FCA Compliance and Your CRM: What UK Mortgage Advisers Need to Know
Cleera
FCA Compliance and Your CRM: What UK Mortgage Advisers Need to Know
Most mortgage advisers know they need to keep good records. But when the FCA comes knocking — or when a complaint surfaces two years after completion — the question isn't whether you kept records. It's whether your system can actually prove what happened, who decided what, and when.
That's the gap many advisers don't discover until it's too late.
Your CRM is either your best defence or your biggest liability. This guide walks through what the FCA actually requires, which regulations your case management system touches, and what to look for — or demand — when assessing whether your current setup is genuinely compliant.
Why the FCA Is Paying Closer Attention to Record-Keeping Right Now
In its first dedicated Mortgage Regulatory Priorities document (published March 2026), the FCA singled out record-keeping as a specific area of concern for mortgage intermediaries. Following a review of the second charge mortgage market, the regulator found that record-keeping was "sometimes incomplete, making it hard to demonstrate that advice was appropriately tailored."
The FCA's message to all mortgage advice firms was direct: review your documentation practices and quality assurance processes — not just for second charge cases, but across the board.
This matters because the same documentation standards apply whether you're advising on a first-time buyer purchase or a later-life remortgage. And with Consumer Duty now fully embedded as a regulatory expectation (since July 2023), demonstrating good outcomes at the individual case level has become harder to separate from having the right systems in place.
The Two Sets of Rules Your CRM Must Support
Two parts of the FCA rulebook are most directly relevant to how you manage and store mortgage case information.
MCOB — Mortgages and Home Finance: Conduct of Business Sourcebook
MCOB is the core rulebook for mortgage advice. It sets out what advisers must do before, during, and after an advised sale. From a record-keeping perspective, the key requirements cover three documents that must be created at the point a personal recommendation is made:
The factfind. A record of the client's needs, circumstances, and financial position as assessed at the time of advice. This isn't just a form — it's the evidential base that justifies your recommendation.
The suitability record. Documentation showing why the recommended product was suitable for that specific client, taking into account affordability (including the effect of future rate changes), the appropriateness of the product type, and whether it was the most suitable option available to you.
The recommendation itself. A record of what was recommended, why, and what alternatives were considered or discounted.
These records must be created contemporaneously and retained for a minimum of three years from the date of the recommendation. For ongoing client relationships or cases involving long-term products, retaining them for longer is good practice.
SYSC 9 — Systems and Controls: Record Keeping
SYSC 9 sits alongside MCOB and sets out broader requirements for how firms organise their record-keeping infrastructure. Under SYSC 9.1, firms must arrange for records to be kept that are:
- Sufficient to enable the FCA to monitor compliance
- Able to reconstruct each transaction in full
- Accessible to regulators on request
In practice, this means your records cannot simply exist as PDF attachments in an email chain or handwritten notes in a filing cabinet. They need to be retrievable, auditable, and capable of demonstrating the full sequence of events in a case.
What a "Compliant" CRM Actually Means in Practice
The term "FCA compliant CRM" gets used loosely in marketing material. A system isn't compliant by virtue of being designed for mortgage brokers. Compliance depends on what the system actually does — and whether you're using it correctly.
Here's what an FCA-ready case management system needs to support.
A Timestamped, Chronological Case Record
Every action taken on a case — every note added, document uploaded, status change made, or communication sent — needs to be logged with a date and time and attributed to a specific user. This is what a genuine audit trail looks like.
If your system lets you edit historical notes without flagging the change, or allows documents to be deleted without a trace, you have a problem. The FCA expects to see what happened and when. A system that lets history be rewritten silently doesn't support that.
Structured Factfind Capture
Your factfind shouldn't live outside your case management system. If advisers are completing fact-finds in Word documents, Excel spreadsheets, or on paper before copying summary details into the CRM, you're creating a version control risk — and making it harder to demonstrate that the advice given matched the data gathered.
A well-designed system captures factfind data as structured fields. That means the information is searchable, can be audited, and — critically — the version of the factfind used to generate the recommendation is clearly linked to the recommendation itself.
Suitability Letter Generation and Storage
Suitability letters should be generated from the data already in your system, not written from scratch in a separate document that then gets saved to the case as an attachment with no connection to the underlying record. Systems that template suitability letters from case data reduce the risk of inconsistency between what was recorded and what was communicated to the client.
Document Retention and Access Controls
The system needs to retain documents for the required minimum period and restrict who can delete or modify case records. For SYSC 9 purposes, records need to be accessible to the FCA upon request, which means they also need to be stored in a secure environment with appropriate backup and resilience.
Consumer Duty Outcome Tracking
Consumer Duty requires firms to test and evidence that customers are receiving good outcomes. For mortgage advisers, this means being able to look back across your cases and demonstrate that advice was suitable, clients understood the recommendation, and no group of clients was systematically receiving worse outcomes than others.
A CRM that can generate case-level outcome data and flag anomalies is a genuine asset here. One that operates as a simple document repository doesn't help you meet this obligation.
The Five Questions to Ask About Your Current System
If you're not sure whether your CRM is up to scratch from a compliance standpoint, start here.
1. Can you produce a full chronological audit trail for any case, showing every action taken and by whom?
If the answer requires you to cross-reference multiple systems, email threads, or paper notes, the answer is no.
