The Risk and Reg Edit: Winter 2026 edition

Many of the key themes this year appear familiar – political climate, economic crime, cyber, resilience, and AI. The difference is that these are changing more rapidly than ever, creating a shifting landscape of both increased complexity and unrealised opportunity. Read on to explore the latest thinking on some of these themes from our experts.

Read on for our experts’ views on:

• Regulatory recalibration in the UK
• Customers and conduct: The next chapter
• A splintering global picture
• The resilience imperative
• Payments: The innovation vision
• Is AI the answer to closing the advice gap?
• All change: The future of the risk function

Regulatory recalibration in the UK

In November, we hosted our event exploring the regulatory priorities that will shape UK financial services in 2026. We were joined by David Geale, Executive Director for Payments and Digital Finance at the FCA, who explained the FCA’s plan to streamline its activities, with a sharper focus on the Consumer Duty, financial crime prevention, and resilience to risk. David also highlighted the value of focusing on outcomes rather than rigid rules when assessing technologies such as AI.

Overall, it was clear the FCA wants to give financial institutions more latitude to take calculated risks, ensuring that the financial industry works for firms as well as customers. Concrete examples from the regulators’ ongoing work include:

• The mortgage rule review, aimed at supporting sustainable home ownership, will consult on proposals including simpler rules for first-time buyers in 2026
• Consultation CP25/40 on the regulation of crypto-asset activities, which aligns with the Treasury’s desire for the UK to play a growing role as a digital finance hub.

Many financial institutions are keen for a more mature regulatory relationship, one that focuses on clear direction rather than detailed instruction from regulators. While revisiting risk appetites and business models opens new opportunities, it could cause greater uncertainty. To respond effectively, firms will need to take a fresh approach to risk and compliance, for example, by embedding dynamic risk frameworks that adapt to regulatory outcomes rather than prescriptive rules, and by investing in AI-driven compliance tools that provide real-time monitoring and predictive insights.

Meanwhile, the UK Government’s desire for regulation to encourage competition and growth is having a perceptible impact. Firms must also ensure that any attempts to rebalance risk do not come at the expense of consumer outcomes – especially for vulnerable customers.

Customers and conduct: The next chapter

Enforcement of the Consumer Duty will remain a core priority for the FCA in 2026. Firms need to move beyond implementation and embed it comprehensively across their organisation, particularly given its broad application across a wide range of products and services.

For example, insurance is likely to be a key area of regulatory attention for the FCA in the year ahead. The regulator's premium finance market study, and its report on the pure protection market, is expected to explore consumer outcomes, fair value, and firms' incentives, behaviour and practices. But it’s not only insurers that should be mindful of the Consumer Duty. All financial firms need to embed high standards of conduct into design, product wording, customer services, and complaints to ensure Consumer Duty is at the heart of all operational practices.

In addition, 2026 should bring greater clarity to the critical issue of redress. Reacting to the long-running motor finance saga, both the FCA and HM Treasury have recently concluded their consultation into redress framework reforms. While the FCA Chief Executive Nikhil Rathi has indicated we’re unlikely to see an event on this scale again, practical implications for the future of redress remains unclear. Regulatory clarity is on the horizon. The challenge is real – but inaction is simply not an option. Banks must prepare today to deliver timely, fair redress and good outcomes for customers in 2026.

A splintering global picture

At the international level, last year was defined by fragmentation. Our predictions for 2025 stressed the value of scenario planning, but we didn’t foresee the full scale of the economic shocks unleashed by major geopolitical turbulence. After decades of gradual regulatory convergence between developed economies, this sudden increase in geo-economic tension has pushed up barriers to cross-border movement of goods, services, and capital. In 2026, the return of economic nationalism looks likely to manifest itself in growing regulatory competition.

In the banking sector, for example, the new US administration has signalled its intention to lower prudential capital requirements to support stronger lending. The Bank of England has taken a similar approach, reducing its system-wide Tier 1 capital benchmark from 14 to 13 percent of risk-weighted assets. and Changes to capital buffers, the leverage ratio, and domestic capital requirements are also on the horizon.

Regulatory divergence across global variations is also evident with approaches to stablecoins. These digital assets surged in value during 2025 after the US GENIUS Act promised to create a single framework for stablecoin regulation. Hong Kong, the EU, the UK, and other jurisdictions are also developing their own stablecoin frameworks – each with a unique philosophy and features. The result: an increasingly complicated world for financial institutions to navigate. Nimble firms may be able to capitalise on emerging opportunities, but fragmentation will push up costs and complexity across the industry, disrupting business and creating barriers to innovation.

