top of page

Regulatory Update - September 2025

Financial Services Regulatory Update

Each month we keep you up to date with the regulatory changes from the FCA as well as other regulators, such as the ICO. This article explains the regulatory changes impacting financial services in September 2025.


Reform of SMCR

Closing on 7 October, the consultation proposes two phases of reforms to the Regime, designed to reduce the burden on firms.

Phase 1 is slated to include:

  • Changes to the 12-week rule to allow 12 weeks to submit the application, rather than 12 weeks for approval.

  • Increase the validity period of criminal records checks for SMF applications (3 months to 6 months).

  • Allow more time to report updates to SoRs, enabling submission on a periodic basis.

  • Remove certification requirements for a Significant Management Function holder where they are also certified as an FCA Material Risk Taker.

  • Some clarification and guidance on the Certification Regime, including that certificates can be provided digitally rather than in hardcopy.

  • Some clarification and guidance on Prescribed Responsibilities.

  • Extending the Directory update timescale to 20 business days for most updates.

  • Change the regulatory reference provision period to 4 weeks rather than 6.


Phase 2 will aim to explore how reductions to SMF roles may be possible, further flexibility in the 12-week rule and in the assessment process, reviewing the list of PRs and the design of a new regime to replace the current Certification Regime.


Motor Insurance Compensation

The FCA is launching a million pound campaign aimed at motor finance customers, letting them know they don’t need to use a claims management firm to access the proposed compensation scheme. Recent research shows that 41% of customers aware they might be entitled to compensation did not know they didn’t need to use a CMC or law firm.


The FCA followed up the initial review of historic claims with some detailed work, finding unfair practices including automatic deductions to payouts for assumed pre-existing damage. As a result, the FCA says, insurers have now overhauled their claims processes in line with the Consumer Duty. If customers are due compensation, they will be contacted by their lenders, but customers have also been instructed via FCA articles to speak to their insurer if they aren’t satisfied with the response, before then contacting the Financial Ombudsman.


Motor insurers were warned in December 2022 not to undervalue cars and other insured items when settling insurance claims. March 2023 saw a multi-firm review which then identified shortcomings in insurers’ valuation of vehicles.


Modernising the Redress System

The FCA and FOS are seeking views on their proposals to modernise redress: the increasing number of complaints has led to the FOS struggling to keep up with case handling. The proposed changes would ask firms to “identify harm at an early stage, proactively address it and resolve complaints more effectively.”


This would involve firms notifying the FCA directly of any cases which have potential wider implications or are possible Mass Redress Events (MRE). This would bypass the FOS – enabling them to concentrate on individual cases - and allow the FCA to take regulatory intervention to mitigate the issue at an earlier stage.



ICO Consults on Data (Use and Access) Act 2025

The ICO is consulting on two initial issues: draft recognised legitimate interest guidance (closes 30 October) and draft complaints guidance for organisations (closes on 19 October).


The guidance for recognised legitimate interests aims to offer more confidence in using personal information for certain purposes, including safeguarding, and will offer clear advice on how and when the use of this basis is appropriate, along with examples.


The guidance for complaints will be designed to help firms understand the process they will need to have in place from June 2026. The new requirements come from Section 164A. Firms will need to ensure that individuals can make data protection complaints, acknowledge complaints within a time limit and take steps to respond.


The ICO is also consulting on draft changes in their handling of data protection complaints, which is designed to enable them to focus on cases where they can have the most impact. The ICO is concerned about the significant increase in data protection complaints, and the impact on their ability to respond quickly and effectively. This consultation is open until 31 October 2025.


ICO shares cyber security tips

Designed to support smaller businesses, the ICO has issued a reminder to firms to check they have appropriate security measures in place to protect customer and staff information. The regulator notes that an estimated 7.7 million cyber crimes were attempted over the past year, and that it is incumbent on firms to keep personal information safe, helping customers feel secure in sharing their information.

Practical tips include:

  • Back up your data regularly. If using an external storage device, keep it separate from your main workplace. Check the backup regularly.

  • Use strong passwords and multifactor authentication. The National Cyber Security Centre recommends using three random words.

  • Be aware of your surroundings – be careful what you say and what documents are open on your screen.

  • Be wary of suspicious emails. Look out for signs such as bad grammar and urgent calls to action.

  • Install anti-virus and malware protection and keep it up to date.

  • Protect your device when it’s unattended. Lock the screen or put it in a secure place, out of sight.

  • Make sure the Wi-Fi connection is secure. Using a public or insecure connection could put personal data at risk.

  • Limit access to those who need it.

  • Take care when sharing. Remember that sharing a screen in a virtual meeting may show your device to others exactly as you see it, including any open tabs or documents.

  • Don’t keep data for longer than you need it.

  • Dispose of old IT equipment and records securely.

 

Our Compliance Consultancy website includes a range of Consumer Duty tools, designed to support your compliance.


Our online training courses introduce new staff to regulatory requirements, key legislation and process, and offer excellent refresher training for established staff, with up-to-date scenarios and soft skills training. Our full range of e-learning courses are available online: Online Compliance Training | RB Compliance Consultancy

 

 
 
 

Comments

RB.jpg

Robert Bell

When you work with RB Compliance you work with me directly. An expert in FCA and UK GDPR compliance and author of A Practical Guide to the FCA's Consumer Duty. I help clients with a range of compliance support.

 

Contact me here

The 2 Minute Policy

Our range of compliance templates include Consumer Duty assessments, SM&CR templates, FCA applications and a range of "2 minute" policies.

Take a look here.

Get Updates Direct to Your Inbox

Our free regulatory e-newsletter keeps you up to date with the latest FCA and ICO news.

Sign-up here.

bottom of page