Major FCA Compliance Updates and What Firms Need to Watch

Unknown Speaker

Hello and welcome back to the B-Compliant Podcast! I'm Vicky Pearce and I'm joined as always by the fabulous Rachel MacRae. Rach, how are you today?

Rachel MacRae

Oh, I'm great, Vicky—thanks! And honestly a bit more paranoid than usual after what we've been seeing with these FCA lookalike emails. It’s getting wild out there, isn’t it?

Unknown Speaker

Seriously! You know, not that long ago it felt like these scam emails were a nuisance just for clients, but now firms—us included—are right in the firing line. Did you see the FCA’s numbers? Nearly 5,000 scam reports already in the first half of 2025. It’s a bit alarming.

Rachel MacRae

And what’s really unsettling is how sneaky they’re getting. Gone are the days of dodgy links and bad grammar—these are short, polite emails that… well, they almost lull you into thinking they’re genuine, right?

Unknown Speaker

Exactly! We actually had a couple of clients ring up recently about “FCA” emails that, at first glance, looked totally normal. Nothing flashy, nothing demanding—just, looking for a reply. Sort of harmless, but that’s the hook, isn’t it? The minute you respond, you’re basically confirming you’re a live target—they know the firm’s active and the email’s monitored, so that’s when you get the real attacks. It’s classic social engineering, honestly.

Rachel MacRae

Yeah, the trust-building bit. It reminds me of those old-fashioned confidence tricks, but now dressed up with creepy digital polish. And the thing is, they’re spoofing FCA email addresses! Like, I’ve seen “@fca.org.uk” on incoming messages and had to do a double take. Just goes to show how easy it is to fake an email domain.

Unknown Speaker

I know! And if you don’t pause and check, you can get caught out so easily. Actually, perfect example this week—Kyle, our Marketing Executive and the newest member to our team, got a message from a “Vicky Pearce.” whilst I was away on holiday. I thought he was winding me up for a second as he's only been with us for 2 weeks! But no, someone had spoofed my name and was asking for help with something weird. Thankfully, Kyle’s a cautious one—he checked the sender’s real address and spotted it a mile off.

Rachel MacRae

Kyle, absolute star! But it shows, doesn’t it? It’s not just clients or the compliance team who need to be on alert—everyone from reception to directors can be targeted, and all it takes is one slip.

Unknown Speaker

Yep, it’s a whole-firm effort now. I always say: if an FCA email lands in your inbox and you’re not a hundred percent sure, pause. Double-check the address, run it past compliance, or use the official FCA contact number from their website. Better to feel a bit silly than end up with a massive data breach on your hands.

Rachel MacRae

Absolutely, Vicky. And firm leaders need to set that tone too—support each other, encourage a bit of healthy scepticism, and make sure everyone knows it’s okay to ask before clicking “reply.” Small actions can save you a massive headache down the line.

Rachel MacRae

Speaking of saving headaches—let’s talk about the FCA finally getting rid of nil return submissions for REP008. I mean, can we just have a small round of applause for this new common sense approach from the regulator!

Unknown Speaker

Totally! For anyone who’s not been following—REP008 is all about reporting disciplinary actions for staff other than senior managers. Up ‘til now, if you’d got nothing to report, you still had to send in a nil return. That’s nearly 36,000 firms who can now just do nothing if there’s nothing to say. Definite progress!

Rachel MacRae

And it’s not just REP008. The FCA’s looking at more—there’s consultations on retiring REP022, which is the insurance pricing attestation, and updates to REP009 too. Plus, earlier this year, three other returns got cut altogether. It’s part of that Transforming Data Collection programme, right?

Unknown Speaker

Yeah, it really feels like they’re trying to make reporting proportionate—more focused on information that adds value, rather than ticking boxes. That’s what the FCA’s Jessica Rusu keeps saying: ask for what’s vital, cut the rest, and try to make compliance less of a grind for most firms. If the numbers are right, this round alone helps about 95 percent of authorised firms.

