Dear Clients and Friends,
As 2025 is now in full swing, it is time for our annual New Year letter. In our compliance review work during the past year, we have observed common gaps and recurring patterns. These trends highlight some low hanging fruit which can be put right easily, but if identified by the regulator can create entirely avoidable questions.
Additionally, we have put together a digest of some of the key FCA and SEC upcoming regulatory developments, providing you with focus areas that may impact how you prioritise compliance tasks, allocate resources, and plan future initiatives in 2025. To stay up to date with regulatory updates, we invite you to visit our website at juddadvisory.com and follow our LinkedIn page.
- Housekeeping – Is the House in order?
It is worth reviewing whether the fundamentals of your compliance programme are up to date and key details aren’t forgotten as the year unfolds. We included a similar summary last year, but no apologies for including it again – the FCA’s 2023/24 enforcement data, published last September, highlighted the regulator’s increasing focus on what may at first glance be considered minor, or foot-fault type breaches;
So with that in mind, here’s a quick reminder of some common areas where firms often trip up:
- Stale Policies
The new year is a good time to review policies for relevance and effectiveness. Are any new policies required? Two current examples we are frequently being asked to help draft are i) AI – Use and Governance and ii) Electronic Communications policies.
- Is your Reg Data schedule correct?
We often find missing filings when reviewing clients’ RegData schedules, with the absence of the Complaints (DISP 1 Ann 1R) filing being a common loose end. Since the onus is on firms to ensure correct submissions, it is important to periodically review and update the schedule via FCA notifications.
- Scope of Permissions Review
In our, and the FCA’s, review work it is not uncommon to find that the business has diverged away from its original strategy and, therefore, FCA permission profile. There have also been instances where permissions were added to an FCA profile, seemingly without the firm’s knowledge. The regulator expects a regular review of regulatory permissions to ensure that they are up to date and amended when required.
- Are your Firm details up to date?
Has your firm recently moved offices or changed telephone numbers? If so, you must give the FCA reasonable advance notice of such change. Did the firm become, or cease to be, subject to the supervision of an overseas regulator? This needs to be notified to the FCA immediately. Annually, each firm must attest that the basic details that the FCA hold are correct and consistent with companies house, that annual deadline is fast approaching for many firms.
- Prior Permission of Issuances of Tier 1 capital
MiFIDPRU investment firms should be aware that the FCA generally expects to receive a notification of a subsequent issuance of an existing form of common equity tier 1 instruments at least 20 business days before the firm intends to classify that issuance as common equity tier 1 capital. The relevant form is available on Connect.
- Controller and close links pre-approvals and notifications
Controller and close link notifications and applications are becoming more cumbersome, with a high scrutiny from the FCA in applications. Further to this, our Health Check projects often reveal that these requirements are overlooked – typically due to the detail and time pressures surrounding a change in ownership, whether at the group or local level. Compliance Officers should review their firm’s current control structure to ensure that all persons and entities who have acquired control (as defined) or any existing controller who has passed through a control threshold is pre- approved by the FCA.
Any reductions in control must be notified to the FCA prior to the changes happening. New close links (think overseas offices or General Partner entities) must also be notified to the FCA as soon as reasonably practicable (and no later than one month) after the event.
- ICARA
Many firms will soon be due to refresh their ICARA. While the ICARA process has become more routine, please remember that it must be prepared and approved by the governing body before the firm’s MIF007 report submission. The FCA has published some observations on ICARAs, and although these are considered guidance, there is an expectation that firms implement the relevant observations where applicable. It is also worth remembering that the MiFIDPRU 8 public disclosure is required to be published on the firm’s website on the same day that annual financial statements are published.
Moving into 2025
Beyond the above basic requirements 2025 should be an interesting year. Will Trump’s Presidency see a bonfire of SEC rules? We don’t believe so but we will likely see a much less aggressive pursuit of relatively minor failings or breaches where there as been no investor harm.
We think it is more likely that HM Treasury via the FCA will finally begin to move the UK regulatory regime away from the EU in a more meaningful fashion. The FCA have promised to, “…streamline our handbook following industry input on rules which could be removed or simplified.” It is a welcomed objective and there is the required political will to make it happen, given the commitment to making the UK an attractive place to do business….but we will wait and see how much progress will be made.
- Regulatory Reporting
One area we are hopeful of seeing a reduced regulatory burden is the reporting regime and the amount of data that regulated firms are required to file.
Over the past few years new reports have appeared sporadically in response to a variety of different catalysts, such as financial crime monitoring, the COVID pandemic and complaints. New returns seemed to be knee jerk reactions and without an guiding strategy as to the type of information that is useful to the FCA in achieving its objectives we have been left with a patchwork of reports, often limited to very specific questions and topics, some of which are often irrelevant to the business of many firms and provides the FCA will largely out of date or redundant data. A quick survey of the Judd team suggested some reports are ripe for discarding or at least updating. Here then is our list of reports that should be at risk, together with our (unbiased) feedback,
- Complaints – “Why ask when there are no eligible complainants and the response is almost always a nil return?”
- Client Money and client assets (FSA039) – “How much of your client’s money that you’re not allowed to hold, do you actually hold?”
