This year capital markets firms need to meet emerging regulations and implement ongoing improvements to their risk management approaches. These are only two of several substantial challenges, but new data and AI tools are offering opportunities to simplify processes and streamline operations.
Finding the balance between these trends could arguably be described as the overarching theme for this year. An understanding of what they mean for the sector, and the relevant actions, can help firms manage the associated risks and identify new opportunities for growth.
The PRA’s SS5/21, and subsequent CP11/24, brought renewed focus to trading controls. While these regulatory approaches ostensibly target international banks operating in UK, they have broader applications and now reflect best practice across the sector. This has been backed by an increase in regulatory action, including skilled persons reviews for firms with weak control environments.
Perhaps the most significant change is the greater emphasis on preventative, over detective controls. As such, firms need to demonstrate that they're proactively preventing both unauthorised and inappropriate trades, with a growing focus on the latter. In some instances, these may be down to human error such as a typo, miscommunication, incorrect order capture, or ignoring soft controls alerts. In others, it could be due to failings in technology, such as adverse algo-behaviours, or malfunctioning or poorly calibrated controls. Regardless of the reason, the PRA expects ongoing work to reduce the risk to market stability.
Capital markets firms need to review their first-, second-, and third-line controls to make sure they're robust and fit for purpose. This includes compliance with all relevant regulatory approaches, including MiFID II, MAR, MIFIR and Dodd-Frank, to name a few. Controls need to be mapped back to the corresponding regulatory requirement, with active trigger alerts and warnings for potential breaches.
A robust risk and control assessment of the trading desk, based on end-to-end flows, will help firms identify any weaknesses and check that all controls are designed appropriately and operating effectively.
This work includes reviewing both inappropriate trading and the calibration of blocks for public markets, which are often overlooked. It’s also important to review the firm’s governance and culture to ensure the right behaviours are in place to embed effective risk management in the long term.
The capital markets sector largely relies on outdated trading and risk management platforms, with limited interoperability between them. This poses additional challenges for data retrieval and risk management, increasing the potential for inappropriate trades or a regulatory breach. It's also particularly important in the context of algo-trading or AI trading, both of which rely on accurate data feeds to select and trigger trades. As such, data transformation continues to be a focus across the sector, while prioritising operational resilience to reduce the impact on financial markets.
Firms need effective data governance and data management to support all processes, regardless of the platform. Good data management ensures that data can enable decision making (in person or using technology), support regulatory compliance, and promote operational efficiency. It must be reliable, accessible and accurate, with effective governance processes in place to maintain data quality, define ownership and ensure policies are realised across the firm.
With a greater reliance on AI and automated decision making, it’s also important to focus efforts on data traceability and integrity. This will give firms more scope to apply AI to identify efficiencies and new opportunities across the market.
AI trading is a significant and burgeoning use of artificial intelligence in the capital markets sector. It can assess vast amounts of market data to identify new trade potential, in addition to directly executing trades. However, like algo-trading, it has the potential to drive market instability, typically in the form of flash crashes. As such, it needs ongoing governance, oversight, and risk management to ensure a safe adoption that complies with all regulatory approaches.
The technology can also bring significant gains for the middle and back office to improve efficiency, support compliance, and monitor performance. This is particularly useful, given the historic reliance on manual processes, which are often decentralised across a wide range of systems. Key use cases include help with credit assessments, client onboarding, due diligence, fraud detection, and AML processes, with early detection helping to prevent escalation of the issue.
While AI can undoubtedly drive growth and modernisation across the capital markets sector, it's at an early stage, and needs significant oversight to mitigate the associated risks as they continue to emerge.
This includes compliance with the EU AI Act, which focuses on explainability, transparency, and bias mitigation. As a significant piece of international regulation, this will most likely influence the UK’s approach to AI in financial services, including the Treasury Committee’s ongoing inquiry into its use and application. Used effectively, with appropriate regulatory safeguards, AI could be an integral element of the UK’s new growth agenda and help to maintain the strength of the capital markets sector.
