SMCR+ View – December 2025

It’s been a busy December for the regulators, with a host of Policy Statements, Consultation Papers, multi-firm reviews, and more – we’ve tried to synthesise these into short updates so you can hopefully read while drinking a cup of tea with a mince pie! This is our last edition of the year – wishing you all a restful holiday period and we look forward to catching up with many of you at the start of 2026 as firms turn their heads to the FCA’s recent Policy Statement PS25/23 and final FCA Handbook Guidance on non-financial misconduct (“NFM”) which comes into effect on 1 September 2026 (along with the new NFM rule for non-banks) – you can read our take on the FCA’s final Handbook Guidance in this Flash SMCR+ View.

This edition covers:

• The SMCR-related highlights of the FCA’s latest Regulatory Initiatives Grid.
• Updates to the PRA’s Supervisory Statement on enhancing banks’ and insurers’ approaches to managing climate-related risks.
• The FCA’s SMCR-related proposals in its Consultation Paper on the proposed approach to the regulation of ESG ratings.
• Summary of the findings from the FCA’s five multi-firm reviews in relation to: (i) consolidation in the financial advice and wealth management sector; (ii) best execution at wholesale banks; (iii) firms’ financial crime systems and controls; (iv) data quality of prudential regulatory reporting at MIFIDPRU Investment Firms; and (v) governance and practice in the ratings committees of Credit Rating Agencies.
• The FCA’s SMCR-related proposals in its Consultation Paper on client categorisation and conflicts of interest rules.
• Governance-related proposals relevant for authorised fund managers in the FCA’s Consultation Paper on enhancing fund liquidity risk management.
• A brief overview of the latest FCA enforcement actions, including one in relation to AML systems and governance failings.
• A number of other updates, including updates to FCA forms, the latest FCA operating metrics, changes to the deposit protection limit, changes to complaints data reporting, an FCA speech on the role of the Chief Risk Officer, and the FCA’s backtrack on its Dear Compliance Officer Letter, amongst others.

1. Regulatory Initiatives Grid

The FCA published the latest version of its Regulatory Initiatives Grid, which sets out 124 live initiatives (a reduction of 13% from the April 2025 version). Other than the Policy Statement PS25/23 on NFM (which you can read more on here), there is an update on the broader SMCR reforms (which we covered in this Flash SMCR+ View) - we should see the first phase of reforms (i.e., the tweaks to the regime) being implemented in mid-2026, with the implementation date likely to be mid-2026 also (i.e. there is unlikely to be a significant implementation period because most of the changes are providing firms with optionality or additional flexibility). The Grid outlines that legislative changes are then likely to be introduced from 2026 onwards, but it references that primary legislation is required, so let’s see how long this takes to get through the legislative process. Either way, with this, and the new NFM rule for non-banks and the FCA’s NFM related Handbook Guidance coming into force on 1 September 2026, it looks like we have an exciting SMCR filled year ahead!

The FCA and PRA have separately mentioned the SMCR reforms as a key proposal reducing regulatory burdens in its FCA and PRA joint report on mutuals landscape.

With the volume of regulatory and legislative changes proposed by the regulators, we think now is the time for firms and the industry to engage in the FCA’s new agenda to help shape this in a way that it most beneficial for firms and the industry going forwards and to remove the more burdensome aspects of current regulation, including the SMCR. We have been speaking with industry bodies and to many of you about the wider regulatory changes anticipated, and we would be very happy to discuss these further with you.

2. PRA – Policy Statement (PS25/25) and Supervisory Statement (SS3/19) on managing climate-related risks

In June 2025 the PRA published CP10/25, which proposed certain amendments to SS3/19 on enhancing banks’ and insurers’ approaches to managing climate-related risks. You can find a summary of the governance related proposals in our SMCR+ View here. Following Policy Statement PS25/25, the PRA has replaced SS3/19 with a new supervisory statement, SS5/25 which took effect on 3 December 2025.

