Section 166 Reviews

S166 reviews - what they are and how we can help

A section 166 (s166) review, also known as a Skilled Person Review, is a supervisory tool used by the UK’s financial regulators, the Financial Conduct Authority (FCA) and the Prudential Regulation Authority (PRA), to undertake an independent assessment of specific aspects of a regulated firm’s activities.

Section 166 reviews are one of the most significant supervisory tools used by the UK’s financial regulators. They can be complex and resource intensive, with implications for governance, controls, and your relationship with the regulator.

At Rise Regulatory Consulting, we bring deep regulatory insight and hands-on experience to help firms navigate the process confidently and constructively, from scoping and preparation, to remediation and beyond.

S166 reviews - choosing a skilled person

  • The purpose of a s166 review is to provide the regulator with an independent, expert assessment of a particular aspect of a firm’s activities, systems and controls or risk management. They are typically used where there may be suspected weaknesses or actual failings in how a firm is operating, although they can also be used to gather information or as part of thematic review work. These may relate to any aspect of a firm’s regulated activities, including governance, systems and controls, risk management, prudential soundness, conduct of business, or how a firm is safeguarding client assets.

    A review may be triggered by a range of factors, including routine supervision, rule breaches, whistleblowing, thematic review findings, or as a follow-up to previous concerns to assess whether these have been effectively addressed.

  • The review itself is carried out by a Skilled Person, a firm or individual with recognised expertise in the relevant area. The regulator either appoints the Skilled Person directly or requires the regulated firm to appoint the Skilled Person. Importantly, in both scenarios it is the regulated firm that pays for the review.

    The findings are reported to the regulator and shared with the firm, often leading to recommendations, remedial actions, or occasionally, further regulatory intervention.

    Although a s166 review is not an enforcement action in itself, it can be a serious and resource-intensive process. It underscores the importance of firms maintaining strong governance, robust internal controls, and a proactive approach to risk management, regulatory compliance and managing the regulatory relationship.

  • When faced with a section 166 review, the first step is to clarify whether the regulator will appoint the Skilled Person directly or whether your firm will be invited to propose candidates. If you are proposing a candidate, a good place to start is the FCA Skilled Person Panel list, which is divided into a number of different specialist ‘Lots’, which cover a range of different areas (e.g. risk management, governance, conduct of business etc). If the choice lies with the firm, it’s important to treat the selection process as both a compliance obligation and a strategic business decision.

    Start by assessing the scope and subject matter of the review.  The Skilled Person must have deep and demonstrable expertise in the relevant domain. Look for a provider with strong credentials, relevant regulatory experience, and ideally, prior experience conducting s166 reviews.

    Choosing the right Skilled Person can significantly impact how the review is conducted, how burdensome it is, and how constructive the outcome proves to be. An experienced, credible Skilled Person may also help manage regulatory expectations more effectively.

    It often helps to get external support to assist in the selection process. Rise Regulatory Consulting is well placed to assist here. We combine deep technical knowledge with insight into the regulator’s expectations and how best to manage the process.  We are experienced in regulatory engagement and understand the practical and reputational implications of a Skilled Person review.

    • Rigorously review the draft notice document that you have been provided with. Carefully consider whether the document as drafted aligns with the regulator’s intention, or whether amendments are needed to the scope, the timeframe and methodology in order to address the key issues (and minimise the risk of scope creep). Decide if there are critical issues with the draft scope that should be raised with the regulator now.

    • Shortlist firms that specialise in the topic of the review.

    • Request proposals or indicative terms, including timelines, methodology, resource allocation, and fees.

    • Assess the expertise and capabilities of the individuals being proposed to undertake the review by each firm.

    • Evaluate the independence and objectivity of the Skilled Person candidates.

    • Consider communication and project management capability of the firms being considered. Since the review will require access to internal teams and data, a collaborative but impartial working style is crucial.

    • Engage early with your supervisory contact at the FCA or PRA to discuss your proposed selection before finalising.

A s166 review derives from section 166 of the Financial Services and Markets Act 2000 (FSMA), which gives regulators the power to require firms to appoint a third party (a “Skilled Person”) to conduct a detailed review and report on particular concerns.

