How to Produce FCA Audit Evidence for Insurance Claims

Receiving an FCA evidence request is a test of operational readiness, not just a data retrieval task. Firms that have structured their claims operations to capture and store the right data — continuously, automatically, and in a format suitable for regulatory production — will respond in hours. Firms that have not will spend days in a manual reconstruction exercise, often producing evidence with gaps and inconsistencies that become findings in their own right.

This guide walks through what an FCA evidence request actually looks like, the five categories of evidence most commonly requested from insurance claims operations, what the FCA expects in terms of format and presentation, the turnaround timelines you will face, and the mistakes that transform a routine supervisory review into an enforcement investigation.

What an FCA Evidence Request Looks Like in Practice

The FCA conducts evidence gathering through several mechanisms. For the majority of insurance firms, the first encounter with a formal evidence request comes through their supervisory relationship — a letter or email from their named supervisory contact, or from a member of the relevant supervisory team.

The request will typically specify:

• A data period — commonly the previous 6 to 12 months of claims, though longer periods may be requested in thematic reviews or enforcement contexts
• The specific line of business, customer segment, or complaint pattern the FCA is examining
• The categories of information required — often listed as numbered or lettered items
• A response deadline — typically 10 to 20 working days for a standard supervisory request, though this varies significantly by context
• The format in which the FCA expects the evidence — usually structured data files, supporting documentation, and a covering summary

The tone of the request is usually formal but not confrontational. It is a supervisory exercise, not (yet) an enforcement action. However, how a firm responds to a supervisory evidence request materially affects how the FCA views its governance and culture. A prompt, well-organised, complete response signals operational competence. A late, incomplete, or inconsistent response raises questions about whether the firm is in control of its operations.

Thematic reviews — where the FCA is examining practices across multiple firms simultaneously — follow a similar format but the questions will be standardised across all firms in the review cohort. The FCA will be comparing your responses with those of your peers. Outliers — in either direction — attract follow-up.

Urgent requests, often tied to enforcement investigations, consumer complaints escalated to the FCA, or media attention on a specific claims issue, may require responses in five working days or fewer. These timelines are not negotiable. The FCA will consider a failure to meet a response deadline as a compliance matter in itself.

The Five Categories of Evidence the FCA Most Commonly Requests

Across supervisory reviews, Consumer Duty assessments, and thematic investigations, the FCA consistently requests evidence in five core categories from insurance claims operations. Understanding what each category requires — and what the FCA is looking for within it — allows operations teams to build the right data capture habits before a request arrives.

1. Decision Logs

The FCA wants to understand how claims decisions were made. Decision logs are the core of any claims audit evidence package. They must show, for each claim in the sampled period:

• Who made the decision (adjuster identity, team, role)
• When the decision was made (date and time)
• What information was available to the decision-maker at the time
• What the decision was (approve, decline, partial settlement, referral)
• The stated rationale, where required by policy or regulation
• Any escalations, reviews, or overrides that occurred

The FCA is not primarily interested in narrative descriptions. It wants structured, queryable data that allows it to identify patterns: are particular adjusters declining more claims than peers? Are certain claim types being handled differently across the portfolio? Are decisions being made consistently with the documented decision-making framework?

Decision logs must not be reconstructed after the fact. The FCA is alert to evidence that appears to have been compiled in response to the request rather than captured contemporaneously. Timestamps that cluster around the production date, narrative rationales that read like justifications rather than contemporaneous records, and data that cannot be reconciled with other operational records are all red flags.

2. Communication Records

Consumer Duty requires that all communications with retail customers are fair, clear, and not misleading. The FCA will sample claims from the requested period and ask for all customer-facing communications associated with those claims: letters, emails, portal messages, and any documented telephone call notes.

The FCA is assessing whether the communications:

• Clearly explain coverage decisions and the basis for them
• Use language appropriate to the customer's apparent level of understanding
• Provide sufficient information for the customer to exercise their rights (complaints process, right to dispute, FOS escalation path)
• Are timely — sent when the FCA would expect them to be sent
• Are consistent with the decision records — the communication says the same thing the decision log shows

Communication records must be complete. A claim where customer emails have not been retained, where a template letter cannot be produced, or where the record shows a communication was sent but the content is unavailable, creates an evidential gap that the FCA will note.

The UK compliance framework for insurance claims has made communication quality a primary regulatory focus. Firms should be retaining all customer communications as a matter of course, in a format that allows retrieval by claim reference.

3. Settlement Outcome Data

The FCA will ask for settlement amounts compared to claimed amounts, across the sampled claims and often across the broader portfolio for the period. It is looking for patterns of under-settlement, inconsistency across similar claim types, or material variances that cannot be explained by legitimate underwriting or policy grounds.

