Approval Record

The heart of financial promotions record keeping is the approval record — the documented confirmation that a competent person assessed the promotion against the standard and approved it before publication. A strong approval record identifies the individual who approved the promotion, the date, the version approved, and ideally a brief note of the assessment, particularly where a judgement call was involved. This is the document that most directly evidences that the firm’s process worked.

Weak approval records — an undated email, an unclear “looks fine”, no link to the specific version published — are a common finding. They leave the firm unable to demonstrate, after the fact, that the published promotion was the one that was reviewed, or that the reviewer genuinely assessed it against the standard.

Substantiating Claims

Where a promotion makes factual claims — performance figures, comparisons, statistics, statements about features — the firm should keep the evidence that substantiated those claims at the time of approval. If the FCA challenges a claim, the firm needs to show not just that it approved the promotion, but that it had a reasonable basis for the claim when it did so. This is particularly important for performance data, where the source, the period and the methodology should all be recorded.

Common Record-Keeping Failures

The record-keeping failures the FCA most often identifies are practical rather than conceptual. The most common is the missing link between the approval and the published version: a firm can show that it approved a promotion, but not that the version published was the version approved, because intervening edits were not captured. Another is the undated or unattributed approval — a record showing that a promotion was approved, but not by whom or when, which undermines the evidential value entirely. A third is the absent substantiation: a performance claim approved without the supporting data retained, leaving the firm unable to show it had a reasonable basis at the time.

Fragmented records are a fourth recurring problem. Where the promotion, its approval, its evidence and its amendment history live in different systems, inboxes and drives, the firm may technically hold all the information but be unable to assemble the complete picture quickly when the FCA asks. The regulator’s expectation is not just that records exist but that the firm can produce a coherent, complete account of a promotion on request — which is why consolidation into a single workflow matters.

Records and the Approver Regime

Record keeping has taken on additional weight with the introduction of the regulatory gateway for firms approving the financial promotions of unauthorised persons. A firm that approves another party’s promotions must be able to evidence the due diligence behind that approval, its ongoing monitoring, and its basis for being satisfied the promotion meets the standard. The record is the mechanism by which an approver demonstrates it discharged this responsibility, and the expectations here are demanding precisely because the approver is vouching for content it did not originate. Firms operating as approvers should treat their record-keeping discipline as central to the permission rather than incidental to it.

Building the Discipline

Good financial promotions record keeping is systematic, not ad hoc. The strongest firms use a defined workflow — often a dedicated system or log — that captures each promotion, its approval, its supporting evidence and its lifecycle in one place, rather than relying on individuals to retain emails and files. The system should make it straightforward to retrieve the complete record of any promotion on request, which is exactly what an FCA query demands.

As with every aspect of financial promotions, the quality of the record keeping tracks the quality of the people operating it. A compliance function that understands why the records matter — and treats them as integral to the reasonable steps defence rather than as paperwork — will maintain them properly. This is part of the broader skill set covered in our guide on the financial promotions compliance role, and it rests on the same standard explained in our guide on applying the fair, clear and not misleading standard.

How FD Capital Helps

FD Capital recruits the compliance and senior manager talent that FCA-regulated firms rely on to maintain robust financial promotions controls and records. Every candidate is personally assessed by Adrian Lawrence FCA, whose chartered-accountant background gives FD Capital a depth in regulated-finance assessment that generalist recruiters cannot match.

Related guides: Fair, Clear and Not Misleading | Common Financial Promotions Breaches | Social Media Financial Promotions | AR Financial Promotions | The Financial Promotions Compliance Role

The appointed representative model lets an unauthorised firm conduct regulated business under the umbrella of an authorised principal. It is a long-established feature of UK financial services, and it carries a feature that catches some principals out: the principal is fully responsible for the regulated activities of its appointed representatives, including their financial promotions. When an AR issues a promotion that breaches the fair, clear and not misleading standard, it is the principal that answers to the FCA. This guide explains how AR financial promotions liability works, why the FCA has tightened its expectations of principals, and what good oversight looks like.

How the AR Model Works

An appointed representative is a firm or person who carries on regulated activities under the responsibility of an authorised firm, known as the principal. The AR does not hold its own FCA authorisation; instead it operates under a contract with the principal, who accepts regulatory responsibility for the regulated activities the AR carries on within the scope of that appointment. The framework derives from Section 39 of the Financial Services and Markets Act 2000, and the detail of the principal’s obligations sits in the FCA’s Supervision manual and its rules on appointed representatives. The FCA sets out principals’ responsibilities in detail.

The critical consequence for financial promotions is that an AR’s promotions are, in regulatory terms, the principal’s responsibility. If an AR communicates a promotion that is not fair, clear and not misleading, the principal has failed to meet its obligations — even though it may not have written, seen or approved the specific content. This is what makes AR oversight a genuine liability rather than an administrative formality.

Why the FCA Tightened the Regime

The FCA became increasingly concerned that some principals were not adequately overseeing their ARs, with AR-related activity generating disproportionate levels of complaints and harm. In response, the regulator introduced enhanced requirements designed to make principals take their oversight responsibilities more seriously — including more information about ARs, clearer expectations on monitoring, and regular reviews of whether each AR relationship remains appropriate.

The direction of travel is unambiguous: principals are expected to oversee their ARs actively and continuously, not to onboard them and assume compliance. For financial promotions specifically, that means a principal must have visibility of, and control over, the promotions its ARs issue. A principal that cannot see what its ARs are promoting cannot discharge its responsibility for those promotions.

The Financial Promotions Exposure

AR financial promotions create exposure in several specific ways. ARs may promote in channels the principal does not routinely monitor — local advertising, social media, events. They may adapt approved materials in ways that break their compliance. They may operate at a scale or pace that outruns the principal’s review capacity. And because the AR is closer to the customer, the principal may be the last to know when something has gone wrong.

The fair, clear and not misleading standard applies to AR promotions exactly as it applies to the principal’s own. Every issue covered in our guide on common financial promotions breaches — unbalanced risk and reward, past performance without context, audience targeting failures — can arise in an AR’s promotions, and the principal carries the consequence.

What Good AR Oversight Looks Like

Effective oversight of AR financial promotions rests on a few principles. First, approval before publication: the principal should review and approve AR promotions rather than discovering them afterwards. Second, clear contractual terms setting out what ARs may and may not do, and requiring them to submit promotions for approval. Third, ongoing monitoring of what ARs actually promote, including periodic checks of their live materials and channels. Fourth, training so that ARs understand the standard they must meet. And fifth, regular review of each AR relationship to confirm it remains appropriate and within the principal’s capacity to oversee.

The social media dimension deserves particular attention, because ARs promoting on social channels multiply the risks covered in our guide on social media financial promotions. An AR’s social post is a financial promotion the principal is responsible for, with all the standalone-post and sharing risks that implies.

A Practical Oversight Framework

Principals that oversee AR financial promotions well tend to operate a structured lifecycle rather than reacting case by case. At onboarding, the principal assesses whether it has the capacity and expertise to oversee the AR’s intended promotional activity before the appointment is made — an honest capacity check that sometimes results in declining an AR the principal cannot properly supervise. During the relationship, promotions are submitted for approval before publication, logged, and checked against the standard, with the principal retaining the right to require amendment or withdrawal. Periodically, the principal samples the AR’s live promotions across all channels — including those the AR might not routinely submit, such as local advertising or social posts — to confirm what is actually in the market matches what was approved.

The annual review the FCA expects is the backstop: a formal reassessment of whether each AR relationship remains appropriate, whether the AR’s activity has grown beyond what the principal can oversee, and whether any promotions issues have emerged. A principal that completes this review properly is far better placed to evidence that it took its responsibility seriously, which matters both for supervision and for the senior manager accountability that sits behind it.

When Oversight Fails

The consequences of inadequate AR oversight fall on the principal. Where an AR issues non-compliant promotions, it is the principal that faces FCA scrutiny, potential redress to affected consumers, and reputational damage — regardless of whether the principal drafted or saw the promotion. In the most serious cases, failures in AR oversight have led to enforcement action against principals and contributed to firms exiting the principal model altogether because they could not oversee their ARs to the required standard. The lesson firms have drawn is that taking on ARs is taking on real, ongoing responsibility, and the financial promotions those ARs issue are squarely within it.

The Resourcing Question

Overseeing AR financial promotions properly is resource-intensive, and the level of resource has to scale with the number and activity of ARs. A principal with a growing AR network needs a compliance function genuinely capable of reviewing and monitoring AR promotions at the required volume and standard — not a nominal arrangement that exists on paper. This is increasingly a senior compliance responsibility, often sitting close to or within the SMF16 compliance oversight function, and it requires people with the expertise and authority to hold ARs to the standard.

