Welcome to the UKGI weekly regulation update service for Aviva ABC brokers

Context

The FCA and PRA have confirmed changes to streamline senior manager accountability.  The FCA’s Policy Statement PS26/6 (at a ‘streamlined’ 104 pages!) sets out how firms will benefit from reduced costs and greater flexibility and find it easier to comply with the Senior Managers and Certification Regime (SM&CR).  The PRA’s Policy Statement can be found here.

Key points to note and next actions

The Government and regulators have announced first‑phase reforms to the SM&CR. Core senior accountability is retained, while reducing complexity and administrative burden for firms. Key impacts include:

• Extending the validity period of criminal records checks from three months to six months, with checks no longer required for intra-group moves.
• Giving more time to submit senior manager applications when there has been an unexpected or temporary change (the ’12-week rule’).
• Removing the need to certify people to hold multiple overlapping functions, which will reduce the total number of certification roles required by around 15%.
• Helping to streamline annual checks to certify individuals as ‘fit and proper’.
• Making only larger, more complex firms meet enhanced standards, by raising many of the enhanced firm thresholds by 30%, with a new 5-year mechanism for threshold increases.
• Helping to better understand the definition of certain senior management roles, and the allocation of Prescribed Responsibilities.
• Allowing more time (up to six months) to report updates to senior manager responsibilities (Statements of Responsibilities and Responsibilities Maps).
• Simplifying the re-certification process by allowing e-mail records confirming re-certification to replace the issuing of a further Certificate.  Also, re-certification can become part of an annual review cycle rather than being a separate assessment
• Giving more time to update the directory, which lists certified staff.
• Reducing the period to respond to regulatory reference requests from six weeks to four weeks.
• Conduct rules guidance clarifications, including notification requirements, regulatory references without disciplinary action, and the application of the Senior Manager Conduct Rules.

HM Treasury has also published the outcome of its consultation of 15 July 2025 into reforming the Senior Managers & Certification Regime.  Further Government proposals include:

• Removing the Certification Regime from primary legislation, including the annual recertification requirement, and enable the regulators to consider a more proportionate and flexible framework in their rulebooks.
• Reducing the number of senior management functions that require regulator pre-approval. Regulators will be given a new power to specify circumstances where it would be suitable for a firm to notify the regulators of the appointment of a senior manager following the firm’s assessment of fitness and propriety.
• Repealing the prescriptive legislative provisions relating to Statements of Responsibilities, enabling regulators to consider appropriate requirements in their rulebooks.
• Streamlining Conduct Rules by repealing the prescriptive legislative requirements on firms to notify regulators of breaches and to conduct mandatory training, while retaining the regulators’ power to make Conduct Rules and set out appropriate requirements in their rulebooks.
• Give regulators the power to specify in rules and guidance the circumstances in which they may accept senior manager applications subject to time-limits or conditions, approval of which would not trigger statutory notice requirements.

Additional changes are expected following regulator consultations in 2026, aiming to halve the overall regulatory burden.

Most changes take effect on 24 April 2026, and 10 July 2026 so firms can benefit from them straight away.  Changes made to align with PS25/23: ‘Tackling non-financial misconduct in financial services’, apply from 1 September 2026.

Context

The FCA has published a review report setting out good practice and areas for improvement it has seen in its supervisory work related to inactive ARs and Introducer ARs (IARs).  The FCA reviewed 14 Principal firms.

The review web page explains that there are a range of possible reasons why ARs do not carry out regulated activities. Where this is the case, Principal firms still need to have effective oversight of their ARs and cannot rely on transaction oversight as a source of information.

An unexplained lack of reported regulated activity is an indicator of weaknesses in Principals’ governance, monitoring and oversight, and risk management of its ARs/IARs. Where such weaknesses exist, there is an increased risk of consumers being misled and suffering harm.  This builds on previous publications including PS22/05, PS22/11 and the FCA’s 2023 publication on Improving the Appointed Representative regime through greater use of data.

Key points to note and next actions

The FCA expects Principal firms to:

• Consider AR arrangements where ARs or IARs are not routinely carrying out regulated activities and reflect on whether oversight, monitoring and governance practices remain appropriate.
• Provide accurate and clear explanations in REP025 regulatory returns (column F) where ARs have not carried out regulated activities during the specific reporting period.  Do not rely on unclear internal terminology.  Explain the reasons for inactivity in simple terms and do not rely on statements such as ‘not trading’ or ‘not introduced business during this period’ as the explanation for AR inactivity.
• Take timely action to terminate AR/IAR relationships where they are no longer appropriate and notify the FCA when the status of the relationship changes.