How do I prepare for a s166 review?

Once the Skilled Person has been appointed, early, proactive engagement with the Skilled Person and the regulator is essential to set the tone for a constructive process and demonstrate commitment to addressing the regulator’s concerns in a timely and transparent manner.

  • Establishing strong internal governance around the s166 review process is both good practice and a regulatory expectation. Senior sponsorship and clear accountability for the s166 review is critical.

    Firms should set up a clearly defined working group, ideally including compliance, legal and relevant operational leads to oversee the review. This group can manage the relationship with the regulator, ensure a strategic and co-ordinated approach across the organisation, and liaise with the Skilled Person throughout the process.  Decisions will be required on certain issues during the course of the review. It should be clear where such matters should be escalated and who has responsibility for resolving them.

  • S166 reviews often assess complex issues across broad timeframes, meaning there is significant scope for misinterpretation or misunderstanding by the review team. Even before the review formally begins, firms should begin preparing internally so that they are set up for success. This includes:

    • Conducting a high-level assessment of the issues raised in the draft notice.

    • Identifying key personnel who may need to be interviewed or contribute to the review.

    • Starting to gather documents and records that are likely to be requested.

    • Reviewing internal reports, governance materials, or audit findings relevant to the review area.

    • Setting up the project management team, ensuring it is appropriately resourced and includes individuals who understand the specific challenges that a s166 review can bring.

    Where time allows, remediation of clear gaps, if credible and meaningful, can also help demonstrate a responsible and proactive approach when the review starts.

  • It is beneficial to use external expert support to ensure a strategic approach to the s166 process, with clear and consistent messaging to the Skilled Person and regulator throughout the process.

    A mis-step in a s166 review, such as delayed responses, inconsistent information, or poorly framed arguments, can make findings worse or damage the firm’s credibility with the regulator.

    External advisers who have experience of the s166 review process can help firms to prepare individuals for interviews with the Skilled Person, advise on how to respond to challenges and concerns raised by the Skilled Person, and ensure that the management of the s166 Review is efficient and effective.

    Rise Regulatory Consulting is well placed to assist here. We combine deep technical knowledge with insight into the regulator’s expectations and how best to manage the process.  We are experienced in regulatory engagement and understand the practical and reputational implications of a Skilled Person review.

What happens during a s166 review?

A s166 review is a detailed and often intensive process. Once the scope has been agreed and the Skilled Person has been appointed, the review typically progresses through several key phases.

Understanding what to expect can help your team be prepared and respond effectively.

  • After the formal notice has been issued, the Skilled Person will usually hold an initial  planning meeting to clarify how the review will be carried out, what information they’ll need, and when they’ll need it. This is also the time to raise any practical issues and agree how you will work together, for example frequency of check-ins on actions and deliverables, and response times for information requests. A clear, agreed plan will help avoid confusion later and ensure a smoother process.

  • Most reviews involve a substantial examination of documents and data. This can include board minutes, internal reports, policies, training records, and communications, such as emails and messages.

    Firms should start gathering likely materials early, decide on the best way to share these securely, and ensure relevant teams are briefed. If data is stored in complex or fragmented systems or includes personal or sensitive content, then firms should consider involving legal or data protection specialists to ensure proper handling.

    It is important to review all materials being provided so that you can consider how the content may be perceived in the context of the review scope, and provide relevant background or additional information if useful. 

  • The Skilled Person will often request interviews with key individuals, such as board members, senior management, risk, compliance, and operations leads. These interviews are a core part of the review, are likely to influence the final report, and should be approached with that understanding in mind.

    Interviewees should take time to prepare themselves properly: understanding the scope of the review, reviewing relevant information that has been shared with the Skilled Person, and aligning on key facts. It’s wise to hold preparation sessions such as mock interviews to ensure key staff are well prepared.

    The Skilled Person may also wish to meet with more junior colleagues, who are less experienced in talking to senior stakeholders. It can be helpful to run briefing sessions for these colleagues so that they understand the broader context of the review and how to approach their meeting with the Skilled Person.

