Firm Compliance | Enhance compliance management today — RegTechPRO

The Problem

A 30-tab spreadsheet isn’t a regulatory record.

Your permissions live in a PDF. Due diligence lives in folders. AR oversight is a workbook nobody trusts. Post-PS22/11, the FCA expects demonstrated, evidenced, structured oversight. A spreadsheet stack isn’t defensible any more.

Permissions Scattered Everywhere

FCA RAO Article numbers on PDFs. Permitted activities buried in Mintel emails. Close links spread across company-secretary folders. When a new AR joins, reconstructing the full permission set is a half-day archaeology job.

Permissions_MASTER_v9.xlsx

FCA_Register_Extract.pdf

AR_Close_Links_Q4.docx

30 ARs. 30 Spreadsheets.

One workbook per AR for due diligence. Another for approved persons. Another for monthly KPIs. A fourth for audits. Every new AR multiplies the spreadsheet pack. SUP 12 oversight becomes version-control hell.

AR_DD_Tracker_v14.xlsx

APER_Register_MASTER.xlsx

KPI_Matrix_Q1_FINAL_v3.xlsx

VoPs Tracked on a Wall Planner

AR agreements expire. Permissions lapse. Variations of Permission need filing. And somehow the calendar reminder always fires two weeks after the 90-day runway started. A principal's worst call is telling an AR they're unauthorised tomorrow.

7 days

Until AR agreement expires. No alert fired.

FCA Filings in Firefight Mode

FCA notifications, FS Register updates, AR appointment submissions, annual fees: all owned by nobody, all remembered late. When a supervisor asks for the evidence pack, it's an email-chain reconstruction, not a record.

FCA Notification, AR #14 Overdue

FS Register Update Pending

Annual Fee Block Not filed

If your firm's regulatory record currently lives in spreadsheets, email trails, and FCA Register PDFs, Firm Compliance is built for you.

Built around your firm type

Every firm. Plus the principal layer on top.

Directly Authorised firms and principal firms answer to different supervisory questions. The record underneath is the same — FCA identity, permissions, DD — with the SUP 12 oversight layer activated only when there are ARs to oversee.

If you’re a Directly Authorised firm

Your FCA identity, structured. RAO Articles inline.

FRN, company number, status, primary contacts, registered address. Permitted activities chosen from the full FCA RAO checklist with the Article number on every row — Art. 14, Art. 21, Art. 25, Art. 37, Art. 53, Art. 60B, PSRs 2017. The 10-document DD checklist (7 mandatory) tracks completion against the canonical standard. The FCA identity record an SMF can sign in confidence.

13 FCA business categories — Investment, Consumer Credit, Insurance Distribution, Mortgages and 9 more
10-document DD checklist with Received / Requested / Not Required status — auto-flowing to the Document Library
The Users tab provisions access across every other module — one save, full platform tenancy

If you’re a principal firm

SUP 12 on a scorecard. The post-PS22/11 oversight surface.

Every AR record opens into a 9-tab oversight surface: Dashboard, Profile, Commercial, Key Contacts, Approved Persons, KPIs, SUP 12, Audit Actions, Audit Issues and Social. The 17-item SUP 12 framework (Pre-Appointment DD + 8 Ongoing Monitoring at SUP 12.6.x + 8 Record Keeping at SUP 12.9.x) auto-completes from your live data. One-click FCA-ready oversight PDF per AR, with the Health Score in 48-point type on the cover.

17 regulation-anchored items — each carries its specific SUP 12 sub-regulation reference
12-month rolling KPI matrix per AR (10 fixed canonical metrics) — portfolio-level MI rolls up cleanly
90-day Agreement Expiring countdown — the renegotiation runway you need, surfaced automatically

The architectural moat

Workflow isolation. Architectural, not configured.

Every firm record creates a tenant. Every user is linked to their authorised workflows here, in this module’s Users tab — and their access across every other module flows from that single link. Firm Compliance is the platform’s sole writer to the master Access Rights register. Add a user here, they can use the platform. Remove them here, they can’t. There is no separate permissions panel to misconfigure.

Four access patterns · one mechanism

One firm record. One workflow. Whoever you link sees only what you link them to.

