It is important to consider what sort of support, if any, your firm needs. This will help you to establish the type and level of service you require if you do decide to get some compliance support.

There are lots of different levels of service available. Make sure that any service you choose will address your objectives and help ensure you are compliant. Some of the services commonly provided include:

• initial risk assessment;
• business development;
• help with procedures;
• file audits;
• technical support;
• training; and
• PII cover

Although you won't want to pay for services you do not need, you should also take care when restricting the support or services you receive. Be careful to ensure that if you only focus on one area, you are not missing important compliance issues elsewhere.

We recommend that you agree the standard of services you will receive from your consultant, through a service level agreement. You should always receive details of work carried out and recommendations in writing.

Good practice example

Firm D used a basic service from a large consultancy that gave an initial risk assessment, help in designing processes, technical support and adviser assessments. They supplemented this with in-house compliance monitoring.

Firm D now has robust “know your customer” and training and competence procedures in place and has improved record keeping. The firm now monitors the new procedures,and then the consultant reviews them, making it easier to identify areas for improvement.

The new procedures have helped the firm identify weaknesses in advisers' work, and clearly implement and demonstrate performance improvement measures. The consultant also provides the firm with helpful technical support when completing the RMAR and as well as advising on product-risk issues.

Poor practice example

Firm E was acting as a principal with one appointed representative (AR). The firm restricted its consultancy service to monitoring the AR, feeling this was its weakest area.

However, an FSA visit identified that firm E was performing activities it didn’t have the permission to do. The resulting remedial action was costly for the firm. Had the consultant been monitoring the principal's business, the issue may have been identified and addressed earlier.