Glossary
Terms are alphabetical within each grouping.
Roles and entities
Section titled “Roles and entities”AR (Appointed Representative). A firm or individual that conducts regulated activities under the contractual responsibility of an authorised principal firm. The principal is liable for the AR’s regulated conduct under FSMA s.39.
FCA. Financial Conduct Authority. The UK regulator for financial services conduct.
FRN (Firm Reference Number). The 6 to 7 digit identifier the FCA assigns each authorised firm. Recorded on the FCA Register. ARs may carry their own FRN; IARs share the principal’s.
IAR (Introducer Appointed Representative). A subset of AR permitted only to make introductions and distribute non-real-time financial promotions. Cannot advise or arrange. Always shares the principal’s FRN.
Principal firm. The FCA-authorised firm that contracts with one or more ARs and is responsible for their regulated conduct. The buyer of Oversight.
SMF (Senior Management Function). A role within an authorised firm that requires FCA approval under the Senior Managers and Certification Regime (SMCR). Common Oversight users: SMF16 (Compliance Oversight), SMF17 (Money Laundering Reporting Officer), SMF3 (Executive Director).
Regulatory references
Section titled “Regulatory references”CONC. Consumer Credit Sourcebook. The FCA Handbook section governing consumer credit broking and lending.
Consumer Duty. The conduct standard introduced by PS22/9 and codified in PRIN 2A. Requires firms to deliver good outcomes for retail customers across four outcomes: products and services, price and value, consumer understanding, consumer support.
DISP. Dispute Resolution: Complaints. The FCA Handbook section governing complaints handling.
ESIS (European Standardised Information Sheet). The pre-contract disclosure document required by MCOB 5.6 for regulated mortgage contracts.
FG21/1. FCA Finalised Guidance on the fair treatment of vulnerable customers. Cross-referenced in every rubric in Oversight.
FSMA s.39. Section 39 of the Financial Services and Markets Act 2000. The statutory basis for the AR regime: a principal firm accepts responsibility for an AR’s regulated conduct.
ICOBS. Insurance: Conduct of Business Sourcebook. The FCA Handbook section governing general insurance broking.
MCOB. Mortgages and Home Finance: Conduct of Business Sourcebook. The FCA Handbook section governing residential mortgage broking and lending.
PRIN. Principles for Businesses. The high-level conduct principles in the FCA Handbook. PRIN 2A is the Consumer Duty.
PROD. Product Intervention and Product Governance Sourcebook. PROD 4 governs distribution arrangements for general insurance.
PS22/11. FCA Policy Statement 22/11, “Improving the AR regime” (August 2022). Tightened principal firms’ obligations to oversee, monitor, and review their ARs. The product’s primary regulatory anchor.
REP025. Regulatory return submitted by principal firms reporting AR data to the FCA. Six-monthly cadence.
SUP. Supervision Manual. The FCA Handbook section governing how authorised firms interact with the FCA. SUP 12 governs the AR regime; SUP 15 governs notifications to the FCA, including breach notifications.
SYSC. Senior Management Arrangements, Systems and Controls. The FCA Handbook section governing internal governance. SYSC 9 is the records-keeping floor (default 5 years; sector-specific overlays). SYSC 15A is operational resilience for important business services.
Product terms
Section titled “Product terms”Annual review. The PS22/11 annual packet for one AR. Aggregates risk trajectory, breach summaries, file-review summaries, MI returns, conduct events. Signed off by principal-admin with step-up auth.
Audit chain. The append-only audit_events table with SHA-256 prev-hash linking. Tamper-evident. 10-year retention. See Persona and tenant model.
Breach. A regulatory breach by an AR. Filed by the AR-user or by principal staff on the AR’s behalf. Triaged, assessed for materiality, optionally notified to the FCA under SUP 15.
Composite risk score. The 0-100 number computed per AR from five normalised inputs (complaints density, breach severity, file-review inverse, time since review, MI anomaly). See Risk-scoring.
Conduct event. A logged interaction with the AR (complaint, training completion, supervision 1-to-1, policy attestation). Surfaced on the AR detail timeline.
File review. A structured review of one of an AR’s customer files against the rubric matching the AR’s permission scope (MCOB, ICOBS, CONC). Sampled by compliance, scored against rubric items, completed and locked.
Important business service. Defined under SYSC 15A. A service whose disruption would cause intolerable harm. Flagged on the AR row via supportsImportantBusinessService and triggers operational-resilience reporting.
Live breach / live MI return. In-session writes to the demo’s Zustand store that layer onto fixtures. Resets on page reload.
MI return. Quarterly management-information return submitted by an AR-user. Volumes, complaints, breaches, conduct events, cancellations. Anomaly score computed against the AR’s own historic distribution.
Persona. A role-shaped UI mode in the demo: principal-admin, principal-compliance-officer, ar-user. Mapped to the production Role enum.
Required action. An item on the AR-user dashboard’s “what’s on your plate” list. Derived from open breaches awaiting AR action, MI returns due, file reviews to challenge, annual-review attestations.
Rubric. The structured checklist a file review scores against. One per regulatory permission scope (MCOB, ICOBS, CONC). Defined in lib/rubrics.ts.
Skin. One fictional principal firm in the demo. Maps to a Tenant row in production. See Skin definition.
Step-up auth. Re-authentication (password and TOTP) required for terminal actions: notify FCA, sign off annual review, terminate AR, save risk-weights change.
Vulnerability. Customer characteristics that increase the risk of harm under FG21/1. Indicators: health, life events, resilience, capability. Recorded on every relevant rubric.
The four Consumer Duty outcomes
Section titled “The four Consumer Duty outcomes”Products and services. The product is fit for the needs of the target market.
Price and value. The price is reasonable relative to the benefit.
Consumer understanding. Communications support good decisions.
Consumer support. Customers can use the product and exit it without unreasonable barriers.