Welcome to the UKGI weekly regulation update service for Aviva ABC brokers

Context

Perhaps in response to the Treasury Select Committee report published on 20 January 2026, covered in last week’s update, the FCA has launched a review into the implications of advanced AI on consumers, retail financial markets and regulators.  The Treasury Select Committee expressed a view that the UK regulators’ current approach to AI in financial services risks serious harm to consumers and the wider system.  The review will be led by Sheldon Mills and builds on the FCA’s existing work on AI.

Key points to note and next actions

The engagement paper sets out the scope of the review and invites views from stakeholders including firms, consumer groups, tech providers and academics on 4 key interrelated themes:

1. How AI could evolve in the future – future evolution of AI technology, including the development of more autonomous and agentic systems.
2. How these developments could affect markets and firms – the future impact of AI, including changes to competition and market structure and UK competitiveness.
3. The impact on consumers – future consumer trends, including how consumers will be influenced by AI but also influence financial markets through new expectations.
4. How financial regulators may need to evolve – the future regulatory approach – to continue ensuring that retail financial markets work well.

Feedback will shape a series of recommendations to be reported to the FCA Board in summer 2026, informing how the FCA can guide and respond to AI-driven transformation. This will culminate in an external publication.

Mills states that he fully supports encouraging continued innovation and adoption, and that he sees AI as a major opportunity to improve outcomes.  He also sets out that the FCA also needs to ensure AI adoption and innovation occurs while ensuring markets work well and consumers are protected.

AI adoption in financial services introduces growing risks, including sophisticated AI-enabled fraud and identity abuse, algorithmic bias, and opaque decision-making. It could also potentially reduce consumer agency and introduce new forms of market concentration or systemic vulnerability. Over the longer term, increasingly autonomous and interconnected AI systems may amplify existing risks and create new ones.

The engagement paper includes commentary on:

• a current inflection point for technology and consumers;
• market structure, firms, and competition; and
• risks, resilience, and regulatory capability.

The deadline for comments is Tuesday 24 February 2026.

Context

The FCA has updated its Pure Protection Market Study web page to announce the publication of its interim report in relation to its Market Study MS24/1.  The interim report is accompanied by a full report on the consumer research, a consumer research technical report, and 2 annexes (Annex 1: Intermediated distribution, remuneration and consumer outcomes, and Annex 2: Value of Protection).  The nature of the findings in relation to the take-up of long term insurance by UK consumers has driven the FCA to call for ‘help to close the protection gap’. 

Key points to note and next actions

The main interim findings:

• The main distribution channel for pure protection products is through intermediaries (80% of sales in 2024), with a wide range of intermediary models.  Intermediary commission revenue has remained broadly stable, while commission rates have increased slightly.
• In many respects, the distribution of pure protection to consumers works well and delivers good outcomes to those that purchase it. There are a wide range of products, most consumers can claim when they need to, and the costs of cover have remained stable in the last few years.  However, some aspects of the market could work better:
  • lower claims ratios for some protection products than others;
  • intermediary incentives to switch consumers unnecessarily (the FCA will also consider ways to improve product switching, so firms make sure any switch clearly benefits the consumer and meets their needs); and
  • actions intermediaries can take to improve consumers’ claims experience.
• The FCA will be consulting further with stakeholders on these issues ahead of the final report.
• 58% of people don’t hold a pure protection product, of which 59% have never considered their protection needs.  This is what the FCA is referring to as the ‘protection gap’.  Research suggests that the gap exists because consumers aren’t aware of their needs and aren’t prompted to consider them. Other issues include ability to pay, misunderstandings about the product or improvements needed in the sales process
• There is significant data contained in the Consumer Research Technical Report and in Annex 1 to the main report.

The FCA wants to engage with the sector to hear feedback on the findings in this report, and proposed remedies to the issues above. In particular, the FCA is interested to hear whether stakeholders agree:

• with its assessment of the nature and scale of harms in the pure protection sector;
• that there is a ‘protection gap’ that the FCA and industry should seek to reduce and what potential options should be considered; and
• with the findings and proposed next steps on claims ratios, incentives to switch consumers, and claims experience.

The FCA aims to publish its final report in Q3 2026 with its final findings, a summary of feedback, and next steps.

If you’d like to share your feedback in response to the FCA’s findings and proposed remedies, send it to PureProtectionMS@fca.org.uk by 31 March 2026.

Context

The FCA has published its first ‘Enforcement Watch’ newsletter covering insights and themes from its enforcement work.  In June 2025 the FCA published its updated Enforcement Guide (ENFG), in which it amended its publicity policy to achieve greater transparency.  In the first edition of Enforcement Watch, the FCA covers its updated publicity policy in action, enforcement case priorities, and international partnerships.

