The UK FCA's New Year Resolutions 2026

Originally published by Thomson Reuters © Thomson Reuters on 12/01/2026

The past year marked a period of measured recalibration in UK financial services. A new government settled into office with a stated focus on growth, competitiveness and investment, and regulators reacted, attempting to balance deregulation, improved consumer outcomes and a new approach to risk tolerance [acceptance].

Against that backdrop, 2026 should herald a stable, consistent, docile regulatory environment, right? Not so. If the end of 2025 symbolises anything, 2026 will be busy in a number of areas. As is the tradition, we set out forecasts for 2026 across the core regulatory themes we expect to dominate board agendas and assess how our 2025 predictions fared in practice.

2026: Our top six predictions

Financial crime controls face a dual squeeze: sanctions durability and fraud prevention

2025 ended with a significant fine against Nationwide Building Society for financial crime and AML failings. We consider that a more persistent sanctions environment, coupled with a sharpened national focus on fraud and APP scams, will drive further scrutiny on screening, customer risk assessments, data sharing and reimbursement policies. Expect continued emphasis on governance of transaction monitoring models and third-party dependencies.

Operational resilience enters its "prove it" phase

One year on from implementation checkpoints biting, firms will need to be able to demonstrate they have maintained their end-to-end mapping of important business services, conducted realistic impact tolerance testing and conducted their annual reviews and self-assessment. Cross-sector vulnerabilities around third-party concentration and legacy systems will draw coordinated supervisory attention, including on third-party risk and exit planning. This will be coupled with the implementation of the government's Critical Third Parties regime, with the first set of critical third-party providers to be designated during 2026. The Financial Conduct Authority (FCA) and the Prudential Regulation Authority (PRA) will also publish their final rules in relation to incident reporting and outsourcing third-party registers. Finally, we expect continued focus on cybersecurity and the use of AI in financial services.

Payments and e-money governance standards tighten further

Even absent new primary legislation, we expect a tightening of supervisory screws on safeguarding (given the FCA's new rules coming into effect in May 2026), fraud prevention, governance, financial resilience and the treatment of consumers — particularly vulnerable customers. The long-awaited introduction of systematic and streamlined regulation of stablecoins will further accelerate the pace and sophistication of payments regulation, given the substantial convergence/overlap between these two disciplines. We also anticipate significant developments in open banking, given the launch of the UK Payments Initiative … and that more people will understand the term "variable recurring payments" as a result.

Crypto and tokenisation advance through "regulated perimeter first"

UK continues to develop its licensing and regulatory regime for qualifying crypto assets and stablecoins. Regulations will include conduct rules, operational resilience, listing and admission rules, market abuse controls and risk management for custody and safeguarding. Tokenisation pilots in funds and debt markets will expand under existing frameworks, with emphasis on settlement, recordkeeping and resilience. This is an area where the UK is pinning great hopes for being a global hub and we expect a tremendous amount of activity to present itself in the year ahead.

Conduct and culture

Just in time for the Christmas party season, the FCA launched its final guidance on non-financial misconduct. The new rules will enter into force in September 2026, so we expect a flurry of follow-up communications and industry action in order to be suitably prepared. While NFM is widely recognised as an issue that should be addressed by firms, the final guidance poses challenges for firms in terms of training and policy changes that will be required.

AI adoption outpaces rulemaking

We do not expect significant new, AI-specific financial regulation in the near term; however, firms will continue to experiment with and deploy AI models across risk, customer engagement, operations and control functions, with markedly different appetites for model complexity, explainability and risk tolerance. This dispersion in capabilities and outcomes — spanning governance, data provenance, bias and fairness, model risk management and human oversight — will sharpen supervisory interest, prompting deeper thematic reviews and expectations for clearer accountability, documentation and assurance even absent fresh rules.

Scorecard: How our 2025 predictions performed

We graded last year's calls against two criteria: whether the theme proved to be a genuine regulatory priority, and whether meaningful policy, supervisory or legislative movement occurred during the year.

We use a simple scale: Strong hit, Partial hit or Miss.

Overseas Persons Exclusion/Characteristic Performance Test (OPE/CPT): Partial hit

The perimeter and cross-border access remained live topics, with continued industry and supervisory focus on clarity and consistency. While the case for reform retained momentum, tangible rule changes or formal proposals did not crystallise at pace in 2025. The issue stayed on the agenda, but the timetable elongated. With greater momentum, however, in 2025, Ashurst launched the perfect digital solution to help firms navigate cross-border regulatory obligations.

Governance and accountability at payments firms: Strong hit

The supervisory lens on payments/e-money governance, fitness and propriety, safeguarding and wind-down planning intensified. Even without a wholesale legislative extension of SM&CR, expectations around board accountability, MI, control frameworks and third-party oversight continued to ratchet up through portfolio communications and firm-specific engagement.

Mortgage Credit Directive (MCD) developments: Partial hit

The EU's new legislative cycle reopened the conversation, aligning with adjacent consumer credit and digital disclosures reforms. However, the pace of concrete legislative movement was slower than anticipated during 2025. For UK firms with EU footprints, monitoring and preparatory analysis remained necessary; for UK-only firms, direct impacts were limited.

Private equity scrutiny: Strong hit

Macro conditions, valuation methodologies, fund/financing structures and bank exposures kept private assets under the microscope. UK authorities maintained a thematic focus on valuation governance, leverage and risk transmission channels, aligning with international discussions on non-bank intermediation.

Economic abuse: Strong hit

Consumer Duty implementation embedded heightened expectations on identification and support of vulnerable customers, and firms continued to develop policies, product features and operational responses to economic abuse. The topic remained a regulatory priority, with further supervisory emphasis on outcomes, data and treatment consistency.

Overall rating: Not bad at all! Clearly, we were firing in the right ballpark.

Regulatory direction of travel

Regulatory direction of travel is clear: durable consumer outcomes, resilient operations, credible valuations and transparent conduct. The speed of formal policy change may vary by topic, but supervisory expectations are already set. Firms that can evidence control effectiveness, decision-making accountability and consistent customer outcomes will be well suited to navigate 2026.