FCA supervision and enforcement trends in 2026

The regulatory risk landscape in 2026 is defined by an operating model that took shape during 2025 and is now firmly embedded. Over that period, the Financial Conduct Authority (FCA) has moved decisively away from a framework that relied heavily on lengthy enforcement investigations to secure outcomes. In its place, the FCA has adopted a more assertive, supervision led approach designed to intervene earlier, contain risk, and secure outcomes at greater speed.

This shift is already evident, as the FCA has reported a significant reduction in open enforcement operations - from approximately 220 in 2023 to 124 by October 1 2025.

The operating model aligns closely with the FCA’s 2025–2030 strategy, which emphasises supporting growth and competitiveness while operating as a more efficient regulator. Delivering on those objectives requires intervention that is targeted, deployed early and focused on areas of greatest potential harm. Supervision is central to that approach. It allows the FCA to impose immediate requirements, refine expectations as information develops and steer outcomes without the delay, cost and uncertainty inherent in formal enforcement action.

The practical consequence is that, in 2026, the FCA’s supervisory toolkit will remain its primary mechanism for securing outcomes, with regulatory exposure increasingly arising early and being managed through supervision rather than formal enforcement action.

The blurring line between supervision and enforcement  

While the formal boundary between supervision and enforcement remains, the distinction is becoming less useful for understanding a firm's regulatory exposure. Supervision traditionally involves the ongoing oversight of authorised firms. It  does not, in law, constitute a formal investigation, which may be opened only by the FCA’s enforcement function.

Enforcement refers to formal investigations that may lead to public findings, sanctions, or fines. In practice, however, supervisory engagement increasingly involves binding requirements and remediation that carry the cost, disruption and reputational sensitivity historically associated with enforcement, even where no formal investigation has been commenced.

This shift is being driven by the FCA’s increasingly confident use of its supervisory toolkit, to impose significant binding obligations well before any decision to pursue enforcement is taken. Key tools include:

• Senior Manager attestations: Requiring individual accountability at the leadership level.
• Part 4A Permission variations: Restricting, reshaping, or conditioning a firm’s regulated activities.
• Section 166 (Skilled Person) reviews: Requiring firms to commission and fund independent assessments, often focused on governance, systems, and controls.
• Voluntary Requirements (VREQs): Binding obligations that firms ‘voluntarily’ agree to have imposed, typically recorded on the Financial Services Register.

The increased use of VREQs in particular is notable. Reported figures show an increase from 104 voluntary requirements in 2023–2024 to 119 in 2024–2025, underscoring that these measures are no longer exceptional and are now becoming a routine feature of supervisory intervention.

Supervision as a route to remediation and redress

The more important shift is not just earlier intervention. It is that supervision tools are now being used to deliver remediation and, in substance, consumer redress on timelines that would previously have been associated only with enforcement action.

The FCA v BlueCrest litigation in 2024 remains a clear marker of this direction of travel. The Court of Appeal confirmed that the FCA may use its section 55L FSMA  powers to impose firm specific redress obligations, without needing to proceed by way of an industry wide consumer redress scheme. The subsequent withdrawal of Bluecrest’s appeal to the Supreme Court in 2025 left that position firmly in place. IThis has reinforced the FCA’s ability to secure remediation through supervision, by requiring a firm to design and implement a redress programme as a condition of its ongoing permission, without opening a formal enforcement investigation.

The same operating model appears in the FCA’s first Enforcement Watch newsletter published on 28 January 2026. It indicates that, in certain Consumer Duty investigations in the second half of 2025, the FCA relied on supervisory tools, including VREQs and own-initiative requirements, to protect consumers while investigations were ongoing. Enforcement in those cases operated in parallel or in the background, rather than as the primary mechanism for securing outcomes.

Impact for firms and insurers

The practical impact is that regulatory exposure is increasingly likely to be front loaded in 2026.

Firms may face material cost, operational disruption and effective restrictions during the supervisory phase, including pressure to implement remediation and redress through requirements that are publicly visible, without any formal enforcement investigation ever being opened.

For insurers, the supervision led model is pulling cost forward and, in many cases, increasing it. Firms are increasingly incurring substantial defence and investigation type spend during intensive supervisory interventions that are investigatory in substance, even where the FCA has not commenced a formal investigation. Policy wordings that tie defence cost cover, notification triggers, or insured events only to the commencement of a formal investigation, inquiry, or enforcement action may therefore misalign with how regulatory exposure now arises in practice.

Where supervisory scrutiny will focus in 2026

Enforcement Watch provides visibility into the FCA’s newly opened enforcement operations (second half of 2025), and a credible indicator of the risks being escalated into enforcement and, by extension, where firms should expect supervisory scrutiny and early intervention in 2026.

1. Financial crime and fraud resilience
   
   Financial crime and the adequacy of systems and controls remain core priorities. Enforcement Watch explicitly flags investigations focused on financial crime controls and wider systems and controls failings, including concerns about firms’ reliance on third party providers that do not meet required standards.
   
