Financial Services Matters - September 2025

Responses to report on secondary growth and competitiveness objective

The House of Lords Financial Services Regulation Committee has published the responses of the Financial Conduct Authority (FCA), Prudential Regulation Authority (PRA) and HM Treasury (HMT) to its June 2025 report on the secondary growth and competitiveness objective, which we covered in our July 2025 edition.

Among the topics mentioned in the responses are streamlining authorisation processes, enhancements to how the regulators supervise firms, rule simplification and reforms to the redress system.

Reporting conduct rule breaches - no submission required for nil returns

On 28 August 2025, the FCA announced that under the Senior Managers and Certification Regime, solo-regulated firms will no longer be required to submit the annual REP008 form (covering disciplinary action for conduct rule breaches of individuals other than Senior Managers) if there is nothing to report ie if a firm has not taken disciplinary action for a conduct rule breach.

This change applies to firms with a reporting period ending on or after 31 August 2025.

The firm will still see the task on its My FCA task list and RegData reporting schedule, but it will automatically be removed after the due date has passed, and no late fee will be charged.

The announcement is part of the FCA's Transforming Data Collection programme.

FCA approves London Stock Exchange to operate a PISCES platform

On 26 August 2025, the FCA announced that it had approved the London Stock Exchange (LSE) to operate a PISCES platform as a sandbox entrant.

The LSE published a draft rulebook on the same day (Rulebook) and various other materials, with feedback requested by 9 September 2025.

Multi-firm review of algorithmic trading controls: high-level observations

On 21 August 2025, the FCA published high-level observations from a multi-firm review of principal trading firms’ (PTFs) compliance with MiFID RTS 6 (organisational requirements for firms engaged in algorithmic trading). The FCA said it would be undertaking this review in its August 2023 Dear CEO letter to PTFs, which noted algorithmic trading controls as a key area of focus for this sector.

The review focused on:

• governance

• development and testing

• risk controls

• market abuse surveillance.

Noteworthy shortcomings identified include outdated policies, incomplete self-assessment processes, lack of strong technical knowledge of algorithmic trading in some firms' compliance functions, gaps in development and testing procedures, poorly defined ownership of pre- and post-trade controls, and under investment in market surveillance systems.

The FCA will continue to assess firms' algorithmic trading controls of part of its ongoing supervisory work.

FOS consults on changes to its funding model

On 13 August 2025, the Financial Ombudsman Service (FOS) published a consultation paper, setting out proposed reforms to its funding model:
In response to stakeholder feedback to differentiate fees, it is consulting on two options.

• By stage: different fees would be charged depending on when a case is resolved. FOS is proposing three stages (proactive settlement, prior to a caseworker issuing a provisional assessment, and once the caseworker has completed their full review and issued a provisional statement). 

• By outcome: FOS has recently introduced differentiated fees for cases submitted by professional representatives. FOS is proposing to extend this approach so that the case fee would vary according to whether the complaint is resolved in favour of the complainant or respondent ie a higher case fee would be payable by the respondent business when it finds in favour of the complainant, and a lower fee would be payable when it finds in favour of the firm. This option would support a 'polluter pays' principle, which stakeholders have called for. 

FOS's preferred approach is to differentiate case fees by case stage as this could support early resolution of complaints and does not require any legislative or regulatory changes, aside from amendments to the FEES manual. 

The consultation also includes two proposals relating to FOS's billing processes, which are intended to support case fee differentiation:

• moving from free cases to a monetary allowance

• expanding ‘billing quarterly in advance’ to firms and professional representatives who are forecast to receive 25 or more case in a financial year.

FOS states consumers will remain able to refer complaints for free. 

The consultation runs alongside HM Treasury and FCA work to review FOS and modernise redress respectively, and closes on 8 October 2025. 

FCA publishes whistleblowing data for Q2 2025

On 13 August 2025, the FCA published whistleblowing data for Q2 2025.

Key points to note include:

• Between April and June 2025, it received 315 whistleblowing reports (up from 281 in Q1 2025 and 253 in Q2 2024). 

• The majority of reports were submitted via the online reporting form (155). The other channels being email (89), telephone (52), letter (7) and other (12). 

• 68% of whistleblowers shared contact details with the rest preserving anonymity.

• The reports contained a total of 1,130 allegations. The top 10 categories were: 

• During the period, the FCA closed 350 reports with the following action being taken: 

• The FCA reiterated its internal governance and training on whistleblowing. 

CMA consults on releasing banks from SME banking undertakings

On 13 August 2025, the Competition and Markets Authority (CMA) published a consultation paper on its provisional decision to release banks from the remaining provisions of the SME Banking (Behavioural) Undertakings 2002.

