Welcome to the UKGI weekly regulation update service for Aviva ABC brokers
We hope you find the Updates useful. If you are
interested in subscribing to our affordable
ABC compliance support package, please
email us at ABC@ukgigroup.com or
call UKGI on our dedicated ABC
contact line 01925 765777.
UKGI has teamed up with Aviva to provide ABC brokers with access to our weekly regulation update free of charge! The service provides a round-up of compliance-related issues to give you an overview of what’s on the regulatory horizon.
This will help you stay up to date with what regulatory changes may be coming up, so you can plan ahead.
You can also access previous ABC weekly regulation updates by clicking on the archive tab at the top of the page.
UKGI is working with Aviva to provide ABC brokers with access at preferential rates to our market-leading, online compliance manual and its library of over 200 template documents!
To watch a short introductory video showcasing the manual, click here, and to see for yourself just how useful the manual could be for your business, book an interactive demonstration.
Context
The FCA has announced the publication of what it describes as a “landmark review into impact of AI on retail financial services”. Led by FCA Executive Director Sheldon Mills and commissioned by the FCA Board, ‘The Mills Review’ is the first work of its kind initiated by a regulator globally. As part of The Mills Review, in April 2026, Yonder Consulting conducted a survey of more than 5,000 UK retail financial services consumers (PDF), defined as individuals holding a day-to-day bank account, such as a current or savings account. The review (147 pages) and the survey report (45 pages) are lengthy and detailed.
Key points to note and next actions
The report identifies four perhaps predictable major AI‑driven shifts likely to impact retail financial services:
- The transformation of firm operations.
- The evolution of consumer journeys.
- The reshaping of competition and market power.
- The amplification of fraud and cyber risks.
The key findings are:
- Retail financial services are moving from human-led, towards AI-enabled, continuous, and delegated services.
- AI could reshape the sector by 2030 – changing how firms operate, consumers make decisions, markets compete and risks emerge.
- AI could improve outcomes and support growth by reducing friction and tackling long-standing challenges, such as advice gaps, low switching, and protection gaps. But it could also amplify risks associated with fraud, cyber security and consumer harm.
- Consumer adoption will depend on trust, control and access – even though 1 in 5 UK adults are already open to AI making decisions for them.
The review also outlines seven recommendations for the FCA Board and Executive to consider, which are:
- Secure and adapt the regulatory perimeter.
- Strengthen system-wide coordination and oversight.
- Monitor the transition to autonomous models and adapt regulatory frameworks.
- Scale up the FCA’s AI Lab to support AI models and system innovation in financial services.
- Enable the foundations for agentic finance.
- Build and adopt an AI-enabled agentic supervisory model.
- Develop a trusted public-interest AI-enabled financial capability service.
Running in parallel to this work, the FCA will launch an AI good and poor practice publication later this year. As part of this work, the regulator has engaged directly with firms to find out what is working well, where firms are facing challenges, and where further clarity would help. Find out more on how the FCA is engaging with firms to help shape its approach to AI.
Context
Although the press release opens with a focus on an international crackdown on illegal finfluencer promotions, resulting in three arrests and 650 social media takedown requests, and on two cases of insider dealing in the first year of its 5-year strategy, the FCA has published its Annual Report and Accounts for 2025/26 noting that it has focused its efforts on the most serious risks and harms. It has taken decisive action to protect consumers, fight financial crime and uphold market integrity. The press release contains short commentary under each of the four headings which underpin the FCA’s current strategy (helping consumers, fighting financial crime, supporting growth, and being a smarter regulator).
Key points to note and next actions
- The FCA has commented on the strengthening of consumer protection through its Firm Checker tool, which allows consumers to see if a firm is authorised and avoid dealing with fraudulent firms.
- The FCA also commented on how the Consumer Duty fair value rules have led to estimated savings of around £157m per year for those paying monthly insurance premiums.
- Alongside other reforms, the FCA has commented on the new protections for Buy Now Pay Later customers, with regulation commencing on 15 July.
- Fighting financial crime remains a key objective, with over 2,300 warnings being issued about unauthorised or potential scam firms in 2025.
- The FCA has secured seventeen criminal convictions, including two individuals receiving prison sentences and others being fined a total of £1.77m for market abuse offences. Further crackdowns on illegal “finfluencer” promotions resulted in three arrests and requests for 650 social media sites to be removed.
- The FCA also commented on its efforts to support growth, to make the UK more competitive, attract international investment and reinforce its position as a leader in financial services regulation.
- The FCA has published a raft of other reports and data in providing an update on its Outcomes and Metrics progress for 2025/26.
- The Annual Public Meeting is again confirmed as taking place at The Assembly Rooms, Edinburgh on Tuesday 6 October.
Context
Alongside its Annual Report and Accounts, the FCA has published an update in relation to it Outcomes and Metrics 2025/2030, which includes commentary (four separate web pages) in relation to the four main elements of the FCA Strategy (helping consumers navigate their financial lives, being a smarter, more efficient and effective regulator, supporting growth, and fighting financial crime).
