A past business review is the population-scale engagement an FCA-regulated firm undertakes when it has to assess the suitability of its own past advice across a defined customer cohort. Sometimes this follows a skilled-person review under FCA section 166; sometimes it is a voluntary exercise driven by supervisory engagement or by the firm's own conduct-risk assessment. The output, where unsuitability is identified, is a redress liability that has to be calculated, audited, and paid — at scale, to a standard the regulator can rely on. The note below sets out when an FCA-regulated firm needs independent actuarial calculation in this context, what the work entails, and what makes it defensible at population scale.
The triggers for a past business review vary in form but converge in substance. A skilled-person review under FCA section 166 is the most explicit trigger: where the regulator commissions a skilled person to review a defined area of a firm's past business, the firm cooperates with that review and provides the underlying data, including any redress calculations the review requires. A voluntary review is the second route: a firm whose conduct-risk assessment identifies a population of past advice that may not have met suitability standards initiates the review pre-emptively, either to manage regulatory exposure or to address consumer harm directly. A third route is FCA-instructed: the regulator has directed the firm to conduct the review without commissioning a skilled person, with the firm's own governance and internal audit functions taking the role the skilled person would otherwise play.
Whichever route initiates the review, the methodological position is the same. The firm has to identify the affected population, assess the suitability of the original advice for each member of that population, and calculate the redress due to those members where unsuitability is identified. The actuarial calculation sits at the third of these stages — it follows the suitability assessment and produces the redress amount. But the actuarial calculation is also where the review's defensibility is most often tested.
Why independent calculation matters at scale.
A single-case redress calculation can be done by a regulated firm's own actuarial team, or by an actuary the firm commissions on a one-off basis. The work is contained, the audit trail is contained, and the methodology consistency question is contained to that one case. At population scale, none of these conditions holds.
Methodology consistency is the first issue. A review covering a hundred or a thousand or several thousand cases produces a hundred or a thousand or several thousand calculations. For each to be defensible, each has to apply the same methodology consistently — the same prescribed assumptions, the same approach to historical payments, the same treatment of complex scheme features, the same handling of edge cases. A spreadsheet-based approach, no matter how carefully built, struggles to demonstrate this consistency to the standard a skilled person or FCA supervisor requires. The methodology has to be embedded once and applied uniformly; the audit trail has to evidence the uniformity.
The second issue is independence. Where the calculation is done by the regulated firm itself, the calculation sits inside the same governance environment as the conduct that may have caused the harm in the first place. This is not a comment about probity — it is a question about institutional positioning. A skilled person or FCA supervisor reviewing the redress calculations may attach less weight to calculations produced by the firm's own actuarial function than to calculations produced by an independent actuarial consultancy with no commercial interest in the outcome. Independence is a structural feature, not a claim, and it is what gives the calculation its third-party defensibility.
The third issue is audit-traceability at population scale. A skilled-person review or FCA supervisory review will sample the calculation population — verifying that a sample of cases can be reconstructed from inputs through methodology to output. Sample reproducibility requires that every calculation in the population has a complete and structured audit trail, accessible to a third party, presented in a form that can be reviewed without re-doing the work from scratch. This is not the kind of audit trail a spreadsheet-of-spreadsheets naturally produces. It is the kind of audit trail that has to be designed into the calculation platform from the outset.
What the engagement actually involves.
A typical past-business-review engagement, from the firm's perspective, has four phases. The first is scoping: identifying the population of cases, establishing what data is available for each, agreeing the methodology version that applies (which DISP App 4 version, which prescribed assumptions, which tabular basis), and establishing the audit-traceability standard that the engagement will deliver against. Scoping is often the most consequential phase: getting the population definition right, the methodology version right, and the data architecture right determines how cleanly the rest of the engagement runs.
