Due Diligence Isn't One Thing. It's Everything You Do Before You Trust Someone With Your Business.
Customer verification. Supplier vetting. Employee screening. Product assessment. Every FCA-regulated firm has due diligence obligations across all four — but most have policies covering only one or two, leaving dangerous gaps that regulators find quickly. This comprehensive Due Diligence Policy gives firms a single, unified framework covering every category of assessment: individual and corporate customer CDD/EDD/SDD, third-party and supplier due diligence, employee recruitment and fitness assessments, and product governance — all under one governance structure, aligned to MLR 2017, FCA SYSC, SM&CR, Consumer Duty, and UK GDPR.
One policy. Every relationship. No gaps.
What's included: Multi-tiered assessment methodology (standard/enhanced/simplified) with proportionality framework · Sector-specific regulatory mapping across Consumer Credit, Insurance, Investment, Payment Services, and Cryptoassets · Individual customer CDD — Regulation 27-30 MLR 2017 procedures, documentary evidence hierarchy, risk profiling, PEP and FATF high-risk country triggers · Corporate customer CDD — entity identification, beneficial ownership verification to 25% threshold per Regulation 28, complex structure mapping, ownership chain analysis · Beneficial ownership matrix by entity type (company, partnership, trust) · Corporate EDD triggers — shell companies, opaque structures, high-risk sectors, sanctions exposure · Supplier and third-party due diligence — three-tier risk categorisation, standard and enhanced procedures, mandatory contractual requirements, ongoing monitoring · Third-party risk matrix (high/medium/low) with corresponding due diligence requirements · Employee due diligence — pre-employment standard and enhanced checks, 5-year employment history verification, financial background assessment for senior roles · SYSC 22 regulatory reference requirements covering 6-year employment history · FIT 2 fitness and propriety assessment framework for SMF holders · Annual fitness and propriety review procedures · Trigger event monitoring and mandatory disclosure requirements · Product due diligence — pre-launch regulatory impact analysis, Consumer Duty fair value assessment, target market assessment under MiFID II and Insurance Distribution Directive · Operational readiness assessment framework · Post-implementation monitoring requirements · Enhanced Due Diligence — mandatory triggers (customer, transaction, and jurisdictional), source of funds and wealth documentation requirements, senior management approval process · EDD decision framework — six-stage risk identification through implementation · Ongoing monitoring frequencies by risk category (monthly through annually) · Continuous sanctions and PEP screening · Three-lines-of-defence governance model · Due Diligence Committee structure with quarterly review cadence · 24-hour escalation trigger with 48-hour documentation requirement · Retention schedule — 5-year standard (MLR 2017 Regulation 40), 6-year employee and third-party records (SYSC 3.2.20R) · UK GDPR and Data Protection Act 2018 integration · Six ready-to-use assessment templates: individual CDD questionnaire, corporate CDD assessment form, supplier and third-party checklist, product due diligence review, employee recruitment checklist, product approval assessment form with RAG rating guide
Built for: Compliance officers, risk functions, HR leads, and senior managers at FCA-regulated firms who need a complete, cross-functional due diligence framework covering every relationship type the business enters.
Due Diligence Isn't One Thing. It's Everything You Do Before You Trust Someone With Your Business.
Customer verification. Supplier vetting. Employee screening. Product assessment. Every FCA-regulated firm has due diligence obligations across all four — but most have policies covering only one or two, leaving dangerous gaps that regulators find quickly. This comprehensive Due Diligence Policy gives firms a single, unified framework covering every category of assessment: individual and corporate customer CDD/EDD/SDD, third-party and supplier due diligence, employee recruitment and fitness assessments, and product governance — all under one governance structure, aligned to MLR 2017, FCA SYSC, SM&CR, Consumer Duty, and UK GDPR.
One policy. Every relationship. No gaps.
What's included: Multi-tiered assessment methodology (standard/enhanced/simplified) with proportionality framework · Sector-specific regulatory mapping across Consumer Credit, Insurance, Investment, Payment Services, and Cryptoassets · Individual customer CDD — Regulation 27-30 MLR 2017 procedures, documentary evidence hierarchy, risk profiling, PEP and FATF high-risk country triggers · Corporate customer CDD — entity identification, beneficial ownership verification to 25% threshold per Regulation 28, complex structure mapping, ownership chain analysis · Beneficial ownership matrix by entity type (company, partnership, trust) · Corporate EDD triggers — shell companies, opaque structures, high-risk sectors, sanctions exposure · Supplier and third-party due diligence — three-tier risk categorisation, standard and enhanced procedures, mandatory contractual requirements, ongoing monitoring · Third-party risk matrix (high/medium/low) with corresponding due diligence requirements · Employee due diligence — pre-employment standard and enhanced checks, 5-year employment history verification, financial background assessment for senior roles · SYSC 22 regulatory reference requirements covering 6-year employment history · FIT 2 fitness and propriety assessment framework for SMF holders · Annual fitness and propriety review procedures · Trigger event monitoring and mandatory disclosure requirements · Product due diligence — pre-launch regulatory impact analysis, Consumer Duty fair value assessment, target market assessment under MiFID II and Insurance Distribution Directive · Operational readiness assessment framework · Post-implementation monitoring requirements · Enhanced Due Diligence — mandatory triggers (customer, transaction, and jurisdictional), source of funds and wealth documentation requirements, senior management approval process · EDD decision framework — six-stage risk identification through implementation · Ongoing monitoring frequencies by risk category (monthly through annually) · Continuous sanctions and PEP screening · Three-lines-of-defence governance model · Due Diligence Committee structure with quarterly review cadence · 24-hour escalation trigger with 48-hour documentation requirement · Retention schedule — 5-year standard (MLR 2017 Regulation 40), 6-year employee and third-party records (SYSC 3.2.20R) · UK GDPR and Data Protection Act 2018 integration · Six ready-to-use assessment templates: individual CDD questionnaire, corporate CDD assessment form, supplier and third-party checklist, product due diligence review, employee recruitment checklist, product approval assessment form with RAG rating guide
Built for: Compliance officers, risk functions, HR leads, and senior managers at FCA-regulated firms who need a complete, cross-functional due diligence framework covering every relationship type the business enters.
Image 1 of 1
