File-review rubrics

A file-review rubric is the structured checklist a compliance reviewer scores against when sampling an AR’s customer files. Each rubric maps to one regulatory permission scope: MCOB for residential mortgage broking, ICOBS for general insurance broking, CONC for consumer credit broking. A fourth, vertical-agnostic IAR rubric is used whenever the AR under review is an Introducer Appointed Representative.

The demo ships the canonical set in lib/rubrics.ts. In production these seed the database; principal-admin can override per-tenant in a later release.

AR vs IAR: rubric branching

The right rubric is the one whose scope matches the AR’s appointment. An IAR may not give regulated advice, may not arrange, and may not deal. Reviewing an IAR file against MCOB suitability or ICOBS demands-and-needs would test obligations the IAR is not subject to and would miss the obligations the IAR is subject to (status disclosure, scope adherence, hand-off accuracy).

The product picks the rubric in getRubric(code, arType):

export function getRubric(code: RubricCode, arType: ArType = "AR"): RubricItem[] {
  if (arType === "IAR") return IAR_ITEMS;
  return RUBRICS[code];
}

The file-review surface reads ar.type from the AR record and renders the IAR rubric without further config. Reviewers see an “introducer scope” badge in the header and a one-line explanation that suitability and affordability items have been filtered out.

This means a single principal firm can supervise a mixed network — full ARs reviewed against MCOB, IARs reviewed against IAR — or an entirely IAR network (e.g. an estate-agent referral network introducing to a mortgage principal) reviewed entirely against the IAR rubric.

See also: Case-file contents for what the reviewer is looking at when they score each item.

Format

export interface RubricItem {
  /** Handbook reference, e.g. "MCOB 4.7A.2R". */
  code: string;
  /** Plain-language descriptor. */
  label: string;
  /** Section grouping (e.g. "Suitability", "Disclosure"). */
  section: string;
}

export type RubricCode = "MCOB" | "ICOBS" | "CONC";

export const RUBRICS: Record<RubricCode, RubricItem[]>;

A FileReviewFinding references an item by itemCode, denormalises the itemLabel for audit immutability, and records the reviewer’s outcome (pass, advisory, fail, n/a), evidence, and remediation. See Data shapes.

Scoring

score (0-100) is the mean of non-n/a outcomes:

Outcome	Numeric
`pass`	1.0
`advisory`	0.7
`fail`	0.0
`n/a`	excluded

score = 100 * mean(applicable outcomes).

Helpers

export function getRubric(code: RubricCode): RubricItem[];
export function getRubricSections(code: RubricCode): string[];

getRubricSections returns sections in their first-seen order, which is the order the workspace UI groups items.

MCOB (mortgage broking)

Used by Heritage Mortgage Network in the demo.

Suitability (MCOB 4.7A)

Code	Label
`MCOB 4.7A.2`	Customer’s needs and circumstances were assessed
`MCOB 4.7A.5`	Recommendation is suitable for the customer
`MCOB 4.7A.6`	Suitability rationale is documented

Affordability (MCOB 11.6)

Code	Label
`MCOB 11.6.2`	Income and committed expenditure verified
`MCOB 11.6.5`	Stress test applied for interest rate increases
`MCOB 11.6.18`	Interest-only repayment strategy evidenced

Disclosure (MCOB 5)

Code	Label
`MCOB 5.5.1`	ESIS issued before customer commitment
`MCOB 5.6.6`	ESIS contains required pre-contract information
`MCOB 5.6.16`	Cooling-off period notice included

Fees

Code	Label
`MCOB 4.4A.1`	Broker fee disclosed before customer commitment
`MCOB 4.4A.4`	Procuration fee structure declared

Vulnerable customer

Code	Label
`FG21/1`	Vulnerability indicators considered and recorded

Consumer Duty

Code	Label
`PRIN 2A`	Consumer Duty outcome assessment captured

ICOBS (general insurance broking)

Used by Crown GI Collective in the demo.

