Investment Firms Newsletter – December 2025.

The FCA’s multi-firm review of business wide risk assessments (“BWRA”) and customer risk assessments (“CRA”) highlights firms meeting supervisory expectations and those that are not. The FCA praised firms whose BWRAs / CRAs are underpinned by documented methodologies that combine quantitative and qualitative analysis, are formally refreshed annually, feed directly into risk appetite, control testing and management information.

Best practice includes explicit consideration of financial crime risks at product development and strategic levels, visible MLRO involvement, evidence of action tracking with named owners, and clear escalation to senior management and relevant committees with demonstrable challenge. Conversely, poor practices commonly observed included a narrow focus on fraud, neglecting other core money laundering risks (inc. sanctions, bribery, proliferation and terrorist financing) and weak quantitative rigour in assessments. Criticism of CRAs focused on those that lag business growth and product changes, unrecorded or ownerless BWRA actions, and insufficient testing when processes change.

Firms should review and strengthen their BWRA and CRA frameworks, ensure remediation actions are recorded and assigned, formalise senior level oversight and challenge, and evidence that financial crime risks are considered across product and strategy lifecycles.

HM Treasury’s Statutory Instrument (“SI”) proposed changes to the MLRs designed to tighten Enhanced Due Diligence (“EDD”) for high risk third countries (aligned to Financial Action Task Force (“FATF”) “call for action” listings), clarify EDD triggers for “unusually complex or unusually large” transactions, introduce new obligations for pooled client accounts, convert monetary thresholds to sterling, adjust crypto asset registration thresholds to align with Financial Services and Markets Act (“FSMA”) and expand trust registration requirements.

The consultation closed and the amendments are expected to take effect in early 2026 subject to parliamentary approval.

Firms should review their policies, procedures, systems and controls against the changes, ensuring they are fully prepared.

The FCA published results of its survey of corporate finance firms that revealed gaps in anti-financial crime controls with some firms found to be lacking documented BWRAs or Customer Due Diligence (“CDD”) evidence and indicating significant weaknesses in the oversight of appointed representatives.

Separately, the regulator published observations from its review of client categorisation in corporate finance firms. Significant weaknesses in approach were identified in this area as well including undocumented client categorisation assessments, unstructured assessments of elective professional client status and poor records concerning the treatment of corporate finance contacts and financial promotion recipients.

Corporate finance firms should take heed of these reviews ensuring they conduct a gap analysis against the FCA’s findings to identify any remedial actions, which should be addressed as soon as possible.

The FCA has published consultation paper CP25/30 addressing the transition from the Temporary Intragroup Exemption Regime (“TIGER”), which expires on 31 December 2026, to a permanent regime. The FCA’ proposals are intended to support the UK Treasury’s plans to amend UK EMIR and simplify the intragroup regime.  It is anticipated the proposals will result in a less burdensome regime.

Nonetheless, counterparties relying on intragroup exemptions, or considering their use, should monitor the proposals ensuring they are prepared in advance of any changes to the regime.

Market Watch 84 reports on implementation of the regulatory changes made to the UK EMIR reporting regime known as UK EMIR Refit. The FCA noted 95% of reports were uplifted to meet amended requirements by the end of a 31 March 2025 transition period. Firms are reminded that all eligible trades must be uplifted to establish compliance as soon as possible.

The FCA also observed firms experiencing problems reporting following implementation due to inappropriate planning and dependence on external vendors. The expectation is that firms demonstrate improvement to ensure they are able to meet compliance dates in response to future regulatory change. The regulator also has some concerns about the lower-than-expected number of error and omission reports under UK EMIR Refit; firms are reminded of their obligation to notify the FCA of any material issues with their reported data.

Firms should expect increased regulatory scrutiny of reconciliation processes, breach notifications and associated governance/ oversight arrangements.

The FCA proposed a package of reforms to the Markets in Financial Instruments Regulation (“MiFIR”) transaction reporting rules. The proposals are designed to reduce cost and complexity. Measures include reducing the number of reporting fields, removing FX derivatives from the scope of reporting and reducing the default back reporting period from five to three years.

Comments on the proposals are requested by 20 February 2026. Firms should monitor the proposals and begin assessing the potential operational impact.

The FCA updated its guidance on the BFSA, which will take effect on 1 January 2026 and materially ease the regulatory burden on firms seeking to offer selected investment and insurance services across the UK/Switzerland border. Under the BFSA, eligible UK and Swiss firms will not be required to obtain full authorisations in the counterparty jurisdiction to sell specified services; instead, firms must satisfy the receiving regulator’s substantive requirements and notify the regulator of their intention to commence cross border activity.

