FCA brings Buy Now Pay Later under its regulation from July 2026
As financial services firms consider what lies ahead for them in 2026, the FCA’s priorities
12/02/26
Read more
Top ten regulatory priorities for financial services firms in 2026
As financial services firms consider what lies ahead for them in 2026, the FCA’s priorities for 2025–2030 continue to emphasise the delicate balance between supporting growth and ensuring firms “do the right thing.”
The FCA’s five-year strategy, set out in March 2025, is anchored in four areas: being a smarter, more efficient regulator; supporting growth and innovation; helping customers navigate their financial lives; and combating financial crime. Regulatory efficiency and proportionality remain front and centre: firms that seek to do the right thing can expect streamlined reporting, simplified authorisation and reduced data requests – with 36,000 firms already benefiting from lighter reporting obligations.
In a recent letter to Prime Minister Keir Starmer, FCA CEO Nikhil Rathi highlighted the regulator’s focus on enabling sustainable financial growth, supporting digital innovation and promoting financial inclusion – all while protecting consumers and safeguarding market integrity.
Against this backdrop, financial services firms are operating under a more pro-growth regulatory approach, with reduced reporting burdens, fewer formal enforcement actions but continued supervisory scrutiny. The FCA is placing greater reliance on data requests as a tool for supervision and asking firms to evidence how they are delivering good outcomes for customers, fighting financial crime and demonstrating effective governance and risk management whilst continuing to deliver value for customers.
We’ve grouped our top ten priorities into four key topics: current themes, emerging opportunities, ongoing issues and areas to watch. Together, these highlight where firms should focus in 2026 to meet FCA expectations, manage risk effectively and deliver lasting value for customers.
Current themes
1. Embedding and monitoring the Consumer Duty
What's changing
The FCA continues to prioritise embedding the Consumer Duty across all sectors, using it as the primary mechanism to drive good outcomes rather than introducing prescriptive rules. The regulator’s plan for multi-firm reviews will examine how the Duty is being embedded with a focus on outcome monitoring, product design, customer journey mapping and consumer understanding. For example, in the consumer investment sector, the FCA is conducting a market-wide review of the implementation of the Duty in model portfolio services.
The treatment of vulnerable customers also remains of regulatory importance. As part of a streamlined complaints reporting process, the FCA now requires firms to report complaints involving vulnerable customers and is working with the Information Commissioner’s Office (ICO) to address the challenges of supporting such customers while complying with data protection requirements.
Why it matters now
Embedding the Consumer Duty well is crucial for protecting customers, improving engagement and ensuring delivery of fair value – particularly for vulnerable clients. Regulatory scrutiny is intensifying, with the FCA expecting firms to evidence how they assess and monitor outcomes, design products responsibly and communicate effectively with consumers. Despite a reduced number of S166s the FCA is increasing its use of information requests as a supervisory tool. Consistent alignment is key to gaining a competitive advantage of fostering trust and transparency.
Where firms typically struggle
Firms can often find it challenging to translate high-level Consumer Duty requirements into operational practice. Common issues include inconsistent monitoring of customer outcomes, fragmented ownership of product governance, gaps in customer journey design and poor identification of vulnerable clients. These gaps can lead to compliance risks and missed opportunities to improve customer outcomes.
How TCC and Recordsure can help
TCC’s experts work with firms to embed the Consumer Duty’s principles into their governance, culture and business model, which, in turn, helps create a clear, auditable framework for monitoring customer outcomes. Recordsure’s AI-led technology complements this by capturing and evidencing client interactions, enabling firms to demonstrate regulatory compliance efficiently and confidently, whilst keeping customer outcomes at the heart of the firm’s operations.
2. Tech, data and innovation
What's changing
The FCA is pursuing a five-year strategy focused on supporting growth, improving consumer outcomes and becoming a “smarter regulator” through digitalisation, streamlined authorisations and more efficient supervision. As digital transformation accelerates, firms are increasingly embedding new technologies such as AI, data analytics and digital identity solutions. Regulatory expectations are evolving to ensure these innovations are deployed safely, whilst the FCA invests in its own technology, people and systems.
