In this episode of “The Capital Ratio,” host Sebastian Barling is joined by colleague Connor Williamson to discuss the U.K. Financial Conduct Authority's (FCA’s) 2026 regulatory priorities, with a focus on the impact on the wholesale markets. During the episode, the pair assess the FCA’s priorities and key impacts on U.K. financial institutions, including with regard to consumer duty, artificial intelligence, fraud, financial crime, operational resilience and the senior managers certification regime, as well as other relevant topics.
Episode Summary
The Financial Conduct Authority (FCA) expects financial firms to be proactive, not reactive, when it comes to utilizing customer data. This year, it has introduced a range of new priorities to support its agenda. Host Sebastian Barling is joined by Skadden colleague Connor Williamson to unpack what these revised priorities mean for U.K. financial institutions. Together, they examine the FCA’s nine regulatory priority reports, including key topics such as consumer duty, artificial intelligence, fraud and financial crime, operational resilience, and the Senior Managers and Certification Regime. Tune in for their insights about what financial institutions should be doing now to meet the FCA's expectations.
Voiceover (00:02):
Welcome to “The Capital Ratio,” where Skadden explores the dynamic world of financial institution regulation, offering insights for institutions navigating the regulatory environments in the U.K., EU and U.S.
Sebastian Barling (00:16):
Hi, and welcome to this episode of “The Capital Ratio,” a series in which we look at the key regulatory topics relevant to the U.K. banking sector. I'm your host Sebastian Barling, head of U.K. and European financial regulatory practice here at Skadden. I am delighted to be joined today by my colleague Connor Williamson, an associate from our Financial Institutions Group in London who focuses predominantly on regulatory matters. Here is what we're going to be talking about today.
(00:37):
First of all, the FCA has changed its approach to communicating its regulatory priorities. Under the new approach launched this year, it is scrapping its historic portfolio sector letters and has published nine separate regulatory priority reports. And these cover things like consumer investments, retail banking, mortgages, consumer finance, and wholesale buy-side and wholesale markets. This replacement to the annual portfolio letters is intended to help firms more clearly understand the FCA sector-specific focuses and goals for the coming year. We are going to pick out some of the key topics for U.K. financial institutions and in particular U.K. banks. This includes looking at what they've said about the FCA's consumer duty, artificial intelligence, fraud and financial crime, operational resilience, as well as the Senior Managers and Certification Regime. And then we'll do a bit more of a deep dive on the wholesale markets regulatory report.
(01:21):
So the first topic we're going to look at is the consumer duty, which listeners should already be familiar with and certainly isn't going anywhere anytime soon. Connor, what can we learn from the report regarding the FCA's current sentiment towards it?
Connor Williamson (01:32):
Thanks, Seb. I expect this won't come as a surprise to anyone, but the consumer duty remains a key priority for the FCA for 2026. As a very quick reminder to set the scene, the consumer duty requires firms as an overarching principle to deliver good outcomes to retail customers. This is then supported by cross-cutting rules in four specific outcomes, which the FCA expects firms to seek to achieve. Those include ensuring fair value for customers, good consumer understanding through clear, fair and not misleading communications, and appropriate customer support being available during the product life cycle.
(02:03):
The consumer duty is applied to all open products and services since the 31st of July 2023 and to all closed products and services since the 31st of July 2024, so one year later. And I think ultimately the length of time that the duty has been in force is really the lens through which firms should be thinking about how the FCA is currently viewing this topic for the coming year. So, in particular, while the FCA has noted that customer outcomes have generally improved since implementation, and indeed that firms have for the most part embraced the underlying spirit of the consumer duty, in my view the reports consistently make clear that the duty should now be properly embedded by firms. As a result, if poor outcomes are identified, then the FCA is more likely to intervene than it previously has been. And equally, firms should continue refining their processes in this area rather than designing those processes from the ground up.
Sebastian Barling (02:50):
This does feel a little bit like more of the same from regulators looking at their continued focus on this topic over the last few years. Is there anything which they've given more detail around what they expect people to do differently?
Connor Williamson (03:00):
Yeah. Look, I think that's right and I think in particular what they've really focused on this year is data. That's a big area that the FCA expects firms to continue to focus on.