A user’s authorised workflow list is the tenant scope for every record, task, document and submission they ever touch — in the MI Dashboard, the CMP, the Risk Register, the Document Library and every other module. Workflows a user isn’t linked to are structurally invisible, not just hidden behind a setting.

Pattern 1

Directly Authorised firm

Every user is linked to the firm’s own workflow only. The MI Dashboard, the CMP, the Risk Register — no dropdown anywhere. Just the firm’s data.

Clean isolation by default

Pattern 2

Appointed Representative

Linked only to their own AR workflow. Not the principal’s data, not other ARs’. Other workflows aren’t hidden — they don’t exist for that user.

Structurally invisible to peers

Pattern 3

Principal firm

Linked to their own firm and every AR they manage. The workflow dropdown lights up: own firm, each AR individually, plus All Workflows for the consolidated view.

Network oversight, one dropdown

Pattern 4

Compliance consultant

Linked to every client workflow they manage — and only those. A consultant managing 40 clients sees 40 entries in the dropdown. No one else’s data, ever.

40 clients from one login

What flows from one save

One Users-tab save here writes to the master Access Rights register and propagates the user’s scope across the MI Dashboard, the Compliance Monitoring Plan, Risk Management, Policy Studio, Horizon Scanning, the Document Library and every other module. No settings page. No permissions panel. No drift between systems.

The Firm / AR Oversight Report

The FCA asks how you supervise. You hand them this.

SUP 12 written to the principal. Built from 17 oversight items, 10 due-diligence documents, KPI trend, and the 90-day expiring window. Signed by the Head of Oversight, the CCO (SMF16), and the CEO.

Thirteen sections. Every one anchored to SUP 12.

The Firm / AR Oversight Report is the annual supervisory statement every principal owes the FCA. Firm Compliance rebuilds it from live data: agreement status, 17 ongoing-oversight items, the 10-document DD pack, KPI trend, and the 90-day expiring queue. Nothing to retype. Nothing to invent.

Oversight items

DD documents

Live tabs

90d

Expiring horizon

Portfolio Summary & Agreement Register

SUP 12.5.3R

Contract Boundaries & Permissions

SUP 12.5.5R

Initial Due Diligence Pack

SUP 12.4.2R

Ongoing Monitoring, 8 items

SUP 12.6.6R

Regulatory Knowledge Review, 8 items

SUP 12.6.8G

Fit & Proper Attestations (Senior Persons)

FIT 1.3

Financial Promotions Sign-off Record

COBS 4.10

Complaints Against the AR

DISP 1.3

Consumer Duty Outcomes at AR Level

PRIN 2A.8

Financial Crime & AML Reliance

MLR 2017 r.28

Annual Self-Certification Pack

SUP 12.9.1R

KPI Matrix: 10 metrics, 12-month trend

SUP 12.6.7G

Expiring < 90 Days & Termination Register

SUP 12.7.8R

Five items flagged for principal attention

Every breach, every remediation, logged against the AR.

The AR issue register travels with the agreement. Anything the principal raised, anything the AR missed, anything Anna detected from live data: captured, owned and closed, with the oversight item it belongs to stamped on the record.

Raised by	Issue	Date	Status
Tomas Lindqvist Head of AR Oversight (Principal)	Hadley Wealth (AR): PI insurance expired without notice. Cover reinstated within 48 hours; formal breach logged to oversight item OM-04 and self-cert pack updated.	Jan 28, 2026	Resolved
Nadia Al-Farsi Compliance Manager	Sullivan Mortgage Network: three financial promotions posted to LinkedIn without principal sign-off. Retrospective review under COBS 4.10; AR training refresh scheduled Feb 15.	Feb 09, 2026	Resolved
Eseosa Imoukhuede AR Oversight Analyst	Meridian Advisory: complaint volume up 340% QoQ against DISP benchmark. Root-cause review open; principal site visit booked Mar 11 under SUP 12.6.6R.	Feb 22, 2026	Attention
Giulia Rossini MLRO (SMF17)	Whitestone Capital: AR's AML reliance statement under MLR 2017 r.28 missing two CDD renewals. Gap remediated; reliance agreement re-attested Mar 05.	Mar 02, 2026	Resolved
Anna (Principal Oversight AI) Automated detection	Northgate Partners: agreement termination window triggered at T-89 days. Wind-down plan drafted, client transfer notices issued, FCA notification of change pending under SUP 12.7.8R.	Mar 14, 2026	Open

Three signatures. Locked and ready for the supervisor.