Why it matters now
Firms are expected to ensure that any AI and data-driven tools they use are explainable, unbiased and aligned with customer outcomes, whilst maintaining robust oversight of vendors and models. Responsible use of AI is fast becoming a priority – firms and technology vendors should be deploying the highest AI principles to ensure safety, security, ethical responsibility and accountability. The FCA’s focus on smarter regulation means firms that don’t manage technology and data risks effectively may face increased scrutiny and enforcement action.
Where firms typically struggle
Many firms struggle with embedding emerging technology safely and at scale. Common challenges include implementing effective data governance, monitoring risk and maintaining compliance with data protection requirements. These gaps can increase operational, reputational and regulatory risk.
How TCC and Recordsure can help
TCC and Recordsure combine smart people and innovative technology to help firms navigate regulatory complexity, strengthen compliance and unlock lasting value. TCC embeds governance and operational frameworks for safe innovation, while Recordsure’s AI captures and analyses client interactions at scale, helping firms monitor outcomes, manage risk and demonstrate compliance.
3. Motor finance redress scheme
What's changing
The FCA is progressing its work on motor finance following concerns about historical discretionary commission arrangements (DCAs) and has paused handling certain motor finance complaints while the regulatory and legal position is clarified. Firms are expected to retain relevant records, respond to FCA data requests and prepare for an industry-wide redress scheme. The regulator has made it clear that operational readiness, data integrity and governance will be critical when the scheme is introduced.
Why it matters now
Motor finance redress presents significant financial, operational and reputational risk. Firms that delay preparation risk being unable to respond quickly and effectively to large volumes of complaints, regulatory information requests and potential redress activity. The FCA’s intervention in complaints handling underscores its expectation that firms act proactively to protect customer outcomes and maintain trust, even while final decisions are pending.
Where firms typically struggle
Many firms face challenges with fragmented or incomplete historical data, inconsistent documentation of commission arrangements and limited visibility over past customer journeys. Scaling complaints handling, responding to regulatory data requests and evidencing fair treatment can strain existing operations. Weak governance, unclear ownership and insufficient management information further increase execution and regulatory risk.
How TCC and Recordsure can help
At TCC Group, together with our Momenta brand, we combine deep expertise with years of experience delivering innovative solutions that help firms execute proposed redress schemes efficiently and at pace. We support clients in preparing and validating existing plans and go further by partnering to build robust processes and solutions that ensure long-term compliance and resilience.
Emerging opportunites
4. Targeted support
What's changing
Following a joint review with the government and two consultation papers, the FCA has published its policy statement and near-final rules for the new targeted support regime. The framework aims to bridge the gap between guidance and advice for pensions and retail investments, addressing the needs of an estimated 7 million UK adults with significant cash savings who may be missing out on investment opportunities. Firms can apply for FCA permissions to deliver targeted support from March 2026, ahead of the regime’s planned implementation on the 6th of April 2026, subject to legislation. Some firms are already engaging with the FCA’s pre-application support service.
Why it matters now
With only a small fraction of consumers accessing regulated financial advice, many savers and investors remain unsupported at crucial decision points. The new targeted support regime presents a potential area for growth for firms – particularly product providers and those new to the market – and reflects the political agenda to encourage investment. It aims to enable customers to make informed decisions, a core part of the cross-cutting rules, with guidance on how to receive better returns on their cash savings, as well as supporting those who are not saving enough for retirement.
5. Simplification of insurance rules
What's changing
The FCA has finalised its simplified insurance rules and plans further review to give insurance firms more “flexibility and responsibility”. Key changes include giving firms the flexibility to set product review frequency, moving from annual reviews per product to risk-based reviews, and removing the 15-hour continuing professional development (CPD) requirement for staff. The regulator also intends to remove three further insurance data returns, reassess eligibility and disclosure requirements for packaged bank accounts, streamline collective investment rules and remove handbook references that are no longer needed under the Consumer Duty.
