Welcome to the UKGI weekly regulation update service for Aviva ABC brokers

Link(s):

FCA confirms new incident and third party rules to bolster resilience | FCA PS26/2: Operational incident and third party reporting | FCA PS26/2: Operational Incident and Third Party Reporting FG26/4: Material Third Party Reporting FG26/3: Operational Incident Reporting ps26-2-enhanced-reporting-template-annex-2.xlsx

ps26-2-standard-reporting-template-annex-2.xlsx PS26/2: Annex 2: Amendments to Approach document ps26-2-third-party-register-template-annex-3.xlsx ps26-2-third-party-notifications-template-annex-3.xlsx PS26/2: Annex 3: Changes to the material third party reporting templates PS26/2: Annex 2: Changes to the incident reporting templates

Context

The FCA has published a policy statement and separate finalised guidance for operational incident reporting and material third party reporting, confirming new rules to make existing incident and third party reporting clearer, more consistent, and easier for firms to follow.  It has also published a number of associated annexes and templates.

The FCA intends for these new rules to help it respond quickly to disruption such as a cyber attacks or power outages, to give firms greater certainty on what to report and when and to strengthen firm resilience to better protect consumers and markets.

The final operational incident reporting rules apply to all regulated firms and the final third party reporting rules are relevant for Enhanced SMCR firms and Solvency II firms, among others.

Key points to note and next actions

Cyber attacks are becoming more frequent and more sophisticated, and firms are increasingly reliant on third party providers. In 2025, over 40% of cyber incidents reported to the FCA involved a third party and there have been several recent high-profile incidents impacting the financial services sector, including the Cloudflare and AWS outage. Clear and timely reporting will help us identify risks and respond effectively. Firms don’t always report incidents consistently and industry have told us they want more clarity on what to report and what information to provide.

The final reporting requirements follow the FCA’s December 2024, consultation on clearer, more structured reporting frameworks. Based on the feedback, the FCA has streamlined its requirements to reduce unnecessary burden, while also making sure it receives the information needed to assess impact early and to effectively respond to disruption. The FCA has:

• Created a simple, streamlined reporting regime with the Prudential Regulation Authority (PRA) and Bank of England including a single reporting portal.
• Removed duplicative incident reporting for payment service providers and credit rating agencies.
• Refined the overall information required, allowing most of the firms it solo regulates to complete a short form to report their incident.
• Added clearer guidance on thresholds, definitions and responsibilities.  

Over time the data will be used to share insights and trends to help firms bolster their operational resilience and share relevant information with industry, where appropriate during widespread disruption, particularly in stressed market conditions.

And where disruption occurs at a third party, the data will help the FCA to see through firms’ supply chains to identify which services are the most exposed and help it identify potential critical third parties to the UK financial system.  A more resilient financial sector will help lay the foundations to support growth and deepen trust in firms and the services they provide.

New finalised guidance

The Finalised Guidance for incident reporting (PDF) and third party reporting (PDF) includes:

• Clear examples of what firms should report.
• Help applying the thresholds.
• Guidance on completing the incident form and third party register.

What firms need to do next

The new rules come into force on 18 March 2027, so firms have 12 months to prepare. Two years after implementation, the FCA will conduct a review to ensure the regime works effectively for firms and delivers the outcomes it expects.

The FCA is hosting a webinar on 29 April 2026, so firms can find out more about these new rules and ask questions. To register to take part in the webinar click here.

Link(s):

Consumer understanding: good practice and areas for improvement | FCA  FG22/5: Final non-Handbook Guidance for firms on the Consumer Duty  FCA Handbook – PRIN 2A.5 Consumer Duty: retail customer outcome on consumer understanding

Context

The FCA has published examples of good an poor practice relating to the Consumer Duty’s consumer understanding outcome.

The guidance is relevant to all regulated firms, includes extra commentary for smaller firms, and has its focus on product design, manufacture, distribution and support, as well as production of communications and customer journeys.

The Consumer Duty sets a higher standard for retail consumer protection. The FCA wants firms to help customers make effective, timely and properly informed decisions, and present information that is fair, clear, and not misleading. Customers should have the information they need, at the right time and presented in a way they can understand.

