FCA Priorities 2026: Same Themes, Sharper Focus

In March the FCA released their inaugural Regulatory Priorities reports which can be found here: Regulatory Priorities reports | FCA. 

These are important updates which replace the portfolio letters previously used by the regulator to communicate concerns and priorities for each sector. Across banking, payments, wealth, and beyond, the FCA isn’t trying to reinvent the wheel. Instead, it’s asking firms to prove—properly, demonstrably, and with evidence—that the basics are working. And when you step back, three clear themes emerge.

Good Outcomes: It’s All About the Data

The FCA’s focus on outcomes is nothing new, particularly in a post-Consumer Duty world.

What has evolved is the expectation around how firms evidence those outcomes. It’s no longer enough to say customers are being treated fairly—you need to show it, and crucially, you need the data to back it up.

There’s a subtle but important shift here. The regulator is pushing firms to move from retrospective assessments to something more dynamic. Data should not just explain what went wrong last quarter; it should help you identify risks before they crystallise.

In practice, that means asking tougher questions internally. Are MI packs genuinely telling the story of customer experience? Are firms spotting patterns in complaints, vulnerabilities, or product performance early enough? And perhaps most importantly, are boards engaging with this data in a meaningful way?

Firms that invest in “good data” now—clean, joined-up, and decision-useful—will find themselves on much firmer ground when supervisory scrutiny inevitably follows.

Fraud and Financial Crime

Financial crime remains firmly at the top of the FCA’s agenda, but this year the emphasis feels more grounded—less about new rules, and more about doing the fundamentals properly. At the centre of this is the expectation for a robust business-wide risk assessment (BLRA).

The Financial Conduct Authority is clearly signalling that firms need to step back and look at financial crime risk in the round. A BWRA isn’t just a document to satisfy a regulatory requirement; it should be a living, breathing assessment of where your real risks sit—and how well your controls are working to mitigate them.

What’s becoming increasingly clear is that a siloed approach no longer cuts it. Fraud risk, AML exposure, sanctions considerations, and customer vulnerabilities are all interconnected. The FCA expects firms to join the dots, rather than treat these as separate compliance workstreams.

A strong BWRA should feel practical and rooted in reality. It should reflect how your business actually operates, where your customers interact with you, and where things could go wrong. And importantly, it should drive decision-making—informing everything from control design to resource allocation.

In many ways, this is a return to basics, but with a sharper expectation of quality. The regulator isn’t asking for longer documents; it’s asking for better thinking. Firms that can clearly articulate their risks, demonstrate how they’ve assessed them, and show how that translates into effective controls will be in a much stronger position.

Operational Resilience and Third-Party Risk: No Weak Links

If there’s one area where the FCA’s patience is wearing thin, it’s operational resilience. With key deadlines now behind us, the expectation is that firms have moved beyond planning and into full implementation. The message is simple: you should know your important business services, understand your impact tolerances, and be confident in your ability to remain within them, even under stress.

What’s changed this year is the increased emphasis on third-party risk. Outsourcing, cloud providers, and critical suppliers are no longer peripheral concerns; they are central to a firm’s resilience posture. The uncomfortable truth is that many firms are only as resilient as their weakest supplier.

This is prompting a more forensic approach to oversight. Firms are being asked to demonstrate not just that they have contracts and due diligence in place, but that they truly understand how third parties could affect service delivery in a disruption scenario.

A Familiar Message—But With Greater Expectation

There’s a reassuring familiarity to this year’s priorities. Good outcomes, financial crime, and resilience have all been on the agenda for some time. But familiarity shouldn’t be mistaken for simplicity. What the FCA is really saying is this: the frameworks are in place, the expectations are clear, and now it’s about execution.

For firms, the question is no longer “Do we understand what the regulator wants?” but rather “Can we evidence that we’re delivering it—consistently, and at scale?”

That’s where the real work lies.

Next Steps

At RB Compliance, we’re seeing firsthand how firms are grappling with these themes—turning principles into practice, and strategy into something tangible. If 2026 is about anything, it’s about closing that gap between intent and evidence. And as ever, the firms that get ahead will be the ones that treat regulation not as a hurdle, but as a driver of better business. We can support you through:

1. Partnering you through the outcomes monitoring process - as experts in the Consumer Duty (I'm a published author on the Duty) we're ideally placed to partner you through the process, from identifying good outcomes, to establishing relevant MI through to analysing the data

2. Review your firm's BWRA against the regulatory requirements, helping keep you safe from action

3. Partnering to support your operational resilience and transition to third party reporting requirements

Contact us: robert.bell@rbcompliance.co.uk