FCA Consumer Duty Compliance Software: A Buyer's Guide for 2026

TL;DR — There is no single "Consumer Duty platform" because the Duty spans five operational areas: communications review, outcome monitoring, fair value, vulnerable customer detection and board reporting. This guide explains what software helps with each, what to look for in evaluation, what an implementation timeline realistically looks like, and where Sedric sits.

Table of contents

• Where software actually helps with the Duty
• The five operational areas
• Communications review and approval
• Outcome monitoring and MI
• Fair value assessment tooling
• Vulnerable customer detection
• Board reporting and attestation workflow
• Evaluation criteria
• Implementation timeline
• Where Sedric fits
• FAQ

Where software actually helps with the Duty

Before evaluating tooling, it is worth being honest about what the Duty asks for that software can and cannot help with.

Software is useful where:

• The Duty requires evidence at scale (every communication, every interaction, every cohort).
• The Duty requires real-time intervention (preventing a problematic disclosure being sent, flagging a vulnerable customer before harm crystallises).
• The Duty requires aggregation of MI across multiple systems.
• The Duty requires consistent audit trails for review.

Software is not useful where:

• The firm has not made a decision about what good looks like. Tooling does not substitute for judgement.
• The Duty requires bespoke product-design changes. That sits with product owners and risk committees.
• The Duty requires governance restructuring. That sits with the board and the Consumer Duty Champion.

If you are buying tooling before you have answered the governance and methodology questions, the tooling will surface the gap rather than fill it.

The five operational areas

We organise the buyer's market around the five operational areas where the Duty creates a recurring workload.

Communications review and approval

The problem: Every customer-facing communication — marketing, sales, in-product, post-sale, collections — has to be reviewed against PRIN 2A.5 (consumer understanding), the cross-cutting rules, and (separately) the financial promotions rules in COBS 4, BCOBS 2, ICOBS 2 and CONC 3. A mid-sized firm produces hundreds to thousands of pieces a month. Manual review is a bottleneck and an inconsistency risk.

What good software does: - Ingests communications across channels (email, in-app, web, social, scripts, chatbots, recorded calls and chats). - Applies a rules library reflecting PRIN 2A, COBS, BCOBS, ICOBS and CONC, plus the financial promotions rules. The 2026 state of those rules is in our financial promotions rules 2026 primer. - Flags issues with a link to the underlying rule. A flag without a regulatory citation is a guess. - Provides a defensible audit trail of who approved what, with what overrides, and why. - Supports real-time prevention — catching the issue before the communication goes out, not after.

What to discount: - "AI" tools that score communications but cannot tell you which rule was breached. - Tools that only review English at native level — most UK firms now operate multilingual, and the Duty applies equally. - Tools that work on PDFs or screenshots only. Live in-product copy needs live monitoring.

Outcome monitoring and MI

The problem: The Duty requires outcomes data, not just policy. The data lives in product analytics, CRM, complaints systems, telephony, claims systems and core banking. Most firms cannot assemble a coherent cohort-segmented outcomes picture in fewer than three weeks.

What good software does: - Connects to the data stack rather than requiring data to be migrated. - Segments customers by the cohorts the Duty asks for (acquisition channel, vulnerability, tenure, engagement, product variant). - Provides leading and lagging indicators — drop-off, abandonment, comprehension scores alongside complaints and FOS volume. - Surfaces foreseeable harm signals — unusual drift in a cohort's outcomes before a complaint volume builds. - Generates the data tables that go directly into the annual Consumer Duty board report.

Fair value assessment tooling

The problem: A fair value assessment, done properly, is a quantitative exercise across many cohorts, repeated annually or on trigger. Spreadsheets work for one product; they break at scale.

What good software does: - Hosts the fair value methodology — benefits scoring, price components, comparator benchmarking — in a single auditable place. - Pulls live pricing and product data rather than requiring re-entry. - Highlights cohort divergence automatically. - Routes "fair value with conditions" outcomes to action owners and tracks closure. - Outputs distributor packs for manufacturers in a consistent format.