The provisions in question prevent bound banks from requiring SMEs to hold a business current account to obtain a loan or deposit account remaining undertakings and are referred to as the limitation of bundling provisions (LOBP).

In April 2025, the CMA launched a review of the LOBP and engaged with a wide range of stakeholders.

CMA has concluded that it considers that LOBP are no longer needed and should be released for the following reasons:

• changes in the competitive landscape in relevant SME banking markets

• changes in customer behaviour, including in response to the entry of new providers and as a result of new technologies.

The consultation closed for responses on 3 September 2025. The CMA is expected to publish its final decision later in autumn 2025.

HMT policy statement on appointed representatives regime

On 11 August 2025, HM Treasury (HMT) published a policy statement, setting out the conclusions of its review of the regime for appointed representatives (ARs). Its review took into account responses to its December 2021 call for evidence on the AR regime, as well as the experience of the regulators in supervising ARs and handling complaints involving them.

It proposes the following targeted reforms to address two gaps in the regulatory framework for ARs:

• A regulatory gateway requiring authorised firms to obtain permission to act as principal before appointing ARs. Such a gateway will allow the FCA to assess expertise, resources and systems, impose limitations or conditions, vary or withdraw permission, and target risk more effectively. This proposal is likely to require an amendment to primary legislation, namely section 39 of FSMA 2000, and is therefore subject to the government's legislative programme. 

• An extension to the compulsory jurisdiction of the Financial Ombudsman Service so that, where FOS is unable to take action against a principal for misconduct involving an AR, it can investigate the AR directly and take redress against it. 

HMT will consult on detailed proposals in due course, working with the regulators as appropriate.

FCA blog on managing non-bank leverage

On 11 August 2025, the FCA published a blog highlighting the importance of ensuring the resilience of the non-banking sector (which includes pension funds, insurers, hedge funds) and the need to manage leverage-related systemic risks without burdening firms or harming market efficiency.

As co-chair of the FSB working group on non-bank leverage, the FCA supported newly published FSB policy recommendations to address financial stability risks created by leverage in nonbank financial intermediation, and which are aimed at strengthening risk monitoring and market transparency.

The measures prioritise better information sharing to improve firms’ understanding of exposures and to give authorities a system-wide view to detect concentrations of investments or overcrowded market positions. The FSB offers policy options rather than a single approach, allowing jurisdictions to select tools suited to their markets. In the UK, the FCA is focusing on how it collects data and uses it to identify risks early. It will consider which metrics are most useful to it and how it can align with other jurisdictions.

Given the global nature of the non-banking sector, the FCA will continue to collaborate with its international counterparts.

FOS publishes Q1 complaints data on financial products and services

On 7 August 2025, the Financial Ombudsman Service (FOS) published its quarterly complaints data on financial products and services for the period April to June 2025 (Q1 2025/26), together with a related data insights webpage and a press release.

During this period, the FOS received 68,000 complaints, a decrease from the 74,600 complaints recorded in Q1 2024/25. The FOS highlights significant falls in case numbers in relation to irresponsible and unaffordable lending (where complaints have halved), motor finance commission, and fraud scams (including complaints about authorised push payments (APPs)).

It also notes a fall in the number of cases brought by professional representatives (30,800 cases, compared to 36,000 in Q1 2024/25) and attributes this fall in part to the charges for professional representatives that have applied since 1 April 2025.

FCA multi-firm review of firms' off-channel communications

On 7 August 2025, the FCA published its findings following a multi-firm review into firms' off-channel communications (communications that take place outside of monitored and recorded channels a firm has permitted). Rules on the recording and monitoring of telephone and electronic communications are in SYSC 10A, which were reaffirmed in Market Watch issue 66, published in January 2021.

Robust record-keeping and monitoring of communications is essential for firms to detect and investigate misconduct, while also serving as an important safeguard for firms in client disputes and litigation.

The FCA surveyed 11 wholesale banks, requesting information on policy changes they had implemented and the management information (MI) they use. It held follow-up discussions with firms and industry panels, and the FCA found that most firms continue to identify breaches of their internal policies with 41% of breaches involving at director grade or above. Its findings cover six areas: frameworks, surveillance, third-party vendors, MI, breaches and consequence management.

Based on the findings, the FCA suggests firms may wish to consider key questions including the following:

• Do employees fully understand their responsibility to record all relevant communications?

• Does the firm's leadership set a strong 'tone from the top' and encourage a 'speak up' culture for compliance with SYSC 10A?

• Does the firm effectively monitor third-party vendors to ensure expected performance and reliability?