The report is reviewed by the Head of AR Oversight, approved by the CCO as SMF16, and countersigned by the CEO. Once signed, the PDF is stamped, hashed, and lodged in Document Library. Evidence you did the supervision the FCA expects of a principal.

Reviewed (2LoD)

Tomas Lindqvist

Head of AR Oversight

Apr 03, 2026

Approved (SMF16)

Giulia Rossini

Chief Compliance Officer

Apr 06, 2026

Countersigned (SMF1)

Alistair Brennan

Chief Executive Officer

Apr 08, 2026

Report locked · Apr 08, 2026 · 16:47 BST Branded PDF delivered to Document Library · SHA-256 hash recorded · supervisor-ready in a single click.

What's Included

Everything SUP 12 demands, in one record.

Firm registry. Permissions matrix. AR Dashboard with 9 oversight sub-tabs. 10-document DD checklist. Approved Persons. 12-month KPI matrix. 17-item SUP 12 framework. Audit register. Agreement-expiry alerts. FCA-ready PDF export.

Flagship

SUP 12 Oversight Framework. 17 items. All mapped.

Every principal obligation under SUP 12: Pre-Appointment DD, 8 Ongoing Monitoring items (12.6.1 to 12.6.8), 8 Record Keeping items (12.5 / 12.7 / 12.9). A live, tickable checklist with handbook citations on every line.

SUP 12 checklist 14 / 17

✓ 12.6.1 Monitoring visit

✓ 12.6.2 Fin proms review

✓ 12.6.3 Customer outcome testing

✓ 12.6.4 Complaints monitoring

✓ 12.5.1 AR agreement signed

✓ 12.7.1 FCA notification done

✓ 12.9.1 Complaints records

✓ 12.9.4 Audit trail documented

+ 9 more · Pre-App DD auto-scored · Custom categories

“14 of 17 SUP 12 items complete across your AR network. Three outstanding: fin proms review (AR #7), annual review (AR #12), data security review (AR #19).”

82% complete

Firm & AR Registry

One register. Firms, ARs, User Groups.

Three distinct record types with three editor shapes. Five KPI tiles at the top of the register – Total Records, Authorised Firms, Appointed Reps, Active, DD Complete.

Portfolio register 42 records

Total

Firms

ARs

Groups

Acme Wealth LtdActive

Beaumont Financial (AR)Prospect

Cromwell Advisers (AR)Active

UK market context: ~2,500 FCA principal firms · ~35,000 ARs. PS22/11 (Dec 2022) formalised the annual oversight self-assessment. This is the programme that evidences it.

✓ Three record types, three editor shapes: Firm, AR, User Group

✓ Cross-tab scoring: DD tab drives SUP 12 score automatically

✓ Users tab doubles as permissions control for the whole platform

✓ Row-level CSV + PDF export on every oversight sub-tab

34 ARs live

Permissions Matrix

Permitted activities. Article tags inline.

Every RAO Article tagged on every row: Art. 25, Art. 37, Art. 53, Art. 60B, Art. 61. Ten category groups from Investment Business to Financial Promotions. No more cross-referencing the RAO.

RAO activities 10 groups

Advising on Investments · Art. 53 Managing Investments · Art. 37 Arranging Deals · Art. 25(2) Admin of Mortgages · Art. 61 Credit Broking · Art. 36A Insurance Mediation · Art. 25A + PSRs 2017 / EMRs 2011

Category groups

RAO

Art. numbers

Inline

Every row

AR Network Dashboard

9 oversight tabs per AR. One record.

Dashboard, Profile, Commercial, Key Contacts, Approved Persons, KPIs, SUP 12, Audit Actions, Audit Issues, Social. Module-within-a-module depth. Health Score and SUP 12 % roll up from the same data.

AR network health 5 ARs

AR	Health	SUP 12
Beaumont Financial	EXCELLENT	94%
Cromwell Advisers	GOOD	88%
Delaney & Co	GOOD	71%
Eastwood Mortgages	ATTENTION	48%
Fenton Protection	EXCELLENT	97%

Agreement Expiry Alerts

90-day runway. Never surprised.

