Compliance Audit & Regulatory Gap Analysis

Independent compliance audits for FCA-regulated firms. We identify regulatory gaps, assess risk and provide clear remediation roadmaps.

Speak to an Expert

What We Do

We conduct independent compliance audits and gap analysis for FCA-regulated payment institutions, electronic money institutions, cryptoasset firms and other financial services businesses. Our audits identify regulatory risks early and provide clear, actionable remediation recommendations.

Full Compliance Audit

A comprehensive review of your firm’s compliance with FCA rules, the Payment Services Regulations, Electronic Money Regulations and any conditions of authorisation. We assess governance, policies, procedures, monitoring, reporting and record keeping against regulatory expectations.

AML Audit

An independent assessment of your AML/CFT framework against the Money Laundering Regulations, FCA requirements and JMLSG guidance. Covers risk assessment, CDD, EDD, transaction monitoring, SAR reporting, training and governance.

Safeguarding Audit (PS25)

From June 2026, annual safeguarding audits become mandatory under PS25 for all payment institutions and electronic money institutions. We conduct independent safeguarding audits covering segregation of funds, reconciliation, account arrangements and regulatory compliance.

Post-Authorisation Review

A focused review conducted 6–12 months after authorisation to ensure your firm has implemented all commitments made in the application and is meeting its ongoing regulatory obligations.

Regulatory Due Diligence

For firms acquiring or investing in regulated businesses, we provide regulatory due diligence assessing the target’s compliance position, regulatory history, outstanding obligations and potential liabilities.

Deliverables

  • Detailed audit report with findings categorised by severity
  • Regulatory gap analysis with specific rule references
  • Prioritised remediation plan with recommended timelines
  • Executive summary suitable for board presentation
  • Follow-up review to confirm remediation completion

Sectors We Serve

Payment InstitutionsElectronic Money InstitutionsCryptoassets & Digital AssetsBanksMoney Services Businesses

Frequently Asked Questions

The FCA expects firms to conduct regular independent reviews. For most payment and e-money firms, an annual compliance audit is appropriate. AML audits should also be conducted annually.

From June 2026, under PS25, annual safeguarding audits will be mandatory for all FCA-authorised payment institutions and electronic money institutions.

Governance and oversight, policies and procedures, compliance monitoring, regulatory reporting, financial crime controls, safeguarding, complaints handling, record keeping and any conditions of authorisation.

A typical compliance audit takes 2–4 weeks from document request to final report, depending on the size and complexity of the firm.

Yes. We provide regulatory due diligence for both buy-side and sell-side, assessing the target’s compliance position and identifying potential regulatory liabilities.

We deliver a detailed report with prioritised findings and remediation recommendations. We can also support the remediation process and conduct a follow-up review.

Related Services

Compliance Support

Ongoing compliance monitoring between audits.

Financial Crime

AML/CFT framework build and independent AML audit.

Safeguarding

PS25 safeguarding framework and annual audit.

Speak to Our Team

Get in touch to discuss how we can support your regulatory and compliance needs.

Contact Us020 7873 2077

info@regulatorycounsel.co.uk | 2 Frederick Street, London WC1X 0ND