Following feedback from respondents, the PRA has confirmed that firms may integrate climate-related responsibilities within existing governance frameworks rather than establishing new ones, and clarifies that climate-related risks can be integrated into existing risk registers. Following feedback that its initial proposals on Board awareness were disproportionate for some firms, the PRA has stated that a firm’s Board-level involvement should be proportionate to the level of material risks that it has identified and accepted. The PRA also confirms that there is no expectation for a new SMF role to be created specifically to oversee the management of climate-related risks.

There’s a lot more in here specifically around climate-related risks for relevant Senior Managers (and others) to consider. Please reach out to Penny Miller (Partner) and Amy Sumaria (Managing Associate) for more information.

3. FCA Consultation Paper (CP25/34) – Extending the SMCR to ESG ratings providers (among other things)

The SMCR is slowly expanding its reach – most recently we’ve had the FCA confirm it will be extending the SMCR to cryptoasset firms, but now ESG ratings providers will be coming in scope too (although some firms, such as credit rating agencies, have escaped the expansion for now). Following recent draft legislation which will bring ESG rating providers within the UK regulatory perimeter, the FCA has now published this CP25/34 which sets out its approach to regulating these firms. The FCA proposes that the SMCR will apply to ESG rating providers, and expects all rating providers will be categorised as “Core” firms, although these firms will not be required to have an SMF 17 (Money Laundering Reporting Officer) role.

More broadly, the FCA proposes that the baseline rules on governance and systems and controls would apply (including rules around outsourcing and policies and procedures in relation to personal transactions), together with additional bespoke rules for ESG rating providers (such as the requirement to conduct quality assessments of the ESG rating processes, ensuring methodologies used to produce ESG ratings are defined, thorough and applied consistently, among other things). Conflicts of interest is also a focus of the FCA.

The consultation closes on 31 March 2026, with the FCA intending to publish final rules in Q4 2026. If you have any questions, please reach out to Amy Sumaria (Managing Associate).

4. FCA – Five multi-firm reviews

• Consolidation in the financial advice and wealth management sector: The FCA has been busy with its multi-firm reviews…this one focusses on consolidation in the financial advice and wealth management sector, and identifies both good practices and areas needing improvement. As well as focussing on organisational structure, approach to regulatory consolidation and treatment of group risk, this multi-firm review also looked at governance and resourcing of groups. One of the key issues identified was scalability, with the FCA finding that some groups have not scaled their systems and controls or their compliance and governance infrastructure in line with their growth. Connected with this was the knowledge and experience of leadership, with the FCA finding that in some cases this was not sufficient to deal with increasingly large and complex issues resulting from the larger group. The FCA also found that sometimes decisions affecting regulated firms were made by unregulated Boards, without adequate consideration of the impact on the regulated firm’s business, and some groups did not have independent challenge on Boards. The FCA expects firms with this business model to compare its findings against their arrangements to understand whether improvements are needed.

• Best execution by wholesale banks: The FCA last carried out a thematic review (TR14/13) of wholesale banks’ best execution practices in 2014. This identified a risk that best execution was not being consistently delivered to all clients. In the latest multi-firm review, in which the FCA assessed best execution and conflicts of interest practices of 8 wholesale banks, the FCA found that banks generally had stronger practices than back in 2014. However, one area where the FCA found the least progress was in relation to governance and oversight – particular areas for improvement included the need for increased scrutiny by best execution committees (particularly when presented with information that was rare or unusual), further challenge required from the second line of defence, and senior management needing to consider whether their frameworks are being tested robustly enough to uncover poor outcomes or required improvements. The FCA also found varying practices in relation to MI, with examples of MI being too high level or overly complex. Helpfully, the FCA includes examples of the most comprehensive MI available to Senior Managers, which firms may want to consider and compare to MI currently received by Senior Managers to establish whether any uplifts are needed.