This change lowers duplication of authorisations and reduces barriers to market access, but it does not remove the obligation to ensure product, distribution and conduct arrangements comply with the destination rules.

Firms planning to use the BFSA should undertake a compliance gap analysis now, confirm notification and filing processes and document governance sign-off before submitting their applications (via Connect for UK firms and FINMA’s EHP portal for Swiss firms).

The FCA’s review of consolidators in the advice and wealth management sector confirmed that groups with clear structures, strong governance and adequately resourced regulated entities are better placed to deliver sustainable outcomes. Conversely, lack of prudential consolidation, upstreaming of cash or guarantees to holding companies, and failure to scale compliance and governance in line with growth create prudential and conduct risks.

Firms pursuing consolidation strategies should stress test group structures, capital flows and governance frameworks to ensure regulated entities remain resilient.

The FCA’s consultation CP25/28 on fund tokenisation sets out a blueprint model and an optional direct dealing approach for tokenised and conventional authorised funds, together with a roadmap for retail scale distributed ledger technology (“DLT”) operations. Responses to Chapter 5 of the paper remain open until 12 December 2025 and a policy statement is expected in H1 2026. The FCA have also separately reminded firms that cETNs are available to retail investors only where listed and admitted to a recognised UK exchange and that cETNs are classified as Restricted Mass Market Investments.

Accordingly, firms must apply heightened product governance, appropriateness testing, cooling off arrangements and a prohibition on incentives in distribution.

The FCA has approved JP Jenkins as a PISCES platform operator. A PISCES is a new type of private stock market where shares in private companies can be traded. The hope is that this new type of platform will provide more opportunities for investors, facilitating their access to growth companies and that it will widen the pool of investors that private companies can tap into.

The Financial Services Compensation Scheme deposit protection limit increases to £120,000 per eligible person from 1 December 2025, and temporary high balance protection rises to £1.4m for qualifying events for up to six months. Firms must update customer disclosures by 31 May 2026 and ensure single customer view systems correctly reflect the new thresholds.

The FCA has written to compliance officers of asset managers and alternative firms setting an unequivocal expectation that portfolios will be able to settle on a T+1 cycle from 11 October 2027. The regulator expects firms to complete diagnostic work by the end of 2025 identifying manual processes, operational bottlenecks and third-party dependencies that may prevent timely settlement and to engage immediately with settlement agents and outsourced trading counterparties. Identified changes must be implemented through 2026; internal and external testing should be completed in 2027 to ensure firms are ready.

Firms will need to co-ordinate across front office, middle office, operations and with third parties therefore a clear project plan prioritising high impact processes, third party engagement and contingency arrangements is recommended.

The US Treasury has proposed delaying the effective date of the FinCEN Investment Adviser AML Rule to 1 January 2028. The SEC and CFTC have extended the Form PF amendment compliance date to 1 October 2026. SEC amendments to Regulation SP require larger entities to implement incident response programmes and enhanced breach notification arrangements from 3 December 2025 (with smaller firms subject from 3 June 2026). These rules mandate consumer notification and contractual obligations on service providers to report breaches of sensitive customer information within 72 hours.

The SEC Division of Examinations has outlined its examination priorities for 2026, emphasising fiduciary conduct, compliance effectiveness, operational resilience and oversight of emerging technologies. In respect of fiduciary standards and client-centric advice, advisers will face scrutiny regarding their duty of care and loyalty, with particular attention to conflicts of interest, product suitability, high-risk investments, and operational risks, especially for retail and retirement clients.

Compliance program effectiveness will also be a key area of focus, with the SEC assessing programs across core areas such as trading, portfolio management, disclosures, recordkeeping, and oversight of business model changes. Examiners will evaluate whether firms conduct meaningful testing and maintain thorough documentation.

Cybersecurity and operational resilience continue to remain priorities, including the protection of sensitive data, preparedness for ransomware and AI-driven threats, and effective management of vendor and third-party risks. In addition, the SEC will review firms’ use of emerging technologies and AI, examining automated investment tools for accuracy, alignment with client strategies, and the adequacy of monitoring, including controls for fraud detection and anti-money laundering (AML) compliance.

Although the implementation of the Investment Adviser AML Rule has been postponed to 2028, the SEC will continue to monitor firms’ readiness and the effectiveness of interim AML practices.