Financial Services SpeedRead: 6 November 2025 edition

On 24 October 2025, the FCA published its whistleblowing data for the third quarter (Q3) of 2025, covering reports received and actions taken between July and September 2025.

The key findings include that:

• the FCA received 405 new whistleblowing reports in Q3 2025, increased from 322 reports for the same period in 2024, and 315 reports in the previous quarter;

• 70% of whistleblowers chose to share their identity and contact details, while 30% remained anonymous;

• the reports contained a total of 1,379 allegations, with the most frequently reported issues relating to fitness and propriety (209 reports); organisational culture (206 reports); compliance (196 reports); and Consumer Duty (125 reports); and

• 356 whistleblowing reports were closed during Q3 2025, of which 5% resulted in a significant action by the FCA to manage harm (such as enforcement measures or restrictions on firms or individuals); 40% led to actions by the FCA aimed at reducing harm (such as firm visits or requests for information); and 51% led to no direct action (but informed the FCA's work).

The FCA reiterated its commitment to maintaining transparency and safeguarding the interests of whistleblowers.

Financial Crime

8. FCA fines and bans advisor for Insider Dealing

9. FCA publish survey findings on financial crime controls at corporate finance firms

On 20 October 2025, the FCA published findings from its survey on financial crime controls at 303 corporate finance firms.

The FCA identified the following, suggesting many firms may not be complying with their obligations under the Money Laundering Regulations (MLRs):

• 11% of firms surveyed did not have a documented business-wide risk assessment;
• 10% firms did not retain any documented evidence of customer due diligence; and
• while many firms reported having clear policies governing the financial crime risks inherent in their appointed representatives (ARs), 9% of firms reported they do not actually assess the financial crime risks inherent in their ARS.

The FCA also noted evidence of good practice, such as regular senior management reporting, use of customer risk assessment forms and detailed management information with respect to financial crime. The FCA is taking action by writing to firms identified as non-compliant, setting out the improvements required and expecting prompt remedial action.

10. EBA responds to launch of new EU AML/CFT regime 

On 30 October 2025, the EBA responded to the European Commission’s call for advice (dated 12 March 2024) to support the swift launch of the new Anti-Money Laundering Authority (AMLA).

The package proposes a proportionate, risk-based and harmonised framework spanning: (i) a common methodology for national supervisors to assess inherent and residual money laundering/terrorist financing risk of obliged entities; (ii) a methodology for the AMLA to select institutions for direct supervision; (iii) customer due diligence (CDD) information requirements (focused on the type and nature of information rather than prescriptive documents); and (iv) criteria for classifying breaches by severity and setting pecuniary sanctions, administrative measures and periodic penalty payments.

The EBA also set out preparatory options on intra group information exchange and base amounts for fines. Following consultation and data collection from 100 institutions, the EBA reduced data points for supervisory risk assessments by around 15%, meaning most firms will be required to report an average 100–150 data points, and aligned datasets so one submission can serve both national supervisors and AMLA. The proposals include flexibility to reflect national specificities, with safeguards for EU wide comparability, and transitional measures such as excluding certain harder to obtain data points from AMLA’s first selection round and permitting risk based updates of existing CDD records prioritising higher risk relationships. Once adopted by AMLA and endorsed by the Commission, these instruments are intended to provide a solid foundation for an effective EU AML/CFT system.

The EBA will transfer its AML mandate to the AMLA on 31 December 2025 and will continue to cooperate on financial crime from a prudential perspective.

On 30 October 2025, the FCA issued a warning to investors about the risks of investing in Contracts for Difference (CFDs).

It describes CFDs as complex financial products which "carry a considerable risk of substantial losses". The FCA is concerned that some firms are using high-pressure tactics to encourage investors to classify themselves as professional clients, which removes important retail client protections (including, for example, leverage limits and client loss protections). The FCA highlights that these protections prevent nearly 400,000 people a year from risking more than their original stake in CFDs, and provide £267m to £451m worth of protection.

The FCA also warned against finfluencers, who may not make it clear that they are promoting unregulated firms operating offshore. It also notes that some of these finfluencers promise unrealistic returns if consumers copy trades, invest in managed accounts, or pay for daily trading tips.

In the coming months, the FCA will launch a consultation around client categorisation to ensure appropriate rules are in place for both retail and professional clients.

12. FCA publish multi-firm review of client categorisation in corporate finance firms 

On 20 October 2025, the FCA published a review of corporate finance firms' compliance with COBS 3 client categorisation rules, and COBS 4 certification requirements.

The FCA identified several areas requiring improvement:

• Record-keeping: Many firms took a superficial approach to client categorisation, either by lacking proper documentation, failing to properly document the rationale for their client categorisation assessments, or inadequate record-keeping. Good practice involves recording the client categorisation in a defined document, setting these out against the applicable COBS criteria and evidencing how the client meets the criteria;

• Corporate finance contacts: Firms often treated investors informally as "corporate finance contacts" without clear records or rationale, affecting regulatory protections. The FCA expects regular reviews and updates of contact lists, especially before issuing financial promotions.

