How Mid-Sized Firms Can Evidence Consumer Duty Outcomes for FCA Board Reviews

In the Financial Conduct Authority’s review of Year 2 Consumer Duty Board reports, a clear pattern emerged: having a vulnerable customer policy on file is entirely different from proving you supported one in practice. Most firms have spent the last 24 months refining their documentation. They have updated their Terms of Business, rewritten their customer communications for clarity, and held internal workshops on the four outcomes. Yet, many of these same firms struggled during the most recent reporting cycle because they lacked the specific, granular data required to prove that these policies actually changed customer outcomes.

The regulator has shifted its focus from implementation to supervision. It is no longer enough to show the FCA a well-drafted policy. Supervisors now want to see the evidence of the board challenging the executive. They want to see the Management Information (MI) that triggered a change in a product’s fee structure or a revision to a distribution strategy. For mid-sized firms, this represents a significant operational hurdle. Without the massive compliance budgets of Tier 1 banks, these firms must find a way to generate continuous, verifiable evidence without overwhelming their daily operations.

The situation in 90 seconds

ABC Bank, a prominent FCA-authorised firm, found itself at a crossroads as the Year 2 board reporting deadline approached. Having recently appointed a new compliance officer, the firm was acutely aware that its existing governance framework was largely static. While the bank had a solid reputation and high customer satisfaction scores, its ability to prove that satisfaction was a result of the Consumer Duty was limited to anecdotal evidence and high-level complaint data.

The firm faced a common challenge for mid-sized players: audit fatigue. The compliance team was already stretched thin managing the day-to-day requirements of the Senior Managers and Certification Regime (SM&CR) and AML monitoring. They needed to move beyond a manual, spreadsheet-heavy approach to Consumer Duty evidence. The goal was to build a system where evidence generation was a byproduct of business activity rather than a quarterly scramble for data. To achieve this, they partnered with Compliance Consultant to review their governance from the bottom up, as detailed in our broader review of Compliance Case Studies | FCA & PRA Regulatory Projects.

The engagement started with a gap analysis. We looked at what the bank called evidence and compared it to the three-layered framework the FCA expects. We found that while the bank was good at recording what it did (process evidence), it was nearly silent on what happened to the customer as a result (outcome evidence). The board was receiving reports that stated compliance was achieved, but they weren't seeing the data that allowed them to test that assertion.

The problem with static compliance documentation

The fundamental issue with traditional compliance is that it is often historical and reactive. A firm writes a policy, files it, and only revisits it when a breach occurs or an annual review is due. In its recent critique, the FCA noted that most firms can define what a good outcome looks like, but many fail to document the challenge provided by their boards. The issue isn't missing policies; it's the lack of structured interaction-level proof. You can read more about this specific regulatory warning in the FCA's blog on Year 2 Consumer Duty Board Reports: progress and what comes next | FCA.

For ABC Bank, the "static documentation trap" manifested in their board papers. The reports were long on narrative but short on actionable MI. When the board was asked to sign off on the annual Consumer Duty report, they were essentially being asked to take the compliance team's word for it. There was no clear trail of "meaningful challenge"—the process where board members ask difficult questions about fair value or customer understanding and demand changes based on the answers.

This lack of interaction-level proof is a significant risk. If a firm cannot show the specific data points that led to a decision, the FCA assumes the decision was not data-driven. Static documents cannot prove that a firm is monitoring whether its products remain suitable for customers in vulnerable circumstances over time. They cannot prove that a customer who failed to understand a disclosure was given additional support. Without a machine to capture these interactions, the firm remains exposed to the charge that its compliance is purely performative.

The approach to generating continuous outcome evidence

Instead of treating the board report as a retroactive paperwork exercise, the firm moved to operationalise the Duty. This involved implementing a structured toolkit designed to capture data in real-time. The framework used was the Consumer Duty Toolkit, which is a standard inclusion in our Silver and Gold advisory retainers. This toolkit replaces vague assertions with a data-driven dashboard.

