Regulatory Reporting: The Complete UK Guide for FCA-Regulated Firms

Regulatory Reporting: The Complete UK Guide for FCA-Regulated Firms

Regulatory Reporting Support: Find a Specialist Who Has Run One Before

Regulatory reporting is the set of periodic and event-driven submissions that UK financial services firms must make to the FCA, the PRA, and in specific cases to other bodies including the Bank of England, HMRC and foreign regulators. It is one of the most technically demanding areas of the compliance and finance function — specific rules, specific taxonomies, specific deadlines, and very little tolerance for error. A late or incorrect regulatory return can trigger supervisory intervention, remediation requirements, and in serious cases financial penalties. For firms of any meaningful scale, regulatory reporting is not a side activity of the finance team — it is a specialist function with its own leadership, its own systems, and its own risks.

The landscape has become more complex, not less, in recent years. The Investment Firms Prudential Regime (IFPR) introduced a new prudential reporting framework for MiFID investment firms. MiFIR transaction reporting continues to evolve under the UK regime. EMIR derivatives reporting has been through successive refit cycles. Post-Brexit, the UK has diverged from EU reporting standards in specific areas, producing a distinct UK regulatory reporting regime that firms with EU operations must run alongside the EU equivalents. And the FCA’s move from the Gabriel reporting system to RegData in 2021 brought a platform change that firms are still adapting to.

This guide sets out the UK regulatory reporting landscape as it stands, the main reporting streams firms must handle, what can go wrong, how senior reporting leadership is structured, and how FD Capital places Heads of Regulatory Reporting and specialist reporting teams into FCA-regulated firms. It is written for compliance and finance leaders who want a substantive overview — not a summary of one specific reporting return. For the deeper detail on individual returns, the FCA’s own published material is the definitive source.

What Regulatory Reporting Covers — the Five Main Streams

UK regulatory reporting is not a single activity. It is a set of distinct reporting streams, each with its own rulebook, data taxonomy, submission platform and deadline structure. A firm’s obligations depend on its permissions, its business model, its size and its client base — but most meaningful firms face obligations in multiple streams simultaneously.

1. Prudential reporting

Prudential returns tell the regulator about the firm’s financial health — capital adequacy, liquidity, concentration risk, large exposures. The specific regime depends on the firm type:

• Investment firms report under the IFPR (Investment Firms Prudential Regime), which replaced the previous CRR/CRD-based regime for MiFID investment firms. The core reporting instrument is the MIFIDPRU return set, covering own funds, liquidity, concentration risk and K-factor calculations.
• Banks and building societies report under the PRA’s prudential regime — COREP (common reporting) and FINREP (financial reporting) are the principal returns, alongside specific UK-specific returns such as the PRA101/102/103 series.
• Insurers report under Solvency II UK — with specific returns covering technical provisions, own funds, Solvency Capital Requirement and minimum capital requirements.
• Consumer credit firms, payment services firms and e-money firms have their own prudential reporting regimes proportionate to their risk profile.

Prudential reporting is where the intersection between finance and compliance is sharpest. The underlying data is financial — it comes from the firm’s accounting systems — but the calculation, categorisation and submission follow regulatory rules that go well beyond accounting standards. Getting prudential reporting right requires people who understand both the accounting and the regulatory dimension.

2. Transaction reporting

Transaction reporting covers the near-real-time submission of trade data to the FCA. Under MiFIR (the UK version), investment firms must report every reportable transaction in financial instruments traded on a trading venue, with 65+ data fields per trade, by the end of the next trading day. The FCA uses this data to detect market abuse and monitor market integrity.

Transaction reporting is technically demanding because:

• The volume is high — large firms submit millions of reportable transactions per year.
• The taxonomy is complex — specific fields must be populated in specific ways with specific codes.
• Data quality is scrutinised — the FCA runs its own reconciliation and data quality checks and flags anomalies to firms.
• Remediation of historic errors is costly — when a data-quality issue is identified, the firm may have to reprocess and resubmit months of transactions.

