Welcome to the UKGI weekly regulation update service for Aviva ABC brokers

Context

The FCA has published a Consultation Paper, CP26/19, in relation to small number of targeted proposed changes to its penalty and decision making policies in the DEPP Sourcebook.  DEPP sets out how the FCA makes enforcement decisions and calculates financial penalties, including a 5-step process based on seriousness, deterrence and mitigating factors.

Key points to note and next actions

The proposals are:

• Market abuse: for the most serious cases, raising the minimum for individuals from £100,000 to £150,000 to account for inflation.
• Deterrence for wealthier individuals: making clear we may increase penalties for deterrent effect, having regard to income and assets.
• Penalties for individuals – relevant income: clarifying how we treat deferred bonuses, pay and shares, in line with recent Tribunal decisions.
• Serious financial hardship thresholds: raising income and capital thresholds to reflect living costs and update them over time.
• Settlement decision-makers: allowing more flexibility in who makes settlement decisions in some cases.
• Cryptoasset market abuse regime: consequential amendments: extending our penalty framework to cover cryptoasset market abuse and reflect new powers under the Financial Services and Markets Act 2000 (Cryptoassets) Regulations 2026.

The FCA is inviting feedback on the proposals by 10 August 2026, using the online response form or by emailing cp26-19@fca.org.uk.

Context

The FCA has again updated its ‘Alert for firms: fake FCA communications’ web page, this time with details of a fake FCA website.

Key points to note and next actions

• The FCA has received a report of a fraudulent website impersonating the FCA at fca.org.lc.
• Visiting this site may expose users to malware or other security risks. The FCA strongly advises that you do not access or interact with this website.

Context

The FCA has updated its Operational resilience web page to include a section on ‘frontier AI’.  The update is merely to draw attention to the FCA’s information for firms and resources on ‘frontier AI’, a list of which appears at the foot of the Operational Resilience web page.

Key points to note and next actions

The resource includes:

• FCA/Bank of England statement on frontier AI models and cyber resilience.
• CMORG Frontier AI Risk Mitigation Webinar (May 2026): industry perspectives on managing frontier AI risks in financial services.
• CMORG AI Taskforce Firm Guidance for Frontier AI: highlights the value of putting foundation cyber security practice in place promptly to maintain resilience. It also explains the importance of Board-level down commitment for a ‘whole of firm’ approach covering both operational functions and risk and compliance teams.
• Preparing for a ‘vulnerability patch wave’, National Cyber Security Centre (May 2026): outlines potential system impacts as AI accelerates vulnerability discovery.
• Why cyber defenders need to be ready for frontier AI, National Cyber Security Centre: explains how AI may change threat landscapes and defensive approaches.
• 10 questions to ask when using AI models to find vulnerabilities, National Cyber Security Centre: practical considerations for firms using AI in security processes.

Context

The FCA has published details of two Final Notices, in relation to Andrew Currie and Peter Currie, prohibiting these individuals from performing any function in relation to any regulated activity carried on by any authorised firm, any AR or IAR, or any Exempt Professional Firm.  The FCA decided that neither individual, based on the circumstances of the two cases, are not fit and proper persons to perform any function in relation to any regulated activity.

Key points to note and next actions

• On 22 May 2023, Andrew Currie was convicted at Southwark Crown Court for the offences of fraud by abuse of position and converting criminal property. He was sentenced in July 2023 to a total of 2 years and 6 months imprisonment. In addition, he was disqualified from acting as a Director by way of a Court Order for a period of 10 years, until 14 July 2033.
• The offences related to his conduct while a director of Collateral (UK) Limited (“Collateral”) which did not hold any permission from the Authority to conduct regulated activities. However, the entry on the Authority’s IP Register of another company, Regal Pawnbroker Limited, which held an interim permission from the Authority, was amended by Andrew Currie’s brother, Peter Currie, to make it appear that Collateral held the interim permission.  After the Authority identified that the IP Register had been changed in October 2017, Andrew Currie acted as the driving force behind the removal of funds from Collateral shortly before it went into administration. This removal of funds was to the detriment of investors.
• Also on 22 May 2023, Peter Currie was convicted at Southwark Crown Court for the offences of fraud by false representation, fraud by abuse of position and converting criminal property.  He was sentenced in July 2023 to 5 years and 6 months imprisonment. In addition, he was disqualified from acting as a Director by way of a Court Order for a period of 10 years, until 14 July 2033.
• The offences related to his conduct while a director of Collateral (UK) Limited (Collateral). Collateral did not hold any regulatory permissions to conduct regulated activities. However, Peter Currie amended the entry on the Authority’s IP Register of another company, Regal Pawnbroker Limited, where he served as a Director and which held an interim permission from the Authority, to make it appear that Collateral held the interim permission. Furthermore, Peter Currie was involved in the transfer of funds from Collateral within 2 days of the Authority highlighting the regulatory issues and difficulties facing Collateral, and after he had given undertakings to the High Court in respect of further dissipation of Collateral’s assets.

