How to choose a skilled person: practical considerations under Section 166

How to choose a skilled person: practical considerations under Section 166

When the FCA requires a firm to commission a Section 166 skilled person review, the firm nominates the skilled person subject to the FCA’s approval. In practice, the firm has meaningful influence over who conducts the review — but exercising that influence well requires an understanding of how the skilled person selection process works, what the FCA is looking for in the nominee, and where firms commonly make mistakes that result in an avoidable regulatory friction or a review that does not serve the firm’s interests.

The skilled person is not an advocate for the firm. Their obligations run to the FCA and they must produce findings that are independent, objective and complete. A firm that selects a skilled person hoping to manage the outcome will be disappointed. But a firm that selects a skilled person thoughtfully — for genuine expertise in the area under review, for a proportionate and structured methodology, and for the ability to conduct a rigorous review without unnecessary scope expansion — is likely to receive a more focused and more useful result than one that accepts whoever is proposed by the FCA or selects based on name recognition alone.

Who can be a skilled person

The FCA maintains a list of approved skilled persons in the FCA Handbook under SUP 5. Skilled persons are typically drawn from the Big Four and other major accounting and professional services firms, specialist regulatory consulting practices, law firms with regulatory expertise, and in some technical areas, specialist consultancies. The specific category of skilled person required depends on the area of the review — an operational resilience review requires different expertise from a financial crime controls review, which requires different expertise again from a review of prudential capital adequacy.

The FCA’s skilled person list is not exhaustive. Firms can propose skilled persons who are not on the list, provided they can demonstrate the requisite expertise and independence. In practice, most skilled person reviews are conducted by firms already on the FCA list, because the FCA is familiar with their methodology and quality standards.

The FCA approval process

The firm nominates its proposed skilled person to the FCA supervisory team with a brief description of the proposed skilled person’s expertise and experience in the area under review. The FCA considers whether the proposed nominee has appropriate expertise, whether they have any conflict of interest that would compromise their independence, and whether the FCA has any existing concerns about the quality of that firm’s skilled person reviews from previous engagements.

Common grounds for FCA objection to a proposed skilled person are: an existing advisory relationship between the skilled person and the firm that compromises independence — for example, a consulting firm that has recently advised the firm on the very area it is now being asked to review independently; a proposal that lacks sufficient technical expertise in the specific area under review, suggesting the firm is proposing a generalist to review a technical specialist function; and in some cases, a history of findings from the proposed firm’s skilled person reviews that the FCA has found to be insufficiently rigorous. The FCA will not always give detailed reasons for objecting to a proposed skilled person, but these are the most common concerns.

Independence and the prior relationship problem

The most significant practical constraint on skilled person selection is the independence requirement. A skilled person must not have a relationship with the firm that would compromise their ability to report objectively. This means that a firm cannot use its existing external auditor, its existing regulatory advisor, or any other firm that has been closely involved in designing or reviewing the area that is now the subject of the Section 166 review.

The independence requirement creates a practical challenge for firms that have used a small number of professional services providers intensively. A firm that has relied on one consulting firm for its operational resilience programme design, its SMCR implementation, and its compliance framework review will find that firm unavailable for skilled person appointments in any of those areas. Maintaining relationships with multiple professional services providers — rather than concentrating advisory work in one relationship — is partly a resilience strategy against exactly this constraint.

The temporal scope of independence concerns also matters. A consulting firm that advised the firm on a specific area three years ago may be acceptable as a skilled person for a review of that area now, if the advice it gave was sufficiently removed in time and scope. A firm that advised in the past twelve months on the specific controls the reviewer is now assessing almost certainly cannot act as the skilled person.

Scope agreement: the most important negotiation

Before the skilled person begins their review, the scope of the review must be agreed between the firm, the skilled person and the FCA. The scope agreement defines what the skilled person will and will not review, the specific questions they have been asked to answer, the methodology they will use, and the timeline for the review. Getting the scope agreement right is the most important single exercise in the Section 166 process for the firm’s senior management team.