Many firms use third-party transaction reporting providers (Approved Reporting Mechanisms, or ARMs) to handle the technical submission, but the responsibility remains with the firm. A specialist transaction reporting function within the firm, owning data quality, reconciliation and exception handling, is the standard model at any firm with meaningful trading activity.

3. Conduct reporting

Conduct returns tell the FCA how the firm is performing on consumer-facing metrics. The principal conduct returns include:

• DISP (Complaints Return): Six-monthly submission of complaint volumes, types and resolutions. Data is also published by the FCA at firm level, so commercially sensitive as well as regulatory.
• Product Sales Data (PSD): Returns covering sales of mortgages, consumer credit, retail investments and pension products. Used by the FCA to monitor market conduct and identify outliers.
• Consumer Duty reporting: With the introduction of the Consumer Duty, firms have increased obligations to report on customer outcomes. See our Consumer Duty guide for detail on how outcomes monitoring intersects with regulatory reporting obligations.
• Customer-facing firm returns: The REP007, REP010 and sector-specific conduct returns covering firm-level conduct indicators.

4. Financial crime reporting

Financial crime returns cover the firm’s exposure to and handling of money laundering, terrorist financing, sanctions, and fraud risk. The principal returns:

• REP-CRIM: The annual financial crime return, filed by larger firms. Covers AML framework maturity, customer risk profile, controls, incidents and typologies. For firms required to file it, REP-CRIM is a significant data exercise.
• Suspicious Activity Reports (SARs): Submitted to the National Crime Agency (NCA), not the FCA, but firms’ SAR activity is a key input to the wider financial crime risk picture. Our forthcoming SARs guide will cover this in depth.
• Sanctions reporting: Separate UK sanctions reporting obligations to OFSI (Office of Financial Sanctions Implementation) where relevant.

5. Operational resilience and event-driven reporting

The fifth stream covers operational resilience reporting and the firm’s obligations to notify the FCA (or PRA) of specific events:

• Operational resilience returns: Firms in scope of operational resilience requirements must report on important business services, impact tolerances, and operational disruption incidents.
• Breach reporting: Under Principle 11, firms must proactively notify the FCA of matters of which it would reasonably expect to be notified — covering material regulatory breaches, significant control failures, major incidents, and similar.
• Senior manager and SMCR reporting: Notifications under the SMCR regime, including changes to senior managers, regulatory reference requirements, and so on.

Unlike periodic returns, event-driven reporting is triggered by specific incidents and has variable deadlines. Getting it wrong — delayed notifications, incomplete notifications, or unnecessary notifications — can damage supervisory relationships significantly.

The Regulatory Reporting Platforms — RegData and Beyond

UK regulatory reports are submitted through specific platforms, and understanding the platform layer is important to understanding how reporting operates in practice.

RegData — the FCA’s reporting platform

The FCA moved from the old Gabriel system to RegData in 2021. RegData is now the primary platform for FCA reporting, handling the submission of the vast majority of FCA returns. The migration from Gabriel to RegData was not purely a like-for-like system change — it involved changes to return formats, validation, user access arrangements and workflow. Firms still referring to “Gabriel” in their internal documentation or training materials are behind the times and should be updating to reflect the current platform.

RegData key features:

• Web-based submission platform with user access managed through Connect.
• Support for XML and XBRL submissions depending on the return type.
• Validation rules that identify specific errors at point of submission.
• Submission history and status tracking for each return the firm files.
• Integration with the FCA’s data analytics capabilities to flag anomalies post-submission.

PRA reporting systems

Banks, building societies and dual-regulated firms file PRA returns separately. The PRA uses its own submission mechanisms (BEEDS for some returns, BoE platforms for others) and firms must maintain access and capability across both regulators’ systems. Coordinating PRA and FCA reporting is a specific challenge for dual-regulated firms and the responsibility usually sits within the Head of Regulatory Reporting’s remit.

Third-party reporting providers

Regulatory reporting software vendors (RegTech providers) play a significant role in the market. Firms commonly use third-party systems for transaction reporting, EMIR derivatives reporting and complex prudential calculations. The vendor does the heavy technical lifting; the firm retains accountability, reviews submissions before they go out, and handles exceptions. The Head of Regulatory Reporting typically manages these vendor relationships, including SLA oversight, data quality monitoring and technical change management.

