Written by Catherine Ruberry
Regulatory Policy and Development Manager
Written by Matt Raver
Managing Director
Congratulations, you’re in! Your firm leaped over Becher’s Brook and is now safely ensconced in the Winner’s Enclosure.
Yes, you’re authorised and regulated by the Financial Conduct Authority. You’re raring to go, with just a little trepidation as to how your business model will actually work, and your best-laid financial plans come to fruition. How will the first six months turn out?
Keeping tabs on newly authorised firms is a key challenge for the FCA. With some 60,000 firms to supervise, your firm would likely be a small needle in a very big haystack.
Until recently, your firm would probably escape supervisory attention, unless caught up in a thematic review, or something untoward happened.
However, the FCA recognises that enhanced supervisory attention in the initial stages of authorisation is a good thing and it has therefore introduced its “Early and High Growth Oversight” scheme.
Piloted in April 2022, the scheme assists firms meet the regulatory challenges they face in the early years after becoming authorised. Having seen many firms, especially those experiencing rapid growth, struggle after authorisation, the initiative was designed to offer enhanced supervision of firms’ activities, to help them navigate the regulated sphere and understand, as they grow, what is required for them.
It also allows the FCA to keep an eye on businesses transitioning into fully functional regulated entities, with the aim of avoiding harm that often accompanies “overreach” – firms growing more rapidly than their systems and controls can handle – or, where harm may arise in a very short time.
The FCA takes seriously its responsibility to guide and mentor firms in their first few months; especially those with potential to grow rapidly. So, if you are a such a firm, you may at some point find a couple of questionnaires in your in-box.
The Firm Summary Report, “EHGO” (Early and High Growth Oversight) poses a series of questions on a firm’s activities since it became FCA authorised and focusses on post authorisation changes to the firm’s activities. It also seeks to identify deviations from representations made during the FCA application process including with respect to the firm’s business model, utilisation of regulatory permissions, senior personnel and financial information.
The “Regular Data Request” (“RDR”) form is not linked to the FCA application process, and covers topics such as revenue, regulatory capital, client money and financial crime. There are also sector-specific questions including for the investment management and ‘alternatives’ sectors.
The FCA has indicated that firms in the Early and High Growth Programme are likely to receive further requests for specific documentation.
So, it would be prudent to ensure, from day one, that all essential policies and procedures are present and correct. To this end, a consultant like RQC Group, with deep knowledge of industry best practice, can be an invaluable resource. Indeed, Q18 of the Firm Summary Report specifically enquires whether the firm receives an independent audit of its systems and controls.
These forms, especially the Firm Summary Report, reflect a number of the common themes identified by the FCA in the Early Oversight programme. Highlighted themes include:
Regulatory permissions
The FCA found some firms held permissions they didn’t use or shouldn’t have applied for. It checked that firms held and fully used the correct regulatory permissions. When challenged by the FCA, two firms cancelled their permissions once they understood the regulatory requirements.
In our experience, firms sometimes face challenges where two permissions are relatively similar, for example ‘Managing an AIF’ (when managing and operating an alternative investment fund) and ‘Managing investments’ (when managing a segregated mandate).
Financial projections
Firms typically submit financial models to the FCA before receiving their permissions but after they start to trade, and at times find that revenues are not as projected. The FCA has worked with firms to understand how they were performing and tailor their plans appropriately.
The financial model forms the basis for a firm’s initial regulatory capital amounts and compositions. Sometimes, changes to the model require a regulatory capital adjustment (such as injecting additional capital) to avoid breaching the capital requirements.
Business model changes
Firms often change their business models in the first years of trading. This affects the permissions they require. The FCA has helped firms to understand the regulatory requirements applying to their business, and the permissions for which they should apply.
In our experience, the FCA is particularly unimpressed where a business seeks authorisation as a simple operation, but later attempts to shoehorn in a host of regulated personnel or functions not anticipated in the original plan. Growth should appear organic, and consistent with the application submitted.
Financial promotions and marketing
Helping firms better understand the requirements (they have since provided webinar training to at least 500 participants).
Regulatory reporting
Answering firms’ questions and supporting them, which has resulted in more timely and better quality submissions.
