Investment Firms Newsletter – March 2026.

The FCA has introduced a more structured and transparent model for communicating its regulatory priorities, as outlined in its recent blog post “A smarter approach to communicating regulatory priorities”. Historically, the FCA has issued portfolio letters to firms; these are now being replaced with regulatory priorities reports. Instead of over 40 portfolio letters there will be 9 sector reports, one for each sector. These reports, which will be published on the FCA’s website, will be updated at least annually by the FCA with a number due to be published for the first time in March 2026 (for example, the wholesale buy-side and wholesale markets sector reports). The reports document specific key priorities for each sector and further relevant work that the FCA will be undertaking in the next year. Firm boards will need to consider which priorities and recommendations detailed in the reports apply to them on an ongoing basis, ensuring their compliance frameworks are aligned with FCA priorities.

The UK’s new short selling regime, which is expected to commence in June 2026, introduces a two phase implementation to modernise reporting and improve market transparency. Under Phase 1, firms must calculate and submit net short positions for shares on the FCA’s Reportable Shares List (RSL), which replaces the previous list of exempt shares. Phase 2, six months later, updates FCA systems for submitting position reports and market maker exemption notifications. The regime replaces the current UK Short Selling Regulation, which publicly names individual short sellers above 0.5%, with aggregate net short position (ANSP) reports that anonymise individual holdings while showing total market exposure. Reporting deadlines will shift to 23:59 T+1, with ANSPs typically published shortly thereafter, ensuring timely market-wide transparency.

The ANSP reports will display combined short positions for each share above the 0.2% threshold, updated regularly and published on the FCA website alongside the RSL. Firms must monitor the RSL, report positions when thresholds are met, retain evidence of covering arrangements for at least five years and comply with updated market maker exemption requirements in Phase 2. The FCA anticipates publishing the final rules and policy statement before the main commencement date, expected in April 2026, allowing firms time to transition. Overall, the new regime provides a streamlined, anonymised reporting framework, replacing individual named disclosures and the old exempted shares list while maintaining transparency of short selling activity across UK markets.

The FCA has published findings from its review of firms’ Consumer Duty board reports. The review identifies patterns of effective practice alongside common weaknesses, aiming to guide firms as they embed Consumer Duty principles more deeply into strategic decision‑making and conduct risk management.

Examples of good practice include concise and outcome‑focused reporting supported by meaningful and timely management information; thorough documentation of board engagement, challenge and accountability; and integration of consumer insights from complaints data, product reviews and vulnerability analysis. Conversely, weaker submissions were characterised by excessive description without linkage to consumer outcomes, fragmented or incomplete action plans and limited metrics hampering meaningful oversight.

The FCA reiterated that future reporting should be more forward‑looking, explicitly aligned with consumer outcomes and used to drive continuous improvement rather than backward compliance assessment.

The FCA has published examples of good and poor practice for using labels under the Sustainability Disclosure Requirements (“SDR”) regime. The webpage publication is intended to help firms prepare pre-contractual disclosures for use of labels. The regulator found in general that firms are making more use of the labels and becoming more familiar with the requirements, but it has identified cases where it is not clear how firms meet the labelling requirements. Emphasis should be placed on clear, concise and easy to understand disclosures with the webpage giving practical guidance relating to each of the available labels.

The FCA has standardised how it collects financial data from new firm applicants by integrating sector-specific templates into the submission system, Connect. The templates can be found on the FCA’s webpage.

On 28 January 2026, the FCA published the first edition of its Enforcement Watch newsletter designed to provide insights and themes from its recent enforcement work. The FCA outlines how its updated publicity policy is being applied, including when it will publish information about enforcement investigations under its revised framework.

The FCA also sets out its enforcement case priorities based on its 23 enforcement operations opened between 3 June and 31 December 2025, covering areas such as individual responsibility, listed issuers, unauthorised business activity, fair value, oversight of systems and controls, financial crime controls, and consumer investment and asset management. In addition, the publication discusses the FCA’s engagement with international partners to support cross‑border investigations.

The FCA fined Dipesh Kerai and Bhavesh Hirani £108,731 for insider dealing. Mr Hirani, formerly interim Chief Financial Officer of Bidstack Group Plc, transmitted confidential deal information to Mr Kerai, who traded on that information and gained approximately £9,000. The case demonstrates the FCA’s continued vigilance in market‑abuse surveillance and its expectation that issuers maintain robust insider‑information controls.

The FCA has commissioned the Mills Review to assess how AI may reshape the retail financial services landscape by 2030. Stakeholders were invited to provide input by 24 February 2026. The review seeks evidence on the evolution of AI models, governance and accountability implications, impacts on consumers and the alignment of future regulatory frameworks.

Particular emphasis is placed on managing risks associated with automated decision‑making, ensuring transparency in AI outputs and defining clear lines of human accountability for machine‑enabled financial advice and distribution.

