What UK Financial Services Firms Are Getting Wrong in 2026 — And How to Fix It

Posted on by admin

What UK Financial Services Firms Are Getting Wrong in 2026 — And How to Fix It

By Adrian Lawrence FCA, Founder, FD Capital Recruitment Ltd — ICAEW Registered Practice

The FCA’s supervisory and enforcement output in 2026 reveals consistent patterns in the compliance failures it is identifying across the sector. These are not random failures scattered across unrelated areas. They cluster around predictable weaknesses: SMCR documentation that exists on paper but does not reflect how the firm actually operates; AML frameworks built for the original MLR 2017 implementation that have not been actively maintained; Consumer Duty frameworks that were implemented for the July 2023 deadline and have not been developed since; and investment regulation obligations — in ESG disclosure, product governance and client assets — that compliance functions have underweighted relative to the SMCR and Consumer Duty work that dominated the preceding years.

This article covers the principal areas where FCA-regulated firms are falling short in 2026, and what a genuinely compliant approach looks like in each.

SMCR Documentation: The Gap Between Paper and Practice

The most pervasive SMCR weakness the FCA identifies is the disconnect between a firm’s documented governance framework and how it actually operates. Statements of Responsibilities that describe an aspirational accountability structure rather than the one in which decisions are actually made; Management Responsibilities Maps that were accurate at the time of the firm’s authorisation but have not been updated to reflect two or three subsequent restructurings; and regulatory references processes that exist in policy but are not consistently applied in practice. Each of these is a documented compliance commitment that is not being met, and each is visible to the FCA when it examines the firm’s governance in a supervisory engagement.

The Statement of Responsibilities is the document that most clearly reveals the quality of a firm’s SMCR implementation. A well-drafted SoR describes, in specific and accurate terms, what an individual SMF holder is actually accountable for at this firm — the decisions they take, the information they receive, the functions that report to them. A generic SoR that could apply to any compliance officer at any investment firm tells the FCA nothing useful and, worse, provides no accountability anchor if something goes wrong in the compliance officer’s area.

The regulatory references obligation under SYSC 22 is one of the most consistently under-implemented elements of the SMCR framework. Firms must obtain regulatory references from all former FCA-regulated employers of proposed SMF holders before appointment, and must provide references to other regulated firms that request them. In practice, reference requests are frequently initiated too late, reference provision processes are informal, and the obligation to update references where new adverse information emerges after the initial reference is sent is often not implemented at all. The FCA’s supervisory approach has become increasingly attentive to this gap.

The annual certification process for certified persons is the third consistent weakness. Certification is often treated as an administrative exercise — forms circulated, declarations received, certificates issued — rather than as a genuine annual assessment of fitness and propriety. The FCA’s standard requires an actual assessment covering all three dimensions of the fit and proper test against the individual’s specific certified function. Firms that issue certificates without having conducted a substantive assessment of the individual’s competence, integrity and financial soundness have not met their certification obligation regardless of how complete their documentation looks.

SMF Approval: What Happens When the FCA Asks Questions

For firms that are appointing new SMF holders — whether at formation or as part of ongoing succession planning — understanding what happens if the FCA has questions about a proposed appointment is essential. The FCA requests an interview with a proposed SMF holder in a minority of cases, but where it does, the interview is a substantive regulatory assessment. What the FCA assesses in an SMF interview goes well beyond the factual content of the Form A: it is looking for evidence that the individual genuinely understands their proposed accountability, the regulatory framework applicable to the firm’s activities, and what the SMCR’s reasonable steps obligation will require of them in practice.

Candidates who have read their Statement of Responsibilities but have not thought carefully about what it means in practice — what MI they will receive, what decisions they will take, how they will interact with the compliance function — consistently perform less well in FCA interviews than those who have genuinely engaged with the operational implications of their proposed role. The preparation that matters is not rehearsing regulatory definitions but understanding the accountability the individual is taking on and being able to articulate it clearly.

Investment Firms: Product Governance and ESG Disclosure

For investment management firms and financial advisers, the regulatory agenda in 2026 has two specific priority areas that have not received as much compliance function attention as SMCR and Consumer Duty: product governance under MiFID II and its UK post-Brexit equivalent, and the ESG disclosure frameworks that now apply to a growing population of UK asset managers and wealth managers.