  • It’s not unusual for issues to emerge during the course of the review that can be addressed ahead of the report being issued. Firms should take a proactive approach to identifying and resolving concerns as they arise. Quick, credible remediation of smaller issues during the review can demonstrate responsiveness and reduce the need for follow-up action later.

  • Throughout the process, firms should maintain clear records of decisions, communications, and steps taken in response to the review. This includes internal governance activity, and engagement with the Skilled Person. A robust audit trail will help with providing feedback on the draft report and evidence strong oversight and governance if the regulator raises further questions later on.

  • Although the Skilled Person reports independently to the regulator, the firm should maintain regular communication with its supervisory contact. Provide progress updates, flag any emerging risks, and show how any recommendations are being implemented. Even where it’s not formally required, keeping the regulator informed helps maintain trust and transparency.

What happens at the end of a s166 review?

The conclusion of a s166 review is a pivotal stage in the process. While the formal review may be drawing to a close, the regulatory focus on a firm does not end with the submission of the report.

How a firm responds at this stage can have a lasting impact on its relationship with the regulator and on its future supervisory risk profile.

  • Before the final s166 report is submitted to the regulator, firms are typically given the opportunity to review and comment on the draft findings (the regulator is typically provided with the draft report concurrently with the firm). This is an important step and should involve senior management, as well as legal and external advisory support, where appropriate. The aim is to check for factual accuracy, ensure that key points of context have been properly reflected, and raise any points of clarification. A thoughtful and constructive response at this stage can help shape the final report and avoid misunderstandings that could influence regulatory follow-up.  It will also allow the firm to minimise the risk of being set follow up actions that are unclear or have unrealistic deadlines.

  • Even as the draft report is under review, firms should begin considering how they will address any likely findings or recommendations. Where the Skilled Person identifies weaknesses or areas for improvement, the regulator will expect the firm to take these seriously and respond promptly. This may involve putting together a clear action plan, assigning ownership, and setting realistic timelines for implementation.

  • The firm’s response to the Skilled Person’s recommendations is a key test of its governance and culture. Regulators will be looking for evidence that the firm understands the issues and is taking effective, proportionate steps to resolve them. In many cases, a proactive approach, where the firm begins remediation even before the report is finalised, can help build confidence and reduce the likelihood of further regulatory scrutiny.

    Conversely, failing to act to address weaknesses whilst waiting for the report, or failing to act on recommendations once received, can carry significant risks for a firm and may lead to increased supervisory attention, or, in some cases, formal enforcement action.

  • After the report is submitted, the regulator may request periodic updates on progress against any agreed actions. Firms should ensure that progress is documented and reported transparently, with governance oversight from senior leadership and the board. Clear communication and visible ownership of the post-review phase help demonstrate accountability and can support a return to business as usual.

Why Rise Regulatory Consulting?

Selecting the right expert support for a Section 166 review is important. At Rise Regulatory Consulting, we bring a rare combination of regulatory, practitioner, and Skilled Person experience that makes us uniquely positioned to help.

Proven Skilled Person experience
Members of our team have previously worked at firms on the regulators’ Skilled Person Panel (for multiple lots). We understand what good looks like from the regulator’s perspective and what’s required to deliver it.

Ex-regulators with real insight
Our team includes former senior regulators who have themselves commissioned and overseen multiple s166 reviews. This gives us a deep understanding of the regulators’ objectives, expectations, and pressure points, enabling us to anticipate concerns and advise accordingly.

In-house leadership during s166 reviews
We’ve supported s166 reviews from the other side too, as senior risk and compliance professionals within major financial institutions. This gives us a practical understanding of how reviews impact day-to-day operations, internal governance, and stakeholder expectations. This also allows us to provide advice that’s grounded in operational reality, not just theory.

A track record of preparing firms effectively
We have helped multiple firms prepare for S166 reviews, from initial scoping and documentation readiness to board-level briefing and stakeholder communication. Our approach is hands-on, practical, and tailored to each firm’s operating model and risk profile.

 Get in touch to discuss how we can support you.