(03:08):
While anecdotally I think it's fair to say that many firms have really upped their game regarding the use of customer data, in the retail banking report, for example, the FCA highlights how firms should continue improving their data and management information dashboards for the purposes of monitoring and assessing customer outcomes. In turn, this then links to firms using that data to take action to prevent foreseeable harm to retail customers. In summary therefore, what the FCA ultimately requires is that firms are proactive rather than reactive when it comes to utilizing customer data, which isn't necessarily the case across the board as yet.
Sebastian Barling (03:42):
I can certainly see some challenges there for firms. First of all, making sure that they've got the consent to use that data for the right purpose, and then having the confidence enough to use it in a way that is defensible to regulators if they are recommending that customers should do something new. So, I think certainly there's going to be a lot for them to think about to try and make sure they get that right.
(03:59):
Anyway, looking at another sector, consumer finance. How is the FCA still thinking about that in the context of consumer duty?
Connor Williamson (04:05):
So, two key points to flag here. The first, the FCA's planning reviews of areas which it considers to be high-impact in this sector, such as whether fees levied by consumer finance providers should be considered fair value. That's particularly relevant in the context of complex distribution channels, as we'll come onto later.
(04:21):
Second, the FCA has also indicated that they want to release a consultant on rules covering financial promotion as currently set out in Chapter 3 of CONC. The view of this is to align those requirements more closely to the consumer duty standards. So, that's something that firms which offer consumer credit should look out for in 2026, irrespective of whether they're a bank or a non-bank lender.
Sebastian Barling (04:41):
So, it certainly doesn't feel like we're going to get away from those debates as to what is value for money and how you justify those proposals. Anyway, what else is the FCA saying in the context of consumer investments more broadly?
Connor Williamson (04:51):
So, in the context of consumer investments, the reports focus on a couple of key points. So, one is really considering the needs of consumers when designing products and services. So, in practice, in particular having consideration for the needs of vulnerable customers and how those might differ, and therefore what good service might look like for clients with those characteristics.
(05:12):
And then secondly is again, this topic of fair value and firms really focusing on whether or not fair value is being provided in circumstances where there are distribution chains. Recognizing in particular that can be quite complicated when the firm is just one firm of many involved in delivering a product to the customer.
(05:28):
So to break that down with an example. You may have a product where, for example, a portfolio manager has designed a model portfolio service. You then have a second firm, such as an investment platform provider, an ISO operator, for example, which provides the infrastructure for holding and administering the investment. You then have a third firm, a financial advisor, which recommends the product to an individual customer, having assessed suitability for their needs. In some cases, that advisor might actually be an appointed representative and therefore not directly authorized themselves, such that also we have to take into account the principle that's part of this arrangement.
(06:02):
So in this scenario, you have at least the portfolio manager, the platform and the advisor — three or more entities or individuals all involved in delivering a single product to one consumer. The pitfalls for firms in ensuring consumer duty compliance in this context are obvious, but at the same time there's potentially greater scope for consumer harm. And then on that topic, helpfully in my view, the FCA has stated that it intends to look at what accountability might look like in distribution chains such as this that aims to clarify how the consumer duty should be applied in this scenario. As a result, firms in the consumer investment space should expect to see a consultation paper on this later this year.
Sebastian Barling (06:39):
I think that's certainly going to be welcomed, having looked at some of the drafting and some of the horrible analysis that some of our clients have had to do in terms of scoping this properly. So, it would be great if that provides a bit more certainty.
(06:49):
So, to finish up on consumer duty, what should financial institutions be doing right now?
Connor Williamson (06:53):
I think it's important to highlight three key takeaways. So, firstly, keep the consumer duty and consumer outcomes at the heart of everything that you do. That isn't a new message, but as mentioned earlier, the previous grace shown to firms regarding the consumer duty during the implementation phase is less likely to be available going forward and there's going to be an expectation that processes are subject to continuous announcements.
(07:17):
Second, really focus on your collection and use of customer data. While this is really just one specific aspect of point one, I'd be asking two key questions. One, are we analyzing all the data available to us relevant to customer outcomes? And two, where that data shows room for improvement, what steps are we going to take to achieve this? So, it's really looking at the data and ultimately actioning the data where that highlights concerns.
