SYSC 6.1.1R requires every FCA-authorised firm to establish and maintain adequate policies and procedures to ensure compliance with its regulatory obligations. That means systematic monitoring — not reactive firefighting, not waiting for a complaint or a supervisory visit. A documented, risk-based programme that runs continuously, covers all regulated activities, tests consumer outcomes, detects breaches before they escalate, and produces evidence a regulator can inspect. Most firms have compliance awareness. Far fewer have a functioning compliance monitoring programme. The question isn't whether you're compliant — it's whether you can prove it.
What's included:
Full regulatory mapping: SYSC 4.1.1R/6.1.1R/6.1.2G/6.1.3R/6.1.4R/6.2/6.3/8/9/15A/18/24/26/27, PRIN 1/2/3/6/11, Consumer Duty PRIN 2A, COBS 2/4/6/9/10, DISP 1/1.10A/1.11, SUP 15.3, and the SM&CR accountability framework
Annual compliance monitoring plan: risk identification, control effectiveness evaluation, consumer outcomes risk, and regulatory change impact — with risk prioritisation matrix and monitoring frequencies from monthly through annual
Consumer Duty monitoring framework: all four PRIN 2A outcomes — products and services, price and value, consumer understanding, and consumer support
Internal audit programme: independence requirements, risk-based annual planning, three-year cyclical coverage, and four standardised execution phases (planning, fieldwork, reporting, and follow-up)
Four-level escalation protocol: Compliance Officer within 4 hours through Board within 24 hours — with FCA notification procedures under SUP 15.3.17R
Operational resilience monitoring: essential business services register, impact tolerance testing, scenario testing matrix, third-party resilience oversight, and RTO/RPO tracking
Ready-to-use appendices: compliance risk assessment template, breach materiality checklist, Consumer Duty monitoring template with RAG ratings across all four outcomes, internal audit planning checklist, and compliance monitoring assessment form with full sign-off procedures
+ much more
Who is this for?
Compliance Officers, SMF16/17 holders, Heads of Internal Audit, and Risk Functions at FCA-regulated firms who need a complete, board-approved compliance monitoring and internal audit framework that demonstrates adequate systems and controls under SYSC 6.1.
How it works
Step 1 — Read it. Every section exists for a reason, grounded in a specific regulatory obligation.
Step 2 — Understand it. Map the content against your current practices. Identify where you're strong and where gaps exist.
Step 3 — Make it yours. Tailor the language to reflect how your organisation actually operates. A policy that sounds like your firm is a policy your people will follow.
Step 4 — Take ownership. Assign clear accountability — Board approval, named SMF holder, designated policy owner. A policy without an owner is a liability, not an asset.
Step 5 — Operationalise it. Embed the policy into your governance calendar, training programme, and annual review cycle. This is where compliance becomes culture.
Or, get this free with RegTechPRO
Access this alongside the full compliance policy library — SM&CR, COBS, AML, Consumer Duty, GDPR, and more — for a fraction of the cost of consultancy.
View RegTechPRO pricing and packages →
SYSC 6.1.1R requires every FCA-authorised firm to establish and maintain adequate policies and procedures to ensure compliance with its regulatory obligations. That means systematic monitoring — not reactive firefighting, not waiting for a complaint or a supervisory visit. A documented, risk-based programme that runs continuously, covers all regulated activities, tests consumer outcomes, detects breaches before they escalate, and produces evidence a regulator can inspect. Most firms have compliance awareness. Far fewer have a functioning compliance monitoring programme. The question isn't whether you're compliant — it's whether you can prove it.
What's included:
Full regulatory mapping: SYSC 4.1.1R/6.1.1R/6.1.2G/6.1.3R/6.1.4R/6.2/6.3/8/9/15A/18/24/26/27, PRIN 1/2/3/6/11, Consumer Duty PRIN 2A, COBS 2/4/6/9/10, DISP 1/1.10A/1.11, SUP 15.3, and the SM&CR accountability framework
Annual compliance monitoring plan: risk identification, control effectiveness evaluation, consumer outcomes risk, and regulatory change impact — with risk prioritisation matrix and monitoring frequencies from monthly through annual
Consumer Duty monitoring framework: all four PRIN 2A outcomes — products and services, price and value, consumer understanding, and consumer support
Internal audit programme: independence requirements, risk-based annual planning, three-year cyclical coverage, and four standardised execution phases (planning, fieldwork, reporting, and follow-up)
Four-level escalation protocol: Compliance Officer within 4 hours through Board within 24 hours — with FCA notification procedures under SUP 15.3.17R
Operational resilience monitoring: essential business services register, impact tolerance testing, scenario testing matrix, third-party resilience oversight, and RTO/RPO tracking
Ready-to-use appendices: compliance risk assessment template, breach materiality checklist, Consumer Duty monitoring template with RAG ratings across all four outcomes, internal audit planning checklist, and compliance monitoring assessment form with full sign-off procedures
+ much more
Who is this for?
Compliance Officers, SMF16/17 holders, Heads of Internal Audit, and Risk Functions at FCA-regulated firms who need a complete, board-approved compliance monitoring and internal audit framework that demonstrates adequate systems and controls under SYSC 6.1.
How it works
Step 1 — Read it. Every section exists for a reason, grounded in a specific regulatory obligation.
Step 2 — Understand it. Map the content against your current practices. Identify where you're strong and where gaps exist.
Step 3 — Make it yours. Tailor the language to reflect how your organisation actually operates. A policy that sounds like your firm is a policy your people will follow.
Step 4 — Take ownership. Assign clear accountability — Board approval, named SMF holder, designated policy owner. A policy without an owner is a liability, not an asset.
Step 5 — Operationalise it. Embed the policy into your governance calendar, training programme, and annual review cycle. This is where compliance becomes culture.
Or, get this free with RegTechPRO
Access this alongside the full compliance policy library — SM&CR, COBS, AML, Consumer Duty, GDPR, and more — for a fraction of the cost of consultancy.
View RegTechPRO pricing and packages →
Image 1 of 8
Image 2 of 8
Image 3 of 8
Image 4 of 8
Image 5 of 8
Image 6 of 8
Image 7 of 8
Image 8 of 8
