Our Take
The compliance theater is complete, but the evidence infrastructure that will determine enforcement outcomes remains broken at most firms.
Why it matters
Asset managers, insurers, and wealth platforms face their first conduct rule enforcement cycle with the same evidence gaps that triggered 178 confirmed breaches at wholesale banks in 2025.
Do this week
Compliance teams: test cross-channel conversation retrieval within one working day before July 2026 so you can identify evidence gaps before the FCA does.
Most firms lack cross-channel evidence retrieval
The FCA's Code of Conduct extends to cover bullying, harassment and discrimination across all FCA-authorised organisations on September 1, 2026. While firms have updated policies and training programs, few can retrieve relevant conversations across channels within regulatory timeframes.
The regulator's enforcement signals are clear. The FCA's August 2025 review of 11 wholesale banks found 178 confirmed breaches of internal communications policies in one year, with 41% involving directors or senior managers (per FCA multi-firm review). In January 2026, enforcement co-executive director Therese Chambers confirmed the FCA will pursue enforcement action over non-financial misconduct. The March 2025 Decision Notice against Crispin Odey established the senior-conduct precedent.
Three retrieval scenarios expose gaps at most organisations: cross-channel allegations against senior traders spanning email, messaging and voice; legacy complaints requiring continuity across replaced systems; and integrity tests proving capture functioned on specific dates.
Evidence infrastructure determines enforcement outcomes
The firms that survive initial regulatory scrutiny will be those with functioning evidence layers, not polished policies. Asset managers, insurers, brokers and wealth platforms now face the same conduct rule enforcement that wholesale banks have endured.
Outsourcing evidence capture does not transfer regulatory responsibility. Third-party outages, reconciliation gaps and missing data remain the firm's liability. Any organisation relying on external providers for capture, archive or retrieval should verify performance benchmarks now.
The FCA has made clear that surveillance is technology-neutral, channel-irrelevant, and records must be complete, retrievable and defensible. The regulator's message spans four key outputs: the August 2025 multi-firm review, the 2026 Wholesale Markets Regulatory Priorities Report, Chambers' January 2026 commentary, and the Odey Decision Notice.
Five questions reveal evidence readiness
Compliance and IT leaders should answer five diagnostic questions before September: Can your organisation retrieve a specific conversation across every regulated channel within one working day? Can you prove capture functioned on a given date? Can you trace AI-flagged alerts to underlying records? Are reconciliation gaps closed within defined timeframes? Does response capability hold during third-party outages?
Uncertainty on any question represents compliance risk. Firms with consolidated evidence infrastructure already benchmark capture completeness, archive integrity, reconciliation cadence and self-service retrieval speed. The September 2026 deadline leaves eight months to close evidence gaps that the FCA has signalled it will pursue through enforcement action.