After the Remediation Direction: What Happens Next?
When a remediation direction arrives, the response is almost always the same: the firm identifies the scope, assembles the team, and focuses hard on getting the remediation done. Everything narrows to the task in front of it.
Which is entirely understandable. The FSA sets tight deadlines for remediation work and meeting them is not optional. When the clock is running and the scope is defined, it's natural to treat the boundary of the required work as the boundary of the job. After all, the firm is doing exactly what it has been told to do, under pressure, in a compressed timeframe.
The problem is, that's really only part of the answer and in some ways, the least important part.
The finish line
Boards going through remediation almost universally want to know one thing: when will this be done?
It's a reasonable question. Remediation is disruptive, expensive, and demanding. The desire for a finish line is legitimate but I think most firms misjudge where the finish line is and what it looks like.
No remediation is perfect, because nothing ever is. Files that have been remediated will have imperfections. Documentation that has been updated will have gaps. A regulator looking closely at a firm that has just completed a remediation programme will always find things worth noting, because that is always true of anything inspected closely enough.
What determines how the FSA views those residual imperfections is not whether they exist; it’s whether the "new normal" of the firm demonstrates that it has genuinely understood and addressed what gave rise to the original failing.
Treating the remediation scope as a boundary
This is the most common mistake made in the aftermath of a remediation direction.
Whilst the remediation scope is defined by what the FSA found, it's not, and was never intended to be, a comprehensive audit of the whole business. When firms treat the scope as a boundary, fixing only what was identified and returning to normal operations as soon as the deadline passes, they are potentially demonstrating to the regulator that they haven't fully understood how a risk framework operates.
The "secret sauce" here is understanding that a requirement for remediation invariably points to a systemic issue; a cultural gap or governance structure that's not functioning as intended. It might be a process that had been working adequately for years until the conditions changed and it stopped working. Remediating the specific files or data treats the symptoms; but not the disease.
A regulator who returns after remediation and finds the flagged items clean but a BAU environment with identical characteristics will not be reassured. The remediation work will look like the patch that it is.
Use it as a springboard
The firms that come through a remediation direction well, are the ones that use the direction as a springboard to look harder at the business than they would have done otherwise.
Not necessarily launching a separate programme or expanding the remediation scope but starting by asking the difficult questions in the background. Essentially, asking the questions that the FSA will be asking when it returns.
If the direction identified weaknesses in file quality in a particular area, what does file quality look like across the rest of the business? If the root cause was a breakdown in a specific process, where else does that process operate and how is it functioning there? If the findings pointed to a governance gap, has the board satisfied itself that the gap was isolated or whether it reflects something more structural?
There are wider questions as well that should be addressed. If it took the regulator to trigger a "fix" that means one of two things: either the issues hadn't been spotted internally prior to the inspection or they had been spotted and reported but had been left unaddressed. This wider review is the difference between a firm that has done what it was told to do and a firm that has understood why it was told to do it.
What the Regulator is actually observing
The FSA’s move to impact and risk-based supervision means that a firm’s conduct during and after a remediation direction is part of the picture that the regulator builds over time.
A firm that engages transparently, remediates thoroughly, broadens its review beyond the narrow scope, and can demonstrate to its board and the FSA that the underlying conditions have changed, is building a materially different supervisory record from one that meets the deadline, closes the file, and moves on.
That difference will not necessarily be visible immediately. But it will be visible at the next touchpoint, whether that is a thematic questionnaire, a follow-up visit, or something else entirely.
The board’s role
It's paramount that the board understands exactly what it is being asked to do.
A board that treats a remediation direction as a management problem to be resolved and reported back on is not wrong, exactly.... but it is missing something. The board’s job in the aftermath of a direction is not just to receive updates on the remediation timeline. It is to satisfy itself that the firm has learned something, and that the learning is visible in how the business now operates.
That means asking the harder questions. Not just “is the remediation on track?” but “do we understand why this happened?” Not just “when will this be done?” but “what are we doing differently as a result?”
A board that can answer those questions, and evidence that it asked them, is in a fundamentally stronger position when the FSA returns than one that received a completion report and moved on.

