FCA Targeted Support and Compliance Updates

Unknown Speaker

Hello and welcome back to the B-Compliant Podcast. I’m Vicky Pearce, and as always I’ve got my brilliant co-host Rachel MacRae with me. Ready for another week of head-spinning regulatory change, Rach?

Rachel MacRae

Absolutely, Vicky, and you know what, it feels like the FCA's been saving up a pile of Handbook changes for us this week. If anybody tuned into our episode about FCA focus on persistent problems a few weeks ago, you’ll know these updates just keep coming. Today’s headline is all about the FCA’s CP25-26 consultation and the big push on what they’re calling “targeted support.”

Unknown Speaker

Yeah, CP25/26 has landed and, honestly, it's one of those consultations that covers a lot of ground—big changes proposed to multiple sourcebooks. We’re talking COBS, SYSC, DISP, COLL, FUND, ICOBS, SUP, and even a proper tidy-up of the glossary definitions. Basically, if it’s in the FCA Handbook, there’s a good chance it’s getting tweaked.

Rachel MacRae

I always have to check, like, six times that I haven't missed a section—they’ve snuck in updates everywhere! But the main push is around introducing this structured “targeted support” for consumers, right? So instead of firms only being able to give full-blown advice or stay at arm’s length, they’ll soon have more scope to give suggestions to groups with similar characteristics, all within a controlled, compliant framework.

Unknown Speaker

That’s exactly it. They don’t want firms stepping over into full advice unless they’re supposed to, but they’re clearly trying to close, what people call, the “advice gap.” So the FCA’s set out how things like charging, remuneration, and inducements fit into this, which is addressed in COBS 2.3, 6, and 9B, if anyone’s checking the fine print. I have to admit, at one point I got myself mixed up between which changes were actually mandatory and which were ‘if you want to’. Bottom line, though: firms aren’t forced to offer targeted support, but there is a clear steer—if you do, you’ve got to play by these new rules.

Rachel MacRae

Yeah, and they’re making sure cancellation rights and disclosure requirements for targeted support line up with those for personal recommendations under COBS 14 and 15. Oh, and management responsibilities—there’s a SYSC amendment so mapped roles under SMCR now formally cover targeted support obligations. Feels like they’re absolutely embedding this everywhere. Actually, do you remember when they overhauled complaint reporting for Consumer Duty? It’s the same vibe—they want targeted support cases logged in DISP 1, proper complaints included, so everything’s tracked up front.

Unknown Speaker

That’s a good point, Rach. It’s all about proportionate change, but every angle's covered. And let’s not forget the new SUP 16 reporting—the FCA wants data on product sales and retirement outcomes. That’s going to give them even more insight into what’s working for consumers and, you know, who’s toeing the line. Just so everyone’s clear, feedback is open until the 17th of October next year, and we should see the final statement and those rules published in December 2025, if all goes to plan. So, plenty of time to get familiar and have your say. Feels like we’ll be coming back to this again, doesn’t it?

Rachel MacRae

It does! It’s going to shape the next series of compliance checklists, I think! And, honestly, I bet we’ll see further clarifications along the way, so definitely not the last time we’ll be talking about it.

Rachel MacRae

Now, while we’re talking about the finer points of consumer protection and clarity, one area that's always felt a bit murky is cancellation rights around pensions and lump sums. The FCA’s latest statement gives fresh confirmation that just taking a Pension Commencement Lump Sum—your PCLS, often called the tax-free lump sum—doesn’t by itself trigger a cancellation right. I think sometimes people assume any movement with their pension lets them reverse the whole thing, but it’s not that simple, is it, Vicky?

Unknown Speaker

No it isn't, but the rules are pretty clear now—only specific contracts, like a pension transfer or joining a new personal pension, grant that statutory 30-day cancellation window. Just taking the PCLS from your pot isn’t covered by that. But what’s really interesting is how contract design comes into play. Some providers have everything—PCLS, drawdown, income—bundled into one contract, but other providers split them up. It’s not just an admin thing though, it shapes what rules kick in, especially around cancellation and tax consequences.

Rachel MacRae

That's right, and—well, I’m sure some will remember last year’s lump sum rush, when loads of people took their PCLS on the hunch there’d be budget changes. And then nothing actually happened... but reversing those lump sum decisions is often out of the question, and it brought unexpected tax headaches for some.

Unknown Speaker

Exactly, and firms really need to be upfront with clients about this. I know it sounds like we’re harping on, but speculative decisions in pensions rarely end well. It’s a timely reminder, especially ahead of the next budget, that you can’t always go back and “undo” these things like you can a streaming subscription or, you know, an online purchase gone wrong.

Unknown Speaker

Alright, shall we tackle the data protection breach news before we wrap up? The FCA’s recently published details on a case that’s got some interesting overlap between data privacy, fraud, and, well, let’s be honest, a few costly mistakes.

Rachel MacRae

Yeah, this is the Nicholas Harper case, isn’t it? Twenty-six, from Taunton. He pleaded guilty to encouraging or assisting a breach of the Data Protection Act—which on its own, only brought a fine, but it was all tied up with a bigger fraud ring that defrauded investors for more than £1.5 million.

Unknown Speaker

That's the one. Harper was acquitted of conspiracy to defraud and unauthorised business activity at retrial, so those bigger charges didn’t stick, but he still got a 100 pound fine and had to pay a 30 pound victim surcharge for the data breach. Meanwhile, the two main perpetrators, Raymondip Bedi and Patrick Mavanga, received a combined 12 years in prison for defrauding at least 65 investors. There’s even one more, Minas Filippidis, who’s still wanted by the authorities.

Rachel MacRae

It’s just such a strong reminder that data breaches—even if they’re not tied to finished fraud—are still a big deal, right? Criminal consequences and all. And, you know, this fits with a theme we keep coming back to, Vicky, about how critical robust client data handling is. I might sound like a broken record, but regular staff training—it’s non-negotiable!

Unknown Speaker

And you’re right, this isn’t really new, but it’s easy to get complacent if you haven’t seen a breach first-hand. The FCA expects nothing less than solid controls, regular checks, and making sure everyone in your business knows what they can and can’t do with client information. And don’t skip your Section 19 checks under FSMA—if you’re engaging with someone offering regulated services, make sure they’re properly authorised. Don’t just take their word for it.

Rachel MacRae

If listeners want a bit more on this, we did touch on these sorts of controls in episode eight when we talked about fraud and vulnerability. Worth a listen if you want the real-world angle. But here, the message just lands a bit harder, doesn’t it?

Unknown Speaker

Definitely. Well, that’s it for this week’s updates. We’ll keep you posted on how the CP25/26 proposals develop and flag any new data protection cases if they pop up. Rachel, always a pleasure to have your insights. I’ll see you next week?

Rachel MacRae

Always, Vicky! Wishing everyone compliance luck until next time. Thanks for joining us, and goodbye, Vicky!

Unknown Speaker

Bye, Rach, and goodbye to all our listeners. Stay compliant, and we’ll talk soon.