FCA’s anticipated priorities for banks

As 2026 begins, UK banks face an evolving regulatory landscape shaped by the FCA’s anticipated priorities. The FCA’s agenda is expected to span consumer protection, financial crime, technological innovation, operational resilience, and sustainability, with significant implications for banks’ compliance frameworks and strategic planning.

This horizon-scanning article considers the FCA’s likely areas of focus for 2026 and assesses how these themes may affect banks operating in the UK financial services market.

Strengthening consumer protection and fair value

From compliance to outcomes under the Consumer Duty

A central FCA priority in 2026 will be ensuring that consumers are treated fairly and receive “fair value” from banking products. The Consumer Duty, which raised conduct standards in 2023, has moved beyond initial implementation into a phase of embedding, supervision, and more assertive regulatory challenge. 

As a result, banks are expected to demonstrate not only technical compliance with the Duty, but clear and measurable improvements in customer outcomes. The FCA is likely to scrutinise areas such as pricing structures, fees, and product terms to assess whether customers, particularly longstanding and vulnerable customers, are being disadvantaged. 

The regulator has repeatedly highlighted concerns around the “loyalty penalty” in the savings market, where long-time savers receive materially poor interest rates than new customers, and has made clear that such practices are inconsistent with the fair value outcome. 

In mid-2023, the FCA set out an action plan for banks and building societies aimed at ensuring interest rate rises were passed on to savers and that better deals were made available to existing customers. By 2026, the FCA will expect firms to demonstrate sustained progress in this area, supported by robust data and governance. Banks that fail to improve their savings products, pricing practices, or customer communications are likely to face supervisory escalation and, where appropriate, regulatory intervention.

Expanding the scope of consumer credit regulation

The FCA’s consumer protection drive in 2026 will also extend to previously unregulated credit products. Most notably, Buy-Now-Pay-Later (BNPL) arrangements – referred to by the FCA as Deferred Payment Credit (DPC) - will come fully under FCA regulation from 15 July 2026.

Banks and other lenders (including fintech partners) that offer deferred-payment or interest-free instalment credit will need to comply with the full suite of consumer credit rules. These include clear pre-contract disclosures, proportionate affordability and creditworthiness checks, and consumer access to the Financial Ombudsman Service. 

This change is part of a broader effort to modernise and simplify the UK’s consumer credit framework and align it with FCA regulatory standards. While firms prepare for the regime’s commencement, the FCA has emphasised that firms must be ready to demonstrate robust governance and customer outcomes in this newly regulated space.

Banks that fail to integrate BNPL products into compliant consumer credit frameworks –including meeting the FCA’s outcomes-focused expectations – risk supervisory challenge or enforcement action.

Tackling financial crime and fraud

AML, sanctions, and fraud in the spotlight

Combating financial crime will remain a core FCA priority for the UK banking sector in 2026. Banks can expect continued and, in some areas, intensified scrutiny of their anti-money laundering (AML) frameworks, sanctions compliance, and fraud prevention controls, as the FCA seeks to reduce the risk of financial services being used for criminal purposes. 

The regulator is increasingly focused on intelligence-led supervision, enhanced data analytics, and closer coordination with partner agencies, including the National Crime Agency, to identify emerging threats and systemic vulnerabilities. In this environment, firms will be expected to demonstrate robust and well-governed customer due diligence processes, effective sanctions screening, and proportionate but sophisticated transaction monitoring arrangements.

The FCA has signalled that it expects firms to move away from overly manual or reactive controls and towards more automated, risk-based monitoring and analytics capable of identifying and mitigating financial crime risks at pace. Suspicious activity reporting, escalation processes, and senior management oversight will remain key areas of supervisory focus.

While recent enforcement action has highlighted weaknesses in fast-growing payment firms and e-money institutions, banks should not assume they are immune from scrutiny. Any material deficiencies in a bank’s AML framework or sanctions controls, particularly where risks have crystallised or persisted, are likely to trigger supervisory escalation and, where appropriate, enforcement action.

