We’re witnessing something we haven’t seen since the financial crisis: a genuine regulatory pivot towards growth. The new government’s commitment to making financial services a cornerstone of economic growth has fundamentally changed the conversation between regulators and industry.
The Chancellor’s letters to the FCA and PRA in January, following her November Mansion House speech, weren’t just political rhetoric. They’ve translated into concrete regulatory change at a pace that’s testing even the most experienced compliance teams. The FCA’s response was swift. Their five-year strategy published in March and the Annual Work Programme in April made it explicit: they’re becoming a “smarter regulator” focused on supporting growth whilst maintaining standards.
We’re now seeing the practical implications of that commitment, with consultation papers, policy statements, and new regimes arriving at an intensity we haven’t experienced for years. For those of us leading compliance functions, the challenge isn’t just keeping up with individual changes but understanding how they fit together and what they mean for how we operate.
The Year So Far: More Change, Faster
The pace of regulatory development in 2025 has been relentless. Every month seems to bring significant announcements, and the pattern is clear: the FCA is delivering on its promise to move faster.
CASS 15
CASS 15 moved from consultation to final rules in August. Payment and e-money firms now face the full weight of CASS requirements from May 2026. This isn’t a tweak to existing guidance. It’s bringing an entire sector into mandatory segregation, daily reconciliation, governance frameworks, and annual audit requirements. The FCA published this with a nine-month implementation window, which tells you something about their expectations for firms’ readiness.
The Advice Guidance Boundary Review
The Advice Guidance Boundary Review has accelerated dramatically. What felt like a long-term project in 2024 became concrete policy in 2025. June brought detailed proposals for targeted support. The Treasury published draft legislation in July. Final rules are due in December, with the authorisation gateway opening in March 2026. That’s consultation to implementation in less than a year for a regime that fundamentally changes how firms can interact with retail customers.
Digital Assets Regulation
Digital assets regulation has been in discussion for years, but 2025 is when it became real. April’s draft legislation from the Treasury created the framework. The FCA followed with a series of consultations through the summer and autumn, with September’s CP25/25 making it clear that crypto firms will face the full Handbook. The authorisation gateway opening in late 2026 gives firms roughly 18 months from announcement to implementation. That’s ambitious for a completely new regulatory regime.
The Certification Regime
In July, Treasury, the FCA, and the PRA simultaneously published consultations on SMCR, proposing to reduce the regulatory burden by 50%. The Certification Regime could be removed from legislation entirely. Fewer roles would need pre-approval. The prescriptive requirements around Statements of Responsibilities would become principles based. The consultation closed in October, and we’re expecting a final policy mid-2026. But make no mistake: lighter regulation doesn’t mean SMCR becomes less important. If anything, it requires more maturity from firms to maintain proper governance without prescriptive rules telling them how.
What This Means for Compliance Leaders
If you’re running a compliance function, you’re dealing with two challenges simultaneously. First, implementing specific regulatory changes on tight timelines. Second, recalibrate how you approach compliance in an environment where the regulator wants to reduce burden but expects higher standards from firms that “do the right thing.”
The traditional compliance playbook doesn’t quite work anymore. You can’t just wait for final rules and then implement them. The FCA expects engagement during consultation. They’re explicitly using industry feedback to shape policy, and the firms that engage constructively will understand the rules better and implement them more effectively. Your voice in consultations isn’t a nice-to-have. It’s part of strategic compliance management.
You also need to think differently about regulatory relationships. The FCA’s “smarter regulator” approach means less intensive supervision for firms that demonstrate good practice, but more assertive intervention when things go wrong. Your relationship with your supervisor matters more than ever. They need to understand what you’re doing well. Don’t wait for them to ask.
The Four Priority Areas for the Next Quarter
Against this backdrop, four areas demand immediate attention and strategic thinking, not just tactical implementation.
CASS
CASS is becoming more important, not less, even as other areas see lighter touch regulation. The FCA has made client asset protection a red line. If you’re a payment or e-money firm facing CASS 15, you’ve got until May 2026, but that timeline is tighter than it looks. You need to assess current practices against new requirements, identify gaps, design new systems and controls, build reconciliation processes that work daily, prepare resolution packs, and engage auditors. That’s not six months of work. Start now if you haven’t already.
For all CASS firms, this is the moment to get serious about “total capture.” The FCA expects you to understand every place in your business where CASS applies. That means desk-by-desk reviews, not just policy documentation. Ensuring your operations teams know about bespoke arrangements your relationship managers agree with clients. Affirming your legal documentation matches your operational reality. The firms that get CASS right treat it as operational discipline, not compliance paperwork. Your internal testing should be finding issues before external auditors do. If your auditor is the first person to spot problems, your control framework isn’t working.
