Consumer Duty and Annual Reviews: What Firms Need to Evidence in 2026

Written By Brian Mclaughlin

The regulatory landscape has shifted. The FCA is no longer asking firms whether they've heard of Consumer Duty. It's actively supervising whether they're delivering it. Multi-firm thematic reviews are underway. Section 165 data requests are landing in inboxes across the sector.

The latest enforcement focus is tight and specific: ongoing fees and annual reviews.

If your firm charges ongoing fees, the FCA wants to see evidence that clients are receiving proportionate value. And that evidence must come from documented annual suitability reviews. Not promises. Not process documents. Not theoretical frameworks. Actual reviews, with outcomes, logged and audit-ready.

This is where most firms are failing.

The FCA's Compliance Finding

The FCA's Consumer Duty supervision data reveals something uncomfortable: around 83% of firms delivered annual reviews to clients paying ongoing fees. Which means 17% didn't. Those clients were still charged. Nothing happened. No review. No documented value assessment. No escalation.

That's an Outcome 2 breach under Consumer Duty. Outcome 2 requires firms to demonstrate that clients paying fees receive value that's at least proportionate to those fees. You can't evidence that if no review was conducted. An unprovided review is a compliance failure, regardless of what the fee schedule says.

The FCA's supervision work hasn't finished. Section 165 notices are already being issued to test whether firms can evidence what was discussed in those reviews, what action was taken, and what outcomes were achieved. If your file says "annual review completed" and nothing else, you don't have sufficient evidence. The FCA will escalate the firm.

This is no longer theoretical risk. It's active enforcement space.

What "Evidence" Actually Means

Evidence isn't a tick box. It's a compliance trail.

Firms need to demonstrate three things for each annual review:

First, that the review took place. This means a dated, documented interaction. A meeting, a video call, a structured telephone conversation. The adviser or reviewer records the date, the time, the client touched, the interaction method.

Second, what was discussed and what changed. Did the client's circumstances shift? Did tax position move? Did objectives change? Were there portfolio performance questions? Did vulnerability flags emerge? All of this needs recording. Not in bullet points. In sufficient detail that someone re-reading the file six months later understands what happened and why.

Third, what action was taken. If the review identified a need for portfolio rebalancing, the file shows rebalancing was executed. If vulnerability screening flagged concerns, the file shows an escalation was made to a senior adviser or compliance officer, with a decision recorded. If no changes were needed, the file documents that assessment. No action is only compliant if it's deliberate and justified, not accidental.

Vulnerability screening sits underneath this. The FCA expects firms to identify clients who may require additional protections or consideration. That identification must be documented. The decision on escalation must be documented. The outcome must be documented.

This is granular. This is auditable. This is what Consumer Duty enforcement looks like in 2026.

The Structural Problem in Most Firms

Here's the commercial reality: most IFA firms solve the annual review problem by asking the primary adviser to do it.

The logic is straightforward. The adviser knows the client. The adviser understands the portfolio. The adviser can assess whether ongoing fees are justified. So you schedule a review slot in the adviser's calendar, they have the conversation, they move on.

This creates two problems, both operational.

The first is inefficiency. An adviser's time is expensive. A £300,000 adviser performing routine administrative review tasks is a poor allocation of capital. That time should be spent on advice, on business development, on complex client work. Instead, it's being consumed by documentation overhead.

The second is the compliance bottleneck. An adviser focused on the client relationship and the advice conversation isn't naturally oriented toward building an audit trail. They're thinking about suitability. They're not thinking about whether their notes are sufficiently detailed for a regulatory inspection. The file quality suffers. Escalation decisions get missed. Vulnerability flags don't get logged systematically.

The result is spotty compliance. Some files are granular and detailed. Others are sparse. Some firms have strong completion rates but poor documentation. Others have both problems. All of them report that annual reviews are a resource constraint.

This matters because the FCA's supervision is probabilistic. The regulator will sample your files. If the sample shows weak documentation, incomplete escalation decisions, or gaps in vulnerability assessment, the firm gets a formal finding. You can't argue that your process is sound if the evidence isn't there.

The Delivery Model That Works

The alternative is structural. Build an annual review function using trained, non-adviser staff. Employ or contract experienced compliance-oriented people who understand the Consumer Duty framework, who know how to conduct a structured review conversation, who are oriented toward building audit trails.

Operate them inside the firm's brand. Inside the firm's CRM. Under the supervision of a senior adviser or compliance officer.

The review structure is simple. The reviewer conducts the client interaction. They complete a standardised review checklist that captures circumstances, objectives, performance questions, vulnerability screening, and any escalation triggers. The checklist feeds directly into the CRM. Every review generates a dated compliance record. Escalations flag automatically. Vulnerability assessments are systematised.

The output is clean. Monthly Management Information shows how many reviews were completed, how many clients were contacted, what the escalation volume was, what outcomes were resolved. There's visibility. There's control. There's defensible evidence.

The commercial outcome is also different. Freed from review administration, your primary advisers spend more time on advice and business development. Your review function becomes a scalable operation that doesn't depend on senior fee-earner capacity. Your compliance risk falls because every file is built to the same standard. Your FCA defence is strong because the evidence is consistent.

This works for firms managing £50m to £500m in assets. It scales. It doesn't require expensive technology. It requires discipline in process and consistency in execution.

What Happens Now

Consumer Duty isn't going away. The FCA's supervision is deepening. Section 165 requests will continue. Enforcement action will follow non-compliance.

The question for your firm is straightforward: can your current annual review model evidence value consistently across your entire client base? Can you demonstrate that every client paying ongoing fees received a documented, proportionate review? Can you evidence vulnerability screening and escalation decisions?

If the answer is uncertain, you need a different structure. Not eventually. Now. Before the FCA's next thematic sweep lands in your sector.

The cost of getting this wrong is operational. Formal findings. Required remediation. Potential redress. Reputational damage. The cost of fixing it ahead of time is a change in process and a modest investment in trained resource.

The commercial choice is yours.

Ready to audit your annual review model? Book a discovery call to discuss how a structured review function can strengthen your Consumer Duty compliance and free up adviser capacity.

Brian Mclaughlin
Previous

Pilot Results: What Happened When We Reviewed 10 Clients
Next

The True Cost of Annual Reviews in UK Advice Firms