FCA and CBI Training Obligations: What Finance Teams Need to Know

FCA and CBI Training Obligations: What Finance Teams Need to Know

If your firm is regulated by the Financial Conduct Authority (FCA) in the UK or the Central Bank of Ireland (CBI), staff training is not optional. Both regulators treat ongoing training as a core component of compliance — and both have the power to sanction firms where training standards fall short.

This article sets out what FCA and CBI training obligations actually require, which staff are in scope, what topics must be covered, and how to demonstrate compliance. It is written for Compliance Officers, Finance Directors, and HR leaders in regulated financial services firms operating in the UK and Ireland.

Why Regulators Mandate Training

Financial regulators mandate training because competence and conduct failures are among the leading causes of consumer harm. The FCA's Consumer Duty (effective July 2023 for open products, July 2024 for closed products) makes it explicit: firms must ensure staff have the knowledge and skills to deliver good outcomes for retail customers. The CBI's Consumer Protection Framework places similar obligations on Irish-regulated entities.

Training is not simply a box-ticking exercise. Regulators view it as evidence of a firm's culture — specifically, whether the firm takes its obligations to customers and markets seriously. During supervisory visits and enforcement investigations, the FCA and CBI will ask to see training records, competency frameworks, and evidence that training content is appropriate and regularly updated.

FCA Training Requirements: The Core Framework

The Training and Competence Sourcebook (TC)

The FCA's primary training framework is the Training and Competence (TC) Sourcebook, which applies to firms and individuals carrying on certain regulated activities. The TC Sourcebook requires firms to:

• Ensure that employees are competent to carry on the regulated activities for which they are responsible
• Assess competence before allowing individuals to deal with customers without supervision
• Maintain records of training and competency assessments
• Ensure ongoing competence through regular review, continuing professional development, and refresher training

The TC Sourcebook distinguishes between employees who are subject to qualification requirements (such as retail investment advisers and mortgage advisers) and those who must simply demonstrate competence through other means. Firms must identify which category each employee falls into and apply the appropriate framework.

Senior Managers and Certification Regime (SM&CR)

The FCA's SM&CR, which applies to all FCA-regulated firms, imposes specific training expectations on Senior Managers and Certified Persons. Firms must:

• Certify annually that Certified Persons are fit and proper to perform their roles — which includes having the appropriate knowledge and skills
• Ensure that Senior Managers understand their Prescribed Responsibilities and the regulatory environment in which the firm operates
• Maintain records supporting certification decisions

For finance professionals specifically, many roles that involve managing risk, overseeing financial crime controls, or reporting to regulators will fall within the Certification regime. This means annual fitness and propriety assessments must be supported by evidence of training and competence.

Consumer Duty Training Requirements

Consumer Duty introduces an explicit expectation that staff understand what good customer outcomes look like and how their role contributes to delivering them. The FCA has been clear that firms need to embed Consumer Duty principles through training — not simply issue a policy update. This means:

• Customer-facing staff need training on the four Consumer Duty outcomes (products and services, price and value, consumer understanding, and consumer support)
• Finance, risk, and oversight functions need to understand their role in monitoring outcomes
• Senior Managers must be able to demonstrate that training has been embedded, not just delivered

Financial Crime Training

The FCA expects all regulated firms to have a financial crime training programme. This is grounded in the Proceeds of Crime Act 2002, the Money Laundering Regulations 2017 (as amended), and the FCA's own financial crime guidance (FG17/6). Training must cover:

• Recognition of money laundering, fraud, bribery, and sanctions evasion
• The firm's internal reporting procedures (including how to make a Suspicious Activity Report)
• The legal consequences of tipping off
• Updated typologies as the threat landscape evolves

Financial crime training must be delivered on induction and refreshed at regular intervals — typically annually. Online delivery is widely accepted by the FCA provided it is interactive, assessed, and records are retained.

Central Bank of Ireland Training Requirements: The Core Framework

Fitness and Probity Regime

The CBI's primary individual accountability framework is the Fitness and Probity (F&P) Regime, which requires that persons performing controlled functions (CFs) and pre-approval controlled functions (PCFs) are fit and proper. Fitness and probity encompasses:

• Competence and capability — the individual has the qualifications, skills, and knowledge required
• Honesty, integrity, and fairness
• Financial soundness

Firms must not permit a person to perform a CF or PCF unless they are satisfied on reasonable grounds that the person complies with the F&P Standards. Training records are central evidence for this satisfaction.

Individual Accountability Framework (IAF)

The CBI's Individual Accountability Framework, which came into force in phases from 2023, mirrors aspects of the UK SM&CR. Under the IAF:

• Persons in Senior Executive Accountability Regime (SEAR) roles must have clear understanding of their prescribed responsibilities
• Firms must conduct due diligence on individuals in scope, including verifying their competence
• Firms must maintain adequate policies and procedures — including training policies — to support IAF compliance

Minimum Competency Code (MCC)

The CBI's Minimum Competency Code sets out qualification and CPD requirements for retail financial product advisers and those performing specific retail intermediary activities. Key MCC obligations include:

• Holding a recognised qualification for the relevant product area before advising retail customers
• Completing a minimum of 15 hours of CPD per year (with specific requirements for structured and unstructured CPD)
• Maintaining a CPD record and making it available to the CBI on request

The MCC applies to staff in banks, insurers, investment intermediaries, and mortgage intermediaries when they carry on in-scope activities. Finance professionals in treasury, risk, or compliance functions are typically not subject to the MCC directly, but may be subject to the F&P requirements instead.