The Targeted Support Regime
The targeted support regime represents both opportunity and complexity. If you’re planning to offer this, pre-application discussions with the FCA have already started. You should be developing consumer segments, testing what ready-made suggestions work for which groups, and building your evidence that consumers are genuinely better off. This isn’t a theoretical exercise. You need to demonstrate better outcomes, manage conflicts where you’re suggesting your own products, and maintain clear boundaries with regulated advice. The firms that get this right will unlock new revenue opportunities. The firms that get it wrong will face regulatory intervention quickly. Final rules arrive in December. The authorisation gateway opens in March. If you’re serious about this, you should be in advanced planning now.
Digital Assets
Digital assets is where the growth agenda meets regulatory reality. The FCA wants the UK to be a global hub for crypto, but they’re not compromising on standards. The consultations running through the end of 2025 will determine the final regime. If you operate in this space, your input matters.
The FCA has been clear: same risk, same regulatory outcome. That means full systems and controls, comprehensive financial crime frameworks, prudential requirements, and client asset protection. If you’re currently operating under Money Laundering Regulations, prepare for a significant step up. If you’re a traditional firm considering crypto services, understand that authorisation requirements will be comprehensive. Use the innovation services. Engage with the sandboxes. Build relationships with the policy teams before you need them for authorisation.
SMCR
SMCR reform is the clearest signal of the regulatory pivot, but don’t be fooled into thinking this is becoming less important. Cutting the burden by 50% is substantial, but the accountability remains absolute. The bureaucracy is reducing, not the standards. As compliance leaders, you need to think carefully about what internal governance you maintain regardless of regulatory requirements.
When the Certification Regime becomes more flexible or disappears from legislation, what internal certification process do you keep? When fewer roles need pre-approval, what internal assessment standards do you maintain? The smart firms will use lighter regulation to free up resources for better governance, not weaker governance. Review your SMCR framework now.
Identify where streamlined requirements could allow you to focus on higher-value activity. But don’t mistake less regulation for less rigour. Individual accountability isn’t going anywhere.
Planning Your Response
The next few months require strategic thinking, not just project management. You need to position compliance as a function that enables growth, not just manages risk. That means engaging with the business differently.
Resource Planning
Start with resource planning. These four areas all hit between now and mid-2026. You can’t do everything at once.
What needs to be done by May 2026? That’s CASS 15 for affected firms and targeted support authorisations. What can you phase? Digital assets authorisations don’t open until late 2026. SMCR changes take effect mid-2026. Build your implementation roadmap with realistic timelines and clear dependencies.
Stakeholder Engagement
Invest in stakeholder engagement. For targeted support, you need business areas designing the actual consumer propositions.
CASS 15, you need operations completely rebuilt. Digital assets, you need technology and risk working together on operational resilience. SMCR, you need HR understanding the changes to certification. Compliance can’t do this alone. You need active business participation, not grudging cooperation.
Regulatory Relationship
Think about your regulatory relationship strategy. The FCA expects firms to engage during consultations, use innovation services, and demonstrate good practice. Make sure you’re responding to consultations on time, with substance, not just generic responses. If you’re developing new propositions, consider whether sandboxes or innovation services could help. Build a track record of constructive engagement. When you need regulatory support for authorisations or variations, you’ll want that foundation in place.
Compliance Operating Model
Finally, consider your compliance operating model. In an environment where regulation is changing this fast, you can’t operate the way you did when change was slower. You need better horizon scanning. You need faster decision-making on what matters. You need the ability to deploy resources quickly to emerging priorities. The compliance functions that succeed in this environment will be agile, strategic, and commercially aware. If you’re still operating as a control function that says no, you’re going to struggle.
What Comes Next
The regulatory environment of 2026 will be fundamentally different from 2024. Lighter touch SMCR, new advice frameworks, comprehensive crypto regulation, and extended CASS requirements create both opportunities and risks. The firms that position themselves well will be those that engaged early, implemented thoughtfully, and maintained high standards even when requirements were reduced.
For compliance leaders, this is your opportunity to demonstrate strategic value. The government wants growth. The regulator is creating space for it. Your job is to help your business take advantage whilst managing risk effectively.
If you are looking at these four priorities and wondering how to resource them effectively, or if you need specialist support on CASS, targeted support implementation, digital assets readiness, or SMCR reforms, we can help. At Leaman Crellin, we work with firms across the implementation spectrum, from strategic planning through to hands-on delivery.
Get in touch to discuss how we can support your compliance function through this period of significant change.
