Welcome to the April 2026 Edition of our Investment Firms Newsletter. As April unfolds, the regulatory landscape for investment firms continues to evolve at pace, with a clear emphasis on smarter regulation, enhanced supervisory efficiency, and the practical application of technology across both regulators and firms. Recent developments from the UK and international regulators highlight an increasing focus on targeted consumer outcomes, operational resilience, financial crime prevention, and the governance of emerging technologies such as artificial intelligence.
In the UK, the FCA is advancing its “smarter regulation” agenda, including initiatives to accelerate authorisations, modernise supervisory tools, and explore the use of generative AI in regulatory processes. Alongside this, key updates such as the targeted support authorisation gateway, the annual work programme, and new regulatory priorities reports signal a continued drive towards more proactive, risk-based supervision. Firms are also digesting important developments in operational incident reporting, Consumer Duty expectations, SDR labelling practices, and evolving expectations around governance, data sharing and non-financial misconduct.
At the same time, wider policy and legislative developments continue to shape firm obligations, including reforms under HM Treasury’s proposals for the Appointed Representatives regime, as well as ongoing regulatory attention on AIFMD II implementation across the European Union. Internationally, updates from the SEC, CFTC, and FINRA highlight continued scrutiny of digital assets, market integrity, and operational controls. The ICO and the FCA also clarify expectations around data protection and vulnerable customers ensuring regulatory alignment.
In this edition, we explore the most significant regulatory updates, consultations, and supervisory themes affecting investment firms. If you would like to discuss how these developments may impact your business or your regulatory roadmap for the year ahead, our team would be pleased to support you.
Use the yellow dropdown arrow to expand and view more information for the section you’re interested in.
United Kingdom.
The FCA has opened the authorisation gateway for the new targeted support permission. The new targeted support activity is designed to help fill the gap between generic guidance and individualised advice enabling financial firms to provide suggestions designed for groups of consumers with common characteristics. The regulator believes this will help them make important decisions across their pensions and investments. Firms considering applying are encouraged to engage with the FCA through the Pre-Application Support Services (“PASS”).
The FCA has announced its plans to speed up authorisations and test new tools to identify key risks earlier. The regulator is developing an integrated tool internally to speed up the process. More generally, it also intends to use generative AI to support efforts to modernise regulation, streamline supervision and reduce unnecessary administrative burdens for firms. Firms applying for authorisation are reminded of the importance of providing the FCA with a good quality application. We also expect that, as the regulator accelerates its adoption of AI, its enhanced supervisory efforts will turn to how firms have adopted the technology themselves. Firms should be mindful that any adoption of AI internally should be accompanied by best-in-class AI governance.
The FCA has published its annual work programme with details of what the regulator will deliver in 2026/27 against its 4 strategic priorities which include smarter regulation, supporting growth, helping consumers navigate their financial lives and fighting financial crime. Firms seeking advance notice of the regulator’s priorities should take heed, identify potential key impacts to their businesses and plan accordingly.
The FCA has published its annual Regulatory Priorities Reports for the consumer investments, wholesale markets and buy side sectors, as part of a new series replacing portfolio letters. The reports set out the FCA’s supervisory focus and the key risks it expects firms in each sector to manage.
The Consumer Investments report focuses on firms involved in the manufacture and distribution of retail investment products. The Wholesale Markets report should be considered by firms operating in wholesale markets including trading venues, brokers and principal trading firms. The Wholesale Buy Side report will be of particular interest to asset managers, custody and fund services providers.
The reports do not create new rules. For investment firms, they are relevant as they identify areas of supervisory focus, including market integrity, operational resilience, financial crime, use of technology and conflicts of interest. Firms should take these priorities into account in their governance, risk management and compliance frameworks.
The FCA has published examples of good and poor practice in relation to the use of labels under the Sustainability Disclosure Requirements (“SDR”) regime. The material explains how firms are applying the labelling regime in practice, including examples of clear and consistent product disclosures and examples where disclosures may be unclear, inconsistent or potentially misleading.