Context

The FCA has published an Areas of Research Interest Paper in the form of a web page titled ‘Areas of research interest’, the foreword to which is by Kate Collyer, FCA Chief Economist.  This Research Paper contributes to the FCA’s ambition, as outlined in its Strategy for 2025-2030, to deliver on the key visions and priorities in the Strategy.

Key points to note and next actions

• The paper includes commentary in relation to four research themes, which are Growth, Wholesale Markets, Helping Consumers, and Regulation.
• Each research theme has a set of focus areas, with commentary about each of those.

Context

The FCA has published a speech delivered by Therese Chambers, FCA Joint Executive Director of Enforcement and Market Oversight, at the International Bar Association (IBA) Anti-Corruption Conference.  The speech indicates that there is much that is not seen publicly in relation to the fight against financial crime.

Key points to note and next actions

• Financial crime is becoming faster, more complex and more widespread than ever before. We are making fuller use of the tools available to us, including the credible threat of enforcement, to step in before harm escalates.  
• Enforcement is about more than just headlines. It also includes the quieter work of supervision, market oversight and proactive detection.
• A whole-system (even worldwide) response is crucial. Regulators, law enforcement and industry need to work together to close the gaps criminals rely on.
• The speech addresses the themes of ‘changing threat, changing model’, cutting off harm at the root, a global response for a global problem, and the fact that the fundamental principles remain in place.

Context

The ICO has published a statement in relation to the conclusion of a criminal investigation into the unlawful obtaining and disclosure of medical information to a third party without the consent of the data controller, related to a breach reported by the London Clinic in March 2024.

Key points to note and next actions

• Following a full assessment under the Code for Crown Prosecutors and the ICO’s Prosecution Policy, the ICO issued a now former healthcare professional from London with a formal caution in relation to an offence under the Data Protection Act 2018.
• The conduct involved the deliberate misuse of highly sensitive personal information and an offer to disclose it for financial gain, representing a clear breach of trust.
• The ICO considers the available evidence and the public interest in every criminal investigation. In this instance, the ICO concluded that a caution was the appropriate and proportionate enforcement response.
• The ICO also considered whether there were any wider organisational issues arising from the healthcare provision in this matter. Based on the evidence available, the ICO did not identify any failings that would meet the threshold for regulatory enforcement.

Context

As part of its weekly publication of its Rulings in relation to complaints or issues, the ASA has published details of a Ruling in relation to misleading advertising.  This Ruling demonstrates that the overall impressions created by the combination of imagery and words, and how those work together, must be considered, rather than merely considering the compliance of individual elements of the advert.

Key points to note and next actions

• Although there was an on-screen disclaimer in the TV advert concerned, stating clearly what was not included in the cremation-only funeral plan concerned, the ASA upheld complaints that the advert was misleading.
• Statements made in the advert could be interpreted as meaning that an ‘attended’ or ‘in-person’ funeral service was provided.
• The combined effect of where the character in the advert was, the potential image that portrayed, and the content of the scripting, were deemed collectively to create an impression of something that was not available under a standard plan, only at extra cost.
• We recommend that firms review this Ruling and understand the ASA’s views (which are very much in line with the FCA’s).

Context

The House of Lords Financial Services Regulation Committee (FSRC) has published a transcript of an oral evidence session attended by Matt Brewis, former Director of Insurance at the FCA.  This session took place on 10 June, and the transcript was published on 15 June.  The session was part of the FSRC’s ‘Regulation of the consumer insurance market’ inquiry.  We recommend that firms and their compliance teams read the transcript.

Key points to note and next actions

• The nature of the discussions was very much focused on home and travel insurances, and some focus on motor insurance.  This is in line with the subject of the Which? Super complaint, and the FCA’s recent work.
• Brewis provided mostly general responses to the questions posed, reiterating that Consumer Duty provides a wider base for ensuring compliance than prescriptive rules.
• There are some interesting insights into the way the FCA works and approaches regulation and oversight (albeit high-level detail), and how the FCA has interacted with FOS.

Context

EIPOA has published its 2025 Annual Report, detailing its work and outlining its accomplishments in the past year.  Against a backdrop of geopolitical instability, rapid advances in AI, more frequent and intense weather events, and the rise of cyber threats, EIOPA states that it has “…remained committed to protecting the public interest by contributing to the stability, effectiveness and sustainability of the European financial system.”

Key points to note and next actions

In line with the European Commission’s priorities, EIOPA has defined its approach on regulatory simplification and burden reduction, advocating for smarter, more harmonised regulation, alongside more effective supervision at EU level.

The report states that, in 2025, EIOPA successfully delivered on its strategic priorities to: 

• Embed regulatory simplification and burden reduction principles across different areas of work,
• Contribute to building up sus­tainable insurance and pensions, including by addressing protec­tion gaps,
• Support the supervisory commu­nity and the industry in mitigating the risks of the digital transformation and seize its opportunities, including by further promoting a data-driven culture,
• Promote sound, efficient and consistent prudential and con­duct supervision throughout Europe, particularly in view of in­creasing cross-border business,
• Deliver high-quality advice and other policy work taking into account changing and growing needs of society as well as the ef­fects of new financial regulation,
• Further enhance financial stabil­ity, with a particular focus on analysing the risks, vulnerabilities and emerg­ing threats within the EU’s financial sector,
• Serve as a model EU authority with high professional standards, cost-effective governance, and a positive reputation within the EU and globally.

