FCA Insights: Sector Consolidation, Data Protection, and ESG Regulation

Unknown Speaker

Hello everyone, welcome back to the B-Compliant Podcast. I’m Vicky Pearce and I’m here with Rachel MacRae – hope you’ve all got a cuppa and are ready for another round of regulatory chat! Today, the FCA’s latest multi-firm review really caught our eye—there's lots of rumblings about consolidation in the advice and wealth sector at the minute, aren’t there?

Rachel MacRae

There are, Vicky! You know, this sort of feels like Groundhog Day sometimes with the amount of noise we get about M&A in financial services, but this FCA review’s a bit different, isn’t it? There are some positives for once—stronger governance, more resilient firms, even some efficiency gains when things are done properly. It’s not always doom and gloom.

Unknown Speaker

No, it’s not thankfully! The FCA seems to be saying, yeah, consolidation can work, but only if it’s properly managed. I liked their focus on the importance of robust due diligence—actually checking what you’re buying before you sign on the dotted line, rather than just going on a wing and a prayer. Some firms were highlighted for having clear group structures, proper governance frameworks, and even independent board members giving pushback. That’s the sort of thing we’re always banging on about.

Rachel MacRae

That’s true! And honestly, the firms that do this well don’t just stop with the acquisition. They pour energy into the integration, aligning systems, advice processes, all the boring stuff no one wants to talk about... But it does seem like the ones with a dedicated integration lead—someone who’s thinking about how to bring teams together and keep service standards high—those are the groups that avoid the biggest headaches later on. You can tell when a consolidator’s taken their time versus just ticking boxes and moving on to the next deal.

Unknown Speaker

Yeah, but not all roses, is it? Some of these groups are just piling debt on top of debt, sometimes short-term debt, and the FCA’s worried that if the music stops, they won’t be able to cover the bills. The review flagged companies relying on intragroup loans and, well, that’s just robbing Peter to pay Paul. There were also a lot of gaps with risk assessment at the group level—ICARA assessments that skim over what happens if things go wrong across the group, not just in one bit of the business.

Rachel MacRae

And don’t forget the scaling side. There were loads of firms flagged for not updating systems, controls, and their governance as they got, bigger and more complicated. A classic case of ‘what got you here won’t get you there.’ Oh, and, Vicky, one that always gets me—those conflicts of interest where firms effectively incentivise their advisers to move clients into their own products. It’s, um, sort of a Consumer Duty car crash waiting to happen.

Unknown Speaker

Yeah, spot on. And the FCA’s not making up new rules here—these expectations are all written down already: good governance, prudent debt, transparency, all the usual: Principles, MIFIDPRU, Consumer Duty. It’s just a case of firms having to step up and benchmark what they’re actually doing, especially with all this change. I mean, we’ve worked with both small and large consolidators and—honestly—the smaller ones massively underestimate the time and resource integration takes. If you haven’t got a plan, you’re gonna feel the pain! But when you get it right, you support clients and staff, and that’s what matters.

Rachel MacRae

So true, and I think it’s worth saying—there are consolidators who are managing this really responsibly. Some are using debt for the right reasons, keeping governance front and centre, and not going too fast, just quietly building on quality. That’s the model the FCA’s nudging towards: growth that’s sustainable for the long term, not just headline numbers and then a mess to clean up three years later.

Rachel MacRae

Switching gears a bit, this week also saw the FCA’s first-ever prosecution under the Data Protection Act 2018. That’s a real turning point. Did you see the details, Vicky? A chap called Luke Coleman pleaded guilty to unlawfully disclosing customer data from Virgin Media O2—and it all ended up fuelling a nasty boiler room fraud.

Unknown Speaker

Yeah, it’s a sobering one, isn’t it? The guy sold client info to a family friend and that was then used for a much wider crypto investment scam. Sort of brings home how data isn’t just an operational issue—it’s absolutely at the heart of client trust. The FCA fined him, made him pay costs… but really, it’s the impact on the people whose data he sold that matters. We’re always reminding firms—treat data like any other client asset. If you drop the ball there, the consequences are massive.