EMIR Derivatives Reporting — the Specific Case

For firms dealing in derivatives — banks, investment firms, asset managers, and in some cases corporates — EMIR derivatives reporting is a specific workstream that deserves its own section.

Under UK EMIR (the UK’s post-Brexit version of the EU EMIR regulation), both counterparties to a derivatives trade must report the trade to a registered trade repository. Reporting is bilateral — each party reports its own side, with reconciliation between them. Data fields cover contract terms, counterparty information, collateral, valuation and lifecycle events. The technical taxonomy has evolved through successive EMIR refit cycles, with data field counts and formats changing.

EMIR reporting challenges include:

• Reconciliation: Matching the firm’s reporting against the counterparty’s reporting requires robust processes. Mismatches are common and must be remediated.
• Lifecycle event reporting: Every material change to a trade (termination, modification, collateral change) must be reported. Missing lifecycle events creates data-quality failures.
• UK vs EU divergence: Post-Brexit, UK EMIR and EU EMIR are no longer identical. Firms with UK and EU operations must run parallel reporting streams with different rules.
• Data quality expectations: Both the FCA and the Bank of England scrutinise derivatives reporting data quality, and remediation exercises are costly when quality issues are identified.

MiFIR Transaction Reporting — Data Quality and Remediation

MiFIR (UK) transaction reporting deserves specific attention because it has been a repeated source of FCA enforcement and supervisory attention. Firms have been fined for systematic transaction reporting failures, and the issue areas are well understood.

What MiFIR transaction reporting covers

Investment firms subject to MiFIR must report every reportable transaction in reportable financial instruments (broadly, instruments admitted to trading on a UK trading venue, or whose underlying is so admitted). Reports contain detailed fields including:

• Transaction timestamp (to microsecond precision in many cases)
• Financial instrument identifier (ISIN)
• Price and quantity
• Counterparty identification (LEI)
• Buyer/seller decision maker
• Executing trader identification
• Venue identification
• Specific flags (waiver, short sale, commodity derivatives, etc.)

Common MiFIR reporting issues

From published enforcement action and supervisory commentary, the recurring transaction reporting issues include:

• Incorrect or missing trader and decision maker identifiers.
• Wrong venue identification — particularly for trades that moved between venues during execution.
• Missed reporting of specific trade types (particularly in complex structures, portfolio trades and give-ups).
• Timing errors — submissions after the T+1 deadline.
• Data-quality issues identified by the FCA in post-submission review, requiring resubmission.

Firms running mature transaction reporting functions have dedicated capacity for pre-submission data-quality checks, post-submission reconciliation against internal trade records, and rapid remediation when issues are identified. This is specialist work that sits between technology, front-office, operations and compliance.

Prudential Reporting Under IFPR and MIFIDPRU

The Investment Firms Prudential Regime (IFPR) introduced in January 2022 was the biggest change in UK investment firm prudential regulation for a generation. Under IFPR, investment firms report through the MIFIDPRU return set, which replaced the previous CRR/CRD framework for non-bank investment firms.

Key MIFIDPRU returns

• MIF001: Own funds, capital resources and K-factor requirement calculation.
• MIF002: Liquid assets and liquidity requirement.
• MIF003: Concentration risk reporting.
• MIF004: Remuneration — specific remuneration data.
• MIF005: Group capital test (for firms within a group).
• MIF006: ICARA assessment outputs.
• MIF007: Investment policy and environmental, social and governance factors.

Why MIFIDPRU is demanding

Unlike its predecessor, MIFIDPRU is activity-based — capital is calculated using K-factors that measure the specific risks of the firm’s activities. This means:

• The firm must categorise its activities precisely against the K-factor taxonomy.
• Activity data (assets under management, client money held, daily trading flow, etc.) must be captured and classified consistently.
• The Internal Capital Adequacy and Risk Assessment (ICARA) process feeds the reporting — MIFIDPRU reporting is downstream of a substantive risk assessment, not just a calculation exercise.
• Categorisation decisions (SNI vs non-SNI firm status, relevant K-factors) have significant capital impact and must be defensible under supervisory review.