Every AR banner shows days-to-expiry. Inside 90 days: Agreement Expiring Soon alert fires. Inside 0 days: Expired red badge. Re-papering lead time, automated.

Expiry countdown 1 expiring

AR #7: 87 days

EXPIRING

AR #14: 312 days

ACTIVE

90d

Amber trigger

Red trigger

Due Diligence Checklist

10 canonical SUP 12 documents.

FCA Register Extract, Certificate of Incorporation, Org Chart, Key Individuals, PI Insurance, Complaints Policy, AML/CTF Policy, Financials, AR Agreement. 7 mandatory, 3 optional. Completion % feeds the Pre-Appointment DD score automatically.

Pre-appointment DD 9 / 10

9/10

Received

90%

DD Score

Mandatory

FCA Register PI Insurance AML/CTF +7 more

Approved Persons

Per-AR APER register with IRN & CF codes.

Name, IRN, Function (CF-code), Since, To, Active/Ceased. The AR-level APER register pairs with the principal's SM&CR module for complete people oversight.

Controlled functions 2 active

J. Beaumont · CF1Active

S. Reid · CF30Active

P. Kumar · CF5Ceased

12-Month KPI Matrix

10 metrics. 12 months. Scroll the year.

New clients, cases, GI volume, protection, mortgage, pension, investment, complaints, client money, cash assets. Fixed metric schema across every AR. Clean portfolio-level MI roll-up, no per-AR column drift.

Portfolio MI 10 metrics

New clients Cases Volume GI Volume protection Volume mortgage Volume pension Volume investment Complaints Client money held Cash assets

Cases, last 12 months

Audit Actions & Issues

Every review. Every finding. Dated.

Frequency (monthly/quarterly/ad-hoc), date conducted, Red/Amber/Green counts per audit, overall RAG. Outstanding findings tracked to closure with owner & date. Audit register feeds the Health Score and the Audit Issues tile automatically.

Audit register 18 YTD

Audits YTD

Red Open

Amber Open

Owner & date tracked

Commercial & Fees

Establishment. Monthly. APER. Fin Proms.

Every fee type captured. Every % split of regulated vs non-regulated income. Every customer classification. CSV and PDF export on every single-AR commercial report.

Fee breakdown Per AR

£2.4k

Monthly Fee

£186k

LTV

72%

Regulated

Establishment APER Fin Proms Complaints

Fin Proms Surveillance

8 channels. Scope, not metadata.

Website, Facebook, Twitter/X, Instagram, YouTube, LinkedIn, Snapchat, TikTok. Captured as scope for SUP 12.6.2 financial-promotions review and SUP 12.9.2 log maintenance. No channel slips the net.

Channel scope 8 live

LinkedIn YouTube Instagram TikTok Website Facebook Twitter/X Snapchat

Channels

12.6.2

Fin Proms

12.9.2

Log

Two-Tier Permissions

Parent workflow. Child workflow. Clean split.

Parent-workflow users manage the record. Child-workflow users operate inside it. Firm Compliance is the sole writer to the master Access Rights sheet. The onboarding surface for the whole platform.

Access rights 38 / 43

Users Active

38 / 43

Parent

Manage

Child

Operate

Source of truth

Renewals & Fees Calendar

AR agreements, annual fees, VoPs. One timeline.

Agreement Expiring Soon alerts fire at 90 days. FCA annual fee blocks, permission variations, AR appointment anniversaries: every recurring principal obligation surfaces as a dated event, not a calendar reminder someone forgot to set.

Principal calendar 12-month view

AR #7: Agreement renewal87 days

FCA annual fee blockJul 2026

VoP: Eastwood MortgagesScheduled

AR #14: Appointment anniversary312 days

FCA Filings & Notifications

SUP 12.7 notifications, FS Register updates, VoP submissions.

Every notification a principal owes: AR appointment, scope change, cessation, FS Register confirmation. Captured as a dated record keeping item (SUP 12.7.1, 12.7.2). The evidence pack a supervisor asks for, already built.