Why it matters now
Simplified rules will enable firms to reduce compliance costs and focus resources where they are most needed. By reducing regulatory burdens, insurers can strengthen their competitive position.
6. Governance – non-financial misconduct
What's changing
The FCA has long warned that a firm’s handling of non-financial misconduct is a key indicator of its culture. It has now issued much-anticipated guidance on how firms should interpret non-financial misconduct within its Conduct Rules and within firms required annual assessment of an employee’s fitness and propriety (F&P). The guidance clarifies that behaviours such as bullying and harassment can constitute breaches of fundamental principles. Starting in September 2026, it will also introduce minimum standards of behaviour for employees across financial services and outline the factors that should be considered when assessing their F&P.
Why it matters now
Non-financial misconduct is an increasingly high-profile area under regulatory scrutiny, and poorly managed misconduct is a clear sign of weak governance.
The regulator’s message is unmistakable: how a firm handles non-financial misconduct reflects its culture. Poor culture harms not just consumers and employees but also markets and a firm’s bottom line. The FCA is now actively prioritising this issue through its supervision of firms and senior managers, so taking a proactive approach to address it will give firms a clear advantage.
Ongoing issues
7. Financial crime and market integrity
What's changing
The FCA continues to prioritise the detection and prevention of financial crime, including money laundering, fraud and market abuse. Its 2025–30 strategy highlights the increasing complexity of digital payments, fintech innovation and emerging financial crime threats, emphasising that firms must implement robust, adaptable and risk-based controls. The recent £44m fine against Nationwide for failures in anti-financial crime systems underscores the regulator’s focus on firms’ ability to maintain accurate know-your-customer information, monitor transactions effectively and respond promptly to emerging risks. Firms are expected to strengthen oversight, embed accountability and proactively identify high-risk customers and activities.
Why it matters now
Financial crime risks can expose firms to regulatory breaches, significant financial losses, reputational damage and the erosion of consumer trust. With rapid growth in digital channels and payment methods, the FCA expects firms to move beyond static compliance checklists to implement proactive, adaptable and fully integrated financial crime controls.
Where firms typically struggle
Common challenges include embedding effective financial crime frameworks across the business, maintaining clear accountability, conducting comprehensive risk assessments, monitoring third parties and appointed representatives, and keeping pace with evolving threats. Financial crime is no longer a static threat – with the increasing presence of fintech products, instant payments and AI-driven fraud, firms need to rethink their fraud prevention strategy to protect customers in real-time digital world. Firms also often struggle to capture complete evidence and provide senior management with sufficient oversight for informed decision-making and regulatory reporting.
How TCC and Recordsure can help
TCC’s team of practitioners and ex-regulators can help firms design, implement and embed compliance frameworks that ensure risk assessments, monitoring processes and senior management oversight meet the FCA’s expectations. When combined with Recordsure’s AI, which captures and analyses interactions, firms gain a clear audit trail, enhanced monitoring capabilities, and the confidence to manage compliance risks effectively.
8. Data privacy and cyber risk integration
What's changing
The FCA has signalled that operational resilience must go beyond compliance frameworks to address how firms actually protect client data and respond to cyber threats. Its focus is expanding to include data privacy, cyber security controls, incident reporting and the resilience of third-party and vendor ecosystems. As firms become more digital and interconnected, the regulator expects closer integration among operational resilience, cyber security and data governance – rather than treating them as separate disciplines.
Why it matters now
Cyber incidents, data breaches and third-party failures can cause immediate and widespread harm to customers and markets, as seen in numerous high-profile incidents in 2025. The FCA increasingly expects firms to demonstrate that data protection and cyber risk are embedded in their resilience planning with clear escalation, testing and response mechanisms in place.
