Why Templated Compliance Frameworks Are the Biggest Risk UK Fund Managers Face
The FCA’s CP25/28 does not just allow DLT in authorised funds.
It rewires who does what, who carries liability, and what the fund manager’s role actually is.
Table of Contents
The FCA imposed fines exceeding £186 million in 2024/25, more than trebling its penalty count for individuals from four to thirteen. It issued 37 Final Notices and cancelled the authorisation of 1,456 firms. None of the enforcement language centres on “failure to follow industry standard templates.” The regulatory question is always the same: does your compliance architecture reflect your actual business?
Fund managers using templated compliance frameworks are systematically mispricing their regulatory risk. Not because templates are wrong in principle, but because the FCA tests whether your specific governance matches your specific operations. A framework designed for a different firm will fail that test every time.
The Proportionality Requirement the FCA Actually Enforces
The mistake is mechanical. A fund manager of 12 staff adopts the governance policy structure of a 120-person peer. They change the names in the org chart. They add a sentence about their “smaller scale.” They train everyone on the new policy. Three years later, they fail an FCA thematic review because their compliance operating model does not reflect their actual business.
This is not a technical violation. It is a categorical failure to meet what SYSC 4.1.1R explicitly requires: governance arrangements that are “comprehensive and proportionate to the nature, scale and complexity of the business.” When the FCA audits whether your procedures match your business model, templated compliance frameworks that assume a different operating structure will systematically fail that assessment.
The FCA’s enforcement against H2O AM LLP in August 2024 demonstrates the pattern. The FCA found H2O had “failed to institute and/or maintain appropriate governance arrangements to review and scrutinise investment decisions.” The firm’s risk and compliance functions lacked “adequate oversight of or engaging in effective challenge or monitoring of the investment decision-making process.” The governance existed on paper. It did not match how the firm actually operated. The FCA imposed a public censure for breaches of FCA Principles 2, 3, and 11, and multiple COLL provisions.
Why the FCA's Own Letters Diagnose Templated Governance as the Root Cause
The FCA has been explicit about this failure mode across three consecutive years of supervisory correspondence.
The February 2023 Portfolio Letter, issued by Camille Blackburn’s Buy-Side Directorate covering approximately 1,000 firms managing £11 trillion, identified “ineffective governance to be a root cause of some Asset Managers failing to mitigate material risks or progress towards better outcomes for their customers.” The diagnosis was structural: governance design determines whether senior management can actually identify what is happening in their own firm.
The February 2025 Portfolio Letter shifted emphasis to resilience during disruption, noting that good governance and a healthy firm culture are critical tools to achieve good outcomes during periods of change and increased uncertainty. Templated compliance frameworks decay faster under uncertainty because they cannot adapt to decisions made outside formal channels. A framework designed for stable conditions and a different organisational structure offers no guidance when the environment shifts.
The May 2025 Business Model Review then tested this directly. The FCA surveyed 410 smaller asset managers (each with AUM below £1 billion) across three phases from April 2023 to September 2024, selecting 60 firms for in-depth assessment. Among Consumer Duty findings, the FCA found “mixed practice” in compliance, with some smaller firms unable to provide meaningful Consumer Duty reports even when taking proportionality into account. As I explore in my analysis of how SM&CR accountability must reflect the specific firm’s functions, this gap between templated compliance documentation and actual firm operations creates both enforcement exposure and internal control failure.
The Enforcement Signal: Governance Architecture That Does Not Match Reality
The March 2025 Private Market Valuation Review examined 36 firms holding approximately £3 trillion in global private assets. The FCA found that while nearly all firms had valuation committees, some exhibited poor record-keeping in respect of how valuation decisions were actually reached. The FCA also found that many firms had not actively considered or documented conflicts of interest in their valuation process in sufficient detail, and flagged cases where senior investment professionals were voting members of valuation committees, compromising independence.
The governance failure here is not that firms lacked valuation frameworks. Most had them. The failure was that the frameworks did not accurately capture how decisions were actually being made. When the formal process says one thing and the operational reality does another, the FCA treats this as a governance deficiency regardless of how polished the documentation looks.
