Case Study 35.1 — Priya's First 100 Days: From Shopping List to Strategy at Fenchurch Asset Management
Overview
Organization: Fenchurch Asset Management (fictional composite) Type: UK-regulated asset manager AUM: approximately £45 billion Regulatory context: FCA Dear CEO letter on operational resilience; prior thematic review findings on transaction reporting accuracy Engagement type: RegTech strategy and program design Lead consultant: Priya Nair, Senior Manager — RegTech Advisory Practice
Background: The Letter That Started Everything
Fenchurch Asset Management had not been in regulatory trouble, exactly. It had been in the regulatory grey zone that many mid-size asset managers inhabit: largely compliant on the metrics that regulators check most visibly, but aware — at the compliance leadership level at least — that some of the underlying processes were not as sound as the regulatory submissions implied.
The FCA's Dear CEO letter on operational resilience, issued to a cohort of mid-size asset managers in early 2024, was addressed to firms that had demonstrated "evidence of fragility in important business services," including regulatory reporting. Fenchurch was on the list. The letter did not identify specific violations. It was, in the language regulators use when they want a firm to fix something without formally finding fault, an expression of supervisory concern and an expectation of a written remediation response within sixty days.
Fenchurch's Head of Compliance, a methodical and experienced practitioner named David Hartley, called Priya's firm the day after the letter arrived. He was clear about what he wanted: a credible, actionable response to the FCA — not a glossy document asserting that everything was fine, but a real strategy for fixing what was genuinely broken. He had been trying to fix it for two years without the organizational traction to do so. The FCA's letter had provided the traction.
The Discovery: Fourteen Platforms, Four in Use
Priya's first activity on any engagement is what she calls the "estate audit": a structured inventory of every compliance technology platform the organization owns, pays for, or uses in any form. She conducts this audit herself rather than relying on the firm's own inventory, because the self-reported inventory is almost always wrong.
At Fenchurch, the estate audit took three weeks. The results were striking.
Over the preceding five years, Fenchurch had procured fourteen compliance technology platforms at a total contracted spend of approximately £6.1 million. Of these:
Actively used (daily, in production): - A transaction monitoring platform deployed in 2021 (used by 6 analysts) - A KYC document collection and storage tool deployed in 2022 (used by the onboarding team) - An email surveillance and archiving system (legacy — in place since 2017) - A board reporting dashboard that aggregated compliance metrics from manual data feeds
Occasionally used: - A regulatory horizon-scanning service (used by the CCO and one senior associate; 3 other named licences unused for over a year) - A data visualisation tool purchased for regulatory reporting (used for ad hoc analysis but not integrated into the reporting workflow) - A sanctions screening overlay procured in 2023 (integrated with the KYC tool, but screening logic not reviewed since initial configuration)
Dormant or effectively abandoned: - A KYC automation platform procured in 2020 — implementation stalled when it became apparent that the firm's client data did not meet the platform's data quality requirements. Licence still being paid: £84,000 per year. - A best execution analytics platform procured in 2022 — failed user acceptance testing; never went live. One-off implementation cost: £340,000. - A regulatory reporting engine procured in 2021 — partially implemented; two of eight planned report types were built, then the implementation stalled when the technology vendor who built the integration left the firm. Remaining licence cost: £120,000 per year. - Three AI-powered surveillance tools procured at different points between 2019 and 2023 — each evaluated in pilot, none progressed to production. Total pilot and licence costs across the three: approximately £290,000. - A master data management platform procured in 2023 — never implemented; licence renewed twice without any deployment activity. Annual licence: £95,000.
The total cost of dormant and abandoned platforms — including continuing licence fees, failed implementation costs, and internal staff time — was approximately £2.4 million.
The root cause was consistent across all seven dormant platforms. In each case, the technology had been procured in response to a specific trigger event — a regulatory finding, a vendor demonstration, a peer institution deploying a similar tool — without completing three things first: defining the specific process the tool would support, ensuring the data the tool required was available and clean, and assigning clear ownership for the tool's operation after deployment.