Filing log 12 filed YTD

Filing	Ref	Status
AR appointment	SUP 12.7.1	Filed
Scope change	SUP 12.7.2	Filed
FS Register confirm	SUP 12.7	Due
Cessation notice	SUP 12.7.2	Draft

Flagship Export

One-click FCA-ready Firm / AR Oversight Report PDF.

Navy cover, RAG-coloured 48pt Health Score, full Firm Details, Due Diligence table, Executive Summary. A branded multi-page PDF for the supervisor. For a 10-AR principal: ten one-click PDFs at board prep, ready to hand over.

Firm / AR Oversight Report 10 ARs

One-click PDFs

48pt

Health Score

Board

Ready

Board-ready

See Firm Compliance in your firm

Core module · Included in every RegTechPRO subscription from £500/month · No add-on fee

FAQs

Firm Compliance. Questions Answered.

Everything you need to know about your firm’s FCA identity, the SUP 12 AR oversight scorecard and the workflow isolation that runs across every module.

Does Firm Compliance actually cover the whole SUP 12 framework?

Yes. The module ships with the 17-item SUP 12 Oversight Framework pre-built across three categories: Pre-Appointment Due Diligence (scored automatically from the DD tab), Ongoing Monitoring (8 items, SUP 12.6.1 to 12.6.8), and Record Keeping (8 items, SUP 12.5 / 12.7 / 12.9). Every item carries its sub-regulation reference tag inline, so principals can evidence each obligation to an FCA supervisor without cross-referencing the handbook.

What does the AR Dashboard actually contain?

Nine oversight tabs per AR: Dashboard (Health Score, SUP 12 Compliance %, Audit Issues, Agreement Status, 8-tile bento), Profile (FCA business categories, permitted activities with RAO Article tags), Commercial (fees, revenue, customer classification, income YTD), Key Contacts, Approved Persons (SM&CR register with IRN + CF code), KPIs (12-month rolling 10-metric matrix), SUP 12, Audit Actions, Audit Issues, Social (financial-promotions surveillance targets).

When does the Agreement Expiring Soon banner fire?

Exactly 90 days before the AR relationship end date. Inside 90 days the AR's banner shows an amber *"AGREEMENT EXPIRING SOON"* alert with a days-to-expiry countdown; at expiry it flips to a red EXPIRED badge. 90 days is the runway you need to refresh DD, reconfirm F&P, renegotiate commercial terms and file the SUP 12.7 notification, without scrambling.

Can I produce an FCA-ready single-AR oversight report?

Yes. One click per AR. The AR Dashboard produces a branded multi-page PDF with a navy cover page, the AR's Health Score as a 48pt RAG-coloured number, full Firm Details, Due Diligence table with RAG-coloured status cells, Executive Summary and supporting sections. For a principal running 10 ARs, ten one-click PDFs at board prep replace a week of consultant review work.

What record types does the module support?

Three distinct record types with different editor shapes: (1) Firm Record, FCA-authorised firm with direct permissions, 3 tabs (Firm Details, Due Diligence, Users); (2) Appointed Representative Record, AR operating under a principal's permissions, 4 tabs (adds the 9-sub-tab AR Dashboard); (3) User Group, lightweight workflow for managing access without firm data. Three types, three editors, not one record with conditional fields.

How does the permissions matrix work?

Every permitted activity is tagged with its FCA Regulated Activities Order Article number inline: Art. 25, Art. 37, Art. 53, Art. 60B, Art. 61 and the rest, across 10 category groups (Investment Business, Consumer Credit, Home Finance, Insurance Distribution, Payments & E-Money, Banking, Funeral Plans, Benchmarks, Claims Management, Financial Promotions). The picker also includes named-instrument tags for PSRs 2017 and EMRs 2011. No more cross-referencing the RAO manually.

What's in the Due Diligence checklist?

The 10-document canonical SUP 12 pre-appointment pack: FCA Register Extract*, Certificate of Incorporation*, Memorandum & Articles, Organisational Chart*, Key Individuals List*, PI Insurance Certificate*, Complaints Handling Policy*, AML/CTF Policy*, Latest Financial Statements, AR Agreement. Seven mandatory (starred), three optional. Completion % feeds the AR's Pre-Appointment DD score on the SUP 12 Dashboard automatically. No duplicate entry.