Key points to note and next actions

• The FCA explains the ‘exceptional circumstances test’ and gives the example of its publication of an investigation into a motor finance claims management company.
• In addressing its current enforcement case priorities, the FCA explains that the 23 enforcement operations it has opened since 3 June 2025 cover a wide range of suspected misconduct.  18 operations are investigating regulatory breaches, 4 consider criminal and regulatory offences, and in one it is only investigating criminal offences.  
• They include investigations into individual responsibility, listed issuers, unauthorised business, fair value, inadequate oversight, adequacy of controls, and consumer investment and asset management.

Context

The FCA has published a speech given by Sheree Howard at the FCA’s Gateway to growth, Chicago Booth London Conference Centre, in which she outlines the FCA’s efforts and plans for easing authorisation application times and processes, and admits to using generative AI to “sift through large volumes of unstructured application text”.

Key points to note and next actions

• The FCA is ‘open for business’ and actively welcomes applications from firms looking to take part in the UK market.  The FCA is moving quickly whilst maintaining high standards – which “…are non-negotiable…”, and is exploring ways to speed up the process even further.
• The FCA encourages firms to use its services so it can support them in creating a stronger application and moving through the authorisations process more quickly and confidently.  The FCA’s gateway, though, cannot be a barrier to growth.
• Howard states that the FCA is working hard to handle the scale and complexity of the authorisations journey while maintaining high standards – without adding time and frustration.  Some firms who have been through any form of authorisation or approval journey may disagree with the statement about adding time and frustration.
• The FCA is also working with HMT to develop a provisional licence regime. It will give firms time-limited permissions to operate in a controlled environment and under strong regulatory oversight as they work to meet the full Threshold Conditions within 18 months.

Context

The FCA has updated its Operational Resilience web page to add a link to, and commentary about, the 2025 CBEST thematic results.  CBEST is a targeted assessment tool to help regulators assess firms’ and financial market infrastructures’ (FMIs) cyber resilience by using live penetration testing that mimics the actions of cyber attackers. It enables regulators, firms and FMIs to better understand vulnerabilities and take remedial actions, strengthening the resilience of individual firms and the wider financial sector.

Key points to note and next actions

• Each year, the FCA and the PRA publish their annual thematic analysis of CBEST assessments, highlighting cyber resilience observations from CBEST, such as cyber defence, detection and response capabilities against cyber threats, as well as contributions from the National Cyber Security Centre (NCSC).
• In the 2025 CBEST thematic, for the first time the report sets out the regulators’ insights on the tactics, techniques and procedures most commonly used in CBEST, as well as their observations on some of the challenges firms faced when remediating CBEST findings.
• The report sets out that maintaining strong cyber hygiene is not a one-time exercise but a continuous effort to reduce exposures and strengthen resilience.
• Weaknesses in infrastructure security, asset management or application security that were exploited during CBESTs include firms not maintaining strong configuration practices.
• Firms which did not have strong cryptographic protections for data-at-rest are likely to have insufficient protection against attempts to access, damage or destroy sensitive data and/or privileged credentials.

Context

In a letter to Stewarts LLP, the FCA has summarised its position in relation to the ongoing issues of BI-related court rings and their impact on claims following the COVID-19 pandemic, and responds to three issues that the law firm asked it to consider.

Key points to note and next actions

• When new court rulings are published, firms will need to consider carefully how the ruling may impact the interpretation of their policies, and their claims and complaints handling, considering their obligations to their customers.
• Where it is identified that a new court ruling has a possible wider beneficial impact for customers, the FCA expects firms to provide:
  • details of any proposed remedial action to ensure that the beneficial impact of the final outcome is applied to similar groups of customers, and/or those customers potentially affected; and/or
  • where appropriate, reasons why such remedial action may not be carried out.
• Where it has been determined that a new court ruling has no wider beneficial impact, the FCA would expect firms to explain to their customers why it was considered that there was no wider beneficial impact to other potentially similarly impacted, or other potentially affected, customers.
• At this stage the FCA is not proposing any further interventions, but it continues to supervise firms to ensure they are meeting its expectations.
• The FCA’s expectations of insurers make clear that firms will need to consider how new court rulings affect claims they have already decided and whether to reopen those claims, considering their obligations to their customers, including their obligations under FCA rules.
• Any re-consideration of claims and their reassessment would need to be carried out in line with firms’ obligations under FCA rules.  The FCA expects that, where claims have already been made in line with the time limits required by the policy but have been inappropriately rejected or under-paid in light of the new ruling, those will need to be looked at in line with FCA expectations

Context

Based on its own insights of the complaints it has received, FOS has published an article aimed at students returning to university after Christmas suggesting ways in which they can avoid financial pitfalls.  Two of those pitfalls are insurance related.

