VREQs and OIREQs: Differences, Management and Regulations

Alessandro Micagni's profile image
Alessandro Micagni
On September 10th, 2024

FCA and PRA leverage VREQs and OIREQs to enforce compliance, stressing robust governance and proactive measures to manage regulatory risks effectively.

VREQs and OIREQs: Differences, Management and FCA Regulations



Voluntary Requirements (VREQs) and Own-Initiative Requirements (OIREQs): A Regulatory Overview


Financial regulators leverage Voluntary Requirements (VREQs) and Own-Initiative Requirements (OIREQs) as proactive tools to swiftly address emerging risks, safeguard consumer interests, and maintain market integrity. In the UK, both the Financial Conduct Authority (FCA) and the Prudential Regulation Authority (PRA) regularly utilize VREQs and OIREQs as critical supervisory mechanisms to mitigate potential harm arising from regulated entities exhibiting regulatory failings or weaknesses in governance and controls.


This comprehensive guide provides an authoritative, up-to-date analysis (through 2024) of VREQs and OIREQs, detailing their legal foundations, operational usage, and compliance considerations. It compares UK practices with similar supervisory instruments in the EU, particularly those under Article 104 of the Capital Requirements Directive (CRD). Additionally, it addresses recent regulatory developments, such as the FCA’s implementation of the new Consumer Duty regime and evolving approaches to enforcement actions.


The inclusion of practical guidance and illustrative case studies further assists compliance teams, boards of directors, and legal advisors in effectively navigating the nuances of VREQs and OIREQs, enhancing preparedness for regulatory interventions and promoting robust compliance frameworks.



FCA and PRA Intervention Powers: Role of VREQs and OIREQs in UK Regulation


In the UK’s regulatory landscape, supervisory authorities possess a broad spectrum of intervention powers, prominently featuring Voluntary Requirements (VREQs) and Own-Initiative Requirements (OIREQs). These instruments enable the FCA and PRA to impose restrictions or requirements swiftly on a firm’s activities without initially resorting to formal enforcement proceedings. Typically employed when supervisory examinations identify emerging issues such as inadequate internal controls or potential threats to consumer welfare, both VREQs and OIREQs are designed for immediate risk mitigation.





What is a Voluntary Requirement (VREQ)?


A Voluntary Requirement (VREQ) is an instrument through which regulated entities voluntarily consent to specific restrictions or corrective actions at the regulator's request. Operationally, the FCA or PRA typically invites a firm to "sign a VREQ," making it legally binding once agreed upon. While voluntary in name, a VREQ often emerges under regulatory scrutiny, with non-compliance likely leading to formal enforcement actions.


Legal Basis and Framework:


Under Financial Services and Markets Act 2000 (FSMA) Part 4A, Section 55, a VREQ takes effect when a firm formally requests variations to its regulatory permissions, subsequently approved by the regulator. This cooperative process bypasses complex formal enforcement procedures, often eliminating the need for Warning Notices or involvement of the Regulatory Decisions Committee (RDC). For instance, the PRA frequently uses VREQs under FSMA Section 55M to mandate additional capital requirements or activity limitations, particularly for prudential stability.


When Regulators Utilize VREQs:


Regulators prefer employing VREQs in scenarios requiring rapid remedial actions where the firm demonstrates willingness and capacity for self-correction. Common triggers include initial supervisory concerns about internal control deficiencies or potential consumer harm. Although less publicized than formal enforcement initially, VREQs nonetheless appear on the Financial Services Register, often attracting public scrutiny. For example, in October 2024, investment firm network 2plan Wealth entered into a widely publicized VREQ, temporarily restricting the onboarding of appointed representatives until governance controls improved.


Consequences and Compliance Obligations:


Compliance with a VREQ is mandatory and holds regulatory equivalence to formal rules. Breaches can escalate to enforcement actions and financial penalties. The high-profile case involving CB Payments Ltd, a Coinbase subsidiary, exemplifies this rigor. In 2024, the FCA fined the company £3.5 million for breaching its agreed VREQ, emphasizing the importance of stringent adherence to voluntary commitments.


Upon rectifying underlying issues, firms must proactively engage the regulator to remove a VREQ, a process requiring formal application and regulatory confirmation of compliance.


What is an Own-Initiative Requirement (OIREQ)?
What is an Own-Initiative Requirement (OIREQ)?

What is an Own-Initiative Requirement (OIREQ)?


An Own-Initiative Requirement (OIREQ) differs from a VREQ as it is imposed unilaterally by regulators without requiring a firm’s consent. The FCA and PRA utilize statutory powers under FSMA (Sections 55L for FCA and 55M for PRA) to impose conditions or restrictions directly on a firm’s permission to safeguard consumer protection, market integrity, or financial stability.


Application and Regulatory Context:


OIREQs arise predominantly in scenarios where firms resist voluntary cooperation or when the regulatory risk demands immediate and decisive intervention. Regulators frequently apply OIREQs with immediate effect to halt potentially harmful activities such as promoting high-risk financial products or securing assets from unauthorized disposal.


A notable historical instance is the FCA's 2019 use of an OIREQ during the mini-bond scandal to prevent further consumer detriment by banning promotion and acceptance of such risky products.


