How to Build a Mortgage Client Onboarding Process That Actually Holds Up

Ask most mortgage advisers to describe their client onboarding process and you will get a broadly similar answer: they pick up an enquiry, arrange a meeting, gather information, make a recommendation, submit an application and keep the client updated until completion. Sounds reasonable. The problem is everything that falls through the gaps.

Onboarding is where busy advisers skip steps. It is where documentation gets written up retroactively, where clients are left wondering what happens next, and where the FCA starts when it looks at whether your advice was suitable.

Consumer Duty has sharpened that scrutiny. Firms are now expected to evidence that clients received the right information, at the right time, in a way they could genuinely understand — and that the outcomes they experienced were good ones. That obligation starts from the moment a client makes contact, not from when a suitability report gets signed.

This guide covers every stage, in order, with the compliance checkpoints built in.

---

Step 1: Handle the first enquiry properly

The first enquiry is both a compliance touchpoint and a conversion moment. Most advisers focus on the second.

Speed matters for commercial reasons — the longer an inbound enquiry sits unanswered, the more likely it goes to someone else. But alongside speed, there is a set of things you should capture at this stage regardless of channel: what the client is trying to do (purchase, remortgage, further advance), the approximate loan size, their employment status, and whether they have any credit concerns they already know about. None of that is a full fact-find. It is pre-qualification, and it saves time later.

You also need to send your Initial Disclosure Document at this point. Under MCOB 4.4A, the IDD must be provided to the client at the earliest practical opportunity, before you begin gathering information for regulated mortgage advice. It covers who you are, what service you offer, whether you are whole-of-market, and how you are paid. Sending it alongside the meeting confirmation — so it is clearly in the client's hands before the conversation begins — is a straightforward way to satisfy the requirement and create a clean record. If you are not routinely doing this before the first meeting, that is a compliance gap worth closing.

---

Step 2: Verify identity and complete AML checks before the meeting

AML checks cannot follow the advice appointment. Under the Money Laundering Regulations 2017, you must verify client identity before establishing a business relationship, which means before proceeding with regulated mortgage advice.

For most clients that involves two forms of identification: one to confirm name and date of birth (passport, driving licence), one to confirm current address (utility bill, bank statement dated within the last three months). For purchase cases, you also need to understand the source of deposit. Where is it coming from? Has any of it been gifted? Is there a builder's incentive involved? These are not just process questions — lenders will ask them too, and inconsistencies between your records and the client's application create problems downstream.

Remortgage cases, where no new money is being introduced, carry lighter AML obligations, but you still need to satisfy yourself the client is who they say they are and there are no flags requiring further investigation.

If your initial enquiry captures enough detail to run a basic check before the appointment, do it. Electronic verification tools like Smart Search, Credas and First AML let you do this in a few minutes and produce an audit trail without requiring the client to come into the office. One area advisers often skip is Politically Exposed Persons and sanctions screening. Most AML tools include this automatically, but it needs to be run and documented. The FCA will look for it.

---

Step 3: Run a fact-find that actually covers the ground

The fact-find is your evidence that you understood the client's circumstances before you made a recommendation. Under MCOB 4.7A, a firm must take reasonable steps to obtain from the customer all information likely to be relevant before making a suitability assessment — and what "sufficient" looks like gets tested when things go wrong.

Income takes more thought than a payslip. Employed clients: basic salary, payment frequency, whether any bonus or commission is regular enough to use and how lenders will treat it. Self-employed: net profit, how the business has been trending, how many years of accounts are available. Contractors: day rate, length of current contract, any recent gaps. Lenders assess income in different ways and you need to understand those differences before you recommend one over another.

Outgoings matter too — not just for affordability, but for understanding the client's financial resilience. Credit card minimum payments, personal loans, car finance, childcare costs, maintenance payments. Get it all. If someone is carrying significant unsecured debt and their income is variable, that shapes both the recommendation and how you document it.

On credit history: most clients do not know the detail of what is on their file. Ask directly whether they have had missed payments, defaults, CCJs or any debt management arrangements in the last six years. If there are concerns, a soft search run now is considerably better than discovering problems after submission.

Property details will vary by case type. Purchases need property type, tenure, construction, intended use, anticipated price. Remortgages need current lender, outstanding balance, current rate and end date, approximate current value. Buy-to-let cases need anticipated rental income, current tenancy status, and for portfolio landlords, the wider picture of what they already own.

Client objectives need documenting too. Some people want the lowest initial payment. Others want the longest fixed term for security. Some need flexibility to overpay. These priorities will form part of your suitability rationale, so they need to be in the file — not just in your head.

Timescales are often underweighted. Is there a chain? A deadline to move out of rented accommodation? A product rate expiring? Time pressure affects which lenders are viable and how you prioritise the case.

The vulnerability assessment sits within the fact-find, not alongside it. The FCA's framework identifies four drivers of vulnerability: health, life events, resilience, and capability. Advisers often worry this means asking intrusive questions. It does not. An open, natural question about whether anything in their personal or financial situation would be useful for you to be aware of works well in practice. What matters is that you asked, noted the response, and acted on it where it was relevant — including adjusting how you communicate with the client if there is any indication they need information presented differently. For more detail on what a compliant vulnerability policy looks like across a firm, see how to build a vulnerable customer policy for your mortgage practice.

---

Step 4: Document your research, not just your recommendation

Once the fact-find is done, you have what you need to search the market. The discipline here is recording not just what you recommended, but why — and what you ruled out.