The Head of Regulatory Reporting at an IFPR-scope firm typically owns the MIFIDPRU submission chain, working closely with the Chief Risk Officer (for ICARA inputs) and the CFO (for financial data).

Governance — Who Owns Regulatory Reporting

Regulatory reporting governance is where many firms are weaker than they should be. The specific governance questions firms need to answer:

Senior manager accountability

Under SMCR, someone on the senior manager register carries accountability for regulatory reporting. At larger firms this is usually the CFO, a Chief Financial and Regulatory Officer, or a dedicated Director of Regulatory Reporting. At smaller firms it may be combined with the CFO or Chief Risk Officer role. Where the accountability is unclear, supervisory reviews have identified it as a specific failing.

Operational ownership

Beneath the senior manager accountability, operational ownership typically sits with a Head of Regulatory Reporting. This role:

• Owns the firm’s regulatory reporting calendar and ensures all returns are submitted on time.
• Manages the reporting team and any outsourced reporting providers.
• Owns data quality and reconciliation processes.
• Handles exception escalation and regulatory communication on reporting matters.
• Implements regulatory change as rules evolve.
• Reports to the senior manager (typically CFO or CCO) and to the board as required.

Three lines of defence

Regulatory reporting sits awkwardly in the three lines of defence framework because it involves both first-line operational delivery and second-line oversight. Mature firms separate:

• First line: The regulatory reporting team preparing and submitting returns.
• Second line: Compliance and risk oversight of the reporting function, including review of controls, data quality and regulatory interpretation.
• Third line: Internal audit reviews of the reporting function, typically annually or on a rotation basis.

Firms that conflate first and second line responsibilities — where the team preparing returns also owns the oversight of them — have repeatedly been criticised in supervisory reviews.

Board reporting

The board should receive periodic reporting on the regulatory reporting function — submission timeliness, data quality metrics, material errors or late submissions, upcoming regulatory change, and significant supervisory engagement on reporting matters. Boards that receive regulatory reporting information only when something goes wrong are under-informed.

Common Regulatory Reporting Failings

Across the firms we see, certain failures recur. The FCA’s supervisory and enforcement commentary reinforces these:

Late or missed submissions

The most basic failing. Usually caused by calendar management gaps, staff absence without cover, or system issues not identified in time. Mitigated by robust submission calendars, dual ownership of each return, and early-warning indicators (e.g. data availability checks days before the submission deadline).

Data quality issues

More common than late submission and usually more damaging. Root causes include:

• Upstream system changes that weren’t communicated to the reporting team.
• Inconsistent categorisation at source (different traders classifying the same instrument differently).
• Static data issues (wrong LEIs, out-of-date reference data).
• Calculation logic that doesn’t match the rule requirements precisely.
• Reconciliation gaps — reported data not tying to internal records.

Inadequate change management

Regulatory rules change frequently. The FCA issues handbook notices, PS publications and rulebook changes that require reporting amendments. Firms that do not have a structured regulatory change process — horizon scanning, impact assessment, implementation planning, testing — find themselves implementing changes late or missing them entirely.

Vendor dependency without oversight

Where firms use third-party reporting providers (ARMs, RegTech vendors, outsourced reporting firms), the vendor becomes part of the reporting chain but the accountability stays with the firm. Where vendor oversight is weak — no SLA monitoring, no independent data quality checks, no contingency planning — the firm is exposed to its vendor’s failures.

Documentation and audit trail gaps

The FCA’s supervisory approach requires firms to evidence the basis for their reporting decisions. Poor documentation — calculations without supporting workings, judgments without rationale, exceptions without evidence of review — creates difficulty in supervisory reviews and can convert a technical issue into a governance concern.

The intersection of reporting and Consumer Duty

Conduct returns, product sales data and Consumer Duty outcomes monitoring increasingly intersect. Firms that treat Consumer Duty reporting and conduct reporting as separate workstreams miss the data quality benefits of integration and create inefficiency. See our Consumer Duty guide for more on the monitoring and reporting interface.

