The Financial Conduct Authority (FCA) has entered a new era of enforcement; one defined by speed, strategic focus, and a recalibrated approach to transparency. That's the plan, anyway.

The regulator’s revised Enforcement Guide (ENFG), published in June 2025 as part of Policy Statement PS25/5, marks the most significant overhaul of its enforcement framework since 2007. For firms, this is not merely a procedural update; it is a signal of deeper regulatory intent, with practical implications for governance, culture, and risk management.

The FCA’s enforcement strategy is undergoing a deliberate transformation from a reactive, volume-driven model to a more strategic, outcome-focused approach. This shift is not simply operational. It reflects a deeper philosophical change in how the regulator views its role in shaping market behaviour.

Historically, the FCA (and its predecessor, the Financial Services Authority) has maintained a broad enforcement footprint, opening a high volume of cases across a wide spectrum of misconduct. Whilst this approach could be viewed as regulatory vigilance, it has often led to lengthy investigations, resource strain, and limited deterrent effect; particularly where outcomes have been delayed or not publicised. In contrast, the FCA’s refreshed strategy prioritises selectivity and speed. The regulator is more discerning about which cases it pursues, focusing on those that are likely to deliver maximum market impact, whether through precedent-setting outcomes, public education, or systemic reform. This is evident in several key developments:

• Case Selection Criteria: The FCA has raised the threshold for opening investigations. Cases are now assessed not only on the seriousness of the misconduct but also on their potential to deliver strategic outcomes such as reinforcing market integrity, protecting consumers, or deterring similar behaviour across the sector.
• Caseload Rationalisation: The number of open enforcement cases has dropped significantly from over 220 in early 2024 to around 130 by mid-2025. The FCA does not consider this a sign of regulatory retreat, but of targeted enforcement that concentrates resources on fewer, higher-impact cases, often involving senior management accountability, novel misconduct (e.g., crypto fraud), or cross-border dimensions.
• Accelerated Timelines: The FCA has committed to shortening the length of enforcement investigations, which have historically stretched over several years. Whilst some complex cases still exceed 60 months, the average length is falling. This reflects internal reforms, including better triage, earlier engagement with firms, and increased use of technology (e.g., AI-assisted document review and surveillance).
• Early Interventions Over Formal Action: The FCA is increasingly using non-enforcement tools such as skilled person reviews, voluntary/own-initiative requirements (VREQs/OIREQs), and supervisory engagement to address issues before they escalate. These interventions are often faster and more conducive to remediation, offering swifter means to protect consumers from misconduct and mitigate the risk of corporate collapse e.g., banning firms from writing new business and requiring assets to be retained. For firms, this means that regulatory scrutiny may arrive earlier but still have a significant impact on their commercial, legal, and reputational risk.
• Outcome-Oriented Enforcement: The FCA is also placing greater emphasis on the educational and deterrent value of enforcement. This includes publishing anonymised case summaries, issuing thematic findings, and using enforcement outcomes to inform future policy. The goal appears not just to punish wrongdoing, but to shape behaviour across the market.

This strategic shift has profound implications for firms. Enforcement is no longer a distant threat triggered only by egregious misconduct; it is now a strategic risk, embedded in the day-to-day regulatory relationship. Firms must be prepared for earlier engagement, faster timelines, and greater scrutiny of their governance, culture, and decision-making processes.

Moreover, the FCA’s focus on impact over volume means that firms operating in high-risk areas such as cryptoassets, consumer credit, or cross-border payments may face disproportionate attention. Similarly, firms with weak governance, poor documentation, or opaque decision-making structures may find themselves vulnerable, even in the absence of overt misconduct. In this new landscape, enforcement is not just about compliance, it is about credibility. Firms that can demonstrate proactive risk management, transparent governance, and a culture of integrity will be better positioned to navigate regulatory scrutiny. Those that cannot may find themselves under the spotlight.

The new ENFG introduces several structural and procedural reforms:

