top of page
Search

Risk & Compliance Report For the week ending: 12 September 2025

Executive Summary


This week's regulatory developments emphasise a continued focus on strong governance frameworks, the implementation of existing principles across new technologies, and individual accountability. The Financial Conduct Authority (FCA) has clarified its expectations for firms seeking authorisation under Part 4A of FSMA, highlighting the need for demonstrable substance in personnel, tailored systems and controls (SYSC) that fully incorporate the Consumer Duty, and measurable financial resilience. In a notable clarification of its approach to innovation, the regulator confirmed it will oversee the deployment of Artificial Intelligence (AI) through established frameworks such as the Senior Managers and Certification Regime (SM&CR) and Consumer Duty, rather than developing a separate AI-specific rulebook.


In the European Union, the European Supervisory Authorities (ESAs) continue to scrutinise the quality of disclosures under the Sustainable Finance Disclosure Regulation (SFDR), identifying material divergences in reporting quality. Meanwhile, significant jurisprudence has emerged, with an ECJ ruling clarifying the status of pre-resolution liabilities under the Bank Recovery and Resolution Directive (BRRD). In the UK, a High Court decision hints at a potential shift in a bank's duty of care regarding the recovery of funds in cases of Authorised Push Payment (APP) fraud. Lastly, the FCA's Market Watch 83 and recent enforcement actions emphasise the regulator's steadfast focus on market integrity and the controls surrounding the management of inside information.

ree

Key Developments & Compliance Considerations


1. UK Regulatory Landscape


a) FCA Authorisation Framework (Part 4A FSMA)

  • Development: The FCA published guidance outlining good and deficient practices observed in applications for authorisation, specifying expectations regarding personnel, policies, and financial standing.

  • Risk: Heightened risk of application rejection or significant delays where submissions lack demonstrable substance, particularly in evidencing a meaningful UK presence and avoiding over-reliance on third-party consultants.

  • Compliance Considerations:

    • Personnel & Governance: Firms must provide objective evidence of the competence and capacity of approved persons. The submission of internal suitability assessments and transparent organisational charts is now a benchmark for good practice.

    • Systems & Controls (SYSC): Compliance frameworks must be demonstrably tailored to the applicant's business model. A critical requirement is the integration of the Consumer Duty's four outcomes into all relevant systems, controls, and customer-facing processes.

    • Financial Resilience: Submissions must adhere strictly to FCA financial analysis templates. Full disclosure of historical accounts, accurate prudential calculations, and verifiable evidence of capital and funding sources are mandatory.

b) Governance of Artificial Intelligence

  • Development: The FCA has proceeded with its AI Live Testing initiative and clarified that its regulatory oversight of AI will be exercised through existing legal and regulatory frameworks.

  • Risk: Firms that deploy AI systems without a robust governance structure risk breaching fundamental regulatory obligations, including those related to conduct, governance, and consumer protection.

  • Compliance Considerations:

    • The FCA will leverage existing regimes to mitigate AI-related risks. The SM&CR provides the framework for individual accountability for AI systems, while the Consumer Duty (Principle 12) requires that AI-driven processes result in good outcomes for retail customers.

    • Firms engaged in the development of complex AI models are advised to utilise the FCA's AI Lab to foster regulatory alignment and de-risk deployment.

c) Market Conduct & Integrity (Market Watch 83)

  • Development: Market Watch 83 detailed FCA findings of control deficiencies in corporate finance firms' management of inside information.

  • Risk: Deficient controls, particularly concerning market soundings and personal account dealing (PAD), expose firms to a high risk of unlawful disclosure of inside information (UK MAR Article 10) and market manipulation, potentially leading to severe regulatory sanction.

  • Compliance Considerations:

    • Market Soundings: Procedures must ensure that the number of market sounding recipients (MSRs) is appropriately managed and that all MSRs receive a standardised level of information, as required by UK MAR. Firms acting as secondary brokers without the issuer's knowledge risk operating outside the safe harbour provisions of UK MAR Article 11(4).