Underpinning all of this is record-keeping: the principal must be able to evidence that it reviewed, approved and monitored AR promotions, which is covered in our guide on financial promotions record keeping.

How FD Capital Helps

FD Capital recruits the compliance and senior manager talent that principal firms rely on to oversee their appointed representatives and the financial promotions those ARs issue. Every candidate is personally assessed by Adrian Lawrence FCA, whose chartered-accountant background gives FD Capital a depth in regulated-finance assessment that generalist recruiters cannot match.

Related guides: Fair, Clear and Not Misleading | Common Financial Promotions Breaches | Social Media Financial Promotions | Financial Promotions Record Keeping | The Financial Promotions Compliance Role

Social media is where the financial promotions regime meets its hardest test. The channels are built for brevity, immediacy and sharing — everything that works against balanced, properly contextualised communication about financial products. The FCA has made clear that channel and format are irrelevant to whether the rules apply: a tweet, a short video, an influencer post and a paid story are all financial promotions if they invite or induce investment activity. This guide sets out what compliance teams need to know to keep social media promotions compliant, the specific risks the medium creates, and the controls that work in practice.

The Rules Apply Regardless of Channel

The starting point is simple and non-negotiable: the fair, clear and not misleading standard in COBS 4.2 applies to social media exactly as it applies to a brochure. The FCA has issued specific guidance on financial promotions on social media, and its position is consistent — it does not want to prevent firms using these channels, but it requires them to meet the same standard. A financial promotion is defined by what it does (inviting or inducing investment activity in the course of business), not by where it appears. The underlying rules sit in the FCA Handbook, and the FCA has published dedicated finalised guidance on applying them to social media.

Risk 1: The Standalone Post Problem

The defining social media risk is that each post can be viewed in isolation. A consumer scrolling a feed sees a single post, not the carefully balanced landing page it links to. If the post itself overstates benefits or omits risk, the fact that a linked page restores the balance does not save it — the FCA’s position is that each communication must be compliant in its own right.

Control: treat every post as a standalone financial promotion. The balancing information, including risk warnings, must be present in the post itself, not deferred to a link. Where a format genuinely cannot carry the necessary balance, that is a signal the channel may be inappropriate for that product rather than a licence to omit.

Risk 2: Sharing Strips Context

Social media is built to be shared, and when a promotion is re-shared, retweeted or screenshotted, the surrounding context — and sometimes the risk warning — can be lost. A promotion that was compliant in its original form can become non-compliant as it travels.

Control: design promotions so the essential balance survives sharing — for example, embedding risk information within an image rather than only in accompanying text that may be dropped. The FCA has specifically suggested using embedded infographics to carry required information for this reason.

Risk 3: Character and Format Limits

Short-form platforms impose hard limits that pressure firms to cut risk information to fit. This is one of the most common ways social promotions breach the standard. The FCA’s view is clear: the constraint does not relax the rule. If the necessary information cannot fit, the firm should not be promoting that product on that channel in that format.

Control: the FCA has confirmed that more complex financial products are generally not suitable for promotion through some social media channels. Match the product to the channel: simpler products with shorter risk profiles may work; complex, higher-risk products often will not.

Risk 4: Identification as a Promotion

Consumers must be able to tell that a financial promotion is a promotion. On social media, where paid content sits alongside organic posts and personal opinion, this is easily lost. The FCA has confirmed that clear labelling, such as the hashtag disclosure for advertising, is an acceptable way to comply with the requirement that promotions for investment products are identifiable as such.

Control: require unambiguous promotion labelling on all paid social content, applied consistently and prominently, including on any content posted by third parties on the firm’s behalf.

Risk 5: Influencers and Third Parties

The rise of finance influencers has created a significant area of risk. When a firm engages an influencer to promote its products, the influencer’s content is a financial promotion, and the firm cannot outsource its compliance obligations. The FCA has taken enforcement action in this area and expects firms to ensure that anyone promoting their products on social media meets the standard.

Control: bring influencer and affiliate content fully within the firm’s financial promotions approval process. Brief third parties on the standard, approve their content before publication, label it clearly, and monitor what they actually post. This overlaps with the appointed representative issues covered in our guide on AR financial promotions and principal firm liability.

Risk 6: Targeting and Audience Control

Social platforms allow precise targeting, but they also allow promotions to spread far beyond the intended audience through sharing and algorithmic amplification. Where a product may only be promoted to certain investor categories, the broad reach of social media is a particular hazard.

Control: use platform targeting tools to restrict reach where a product requires it, and recognise that organic sharing can defeat targeting — another reason higher-risk products may be unsuitable for these channels.

Building Social Media Compliance Capability

Managing social media financial promotions well requires a compliance function that understands the platforms as well as the regulation. This is a relatively new skill set: a financial promotions specialist who can read a draft Instagram story or a finance TikTok and assess it against COBS, brief an influencer, and design controls that survive sharing and re-posting. Firms scaling their digital marketing should ensure their compliance capability scales with it. The general standard is covered in our guide on applying the fair, clear and not misleading standard, and the recurring failure modes in our guide on common financial promotions breaches.

How FD Capital Helps

FD Capital recruits the compliance and senior manager talent that FCA-regulated firms need to manage financial promotions across digital and social channels. Every candidate is personally assessed by Adrian Lawrence FCA, whose chartered-accountant background gives FD Capital a depth in regulated-finance assessment that generalist recruiters cannot match.

Related guides: Fair, Clear and Not Misleading | Common Financial Promotions Breaches | AR Financial Promotions | Financial Promotions Record Keeping | The Financial Promotions Compliance Role

Most financial promotions breaches are not the result of firms setting out to mislead. They are the result of familiar, repeatable mistakes — the risk warning that is technically present but practically invisible, the past-performance figure shown without context, the social media post that loses its balance to fit a character limit. Because these failures recur across firms and sectors, they can be anticipated and designed out. This guide sets out the breaches the FCA most commonly identifies, explains why each one happens, and describes the controls that prevent them. It is written for compliance teams, marketers and the senior managers accountable for getting promotions right.

Why Breaches Happen

Financial promotions breaches cluster around a handful of root causes: commercial pressure to emphasise benefits over risks, a review process that engages too late, reviewers who lack the authority or expertise to challenge, and channels — particularly digital ones — whose constraints work against balanced communication. The FCA’s published interventions show the same failure types recurring, which is encouraging in one sense: a firm that understands the common breaches can build controls specifically targeted at them. The underlying standard is the fair, clear and not misleading rule in COBS 4.2 of the FCA Handbook, and the breaches below are all failures of one or more of its three limbs.

Breach 1: Unbalanced Risk and Reward

The single most common breach is a promotion that presents benefits prominently and risks faintly. The returns are in large, confident type; the risks are smaller, greyer, lower on the page, or in a footnote. Even where all the required information is technically present, the imbalance creates a misleading overall impression.

How to avoid it: require risk and reward to be presented with comparable prominence — similar size, weight and position. A practical control is a balance test at review: if the benefits dominate the visual hierarchy, the promotion fails regardless of whether the risk text exists. Risk warnings should sit alongside the claims they qualify, not be exiled to the end.

Breach 2: Past Performance Without Context

Showing historical returns is permitted, but doing so without balanced context, without the standard warning that past performance is not a reliable indicator of future results, or in a way that implies past returns will continue, is a frequent and well-understood breach. Selectively choosing a favourable period — cherry-picking the best five years and omitting the bad one — compounds the problem.

How to avoid it: mandate the past-performance warning wherever historical figures appear, require representative rather than selective time periods, and prohibit any framing that presents past returns as an expectation. Illustrative projections must be clearly labelled as illustrative and accompanied by their assumptions.

Breach 3: Misuse of “Guaranteed”, “Protected” and “Secure”

Words like guaranteed, protected and secure carry strong reassurance, and the FCA treats them with particular caution. Using them without communicating, clearly and prominently, all the information necessary to make the term genuinely accurate is a breach. A product described as “protected” when protection is partial or conditional misleads by implication.

How to avoid it: maintain a list of high-risk reassurance words that trigger enhanced review. Whenever one appears, the reviewer must confirm that the conditions and limitations are communicated with equal prominence, or the word is removed.

Breach 4: Unclear Identification as a Promotion

A financial promotion must be identifiable as such. Content that reads as editorial, personal opinion or organic social media — particularly where an influencer or third party is involved — but is in fact a paid promotion, breaches the rule. The FCA has confirmed that clear labelling, such as the use of an advertising disclosure, is required so consumers understand what they are looking at.