• Financial crime systems and controls: One for the MLROs or Senior Manager holding prescribed responsibility (d) for financial crime… The FCA has published its multi-firm review focussing on firms’ approaches to business-wide risk assessment (“BWRA”) and customer risk assessment (“CRA”) processes. This review involved a variety of different firms, ranging from building societies, to custody and fund services, to payments and wealth management firms. The FCA found that few firms are tailoring the BWRA to their specific business, with some BWRAs focussing on generic risks and oversimplifying the risks the firm is exposed to. The FCA also found unclear processes as to how the firm identifies and assesses inherent risks and a lack of evidence as to how firms had concluded their business as low risk. Scalability also appears to be a common theme here, with the FCA finding that some firms had not developed their CRAs in line with business growth. Some firms did not have an adequate record of BWRA actions or assigned owners for any actions identified, and did not document senior management discussion, challenge and approval of BWRAs. One area of weakness the FCA also found was with senior management’s understanding of financial crime risk, with this usually being limited to fraud. The FCA expects firms to consider these findings and review their risk-based approach to systems and controls.

  As we’re on the topic, a few other relevant updates - the National Crime Agency has published best practice guidance on how to use the Suspicious Activity report portal, how to help reporters submit high-quality SARs and how to help reports seek a defence under the Proceeds of Crime Act 2002 and the Terrorism Act 2000. HM Treasury has also published its AML and CTF Supervision Report 2024-2025, which provides information on the activities of the AML / CTF supervisors (including the FCA and HMRC) in the 2024-25 financial year. This includes details of each supervisor’s risk-based approach to monitoring compliance, together with the supervisor’s use of enforcement action to promote compliance.

• Quality of prudential regulatory reporting at MIFIDPRU Investment Firms: The FCA has published its findings following its review of MIFIDPRU regulatory returns submitted to the FCA by 3,800 firms for reporting periods January 2024 to March 2025. The FCA found that most firms understood the MIFIDPRU reporting requirements, although there were areas for improvement identified: (i) significant discrepancies between the figures reported in firms’ MIF007 regulatory returns and their ICARA documents; (ii) incorrect reporting of the type of investment firm (i.e. whether the firm is an SNI or non-SNI firm); and (iii) incorrect reporting units and data entry issues, with some firms submitting identical data across multiple reporting periods. The FCA indicates that it will start to send data quality notifications to firms, which will indicate when a submission has data that fails at least one of the FCA’s tests. We help a lot of firms in relation to the prudential requirements – please do reach out if you have any questions.

• Governance and practice in the ratings committees of Credit Ratings Agencies (“CRAs”): The FCA’s review of UK registered CRAs considered the “purpose, people, processes and internal controls” of rating committees, and identified good practices and areas for improvement. Whilst these findings are focussed on CRAs, other firms may be interested in the findings given the broad applicability of certain governance related guidance.

  The FCA found the governance surrounding rating committee meetings lacking in some cases – for example, some firms did not have defined rating committee terms of reference (“ToRs”), there were occasions where ineligible staff were participating in meetings in breach of the ToRs, and examples of committees operating without the minimum quorum. The FCA also commented on the effectiveness of remote attendees, with those attending remotely participating and challenging less. The FCA reiterated a key role of the Chair is to ensure the meeting is inclusive, and to be aware of dominant and quiet members. The FCA also picked up on the importance of documenting a clear rationale for any deviations or exceptions from the methodologies, as well as firms considering how they are assessing and evidencing information quality standards within the process.

  The FCA states that CRAs should review these findings against their rating committee processes and practices to ensure that their internal control structures are effective. We have assisted many firms with carrying out assessments of the governance and operation of their committees – and we’ve been looking at this in the context of ESMA’s guidance on its supervisory expectations for the management body of CRAs – so please do reach out with any questions you may have.

