How to Use This Framework
This framework scores your regulatory compliance posture across five areas that the FCA examines most rigorously: capital adequacy, safeguarding (for payment institutions and e-money issuers), regulatory reporting, AML and financial crime controls, and governance. It is designed for compliance officers, CFOs and SMF holders at FCA-authorised firms who want a structured gap analysis against current regulatory expectations.
Score each question: 2 = fully in place, 1 = partially in place, 0 = not in place. Total your score across all 20 questions (maximum 40 points). Any question scoring 0 in Areas 1 or 2 represents a potential regulatory breach that should be escalated to the board and addressed before the next FCA interaction.
Assessment Areas
Area 1: Capital Adequacy
Q1. Own funds requirement is calculated monthly using the correct method for the firm's permissions
Q2. Capital headroom (own funds minus requirement) is reported to the board at least quarterly
Q3. A capital stress test is conducted at least annually showing headroom under adverse scenarios
Q4. The firm has a documented plan to replenish capital if headroom falls below a defined threshold
Area 2: Safeguarding (PI / EMI Firms)
Q5. Relevant funds calculation is performed every business day and documented
Q6. Safeguarding bank account is at an FCA-authorised institution with a current acknowledgement letter
Q7. A three-way reconciliation (obligation, bank balance, internal records) is completed daily
Q8. A wind-down plan covering return of relevant funds to customers exists and has been tested
Area 3: Regulatory Reporting
Q9. All FCA regulatory returns (RMAR/REP) are submitted on time — no missed or late submissions in 12 months
Q10. A reporting calendar covers all regulatory deadlines for the next 12 months
Q11. Reporting data is reconciled to management accounts before submission
Q12. A second reviewer checks all regulatory returns before they are submitted to the FCA
Area 4: AML & Financial Crime Controls
Q13. A current, board-approved AML policy is in place and reviewed at least annually
Q14. A MLRO is appointed, has sufficient seniority, and has adequate time and resource for the role
Q15. Transaction monitoring is in place and alert thresholds are reviewed and calibrated regularly
Q16. AML training records show all relevant staff have completed training within the last 12 months
Area 5: Governance & Senior Management
Q17. Regulatory responsibilities are clearly allocated to named individuals under the SMR/CR
Q18. The compliance function reports independently to the board — no conflict with commercial functions
Q19. A compliance monitoring programme is in place and executed against on a documented schedule
Q20. Regulatory change management: FCA publications are monitored and impact assessed within 30 days