How to avoid it: require unambiguous promotion labelling on all paid content, including affiliate and influencer arrangements, and ensure any third party promoting the firm’s products understands and applies the same standard. This connects directly to the appointed representative and social media issues covered in our companion guides.

Breach 5: Targeting the Wrong Audience

Some products may only be promoted to certain categories of investor — high-net-worth, sophisticated, or professional. Promoting a restricted or higher-risk product to a retail mass audience, or failing to apply the required customer categorisation and risk warnings, is a serious breach. Digital channels make this worse, because broad targeting can place a promotion in front of audiences it was never meant for.

How to avoid it: match the promotion’s distribution to its permitted audience, apply the correct categorisation gateways, and ensure targeting settings on digital platforms genuinely restrict reach where the product requires it. The FCA’s rules on higher-risk investments set specific requirements here.

Breach 6: Omission of Material Information

A promotion can be misleading by what it leaves out. Fees presented incompletely, conditions not mentioned, limitations glossed over, or the identity of the firm unclear — each omission can lead a consumer to a false view. Because every individual statement may be true, omission breaches are easy to miss in review.

How to avoid it: review for completeness, not just accuracy. Ask what a reasonable consumer would need to know to make an informed decision, and confirm it is all present and prominent. A simple discipline — “what is the worst thing that could happen to someone acting on this, and is it disclosed?” — catches many omission breaches.

Breach 7: Social Media Constraint Failures

Character limits, image-first formats and the viral, shareable nature of social media all work against balanced financial promotions. A standalone post that loses its risk warning, or a promotion shared out of its original context so the balancing information is stripped away, is a recurring breach. The FCA has issued specific guidance on financial promotions on social media.

How to avoid it: treat each social media post as a standalone promotion that must be compliant on its own, not reliant on a linked page for balance. Where a channel cannot carry the necessary information, reconsider whether it is appropriate for that product. Our guide on social media financial promotions covers this in detail.

The Common Thread: People and Process

Every breach above is preventable with two things: a review process that engages early and routes promotions through competent reviewers, and reviewers with the expertise and authority to challenge. Controls and checklists help, but they are operated by people, and the quality of financial promotions compliance ultimately tracks the quality of the compliance professionals applying it. Robust record-keeping — covered in our guide on financial promotions record keeping — provides the evidence that the process worked.

How FD Capital Helps

FD Capital recruits the compliance, financial crime and senior manager talent that FCA-regulated firms rely on to keep their financial promotions compliant. Every candidate is personally assessed by Adrian Lawrence FCA, whose chartered-accountant background gives FD Capital a rigour in regulated-finance assessment that generalist recruiters cannot match.

Related guides: Fair, Clear and Not Misleading | Social Media Financial Promotions | AR Financial Promotions | Financial Promotions Record Keeping | The Financial Promotions Compliance Role

Three words sit at the centre of UK financial promotions regulation: fair, clear and not misleading. They appear in COBS 4.2.1R of the FCA Handbook, they govern every communication a regulated firm makes to a customer, and they are deceptively simple. Almost everyone in financial services can recite them; far fewer can apply them consistently to a real piece of marketing under time pressure. This guide is written for the compliance professionals, marketers and senior managers who have to turn that three-word standard into day-to-day decisions about what a firm can and cannot say. It explains what each word means in practice, how the FCA interprets the standard, where firms most often fall short, and what good looks like.

Where the Standard Comes From

The fair, clear and not misleading rule is set out in COBS 4.2.1R of the FCA’s Conduct of Business Sourcebook, which states that a firm must ensure that a communication or a financial promotion is fair, clear and not misleading. The rule sits within the wider framework established by Section 21 of the Financial Services and Markets Act 2000, under which it is a criminal offence for a person to communicate a financial promotion in the course of business unless they are authorised or the content has been approved by an authorised person. The full detail is available in the FCA Handbook, and the perimeter of what counts as a financial promotion is set out in the FCA’s Perimeter Guidance.

The scope is broad. A financial promotion is any communication that invites or induces someone to engage in investment activity, made in the course of business. Channel and format are irrelevant: a tweet, a billboard, a podcast advertisement, an email and a brochure are all in scope if they promote a financial product or service. This breadth is deliberate, and it is why the standard has to be a principle rather than a rulebook of specific prohibitions — no list could anticipate every channel and every product.

The stakes are not theoretical. The FCA has steadily increased its supervision of financial promotions, intervening in tens of thousands of promotions a year and requiring many to be amended or withdrawn. The FCA publishes regular data on its financial promotions interventions, and the trend has been firmly upward, particularly around higher-risk investments and social media.

Fair

Fairness is about balance. A fair financial promotion does not disguise, diminish or obscure important information — particularly the risks, costs and limitations of a product. The most common fairness failure is a promotion that presents the benefits prominently and the risks faintly: large, bold, colourful claims about returns, with the caveats relegated to small print, a footnote, or a separate page the customer is unlikely to read.

Fairness also concerns prominence and presentation, not just the presence of information. A risk warning that technically appears in the promotion but is formatted so as to be easily missed does not make the promotion fair. The FCA’s consistent position is that the information necessary to understand a product must be presented with sufficient clarity and prominence that its inclusion genuinely informs the customer. Burying a material limitation is treated as functionally equivalent to omitting it.

A particular fairness trap concerns terms such as “guaranteed”, “protected” or “secure”. COBS is explicit that a promotion should not describe a feature as guaranteed, protected or secure, or use a similar term, unless the firm communicates all the information necessary, with sufficient clarity and prominence, to make the use of that term fair, clear and not misleading. These words carry powerful reassurance for a consumer, and the FCA scrutinises them closely.

Clear

Clarity is about comprehension. A clear promotion can be understood by the audience it is aimed at, using language and structure suited to that audience’s level of knowledge. A communication aimed at retail consumers must be intelligible to retail consumers; one aimed at professional investors can assume a higher baseline of understanding. The standard is proportionate to the audience, which is why the same factual content can be clear in one context and unclear in another.

Clarity failures are often failures of structure rather than vocabulary. Dense, jargon-laden text; key information separated from the claims it qualifies; conditions expressed in convoluted double negatives; and layouts that bury the substance — all of these undermine clarity even when every individual statement is technically accurate. The test is not whether a determined, expert reader could extract the meaning, but whether the intended audience actually would.

The duty to communicate clearly connects directly to the FCA’s wider Consumer Duty, which raises the bar on consumer understanding across the board. Under the Duty, firms must support customers’ understanding rather than merely avoid actively misleading them — a higher and more active obligation that reinforces the clarity limb of the financial promotions standard.

Not Misleading

The not-misleading limb is the broadest and, in some ways, the most demanding. A promotion is misleading if it gives a false impression, whether through what it says, what it omits, or the overall impression it creates — even if every individual statement is literally true. This is the crucial point that catches firms out: a promotion assembled entirely from accurate statements can still be misleading if the cumulative effect, or the selective emphasis, leads the customer to a false conclusion.

Common ways promotions mislead include cherry-picking favourable past performance, presenting illustrative figures as if they were expected outcomes, implying official endorsement that does not exist, and using comparisons that are not like-for-like. Omission is as dangerous as commission: leaving out a fact that the customer would need in order to form an accurate view can render an otherwise truthful promotion misleading.

Past performance deserves particular mention. Presenting historical returns without balanced, prominent context — and without the standard warning that past performance is not a reliable indicator of future results — is one of the most frequently cited misleading-promotion failures. The impression a reasonable consumer would take away is what matters, not the technical defensibility of each sentence.

How the FCA Applies the Standard

The FCA applies the fair, clear and not misleading rule purposively, asking what impression a reasonable member of the target audience would actually take from the promotion as a whole. This is why firms cannot rely on technical literal accuracy as a defence. The regulator looks at the dominant impression, the prominence of risk relative to reward, the suitability of the communication for its audience, and whether a consumer acting on the promotion would have been adequately informed.

The standard is also proportionate. COBS states that the rule applies in a way that is appropriate and proportionate, taking into account the means of communication, the information the communication is intended to convey, and the nature of the client. A character-limited social media post cannot carry the same volume of detail as a brochure, but that constraint does not excuse a misleading impression — if a channel cannot carry the necessary balance, the FCA’s position is that the firm should reconsider using that channel for that product.

