FCA third party arrangements – responsibility and oversight is under increasing scrutiny

10th June 2021

The FCA is placing increasing focus on arrangements where a firm has some responsibility for a third party’s actions. These types of arrangements take various forms (some key examples are discussed in more detail below). All regulated firms should be reviewing any arrangements where there is some form of relationship with a third party to ensure that they are doing everything that they should be doing with a view to mitigating any risks arising out of those arrangements.

Firms who engage in any of the arrangements below should ensure they understand the responsibility placed on them. The examples below are simply that, examples, and there may well be other areas impacted. The responsibility will obviously change depending on the nature of the relationship but firms will need to be able to demonstrate a “cradle to grave” consideration of any third party arrangements. The sorts of things that firms should be thinking about are: have the risks of the arrangements been properly identified and considered by senior management? What procedures are in place to mitigate any risks and how will these risks be managed? Has everything been documented properly? Has the appropriate due diligence been undertaken? Are the contractual arrangements compliant with regulatory requirements? How are the arrangements overseen / supervised (where appropriate)? What checks are undertaken? Are all records documenting oversight / supervision accurate and up to date?

In the new world of SM&CR (Senior Managers and Certification Regime) and the shifting regulatory landscape the FCA will be looking to hold senior manager to account where firms are considered to have fallen short! The FCA is looking for firms / senior managers to be able to demonstrate they have taken pro-active steps to ensure good outcomes for consumers, rather than simply reacting to issues as / when they arise.

There are currently a number of arrangements whereby an authorised firm has responsibility, at least in part, for oversight of the actions of another firm. These type of arrangements come in different forms including:

  • Outsourcing arrangements where regulatory responsibility remains with the firm appointing the outsource provider;
  • Appointed representative arrangements whereby the authorised firm takes responsibility for the regulatory compliance of an unauthorised firm;
  • Lenders increasingly responsible for ensuring that those who are involved in the sales chain, i.e brokers, are required to act in a manner which results in better outcomes for consumers; and
  • Section 21 approvals where an authorised firm approves a financial promotion prepared by an unauthorised firm with the intention that the section 21 approval will allow the unauthorised firm to communicate the financial promotion free of any restriction.

What each of these have in common is the expectation that certain firms will take on responsibility for the oversight and ongoing supervision of those involved further down the chain and the increasing importance that the FCA places on these type of arrangements.

Whilst there are rules in place governing the extent of the responsibility and the oversight which should be undertaken in each of these areas, there are clear signs from the FCA that these sorts of arrangements are coming under closer scrutiny. The FCA has concerns that firms are not taking these responsibilities seriously enough and are often falling short of the standards expected by the FCA. The FCA wants to see firms move away from implementing a “one size fits all” approach and really assess whether its procedures are sufficiently robust in the context of the particular arrangements and the responsibilities placed on the regulated firm.

Outsourcing & Third Party risk management

The PRA recently issued its Supervisory Statement on Outsourcing and Risk Management and was largely a mechanism for implementing the EBA’s Guidelines on outsourcing arrangements and also certain sections of the EBA’s Guidelines on ICT and Security Risk Management (the guidelines). The PRA also expanded on the expectations in the guidelines in certain areas e.g. data security; business continuity and exit plans; ICT and risk management.

The FCA shortly followed suit by updating its website on outsourcing, confirming that the outsourcing requirements include any arrangement with a third party provider. The FCA wants firms to effectively manage these providers to reduce the risk of operational disruption and harm to their consumers.

The FCA expects firms to be operationally resilient by having a comprehensive understanding and mapping of the people, processes, technology, facilities and information necessary to deliver each of its important business services. This includes people and other dependencies such as third parties. Firms should assess the risks and controls in place to ensure it is operationally resilient.