• Where a global framework is in place, do UK senior managers have sufficient oversight of its implementation and results?

• Do accountable executives receive the right MI to oversee compliance and assess surveillance effectiveness?

HMT publishes draft legislation amending registration and change in control thresholds for crypto businesses 

On 2 September 2025, HM Treasury (HMT) published for technical consultation the draft Money Laundering and Terrorist Financing (Amendment and Miscellaneous Provision) Regulations 2025 (SI) together with a policy note.  The SI amends the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (MLRs) and follows HMT's response in July 2025 to its consultation on improving the effectiveness of the MLRs, which we covered in our August 2025 edition.

The SI includes amendments to the registration and change in control requirements for cryptoasset businesses.

Registration

Currently the FCA must assess the applicant's beneficial owner.  This will be changed to a requirement for the FCA to assess whether the applicant's controller is a fit and proper person.

Change of control

For cryptoasset businesses registered with the FCA under the MLRs before the FSMA cryptoassets authorisation regime comes into force, the SI will extend the category of persons required to give notice to the FCA for change of control. Beneficial owners will continue to be required to give notice, in addition to those who hold 10% or more of the shares or of the voting power, or can exercise significant influence over the management of the cryptoasset business.

For cryptoasset businesses registered with the FCA under the MLRs after the FSMA cryptoasset authorisation regime comes into force, the category of persons required to give notice to the FCA for change of control will align with the FSMA controller definition to ensure alignment between the two regimes.

Responses to the consultation close on 30 September 2025.

Subject to stakeholder feedback and parliamentary time, the final SI is expected to be laid in early 2026 and will come into force 21 days after being made.

MiCA: RTS on the detection and prevention of market abuse published in Official Journal of the EU

On 20 August 2025, Commission Delegated Regulation 2025/885, which supplements the Regulation on markets in crypto-assets ((EU) 2023/1114) (MiCA) with regard to regulatory technical standards (RTS) relating to market abuse, was published in the Official Journal of the EU (OJ).

Article 92(2) of MiCA mandated ESMA to develop draft RTS.

The RTS cover:

• appropriate arrangements, systems and procedures to prevent and detect market abuse

• the template for, and the timing of, the reporting of suspicious orders and transactions to competent authorities

• co-ordination procedures between competent authorities for the detection and sanctioning of market abuse, where there are cross-border market abuse situations.

The EU Commission adopted the RTS on 29 April 2025. It enters into force 20 days following its publication in the OJ ie 9 September 2025.

Global trade associations call for Basel committee to reconsider crypto prudential standards

 In a letter dated 19 August 2025, a number of global trade groups requested the Basel Committee on Banking Supervision (BCBS) to pause its work on implementing SCO60, which sets out how the Basel Framework applies to banks' exposures to cryptoassets.

The trade groups argue that the "restrictive qualification standards" in SCO60 coupled with "punitive market and credit risk capital treatments" make it uneconomical for banks to properly participate in the cryptoasset market. The letter requests that BCBS pause its implementation of SCO60, due to take effect on 1 January 2026, so that it can obtain updated information on the use cases of distributed ledger technology and consider appropriate adjustments to SCO60 to reflect recent and ongoing developments in global cryptoassets markets. To assist the BCBS's work, the trade groups have included number of recommendations that would enhance SCO60.

Signatories to the letter include:

• the Global Financial Markets Association, which brings together three financial trade associations, including the Association for Financial Markets in Europe, the Asia Securities Industry & Financial Markets Association, and the Securities Industry and Financial Markets Association

• the Futures Industry Association

• the Institute of International Finance

• the International Swaps and Derivatives Association

• the Financial Services Forum

• the Bank Policy Institute

• Global Blockchain Business Council

• Global Digital Finance.

FMLC response to FCA consultation on stablecoin issuance and cryptoasset custody

On 11 August 2025, the Financial Markets Law Committee (FMLC) published its response to the FCA's consultation paper on stablecoin issuance and cryptoasset custody (CP25/14).

The response builds on the FMLC's letter to HMT in May 2025, which highlighted areas of legal uncertainty relating to the new cryptoassets regulated activities set out in the draft Financial Services and Markets Act 2000 (Regulated Activities and Miscellaneous Provisions) (Cryptoassets) Order 2025 (Crypto Order).

The FMLC has identified concerns which may lead to the creation of legal uncertainty in the financial markets and/or result unintended legal consequences, including the following:

• As currently drafted in the Crypto Order, the activity of 'issuing qualifying stablecoin' could capture a number of entities and services that should be outside of scope such as group companies, distributors or service providers. The FCA and HMT should clarify the scope of the issuance regime.