The publication is supervisory in nature and does not introduce new obligations. It applies to firms within scope of SDR, including asset managers and distributors using sustainability labels or making sustainability-related claims. For investment firms, it is relevant where they manufacture, distribute or promote in-scope products, or where they are involved in preparing product disclosures and financial promotions. We recommend in-scope firms complete a gap analysis against the guidance and make improvements where necessary.
The FCA has published PS26/2 setting out its final rules on operational incident and third party reporting. The new requirements will apply from 18 March 2027.
The operational incident reporting regime requires all firms with a Part 4A permission to report certain operational incidents to the FCA.
An operational incident is either a single event or a series of linked events which disrupts the firm’s operations such that it:
- disrupts the delivery of a service to an end user external to the firm; or
- impacts the availability, authenticity, integrity or confidentiality of information or data relating or belonging to such an end user.
The threshold for reporting is met where a firm reasonably believes that an operational incident poses a risk:
- of causing intolerable levels of harm to consumers from which consumers cannot easily recover;
- to the safety and soundness of the firm and/or other market participants; or
- to market stability, market integrity or confidence in the UK financial system.
A smaller subset of firms, including enhanced scope SM&CR firms and CASS large firms, must comply with the third party reporting regime. This requires reporting of information to the regulator on material third party arrangements. The policy statement provides for a single regime for firms that are regulated by the FCA and the PRA with a single notification and register submission procedure.
Ahead of the implementation deadline, firms should incorporate the reporting obligations where they apply into their compliance frameworks and familiarise themselves with the relevant FCA guidance covering operational incident reporting (FG26/3) and material third party reporting (FG26/4).
The FCA and Information Commissioner’s Office (“ICO”) have published a joint statement on regulatory expectations with respect to vulnerability related data. Designed to help firms meet expectations in a manner that complies with data protection laws, the statement covers data protection considerations against core areas including: supporting consumers in vulnerable circumstances; the sharing of data across distribution chains; and the monitoring of customer outcomes. All firms and particularly those in scope of the Consumer Duty should review the statement and consider updates to relevant policies and procedures ensuring their approach is aligned with the latest expectations from the regulators.
HM Treasury has released its consultation proposing: a requirement that authorised firms wishing to act as a principal firm for appointed representatives (“ARs”) will require FCA permission to do so; extension of the jurisdiction of the Financial Ombudsman Service (“FOS”) to cover ARs that act outside of the business for which their principal firm is responsible; and application of the Senior Managers and Certification Regime (“SM&CR”) to ARs. Principal firms with ARs or plans to take on ARs should monitor the developments carefully. Firms that are ARs should speak to their principal firms about any potential impact.
The FCA has published a webpage to help firms get ready for the new rules and guidance relating to non-financial misconduct (“NFM”). The webpage explains how NFM is covered by the FCA’s requirements across the Code of Conduct rules and Fit and Proper test. The regulator encourages firms to review their approach to staff policies, conduct breach reporting, fit and proper assessments, regulatory references and staff understanding of the obligations before 1 September 2026.
Although we don’t advise firms on HMRC related matters at Cosegic we note the ongoing discussions in the industry relating to changes to the registration status of “tax advisers” and the potential impact on investment firms. Firms should ensure they fully explore the potential impact, including whether they are in scope of the obligations, given registration requirements begin in 2026.
European Union.
The directive to amend AIFMD in the EU(“AIFMD 2”) updated the AIFMD and UCITS frameworks in relation to delegation, liquidity risk management, supervisory reporting, depositary and custody services, and loan origination by alternative investment funds. It is properly described as Level 1 legislation. The Directive was published in the Official Journal on 26 March 2024, and Member States were required to transpose it by 16 April 2026.
AIFMD 2 introduces new marketing and regulatory reporting obligations under the National Private Placement Regime (“NPPR”) for non-EU AIFMs (including UK AIFMs). Marketing within the EU will only be permitted if specific conditions are met, including:
- The firm or fund is not established in a “high-risk third country”
- Compliance with applicable tax information exchange agreements
- Fulfilment of expanded regulatory reporting requirements covering asset and market-related data. Details of the harmonization of Annex IV reporting are due in 2026 for implementation in 2027.
