Section 166 Skilled Person Reviews: Preparation and Response Guide

What It Is

A section 166 skilled person review is one of the FCA's most powerful supervisory tools. Under section 166 of the Financial Services and Markets Act 2000, the FCA has the power to require an authorised firm to provide a report by a skilled person — an independent expert appointed to assess a specific aspect of the firm's business, operations, or compliance. The skilled person is typically a firm of accountants, consultants, or specialist regulatory advisers drawn from the FCA's panel of approved s166 providers.

The s166 power sits within the FCA's supervisory toolkit, between routine supervisory engagement and formal enforcement action. It is used when the FCA has concerns about a firm that cannot be resolved through normal supervisory dialogue but where the regulator has not yet determined that enforcement action is warranted. The review provides the FCA with an independent, detailed assessment of the issue — effectively outsourcing the diagnostic work to a specialist who has the time, expertise, and access to conduct a thorough investigation that the FCA's own supervisory staff may lack the capacity to perform.

Section 166A — the related provision — allows the FCA to require a skilled person report where the firm has failed to comply with a requirement or where it is necessary for the FCA's supervisory functions. In practice, the distinction between s166 and s166A is largely procedural; both result in an independent review commissioned by the FCA and paid for by the firm.

The scope of a s166 review can be narrow or broad. It may focus on a single issue — for example, the adequacy of a firm's anti-money laundering controls, the fairness of its complaints handling, or the governance of a specific product launch — or it may encompass a wide-ranging assessment of the firm's culture, governance, risk management, and control environment. The FCA defines the scope in the terms of reference, which are shared with the firm and the skilled person at the outset of the review.

Why the FCA Cares

The FCA uses s166 reviews because it needs reliable, independent information about firms that cannot be obtained through normal supervisory channels. The regulator supervises thousands of firms with finite resources, and its routine supervisory engagement — periodic reviews, attestation requests, data analysis, and desk-based assessments — can only provide a surface-level view of a firm's operations. When the FCA identifies concerns that require deeper investigation, the s166 power allows it to commission specialist work without diverting its own supervisory staff from other priorities.

The FCA's Annual Report consistently shows significant use of the s166 power. In the 2024-25 reporting year, the FCA commissioned over 60 new s166 reviews, with the total cost to firms exceeding 100 million pounds. The sectors most frequently subject to s166 reviews include wealth management, retail banking, consumer credit, general insurance, and payments — reflecting the FCA's supervisory priorities and the areas where it has identified the greatest risk of consumer harm.

The FCA also values s166 reviews because they produce evidence that can be used in subsequent supervisory or enforcement proceedings. The skilled person's report is an independent, professional assessment that carries significant weight. If the report identifies serious failings, the FCA can use it as the evidential foundation for a requirement to take remedial action (under section 55L FSMA), a voluntary requirement agreed with the firm, or formal enforcement action. The report creates a documented baseline against which the firm's remediation efforts can be measured.

Critically, the FCA regards a firm's response to a s166 review as a significant indicator of its culture and governance. Firms that engage constructively, cooperate fully with the skilled person, accept findings that are well-evidenced, and implement remediation plans promptly and effectively demonstrate the qualities the FCA expects of a well-run firm. Firms that obstruct the review, dispute findings without substantive basis, or implement remediation half-heartedly signal to the FCA that more intensive supervisory intervention — or enforcement action — may be required.

Who It Affects

Any FCA-authorised firm can be subject to a s166 review. There is no exemption based on size, sector, or regulatory category. However, in practice, the FCA is more likely to commission s166 reviews of firms where it has identified specific supervisory concerns, where the potential for consumer harm is significant, or where the issue under investigation requires specialist expertise that the FCA's in-house teams do not possess.

Larger firms — banks, insurers, wealth managers, and major intermediaries — are the most frequent subjects of s166 reviews, reflecting both their systemic importance and the complexity of their operations. However, smaller firms are not immune. The FCA has commissioned s166 reviews of consumer credit firms with fewer than 50 employees, insurance brokers with limited turnover, and payment services firms at an early stage of development. The trigger is the nature and severity of the FCA's concern, not the size of the firm.

Senior Managers within the firm are particularly affected. The s166 review will typically require significant time commitments from the CEO, compliance officer, risk function, and relevant business line leaders. Senior Managers may be interviewed by the skilled person, asked to provide documentation and management information, and required to respond to findings and recommendations. The review process can be disruptive to normal business operations, and Senior Managers must manage the review alongside their ongoing responsibilities.

