frequently Asked Questions.

Find answers to the questions we’re asked most often, from our compliance and training services to how we can support your business.

What is FCA authorisation and why do I need it?

FCA authorisation is the regulatory approval required to carry out regulated financial activities in the UK. Without it, firms cannot legally operate in the UK financial services market. Whether you are launching a fintech, hedge fund, or investment management firm, FCA authorisation is the essential first step to building a credible, compliant business.

The FCA has a statutory period of six months to assess a complete application, or twelve months for an incomplete one. In practice, the timeline depends on the complexity of your business model and the quality of your submission. A well-prepared, regulator-ready application significantly reduces the risk of delays and increases the likelihood of first-time approval.

The most common reasons include weak governance frameworks, inadequate systems and controls, poorly evidenced business models, and failure to anticipate the FCA's supervisory concerns. Addressing these issues before submission is critical to a successful outcome.

The FCA assesses whether a firm has adequate capital, robust governance, fit and proper senior managers, appropriate systems and controls, and a credible business model. Understanding how the FCA interprets risk and credibility is key to configuring a strong application.

With over 1,500 successful FCA applications, Cosegic provides end-to-end authorisation support — from aligning your governance and systems to stress-testing your application before submission. Our deep regulatory expertise ensures your application is regulator-ready, commercially grounded, and positioned for first-time approval.

What is a change in control in a regulated firm?

A change in control (CIC) occurs when an individual or entity acquires or increases a significant shareholding in an FCA-regulated firm, typically at thresholds of 10%, 20%, 30%, or 50%. Under Part 12 of the Financial Services and Markets Act, the FCA must be notified and approve the change before it takes effect.

FCA approval is required whenever a person acquires or increases control over an FCA-regulated firm beyond the specified ownership thresholds. This includes acquisitions, restructuring of ownership, and bringing in new investors. Failing to notify the FCA in advance can result in serious regulatory consequences.

The FCA has a statutory assessment period of 60 working days to assess a change in control notification. The quality and completeness of your submission directly influences the timeline, making it essential to submit a thorough, well-prepared application from the outset.

The FCA requires detailed information about the proposed controller, including ownership structures, funding sources, financial soundness, and post-transaction plans. Supporting documentation must clearly demonstrate the stability, credibility, and long-term regulatory confidence of the incoming controller.

Cosegic manages the entire change in control process, from assessing threshold triggers and drafting controller forms to preparing supporting documentation that clearly sets out ownership structures and post-transaction plans. Our regulatory expertise ensures your application is compelling, accurate and positioned for approval.

What is a Variation of Permission (VoP) and when is it needed?

A Variation of Permission (VoP) is the process by which an FCA-regulated firm applies to change the scope of its regulatory permissions. This may involve adding new regulated activities, removing existing ones, or amending limitations and requirements. A VoP is required whenever a firm wants to expand, restructure, or adapt its regulated business activities.

A VoP is required when a firm wants to launch additional financial services, enter new markets, restructure its operations, or add new products that fall outside its current regulatory permissions. Any material change to the scope of your regulated activities is likely to require FCA approval before it can take effect.

The FCA typically aims to assess straightforward VoP applications within six months. However, more complex applications involving significant changes to a firm's business model or risk profile may take longer. A well-prepared application that clearly articulates the proposed changes and their alignment with FCA expectations can significantly reduce the timeline.

The FCA assesses whether the proposed changes are consistent with the firm's existing governance, systems and controls, and risk management framework. Firms must demonstrate that they have the resources, expertise, and operational infrastructure to support the expanded or amended permissions being sought.

Cosegic guides firms through every stage of the VoP process, from identifying the permissions required and drafting the application to responding to FCA queries. Our regulatory expertise ensures your application accurately reflects your business model, aligns with FCA expectations, and supports your next phase of growth.

What is FCA cryptoasset registration and who needs it?

FCA cryptoasset registration is required for any firm carrying out cryptoasset activities in the UK, including crypto exchanges, custodian wallet providers, and peer-to-peer providers. Under the Money Laundering Regulations, all cryptoasset businesses must be registered with the FCA before they can legally operate in the UK market.