• 'Qualifying stablecoin' is defined by reference to 'fiat currency' but the term 'fiat currency' is not defined. The FMLC suggests that the term is defined or it is made clear whether central bank digital currencies are included.

• On how backing assets are held, the FMLC prefers an outcomes-based approach rather than mandating the use of a statutory trust. The FMLC notes that for global firms a flexible approach is "particularly important" as some may deal with sub-custodians in jurisdictions where it is less certain whether an English law trust will be recognised.

• The drafting of the rules in the proposed CASS 17 seems to have overlooked the broad definition of safeguarding. Additionally, the FMLC observes that the FCA appears to be drawing "artificial distinctions" between securities custodial functions and cryptoasset custodial functions, resulting in the creation of unnecessary or inconsistent regulatory requirements. Furthermore, the consultation fails to address the possibility of a cryptoasset custodian appointing a sub-custodian.

Financial Services Regulatory partner, Martin Dowdall, chaired the FMLC's response.

BIS bulletin on anti-money laundering compliance for cryptoassets

On 13 August 2025, the Bank for International Settlements (BIS) published BIS Bulletin No 111 (Bulletin), entitled "An approach to anti-money laundering compliance for cryptoassets". The Bulletin notes that:

• As the usage of cryptoassets on permissionless public blockchains has grown, to too have concerns regarding illicit activity. As of 2024, stablecoins accounted for around 60% of all illicit transactions. 

• Traditional AML frameworks that depend on trusted intermediaries prove inadequate when applied to decentralised ledger systems operating on permissionless public blockchains.

• The public nature of blockchain transactions presents opportunities to enhance AML compliance and regulatory oversight, through analysis of the transaction history and origin of specific cryptoasset units or balances, including stablecoins.

• AML risk scores that assess the probability of a cryptoasset unit's connection to illicit activities could be determined at off-ramps from the crypto ecocystem (eg when there is a point of contact with the banking system). These scores would prevent inflows of process of criminal activity. Score could also accompany a token as it passes through the ecosystem, which would help to promote a "duty of care" within the cryptocurrency ecosystem.

FCA consults on changes to contactless limits

On 10 September 2025, the FCA announced that it is consulting on replacing Article 11 of the Strong Customer Authentication (SCA) Technical Standards (requiring PSPs to implement payment limits, including single, cumulative and consecutive payment limits) with a risk-based exemption. This follows its March 2025 Engagement Paper on its approach to contactless limits.

PSPs will have the flexibility to implement payment limits if they choose to do so to help manage risk and they will be able to retain existing contactless limits.

The FCA is also proposing new guidance in the Approach Document to help firms use the new exemption. It is proposed that such guidance will cover:

• How PSPs may identify the level of transaction risk when using this exemption.

• How PSPs may manage risk, including by still setting contactless limits.

• How PSPs may comply with their Consumer Duty obligations. Allowing consumers to set their own individual personal limits is one way PSPs could deliver good outcomes under the Consumer Duty. PSPs should also consider the needs of different customers, particularly customers with characteristics of vulnerability. 

• How PSPs may work to reduce their fraud rates, including by referring to industry intelligence and benchmarking performance.

The consultation closes on 15 October 2025. The FCA is not proposing a transitional period for implementation ie once it confirms its final approach and publishes the amended technical standards and guidance, the changes will come into effect immediately.

UK government consults on consolidating payment regulator into FCA

On 8 September 2025, HM Treasury (HMT) published a consultation paper that sets out the government's proposed approach to transferring the Payment Systems Regulator's (PSR) responsibility for regulation of UK payment systems to the Financial Conduct Authority (FCA). For more details, please see our article here.

Innovation in money and payments – Bank of England speech

On 3 September 2025, the Bank of England (BoE) published a speech delivered by Sarah Breeden, Deputy Governor (Financial Stability), at the Innovation in Money and Payments Conference.

Breeden set out her vision for a 'multi-money' system, in which different forms of money including traditional and tokenised commercial bank deposits, stablecoins and central bank money are freely exchangeable. Such a system would bring the benefits of innovation to UK households and businesses, whilst safeguarding trust in money itself.

Key points to note include:

• Later in 2025, the BoE will consult on some changes to its proposed regulatory regime for systemic stablecoins, including revised proposals that would allow systemic stablecoins to hold a portion of their backing assets in a subset of high quality liquid assets such as short-dated government securities.

• As stablecoins go mainstream, the BoE wants to explore wholesale financial market use cases further in its Digital Securities Sandbox by considering how stablecoins, as well as tokenised deposits, can be used as the ‘cash leg’ for settling securities issued in the sandbox.