How does the 12-month KPI matrix work?

Ten fixed metrics per AR (new clients, cases, GI volume, protection, mortgage, pension, investment, complaints, client money held, cash assets), captured month-by-month with horizontal time-axis scroll. The metric list is fixed across every AR so portfolio-level MI rolls up cleanly. Export CSV or PDF for any single AR; the data feeds the AR Dashboard's Monthly Revenue tile and the audit trail.

How does it integrate with the rest of RegTechPRO?

Two deep cross-module flows: (1) DD documents uploaded against an AR record live in the shared Document Library form, surfacing natively under the "Due Diligence Documents" system category without any syncing logic; (2) Firm Compliance is the sole writer to the master Access Rights Google Sheet, so users added on the Users tab are automatically provisioned with workflow access across every other module (Hub, CMP, Risk, Consumer Duty, MI). The Users tab IS the platform onboarding surface.

How much does Firm Compliance cost?

Nothing on top of your subscription. Firm Compliance is a Foundation module, included with every RegTechPRO subscription. Principals typically replace a stack of spreadsheet trackers, consultant review packs and calendar reminders from day one.

How long does setup take?

Under a day for a small principal. The module ships pre-seeded with the 10-document DD checklist, the 17-item SUP 12 framework, the 10-row KPI matrix, the 10-category RAO permissions picker and the 8-channel financial-promotions social grid. You add your firms and ARs, upload DD documents, and start ticking SUP 12 items. No consultant needed to "design the framework": RegTechPRO has opinionated defaults that match the FCA handbook.

Can it run a multi-principal or consultant book?

Yes, it's one of the module's strongest use cases. The two-tier permissions model (Parent workflow users manage records; child workflow users operate inside them) means a compliance consultant can run 30+ principal firms from one login, each with its own register of firms and ARs, its own users, its own audit trail. The fixed KPI matrix and standardised SUP 12 framework make cross-client benchmarking trivial.

What does migration look like from a spreadsheet pack?

Faster than you'd expect. Most firms bring across 20 to 40 AR records in an afternoon: paste firm name, FRN, appointment dates and key contacts into each record, upload DD documents against each AR, and let the module score the DD tab. SUP 12 framework ticking catches up in the first week as the oversight team works through each item. You're typically fully live inside a fortnight for a 30-AR network.

What does Anna do inside Firm Compliance?

Three things. (1) She watches permission boundaries across your AR network, warning when an AR's activities drift outside its authorised RAO Articles. (2) She flags SUP 12.7 filings, FS Register updates, annual fees and AR agreement expiries before they slip. (3) She explains any SUP 12.5 / 12.6 / 12.7 / 12.9 rule, any RAO Article, or any SM&CR/APER requirement in plain English with the handbook citation. She never ticks SUP 12 checkboxes for you: the principal stays fully accountable.

What does Anna cite?

SUP 12 (5.x appointment conditions, 6.x ongoing monitoring, 7.x notifications, 9.x record-keeping), the Regulated Activities Order (RAO Article numbers on every permission), SM&CR and SUP 10A for APER holders, SYSC 4 where relevant, and PS22/11 (FCA AR Gateway regime). She also cites your own data: the specific AR record, DD document, audit finding, or agreement date that underpins her answer.

What's the audit trail like?

Every save is timestamped. Every DD document is uploaded against the AR with a parent-submission link to the Document Library. Every audit action and finding carries date-conducted, date-issued, RAG rating and comments. Approved Persons are tracked from Since date through To date with status transitions. When an FCA supervisor asks "show me your SUP 12.6.2 financial-promotions review for AR #7 in Q3", the answer is one dated audit action and the captured social-channel scope from the Social tab.

How is the Health Score calculated?

Composite across 10 data inputs: SUP 12 Ongoing Monitoring items checked, SUP 12 Record Keeping items checked, Due Diligence tab completion, custom oversight items, audit actions logged, Key Contacts filled, Approved Persons registered, Profile fields (manager, sector, agreement expiration), and Commercial fields (establishment fee, monthly fee, revenue). Badge thresholds: EXCELLENT ≥80% green, GOOD ≥60% amber, ATTENTION <60% red. No single failure dominates the score.

One record.Two regulatory jobs.