Key points to note and next actions
- The four strategy-theme web pages set out FCA progress 2025-26, describing the various required outcomes under each of the four themes, the metric descriptions, the source of the data to measure the outcomes, and the progress achieved (e.g., customers are better able to withstand a change in circumstances, seeing a continued improvement in firms’ perceived effectiveness of the FCA, sewing a more productive and innovative financial services industry, and observing a slowed growth in investment and Authorised Push Payment fraud).
- The Outcomes and Metrics overviews are accompanied by a number of other reports and data publications:
- The FCA’s operating service metrics 2025/26, with the usual .pdf spreadsheet format of the metrics;Secondary international competitiveness and growth objective (SICGO) metrics and Rules and Guidance Log;FCA ‘Use of our skilled person reports in 2025/26’ data;The FCA’s ‘Prescribed Persons Annual Report 2025/26’, acting as a ‘Prescribed Person’ in relation to whistleblowing disclosures made to the FCA under the Prescribed Persons Regulations 2017; and
- The publications also include a new web page to outline how the FCA measures and reports on its positive impact, a diversity, equity and inclusion progress update, updated FCA workforce representation information, and a gender pay gap action plan update.
Context
The FCA has published a new web page reminding individuals that they must tell the FCA if they consent for their name and response to a formal consultation to be made public. The FCA explains that this matters because when responding to an FCA publication, individuals are providing personal data to the FCA, including their name, contact details, any opinions expressed in their response and, where provided, details of the organisation they work for.
Key points to note and next actions
When the FCA makes rules, it is required to publish:
- a list of the names of respondents who made representations, where those respondents consented to the publication of their names;
- an account of the representations the FCA receives; and
- An account of how we have responded to the representations.
In a response, the FCA asks individuals and organisations to confirm whether they consent to the publication of their name and whether they wish the response to be treated as confidential. If a respondent consents to the publication of their name, and is replying from an organisation, the FCA we will assume that the respondent is the organisation and will publish that name, unless the respondent indicates that they are responding in an individual capacity (in which case, the FCA will publish the respondent’s name).
If a respondent wishes their response to be treated as confidential, the FCA will have regard to this indication but may not be able to maintain confidentiality where it is subject to a legal duty to publish or disclose the information in question.
The FCA will not regard a standard confidentiality statement in an e-mail message as a request for non-disclosure.
| Link(s): | Reporting complaints | FCA |
Context
The FCA has updated its ‘Reporting complaints’ web page to remind firms about the upcoming changes to complaints reporting and to outline the next steps that firms should take. From 1 January 2027, there will be a single, unified complaints return to replace five of the existing complaints returns (DISP 1 Annex 1, Consumer Credit Return (CCR) Funeral Plans (FP) Claims Management Companies (CMCs) Electronic Money and Payment Services Return (PSR)).
Key points to note and next actions
- If your firm is affected by these changes, you will need to make the appropriate internal process and system changes to meet the requirements set out in PS25/19. You should ensure you are collecting the new individual data points from 1 January 2027.
- View the future reporting rules in the DISP Handbook by using the timeline feature. To find out more about viewing different versions of the Handbook, see Using the Timeline.
- See the new list of products and complaint types.
- The FCA is continuing to develop supporting materials for the new return, including Data Reference Guides containing XML specifications and details of validation rules. These documents will be published on the RegData Resources page when available, and the FCA intends to provide an update on timings here by the end of August 2026. Once ready, the new form will be made available in the RegData Industry Test Environment. You can register for the test environment by emailing RegDataTest@fca.org.uk. The FCA will hold engagement sessions to present the new complaints return design. If you wish to participate, you should contact your trade body.
| Link(s): | Enforcement Watch 2 | FCA |
Context
The FCA has published ‘Enforcement Watch 2’ – the second edition of its Enforcement Watch newsletter covering insights and themes from its enforcement work. In this issue the FCA covers cover its recent approach to supervising and enforcing the Consumer Duty, highlighting how it is using the Duty to improve consumer outcomes through assertive supervision and its enforcement powers.
The FCA ‘steps in’ where it has concerns, and it calls this ‘assertive supervision’. Its ‘assertive’ options range from a conversation to the imposition of requirements. Where interventions are sufficient to address the harm, there may be no need for a formal enforcement investigation. To give a sense of the scale, in the last financial year, the FCA ‘intervened’ 382 times. In this edition, the FCA uses the Consumer Duty to help explain the threshold between assertive supervision and enforcement action.
Key points to note and next actions
- The FCA now has eleven investigations examining potential breaches of the Consumer Duty; it opened its first investigation in August 2024, and they have steadily increased since then.
- The FCA expects firms to ask themselves questions such as ‘Am I treating my customers as I would expect to be treated?’ or ‘Are my customers getting the expected outcomes from my products and services?’.
- The FCA states that interventions are often the starting point for firms to remedy their issues or exit the market if they cannot.
- Once it has intervened, the FCA continues its supervisory engagement with the firm, including ensuring that any deficiencies are remedied and that any restrictions put in place are complied with.