The review report addresses the following issues, setting out examples of good practice, areas for improvement, and case study examples for each:

• Lack of AR regulated revenue reported to the FCA (commentary includes secondary regulated activity such as secondary credit brokers and funeral directors arranging funeral plans).
• Lack of engagement with inactive AR.
• Insufficiently monitoring consumer-facing materials.
• AR agreements needing to meet regulatory requirements.

Next steps for firms:

The FCA’s engagement with the 14 Principal firms led to ‘positive change’ at seven of them, with several ARs terminated (“offboarded”) and Principals strengthening their monitoring arrangements. Principals should:

• Actively and appropriately engage with their ARs through oversight, and use robust data quality, and governance, including additional measures when an AR is inactive.
• Accurately report revenue generated by the AR and any reasons for periods of inactivity through the REP025 regulatory return.
• Monitor the appropriateness of their AR relationships and take timely steps to ensure the Register remains up to date and the principal’s risks are mitigated.

Context

The FCA has published an ‘Innovation Insights 2025’ report, which explores what is changing in the fintech world, where the risks are shifting, and how FCA innovation services are helping firms test and scale responsibly.  It brings together what the FCA is learning from fintech market developments and how firms are using the FCA’s innovation services.

Key points to note and next actions

• In 2025 the FCA found that capital is flowing more selectively, with global fintech investment exceeding $130 billion across more than 4,500 deals, but with funding concentrated in fewer, larger and more mature firms.
• Firms are seeking regulatory clarity earlier, as the key challenge shifts from building new products to understanding how regulation applies to them
• Demand for our support grew, with applications to its Regulatory Sandbox and Innovation Pathways rising 49% in 2025.

In 2026, the FCA:

• wants firms to move more efficiently from questions to action, which will require better guidance, more structured pathways, and continued dialogue with the market; and
• will focus on clearer testing criteria, broader engagement with incumbents – particularly in wholesale markets and general insurance – and stronger support for UK competitiveness and international growth.

The Report covers:

• Innovative support and engagement.
• The fintech landscape.
• A ‘regulatory sandbox and innovation pathways’ overview.
• The 2026-2027 outlook.
• New FCA initiatives.

Context

The FCA has published a speech by Jessica Rusu, FCA Chief Data, Information and Intelligence Officer, at the IFGS UK FinTech Week.  Rusu notes that, 25 years ago, e-commerce changed how we buy, and that the UK is one of the most digitally mature retail markets, with roughly one in every 4 pounds spent online – among the highest e-commerce penetration rates globally.

Key points to note and next actions

• UK Fintech contributes more than £11bn annually to the economy. In 2025, it received $15bn deployed across 445 disclosed deals, reflecting continued global investor confidence.
• 75% of UK adults use fintech services, and Open Banking has reached over 16 million users – a scale few markets globally can match.
• Agentic commerce will change how financial decisions and transactions are made, demanding a fundamentally new approach.
• The FCA is expanding practical support for firms through the next phase of its AI Lab.
• Open Finance will provide the foundations of a more intelligent financial system.
• The FCA is supporting solo-regulated firms to ‘scale-up’, with its Scale-Up unit open for expressions of interest (FCA solo-regulated firms can register their interest and check the FCA’s eligibility criteria; the FCA will formally open applications in May 2026).
• Rusu introduces the next phase of the FCA’s AI Lab, discusses the ‘Open Finance roadmap’, and comments on helping fintech firms to scale-up.

Context

The FCA has announced, in a new web page as well as in Jessica Rusu’s speech, the second group of firms selected to join AI Live Testing. Eight new firms (Aereve, Coadjute, Barclays, Experian, Go-Cardless, Lloyds Banking Group (Scottish Widows), UBS and Palindrome) have been chosen by the FCA to live test AI applications to support safe and responsible deployment.