Additionally, third-country depositaries must comply with AIFMD II standards. If they cannot meet these requirements, the AIF will need to transition to a depositary that can fulfil the obligations. While AIFMD II does not directly apply to UK firms more generally, there may also be an expectation to include Liquidity Management Tools (LMTs) in investor disclosures. Additionally, firms must ensure pre-contractual information includes the fund name and verify compliance with European Securities and Markets Authority (“ESMA”) guidelines to avoid names that are “unfair, unclear, or misleading.”
Where functions are delegated to a UK Manager from an EU AIFM, the EU AIFM will need to ensure that the delegate adheres to the AIFMD II delegated requirements. Delegated agreements will need to be reviewed in the light of AIFMD II.
AIFMD II also requires transparency on all fees, charges and expenses borne by the AIFM or allocated to the AIF. Firms should confirm that each cost is (i) approved by the fund’s governing body, (ii) reflected in relevant agreements and incorporation documents, and (iii) clearly disclosed to investors.
UK firms with exposure to AIFMD II as a delegate to an EU AIFM should seek guidance from their EU AIFM, ensuring any impacts are addressed. UK firms that market funds in the EU must ensure they comply with the relevant AIFMD II obligations.
United States.
On 17 March 2026, the Securities and Exchange Commission (“SEC”) and Commodity Futures Trading Commission (“CFTC”) jointly released interpretive guidance (“the Release”). The Release identifies four categories of crypto assets that are not securities: digital commodities, digital collectibles, digital tools and stablecoins. A fifth category of crypto assets identified in the Release are securities. The guidance clarifies that non-security crypto assets may be sold subject to an investment contract when an issuer promises to undertake essential managerial efforts from which a purchaser would reasonably expect to profit.
There is also clarification that mining and staking activities relating to non-security crypto assets do not involve the offer and sale of securities. Commentators highlight that the Release is not a formal making of a rule such that it does not have the force of law. As such, although it provides valuable insight into the position of the regulators it may be changed without application of the formal rulemaking process, including a consultation period. Similarly, the Release is not binding on the courts such that private disputes under securities law will be largely unaffected. Nonetheless, the Release remains an indicator as to the direction of travel for the regulation of digital assets in the United States. Firms with exposure to digital assets should continue to monitor developments.
FINRA requires certain users of the FINRA Entitlement Platform to complete an identity verification process in order to access specific FINRA systems. The process involves verifying an individual’s identity through a third-party verification service before access is granted or maintained.
The requirement applies to account administrators and other users who can access sensitive regulatory or filing data through FINRA systems. It forms part of FINRA’s system access and security controls.
For investment firms, the requirement is relevant where they, or their group entities, use FINRA systems and have users who fall within the categories subject to verification. Users can expect email notifications from FINRA with the roll out taking place between May and September 2026. Firms should ensure all users are aware of the upcoming changes, monitor their email for notifications and act on receipt of relevant communications from FINRA.
On 12 March 2026, the CFTC published an Advance Notice of Proposed Rulemaking (“the ANPRM”) in relation to event contracts traded on prediction markets. The notice seeks views on whether additional regulation is required and how existing regulatory frameworks apply. The comment period closes on 30 April 2026.
By way of background, there are concerns relating to the use of material non-public information and abusive trading practices on prediction markets. Efforts to protect market integrity are likely to be the focus of future rulemaking. Firms should monitor the developments carefully and risk assess exposure relating to both firm and personal trading activity of staff and other associated persons. Firms may wish to adjust their personal account dealing procedures and ensure staff are aware of any changes to mitigate against the risks associated with prediction markets.
Register for our upcoming Non-Financial Misconduct Webinar.
Join us on 28 April at 2:00 PM as we explore the FCA’s latest guidance under PS25/23 and what it means for firms in practice.
We’ll cover key risks, including workplace behaviour, social media conduct, and the steps firms should take to strengthen governance and compliance frameworks.