Rachel MacRae

It makes a nice change from the days when everything felt overengineered. But here’s the thing, Vicky: while making things simpler’s a big win, it’s easy to get caught out if you don’t keep up. So how do you make sure the team always knows what’s actually changed, especially when reporting requirements are shifting all the time?

Unknown Speaker

It’s tricky because half the problem is just information overload, isn’t it? For us, regular internal updates are a must. We keep checklists up to date, and—this is key—make sure someone’s responsible for each report, even if it’s just to confirm it’s not needed this time. Getting complacent is where mistakes creep in. The teams need to check the FCA feeds or be plugged into compliance forums. And, I know we sound like a broken record, but—ask for help if there’s any doubt! Especially with new stuff coming in, like the S165 requests that everyone’s scrabbling to finish before the deadline.

Rachel MacRae

Definitely! And as we pointed out a couple of episodes back, these changes aren’t about doing less compliance; it’s about smarter, more focused compliance. Keeping up with that pace is a challenge, but at least it’s a headache with a goal, right?

Unknown Speaker

Exactly. Less paperwork, more purpose. But do keep an eye on your inbox and your FCA portal because things are changing fast—and missing a requirement, even by accident, can come back to bite.

Unknown Speaker

Speaking of things that can bite… let’s talk about pension transfers and the latest FCA review. Loads of chatter at the moment about service times—life insurers especially, but it’s relevant for everyone. Rachel, you looked at those findings, didn’t you?

Rachel MacRae

I did, and it’s fascinating how much has changed—and how much hasn’t! Most life insurers are actually doing a solid job, with over three-quarters managing transfers within 20 days, often quicker if they’re using digital platforms like Origo. But, and it’s a big but, get a process stuck on manual, paper-based steps, and suddenly things move at a snail’s pace and cost the customer money. Not just lost time—missed annuity windows, admin fees, and general frustration. It really puts the spotlight on how vital process design is.

Unknown Speaker

And what stands out for me is how delays are sometimes linked to fraud checks—especially those “Amber” flags under the regulations. Necessary safeguards, yeah, but the FCA’s really clear: friction should have a positive, protective purpose, not become a barrier that makes people want to rip their hair out. Balance is everything.

Rachel MacRae

Right, positive friction—not pointless bureaucracy. The review really hammered home that these problems aren’t just theoretical. You always hear horror stories—clients waiting months for a transfer, benefits lost, confusion everywhere. Reminds me of some cases we saw a decade ago. Even though we’ve got better tools now, the lesson’s the same: you can’t let delays be the enemy of good service.

Unknown Speaker

Yeah, and the Consumer Duty principles are at the heart of this—support, avoiding foreseeable harm, keeping the customer informed. It might sound like legalese, but it’s actually quite practical: regular monitoring, being realistic about third-party slowdowns, making sure staff know the importance of communication. Even those of us not working in pensions every day can learn from it.

Rachel MacRae

Definitely—and that’s the key takeaway for other firms too. These principles—balancing efficiency with the right level of checks, supporting the customer, and using clear resources—aren’t just for pension transfers. They fit anywhere your firm handles significant decisions, or where customers might be vulnerable. Good practice is universal: monitor, communicate, adapt, and never forget the human side of compliance.

Unknown Speaker

Couldn’t agree more. And with things like the S165 deadline looming, now’s maybe the ideal moment to take a fresh look at your own processes. Can you spot the bottlenecks? Is everyone confident about what to do if they see harm or risk?

Rachel MacRae

Absolutely, Vicky. And on that note, I think we’ve covered quite a lot today! As ever, thanks for listening—remember, reach out if you need help with those looming deadlines, or if you just fancy a chat about best practices. Vicky, always a pleasure.

Unknown Speaker

Always, Rach! We’ll be back soon with more updates and a bit more Mancunian cheer. Until then—take care, everyone, stay savvy, and goodbye.