   Recent enforcement outcomes illustrate how the FCA is approaching these issues in practice:
   
    - In December 2025, Nationwide was fined £44 million for serious weaknesses in financial crime systems and controls, including customer due diligence and monitoring.
    - In July 2025, Monzo was fined £21 million for inadequate controls during a period of rapid growth, with the FCA highlighting repeated breaches of a restriction on higher risk onboarding.
   
   For 2026, these outcomes set a clear baseline for supervisory expectations. The FCA’s practical question is whether controls operate effectively day to day, particularly during growth, outsourcing or operational change, rather than whether firms can articulate a compliant framework on paper.
   
   
2. Consumer Duty
   
   Enforcement Watch confirms that the Consumer Duty has become the FCA’s default lens not only for supervision but also for enforcement escalation. The FCA reports six newly opened investigations into potential Consumer Duty breaches, particularly,  fair value. Two of the most serious cases identified through its multi firm work involve insurers in the home and travel markets.
   
   For 2026, firms should expect sustained scrutiny of whether products genuinely offer fair value, are distributed to the right customers, and whether firms can evidence that they are delivering and monitoring the services and outcomes they have promised over time. The FCA’s ongoing advice services work illustrates this approach, with the Duty being used to test whether recurring fees are matched by substantive ongoing service and whether that delivery can withstand regulatory scrutiny.
   
   
3. Consumer Investment and asset management sectors
   
   Enforcement Watch also highlights investigations into five firms in the consumer investment and asset management sectors, including suspected misleading statements and failures to identify or manage conflicts of interest. Looking ahead to 2026, scrutiny is likely to extend beyond pricing and target markets to how firms communicate with customers, disclose risks and manage conflicts in practice. The FCA is signalling that it will test whether consumer outcomes genuinely align with disclosures and governance arrangements, rather than accepting compliance in form alone.
   
   
4. Digital assets, crypto and fintech
   
   Enforcement Watch confirms that crypto assets are already an active enforcement focus, with unauthorised business identified as a priority. That enforcement stance provides the backdrop for how digital assets and fintech are likely to be supervised in 2026.
   
   The FCA is signalling a firmer approach from the outset. Digital assets, payments and fintech are being treated as higher risk sectors because consumer understanding is often limited and detriment can scale quickly through digital distribution and rapid customer acquisition. The clear message for 2026 is that there will be no soft launch. Mainstream conduct standards, including the Consumer Duty, are expected to apply from day one. The FCA’s January 2026 consultations and plans to open a permissions gateway in September 2026 reinforce that direction, alongside continued enforcement risk for firms operating without the required registration or authorisation.
   
   
5. Culture, governance, and individual accountability
   
   Separately from the Enforcement Watch themes, culture and individual accountability remain live supervisory risks. Non financial misconduct is firmly within the FCA’s regulatory lens as an indicator of governance quality and individual fitness and propriety, rather than as a standalone conduct issue.
   
   Finalised guidance issued in December 2025 clarifies how the Conduct Rules in COCON and the fitness and propriety test in FIT apply where serious non financial misconduct is alleged. A new conduct rule will take effect from 1 September 2026, applying to banks and to most other FCA regulated firms and their staff who are subject to the Conduct Rules, including insurers, asset managers and investment firms.
   
   In 2026, the FCA is positioning non financial misconduct as a proxy for culture and governance, and as a test of whether a firm’s leadership can be trusted to identify issues early, escalate them appropriately and manage harm before it reaches customers or markets.
   
   
6. Targeted support and the advice boundary
   
   Targeted support is expected to take effect from 6 April 2026, subject to legislation. The regime is expressly designed not to constitute regulated advice. Its purpose is to narrow the advice gap by allowing authorised firms to provide structured prompts to groups of consumers with similar characteristics, without triggering the personalised suitability obligations that apply to regulated advice. It is intended to guide and prompt, rather than to recommend a specific course of action to an individual.

Firms should expect data intensive and evidence led supervision in this area. We expect the FCA to closely monitor how:

• customer cohorts are defined;
• firms prevent drift from group based prompts into individualised advice;
• conflicts of interest and charging structures are managed; and
• whether firms can evidence what information the customer was provided. 

Comment

Taken together, Enforcement Watch and the FCA’s supervisory operating model indicate that 2026 will continue to be characterised by selective enforcement and increasingly interventionist supervision. As fewer enforcement outcomes are published, transparency tools such as Enforcement Watch will be used more actively to signal regulatory priorities, expectations and areas of concern. In practice, regulatory intervention and impact will increasingly occur through supervision rather than formal enforcement action.

For insurers, this means supervisory engagement should be expected to drive earlier notification and material defence and investigation cost spend. While the legal distinction between supervision and enforcement remains intact, it is becoming a progressively less reliable indicator of where regulatory risk and defence costs will crystallise in practice.

This trend warrants careful consideration of whether policy wordings that tie notification triggers, insured events or defence cost cover exclusively to the commencement of a formal investigation or enforcement action remain aligned with the way regulatory exposure is now developing and being experienced in real time.