The Principal and Appointed Representative (ARs) relationship has always been an area of keen focus for regulators. Thematic reviews have been plentiful, covering retail lending, general insurance and investment management, Dear CEO letters and Warning Notices have also provided much commentary over the years. It remains a key area of focus for the FCA due to the inherent risk in the business model and the rise in regulatory hosting services firms.
In its most recent Business Plan, the FCA highlighted ‘raising standards in the Appointed Representative Regime’ as one of their wholesale market priorities. The FCA specifically called out that many Principal firms have poor due diligence and oversight of their ARs and that they would increase their supervision to reduce the most significant risks from ARs in wholesale markets and consult on cross-sector changes to improve and strengthen the elements of the AR regime.
With Principal firms subject to increased supervision and investigations currently underway, it is timely to remind ourselves of the key areas of focus and the standards expected of firms.
The FCA Handbook sets out the rules and guidance on appointing ARs and the continuing obligations of the Principal firm. The main purpose is to place responsibility on the Principal firm for seeking to ensure that its ARs are fit and proper to deal with clients in its name, and to ensure that clients dealing with its ARs have the same level of protection as if they had dealt with the principal firm itself.
At Square 4, we typically focus on the following three key areas when looking at the relationship and oversight of ARs:
The adequacy of a firm’s governance and risk management framework
The adequacy of a firm’s due diligence, onboarding and monitoring of its AR population, and
The adequacy of non-financial resources in place at the firm in respect of AR monitoring
Governance and risk management
Governance is one of the four key drivers which the FCA believe can lead to harm and through their supervision of firms, they’ll determine how effective it is in reducing the potential harm arising from a firm’s business model.
When looking at the Principal and AR relationship, firms should start with governance and the adequacy of the initial and ongoing risk assessment and risk scoring of its entire AR population. This should include how the risk scores feed into the on-boarding approval process and how they drive the frequency and extent of monitoring of the AR, particularly the Principal firm’s decision to carry out enhanced monitoring of an AR. We would expect the Principal firm to have a clearly defined risk appetite with limits across various risk categories, including but not limited to credit, market and operational risk.
A firm’s risk assessment should also include an assessment of the ARs business model and the size and scale of the ARs businesses, including the adequacy of financial resources and financial health including its rationale for the quantification of its risk exposures and potential harms acknowledging any PII policies of its ARs and how these feed into the risk scoring.
Having ensured a robust risk assessment process is in place, Principal firms should ensure that the relevant Board and Committees have appropriate oversight of the risks facing the business (particularly in relation to ARs at on-boarding stage and on an ongoing basis), including whether they receive appropriate management information to discharge their responsibilities.
Onboarding and monitoring
Prior to commencing a formal Principal and AR relationship, the Principal firm should ensure appropriate due diligence is undertaken. This is a critical first step in getting to know the business, its business model and any inherent risks. In today’s vernacular, the FCA expects an assessment of the Principal’s understanding and documentation of the drivers of harm in each AR’s business model and the level of risk they pose, as well as their financial adequacy and solvency.
There are a range of other factors to consider here such as the level of routine versus bespoke monitoring of AR’s and the level of reliance placed on any in-house compliance teams. Breadth of coverage is wide with common areas of monitoring to include; reviews of any sales/marketing process, oversight of introducers linked to ARs, client take-on process (e.g., including appropriateness/suitability reviews, KYC and AML checks), quality assurance checks, approval of financial promotions, whether the AR is carrying out regulated activities permitted by the AR agreement.
Adequacy of non financial resources
Perhaps more challenging an assessment is whether Principals, who ultimately could be overseeing a wide variety of business models, have put in place appropriate resources including enough appropriately skilled and experienced people. This was a particular concern raised by the FCA in their ‘Review of Principal firms in the investment management sector’.
What do we see in the market?
The FCA in their Business Plan 2021/22 have stated that they intend to increase supervision to reduce the most significant risks from ARs and also consult on cross-sector changes to improve and strengthen the elements of the AR regime.
Firms should actively consider:
Their governance arrangements to ensure robust oversight of ARs
Their risk management approach allows for clearly defined risk appetite with limits across various risk categories
Appropriate due diligence of new ARs to ensure risk identification and the frequency and extent of future monitoring
Whether staff have the necessary skills and capability to cover the breadth of activities and business models within their AR population, including deep dives on key regulatory initiatives
The adequacy of their oversight and quality control arrangements
The adequacy of their MI and reporting
We would encourage firms to be pro-active in this high priority area and seek assurance as to the current state of compliance, ensuring risk identification and management is aligned to good customer outcomes and regulatory expectations.
Square 4 was founded with the vision to support people and businesses grow and thrive.
Across the team, we have extensive experience incorporating the ‘big four’ professional service firms, industry regulators, leadership roles within Global Systemically Important Financial Institutions (G-SIFIs) and other outsourced learning, resourcing and consultancy providers. We combine this expertise with best-in-class technology across an evolving spectrum of conduct, financial crime and operational risk.