(07:41):
And then third, if you operate through distribution chains or use appointed representatives, get ahead of the consultation by reviewing your oversight arrangements and distribution arrangements, and consider how to improve them if necessary.
Sebastian Barling (07:53):
Thank you, Connor, for taking us through that. Let's go onto a related topic. We've spoken a lot about data in the context of consumer duty and clearly another area where people are looking at how data is used is in the context of AI. So what is in the FCA's radar this year when it comes to AI?
Connor Williamson (08:07):
Well, AI is another pervasive theme across the regulatory priorities reports. The overarching message, I think consistent with what the FCA said on AI in the past, is one of cautious encouragement. It wants firms to experiment using AI. It's actively providing the infrastructure for them to do so through its Sandbox services on the Innovation Pathway. And indeed, the FCA has once again recognized the potential benefits for firms and consumers in the implementation of AI.
(08:34):
However, there is an important caveat to this. The consumer duty and consumer needs must remain at the heart of any innovation. This includes AI. As a result, firms must maintain good governance and controls over these developments.
Sebastian Barling (08:47):
So, it looks like in the short term, the FCA is going to continue to be trying to regulate AI through its existing framework and existing rules and principles. But haven't they recently commissioned a broader review looking at its longer-term implications?
Connor Williamson (08:59):
Yes. Yeah, they have. That is the Mills Review. That review is going to look at the implications of advanced AI on consumers, retail financial markets and regulators. The FCA has indicated that it plans to publish the findings from that review in the second half of 2026. So, this is one to watch closely because it could shape the regulatory direction of travel for AI in financial services.
Sebastian Barling (09:21):
If that's some of the opportunities and that's how they're looking to legislate it, we probably need to talk around what some of the risks are. What has the FCA pulled up?
Connor Williamson (09:28):
Well, so as mentioned, the FCA is keen to stress the opportunities of AI, but equally is very alive to the risks that AI could potentially pose.
(09:36):
So, to give a couple of examples in the consumer investment space. The FCA has noted that the rise of new technology, including AI, is revolutionizing retail investing, with social media and online platforms offering opportunities for innovation. However, the FCA is also clearly aware that these developments bring new risks. For example, highlighting the possibility of increased fraud and scams. Specifically, the FCA has flagged that AI and deepfakes have increased financial crime risks. So, the FCA expects firms to continue strengthening their systems and controls to detect and prevent harm from these identified risks.
Sebastian Barling (10:11):
So, that's the harms you need to protect against. I suppose AI can also be used as systems and control to protect against them as well. Has the FCA said much about how this can be used for fighting financial crime?
Connor Williamson (10:22):
They have, yeah. So, in retail banking for example, the report notes that some firms are already leveraging AI to fight financial crime. However, at the same time, the FCA has acknowledged that there's an ongoing challenge in staying ahead of bad actors who may themselves be enabled by AI or quantum computing. We'll come onto financial crime and fraud and market abuse in the FCA's priorities a bit later in the episode.
Sebastian Barling (10:44):
So, staying on that theme, if firms are using AI to help them detect and fight against financial crime, they're presumably going to be using third-party service providers for a lot of that given how resource intensive some of these models and the systems can be. Has the FCA thought much around operational resilience and how that works with AI?
Connor Williamson (11:00):
They have, yeah. So, the FCA has flagged that firms face continual risks to resilience and security from technology transformations and expressly lists AI adoption alongside digital-first strategies, increasing reliance on critical third parties and cyber threats. The message here really is clear — firms that are deploying AI need to make sure they're building it into their operational resilience frameworks, their scenario testing and their recovery plans. This isn't just about developing exciting new products or processes. It's about making sure that firms remain within their important business service impact tolerances.
Sebastian Barling (11:33):
Well, that's a nice segue to talk a bit more about operational resilience. Again, I don't think there's going to be any surprises for people in that this continues to be included in the FCA's regulatory priorities list as it appears to be there every year. What have they actually identified this year in terms of key takeaways?