Building the Standard Into the Firm

Applying the standard consistently is an organisational capability, not an individual act of judgement at the point of sign-off. The firms that do it well embed it upstream: marketing teams are trained to think in terms of balance and impression from the first draft; a clear approval process routes promotions through competent, suitably senior review; records are kept of what was approved and why; and the compliance function has the authority and the expertise to challenge and, where necessary, to stop a promotion.

That last point is a recruitment question as much as a process one. The fair, clear and not misleading standard is only as strong as the people applying it. A financial promotions compliance professional needs technical knowledge of COBS and the wider Handbook, commercial awareness of how marketing works, and the judgement and confidence to hold the line under pressure from a business that wants to promote aggressively. Firms building this capability should read our companion guides on common financial promotions breaches and the financial promotions compliance role.

How FD Capital Helps

FD Capital recruits compliance, financial crime and senior manager talent for FCA-regulated firms, including the financial promotions specialists who apply the fair, clear and not misleading standard day to day. Every candidate is personally assessed by Adrian Lawrence FCA, whose background as a chartered accountant gives FD Capital a depth in regulated-finance assessment that generalist recruiters cannot match.

Related guides: Common Financial Promotions Breaches | Social Media Financial Promotions | AR Financial Promotions | Financial Promotions Record Keeping | The Financial Promotions Compliance Role

The primary audience for the Exec Capital guides is boards and chairs appointing at board level. But several of the guides are directly and practically relevant to the CFOs, Finance Directors and senior finance function leaders who work in FCA-regulated environments — and whose own regulatory position, under the SMF2 designation, places them squarely within the governance framework these guides address. We have written this post to identify the guides most useful to FD Capital’s audience and to explain why the content matters to finance leaders operating in regulated firms, not just to the boards who appoint them.

Why the Regulatory Governance Landscape Matters More Now

The intensity of FCA supervision has increased considerably over the past three years. Consumer Duty came into force in 2023 and placed specific board-level governance obligations on all firms serving retail clients. The FCA’s supervisory approach to the Senior Managers Regime has become more granular — the regulator now pays closer attention to the quality of individual Statements of Responsibilities, the robustness of firms’ certification processes, and the adequacy of succession planning for senior management functions. And the expansion of SMCR to cover a broader range of firm types has brought a new population of regulated businesses into the personal accountability framework for the first time.

For CFOs and Finance Directors at regulated firms, this intensification has practical consequences. The expectations attached to the SMF2 designation have not changed formally, but the FCA’s willingness to scrutinise whether individual SMF holders are genuinely meeting those expectations has increased. An FD who treats their SMCR obligations as administrative compliance rather than genuine personal accountability is increasingly out of step with the regulator’s supervisory approach — and the Exec Capital guides provide a useful reference point for understanding what the framework actually requires at the individual level.

The SMF2 Dimension: Why CFOs and Finance Directors Need to Understand This Framework

The Chief Finance function — SMF2 — is one of the core senior management functions under SMCR. The FD or CFO at an FCA-regulated firm is not simply a financial professional in a regulated environment. They are a designated senior manager who has been personally approved by the FCA, who holds their own Statement of Responsibilities defining what they are personally accountable for, and who is subject to the Duty of Responsibility — meaning that if a regulatory failure occurs within their area of accountability, they must demonstrate they took reasonable steps to prevent it.

This is a fundamentally different accountability model from working as a finance leader at an unregulated business. The personal dimension is real, and the consequences of regulatory action against an individual SMF holder — fines, prohibition from working in regulated financial services, public censure — are career-defining. Understanding the framework within which you operate is not a compliance exercise for someone else to manage; it is a professional obligation for every SMF2 holder.

The Exec Capital guides address this framework from the board’s perspective, but the substance is directly applicable to any individual holding an SMF designation. The guides on Form A, Statements of Responsibilities, succession planning and dual SMF arrangements are equally relevant to the SMF2 holder as to the chair or CEO. We strongly encourage FD Capital clients and candidates who hold or are likely to hold SMF designations to use these guides as a reference.

FCA Form A: What Boards Need to Know

The FCA Form A guide is the most practically immediately useful of the Knowledge Centre pieces for any finance leader preparing to move into a new role at a regulated firm. The Form A application is the mechanism by which the FCA approves an individual for an SMF designation — including SMF2 for the CFO or FD function. The guide covers what the application requires, what regulatory references must contain, what material disclosures the individual is required to make, and how the FCA’s assessment of fitness and propriety works in practice.

For CFOs and FDs who are new to regulated environments — moving from a professional services, technology or industrial background into a regulated financial services business for the first time — the Form A process is often the first detailed encounter with the personal accountability framework, and it can be a significant source of uncertainty. The guide demystifies the process, sets realistic expectations for the timeline (typically six to twelve weeks for a standard application), and addresses the regulatory reference requirements that many candidates underestimate in terms of both their scope and their practical significance.

The guide also covers the regulatory interview — the FCA’s mechanism for directly assessing a proposed SMF holder’s understanding of their role and the regulatory environment. For a CFO moving into a complex or higher-risk regulated firm for the first time, the regulatory interview is a real possibility, and preparation for it should begin well before the Form A is submitted. The guide is a useful starting point for that preparation.

Statements of Responsibilities: Best Practice

The Statements of Responsibilities guide addresses the document that sits at the centre of every SMF holder’s personal accountability — including the SMF2 holder’s accountability for the firm’s finance function. The guide sets out what the FCA expects a Statement of Responsibilities to contain, what the common drafting mistakes are, and how to maintain and update the document as the individual’s responsibilities change over time.

For CFOs and FDs, the Statement of Responsibilities is not simply a regulatory submission produced by the compliance department at the point of appointment and filed away. It is a live document that defines the scope of their personal regulatory accountability — and if the document does not accurately reflect their actual current responsibilities, it creates a governance risk both for them personally and for the firm. An FD whose SoR was drafted on appointment and has never been updated to reflect changes in the firm’s structure, the individual’s scope, or the regulatory framework will find, in the event of supervisory scrutiny, that the gap between the document and reality is both visible and difficult to explain.

The guide’s discussion of how to draft SoRs that are specific rather than generic is particularly useful for finance leaders. The instinct to produce a broad, comprehensive SoR that captures everything the CFO is involved in frequently results in a document that is too vague to be meaningful — stating that the CFO “is responsible for the financial management of the firm” rather than identifying the specific regulatory obligations, committees, and governance processes for which they are personally accountable. The Exec Capital guide explains how to strike the right balance.

SMCR and Board Succession Planning

The SMCR succession planning guide is relevant to finance leaders in two distinct ways. First, as SMF2 holders, CFOs and FDs are subject to the succession planning obligations that apply to all senior management functions — the firm must have a plan for managing an FD departure, and the FD themselves has an interest in understanding how their own succession is being managed. Second, finance function leaders at regulated firms are frequently involved in the governance processes that underpin succession planning — preparing the financial projections for a period of leadership transition, managing the cost implications of interim coverage arrangements, or supporting the board’s assessment of the firm’s capacity to absorb the cost of a retained search for the replacement.

The guide addresses the realistic timeline for SMF succession — five to six months from initiating a search to an approved replacement being in post under favourable conditions, seven to nine months at more complex firms. For finance function leaders who are responsible for planning the cost and operational impact of a senior departure, this timeline reality is directly relevant. An unplanned FD departure that is managed without adequate successor planning can create both regulatory exposure (an extended SMF2 vacancy without compliant coverage) and significant unbudgeted cost. The guide helps boards and their finance leaders plan for this more effectively.

The Dual SMF Holder at Smaller Regulated Firms

The Dual SMF Holder guide is particularly relevant to FD Capital’s client base among smaller regulated firms — the growth-stage fintechs, payment institutions, boutique asset managers and newly authorised businesses where a single senior individual frequently covers multiple SMF designations. At many of the firms FD Capital works with in this segment, the fractional or part-time FD who holds the SMF2 designation may also hold other designated functions — making them a dual or multiple SMF holder whose regulatory position is more complex than that of a full-time FD at a larger firm.

The guide sets out which SMF combinations are permitted, what the FCA assesses in a dual SMF application, the governance risks of overloading an individual with designations they cannot genuinely fulfil, and how to identify the point at which a combined arrangement should be separated as the firm grows. For fractional and part-time FDs at regulated firms — a significant part of FD Capital’s specialist market — this is directly applicable guidance. An FD who holds SMF2 and additional designations on a fractional basis should understand both the regulatory permissions that make that arrangement possible and the governance expectations that make it sustainable.

