FCA enforcement trends: themes from recent final notices
Analysis of FCA final notices published over the past 18 months reveals several consistent themes that reflect the regulator's current enforcement priorities and the standards it expects firms and individuals to meet. Financial crime — particularly failures in anti-money laundering controls — remains the largest single category by penalty value, but conduct failures, systems and controls deficiencies, and individual accountability cases have all featured prominently. Understanding the factual patterns in final notices is one of the most reliable guides to the FCA's current risk appetite and to the areas where supervisory tolerance has run out.
AML enforcement has focused heavily on the quality of customer risk assessments, the robustness of enhanced due diligence, and the adequacy of ongoing monitoring. A recurring finding in final notices against banks and payment firms is that risk scoring methodologies were not applied consistently, that alerts were routinely downgraded without documented justification, and that senior management did not have adequate oversight of financial crime data. The FCA has shown increasing willingness to hold compliance officers personally accountable where they had authority to escalate concerns and failed to do so, or where they approved customer onboarding that could not withstand objective scrutiny.
Individual accountability under SMCR has become a more prominent enforcement theme. The FCA's final notices against senior managers have typically focused on failures of supervision and escalation rather than direct misconduct — the proposition that a senior manager who fails to ensure adequate controls in their area of responsibility has breached their senior manager duty of responsibility. Firms should note that the FCA has been prepared to act against individuals even where the firm itself has agreed to a settlement and remediation package. The FCA's Decision Procedure and Penalties manual (DEPP) sets out the factors it considers in determining penalty severity, including whether the individual profited from the breach and the degree of cooperation with the investigation.
Systems and controls cases have featured prominently in the post-Consumer Duty period. The FCA has taken action against firms where data indicated persistently poor consumer outcomes — for example, high rates of customer cancellation of insurance products shortly after purchase, low rates of successful complaint resolution, or evidence of systematic mis-selling of add-on products. These cases illustrate the FCA's growing use of data analytics to identify enforcement targets: the regulator no longer relies primarily on whistleblowers or complaints to identify potential misconduct, but actively analyses its regulatory returns and market data for outlier behaviour.
Discount for early settlement
The FCA's settlement process offers a 30% discount on the financial penalty for firms or individuals that agree to settle at Stage 1 (before a warning notice is issued). This creates strong incentives for early engagement with the FCA when concerns are identified. Firms that self-report issues, cooperate fully with investigations, and present credible remediation plans typically receive more favourable treatment — both in penalty quantum and in the narrative of any final notice — than those who contest the FCA's case. Legal advice at the earliest stage of any enforcement engagement is therefore essential.