The FCA assesses a firm's anti-financial crime controls, governance framework, operational resilience, risk management, and wind-down planning. Firms must demonstrate not only that they can meet regulatory requirements at the point of registration, but that they have the infrastructure to maintain compliance on an ongoing basis.

FCA cryptoasset registration is one of the regulator's most intensive processes, with a high rejection rate. The FCA scrutinises every aspect of a firm's business model, financial crime controls, and operational resilience. The quality of your application directly influences whether it is approved, delayed, or rejected.

Common reasons include inadequate anti-financial crime controls, weak governance frameworks, insufficient operational resilience planning, poorly evidenced risk management, and incomplete wind-down plans. Addressing these issues before submission is critical to a successful outcome.

Cosegic supports cryptoasset firms through every stage of the FCA registration process, from preparing regulator-ready applications to providing pre and post-registration assurance. Our experts translate your business model into a regulatory framework that satisfies the FCA, evidencing your financial crime controls, operational resilience, and risk management in a way that is both commercially grounded and capable of withstanding regulatory scrutiny.

What is SEC registration and who needs it?

SEC registration is required for investment advisers managing assets above certain thresholds who wish to operate in the US market. Firms may register either as Exempt Reporting Advisers (ERAs) or Registered Investment Advisers (RIAs), depending on their business model, assets under management, and investor base.

An Exempt Reporting Adviser (ERA) is a firm that qualifies for an exemption from full SEC registration but must still file reports with the SEC. A Registered Investment Adviser (RIA) is fully registered with the SEC and subject to a broader range of regulatory obligations, including the requirement to prepare and maintain a detailed narrative brochure known as Form ADV Part 2.

Unlike the FCA, the SEC takes a fact-based approach to registration and does not offer rounds of follow-up questions. This means the accuracy, completeness, and presentation of your initial submission is critical. Errors or omissions in your Form ADV can delay registration and raise regulatory concerns that are difficult to address after the fact.

Once registered, firms must maintain compliance manuals, implement monitoring programmes, file annual Form ADV updates, and demonstrate how they continue to meet regulatory expectations on an ongoing basis. The SEC expects registered firms to have robust compliance infrastructure in place from day one.

Cosegic project manages the entire SEC registration process from start to finish, from determining whether ERA or RIA registration is required to drafting Form ADV submissions and liaising directly with the SEC. Our team of specialists averages 15 years of experience across regulators, consultancies, and in-house compliance roles, giving you the expertise and confidence to enter the US market efficiently and compliantly.

What is a compliance health check and why does my firm need one?

A compliance health check is an independent review of a firm's regulatory framework, designed to identify gaps, weaknesses, and areas of emerging risk before they attract regulatory scrutiny. For regulated firms operating in complex regulatory environments, a health check provides senior leadership with the insight to act early, allocate resources effectively, and strengthen compliance foundations.

A compliance assurance review takes a holistic view of a firm's compliance landscape, assessing governance frameworks, systems and controls, policies and procedures, and risk management practices. Reviews can range from high-level assessments to comprehensive, in-depth examinations and mock regulatory reviews, tailored to the firm's business model and risk appetite.

There is no fixed regulatory requirement, but best practice suggests regulated firms should undertake a compliance health check at least annually, or following significant business changes such as launching new products, entering new markets, or after regulatory rule changes. Regular reviews help firms stay ahead of evolving FCA expectations and reduce the risk of regulatory intervention.

A compliance health check is a broad assessment of a firm's overall regulatory position, while a mock regulatory examination simulates the FCA's own supervisory review process. Mock examinations are particularly useful for firms preparing for an FCA visit or seeking to stress-test their compliance frameworks against real-world regulatory scrutiny.

Cosegic's compliance health checks go beyond gap identification to provide a clear remediation roadmap, highlighting the issues that matter most to regulators, investors, and boards. By focusing on the detail that regulators look for, our reviews help firms mitigate risk, enhance governance, and uncover opportunities to drive efficiency and unlock long-term commercial value.