The Specialist Roles Firms Need for Regulatory Reporting

Regulatory reporting has its own distinct talent pool. The specific roles we recruit for:

Head of Regulatory Reporting

The senior operational role owning the firm’s regulatory reporting function. Typical profile: 10–20 years of regulatory reporting experience, qualified accountant (ACA, ACCA or CIMA) often combined with specific regulatory reporting qualifications, experience across multiple return types and regimes (prudential, transaction, conduct), and team leadership experience. See our Head of Regulatory Reporting recruitment page for more detail on this role.

Regulatory Reporting Manager

Manages specific return streams (e.g. prudential reporting manager, transaction reporting manager, conduct reporting manager). Reports to the Head of Regulatory Reporting. Hands-on ownership of specific returns and the teams that prepare them.

Senior Regulatory Reporting Accountant

Specialist role, often at qualified accountant level, handling complex prudential or financial returns. Strong technical background in financial reporting combined with specific regulatory expertise. Crucial for firms with complex balance sheets or intricate capital calculations.

Regulatory Reporting Analyst

Junior-to-mid level role preparing specific returns, handling data quality checks, running reconciliations and supporting the broader team. Entry point for many regulatory reporting careers.

Head of Finance and Regulatory

Combined role more common at smaller firms where regulatory reporting is merged with the broader finance function. Typically reports to the CFO. Carries both FP&A and regulatory reporting responsibilities. See our fractional CFO page for related guidance on senior finance leadership at FCA-regulated firms.

Chief Compliance Officer and Chief Risk Officer

At senior level, the Chief Compliance Officer or Chief Risk Officer typically carries SMCR accountability for regulatory reporting. Their role is oversight rather than preparation — ensuring the reporting function is adequate, reviewing key returns before submission, and engaging with regulators on reporting matters.

How FD Capital Places Regulatory Reporting Specialists

FD Capital operates a specialist FCA-regulated firms recruitment practice. Within that practice, regulatory reporting is one of our most active specialisms — the shortage of specialists at senior level is persistent, and firms consistently struggle to find candidates with the specific combination of technical depth and commercial understanding required.

Candidate pool

Our regulatory reporting candidate pool includes:

• Heads of Regulatory Reporting from banks, investment firms, asset managers, insurers, consumer credit firms and payments / e-money firms.
• Specialist prudential reporting accountants (COREP/FINREP, MIFIDPRU, Solvency II).
• Transaction reporting specialists with MiFIR / EMIR hands-on experience.
• Consumer Duty outcomes reporting specialists (at the intersection of Consumer Duty and regulatory reporting).
• Financial crime reporting specialists with REP-CRIM and related experience.

Engagement models

We place in three main models:

• Permanent placements for firms building out their regulatory reporting function — Head of Regulatory Reporting, Regulatory Reporting Manager, Senior Regulatory Accountant roles.
• Interim and fractional placements for specific needs — IFPR implementation, EMIR refit projects, remediation exercises following supervisory review, cover during handover or recruitment.
• Project-based specialist placements for finite workstreams where firms need specialist expertise for a defined piece of work (platform migration, regulatory change implementation, data quality remediation).

Sector coverage

Our candidates span the major UK FCA/PRA-regulated sectors: retail and commercial banking, investment banking, asset management, wealth management, insurance, pensions, consumer credit, mortgage lending, payment services and e-money. Each sector has its own reporting profile and candidate pool, and we match candidates carefully to the specific firm context.

Regulatory Reporting is a Specialist Function — Treat It as One

The firms that handle regulatory reporting well do three things consistently: they recognise it as a specialist function requiring specialist people, they invest in systems and process rather than relying on heroics, and they engage with the regulator proactively on matters of interpretation and data quality. Firms that under-invest in any of these three ultimately find themselves in remediation exercises, supervisory scrutiny, or worse.

FD Capital can help you find the right Regulatory Reporting specialist — Head, Manager, Senior Accountant or Analyst — as a permanent, interim or fractional appointment. Whether you are building out a reporting function from scratch, recruiting a replacement Head with specific regulatory expertise, or bringing in interim cover for a specific project, we have candidates in the network who can fit.

