A Section 165 notice under the Financial Services and Markets Act 2000 gives the FCA the power to demand specific documents and information from any regulated firm. It arrives with a deadline. It names exactly what they want. And if you can't produce it, the FCA treats that as a signal that your firm lacks the documentation, systems and controls to meet its regulatory obligations.
What a Section 165 request actually asks for
The FCA's recent Section 165 requests to wealth and advice firms have targeted specific areas of evidence. Not policy documents. Not process diagrams. Evidence.
They want to see how client risk assessments are conducted and monitored. They want records of governance activity: investment committee minutes, file review percentages, second-line control activity. They want to know how you identify and support clients with characteristics of vulnerability, and how you tailor services accordingly.
For advice firms with ongoing service propositions, the questions get pointed. How do your charges deliver fair value across different service tiers? What percentage of client files were reviewed under COBS and SYSC requirements? What does your management information actually say about the quality of those reviews?
The FCA isn't asking whether you did a review. They're asking what was discussed, what changed, what action was taken, and whether vulnerability was assessed.
The gap between process and proof
Most advice firms have a review process. The problem is that the process doesn't generate the evidence the FCA now expects.
The Lang Cat's 2024 data showed 17% of firms were not delivering annual reviews at all. But even firms that do conduct reviews often fall short on documentation depth. A file note that says "annual review conducted, no changes" tells the FCA nothing. It doesn't demonstrate that objectives were revisited, that the client's circumstances were checked, that vulnerability indicators were assessed, or that the adviser considered whether the existing arrangement still met the client's needs under Consumer Duty.
The FCA has moved from implementation to active supervision on Consumer Duty. Their 2026 Consumer Investments Regulatory Priorities report made this explicit. Six new investigations into potential Consumer Duty breaches have been opened. The regulator is using a supervision-led approach designed to intervene earlier and secure outcomes faster than traditional enforcement.
CP26/10 makes this worse, not better
On 25 March 2026, the FCA published CP26/10, proposing to replace the mandatory annual suitability review with periodic reviews. The consultation closes 22 May 2026.
Some firms will read this as the regulator relaxing its grip. The opposite is true.
Under the proposed rules, firms must determine the appropriate review frequency based on client needs and circumstances, consistent with Consumer Duty. That means you need to evidence why you chose a particular review cycle for each client segment. You need records that demonstrate your assessment of what "appropriate" looks like. The documentation burden doesn't shrink. It shifts from proving you reviewed annually to proving your chosen frequency is justified.
Firms that were already doing annual reviews badly will now be doing periodic reviews badly, with less structure and weaker evidence.
What good evidence looks like
A file that would survive a Section 165 request contains specific records for each client interaction. Objectives reviewed and any changes noted. Holdings checked against the last suitability letter. Vulnerability indicators assessed using a consistent framework. Escalation triggers applied and documented. Actions taken or explicitly deferred with reasoning. Management information that aggregates this data across the book so the firm can demonstrate oversight at portfolio level.
This is operational. It requires structured templates, trained staff, consistent execution, and a system that produces auditable records at scale.
The cost of not getting this right
Inability to produce requested documentation promptly is itself a red flag. The FCA benchmarks firms against peers. Outliers face increased supervision. Incorrect or incomplete submissions increase the risk of further scrutiny, regulatory action, or reputational damage.
For owner-managed firms carrying 200 or more ongoing clients paying below the threshold where senior adviser time makes economic sense, the maths is brutal. You can't afford to spend adviser hours on structured evidence generation for these clients. But you can't afford not to have the evidence when the FCA asks for it.
There is a fix for this
Pillar Client Services exists to close this gap. We deliver structured annual reviews for your ongoing service clients, inside your systems, under your brand. Every review generates the documentation depth the FCA expects: objectives, vulnerability, escalation, actions, MI. Your files are audit-ready before the Section 165 notice arrives.
If your current review files wouldn't survive a regulatory information request, that's worth a 20-minute conversation.