Preventing scams and protecting customers

Preventing financial crime increasingly means protecting consumers from fraud.

Authorised Push Payment (APP) fraud, where individuals are deceived into transferring funds to scammers, has been a significant and persistent harm across the UK payments landscape. New industry reimbursement requirements, introduced through changes to the payment services framework and supported by regulators, now require banks to reimburse most victims of APP fraud, materially shifting incentives towards earlier and more effective prevention.

By 2026, the FCA will expect banks not only to respond appropriately when scams occur, but to take proactive steps to prevent them and to ensure victims are treated fairly. This raises the bar for fraud risk management, including stronger customer verification processes, effective use of tools such as Confirmation of Payee, and more sophisticated transaction monitoring and analytics capable of identifying scam activity before payments are executed.

Alongside systems and controls, the FCA is likely to focus on how banks communicate with customers, including the quality of warnings, friction points in payment journeys, and education around common scam typologies. Where fraud does occur, firms must handle affected customers with real care and ensure reimbursement is provided promptly where required, supported by clear escalation and complaints processes.

Overall, the FCA’s stance is that banks must take a preventative, outcomes-focused approach to fraud risk. Boards and senior managers should prioritise regular, structured reviews of scam prevention and financial crime controls to ensure they remain effective and that no material weaknesses are left open for exploitation.

Fostering innovation and ensuring competition

Encouraging Fintech and new entrants – with high standards

The FCA continues to see innovation as a key driver of competition and growth in financial services, and supporting new entrants will remain an important theme in 2026.

As the UK seeks to retain its position as a leading global fintech hub, the FCA is expected to maintain initiatives such as its regulatory sandbox and enhanced pre-application engagement, alongside ongoing efforts to improve the efficiency and transparency of the authorisation process for challenger banks and other innovative firms.

At the same time, the regulator has been clear that innovation must operate within the same high conduct and prudential standards expected of established institutions. New products and business models are not exempt from regulatory expectations around consumer protection, financial resilience, and governance.

In 2026, the FCA is likely to remain closely engaged with emerging technologies and business models, for example by refining expectations for peer-to-peer lending platforms and providing further clarity on how firms operating in the crypto asset space can comply with existing and forthcoming regulatory requirements.

Established banks should anticipate continued competitive pressure from fintech firms and digital challengers. 

However, they should also note the FCA’s secondary objective to support the international competitiveness and growth of the UK economy. This objective is increasingly shaping the FCA’s approach, with a conscious effort to balance robust regulation against the need to avoid unnecessary barriers to entry. In practice, this may translate into clearer guidance, earlier regulatory engagement, and more proportionate supervisory approaches, provided that consumer protection and market integrity are not compromised.

Crypto assets and AI under regulatory oversight: 

Technological innovation continues to introduce new and evolving risks that the FCA is preparing to address. Crypto assets are a prominent example: while the FCA recognises potential use cases for technologies such as stablecoins and tokenised securities, it has consistently highlighted concerns around consumer harm, market integrity, and financial stability. 

By 2026, the UK is expected to have a more comprehensive regulatory framework in place for crypto asset activities such as trading, custody and issuance. In advance of this, the FCA has continued to assert its existing powers, most notably through its financial promotions regime and AML registration requirements for crypto firms. The regulator has also signalled expectations around governance, operational resilience, and the safeguarding of client assets, particularly for firms seeking to scale or integrate with the wider financial system.

Banks that are exploring crypto-related services, whether directly or through partnerships with crypto firms or technology providers, will need to navigate this evolving landscape carefully. This will require robust due diligence on counterparties, clear risk appetite statements, and readiness to comply with new authorisation and prudential requirements as they come into force.

Artificial intelligence (AI) in financial services

The FCA is increasingly focused on the use of artificial intelligence and advanced analytics across financial services, and this focus is expected to intensify into 2026. While the regulator recognises the potential benefits of AI in areas such as fraud detection, credit assessment, customer service, and operational efficiency, it has been clear that firms remain fully accountable for the outcomes generated by AI-enabled processes.