Legal and Operational Characteristics:


Unlike VREQs, OIREQs represent formal regulatory decisions communicated through a First Supervisory Notice, subject to potential appeals at the Upper Tribunal. Despite the possibility of legal challenge, these requirements remain active unless specifically suspended during appeal proceedings. Public visibility of OIREQs through regulatory notices typically results in significant reputational impacts, comparable to formal enforcement actions.


Recent jurisprudence further expanded the scope of OIREQs, confirmed by the UK Court of Appeal in the landmark BlueCrest Capital Management ruling of October 2024, affirming FCA's authority to mandate single-firm consumer redress through OIREQs.


Scope and Types of Restrictions:
The regulatory toolkit enabled by OIREQs is extensive, encompassing restrictions such as prohibiting specific business activities, mandating skilled person reviews, or requiring redress payments to affected consumers. Additionally, regulators may utilize Own-Initiative Variation of Permission (OIVOP) to adjust or remove a firm's regulated activities entirely.



VREQs and OIREQs process
VREQs and OIREQs process



Statistical insights suggest varying degrees of regulatory intervention through VREQs and OIREQs over recent years. Notably, FCA data indicates an intervention peak in 2023, with a strategic shift towards targeted, data-driven actions by 2024-2025. This aligns closely with the FCA's proactive regulatory approach emphasizing early intervention, especially highlighted within the context of the new Consumer Duty regime.


In summary, while VREQs allow regulators and firms cooperative resolution paths, OIREQs assert regulatory authority decisively to mitigate imminent threats. The distinction between voluntary cooperation (VREQs) and mandatory compliance (OIREQs) provides regulators with flexible, yet robust, tools essential for maintaining market discipline and consumer trust.




Both Voluntary Requirements (VREQs) and Own-Initiative Requirements (OIREQs) originate from the Financial Services and Markets Act 2000 (FSMA), which underpins the regulatory supervision framework managed by the Financial Conduct Authority (FCA) and the Prudential Regulation Authority (PRA). Specifically, Part 4A of FSMA governs how authorized firms obtain, vary, or relinquish permissions to carry out regulated activities. Within this regulatory structure, various sections of FSMA explicitly grant supervisory authorities the powers to impose or modify permissions:


  • Section 55J/K FSMA: Allows firms themselves to request variations or cancellations of their regulatory permissions. This is the legal route underpinning Voluntary Requirements (VREQs), whereby firms voluntarily agree, albeit often under regulatory pressure, to restrictions or conditions.
  • Section 55L FSMA: Grants the FCA explicit authority to impose requirements or vary permissions unilaterally, without requiring firm consent, thus forming the statutory basis for the FCA’s use of Own-Initiative Requirements (OIREQs) and Own-Initiative Variation of Permissions (OIVOPs).
  • Section 55M FSMA: Provides the PRA with analogous own-initiative powers to impose mandatory requirements or vary permissions for firms under its prudential supervision.

To lawfully impose an OIREQ, regulatory bodies must satisfy specific statutory conditions to ensure fair and judicious use of their intervention powers. These conditions include evidence that a firm is failing to meet mandatory Threshold Conditions (basic criteria required for authorization, including adequate resources, suitable management, and effective governance) or that intervention aligns with the regulators’ statutory objectives—consumer protection, market integrity, competition, and, specifically for the PRA, safety and soundness of regulated entities.


Importantly, the regulators’ decisions to impose an OIREQ can be challenged by firms via the Upper Tribunal, obliging the regulatory authority to present clear evidence of the perceived risk or regulatory failings justifying such intervention.



Regulatory Guidance and Operational Procedures for VREQs and OIREQs


Detailed procedural guidance on the application of VREQs and OIREQs is articulated within the FCA’s regulatory handbooks, particularly the Supervision Manual (SUP) and Enforcement Guide (EG). For instance, EG 8.3 explicitly notes that the FCA may impose an OIREQ with immediate effect when urgent action is necessary, citing risks such as asset dissipation or significant consumer loss as triggers for swift intervention.


Further procedural guidance is provided in the FCA’s Decision Procedure and Penalties manual (DEPP), specifying decision-making authorities. Notably, since November 2021, the FCA streamlined its internal decision-making structure, shifting many decisions related to imposing OIREQs and VREQs from the semi-independent Regulatory Decisions Committee (RDC) directly to senior FCA executives. This operational change, driven by the FCA’s strategic goal to act more quickly, allows swifter supervisory actions and reflects the FCA’s broader mantra of being “innovative, assertive, and adaptive.” As a result, firms now face potentially less advance notice and fewer opportunities for dialogue before a decision is made, underscoring the necessity for readiness and responsiveness when engaging with regulatory supervisors.



regulator's decision process
regulator's decision process


Interaction Between VREQs/OIREQs and the Consumer Duty Regime (2023)


The FCA’s Consumer Duty, effective from July 2023 for retail businesses, significantly influences the regulatory approach to supervision and early intervention. Although the Consumer Duty primarily introduces higher standards for good consumer outcomes rather than directly granting new intervention powers, its implementation inherently promotes proactive, outcomes-focused supervisory action. The FCA explicitly indicated that it would promptly use existing supervisory tools, such as VREQs and OIREQs, when identifying breaches of Consumer Duty standards causing foreseeable consumer harm.