If your sourcing system produces a results table, keep it. If you excluded lenders on the basis of credit policy, income treatment or LTV limits, note that. If the client expressed a preference that narrowed the field — a specific lender they wanted to avoid, a need for an offset facility — record it. This documentation is what makes the suitability rationale coherent rather than just a product description.

If the client declines protection at this stage, that needs to be documented too. The FCA does not require every client to take out a protection policy, but it does expect to see that the conversation happened and that the client's decision was an informed one. See what to do when a client says no to protection for how to handle and document that outcome correctly.

---

Step 5: Write a suitability report that is specific to this client

The suitability report is your written confirmation that the recommendation you made was right for this particular person, based on what you learned in the fact-find.

Under MCOB 4.7A, firms providing mortgage advice must take reasonable steps to ensure the recommended product is suitable for the customer, and must be able to evidence the basis for that recommendation. A written suitability statement is the standard way of doing so for most advised sales.

What the report needs to cover: the client's circumstances as you understood them, the product you recommended and why it meets those circumstances (rate type, term, lender, key features), why alternatives were not recommended, and the protection discussion — even if only to note it was raised and declined.

The FCA has been clear about what suitability report failures look like in practice: generic paragraphs that appear across dozens of cases, no rationale for lender choice, no record of protection discussions, and no visible connection between the client's stated priorities and the product recommended. A concise, specific report that explains the "why" in plain English is better than a lengthy template that says nothing meaningful about this client. Brevity with specificity is what you are aiming for.

---

Step 6: Keep the case moving and the client informed

Once the client has approved the recommendation and the application has been submitted, communication becomes the main risk. This is the stage where clients go quiet, where expectations drift, and where complaints originate.

Clients should know what happens next at every milestone: when to expect the mortgage illustration, when the valuation will be instructed, when to expect an offer, and what they need to do or provide. If you are waiting on documents from them, be specific about what is needed and why. Vague requests cause delays.

Every significant communication should be recorded — calls, emails, lender updates. Not because you anticipate a dispute, but because the audit trail is the simplest way to demonstrate a professionally managed case if a file is ever reviewed. The FCA's expectation, reinforced by Consumer Duty, is that you can show what was communicated, when, and what the client did with that information. For a full breakdown of what a compliant audit trail looks like at the case file level, see how to build an FCA-compliant audit trail for every mortgage case.

If conditions come back from the lender, respond quickly. Mortgage offers expire, valuations lapse, and chains collapse when response times slip. If there are material changes to the client's circumstances between application and offer — change of employment, additional borrowing, a change to the purchase price — that may require revisiting the suitability assessment before you proceed.

---

Step 7: Treat completion as a handover, not an endpoint

Many advisers treat completion as the end of the client relationship. It is better understood as the point where the next stage begins.

Two things should happen systematically after every case closes. The first is the protection conversation, if it was not resolved earlier. Completion is a natural moment to return to it. Clients who declined cover before submission sometimes feel differently once they have taken on a significant financial commitment — circumstances change, and the conversation is worth revisiting. Either way, the outcome needs to be recorded.

The second is setting up a future contact point. There is no FCA requirement to contact clients at renewal, but Consumer Duty creates a reasonable expectation that you are acting in their long-term interest. Whether you set a contact for six months before product expiry or at a fixed interval post-completion, that date needs to be in your system. Relying on memory across a growing book of cases is how remortgage opportunities get missed.

Data retention also applies here. FCA record-keeping rules require that case files are kept for a minimum period after the regulated activity — most firms retain mortgage records for at least six years to cover potential liability. The Data (Use and Access) Act 2025, which came into force in stages from late 2025, amends UK GDPR in several ways relevant to financial services — including reforms to how legitimate interests can be relied upon and how DSAR timelines work. Firms should ensure their data governance policies reflect the updated framework, particularly around how long client data is retained and the basis on which it continues to be held after a relationship ends. Client data should be stored securely with clear policies on who can access it and for how long, not just placed in a folder and forgotten.

---

A practical onboarding checklist

This is not exhaustive, but it covers the compliance checkpoints that matter most at each stage.

Before the first meeting

• Enquiry captured and responded to promptly
• IDD provided or accessible to the client before the fact-find begins
• AML identity verification completed
• PEP and sanctions screening run and documented

During the fact-find

• Employment and income documented in detail
• Outgoings and existing credit commitments recorded
• Credit history discussed and documented
• Property details gathered
• Client objectives and priorities noted
• Vulnerability assessment completed and recorded

Recommendation and suitability

• Sourcing results retained
• Lender exclusions and rationale documented
• Protection discussed and outcome recorded
• Suitability report produced, specific to this client

Application and progression

• Client updated at key milestones
• All significant communications recorded
• Conditions responded to promptly
• Any material changes to client circumstances reassessed

Post-completion

• Protection review completed or outcome recorded with a date to revisit
• Future contact point set in the system
• Data stored in line with FCA retention requirements and Data (Use and Access) Act 2025

---

Summary

A structured onboarding process does more than satisfy the regulator. It creates a consistent client experience, reduces the time spent chasing information across multiple cases, and makes it substantially easier to evidence suitability if a file is ever reviewed.

The advisers who do this well have not necessarily done more work than anyone else. They have built the steps into their system so they happen reliably, rather than depending on individual memory. The checklist above is a reasonable starting point. What matters more is finding a workflow that is repeatable — and then repeating it. For a broader look at how to reduce the admin burden across the advice process without cutting corners on compliance, see less admin, no spreadsheets: how to run a modern mortgage practice.

---

Cleera is built around the mortgage advice workflow from first enquiry through to case completion. If you want to see how it handles onboarding, document collection and case records in a single place, request a demo.