• In 2026, the BoE will launch its synchronisation lab that will allow central bank settlement to be fully integrated with transactions happening on other ledgers.

• Later in 2025, the Payments Vision Delivery Committee will publish its strategy and Payment Forwards Plan.

• The BoE expects to publish its blueprint for a digital pound next year. This will set out the key design elements necessary to support the BoE and HM Treasury in assessing the policy case for a digital pound.

Bank of England webpage on the National Payments Vision

The Bank of England (BoE) published a webpage on the National Payments Vision on 13 August 2025.

While this largely tracks the update that HM Treasury released on 15 July 2025, which we covered in our August 2025 update, the webpage provides further detail on the work of the Payments Vision Delivery Committee (PVDC) and the Vision Engagement Group (VEG), which has been set up by the Committee to inform and support its work.

September 2025:

• The BoE will comment further on the establishment of the Retail Payments Infrastructure Board (RPIB) and the application process for becoming a member of RPIB. 

• The BoE, HM Treasury, the FCA and the Payment Systems Regulator (PSR) will engage with members of the VEG in a series of sub-groups to discuss the PVDC's strategy, which is due to be published later in the autumn of 2025.

October and November 2025:

• The BoE will appoint members to RPIB and expects to hold the first meeting of the RPIB in late October.

• It will also communicate its approach to wider stakeholder engagement across the ecosystem for the RPIB, and set out the processes for the RPIB to publish consultation paper in early 2026.

December 2025

• The PVDC will publish the payments forward plan by the end of the year. To support this timing, there will be further engagement with the VEG throughout the autumn.

Further details on the VEG, including a list of its members, can be found here.

FCA feedback on the design of the Future Entity for Open Banking

On 8 August 2025, the FCA published a feedback statement (FS25/4) on the design of the future entity for open banking (Future Entity).

Open banking was initiated in 2017 by the Competition and Markets Authority (CMA) through the Retail Banking Market Investigation Order 2017 (CMA Order). In 2022, the FCA, the CMA, the Payment Systems Regulator, and HMT published a joint statement on the future of open banking, which among other things announced the establishment of the Joint Regulatory Oversight Committee (JROC). In April 2024, JROC consulted on the design of the Future Entity. In November 2024, the government published its National Payments Vision, which named the FCA as the lead regulator to progress open banking. JROC was wound down in December 2024.

In the feedback statement, the FCA has summarised and responded to the JROC consultation and set out its expectations relating to the Future Entity; these remain subject to future legislation.

As part of its consultation, JROC had proposed the establishment of an Interim Entity, which was to be tasked with carrying out five workstreams, which were not related to the CMA Order. As other pathways have been developed to progress this work, the FCA is no longer planning to establish an Interim Entity. Rather it will focus on establishing a Future Entity.

The Future Entity is one of three core systems that will interact to enable open banking payments, the other two being the payments infrastructure (work on developing this is being led by the Payments Vision Delivery Committee) and, separate to the Future Entity, the commercial scheme layer (see below).

The FCA expects the responsibilities of the Future Entity to include:

• setting common standards that will provide a minimum level of service and interoperability across open banking services.

• monitoring API performance and adherence to relevant standards (including providing information to the FCA).

• providing directory and certification services.

• working with Multilateral Agreement (MLA) owner/operators to develop standards that enable commercial schemes.

The Future Entity is expected to operate as a not-for-profit, collecting revenue on an equitable basis from its users and beneficiaries. The FCA expects it to be a company limited by guarantee, with board appointments made by an independent committee. It is not expected to be a public body or have its own enforcement powers. Its role may expand in the future into open finance.

Ahead of legislation, the FCA wants to work with industry participants to quickly establish the Future Entity. Following a series of industry workshops, it expects to provide an update on how it will be established by the end of 2025.

Commercial schemes will develop the rules which govern how firms interact and put things right when they go wrong. The schemes may or may not be for profit and are expected to be industry-led. The FCA expects the commercial schemes to use the common API standards developed and overseen by the Future Entity, to ensure interoperability, but they may innovate beyond these standards to provide premium services. The FCA notes that there are no commercial schemes currently in operation but refers to one in the pipeline relating to variable recurring payments.

It expects the Future Entity and commercial scheme operators to be regulated as interface bodies under the Data (Use and Access) Act 2025.

FCA confirms changes to safeguarding rules for payment firms

On 7 August 2025, the FCA published a policy statement (PS25/12), setting out a number of significant changes to the safeguarding regime for payment and e-money firms.

The new rules and guidance, together with changes to the FCA's Approach Document, come into effect on 7 May 2026.