What is a managed compliance service?

A managed compliance service is an outsourced solution that allows FCA-regulated firms to delegate all or part of their compliance operations to a specialist provider. Rather than building and maintaining an in-house compliance team, firms benefit from access to a full range of compliance expertise, technology, and oversight through a single integrated provider.

Finding, training, and retaining skilled compliance professionals is expensive, time-consuming, and increasingly difficult — particularly during periods of regulatory change or peak activity. Outsourcing compliance to a specialist provider gives firms access to deep regulatory expertise, flexible capacity, and consistent oversight without the cost and complexity of permanent headcount growth.

A managed compliance service can cover a wide range of compliance activities, including regulatory monitoring, reporting, policy maintenance, risk assessments, training, and FCA liaison. Firms can choose to outsource their entire compliance function or specific elements, depending on their size, complexity, and internal resource.

Technology plays a central role in delivering an efficient, scalable managed compliance service. Cosegic's proprietary platform MyCosegic supports regulated firms by streamlining compliance workflows, centralising documentation, and providing real-time oversight of compliance activity across the organisation.

Regulatory expectations are evolving continuously across all sectors. A managed compliance service ensures firms benefit from proactive monitoring of regulatory developments, timely updates to policies and procedures, and expert guidance on how changes apply to their specific business model — without adding internal burden or distraction from core business activities.

What is on-demand compliance advisory support?

On-demand compliance advisory support gives regulated firms access to senior compliance expertise on an as-needed basis, without the commitment of a full-time hire. It is designed for firms that need specialist guidance on complex regulatory questions, urgent compliance issues, or ad hoc policy and risk matters as they arise.

On-demand support is particularly valuable when regulatory deadlines loom, when a complex question requires specialist expertise, or when internal compliance resource is stretched. It is also useful for firms navigating regulatory change, responding to FCA queries, or tackling specific risk issues that require urgent attention.

On-demand advisory support can help with a wide range of compliance challenges, including interpreting regulatory requirements, drafting or redrafting policies, responding to FCA correspondence, assessing the compliance implications of new products or business changes, and providing guidance on risk management matters.

Cosegic's ongoing support service is designed to be responsive and commercially grounded. Our senior consultants understand the urgency that regulatory challenges often demand and are equipped to provide clear, actionable guidance tailored to your business model and risk profile.

Cosegic's ongoing support is delivered by highly experienced consultants who speak the regulator's language and bring breadth of expertise across multiple compliance disciplines. Rather than generic advice, our guidance is always tailored to your specific business model, regulatory obligations, and risk exposure, ensuring you stay compliant and in control.

Why are robust compliance policies and procedures important for regulated firms?

Robust compliance policies and procedures are the foundation of an effective compliance framework. They demonstrate to regulators, investors, and boards that a firm has embedded accountability, ethical decision-making, and regulatory compliance into its day-to-day operations. For FCA-regulated firms, well-documented policies are a core expectation and a key area of supervisory focus.

A comprehensive compliance policy framework should cover all relevant regulatory requirements applicable to the firm's business model, including FCA rules, financial crime obligations, consumer protection standards, and operational risk management. It should also incorporate best practice adopted by peers, particularly in areas where regulatory rules are less prescriptive.

Compliance policies and procedures should be reviewed at least annually, and whenever there are material changes to the regulatory environment, the firm's business model, or its product and service offering. As FCA expectations evolve and new thematic reviews emerge, keeping documentation current is essential to maintaining regulatory compliance and avoiding supervisory scrutiny.

A compliance policy gap analysis is a structured review that identifies misalignments, inconsistencies, and inefficiencies in a firm's existing policies and procedures. It highlights areas where documentation does not accurately reflect regulatory requirements or operational reality, enabling firms to prioritise remediation efforts and strengthen their compliance framework.

Cosegic transforms compliance policies and procedures from static documents into dynamic frameworks that reflect your specific business model and keep pace with regulatory change. Our experts map documentation to regulatory requirements, incorporate peer best practice, and present frameworks in a format that is clear and accessible to senior management, staff, investors, and regulators.

