Skip to content Skip to menu Skip to footer
Cart

Top 5 regulatory moments of 2025

Image related to Top 5 regulatory moments of 2025

By Avyse Partners, 22 December 2025

The year 2025 has been one of the most defining for UK financial regulation. Firms have faced sharper scrutiny, heightened expectations, and pressure to modernise their financial crime and conduct frameworks. 

While the UK Financial Conduct Authority (FCA) publicly emphasised proportionality and support for growth, its actions signalled a more assertive, data-driven regulatory environment. 

Five developments stand out as the key regulatory moments of 2025, shaping supervisory priorities and influencing how firms approach governance and risk. As well as looking back on these regulatory moments of the year, we provide some practical steps to take in response.

1. FCA multi-firm review highlights persistent weaknesses in risk assessments

In November, the FCA published its multi-firm review into business-wide risk assessments (BWRA) and customer risk assessments (CRA).

Despite years of guidance, many firms still failed to create risk assessment frameworks reflecting their size, complexity, and business models.

The FCA identified recurring issues:

  • BWRAs not tailored to actual risk profiles
  • BWRA actions not documented or assigned
  • Assessments not kept dynamic
  • CRAs not maturing with firms’ growth
  • Enhanced or automated processes insufficiently tested

This matters because BWRAs underpin financial crime controls. Weaknesses here can cascade into poor due diligence, weak monitoring, and ineffective escalation. At Avyse Partners, risk assessments remain one of the most common issues raised by clients, highlighting ongoing challenges in embedding proportionate, practical frameworks.

Practical steps:

  • Test yourself against the good and bad practice that the FCA has outlined. [1]  
  • Challenge whether your BWRA creates intelligence, or simply summarises what you already know – if it doesn’t provide additional insight, what purpose does it serve?

2. Large-scale redress and the return of historic harms

A major theme of 2025 has been regulatory action to address past harms. The insurance sector saw one of its largest redress exercises: around 270,000 motorists will receive £200 million following historic underpayments of total motor loss claims.[2] This has raised questions about whether similar issues may surface in home or travel insurance, particularly after the recent super-complaint.

The investment sector has been reviewing historic adviser charging practices, while the forthcoming motor finance redress scheme,[3] one of the most debated initiatives of the decade, has required firms to plan for significant operational and financial impacts.

Together, these developments reinforce a clear message: legacy failings are expensive and disruptive. Firms lacking proactive monitoring and strong governance, risk becoming the next redress case study.

Practical steps:

  • Challenge whether your fair value assessments are comprehensive, complete and up-to-date. 
  • Are you making the best use of the data that you have? For example, what have you done with complaints data to try and understand trends or take corrective action?

3. The FCA’s “reset” supervisory approach: softer tone, sharper tools

In early 2025, the FCA outlined a “reset” in its supervisory approach. Publicly, this appeared more proportionate and supportive of growth. However, beneath the messaging lies a noticeable shift toward targeted, assertive supervision.

The FCA continues to expand its use of analytics to identify harm earlier and intervene faster, often with limited prior engagement. Instead of broad thematic work, supervisors now conduct sharper, more focused interventions aimed at specific pockets of risk.

For many firms, this has meant fewer routine interactions but more demanding engagements when they occur. The “reset” has at times felt less like a softer approach and more like concentrated scrutiny driven by data and speed.

Practical steps:

  • Take information and data requests seriously. You can’t just “have a go” at a response, as the consequences of getting it wrong are severe. 
  • Assess whether your own internal data quality, capabilities and analytics is keeping up with that of the regulator. If not, you’re going to get caught out. 

4. Monzo enforcement action highlights risks of rapid growth

One of the year’s most visible enforcement moments was the FCA’s £21 million fine against Monzo for breaches of a Voluntary Requirement (VREQ). [4]

The VREQ had been imposed after the FCA identified weaknesses in onboarding, CRA, and transaction monitoring. 

Despite restrictions preventing the opening of high-risk accounts, Monzo estimates that over 34,000 such accounts were opened in a 22-month period.

For those seeking a gap analysis of the key issues, we co-produced a practical checklist on this enforcement action with the ICA, which is available to ICA members via the Learning Hub. [5]

This case reinforced a key FCA message heard throughout 2025: firms’ controls must keep pace with their growth. In Monzo’s case, rapid customer acquisition outpaced its ability to maintain compliant systems, resulting in significant regulatory consequences.

Practical steps: 

  • Do you know what your customer growth looks like? If it is significant, what story can you tell about the evolution of your control framework? Is it maturing at the same pace?
  • If you have a regulatory restriction in place, what steps have you taken to self-assure your compliance with it?

5. Barclays’ landmark fine as financial crime remains a core focus

Barclays was fined a total of £42 million by the FCA for two serious failings:

A £3 million fine for weak due diligence on WealthTek, which lacked permission to hold client money, exposing £34 million to potential misappropriation. [6]

A £39 million fine for failures in CRA, customer due diligence, enhanced due diligence, and monitoring for Stunt & Co, despite clear red flags, including links to Fowler Oldfield, later uncovered as central to a major money-laundering operation. [7]

By 24 November, total FCA fines reached £79.8 million, with 82% related to financial crime or market abuse

The Barclays case underscored the FCA’s sustained focus on systemic financial crime risks and the expectation that firms maintain robust, consistently applied controls. 

Again working with the ICA we have created a gap analysis checklist of this case, which ICA members can access on the Learning Hub. [8]

Practical steps:

  • This case is all about the basics. Are you really delivering good quality, consistent, informative due diligence, and can you prove it? Or are you just ticking boxes?
  • What really incentivises staff? Being compliant or client revenue? Again, how would you prove that your staff have the right incentives?

Taken together, the five most significant regulatory moments of 2025 reveal a landscape that is more intelligence-led, more interventionist, and less tolerant of outdated controls.

Firms that invest now in dynamic risk assessments, strong governance, and proactive monitoring will be best positioned to navigate the sharper regulatory expectations that have emerged throughout 2025 and will continue beyond.

What would you have included in the list of the top regulatory moments of the year? 

About the authors

Avyse Partners are experts in governance, financial crime and conduct risk. For more information on their services, including their regular gap analysis templates, visit www.avyse.co.uk