A Note from Our Founder — Adrian Lawrence FCA

The conversation I have most often about regulatory reporting is with firms who thought their function was in better shape than it turned out to be. The FCA runs a data-quality check, flags an issue, and the firm discovers that their reporting process has been producing incorrect output for months or years. The remediation is expensive — in direct cost, in supervisory attention, and sometimes in penalty — but the root cause is almost always the same: the reporting function was under-resourced, under-led, or both.

Getting it right is not complicated in principle. The right Head of Regulatory Reporting, supported by an adequately sized team, with proper systems and documented controls, will produce accurate and timely submissions with appropriate exception handling. Where any of those elements is missing, the function is one data issue away from a problem. Firms that under-invest in the function save money in the short term and spend more in the long term in remediation.

At FD Capital we place Heads of Regulatory Reporting and specialist reporting teams at UK FCA-regulated firms. If you are recruiting in this area, building a reporting function, or concerned that your current arrangements are not adequate for the size and complexity of your firm, I am happy to have a direct conversation. Every mandate I take on is handled personally.

Adrian Lawrence FCA  |  Founder, FD Capital  |  ICAEW Verified Fellow  |  ICAEW-Registered Practice  |  Companies House no. 13329383  |  Placing regulatory reporting specialists at FCA-regulated UK firms since 2018

Further Reading and Authoritative Sources

The primary authoritative sources for UK regulatory reporting are the regulators themselves. The FCA’s data and reporting pages cover the reporting regimes, RegData platform, submission deadlines and validation rules. The FCA Handbook, particularly SUP 16 (Reporting Requirements) and the product-specific sections (MIFIDPRU, DISP, SUP 17 for transaction reporting), contains the definitive rule text.

For prudential reporting of banks and dual-regulated firms, the Prudential Regulation Authority (PRA) publishes the rulebook, supervisory statements and data collection requirements. The Bank of England publishes broader financial stability and data-collection material.

Professional body guidance is available from the ICAEW on regulatory reporting for chartered accountants operating within FCA-regulated firms. Trade bodies including UK Finance, the Investment Association, the Association of British Insurers and the Alternative Investment Management Association publish sector-specific reporting guidance.

For regulatory change horizon scanning, firms monitor the FCA’s publications (policy statements, consultation papers, handbook notices and Dear CEO letters) and the PRA’s equivalent publications. Staying current on regulatory change is itself a specific capability within the regulatory reporting function.

Related Guides: Compliance and Regulatory Guidance for UK Financial Services

Part of FD Capital’s series of practical compliance and regulatory guides for UK financial services firms. This guide sits alongside our broader Knowledge Centre resources:

Consumer Duty and conduct: Consumer Duty: The Complete UK Guide | FCA Conduct Rules: The Complete UK Guide (forthcoming) | SMCR Explained: Senior Managers & Certification Regime (forthcoming)

Financial crime and AML: MLRO: The Money Laundering Reporting Officer Role (forthcoming) | Customer Due Diligence & Enhanced Due Diligence: UK Compliance Guide (forthcoming) | Suspicious Activity Reports (SARs): UK Compliance Guide (forthcoming)

Prudential and operational: Regulatory Reporting: The UK Compliance Guide (this page) | Operational Resilience: UK Financial Services Guide (forthcoming) | Section 166 Skilled Person Reviews (forthcoming)

Finance for UK growth companies: EBITDA Explained: Meaning, Calculation and Exit Valuation | Management Accounts: A Complete Guide for UK Businesses | Cash Flow Forecasting: A Complete Guide for UK Businesses | Financial Ratios: The UK CFO’s Guide | Financial Metrics & KPIs: A UK CFO’s Guide

Specialist recruitment pages: Head of Regulatory Reporting Recruitment | Consumer Duty Recruitment | SMCR Compliance Recruitment | Compliance Recruitment | Chief Compliance Officer Recruitment | Chief Risk Officer Recruitment | MLRO Recruitment | AMLRO Recruitment | Financial Crime Recruitment | Risk and Compliance Recruitment | Section 166 Review | Recruitment for FCA-Regulated Firms | Fractional CFO