The FCA has published a discussion paper proposing changes to transaction reporting, including MIFID, MIFIR, EMIR, and SFTR. The changes aim to streamline requirements, improve data quality, and align the transaction reporting regime with broader reporting obligations.
As such, the FCA is considering increasing the scope of transaction reporting to include alternative investment fund managers (AIFMs) and undertakings for collective investment in transferable Securities (UCITs) management companies.
Proposals also include new digital token identifiers for distributed ledger technology securities and securities where the underlying assets are cryptocurrencies. There are also plans for additional fields for inclusion, such as client category fields, and direct electronic access indicators (among others), which all carry greater data requirements.
Implementing these changes may prove challenging for many firms, with transaction reporting already under FCA scrutiny and MarketWatch 81 highlighting that submitted transaction reports remain inaccurate. Key reasons include poor change management processes, weak process logic design and data governance, and inadequate control frameworks.
Firms need to stay up to date on the regulators approach to transaction reporting and consider what the potential changes may mean for them. In the meantime, it’s important to assess current processes and make sure they’re fit for purpose with effective governance, oversight, and resources to produce reliable and up to date reports. Underlying controls and processes must align with business operations, with clear routes back to the associated regulatory requirements, protecting them throughout periods of business transformation.
Under MiFID II, capital markets firms were asked to unbundle research from trading commissions and execution services. The move aimed to reduce the quantity of research and improve the quality, boost transparency around transaction fees, and reduce conflicts of interest. It gave buyers greater choice over which firm to choose for trade research and execution, selecting the most appropriate option for each.
However, with competition and growth agendas being more important than ever, the FCA is looking to reverse MiFID’s rules on unbundling. This is because the regulator views the current practices as operationally complex and inadvertently favouring larger firms, reducing competition. It will also help firms to easily purchase research from outside the UK, bringing broader perspectives and potentially reducing costs.
Capital markets firms need to consider how to re-bundle research within their current operating models, while avoiding the pre-MiFID pitfalls. While some firms, particularly larger ones, may have the in-house capacity to undertake this research, others may choose to outsource those services. Regardless of which option is taken, firms need to make sure there’s appropriate governance, oversight and controls in place to monitor how research is managed. The approach must be transparent and fully reflected in client fees, and comply with all regulatory requirements, including fair value under the Consumer Duty.
Effective prudential regulation is integral for financial resilience and remains a key focus for both the PRA and the FCA. Depending on the type of institution and their business activities, capital markets firms need to consider the impact of Basel 3.1 and the Investment Firms Prudential Regime (IFPR).
With regards to Basel 3.1, the PRA has delayed implementation until 1 January 2027 giving time to develop better alignment with the US. Depending on the US approach, there could be material changes to UK adoption and firms are waiting for further updates from the regulator.
Meanwhile, many firms in scope of IFPR have been slow to action FCA feedback and the regulator continues to push for improvement. This was most recently seen in the Dear CEO letter to wholesale brokers and the multi-firm review of liquidity risk management at wholesale trading firms. In the latter, the FCA identified weaknesses in liquidity risk management, resulting in the use of individual liquidity guidance (ILG) and individual capital guidance (ICG) to impose higher capital and liquidity requirements for specific firms. The FCA will continue to take a proactive approach through the use of multi-firm reviews, analysis of quarterly regulatory reporting, and the supervisory review and evaluation process (SREPs).
Despite the delay for Basel 3.1, banks need to keep moving forward and make sure they’re well-placed to calculate the new capital and reporting requirements. This includes an assessment of any material double count of risks between the output floor and the PRA’s Pillar 2 methodologies. Firms with EU operations also need to consider any points of divergence between the UK and EU approach, noting, for example, that credit risk calculations under the standardised approach will differ between the UK and EU subsidiaries (under CRD VI).
Firms subject to IFPR need to review the FCA’s feedback and embed appropriate risk frameworks to address regulatory concerns and manage the risks. This work needs to be captured within a firm’s broader risk management framework and be factored into its ICARA process to reduce the potential for individual capital or liquidity guidance, which will be more costly in the long run.