Connor Williamson (11:48):
In many cases, it's really a continuation of themes that we've seen in the past, but in particular the firm has reiterated that firms should be actively scouting the horizon for new threats, feeding those into their scenario planning and stress testing their ability to keep delivering critical services while remaining within their tolerance thresholds.
(12:05):
On top of that, the regulator is calling on firms to continuously strengthen the way they protect themselves against cyber incidents and to have robust, tested recovery plans ready to deploy if something goes wrong. Whether, for example, that's a direct attack or a failure at a key outsourced service provider. While not directly relevant to these priorities reports, it's also worth noting as well that the FCA proposes to introduce a new operational incident reporting framework and this is something we'll come onto shortly.
Sebastian Barling (12:31):
Whilst operational resilience was originally very much focused on the big banks, people will be aware that it's been rolled out to all sorts of financial institutions now. In terms of looking at their broader regulatory risk landscape, what are they most concerned about these days? Is it still the big banks?
Connor Williamson (12:45):
So, there are several points to flag here. So, to take the retail banking points, that report references an array of challenges, including the shift towards digitally led business models, a growing dependence on external service providers and the persistent threat of cyber intrusions, including those originating from hostile nation states. That report also highlights the risk that comes from within an organization's own walls, what the FCA refers to as “insider risks,” whether arising from deliberate misconduct or simple human error.
(13:15):
In addition, the FCA has conducted a targeted assessment called CBEST, which looks at the resilience of financial institutions in live corporate environments. It publishes a thematic report on key findings and mitigation measures on its website. Listeners of this episode may wish to look at this report on that website.
Sebastian Barling (13:31):
So, you've mentioned what the regulators are concerned about. You've mentioned what the expectations of firms are going to be. How are the FCA planning on coming in and supervising these things?
Connor Williamson (13:41):
Well, so interestingly, one thing they do plan to do, as per the report, is that they intend to use specialistic tools to engage with firms about their resilience. That will supplement the conversations that the FCA plans to have with firms regarding technology transformation programs and their own internal assessments of how resilient they are.
Sebastian Barling (13:59):
So, that's retail banking and I think everyone will understand why that is of such a key concern given its ability to impact everybody's day-to-day life, but this is a cross-cutting theme. So, what other areas have they pulled up as being particularly relevant for operational resilience?
Connor Williamson (14:12):
So, the consumer investments report for example tells a similar story. On that front, the FCA is focused on ensuring that platforms that have a significant market participance can withstand shocks, protect the assets they hold on behalf of clients and maintain their digital capabilities under stress. The FCA will work with firms to identify improvements in the way these firms report disruptions, map their resilience on external service providers and confirm that their key services continue to operate within defined limits in a severe but plausible stress scenario.
(14:41):
In relation to the consumer finance sector, the FCA has been working closely with major lenders on their ability to withstand operational and cyber disruption and the new reporting obligations will apply to them as well.
Sebastian Barling (14:52):
Thanks, Connor. Let's move on from operational resilience. Let us now turn to two other pervasive themes that we've seen in the regulatory priorities report. The first is financial crime and fraud and the second is the future of the SMCO, the Senior Managers and Certification Regime. Connor, how prominent is financial crime in these reports?
Connor Williamson (15:08):
I would say quite prominent. As mentioned already in this episode, it comes up in a number of different contexts. So, for example, in regards to retail banking, combating fraud and other forms of financial crime is one of the four top priorities for the year ahead for the FCA. The regulator has been clear that the open mass-market nature of retail banking creates inherent vulnerabilities from a fin crime perspective and that firms need to be constantly refining how they detect, disrupt and prevent illicit activity.
(15:36):
If you then look at the consumer investment space, the FCA has actually gone a step further and made it a stand-alone priority under the banner of bolstering financial crime controls, covering everything from investment fraud and money laundering through to terrorist financing, sanctions compliance and market manipulation.
(15:52):
And equally, in the mortgage sector, although it sits as a secondary area of focus per the report rather than a headline priority, the FCA has flagged concerns around weak systems enabling fraud in applications and consumer data breaches.
Sebastian Barling (16:05):
So, there is quite a lot in that, particularly around anything that touches retail. If I am a firm that has a large retail client base, what do I actually need to be doing?