    • Personal Account Dealing (PAD): The FCA has signaled zero tolerance for persistent breaches of PAD policies. Compliance functions must intensify scrutiny of pre-trade approvals and implement robust post-trade surveillance to detect and address non-adherence to rules such as mandatory holding periods.

d) Structural Reforms in Payments Regulation

  • Development: HM Treasury initiated a consultation on consolidating the Payment Systems Regulator's (PSR) functions within the FCA's existing FSMA framework.

  • Risk: Potential for regulatory arbitrage or uncertainty during the transitional phase.

  • Compliance Considerations: Payments firms should analyse the proposed consolidation's impact on their supervisory engagement and governance models and consider contributing to the consultation.


2. EU Regulation & Jurisprudence


a) Sustainable Finance Disclosures (SFDR)

  • Development: The ESAs' annual report on Principal Adverse Impact (PAI) disclosures under Article 18 of the SFDR identified persistent qualitative gaps, especially among smaller financial market participants (FMPs).

  • Risk: Increased supervisory scrutiny and reputational risk for FMPs providing boilerplate, non-compliant, or misleading PAI disclosures.

  • Compliance Considerations:

    • PAI statements must be substantively distinct from marketing communications and explicitly declare the firm's policy on the consideration of principal adverse impacts.

    • FMPs should benchmark their disclosures against the good practices identified in the ESAs' report to mitigate the risk of supervisory intervention by National Competent Authorities (NCAs).

b) EU Taxonomy Regulation

  • Development: The European General Court dismissed legal challenges (Cases T-625/22 and T-579/22) to Commission Delegated Regulations, thereby affirming the inclusion of certain nuclear and natural gas activities within the Taxonomy under specific technical screening criteria (TSC).

  • Risk: Incorrect classification of economic activities and misreporting of Taxonomy alignment.

  • Compliance Considerations: This ruling solidifies the legal basis of the Complementary Climate Delegated Act. Firms' methodologies for assessing substantial contribution and "do no significant harm" (DNSH) must align with the established and legally affirmed TSC.


3. Key Legal & Enforcement Actions


a) APP Fraud and Banks' "Retrieval Duty"

  • Development: In Barclay-Ross v Starling Bank Ltd, the High Court deemed it arguable that a sending bank has a potential tortious and contractual duty to attempt fund recovery upon notification of an APP fraud, building on principles discussed in Philipp v Barclays Bank UK plc.

  • Risk: Potential expansion of a bank's liability in APP fraud cases, moving beyond the initial payment instruction to post-execution responsibilities.

  • Compliance Considerations:

    • This case signals a potential evolution of the common law duty of care. Financial institutions should review and fortify their fraud response protocols to ensure that immediate and robust steps are taken to attempt retrieval of funds upon customer notification.

b) Pre-Resolution Liabilities (ECJ Ruling)

  • Development: The ECJ ruled (Case C-687/23) that rights from legal actions initiated prior to a resolution action under the BRRD are "accrued" obligations pursuant to Article 53(3) and are therefore enforceable against a successor entity.

  • Risk: Successor entities in a resolution context may face un-provisioned liabilities from pre-existing litigation that is not extinguished by the bail-in tool.

  • Compliance Considerations: Due diligence in M&A involving institutions post-resolution must now meticulously account for the timing of any outstanding legal claims to accurately assess contingent liabilities.

c) Enforcement Synopsis

  • Development: The FCA finalised enforcement actions against three traders for market manipulation and initiated proceedings against three individuals for breaches of the financial promotion restriction under section 21 of FSMA.

  • Risk: Significant personal and corporate liability for misconduct, with a clear regulatory focus on holding individuals accountable.

  • Compliance Considerations: These actions reiterate the critical importance of a strong compliance culture, supported by rigorous training, surveillance, and a clear tone from the top regarding adherence to market conduct and financial promotion rules.


 
 
 

Comments

bottom of page