Please look out for an article covering the changes in further detail.

FCA blog on the evolution of consumer credit

On 4 August 2025, the FCA published a blog by it Alison Walters, Director of consumer finance, on how consumer credit is evolving, what it has learnt from recent data, and the priorities shaping the future.

Figures from its 2024 Financial Lives survey demonstrate how credit is in daily life. The FCA notes that credit is not always appropriate and that the right form of support for some may be help with managing money, checking benefits or finding work. Signposting consumers to help is aligned with the Consumer Duty. 

It also observes the role that technology can play in identifying financial difficulty early on, which is reflected in its recent call for enhancements to be made to digital loan processes (see our August 2025 update) and emphasises the value of industry-wide collaboration traditional banks, FinTechs, community lenders and mutuals, and the rest of the commercial sector, as exemplified in its 2024 Financial Inclusion Tech Sprint.

The FCA recaps on reforms it has made since it became responsible for consumer credit in 2014, including the high-cost-short-term credit price cap, strengthened support for borrowers in difficulty, taking action against firms that did not get it right, the Senior Managers and Certification Regime, and the Consumer Duty.

Looking ahead, it has set three priorities that will guide its work:

• innovation that adds real value

• compassionate support for vulnerable customers

• ensuring people have access to credit and that the credit it is right for them.

It invites all firms to take part in its ongoing work to "… shape a fairer, more resilient financial future."

Motor finance update

FCA response to House of Lords Committee on proposed motor finance redress scheme

On 4 September 2025, the House of Lords Financial Services Regulation Committee published a response from the FCA (dated 3 September) to questions the Committee had raised regarding the FCA's proposed motor finance redress scheme, following the Supreme Court's judgment in Hopcroft, Johnson and Wrench.

Key points made by the FCA include:

• The 6-year limitation period that applies to unfair relationship claims made under the Consumer Credit Act does not start to run where any fact relevant to a Claimant’s right of action has been deliberately concealed by the Defendant (motor finance lenders in this case). Canada Square Operations Ltd v Potter [2023] UKSC 1 provides authority for this.

• On the indicative cost of the proposed scheme, although the FCA has already gathered substantial evidence, it will set out more details of its modelling when it publishes its cost and benefit analysis alongside its consultation in October.

• The administrative and operational costs of a FOS/litigation based approach are likely to be substantially more than a structured redress approach that the FCA is proposing.

• On the FCA's view that it expects “a healthy finance market for new and used cars to continue notwithstanding any redress scheme we propose”, it referred to its continued monitoring of market functioning and explained that while there was short-term disruption initially as the market adjusted to the Court of Appeal's ruling in October 2024, the market has worked well since it announced that it would consult on a redress scheme.

For more commentary on the Supreme Court's judgment, please see our deep dive.

MPs question FCA on proposed motor finance redress scheme

On 9 September 2025, senior figures at the FCA were questioned by the Treasury Select Committee on the FCA's work on a motor finance redress scheme.

Nikhil Rathi, the Chief Executive of the FCA, informed the Committee that during the period that the FCA is considering (2007 through to approximately 2014), there were around 30 million agreements.

The discretionary commission arrangements that it is looking at are in the region of 14 million; there is a smaller number of non-discretionary commission arrangements. Not all of these will be eligible for compensation.

He said that the FCA was on track to publish its consultation paper in early October. The consultation paper will set out proposed deadlines for the timetable of the scheme. On the amount of individual redress payments, he said that the FCA will be "pragmatic and proportionate and fair to all sides." 

He also said that the FCA's work on who will be required to run a potential scheme has covered 38 firms although there may be a few more. Rathi emphasised that the FCA will be robust in its supervision and enforcement of the scheme.

When asked what consumers should do right now, Rathi said that concerned consumers should contact their lenders and complain and that they did not need to use claims management companies or law firms. He also noted consumers should be mindful of fraudsters and scams.

Barclays drops judicial review appeal of FOS decision

It has been reported that Barclays has withdrawn its appeal of the Administrative Court's judgment in R (Clydesdale Financial Services Ltd) v Financial Ombudsman Service Ltd [2024] EWHC 3237 (Admin). The Administrative Court found in favour of FOS and dismissed a claim brought by Clydesdale Financial Services Ltd (trading as Barclays Partner Finance) for judicial review of an ombudsman's decision to uphold a complaint relating to a discretionary commission arrangement in a motor finance agreement. The appeal was listed for 16 September 2025.

A Barclays spokesperson said that: "Following the Supreme Court’s important clarification regarding motor finance lending, we have chosen to withdraw our outstanding legal challenge in order to focus on engaging with the FCA’s consultation and any redress scheme it may subsequently implement."