Appointed Representative (AR) arrangements

The point of a Principal – AR relationship is that the AR effectively sits under the umbrella of the authorisation of the Principal firm – piggybacking off the Principal’s permissions. The AR is exempt under legislation from the requirement to be authorised. By its very nature, when a Principal firm appoints an AR it accepts regulatory responsibility for the actions of that firm. Indeed, any failures / non-compliance committed by the AR is considered by the FCA to be a failure / non-compliance of the Principal firm and the FCA can and will, take regulatory action against the Principal when appropriate. Accordingly, the FCA is relying on the Principal firm to do its job properly – it should ensure that it is be monitoring and overseeing the activities of its AR’s to ensure regulatory compliance at all times.

AR arrangements have long been on the FCA’s radar and have been subject to several reviews; Dear CEO letters; skilled person reviews; supervision work and enforcement action over the years. In its most recent review in May 2019 into AR arrangements in the investment management sector, the FCA found that 50% of firms could not consistently demonstrate that they had effective risk management and control frameworks to identify and manage the risks arising from their AR’s activities. The failings identified weak or under developed governance arrangements including, a lack of effective risk frameworks, internal control and sufficient resources: as a result:

  • Principal firms were failing to take reasonable steps to assess their own suitability to oversee their ARs properly; often Principal firms had insufficient resources in terms of the number of individuals who were appropriately skilled and experienced to do so;
  • There were clear evidence of poorly documented AR contractual arrangements;
  • Most firms had not put in place appropriate control frameworks to monitor the AR’s activity on an ongoing basis;
  • Deficient risk frameworks meant that monitoring was not bespoke to the AR’s business model;
  • The FCA had seen a growth of AR networks but without any change in the governance and risk frameworks to align with that growth.

This review came on the back on a similar review of the general insurance sector in 2016/2017. At this time the FCA identified significant shortcomings in the control and oversight of ARs by their principal firms. Many of the issues identified above were identified as part of that review. Principal firms whether in investment management or in relation to insurance, should have taken note and carried out their own reviews to identify any shortcomings and should have taken remedial action where appropriate.  The FCA has said that it will be conducting further work, including undertaking visits to Principal firms, and expects to see that firms have considered the findings in the reviews and other FCA communications and have taken appropriate steps to address the areas of risk identified. Given the period of time that has elapsed since the last review, it is anticipated that a further review is likely to be imminent.

Consumer credit

The lender – broker market is slightly different, as the brokers are likely to be directly regulated by the FCA themselves (either fully authorised or as limited permission firms) so will have their own regulatory responsibility. That said, the FCA’s rules (CONC 1.2.2R) require that firms take reasonable steps to ensure that other persons acting on its behalf comply with CONC. This places a responsibility on lenders to be proactive in ensuring that the intermediaries with whom they conduct business, are doing so in a manner which is compliant with the regulatory requirements and ultimately, reducing risks to consumers. It should also be noted that a lender may also be liable in law for representations made by a broker acting as its agent (albeit there are limitations to this liability). Whilst there are relatively few lenders, there are a very large number of intermediaries such as brokers and dealers and as such, the lenders will need to think carefully about how they mitigate any risk created by arrangements in the sales chain focussing on the key areas of concern identified by the FCA.

In March 2019, the FCA issued its findings into its review of the motor finance market. Of note, was that a number of findings expressed concerns about the nature of oversight of lenders of broker intermediaries. The FCA asked lenders about the controls they had in place to monitor brokers compliance with the FCA’s rules and noted as part of its review, issues relating to the following areas:

  • Commission arrangements  – the FCA stated it was concerned that the way commission arrangements are operating in motor finance may be leading to consumer harm on a potentially significant scale. Some customers are paying significantly more for their motor finance because of the way lenders choose to remunerate their brokers. The FCA was concerned about the widespread use of commission models which link the broker commission to the customer interest rate and allow brokers wide discretion to set the interest rate. This gives rise to conflicts of interest and creates strong incentives for the broker to charge a higher interest rate. Further the FCA found that these incentives have significant effects on the cost of motor finance for consumers, even after controlling for other factors which might affect interest costs, such as the customer’s credit score, loan value or length of the agreement. For commission models where the broker has discretion over the interest rate, increases in broker commission are associated with higher increases in interest rates, particularly for difference in charges models. It should be noted that discretionary commission models were subsequently banned from 28 January 2021 with almost immediate effect, although firms will have been aware it was coming.
  • Point of sale information provided to customers – ensuring that all required pre-contract and adequate explanations were provided in a timely fashion to customers and that the appropriate commission disclosure information was provided.