What is Consumer Duty and who does it apply to?

Consumer Duty is an FCA regulatory framework that requires firms to deliver good outcomes for retail customers across four key areas: products and services, price and value, consumer understanding, and consumer support. It applies to all FCA-regulated firms involved in the manufacture or distribution of products and services to retail customers, including investment managers and fintech firms.

Under Consumer Duty, firms must demonstrate that their products and services deliver fair value, that customer communications are clear and not misleading, that customers receive the support they need, and that vulnerable customers are treated appropriately. Firms must also produce and maintain a board-approved annual Consumer Duty assessment.

The FCA assesses Consumer Duty compliance through supervisory reviews, thematic work, and firm-specific enquiries. Firms are expected to evidence that they have embedded Consumer Duty into their governance, product design, customer communications, and monitoring frameworks. Poor outcomes for customers are likely to attract regulatory intervention.

Common gaps include inadequate assessments of product value, insufficient focus on vulnerable customer needs, customer communications that fail the clarity test, and governance frameworks that do not embed Consumer Duty outcomes into board-level oversight. Identifying and addressing these gaps proactively is essential to avoiding regulatory scrutiny.

Cosegic provides end-to-end Consumer Duty support, from diagnostic assessments and gap analysis to drafting board-ready reports, conducting fairness reviews of customer communications, and evaluating how product design affects different customer segments. Our advice is precise, commercially focused, and grounded in deep regulatory expertise.

What is SM&CR and who does it apply to?

The Senior Managers and Certification Regime (SM&CR) is an FCA regulatory framework designed to strengthen individual accountability across financial services. It applies to all FCA-regulated firms and covers senior managers, certified staff, and conduct rules staff, making it easier for firms and regulators to hold individuals directly responsible for their actions.

Under SM&CR, firms must identify and map senior management responsibilities, ensure senior managers are fit and proper, certify relevant staff annually, and embed conduct rules across the organisation. Firms must also maintain accurate and up-to-date regulatory references and ensure all relevant staff have received appropriate Conduct Rules training.

Poor SM&CR compliance can result in FCA enforcement action against both the firm and individual senior managers. The regime is specifically designed to ensure that individuals can be held personally accountable for regulatory failures, making robust SM&CR implementation a critical priority for all regulated firms.

Effective SM&CR implementation goes beyond documentation to embed a genuine culture of accountability, transparency, and ethical decision-making across the organisation. This requires clear responsibility mapping, regular Conduct Rules training, robust certification processes, and board-level oversight of SM&CR obligations.

Cosegic provides practical, regulator-ready SM&CR support tailored to each firm's specific needs. Whether you require a full framework review, remediation support, or tailored Conduct Rules training, our experts ensure SM&CR is fully embedded within your business, strengthening governance and enabling you to demonstrate compliance with confidence.

What is a safeguarding audit and who needs one?

A safeguarding audit is a mandatory independent review required for all Electronic Money Institutions (EMIs) and Payment Institutions (PIs) that are required to arrange an annual audit under the Companies Act 2006. It assesses whether a firm's safeguarding arrangements meet FCA requirements for protecting client funds held in the course of payment services or e-money activities.

A safeguarding audit assesses the adequacy of a firm's safeguarding arrangements, including the segregation of client funds, the suitability of safeguarding accounts and custodians, the robustness of internal controls, and the accuracy of safeguarding calculations and records. It also evaluates the firm's operational resilience and its ability to meet FCA expectations on an ongoing basis.

Safeguarding is the cornerstone of customer protection for payment services and e-money firms. The FCA has consistently identified safeguarding as a priority supervisory area, with weaknesses in safeguarding arrangements frequently cited in enforcement actions and supervisory interventions. A robust safeguarding audit demonstrates that a firm can be trusted to protect client funds and maintain operational resilience.

Common findings include inadequate segregation of client funds, inaccurate safeguarding calculations, unsuitable safeguarding accounts or custodians, insufficient internal controls, and poor record-keeping. Identifying and addressing these issues proactively is critical to maintaining FCA compliance and avoiding regulatory intervention.