2. Are your factfinds stored within the system and linked directly to the recommendation record?
Separate documents saved as attachments aren't the same as integrated, version-controlled case data.
3. Can you demonstrate, for any completed case, that the suitability letter was generated from the same data as the recommendation?
Inconsistencies between documented circumstances and the letter provided to the client are a red flag in any file review.
4. Do your records show who made each entry and when, with no ability to silently overwrite history?
Immutable audit logs are not a nice-to-have. They're what the FCA expects.
5. Can you run reports across your case book to identify whether particular client groups, product types, or advisers are producing systematically different outcomes?
Consumer Duty requires you to be able to answer this question. Most traditional CRM tools cannot help you do it.
Common Gaps Found in Adviser File Reviews
The FCA's own review work and the experience of compliance consultants who carry out file reviews for brokers point to a consistent set of weaknesses. These aren't obscure edge cases — they're the things that come up again and again.
Incomplete factfinds. Fields left blank, income figures without supporting notes, or circumstances that changed between application and offer with no record of how the advice was updated.
Suitability letters that don't reflect the case record. Letters that describe the client's circumstances differently from the factfind, or that omit affordability considerations that should have been documented.
No record of alternatives considered. Advised sales require documentation of why the recommended product was chosen over alternatives. If your case record simply states what was recommended without explaining why other options were ruled out, this is a gap.
Notes added retrospectively. Case notes that appear to have been written after the fact, or that lack timestamps, are a problem in any file review. This is particularly relevant if your system allows notes to be edited without tracking the amendment.
Documents saved outside the system. If supporting documents — payslips, bank statements, AIP letters — are stored on a shared drive rather than attached to the case record, they may not be accessible in the event of a system change, staff departure, or audit.
How Cleera Approaches These Requirements
Cleera was built with the FCA's record-keeping expectations as a design constraint, not an afterthought. Every case has a timestamped, user-attributed activity log. Documents are stored within the case record rather than in external drives. Factfind data is structured and linked to the recommendation workflow so there's no disconnect between what was captured and what was advised.
Suitability letters are generated from case data, which means the letter reflects the record rather than being a separate document that may or may not match it.
For Consumer Duty, Cleera's reporting tools give you visibility across your case book so you can identify patterns and evidence good outcomes — rather than trying to reconstruct this picture manually when it's needed.
We don't claim compliance on your behalf. How you use the system matters as much as what the system can do. But the infrastructure is there, and it's designed around what the FCA actually looks for.
If you'd like to see how Cleera handles a specific compliance scenario — suitability record generation, audit trail retrieval, or outcome reporting — we're happy to walk through it with you. Book a demo here.
A Quick Reference: What Your CRM Should Be Doing
| Requirement | What Good Looks Like | |---|---| | Factfind storage | Structured fields within the CRM, version-controlled and linked to the recommendation | | Suitability record | Generated from case data, timestamped, stored within the case | | Audit trail | Chronological, user-attributed, immutable — no silent edits | | Document retention | Stored within the system for minimum 3 years, accessible on request | | Consumer Duty evidence | Outcome reporting across the case book, identifiable by product, adviser, or client group | | Access controls | Role-based permissions; no ability to delete or modify records without a logged reason |
What to Do if You're Not Sure Your System Meets This Bar
Start with a file review. Pick five recently completed cases at random and work through them against the checklist above. Can you produce a clean audit trail? Is the factfind complete and linked to the suitability record? Does the letter match what was documented?
If you find gaps, document them and address them systematically — preferably with support from a compliance consultant who knows the mortgage market. The FCA does not require perfection, but it does require that firms take a proactive approach to identifying and resolving weaknesses in their processes.
And if the gaps you find are structural — if your system simply can't produce what's needed — then the right conversation is about whether your case management software is fit for purpose.
Downloadable Resource: FCA CRM Compliance Checklist
We've put together a one-page checklist that covers the key requirements across MCOB, SYSC 9, and Consumer Duty — formatted so you can work through it case by case or use it to assess your current system. Download the checklist here (no email required).
Summary
The FCA's 2026 regulatory priorities make clear that record-keeping is an active area of scrutiny for mortgage intermediaries, not a background concern. Your CRM is central to meeting these obligations. It needs to support structured factfind capture, immutable audit trails, suitability letter generation from case data, appropriate document retention, and — under Consumer Duty — some capacity to evidence outcomes across your case book.
If it can't do these things, it doesn't matter how much you trust the system or how long you've been using it. The risk sits with you.
Alternative Titles
- Is Your Mortgage CRM Actually FCA Compliant? A Practical Checklist for UK Advisers
- What the FCA Expects from Your Case Management System (And Where Most Brokers Fall Short)
- MCOB, SYSC 9, and Consumer Duty: How the FCA's Record-Keeping Rules Apply to Your CRM
Internal Linking Suggestions
- Why Mortgage Brokers Are Switching Away from Spreadsheets — reinforces the case for structured digital record-keeping over manual methods
- What to Look for in a Mortgage Broker CRM in 2026 — natural follow-on for advisers evaluating their current system
- Complete Guide to Mortgage Client Portals: What Brokers Need — connects compliance documentation to client-facing communication tools
Try Cleera
Run your firm properly.
Full case pipeline, FCA-compliant audit trail, and AI-powered compliance checks — built for UK mortgage advisers.
Get started →