Banks deploying AI and machine learning tools can expect heightened supervisory scrutiny of governance and risk management arrangements. Key areas of focus are likely to include model risk management, data quality, transparency and explainability of automated decisions, and the potential for bias or consumer harm.

This is particularly relevant where AI is used in sensitive areas such as lending, pricing, and decisions that directly affect customer outcomes. The FCA has emphasised that such systems must be subject to appropriate human oversight and robust challenge, rather than operating as 'black boxes'.

Rather than introducing standalone AI regulation in the near term, the FCA is expected to apply existing regulatory frameworks rigorously to AI-enabled activities. This includes the Consumer Duty, SMCR, and operational resilience requirements, all of which reinforce expectations around accountability, governance, and fair treatment of customers. Firms will need to demonstrate that AI adoption is aligned with these obligations and that risks are actively identified, monitored and mitigated.

Overall, the FCA’s pro-innovation but pro-consumer stance means that banks will be encouraged to adopt AI in a controlled and responsible manner. Those that can evidence strong governance, clear ownership, and a continued focus on customer fairness and market integrity will be best placed to meet regulatory expectations as AI becomes more embedded across the banking sector.

Enhancing operational resilience and stability

Proving resilience in practice

After several years of preparation, 2026 is likely to represent a critical test of banks’ operational resilience frameworks. By March 2025, firms were required to have identified their important business services, set impact tolerances for disruption, and be able to remain within those tolerances in the event of severe but plausible incidents.

Looking ahead to 2026, the FCA, working closely with the PRA is expected to intensify supervisory scrutiny to assess whether firms can demonstrate that their resilience arrangements operate effectively in practice. This is likely to include closer review of scenario testing, management information, and firms’ ability to evidence lessons learned from disruptions and near misses.

Regulators will pay particular attention to risks capable of undermining consumer confidence or financial stability, such as major IT outages, payment system failures, and cyber-attacks. The FCA has been clear that firms should be capable of withstanding operational failures and cyber incidents without causing unacceptable harm to customers or markets.

For banks, this means ensuring that business continuity and disaster recovery arrangements, backup systems, third-party dependencies, and cyber defences remain robust, well tested, and up to date. Boards and senior management should be regularly reviewing resilience metrics, testing outcomes, and incident response plans. Where disruptive incidents do occur, regulators will expect timely transparency, effective remediation, and clear evidence that lessons have been embedded to reduce the risk of recurrence.

Outsourcing and third-party risks

Regulators are sharpening their focus on the risks banks face from reliance on third-party service providers, particularly where those providers support critical services such as cloud computing, core banking platforms, and payment processing. Legislative changes introduced through the Financial Services and Markets Act 2023 enable HM Treasury to designate certain third-party providers as “critical”, bringing them within a new regulatory oversight regime operated by the FCA, PRA, and the Bank of England.

By 2026, the first designations of critical third-party providers are expected, increasing scrutiny of how banks manage outsourcing and wider third-party dependencies. While the regime does not transfer responsibility for resilience to the providers themselves, banks will be expected to demonstrate that their outsourcing arrangements, contractual protections, and exit planning are sufficiently robust to manage severe but plausible disruption at a critical supplier.

Firms should proactively engage with key third-party providers to assess resilience, including downtime scenarios, concentration risk, and substitutability. The FCA has made clear that it will not view third-party failures as an acceptable explanation for prolonged service disruption or consumer harm. Banks that cannot recover swiftly from supplier outages or technology failures are likely to face supervisory challenge.

In this context, outsourcing and third-party risk management is firmly a board-level issue. Regulators expect banks to be able to maintain continuity of important business services and preserve market confidence, even in the face of global uncertainty, operational disruption, or failures at critical suppliers.

Driving ESG and sustainable finance

Crackdown on greenwashing; better disclosure

Environmental, social, and governance (ESG) issues are now firmly embedded as a mainstream regulatory priority. By 2026, the FCA is expected to be firmly focused on embedding and enforcing its Sustainability Disclosure Requirements (SDR) regime, alongside its broader anti-greenwashing agenda. The aim is toensure that consumers and investors receive clear, consistent, and decision-useful information about the sustainability characteristics of financial products, and that misleading or exaggerated claims are eliminated.