We cover the underlying methodology in Consumer Duty fair value assessment.

Vulnerable customer detection

The problem: FG21/1 sets out four vulnerability drivers — health, life events, resilience, capability. The Duty layers an obligation to identify and respond. Reliance on self-disclosure alone is insufficient; the FCA expects active detection.

What good software does: - Monitors voice and chat conversations for vulnerability cues in real time. - Routes flagged interactions to a trained specialist team. - Maintains a vulnerability marker on the customer record that follows the customer through downstream actions (collections, renewals, marketing suppression). - Captures outcomes specifically for the vulnerable cohort for board reporting.

This is one area where retrospective archive tooling — the Smarsh / Global Relay class — is structurally weak. The flag has to be raised in time to make a difference to the call that is happening, not retrieved during a sample review next quarter.

Board reporting and attestation workflow

The problem: The annual board report under PRIN 2A.8 is now in its third cycle. The first two cycles exposed every firm to the same drafting problem: pulling MI from twenty places, reconciling cohort definitions, writing narrative, getting committee sign-off and producing an evidence pack.

What good software does: - Maintains a single source of truth for the metrics that appear in the report. - Generates the structured sections (products and services, price and value, consumer understanding, consumer support) from the underlying data. - Tracks committee approvals and the Consumer Duty Champion's challenges with timestamps. - Stores prior-year versions for trend analysis. - Produces an evidence pack ready for a section 166 within hours, not weeks.

Evaluation criteria

When you take vendors through a procurement process, the questions that separate competent tools from marketing-led ones are usually these.

1. Regulatory citation per flag. For any issue the tool surfaces, can it link to the specific rule (PRIN 2A.x, COBS x.x, CONC x.x)? If not, your reviewers have to do that work themselves and the audit trail is weaker.
2. Real-time vs retrospective. Does the tool prevent the problem at point-of-communication, or only detect it after? For the Duty, prevention is the FCA's preferred posture. Smarsh-class archive tools and surveillance tools were built for retrospective sampling. They are necessary for MAR and SYSC 10A but they are not sufficient for the Duty.
3. Override logging. When the firm overrides a flag, is the reasoning captured? In a section 166 the question "why did you ignore this flag?" is asked repeatedly. The answer needs to be in the system.
4. Cohort segmentation depth. Can the tool segment by vulnerability, tenure, channel, and engagement, and run cohort comparisons? Aggregate-only is a no.
5. Coverage of voice and chat. A tool that only handles written marketing copy ignores the majority of customer interactions in most retail firms.
6. Integration with existing stack. CRM, core banking, telephony, complaint system. If the tool needs a data migration project, the project will not finish.
7. Implementation references. Ask for two reference firms in your vertical that completed implementation in the last twelve months. Not pilots, not partial deployments.
8. Model governance posture. If the tool uses LLMs or other ML, can the vendor explain the model risk controls? Is the model dedicated to compliance (training data, evals, guardrails) or a general-purpose model with a system prompt? The latter does not survive a SYSC 8 outsourcing review for most firms.

For a deeper treatment of the AI-specific evaluation questions, see AI compliance software for financial services.

Implementation timeline

A realistic timeline for a mid-sized firm — a challenger bank, a Tier 2 consumer credit firm, a wealth platform — looks roughly like this. Anyone promising materially faster is either selling a shallow deployment or has not understood the scope.

• Weeks 0-4: Discovery and scoping. Define in-scope communications, channels, products and cohorts. Identify data sources. Confirm SMF accountability. Sign DPA and SCCs.
• Weeks 4-10: Integration. Connect to communication channels (email, in-app, web, telephony, chat). Connect to data stack for outcomes monitoring. Configure rules library for the firm's product mix.
• Weeks 10-14: Calibration. Tune the rules library against the firm's recent communications. Run parallel review (tool + existing process) on a sample. Tune thresholds.
• Weeks 14-18: Pilot. Live use in one product line or one channel. Daily review of flags and overrides. Refinement of rules.
• Weeks 18-24: Roll-out. Extend to remaining product lines. Train remaining reviewers. Embed in the formal approval workflow.
• Weeks 24+: Steady state. Monthly model tuning. Quarterly governance review. Annual mapping refresh against rule changes.