The Maturity Assessment: 2.3 out of 5
Following the estate audit, Priya conducted a five-dimension maturity assessment. The assessment was conducted over two weeks through structured interviews with the compliance operations team, the data team, the technology function, and the business lines. For each dimension, Priya required specific evidence rather than accepting self-descriptions.
The results were:
| Dimension | Score | Key Finding |
|---|---|---|
| Process Automation | 2.1 | Most KYC refresh, breach management, and reporting activities are manual; the four active tools operate largely as standalone applications without workflow integration |
| Data Quality | 2.0 | Client master data has approximately 23% incomplete records in LEI field; transaction data has reconciliation gaps between the order management system and the compliance copy; no automated data quality monitoring |
| Reporting Capability | 2.4 | MIFID II transaction reports submitted on time but without full audit trail; AIFMD reports produced through a combination of partly-implemented reporting engine and manual spreadsheet overlay; MiFID II best execution reports produced entirely manually |
| Monitoring Effectiveness | 2.5 | Transaction monitoring in place but alert thresholds not reviewed since 2021; estimated false positive rate approximately 91%; no real-time compliance dashboard; operational resilience monitoring absent |
| Audit Trail Completeness | 2.3 | Audit trail fragmented across five systems; voice recording retrieval process not tested in 30 months; policy exception documentation inconsistent |
| Overall | 2.3 | Reactive |
A score of 2.3 places Fenchurch firmly in the Reactive band. The firm responds to regulatory events with remediation, but compliance is not systematically managed outside those trigger events. Its technology investment has not translated into capability — the tools exist but the underlying processes remain manual, the data is unreliable, and the audit trail is fragmented.
The most significant finding was the data quality dimension. Priya had seen this pattern before: organisations that had invested in analytics and reporting tools without first addressing the quality of the data those tools required. At Fenchurch, this explained the stalled KYC automation platform from 2020 almost perfectly. The platform could not function without clean LEI data and complete client profiles. The data was not clean. Rather than fixing the data, the firm had let the implementation stall.
The Strategic Diagnosis: Infrastructure Before More Tools
Priya's findings meeting with David Hartley and the management committee lasted two and a half hours. The central message took approximately ten minutes to deliver and generated forty minutes of discussion: the firm did not need more compliance technology. It needed to fix the data and governance foundations that would allow the technology it had already bought to actually work.
Specifically, the firm needed to do three things before acquiring or re-implementing any further technology:
First, a data remediation programme. The client master data needed to be brought to a minimum quality standard — specifically, LEI completion above 95%, address currency above 90%, and date of birth completeness above 95% for natural person clients. Until this was done, any analytics or monitoring capability built on top of the data would produce unreliable outputs.
Second, a golden source strategy. The firm needed to establish authoritative sources for four critical reference data sets: client identities, legal entity hierarchy, financial instrument reference data, and counterparty data. Currently, these data sets existed in multiple inconsistent copies across different systems. Until golden sources were established and all systems pointed to them, any data quality work done in one system would be inconsistently reflected across others.
Third, a governance structure for the technology estate. Every active compliance technology platform needed a named owner with clear accountability for performance monitoring, regulatory currency, and data quality within their system. The dormant platforms needed a formal decommission decision — either a funded plan to revive the implementation or a contract termination.
Only after these three foundations were in place, Priya argued, should the firm begin thinking about the analytics and monitoring capabilities the FCA letter was specifically concerned with.
The 18-Month Roadmap
Priya presented an 18-month roadmap structured around the three-horizon model.
