← Regis/Sample Audit · UK · Northwind Payments

Sample UK compliance audit ·Illustrative data for a fictional example firm (“Northwind Payments Ltd”, modelled as a UK payment institution), mapped against all 19 UK requirements — SM&CR, FCA Conduct, UK AML, UK GDPR & FCA Operational Resilience. Toggle to see a re-scan close gaps 40% → 90%.

Demo Report
UK

Northwind Payments Ltd

Regulatory Gap Analysis  ·  30 April 2026

UK Workplace · FCA Rules · UK AML · UK GDPR · SM&CR

40%
Posture

Executive Summary

This is a sample audit using illustrative data for a fictional firm. Northwind Payments Ltd — modelled as a UK payment institution for this demonstration — submitted its compliance manual for a gap analysis against all 19 UK regulatory requirements spanning SM&CR, FCA Conduct Rules, UK AML, UK GDPR, and FCA Operational Resilience obligations. The manual establishes a baseline — a suitability framework is in place, conflict-of-interest disclosures exist, and AML training records are maintained — but 12 gaps remain, 5 of them High risk. The most serious deficiencies concern Senior Manager accountability under SM&CR, Consumer Duty implementation, AML policies and Customer Due Diligence procedures, and the Compliance Function governance. Overall compliance posture is assessed at 40%.

Compliance Dashboard

Compliance Posture
40%19 of 31 met
Risk-Weighted Score
Risk Distribution
Framework Coverage
Click framework to filter report

Coverage Matrix

31 of 31 UK requirements assessed · 19 met · 12 gaps

Bribery Act 2010 s.1, s.7 / corporate policy standard

Gifts & Hospitality Thresholds and Approval Limits

✓ Met

Bribery Act 2010 s.7 adequate procedures / MoJ Guidance Principle 5

Gifts & Hospitality Register and Recording

✓ Met

Bribery Act 2010 s.7 / MoJ Guidance — Adequate Procedures

Anti-Bribery Policy and Adequate Procedures

✓ Met

Bribery Act 2010 s.6 / MoJ Guidance

Facilitation Payments Prohibition

✓ Met

Common-law fiduciary duties / corporate governance standard

Conflicts of Interest Declaration and Management

✓ Met

Bribery Act 2010 / Procurement Act 2023 principles

Procurement and Pitch-Process Fairness

✓ Met

Bribery Act 2010 s.7 / MoJ Guidance Principle 4

Third-Party Due Diligence

✓ Met

Sanctions and Anti-Money Laundering Act 2018 / OFSI guidance

Sanctions and Restricted-Party Screening

✓ Met

UK GDPR / Data Protection Act 2018

Data Protection Basics

✓ Met

PIDA 1998 / corporate governance standard

Escalation and Incident Reporting (incl. Whistleblowing)

✓ Met

Corporate governance standard

Policy Ownership and Review Frequency

✓ Met

Bribery Act 2010 s.7 / MoJ Guidance Principles 5–6

Training, Attestation, and Audit Trail

✓ Met

FCA SYSC 2.1 / SM&CR

Senior Management Arrangements

High

FSMA 2000 s64A / SM&CR SOF

Senior Manager Responsibilities and Statements of Responsibilities

Medium

FSMA 2000 s63F / FCA SYSC 27

Certification Regime

✓ Met

FCA PRIN 2A / PS22/9

Consumer Duty — Four Consumer Outcomes

High

FCA COBS 2.1.1R

Client's Best Interests Rule

Medium

FCA COBS 9A.2

Suitability Assessment

✓ Met

FCA COBS 14.3 / COBS 4

Product Information and Financial Promotions

✓ Met

FCA SYSC 6.1

Compliance Function

High

FCA SYSC 7.1

Risk Assessment and Control

Medium

FCA SYSC 10.1

Conflicts of Interest Policy

✓ Met

MLR 2017 Regulation 18

AML Policies, Controls and Procedures

High

MLR 2017 Regulation 28

Customer Due Diligence

High

MLR 2017 Regulation 35

Enhanced Due Diligence — PEPs and High Risk

Medium

MLR 2017 Regulation 24

AML Training Programme

✓ Met

UK GDPR Article 5 / DPA 2018

Data Processing Principles and Lawful Basis

Medium

UK GDPR Article 32 / DPA 2018 s66

Security of Processing

Low

DPA 2018 s137 / UK GDPR Art 37

ICO Registration and Data Protection Officer

Low

FCA PS21/3 / SS1/21

Important Business Services and Impact Tolerances

✓ Met

FCA PS21/3 / SS1/21

Operational Resilience Testing and Self-Assessment

✓ Met

Priority Actions

1.

Produce a management responsibilities map and file updated Statements of Responsibilities for all FCA-approved Senior Managers under SM&CR

2.

Implement a Consumer Duty framework — conduct a fair value assessment, review customer support adequacy, and assess all communications for clarity

3.

Establish written AML policies and procedures approved by senior management, covering internal controls, risk appetite, CDD, and suspicious activity reporting

4.

Appoint a dedicated Compliance Officer with a formal mandate, adequate resources, and a direct reporting line to the board

5.

Implement Customer Due Diligence procedures with documented identity verification, beneficial owner identification, and ongoing monitoring standards

Findings (12)

FCA SYSC 2.1 / SM&CR

Senior Management Arrangements

OpenHigh

FCA PRIN 2A / PS22/9

Consumer Duty — Four Consumer Outcomes

OpenHigh

FCA SYSC 6.1

Compliance Function

OpenHigh

MLR 2017 Regulation 18

AML Policies, Controls and Procedures

OpenHigh

MLR 2017 Regulation 28

Customer Due Diligence

OpenHigh

FSMA 2000 s64A / SM&CR SOF

Senior Manager Responsibilities and Statements of Responsibilities

In ProgressMedium

FCA COBS 2.1.1R

Client Best Interests Rule

OpenMedium

FCA SYSC 7.1

Risk Assessment and Control

OpenMedium

MLR 2017 Regulation 35

Enhanced Due Diligence — PEPs and High Risk

OpenMedium

UK GDPR Article 5 / DPA 2018

Data Processing Principles and Lawful Basis

OpenMedium

UK GDPR Article 32 / DPA 2018 s66

Security of Processing

OpenLow

DPA 2018 s137 / UK GDPR Art 37

ICO Registration and Data Protection Officer

OpenLow

Remediation Workspace

Workspace empty

Click any finding card on the left to preview it, then click “Add to workspace” to begin editing and remediating gaps.

Areas of Compliance

Suitability assessment framework documented with clear client categorisation and risk tolerance questionnaire at onboarding

Conflicts of interest policy published, covering remuneration structures and third-party relationships

AML training records maintained with completion tracking for all relevant employees

Important business services identified with draft impact tolerances documented

Product disclosure documents comply with the FCA fair, clear and not misleading standard

Annual customer communications review process established

Segregation of duties between client-facing and operations functions is documented

Human review required

Regis AI provides structured compliance risk information for review. It does not provide legal advice or make final compliance decisions. Escalate high-risk matters to qualified legal, compliance, HR, or governance professionals.

Prepared by Regis  ·  High-risk findings should be escalated before further action is taken.