• Scoping Meetings: The FCA no longer presumes that a scoping meeting will be held at the outset of an investigation. Instead, the decision to hold such a meeting will be made on a case-by-case basis. However, where a subject requests a scoping meeting, the FCA will generally agree to one. The amendments is intended to give the FCA and subjects more flexibility as scoping meetings may not be necessary in all cases.
• Private Warnings: Private warnings have been removed entirely from ENFG, the FCA stating they were non-statutory, non-binding, and not subject to challenge, which created confusion and inconsistency in their use. The regulator concluded that private warnings did not align with its commitment to transparency and accountability, and that their continued use risked undermining confidence in the enforcement process. The FCA considers the objectives of a private warning can be met through communicating the issues to the relevant firm or individual, along with our expectations of what they should do to address those concerns (it has done this over the past few years through correspondence with the firm or individual).
• Limited Waiver: The FCA has clarified its position on accepting firms’ internal investigation reports where legal professional privilege is maintained but waived on a limited basis. While the regulator continues to accept such reports under limited waiver arrangements, it emphasises that this clarification does not represent a departure from its established practice.
• Legal Representation at Compelled Interviews: ENFG now expressly provides that the FCA may decline to permit a specific legal adviser to attend a compelled interview if their presence could compromise the integrity of the investigation e.g., due to a conflict of interest or other prejudicial factors.
• Streamlining and the Risks of Over-Simplification: One of the most striking features of ENFG is its dramatic reduction in length; over 250 pages have been removed. The previous version (ENF) had grown incrementally over time, accumulating layers of procedural detail, legacy content, and explanatory material. While comprehensive, it was often criticised for being dense and difficult to navigate, particularly for firms trying to understand the FCA’s expectations in real time. The new version is leaner and more principles-based, with less procedural prescription and more emphasis on regulatory discretion. The FCA has framed this as a move toward clarity and flexibility, allowing it to tailor its approach to the facts and context of each case, rather than being bound by rigid process.
• However, this shift has not been without criticism. Some in the legal and compliance community have expressed concern that the removal of detailed guidance may reduce transparency and make it harder for firms to understand what is expected of them during an investigation. In particular, the absence of procedural detail around matters such as settlement discussions, interview protocols, and case progression may create uncertainty, especially for firms or individuals unfamiliar with the FCA’s enforcement style. 
• There is also a risk that the increased reliance on discretion could lead to inconsistency in approach, or at least the perception of it. Without clear benchmarks or procedural safeguards, firms may feel less confident in navigating investigations or challenging decisions. For firms, the practical implication is clear: whilst ENFG is now arguably easier to read, it also places a greater burden on firms to interpret the FCA’s likely approach based on experience, precedent, and informal engagement. Legal and compliance teams will need to rely more heavily on external counsel, industry insight, and regulatory dialogue to fill the gaps left by the deleted content. In short, the streamlined guidance reflects a regulator that wants to be faster and more focused, but it also signals a shift in the regulatory relationship; one that may be less predictable and more dependent on judgment than before.

Most notably, the FCA has revised its publicity policy. Following industry backlash, it abandoned its proposal to name firms under investigation based on a broad “public interest” test. Instead, it retained the existing “exceptional circumstances” threshold, with three new exceptions:

• Proactive announcements for suspected unauthorised or criminal activity.
• Reactive confirmations where investigations are already public.
• Anonymised case summaries to educate the market and deter misconduct.

This more measured approach balances transparency with fairness, but as noted above firms should still prepare for earlier reputational exposure in certain cases.

The FCA’s enforcement toolkit is also evolving alongside technology. Its AI Lab, launched in late 2024, is already being used to enhance market abuse surveillance, detect anomalies, and reduce false positives. Firms should consequently expect the regulator to be more data-driven and forensic and should consider mirroring these capabilities internally.
Crypto enforcement is also entering a new phase. The FCA’s Consultation Paper CP25/25 proposes a comprehensive regime that will bring cryptoasset activities under the same standards as traditional financial services. This includes:

• Mandatory FCA authorisation for crypto firms.
• Application of core Handbook rules (e.g. PRIN, SYSC).
• Enhanced governance, operational resilience, and conduct obligations.

With final rules expected in 2026, firms should begin aligning their frameworks now. Enforcement risks for crypto firms, particularly around AML, consumer protection, and financial promotions, remain high.

Perhaps the most profound development on the enforcement horizon is the FCA’s formal recognition of non-financial misconduct (NFM) as a regulatory concern. Following its July 2025 policy statement (CP25/18), the FCA will extend its Code of Conduct (COCON) rules to cover serious personal misconduct, including bullying, harassment, and violence, across 37,000 non-bank firms from September 2026.

Key features of the proposed framework include:

• COCON 1.1.7FR: Clarifies that serious personal misconduct can breach the FCA's Conduct Rules (COCON).
• FIT: Even outside of the work context, conduct can impact on a person's fitness and propriety assessment.
• Regulatory references: Firms must disclose substantiated NFM in references.
• Draft guidance: Under consultation, to help firms assess fitness and propriety, including conduct in personal life or on social media.

This marks a significant cultural shift. Should the proposals be implemented, firms will need to treat workplace behaviour as a matter of regulatory compliance and not just HR policy.

The FCA’s evolving enforcement strategy demands a recalibration of how firms manage risk, culture, and regulatory engagement. Key priorities include:

• Governance and Documentation: Firms should ensure that decision-making processes are well-documented and defensible. With faster investigations and fewer scoping meetings, the burden of proof may shift earlier in the process.
• Internal Investigations and Surveillance: AI-driven tools are no longer optional. Firms should invest in technology that can detect misconduct, support remediation, and withstand regulatory scrutiny.
• Reputation Management: The revised publicity policy means firms may be named earlier. A robust crisis communications plan is essential, especially for firms operating in high-risk sectors.
• Culture and Conduct: Compliance training must now address values, ethics, and behaviour. Firms should review whistleblowing procedures, grievance handling, and social media policies.
• Crypto Readiness: Firms engaging in crypto activities should begin preparing for FCA authorisation and aligning with proposed Handbook rules. Enforcement will be unforgiving where consumer harm is involved.
• Cross-Border Coordination: With increasing global cooperation, firms must be prepared to navigate multi-jurisdictional investigations and differing regulatory expectations.

The FCA’s enforcement evolution is not just about rules, it is about regulatory philosophy. Firms that understand this shift and respond proactively will be better placed to manage risk, protect reputation, and build trust.