When the FCA takes enforcement action against a firm or individual, it rarely happens overnight. The process typically unfolds over months or years, passing through several distinct stages — each of which produces signals that compliance teams should be monitoring.
Understanding how FCA enforcement works is essential for anyone responsible for regulatory compliance, counterparty due diligence, or risk management. This guide explains each stage of the enforcement process, the types of action the FCA can take, and what these actions mean for firms that work with or alongside the subject of enforcement.
The FCA's Enforcement Powers
The FCA derives its enforcement powers primarily from the Financial Services and Markets Act 2000 (FSMA). These powers are broad and include the ability to:
- Impose financial penalties (fines) on firms and individuals
- Withdraw or vary a firm's authorisation or permissions
- Prohibit individuals from working in financial services
- Issue public censures (formal public statements of misconduct)
- Apply to the courts for injunctions, restitution orders, and insolvency orders
- Prosecute criminal offences including insider dealing, market manipulation, and misleading the regulator
The choice of enforcement tool depends on the nature and seriousness of the breach, the regulatory outcome the FCA is seeking, and whether the subject cooperates with the investigation.
Stages of FCA Enforcement
1. Identification and Assessment
Enforcement cases typically begin when the FCA identifies potential misconduct through one of several channels:
- Supervision activity — routine or themed reviews that uncover issues
- Whistleblower reports — the FCA receives thousands of intelligence reports each year
- Market surveillance — automated monitoring of trading activity
- Referrals from other regulators — including the PRA, Serious Fraud Office, or overseas regulators
- Consumer complaints — patterns of complaints may trigger investigation
At this stage, the FCA's Enforcement and Market Oversight division assesses whether the matter warrants a formal investigation. Not every issue results in formal enforcement — many are resolved through supervisory dialogue.
2. Formal Investigation
If the FCA decides to open a formal investigation, it will typically notify the firm or individual under investigation. The FCA has statutory powers to compel the production of documents, require attendance at interviews, and obtain information from third parties.
Investigations can take years. The FCA has acknowledged that investigation timelines are a concern and has committed to improving efficiency, but the reality is that complex cases involving multiple parties and large volumes of evidence take time.
What this means for compliance teams: A firm under investigation may not disclose this publicly. The FCA generally does not announce investigations until a later stage. This makes it difficult to identify firms under investigation through public sources alone — but changes in a firm's behaviour, permissions, or regulatory disclosures may provide indirect signals.
3. Warning Notice
If the FCA decides to take formal action, it first issues a Warning Notice to the firm or individual. A Warning Notice sets out the action the FCA proposes to take and the reasons for it.
Warning Notices are not automatically made public. The FCA has the power to publish them, but historically has done so selectively. When a Warning Notice is published, it is a significant event — it means the FCA is confident enough in its case to publicise the proposed action before a final decision is made.
What this means for compliance teams: A published Warning Notice is an early signal that formal enforcement action is coming. It gives compliance teams time to assess the potential impact on their business relationships and begin contingency planning.
4. Decision Notice
After considering any representations from the subject of the Warning Notice, the FCA issues a Decision Notice. This sets out the FCA's final decision on what action it will take.
The recipient of a Decision Notice has the right to refer the matter to the Upper Tribunal (Tax and Chancery Chamber), which is an independent judicial body that can review the FCA's decision. If the matter is referred, the case is effectively stayed until the Tribunal issues its ruling.
5. Final Notice
If the recipient does not refer the matter to the Upper Tribunal, or if the Tribunal upholds the FCA's decision, a Final Notice is issued. This is the formal, public document that confirms the action taken.
Final Notices are published on the FCA's website and represent the definitive record of the enforcement outcome. They contain detailed findings of fact, the regulatory provisions breached, and the penalty or action imposed.
What this means for compliance teams: Final Notices are the most visible enforcement output. They appear on the FCA register against the relevant firm or individual and are the primary way that enforcement outcomes are communicated to the market.