For example, if an FCA review reveals that a firm’s financial products or customer practices fail to meet Consumer Duty expectations, the regulator could swiftly invite a VREQ compelling the firm to cease offering those products or services until remediation occurs. Firms must, therefore, proactively identify, report, and remediate compliance issues internally to avoid regulator-driven interventions. As of late 2024, the FCA actively monitors industry adherence to Consumer Duty requirements and openly communicates its readiness to employ VREQs or, if necessary, impose unilateral OIREQs to rapidly stop or prevent consumer harm.


The PRA’s Prudential Use of VREQs and OIREQs


Due to its core prudential focus on ensuring the safety and soundness of banks, insurers, and investment firms, the PRA frequently employs VREQs and OIREQs to address prudential rather than conduct risks. Historically, the PRA utilized VREQs to set individual firms' Pillar 2A capital buffers voluntarily—requiring firms to formally apply for these higher capital levels as part of supervisory dialogue.


By 2025, however, the PRA streamlined its approach, increasingly setting routine capital requirements directly without requiring formal VREQ applications, aiming to reduce administrative burdens. Nevertheless, in cases involving acute or idiosyncratic risks, the PRA retains and actively employs the power to impose immediate, firm-specific OIREQs—such as restrictions on asset growth or dividend payments. Once imposed, these measures typically involve intensive ongoing monitoring through frequent data submissions and potentially requiring Skilled Person reviews (s.166 FSMA) to verify compliance and remediation progress.


Overlap Between Supervisory and Enforcement Actions


Crucially, while VREQs and OIREQs represent supervisory (preventative) rather than enforcement (punitive) measures, the boundaries between supervision and enforcement frequently intersect. A VREQ or an OIREQ itself does not imply guilt of regulatory misconduct; rather, it aims at immediate harm mitigation while further regulatory scrutiny or investigations continue.


However, non-compliance with imposed requirements, or subsequent confirmation of underlying regulatory breaches, frequently escalates into formal enforcement proceedings, potentially resulting in fines, public censures, or further restrictions. The FCA explicitly acknowledges using VREQs as an alternative route to enforcement actions, with some cases resolved via settlement agreements involving voluntary undertakings.


Notably, post-2022, the FCA has increasingly adopted a multi-tool approach, simultaneously imposing a VREQ to immediately halt problematic activities while initiating parallel enforcement investigations into past conduct. Firms should therefore approach compliance with VREQs and OIREQs with urgency and seriousness equivalent to formal regulatory enforcement, given the potential regulatory and reputational consequences of failing to meet imposed obligations.


EU Equivalents and Analogous Mechanisms: Comparing VREQs and OIREQs
EU Equivalents and Analogous Mechanisms: Comparing VREQs and OIREQs

EU Equivalents and Analogous Mechanisms: Comparing VREQs and OIREQs


While the terms "Voluntary Requirement (VREQ)" and "Own-Initiative Requirement (OIREQ)" are specific to UK regulatory practice under the Financial Services and Markets Act 2000 (FSMA), the European Union employs analogous supervisory mechanisms under its regulatory frameworks. Although EU regulations do not explicitly reference VREQs or OIREQs, their legal and operational equivalents serve similar proactive purposes across EU jurisdictions, particularly under directives such as the Capital Requirements Directive (CRD), Markets in Financial Instruments Directive (MiFID II), and the Bank Recovery and Resolution Directive (BRRD).


CRD Article 104: Supervisory Measures Analogous to OIREQs


Article 104 CRD IV/V equips EU national competent authorities and the European Central Bank (ECB) within the Single Supervisory Mechanism (SSM) with powers similar in function to UK Own-Initiative Requirements (OIREQs). Through the Supervisory Review and Evaluation Process (SREP), authorities may impose mandatory corrective measures, such as increased capital requirements (Pillar 2 add-ons), enhanced internal controls, limitations on business activities, forced divestments, or special asset provisioning.


For instance, if a bank exhibits excessive credit risk, regulators may mandate additional capital buffers and restrict dividend distributions via formal supervisory decisions. These regulatory actions parallel UK OIREQs, where mandatory supervisory intervention is applied without requiring the firm’s consent, aiming to promptly reduce identified risks.


European Central Bank (SSM) Powers Similar to UK OIREQs


Within the Banking Union (eurozone), the ECB, under SSM Regulation (EU) No 1024/2013 (Article 16), exercises direct supervisory authority over significant financial institutions. This includes powers akin to UK regulators’ own-initiative interventions, enabling the ECB to impose requirements for liquidity buffers, managerial removals, remuneration limitations, and enhanced supervisory reporting.


An example includes the ECB's unilateral imposition of dividend restrictions on eurozone banks during the COVID-19 pandemic, mirroring the prudential logic underpinning UK OIREQs.


MiFID II Article 69: Supervisory Intervention for Investment Firms


Under MiFID II (Article 69), national competent authorities possess explicit supervisory powers to halt non-compliant conduct swiftly, similar in nature to UK OIREQs. These include prohibiting or suspending investment services, temporarily banning products or individuals from market participation, and intervening to protect retail investors promptly.


