Regulatory Updates

The FCA has published its new Regulatory Priorities Report, outlining the key areas of supervisory focus for firms operating in the buy-side sector in the business year (2026-27). This publication replaces the former Portfolio Letters, which the FCA previously communicated it will no longer issue on a sector-by-sector basis. Instead, the Regulatory Priorities Report serves as a single, consolidated communication designed to help firms understand the FCA’s forward-looking expectations and priorities, areas of heightened scrutiny and the standards of governance and oversight required across the industry.

As the FCA emphasizes, the report is intended not simply as guidance, but as a set of expectations against which firms should assess themselves. 

Key Regulatory Themes

Although the precise priorities differ depending on business model and permissions, the FCA’s overarching themes reflect a consistent focus on protecting market integrity, reducing harm to end-investors and improving governance and operational resilience across buy-side firms.

Evolving Regulation 

The FCA aims to evolve regulation in ways that support economic growth and innovation by ensuring firms put robust governance arrangements in place around emerging technologies, including clear accountability and oversight for the use of artificial intelligence (AI), distributed ledger technology (DLT) and other new tools. The regulator highlights its ambition for the UK to become a centre of excellence for tokenisation and DLT adoption, helped by initiatives like the Digital Securities Sandbox, which allow firms to test new technologies safely while sharing learning across the market. It also reinforces its commitment to developing a credible, competitive and world-leading UK sustainable finance hub.

The FCA will:

• Consult on plans to reform the regime for alternative investment fund managers 
• Transform the regulatory data model for asset managers and funds to make the regime more proportionate
• Digitize and simplify its fund authorisation process
• Progress its work on tokenisation
• Consult on streamlining product-level Task Force on Climate-related Financial Disclosures (TCFD) reporting requirements

Deliver Good Outcomes to Consumers

The FCA expects firms to deliver good outcomes to consumers by embedding the Consumer Duty in their retail activities, applying a consumer lens to product design and services, providing clear and effective product communications and maintaining strong oversight of their appointed representatives. Additionally, many firms are adopting sustainable investment labels under the sustainability disclosure requirements (SDR) regime to reduce greenwashing risk, while upcoming reforms to client categorization aim to strengthen protection for those who need it and widen investment opportunities for those who do not require retail-level safeguards.

The FCA will:

• Continue working on its small asset managers and alternatives business model review to ensure firms are complying with the Consumer Duty
• Consult midyear on clarifying how the Consumer Duty applies across distribution chains and to wholesale firms
• Support further implementation of the SDR and labelling regime
• Finalize its policy in relation to client categorization and conflicts of interest

Private Markets

The FCA aims to reinforce consistently high standards across private market investing by expecting firms to strengthen governance and valuation processes and manage conflicts of interest effectively. The regulator highlights the growing importance of private markets in supporting UK productivity and long-term investment, noting that investors need confidence that these markets operate with transparency, sound governance and responsible practices. Recent supervisory work shows varied approaches to valuation and conflict management, prompting the FCA to set clearer expectations and drive greater consistency across the sector. The FCA also flags risks around illiquidity and product design, encouraging firms to avoid structures that could transmit stress or misalign products with investors’ needs.

The FCA will:

• Continue engaging with private markets firms to discuss valuation practices, managing conflicts of interest, risk management and plans to broaden retail access to private markets products responsibly
• Undertake focused supervisory work on firms’ approaches to risk management 
• Support the Bank of England as it conducts a new private markets system-wide exploratory scenario

Marketing Integrity and Resilience

The FCA’s priority is to ensure buy-side firms maintain strong market integrity and operational resilience by strengthening internal processes, improving incident response and recovery planning and closely managing their dependencies on critical third party providers. As firms increasingly adopt advanced technologies and more complex trading strategies, the regulator stresses the need for effective controls to manage risks linked to leverage, concentration, liquidity and the use of AI, as well as robust safeguards to prevent market abuse. Recent supervisory findings highlight vulnerabilities across risk management frameworks, including weaknesses in governance, cybersecurity, stress testing and third party oversight-issues that could amplify the impact of disruptions. With cyber-attacks rising and operational shocks continuing to challenge firms, the FCA expects firms to proactively identify and remediate emerging risks, strengthen resilience across their operations and outsourced arrangements and ensure their governance frameworks are capable of withstanding market stress.

The FCA will:

• Finalize its rules on improving the UK transaction reporting regime
• Continue to review asset manager operational resilience self-assessments
• Collect information from a cross section of firms to understand the maturity of firms’ insider risk management
• Continue its data-led approach to identifying outlier firms and funds with high leverage, illiquidity or concentrated investment strategies to ensure appropriate risk management and liquidity management is in place

Other Areas of Focus

The FCA outlines several additional focus areas for the year ahead, including reviewing prudential requirements for AIFMs and conducting a post-implementation review of the Investment Firm Prudential Regime (IFPR) to ensure it remains proportionate and aligned with broader regulatory objectives. It will also reassess the solo-regulated remuneration rules, examine the ESG ratings market to improve trust and transparency and publish findings from its Q4 2025 financial crime survey of asset managers. In addition, the regulator is continuing its work on the UK’s emerging crypto assets regime and so firms wishing to undertake regulated crypto activities should familiarize themselves with the operation of the crypto asset regime gateway and guidance so as to be in a position to file their applications to vary their permission when the gateway opens on September 30, 2026. Finally, alongside reviewing the Senior Managers and Certification Regime to reduce unnecessary burden, the FCA encourages firms to experiment responsibly with AI through its sandbox and innovation services.

What Should Firms Do Now

Firms and their senior management teams should undertake a review of the Regulatory Priorities Report, assessing how the FCA’s expectations affect their firm’s business model, operations and controls environment. This review should consider where there may be gaps in existing controls, governance processes, horizon-scanning activities or risk management frameworks and determine whether enhancements are required. Boards and executive committees (or equivalents) should be formally engaged in this process, with the Report circulated to all relevant leaders for discussion and challenge.

Following this review, firms will need to complete the new ‘Wholesale Buy-Side Regulatory Priorities’ return in RegData, confirming that the Report has been shared with the appropriate senior stakeholders. Although the attestation is administrative in nature, failure to complete the return may lead to a £250 administrative fee. Firms may therefore wish to retain documented evidence of how the report was distributed, reviewed and considered by their governance bodies. If you need support from Kroll with the submission of this return, please ensure they are given the correct permissions on RegData.

How Kroll Can Help

Kroll’s award-winning Compliance and Regulatory Consulting practice can assist your firm in meeting its regulatory requirements and expectations while maintaining your own unique compliance program. We can support firms in responding effectively to the FCA’s Regulatory Priorities Report by providing targeted expertise across the areas the FCA has highlighted as supervisory priorities. In particular, Kroll can help firms by:

• Mapping the control framework against the key themes identified above and develop an action plan setting out recommended enhancements, priorities and timelines
• Assessing the robustness of your cybersecurity framework against FCA expectations
• Conduct a cyber resilience gap analysis
• Review existing stress-testing and scenario-analysis frameworks to assess alignment with the FCA’s expectations for risk management, liquidity and operational resilience
• Evaluate the effectiveness of your third-party oversight arrangements, including due diligence, ongoing monitoring, contract governance and exit/contingency planning

If you require any assistance with any of the items mentioned above or would like to learn more about how Kroll can support you, please reach out to your usual contact at Kroll or any of the contacts listed below.