Welcome to the May 2026 Edition of our Investment Firms Newsletter.
As May progresses, the regulatory landscape for investment firms continues to evolve rapidly, with regulators focusing on governance, financial crime controls, operational readiness and the supervision of emerging technologies and business models. Recent developments across the UK and internationally highlight increasing expectations around firms’ ability to demonstrate robust risk management, effective oversight and clear accountability frameworks. In the UK, the FCA has intensified its focus on financial crime systems and controls, publishing findings on customer due diligence, enhanced due diligence and ongoing monitoring arrangements. The regulator has also reinforced expectations around authorisations, governance and accountability through updates affecting asset managers, SMCR reform, market soundings and appointed representative oversight. Alongside this, firms are preparing for important regulatory changes, including the implementation of the new UK short selling regime in July 2026 and the evolving perimeter for cryptoasset activities. Regulators have also confirmed that existing governance, operational resilience and Consumer Duty obligations continue to apply to firms’ use of artificial intelligence technologies.
Internationally, the SEC, CFTC and FinCEN continue to reshape aspects of the US regulatory framework, including proposals to streamline Form PF reporting obligations and introduce a formal whistleblower incentive programme focused on AML and sanctions enforcement.
In this edition, we explore the key regulatory developments and supervisory themes affecting investment firms across the UK and internationally. If you would like to discuss how these developments may impact your business or regulatory strategy for the year ahead, our team would be pleased to support you.
Use the yellow dropdown arrow to expand and view more information for the section you’re interested in.
United Kingdom.
The FCA has published findings from its multi firm financial crime related review of customer due diligence, enhanced due diligence (“EDD”) and ongoing due diligence controls.
The FCA assessed firms’ controls against the Money Laundering Regulations 2017 and other relevant rules and guidance. The focus was not only on whether firms have policies, but whether those policies are sufficiently detailed, consistently applied and evidenced on customer files. The FCA’s observations indicate concern around the quality of risk-based decision making, the clarity of review triggers, the robustness of EDD for high-risk customers and whether firms can evidence compliance with their own procedures.
This is directly relevant to investment firms’ AML and financial crime frameworks, particularly onboarding, periodic reviews, event-driven reviews, EDD, Politically Exposed Persons (“PEP”) controls, governance sign-off, recordkeeping and compliance monitoring. Firms should bench mark their controls against the FCA’s findings.
The FCA published good and poor practice for firms seeking authorisation to operate in the UK asset management sector, including firms intending to manage funds or individual mandates in the UK.
The FCA reviewed 292 applications over a 12-month period and found that 14% of the 292 determined applications were withdrawn because of FCA concerns or rejected due to poor quality or incomplete information. The FCA’s findings indicate that authorisation applications are being assessed closely against substance, governance, business model clarity and operational readiness. Firms seeking authorisation are reminded of the importance of submitting a complete application of high quality.
The FCA consulted on draft perimeter guidance for the future UK cryptoasset regime. The consultation covers activities such as issuing qualifying stablecoins, safeguarding cryptoassets, operating cryptoasset trading platforms, dealing as principal or agent, arranging deals and arranging cryptoasset staking.
The consultation helps define when cryptoasset activity will move from an unregulated or partially regulated activity into the FCA authorisation perimeter. The technical perimeter questions are likely to turn on the nature of the cryptoasset, the activity being performed, the location of the activity, the role of the firm in the transaction chain and whether the firm is arranging, dealing, safeguarding or operating infrastructure.
For investment firms that have touchpoints with cryptoassets, the key issue is whether existing regulated activities, such as arranging, dealing, custody or platform services, could overlap with future cryptoasset permissions. Firms should also consider whether cryptoasset activity creates additional financial crime, custody, prudential, operational resilience, conflicts, client asset or financial promotions risks.
The FCA has now published its final rules and guidance (PS26/5) for short selling activity. The final package creates a new FCA short selling sourcebook within the regulator’s Handbook and includes final rules, a Statement of Policy on emergency powers, and operational details on implementation.
The FCA confirmed that the new rules come into force on 13 July 2026.
Some key changes include:
extending the net short position reporting deadline to 23:59 on T+1;
formalising a requirement to keep records of covering arrangements for five years;
introducing a new reportable shares list;
streamlining the market maker exemption process through an activity-based notification and annual attestation;
publishing aggregate net short positions by company from 13 July 2026.