Key points to note and next actions

In relation to the issues raised below, insurance distributors could ensure that the information provided to students is sufficiently clear for them to understand the limitations of the insurances they buy:

• Insuring gadgets and tech: Standard home contents policies don’t always cover items like drones, e-scooters, or wearables like fitness watches. Students should check their cover and consider standalone gadget insurance where needed.
• Telematics (black box) car insurance: These policies may help young drivers save money and access insurance, but students should check the terms to understand how the data is collected, how driving behaviour is scored, and what could trigger cancellations or premium increases.

The ‘top tips’ that FOS thinks students should take note of, and therefore which insurance distributors should perhaps assist students’ understanding of, are:

• Always read the small print before signing up for financial products.
• Ask questions if you’re not sure – and seek help early if you get into difficulty.
• Be wary of offers that sound too good to be true.
• Protect your personal details and never share your account.
• Check insurance policies carefully so you know what’s covered and what’s not.

Context

Last year, the CMA updated its web pagen in relation to the Private Motor Insurance Market Investigation Order (the PMI Order) to update the e-mail address where private motor insurers can request more information about how to submit the annual PMI Order Compliance Statement.  The format of the Statement can be found at Appendix 3 in the Order itself, with some clarifications and explanations available in the accompanying Notes document.

 Key points to note and next actions

• If you are a PMI insurer or broker (see the Order for definitions), each year you must, by law, submit a compliance report to the CMA by 1 February.  This is the Annual PMI Compliance Statement.  This obligation arises from the CMA’s Private Motor Insurance Market Investigation Order 2015.
• The Annual PMI Compliance Statement can now be submitted via an online form and by uploading the tables of Average No Claims Bonus (NCB) Discounts.
• If you are a PMI insurer or broker, please email PMIFormRequest2026@cma.gov.uk for more information about how to submit your compliance report.
• If your business offers both insurance and brokerage services, the relevant instructions for you to follow should be determined on the basis of the primary role of your business.
• When you submit your compliance report via the online reporting form you will receive an automatic response as a confirmation of receipt.
• If you have any problems using the form, any queries, or if you need to report a breach, please contact the CMA on: pmi.order@cma.gov.uk.

Context

The OFSI has updated its web page in relation to the move to a single list for UK sanctions designations from 28 January 2026.

Key points to note and next actions

• The page has been updated to reflect the closure of the OFSI Consolidated List on 28 January 2026, and to remind firms that the UK Sanctions List is now the only source for all UK sanctions designations.
• As of 09:00 GMT on Wednesday 28 January 2026 the OFSI Consolidated List of Asset Freeze Targets and its search tool are now closed. It will remain available for reference but will no longer be updated.  Guidance has been published to help you prepare for the change.
• The UK Sanctions List is the only source for all UK sanctions designations. No changes have been made to the structure of the current UK Sanctions List. A format guide for the UK Sanctions List is available, which includes mappings to the fields on the OFSI Consolidated List.

What has changed

• The UK Sanctions List search tool has been improved, implementingfuzzy logic search and ranking of search results by relevancy. 
• The ‘Russia: list of persons named in relation to financial and investment restrictions’ has been moved to a new page with a simplified table. The list will continue to be separate and has not been merged into the UK Sanctions List. 
• A new set of regime pages to hold future sanctions notices has been created. These are available from the Current UK sanctions regimes collection page.  
• A guidance page is available to describe all changes.
• The UK Sanctions List lists which people, entities and ships are designated or specified under the Sanctions and Anti-Money Laundering Act 2018, and why.

Context

The OFSI has imposed a £160,000 monetary penalty on Bank of Scotland Plc (part of Lloyds Banking Group), for breaching the Russia financial sanctions regime.  Between 8 and 24 February 2023, the bank processed 24 payments totalling £77,383.39 to and from a personal current account held by a UK‑designated person. OFSI concluded that the bank breached prohibitions on dealing with, and making funds available to, a designated person.

Key points to note and next actions

The case highlights several important lessons for firms to:

• Ensure that sanctions screening tools are sufficiently enriched with relevant information to optimise their capabilities. Firms with greater sanctions risk exposure may benefit from commercial packages, such as commercial sanctions lists to enrich their sanctions screening.
• Address the inherent risks of automated screening with robust contingency procedures and clear escalation routes, particularly in higher‑risk areas such as those involving Politically Exposed Persons.
• Keep sanctions training under regular review, so that its content accurately reflects relevant regulatory and geopolitical developments.
• Consider prompt, voluntary disclosure of potential breaches. OFSI seeks to reward prompt and complete voluntary disclosures through penalty discounts.

Context

The ASA has published an article, in which it explains its remit on cross-border ads – what’s in, what’s out, and where those cross-border complaints go.  When the onset of the internet meant that ads could be sent from anywhere, the ASA’s remit naturally became slightly more complicated than it had been previously.

