Hire an FD/CFO contactus
HIRE AN FD/CFO CONTACT US

FCA Enforcement Actions: What Triggers an Investigation

  • Home
  • FCA Enforcement Actions: What Triggers an Investigation

FCA enforcement investigations do not begin without warning — the vast majority start with a supervisory process that escalates because the firm failed to engage adequately, the conduct identified was serious enough to require a formal response, or the FCA identified evidence of deliberate wrongdoing.

Understanding how the FCA’s enforcement process works — what triggers it, how it escalates, and what firms and senior managers can do to manage it — is one of the most practically important areas of regulatory knowledge for anyone working at or advising FCA-regulated firms. This guide covers the escalation path from supervision to formal investigation and the personal implications for SMF holders under the SMCR.

The Escalation Path from Supervision to Enforcement

The FCA’s approach to supervision and enforcement is tiered. Most regulatory concerns are addressed through supervisory engagement — correspondence, information requests, supervisory visits and agreed remediation programmes. Only a fraction of the issues identified in supervision escalate to formal enforcement action, and the FCA uses a range of tools at each stage of the escalation path before committing to a formal investigation.

Supervisory intervention. The first response to a regulatory concern is typically supervisory — a letter raising concerns, a request for information, a requirement that the firm submit a remediation plan, or a variation of the firm’s permission to restrict its activities while the concern is addressed. Most firms that engage constructively with supervisory interventions do not reach the formal investigation stage.

Voluntary requirement. Where the FCA requires a firm to take specific steps, it may impose a voluntary requirement (VREQ) — an agreement between the FCA and the firm that the firm will comply with specific conditions. The “voluntary” element is somewhat misleading: a VREQ is effectively a regulatory requirement that the firm has agreed to, and failure to comply is itself a regulatory breach.

Formal investigation under section 168 FSMA. The FCA opens a formal investigation when it has sufficient grounds to suspect that a breach of the FSMA requirements or FCA rules has occurred and that formal investigation is proportionate and in the public interest. The threshold for opening an investigation is not proof of wrongdoing — it is a reasonable suspicion that merits formal investigation.

What Triggers a Formal Investigation

The FCA’s enforcement case selection criteria identify several categories of conduct that are most likely to result in formal investigation rather than supervisory intervention alone.

Serious harm to consumers. Conduct that causes or risks causing material harm to a large number of consumers — mis-selling at scale, investment fraud, inadequate safeguarding of client money leading to loss — is a priority enforcement trigger. The FCA’s consumer protection objective means that harm to retail consumers is weighted heavily in case selection.

Market integrity concerns. Market abuse — insider dealing, market manipulation, front-running — is among the highest-priority enforcement categories. The FCA uses a range of surveillance tools to monitor markets for suspicious trading activity, and referrals from market infrastructure bodies (trading venues, clearing houses) can trigger investigations independently of supervisory engagement with the firm.

Deliberate or reckless misconduct. Where the FCA identifies evidence that conduct was deliberate — the firm or individuals within it knew they were breaching regulatory requirements and continued regardless — formal investigation is far more likely than where a breach reflects an inadvertent failure or a control weakness. The distinction between negligent and deliberate conduct is one of the most significant factors in the FCA’s case selection assessment.

Failure to engage with supervisory process. Firms that are unresponsive to FCA information requests, that provide misleading information to supervisors, or that repeatedly fail to implement agreed remediation plans are significantly more likely to be referred for formal investigation. The FCA’s risk-based supervisory approach means that a firm’s attitude to regulatory engagement is itself a risk indicator.

SMCR breaches and individual misconduct. Where conduct failures can be attributed to specific named individuals — particularly SMF holders who failed to take the reasonable steps required of them — the FCA is more likely to open a formal investigation with a view to taking action against the individual as well as (or instead of) the firm.

The Formal Investigation Process

Once the FCA opens a formal investigation, it appoints investigators and may exercise compulsory information-gathering powers under FSMA — requiring firms and individuals to produce documents, attend interviews and provide written explanations. These powers are exercisable against the firm and against individuals employed by the firm, including former employees.

The investigation process can take months or years, depending on its complexity. During this period, the firm remains under its existing regulatory obligations and must continue to operate within its permissions. The existence of a formal investigation does not itself restrict the firm’s activities, though the FCA may impose additional requirements or variations if it considers this necessary to protect consumers during the investigation.

Enforcement Outcomes

Where the FCA concludes that a breach has occurred, the range of outcomes includes: a financial penalty; a public censure; a prohibition order (preventing an individual from performing regulated functions); cancellation or suspension of the firm’s permissions; a requirement to provide restitution to affected consumers; and — in the most serious cases — criminal prosecution under FSMA, the Financial Services Act 2012 or the Proceeds of Crime Act 2002.

The FCA publishes its enforcement decisions — including financial penalties, prohibition orders and supervisory notices — on its website. Enforcement outcomes are therefore public: a fine or prohibition order affecting a senior manager or their firm is visible to current and future employers, clients and counterparties. The reputational consequences of enforcement action often exceed the direct financial cost.

Personal Implications for SMF Holders

Under the SMCR, the FCA can take action against individual SMF holders as well as the firm. Where a conduct failure occurred within an SMF holder’s area of responsibility, the FCA will assess whether the individual took the reasonable steps required of them. If the FCA concludes they did not — because they lacked adequate management information, failed to act on concerns that were escalated to them, or were aware of a problem and did not address it — the individual faces the full range of enforcement outcomes, up to and including personal fines and prohibition from performing regulated functions.

The SMCR’s reversal of the burden of proof — requiring the SMF holder to demonstrate that they took reasonable steps rather than the FCA having to prove they did not — is the most significant aspect of individual accountability. SMF holders who maintain contemporaneous records of their oversight activities, the decisions they made and the information they received and acted on are in a materially stronger position than those who rely on memory or who have no documentation of their oversight activities.

How Firms Should Respond When Investigation Looms

Where a firm identifies that an FCA investigation is likely — or has already been opened — the following principles apply. Do not destroy or conceal relevant documents: obstruction of an FCA investigation is a criminal offence. Engage specialist regulatory legal advice immediately: the FCA’s compulsory powers and the criminal exposure in serious cases require experienced regulatory solicitors, not general employment or commercial counsel. Cooperate with the FCA’s investigation: the FCA’s penalty-setting framework gives significant credit for early and full cooperation, and the firms that cooperate genuinely consistently achieve better outcomes than those that are adversarial. Assess the SMCR implications: identify which SMF holders’ areas of responsibility are involved and ensure they have legal advice on their personal position independently of the firm’s advice.

Adrian Lawrence FCA — Founder, FD Capital Recruitment Ltd

ICAEW Registered Practice  |  Companies House No. 13329383

“Firms that find themselves in difficulty with the FCA almost always benefit from having a strong, independent compliance officer who can engage with the FCA constructively and who has the credibility and experience to provide genuine assurance during supervisory engagement. Where a firm has an enforcement risk situation, we regularly place experienced interim compliance officers who can stabilise the regulatory relationship while the firm addresses its underlying issues.”

Need an Experienced Compliance Officer for FCA Engagement?

FD Capital places experienced compliance officers and SMF16 holders with FCA supervisory and enforcement engagement experience — on interim mandates available quickly.

Key References

FD Capital
FD Capital
FD Capital

FD Capital Recruitment Ltd is registered at Companies House (no. 13329383) and has been providing CFOs and Finance Directors since 2018 and is operated by an ICAEW-registered practice. Our founder Adrian Lawrence FCA holds an ICAEW practising certificate.