As one of the UK's most experienced digital finance compliance consultancies, Cosegic delivers independent safeguarding audits that are regulator-aligned and commercially focused. Our audit methodology has been refined through extensive experience and shared directly with the FCA, giving firms confidence that the scope covers the issues most critical to meeting their obligations.

What is operational resilience and why does it matter for regulated firms?

Operational resilience is the ability of a firm to prevent, adapt to, respond to, recover from, and learn from operational disruptions. For FCA-regulated firms, particularly those in digital finance, operational resilience is a regulatory requirement and a critical component of maintaining customer trust, protecting stakeholders, and demonstrating sound governance.

The FCA requires firms to identify their important business services, set impact tolerances for the maximum level of disruption they can tolerate, and test their ability to remain within those tolerances under severe but plausible scenarios. Firms must also have clear communication and resolution plans in place to minimise harm to customers in the event of a disruption.

Important business services are the services that a firm delivers to customers or the market whose disruption could cause intolerable harm. Identifying these services requires firms to map the people, processes, technology, facilities, and third-party dependencies that support them, assessing the potential impact of disruption at each point.

Third-party dependencies are a significant source of operational risk for many digital finance firms. Firms must identify and assess the resilience of critical third-party relationships, understand the potential impact of third-party failures on their important business services, and ensure that contractual arrangements support their operational resilience obligations.

Cosegic helps firms map critical dependencies and important business relationships, assess the impact of current protocols against product delivery obligations, and develop detailed operational plans for managing disruption. Our expertise in digital finance operational resilience ensures firms are organised, prepared for the unexpected, and able to deliver for their customers even in the most challenging circumstances.

What is IFPR and who does it apply to?

The Investment Firms Prudential Regime (IFPR) is a prudential regulatory framework introduced by the FCA that applies to MiFID investment firms authorised and regulated in the UK. It replaced the previous CRD IV-based regime and introduced a new approach to capital adequacy, liquidity, and risk management for investment firms, based on the potential harm firms can cause rather than the risks they face.

Under IFPR, investment firms must maintain adequate own funds and liquid assets, conduct an Internal Capital and Risk Assessment (ICARA) process, submit periodic regulatory reports, and ensure their governance and risk management frameworks reflect the new prudential standards. Firms must also assess their MiFIDPRU classification and ensure their capital and liquidity requirements are calculated accordingly.

Common IFPR compliance mistakes include inconsistencies in the ICARA process, weak wind-down plans, flawed group consolidation, and capital structures that are misaligned with risk appetite. These errors can lead to breaches of threshold requirements, raising compliance red flags and attracting FCA supervisory attention.

The FCA's expectations around IFPR compliance have increased significantly since the regime's introduction. Firms are now expected to go beyond initial implementation efforts and demonstrate a convincing, embedded understanding of IFPR requirements. The FCA is paying particular attention to the quality of ICARA processes, the robustness of wind-down plans, and the accuracy of regulatory reporting.

Cosegic works with investment firms to refine and strengthen their IFPR frameworks, reviewing MiFIDPRU classification, analysing own funds and liquid assets, and stress-testing ICARA and wind-down plans. Our end-to-end support ensures your firm has sufficient capital to meet IFPR requirements and pursue growth, while positioning your compliance framework to withstand regulatory scrutiny.

What is the ICARA process and why is it important?

The Internal Capital and Risk Assessment (ICARA) process is a core requirement under the FCA's Investment Firms Prudential Regime (IFPR). It requires investment firms to assess their capital and liquidity adequacy on an ongoing basis, identify the potential harms their business could cause, and ensure they hold sufficient financial resources to manage those risks and wind down in an orderly manner if required.

The FCA is clear that the ICARA must be treated as a live, ongoing process rather than a one-off compliance exercise. Firms are expected to integrate the ICARA into their day-to-day risk management and governance frameworks, ensuring it accurately reflects their current risk profile and is updated regularly to reflect changes in the business and regulatory environment.

