Is Your Compliance Framework Fit For Purpose In 2025?

A health check guide for FCA-regulated asset management firms

The regulatory environment in the UK is rapidly evolving, with the Financial Conduct Authority ("FCA") placing increased scrutiny on asset management firms. For asset managers, staying ahead of these regulatory changes is critical, not only to meet the FCA's expectations but also to safeguard their firm's reputation and investor trust.

As 2025 progresses, asset management firms operating in the UK will face several key themes shaping their compliance obligations. These include:

• Individual accountability
• Non-financial misconduct
• Operational resilience

For FCA regulated firms, we believe that a proactive approach is the most effective way to navigate the complexity of these changes. One such approach is conducting regular health checks on your compliance frameworks to ensure they remain fit for purpose.

Individual accountability

The FCA's focus on individual accountability is intensifying, particularly through updates to the Senior Managers and Certification Regime ("SMCR"). Ensuring SMCR compliance can be particularly challenging for asset management firms, especially those with fewer senior managers who often juggle multiple responsibilities. Clearly defining roles and accountabilities is essential, but the overlapping nature of responsibilities in smaller firms can create ambiguity.

Health checks in this area will assess whether your firm has the right governance structure in place, whether responsibilities are clearly allocated, and whether senior managers and other key personnel are complying with the necessary standards.

Non-financial misconduct

Non-financial misconduct has emerged as an increasingly important focus for the FCA, particularly as it relates to the conduct of individuals within a firm. Non-financial misconduct refers to behaviour that undermines the integrity and ethical standards of a firm, even though it may not involve financial crime.

In 2025, firms will need to ensure that they have systems and processes in place to prevent, identify, and address non-financial misconduct. While this can often be more difficult to measure and monitor compared to financial misconduct, the FCA is placing increasing emphasis on firms maintaining a healthy and ethical culture. Smaller firms may face specific challenges in this area because their cultures may be less formalised, and it may be harder to implement comprehensive monitoring systems.

A compliance health check will look at several aspects related to non-financial misconduct, including:

• Whether there are clear policies and procedures to prevent misconduct, such as anti-harassment policies or robust conflict of interest arrangements.
• Whether staff training programs adequately cover the importance of ethical behaviour and non-financial misconduct.
• Whether there are whistleblowing mechanisms in place that encourage employees to report misconduct without fear of retaliation.
• Whether the firm has mechanisms for addressing and resolving complaints related to unethical behaviour.

By taking proactive steps to address non-financial misconduct, firms can ensure that they are not only compliant with regulatory expectations but also foster a culture of trust and respect, which can have a significant impact on the firm's reputation and long-term sustainability.

Operational resilience

The FCA's expectations around operational resilience are becoming increasingly formalised in the wake of global disruptions such as the COVID-19 pandemic. Operational resilience refers to a firm's ability to continue operating effectively in the face of adverse events, such as cyber-attacks, IT system failures, natural disasters, or other unforeseen disruptions. The FCA expects firms to identify and manage risks that could affect their critical operations and ensure they can respond to and recover from these challenges.

A compliance health check in this area will assess:

• Whether your firm has a business continuity plan ("BCP") and disaster recovery plan ("DRP") in place, which includes strategies for responding to and recovering from a range of potential disruptions.
• Whether your firm's critical business functions (for example client reporting, asset valuation, transaction processing) are clearly identified, and whether there are contingency plans to ensure they continue in the event of an outage.
• Whether your firm has the appropriate cybersecurity measures and data protection protocols to mitigate the risks of cyber-attacks and data breaches.
• Whether your firm has conducted a resilience testing exercise to assess the effectiveness of its plans and processes in responding to real-world disruptions.

Operational resilience is especially critical for small firms that might rely heavily on a small team or third-party providers. Ensuring that your firm has the ability to recover from a significant disruption or crisis is key to maintaining business continuity and client trust.

Integrating these themes into your compliance framework

As we progress through 2025, asset management firms must ensure they have a proactive and robust compliance framework. Each of the above themes presents its own set of challenges, but with the right strategies and systems in place, firms can ensure that they meet regulatory expectations while safeguarding the momentum of their business operations.

A well-conducted FCA health check can identify gaps and weaknesses in these and other areas, helping firms ensure that they are prepared for regulatory scrutiny, minimising potential risks, and building a culture of compliance that aligns with both the FCA's expectations and the firm's long-term goals. Regular health checks offer a valuable opportunity to evaluate your current compliance practices, update policies and procedures, and ensure that your firm is well-positioned to navigate the changing regulatory landscape.