What is an FCA compliance audit?

An FCA compliance audit is a review of whether a regulated firm is operating in line with its permissions, obligations and customer outcome expectations.

For credit brokers, a review may look at how the firm:

• explains its broker role to customers
• controls financial promotions
• manages customer journeys
• works with lenders or finance providers
• handles commission and disclosure wording
• monitors complaints
• identifies and supports vulnerable customers
• evidences Consumer Duty outcomes
• keeps records
• trains staff
• monitors lead sources, affiliates or introducers
• operates within direct authorisation, AR or IAR scope

Not every review will look the same. The scope may depend on the firm’s business model, risk profile, permissions, complaints, growth, marketing activity, AR/IAR arrangements or previous issues.

For a broader overview of the compliance framework, read What Is Credit Broking Compliance? A Beginner’s Guide.

Who might carry out the review?

A credit broker may face different types of compliance review.

This could include:

• an FCA review or information request
• an internal compliance audit
• a principal firm review if the business is an Appointed Representative
• an oversight review if the business is an Introducer Appointed Representative
• lender due diligence
• commercial partner review
• platform, affiliate network or advertiser review
• outsourced compliance review

The reviewer may differ, but the evidence needed is often similar. A firm should be able to show how it controls the activity it carries out.

Why credit brokers are reviewed

Credit brokers may be reviewed for many reasons.

A review may be triggered by:

• FCA supervision activity
• complaints or customer harm indicators
• rapid growth
• changes to the business model
• financial promotion concerns
• unclear broker versus lender wording
• lead generation risk
• poor customer outcomes
• AR or IAR oversight requirements
• lender or partner due diligence
• routine compliance monitoring

A review should not be treated only as a threat. It can also be a useful way to identify gaps, improve controls and strengthen the business.

For common issues that can lead to concern, read Common Compliance Mistakes Credit Brokers Make and How to Avoid Them.

Area 1: Permissions and regulatory status

The first area likely to be reviewed is whether the firm has the right regulatory route for its activity.

The reviewer may consider whether the business is:

• directly FCA authorised
• operating as an Appointed Representative
• operating as an Introducer Appointed Representative
• acting within the scope of its permissions or appointment
• carrying out activity that was not originally assessed
• working through introducers, affiliates or publishers
• using financial promotions that match its regulatory status

For directly authorised firms, this may involve checking whether the firm’s permissions match its current activity.

For ARs and IARs, this may involve checking whether the firm is staying within the scope of the appointment and whether the principal’s approval and oversight process is being followed.

For more on route options, read Why FCA Authorisation Matters for Credit Brokers and Advanced Strategies for Mastering What Are the Two Types of FCA Authorisation for Firms.

Area 2: Business model and customer journey

A compliance audit will usually look at how the business actually works.

This may include reviewing:

• how customers find the business
• what adverts or landing pages they see
• what the enquiry form says
• what disclosures are shown
• what happens after the customer submits details
• which lenders or finance providers are involved
• whether customers understand the broker role
• how data is shared
• whether the customer journey matches the policies
• how complaints or queries are handled

For credit brokers, customer journey review is particularly important because many compliance risks happen before a customer reaches a lender.

A reviewer may test whether customers understand:

• who the broker is
• that the broker is not necessarily the lender
• what service is being provided
• whether the broker may receive commission
• which firms may contact them
• who makes the lending decision
• how to complain

For more detail, read Credit Broker vs Lender: Key Differences Explained.

Area 3: Financial promotions and advertising

Financial promotions are one of the most important audit areas for credit brokers.

The review may cover:

• website pages
• landing pages
• paid search adverts
• social media adverts
• organic social posts
• emails
• SMS messages
• call scripts
• comparison pages
• affiliate content
• publisher pages
• lead forms

A reviewer may look for evidence that promotions are clear, fair and not misleading, and that the broker role is clear where the firm is acting as a broker.

They may also check whether:

• promotions are approved before publication
• approval records are kept
• live versions match approved versions
• changes are controlled
• outdated promotions are withdrawn
• affiliate or publisher materials are reviewed
• commission and lender relationship wording is clear
• claims about approval, rates or lender access can be evidenced

For a deeper guide, read How to Advertise as a Credit Broker Without Breaking FCA Rules.

Area 4: Broker versus lender positioning

Credit brokers should be clear that they are brokers, not lenders, where that is the role they perform.

During a review, the firm’s customer-facing wording may be checked carefully.

This could include:

• homepage hero wording
• advert copy
• landing page headlines
• call-to-action wording
• form descriptions
• email templates
• call scripts
• confirmation pages
• complaints wording
• affiliate and introducer content

The issue is not only whether “broker” appears somewhere on the page. The question is whether the overall impression is clear for the customer.