5. FCA Consultation Paper CP25/36 - Changes to client categorisation and conflicts of interest rules

As part of the FCA’s package to boost UK investment culture, it is consulting on certain changes to the client categorisation and conflicts of interest rules. We’ve summarised the key takeaways for you here. Some points to note from an SMCR+ View perspective is the extension of the requirement for firms to keep detailed records of the basis for client categorisation to all firms categorising clients for any purpose, the FCA merging and simplifying the conflicts of interest rules to remove duplications and minor distinctions between the rules for different types of firms (without changing the substance), and incorporating a new proportionality provision. The changes are not intended to require firms to update their systems or client documentation before their next scheduled policy review.

The CP closes on 2 February 2026. If you have any questions on the proposals included in this CP, please reach out to Penny Miller (Partner) and Rosie MacArthur (Managing Associate).

6. FCA Consultation Paper (CP25/38) - Enhancing fund liquidity risk management

Relevant for authorised fund managers (“AFMs”), this Consultation Paper CP25/38 introduces guidance in relation to good liquidity risk management practices. This is intended to consolidate the FCA’s expectations outlined in previous Dear CEO letters and multi-firm reviews, and as a result the FCA does not expect AFMs to need to make significant changes in their approach in order to align with this proposed guidance.

From an SMCR+ View perspective, one of the components the FCA includes in this guidance is around the governance framework it expects to be in place with respect to liquidity risk management. The guidance indicates that AFMs need to (i) ensure that liquidity risk management forms a “prominent part” of the firms governance arrangements and is integrated into its permanent risk management function, (ii) arrangements are in place to allow for detailed liquidity reporting which is presented to relevant governance committees, and (iii) documented protocols are established for escalating liquidity issues and increasing governance frequency during volatile market conditions. There are also certain minimum requirements for an AFM’s internal governance arrangements specific to liquidity management tools, including the identification of relevant parties involved, the controls to be carried out, and the escalation processes and oversight in place to ensure governance by the governing body (among other things).

The CP closes on 23 February 2026. If you have any questions on these governance considerations or the CP more broadly, please reach out to Catherine Weeks (Partner).

7. Enforcement Action

Just a few enforcement actions to update you on in this SMCR+ View:

• Final Notice - Nationwide Building Society in relation to deficiencies in AML systems and controls: In this Final Notice, the FCA found that Nationwide’s systems for refreshing customer due diligence (“CDD”) and conducting customer risk assessments were unsophisticated and incomplete. This lead to a very low number of high-risk customers being identified, and Nationwide had no event-driven or periodic reviews in place to refresh the CDD. The FCA found that Nationwide’s governance structures failed to ensure AML risks were properly identified, assessed and managed, with senior committees knowingly tolerating certain risks. The FCA found a breach of Principle 3 (failure to organise and control affairs responsibly and effectively) and fined Nationwide £44,078,500.
• FCA charges two individuals with insider dealing: The FCA has commenced criminal proceedings against Mr Bobosher Sharipov and Mr Bekzod Anazov for insider dealing. Mr Sharipov worked at Jeffries International Limited, and advised GCP Student Living Plc on a potential takeover. Mr Sharipov is alleged to have leaked confidential inside information about the takeover to his friend and business associate, Mr Anazov, who allegedly used the information to trade in GCP Student Living Plc shares, making a profit of £70,000.
• FCA charges Mr Henrik Schliemann with fraud and forgery: The FCA has charged Mr. Schliemann – previously an SMF 3 (Director), SMF 16 (Compliance Officer), and SMF 17 (MLRO) – with fraud. He was responsible for financial matters and held authority over company accounts. The FCA alleges that Mr Schliemann transferred around $1.45m and €3.1m from company accounts to his own and additionally paid himself over £1.3m in excess dividends.