The resilience imperative

In recent years, financial institutions have invested heavily in upgrading their operational and technological resilience. The typical focus of effort has been to understand how systems are connected, how critical services are defined and delivered to customers, and how to identify and remediate potential weaknesses.

There were two key takeaways from 2025 for firms to learn from. Firstly, cyber-attacks are not only the biggest threat to operational resilience, they’re the single greatest risk facing the enterprise. Secondly, as we predicted, and as demonstrated by the damage done to Jaguar Land Rover and M&S, supply chains are often the weakest link in an organisation’s infrastructure.

The lesson for 2026 is clear: Understanding and managing third-party risks is critical. Supply chain management is also key to compliance with the UK’s Operational Resilience requirements and the EU’s DORA. Firms should look out for the FCA’s Critical Third-Party designation in 2026, which is likely to bring some previously unregulated vendors within the scope of FCA supervision.

Payments: The innovation vision

A year on since the publication of the UK’s National Payments Vision, the UK Government would like to see a highly resilient payment system that’s able to combat the latest forms of fraud, attract more participants to the market, and encourage innovative payment solutions powered by next generation technology.

The new Vision promises to redefine how people and businesses move money around the UK and beyond. For example, 2025 saw the Payments Vision Delivery Committee – established to coordinate the work of the Bank of England, FCA, and PSR – agree a new model for the next generation of UK retail payments. For banks, this will require work in 2026 to enhance resilience and functionality of their Faster Payments System, which is no longer fit for purpose.

The Vision also enables ongoing development of the Digital Pound, the UK’s planned central bank digital currency (CBDC) which, like other CBDCs, such as the Digital Euro, aims to create a new form of money suited to digital payments and investments. Banks should monitor the fast-evolving stablecoin sector. In November 2025, the Bank of England began consulting on its proposals for the regulation of sterling-denominated stablecoins. For CROs, the Payments Vision means rethinking risk frameworks to address new vulnerabilities from CBDCs, stablecoins, and next-gen payment systems. Priorities include strengthening operational resilience, embedding AI-driven fraud detection, and engaging with regulators to shape standards for digital assets.

Is AI the answer to closing the advice gap?

AI is delivering multi-faceted innovation opportunities within risk and compliance functions. AI tools can now be utilised by risk teams for a growing range of medium complexity tasks, such as those involving checks and controls.

Not only does this save time and money by automating repetitive compliance processes, it also provides an opportunity to use generative AI for tasks such as analysing rule books – interrogating the minutiae far faster than even the most knowledgeable staff member.

Of course, any use of AI must be subject to appropriate safeguards, and there will always be a need for human scrutiny of AI outputs. But there’s still a long way to go. Many AI use cases are still at the proof-of-concept stage. Nonetheless, AI’s game-changing potential for risk and compliance is undeniable and provides much reason to be excited about the possibilities

For example, AI could hold the key to solving the ‘advice gap’ – a longstanding challenge for the financial industry. In December 2025, the FCA released near-final rules on targeted support, designed to provide retail investors who don’t pay for financial advice with decision-making support at key points in their financial lives. Meeting this requirement via traditional business models is uneconomical, but AI has the potential to perform much of the background research on clients, investments, and suitability – transforming firms’ advice capabilities at relatively low cost.

All change: The future of the risk function

Although risk and compliance functions face ever more acute pressure to ‘do more with less’, there are growing reasons to be optimistic. Financial institutions can continue to harness technology to improve both the efficiency and effectiveness of risk – a good thing for customers, investors, and other stakeholders. However, it comes with challenging adjustments. If the AI promise delivers, firms may need to make tough choices in their risk workforce, as the skills needed adapt and change with the emerging AI-enabled processes

How AI reshapes the risk landscape is still unknown. What is certain is that risk functions of the future will look dramatically different to those we know today. Risk and compliance teams need to stay tuned into the advancements to keep up.

People trust us because of our deep knowledge of the regulatory system. Our experience working with regulators, banks, insurers, building societies, and others means we’ll give you advice that works in the real world. If you’d like to discuss any of these issues in depth with our experts, you can do so here.