There are several familiar themes within these priorities

Context

The CII has published some new guidance to support insurance and personal finance firms in managing data relating to customers in vulnerable circumstances. The Data Privacy for Customers in Vulnerable Circumstances guide clarifies in practical terms how customer vulnerability-related data can be managed in compliance with UK data protection requirements and the Consumer Duty.

Key points to note and next actions

• Developed for compliance officers, data protection specialists, operations managers, the guide is intended to act as a practical foundation for embedding effective vulnerability data management across the sector.
• By clarifying how firms can collect, store and use vulnerability-related information responsibly, the CII aims to support a more consistent, confident and customer-centred approach across insurance and personal finance.
• The article introducing the new guidance sets out the CII’s view that there are three distinct and interconnected purposes for processing vulnerability data. Firstly, to provide appropriate support and to prevent harm. Secondly, to meet reporting requirements. Thirdly, to drive product and service improvements.
• The guidance has been developed to address the perceived risk of infringing data protection law as a result of processing vulnerability-related data.
• The guidance builds on joint communications from the FCA and ICO, which clarify that UK data protection laws and the requirement for processing vulnerability-related are not in conflict.
• The guidance itself is detailed, and is split into four sections:
  • Context and Principles
  • Vulnerability data requirements
  • Establishing policies
  • Operational data management

Context

The IUA, in association with Airmic, has published a joint report addressing the issues around ‘protection gaps’ and what can be done to combat them.  Such gaps emerge as organisations face risks that insurance cannot fully cover, as some exposures are too uncertain to price or losses may be too large for commercial markets to absorb. Increasingly, some emerging risks are also simply too new and lack the necessary data for insurance products to have developed.

Key points to note and next actions

• The paper makes the recommendation for the market to pilot outcome-based policy structures for well-defined risk scenarios – particularly relating to data centre failures and supply chain disruption, both of which combine several risks areas.
• Other recommendations for how insurance protection gaps can be lessened, and even closed, include reviewing the process by which policy exclusions are finalised for major classes of business and developing new approaches to testing insurance wordings against loss scenarios.
• The report also recommends establishing three-way engagement between underwriters, brokers and buyers, as well as greater investment in education for risk managers.

Context

Which? has published the latest results of its ongoing research into the interest rates that insurers charge for allowing customers to pay their insurance premiums in instalments.

Key points to note and next actions

• Interestingly, none of the APRs identified by Which? in the home and motor insurance markets are 30% or more – they are all now under 30% (an APR figure the FCA cited as being ‘high’).
• Some of the terminology in the Which? article demonstrates why APRs are misunderstood.
• The latest position from Which? is that they feel that an APR of 25% is ‘unfair’.  Using APRs as a measure of interest rate fairness is perhaps flawed.
• Of the 51 insurers and distributors listed in the Home Insurance APRs table, 12 (23.5%) either provided no response or did not disclose an APR.  15 (29.5%) indicated that they provided instalments at no cost.  12 (23.5%) had APRs of below 20%, 5 (10%) were between 20% and 25%, with the remaining 6 (a little under 12%) being over 25% but less than 30%.
• Of the 61 insurers and distributors listed in the Car Insurance APRS table, 13 (21%) provided no data or response.  Only 2 (3%) offered no charge.  22 (36%) had APRs of below 20%, 7 (11.5%) were between 20% and 25%, and 18 (29.5%) were over 25% and under 30%.

Context

The IFED has publicised arrests after alleged fake death, multiple false transport claims and forged medical documents, following a nationwide enforcement period targeting travel insurance fraud.  Officers executed warrants across the country, conducting house searches and interviews. The team also made arrests as part of an operation to identify and disrupt opportunistic fraudsters seeking to exploit the insurance system with dishonest travel claim

Key points to note and next actions

• The activity resulted in three arrests, four voluntary interviews, and two cease and desist notices. All arrests were followed by interviews under caution.

The identified insurance fraud included:

• Three settled claims totalling £22,000, where a suspect alleged multiple bereavements to justify repeated holiday cancellations. Following an interview, the suspect made a full confession and has agreed to repay the insurers in full.
• Suspicion of fraud by false representation by a suspect after he allegedly faked his own death to support an insurance claim, claiming to have drowned while travelling in Nigeria.
• Suspicion of fraud by false representation, after allegedly submitting 37 claims for missed or delayed transport that are now suspected to be fraudulent.
• A defendant pleading guilty to fraud by false representation in relation to a travel insurance claim, supported by fabricated Caribbean medical treatment documents, and to money laundering.

Over the past five years, IFED has received 102 referrals for travel insurance fraud. The insurer-estimated value of these frauds totalled £4,404,334.42, averaging of £44,942.19 per case.