Like all firms, the FCA understand they ‘face a range of risks’ that threaten their long-term viability. In chapter seven (section five) of their published Annual Report and Accounts 2022/23, the FCA discuss their Risk Management Framework (RMF) and – in the context of assessing people, risk and outcomes – the report offers some invaluable insight into the continual ‘test and learn’ approach the regulator takes.

The FCA states that they ‘must use their resources effectively and efficiently’ and that they ‘must have the ability to identify, manage and report on potential and actual risks of harm’. The FCA’s RMF provides a ‘systematic, disciplined, and constant approach to evaluating and improving the management and oversight of risks’, which include:

  • Risk of Harm
  • External Risks posed to consumers and markets
  • Own Risk
  • Operational Risk and Execution Risk

Continuous assessment

What we notice about the FCA’s RMF process is that it is reflective of a four-phase continuous assessment model, using risk identification, profiling /diagnostic, mitigation/remedy, and evaluation and learning.

The regulator asserts that they ‘adopt a Risk Management Process (RMP) which helps colleagues understand how the component parts of the RMF come together in terms of day-to-day risk management’. The FCA also state that they ‘focus on outcomes rather than being driven by processes’ and, in order to ensure they remain outcome-focused, they note that ‘decisions must be evidence-based, with appropriate consideration of the risks associated’.

The regulator keeps their internal processes under continuous review, implementing new processes and controls where appropriate. In this section of the report, they document their own risks, providing descriptions of risks they face alongside key mitigation measures they have taken, as well as outlining further enhancements they are intending to take.

The regulator’s approach to people risk offers a good insights into their capability, risk and mitigation approach:


FCA, ‘Risk Management Process’ model. Annual Report and Accounts 2022/23′, available to access here.

Title & Risk Trend:



Risk associated with the inability to attract and retain a suitably skilled, experienced and motivated workforce; the right number of people to deliver the work programme, in the right location(s) at the right cost to keep pace with the changing nature of regulated firms and the markets within which they operate; or lack of appropriate diversity and inclusion, such that the FCA does not appropriately identify the risks and harms in the market or act with the pace or flexibility required.

Key mitigations:

  • People Committee responsible for approving, overseeing and reviewing the FCA’s People Strategy.
  • Targeted recruitment campaigns to attract high calibre staff and a competitive employment offer designed to reward strong, consistent performance, aid career development and close any diversity related or other pay gaps.
  • On-going capability assessments, identification of potential gaps and a wide range of approaches to help drive personal development, including an FCA Academy and continuous training.

Further enhancements:

Continued development of Strategic Workforce Planning capability, with increased fungibility of resources and integration with the FCA strategy development and financial planning processes.

Learn more about our approach to continual assessment:

Elephants Don’t Forget uses multi-award-winning Artificial Intelligence (AI) called Clever Nelly to manage a continual assessment regime that treats every one of your employees as an individual and financially guarantees they will learn and retain what you need them to know to be competent in-role and comply with regulations.

We are supporting firms to overcome common challenges, including:

→ Embed and evidence best-in-class people MI for Consumer Duty: firms such as Moneybarn have seen a 9% improvement in customer outcomes and a 300% ROI from their regulatory training in under six months.

→ Improve compliance engagement, 1LoD regulatory competence and 2LoD assurance: firms – including eight of the UK’s top ten General Insurers – are seeing typical competency improvements of 68% in targeted areas including Conduct Rules, AML, ABC, KYC, Cyber Security and Vulnerable Customer Management.

→ Drive cost reductions and improve operational efficiency: firms typically benefit from a 50% reduction in their annual refresher requirement, a 30% reduction in recurring employee errors, and a 20% reduction in reportable complaints.

You may also be interested in…

Consumer Duty ‘Day Two’: assessing the operating landscape

Practical approaches firms are taking to transition tactical compliance with Consumer Duty into Business as Usual (BAU), improve operational performance and demonstrate a clear move away from tick-box approaches to compliance.

Join the herd

Request a time to discover how Elephants Don't Forget can help transform your business today.