FCA Regulatory Framework — Software Implications by Rule
| FCA Rule | Software Requirement | Implementation | Evidence for FCA |
|---|---|---|---|
| PS21/3 IBS resilience | Each IBS independently deployable and measurable | ECS Fargate per IBS, CloudWatch Synthetics per IBS | Quarterly Impact Tolerance evidence — AWS FIS chaos test |
| Consumer Duty (PS22/9) | Fair product design, transparent pricing, human support | Flesch-Kincaid readability check, pricing transparency API | Annual Consumer Duty assessment report |
| COBS 9A (suitability) | Suitability record for each investment recommendation | Automated suitability report generation (template-based NLG) | Suitability report PDF stored 5 years (FCA requirement) |
| COBS 6.1B (advice disclosure) | State whether advice is independent or restricted | Clear disclosure in UI — independent vs restricted label | Screen recording of disclosure at point of advice |
| CONC 5.2A (creditworthiness) | Creditworthiness assessment before credit granted | Open Banking affordability + credit bureau check | Affordability assessment record stored per application |
| MLRs 2017 (AML/KYC) | Identity verification + AML screening before onboarding | Onfido KYC + ComplyAdvantage PEP/sanctions screening | KYC record per customer — archived 5 years |
| PS21/11 (renewal pricing) | Renewal price ≤ new customer equivalent price | Automated parity check at renewal generation | Annual renewal pricing return to FCA (GABRIEL) |
| PSD2/PSRs (Open Banking) | Consent management + data deletion on revocation | Consent log + 30-day deletion workflow on revocation | Consent records + deletion audit trail |
FCA Consumer Duty — Product Design Checklist
FCA Consumer Duty enforcement: FCA has issued multi-million pound fines for Consumer Duty failures (renewals pricing, hidden fees, inaccessible cancellations). ClickMasters Consumer Duty review is included in every FCA-regulated project. We will not build software that fails Consumer Duty — not because of regulatory risk, but because it is wrong.
AML/KYC Software Implementation
| AML Component | UK Requirement | ClickMasters Implementation | Provider |
|---|---|---|---|
| Identity verification | MLRs 2017 Reg 28 — verify identity before business relationship | Electronic identity verification (photo ID + liveness) | Onfido or Jumio |
| PEP/Sanctions screening | MLRs 2017 — check against PEPs, sanctions, adverse media | API screening at onboarding + ongoing monitoring | ComplyAdvantage or Dow Jones |
| Source of funds | MLRs 2017 — enhanced DD for high-risk customers | Automated SOF declaration above threshold | Custom form + manual review workflow |
| Transaction monitoring | MLRs 2017 — monitor for suspicious activity | ML anomaly detection + rules-based alerts | Custom ML + AWS SageMaker |
| SAR reporting | MLRs 2017 — report suspicious activity to NCA | SAR workflow (internal review → NCA goAML) | NCA goAML API integration |
| Record keeping | MLRs 2017 — 5-year retention | AML records in S3 with 5-year lifecycle policy | AWS S3 Intelligent-Tiering |