This evidence must include:

• Claimed amount
• Settled amount
• Variance (as a value and percentage)
• Claim type and policy type
• Explanation for material variances — excess application, policy exclusion, partial liability, dispute resolution
• Summary statistics for the portfolio: average settlement ratio by claim type, distribution of variances, trend over time

The FCA uses settlement outcome data to assess whether the firm is delivering fair value to customers. A portfolio where the average settlement is consistently materially below the claimed amount, without adequate documented justification, is a Consumer Duty concern. A portfolio where settlement ratios vary significantly across adjusters or branches, without explanation, is a governance concern.

4. Vulnerability Assessments

Consumer Duty requires firms to identify and respond to customer vulnerability. For claims operations, this means having documented processes for identifying vulnerable customers at the point of claim, recording those identifications, and adjusting the claims handling approach appropriately.

The FCA will ask:

• How were vulnerable customers identified in the claims process?
• How many claims in the sampled period were flagged as involving a potentially vulnerable customer?
• What adjustments were made to the claims handling process for those customers?
• What were the outcome differences, if any, between vulnerable and standard customers across the portfolio?

Sparse or ad hoc vulnerability data is itself a finding. If a firm with a substantial retail claims book can only produce a handful of vulnerability flags across a 12-month period, the FCA will question whether the firm's identification processes are effective or whether staff are being incentivised to avoid flagging vulnerability because it creates process complexity.

5. Turnaround Time Data

The FCA cares about speed of settlement as a component of fair treatment. Claims that linger without progress, decisions that are deferred without justification, and payment delays after settlement decisions are all potential Consumer Duty concerns.

Turnaround time evidence must show, for sampled claims:

• Time from First Notification of Loss (FNOL) to acknowledgment
• Time from acknowledgment to assignment to an adjuster
• Time from assignment to decision
• Time from decision to payment
• Total end-to-end time from FNOL to closure

These figures should be broken down by claim type and, where relevant, by adjuster or team. The FCA wants to see whether turnaround times are consistent, improving over time, and meeting the firm's own stated service standards. A firm that publishes a 5-day acknowledgment standard but whose data shows an average of 12 days has produced evidence of its own non-compliance.

Formatting Requirements and Practical Presentation

The FCA does not prescribe a specific format for evidence, but its expectations are well-established through practice. Supervisory teams are experienced reviewers who will work through a large volume of evidence across multiple firms. Evidence that is immediately interpretable will be more favourably received than evidence that requires the reviewer to decode it.

The practical standards are:

• Structured data: spreadsheets with clear, consistent column headers, one row per claim or event, no merged cells or nested tables. The FCA may load your data into its own analytical tools — format for machine readability as well as human readability.
• Supporting documentation: PDFs or certified copies, clearly labelled with the claim reference and document type. Do not submit a folder of unlabelled documents and expect the reviewer to sort them.
• A covering summary: a document that maps each piece of evidence to the specific Consumer Duty outcome or regulatory question it is responding to. This shows the FCA that you understand why the evidence is being requested, not just that you have produced files.
• Chain of custody documentation: for evidence that will be used in enforcement proceedings, documentation showing when data was extracted, by whom, from which system, and that it has not been altered since extraction is essential. The audit trail of the evidence production process is itself part of the evidence.

Turnaround Time Expectations and the Deadline Problem

A standard FCA supervisory evidence request will specify a deadline of 10 to 20 working days. This sounds manageable. In practice, for firms that do not have automated data capture and reporting, it is not.

A 10-working-day response window, once the legal team has reviewed the request (2 days), the compliance team has parsed the specific requirements (1 day), the operations team has identified the relevant data sources (1 day), and the data has been extracted, quality-checked, and packaged (3-4 days), leaves almost no margin for complications. A system that does not allow export of the required data in the required format, a data quality issue discovered during extraction, or a key person being unavailable can easily cause a missed deadline.

For urgent requests — the 5-working-day variety — there is effectively no margin at all. The only way to meet a 5-day FCA evidence deadline is to have the data already available in a structured, exportable format, such that production is a reporting exercise rather than a data gathering exercise.

Firms that need to manually compile evidence often miss these deadlines — which itself becomes a compliance finding. A missed FCA evidence deadline is not a neutral event. It is recorded, it raises questions about the firm's control environment, and it may trigger a more intensive supervisory response.

Common Mistakes That Trigger Deeper Investigation

The FCA's supervisory reviews do not always result in findings. Many result in "no action" letters or low-level recommendations. But certain patterns in the evidence produced almost reliably trigger escalation. These are the mistakes that convert a routine review into something more serious.

Inability to Produce Evidence at All

The worst outcome is telling the FCA you cannot produce the requested evidence because the data does not exist, was not retained, or cannot be extracted from the system. This is not just a compliance failure for the current review — it is evidence of a fundamental control gap. If you cannot show what decisions were made over the last 12 months, the FCA must assume the worst.

Unexplained Gaps or Inconsistencies

Producing evidence where claims are missing from the dataset without explanation, where timestamps are implausible, or where the decision log and the communication records cannot be reconciled raises immediate questions. The FCA's first assumption when it sees inconsistencies is not that there is a technical explanation — it is that the firm has something to hide. The burden is on the firm to explain anomalies proactively and clearly.