- Some of the recent ways the FCA has intervened and used the Consumer Duty or rules that work alongside it include reviewing insurance firms’ valuation of vehicles (with around 270,000 motorists expected to receive £200m in redress) and requiring a claims management company (CMC) to stop conducting regulated activities with immediate effect, due to concerns that the firm was not acting honestly and fairly towards its customers.
- The FCA opens investigations where its Supervision team has detected serious misconduct and the FCA considers an enforcement investigation necessary, proportionate, and likely to create impactful deterrence across the industry.
- In several of its eleven current enforcement investigation cases, the FCA is investigating whether consumers received fair value for a product or service in line with PRIN 2A (the Consumer Duty rules) and/or the PROD Rules, which work alongside the Consumer Duty.
- Three investigations have been opened into firms operating in the home and travel insurance sector, following a multi-firm review into home and travel insurance claims handling arrangements.
- One investigation is considering whether a firm in the travel insurance sector ‘hollowed out’ a product to reduce features of the policy. The supervisory intervention sought to address issues including customer understanding, fair value and how customer needs were accounted for. However, the FCA opened an enforcement investigation due to the serious nature of the issues and to enable a full examination of the practice of ‘hollowing out’. If the evidence supports a public outcome, this will deter misconduct and raise awareness of the issues.
| Link(s): | FSCS annual report and accounts 2026 | FSCS FSCS Annual Report 2025/26 | FSCS FSCS Annual Report and Accounts 2025-26 FSCS Class Statements 2025/26 |
Context
FSCS has announced the publication of its 2025/26 Annual Report and Accounts and Class Statements. The Report and Accounts set out FSCS work and achievements over the past financial year, and the Class Statements summarise the source of FSCS levies and how it has used these funds. FSCS paid over 14,000 individual customers, responded to major firm failures, and recovered more than £34m in 2025/26. It also implemented the increased £120,000 deposit protection limit, protecting even more of people’s savings.
Key points to note and next actions
Highlights from 2025/26 include:
- £267m paid across FSCS’s deposits, insurance, advice and investment services, with over 14,000 individual customers compensated;
- over £34m recovered from the estates of failed firms and relevant third parties, contributing to £145m over the last three years, helping to reduce costs for levy payers;
- close to 12,000 advice and investment claims resolved, maintaining high quality and customer satisfaction scores; and
- around 18,000 Premier Insurance Company Ltd policyholders supported to maintain continuity of cover or receive policy refunds when the firm failed.
The report also outlines FSCS’s response to key regulatory developments, including the increase in the deposit protection limit to £120,000 from December 2025. The limit for qualifying Temporary High Balances has also increased to £1.4m for up to six months. This means more savings are protected, providing greater reassurance to consumers.
| Link(s): | How data protection law can help protect businesses from crime | ICO Using personal information to protect your business from crime | ICO |
Context
The ICO has published a blog by Emily Keaney, the Deputy Commissioner for Regulatory Policy, setting out how data protection law can help protect businesses from crime. The sets out that, for retail businesses, the chances are that protecting their business from crime is something they think about every single day.
Key points to note and next actions
- The ICO has published advice about how to share information lawfully to help tackle crime that is aimed specifically with small retailers in mind; time-pressed business owners who need clear answers to practical questions.
- The British Retail Consortium estimates there are almost 5.5 million incidents of theft and 43,000 incidents of violence against staff every year across the whole sector, with retailers continuing to invest in measures such as CCTV systems to help tackle the issue.
- The ICO accepts that there is sometimes a feeling that data protection law is not on retailers’ side; that they are on the receiving end of crime but also the ones who must tread carefully. This is something the ICO wants to address.
- The blog explains the reality that data protection law enables businesses to use personal information, including CCTV footage, to protect their business, staff, and premises.
- Data protection law gives businesses a legitimate, structured way to use the information they already have to protect their business, and the ICO guidance makes it easy to do.
Context
The CII is to lead cross-sector data-sharing taskforce to develop vulnerability data sharing standards. This will build on the CII’s work to support customers in vulnerable circumstances, in accordance with the FCA’s Consumer Duty expectations.
Key points to note and next actions
- The aim of the taskforce is to reduce the number of repeat disclosures required of vulnerable customers across the distribution chain. It brings together representatives from insurance, personal finance, technology, academia, and professional bodies to develop practical solutions.
- The initiative responds to concerns that vulnerability-related information is not consistently shared across the financial services distribution chain. Customers are often asked to repeat sensitive information as they move between insurers, brokers, advisers and service providers, creating frustration and potentially reducing support.
- The taskforce met for the first time in late May to discuss how improved information sharing could help firms provide more consistent support and reduce the need for customers to repeatedly explain their circumstances.
- It was noted that UK GDPR should act as the vehicle for responsible data sharing where there is a lawful basis, transparency, purpose limitation, and appropriate governance. The greater challenge is the absence of common standards, shared terminology and practical mechanisms across the distribution chain. Experian, MorganAsh and FWD Research shared their existing approaches to vulnerability data sharing.
- Three working groups have been established, focusing on creating a vulnerability data dictionary, market adoption and engagement, and data standards and governance. Their work will centre on practical use cases and measurable customer outcomes.
