COBS suitability assessments: where firms most often fail FCA scrutiny

Suitability remains one of the FCA’s most consistent enforcement and supervisory priorities for investment firms. COBS 9 and 9A set out the requirements for personal recommendations and discretionary management, but the gap between what the rules require and what firms actually deliver in practice is wide enough that thematic reviews, Section 166 reviews and enforcement cases return to the same deficiencies year after year. The firms most at risk are not those ignoring suitability — they are firms that believe their processes are adequate and have not subjected them to genuine stress testing.

This article sets out the specific failure modes the FCA has identified repeatedly, the supervisory signals that indicate scrutiny is coming, and what the underlying compliance leadership problem usually is.

What COBS 9 and 9A actually require

Before identifying where firms fail, it is worth being precise about the standard. COBS 9 applies to personal recommendations in relation to designated investment business. COBS 9A applies to ongoing suitability for discretionary portfolio management and ongoing advisory services with periodic assessment. The requirements are not limited to the moment of recommendation — they extend to the quality of information gathered, the quality of reasoning documented in the suitability report, the ongoing appropriateness of recommendations, and the adequacy of systems to evidence all of the above.

COBS 9.2 requires firms to take reasonable steps to ensure that a personal recommendation is suitable for the client, based on the client’s knowledge and experience, financial situation, and investment objectives — including risk tolerance. None of these elements is optional. All must be documented in a way that evidences the reasoning, not just the conclusion.

The seven failure modes the FCA returns to

1. Client information gathering that is superficial rather than substantive

The most common finding across thematic reviews is that firms gather client information at the level required to complete a form rather than at the level required to understand the client. Attitude to risk questionnaires that produce a number rather than a narrative understanding of how the client would actually behave during a drawdown are a persistent problem. A client who scores 6 out of 10 on a risk questionnaire and a client who scores 6 but has just retired, has no other liquid savings, and has never experienced a material investment loss are not the same client. The FCA expects firms to demonstrate that they understand the difference.

The specific deficiencies the FCA has identified include: not establishing whether the client can financially bear losses consistent with the recommended risk level; not understanding the purpose of the investment beyond a generic investment objective; not establishing investment horizon in a way that informs the recommendation; and not updating client information periodically to reflect changed circumstances.

2. Suitability reports that describe the recommendation without explaining why it is suitable

COBS 9.4 requires that where a personal recommendation is made, a suitability report must specify the recommendation and explain why it is suitable having regard to the client’s information. The word “explain” is doing significant work here. Firms frequently produce suitability reports that describe what has been recommended and that the client’s attitude to risk is moderate, but do not demonstrate the connection between the client’s specific circumstances and the recommendation made.

The FCA’s supervisory expectation is that a suitability report should allow the regulator — or an informed third party — to understand why this recommendation was made for this client at this time. Template language that could apply to any client with a moderate risk profile does not meet that standard.

3. Centralised investment propositions applied without genuine tailoring

The growth of centralised investment propositions has created a structural suitability problem for many firms. A CIP is not inherently unsuitable, but using one requires firms to demonstrate that the proposition is appropriate for each individual client rather than that the client has been matched to a proposition category. The FCA has found that many firms treat the CIP as the end point of the suitability process rather than as one input into it. Where a firm’s recommended portfolios cover three to five risk-rated model portfolios and the entire client base distributes across those options, the FCA will ask how individual client circumstances were genuinely taken into account.

This is particularly acute for clients with concentration risk in other assets, clients with tax considerations that affect portfolio structure, clients approaching or in decumulation, and clients whose stated attitude to risk is inconsistent with their capacity for loss.

4. Insufficient assessment of capacity for loss

Attitude to risk and capacity for loss are different things, and firms regularly conflate them. A client can have a high attitude to risk and a low capacity for loss — for example, a client who is psychologically comfortable with volatility but whose financial circumstances mean that a significant loss would materially affect their standard of living. COBS 9 requires both to be assessed. The FCA has found that many firms assess attitude to risk adequately and capacity for loss inadequately or not at all. This is a specific, recurring finding that has appeared in thematic reviews across investment advice, discretionary management, and pension transfer advice.