- Controllers Report (REP 002) – “Doesn’t give the FCA any more information than they already have or prompt firms in case they needed to have a controller approved.”
- Volumes and Types of Business (FSA038) – please, please just combine it as single data within the other returns.
It is probably too much to hope that all of the above will be removed but in our view they could be removed or combined and not decrease the relevance of the data the FCA are receiving. At least we can hope that the FCA’s new year commitment to reviewing, “…the proportionality of reporting requirements and remove redundant returns, initially expected to benefit 16,000 firms” will result in a more efficient reporting regime for both the regulator and the regulated.
- Senior Managers and Certification Regime (“SMCR”)
Culture and SMCR remain top priorities for the FCA, underscored by a flurry of notable actions against individuals for non-financial misconduct at the end of 2024. We published an article that discussed, a failure to disclose an HMRC tax finding, a GBH charge and lack of integrity had all been at heart of recent FCA enforcement actions.
With diversity and inclusion proposals, survey findings, and imminent guidance on non-financial misconduct, now is an ideal moment to review your own SMCR arrangements. Our article also outlined key questions to guide your assessment.
On the positive side all the indications point towards a reduction in the bureaucracy connected with the Certification Regime. This could see a reduction in those roles that require certification and therefore notification to the FCA as well as changes to the frequency of certificate issuance – it does seem like we are creating paperwork by certifying someone year in year out when their role and fitness assessment haven’t changed at all. We expect welcome news on that front.
- Operational Resilience
As we move into 2025, operational resilience is taking centre stage in regulatory priorities. Whether your firm falls within the immediate scope of these rules or not, the direction of travel is clear: operational resilience is under the regulatory spotlight, making it a focus that no firm can afford to overlook.
For in-scope firms, including enhanced SM&CR firms, the requirements take full effect by 31 March. This marks the culmination of a multi-year regulatory journey, with firms having had a three-year transitional period to align with these rules since their introduction in 2022. By now, firms should have identified their important business services, defined impact tolerances, and established strategies to navigate ICT-related disruptions effectively. Meanwhile, across the Channel, the EU’s Digital Operational Resilience Act (DORA) came into force on 17 January, imposing similar but diverging obligations on firms operating within the EU.
While firms outside the scope may have some flexibility, note that effective and up-to-date business continuity plans are a fundamental control expected by regulators. Additionally, detailed wind-down plans for MIFIDPRU firms are a crucial part of the ICARA process and should be regularly updated to remain relevant.
With tightening regulatory frameworks and growing risks of technological disruptions, now is an opportune moment to take stock of your firm’s operational frameworks. In today’s interconnected world, resilience is no longer optional.
- Transaction Reporting.
The FCA places great importance on MiFIR transaction reporting requirements – it is an important tool in their market surveillance armoury and the numerous enforcement actions have shown the prominence it holds at the regulator. Therefore, it has long been an illogical position that the transaction reporting requirements were not extended to UK AIFMS – a quirk once seen as so beneficial that many varied their permission to stay out of the regime. We believe the FCA will make proposals in 2025 to shut that lacuna and even up the transaction reporting regime.
- SEC Update
In August 2024, the Financial Crimes Enforcement Network (FinCEN) finalised a rule under the Bank Secrecy Act (BSA), making it mandatory for certain Registered Investment Advisers (RIAs) and Exempt Reporting Advisers (ERAs) to implement Anti-Money Laundering/Countering the Financing of Terrorism (AML/CFT) programmes. Starting January 1, 2026, these rules will effectively align U.S. advisers with industry standards, particularly those already in place in the UK. On this side of the ocean, the FCA has long required firms to adopt risk-based AML programmes, appoint a Money Laundering Reporting Officer (MLRO), and report suspicious activity via Suspicious Transaction Reports (STRs). The new FinCEN rules will require U.S. firms to do the same: establish risk-based AML/CFT programs, appoint an AML compliance officer, and submit Suspicious Activity Reports (SARs) and Currency Transaction Reports (CTRs) as necessary. Our partners at HighCamp Compliance have prepared a brief memo outlining what you’ll need to do by 2026.
Meanwhile, as the regulatory landscape shifts, the U.S. will also experience a change in leadership at the SEC. Following his election win in 2024, President-elect Donald Trump has nominated Paul Atkins, a former SEC Commissioner, to lead the Commission. While the full impact of this leadership change remains to be seen, it is expected to bring a shift towards a more business-friendly regulatory approach, which could influence the SEC’s priorities moving forward.
SEC Q1 2025 Key Reporting and Disclosure Deadlines
| 24/01/25 | Deadline for Receipt of Final IARD Statement Payments |
| 30/01/25 | Q4 2024 Quarterly Transaction Reports Due |
| 14/02/25 | Annual Employee Holdings Reports Due |
| 14/02/25 | Form 13F Due for Q4 2024 |
| 14/02/25 | Initial Form SHO Filing Due (due within 14 days of month end thereafter) |
| 28/02/25 | Form PF Due for Large Hedge Fund Advisers for Q4 2024 |
| 31/03/25 | Annual Form ADV Due (for firms with a December year-end) |
If you’re looking for more information or need help navigating the topics covered, don’t hesitate to reach out at judd@juddadvisory.com or contact your regular Judd consultant.
