**Originally published 5 December 2022; updated 16 August 2023**
The Financial Conduct Authority (FCA)’s new rules to improve the Appointed Representatives (AR) regime took effect on 8 December 2022 triggering a significant consolidation of the hosting sector. Here we share five key questions a current or prospective AR should ask a principal firm to assess if they can meet the enhanced FCA requirements and are likely to be able to provide services in the long term.
While principal firms must conduct a detailed risk assessment of every incoming AR during onboarding, responsible financial services businesses should also complete due diligence of their own when selecting a host. In light of the increased regulatory scrutiny of the sector, it is in the interests of every AR to ask the right questions and ensure their principal firm isn’t cutting any corners. The key questions are:
1. How are conflicts of interest managed?
It’s critical to assess how your principal firm manages conflicts of interest. A key conflict arises because ARs are paying for a service, so the firm may be incentivised to reduce its onboarding due diligence and compliance oversight to bring on and retain more business. There is a real risk that the firm’s senior management prioritises commercial goals ahead of adequate and robust supervision.
We recommend reviewing the FCA register to assess if the firm’s board and senior manager appointments are sufficiently experienced to provide adequate governance. Also, whether the board is supported by a team that can review policies and procedures to provide regular audits of the adequacy of risk management and systems and controls.
It is particularly important to check if the CEO (SMF1) and the Compliance Officer (SMF16) are the same individual. We believe that the conflict can only be effectively managed by appointing one person as SMF1, responsible for commercial targets, and a separate, suitability experienced and competent person as SMF16, responsible for compliance and able to challenge decisions made by the SMF1 when necessary.
2. Do you have sufficient expertise to oversee different AR business models, taking account of new regulations?
It has always been important for principal firms to understand the business models of their ARs, and increased oversight makes it doubly so. There are very different levels and types of risk depending on whether the ARs provide services to professional or retail clients. We believe better oversight can be achieved by firms that focus on servicing either ARs with professional clients or those with retail clients, but not both.
Further, a firm needs expertise in different asset classes. For example, it can’t appropriately oversee an AR whose business activities involve cryptocurrency without understanding that asset class and its associated complexities. A responsible firm should limit their activity to the business models they thoroughly understand. Another example is the growing trend for asset managers to incorporate ESG factors in their investment process, so the firm needs expertise in complex ESG regulations such as EU SFDR regulations. We recommend checking if the firm has an advisory team with specialist experts in place to support the monitoring team.
3. How do you ensure effective monitoring and oversight?
We recommend asking if, during onboarding, a thorough and detailed risk assessment is carried out to determine the level and type of AR monitoring needed to mitigate risks.
We also recommend assessing if the monitoring team is adequately resourced to conduct a structured and detailed monitoring programme, with auditable working papers and adequate reporting of findings to the ARs. One way to check is to calculate the number of ARs monitored by each associate (we estimate 10 ARs per associate should be a maximum). In addition, check that a compliance committee is meeting a least monthly with sufficient management information to oversee adherence to the monitoring plan and ensure prompt escalation and remediation of breaches and findings from the monitoring.
4. How is market abuse risk monitored?
The FCA highlighted adequate market abuse risk monitoring in its May 2019 “Dear CEO” letter. We recommend asking the principal firm if it has undertaken a comprehensive assessment to clearly identify its regulatory obligations under the FCA’s Market Abuse Regulation (MAR).
This assessment should inform the proactive monitoring of the trading activity of managed funds to detect and report suspicious orders and transactions. The FCA expects principal firms to adopt an automated monitoring system rather than a manual approach.
5. How is AML and sanctions risk monitored?
Another reason to review the FCA register is to assess if the firm has appointed a dedicated MLRO (SMF17) responsible for financial crime oversight. Each AR’s ultimate beneficial owners (UBOs) and approved persons should be subject to daily screening for sanctions, politically exposed persons (PEPs) and adverse media, and any positive matches should be effectively assessed, escalated and remediated.
With the current levels of elevated sanctions risk, we further recommend checking if the firm has invested in technology that allows automated daily screening of sanctions lists so that new additions can be identified and remediated promptly to mitigate the risk of providing AR services to sanctioned individuals or entities.