Consumer Duty Annual Board Report

The Consumer Duty Annual Board Report guide addresses a governance requirement that has a specific and often underappreciated finance function dimension. The fair value assessment — one of the four Consumer Duty outcome areas — requires retail-facing regulated firms to demonstrate that the total cost of their products and services represents genuine value for the outcomes delivered to retail clients. This is an analytically demanding assessment that requires the CFO and finance function to produce the cost and revenue data on which the board’s fair value conclusions rest.

A board that produces a Consumer Duty annual report without robust financial analysis supporting the fair value section — or whose CFO has not been directly involved in the fair value assessment methodology — is producing a report that will not withstand FCA scrutiny. The guide explains what the board report must contain, what the FCA expects the board’s oversight role to involve, and what the fair value and other outcome assessments should look like. For CFOs at retail-facing wealth managers, insurers, consumer credit businesses and retail investment firms, this is governance content that directly affects their role in the annual reporting cycle.

The Broader Suite — Blog Posts Worth Reading

Alongside the Knowledge Centre guides, Exec Capital has published a series of blog posts directly addressing appointment and governance challenges at regulated firms. Several are particularly relevant to FD Capital’s audience:

Certification Regime vs Senior Managers Regime: Who Gets Approved, Who Gets Certified — a clear explanation of which employees fall into which regulatory tier. For CFOs responsible for overseeing their firm’s SMCR compliance, understanding the full population of staff subject to the regime — not just the SMF holders — is a governance requirement. This post sets out the distinction clearly.

CEO Succession at Regulated Firms: Timelines, FCA Engagement and Contingency Planning — highly relevant for FDs who are involved in governance discussions about CEO succession. The financial and operational planning that a CEO transition requires is the finance function’s domain, and the regulatory timeline realities in this post are directly relevant to that planning work.

First-Time SMF1: Hiring a CEO Who Has Never Held an SMF Role Before — relevant to any regulated firm considering a CEO search that might bring in a candidate from outside the regulated sector. The finance function’s perspective on this decision — understanding the regulatory risk implications of a first-time SMF1 appointment — is a legitimate board input.

How FD Capital and Exec Capital Work Together for Regulated Firm Clients

FD Capital and Exec Capital are sister practices with complementary but clearly defined positioning. FD Capital’s focus is the finance function — fractional CFO and Finance Director appointments, interim finance leadership, and permanent senior finance hires, including for FCA-regulated firms where the finance leader carries the SMF2 designation. Exec Capital’s focus is the broader C-suite and board — CEO, COO, CMO, CTO and NED appointments, with a particularly strong specialism in FCA-regulated firm executive and board-level search.

Where a regulated firm needs both a finance function leader and a senior executive or board appointment, both practices contribute their specialist knowledge to ensure the regulatory and governance dimensions of each appointment are properly integrated. The FD’s SMF2 designation and the CEO’s SMF1 designation interact directly in the firm’s governance structure — the Statement of Responsibilities for each must be drafted consistently, the Form A applications must be managed with awareness of each other’s timelines, and the interim coverage arrangements for both must be coordinated if transitions overlap.

The Exec Capital Knowledge Centre guides provide the regulatory governance reference material that underpins both practices’ work with regulated firm clients. We are pleased to share them with the FD Capital community and to encourage any finance leader who works in or is moving into an FCA-regulated firm to use them as a practical resource. The full suite is available at Exec Capital’s FCA regulated firm practice page.

If you are a CFO, Finance Director or fractional finance leader working in or considering a move to an FCA-regulated firm — or if you are a regulated firm seeking a senior finance leader — speak to FD Capital about the finance function appointment. And if the board-level search at that firm requires a specialist in regulated firm executive appointments, the team at Exec Capital is the right conversation to have alongside it.

The SUP sourcebook is the FCA’s supervisory framework — the rules and guidance governing how regulated firms interact with the FCA on an ongoing basis. SUP 15 deals specifically with notifications: the events, changes and circumstances that firms must report to the FCA as they occur. Understanding SUP 15 fully is an essential compliance competency for any SMF16 (compliance oversight function) holder, but it is also relevant to every senior manager who has accountability for areas of the firm’s activities that generate notification obligations.

The Structure of SUP 15

SUP 15 is organised into sections covering: general notification obligations; notifications required in specific circumstances; material changes that must be notified; and the procedures for making notifications. The general notification obligation in SUP 15.3 sits alongside and reinforces the Principle 11 disclosure obligation: firms must notify the FCA promptly if they become aware of anything that could materially affect the FCA’s view of the firm’s fitness and propriety, or that could have a significant adverse impact on the firm’s customers or the financial system. This general obligation is supplemented by the specific notification requirements in SUP 15.4, 15.5 and 15.8, which identify particular events that require notification regardless of whether they also trigger the general standard.

Category One: Significant Events

SUP 15.3.1R requires firms to notify the FCA immediately if they become aware of a series of specific categories of event. These are the most serious notification obligations — events so significant that the FCA needs to know about them without delay, without waiting for regular reporting cycles.

Insolvency proceedings. If any corporate entity within the firm’s group enters administration, receivership, liquidation or any equivalent insolvency proceeding in any jurisdiction, the firm must notify immediately. The FCA needs this information because insolvency events in connected entities can affect the regulated firm’s financial position, its ability to meet its regulatory capital requirements, and its operational continuity. Early notification allows the FCA to assess the impact and, where necessary, to exercise its supervisory powers before harm reaches customers.

Regulatory action by other authorities. Where a firm or a connected entity is subject to significant regulatory action by an overseas regulator — including a formal investigation, a suspension, a fine or a restriction — notification to the FCA is required. The FCA’s interest is in whether the overseas action is indicative of conduct or governance issues that are also present in the UK-regulated entity, and whether the action affects the firm’s fitness and propriety. Firms that receive overseas regulatory correspondence should assess its notification implications immediately rather than treating it as a purely local matter.

Material litigation. Civil proceedings or arbitration that could have a material impact on the firm — either financially or in terms of its ability to carry on regulated activities — must be notified. The financial materiality threshold is relative to the firm’s size and regulatory capital: a claim that would represent a significant proportion of the firm’s capital resources triggers the notification requirement even if it is small in absolute terms. Firms that receive letters before action or claim forms should therefore consider their SUP 15.3.1R implications as part of their initial response process.

Loss of key personnel. Where the loss of a key individual could affect the firm’s ability to carry on its regulated activities or its compliance with threshold conditions, notification is required. The most obvious category is the unexpected loss of an SMF holder, particularly where the firm has no immediate replacement — the FCA must be informed so that it can assess whether the firm continues to meet its governance and management requirements. But the obligation can also extend to non-SMF personnel whose loss creates a material operational or compliance risk.

Category Two: Material Changes

SUP 15.3.8G and the associated rules require firms to notify the FCA of significant changes to their business, activities or circumstances that are not covered by the specific SUP 15.3.1R obligations but that the FCA would reasonably want to know about.

Changes to business activities. Material changes to the nature, scope or scale of the firm’s regulated activities must be notified. This overlaps with the Variation of Permission obligation for changes that take the firm outside its current permission, but it is broader: changes that remain within the current permission but that significantly alter the risk profile of the firm’s activities may still require notification even if no formal VoP application is needed. A firm that significantly expands its consumer credit lending by moving into a higher-risk product segment, or that shifts its investment management focus to a materially riskier asset class, should consider its SUP 15 notification obligations even if the existing permission technically covers the new activities.

Changes to ownership or control. Changes in the ownership or control of the firm — including the acquisition of a qualifying holding, a change in the identity of the firm’s controller, or a change in group structure that affects the firm — trigger specific notification requirements under SUP 11. SUP 15 reinforces these obligations by requiring notification where any change in the firm’s circumstances is such that the FCA would reasonably expect notice. Firms planning mergers, acquisitions, management buyouts or significant investor changes should map their notification obligations across both SUP 11 and SUP 15 as part of the transaction planning process.

Financial position deterioration. Where the firm’s financial position deteriorates materially — including where it falls below or is at risk of falling below its regulatory capital requirements — prompt notification is required. The FCA does not want to discover a firm’s financial difficulties through the firm’s prudential reporting alone: where the firm’s management becomes aware of a material emerging financial problem, the notification obligation crystallises at that point, not when the problem has progressed to the point of formal threshold breach. Firms should build explicit financial monitoring triggers into their capital adequacy governance — alerting the compliance function and the SMF holder when capital levels reach defined early-warning levels — so that the SUP 15 obligation is recognised and discharged in good time.

