Advisory and assurance
Whether you are a new business needing advice with regulatory permissions, implementing governance or compliance arrangements, or are a mature business with a specific challenge, we have the experience to provide you with practical solutions that you can trust.
In the current fast-moving environment, with rapid innovation in AI leading to significant changes in operations, controls and even entire business models, independent assurance and advice can provide confidence that your systems and controls are keeping pace.
Where management, your Board, or the regulator need independent assurance, we are here to help, whether a one-off exercise or on an ongoing basis. We can work with your Internal Audit function (if you have one) on a “co-source” or fully “outsourced” basis.
Regulatory audits
We can conduct targeted, independent audits in specific focus areas, such as Financial Crime, Governance, Systems and Controls, Client Assets, Prudential, to provide you with confidence that you are fully compliant with the regulatory requirements that apply to your business.
We approach regulatory audits from both a regulatory compliance and a process optimisation perspective, so that we can help you become operationally efficient as well as fully compliant. As technology and AI evolve, our audits will help you to adapt, innovate and meet regulatory expectations.
Perhaps you are planning investment or growth in a specific sector or product, are looking ahead to M&A activity, are implementing AI solutions at pace, or are subject to increased regulatory scrutiny. Audits can be tailored to meet your specific requirements and budgets, and to focus resources on the areas that matter most.
Transaction due diligence
We provide Regulatory Due Diligence services across the regulated Financial Services sector.
Our approach is holistic, as well as thorough. We will identify the important risks and issues early in the transaction process, but we also provide advice and guidance from your perspective.
For each of the issues or risks we identify, we focus on what they mean in the context of the transaction, the cost and time to remediate, and whether they point to wider concerns about governance, resourcing or the business model.
As AI-driven innovation reshapes business models, operating processes and regulatory risks across supply chains, the impact of technology on regulatory compliance is now an increasingly important aspect of transactional due diligence.
We know the time pressures associated with the transaction process and will provide you with the right information at the right time. This might start with an initial red flag report early in the process, ahead of more detailed due diligence as the transaction progresses where recommendations for remediation will be set out.
We can also provide assistance and guidance on Change of Controller applications, and assist with any questions that the FCA or other regulators might have.
Post-acquisition, we can work with you to ensure that remediation is progressing as planned, helping you to protect your investment and maximise value.
Financial crime
Financial crime continues to be an area of intense focus for regulators around the world, and understandably so, given the impact on economies, businesses and communities.
The Financial Services sector needs to be two steps ahead of criminal networks, who are constantly innovating ways to launder money through the system.
As the sector innovates – whether that is through new products and services, or by applying innovative technology to enhance customer experiences – criminals are looking for loopholes.
Recent advances in AI have enabled the analysis of data in ways not previously possible. However, AI has also allowed bad actors to become more sophisticated and convincing than ever before, requiring firms to reassess their financial crime business risk assessments.
Your business’s exposure to financial crime risk is unique, and therefore the solutions to mitigate risk exposures need to be tailored accordingly.
With the growing number of systems and innovative solutions in the market, effective implementation is critical, to avoid systems throwing out too many false positives or failing to identify transaction patterns to which your business is uniquely exposed.
We have experience in policies, systems, controls and investigations across a wide range of financial services firms, and we have arms-length relationships with a range of innovative technology providers whom we work with to provide independent, expert implementation support and ongoing assurance.
Whether you need advice on regulatory compliance, support following an investigation or incident, or have specific areas of concern, we can help.
Prudential
The Prudential regime in the UK has undergone some significant changes in recent years, with the introduction of the Investment Firms Prudential Regime (IFPR) in 2022 alongside changes impacting Banks and other firms.
What was once seen as a standalone discipline now needs to be integral to a regulated firm’s management arrangements. By ensuring that Prudential aspects are considered early on in strategic planning and acquisitions, we can help you avoid issues with capital down the line.
We can support you with IFPR compliance, your ICARA (including stress testing, recovery and wind-down planning) financial modelling and your governance of Prudential arrangements.
Skilled Person reviews
The FCA, PRA and the Bank of England have the authority to commission Skilled Person reviews under Section 166 of FSMA (these are sometimes referred to as Section 166 reviews).
Where a Skilled Person review is required, the scope will be set out by the relevant regulator in a Requirement Notice (normally this is issued as a Draft Requirement Notice in the first instance).
Our team has significant experience of leading and delivering Skilled Person reviews across a range of scope areas including Governance, Systems and Controls, Prudential, Financial Crime, Client Assets and Consumer Protection.
In selecting a Skilled Person, it is important that you engage with someone who can deliver to the requirements of the scope set out in the Requirement Notice, whilst providing guidance and confidence to you throughout the process. We understand that being required to engage a Skilled Person can be a stressful and often daunting experience.
When acting as a Skilled Person, we remove uncertainty and stress from the process by taking a constructive and open approach, whilst maintaining objectivity and independence.
Should you decide to appoint an alternative Skilled Person, we can provide end-to-end advice, support and guidance throughout the process. This includes helping you prepare for the review, providing operational and technical support during the review, and advising on any issues and recommendations identified either by us or by the Skilled Person.
Compliance support
Whether you are a start up in need of early-stage advice and support, an established business that doesn’t have its own Compliance function, or a larger firm with some skills or resourcing challenges, we are here to help.
We offer a range of compliance support services, including short- and medium-term secondments, ad-hoc advice in specific areas, training and support with FCA returns.
We also offer an ongoing retained service where we will provide your regulated Senior Managers (including the SMF16 – Compliance Oversight function) with the support they need to run your business in full compliance with the regulatory regime, where appropriate, using innovative AI-enabled compliance tools.
Governance and risk management
Good governance and effective risk management provide the foundations around which businesses can flourish and grow sustainably.
When designed and implemented effectively, governance and risk management should make your business operate more efficiently, create the framework in which risks and issues are identified and resolved quickly, and provide confidence to owners, management and regulators that your business is well managed.
Unfortunately, these are often areas where poor advice has led to poor outcomes. Over-engineered solutions can reduce efficiency and weaken confidence in governance arrangements, even where the intentions were good.
The pace at which AI tools and solutions are being developed is driving innovation that is as transformative as we have seen in recent decades. In a short period of time, AI has evolved from supporting decision-making to enabling increasingly automated processes across a growing range of business and control functions, including through the deployment of AI agents. Governance and risk management frameworks must keep pace with these developments to remain effective and relevant.
We have advised a wide range of firms, from standalone UK businesses to complex multinational groups. We help management and Boards unlock inefficiencies, reduce over-burdensome processes and protocols, deploy and manage AI solutions effectively, and strengthen overall effectiveness. We deliver practical, robust solutions that work, drawing on the latest innovations, including AI.
Operational risk and resilience
Over recent years there have been huge successes in the outsourcing of processes to firms who provide solutions at scale, delivering operations and technology that would otherwise be difficult or uneconomic for regulated firms to build in-house. More recently, AI-enabled tools and automation are increasingly being deployed both within regulated firms and at their outsourced service providers.
These arrangements have brought costs down for businesses and consumers, improved operational efficiency and effectiveness for regulated firms, and driven innovation.
For regulated firms, the accountability for the performance of all operational tasks that support regulated activities sits with the regulated firm, and the approved Senior Managers (under the UK Senior Managers Regime). This is true whether processes are performed in-house or have been outsourced.
As a result, this is an area of intense regulatory scrutiny.
We provide practical advice on how to navigate operational risk, including oversight protocols for outsourced services, escalation and dispute resolution mechanisms, and advice on compliance with regulations relating to operational risk and resilience.