Key points to note and next actions

• In September 2025, the FCA published a Feedback Statement on the potential benefits, opportunities and challenges raised by our proposal for AI Live Testing.
• The FCA is working with its technical partner Advai, a London-based specialist in automated AI assurance, to provide AI Live Testing. This initiative helps successful applicants explore key questions around risk management and live monitoring to support the responsible deployment of AI for consumers and markets.
• The FCA will also publish a good and poor practice report for AI in financial services later in 2026 to support firms in the safe and responsible adoption of the developing technology.
• The announcement coincides with the publication of the FCA’s Innovation Insights report, which highlights how fintech innovation is evolving in the UK and what the regulator is learning from firms engaging with its innovation services.

Context

The FCA has published a speech delivered by Sheree Howard, FCA Executive Director of Authorisations, at the Association of Professional Compliance Consultants (APCC) Spring Conference 2026 in London.  Howard was addressing the Compliance Consultancy sector but there are key messages for firms.

Key points to note and next actions

The speech likened the authorisation process, and the support provided in it by third-party Consultants, to the relationship between a runner in the London Marathon and a coach or trainer.  The trainer may be able to prepare the runner for the event, but only the runner can actually run the race.  For any firm going through an authorisation process, the Consultant is the support system, helping the firm to get authorisation-ready.  When it comes to the decision to authorise or not, it is the firm’s competence that the FCA is assessing, not the Consultant’s.

• The authorisation process is demanding, and rightly so. A rigorous authorisation process is good for firms, consumers and the wider market.
• Third-party compliance consultants play a pivotal role in that process by helping firms create stronger applications – which leads to faster decisions.
• Upholding high standards is a shared responsibility. We are committed to working in partnership with the compliance community to meet it.

Howard explains that the authorisation process is not about putting obstacles in the way, rather it is about filtering out those who:

• aren’t ready or don’t have viable business models;
• have poor governance, systems and controls;
• don’t want to put the customer at the heart of their business; or
• are bad actors – those who are seeking authorisation for nefarious reasons.

Context

The head of the UK’s cyber agency, Dr Richard Horne, has stated that the country is facing a “perfect storm” for cyber security against the backdrop of a new “technological revolution” in a speech to the CYBERUK conference in Glasgow. 

Key points to note and next actions

Key points include:

• Technological change and geopolitical tensions present uncertainty requiring a culture shift in approach to cyber defence.
• All organisations are urged to follow advice to make cyber security part of their mission, as cyberspace sits “between peace and war”.
• Most significant incidents handled by National Cyber Security Centre are coming from attackers linked to nation states.
• In future, it will be vital to secure technology that will control robotics, autonomous systems and technology that is physically integrated with human bodies. This is beyond the definition of cyber security as understood a decade ago and will require organisations to continually reimagine cyber security.
• Dr Horne set out that organisations which do not focus on their technology base as core to their prosperity are no longer just naïve but are failing to grasp the reality of today’s world, and that “frontier AI” is rapidly enabling discovery and exploitation of existing vulnerabilities at scale, illustrating how quickly it will expose where fundamentals of cyber security are still to be addressed.

Context

OFSI has given advance notice of forthcoming changes made by the Sanctions (EU Exit) (Miscellaneous Amendments) Regulations 2026. The regulations will come into force on the 12 May 2026.  The changes are outlined below.

Key points to note and next actions

Changing relevant firms reporting from euros to pounds

• Across all UK sanctions regulations, the definitions of high value dealers and art market participants within the relevant firms regulations are being updated so that monetary thresholds are expressed in pounds sterling (£) rather than euros (€). In particular, the €10,000 threshold is being replaced with a £10,000 threshold.
• This aligns sanctions reporting obligations with upcoming changes to those in the UK money laundering regulations, so firms are not reporting in two different currencies.

Electronic notices for licences

• The law is being updated to confirm that OFSI and other authorities can send notices for licences electronically without needing consent for this approach. This reflects how communications already work and removes an outdated technical requirement.

HM Treasury debt exception

• A clarification that the exception for Treasury debt applies to all transfers of funds across the entire payment chain, including intermediaries.

Updates to the prior obligations licensing ground

• The legislation broadens the prior obligations licensing ground, giving OFSI greater flexibility to license legitimate pre-designation obligations in appropriate cases while maintaining safeguards against sanctions circumvention.

Context

The Home Office has published a document of Statutory Guidance on the Terrorism (Protection of Premises) Act 2025 (known as ‘Martyn’s Law’), which explains the Act’s core concepts and enables those responsible for premises and events to determine whether they fall within the scope of the legislation and how to comply with legal duties.  This will reasonably be of interest to insurance brokers dealing with customers who operate premises and events which may be covered by the legislation.

