| UK & Europe | Articles
As the FCA ramps up its expectations in the payments and e-money space, a compliance monitoring programme (CMP) isn’t just for show. It’s how firms stay ahead of regulatory expectations, give their boards clarity, and manage risk in a way that supports growth. But how do you start putting the essential building blocks in place?
Start with the right structure
A four-stage framework keeps things sharp, focused, and manageable:
Planning
Map your risks, identify your obligations, and work out what’s worth monitoring. Crucially, get the right people in the room early. This isn’t just down to the compliance team. Think about where operations, business development, IT and other stakeholders need to be involved.
Testing
Design tests that are proportionate, risk-based, and provide insight. Take the time to identify the data that helps decision making. The frequency you test should be driven by your unique risk profile and scope of business – this is where templated approaches tend to fall flat.
Feedback
Flag what’s working, and what’s not. Feed that into decision-making forums, and continuous improvement. Root cause analysis matters most here and will help you identify and resolve issues, greatly reducing the risk of repeat incidents.
Follow up
Remediate, track, and embed. Make sure actions are owned, timelines are realistic, and that leadership sees progress.
Avoiding the common CMP pitfalls
Even the best-intentioned CMPs can fall short. Efforts tend to stall the most when:
It’s built where teams operate in silos. If only compliance is involved, it’ll miss operational nuance—and buy-in.
It’s too generic. A templated, one-size-fits-all CMP will fail under scrutiny. Tailor it to your business model.
It’s unclear who owns what. Accountability matters. If everyone’s responsible, no one is.
It’s not connected to the risk register. Your CMP should directly reflect your risk profile. If it doesn’t, you run the risk of spending too much time and effort on low priority areas and miss the high-impact areas.
Right sizing the CMP for your firm
Your CMP needs to match your business. This doesn’t equate to “small firm, small risk.” It means proportionate. And its language the FCA increasingly uses and stresses when dealing with firms.
You may not have a full three lines of defence approach, but you can still bring in external assurance. You might not monitor everything monthly, but you should know what matters most and check it on a regular basis.
A good CMP scales with you. You can start lean and targeted and gradually build this out in proportion to the growth of your firm.
The best CMPs are tied to culture
When compliance monitoring is integrated into how you work, it becomes part of the everyday fabric, meaning:
- teams know what’s being tested and why
- issues are raised early, not hidden
- ownership is clear
- reporting is actionable.
And once part of the natural rhythm of your firm, you become much better equipped to take control of your risks, your governance, and your growth.
How can Bovill Newgate help you build a successful compliance monitoring programme?
We’ve been supporting firms in the payments and e-money space to build effective compliance monitoring programmes, ensuring firms are equipped to monitor and manage risk, use resources effectively to drive growth, and demonstrate their approach and commitment to the regulator.
If you need some guidance and support to build a programme, get in touch.
Get in touch