MiFID II product governance requires manufacturers and distributors of investment products to identify target markets, conduct product reviews, and ensure distribution is consistent with the product’s intended target market. In 2026, the FCA’s Consumer Duty overlays these obligations with an enhanced outcomes standard: it is not sufficient for distribution to be technically within the target market if customers in that market are not receiving fair value or the product is not meeting their needs in practice. The interaction between product governance and Consumer Duty fair value obligations is one of the most practically complex areas of investment firm compliance, and firms that are managing each framework separately rather than as an integrated obligation are likely to have gaps at the interface.

The ESG disclosure landscape for UK asset managers has stabilised somewhat since the UK SDR regime came into force, but compliance with its requirements — the four product labels, naming and marketing rules, and entity-level disclosures — remains a work in progress at many firms. The SFDR continues to apply to UK managers with EU operations, creating a dual disclosure obligation that requires careful management of the differences between the UK and EU frameworks. The UK SDR naming and marketing rules in particular have required significant reworking of fund documentation at many firms, and enforcement of these rules is a stated FCA supervisory priority for 2026.

Payment Institutions: Safeguarding Remains the Dominant Weakness

For firms regulated under the Payment Services Regulations 2017, the FCA’s consistent finding in supervisory reviews is that safeguarding compliance remains the most widespread operational weakness. The safeguarding obligation — which requires payment institutions to hold client funds in a designated account with an eligible credit institution or credit union, or in qualifying insurance — sounds straightforward but creates significant operational complexity in practice.

The most common failures are: safeguarding account designations that do not meet the PSR requirements; shortfalls between the funds held in safeguarding and the firm’s aggregate outstanding payment obligations; failure to reconcile the safeguarding account against outstanding payment liabilities on a daily basis; and inadequate documentation of the safeguarding methodology and the evidence that it is operating effectively. The FCA’s proposed safeguarding reforms — which would require payment institutions to hold safeguarded funds in statutory trust — would significantly raise the operational standard, and firms that are not already meeting the current requirements will find the transition to the new framework materially more demanding.

Financial Crime: KYC, Transaction Monitoring and SARs

The financial crime compliance picture in 2026 is shaped by three specific weaknesses the FCA consistently identifies: inadequate know-your-customer processes that do not proportionately address the firm’s actual customer risk profile; transaction monitoring calibration that has not been reviewed since implementation; and a suspicious activity reporting process that does not evidence genuine analysis of the suspicious behaviour that led to the SAR filing.

On transaction monitoring specifically: the calibration of detection scenarios and alert thresholds is one of the most technically demanding and most commonly deficient elements of AML programmes. Monitoring systems that were implemented with vendor-default scenarios and thresholds and have never been calibrated to the firm’s specific customer profile generate either too many alerts — producing alert fatigue and poor investigation quality — or too few, missing genuine suspicious activity that a properly calibrated system would have caught. The FCA expects documented evidence that the firm’s monitoring calibration has been deliberately chosen, tested, and periodically reviewed. A vendor-default configuration with no documented calibration review is not sufficient.

The SAR process is the culmination of the financial crime framework and the most direct interface between the firm’s AML compliance and the UK Financial Intelligence Unit at the NCA. SAR quality — the specificity of the grounds for suspicion, the accuracy of the transaction information, the timeliness of submission — matters to the FCA’s assessment of the firm’s AML effectiveness. A high volume of SAR submissions tells the FCA the firm is generating alerts. Low-quality SAR filings that do not articulate a clear basis for suspicion, or that are filed weeks after the suspicious activity was identified, suggest the firm’s AML process is not functioning at the standard the FCA expects.

Consumer Duty: Moving Beyond the Four Outcomes Framework

The Consumer Duty compliance picture in 2026 has evolved significantly from the implementation phase. Firms that built frameworks around the four outcome areas — products and services, price and value, consumer understanding, and consumer support — now need to demonstrate that those frameworks are producing measurable good outcomes in practice, not just that the frameworks exist. The FCA’s supervisory reviews are increasingly data-driven: they look for MI showing actual customer outcomes rather than process attestations.

