The Definitive Guide to Preventing an FCA Section 166 Review in 2026

Over 50% of recent FCA enforcement actions have involved a Section 166 skilled person review, driven by a staggering 124% surge in their deployment over the past three years. If you are relying solely on your internal annual audit to protect your firm, you are preparing for yesterday’s regulatory environment.

In our analysis of firms navigating the 2026 regulatory landscape, we have seen a decisive shift. The Financial Conduct Authority has moved away from lengthy, reactive enforcement investigations. Instead, they have adopted a more assertive, supervision-led approach designed to intervene earlier and contain risk at greater speed.

Section 166 of the Financial Services and Markets Act 2000 (FSMA) is no longer a last resort for catastrophic failures. It has become a primary diagnostic tool. The regulator now uses these reviews to obtain an independent assessment of specific areas before a breach is even proven.

The New Reality of Assertive Supervision

The FCA’s 2025–2030 strategy emphasizes a more efficient operating model. This involves supporting growth while operating as an assertive regulator that doesn't wait for a crisis to occur. They use s.166 powers as early diagnostic tools to steer outcomes without the delay and uncertainty of formal enforcement action.

By October 2025, the number of open enforcement operations dropped significantly from previous years. However, this does not mean the pressure has eased. The regulatory exposure has simply shifted to earlier stages of the supervisory cycle. Regulatory risk now arises during routine engagement and is managed through binding requirements rather than public fines.

Specific drivers for these interventions in 2026 include Consumer Duty outcomes and systemic governance gaps. The regulator is particularly focused on how firms deliver actual value to consumers rather than just complying with the letter of the law. If your data returns show anomalies in consumer complaints or product value, a Section 166 is the likely next step.

Governance and AML controls remain high-priority triggers. In 2024 and 2025, over 60% of reviews were focused on controls and risk management frameworks. The FCA expects senior management to have absolute clarity on decision-making processes. Any ambiguity in the Senior Managers and Certification Regime (SMCR) mapping can prompt an immediate skilled person intervention.

Why Internal Audits Provide False Comfort

Many mid-sized firms with approximately 100 employees operate under a dangerous illusion. They believe that a clean report from an internal compliance team or a standard annual audit is a sufficient shield. This "internal blindness" is a frequent precursor to regulatory intervention.

Internal compliance teams are often too stretched by day-to-day operations to objectively assess systemic risks. When a team is managing MiFID II reporting, AML screening, and the Consumer Duty rollout simultaneously, they lose the ability to step back and look at the framework from the regulator's perspective.

Internal audits often devolve into box-ticking exercises. They test whether a process exists, but they rarely test whether that process is culturally embedded or effective against current FCA expectations. A checklist might say an AML policy is in place, but it won't tell you if the underlying risk framework is too granular to detect emerging fraud patterns.

We have observed that firms often struggle to identify and mitigate risks proactively. The focus on day-to-day demands shadows the need for risk governance. If your board-level governance doesn't align with FCA expectations regarding senior management culture, an internal audit is unlikely to flag the nuance until the regulator points it out for you.

The "Shadow" Review: Benchmarking Against the Market

The most effective defense in 2026 is the proactive specialist review, also known as a "shadow" review. This is an independent Compliance Benchmark Audit that mimics an FCA supervisory visit but keeps findings strictly confidential. This allows firms to identify and remediate gaps before they are discovered by the regulator.

An independent benchmark audit assesses, compares, and scores your systems against current best practices. It covers everything from Terms of Business to Outsourcing policies. Unlike an internal review, a specialist consultant brings market-wide perspective, knowing exactly what the FCA is looking for in other firms within your sector.

Confidentiality is a critical component of this process. These reviews are conducted under strict non-disclosure agreements, using either our own or client-provided NDAs. This creates a safe space to find the "skeletons in the closet" and fix them without triggering a mandatory report to the regulator.

This process bridges the gap between abstract regulations and operational efficiency. It moves compliance from being a cost center to a strategic advantage. By fixing governance, AML/KYC, and complaints handling processes early, you eliminate the anomalies that trigger FCA data flags.

What Most Firms Get Wrong About FCA Interventions

There is a common misconception that a Section 166 only happens after a major breach. In reality, they are frequently triggered by minor anomalies in data returns or thematic reviews. The FCA’s data-led approach means a slight deviation in your RegData submissions can be enough to warrant an inquiry.

Another dangerous myth is that legal counsel can fix a compliance failure after it has been identified. While legal advice is necessary for enforcement defense, lawyers generally do not build or remediate operational compliance frameworks. As discussed in our analysis, Your Solicitor Can't Save You From the FCA: Legal Advice vs. Specialist Compliance Consultancy, specialist consultancy is required to handle the functional reality of systems and controls.

The cost of a Section 166 is the most misunderstood factor. The regulated firm bears the entire cost of the appointed skilled person, which is often a Big Four accounting firm or a high-end law firm. These reviews frequently run into six or seven figures, with average costs per review historically landing around £460,000.

Furthermore, the FCA can impose a Section 166 even if they don't suspect a breach. They use it as a diagnostic tool to understand a firm's financial reliability or risk exposure. If you cannot provide evidence of effective risk management during a routine visit, you are essentially inviting the regulator to appoint a skilled person at your expense.

Building a Defensive Framework

To prevent an intervention, the Head of Compliance must take immediate, actionable steps. Start by mapping your existing risk registers against the current regulatory horizon. If your risk reporting is still using free-type fields without keyword analysis, you are likely missing undetected trends that the FCA’s algorithms will catch.

Integrating continuous monitoring is no longer optional. Compliance cannot be treated as an annual event. This is why many firms are moving toward retainer-based expert support. Our data shows that even a comprehensive Gold tier retainer costs less than 17% of employing a full-time compliance manager, without the associated NIC, pension, or recruitment fees.

For firms in the UK, Europe, and the Middle East, the math is simple. A proactive approach that includes an independent benchmark audit and monthly strategic calls is a fraction of the cost of a single Section 166 review. The Gold tier, for instance, includes a dedicated Section 166 Preparation Toolkit worth £349 and a 4-hour response guarantee, providing the senior-level support needed to handle regulator queries instantly.

We firmly believe that at the intersection of regulatory requirements, consumer rights, and commercial viability, there is a path to a sustainable, compliant business. The best alternatives to regulatory intervention are derived from understanding, competence, accuracy, and effective strategy. Moving toward a culture of integrous governance is the only way to satisfy the "assertive supervision" model of 2026.

Take control of your regulatory standing by securing an independent health check. Whether you are an asset manager, a fintech firm, or a broker, the objective is the same: find the gaps before the FCA does. Your firm's future depends on your ability to prove your controls are not just present, but effective and resilient.

Visit Compliance Consultant to explore our range of independent audits and retainer services designed to protect your business from the rising tide of Section 166 interventions.