Common weaknesses include treating the ICARA as a static document rather than a live process, inadequate stress testing, failure to integrate the ICARA into board-level governance, poorly evidenced assessments of potential harms, and wind-down plans that are not credible or sufficiently detailed to meet FCA expectations.

Sector benchmarking compares a firm's financial resources against peers based on business model, scale, and complexity. It helps firms avoid positions that are out of step with the market and therefore more likely to invite FCA scrutiny, ensuring their ICARA reflects both regulatory requirements and industry standards.

Cosegic designs ICARA processes that are practical, proportionate, and fully embedded into day-to-day risk management. Whether building your ICARA from scratch or refining an existing framework, we offer comprehensive ICARA reviews, practical recommendations, hands-on workshops, structured templates, and sector benchmarking to ensure your ICARA meets regulatory expectations and enhances strategic resilience.

What is regulatory financial forecasting and why does it matter?

Regulatory financial forecasting is the process of developing forward-looking financial projections that incorporate regulatory capital requirements, liquidity metrics, and stress-testing assumptions. For FCA-regulated firms, financial forecasting goes beyond projecting business performance to demonstrate prudential strength, supporting governance, reassuring regulators, and empowering board-level decision making.

Regulated firms typically need regulator-ready financial forecasts when applying for FCA authorisation, preparing for regulatory capital reviews, planning acquisitions or restructuring, adapting to new prudential regulations, or evaluating the long-term viability of their funding model. Robust financial forecasts are also a key component of a credible ICARA process.

A regulatory financial forecast should include projected financial performance under both baseline and adverse scenarios, regulatory capital requirements and headroom, liquidity metrics and stress-testing assumptions, and an assessment of the firm's ability to meet its threshold requirements on an ongoing basis. It should be presented in a format that is clear, credible, and accessible to regulators and board members.

Stress testing assesses a firm's financial resilience under severe but plausible adverse scenarios, identifying potential vulnerabilities in its capital and liquidity position before they crystallise. For FCA-regulated firms, robust stress testing is a key component of both the ICARA process and regulatory financial forecasting, demonstrating to regulators that the firm has considered a broad range of risks and has adequate financial resources to absorb them.

Cosegic blends financial acumen with regulatory precision to develop financial forecasts that meet prudential standards and drive long-term growth. Leveraging regulatory expertise and proven methodologies, we go beyond basic financial projections to incorporate regulatory capital requirements, liquidity metrics, and stress-testing assumptions, delivering a comprehensive outlook that prepares for regulatory scrutiny and positions your business for long-term stability.

What are regulatory capital and liquidity requirements for FCA-regulated firms?

Regulatory capital and liquidity requirements are the minimum financial resources that FCA-regulated firms must hold to ensure they can continue to operate and address the risks arising from their activities. Meeting these requirements is a fundamental condition of FCA authorisation, and failure to do so can result in serious consequences, including harm to stakeholders and potential loss of authorisation.

Regulatory capital requirements vary depending on a firm's regulatory classification and business activities. For investment firms subject to IFPR, capital requirements are based on a combination of fixed overheads, K-factor requirements reflecting the potential harms the firm could cause, and the results of the ICARA process. Firms must ensure their capital calculations are accurate, proportionate, and regularly reviewed.

Regulatory capital requirements relate to the minimum level of own funds a firm must hold to absorb losses and support an orderly wind-down. Liquidity requirements relate to the minimum level of liquid assets a firm must hold to meet its short-term financial obligations. Both are core components of the FCA's prudential framework and must be managed and monitored on an ongoing basis.

Breaching regulatory capital or liquidity requirements is a serious matter that must be reported to the FCA immediately. Consequences can include FCA supervisory intervention, restrictions on business activities, reputational damage, and in severe cases, loss of authorisation. Firms should monitor their capital and liquidity positions closely and take proactive steps to address any emerging shortfalls.