Significant systems or operational failures. Major operational incidents — IT outages, data breaches, third-party failures — that have caused or could cause material harm to customers or operational disruption to the firm’s regulated activities must be notified. The FCA’s operational resilience framework, introduced in 2021, requires firms to identify their important business services and to set impact tolerances for their maximum acceptable downtime. Where an incident breaches or threatens to breach an impact tolerance, this is a clear indicator that a SUP 15 notification is required. Firms that have implemented the operational resilience framework should build their SUP 15 notification assessment into their incident response process rather than treating it as a separate consideration.

Category Three: SMF-Specific Notifications

SUP 15 contains specific notification requirements related to Senior Manager Functions. These include: notification where an SMF holder ceases to perform their function; notification of any matter that may affect the fitness and propriety of an approved person; and notification of the appointment of a new individual to perform a required SMF function where that individual has not yet been approved by the FCA.

The cessation notification is one of the most time-sensitive in the SMF context. Where an SMF holder leaves their role unexpectedly — whether through resignation, illness, dismissal or any other reason — the firm must notify the FCA promptly. If the function is a required function (one that the firm must have a holder for under the applicable rules), the firm must also have arrangements in place for how the function will be covered in the interim. The FCA’s expectations around interim coverage are set out in the SMCR rules, but the SUP 15 notification obligation runs from the moment the SMF holder ceases — which may be before any interim arrangement has been confirmed.

The fitness and propriety notification is broader and more judgmental. Where the firm becomes aware of any matter that may affect an approved person’s fitness and propriety — including a criminal caution or conviction, an adverse finding in civil proceedings, a disciplinary matter, a significant financial difficulty, or a concern raised by another regulator — it must assess whether the matter is significant enough to require notification. The test is again what the FCA would reasonably expect to be told: a minor historical matter with no current relevance may not require notification; a serious recent matter with direct bearing on the individual’s conduct in their SMF role almost certainly does.

Timing: When Must Notifications Be Made?

SUP 15 specifies different timing requirements for different categories of notification. The general principle is that notifications should be made as soon as practicable after the relevant event or awareness arises. For the most serious events — imminent insolvency, significant operational failures causing material customer harm — “as soon as practicable” means within hours, not days. For other notifications, the standard is typically one business day to ten business days depending on the specific obligation.

The compliance function must therefore have clear internal processes for identifying when a SUP 15 notification obligation has crystallised and for ensuring the notification is made within the applicable time limit. This means the compliance function needs access to information about events that trigger notification obligations across the firm’s business — which requires the compliance function to be embedded in the firm’s operational and incident management processes rather than receiving information through downstream reporting channels. A compliance function that learns about a major IT outage from a press enquiry rather than from the operations team has a process failure that will likely result in a late notification to the FCA.

How to Make Notifications: The Connect System

Most SUP 15 notifications are made through the FCA’s Connect system. Firms should designate one or more named users with Connect access who are responsible for making notifications. The notification form should include: a clear description of the event or change being notified; the date on which the event occurred or the firm became aware of it; an assessment of the significance and impact of the event; and the steps the firm has taken or is taking in response. The FCA does not require a perfectly formatted notification at the initial stage of an urgent event — a brief but accurate notification promptly made is preferable to a comprehensive account provided too late.

For certain specific notifications — changes to control, passporting applications, appointed representative notifications — SUP requires the use of specific forms rather than general Connect notifications. The compliance function should maintain a current register of the specific forms applicable to each notification category, and should test its Connect access and notification processes periodically rather than discovering connectivity or access issues at the point when an urgent notification needs to be made.

Consequences of Failure to Notify

The FCA consistently identifies failures to notify on time — or at all — as one of the most frequently encountered compliance deficiencies in its supervisory work. The consequences range from formal regulatory censure and financial penalties, through increased supervisory intensity, to use of the notification failure as evidence of broader governance and compliance culture failures that justify a more comprehensive regulatory response.

Late notification is often more seriously received by the FCA than the underlying event itself. A firm that experiences a significant operational failure, manages it competently and notifies the FCA promptly is in a very different regulatory position from one that experiences the same failure and notifies three months later after the FCA has already become aware of the incident through other channels. The FCA has stated publicly that it places particular weight on timeliness and transparency in its supervisory relationships, and notification failures are treated as evidence of a deficit in both.

Building an Effective SUP 15 Notification Framework

Effective SUP 15 compliance requires a notification framework that is embedded in the firm’s operational processes rather than administered as a standalone compliance function responsibility. The framework should include: a notification trigger register identifying the events and circumstances that generate SUP 15 obligations and the applicable timing requirement for each; clear ownership for the notification assessment, typically at SMF16 level with escalation to the CEO for significant events; designated Connect access for one or more compliance team members; an internal escalation process that ensures relevant developments are flagged to the compliance function promptly; and a notification log documenting all notifications made, the basis for each, and the timeline from event to notification.

The notification trigger register should be reviewed at least annually against any changes to SUP 15 and against the firm’s own business development — new activities, new products or new risk exposures may create notification obligations that did not previously apply. The register should also be reviewed following each notification to assess whether the event could have been identified and escalated faster, and whether the internal processes supported the timely discharge of the obligation.

Key References

• FCA Handbook SUP 15 — Notifications to the FCA
• FCA Connect — Notification portal
• FCA PRIN 2.1 — Principle 11

The general prohibition in Section 19 of FSMA 2000 provides that no person may carry on a regulated activity in the United Kingdom unless they are either FCA-authorised or exempt. Breach of the general prohibition is a criminal offence, punishable by up to two years’ imprisonment and an unlimited fine. The FCA also has civil enforcement powers to take action against unlawful activities, and can seek injunctions, restitution orders and other remedies against individuals and businesses that carry on regulated activities without authorisation. Understanding where the perimeter falls — and what the consequences are of inadvertently crossing it — is not just a compliance matter. It is fundamental to the legal operation of any business in or adjacent to the financial services sector.

What Is a Regulated Activity?

A regulated activity is an activity of a specified kind carried on by way of business in relation to an investment, specified product or specified service of a specified kind. This sounds circular and it is — the substance is in the specification. The Regulated Activities Order 2001 (the RAO) sets out the activities that are regulated and the investments, products and services to which the regulation applies. The principal regulated activities include: accepting deposits; effecting and carrying out contracts of insurance; dealing in investments as principal or agent; arranging deals in investments; managing investments; providing investment advice; acting as a custodian; establishing collective investment schemes; and a number of activities in consumer credit, payment services and consumer hire.

The RAO also defines the scope of each activity precisely. “Dealing in investments as principal” means buying, selling, subscribing for or underwriting investments as principal — but only if the investment falls within the specified investment categories listed in the RAO. A business that buys and sells interests in property companies may or may not be dealing in investments as principal, depending on whether those interests fall within the specified investment definition. A software company that provides a marketplace connecting investors with opportunities may or may not be arranging deals in investments, depending on how its platform functions and what role it plays in the transaction. The analysis is always fact-specific, and the fact-specific nature of the RAO definitions is precisely what creates perimeter uncertainty for new and innovative business models.

Exclusions and Exemptions: The Other Side of the Perimeter

The RAO not only specifies regulated activities — it also provides exclusions from those activities that effectively move businesses back outside the perimeter. The exclusions are critically important because many businesses that would otherwise carry on regulated activities fall within them. Common exclusions include: the own account exclusion (which excludes certain dealing activities carried on by businesses that are dealing only for themselves); the group exclusion (which excludes certain activities between companies in the same group); the professional firm exclusion (which allows certain firms like law firms and accountants to carry on limited regulated activities without FCA authorisation); and various other exclusions specific to particular activity types.

Exemptions operate differently from exclusions. Exemptions are granted to specific categories of person — the Bank of England, Lloyd’s of London, certain government bodies, Appointed Representatives of authorised firms — and remove those persons from the FCA authorisation requirement entirely. The Appointed Representative regime is the most commercially significant exemption: it allows businesses to carry on regulated activities under the umbrella of an authorised principal firm, without themselves being directly authorised, provided the principal accepts responsibility for the AR’s regulated activities.

The practical consequence of the exclusions and exemptions regime is that perimeter analysis is never simply a question of whether an activity is regulated. The question is always whether the activity is regulated and whether an exclusion or exemption applies. Many businesses that appear to be carrying on regulated activities are in fact excluded or exempt. Equally, many businesses that believe they fall within an exclusion or exemption do not — because they have not analysed their activities precisely against the relevant RAO provisions, or because their business model has evolved beyond the scope of the exclusion they relied on.