Horizon 1 (Months 1–6): Foundation - Data remediation programme for client master data (target: LEI completion to 95%, address currency to 90%) - Golden source establishment for client and counterparty data - Governance assignment for all active platforms (named owners, accountabilities documented) - Formal decommission decisions for all dormant platforms (expected saving from licence terminations: approximately £380,000 per year) - Policy update for operational resilience monitoring to address FCA letter findings - Regulator response: submit a credible, evidence-based remediation plan to the FCA within 60 days
Horizon 2 (Months 7–18): Capability Build - Revive and complete the partially-implemented regulatory reporting engine (scope: all eight planned report types, with full data lineage documentation) - Implement an integrated compliance workflow platform to replace manual breach and case management processes - Re-configure transaction monitoring alert thresholds using the clean client data from Horizon 1 (expected false positive rate reduction from 91% to approximately 65%) - Implement operational resilience monitoring capability using existing data infrastructure (addresses FCA letter directly) - Establish a consolidated audit trail capability by integrating audit logs from all active systems into a searchable, tamper-evident repository
Horizon 3 (Months 18+): Transformation Direction - AI-enhanced transaction monitoring (deferred until clean data and calibrated baseline are in place) - Real-time compliance dashboard (deferred until all data feeds are integrated and reliable) - Predictive risk analytics for KYC refresh prioritisation (deferred until client data quality programme is complete)
The total Horizon 1–2 investment was estimated at approximately £1.1 million — considerably less than the £2.4 million already wasted on dormant platforms, and significantly less than the original ambition of purchasing new tools from the CTO's wish list.
The FCA Response and Outcomes
Fenchurch submitted its remediation plan to the FCA at day 52 of the 60-day window. The plan was built directly from Priya's roadmap and included the maturity assessment findings, the data remediation programme scope, the governance assignment decisions, and the decommission plan for dormant platforms.
The FCA acknowledged the response positively. In the follow-up supervisory meeting, the reviewing supervisor noted that the response was "unusual in its candour about the current state" and "more credible for not claiming that the existing tools were working when the evidence suggested otherwise."
By month six of the programme, Fenchurch had completed the data remediation to 94% LEI completion (just below the 95% target; full target achieved by month eight), had terminated contracts for four dormant platforms (saving £299,000 per year in licence fees), and had named owners for all eight active and planned systems. The governance documentation had been approved by the management committee and circulated to the affected platform owners.
At month twelve, the regulatory reporting engine was fully implemented across all eight report types. The audit trail consolidation project was 80% complete. Transaction monitoring false positive rate had been reduced from 91% to 67% — not through a new AI system, but simply through recalibrating existing rules against the clean client data.
David Hartley sent Priya a note at month fourteen. "The most useful thing you did," he wrote, "was tell us to stop buying things. We had been treating every regulatory problem as a procurement problem. We had enough technology. We just hadn't built the capability to use it."
Key Lessons
Data quality is a prerequisite, not an afterthought. The firm's previous tool failures — including the £84,000 per year KYC automation platform that had sat dormant for four years — were almost all caused by data quality failures identified during implementation and never remediated. Addressing data quality first, before any further tool deployment, was the single highest-value action in the roadmap.
Decommissioning failed investments is a governance act, not a failure. The decision to formally terminate the dormant platform contracts — rather than continuing to pay for the hope that they might eventually be implemented — freed up nearly £400,000 per year and, more importantly, cleared the organizational debt of failed projects that had been silently draining credibility from the compliance technology programme.
Regulatory honesty pays. The FCA's positive response to Fenchurch's remediation plan was, in part, a response to the credibility of the self-assessment. Regulators are sophisticated consumers of documentation. A response that accurately describes current gaps is more persuasive than a response that overstates current capability.
The first 100 days should produce foundations, not features. Priya's framework for the first 100 days of any RegTech engagement is explicit: document what you have, assess where you are, fix the data, assign the governance, and then — and only then — talk about what technology to add. This sequence feels slower than beginning with tool procurement. In practice, it produces programmes that actually work.
This case study illustrates the compliance maturity assessment framework from Section 35.3, the data-first principle from Section 35.6.3, the tool graveyard failure pattern from Section 35.8.1, and the three-horizon roadmap from Section 35.6.2.