Key points to note and next actions

The ASA’s CAP Code does not apply to ads on websites, apps and cross-border platforms unless they meet at least one of the following:

• Non-paid-for marketing communications from or by marketers with a UK registered company address.
• Marketing communications appearing on websites with a “.uk” top-level domain.
• Paid-for marketing communications from or by marketers targeting people in the UK.

So, marketer’s own websites, social media pages and app content for marketers based in the UK will fall within the scope of the CAP Code.  The reference to ‘.uk’ top-level domain applies to all marketers, regardless of where they’re based.  If your website ends with ‘.co.uk’ (or ‘.org.uk’ etc), the CAP Code will apply.

The ad goes on to explain:

• how would an ad ‘target UK consumers’;
• which ads are outside of the ASA’s remit;
• what happens with complaints about those ads;
• what about direct marketing, like e-mails; and
• where can you read and find out more.

Context

Following on from its recent commentary in relation to SME uninsurance and underinsurance, the ABI has announced that a new Guide to help SMEs navigate insurance needs and address gaps in coverage.  The article announcing the Guide also includes a link to a report titled “Small Business, Big Risk: Tackling SME Underinsurance”.  The guide breaks down the different insurance products and requirements for SMEs, stating that “a lack of insurance, or inadequate insurance, can be catastrophic”.

Key points to note and next actions

• The new Guide sets out simple steps for business owners (and their insurance brokers in assisting their SME clients) to consider when taking out and renewing business insurances.
• The Guide has been developed in response to findings from research conducted by Public First, and commissioned by the ABI, which highlights how large numbers of SMEs are either uninsured or underinsured.
• A report, “Small Business, Big Risk: Tackling SME Underinsurance” found that many SMEs have not taken out appropriate insurance for the risks they may face. For example:
  • while 48% of respondents said their business had a physical premises, of those only 23% had business interruption insurance;
  • 57% have portable electronic equipment but only 31% have commercial contents insurance;
  • 57% of respondents said they had software or cloud services, but only 29% had cyber protection insurance; and
  • only half of respondents said they had reviewed the types of insurance they hold or their level of cover in the past 12 months

The report and Guide make several recommendations for industry, regulators and government to address the challenge, including:

• Insurers, intermediaries, business bodies and government should work together to raise awareness and understanding of risks facing SMEs and the benefits of insurance, by running a time-limited engagement campaign.
• Insurers should continue to review the design and presentation of products for SMEs with the aim of securing stronger customer understanding, better tailoring of offerings and higher take-up.
• Insurers, brokers and price comparison sites should continue to refine customer journeys to support clearer understanding of needs and appropriate cover choices.
• Insurers, brokers and price comparison sites should improve processes for reviewing and renewing insurance so that renewal on current terms is not the default.
• Brokers should further promote their offer to SMEs, focusing on high satisfaction and the benefits of personalisation.
• Insurers, business bodies and government should work together to make the strategic economic case for SME insurance.

Context

In response to the news that Northern Ireland will become the first part of the UK to introduce graduated driver licensing for new drivers, the ABI has responded positively.

Key points to note and next actions

• The ABI believes that the move represents significant progress in improving road safety by reducing the risks faced by young and novice drivers.
• Many of the measures outlined, including a minimum learning period and targeted passenger restrictions, are consistent with the evidence which the ABI, and others, have presented to help improve safety for more inexperienced motorists.
• The ABI looks forward to engaging with the Department for Infrastructure as the detail is finalised, and to continuing its work with policymakers across the UK to support practical measures that make roads safer for everyone.

Context

The ABI has published a ‘guest blog’ by Joseph Thomson, Technical Specialist at the FCA.  Thomson explains that the ABI is working with FCA and other trade associations including BIBA on how they can ensure that expectations for everyone involved in the distribution chain are as clear and simple as possible.

The blog seeks to address the question ‘what does the regulator actually want?’, aiming to offer a clear, regulator led steer on how firms should approach fair value in practice.

Key points to note and next actions

In addressing “Fair value – testing outcomes, not process”, Thomson reiterates the FCA’s (and his) view that “customers must be confident they’re getting fair value” and that this will lead to “better outcomes for people”, That being the case, the FCA is mainly interested in those outcomes, not process.  Thomson sets out that a good product approval and fair value assessment will ensure that:

• Products meet the needs of customers.
• Prices are a fair reflection of the benefits and services provided.
• Where the first two are not being met, actions are identified and taken.

The FCA recently ran a webinar where it covered some of the most common myths and misconceptions it has heard in relation to fair value and value assessments.

The blog also briefly covers the FCA’s ‘simplifying the insurance rules’ publications.