Building Your Compliance Framework

A compliance framework that is properly constructed, fully documented, and tailored to your firm gives you the foundation to meet the FCA’s expectations with confidence.

What The FCA Expects

For many smaller IFA firms, the compliance framework has developed organically over the years, added to as regulations have changed and reviewed when time has allowed. The result is often a collection of policies that may not accurately reflect how the firm operates today, may contain gaps relative to the FCA’s current expectations, and may not hold together as a coherent, evidence-based framework.

Building a compliance framework that genuinely works starts with understanding what the FCA expects. We review the regulator’s current policy and thematic review outputs and map them against your existing documentation, identifying where your firm meets the required standards and where gaps exist. This process ensures that your compliance framework is built around what the FCA is looking for now, including any areas of focus highlighted in recent thematic reviews relevant to advice firms of your size and type.

From there, we create or review the full suite of processes and procedures your firm needs, each one tailored specifically to how you operate. Every document we produce reflects your business, your advisers, and the clients you serve

Your Advice & Investment Process

The foundation of any compliant advice firm is a clearly documented advice and investment process. This sets out how your advisers gather client information, conduct research, make recommendations, and evidence the suitability of the advice they deliver. Without a well-defined, consistently followed process, firms are exposed to significant regulatory and reputational risk, and file checking activity will quickly expose inconsistencies between what your policies say and what is happening in practice.

We work with you to create or review your Advice and Investment Process, including your Centralised Investment Process and, where relevant, your Centralised Retirement Income Process. These are not just documents to satisfy a file check; they are practical tools that help your advisers deliver consistent, suitable advice and give you confidence that the right standards are being maintained across your client bank.

Financial Crime

All FCA-authorised firms have clear obligations under anti-money laundering legislation and wider financial crime regulation. The FCA expects firms to have a robust, documented financial crime framework in place and to be able to evidence how it is being applied on an ongoing basis, not just at the point policies were first written.

We create a bespoke financial crime framework for your firm, covering your anti-money laundering policies and procedures, your approach to identifying and managing financial crime risk, and the preparation of your annual money laundering report for senior management review. We also document your approach to bribery and conflicts of interest, ensuring that all areas are properly evidenced and proportionate to the nature and scale of your business.

Data Protection & Security

Data protection obligations under UK GDPR apply to every FCA-authorised firm, and the consequences of getting them wrong can be significant, particularly in terms of potential regulatory action from the FCA, fines from the ICO and in terms of damage to your firm’s reputation and the trust your clients place in you. Many advice firms have data protection documentation in place, but have not revisited it since GDPR was introduced, meaning it may no longer reflect current practice or regulatory expectations.
We review your existing data protection and data security documentation and update it to reflect how your firm currently collects, stores, uses, and shares client data. Where gaps exist, we create the policies and procedures needed to bring your compliance framework into line with your obligations in this area.

Complaints Handling

A clear, well-documented complaints handling process is a regulatory requirement, and the FCA pays close attention to how firms treat clients who raise concerns. How a firm handles complaints is also one of the FCA’s key indicators of culture and consumer focus under Consumer Duty, making this an area where getting the documentation and the process right matters more than ever.

We create or review your complaints handling policies and procedures, ensuring they meet FCA requirements and set out a fair, transparent process for anyone who raises a concern. We also establish a root cause analysis process, so that complaints are not just resolved individually but used to identify and address any broader issues in your advice or service.

Business Continuity & Disaster Recovery

Every regulated firm is expected to have a documented plan setting out how it will continue to operate in the event of a significant disruption, whether that is a technology failure, loss of key personnel, or any other event that affects normal working. For smaller advice firms, this is an area that often receives less attention than it deserves, frequently because it feels unlikely rather than because it is unimportant. The FCA does not share that view, and the absence of a credible plan is a gap that will be noted.

We create a proportionate, practical business continuity and disaster recovery plan for your firm, realistic about the risks your business faces and clear about how you would respond to them. We review and update this regularly to ensure it remains relevant as your firm evolves.

Risk Management

Effective risk management sits at the heart of a well-run compliance framework. The FCA expects firms to have a structured, documented approach to identifying, assessing, and managing risk across all areas of the business, and to be able to demonstrate that this is being carried out on an ongoing basis rather than as an occasional exercise.

We create and maintain a Risk Register tailored to your firm, covering the full range of regulatory, operational, and business risks relevant to your business. We review it regularly with you, updating it to reflect changes in your firm or the regulatory environment, and ensuring that it remains a live and useful document rather than one that sits unchanged between annual reviews.

Training & Competence

A Training and Competence framework forms a central part of demonstrating good client outcomes under Consumer Duty. It needs to be properly documented, consistently applied, and regularly reviewed. We create a T&C framework tailored to your firm’s structure and the range of activities your advisers undertake, covering the full competence journey from new recruits through to experienced advisers and setting out clearly how competency is assessed, maintained, and evidenced over time.

Systems & Controls

The FCA expects firms to have adequate systems and controls in place to manage their regulatory obligations and ensure the business is run in an orderly and compliant manner. Documenting these clearly is important both for internal governance and for demonstrating to the regulator that your firm is properly organised and that the right oversight arrangements are in place.

We review your existing systems and controls documentation and ensure it accurately reflects the technology, processes, and oversight arrangements your firm has in place. Where gaps exist or where controls need strengthening, we work with you to put the right arrangements in place and make sure they are properly documented within your overall compliance framework.

Client Disclosure Documentation

Clients must receive clear, accurate information about the services being offered, the costs involved, and the firm they are dealing with before advice is provided.

We review and update all of your client-facing disclosure documentation, including your Client Agreement and Services and Costs documentation, ensuring everything is clear, compliant, and consistent with how your firm actually delivers its services. Disclosure documentation is also one of the areas the FCA scrutinises closely as part of its Consumer Duty supervisory work, making it a particularly important component of your wider compliance framework.

What Our Customers Have To Say

  • Ian has taken a significant burden off our shoulders since we began working together in 2025. Having been referred by a trusted advisor, the experience has been seamless—informative, straightforward, and, most importantly, consistently reliable. His expertise and flexibility, particularly in adapting to and enhancing our systems and processes, have made him a pleasure to work with. I move forward with real confidence that our business is well-positioned within a highly regulated environment.

    Simon Munday

Let’s Talk About Your Firm’s Compliance

If you would like to find out how Advice Firm Compliance Ltd can support your firm, please get in touch. We are happy to have an initial conversation about your compliance requirements with no obligation.

Get in touch

Latest news

All news

Let’s Chat

If you would like to discuss how Advice Firm Compliance Ltd can help you build or review your compliance framework, please get in touch. We are happy to have an initial conversation about where your firm currently stands and what support might look like, with no obligation.

Contact Us