Cosegic's Financial Resilience team combines deep regulatory expertise with the skills of experienced chartered accountants, bringing together a unique skillset that enables us to translate the complex world of prudential regulation into clear, practical advice. We ensure you hold an efficient but sufficient amount of regulatory capital and liquidity, proportionate to the scale and risks of your business, and support you in meeting the FCA's broader prudential expectations.

What is a wind-down plan and why does the FCA require one?

A wind-down plan is a documented strategy that sets out how a regulated firm would cease its activities in an orderly and controlled manner, minimising disruption and harm to customers, counterparties, and the wider market. The FCA requires all regulated firms to maintain a credible and comprehensive wind-down plan as part of their prudential risk management framework.

A robust wind-down plan should identify the scenarios that could trigger a wind-down, assess the financial and non-financial resources needed to execute it, set out a detailed operational plan for managing the wind-down process, and demonstrate how the firm would protect customer assets and minimise harm to stakeholders. It should be regularly reviewed, stress-tested, and integrated into the firm's ICARA process.

The FCA assesses wind-down plans for credibility, clarity, and operational feasibility. A plan that is vague, untested, or disconnected from the firm's actual business model and financial resources is unlikely to meet FCA expectations. Firms should be able to demonstrate that their wind-down plan has been stress-tested against practical scenarios and is capable of being executed under real-world conditions.

Common weaknesses include insufficient financial resources to execute the wind-down, unrealistic assumptions about the time and cost of winding down, inadequate consideration of the impact on customers and counterparties, and failure to integrate the wind-down plan into the firm's broader governance and risk management framework.

Cosegic helps firms identify scenarios that could trigger a wind-down and supports the development of a detailed operational plan, including assessing the financial and non-financial resources needed to execute it effectively. Our wind-down strategies are built for reality — clear, credible, and fully integrated into your prudential risk management framework — ensuring regulatory compliance while strengthening resilience and protecting stakeholder interests.

What is Annex IV reporting and who needs to comply?

Annex IV reporting is a regulatory requirement for alternative investment fund managers (AIFMs) operating under the Alternative Investment Fund Managers Directive (AIFMD). It requires firms to submit detailed data on the funds they manage, including information on asset concentrations, leverage metrics, liquidity profiles, and investor exposures, to their national competent authority on a regular basis.

Annex IV filings require detailed data across a wide range of categories, including portfolio composition, asset concentrations, leverage metrics, liquidity profiles, investor exposures, and risk management information. The data must be accurate, consistent, and reconciled against other regulatory and financial reporting, making robust data management processes essential.

Inaccurate or late Annex IV submissions can raise regulatory red flags, trigger supervisory attention, and damage a firm's reputation with its regulator. For investment managers seeking to demonstrate strong governance and operational credibility to investors and regulators, consistent and accurate Annex IV reporting is an important signal of organisational quality.

Although the reporting portal may appear straightforward, Annex IV reporting requires deep understanding of both the regulatory expectations and the precise data inputs required. Behind the portal sits a complex matrix of calculations, data mapping requirements, and validation checks that can easily overwhelm internal teams without specialist knowledge and robust processes.

Cosegic embeds structure, quality control, and predictability into every phase of your Annex IV reporting process, ensuring submissions are consistent, accurate, and delivered on time. By transforming transparency reporting into a streamlined, risk-controlled process, we reduce the burden on your internal teams and help you send a clear signal to regulators and investors that your firm is well-managed and compliant.

What is RegData and which firms need to use it?

RegData is the FCA's online regulatory reporting portal, through which the majority of FCA-regulated firms submit their regulatory returns. It is used to submit a wide range of periodic reports covering capital adequacy, liquidity, financial crime controls, and other regulatory obligations, depending on the firm's regulatory classification and business activities.

Although RegData presents a user-friendly interface, it requires a deep understanding of both the FCA's regulatory expectations and the precise inputs required for each return. Behind the portal sits a complex matrix of regulatory calculations and data requirements that demand specialist knowledge to navigate accurately and consistently.