For example, an EU regulator could immediately prohibit an investment firm from marketing a high-risk financial instrument, resembling the rapid intervention typically achieved through a UK Own-Initiative Requirement (OIREQ) or Own-Initiative Variation of Permission (OIVOP).


Voluntary Compliance and EU Regulatory Practice Similar to VREQs


Although the EU framework does not explicitly define a mechanism identical to the UK's Voluntary Requirement (VREQ), EU regulators frequently rely on informal agreements and voluntary compliance. Supervisors often encourage firms to proactively adopt corrective actions through dialogue, analogous in practice to the UK's use of VREQs.


For example, a national banking regulator might informally urge a financial institution to voluntarily restrict certain activities, undertake capital restoration measures, or temporarily cease problematic operations. Should the firm fail to voluntarily comply, the regulator subsequently invokes formal supervisory measures, a dynamic similar to the UK's progression from a cooperative VREQ to a mandatory OIREQ.


Early Intervention Measures under the BRRD


The EU's Bank Recovery and Resolution Directive (BRRD) provides for Early Intervention Measures (EIMs), comparable to the UK's use of urgent OIREQs. EIMs enable authorities to enforce urgent corrective actions, including mandatory implementation of recovery plans, management restructuring, or appointment of temporary administrators, to prevent insolvency.


A notable instance occurred in 2019, when the ECB placed Italy's Banca Carige under temporary administration following capital inadequacy, highlighting the EU’s capability for decisive, unilateral interventions akin to the FCA or PRA’s immediate-effect OIREQs.


Disclosure, Publicity, and Redress: EU versus UK


A significant distinction between UK and EU supervisory actions lies in transparency. In the UK, VREQs and OIREQs are typically public, visible via the Financial Services Register or regulatory notices. Conversely, EU regulators generally keep prudential supervisory measures confidential unless they represent formal sanctions or the affected firm voluntarily discloses the measures, especially if publicly listed.


Remedies, Appeals, and Judicial Review of EU Supervisory Actions


EU firms retain rights to appeal supervisory decisions, akin to UK firms challenging OIREQs through the Upper Tribunal. EU entities may appeal ECB decisions to the ECB Administrative Board of Review, with potential escalation to the European Court of Justice. National-level decisions can similarly be contested through domestic administrative or judicial procedures.


In practice, appeals generally focus on the proportionality and legality of imposed measures, paralleling UK processes requiring regulators to substantiate decisions based on statutory criteria and evidence.



Comparative Table: VREQs, OIREQs, and EU Supervisory Measures


The following comparison summarizes key distinctions and similarities between UK regulatory tools (VREQs and OIREQs) and analogous EU supervisory measures (using CRD Article 104 as a reference):


Aspect UK – Voluntary Requirement (VREQ) UK – Own-Initiative Requirement (OIREQ) EU Supervisory Measures (e.g., CRD Art. 104)
Nature & Initiation Voluntary; firm consent required after regulatory prompting. Mandatory; unilateral regulatory action without firm consent. Generally mandatory; regulatory action without requiring firm consent (though voluntary compliance often precedes formal action).
Legal Basis FSMA Section 55J/K; firm application. FSMA Sections 55L (FCA) and 55M (PRA); supervisory notice. CRD Art. 104, MiFID II Art. 69; formal supervisory decision under EU/national law.
Process & Publicity Documented formally; publicly listed on FCA register. Formal administrative notice; publicly disclosed supervisory notice. Typically non-public unless sanctions or significant market implications arise.
Appeal Rights Not applicable as voluntary; limited scope for challenge. Firm may appeal via Upper Tribunal. Appeals through administrative or judicial reviews available at national and EU levels.
Typical Uses Remedial action with cooperative firms; preventive intervention. Immediate risk mitigation; consumer protection; prudential intervention. Prudential controls, risk mitigation, capital add-ons, restrictions, and urgent corrective actions.


Regulatory Equivalence across Jurisdictions


Despite terminological and procedural differences, the EU's supervisory frameworks achieve objectives comparable to UK regulators' VREQs and OIREQs. Regulatory approaches in both jurisdictions emphasize proactive risk management, early supervisory intervention, and swift, decisive action to uphold prudential standards and protect consumers and markets. Firms operating internationally must therefore recognize the functional similarities between UK intervention tools and analogous EU mechanisms, adopting consistent compliance strategies irrespective of jurisdictional distinctions.


Case Studies: Real-World Applications of VREQs and OIREQs
Case Studies: Real-World Applications of VREQs and OIREQs

Case Studies: Real-World Applications of VREQs and OIREQs


Practical case studies effectively demonstrate how Voluntary Requirements (VREQs) and Own-Initiative Requirements (OIREQs) operate within regulatory supervision, showcasing their implications, outcomes, and essential compliance lessons.


Case 1: CB Payments (Coinbase UK) – Breach of a VREQ and FCA Enforcement


In October 2020, CB Payments Ltd (Coinbase UK), a regulated e-money firm operating in cryptoassets, entered into a Voluntary Requirement (VREQ) after the FCA identified significant anti-money laundering (AML) control deficiencies. The imposed VREQ explicitly prohibited the onboarding of new high-risk customers until the firm improved its AML compliance framework.