A reviewer may consider whether the firm uses lender-style language, implies guaranteed acceptance, or fails to explain who makes the lending decision.

Area 5: Lead generation and introducer controls

Lead generation can create significant compliance risk if not properly controlled.

An audit may review:

• where leads come from
• whether introducers are checked before onboarding
• whether affiliates or publishers use approved wording
• how lead sources are monitored
• whether customer consent wording is clear
• whether data sharing is explained
• whether customers know who will contact them
• whether lead quality is monitored
• whether complaints are linked back to lead sources

If a credit broker relies on third parties, it should be able to show how those relationships are controlled.

This may include due diligence records, approved promotional material, monitoring reports, screenshots, complaints data and escalation records.

For more detail, read Lead Generation in FCA-Compliant Credit Broking: What You Need to Know.

Area 6: Lender relationships and commission disclosure

Credit brokers often work with lenders, finance providers or selected panels.

A review may look at whether customer communications explain those relationships properly.

This may include:

• lender panel wording
• commission disclosure wording
• claims about lender access
• claims about independence or whole-of-market access
• customer explanations
• timing and placement of disclosures
• records supporting the wording used
• consistency across website, forms, emails and scripts

The homepage copy deck recommends avoiding claims that are difficult to evidence, such as “best in the business” or “whole of market” unless the position can be supported. Safer language should be specific and evidence-based.

Area 7: Consumer Duty and customer outcomes

A compliance audit may look at how the firm monitors customer outcomes.

Consumer Duty expects firms to act to deliver good outcomes for retail customers, and FCA material describes the Duty as moving beyond compliance checklists into embedding fairness, transparency and customer-centricity into interactions.

For credit brokers, outcome evidence may include:

• customer journey testing
• customer understanding reviews
• complaints root cause analysis
• vulnerable customer monitoring
• lead quality checks
• declined or referred customer review
• lender outcome monitoring
• financial promotion performance
• management information
• actions taken to improve the journey

The firm should be able to show how it identifies potential harm, what management information it reviews and how issues are escalated.

For related guidance, read Understanding the Affordability and Suitability Rules in Credit Broking.

Area 8: Complaints handling

Complaints are an important source of compliance evidence.

A review may look at:

• how complaints are identified
• whether staff understand what counts as a complaint
• how complaints are logged
• how investigations are carried out
• whether responses are timely and clear
• how root causes are reviewed
• whether complaint trends are reported to management
• whether complaints lead to customer journey improvements

Credit broking complaints may relate to broker status, unwanted contact, data sharing, fees, commission, lender decisions, declined applications or confusion about who is responsible.

A firm should not treat complaints only as individual cases. Complaint trends should feed into monitoring and improvement.

Area 9: Policies, procedures and training

Policies should reflect the real business model.

A compliance audit may check whether the firm has relevant policies and whether staff understand them.

This may include:

• compliance manual
• financial promotion policy
• complaints policy
• vulnerable customer policy
• Consumer Duty framework
• data and consent procedures
• introducer or affiliate controls
• AR/IAR operating procedures
• staff training records
• approval processes
• escalation routes

A generic policy pack is unlikely to be enough if it does not match the customer journey, marketing model and lender relationships.

Area 10: Monitoring, management information and board reporting

A strong credit broking compliance framework should include regular monitoring.

An audit may review whether the firm monitors:

• financial promotions
• customer journeys
• lead sources
• complaints
• customer outcomes
• file quality
• vulnerable customer treatment
• lender outcomes
• staff training
• policy updates
• remediation actions

Management information should help the firm identify risks and take action. It should not be produced only for record keeping.

A reviewer may ask what issues have been identified, what decisions were made and what improvements followed.

For ongoing compliance planning, read How Much Does It Cost to Maintain FCA Compliance for Credit Brokers?.

What documents might be requested?

A credit broker should be prepared to provide evidence such as:

• business model summary
• permissions or appointment details
• financial promotion approvals
• website and landing page screenshots
• customer journey maps
• compliance monitoring plan
• monitoring reports
• complaints log
• complaint outcome examples
• Consumer Duty assessment
• vulnerable customer policy
• staff training records
• lender relationship records
• commission disclosure wording
• introducer or affiliate due diligence
• management information
• board or senior management reports
• remediation plans

The exact request will depend on the scope of the review, but a firm that keeps good records will be in a stronger position.

How to prepare before an audit or review

Preparation should start before any formal request arrives.