Demands and needs (ICOBS 5.2)

Code	Label
`ICOBS 5.2.2`	Customer demands and needs identified
`ICOBS 5.2.3`	Statement of demands and needs documented

Suitability (ICOBS 5.3)

Code	Label
`ICOBS 5.3.1`	Personal recommendation explained

Disclosure (ICOBS 6)

Code	Label
`ICOBS 6.1.5`	Insurance Product Information Document provided
`ICOBS 6.4.1`	Status disclosure (broker vs intermediary)
`ICOBS 6.4.4`	Remuneration disclosure (commission)

Fair value (PROD 4)

Code	Label
`PROD 4.5`	Fair value assessment for the distribution arrangement
`PROD 4.5.6`	Premium-to-cover ratio appropriate for target market

Consumer Duty

Code	Label
`PRIN 2A.1`	Consumer understanding outcome documented

Vulnerable customer

Code	Label
`FG21/1`	Vulnerability indicators captured during sale

Claims

Code	Label
`ICOBS 8.1.1`	Claims handling expectations explained at sale

CONC (consumer credit broking)

Used by Pinpoint Credit Network in the demo.

Pre-contract (CONC 4)

Code	Label
`CONC 4.2.5`	Adequate explanations given to enable informed decision
`CONC 4.2.7`	Customer’s understanding probed before agreement
`CONC 4.2.8`	Adverse consequences of payment difficulties explained

Creditworthiness (CONC 5.2A)

Code	Label
`CONC 5.2A.4`	Creditworthiness assessment carried out before granting credit
`CONC 5.2A.10`	Sources of information for the assessment recorded
`CONC 5.2A.20`	Customer-specific affordability assessment performed

Disclosure (CONC 4)

Code	Label
`CONC 4.2.15`	Pre-contract credit information document provided
`CONC 4.4.2`	Total amount payable and APR disclosed

Fees

Code	Label
`CONC 4.4.4`	Broker fee disclosed and consented to
`CONC 4.5.3`	Commission disclosure adequate

Vulnerable customer

Code	Label
`FG21/1`	Vulnerability indicators captured in the customer file

Consumer Duty

Code	Label
`PRIN 2A.4`	Consumer support outcome recorded

IAR (introducer scope, vertical-agnostic)

Used whenever the AR under review has type: "IAR", regardless of whether the principal firm holds MCOB, ICOBS, or CONC permissions. Sources: SUP 12.2 (IAR scope), SUP 12.5 (written-contract scope), PRIN 7 (clear, fair and not misleading), PRIN 2A (Consumer Duty at point of introduction), FG21/1 (vulnerability identification at first contact).

Introduction quality

Code	Label
`SUP 12.2.2`	Introduction was within the scope of the IAR appointment
`SUP 12.5.5`	Customer informed they are dealing with an introducer, not the principal
`PRIN 7`	Information about the principal’s product was clear, fair, and not misleading

Disclosure

Code	Label
`SUP 12.5.6`	Status disclosure (regulated via the principal) provided to customer
`DISP 1.2`	Complaints route to the principal explained
`CONC 4.5 / ICOBS 4 / MCOB 4.4A`	Any commission or referral fee disclosed before introduction

Scope adherence

The failure mode for IARs. An IAR who advises, recommends, or arranges has stepped outside the scope of its appointment, which is itself a SUP 15-notifiable issue.

Code	Label
`SUP 12.2.10`	No regulated advice given (no recommendation, no comparison, no opinion on suitability)
`SUP 12.2.11`	No arranging activity carried out (no application completion, no submission)
`SUP 12.2.12`	Only the principal’s approved promotional material was used

Hand-off

Code	Label
`PRIN 2A`	Customer information collected was accurate and complete at hand-off
`FG21/1`	Vulnerability indicators flagged to the principal at hand-off
`SYSC 9`	Introduction recorded with timestamp, customer consent, and product context

Per-tenant overrides (production, planned)

In production, principal-admin can:

Add tenant-specific items (e.g. an internal anti-bribery checklist alongside the regulatory items).
Mark canonical items as inapplicable for a specific permission profile (e.g. an IAR permission scope that does not advise).
Edit label text. The code is immutable; reviewers always reference the same handbook citation.

Overrides are versioned. A file review references the rubric version it was scored against, so a change to the rubric does not retroactively alter prior reviews. The annual-review packet shows the rubric version at the time of each review.