Anti-Money Laundering Training in Ireland

Ireland's AML framework is governed by the Criminal Justice (Money Laundering and Terrorist Financing) Acts 2010 and 2018, which transpose the EU AML Directives. Section 54 of the 2010 Act requires designated persons (which includes credit and financial institutions, accountants, auditors, and solicitors) to provide training to relevant employees. Training must cover:

• The law relating to money laundering and terrorist financing
• The firm's internal policies and procedures for AML/CFT
• How to recognise and report suspicious transactions

AML training must be delivered on an ongoing basis — not simply at induction. The CBI expects firms to refresh training when regulations change and to tailor content to the specific risks faced by the firm.

Which Staff Are In Scope?

The precise scope depends on the firm type and regulatory permissions, but the following general rules apply:

• Customer-facing staff: Most likely subject to both competency requirements and financial crime training
• Senior Managers / PCF holders: Subject to individual accountability regimes (SM&CR / IAF), requiring documented competence evidence
• Certified Persons / CF holders: Subject to annual certification / ongoing F&P assessment
• Finance, risk, compliance, and internal audit staff: Typically subject to AML training and firm-specific competency frameworks; may also be in scope for certification or F&P depending on their role
• All staff: General awareness training on financial crime, conduct expectations, and Consumer Duty (UK) / Consumer Protection (Ireland) obligations

Demonstrating Compliance: What Regulators Look For

During supervisory visits, both the FCA and CBI will typically request evidence of the following:

• A documented training and competency framework
• Training records by individual (including dates, content, assessment outcomes)
• Evidence that training content is reviewed and updated when regulations change
• Evidence that training is assessed (not simply completed)
• Records supporting annual certification or F&P assessments
• A process for identifying and managing gaps in competence

Online training platforms are widely accepted by both regulators, provided they generate auditable completion records and include meaningful assessments. The FCA has published guidance confirming that e-learning can satisfy training requirements where it is well-designed and appropriately assessed.

Frequently Asked Questions

Is AML training mandatory for all staff in FCA-regulated firms?

Not for all staff, but the FCA expects firms to train anyone whose role could involve exposure to money laundering risk. For most regulated firms this means broad coverage — from customer-facing staff to finance, operations, and compliance teams. At a minimum, firms should train staff who handle customer funds, onboard customers, or oversee financial crime controls.

How often must training be refreshed?

There is no single universal interval mandated across all training types. AML training is generally expected to be refreshed annually, or when there are material changes to legislation or the firm's risk profile. Consumer Duty and SM&CR/IAF training should be updated whenever there are regulatory changes. Competency assessments for TC Sourcebook in-scope roles are typically conducted annually.

Does the CBI accept online training for MCC CPD purposes?

Yes. The CBI accepts structured CPD delivered online, provided it is relevant to the individual's role and product area and is delivered by a recognised provider. Records must be maintained to demonstrate that CPD hours were completed and that the content was appropriate.

What is the difference between the FCA's TC Sourcebook and SM&CR?

The TC Sourcebook focuses on competence for regulated activities — particularly those involving customer advice or dealing. SM&CR is an individual accountability regime that applies more broadly to Senior Managers and Certified Persons across all FCA-regulated firms. Both may apply simultaneously to the same individual depending on their role.

What happens if a firm cannot demonstrate adequate training?

Both regulators have enforcement powers where firms fail to meet training obligations. The FCA can issue public censures, financial penalties, or vary or cancel a firm's permissions. The CBI can impose administrative sanctions, direct firms to take remedial action, or prohibit individuals from performing controlled functions. In practice, the most common initial consequence is a requirement to remediate training gaps within a defined period.

Can training be delivered by an external provider?

Yes — both the FCA and CBI accept third-party training providers. The firm remains responsible for ensuring that content is appropriate for its specific regulatory obligations and risk profile. Firms should review training content before deploying it and ensure that provider records can be integrated into the firm's own training records system.

Key Takeaways

• Both the FCA and CBI treat staff training as a compliance obligation, not a best practice
• The FCA's TC Sourcebook and SM&CR set competence and individual accountability requirements for UK-regulated firms
• The CBI's Fitness and Probity regime and Individual Accountability Framework create equivalent obligations for Irish-regulated firms
• AML training is mandatory in both jurisdictions and must be delivered on an ongoing basis
• Compliance officers must maintain auditable training records that can withstand regulatory scrutiny
• Online training is accepted by both regulators where it is assessed and well-documented

Learnsignal provides CPD-accredited compliance, AML, financial crime, and regulatory training designed for finance professionals in FCA and CBI-regulated firms. Our courses are structured for online delivery, include assessments, and generate completion certificates to support your compliance records. Contact us to discuss a group training solution for your team.