The FCA has repeatedly emphasised that sustainability-related disclosures and marketing claims must be clear, fair, and not misleading, and supported by robust governance and evidence. For banks, this has practical implications where they manufacture, distribute, or market “green”, “sustainable”, or ESG-linked products, such as green bonds, sustainability-linked loans, or ESG-branded investment offerings. Firms will be expected to ensure that sustainability claims are underpinned by credible data, clearly defined criteria, and effective oversight, and that marketing materials accurately reflect the product’s characteristics and limitations.

Alongside product-level disclosures, banks can expect continued regulatory focus on climate-related risk reporting and governance. While current requirements are aligned to the Task Force on Climate-related Financial Disclosures (TCFD), the FCA is expected to oversee a transition towards the UK’s Sustainability Disclosure Standards, based on the International Sustainability Standards Board’s frameworks, as these become embedded in UK regulation. Firms that fail to substantiate sustainability claims or demonstrate credible ESG governance risk supervisory challenge and potential enforcement action.

Expanding the ESG regulatory perimeter

The drive for credible sustainable finance is also leading to an expansion of the ESG regulatory perimeter. In particular, the UK government has announced plans to bring providers of ESG ratings and related services within the scope of FCA regulation. These firms, which assess and score the ESG characteristics ofcompanies and financial instruments, play an increasingly influential role in capital allocation and risk assessment across financial markets. 

Under the proposed regime, which is expected to take effect around 2026, ESG ratings providers are likely to be required to seek FCA authorisation and comply with conduct and governance standards. These are expected to include requirements around transparency of methodologies, management of conflicts of interest, and the robustness and consistency of underlying data. The aim is to improve confidence in ESG ratings and reduce the risk of misleading or inconsistent assessments undermining sustainable finance objectives.

For banks, the regulation of ESG data and ratings providers may improve the overall quality and reliability of information available in the market. However, it will not remove the need for firms to exercise appropriate oversight and due diligence over the ESG data, scores, and benchmarks they rely on for risk management, disclosures, and product design. Banks will remain responsible for how ESG inputs are used within decisionmaking and customer-facing communications.

More broadly, the FCA’s expanding focus on sustainability reinforces the expectation that ESG considerations are embedded within banks’ governance, risk frameworks, and business strategies. Firms that fail to integrate ESG risks and impacts effectively may face supervisory challenge or reputational harm, while those that can demonstrate credible governance and responsible practices are likely to be better positioned as sustainable finance regulation continues to mature.

Conclusion: Preparing for a year of higher standards

The FCA’s anticipated priorities for 2026 point to a regulatory environment in which standards are being raised across the banking sector. UK banks will need to maintain a sustained focus on customer outcomes, ensure robust defences against financial crime, embrace innovation while managing emerging risks, strengthen operational resilience, and embed credible ESG governance and disclosures. Many regulatory initiatives that have been developing over recent years, from the Consumer Duty to sustainability disclosure requirements, are expected to crystallise in 2026, making it a pivotal year for implementation, supervision, and accountability.

To prepare for this environment, banks should take proactive steps now. This includes reviewing products, pricing, and fees against fair value expectations; investing in enhanced fraud prevention and AML capabilities; monitoring fintech, crypto asset, and AI regulatory developments; stress-testing business continuity and resilience arrangements against severe but plausible scenarios; and improving ESG data, controls and reporting processes.

Constructive engagement with the FCA will also be critical, including transparency around challenges, evidence of progress, and participation in consultations on emerging regulatory frameworks. 

Ultimately, banks that view the FCA’s priorities not merely as compliance obligations but as drivers of improved governance, risk management, and customer outcomes will be best placed to build trust with regulators and customers alike. In an era of heightened regulatory expectations, those institutions that embed these priorities into their strategy and culture will be best positioned to succeed in 2026 and beyond. Our financial services sector team are available to discuss these themes affecting banks and other debt providers.