HM Treasury has published its Consultation on the Appointed Representatives Regime, advocating legislative reforms to strengthen oversight, accountability and regulatory coherence. The proposals would clarify the responsibilities of principal firms, grant the FCA enhanced intervention powers and limit risks arising from regulatory arbitrage or inconsistent supervision among principal–appointed representative relationships.

The government notes that ongoing supervisory reviews have revealed weaknesses where principals exercised insufficient monitoring over their representatives, leading to consumer harm and regulatory breaches.

In February, the Joint Money Laundering Steering Group (JMLSG) published final amendments to Part I of its guidance for the UK financial services sector, following a consultation in November 2025. The revisions focus on guidance for Money Laundering Reporting Officers (MLROs) regarding their standing and oversight of AML controls, as well as on handling subject access requests where a suspicious activity report has been filed. The amendments have been submitted to HM Treasury for Ministerial approval.

Under the proposals in CP26/6 by the FCA, securitisation transaction parties must continue to provide transparency information to investors about the securitisation and the assets that support it. This includes information on the underlying exposures (for example the type, size and characteristics of the loans or assets in the pool), periodic investor reports describing cash flows and performance of the transaction, and disclosures of inside information or significant events that could affect investors’ assessment of the investment. The FCA proposes to retain these information requirements but move away from detailed mandatory templates, instead specifying the minimum types of information that must be disclosed.

The information must be made available to investors throughout the life of the securitisation. Under the current framework, information on public securitisations is typically made available through a securitisation repository registered with the FCA, while private securitisations provide the relevant information directly to investors and through regulatory notification processes. However, CP26/6 proposes removing the mandatory reporting obligation to securitisation repositories, meaning firms would still need to make information available to investors but would not necessarily be required to submit it to a repository.

These proposals primarily affect originators, sponsors and securitisation special purpose entities (SSPEs), which must prepare the transparency information, provide ongoing investor reporting, and notify the regulator of relevant events. The reforms would replace the existing prescriptive reporting templates contained in the FCA Handbook (SECN 11 and SECN 12 Annexes 12–15), including templates for investor reports and disclosures of inside information or significant events, with a more principles based reporting framework that focuses on the substance of the information rather than requiring firms to use specific formats.

The Information Commissioner’s Office (ICO) has published new guidance on Data Protection Complaints Handling, setting out expectations for how organisations should manage data protection complaints. The guidance recommends that entities provide easily accessible submission channels, acknowledge complaints promptly, investigate and respond without undue delay, and communicate final outcomes transparently.

While the guidance itself does not have legal effect, it supports compliance with the statutory requirement under the Data (Use and Access) Act 2025, which mandates that organisations have a formal complaints procedure in place from 19 June 2026. Firms are encouraged to review their complaint handling frameworks in light of the guidance and document evidence of compliance with the forthcoming statutory obligations.

The SEC’s Division of Enforcement has announced significant updates to its Enforcement Manual, marking the first revision since 2017 and signalling a renewed focus on fairness, transparency and procedural consistency in investigations. The Manual will now be reviewed on an annual basis to keep its procedures aligned with the Commission’s investor‑protection mission.

The Manual consolidates a decade of informal practices and policies, providing clearer guidance on how investigations are conducted, including the handling of Wells submissions, assessment of cooperation credit, settlement procedures and the referral of potential criminal matters to the authorities. It also addresses internal coordination, priority matter designation, engagement with harmed investors, document production expectations and staff ethics and professional responsibilities.

The case focused on “season and sell” loan sales by an investment adviser (where loans are typically held by a lender for a period before they are sold demonstrating proven repayment history to buyers). The SEC alleged that transferring loans at or near cost, particularly loans that had only seasoned for a short period, did not reflect fair value during a market dislocation (specifically, the start of the coronavirus pandemic). The enforcement action offers relevant takeaways to advisors who are refining and strengthening their valuation policies and procedures. Firstly, independent approvals do not always eliminate valuation risk. The SEC emphasised that ultimate responsibility for valuations rests with the investment adviser. Where an adviser has engaged a third party, the adviser must provide all relevant information, ensure the third party is appropriately qualified, and exercise meaningful oversight of their work. Secondly, disclosure has its limits. A disclosure that no third-party valuation would be obtained did not protect the adviser because it was paired with a representation that transfers would occur at market values – an assertion that the SEC alleged was inaccurate. The SEC reiterated that disclosure is only effective if it is complete and does not omit material information. Finally, the SEC pursued enforcement in 2026 notwithstanding the remedial steps taken by the adviser, including repaying the funds in 2021 following an SEC examination. This underscores that regulatory risk remains significant concerning valuation.

As a reminder, Regulation S-P amendments concerning the strengthening of data protection related requirements for investment advisers that needed to be complied with by larger firms from 3 December 2025 will apply to smaller advisers from 3 June 2026. Among other things, the amendments require firms to adopt formal incident response plans and notify customers within 30 days of any unauthorised access to sensitive customer information. Smaller firms impacted should prepare to comply by the implementation deadline if they haven’t already done so.