Rachel MacRae

Exactly! And it’s a good nudge for firms: time for a spring clean of your controls. Are your systems tight enough to prevent unauthorised access or disclosure? And I mean checking, not just assuming! Has your ICO registration actually been kept up to date, or did someone submit it three years ago and forget about it? It’s so easy for that stuff to fall between the cracks unless someone’s got ownership of it.

Unknown Speaker

Yes, and you can have all the paperwork in the world, but what actually matters is whether people understand and follow the rules. That’s about culture. Regular staff training, keeping people awake to their responsibilities—especially around data and, let’s be honest, Bring Your Own Device (BYOD) policies—devices wander all over the place, and it’s so easy to miss something unless you’re vigilant. Are people really using those policies, or just ticking off the training and doing their own thing anyway?

Rachel MacRae

It’s got to be ongoing, hasn’t it? Spot checks, audits, the odd mystery shop—I know it sounds a bit MI5, but honestly, that’s how you show that your controls aren’t just a box-ticking exercise. And if the FCA’s now prosecuting individuals, that’s a sign: personal accountability for data breaches is only going to get tougher from here. Firms—don’t wait for a near miss; get your house in order now!

Unknown Speaker

Right. If you need a bit of help reviewing your data protection setup—policy writing, systems reviews, or just a sanity check for peace of mind—give us a shout, we’re happy to jump in. Oh, and don’t be shy about using this case as a training example for your staff. Sometimes real-world stories stick better than another PowerPoint slide on GDPR.

Unknown Speaker

Now, the other big bit of news, and this’ll make the ESG crowd sit up: the government’s just brought ESG ratings providers into the FCA’s remit. That’s a big step, given how much these ratings are shaping investments now. Rach, you love talking about sustainability—what do you make of this?

Rachel MacRae

Oh, you know me, Vicky, any chance to get stuck into ESG! This move is about making ratings more transparent and reliable—and we’ll finally get some proper standards, which is honestly long overdue. We’re expecting FCA consultations before the end of 2025 on stuff like governance, systems, conflicts of interest—making sure the playing field’s fair and investors aren’t left scratching their heads about what a rating actually means. Plus, they’re bringing in the IOSCO standards, so it’s all going to be aligned internationally.

Unknown Speaker

And speaking of regulatory alignment, the FCA’s just published Handbook Notice 134—some practical changes here for investment firms. Top of the list: MiFID rules will now sit right there in the FCA Handbook, making compliance a little easier to navigate. There are tweaks too, like dropping the 10% portfolio drop notification for Exempt Article 3 firms—so fewer unnecessary alerts, thank goodness. Oh, and electronic communication is now the default for clients, so that’s one less paper mountain to worry about.

Rachel MacRae

Yeah, streamlining’s the theme, isn’t it? We’ve also got a new capital definition coming in April 2026—with the MiFIDPRU 3 changes—though, importantly, capital levels stay put. It’s mainly about making things neater for reporting. And then don’t forget, we’ve got proportional tweaks to the Remuneration Codes (SYSC 19D) as well, after October, which should make the UK a bit more competitive internationally—but again, it’s all in the name of clarity and making things a bit easier for firms to interpret.

Unknown Speaker

So, practical takeaways: now’s a perfect time to assess your documentation—does it reflect all these Handbook changes, do your systems match up, and are you on top of ESG? It’s a lot, but better to prepare now than scramble later, especially with compliance cycles getting tighter each year. The big message for firms is: don’t wait till Q1 2026 to start updating—get your ducks in a row well in advance.

Rachel MacRae

And as ever, don’t be afraid to reach out for help—whether that’s with ESG, due diligence, data, governance, or just trying to spot the gaps in your setup before the regulator does! That’s it for today’s episode—thanks for listening in, everyone.

Unknown Speaker

Thanks, Rachel! And thanks to all of you for joining us. We’ll be back soon with more regulatory updates and (hopefully) a few more good practice stories to balance out the doom and gloom. Take care and see you next time!

Rachel MacRae

See ya, Vicky! Bye everyone—let’s keep compliance simple and just a little bit more fun. Bye for now!