When a regulator contacts your business, the first response matters. Whether it is an Ofcom information request, an FCA supervisory enquiry, an ICO complaint investigation or an early-stage enforcement signal, the way a business responds in the first days and weeks shapes the trajectory of the entire matter. Bratby Law provides direct legal advice on regulatory investigations and enforcement across telecoms, data protection and payments, from first contact through to resolution.

Who this is for

Investigations and enforcement support is designed for regulated businesses that have received contact from a regulator or identified a potential compliance issue. Typical clients include telecoms operators facing Ofcom investigations under the Communications Act 2003; payment service providers and electronic money institutions subject to FCA supervisory enquiries under the Payment Services Regulations 2017; data controllers responding to ICO complaints or investigations under the Data Protection Act 2018; and boards and compliance teams needing immediate senior legal guidance on regulatory enforcement risk.

First-response situations

Businesses typically need investigation support when they receive a formal or informal information request from Ofcom, the FCA, the PSR or the ICO. When a consumer complaint has been escalated to the regulator and requires a substantive regulatory response. When the business has identified a potential compliance breach and needs to assess its notification and remediation obligations. When a competitor or industry participant has filed a regulatory complaint. When the business receives a preliminary enforcement notice, warning letter or invitation to comment. When a regulatory audit or inspection is scheduled or in progress.

What we do quickly

In the first phase, we assess the nature and seriousness of the regulatory contact, advise on the immediate response obligations and deadlines, review the factual position and identify the key risks, prepare or review the initial response, and establish a strategy for managing the matter through to resolution. Speed matters because regulatory deadlines are typically short, early responses set the tone, and preserving evidence and maintaining privilege requires immediate attention.

Strategy, evidence and remediation

Beyond the initial response, investigation support covers developing a regulatory strategy that protects the business’s position while maintaining a constructive relationship with the regulator. Managing document production, evidence gathering and privilege reviews. Preparing submissions, representations and responses to provisional findings. Advising on voluntary remediation measures that may reduce enforcement risk. Negotiating settlements, undertakings or agreed outcomes where appropriate. Advising on appeal rights and routes where enforcement action is taken. Supporting the board and senior management through the process, including preparation for regulatory meetings and interviews.

Rob Bratby’s experience at Oftel, the predecessor to Ofcom, provides direct insight into how regulators approach investigations, what they prioritise, and how to frame responses in terms that address the regulator’s actual concerns. This regulatory-insider perspective is combined with over 30 years’ advisory experience and current fractional GC appointments at UK Payments Initiative Limited, TelXL, Core and The One Touch Switching Company.

Why specialist investigation support

Regulatory investigations in telecoms, payments and data protection operate under sector-specific procedural frameworks that generalist litigation or regulatory lawyers may not know in detail. Ofcom investigations follow the procedures set out in its Enforcement Guidelines, with specific timescales, evidence thresholds and settlement frameworks. FCA enforcement follows the Regulatory Decisions Committee process, with distinct stages for investigation, decision and appeal. ICO enforcement follows the Data Protection Act 2018 penalty framework, with specific requirements for penalty notices, enforcement notices and assessment notices. Understanding these procedural frameworks is essential to managing investigations effectively.

A specialist also understands the regulator’s enforcement priorities and risk appetite. Not every compliance issue leads to enforcement action, and not every information request signals a formal investigation. Knowing how to read the regulatory signals, when to engage proactively, and when to resist overreach protects the business’s position without unnecessary escalation.

The cost of getting the early response wrong can be significant. An ill-judged initial response can transform a routine enquiry into a formal investigation, or an information request into an enforcement case. Conversely, a well-managed early response can resolve the matter at the enquiry stage, avoiding the cost, disruption and reputational impact of a formal investigation.

Related practice areas

For the telecoms enforcement framework, see Telecoms Regulation. For ICO enforcement and data protection compliance, see Data Protection. For FCA and PSR enforcement in payments, see Payments Regulation.

Related engagement models

See also: Interim Counsel for immediate senior legal cover during a crisis, and Project Counsel for managing remediation programmes. For an overview, see Direct Legal Advice.

Cross-regulator investigations

Some matters involve more than one regulator. A data breach at a telecoms provider may trigger both an ICO investigation under UK GDPR and an Ofcom investigation under the telecoms security framework. A payments business may face simultaneous FCA and PSR enquiries on related issues. Managing cross-regulator investigations requires careful coordination to ensure consistency of response, avoid contradictory positions, and manage information sharing between regulators. Our experience across telecoms, data protection and payments regulation means we can coordinate the response across multiple regulatory fronts from a single point of contact.

We also advise on the interaction between regulatory investigations and other proceedings, including civil litigation, criminal investigations by other authorities, and internal disciplinary processes. Privilege management is particularly important in multi-track situations, and we advise on maintaining legal professional privilege throughout the investigation process.

Frequently asked questions

Book a call

If your business is facing a regulatory investigation or enforcement action, contact us for immediate support.