The new regime affects the full short selling control framework: position calculation, disclosure thresholds, report submission, market maker exemptions, covering arrangements and record retention. The move to a later T+1 reporting deadline reduces operational pressure, but firms still need accurate end of day position data, robust aggregation logic and clear responsibility between front office, operations, compliance and regulatory reporting teams.
Relevant firms should confirm accountable senior manager ownership, implementation planning, reporting system readiness, market maker exemption renotification where applicable, trading desk procedure updates, covering-arrangement recordkeeping, compliance monitoring and market abuse surveillance alignment.
The Treasury Committee published responses from HM Treasury, the FCA and the Bank of England to its report on AI in financial services. The report raised concerns about the overall efficacy of the current regulatory framework in relation to AI.
HM Treasury stated that regulated firms are already required to manage technology-related risks, including AI related risks, under existing requirements on governance, operational resilience and data use. The FCA response confirmed that its current approach remains principles based and outcomes focused, with existing frameworks such as the Consumer Duty, Senior Managers Certification Regime (“SMCR”) and operational resilience rules applying to AI use.
The key message is that there is no separate AI rulebook at this stage, but AI use is already caught by existing obligations. This means firms should continue to be able to demonstrate governance over AI models and tools, including ownership, risk assessment, testing, validation, explainability, data quality, bias, third-party dependencies, human oversight and incident management.
On the 20 April 2026, the FCA published a multi firm review analysing the impact of market soundings on market quality in UK listed equity capital market transactions.
The review is directly relevant to banks performing market soundings, UK issuers or significant shareholders considering market soundings and buy side investors receiving market soundings. The FCA analysed 63 transactions, focusing on 50 accelerated bookbuilds with a collective value of approximately £32 billion.
The FCA found that trading volumes fell by an average of 13% during the market sounding period but did not observe material impacts on other market quality metrics such as quoted spread, effective spread and market depth.
For sell-side firms, key controls include sounding scripts, issuer / shareholder instructions, recipient selection, inside information assessments, insider lists, cleansing processes and surveillance. For buy-side firms, key controls include wall-crossing governance, restricted lists, order management controls, trading restrictions and evidence that inside information is handled appropriately.
Firms should review wall-crossing controls, inside information handling, target-list approvals, scripts, recordkeeping, surveillance and post-transaction reviews.
The FCA has published its policy statement targeting changes to the SMCR intended to reduce process burden while maintaining individual accountability. For investment managers, the most relevant roles are SMF1 Chief Executive, SMF3 Executive Director, SMF16 Compliance Oversight, SMF17 MLRO and SMF27 Partner, as these functions typically sit at the centre of governance, compliance, financial crime oversight and senior responsibility allocation.
The key changes are operational rather than deregulatory. Firms now have more flexibility under the 12-week rule to submit applications during this period, including more time to submit an SMF application where there is unexpected or temporary cover. Criminal record checks are valid for six months, and repeat checks are not required for certain internal or intra-group SMF moves. The FCA has also streamlined requirements for statements of responsibilities, certification, regulatory references, and Directory Person updates.
For investment managers, the practical impact is that procedures for appointments, temporary cover, internal role changes and regulatory records should be updated. Particular attention should be given to temporary cover for SMF1, SMF16 and SMF17, ensuring that accountability, conduct rule obligations, financial crime oversight and FCA notification requirements remain clear.
Alongside the FCA Policy Statement, HM Treasury published its response to the SMCR reform consultation. The consultation received responses from a wide range of stakeholders, including investment firms, and focused on reducing unnecessary burden while preserving senior manager accountability.
This response should be read alongside the FCA rule changes. It signals that further SMCR reform may follow through legislative or regulatory changes, with an emphasis on proportionality, reduced administrative burden and maintaining individual accountability. For investment firms, the key issue is not immediate implementation but ensuring that governance frameworks remain adaptable. Firms should avoid making overly complex process changes now that may need further adjustment as the next phase of reform develops.
The FCA’s Director of Authorisation speech at the Spring APCC Conference emphasised that authorisation remains demanding by design and that high standards are necessary to protect consumers, support market confidence and maintain clean markets.
The FCA also commented on the role of third-party compliance consultants, noting that consultants can help firms prepare but applicant firms must be able to explain their own business model, governance and operations clearly.
The speech reinforces the FCA’s focus on substance over form in authorisations. The FCA expects applicant firms to understand and evidence their own business model, governance, risk management, financial resources, systems and controls and customer impact from a regulatory perspective.
The FCA has published Market Watch 85, focusing on how the Economic Crime and Corporate Transparency Act 2023 (“ECCTA”) enables firms to share customer information to prevent, detect and investigate economic crime, with protection from confidentiality breaches or civil liability when doing so.