The first component was an Excel-based Heatmap and MI tracker. This wasn't just a list of metrics; it was a system with built-in RAG (Red-Amber-Green) ratings tied to the FCA's four outcomes: products and services, price and value, consumer understanding, and consumer support. For every product line, the bank began tracking specific indicators such as the percentage of customers who successfully completed a post-purchase knowledge check or the speed of resolution for support requests from vulnerable consumers.

The second component focused on the board itself. We provided a pre-formatted 10-slide Board Reporting template specifically designed for SMF16 and SMF17 holders. This template forces the user to present outcome progress and specific actions taken when the RAG ratings move to Amber or Red. It moves the conversation away from "Are we compliant?" to "What does this data tell us about our customers' outcomes, and what are we doing to improve them?"

By using a standardised Evidence Pack Index, the bank was able to catalogue its supporting documents continuously. When a new marketing campaign was launched, the consumer understanding testing results were automatically linked to the evidence index. When a price review was conducted, the fair value assessment was logged. This shifted the workload. Instead of a three-week scramble before a board meeting, the compliance officer spent thirty minutes a week ensuring the links were active and the MI tracker was updated. This methodology mirrors the approach we recommend for firms trying to How to Navigate the 2026 FCA Application Process Without a Document Dump, where structure beats volume every time.

The result of operationalising the Consumer Duty framework

By the time the Year 2 board review arrived, ABC Bank had a demonstrable culture of compliance. Evidence generation had become a natural byproduct of doing business. The board report was no longer a 50-page narrative that no one had time to read; it was a data-driven presentation that highlighted three areas where outcomes were excellent and two areas where improvement was needed.

This transparency actually increased the board's confidence. Because they could see the Red and Amber indicators, they knew the Green indicators were real. They could see that when the consumer support outcome for the bank's mortgage product dipped due to high call volumes, the firm had already implemented a remediation plan. The board was able to record their challenge to the executive regarding the timeline of that remediation, creating exactly the kind of audit trail the FCA demands.

Internal resistance to compliance also decreased. Because the MI tracker was integrated into existing business reporting, department heads began to see it as a performance management tool rather than a regulatory burden. They used the consumer understanding data to refine their sales scripts and the price and value data to defend their product margins. The firm saved dozens of hours each month that were previously spent on manual data collection and report writing. More importantly, they were ready for a supervisory visit at any moment.

What this means for mid-sized firms facing audit fatigue

The regulatory landscape in 2026 does not allow for a "set it and forget it" approach to compliance. The FCA explicitly demands three layers of proof. First is process evidence, which is the record that you followed your own rules. Second is outcome evidence, which is the quantitative data showing what the customer actually received—things like settlement amounts relative to premiums or time-to-resolution for complaints. Third is remediation evidence, which proves that you took action when the data showed a problem.

For a mid-sized firm, trying to build this from scratch is often what leads to the audit fatigue and internal friction that stalls growth. The solution is to build a machine that captures this data continuously. You need a framework that translates the high-level language of the FCA into specific, measurable tasks for your team. This is not a legal exercise; it is an operational engineering problem.

Firms must move away from the idea that compliance is a separate department that checks work after it is done. Instead, the focus must be on building infrastructure—like the Heatmaps and MI trackers mentioned above—that makes the right way the easy way. When your governance is data-driven, your board reports become a strategic asset rather than a regulatory liability. You can evidence your "reasonable steps" under SM&CR and your commitment to the Consumer Duty simultaneously, protecting both the firm and its senior managers from personal liability.

To see how your current board reporting compares to the FCA's current expectations, you can book a free 30-minute discovery call with us. We can discuss implementing a Silver Retainer, which includes the complete Consumer Duty Toolkit and 8 hours of dedicated advisory support per month, ensuring your system is ready before your next reporting cycle. Visit the Compliance Consultant website to book your session.