Settlement Variance Without Justification

If your settlement outcome data shows material variance between claimed and settled amounts, you must explain it. "Within our normal range" is not a justification. If the policy excess accounts for the variance, show that calculation. If a claim was partially declined for a documented exclusion reason, show the exclusion and the rationale. Unexplained settlement variance is a Consumer Duty finding.

Communication Samples That Are Unclear or Misleading

If the FCA reviews your communication samples and finds letters that are difficult to understand, that obscure the customer's rights, or that use technical language inappropriate for a retail customer, it will note this as a Consumer Duty concern. The communications produced in an evidence request are your best opportunity to demonstrate fair, clear customer communication — or to demonstrate the opposite.

Sparse or Ad Hoc Vulnerability Data

As noted above, very low vulnerability flag rates for a retail claims book are their own finding. If your data shows that fewer than 1% of claims over the past year involved a vulnerability identification, and you are a motor or home insurer with a substantial retail book, the FCA will question your identification processes. The absence of vulnerability data is not evidence of absence of vulnerability.

Building Operations That Respond to FCA Requests in Hours

The fundamental principle for FCA evidence readiness is: capture now, report later. Every data element that the FCA might request — decision records, communication logs, settlement data, vulnerability flags, turnaround timestamps — should be captured automatically and continuously as a by-product of normal claims operations. The production of FCA evidence should be a report query against a well-maintained data store, not a reconstruction exercise.

This requires:

• A claims platform that automatically captures timestamped decision records with adjuster identity, information available at decision time, and outcome — not just a summary field that can be edited after the fact
• Integrated communication logging that associates every customer communication with the relevant claim and retains content, not just metadata
• Settlement data capture that records claimed amounts and settled amounts at the point of settlement, with structured fields for variance explanation
• Vulnerability flagging that is built into the claims intake and handling workflow, not a retrospective annotation process
• Automated timestamp recording at every stage of the claims lifecycle, enabling turnaround time calculation without manual data assembly

A claims platform with these capabilities transforms FCA evidence production from a compliance crisis into a routine operation. When a request arrives, the compliance team runs predefined report queries against the claims data, packages the output with a covering summary, and submits within 48 hours. The deadline is met with time to spare. The evidence is structured, consistent, and complete.

The audit trail capabilities that make this possible are not a luxury feature — they are the operational foundation of regulatory evidence readiness. A claims operation that cannot produce FCA evidence quickly and cleanly is a claims operation that is not in adequate control of its own data.

The Intersection of Evidence Readiness and Consumer Duty

There is a direct connection between the quality of FCA evidence a firm can produce and its actual Consumer Duty compliance. A firm that has genuinely implemented Consumer Duty — with structured decision-making, clear communications, consistent settlement outcomes, active vulnerability identification, and timely processing — will have the data to prove it. A firm that has implemented Consumer Duty as a documentation exercise rather than an operational reality will find that its evidence does not support its assertions.

The FCA understands this. Consumer Duty evidence requests are partly a test of data quality and partly a probe of whether the firm's practices match its stated policies. The two tests are linked: a firm with poor data quality is likely a firm with poor Consumer Duty practices, because a firm that genuinely cares about customer outcomes will have built the systems to monitor and evidence those outcomes.

Evidence readiness is therefore not a compliance add-on. It is an indicator of the quality of the underlying operations. Firms that invest in capturing the right data, in the right format, with the right integrity guarantees, are building operations that are better for customers as well as regulators.

Practical Checklist for FCA Evidence Readiness

For compliance and operations teams assessing their current evidence readiness, the following questions identify the key gaps:

1. Can you produce a complete decision log for all claims over the past 12 months, with adjuster identity, timestamps, and decision basis, within 24 hours of a request?
2. Are all customer communications retained in a format linked to the relevant claim reference, with content retained (not just metadata)?
3. Can you produce settlement outcome data with variance explanations for a sampled period in structured spreadsheet format?
4. Does your vulnerability flagging create a structured data record, or is it a narrative field that varies by adjuster?
5. Can you calculate turnaround times for all claims lifecycle stages for any given period without manual data assembly?
6. Is your audit data held in an append-only, tamper-evident format that would satisfy FCA questions about data integrity?
7. Do you have a documented FCA evidence response process, with named owners and tested timelines?

If the answer to any of these questions is "no" or "we are not sure," the gap should be treated as a priority. The FCA will not warn you before an evidence request arrives.

Regure is built around the principle that compliance evidence should be a product of good operations, not a separate exercise. The platform captures structured, tamper-evident, timestamped records of every claims lifecycle event, communication, decision, and settlement, continuously and automatically. When an FCA evidence request arrives, your team runs a report. Book a demo to see how the evidence production workflow works and how quickly your team could respond to a real FCA request on your current claims volume.