Technology, silos and denial: why record keeping is such a problem for regulated firms


Since its formation in 2013, the FCA has made it clear that it is looking at any regulated business as a whole – their business plans, structure, culture and processes – in order to determine whether they are a compliance-driven organisation. The focus is on the firm achieving appropriate customer and market outcomes and conduct. This in turn is heavily dependent on the firm achieving the correct culture that puts the importance of this at the heart of all business policy and process.

I believe that effective training and competence is the engine driving this culture and the achievements of the standards expected. It is a contract struck by the firm with the employee, but also with the regulator and the customer. It is an agreement of terms that are constantly renewed and defined. It involves standards, expectations and a plan of how these objectives will be achieved.

Three key requirements

There are three key areas of training and competence that all regulated firms need to consider. They are: assessing competence; maintaining competence; and record keeping.

Assessing competence involves an analysis of the skills, knowledge and expertise needed to undertake their responsibilities. This includes achieving a good standard of ‘ethical behaviour’.

For a financial services firm, maintaining competence means assessing the competence of employees on a regular basis, as well as the continual monitoring of training needs.

Many firms mistakenly believe that if they are capable in the first two of these requirements, the FCA will be lenient towards them if they are less efficient in the third. Yet the FCA clearly states that firms should keep records on anything that relates to the firm complying with the TC (training and competence) Sourcebook. Regulated firms need to keep appropriate records relating to staff recruitment, training, assessment of competence, supervision of staff and details of appropriate qualifications for any activity within the scope of training and competence.

The length of time for which records should be kept depends on which type of business the records relate to. For MiFID business, records must be kept for at least five years after an individual has stopped carrying on an activity within the scope of training and competence. For non-MiFID business it is three years after stopping the activity and for a pension transfer specialist the records must be kept indefinitely.

Accessibility of data
The FCA has therefore drawn up a very clear list of requirements in terms of record keeping for training and competence by regulated firms. It must be accessible to the individual in the control function, the person in their supervisory capacity and the firm itself. This is required in order for the individual to update their own CPD data and to manage and maintain their own competence. If the firm is relying on paper-based documents that are locked away in filing cabinets, then this will simply not be good enough to satisfy the FCA.

Many firms argue that they hold these records on multiple spreadsheets, but again, how many staff will take the time to pore over a multitude of files in order to find the one that they need? This really is a major problem for regulated firms and many are simply not compliant.

Technology, silos and denial
Part of the problem is that many firms (large firms in particular) have several software systems across the HR, T&C and Risk/Compliance departments that each contribute to a part of the training and competence function. As a result, all the records are not accessible in one place and there is often much duplication of data.

The existence of silos between these three functions is also a contributory factor: for example, we have spoken to some HR departments that say they have had no involvement whatsoever in record keeping.

many wholesale firms believe they are not even required to maintain this record keeping – yet it couldn’t be more explicit in the guidelines that wholesale firms are not exempt

For the retail sector the requirement to maintain CPD records and verification of completed CPD is often left to the individual employee to log and manage independently through the relevant Accredited Body. This in itself creates a separate silo in which CPD records, training needs and plans are not fully accessible to the organisation and to those required to have appropriate oversight over the individuals concerned.

In my experience, many wholesale firms believe they are not even required to maintain this record keeping – yet it couldn’t be more explicit in the guidelines that wholesale firms are not exempt.


The biggest culprits are often therefore the large firms in wholesale, but the problem still exists among retail firms, where they often recognise their need (as a result of the Retail Distribution Review) but have not yet got around to developing or buying an integrated T&C management system.

Within the insurance market, the regulation only applies to significant influence functions (SIF) or where market risk is being incurred through the funds under management.

For any regulated firm, effective Training and Competence begins with clear definitions of roles and responsibilities. It should then embrace personal, client-based and business objectives and limits. A definition of acceptable risks and conduct should then follow. All of this must be linked to the desirable achieved outcomes i.e. how does this translate into behaviours and customer or market outcomes. The latter must be benchmarked monitored and assessed – ideally all in the same place.

Training and development of staff to ensure that they can meet these definitions must be planned individually. Roles and responsibilities then need to be distributed, with completion monitored and logged. Records must be up to date, accessible and retained for the requisite number of years. If your T&C management system doesn’t do this, then you have cause for concern.

Investment in training to enable staff to deliver the highest standards (using technology to distribute that training, assess delivery and identify shortfalls as they happen – not in an audit six months later) will give progressive firms the edge in terms of better product, service and client reputation – and less risk of enforcement from the FCA!


About Author

Avatar photo

Neil Herbert is CEO at HRComply. The firm was founded in 2009, capitalising on many years spent assisting financial institutions in delivering T&C and conduct solutions under FCA supervision. As new regulatory regimes have been introduced, HRComply has worked with its clients to develop the software to its current four-solution structure. Our focus is delivering products, content processes and support that are individually tailored to our customers’ needs. All of our development work has been conducted in collaboration with our clients, designed to meet their business requirements and address their regulatory risks Neil can be contacted by calling 020 31767 859 or emailing

Leave A Reply