Key points to note and next actions

• The Guidance is accompanied by three Non-Statutory Supplementary Guidance Documents in relation to methods for assessing the reasonable expectation of individuals present at premises and events, illustrative examples of the scope of the Act and guidance, and further resources and learning.
• The Guidance covers the context of and the drivers for the legislation, a Glossary of Terms, the scope of qualifying premises and qualifying events, responsibility for legal requirements, additional requirements for enhanced tier premises and qualifying events, and compliance with legal requirements.

Context

HMRC has published a summary of its tax receipts, National Insurance contributions (NICs), and expenditure for the UK.  The details include a ‘monthly’ bulletin, an ‘annual’ bulletin, and a statistics table which includes annual totals of Insurance Premium Tax (IPT) receipts for the tax years 2006/07 through to 2025/26.

Key points to note and next actions

• HMRC noted £88m in IPT for March 2026, bringing the full-year total to a record high of £9.04bn for the 2025/26 tax year.
• The latest annual IPT figure exceeded the previous year’s receipts of £8.8bn by £157m.
• IPT receipts have almost tripled since 2015/16 (£3.3bn) and almost quadrupled since 2006/07 (£2.3bn).

Context

The LMA, in collaboration with Barnett Waddingham, has today launched a new AI Adoption Toolkit to support managing agents in developing and strengthening governance frameworks for AI across the Lloyd’s market.  The launch follows recent LMA research highlighting accelerated growth in AI adoption across the market and an increasing focus on governance and risk management.  The guidance reflects a growing need across the market for more structured approaches to AI governance as adoption accelerates.

 Key points to note and next actions

The AI Adoption Toolkit is built around five core principles:

• Governance and accountability
• Risk tiering
• Data protection, security and intellectual property
• Training and awareness
• Pragmatic adoption

Together, these principles provide a structured approach to managing AI risk while enabling firms to realise the benefits of emerging technologies.

• The toolkit provides practical, principles-based guidance to help firms move from early-stage experimentation towards more structured, governance-led adoption, as AI use cases continue to expand.
• Developed in response to increasing AI adoption and evolving risk considerations, the toolkit is designed to support firms at different stages of their AI journey, offering a flexible framework that can be adapted to varying organisational structures, risk appetites and regulatory environments.
• The announcement refers to the merits of embedding controls early and scaling AI adoption responsibly, and supporting the market as AI adoption evolves.

Context

The LIIBA has published key updates from its latest webinar “Belonging at LIIBA”.  The LIIBA brought together members and partners to share practical insights on culture, inclusion and future talent across the London market.

Key points to note and next actions

The key issues highlighted in the article are:

• Building a more inclusive market – LIIBA continues to focus on supporting equity, inclusion and social mobility, while helping firms respond to growing regulatory expectations around culture and conduct.
• Opening doors through social mobility to remove barriers and build long term talent pipelines by expanding initiatives that help people access careers in insurance (supporting students from disadvantaged backgrounds, connecting senior leaders with school headteachers, and helping members engage with schools in their local communities)
• ‘Culture, Data and Regulation’ – with new regulatory expectations on the horizon, understanding workplace culture is more important than ever.  Through its partnership with Inclusio, the LIIBA ran a proof of concept across eight broker firms.  The key message is that culture can be measured, and data can drive better decisions.  An industry impact report will be released soon.
• Turning insight into action by supporting firms with practical tools, including Mental Health Champion training and new approaches to neurodiversity.
• Investing in future talent by launching a new initiative focused on T Levels, offering early access to emerging talent, structured industry placements at no cost to employers, and a new route into the sector beyond traditional graduate pathways.

The LIIBA is also inviting members, especially SMEs, to take part in this year’s Dive In Festival, which may be the final edition in its current format.  ‘Belonging at LIIBA’ continues to grow, with a clear focus on supporting firms of all sizes, turning insight into action, and creating a more inclusive, high performing market.

Context

In response to the FCA’s and PRA’s Policy Statements, the ABI’s Director of Regulation David Otudeko has described the Policy Statements as “…a welcome step towards reducing operational complexity while maintaining robust standards of individual accountability.”

Key points to note and next actions

• The ABI is pleased to see the regulators take a pragmatic approach to improve the regime’s efficiency.
• These measures should help to streamline processes and alleviate some of the complexity firms currently face under SM&CR.