There’s been significant growth in private markets in recent years as investors strive for higher returns and greater diversification, and those seeking capital do so without the additional oversight and cost that comes with public financing. Many large banks have developed their ability to distribute credit risks efficiently into private structures to manage their balance sheet and risk exposures. The nature of private transactions, from a simple loan to structured, leveraged, and fund-based credit presents new risk management challenges in dealing, managing, and arranging these transactions.
The primary risks associated with these markets are focused on valuation and liquidity due to the inherent lack of transparency in private transactions. However, the broader market structure has been a regulatory concern in recent years, with correlations between lending and hedging support for financial sponsors, and financial institutions’ stakes in credit.
Integrating credit analysis across banking and trading books requires careful analysis of obligors, often within funds and other structures. In addition, the embedded risks within different legal arrangements is another critical factor in understanding potential exposures. The identification and careful recording of conflicts, notably as private transactions move into publicly-traded markets is another area banks, brokers, and wider stakeholders should consider and continue to monitor.
Regulators are focused on ensuring all firms across the financial sector can exit the market safely, without causing wider economic harm or contagion. As such, most entities that are part of an other systemically important institution (O-SII), and that have trading activity wind-down as an element of their recovery and post-resolution plans, must prepare trading activity wind-down (TWD) plans.
These plans must be practical and flexible, with robust scenario-testing in place. They must also align to broader wind-down planning within the entity or for the wider group, taking into account any shared services or interdependencies.
Non-systemically important banks are also subject to the PRA’s new rules on solvent exit planning, and must prepare a solvent exit analysis (SEA) and solvent execution plan (SEEP) by 1 October 2025. This will require significant resourcing and input from senior management to ensure these plans are robust, fit for purpose, and practical.
TWD came into force in March 2025, but firms will need to keep them up to date, making sure they continue to be responsive and reflect current operations and risks. This largely depends on having good data feeds, which are up to date and granular enough to implement the TWD plan effectively, with a particular focus on capital and liquidity. Firms must also be able to demonstrate good governance over these plans and report on them at least annually, or more frequently in line with business change.
Firms need to make sure solvent exit plans are proportionate to the business’ size, scale, and activities. They also need to align to the broader resolvability assessment framework and be workable in practice, beyond theoretical applications.
For capital markets firms, the two biggest ESG challenges are ratings and application of the sustainability disclosure requirements (SDR).
Ratings continue to be problematic, with capital markets firms using a range of sources and benchmarks, which are often inconsistent, with varying degrees of reliability. That makes it difficult for traders and investors to compare ESG performance across different assets, which are increasingly important in building a portfolio. This is set to change due to HM Treasury’s plans to bring ESG ratings providers into the FCA’s regulatory perimeter, with a subsequent consultation due later this year.
Under SDR, capital markets firms must implement the anti-greenwashing rule which came into effect last May. This rule ensures that all sustainability claims are complete, can be substantiated, are easy to understand and meaningful. There’s also the labelling, and naming and marketing regimes, which both came into force last year, with strict rules over the use of sustainability terminology when describing investment products.
Capital markets firms need to make sure they have effective governance, oversight and compliance over their SDR implementation. This includes preparing appropriate disclosures, and making sure that product labelling and market descriptions are fit for purpose, and not misleading. However, it’s important to remember that SDR compliance is just one component of a firm’s wider control frameworks. Firms need to embed these practices alongside a broader range of regulatory requirements, such as the upcoming UK Sustainability Reporting Standard, based on the ISSB standards.
Firms will have a clearer idea on the direction of travel for ESG ratings, once the FCA consultation is released, although the regulator has signalled that the approach will align with IOSCO recommendations. It’s worth noting that the ESG ratings are already regulated in the EU, and UK firms with an EU presence may want to align their approaches accordingly for consistency across all operations. In the meantime, it’s important to remain cautious and pragmatic when using ESG ratings and focus on comparability in the short term.
There are also increased challenges around tax, which could affect the underlying cost base and profitability. Pillar Two is a key challenge, bringing significant changes to how businesses are taxed, with additional global compliance and reporting requirements. International firms will be most affected, but some domestic firms may also be in scope.