5. Inadequate governance of the suitability framework itself

The FCA’s supervisory attention has increasingly moved upstream from individual suitability assessments to the governance of the suitability framework. This means asking who owns the framework, how it is reviewed, what MI is produced about suitability quality, what oversight the Compliance function exercises over suitability quality, and what happens when problems are identified. Firms that can demonstrate strong individual suitability processes but cannot demonstrate that there is meaningful senior management oversight of whether the framework is working are increasingly exposed.

Under SMCR, the accountability question is explicit. The individual holding SMF16 (Compliance Oversight) has personal accountability for the compliance function’s oversight of suitability. Where the FCA finds that suitability oversight has been inadequate, the question of whether the SMF16 holder exercised their function effectively is live.

6. Pension transfer advice — a persistently elevated risk area

Defined benefit pension transfer advice carries specific suitability requirements under COBS 19 and has been a persistent enforcement priority. The FCA’s review of DB transfer advice found widespread deficiencies including: inadequate critical yield analysis; insufficient consideration of scheme benefits being given up; advice that was in practice a rubber stamp for a client decision already made; and advisers without adequate competence or sufficient support from the firm’s compliance function. The FCA has withdrawn the authorisation of multiple firms in this area and has made clear that the risk of personal accountability for senior managers at firms with systematic DB transfer advice failings is real.

7. Inadequate file review and quality assurance processes

Post-advice file review is one of the FCA’s primary supervisory tools for assessing suitability quality. Firms whose file review processes are cursory, whose reviewers are not genuinely independent of the advisers whose files they review, or whose QA processes do not result in meaningful remediation are at significant supervisory risk. The FCA expects file review to be a genuine quality control mechanism, not a compliance exercise. Where file review identifies recurring problems that the firm has not addressed, this compounds the original suitability deficiencies.

The supervisory signals that precede scrutiny

Firms are not selected for supervisory attention randomly. The signals that tend to precede a Section 166 review or thematic inclusion include: high volumes of complaints relating to investment performance or advice quality; patterns in FOS decisions against the firm; a portfolio that has drifted materially from stated investment objectives; significant changes in adviser population or business model without corresponding compliance review; and intelligence from other sources including whistleblowing.

Section 166 reviews in the suitability space are typically triggered when the FCA has a specific concern it wants to investigate with greater depth than its own resources allow. A skilled person appointed under Section 166 will assess the firm’s suitability framework against a detailed specification agreed with the FCA. The findings feed directly into the FCA’s assessment of whether enforcement action is warranted and what remediation is required.

The compliance leadership problem

Most suitability failures in regulated investment firms are not caused by dishonesty or deliberate non-compliance. They are caused by compliance functions that are under-resourced relative to the complexity of the business, by SMF16 holders who lack the specific COBS and MiFID suitability expertise to identify where the framework is inadequate, or by governance structures that have not kept pace with growth in the adviser population or assets under management.

The practical consequence is that firms facing FCA scrutiny often find that their compliance leadership, while competent in a general sense, has not had the experience of designing and running a suitability framework under active regulatory examination. This is precisely the capability gap that firms need to address before — rather than after — the FCA makes contact.

FD Capital places senior compliance leaders with the specific suitability and COBS expertise that FCA-regulated investment firms need. Whether the requirement is a CCO who has managed a Section 166 review, an SMF16 holder with direct experience of the FCA’s thematic review process, or an interim Head of Compliance to lead a suitability framework remediation programme, we work exclusively in the regulated financial services space.

If your firm is conducting a suitability framework review or is facing regulatory scrutiny, please contact us to discuss how we can help identify and place the right senior compliance professional.

Related Services

• Compliance Recruitment
• SMCR Compliance Recruitment
• CRO Recruitment
• SMF2 CFO Recruitment
• Section 166 Review
• Risk and Compliance Recruitment