The FCA will have views on the scope, and in cases where the review was triggered by a specific concern, the scope will be anchored around that concern. But scope creep is a real risk — reviewers sometimes identify issues adjacent to the primary scope that appear significant enough to warrant examination, and the scope agreement is the document that determines whether those adjacent issues are within or outside the reviewer’s mandate. A tight, well-defined scope agreement that the firm has contributed to meaningfully is better than a broad or vaguely defined scope that gives the reviewer latitude to expand their enquiry in directions the firm was not expecting.

This is not about preventing the reviewer from finding problems — they will find what is there to find regardless of scope. It is about ensuring that the review is proportionate and focused on the areas of genuine regulatory concern, rather than becoming an open-ended examination of the firm’s operations. A well-scoped review is faster, less disruptive, and produces findings that are more actionable than a broad-scope review that generates a long list of observations across multiple areas.

Selecting for sector expertise

Within the range of approved skilled persons, there is significant variation in the depth of expertise in specific sectors and specific regulatory areas. A skilled person with extensive experience reviewing AML controls at payment institutions brings directly applicable expertise to an AML review at a payment institution. A skilled person who is primarily an accounting and audit firm generalist will require a longer orientation period and may produce findings that reflect a less nuanced understanding of the regulatory framework and market practice in that specific area.

The firm’s senior management should ensure that the proposed skilled person can demonstrate specific, recent experience in the area under review. This means asking the potential skilled person not just about their firm’s general capabilities but about the specific individuals who would lead and conduct the review: their backgrounds, the specific reviews they have led in this area, and the relevant regulatory developments they have been working with recently.

For reviews involving the FCA’s newer frameworks — DORA compliance, operational resilience testing, cryptoasset AML — the pool of skilled persons with genuine deep experience is smaller than for established areas like CASS or financial crime controls. The firm may need to look beyond the most prominent firms on the skilled person list to find the right expertise.

Managing the relationship during the review

Once the skilled person is engaged, the firm needs to manage the relationship actively. The skilled person is independent but they are not adversarial — they are conducting an expert assessment of a specific area, and the quality of the information they receive and the access they are given affects the quality of the review. A firm that provides information promptly, makes the right people available for interview, and maintains open communication with the skilled person team throughout the review is likely to receive a more complete and accurate set of findings than one that is uncooperative or slow to respond to requests.

The firm should designate a skilled person engagement lead — typically a senior member of the legal or compliance team — whose role is to manage the day-to-day relationship with the skilled person team. This includes: coordinating document requests, scheduling interviews, managing the flow of information, and maintaining a clear log of what has been provided and when. The engagement lead is not a gatekeeper who decides what the skilled person can see — that would compromise the independence requirement and create significant regulatory risk. They are an organiser who ensures the review runs efficiently.

What the findings typically look like

Section 166 review findings are typically structured in categories of severity — significant findings that require immediate remediation, moderate findings that require attention within a defined timeframe, and observations that represent good practice recommendations rather than control failures. The firm should understand this structure in advance, because the response to findings in each category differs in urgency and the level of senior management engagement required.

A finding in the most serious category — one that represents a material control failure or a breach of regulatory requirements — will require a rapid and documented response: immediate containment measures, a time-bound remediation plan with named senior management accountability, and a written response to the FCA that explains what the firm is doing and when it will be done. The FCA will monitor progress against this plan and may require evidence of completion before it will close the Section 166 matter.

FD Capital places senior compliance professionals, heads of internal audit and risk directors in FCA-regulated firms that operate in the post-Section 166 environment. Where a skilled person review has identified capability gaps in a firm’s senior management team, the quality of the recruitment decision that follows is as consequential as the remediation programme itself.

Related Guides

• Surviving a Section 166 Review: A CFO/COO Action Plan
• SMF2 — Chief Finance Function Guide
• SMCR: A Complete UK Guide
• Section 166 Skilled Person Reviews