Useful steps include:

1. Review permissions and scope
   Confirm the firm is operating within direct authorisation, AR status or IAR scope.
2. Check the customer journey
   Review the journey from advert to lender handoff and complaints route.
3. Review financial promotions
   Check all active promotions, landing pages, emails, social posts and affiliate content.
4. Update records
   Make sure approval records, monitoring reports, complaints logs and training evidence are organised.
5. Test Consumer Duty evidence
   Check whether management information shows how customer outcomes are monitored.
6. Review lead sources
   Confirm introducers, affiliates and publishers are approved and monitored.
7. Identify gaps early
   Create a remediation plan for any weaknesses before they become formal findings.
8. Assign responsibility
   Make sure the right people know who will gather documents, answer questions and manage follow-up actions.

For a practical checklist, read Credit Broking Compliance Checklist: What You Need to Know.

What happens after an audit?

After a review, the firm may receive findings, recommendations or requests for further information.

Actions may include:

• updating financial promotions
• improving broker status wording
• strengthening customer journey disclosures
• changing commission disclosure wording
• improving complaints handling
• adding monitoring checks
• updating policies
• improving lead source controls
• completing staff training
• creating a remediation plan
• reporting progress to senior management or the principal firm

The most important point is to act on findings. A review is much less valuable if issues are identified but not followed through.

For more on regulatory checks, read How to Successfully Pass FCA Regulatory Checks for Credit Broking.

Common audit mistakes credit brokers make

Common mistakes include:

• trying to prepare evidence only after receiving a request
• relying on generic policies
• having no financial promotion approval records
• failing to check live promotions against approved versions
• not monitoring affiliates or publishers
• unclear broker versus lender wording
• weak Consumer Duty evidence
• incomplete complaints logs
• lack of management information
• no record of remediation
• not updating the framework when the business changes

These issues are avoidable with regular monitoring and clear ownership.

For more detail, read Common Compliance Mistakes Credit Brokers Make and How to Avoid Them.

How Authorised Compliance supports audit preparation

Authorised Compliance supports UK credit brokers with FCA audit and regulatory review preparation.

Our support can include:

• compliance audits
• permissions and scope reviews
• customer journey testing
• financial promotion reviews
• broker versus lender wording checks
• lead generation reviews
• Consumer Duty assessments
• complaints process reviews
• lender relationship and commission disclosure reviews
• monitoring plan reviews
• management information and board reporting support
• remediation planning
• outsourced compliance support

We help firms identify gaps, organise evidence and build practical controls that support day-to-day credit broking activity.

You can read more in How Authorised Compliance Helps Credit Brokers Stay FCA-Compliant and Choosing the Right FCA Compliance Consultant for Your Credit Broking Business.

FAQs

What is an FCA compliance audit for a credit broker?

An FCA compliance audit or review checks whether a credit broker is operating within its permissions and maintaining appropriate controls around customer journeys, financial promotions, complaints, Consumer Duty, record keeping and ongoing monitoring.

What documents might a credit broker need for an audit?

A credit broker may need financial promotion approvals, customer journey maps, complaints logs, monitoring reports, training records, Consumer Duty evidence, lender relationship records, commission disclosure wording and remediation plans.

Will an audit review financial promotions?

Financial promotions are likely to be a key area of review. Websites, landing pages, adverts, emails, social posts, scripts and affiliate content should be clear, fair, not misleading and properly approved where required.

Why is broker versus lender wording important in an audit?

Broker versus lender wording is important because customers need to understand whether they are dealing with a broker or a lender. Unclear wording can create customer confusion, complaints and regulatory risk.

How can credit brokers prepare for an FCA review?

Credit brokers can prepare by reviewing permissions, customer journeys, financial promotions, complaints records, Consumer Duty evidence, lead source controls, monitoring reports and management information.

What happens if an audit finds issues?

If an audit finds issues, the firm may need to update promotions, improve disclosures, strengthen monitoring, update policies, complete training, improve complaints handling or implement a remediation plan.

How often should credit brokers audit their compliance?

Credit brokers should review compliance regularly and whenever the business model changes. Financial promotions, customer journeys, lead sources, complaints and customer outcomes should be monitored on an ongoing basis.

Can Authorised Compliance help with FCA audit preparation?

Yes. Authorised Compliance supports UK credit brokers with compliance audits, FCA review preparation, financial promotion checks, customer journey testing, Consumer Duty assessments, complaints reviews and remediation planning.

Final thoughts

A compliance audit should not be seen as a one-off event. It is a test of whether the firm’s controls are working in practice.

For credit brokers, the strongest preparation is ongoing evidence. Clear permissions, controlled promotions, tested customer journeys, good complaints records, Consumer Duty monitoring and practical management information all help show that the firm is operating properly.

A well-prepared credit broker should be able to explain what it does, evidence how it controls risk and show how it improves customer outcomes over time.