The identification, implementation, and management of regulatory risk

In the regulated marketplace, the Financial Conduct Authority (FCA) places significant emphasis on the importance of running a business model which is compliant with the individual sector regulations of each firm, and which can identify, manage, and mitigate risk to the firm and its customers.




This could be regarded as three cornerstones of risk, being Governance, Culture, and Control. The following image illustrates the overlapping and inseparable nature of the relationship between the three elements.

Venn diagram displaying Governance, Culture, and Control

It is important for firms to be able to identify them. Let us examine each of them in turn.  




Governance relates to how the firm is run. The responsibility for the firms’ governance arrangements sits with the board of directors.




The board sets out the firm’s strategy, its financial planning and its approach to sustainability, through a range of controls and management information designed to inform them of the firm’s ongoing progress against these goals.




The board should clearly set out the company’s values and other service-related and behavioural standards which relate to the way in which they expect their employees to conduct their daily activities. These guidelines are designed to manage how the firm is perceived, and to meet their regulatory obligations.


Implementation and Management


These cornerstones of risk are shown as interlocking circles, as they are inseparable. If any one of the three is not being properly managed, then the other two cannot be recognised as being properly controlled. 


  • Failure to implement appropriate governance arrangements will mean that insufficient controls and management information are made available to monitor the firms’ progress. This could also lead to staff not being made aware, or encouraged to meet, the firm’s service proposition and its cultural objectives (how they are perceived outside the firm).
  • Failure to set out a clear vision of the organisation’s target market and its cultural objectives, along with failure to encourage staff to constantly review and improve processes, is a clear indication of inadequate governance arrangements.
  • Insufficient management information will prevent the company from being properly managed and developed. If these controls are absent, governance obligations are not being met.

The best performing and most profitable firms set out a clear structure to encompass these three cornerstones of risk. This can be achieved with an effective organisational structure which outlines clearly defined roles and responsibilities, the regular review of key management information to monitor progress, and the ongoing care and control of treating customers fairly.


How we can help


We encourage all our broker partners to embrace these key indicators. If you need support with the management of your own cornerstones of risk, we can help you to establish and develop them to best effect.


For further information, contact Iain Stephen, Non-Executive Director at BLW, by clicking here.