Based on their findings from the pilot firms, the FCA has also provided some insights to help firms seeking authorisation, notably:
- making sure that you have read relevant information and guidance (such as ”Portfolio Letters” – sector specific communications from the FCA);
- registering for access to, and familiarising yourself with, the FCA’s online systems at an early stage; and
- ensuring your engagement with the Regulator remains open and transparent.
So, should your firm be selected for the FCA’s Early and High Growth Oversight scheme – embrace it!
At RQC Group we have extensive experience of engaging with the FCA and can assist you at every stage of your journey. A newly authorised and high growth firm does face unique regulatory challenges, but with the right advice you can start as you mean to go on, build operational resilience and set the best possible foundation for its future success.
Appendix – content of the Early and High Growth Oversight (“EHGO”) and Regular Data Request (“RDR”) Forms
| Question | |
| 1 | Has the firm’s business model changed since authorisation? |
| 2
3-4 |
Is the firm using all regulated permissions granted to it?
If not, when are they likely to be used? Reasons for delay, or non-usage? |
|
5 6 |
Changes in personnel:
Partners and Directors Introducers, Agents, or Appointed Representatives |
| 7-8 | Unregulated business: any deviance from business plan projections, revenue, over last 3 months?
Unregulated activities: any post-authorisation change? |
| 9-12 | Key questions: firm’s actual net profit, revenues and cash balances, compared to predicted levels, with explanation for deviations |
| 9 | Actual net profit, compared to predicted net profit |
| 10 | Actual revenues, compared to predicted revenues |
| 11
12 |
Cash balances – compared to predictions
Explanation for difference in cash balance, from prediction |
| 13-16 | Client Assets Sourcebook (CASS) rules or safeguarding under Payment Services Regulations or Electronic Money Regulations 2017 |
| 17a, b | Operational risk events, and type of risk
internal fraud, external fraud; employment practice and workplace safety; clients, products and business procedures; damage to physical assets; business disruption; execution, delivery and process management; other… |
| 18 | Do any external parties perform independent reviews/audits of your firm’s systems and controls? |
| 19 | Critical risks the business is currently facing
(mirrors ICARA’s themes; but “critical risks” wording used in place of “harms”) |
| 20 | (Sector-specific) – have you reviewed, taken steps to mitigate, risks in the “Dear CEO”/portfolio letter applicable to your firm? |
| 21 | Maintaining financial and non-financial resources needed to support an orderly wind-down? |
| 22 | Technology and Cyber Resilience – how many notifiable incidents in last 3 months (PRIN 11 and SUP 15.3)? |
| 23 -24 | Self-certification or IT Controls – any change, post authorisation? |
| 25 | Whistleblowing – process in place for staff to speak up, or to raise concerns? |
| 26-28 | Management information –
Relevant MI to manage risks associated with treating customers fairly/ good market conduct? How often do senior management review the MI? Any significant changes to business operations as a result? |
| 29-31 | How many complaints since authorisation?
What percentage resolved in customer’s favour? How much redress paid out? (£GBP) |
| 32-36 | Financial crime:
Any material issues since authorisation? Up-to-date AML Business-wide Risk Assessment? – how often reviewed? Suspicious activity reports: amount in £GBP for internal fraud, external fraud, money laundering, terrorist financing, sanctions-related? Any failed financial crime audit/assurance reports in past 12 months? |
| 37 | Vulnerable customers – what percentage? |
| 38-39 | Financial promotions issued – compliant with requirements?
Financial promotions approved – compliant with requirements? |
RDR Form:
| Questions | |
| 1-4 | Revenue
Total income from regulated activities over reporting period How regulated income has been generated (by product and services) Other revenue (non-regulated activities) Details of where non-regulated income has been generated |
| 1-4 | Regulatory Capital
Total capital resources requirement Capital resources Capital resources excess/deficit What the capital is made up of |
|
1-18 |
Client Money section
Client Money and Asset Return |
| 1-4 | Safeguarding section |
| 1-12a | Financial Crime section |
| 1-2a | Consumer Credit data: Lenders |
| 1, 1a | Consumer Credit data: Debt collection |
| 1 | Financial advisers and mortgage intermediaries |
| 1-11 | Information on Peer-to-Peer agreements |
| 1-5 | Investment and Wealth Management Firms |
| 1-9 | Alternatives |
| 1-9 | Contract for Difference |
| 1-5 | Insurance Intermediaries |
Click for more on our FCA Authorisation services.
