Regulatory requirements

After four years of FSA regulation, the business activities of mortgage brokers have become dominated by the need to remain compliant with its principles and rules. However, there a number of other regulatory bodies that affect the way we do business, and it will be worthwhile to review these before looking at the key FSA issues.

Data protection

One regulatory requirement that applies across all business sectors - including mortgage lending and broking - is data protection. The regulator for data protection is the Information Commissioner’s Office (ICO), a body that is the UK’s independent authority set up both to promote access to official information and to protect personal information. The Data Protection Act 1998 and its updates set out eight principles with which everyone processing personal information must comply. These include: data to be used only for the specific purpose for which it was collected; data must not be disclosed to other parties without the consent of the individual unless there are overriding legitimate reasons; individuals have a right of access to information held on them; personal information must not be kept for longer than necessary; all entities that process information must register with the ICO; and these entities must have adequate security in place (eg, firewalls and proper staff training).

Of course, failure to protect data as laid down by the Act is also in breach of the FSA’s principle No 3 – the one that states firms must organise and control their affairs responsibly and effectively, with adequate risk-management systems. So, when Nationwide lost a laptop containing large amounts of personal customer information, the £980,000 fine imposed under FSA enforcement was for breach of its own principles rather than breaches under the Data Protection Act.

As a compliance consultant, I advise firms to follow some key actions to ensure compliance with data protection requirements. These are: put in place a data protection policy and procedure and appoint a data protection officer; train all staff on data protection and include this in the induction process; establish a routine for refreshing employees on the subject (say every three months). The easiest way to breach the data protection principles is by unguarded and indiscrete verbal comments made by staff – so regular reminders will help to keep this topic “front of mind”.

Money laundering

Another set of regulatory requirements that covers many business sectors (including the mortgage industry) is the Money Laundering Regulations 2007. As mortgage firms, our regulator for money laundering is the FSA, while the Office of Fair Trading regulates estate agents and non-FSA regulated consumer credit firms. Other supervisory bodies include HM Revenue & Customs and the Gambling Commission (for casinos).

The basic anti money laundering requirements for mortgage adviser firms are: ensure the client is who they say they are and can prove it with legitimate documents and know where their deposit is coming from if a house purchase. The consequences of failing to fulfil these requirements are fines and imprisonment. In addition, mortgage brokers are obliged to supply lenders with customer information relevant to their own individual anti-money laundering controls. At the moment this is often proving to be problematic, as there is no standard set of information and each lenders wants something slightly different. However, all parties are working towards a universal standard, so this part of the job should become easier over time.

Financial Ombudsman Service

Closely aligned to the regulatory regime of the FSA, the Financial Ombudsman Service (FOS) can almost be regarded as a regulatory body, as it has the power to adjudicate in disputes between mortgage advisers and their customers, and to set levels of compensation payable by the firm, where appropriate. All FSA regulated firms - including, of course, mortgage brokers - are part of the FOS scheme, and their annual FOS fees are collected by the FSA. FOS itself is a limited company, independent of the FSA, although its nine directors are FSA-appointed. Three non executive directors safeguard the interests of consumers, make sure that FOS’s activities align with its articles of association, and ensure that it is not wasting money.

FOS only becomes involved in broker-customer disputes once all attempts to resolve them have failed and the customer has no other recourse. So, It follows that, to avoid getting involved with the FOS, mortgage broker firms must have robust and effective complaints-handling systems and processes in place. Once again, as a compliance consultant, my advice to firms that have become involved in a FOS investigation is as follows: First, make sure that your complaints handling process is both FSA compliant and also in good working order. Ask yourself did you follow your procedure? Then, present your side of the case to the FOS in a prompt, clear, objective and co-operative fashion. For example, it is inadvisable to simply say “We did everything right and the customer is wrong”. Instead, the approach should be “We will show you how we did things properly,“ accompanied by copies of documents and records, eg IDDs KFIs Suitability letters.

In the event that either the firm or the customer does not agree with the FOS's adjudication, they have recourse to the FOS’s complaints panel and/or take the case into the civil law courts.


Moving on to our own regulator, the effect that the FSA has had on the working practice of mortgage broker firms is obviously immense. As the regulatory requirements have been continually aired and debated since mortgage regulation started in 2004, every reader should by now be familiar with what they should be doing. So, as a reminder, here is a quick check list of the key issues.

TCF: the deadline is 30 December so all firms must make sure TCF is fully integrated into the business, with full records and documentation to prove it. Financial promotions are not really an issue at the moment, as promotional budgets have all but disappeared and the short shelf life of products makes promoting them impractical. Training and competence: here, the key consideration is the quality of advice that is delivered, and I recommend readers to refer to the examples of good and poor practice shown on the FSA’s website in the recently added “arrears and possessions” section. There is a wealth of quality guidance from the FSA contained within this report

I have already covered above the important subject of “complaints handling” and another key requirement - regulatory reporting - has been made a lot easier with much better advice and guidance available – see the FSA’s website for details.


Finally, all firms need a much better understanding of how important it is to have proper senior management systems and controls in place. Under this topic, a quick review of the FSA’s enforcement final notices against mortgage firms will show that the majority have the failure of principle 3 (see Nationwide previously mentioned) as grounds for the enforcement action. Here, adopting an end-to end sales and compliance system such as Home Buyer could prove to be a valuable investment.


How do broker firms keep on top of all these regulatory requirements? Becoming an AR of a network initially seemed to be an easy route to compliance but network principals can easily go to the wall - as witnessed recently with Trustguard - leaving ARs with no compliance cover, proc fees unpaid, probably no PII cover and unable to do business because they are no longer authorised (again, the recent fate of Trustguard ARs). Going it alone as a directly authorised firm means that you at least have your fate in your own hands – but how do you find time to become your own compliance expert?

Unsurprisingly, compliance consultancy is a growth area as DA firms look for third party expertise and support. However – as with the choice of networks – there is no guarantee of quality of advice and support, so firms must do their homework before appointing a compliance consultancy partner. What is the fee structure – do you pay for work done, or a monthly fee irrespective of the amount of work done? What is the track record - for example successful FSA visits/ successful DA applications? Can the consultancy offer plenty of reference points among its client base where you can sound out objective opinion? Remember – even if a compliance consultant is involved, senior management is still fully responsible for compliance.