Types of FCA Enforcement Action
Financial Penalties (Fines)
Fines are the most high-profile form of enforcement action. The FCA's penalty framework considers factors including the seriousness of the breach, the size of the firm, any profit gained or loss avoided, and the firm's cooperation during the investigation.
Firms that agree to settle early in the process receive a discount — typically 30% if they agree at the earliest stage. This means the published fine is often lower than the penalty that would have been imposed without cooperation.
2025 in numbers: The FCA imposed over £124 million in fines during 2025, with anti-money laundering failures accounting for the majority.
Variation or Cancellation of Permissions
The FCA can vary or cancel a firm's Part 4A permissions — the permissions that authorise it to carry on specific regulated activities. This can happen as:
- Own-Initiative Variation of Permission (OIVOP): The FCA unilaterally restricts or removes permissions, typically on an urgent basis when it believes consumers or markets are at risk.
- Own-Initiative Requirement (OIREQ): The FCA imposes additional requirements on the firm, such as prohibiting it from taking on new business or requiring it to hold additional capital.
- Cancellation of authorisation: In the most serious cases, the FCA cancels the firm's authorisation entirely, meaning it can no longer carry on any regulated activities.
In 2024/25, the FCA cancelled the authorisation of 1,456 firms. This is a staggering number that underscores the importance of monitoring the ongoing authorisation status of the firms you work with.
Prohibition Orders
The FCA can prohibit individuals from performing specific functions or from working in financial services entirely. Prohibition orders are used when the FCA considers that an individual is not fit and proper to perform regulated functions.
This is particularly relevant under the Senior Managers and Certification Regime (SM&CR), where individual accountability is a core regulatory principle.
Public Censures
In some cases, the FCA issues a public censure rather than a financial penalty. A public censure is a formal published statement that the firm or individual has breached regulatory requirements. While it does not involve a financial penalty, it is a matter of public record and can have significant reputational consequences.
Criminal Prosecution
The FCA has the power to prosecute certain criminal offences, including insider dealing, market manipulation, and making misleading statements to the regulator. Criminal cases are handled through the courts and can result in prison sentences.
Why Enforcement Monitoring Matters
For Compliance Teams
If you are responsible for monitoring counterparties, suppliers, or appointed representatives, FCA enforcement actions against those firms directly affect your risk profile:
- A firm under enforcement may have its permissions restricted or cancelled, affecting its ability to provide the services you rely on
- Enforcement action signals underlying compliance weaknesses that may affect the firm's stability and reliability
- Working with a firm that is subject to enforcement may attract supervisory attention to your own compliance arrangements
For Risk Management
Enforcement trends reveal the FCA's supervisory priorities. The dominance of AML-related fines in 2024 and 2025 signals that financial crime controls remain the FCA's primary area of focus. Understanding these trends helps risk managers prioritise their own compliance efforts.
For Senior Managers
Under SM&CR, senior managers can be held personally accountable if they fail to take reasonable steps to prevent regulatory breaches within their areas of responsibility. Being aware of enforcement actions affecting firms within your business relationships is part of exercising reasonable oversight.
How to Stay Informed
Manual Approaches
- FCA website: The FCA publishes Final Notices, press releases, and enforcement data on its website. However, there is no single page that aggregates all enforcement activity in real time.
- FCA register: Enforcement outcomes are reflected on the register against the relevant firm or individual. Checking the register periodically will eventually surface these changes — but with a lag.
- Regulatory news services: Various legal and compliance news services report on FCA enforcement activity, but these are typically editorial rather than systematic.
Automated Monitoring
For compliance teams managing multiple counterparty relationships, automated monitoring of the FCA register provides the most reliable way to detect enforcement-related changes as they happen. Rather than relying on periodic manual checks or hoping that news coverage will alert you to relevant changes, automated monitoring systematically tracks every firm you care about and alerts you to changes in real time.
FRN Watch monitors the FCA register 24/7 and delivers instant alerts when enforcement actions, warnings, permissions changes, or status updates affect the firms you track. Start your free trial to automate your enforcement monitoring.