• Investor certification: Processes for certifying retail investors as high net worth or sophisticated were inconsistent, with outdated or incomplete statements and confusion over applicable rules (i.e. whether reliance was placed on the FCA financial promotion rule or under the Financial Promotion Order). Firms should specify which financial promotion rules apply and review certification processes annually.

• Policies and procedures: Many firms had generic or outdated policies, or did not maintain a written policy at all, limiting effectiveness. The FCA expects firms to maintain policies tailored to the firms' business model, detailing regulatory permissions, business lines, clients and investors within the firm's risk appetite, and whether any investors are corporate finance contacts.

Digital Finance and Fintech

13. BoE publishes update on the digital pound

On 23 October 2025, the BoE and HM Treasury published an update on the development of a digital pound, a form of central bank digital currency (CBDC) intended to complement traditional payment methods. No final decision has been made on its introduction, with the 'design phase' of the project intended to run throughout 2026.

The BoE/HMT's recent work centered on three priorities:

• advancing technical work on shared public infrastructure and hands-on experimentation to support private-sector innovation in money and payments;

• investigating how a digital pound and other types of digital money can interoperate with existing forms of money and payment systems; and

• gathering and integrating a range of stakeholder evidence to inform the design of any potential digital pound.

To further these aims, the Digital Pound Lab was launched in August to provide an experimental platform for industry to test use cases and explore potential business models for a digital pound. Phase 2 of the Lab is open for applications, and will enable participants to test innovative payments use cases.

The BoE/HMT have also published a series of design notes on its emerging policy and technical thinking, to facilitate industry engagement. These include the (i) interoperability models for UK based payments design note; (ii) the product strategy design note; (iii) the intermediary roles and scheme rulebook design note; (iv) the offline payments design note; and (v) the alias service design note. Feedback from stakeholders will inform HMT/BoE on next steps throughout 2026.

14. FCA grants retail access to cETNs

On 8 October 2025, the FCA published a lift on the ban on retail access to crypto exchange trade notes (cETNs). However, access is limited to cETNs that are listed on the FCA's Official List and admitted to trading on a UK Recognised Investment Exchange. In addition, firms who offer cETNs must ensure they have the correct regulatory permissions to do so and comply with the applicable rules. Prospectuses must be reviewed and approved before launch, and the FCA had already been reviewing retail cETN prospectuses ahead of the rule change. CETNs are classed as Restricted Mass Market Investments, so firms will need to comply with the applicable financial promotion rules regime. Firms must also meet Consumer Duty requirements.

Firms seeking authorisation or new permissions can request a pre application meeting with the FCA.

ESG

15. New legislation to bring ESG ratings providers into regulation

On 27 October 2025, the FCA published an press release welcoming draft Government legislation to bring environmental, social, and governance (ESG) ratings providers within its remit.

The draft Financial Services and Markets Act 2000 (Regulated Activities) (ESG Ratings) Order 2025 amends the Financial Services and Markets Act 2000 (Regulated Activities) Order 2001 (SI 2001/544) (the SI) to make the provision of an ESG rating a regulated activity where the rating is likely to influence a decision to make a specified investment. As such, ESG ratings providers will need FCA authorisation and supervision.

The SI sets out key exclusions, clarifies territorial and overseas application, and establishes savings and transitional arrangements ahead of the main commencement on 29 June 2028.

With the SI laid before parliament, the FCA will consult on rules before year end. These proposals will focus on transparency, governance, systems and controls, and conflicts of interest, and the FCA will publish guidance to help firms assess scope.

On 24 October 2025, ESMA published a press release calling on National Competent Authorities (NCAs) to maintain their focus on cyber risk and digital resilience as part of the Union Strategic Supervisory Priorities (USSPs) for 2026. ESMA emphasised the importance of close coordination with respect to the Digital Operational Resilience Act (DORA) oversight framework.

Separately, ESMA indicated that NCAs will now focus on consolidating successful supervisory work relating to ESG disclosures, particularly in high risk areas. ESMA also noted that additional supervisory priorities may be introduced in the future.

On 20 October 2025, the BoE, PRA and FCA published guidance on effective practices in  cyber response and recovery for systemic firms and financial market infrastructures (FMIs). This publication aims to help firms strengthen their operational resilience in the face of increasingly severe and complex cyber threats, particularly as reliance on third-party suppliers grows. 

Key recommendations include simulating destructive cyber-attack scenarios, setting and testing impact tolerances beyond just duration (such as value, volume and critical activities), and ensuring the rapid restoration of critical data and services.