FCA Supervisory Visit: How to Prepare and What to Expect

An FCA supervisory visit is not an audit, an investigation or an examination — it is the FCA’s primary means of understanding a firm’s business model, governance and control environment through direct engagement. Firms that treat it as a collaborative assessment prepare for it very differently from those that treat it as a threat.

Most FCA-regulated firms will receive at least one supervisory visit over the course of their regulated life. The frequency and depth of visits varies with the FCA’s supervisory category for the firm, the sector’s risk profile, and the FCA’s thematic priorities at the time. Understanding what a visit involves, how to prepare and how to respond to the findings is an important component of any regulated firm’s relationship management with the FCA.

Types of FCA Supervisory Visit

Routine supervisory engagement. The most common type — a planned visit or call forming part of the FCA’s regular supervisory cycle for the firm. Typically preceded by an information request (a Dear CEO letter or a firm-specific questionnaire) and followed by a summary of findings and any required actions.

Thematic visit. The FCA selects a group of firms for assessment against a specific theme — consumer duty implementation, financial promotions controls, operational resilience, or another priority area. The visit agenda is set by the theme rather than by the firm’s individual risk profile, though findings are firm-specific.

Event-driven visit. Triggered by a specific event — a significant complaint, a regulatory notification, a whistleblower report, or adverse management information the FCA has received. More targeted and often more intensive than a routine visit; the firm should assume the FCA has a specific concern it is investigating.

Section 166 skilled person review. Not a visit in the traditional sense but an independent expert review commissioned by the FCA under Section 166 FSMA — the most intensive form of FCA supervisory engagement short of enforcement. Addressed separately in the Section 166 guide.

Before the Visit: Preparation

When the FCA notifies a firm of an upcoming supervisory visit — typically giving two to four weeks’ notice for routine visits — the preparation process should begin immediately. The following should be completed before the visit date.

Review the visit agenda. The FCA will typically indicate the areas it wishes to discuss. Map each area against the firm’s current state: identify where controls are strong and well-documented, and where they are less robust or documentation is incomplete. Be realistic — the purpose of this exercise is to prepare for honest engagement, not to construct a misleading picture.

Prepare documentation packs. The FCA will typically request to see: the firm’s governance documentation (board minutes, committee minutes, management information); the compliance monitoring programme and recent monitoring reports; the risk register and risk management framework; capital adequacy calculations and most recent management accounts; SMF Statements of Responsibilities and the Management Responsibilities Map; AML documentation — the MLRO annual report, CDD policies, transaction monitoring calibration records; and financial promotions approval records if relevant to the visit agenda.

Brief the management team. All SMF holders and senior managers who will participate in the visit should be briefed on the visit agenda and the firm’s position on each topic. The brief should be factual and specific — not a rehearsed script, but a clear understanding of what the firm does, why, and what the evidence base is. The FCA is skilled at identifying responses that are formulaic or disconnected from the firm’s actual practices.

Identify potential weaknesses. Where the firm has known control weaknesses, incomplete remediation programmes, or areas where it knows its practices do not fully meet regulatory expectations, plan how to address these proactively in the visit. The FCA responds far more positively to firms that identify and acknowledge gaps proactively — with a credible remediation plan — than to firms where gaps are identified by the FCA during the visit itself.

During the Visit

The visit will typically involve a combination of: an opening meeting with the firm’s senior managers and compliance officer; structured discussions with the individuals responsible for the areas on the agenda; document review; and a closing meeting to outline initial observations.

The opening meeting sets the tone. It should be attended by the CEO or equivalent SMF1 holder and the compliance officer (SMF16). The firm should use this opportunity to give the FCA a clear, factual overview of the business — what it does, how it is structured, and how it manages its regulatory obligations. This is not a sales presentation; the FCA is assessing whether senior management have a clear and accurate understanding of their business and its regulatory obligations, not the firm’s commercial prospects.

During document review and structured discussions, accuracy and transparency matter more than the appearance of strength. The FCA regularly conducts visits at firms with known weaknesses and is experienced at distinguishing genuine compliance from documentation that does not reflect actual practice. A document pack that claims a sophisticated compliance programme that the individuals interviewed clearly do not operate in practice creates a worse impression than a more modest programme that is genuinely embedded.

What the FCA Typically Focuses On

Across most supervisory visits, the FCA focuses on whether: the board has an accurate picture of the firm’s risk profile and compliance status; the compliance function is genuinely independent and has the authority to challenge the business; management information is reliable and complete; the firm’s conduct obligations are being met in practice (not merely documented in policies); and the senior managers understand their personal accountability under SMCR and take it seriously.

Sector-specific focuses vary. In consumer credit: creditworthiness assessments, treatment of customers in financial difficulty, and financial promotions. In payment services: safeguarding compliance, AML controls and SCA implementation. In investment management: product governance, inducements and suitability. In all sectors: the Consumer Duty’s implementation where the firm is in scope.

After the Visit: Follow-Up Actions

The FCA will typically issue a letter following the visit summarising its observations and any required actions. Required actions have specific deadlines and must be treated as regulatory obligations: failing to complete required actions within the specified timeframe is itself a compliance failure that may escalate supervisory attention.

Where the FCA’s post-visit letter identifies concerns about specific aspects of the firm’s controls, the firm’s response should: acknowledge the findings accurately; provide a clear remediation plan with specific milestones; identify the SMF holder accountable for the remediation; and commit to reporting progress to the FCA at the agreed frequency. The FCA’s willingness to allow a firm to address concerns through a supervised remediation process — rather than escalating to enforcement — depends significantly on whether it is confident the firm is engaging genuinely and making credible progress.

Key References

• FCA — How we supervise firms
• FCA Handbook SUP — Supervision sourcebook
• FCA — Senior Managers and Certification Regime