Skip to content
Lending Agent Oversight

What it is

Lending Agent Oversight is an operating system for principal firms supervising their networks of Appointed Representatives. The buyer is the head of compliance or head of risk at an FCA-authorised principal firm. The job today gets done in a Frankenstein of spreadsheets, email trails, paper checklists, and disliked legacy SaaS. Since PS22/11 came into force in December 2023, the bar has been raised again, and several principal firms have surrendered permissions rather than upgrade. The product is the upgrade.

Live demo: lending-agent-oversight.vercel.app. Source: bgood11/lending-agent-oversight.

The shape

Section titled “The shape”

Three things define the product:

  1. Three principal-firm skins. A mortgage AR network (Heritage Mortgage Network, MCOB), a general insurance AR network (Crown GI Collective, ICOBS), and a credit broking network (Pinpoint Credit Network, CONC). Each skin sets the brand colour, the FCA register number, the file-review rubric, and the AR fixture set. The platform under all three is the same.
  2. Two persona views. The principal-side surfaces (compliance home, AR register, AR detail, breach triage, file reviews, annual fitness review packets) and the AR-side surfaces (home, MI return form, breach report, profile). The demo lets the visitor flip between the two via the persona switcher.
  3. One supervision loop. AR files an MI return, principal reviews, file review runs, breach gets reported, SUP 15 clock starts, annual review aggregates the whole picture, board signs off. The loop runs end to end inside the product.

What it replaces

Section titled “What it replaces”

The spreadsheet. The shared inbox of breach reports. The paper checklist that someone has to remember to update. The legacy SaaS that nobody opens unless an audit is coming. Specifically:

  • A structured AR register with FRN, type (AR or IAR), permissions, status, controllers, and the dates the regulator cares about.
  • Composite risk scoring that combines complaints density, breach severity, file-review scores, time since last review, and MI anomaly into a single number per AR with five bands. Drill into any score to see how it was built.
  • A breach workflow with SUP 15 notification countdowns built in. The deadline is the centrepiece because the deadline is the only thing that actually matters.
  • A file review workspace running the right regulatory rubric per skin (MCOB, ICOBS, CONC) with structured findings and aggregate scoring.
  • AR-side MI return submission, so the quarterly return arrives in shape, on time, and visible to the principal the moment it lands.
  • Annual fitness review packets, one scrolling document per AR per year, with director sign-off attached.

Where it sits in the regulatory stack

Section titled “Where it sits in the regulatory stack”

PS22/11 is baked in. The data model treats the AR / IAR distinction as first-class, the self-employed AR cohort gets a flag, and the risk model up-weights both where PS22/11 expects enhanced oversight. Notification timing is encoded as four windows (immediate / 10 business days / 30 calendar days / reasonable period), each breach category mapped to its default. SYSC 9 record retention sits at a seven-year floor with sector overlays in COBS, MCOB, and DISP. The vulnerable-customer evidence chain (FG21/1) rolls up to a principal-level tile. SYSC 15A operational resilience flags ARs supporting Important Business Services. Nothing surprising. All of it ought to be there.

What it isn’t

Section titled “What it isn’t”

Lending Agent Oversight is not the regulated supervisor. The principal firm is. Each firm using the product remains the regulated party under FSMA s.39, and the product sells tooling, not supervision activity. There is no AI doing the principal’s job. The risk score is a clear formula with named weights, not a black box.

The demo has no backend, no real authentication, no real FCA submission, no real PDF export, and no real audit chain. State lives in Zustand. Fixtures are deterministic, seeded, and rendered server-side first so hydration matches. The production design (auth, audit chain, retention, RBAC, error states) is documented at engineering-spec depth so a future build can be handed cold to a developer or an agent and start on day 1.

How to read these docs

Section titled “How to read these docs”

If you came here for the pitch, the marketing landing page is the right next stop. If you want the sequence of surfaces in the order the demo plays them, How it works shows the supervision loop end to end. If you want to walk the demo yourself, Live demo gives you the ten-step scripted tour and the free-explore mode.