Whilst this review focused on the motor finance market, the read across to the wider consumer credit industry is relevant and lenders outside of the motor finance industry should take note. Responsibility is being placed at the top of the chain for oversight of what happens further down the chain. Whilst lenders may not be held to account for the breaches of the intermediaries, it is likely that they will be held liable if they cannot demonstrate to the FCA that they have taken reasonable steps to ensure that the brokers are getting it right and that they are sending the right messages and driving the right behaviours further down the chain.

It should also be noted that the FCA is soon to launch one of its biggest reviews into firms who hold a consumer credit broking permission. The FCA sent out a survey to an initial population of 300 on 20 May with the intention to send the survey to every firm who holds consumer credit broking permission, appx 31,000 firms (approximately half of the firms within its remit) in July. The purpose of the survey is to assist the FCA in understanding whether and how firms are using their credit broking permission. The survey is expected to be short and focus on firm’s business models including remuneration and commission arrangements. It would not be too far of a stretch to assume that the FCA will place some emphasis on firm’s remuneration arrangements and may be looking to understand the lenders role and oversight, particularly where the arrangements are likely to result in poor outcomes for consumers.

Section 21 Approvals

This is again a slightly different approach but forms part of the same overall message. An FCA authorised firm can provide section 21 approval of a financial promotion which is issued by an unauthorised firm, which means that the unauthorised firm can communicate the financial promotion free of restriction. Whilst the regulatory regime has always placed regulatory responsibility on the approver for the contents of the financial promotion, the FCA had not provided any detailed guidance as to what this should look like.

In July 2020 HMT published proposed reforms which would limit the scope of firms for firms approving financial promotions for the purposes of s.21 along with the introduction of a “gateway” through which authorised firms would need to pass to be able to approve the financial promotions of unauthorised firms. In addition to this, the FCA issued a recent Discussion Paper, in which it expressed  concerns that once formal section 21 approval has been provided, the approver needs to take a more active role in ensuring compliance of a financial promotion on an ongoing basis and what those responsibilities should look like particularly where automated systems are used in the sales process. New rules further spelling out in more detail what approvers should be doing are expected later this year.

The overall message?

When firms enter into arrangements with third parties, they should ensure that they understand the regulatory responsibilities that arise in connection with those relationships.

In relation to AR arrangements and consumer credit, the FCA communicated those areas where it expects to see improvements approximately two years ago. It would be fair to anticipate that the FCA is likely to revisit these arrangements in the not too distant future and indeed in relation to the upcoming consumer credit survey, which could be an area of regulatory focus before the end of this year.

The FCA’s update to its website page, is also a marker for firms to ensure they review all third party arrangements, even where there is not a material outsource arrangement.

Given the regulators attention on these types of arrangements over the last few years, firms who fall short of the FCA’s expectations are increasingly likely to end up on the wrong side of an enforcement action. Firms should start carrying out their own reviews now and as with all things regulatory, ensure that they fully document key decisions; reviews; and concerns and that there is a clear audit trail of any actions taken.

If you need banking or finance legal advice

Speak to one of our specialist lawyers

Arrange a call

Enjoy That? You Might Like These:


26 July -
Recently, the High Court in Avanti Communications Limited (In Administration) (the “Company“) handed down a first instance judgment which has provided a certain clarity in regards on how to characterise... Read More


20 July -
Welcome to the second 2023 edition of Brief Banking Bites from Blake Morgan. This summary of topical updates will include brief pointers to items currently in the news, as well... Read More


19 July -
In the context of COP-26 targets and with the UK Government issuing £16 billion in green bonds in 2021, the sustainable lending area is one proving to live up to... Read More