Reflections on second anniversary of the Consumer Duty

The end of July 2025 marked the second anniversary of the introduction of the Consumer Duty for open products.

The FCA has published a series of articles on the impact of the Duty across the markets:

• Happy 2nd anniversary Consumer Duty.

• Two years of the Consumer Duty – rising to the challenge (retail banking).

• Two years on: how the Consumer Duty is putting pounds back in pockets (consumer investments).

• Consumer Duty at two: Progress, partnership, and the path ahead (consumer finance).

FCA simplifies supervisory communications

On 28 August 2025, the FCA announced that it was making it easier for firms to locate the latest supervisory communications on its website.

It is simplifying its multi-firm and thematic reviews and marking those published prior to 2022 as 'historical'. This will affect 80% of the reviews.
Historical documents will still be accessible through existing links.

It will carry on publishing multi-firm and thematic reviews and evaluate existing reviews in line with its strategy.

The announcement is part of its wider Consumer Duty requirements review and its reflects its commitment to streamline supervisory publications, which will allow it ensure its priorities are clearer and will support smarter and more effective regulation.

The FCA will also shortly be publishing a small number of market reports, rather than issuing Dear CEO or portfolio letters. These will include information relevant to different types of firms and insights from its supervisory work.

It notes that until these market reports are published, firms should continue to refer to relevant supervisory communications for guidance. In relation to other historical communications, it will continue to review its approach.

FCA Cyber Coordination Group Insights 2024

On 14 August 2025, the FCA shared the insights from its 2024 cyber coordination group (CCG) programme.

The FCA started the CCG programme in 2017. There are currently 139 members firms, drawn from five sector groups:

• Insurance

• Wholesale banking

• Retail banking

• Investment and asset management

• Payments, platforms and trading venues.

It also includes the Trade Associations Cyber Information Group (TACIG) that includes members from finance sector trade associations.

The insights focus on three topics:

• The reconnection framework and third-party management. 

• Threat and vulnerability management and threat-led penetration testing. 

• AI and other emerging technologies, including quantum computing.

The insights are accompanied by a helpful glossary of terms.

Key points for firms include:

• Threat-led penetration testing is an extremely effective tool for identifying previously-unknown cyber vulnerabilities.

• The threat from combined non-critical vulnerabilities can potentially cause as much or more harm than a single critical vulnerability.

• Legacy technologies, especially end-of-life systems, should have effective security risk management, as with any other system.

• Cross-industry information sharing forums, such as Cross Market Operational Resilience Group (CMORG) or the Financial Services Information Sharing and Analysis Centre (FS-ISAC), can be highly effective in enabling collective communication with third-party suppliers during significant outages.

• Where AI is implemented into cyber domains without taking steps to fully understand all potential impacts, it can lead to increased exposure to new or unidentified risks. 

The insights do not create additional regulatory expectations but will help firms to learn from other firms, which will help strengthen their cyber resilience capabilities.

Publication of translations of ESMA guidelines on outsourcing to cloud service providers

On 30 September 2025, the European Securities and Markets Authority (ESMA) published translations of its guidelines on outsourcing to cloud service providers.  The guidelines, which took effect on 30 September, apply to non-DORA depositaries.  The publication of the translations triggers the two-month period during which national competent authorities must notify ESMA whether they comply or intend to comply with the guidelines.

AI and the FCA

On 9 September 2025, the FCA published a new webpage setting out its approach to AI.

The webpage include:

• an overview of the FCA's approach to regulating AI, which is principles-based and focus on outcomes

• the FCA notes that it does not plan to introduce new requirements but will rather rely on existing frameworks

• details of current rules that apply to the safe use of AI include the Consumer Duty and accountability and governance requirements such as the Senior Managers and Certficiation Regime

• some of the work it has been undertaking domestically and internationally

• information on how it is using AI to become a "smarter regulator".

On the same date, the FCA published a summary of the feedback it received to its Engagement Paper proposing AI Live Testing, which we covered in our May 2025 edition.

A number of benefits and opportunities of the AI Live Testing were identified in the responses the FCA received including real-world insights, overcoming proof of concept paralysis, bridging the gap between principles and practice, creating trust, addressing first-mover reluctance, regulatory comfort, collaboration, and model metrics.

The FCA has decided to proceed with the initiative, which will be a component of its FCA AI Lab.

The application window for the first cohort of AI Live Testing opened on 9 July and runs until 15 September 2025. The FCA will start working with participating firms in the first cohort in October.