The Odey enforcement action underscores the personal accountability dimension. In March 2025, the FCA fined Crispin Odey £1.835 million and permanently banned him from UK financial services for lack of integrity. The Decision Notice found that Odey’s conduct caused Odey Asset Management to breach SYSC 4.2.1R and SYSC 4.2.2R requirements that management of an AIFM must be undertaken by at least two persons of good repute. He twice fired all members of the Executive Committee and appointed himself sole member to frustrate a disciplinary process. The case demonstrates that governance architecture only works if the people within it cannot override it.
What Templated Frameworks Miss: The Compliance Cost Trap
The November 2025 TheCityUK and PwC report quantified the expense: annual compliance costs for the UK financial services sector reached £33.9 billion, representing over 13% of firms’ annual average operating costs. 84% of respondents reported costs had either increased (53%) or significantly increased (31%) over the past five years. Over half (53%) of firms operating outside the UK said UK compliance costs are higher than in other jurisdictions.
Templated compliance frameworks contribute to this inflation because they create two parallel systems: the formal policy system (the template) and the actual operating system (what people really do). Staff comply with both. Finance pays for both. The FCA audits only whether they align.
The alignment failure shows up differently at different scales. A 50-person alternative asset manager may adopt the compliance governance structure of a 200-person peer. They then require compliance committee meetings that consume capacity without generating insight, because the template was designed to coordinate functions that this firm does not separate. They implement reporting systems that feed data to decision-makers who are not the right decision-makers under their actual structure. The cost materialises as friction, redundancy, and escalation delay.
The FCA’s approach to Section 166 skilled person reviews confirms the regulatory focus on this gap. The FCA commissioned 83 skilled person reviews in 2023/24, up from 47 in 2022/23 and 38 in 2020/21. These reviews require firms to fund independent assessments focused on governance, systems, and controls. When the FCA commissions a skilled person review, the question is not whether a framework exists. It is whether that framework reflects actual operational reality.
The Counterargument and What It Misses
The reasonable objection: regulatory guidance and industry templates exist for a reason. They have been tested. They embed regulatory good practice. A small firm adopting a proven structure incurs less risk than building from scratch.
This argument confuses the map with navigation. Yes, regulatory guidance describes compliant principles. Yes, industry templates are technically defensible. But the FCA’s enforcement pattern makes a different assessment: whether your specific instantiation of those principles matches your specific business. H2O had governance frameworks. They did not match how investment decisions were actually made. The Valuation Review firms had valuation committees. Their records did not capture how decisions were actually reached.
Regulatory templates are defensive structures, not protective ones. They reduce the risk of obvious omissions. They do not reduce the risk of structural misalignment, which is what FCA reviews and enforcement actions actually detect. The firm that builds its governance from first principles, testing each element against its own operating model, generates fewer enforcement findings than the firm that implements a template competently.
The Diagnosis Inverted: Why Templates Feel Cheaper but Cost More
Templated compliance frameworks appear cheaper in the build phase. They require less design time, less stakeholder mapping, less testing against operational reality. The template exists, training exists, peer firms use it, regulatory guidance references it.
The actual cost appears in the operational phase, across three channels. First, staff compliance without understanding, creating hidden workarounds. Second, escalation to the wrong decision-makers, generating delay and rework. Third, governance visibility that does not match operational reality, preventing senior management from making informed decisions about risk.
Discover these defects during an FCA thematic review or skilled person assessment, and you have a regulatory finding. Discover them during internal risk review, and you have a strategic advantage. The templated approach makes the first outcome more likely. The bespoke approach permits the second.
The choice is not between templated compliance frameworks and full bespoke design. It is between governance that reflects what you actually do, and governance that reflects what you assumed you would do. Explore further governance strategy resources.
Templated compliance frameworks are not a shortcut to compliant governance. They are a mechanism for deferring the architectural work until the FCA finds it during an examination. Firms that price this deferred cost accurately will rebuild their governance from operational reality. Firms that do not will continue to misjudge their regulatory exposure.
This article is provided for general informational purposes only and doesn’t constitute legal, investment, or regulatory advice.
Date: 15 September 2025
Written by: Asad Bukhory