Investing in or acquiring a UK-regulated business in 2026 carries substantial regulatory weight. The Financial Conduct Authority has intensified enforcement, new safeguarding rules have taken effect, and the UK regulatory framework 2026 is more demanding than at any point in the post-Brexit era. Investors who close without conducting rigorous Due Diligence Before Closing in 2026 face inherited liabilities, regulatory censure, and reputational risk that can eclipse the deal’s entire value.
Research confirms that inadequate due diligence is the primary cause of deal failure for more than 60% of executives involved in UK M&A transactions. With the FCA issuing over £186 million in financial penalties in 2024–2025 and recording £16.1 million in fines in Q1 2026 alone, the consequences of inheriting a non-compliant regulated firm are measurable and severe.
This article provides investors, advisers, and compliance professionals with a structured framework for Due Diligence Before Closing in 2026, covering the precise verification steps required before closing any deal in the current regulatory environment.
Why UK Regulated Business Due Diligence 2026 Is Different
The UK regulatory framework 2026 has evolved materially from previous years. Three overlapping developments have raised the stakes significantly:
- The FCA’s new safeguarding regime under PS25/12 came into force on 7 May 2026, imposing daily reconciliations, monthly FCA returns, and annual safeguarding audits on all payment and e-money institutions holding relevant funds above £100,000.
- The FCA published its first-ever annual Regulatory Priorities reports in March 2026, replacing portfolio letters with nine sector-specific documents that set clear supervisory expectations for 2026 across asset management, wholesale markets, retail banking, and payments.
- From 1 September 2026, non-financial misconduct rules (bullying, harassment, violence) will extend to all FCA-regulated firms under the Code of Conduct (COCON).
- From July 2026, deferred payment credit (BNPL-type) products will become regulated activities under the Financial Services and Markets Act 2000 (Regulated Activities) Order 2001.
An investor who closes on a payment firm or lending business without accounting for these changes inherits regulatory exposure from day one.
UK Regulated Business Due Diligence 2026 — Core Verification Checklist
| Due Diligence Area | Key Verification Requirements | 2026 Regulatory Reference |
| FCA Authorisation | Verify firm’s FCA Register status, permissions, and regulatory history | FCA Financial Services Register |
| AML/KYC Controls | Customer Due Diligence policies, SARs filing record, MLRO appointment, 5-year records retention | MLR 2017 (as amended by Draft SI 2026) |
| Financial Statements | 3–5 years audited accounts (UK GAAP/IFRS), VAT returns, HMRC correspondence, tax compliance | HMRC / Companies House |
| Safeguarding Compliance | CASS 15 / CASS 10A compliance, segregated funds audit, monthly FCA returns (from May 2026) | FCA PS25/12, CASS 15 (7 May 2026) |
| Senior Managers (SMCR) | Fit and proper assessments, SMF holder approvals, Certification Regime records | SMCR / FCA (reform mid-2026) |
| Consumer Duty | Consumer outcome evidence, fair value assessments, complaint records | FCA Consumer Duty (PS22/9) |
| Operational Resilience | Impact tolerance testing, third-party supplier due diligence, DORA considerations | FCA/PRA Operational Resilience 2026 |
| Data Protection / UK GDPR | ICO registration, DPIAs, data processing agreements, breach history | UK GDPR / Data Protection Act 2018 |
FCA Compliance Requirements: What Investors Must Audit
The most consequential area of UK Regulatory Compliance Due Diligence remains the target firm’s relationship with the Financial Conduct Authority. The following areas require granular investigation before any transaction closes.
1. FCA Register and Permissions Verification
Begin by retrieving the firm’s entry on the FCA Financial Services Register. Verify:
- All current permissions align with the business activities being acquired
- No supervisory notices, requirements, or voluntary restrictions are in force
- The firm’s approved persons and Senior Management Function (SMF) holders are correctly listed and have no adverse enforcement history
- Appointed Representatives (ARs) have been properly supervised — the FCA’s Supreme Court judgment on principal liability for ARs, published in March 2026, confirmed that principals face direct liability for AR misconduct
2. AML and Financial Crime Controls
AML failings are the most common driver of FCA compliance requirements enforcement. Between 2015 and 2025, the FCA issued over £1.07 billion in AML-related fines across 27 cases. In 2025 alone, Nationwide Building Society was fined £44.1 million, Barclays Bank £42 million, and Monzo £21.1 million — all for customer due diligence and AML control failures.
Investors must audit:
- The firm’s documented CDD and EDD policies under MLR 2017
- MLRO appointment, seniority, and independence from commercial pressure
- Suspicious Activity Reports (SARs) filing history with the National Crime Agency
- 5-year retention of all CDD documents (a regulatory requirement, and a deal-critical data room asset)
- Transaction monitoring systems — the FCA expects these to scale with business growth
3. Safeguarding Compliance (Payment and E-Money Firms)
For payment institutions and electronic money institutions, Due Diligence Before Closing in 2026 must specifically verify compliance with FCA PS25/12 ahead of the 7 May 2026 deadline. Key areas include:
- Daily reconciliation of relevant funds
- Monthly safeguarding returns to the FCA (new from May 2026)
- Annual independent safeguarding audit separate from statutory audit (except firms holding under £100,000 for 53+ weeks)
- Third-party due diligence on banks and custodians holding safeguarded funds
- Resolution pack — regularly updated documentation enabling rapid return of client funds in insolvency
Financial Due Diligence UK: Key Quantitative Checks
Sound Financial due diligence UK goes beyond reviewing audited accounts. For regulated businesses, financial health and regulatory health are intertwined. An FCA fine or requirement to strengthen capital resources can materially affect post-closing valuations.