The second phase is calculation. The firm's calculation platform processes each case through the same calculation chain — counterfactual valuation, actual-situation valuation, Primary Compensation Sum, with Secondary and Additional Compensation Sums as applicable. For a typical population, the calculation phase runs in batches, with each batch producing per-case calculation receipts and aggregate-level documentation. Edge cases — complex scheme features, unusual member circumstances, data gaps — are flagged for individual review rather than processed automatically, and the resolution of those edge cases is itself documented in the audit trail.
The third phase is review and verification. Internal review by the firm's senior actuarial team validates a sample of calculations end-to-end, with the audit-traceability record as the basis for review. Where the engagement is paired with a skilled-person review, the skilled person's sample-reproducibility exercise is supported by the same audit-traceability record — the firm provides the working, the skilled person verifies that the working supports the output. Where the engagement is conducted without a skilled person, the firm's own internal audit or compliance function plays the verification role.
The fourth phase is delivery. The output to the FCA-regulated firm is a per-case calculation receipt for every case in the population, an aggregate documentation pack that supports skilled-person review and regulator enquiry, and a methodology statement that documents the version of DISP App 4 applied, the assumptions used, and the edge-case treatments. The CMC™ artefact for each case is the per-case form of this output; the aggregate documentation is the population-level form.
What FCA expects of the methodology.
FCA expectations on past-business-review methodology are framed by the DISP App 4 prescribed methodology, but go beyond it in two material respects.
The first is methodology consistency across the population. The FCA's position, expressed in supervisory guidance and in skilled-person review terms of reference, is that the redress calculation methodology has to be applied consistently across the population. Where exceptions are made — for complex scheme features, for unusual member circumstances, for data gaps — the exceptions have to be principled (rooted in the scheme rules or the member's circumstances, not in convenience) and documented (with the reasoning visible). A past-business review where different cases were treated differently for unprincipled reasons is one that the FCA can and does reopen.
The second is data-quality discipline. FCA expects the data underlying the calculation to be of a standard the calculation can rely on — member data verified against scheme records, personal pension data verified with the provider, advice documentation verified against the firm's contemporaneous records. Where data gaps exist, the methodology for handling them has to be documented and applied consistently. A past-business review that produced calculation outputs without addressing material data-quality issues is, again, one the FCA can reopen.
Both expectations push toward the platform-led approach the firm uses. Consistency at population scale, data-quality discipline at population scale, and audit-traceability at population scale are not properties that emerge from spreadsheet-based working — they have to be designed in.
What the firm provides.
The firm provides past-business-review redress calculation work as a productised engagement under the Redress & remediation Solution. The same methodology applies whether the engagement is one case or ten thousand; what changes is the data architecture and the audit-traceability standard. The Solution is structurally independent of the FCA-regulated firms in scope — no advisory ties, no commission arrangements, no shared ownership. The senior actuary leading the engagement is responsible for the methodology, the sample treatment, the regulator-facing correspondence where applicable, and the population-level audit trail; the calculation platform produces the per-case audit-traceable receipts.
What the firm does not do is the suitability assessment itself. That is the FCA-regulated firm's responsibility, and it is the input the redress calculation runs on. The firm's engagement begins where the suitability assessment ends and produces, for each case the suitability assessment identified as warranting redress, a defensible calculation of the amount due.
The methodological position is straightforward: a past business review at population scale is not a series of unrelated single-case calculations. It is one engagement, run on one methodology, against one calculation chain, with one audit-traceability standard. The firm's role is to deliver that engagement to the standard the FCA, the skilled person, and the firm's own internal audit can rely on — with per-case calculation receipts that are audit-traceable in detail, and population-level documentation that holds up to regulatory scrutiny. Where unsuitable advice has been identified, the redress calculation is the financial answer; the methodology behind it is what makes the answer defensible.
For the firm’s productised past-business-review and remediation work — single-case to population-scale — see Redress & remediation. For specific support around skilled-person engagements, see S166 engagement support.
Last updated May 2026.