The Financial Promotions Perimeter: A Separate but Connected Issue

The general prohibition operates alongside — but is separate from — the financial promotions restriction in Section 21 of FSMA. Section 21 restricts communications that invite or induce the making of investments or agreements to make investments unless the communication is made by or approved by an FCA-authorised person. The financial promotions perimeter is conceptually related to but legally distinct from the regulated activities perimeter.

A business that is not carrying on any regulated activity may nonetheless be restricted under Section 21 if it is communicating a financial promotion — for example, a marketing campaign for a property investment scheme or a crowdfunding opportunity. Equally, a business may be carrying on regulated activities without communicating any financial promotion. Understanding both perimeters — the regulated activities perimeter and the financial promotions perimeter — is necessary for a complete analysis of a business’s regulatory position.

The FCA’s enforcement approach to financial promotions perimeter breaches has become increasingly rigorous, particularly in relation to cryptoasset and high-risk investment promotions. The introduction of the Financial Promotions Gateway in 2024 created a new gateway requirement for authorised firms approving financial promotions — and the FCA has signalled clearly that it will pursue both unauthorised promotions and authorised firms that approve promotions without adequate due diligence on the promotion’s compliance with applicable rules.

How the FCA Identifies Perimeter Issues

The FCA has several mechanisms through which it identifies potential perimeter breaches. Consumer complaints are a primary source: where consumers report being sold financial products or services by unlicensed entities, the FCA will investigate whether the selling firm was required to be authorised. The FCA’s ScamSmart and InvestSmart campaigns actively encourage consumers to check the FCA Register before engaging with financial services providers — and the complaints data generated by consumers who did not check, or who were deceived by unregistered clones of legitimate firms, feeds directly into the FCA’s perimeter enforcement activity.

Market intelligence is a second major source. The FCA monitors financial markets, online platforms, social media and financial press for activity by firms that appear to be carrying on regulated activities without authorisation. The rapid growth of investment promotion activity on social media — particularly through influencer marketing of high-risk investments — has significantly increased the FCA’s monitoring activity in this space. The FCA’s Consumer Investments team specifically focuses on investment fraud and unregulated activity, and it has demonstrated a willingness to use its enforcement powers aggressively against identified perimeter breaches.

Industry reporting is a third mechanism. Authorised firms have an obligation under Principle 11 and SUP 15 to report to the FCA where they become aware of activities by other parties that may constitute unauthorised regulated activities. Law firms, accountants, and other professional advisers who identify potential perimeter issues in their clients’ activities similarly have professional obligations that may lead to regulatory reporting. The FCA has therefore created a network of institutional sensors that can identify potential perimeter breaches through normal commercial activity, without requiring direct consumer complaints.

Self-referrals represent a fourth category that is underappreciated but important. Some businesses that identify potential perimeter issues in their activities proactively approach the FCA through its pre-application services or through a formal FCA contact. The FCA generally treats proactive self-referral more favourably than perimeter breaches that are identified through enforcement activity — which is a strong practical argument for seeking regulatory clarity at the outset rather than hoping the question never arises.

Common Perimeter Issues by Business Type

Fintech and payment platforms. Payment and money services businesses frequently encounter perimeter questions around the boundary between payment services (regulated under the Payment Services Regulations 2017) and non-regulated activities. E-wallets, stored value products and payment facilitation services can trigger PSR authorisation requirements depending on how the platform is structured and what happens to funds in transit. Businesses that begin as technology platforms providing payment infrastructure can cross the regulated activities perimeter as their functionality expands.

Crowdfunding and peer-to-peer platforms. Online investment platforms — including loan-based crowdfunding, equity crowdfunding and property investment platforms — sit in a complex regulatory position. Loan-based platforms operating under FCA authorisation must manage the perimeter carefully as they expand their product range. Property investment platforms that structure their products as unregulated collective investments may find that changes to their structure bring them inside the collective investment scheme regime, triggering authorisation requirements they had not anticipated.

Introducers and referral arrangements. Businesses that introduce clients to financial services providers operate on the perimeter of the “arranging deals” regulated activity. An introducer that simply passes names and contact details to an authorised firm, without providing any advice or information about the products on offer, can typically rely on the introduction exclusion. An introducer that discusses the firm’s products, provides product information, or assists in completing applications has likely moved into arranging — and the RAO exclusion no longer applies.

Restructured professional services firms. Law firms, accountants and management consultants that provide advice on transactions, investments or corporate structures frequently encounter the perimeter of investment advice and corporate finance activity. The professional firm exemption allows these firms to carry on limited regulated activities without FCA authorisation, but the exemption has specific conditions — including that the regulated activity must be incidental to the professional services being provided — and many firms that rely on it do not analyse their activities carefully enough against those conditions.

Using PERG: The Perimeter Guidance Manual

The FCA publishes the Perimeter Guidance Manual (PERG) as part of the FCA Handbook. PERG provides the FCA’s interpretation of the regulated activities framework, including guidance on specific activities and their regulated status, explanations of the exclusions and exemptions, and Q&A-style analysis of common perimeter questions. PERG is not legally binding — it represents the FCA’s view of how the legislation applies — but it is the most authoritative public source of perimeter analysis available and is widely used by legal advisers and businesses navigating perimeter questions.

Businesses that are uncertain about their regulatory position should start with PERG before seeking specialist legal advice. In many cases, PERG provides sufficient clarity to answer the perimeter question without further analysis. Where PERG does not resolve the question — typically because the business model is sufficiently novel that the guidance does not address it directly — specialist legal advice and potentially a formal FCA pre-application engagement are the appropriate next steps.

What to Do if You Think You May Be Outside the Perimeter

The most important step for any business that suspects it may be carrying on regulated activities without authorisation is to take specialist legal advice immediately. The general prohibition creates criminal liability that cannot be managed through self-assessment alone, and the consequences of continuing to operate outside the perimeter while the position is being analysed can include aggravated enforcement action and personal criminal liability for the firm’s directors.

Subject to legal advice, the options typically available to a business that identifies a potential perimeter breach include: applying for FCA authorisation to regularise the position on a prospective basis; restructuring the business model to bring it within an available exclusion or exemption; appointing an Appointed Representative of an existing authorised firm to operate under its umbrella while the business’s own authorisation is in process; seeking a voluntary requirement from the FCA to cease the regulated activity pending authorisation; and in some cases, making a voluntary disclosure to the FCA while simultaneously implementing remediation measures.

The FCA’s approach to firms that self-disclose perimeter breaches and take prompt remedial action is meaningfully different from its approach to those where the breach is identified through enforcement activity. While a self-disclosure does not guarantee leniency, and the criminal consequences of the general prohibition breach cannot be waived by the FCA alone, the regulator’s consistent messaging is that firms that identify issues and come to it proactively are treated more favourably than those that continue unauthorised activities until they are caught.

Key References

• FSMA 2000, Section 19 — The general prohibition
• FCA Handbook PERG — Perimeter Guidance Manual
• The Financial Services and Markets Act 2000 (Regulated Activities) Order 2001

Principle 11 of the FCA’s eleven Principles for Business states: “A firm must deal with its regulators in an open and cooperative way, and must disclose to the FCA appropriately anything relating to the firm of which the FCA would reasonably expect notice.” It is one of the shortest principles and one of the most consequential. The FCA has repeatedly used Principle 11 as the basis for enforcement action against firms that failed to tell it about significant developments in their business — not because those firms were hiding information, but because they did not properly understand the scope of what they were required to disclose and when.

The Two Limbs of Principle 11

Principle 11 contains two distinct obligations that operate simultaneously. The first is the cooperation obligation: firms must deal with the FCA in an open and cooperative manner. This covers not just what firms say to the FCA, but how they engage with it — whether they respond promptly to information requests, whether they provide complete and accurate information rather than technically accurate but misleading responses, and whether they approach the supervisory relationship as a genuine engagement rather than as a process to be managed at arm’s length.

The second is the disclosure obligation: firms must proactively disclose anything of which the FCA would reasonably expect notice. This is the more complex of the two because it requires firms to make a judgment — not just about what they are required to report under specific SUP rules, but about what the FCA would want to know even if no specific rule requires the notification. The disclosure obligation is therefore open-ended by design: the FCA has deliberately not defined exhaustively what must be disclosed, because to do so would allow firms to treat disclosure as a checklist exercise while withholding information that falls outside the enumerated categories.

The Relationship with SUP 15

The Principle 11 disclosure obligation is broader than the specific notification obligations in SUP 15. SUP 15 sets out specific categories of event that must be notified to the FCA, with specific timelines. Complying with SUP 15 is a necessary but not sufficient condition for meeting the Principle 11 disclosure obligation.

