P2P firms: Are you ready for an FCA audit?
Peer 2 peer compliance update
The P2P market has been a roller-coaster the past few years, with a combination of several market players leaving and the FCA tightening its regulatory grip by issuing regular and complex regulation. This included the 2019 finalised rules, recent Dear CEO letter, SM&CR transition rules and continuous financial promotions reviews where the FCA has specifically mentioned peer to peer operators as contributors to the most common breaches.Due to several high profile exits, and the subsequent effect on retail consumers, it’s clear the FCA is not a big fan of P2P platforms and the resulting regulation could be said to have had a direct effect on the market with other platforms leaving in view of excessive levels of regulation.
Peer 2 peer compliance (and adherence to regulation) should therefore be taken as a collective and individual responsibility so that you and other remaining P2P operators continue to have a place in the financial services industry.
As part of the FCA’s supervisory powers, it can contact you and can request documents at any time. We’ve seen this first-hand, and what can start as a seemingly light request to review a few compliance policies can quickly unravel into the FCA requesting to see all your policies and procedures relating to the compliance of every aspect of your business. This could also entail interviews with the FCA as it delves into your business to question you on the nitty gritty details of compliance and platform operation.
Over the last few months, the focus of the FCA has been on Wind Down Plans, and firms have been contacted by the FCA to show their wind down plans. Other areas of concern and questioning from the FCA have included issues with loans, including oversight and monitoring of the loan book, and issues with the operation of the secondary market.
Before it gets to the stage of FCA inquisition and intervention, we recommend undertaking a regulatory assurance audit. Specifically, for P2P platforms, the regulations require you to have an independent audit function and where you are opting out of this requirement due to your size or scale of operations, we recommend that you have an external audit report to ensure compliance with the requirements found in SYSC 6.2.
How can we help you?
Thistle Initiatives provide regulatory assurance audits. This involves assessing whether your firm is meeting the FCA’s regulatory requirements and where best practice can be adopted when the regulation is not clear.
What does a Regulatory Assurance Audit entail?
Our audit procedure involves:
- Reviewing the firm’s policies and procedures covering all aspects of an effective compliance monitoring programme, including business model, credit underwriting, debt management, operation of secondary market, governance, business continuity planning, outsourcing, risk management, data and cyber security, financial crime, whistleblowing, the SM&CR regime, financial promotions, disclosures, complaints, training, fair treatment of customers and vulnerable customers and wind down planning;
- Interviewing senior management involved within the specific areas to determine how the firm operates in practice; and
- Requesting and reviewing a selection of sample records where appropriate.
What do you get?
• We then review all the documents, information and supporting material provided and produce a written report. Our reports are written in legal and jargon free, easy to understand language, making it clear what regulation is applicable and highlighting action items where necessary;
• We provide you with a first draft where we welcome any management comments that may explain any deficiencies;
• A final report is then produced to be kept on file. This can be shared at your discretion with wider parties, including the FCA.
What happens if my report raises major concerns?
Whilst every regulated and authorised firm will naturally want a glowing green report, it is quite normal to receive a report with ambers and maybe even a red or two. What matters most is how you respond to these identified deficiencies – which we can support with every step of the way.
Should you require it, we provide post-audit remedial support and an implementation plan to get you back into safe operating territory and within an effective compliance framework operating within the requirements of regulation and best practice.
Contact us today on 0207 436 0630 – or email info@thistleinitiatives.co.uk.