Errors or late submissions on RegData can raise regulatory red flags and trigger FCA supervisory attention. The FCA monitors regulatory returns closely, and inconsistencies or inaccuracies can prompt follow-up enquiries, supervisory visits, or more formal intervention. Maintaining accurate and timely RegData submissions is therefore a key component of a firm's ongoing regulatory compliance.

A robust RegData reporting framework starts with a thorough assessment of a firm's regulatory obligations and the management information needed to meet them. It should include clear processes for data collection, validation, and reconciliation, a defined sign-off and review process, and a documented audit trail that demonstrates compliance to regulators and senior management.

Cosegic begins by conducting a deep-dive assessment of your business model, evaluating how regulatory obligations apply to you and assessing whether your management information is fit for purpose. From there, we help you build a reporting framework that is compliant, robust, auditable, and repeatable, reducing the risk of error and giving you confidence at every sign-off.

What are FCA notifications and when are they required?

FCA notifications are formal communications that regulated firms are required to make to the FCA when certain trigger events occur. These include changes to a firm's structure, ownership, or senior management, breaches of regulatory requirements, material changes to business activities, and other significant events that the FCA needs to be aware of to carry out its supervisory functions.

FCA Connect is the online portal through which regulated firms submit most of their notifications and applications to the FCA. It is used for a wide range of submissions, including change in control notifications, variations of permission, approved persons applications, and ad hoc notifications of material changes or regulatory breaches.

Failing to notify the FCA of a trigger event in a timely manner is a serious regulatory breach that can result in enforcement action, financial penalties, and reputational damage. The FCA expects regulated firms to maintain robust processes for identifying and escalating notification obligations, ensuring they are met as soon as practicably possible.

An FCA notification should be clear, concise, accurate, and professionally drafted, providing the FCA with all the information it needs to understand the nature of the change or event being notified. Supporting documentation should be well-organised and presented in a way that demonstrates transparency, accountability, and a proactive approach to regulatory compliance.

Cosegic acts as a second line of defence, helping regulated firms maintain transparency with the FCA by identifying events that may require notification and drafting concise, professional, and timely submissions. Our team invests in understanding your business and processes, ensuring your notification obligations are met accurately and on time while allowing you to focus on your core activities.

Why is compliance training important for FCA-regulated firms?

Compliance training is a regulatory expectation for all FCA-regulated firms, ensuring that staff understand their regulatory obligations and are equipped to apply them in their day-to-day roles. Beyond meeting regulatory requirements, effective compliance training embeds a proactive compliance culture across the organisation, reducing the risk of regulatory breaches and strengthening governance.

FCA-regulated firms are required to provide training covering the specific regulatory obligations applicable to their business, including Conduct Rules training under SM&CR, anti-money laundering and financial crime awareness, and training relevant to the products and services the firm offers. Training must be appropriate to each individual's role and responsibilities, and firms must be able to evidence that it has been completed.

A comprehensive compliance training programme should cover the regulatory obligations most relevant to the firm's business model and risk profile, including financial crime prevention, FCA rules and conduct standards, GDPR and data protection, Consumer Duty, and any sector-specific requirements such as CASS rules or SEC reporting obligations. Training should be regularly updated to reflect regulatory change and emerging risks.

Online compliance training offers flexibility and scalability, allowing firms to deliver consistent training to large numbers of staff across multiple locations at their own pace. In-person training provides a more dynamic, interactive learning environment that can be particularly effective for complex topics or where firms want to embed cultural change. Many firms benefit from a blended approach that combines both formats.

Cosegic's expert-led compliance training programmes are designed to go beyond regulatory tick-boxing, embedding a proactive compliance mindset across your organisation. From financial crime prevention and FCA conduct standards to GDPR and Consumer Duty, our interactive training modules tackle real-world scenarios and equip your teams with the knowledge and confidence to navigate complex regulations effectively in their day-to-day roles.

Book a Personalised Demo

Tell us a little about your firm and what you're looking to achieve. We'll arrange a personalised demo with the right product specialist and show you how our solution can meet your needs.

Fill in your details below to download your free checklist

Enter your details below to access the checklist.

Fill in your details below to download your free checklist

Enter your details below to access the checklist.