Despite this binding agreement, CB Payments failed to implement adequate internal controls to enforce the VREQ, subsequently onboarding over 13,000 high-risk clients and processing approximately $226 million in crypto transactions, directly breaching the agreed requirements. Internal oversight failures allowed these violations to persist unnoticed for approximately 18 months.


In response to these breaches, the FCA initiated enforcement proceedings. In July 2024, the FCA issued a landmark fine of £3.5 million against CB Payments. This case marked the FCA's first significant crypto-related enforcement action explicitly tied to non-compliance with a VREQ, highlighting the seriousness with which the FCA views breaches of supervisory requirements.


The FCA emphasized that agreeing to a VREQ is not merely procedural but carries binding regulatory obligations. This case underscores that firms must implement rigorous internal monitoring and compliance processes following a VREQ to ensure adherence. Regulators view non-compliance as severe misconduct, warranting substantial penalties and enforcement actions.


Case 2: 2plan Wealth Management – Effective Use of VREQ for Remediation


Contrasting with the CB Payments scenario, the case of 2plan Wealth Management, a UK-based financial advisory network, illustrates the positive impact of proactively embracing a Voluntary Requirement (VREQ). In October 2024, the FCA raised concerns regarding 2plan’s insufficient oversight mechanisms for its rapidly growing number of Appointed Representatives (ARs), entities traditionally considered high-risk due to reliance on principal firm supervision.


With the firm's consent, the FCA imposed a VREQ restricting 2plan from onboarding new ARs until improved governance structures were established. The company utilized this regulatory pause constructively, investing significantly in governance enhancements and control systems.


Following successful remediation measures, by May 2025, the FCA reviewed and lifted the VREQ, acknowledging the strengthened supervisory infrastructure. Publicly, 2plan credited the imposed pause as an opportunity to implement "future-proof" compliance and governance measures, safeguarding consumers and enabling sustainable growth. This case demonstrates the constructive potential of VREQs when firms actively cooperate and view regulatory interventions as opportunities for strategic improvement.



The high-profile BlueCrest Capital Management case demonstrates the evolving scope of the FCA’s Own-Initiative Requirement (OIREQ) powers, especially concerning financial redress for harmed investors. Following an FCA investigation into conflicts of interest regarding fund management practices, in 2021, the regulator proposed a substantial financial penalty (~£40.8 million) alongside an unprecedented OIREQ, mandating approximately £70 million in investor restitution.


BlueCrest challenged this use of FCA’s OIREQ powers under FSMA Section 55L, arguing such redress could only be mandated through statutory redress schemes requiring investors to demonstrate actionable losses explicitly. Initially, the Upper Tribunal supported BlueCrest, restricting FCA’s interpretation of its powers. However, in a significant ruling in October 2024, the UK Court of Appeal overturned this decision, clarifying that the FCA could impose a single-firm redress OIREQ directly under its consumer protection mandate.


This pivotal ruling has important implications, expanding regulators' ability to enforce financial remediation directly through OIREQs without needing broader redress scheme criteria. Firms must recognize this expanded scope and anticipate potential supervisory measures that carry substantial financial and operational implications, highlighting that contesting such regulatory actions can be legally complex and uncertain.


Case 4: PRA Intervention – Voluntary Growth Restrictions as Preventive Measures


The Prudential Regulation Authority (PRA) often utilizes VREQs quietly yet effectively for prudential purposes, as exemplified in the case of a smaller UK-regulated bank exhibiting rapid growth combined with governance deficiencies. Concerned that unchecked growth threatened the bank's prudential soundness, the PRA negotiated a Voluntary Requirement (VREQ) with the bank, imposing specific annual growth restrictions until governance improvements were implemented.


This preventive VREQ successfully limited the institution’s risk exposure, allowing internal strengthening without resorting immediately to punitive measures or a publicly damaging enforcement action. Following improvements in governance and compliance systems, the PRA subsequently lifted the restriction. Had the bank refused voluntary compliance, the PRA held authority to enforce a mandatory OIREQ achieving the same outcome. This case illustrates the PRA’s strategic use of VREQs for prudential stability and how cooperative regulatory engagement often mitigates severe outcomes.



Practical Guidance for Firms: Preparing, Responding, and Monitoring VREQs and OIREQs


Regulatory interventions such as Voluntary Requirements (VREQs) and Own-Initiative Requirements (OIREQs) represent significant compliance challenges for firms. However, with proactive preparation, structured responses, and vigilant monitoring, firms can successfully navigate these interventions, minimize business disruption, and even leverage them to enhance internal governance. This comprehensive guidance equips boards, compliance officers, and legal counsel with best practices derived from regulatory insights and real-world case studies, enabling firms to emerge stronger following regulatory scrutiny.


Preparing for Potential VREQs and OIREQs: Proactive Steps for Firms


1. Foster a Proactive Compliance Culture

To mitigate the likelihood of a VREQ or OIREQ, firms should actively promote a culture of early issue identification and self-remediation. Regulators, including the FCA through its Consumer Duty regime, increasingly expect firms to pre-emptively detect and rectify regulatory breaches such as product mis-selling, financial crime vulnerabilities, or inadequate internal controls. Encourage internal reporting and transparent escalation processes, demonstrating to the regulator a commitment to proactive compliance management. Firms capable of self-correction reduce the risk of regulator-imposed interventions.