Connor Williamson (16:15):
I think really the message that the FCA has made consistently across the reports, and I don't think will come as a surprise, is that firms need to keep their defenses up to date, invest in their monitoring capabilities and make sure their reporting is accurate and timely. Clearly, the challenge here is that bad actors' techniques evolve continuously over time, but nevertheless that really just reiterates the need to keep everything up to date from a systems and controls perspective.
(16:40):
To then flag a couple of specific examples. In retail banking, what the regulator intends to do is deploy its own data analytics to spot outliers and then it will make targeted proportionate interventions where it sees gaps. And then on the consumer investment side, there is particular emphasis on overseeing appointed representatives (ARs). The FCA, for example, found that nearly a third of principle firms have not carried out proper fin crime risk assessments for their ARs. There's also growing worries around concealed offshore pooled accounts, copy trading arrangements and so-called pump and dump schemes.
Sebastian Barling (17:12):
Thanks for that, Connor. And certainly you can see some overlaps here around some of the concerns they've expressed in the crypto space as well. But in terms of actually trying to drive changes through and staying on top of the financial crime requirements, this will remain the responsibility of the senior managers within the organizations. So, they'll clearly want to be sensitive to these changes and make sure they are controlling it.
(17:30):
Related to that, I understand the FCA have also come out with some proposals for some changes to the SMCO regime here in the U.K. What have they been saying?
Connor Williamson (17:37):
So the FCA, along with the Treasury and the PRA, is undertaking the review of the SMCR, and in particular with a view to efficiency and effectiveness. Although I suspect many of our listeners know, the stated ambition of this review is to cut the regulatory burden attached to the SMCR by half and that review is expected to progress during the first half of this year.
(17:56):
So, from an SMCR's perspective, we would expect that the direction of travel to be toward simplification. But it would be premature, we think, for firms to assume that that means a softening of accountability expectations. The FCA has been clear that, throughout these reports, that a strong governance and individual responsibility remains central to its supervisory model.
Sebastian Barling (18:15):
Thanks. And certainly we've worked on enough SMCR applications to see that they generate a superfluous amount of paper. That'll be good if these move on to be lighter in form, but not necessarily in substance.
(18:26):
Anyway, let's close the segment with three quick takeaways. Connor, how would you summarize the FCA's views on these topics?
Connor Williamson (18:32):
So, first, financial crime prevention is a key priority across every specific sector for the FCA, and in particular the FCA intends to use its own data capabilities to identify firms that are falling behind. Second, investment firms should pay particular attention to their AR oversight, their surveillance frameworks and emerging threats, such as offshore pooled accounts and manipulative trading schemes. Third, the SMCR, as mentioned, is being streamlined and firms should engage with that review process and prepare for a somewhat leaner regime going forward. However, as mentioned earlier, the expectation of senior manager accountability will not change. As a result, any changes from an SMCR perspective are likely to be targeted and discreet. And my personal view on the consultation is that the proposals don't actually go as far as many firms would have liked.
Sebastian Barling (19:19):
Thanks, Connor. And to steal a term, I think we've picked up some of the cross-cutting themes across all of those reports. But I think let's have a bit of a deep dive on one specific paper that's come out from the FCA and that is their report on the wholesale markets. This will be of particular interest to U.K. banks.
(19:35):
And I think the good news is that there isn't anything that is particularly surprising in this report. The priorities identified will already be very familiar to market participants and they will have been working on these topics for quite some time. So Connor, do you mind giving us a summary as to what the wholesale areas of focus are?
Connor Williamson (19:50):
Yeah. Thanks, Seb, but I agree, no real surprises here. So, in terms of the overarching priorities, these are operational resilience; competition and innovation; safe adoption of new technology; the prevention of financial crime and market abuse; and the management of conflicts of interest in conduct and oversight, many of which we've already discussed in this episode.
Sebastian Barling (20:10):
Yeah. So I think we've already spoken about the overarching concerns around operational resilience, but let's get under the bonnet of that topic a little bit more as to around what they've said for wholesale markets. Connor, what are the key bits they've done just for this segment?