Investors should verify the following financial documentation:
- Three to five years of audited financial statements prepared under UK GAAP or IFRS
- VAT returns and HMRC correspondence for the last three years — HMRC penalties can attach to the acquirer for three years of prior tax obligations
- Regulatory capital adequacy evidence, including ICARA/ICAAP documentation where applicable
- Material contracts with change of control clauses that may trigger repayment or termination
- Any outstanding civil recovery or confiscation proceedings linked to AML failures
- Pending or historic FCA enforcement investigations — the FCA’s updated Enforcement Guide (June 2025) raised the bar for opening investigations, but existing open cases transfer with the business
Timeline note: UK due diligence typically runs 30 to 90 days. Regulated transactions particularly those involving FCA authorisation, overseas operations, or complex safeguarding structures consistently extend to 90 days or beyond.
FCA Enforcement Snapshot 2025–2026 — Fines Investors Must Know About
| Institution / Individual | Fine Imposed | Breach Category | Year |
| Nationwide Building Society | £44.1 million | AML systems & controls failures | 2025 |
| Barclays Bank PLC | £42 million | Customer Due Diligence failures | 2025 |
| Monzo Bank Limited | £21.1 million | High-risk customer onboarding | 2025 |
| London Metal Exchange | £9.2 million | Market conduct & control frameworks | 2025 |
| Barclays Bank UK plc | £3.1 million | KYC / account opening controls | 2025 |
| Russel Gerrity (Individual) | £310,000 | Insider dealing – Market Abuse Reg. | 2026 |
| Darren Antony Reynolds | £2,037,892 | Unsuitable pension advice, fraud | 2026 |
| FCA Q1 2026 Total Fines | £16.1 million | Multiple regulatory breaches | Q1 2026 |
Source: FCA Final Notices, FCA 2026 Fines Register (as at Q1 2026). Total FCA financial penalties in 2024–2025: over £186 million.
Senior Managers and Certification Regime (SMCR) Due Diligence
The SMCR remains a primary focus area for Financial due diligence UK in 2026. Changes to the regime are expected in mid-2026, most likely removing the Certification Regime from primary legislation and reducing the number of SMFs requiring regulatory approval. Investors must:
- Map all current SMF holders against their responsibilities and verify ongoing FCA approval status
- Review Certificates of Fitness issued under the Certification Regime, including annual renewal records
- Assess conduct history for all COCON-subject individuals — from September 2026, non-financial misconduct (bullying, harassment, violence) will be a regulatory breach
- Investigate any regulatory references provided to or received from other regulated firms
Emerging 2026 Risk Areas: What Standard Checklists Miss
Standard due diligence templates, many of which pre-date 2024, routinely overlook several high-risk areas that are now regulatory priorities:
AI and Technology Risk
The FCA’s 2026 Regulatory Priorities reports identify AI in compliance as a cross-cutting priority. The Bank of England published an assessment of financial stability risks from agentic AI in Q1 2026. Investors should request the target firm’s AI register — every AI tool used, its risk class, and documented vendor due diligence.
Operational Resilience
Under the FCA and PRA operational resilience framework, important business services must be tested against impact tolerances. Acquirers must verify that these tests have been completed and that third-party dependencies are documented. Cybersecurity is a cross-cutting FCA priority for 2026.
Cryptoasset Compliance
The UK cryptoasset regulatory regime is due in October 2027, but the Draft SI 2026 already introduces enhanced due diligence requirements for cryptoasset exchange correspondent relationships from 26 March 2026. Any acquisition of a firm with crypto exposure must address these provisions.
Buy-Now-Pay-Later (BNPL / Deferred Payment Credit)
From July 2026, deferred payment credit products come within the scope of regulated activities. Targets offering any form of credit deferral must be assessed for readiness under the new regulatory perimeter.
How Insights UK Can Help You?
Our team supports clients across the full deal lifecycle:
- Pre-deal regulatory health checks — FCA Register verification, enforcement history searches, SMCR mapping, and AML framework assessments
- Gap analysis against the FCA’s 2026 Regulatory Priorities reports and the new safeguarding regime (PS25/12 / CASS 15)
- Financial crime due diligence — independent review of CDD/EDD policies, transaction monitoring systems, and SARs history
- Regulatory capital and ICARA/ICAAP assessment for prudential risk quantification
- Post-completion compliance integration — embedding acquired firms into your regulatory framework without disruption
- Ongoing monitoring and compliance support as the UK regulatory framework 2026 continues to evolve through the year
Whether you are a domestic investor, a private equity fund, or an international buyer entering the UK market, Insights UK delivers the regulatory intelligence you need to close with confidence. Contact our team today to request a tailored due diligence scoping assessment.
FAQs
Q: What is the biggest deal-breaker in UK regulatory due diligence for 2026?
A: Undisclosed regulatory breaches, a lack of evidence for the FCA’s Consumer Duty compliance, or failing to identify UBOs (Ultimate Beneficial Owners) in complex structures are major deal-breakers.
Q: How has the SMCR changed in 2026?
A: From April 2026, the FCA and PRA implemented Phase 1 reforms, including extending criminal record check validity to six months, allowing 12 weeks for SMF applications, and revising the fit and proper test.
Q: What should investors check regarding AI usage?
A: Investors must verify that the target firm tests AI applications through the FCA’s sandbox and can demonstrate fair customer outcomes.
Q: What are the biggest risks of acquiring a UK regulated business without proper due diligence?
A: Acquirers inherit HMRC tax liabilities for the prior three years, pending FCA enforcement investigations, TUPE employment obligations, and undisclosed AML failures. Over 60% of UK deal failures are attributed to inadequate pre-closing due diligence.
Q: What are the key AML changes in 2026?
A: There is an increased focus on money laundering through markets and stricter oversight of Finfluencers (financial influencers).