2. Educate Leadership on Regulatory Intervention Powers

Senior management, boards, and compliance teams must thoroughly understand the nature, purpose, and conditions under which regulators utilize VREQs and OIREQs. Familiarizing leadership with FCA and PRA guidance, as well as relevant sector-specific case studies, supports informed decision-making. Regularly update risk assessments and scenario analyses (e.g., sudden FCA-imposed restrictions on high-risk business activities) in the corporate risk register. Such preparedness enables swift operational responses and reduces confusion during actual regulatory interventions.


Practical Guidance for Firms: Preparing, Responding, and Monitoring VREQs and OIREQs
Practical Guidance for Firms: Preparing, Responding, and Monitoring VREQs and OIREQs

3. Establish Robust Governance Frameworks for Regulatory Interventions


Develop and document clear protocols within your firm’s governance or crisis management framework specifically addressing potential regulatory interventions like VREQs and OIREQs. Key elements include:


  • Immediate escalation protocols: Clearly define which senior management functions (SMFs), board committees, or compliance executives must be informed immediately upon regulatory contact suggesting possible interventions.
  • Crisis response teams: Formally designate a cross-functional team (including compliance, legal counsel, executive leadership, and external advisors if necessary) tasked with coordinating and communicating with the regulator promptly and effectively.
  • Decision-making procedures: Clarify roles and decision-making authority within the response team to ensure rapid and unified action when regulatory requirements arise.


Prepare strategies for handling sensitive documentation and legal advice when facing regulatory scrutiny. Since regulators can compel disclosure of certain communications, firms should route sensitive discussions and advisory documents through legal counsel to protect privilege. Establish a clearly defined client-lawyer relationship—ideally between external counsel and a specially designated internal committee—preserving confidentiality of critical legal advice, particularly during intense supervisory interactions involving VREQs or OIREQs.


5. Conduct Scenario Simulations and Regulatory Drills

Regularly organize practical scenario-based training exercises ("fire drills") simulating regulatory interventions. These exercises help identify potential weaknesses in internal processes, such as authorization procedures for halting new business activities, implementing rapid system controls, or customer communication strategies following public disclosures. Training client-facing teams on appropriate responses to customer queries during publicized regulatory interventions can also prevent reputational harm and market uncertainty.


6. Maintain Comprehensive Wind-Down and Contingency Plans

Both FCA and PRA regulations explicitly require firms to maintain effective wind-down and contingency planning frameworks. Although a VREQ or OIREQ may not explicitly trigger a wind-down scenario, regulatory interventions often impose operational constraints similar to those encountered during wind-down processes—such as restricting new business activities. Therefore, ensure your firm’s wind-down plan explicitly covers regulatory-imposed limitations, addressing scenarios like revenue disruption, client communication strategies, resource reallocation, and securing additional contingency funding or liquidity buffers to manage prolonged business interruptions resulting from interventions.


7. Prioritize Transparent Regulator Relationships

Establishing and maintaining an open, proactive relationship with supervisory bodies can significantly influence the severity and nature of regulatory interventions. Regular engagement, transparent reporting, and demonstrated compliance commitment in routine supervisory interactions foster trust. Regulators inclined toward cooperative relationships may preferentially offer voluntary, negotiated measures (VREQs) instead of immediately resorting to mandatory interventions (OIREQs). Conversely, firms perceived as non-transparent or inadequately engaged in regular supervision risk immediate unilateral regulatory actions during critical events. Good communication channels also enable early detection of potential supervisory concerns, allowing firms proactive remediation to potentially prevent formal interventions.


Responding Effectively to a VREQ or OIREQ: Essential Guidance for Firms
Responding Effectively to a VREQ or OIREQ: Essential Guidance for Firms

Responding Effectively to a VREQ or OIREQ: Essential Guidance for Firms


When a regulatory authority indicates significant concerns, either by proposing a Voluntary Requirement (VREQ) or signaling an imminent Own-Initiative Requirement (OIREQ), the firm’s immediate and structured response becomes crucial. Effective handling can mitigate consequences, limit disruption, and preserve regulatory trust. Here is a structured, practical guide on how firms should respond to a VREQ or OIREQ scenario, informed by regulatory expectations and best-practice principles.


1. Initial Response: Staying Calm and Organizing (First 24 Hours)


Upon notification, typically via email, phone, or formal regulatory correspondence, swiftly initiate your firm’s crisis response protocols:

  • Immediately inform senior stakeholders, including:
    • CEO
    • Board Chair and Regulatory Compliance Committee
    • Head of Compliance
    • General Counsel
    • CFO and Chief Risk Officer, depending on the nature of the concern.
  • Convene your designated regulatory response team promptly.
  • Assign a senior liaison officer as the regulator’s primary contact.
  • Begin maintaining a detailed internal log of all communications, actions, and decisions to demonstrate robust governance throughout the regulatory engagement process.

2. Clarifying Regulatory Expectations Clearly


Quickly gain clarity on the regulator’s precise concerns and proposed terms:


  • For a VREQ, clarify the exact restrictions or corrective actions requested.
  • For an OIREQ, understand its scope, implementation timeline, and any conditions.
  • Engage the regulator constructively—ask questions and propose practical modifications where necessary. For example, if logistical constraints delay immediate compliance, transparently communicate these issues and propose realistic interim solutions.