Separate, but related. Firms might be interested in a recent High Court decision (R (CIT) v Financial Conduct Authority (No 1) [2025] EWHC 2614 (Admin)) where the High Court dismissed a judicial review claim challenging the FCA's decision to publicly name a firm as the subject of an FCA investigation. The firm had argued that, while an anonymised announcement could be lawful, naming it was unlawful and unreasonable. This case is interesting because although the FCA’s Enforcement Guide states that the FCA will only name firms in "exceptional circumstances", the Court held that a desire to proactively protect consumers met this threshold. In addition, firms should note from this decision:

• Short notice periods: The firm in this case was given only 24 hours’ notice before the intended announcement - firms will need to be prepared to launch legal challenges or manage the PR from a decision to publicise at extremely short notice. It’s unclear in this case why the FCA did not give 10 days’ notice, as anticipated in Part 2 of the CP24/2 Consultation.
• High bar for legal challenges: This decision highlights the latitude given to the FCA in making its "evaluative regulatory judgment," making it difficult for firms to successfully challenge these decisions through judicial review unless there is a serious error in the regulator's reasoning.
• Hearings in Private: To protect the firm's position while the legal challenge was underway, the Court initially allowed the interim injunction application to be heard in private.

8. Other Updates

• Updates to forms: The FCA first announced that it would be updating and improving its application forms back in October 2023, starting with the Form A. The FCA has confirmed in this regulatory round-up that it will be testing and rolling out a series of improved forms from December, including Form C (used to provide the FCA of notice of a Senior Manager ceasing to perform their SMF role, for example) and new waiver forms, among others.
• FCA Operating Metrics 2025/2026 Q2: These metrics show that the FCA is approving 99.6% of applications within the statutory deadline of 3 months, with 1,366 cases determined in the reporting period with a median determination time of 28 days, with the lowest at 15 days.
• FCA Policy Statement (PS25/22) – Targeted Support: Following CP25/26, which we discussed in this SMCR+ View, the FCA has now published PS25/22, which implements the FCA’s proposals in relation to competency requirements of staff involved in targeted support, and requiring management responsibilities maps and handover procedures to refer to targeted support. The FCA has made one change to the proposals to better distinguish between the competency requirements that apply to targeted support and the provision of a personal recommendation. The rules are expected to take effect from 6 April 2026.
• Deposit protection limit: The PRA has published a Policy Statement PS24/25 announcing an increase in the deposit protection limit from £85,000 to £120,000, effective 1 December 2025. Firms will need to update their single customer view systems to reflect this new limit, and update their disclosure materials and deposit compensation information by 31 May 2026. The FSCS also has more information here.
• FCA Policy Statement (PS25/19) - Complaints data reporting requirements: In line with its aim to become a “smarter regulator”, in this Policy Statement PS25/19, the FCA is implementing certain changes to the way in which firms report complaints to the FCA. This includes a single, consolidated complaints return, which will require firms to only complete those sections which are relevant to their regulated activities, and making the nil return process simpler. The timing has also changed, with firms now required to report complaints data on a fixed six monthly and calendar year basis (as opposed to using the firm’s accounting reference date).
• FCA speech on role of Chief Risk Officer (“CRO”): This speech by the FCA has strong themes of the “smarter regulator” aims, with the FCA asking CROs to inform the FCA of any regulatory barriers, or where the industry has established norms through custom and practice which are getting in the way of the outcomes the FCA is seeking around international competitiveness. Outcomes based regulation, referred to in the speech, always has the risk of hindsight bias, but the proof will be in the pudding to use a topical analogy.
• FCA backtrack on Compliance Officer responsibilities in relation to T+1 securities settlement: This Dear Compliance Officer letter originally published in October this year (which we covered in this SMCR+ View), originally said: “As the chief compliance officer, you are responsible for putting in place the necessary arrangements…”. This caused some consternation amongst the industry and, so much so, that the FCA has updated the letter to say “As the chief compliance officer, your role is to advise and assist those persons directly responsible…”. Our own Andrew Williams has some interesting LinkedIn posts here and here on this for those interested. The long and short is that this is, unusually, some good news for Compliance Officers.
• AI and financial services: HM Treasury has instructed the Financial Services Skills Commission to research the impact of disruptive technologies on financial services’ workforce needs, sector growth, and skills development, with a final report due by mid-2027. This might be interesting to keep tabs on, particularly for Senior Managers looking at the future strategies for their teams and how they ensure they are equipped for the future.