Areas to watch
9. ESG compliance
What's changing
The FCA is increasing its focus on ESG and sustainable finance, emphasising accurate disclosures, robust governance and strong controls. The December 2025 Regulatory Initiatives Grid highlights key upcoming measures, including Sustainability Disclosure Requirements (SDRs), oversight of ESG rating providers and alignment with the UK Sustainability Reporting Standards. Firms are expected to ensure ESG considerations are fully embedded in product design, distribution and ongoing oversight, supported by reliable data and transparent governance.
Why it matters now
As demand for sustainable products grows, the FCA is signalling that claims must be transparent, substantiated and aligned with emerging regulatory standards. Firms that fail to meet these expectations risk undermining consumer trust, attracting regulatory scrutiny and harming market integrity. The next two years will see implementation milestones for SDR, ESG rating regulations and sustainability reporting, making proactive compliance essential.
10. Ongoing advice services
What's changing
The FCA is reviewing how ongoing financial advice is delivered, including a potential removal of the annual suitability requirement for advice clients. This was signalled by the FCA when it published the findings of its review of ongoing financial advice services earlier this year. We are expecting the FCA to clarify its position in H1 2026.
Why it matters now
With changes to the annual suitability requirement under consideration, firms must ensure that they can continue to demonstrate that clients receive timely, appropriate advice. Clear evidence of ongoing oversight and engagement is critical to protecting clients, managing regulatory expectations and maintaining trust. Failure to meet these standards could lead to customer harm, complaints or regulatory scrutiny.
Where firms typically struggle
Firms often struggle to consistently demonstrate ongoing suitability, particularly when record-keeping and monitoring processes are fragmented. Challenges include tracking changes in client circumstances, aligning advice with evolving client objectives and ensuring that communications and recommendations are documented effectively.
How TCC and Recordsure can help
TCC helps firms embed governance, workflows and monitoring processes to ensure that ongoing advice is consistently suitable, client-focused and fully auditable. Recordsure’s AI captures client interactions and key decisions, creating a clear, evidence-based record that demonstrates regulatory compliance and supports firms in delivering high-quality, transparent advice.
Conclusion
As we move into 2026, financial services firms face a landscape of rapid change, an evolving political agenda, greater responsibility on firms when it comes to active risk management and rising customer expectations.
Compliance is not a once-and-done exercise, and it’s vital to continue to embed the Consumer Duty throughout the culture of the business – from product design and distribution to communications and support for vulnerable clients. At the same time, firms adopting AI, data analytics or third-party technology need to ensure that innovation is underpinned by strong governance, effective vendor oversight, and robust model and data controls.
Operational resilience and a healthy risk culture remain critical, encompassing cyber security, third-party dependencies, business continuity and clear senior management accountability. AML, fraud, and financial crime controls remain a core obligation, and firms must balance innovation with these fundamental responsibilities.
With regulatory change reducing, the FCA signals opportunities for simplification, but the pressure on firms to evidence good outcomes through the use of data is not going away. Firms that are organised, transparent and proactive will be best placed to benefit from more predictable and proportionate supervision.
Independent expertise
Partnering with independent experts such as TCC, alongside utilising Recordsure’s AI technology, can help firms navigate this complex landscape. TCC’s team of experts bring deep regulatory expertise and practical experience to strengthen business models, governance frameworks and operational compliance processes. While using Recordsure’s purpose-built AI to capture and analyse client and employee interactions at scale, enables firms to monitor outcomes, demonstrate compliance and provide clear oversight.
Together, we empower firms to act confidently, innovate responsibly and deliver lasting value to customers while meeting financial services regulatory expectations. Wherever you are on your regulatory journey, we can help you work through the challenges, take ownership of responsibilities and reflect inwardly on what these obligations mean for your firm – turning compliance into a framework for stronger, more accountable business practices.
Get in touch to get ahead