Regulators appreciate transparent, constructive engagement and often show flexibility if firms act promptly and in good faith.



Engage specialist external legal counsel experienced in regulatory interventions immediately:


  • Legal advisors can objectively interpret the terms of a proposed VREQ or imposed OIREQ, advise on potential negotiation or contestation strategies, and assist in preserving legal privilege.
  • Form a clearly defined small internal team (CEO, General Counsel, Compliance Head) to directly communicate with external counsel, protecting sensitive discussions under privilege.
  • Balance legal prudence with prompt action; ensure legal deliberation does not significantly delay your initial regulatory response.

4. Strategic Decision: Accepting a VREQ or Challenging an OIREQ


When presented with a VREQ proposal:


  • Usually, accepting a carefully negotiated VREQ is advantageous, as refusal typically escalates to a more severe OIREQ, increasing reputational risk and reducing operational control.
  • Declining should only occur in exceptional scenarios (such as clear regulatory misunderstandings or disproportionate demands threatening firm viability).

If facing an OIREQ already imposed or imminent:


  • Carefully assess the cost-benefit of contesting the requirement at the Upper Tribunal. Litigation is lengthy, costly, and may strain regulatory relations.
  • Often, initial compliance followed by focused negotiations or limited legal challenges is strategically superior. The notable BlueCrest Capital case demonstrates how rare court challenges to OIREQs are due to complexity and reputational consequences.

5. Effective Stakeholder Communication Strategy


Proactively manage stakeholder communications if regulatory actions affect business operations or have disclosure obligations:


  • Customers: Clearly explain implications (e.g., suspension of new sales or account restrictions). Prepare FAQs providing reassurance and guidance.
  • Investors and Listed Companies: Immediately assess if the VREQ/OIREQ is market-sensitive information requiring disclosure per regulatory obligations. Consult legal counsel to ensure timely, compliant market announcements.
  • Third Parties and Business Partners: Inform relevant partners promptly if business disruptions (e.g., halting client onboarding) affect contractual obligations or service expectations.
  • Media: Anticipate potential leaks or media queries. Prepare factual, calm public holding statements emphasizing constructive regulatory cooperation.

6. Immediate Implementation of Controls


Upon accepting or receiving a VREQ or OIREQ, rapid compliance is essential:

  • Act immediately—cease specified business activities, restrict sales platforms, or adjust operational processes according to regulatory directives.
  • Provide prompt written confirmations to the regulator once measures are implemented.
  • Ensure operational accuracy: rapidly implemented actions must be carefully verified to maintain regulatory trust.

7. Negotiating Proportionate and Practical Terms


Where regulators offer flexibility, engage promptly to negotiate proportionate and practical adjustments to a VREQ/OIREQ:

  • Suggest specific, evidence-based modifications (e.g., narrowing scope of activity restrictions based on data).
  • Propose review milestones or checkpoints (e.g., a formal compliance review after 3-6 months).
  • Clearly document regulatory agreements or clarifications to prevent later misunderstandings on compliance expectations.

Negotiations must occur early; altering requirements post-publication becomes significantly harder.


8. Board Oversight and Rigorous Documentation


Maintain strong governance oversight and comprehensive documentation:


  • Ensure all major decisions regarding the VREQ/OIREQ response (e.g., acceptance, negotiation, compliance strategy) are formally recorded in Board or committee minutes.
  • Maintain a meticulous audit trail—capturing all actions, decision-making rationales, and regulatory communications throughout the intervention period.
  • Designate an individual explicitly responsible for documenting these activities continuously. Such thorough record-keeping strengthens your compliance credibility during regulatory follow-ups or potential disputes.

9. Continuous Regulatory Engagement and Updates


Consistent and transparent dialogue with regulators is essential during intervention periods:


  • Regularly update regulators on compliance progress, promptly communicate any implementation challenges, and propose revised timelines transparently.
  • Agree on a defined frequency for progress reports (weekly or monthly), providing regulators with confidence in your ongoing remedial efforts.
  • Immediately communicate unforeseen complications or new developments; transparency preserves regulatory trust and credibility.

10. Leveraging External Expert Resources


Proactively utilize external experts or Skilled Persons (section 166 FSMA reviews) to expedite compliance implementation and demonstrate credibility:


  • Engage external compliance specialists, consultants, or skilled persons if substantial internal resource constraints impede rapid compliance (e.g., large-scale file reviews, complex AML system implementations).
  • Even if not mandated, voluntary independent verification can significantly reassure regulators, accelerating requirement removal and normal business resumption.

11. Proactive Management of Public Relations and Customer Communication


Implement a carefully planned public relations and customer communication strategy if regulatory interventions become public:

  • Ensure consistent messaging across regulatory, public, investor, and customer communications.
  • Emphasize your firm’s active cooperation with regulators, clearly stating the temporary and remedial nature of the intervention.
  • Provide detailed, reassuring information to customers (e.g., clear FAQs explaining the practical impact of regulatory restrictions).

Transparent, timely, and consistent communication preserves your firm's reputation, reduces uncertainty, and demonstrates responsible regulatory compliance management.