This is roughly six months from contract signature to full steady state. Firms that try to compress it tend to end up running parallel review for months because reviewers do not trust the tool.

Where Sedric fits

Sedric is purpose-built for the operational areas above, with three deliberate design choices:

1. Real-time prevention, not retrospective archive. Sedric reviews communications at the point of creation or transmission. The objective is to stop a non-compliant disclosure being sent, not to find it three weeks later in a sample. For UK firms this is increasingly the line between a Dear CEO finding and a section 166.

2. Compliance-dedicated LLM, not a general-purpose model with a wrapper. Sedric runs the industry's first LLM trained specifically on financial services compliance content. Every flag the model raises is linked to the underlying regulation — PRIN 2A, COBS, BCOBS, ICOBS, CONC, FG21/1 — and every override is logged with reasoning. That is what the model-risk and SYSC 8 oversight functions need to see.

3. Coverage across written, voice and chat. The Duty (and the financial promotions rules) apply equally regardless of channel. Sedric ingests marketing copy, in-product comms, call transcripts and chat in a single review surface.

Sedric was named to the 2026 RegTech100, completed an $18.5M Series A led by Foundation Capital with Amex Ventures participating, and has grown revenue 5x in the trailing twelve months. UK customers include consumer credit firms, payment institutions and wealth platforms. None of those signals matter to you on their own — what matters is whether the tool reduces the evidentiary gap between "we have a policy" and "we can prove the outcome." That is what we would prove to you in a 30-minute demo.

FAQ

Do we need separate tools for Consumer Duty, financial promotions and MAR? Often yes. The Duty and financial promotions are tightly coupled and most modern compliance platforms cover both. MAR / market abuse surveillance is a different problem (insider lists, trade surveillance, comms surveillance for market abuse signals) and is usually a different tool. Sedric covers Duty and FinProms; MAR surveillance is typically a separate platform.

Can we use Microsoft Purview / Smarsh / Global Relay for the Consumer Duty? For the archiving piece, yes. For the Duty's outcome-monitoring and real-time prevention requirements, no. Those platforms are designed for retention and retrospective sampling, not for real-time intervention or cohort-level outcomes.

What about model risk and SYSC 8? Any third-party tool that uses ML to make or influence decisions falls within SYSC 8 outsourcing rules and the firm's model risk policy. Ask the vendor for an SS1/23 / model risk pack. If they cannot produce one, walk.

How much does Consumer Duty software cost? Pricing varies widely. For a mid-sized firm, expect annual licence in the £80k-£250k range for a full-featured platform, plus implementation. Cheaper tools usually cover only one of the five operational areas.

What is the build-vs-buy threshold? For a firm with fewer than three regulated entities and stable product mix, build is rarely justifiable. For a firm with significant product complexity and an existing data engineering function, a hybrid (buy core surveillance, build cohort analytics on top) is increasingly common.

Does the FCA have a preferred vendor list? No, and it will not endorse vendors. But supervisors do ask which tools you use and how you have validated them. Bring the model risk pack to the conversation.

How quickly can we see ROI? On the communications-review side, most firms see a 50-70% reduction in manual review time within the first quarter of steady state. On the outcomes side, ROI is harder to quantify directly but shows up in faster board-report cycles and reduced section 166 exposure.

See Sedric on your own communications

The most productive way to evaluate Consumer Duty software is on your own material, not a vendor demo dataset. We will run a structured 30-minute session against a sample of your customer communications — marketing copy, sales scripts, in-product disclosures — and show, line by line, what the platform flags, against which rule, and how the audit trail is preserved. No procurement commitment required to take the session. Book a Sedric demo.