A firm that complies precisely with its SUP 15 notification obligations but fails to disclose a significant development that falls outside the specific SUP 15 categories has nonetheless breached Principle 11 if the FCA would reasonably have expected to be notified. This is not a hypothetical distinction — the FCA has taken enforcement action against firms that met all their specific notification requirements while failing to disclose broader developments that the FCA considered it should have known about. The Principle 11 obligation requires firms to ask a wider question than “does this trigger a SUP 15 notification?” — it requires asking whether the FCA would reasonably want to know about this, and disclosing where the answer is yes.

What the FCA Would Reasonably Expect Notice Of

The standard is what the FCA would “reasonably expect notice of” — which is a deliberately objective test. It does not ask whether the firm thought the development was significant, but whether the FCA would have considered it significant from its regulatory perspective. Firms therefore need to adopt the FCA’s perspective, not their own, when assessing whether a disclosure obligation is triggered.

The FCA’s perspective on what matters is guided by its statutory objectives: consumer protection, market integrity, promoting effective competition, and the financial stability objective for PRA-regulated firms. Developments that are relevant to any of these objectives are likely to fall within the Principle 11 disclosure scope. In practice, the categories that most frequently generate Principle 11 obligations include:

Material adverse developments in the firm’s financial position. Where the firm’s capital, liquidity or financial condition deteriorates materially — including where it falls below or is at risk of falling below regulatory minimums — the FCA expects prompt disclosure. This applies even before any formal threshold is breached: the FCA expects to be informed of significant emerging financial stress, not just of completed breaches of capital requirements.

Significant changes to the firm’s business or business model. Where the firm materially changes the nature of its activities, its target market, its product range or its business model, the FCA expects to be informed — particularly where the change affects the regulatory risk profile of the firm’s activities or its compliance with its existing permission. This obligation overlaps with the Variation of Permission process: where a business model change takes the firm outside its current permission, both a formal VoP application and a Principle 11 disclosure may be required.

Significant compliance failures. Where the firm discovers a material breach of FCA rules — particularly where customers may have suffered harm — the FCA expects prompt disclosure. The threshold for what counts as material is not defined precisely, but the FCA has consistently treated failures affecting significant numbers of customers, involving significant financial amounts, or involving systematic rather than isolated rule breaches as Principle 11 disclosable events. A single isolated compliance failure may not require Principle 11 disclosure; a pattern of the same failure repeated across the customer base almost certainly does.

Matters affecting the fitness of approved persons. Where the firm becomes aware of information that may affect the fitness and propriety of an approved person — including disciplinary proceedings, criminal proceedings, significant financial difficulties or regulatory concerns raised by another regulator — it has a Principle 11 obligation to disclose this promptly. The SMCR Senior Manager Conduct Rule 4 creates a parallel obligation on the individual, but the firm has its own Principle 11 obligation that runs independently.

Significant operational incidents. Cybersecurity incidents, IT failures, third-party outages or other operational events that have caused or may cause material disruption to the firm’s services or harm to its customers fall within the Principle 11 scope. The FCA’s interest in operational resilience has increased significantly in recent years, and firms should treat major operational incidents as potential Principle 11 disclosable events even where no specific rule requires notification.

Regulatory actions by other authorities. Where the firm or its affiliates receive significant regulatory attention from other domestic or overseas regulators — enforcement actions, supervisory directions, requirements, or formal investigations — the FCA expects to be informed. A firm that is being investigated by a foreign regulator and fails to disclose this to the FCA may have breached Principle 11 even if the overseas investigation relates to activities outside the FCA’s jurisdiction.

Material litigation and legal proceedings. Civil proceedings, arbitration, regulatory investigations, or significant threatened claims that could have a material impact on the firm’s financial position or its ability to meet its regulatory obligations fall within the Principle 11 scope. The threshold is materiality relative to the firm’s size and resources — a £50,000 claim against a large bank requires no Principle 11 consideration; the same claim against a small investment manager with limited capital may be a disclosable event.

The Timing Obligation: What Does “Appropriate” Mean?

Principle 11 requires disclosure “appropriately” — which includes a timing dimension. Disclosure that is technically made but unreasonably delayed does not meet the Principle 11 standard. What constitutes appropriate timing depends on the nature and urgency of the event: a major IT outage affecting thousands of customers in real time requires much more immediate disclosure than a gradual deterioration in capital adequacy that has not yet reached a critical threshold.

The FCA’s general expectation is that firms should disclose material developments as soon as they become aware of them, or as soon as they should reasonably have become aware of them. The “should reasonably have become aware” element is important: a firm cannot avoid its Principle 11 obligation by maintaining governance arrangements that prevent information about significant events from reaching the management team or compliance function. The FCA will assess whether the information existed within the firm, and whether an appropriately governed firm would have known about it and disclosed it, regardless of whether the specific individuals responsible for disclosure were actually aware.

For compliance functions, this creates a specific responsibility: ensuring that the firm has adequate processes to identify Principle 11 disclosable events and escalate them promptly. This means the compliance function must be integrated into the firm’s incident management, litigation management, financial monitoring and operational risk processes — not as a downstream recipient of information, but as an active participant in identifying when the disclosure threshold has been reached.

The SMCR Dimension: Senior Manager Conduct Rule 4

Senior Manager Conduct Rule 4 in COCON places a parallel disclosure obligation directly on individual SMF holders: they must disclose to the FCA, the PRA or other relevant regulatory bodies any information of which those bodies would reasonably expect notice. This creates a dual obligation — the firm has a Principle 11 obligation and each SMF holder has a personal Conduct Rule 4 obligation — that run independently of each other.

The significance of the dual obligation is that the FCA can take action against both the firm (for Principle 11 breach) and the individual SMF holder (for Conduct Rule 4 breach) arising from the same failure to disclose. Where a firm fails to disclose a material compliance failure, the firm may face a financial penalty under Principle 11, and the SMF holder with compliance oversight accountability may face personal enforcement action under Conduct Rule 4 — even if the SMF holder was not personally responsible for the underlying failure, if they were aware of it and failed to ensure it was disclosed.

For SMF holders, the practical implication is that they cannot rely on the compliance function to manage the Principle 11 disclosure process as a purely operational matter. Each SMF holder has a personal obligation to consider, within their area of accountability, whether there are matters that should be disclosed to the FCA — and to act on that obligation independently of what the compliance function may or may not be doing.

Consequences of Failure

The FCA has used Principle 11 consistently as an enforcement lever — both as a standalone basis for action and as an aggravating factor in enforcement proceedings where the underlying conduct could have been managed had the FCA been informed earlier. The consequences of Principle 11 failure range from financial penalties for the firm and the relevant SMF holders, to a more difficult ongoing supervisory relationship, to an increased risk of further enforcement action where the FCA concludes that the non-disclosure was part of a pattern of misleading engagement.

Crucially, Principle 11 failures rarely occur in isolation. A firm that fails to disclose a significant compliance problem typically also has underlying governance and compliance culture issues that the FCA will examine once it becomes aware of the non-disclosure. The Principle 11 failure therefore often becomes the entry point for a much broader supervisory or enforcement engagement. Prompt and transparent disclosure — even of uncomfortable developments — is consistently the more favourable path, both from a regulatory relationship perspective and from the perspective of managing the scope and duration of the FCA’s engagement.

Building Effective Principle 11 Processes

Effective Principle 11 compliance cannot be achieved through a policy document alone. It requires the firm to embed the disclosure standard into its incident management, governance and escalation processes in a way that ensures potential Principle 11 events are identified, assessed and escalated to decision-makers promptly.

The most effective Principle 11 frameworks share several characteristics. First, they define the disclosure assessment as a formal step in the firm’s incident and issue management process — not an afterthought, but a structured question asked each time a significant incident or issue is identified: would the FCA reasonably want to know about this? Second, they assign clear ownership for the Principle 11 assessment, typically to the SMF16 (compliance oversight function) with explicit escalation obligations where the assessment is uncertain. Third, they create a simple and fast escalation path to the CEO and Chair so that disclosure decisions — which often need to be made quickly — can be taken at the right level without bureaucratic delay. Fourth, they maintain a disclosure log that records all Principle 11 assessments made, whether they resulted in disclosure or a decision not to disclose, and the rationale for each decision. This log is itself evidence of compliance: it demonstrates that the firm is actively applying the Principle 11 standard rather than treating the obligation as notional.

Key References

• FCA Handbook PRIN 2.1 — The Principles
• FCA Handbook COCON — Senior Manager Conduct Rule 4
• FCA Handbook SUP 15 — Notifications to the FCA