Monitoring Compliance and Moving Forward: Ensuring Robust Adherence to VREQs and OIREQs
Monitoring Compliance and Moving Forward: Ensuring Robust Adherence to VREQs and OIREQs

Monitoring Compliance and Moving Forward: Ensuring Robust Adherence to VREQs and OIREQs


Once a Voluntary Requirement (VREQ) or Own-Initiative Requirement (OIREQ) is imposed, your firm enters a critical phase of heightened internal and external scrutiny. Effective monitoring, diligent oversight, and a forward-looking approach become essential to achieving regulatory compliance, successful remediation, and eventual removal of the imposed restrictions. This guidance outlines practical steps firms should take to manage ongoing compliance, effectively remediate underlying issues, and prepare for the eventual lifting of regulatory interventions.



1. Assign Clear Senior Accountability


Ensure immediate clarity on who holds ultimate responsibility for compliance with the VREQ or OIREQ. Typically, under the UK's Senior Managers and Certification Regime (SMCR), this will involve an appropriate Senior Management Function (SMF), such as:

  • SMF16 (Compliance Officer)
  • SMF17 (Money Laundering Reporting Officer, if relevant)
  • CEO or another relevant SMF, depending on specific regulatory concerns.

Include formal accountability for intervention compliance within this individual's stated role objectives, ensuring regular reporting to the Board.



2. Implement Enhanced Monitoring Controls


Treat each VREQ or OIREQ as an explicitly defined regulatory risk, with dedicated monitoring and control frameworks, such as:

  • Automated system alerts triggered by prohibited actions (e.g., attempts to onboard new clients under a client freeze).
  • Daily operational checks (e.g., daily capital adequacy assessments if required by the intervention).
  • A dedicated compliance dashboard providing real-time monitoring of adherence to the specific regulatory conditions set forth in the VREQ/OIREQ.


3. Schedule Regular Internal Audits and Checks


Arrange systematic, periodic internal audit reviews (weekly or monthly) specifically targeting compliance with the intervention requirements:

  • Regular sampling of transactions or operational actions to verify full adherence to the imposed conditions.
  • Immediate escalation and corrective action reporting if non-compliance or anomalies are identified.


4. Execute a Robust Remediation Plan


Merely complying with the imposed restrictions is insufficient. Regulators (FCA and PRA) expect thorough root-cause remediation, including:

  • Detailed remediation plans outlining precise milestones, accountability, and timelines.
  • Clear project management and governance to demonstrate rigorous issue resolution (e.g., systems upgrades, compliance training, strengthened governance procedures).
  • Regular progress reports to regulators showcasing active, continuous improvement beyond mere compliance with the specific VREQ/OIREQ terms.


5. Maintain Regular, Transparent Regulator Updates


Keep regulators consistently informed throughout the intervention period:

  • Provide timely, proactive updates on key milestones (e.g., staff retraining completion, control implementations).
  • Transparently report unforeseen setbacks or emerging issues promptly, accompanied by corrective action plans and revised timelines.
  • Foster regulator confidence through ongoing, proactive communication.


6. Strategically Plan for Requirement Removal


Clearly identify conditions required for regulators to lift the imposed VREQ or OIREQ, and actively work toward meeting these:


  • Engage early with regulators to understand precisely what constitutes successful remediation.
  • Proactively suggest independent verification (e.g., internal audit confirmation or third-party skilled person reports) to validate full compliance and issue resolution.
  • Formally request the lifting of restrictions once you possess robust, verifiable evidence of comprehensive compliance and remediation, avoiding premature requests that risk credibility.


7. Conduct a Thorough Post-Intervention Review


Upon resolution of the regulatory intervention, undertake a comprehensive "lessons learned" review, addressing:

  • Root causes leading to the regulatory action.
  • Effectiveness of your intervention response strategy.
  • Improvements in compliance governance, controls, and internal escalation procedures.

Incorporate these insights directly into updated corporate policies, training programs, and risk management practices to prevent recurrence.



8. Ensure Ongoing Post-Intervention Compliance Vigilance


Even after lifting VREQ/OIREQ restrictions, maintain heightened compliance vigilance:


  • Retain enhanced control measures or monitoring systems that proved effective during the intervention period as permanent compliance safeguards.
  • Demonstrate sustained cultural and procedural improvements to regulators, reinforcing confidence in the firm's long-term compliance commitment and reducing future regulatory intervention risks.


9. Reinforce Board and SMF Accountability Post-Intervention


Evaluate governance oversight rigorously post-intervention to establish accountability clearly:


  • Review if management oversight failures contributed to the regulatory intervention.
  • Under the SMCR, assess whether responsible senior managers met the "reasonable steps" requirements, providing additional training, role adjustments, or internal disciplinary action if necessary.
  • Prepare proactively for regulator-requested senior manager attestations confirming complete resolution and ongoing compliance assurance.


10. Maintain Comprehensive Documentation Archive


Preserve detailed, organized archives of all documentation related to the intervention, including:


  • Regulatory communications.
  • Board meeting minutes and internal decision logs.
  • Remediation plans, progress reports, and evidence of compliance actions taken.

This documentation supports future regulatory inquiries, facilitates onboarding and training of compliance personnel, and informs ongoing risk management strategies.

Reduce your
compliance risks

Sign Up Free Request Demo