The firm's staff more broadly are also affected. The skilled person will typically interview a range of employees across different functions and levels, request access to systems and data, observe operational processes, and review internal communications. Staff should be prepared for this — they should understand the purpose of the review, their obligation to cooperate, and the importance of providing honest and complete information.

What Firms Get Wrong

The most damaging mistake is treating a s166 review as an adversarial process rather than a supervisory engagement. Firms that adopt a defensive posture — withholding information, coaching staff on what to say, or attempting to limit the skilled person's access — invariably make the situation worse. The FCA monitors the firm's cooperation through its own engagement with the skilled person, and obstruction is treated as a Principle 11 breach that can escalate the matter from supervision to enforcement. The skilled person is an independent professional, not the firm's adversary; engaging openly and constructively produces better outcomes.

Firms frequently underestimate the cost and resource implications of a s166 review. The skilled person's fees are borne by the firm, and for a review of any substance, the costs run into hundreds of thousands of pounds. But the direct fees are only part of the picture. The firm must also allocate significant internal resource — senior management time, compliance and legal support, document production, and project management of the review process. Firms that fail to resource the review adequately find that it takes longer, costs more, and produces worse outcomes because the skilled person cannot obtain the information needed to complete the work efficiently.

Another common error is failing to engage with the scope of the review at the outset. The FCA shares the proposed terms of reference with the firm before the review begins, and the firm has an opportunity to make representations about the scope. Firms that do not engage with this process — either because they do not appreciate its importance or because they assume the scope is non-negotiable — miss the opportunity to ensure the review is focused and proportionate. While the FCA is not obliged to accept the firm's representations, it will consider them, and a well-reasoned submission can narrow the scope, clarify ambiguities, and prevent the review from expanding into areas that are not relevant to the FCA's original concerns.

Perhaps the most consequential mistake occurs after the review is complete. Firms receive the skilled person's report, agree a remediation plan with the FCA, and then implement it in a cursory or box-ticking manner. The FCA expects genuine remediation — structural changes to governance, controls, processes, and culture that address the root causes identified in the report. Firms that implement superficial fixes without addressing underlying issues will find the FCA returning to the same concerns, potentially with less patience and a greater willingness to escalate to enforcement.

What Evidence Is Expected

During the review itself, the skilled person will expect comprehensive access to the firm's records, systems, staff, and management. Specifically, the firm should be prepared to provide board and committee minutes and papers covering the period under review; management information packs and dashboards relevant to the issues being assessed; policies, procedures, and process documentation; complaint files, customer correspondence, and outcome data; compliance monitoring reports and findings; internal audit reports; risk registers and risk assessment documentation; training records and competence assessments; and financial data including revenue, cost, and profitability analysis for relevant business lines.

The firm should also expect the skilled person to conduct extensive interviews with Senior Managers, compliance and risk staff, operational managers, and front-line employees. These interviews are substantive — the skilled person is assessing not just what the firm says it does but what it actually does, whether staff understand the firm's policies and procedures, and whether the firm's culture supports or undermines compliance. Inconsistencies between documented procedures and actual practice are a key focus of most s166 reviews.

Following the review, the FCA will expect the firm to produce a remediation plan that addresses every finding in the skilled person's report. The remediation plan should include specific actions, responsible owners, realistic timelines, and measurable success criteria. The FCA will typically require the firm to provide periodic progress reports on implementation and may commission a follow-up s166 review to verify that remediation has been effective.

The FCA also expects the firm to demonstrate that it has learned from the review — not just fixed the specific issues identified but strengthened its systems and controls to prevent similar issues from arising in the future. This means evidencing changes to governance, reporting, oversight, and culture that go beyond the narrow scope of the review's findings.

Good Implementation Looks Like

A firm that handles a s166 review well begins by establishing a dedicated project team as soon as the review is announced. This team includes a senior sponsor (typically the CEO or a board member), the compliance officer, legal counsel (internal or external), and a project manager responsible for coordinating the firm's engagement with the skilled person. The team meets regularly throughout the review to monitor progress, resolve issues, and ensure the firm is meeting its obligations under the terms of reference.

The firm engages constructively with the scope at the outset, making representations where appropriate but accepting the FCA's final determination without further contest. It provides the skilled person with prompt, comprehensive access to the information, systems, and people needed to complete the review. It does not coach staff or attempt to manage the narrative — instead, it trusts that honest engagement will produce a fair and accurate report.

When the report is received, the firm reviews it carefully and identifies any factual inaccuracies that should be corrected. It does not dispute findings simply because they are unfavourable — but it does ensure the report is based on accurate facts. The firm then develops a remediation plan that addresses root causes, not just symptoms. The plan is owned by senior management, resourced adequately, and subject to regular progress reporting to the board and the FCA.