Key points to note and next actions

The guidance was formed using evidence to understand how firms are embedding the consumer understanding outcome, combining supervisory findings, form data, behavioural research, and extensive engagement with industry bodies, charities and consumer groups. The FCA also reviewed wider insights from its 2024 Financial Lives Survey, which found that 12% of adults had limited understanding of the products they held and 19% had low confidence with everyday numeracy. Three in 10 said their preferred communication channel had been withdrawn, which caused difficulty for most of them.

In September 2025, the FCA surveyed 38 firms including insurance, retail banking, payments and consumer finance providers focusing on governance, testing, MI, communication design and support for customers in vulnerable circumstances. The sample included small, medium and large firms.

The guidance is split across these 5 areas:

• Management information (MI) and testing.
• Innovation and communication design.
• Vulnerability and accessibility.
• Financial promotions.
• Governance and oversight.

Key findings summary

Using insight to identify where consumers struggle: Good practice involves firms analysing insights from multiple sources, including call listening, complaints, chat transcripts, website analytics, drop-off data (customers who start but do not complete a specific process) and surveys. They review this evidence regularly and prioritise meaningful improvements rather than simply making cosmetic changes.

Testing communications with real customers: Good practice involves testing both before and after changes. Firms use proportionate tools such as surveys, comprehension checks, A/B testing (before and after) and feedback from frontline interactions. They verify whether changes improve customer understanding and adapt based on the results.

Communicating clearly, simply and accessibly: An effective approach includes plain language, clear structure, visual hierarchy and layered content. Firms place essential information upfront, highlight risks and exclusions early, and support those who need alternative or accessible formats.

Designing journeys and tools that support understanding: Well-designed customer journeys incorporate calculators, videos, walkthroughs and summaries. These tools are tested to make sure they genuinely help customers and refined based on user evidence.

Supporting customers with characteristics of vulnerability: An effective approach is to identify needs early, adapt communications accordingly and embed vulnerability considerations into governance, training and testing. This includes testing with vulnerable cohorts and ensuring accessibility throughout journeys.

Clear, fair and balanced financial promotions: A good approach aligned with the Duty makes sure promotional content is balanced, accessible and easy to understand. Firms give risks equal prominence to benefits, avoid jargon and test that key messages – including eligibility criteria and limitations – are properly understood.

Governance and oversight: Good practice includes clear ownership of the consumer understanding outcome. Firms maintain defined governance, review management information (MI) regularly, track actions, and make sure decisions lead to improvements. Oversight is embedded into everyday business processes.

Firms should use this guidance to review their oversight and testing of, and processes related to the Consumer Understanding outcome.

Link(s):

CP26/9: Modernising the redress system | FCA CP26/9: Modernising the Redress System FG26/2: Good and Poor Practice on identifying and rectifying harm Creating a redress system that works better for consumers and firms | FCA

Context

The FCA’s strategy notes that the current redress regime can create uncertainty for consumers, firms and investors.  As such, it wants to achieve greater predictability, certainty and transparency, with appropriate responsibility for firms to identify and address redress issues early on. 

This latest consultation follows the FCA’s November 2024 joint Call for Input and July 2025 consultation with the FOS.

Alongside the new consultation, the FCA is also finalising a number of the proposals it consulted on: in July 2025:

• Finalised guidance FG26/2, which includes good and poor practice on identifying and rectifying harm.
• Guidance in SUP 15 clarifying when firms should report emerging issues to us.
• Rule changes for improved efficiency by the Financial Ombudsman and the Financial Services Compensation Scheme.

In an associated blog, Charlotte Clark, Director of cross-cutting policy and strategy, says a redress system works best when it is clear, simple to use and trusted – both by the consumers who rely on it when something goes wrong, and by the firms expected to put things right.

Key points to note and next actions

Finalised Guidance

The finalised guidance relates to ‘redress exercises’ of any scale and refers to firms taking proactive steps, including deciding whether it owes remedial action to customers and providing affected customers with necessary remedy without them needing to make a complaint.  The objectives of the guidance are to highlight good and poor practice to:

• Help firms proactively identify potential consumer harm.
• Help firms take appropriate steps to resolve this harm, including proactively offering appropriate redress.
• Encourage a more consistent approach between firms for firm-led redress exercises.
• Provide guidance on appropriately communicating with consumers on these exercises, so they understand what they need to do and what to do if they are unhappy with the outcome.

The guidance supplements the Consumer Duty (‘the Duty’) guidance in FG22/5 Final non-Handbook Guidance. Firms may also find it helpful to read it in conjunction with the good practice and areas for improvement examples on complaints and root cause analysis published in December 2024.