HMRC and other tax authorities are also putting operational taxes, such as the Common Reporting Standard (CRS) and the Foreign Account Tax Compliance Act (FATCA), under greater scrutiny, and firms need to consider their ongoing compliance processes. The same is true for the Corporate Criminal Offence (CCO) legislation, where firms must have appropriate and demonstrable controls in place to prevent tax evasion by any associated person. Firms are criminally liable for failings in this area.
Last year, HMRC released a highly technical paper outlining new rules over VAT policy exemptions. It was introduced without market consultation and has left many firms unsure over what their exemptions are, some of which may have been removed.
There have also been changes to the UK Research and Development (R&D) tax rules, and the gross Research and Development Expenditure Credit (RDEC) rate has risen from 13% to 20%. On the surface this is a positive development, supporting innovation across the financial services sector, in line with the Government’s broader growth plans. However, there are intricacies around contracting R&D activities and who should be eligible for the relief, with some restrictions in place.
Capital market firms need to make sure they have appropriate oversight and compliance procedures in place to support VAT exemptions, FATCA and CRS returns, in line with greater scrutiny from HMRC. For CCO compliance, firms also need an up to date risk assessment.
For Pillar Two, firms need to have supporting documentation and statements in place, as some financial reporting obligations, and adjustments to forecasting models and transfer pricing could now be triggered earlier than expected.
Tax could now be a significant factor in R&D activities, so it’s important to consider the use of contractors when planning and costing these projects as these may affect potential exemptions.
The recent publication of the FCA’s review of money-laundering through the markets highlights risks in this area, where compliance is typically costly. There are also ongoing concerns about the effectiveness of systems and controls in detecting and deterring crime, whether money laundering, proliferation or terrorist financing, sanctions infractions, or market abuse. Larger firms are increasingly deploying sophisticated tools, including AI, to address these risks.
The FCA has singled out wholesale brokers in particular through a recently published ‘Dear CEO’ letter, which stated that firms are underestimating their money laundering risks. The letter expressed concerns about the quality of some financial crime controls and flagged cultural issues relating to broker remuneration and misconduct, which could increase the risk of financial crime.
In addition to these sector-specific money-laundering concerns, firms will need to prepare for some key provisions from the Economic Crime and Corporate Transparency Act 2023 coming into effect this year. These include the new failure to prevent fraud offence from 1 September 2025, and new identification and verification (ID&V) requirements at Companies House.
2025 also brings with it some uncertainty. For example, it seems likely that the UK Government’s new action plan on regulatory reform, aligned to its growth agenda, will lead to some changes in money laundering regulations. However, the extent of these isn't clear. Geo-political tensions also mean that sudden shifts in sanctions are also possible, as demonstrated by new UK sanctions imposed on Russia in February.
In the meantime, although there haven't been any large fines over the last year or so for financial crime reasons, the FCA’s fines for cum-ex trading demonstrate that it's willing to impose sizeable penalties on the sector. The 'Dear CEO' letter also shows that the regulator is willing to use a range of tough measures over the next two years to encourage rapid improvements in quality and compliance.
The basics still matter, and all firms need to be comfortable that core due diligence and monitoring activities happen when they should and to an appropriate quality standard, including sanctions screening and market surveillance, in accordance with their market abuse risk assessment.
The new failure to prevent fraud offence requires a risk assessment, and firms need to think about a wider range of fraud risks and controls than has previously been the case. While wholesale brokers were asked to discuss next steps to address the ‘Dear CEO’ letter by the end of March, other capital markets firms weren’t singled out in the same way. However, they should also carry out a gap analysis to ensure that they address the FCA’s concerns, as highlighted in the review of money laundering through the markets.
Wholesale firms should also consider any suspicious transaction and order reports (STORs) alongside suspicious activity reports (SARs). They need to make sure that these are reconciled to transaction reports or any regulatory queries related to reporting obligations.
Finally, firms applying new technology to prevent financial crime (such as AI or machine learning), need to think carefully about configuration, data quality, training, and testing before deploying new tools.
Contact Paul Garbutt or Paul Young for more insight and guidance on priorities across the capital markets sector.