Synthetic data expert group publishes its second report

On 19 August 2025, the FCA published the second report of the Synthetic Data Expert Group (SDEG).

The SDEG's first report, which was published in March 2024, looked at the use of synthetic data in financial services.

The main aim of the second report is to look at potential governance considerations for organisations and practitioners planning to work with synthetic data.

Leveraging established Data and AI Ethics and Model Risk Management frameworks and the government's AI principles, the group has drawn out nine key principles relevant to synthetic data, which firms may want to consider when they develop their own approaches:

• Accountability: stablish clear accountability structures for data, algorithmic and AI systems, defining responsibilities throughout the data and AI lifecycle. Accountability extends to technologies or models from third-party providers and managed service providers, with documented chains of responsibility. 

• Safety: design systems with safety as a priority, encompassing reliability, robustness, and accuracy.

• Transparency: maximise the information available to a decision-maker validating the system and its outputs.

• Explainability and interpretability: ensure system’s internal processes are understandable to humans and provide justification for specific outputs.

• Security and privacy: design systems to protect both data security and individual privacy rights throughout the data lifecycle.

• Fairness: systems which process or impact social or demographic data are designed to prevent discriminatory outcomes. 

• Agency: model operators reviewing algorithmic outputs to have meaningful ways to understand, question, and contest these decisions.

• Suitability: use cases are justified by genuine needs, informed by an understanding of current technological constraints, and considerate of broader socio-technical context.

• Continuous Monitoring and improvement: regularly assess models and systems to ensure they remain effective, compliant, and fit for purpose.

Although the report is not FCA guidance or policy, it will help firms to develop practical approaches to identifying challenges within synthetic data projects, potential mitigating strategies and ways to promote good governance.

FCA publishes updated Enforcement Information Guide

On 5 August 2025, the FCA published an updated version of its Enforcement Information Guide. The updates reflect changes to the FCA's Enforcement Guide (ENFG) and its Decision Procedure and Penalties manual (DEPP).

The guide is a high-level overview of:

• the FCA's general enforcement powers under FSMA

• the typical process for enforcement cases

• how the FCA's early resolution process and discount scheme works

• which committees in the FCA make decisions

• the role of the Upper Tribunal

• mediation

• publicity.

Detailed guidance is given in the Handbook and regulatory guides, particularly the EG and DEPP.

FCA decision notices relating to failure of Woodford Equity Income Fund

On 5 August 2025, the FCA published two Decision Notices relating to the failure of the Woodford Equity Income Fund (WEIF):

• Decision Notice - Neil Woodford: Mr Woodford has provisionally decided to fine Mr Woodford £5,880,800 and ban him from holding senior manager roles and managing funds for retail investors. 

• Decision Notice - Woodford Investment Management Limited (WIM): WIML has provisionally been fined £40 million.

Mr Woodford and WIM have referred the Decision Notices to the Upper Tribunal, which will determine what action the FCA should take.

In April 2024, the FCA published the Final Notice it issued to Link Fund Solutions Ltd, publicly censuring it for its management of WEIF. It also published a warning notice statement about its proposed action against Mr Woodford and WIM.

EBA report on the use of AML/CFT SupTech tools

On 12 August 2025, the European Banking Authority (EBA) published a report on the use of AML/CFT SupTech tools.

Key findings include:

• The use of AML/CFT SupTech is at an early stage but its uptake is increasing.

• AML/CFT SupTech can make supervision more effective, particularly in relation to enhanced data quality, improved analytical processes and decision-making, operational efficiency, risk assessment, and improved collaboration.

• The successful roll-out of AML/CFT SupTech tools may be restricted by lack of preparedness. Obstacles identified include: data quality and governance, resource allocation, legal and operational risks, resistance to adoption, and lack of collaboration among competent authorities.

• The successful use of AML/CFT SupTech depends on a considered and tailored strategy. A number of good practices were identified including: promoting a digital-first culture and building a change management strategy, developing an effective data and technology strategy, adopting a needs-drive approach to use of SupTech, and strengthening cross-border collaboration through secure data exchange platforms.

The report concludes by emphasising the importance of incorporating SupTech into AML/CFT supervision. This will help authorities anticipate evolving financial crime threats and maintain the EU's leadership position in combating financial crime globally.

The answer to last month's question: according to the UK's latest National Risk Assessment of Money Laundering and Terrorist Financing, the total payments value reported for electronic money institutions and payments firms for the 2023 calendar year was £2.06 trillion.

This month's question: what term refers to the extension of open banking-like data sharing and third-party access to a wider range of financial sectors and products?

• smart data

• banking as a service

• open data

• open finance.