Additional Consultation

The consultation seeks views on further changes possible within the existing framework, including proposed updates to the fair and reasonable test and to the dismissal grounds. The Financial Ombudsman is also seeking views on the introduction of a complaints registration stage to ensure that all complaints referred to the Financial Ombudsman are within its scope and ready to be investigated before being allocated a caseworker and businesses are charged. 

The proposals seek to ensure that the Financial Ombudsman can resolve complaints more quickly and informally, leading to faster and more consistent resolutions, reduced delays and improved outcomes for all parties. The proposals will also encourage earlier proactive resolution of issues by firms.  The Treasury has also published the outcome of its review into the Financial Ombudsman, which should be read alongside the consultation.

Blogging about the changes to the redress system, Charlotte Clark says “We’re delivering change at speed by acting now within our current powers, with a focus on improving how the system works in practice. This includes a new registration stage for complaints, updated dismissal grounds and clearer guidance on the fair and reasonable test.”

“Throughout, our aim has been to improve alignment, predictability and early engagement across the system – while maintaining strong and effective consumer protection.”

“For consumers, this means a smoother and more effective journey when problems arise, with complaints handled promptly by their financial services firm, and fair and fast compensation where it’s due…A system that enables earlier identification of harm, better coordination and clearer expectations should help reduce unnecessary delay and uncertainty for consumers, and support more consistent outcomes.”

“For firms, greater alignment between the FCA and the Financial Ombudsman, alongside clearer routes for early engagement when issues arise, should provide more confidence and predictability. Our changes will help firms understand when to escalate issues, what information is needed, and how wider redress concerns are likely to be approached – supporting better decision making and earlier action.”

Link(s):

FCA bans Kasim Garipoglu from working in UK financial services | FCA Final Notice 2026: Kasim Garipoglu

Context

Kasim Garipoglu is the owner of a firm that provided online trading of foreign exchange and contracts. Between April 2012 and December 2022, including when he was the CEO of the firm and an approved person, Mr Garipoglu repeatedly demonstrated a disregard for regulatory requirements, undermined compliance and anti‑money laundering controls, and positively encouraged serious misconduct amongst his colleagues.

Mr Garipoglu has now been banned from working in UK financial services after the FCA found he is not fit and proper because of his lack of honesty and integrity.

Key points to note

Mr Garipoglu repeatedly overruled those advising him that his instructions were illegal and in breach of regulatory requirements and regarded the potential for regulatory fines to be a business risk worth taking. He consistently prioritised commercial advantage over regulatory requirements.

He also deliberately provided false and misleading information to the FCA and other regulators, instructed the forgery of a document to evidence that an employee lived at a UK address with him when neither of them did so, falsified a university degree certificate for himself and made inaccurate declarations to the FCA in an authorisation application for another firm which he owned. In one instance, he instructed a colleague to impersonate him in communications and a phone call to the South African regulator.

In another instance, he had his staff take a required anti-money laundering test on his behalf and passed off the result as his own and later denied this to the FCA.

Therese Chambers, joint executive director of enforcement and market oversight at the FCA, said: “Mr Garipoglu has consistently shown a blatant disregard of regulatory requirements and chose to run his business in a way that carried significant risk that serious money laundering would be facilitated. He has consistently sought to evade accountability for this. His conduct fell far below the standards expected of individuals in senior positions. He poses an ongoing risk to consumers and to the integrity of the UK financial system.”

Link(s):

Regulatory Priorities: Consumer Finance

Context

The FCA has published its Regulatory Priorities report for Consumer Finance.  The Regulatory Priorities reports are replacing the 40+ portfolio letters the FCA had been issuing and will be published annually, setting out the FCA’s areas of focus by industry sector.

The reports should act as a guide for firm’s boards and CEOs, which the FCA expects to read carefully and act where they need to.

Key points to note and next actions

The FCA has noted three Consumer Finance Priorities for the next year and expects firms to:

• Consumers can access credit that meets their needs
  Lend responsibly, providing well-designed credit that offers fair value and meets consumers’ needs. It also wants firms to continue to help those currently excluded from credit and will support firms who want to innovate.
• Firms support consumers who struggle with debt
  Ensure consumers can easily get suitable support without unnecessary barriers. The FCA is working with firms to make it easier for borrowers in financial difficulty to find and get help, improve lender forbearance and support and drive up the quality of debt advice so it is appropriate to consumers’ circumstances.
• Consumers can complain when things go wrong and get appropriate redress
  Properly identify and deal with complaints. Firms should keep adequate records, undertake root cause analysis and hold sufficient funds to meet potential and actual liabilities.
  Motor finance firms should prepare to work constructively with us on a potential redress scheme as the most efficient way to address liabilities for consumers treated unfairly and bring certainty for all affected.
  Claims management companies (CMCs) should deliver high-quality, fair-value services that help consumers pursue legitimate claims for redress.