The ECCTA’s information sharing provisions apply where a firm has taken “safeguarding action” against a customer, such as ending a relationship, refusing a product or service, or restricting access, or where a firm requests information from another firm to help it assess its own economic crime risks and potentially take relevant actions. Notably, the regime currently covers market manipulation offences under the Financial Services Act 2012 but does not extend to insider dealing, though the Home Office has launched a Call for Evidence on whether coverage should be widened.
Although ECCTA information sharing is voluntary rather than mandatory, the FCA has indicated that as part of routine supervisory engagement, it will ask firms whether and how they are using the regime and whether they face barriers to doing so. Firms should therefore review their financial crime frameworks and consider documenting when ECCTA based information sharing may be appropriate and how associated governance and data protection requirements will be managed.
The FCA has published a good and poor practice review on how principal firms manage the risks arising from appointed representatives (“ARs”) that carry on no regulated activities. Drawing on two years of REP025 regulatory return data, the FCA identified significant variation in the quality of principal oversight. Regulatory engagement prompted positive change at 7 of the 14 firms reviewed, including the offboarding of 11 ARs.
The FCA’s review highlights concern that prolonged or unexplained absence of activity by ARs may indicate wider weaknesses in governance, monitoring and oversight, rather than simply reflecting a reporting anomaly. Examples of poor practice included principals allowing ARs to remain on the Financial Services Register for extended periods without meaningful engagement, AR agreements that failed to meet regulatory requirements, and consumer-facing materials that incorrectly described ARs as “FCA authorised” or “Authorised Representatives”, potentially creating a misleading impression that the AR itself was directly authorised by the FCA.
Examples of good practice included data-led oversight using Companies House alerts and website monitoring, setting clear expectations during onboarding, and early intervention when regulated activity was not materialising as expected.
Principal firms should treat this review as a prompt to reassess their AR oversight frameworks, particularly where any ARs have reported no regulated revenue in recent REP025 returns. The FCA expects firms to provide accurate and specific explanations for inactivity, with generic descriptions such as “not trading” unlikely to demonstrate effective oversight. Where AR arrangements are no longer appropriate, principals should consider taking prompt action rather than allowing relationships to continue until contractual expiry.
United States.
On 20 April 2026, the SEC and CFTC jointly proposed amendments to Form PF intended to reduce compliance burdens for private fund advisers while preserving the regulators’ ability to monitor systemic risk. The proposal would raise a number of reporting thresholds and streamline several existing reporting obligations. Most notably, the general filing threshold would rise from $150 million to $1 billion in private fund assets under management, eliminating the filing requirement for smaller advisers who represent almost half of current Form PF filers. The threshold for classification as a large hedge fund adviser would also increase substantially from $1.5 billion to $10 billion in private fund assets under management.
The proposal would also eliminate quarterly event-based reporting requirements for private equity fund advisers, including reporting relating to adviser-led secondary transactions, GP removals and fund terminations. In addition, certain separate reporting obligations for feeder funds would be removed. For large hedge fund advisers, the proposal would amend the requirement to file current event reports “as soon as practicable” giving advisors the full 72-hour window to file and would narrow the scope of events triggering current reporting obligations.
The proposal also requests feedback from the industry concerning the treatment of private credit funds, which are often captured by the Form PF’s current expansive definition of “hedge fund”. Public comment is sought on whether to separately define “private credit fund” and replace or expand current reporting requirements.
A 12-month transition period is proposed, meaning any amendments adopted would likely not come into effect until late 2027 at the earliest. The comment period closes 60 days after publication of the rule in the Federal Register. Managers currently filing Form PF should review the proposal carefully and consider whether to engage through the comment process. Those below the proposed $1 billion threshold should not assume exemption is guaranteed until final rules are confirmed.
It is also worth noting that, while the proposal is to eliminate or modify some of the 2024 amendments, they are not discarded. Therefore, absent any further action from the regulators, the 2024 amendments will come into effect on 1 October 2026.
FinCEN has published a Notice of Proposed Rulemaking to implement its whistleblower programme, establishing a framework for incentives and protections intended to encourage individuals to report violations of AML regulations, national security laws and sanctions. The proposals would establish procedures and criteria for blowing the whistle and the making of awards.
Firms with exposure to the US framework should monitor the proposals. Once implemented it is expected that firms will need to review their whistleblowing frameworks to ensure FinCEN’s whistleblower programme is captured. The comment period closes on 1 June 2026.