The areas generating the most FCA supervisory attention in 2026 are: fair value in products where ongoing charges are not clearly connected to ongoing service delivery; consumer understanding in complex product categories where comprehension testing reveals significant gaps between what the firm believes clients understand and what they actually do; and consumer support accessibility, particularly for customers who attempt to exercise their rights — to complain, to switch, to access information — and face unnecessary barriers in doing so. Each of these is an area where the Consumer Duty creates a higher standard than its predecessor Treating Customers Fairly framework, and where firms that equated Consumer Duty readiness with their existing TCF compliance will consistently fall short.

When the FCA Intervenes: Section 166 Reviews

When the FCA identifies a significant concern about a firm’s compliance — whether through a supervisory visit, a thematic review, a consumer complaint pattern, or its own market intelligence — one of its most powerful supervisory tools is the Section 166 skilled person review. A s166 review involves the appointment of an independent skilled person — typically a Big 4 or specialist consultancy firm — to review a specified aspect of the firm’s operations and report to the FCA on their findings. The firm bears the cost, which can be substantial for a comprehensive review.

A s166 review is not the same as an enforcement action, but it is a significant escalation from routine supervisory engagement. Firms that receive a s166 notice should treat it with the same seriousness as an enforcement investigation: it requires careful management, legal advice, and active engagement with both the skilled person and the FCA to understand and address the concerns that triggered it. The triggers for more formal FCA enforcement action — the opening of an investigation, the issuance of a Warning Notice — typically follow where a s166 review identifies serious or systemic failures that the firm has not adequately remediated.

Building the Right Compliance Capability

The common thread running through every area of compliance weakness described above is a resourcing and capability problem. Compliance officers who are managing SMCR documentation, Consumer Duty evidencing, AML programme maintenance, payment institution safeguarding oversight, investment regulation compliance and ESG disclosure simultaneously — in a firm where the compliance function has not grown at the same rate as the firm’s regulatory obligations — will consistently have coverage gaps. The areas most likely to be underprioritised are precisely those that are less visible in day-to-day operations: regulatory references, annual certification quality, transaction monitoring calibration review, and ESG disclosure accuracy.

For firms experiencing this resourcing challenge, the most effective response is targeted specialist resourcing rather than general compliance headcount. A financial crime professional with specific AML programme experience can address the transaction monitoring and SAR quality issues more effectively than a generalist compliance officer at a higher salary level. A financial crime specialist who has designed AML frameworks at comparable firms brings calibration methodology and SAR quality practices that take years to develop independently. The right specialist resource at the right point in the firm’s compliance lifecycle delivers disproportionate value relative to its cost.

Conclusion

The FCA’s supervisory priorities in 2026 are not new. The SMCR documentation gap, the AML programme maintenance gap, the Consumer Duty evidencing gap, and the investment regulation compliance gap have been identified consistently in supervisory reviews for the past two to three years. What has changed is the FCA’s tolerance for the “we’re working on it” response and the pace at which supervisory engagement escalates to more formal intervention where that response is not backed by genuine remediation progress.

The firms that are managing these obligations most effectively are those that treat their compliance framework as a live, actively managed asset rather than a set of policies produced at the point of authorisation and updated periodically. They have compliance functions that are integrated into the firm’s operational and governance processes, senior managers who engage genuinely with their accountability obligations, and boards that receive MI that actually shows them whether the firm is delivering compliant outcomes across each area of its regulated activities. That standard is achievable at any size of regulated firm. It requires the right compliance leadership, adequate resourcing, and organisational commitment to genuine compliance rather than compliance in name.

About the author: Adrian Lawrence FCA is the founder of FD Capital Recruitment Ltd, an ICAEW Registered Practice (Co. No. 13329383) specialising in the placement of CFOs, Finance Directors, compliance officers and financial crime professionals at FCA-regulated financial services firms. Adrian holds an ICAEW practising certificate as a Fellow Chartered Accountant. FD Capital’s regulatory knowledge centre covers the full range of FCA compliance obligations across SMCR, Consumer Duty, financial crime, investment regulation and ESG disclosure.

Leave a Reply

Your email address will not be published. Required fields are marked *