Alongside these priorities, the FCA will continue its work to ensure the Consumer Duty is integral to how regulated firms treat their consumers, undertaking risk-led reviews of emerging high-impact topics, such as whether fees and charges represent fair value.

It will also consult on Chapter 3 of the Consumer Credit Sourcebook (CONC), covering financial promotions and communications, to remove unnecessary prescription, update requirements and improve alignment with the Duty.

The FCA highlights that it will use the most suitable tools to act wherever it identifies serious misconduct, including supervisory intervention or enforcement.

Link(s):

New measures to modernise and transform the UK redress system  – Financial Ombudsman service Financial Ombudsman Service reform to deliver fast and impartial complaint resolution – GOV.UK

Context

Together with the Financial Conduct Authority, the Financial Ombudsman Service is strengthening the redress system so consumers get fair and quick compensation when things go wrong, and businesses have more certainty to invest, grow and compete.  

The reforms being delivered will help firms address and resolve customer issues more effectively and proactively, escalate major or emerging redress issues earlier, and speed up complaint resolution; with FOS continuing to operate independently, making decisions that are fair and reasonable and better aligned to regulatory rules.   

Key points to note and next actions

Following feedback from industry and consumer groups, the FOS and FCA have outlined the next steps on their joint work to modernise the redress system. Key changes being proposed include: 

• A new registration stage to ensure complaints referred to the Financial Ombudsman are within its scope and ready to be investigated before being allocated to a caseworker. 
• New powers to dismiss complaints that are best resolved in other ways, are more appropriate for courts or another dispute resolution process, or where there has been no material financial loss, distress or inconvenience. 
• Adapting the current ‘fair and reasonable’ test the Financial Ombudsman applies when considering a complaint to improve clarity, regulatory alignment. 

The changes come alongside wider government proposals on reforming the Financial Ombudsman, and mark a significant step in the delivery of a strengthened redress system which is transparent, robust, and fair to all parties in today’s evolving financial landscape. 

James Dipple-Johnstone, Interim Chief Ombudsman at the Financial Ombudsman Service, said:  “The financial sector has changed significantly since the Financial Ombudsman was set up 25 years ago, which is why we are driving forward changes to transform the redress system. We are laying the foundations for an agile, responsive and modern service which is fit for the future and has the confidence of consumers and firms alike. “

“Building on improvements we have delivered already these new measures will further modernise our operations to ensure we remain a service which keeps pace with a changing sector in delivering our vital service for consumers and supporting confidence in UK financial services.”

Link(s):

Parliament veto needed to enhance FOS independence following governance change – Committees – UK Parliament committees.parliament.uk/publications/52201/documents/289967/default/

Context

The Treasury has recently published the consultation response to its FS Sector Strategy: Review of the Financial Ombudsman Service, in which it says that ‘the government will legislate to make the Chair of the FOS a government appointment’. The Treasury says this is in order to ‘align the appointment of the FOS Chair with other significant appointments in financial services, such as the Chair and CEO of the Financial Conduct Authority, and help to ensure appropriate oversight and accountability’.

Key points to note

A letter from the Chair to the Economic Secretary says that the Government should include a statutory lock for the Treasury Select Committee on the appointment and dismissal of the Chair of the Financial Ombudsman Service (FOS).  A failure to do so risks jeopardising both the actual and perceived independence of the FOS whose responsibility is to resolve consumers’ complaints against financial firms without influence from the Government.

A statutory lock would mean provisions in legislation for the Treasury Committee to consent to the appointment or dismissal of the Chair of the FOS. This would mirror the Budget Responsibility and National Audit Act 2011, within which the Committee has the power to veto the appointment or dismissal of Members of the Budget Responsibility Committee, including the Chair of the Office for Budget Responsibility.

In her letter, Dame Meg Hillier points out that making the Chair of the FOS a Government appointment was not one of the options consulted on by the Government in its recent proposals.