In March 2026, the regulatory weather in the UK shifted overnight. The Financial Conduct Authority (FCA) released nine new sector priority reports alongside a fresh annual work programme. This move effectively retired the old system of forty-plus portfolio letters, replacing it with a focused, data-heavy recipe for what a successful Regulatory Business Plan (RBP) must look like.
For our team, this transition is the most significant change in supervisory communication since the introduction of the Consumer Duty. We are no longer looking at broad strokes. The FCA is now demanding a level of granularity in business planning that treats the RBP not as a pitch deck, but as a blueprint for an already-functioning machine. If you are preparing an application or updating your strategy this year, the old templates will likely trigger an immediate query—or a rejection.
Our advisory team has spent the last few weeks mapping these new outcomes-focused rules to our clients' RBP builds. The excitement in our office is tempered by the reality of the work required. The FCA has made it clear: they want to be a "smarter regulator," which is code for "we are going to use data to find your weaknesses faster than ever before."
The New Ingredients for a 2026 RBP
The most striking addition to the RBP requirements this year is the demand for dynamic data evidencing. In the past, firms could get away with promising to monitor customer outcomes. In 2026, the FCA expects to see the plumbing. You must move beyond simply proving fairness as a concept and start proactively spotting patterns in vulnerability and complaints before they crystallise into systemic issues.
We are telling our clients that their Management Information (MI) packs need to be decision-useful from day one. This means your RBP should outline exactly how your data loops back into your governance. If your plan doesn't explain how a spike in customer support wait times triggers a review of your operational resilience, the FCA will view your governance as superficial.
Another critical "ingredient" is the shift in operational infrastructure requirements. Step 6 of the authorisation process has become a significant hurdle for many scaling firms. The regulator now expects systems to be built, contracted, and evidenced—not just promised in a future-tense narrative. Whether it is your transaction monitoring software or your customer onboarding portal, the FCA wants to see the signed vendor contracts and the results of your stress tests.
Finally, we are seeing a massive emphasis on the "Growth Narrative." It is a fascinating pivot. The term "growth" appears almost 100 times across the nine new priority reports. The FCA has a secondary objective to facilitate the international competitiveness and growth of the UK economy. Your RBP needs to lean into this. You should be explaining how your compliant business model contributes to the wider market’s health. However, this growth must be balanced with Beyond Business Continuity: Defining PRA Impact Tolerances That Pass Regulatory Audit to ensure that speed does not compromise stability.
What is Going Off the Menu
Just as we have new requirements, several traditional approaches are being struck off the menu. First on the list: retrospective MI packs. If your data only explains what went wrong last quarter, it is effectively useless in the eyes of a 2026 supervisor. The FCA is pushing for a move toward "continuous compliance" where risks are identified in real-time. If your RBP relies on annual reviews as its primary oversight mechanism, it will be flagged as high-risk.
We are also seeing the end of tick-box self-assessments. This is particularly relevant for firms managing Appointed Representatives (ARs). Following the FCA’s review of 270 principal firms, where widespread failures in oversight were found, the "good enough" approach is dead. The FCA found that only 52% of self-assessments were of high quality. If your RBP includes a generic AR oversight section that doesn't detail your specific audit trail for fitness and propriety, you are inviting a Section 166 review before you've even started.
Inconsistent financials are the final deal-breaker. In our analysis across various sectors, we’ve seen the FCA become ruthless regarding cross-referencing. The RBP is the narrative, but the financial projections are the proof. If your plan says you are targeting high-net-worth individuals but your capital adequacy calculations are based on mass-market transaction volumes, the application clock will stall. The regulator will cross-reference the RBP against every other document submitted. Minor inconsistencies are often interpreted as a lack of senior management competence. This is one of the primary reasons Why the FCA Rejects Authorisation Applications.
The Consultant's Perspective: Friction and Scaling
Building an RBP in 2026 requires navigating a specific type of friction. On one hand, you have the FCA’s new mandate to support economic growth. On the other, you have a relentless marathon against financial crime. This isn't just rhetoric; it’s backed by £186 million in recent fines and a £250 million investment in a new UK Fraud Strategy.
When we sit down with a scaling firm moving from a sandbox environment to systemic relevance, the conversation often gets difficult. Innovation is fast; regulation is measured. The challenge is proving that your infrastructure can handle rapid growth without becoming a conduit for money laundering or fraud. The FCA is running a marathon of endurance, and they want to see that your firm has the stamina to keep up with their data-led oversight.
Our team handles this variability by focusing on proportionality. A mid-sized investment firm in London needs a different governance structure than a regional fintech, but the standard of evidence remains high for both. We focus on the "Supervisory Maturity Curve." As you grow, the regulator’s interest shifts from your product design to your operational resilience and customer outcomes at scale. Your RBP should reflect this journey, showing that you have planned for the 12-to-24-month roadmap of regulatory readiness.
Immediate Action Items for Your RBP
If you are currently drafting or reviewing your RBP for a 2026 submission, there are two areas that require your immediate attention.
First is Fair Value Benchmarking. You cannot simply state that your fees are competitive. You must map out exactly how you define value. This quarter, you should be identifying the specific metrics you will use to prove that your price is proportionate to the benefits provided. We recommend looking closely at how you Evidence Fair Value Benchmarking in Your Consumer Duty Board Report as this data will need to be mirrored in your RBP narrative.
Second, you must shore up your financial crime basics. Despite the focus on growth, the FCA is deploying expanded proactive supervision. Before submitting your RBP, ensure your AML frameworks are not just written on paper but are integrated into your technology stack. The regulator is currently using five criminal convictions and a seven-fold increase in cancelled authorisations as a warning to the industry: the fundamentals are non-negotiable.
This "season" of regulation is about demonstrating competence through evidence. The FCA has lived up to its promise of being more consistent, but that consistency comes with higher expectations. Firms that treat the RBP as a living document—one that balances the ambition of growth with the rigor of operational control—will be the ones that thrive in this new landscape.
Navigating these shifts requires more than just a template; it requires a strategic partner who understands the nuances of the FCA's current mindset. Our retainers are designed to provide this exact level of senior advisory support, combined with the professional-grade tools like our Compliance Risk Register with Heat Mapping to ensure your RBP stands up to the most intense scrutiny.