Risk and Compliance Report For the week ending 29 August 2025

Executive Summary

This week's principal developments include a strategic rationalisation of the FCA's supervisory communication framework, clarification of the regulatory perimeter for workplace savings schemes, and a procedural amendment to the reporting requirements under the Senior Managers and Certification Regime (SM&CR). Each development necessitates specific actions and strategic adjustments within risk and compliance functions.

1. Strategic Rationalisation of FCA Supervisory Communications

Regulatory Development Summary:

On 28 August 2025, the FCA announced a significant overhaul of its supervisory communication strategy, in line with its strategic objectives for 2025-2030. The issuance of "Dear CEO" and portfolio letters will be discontinued. These will be superseded by a consolidated series of market reports, designed to disseminate supervisory insights and thematic findings to a broad audience of regulated firms. Furthermore, multi-firm and thematic reviews published before 2022 will be reclassified as "historical," although they will be preserved for public record.

Risk and Compliance Implications:

• Revision of Horizon Scanning Protocols: Compliance functions must recalibrate their regulatory horizon scanning and information-gathering processes to ensure compliance. The shift from targeted, firm-specific correspondence to broader market reports requires a more analytical approach to identify and interpret guidance and supervisory expectations that are pertinent to the firm's specific business model and risk profile.

• Management of Transitional Ambiguity: A key risk during the interim period is the potential for misinterpretation of regulatory expectations. Firms must ensure that all relevant existing supervisory communications remain embedded within their compliance frameworks and control environments until the new market reports are fully integrated and operational. A formal impact assessment of the forthcoming reports will be required upon publication.

• Legal and Evidentiary Status of "Historical" Documents: The re-classification of pre-2022 reviews as "historical" does not nullify their potential relevance. These documents may still be cited by the regulator or in legal proceedings as evidence of established standards of care or regulatory expectations at a given point in time. Risk and compliance functions should conduct a thorough review to determine which principles from these documents remain integral to their existing policies and procedures.

2. Regulatory Perimeter and Obligations for Workplace Savings Schemes

Regulatory Development Summary:

The FCA stated on 27 August 2025 to clarify the regulatory framework governing workplace savings schemes, with a focus on "opt-in" models. The objective is to mitigate perceived regulatory uncertainty that has historically impeded their market penetration. The guidance addresses the applicability of regulated activities, financial promotions, the Consumer Duty, and other operational rules.

Risk and Compliance Implications:

• Structuring for Exclusion from Regulated Activities: The FCA's guidance confirms that specific structures—notably where employee contributions are transferred directly to a third-party savings provider—can fall outside the regulatory perimeter for employers. Legal and compliance teams must meticulously review and document the contractual arrangements and cash flow models of any proposed scheme to ensure they align with this guidance and do not inadvertently trigger a requirement for authorisation.

• Compliance with Financial Promotion Regime (FSMA s21): The statement provides critical guidance on navigating the financial promotion restrictions under Section 21 of the Financial Services and Markets Act 2000. All employee-facing communications must be strictly vetted to ensure they are factual, balanced, and do not constitute an inducement or financial advice, thereby remaining outside the scope of a regulated financial promotion.

• Application of the Consumer Duty: The FCA's confirmation that the Consumer Duty applies necessitates a comprehensive assessment of the relevant requirements. All participants in the value chain must ensure their role in the scheme is consistent with the Duty's cross-cutting rules and four outcomes. This includes, but is not limited to, providing fair value, ensuring a clear understanding of the consumer, and offering appropriate consumer support, thereby minimising foreseeable harm to employees.

• Integration of Operational Compliance Controls: Firms must ensure that operational frameworks for these schemes are fully compliant with applicable BCOBS requirements, implement robust Customer Due Diligence (CDD) and AML/CTF procedures, and adhere to all FSCS notification requirements as stipulated in the PRA Rulebook.

3. Amendment to SM&CR Conduct Rule Breach Reporting

Regulatory Development Summary:

Effective for reporting periods ending after 31 August 2025, the FCA has rescinded the requirement for firms to submit a nil return for Form REP008 under the SM&CR. This procedural change means firms are no longer obligated to submit if no conduct rule breaches have been identified during the reporting period. The amendment is a component of the FCA's broader data collection transformation program.

Risk and Compliance Implications:

• Optimisation of Compliance Resources: The elimination of this administrative requirement is projected to yield efficiency gains for approximately 36,000 firms, allowing for the reallocation of compliance resources to more substantive risk management activities.

• Updating of Compliance Monitoring and Reporting Systems: Internal compliance calendars, GRC platforms, and automated workflow reminders must be technically updated to reflect this change. This ensures that resources are not wasted on a now-obsolete task and prevents erroneous escalations for non-submission.

• Emphasis on Evidentiary Standards for Non-Reporting: While the nil return is abolished, the underlying obligation to monitor conduct and report breaches persists. Firms must maintain a robust, auditable trail of their conduct monitoring activities. In the event of a supervisory inquiry, firms must be able to evidence that the absence of a REP008 submission was the result of a compliant monitoring process that identified no reportable breaches, rather than a failure of that process.

• Management of RegData System Artefacts: Firms should be briefed that the REP008 task may still manifest in their RegData schedule. Procedural guidance should be issued internally explaining that this is an expected system artefact that will be resolved post-deadline without penalty, thereby preventing unnecessary queries to the regulator.

#FCA #FinancialRegulation #Compliance #RiskManagement #SMCR #FinancialServices #UKFinance #RegTech