After remediation is complete, the firm embeds the improvements into its business-as-usual processes. The changes made in response to the s166 review become part of the firm's ongoing governance, monitoring, and reporting framework — not a one-off project that is forgotten once the FCA's attention moves elsewhere. The firm also conducts an internal lessons-learned exercise, identifying what the review revealed about gaps in its self-assessment and internal audit capabilities, and strengthening those capabilities to reduce the likelihood of future supervisory intervention.

Related Tool

The MEMA Consumer Duty tool helps firms assess and evidence their compliance with the Consumer Duty outcome requirements that are frequently the focus of s166 reviews. Since the Consumer Duty came into force in July 2023, a growing proportion of s166 reviews have focused on firms' implementation of the Duty's four outcomes — products and services, price and value, consumer understanding, and consumer support. The tool provides a structured self-assessment framework that maps the FCA's expectations to the firm's specific business activities and identifies gaps that could attract supervisory scrutiny.

The MEMA complaints and DISP tool supports firms in analysing their complaints data in the way the FCA and skilled persons expect. Complaints handling is one of the most common focuses of s166 reviews, and firms that can demonstrate robust complaints analysis, root cause identification, and systematic remediation are better positioned to navigate a review successfully. The tool aggregates complaints data, identifies trends and outliers, and generates the type of management information that the FCA expects firms to maintain and act upon.

Both tools serve a dual purpose — they help firms identify and address issues proactively, reducing the likelihood of a s166 review being commissioned in the first place, and they ensure that if a review does occur, the firm has a foundation of evidence and analysis that supports a constructive engagement with the skilled person.

Related Service

Our compliance outsourcing service provides the type of independent compliance oversight that can help firms avoid the supervisory concerns that lead to s166 reviews. We conduct regular compliance monitoring reviews, assess governance and control arrangements against FCA expectations, identify emerging risks and deficiencies, and support the firm in remediating issues before they attract regulatory attention. For firms that have not previously invested in a structured compliance monitoring programme, our service can fill the gap and provide the FCA with assurance that the firm's compliance arrangements are subject to independent scrutiny.

For firms that are facing or have received notification of a s166 review, we provide specialist advisory support. This includes reviewing and responding to the proposed terms of reference, establishing the internal project team and governance for the review, preparing staff for skilled person interviews, managing document production and information requests, reviewing the draft report and identifying factual inaccuracies, developing the remediation plan, and supporting implementation and progress reporting.

Our experience with the s166 process — both from the firm side and from working with skilled person firms — gives us practical insight into how reviews are conducted, what skilled persons focus on, and what the FCA regards as an acceptable remediation response. We help firms navigate the process efficiently and constructively, minimising cost and disruption while ensuring the firm emerges from the review in a stronger regulatory position.

Related Sectors

Consumer credit firms have been subject to a significant number of s166 reviews since the FCA took over regulation of the sector from the OFT. Common focuses include affordability assessment practices, treatment of customers in financial difficulty, complaints handling, and the adequacy of governance and control environments. The FCA's thematic reviews of consumer credit have identified sector-wide issues that have led to firm-specific s166 reviews where individual firms appear to exhibit the problems identified at sector level. Consumer credit firms should treat the FCA's thematic findings as an early warning system and address relevant issues proactively.

Wealth management firms are frequent subjects of s166 reviews, particularly in relation to suitability of advice, conflicts of interest, investment governance, and the treatment of vulnerable customers. The FCA's long-running focus on the quality of financial advice, combined with its attention to Consumer Duty implementation in the retail investments sector, means that wealth managers should expect continued supervisory scrutiny. Reviews in this sector often examine large samples of client files, making the quality and consistency of advice documentation critically important.

Insurance brokers face s166 reviews focused on product governance, fair value assessments (particularly in the context of the Consumer Duty), complaints handling, and financial promotions. The FCA's general insurance market study and subsequent interventions have established a baseline of expectations that firms must meet, and s166 reviews are used to assess compliance among firms where the FCA has residual concerns. Brokers that operate through appointed representative networks face additional scrutiny on the adequacy of their AR oversight arrangements.

The payments sector has seen growing use of the s166 power as the FCA increases its supervisory engagement with payment services firms and e-money issuers. Common review focuses include safeguarding arrangements (a critical prudential requirement for payment firms), anti-money laundering controls, operational resilience, and the accuracy of regulatory returns. Payments firms should note that the FCA's expectations of this sector are rising rapidly, and firms that were authorised when supervisory standards were lower may find that their systems and controls no longer meet the FCA's current expectations.