Connor Williamson (20:21):
So no Big Bang change. Rather, a lot of technical changes and new guidance are proposed. We've already mentioned some of these, for example the use of CBEST and threat-led penetration testing by the FCA. But, we can also expect new rules from the regulators on how to report operational incidents as I mentioned earlier, the review of some wholesale bank operational resilience self-assessments and consultants on improving equity market resilience during outages. Principal trading firms can also expect additional engagement from the FCA on their trading controls and financial resilience.
Sebastian Barling (20:53):
We've certainly seen everything coming out of the regulator recently being badged as being supportive of competition and innovation, given their desire to be seen to be supporting growth here in the U.K. What, in particular, have they said around wholesale markets and how they're supporting competition and innovation in those?
Connor Williamson (21:07):
So, a couple of interesting points here. Specifically, a finalization of the FCA's new rules on client categorization and conflicts of interest, which should make it easier for firms to cut across clients more appropriately. There's also proposals to engage with the market on the value and costs of the current solo regulated firm remuneration rules, with the likely direction of travel being a reduction in the more onerous elements. Finally, there's also been a mention of a post-implementation review of the IFPR, which will hopefully remove some of the pain points of that regime.
Sebastian Barling (21:37):
Thanks, Connor. And I suppose related to innovation, the FCA also talks about the impact of new technology. In terms of new technology, we've already mentioned earlier and that remains a key focus in wholesale markets. The other big priority that the FCA has come out with is stricter regulation. I'm not going to propose we talk about that here, as we cover that in our separate fintech-focused series of publications. But, a theme that continues to come through is financial crime and market abuse. What, in particular, should market participants worry about here in the context of the wholesale markets?
Connor Williamson (22:06):
So a lot of this remains BAU, for example a continued focus on the supervision of stores, looking at the quality of ARM reporting and looking at the maturity of market participants inside of risk management controls. However, I think there is one thing we can expect to see — which is a new policy — is the U.K.'s transaction reporting regime in late 2026. That will hopefully remove overlap with other regimes and reduce the level of reporting to ensure it remains proportionate. However, we're flagging that any changes here could result in a big IT lift for reporting firms, even if ongoing obligations are more streamlined thereafter.
Sebastian Barling (22:42):
Yes. I don't think it's ever cheap to start up data transaction reporting and IT systems.
(22:47):
In terms of the last topic under the wholesale markets report, they've pulled up conflicts of interest and conduct. What are the key points they're pulling out here?
Connor Williamson (22:54):
I think there should be an expectation that the FCA will carry out a number of multifirm reviews. So, for example, they've already identified that they intend to do these in respect of market soundings, the provision of prime brokerage services, order execution in emerging markets, primary market fixed-income allocations and quad strategies. In addition, there continues to be a focus on conduct and the FCA will want to see how their nonfinancial misconduct rules have been embedded. They're also planning on reviewing the wholesale conduct rules to ensure they receive the correct outcomes, again, by way of a multifirm market review.
(23:27):
Two of the topics that they will be reviewing, pre-hedging and PFOF. So, clients interested in these topics should see some opportunities here.
Sebastian Barling (23:35):
There's certainly a lot of acronyms in that and it sounds like there's going to be a fair amount of technical work for impacted wholesale firms here.
(23:42):
Thanks for that, Connor, and that brings us to the end of today's episode. We've covered a lot of ground, from consumer duty and the FCA's expectations that firms will use data proactively to deliver good outcomes through to AI innovation and concerns around wholesale market conduct. We've looked at operational resilience as a continuous cross-cutting obligation, and the heightened focus on fraud and financial crime prevention and some of the potential impacts on the SMCR. The overarching message is clear. The FCA expects firms to be proactive while governing resilience, as it intends to use its own data capabilities to hold them to account. If you take one thing away from today, it is that preparation is key in considering how you can meet the FCA's expectations in 2026.
(24:19):
Connor, thank you for joining me today to share your insights. And thank you to our listeners for joining us on this episode of “The Capital Ratio.”
Voiceover (24:27):
Thank you for joining us for today's episode of “The Capital Ratio.” If you like what you're hearing, be sure to subscribe in your favorite podcast app so you don't miss any future conversations. Additional information about Skadden can be found at skadden.com.
Listen here or subscribe via Apple Podcasts, Spotify, YoutTube or anywhere else you listen to podcasts.
