Crisis Management and Investigations Circular – Issue 1 – March 2026

The FCA has published the first edition of its "Enforcement Watch" newsletter, as part of its ongoing push for greater transparency on who it is investigating and why.

"Enforcement Watch 1" confirms that between June and December 2025, the FCA opened 23 enforcement operations (including 6 against individuals). By comparison, the FCA opened 23 operations over the longer twelve-month period ending 31 March 2025, which suggests that the FCA is staying true to its mantra of "quality over quantity".

The FCA's inaugural newsletter also examines the impact of its updated Enforcement Guidance, which came into force in June 2025. The Enforcement Guidance retains the FCA's 'exceptional circumstances' test for announcing investigations into regulated and listed firms. The regulator had previously attracted significant criticism from the City and government officials when it revealed plans to 'name and shame' firms in 2024.

Nevertheless, the FCA's climbdown on 'naming and shaming' has not deterred the regulator from adopting a robust enforcement agenda, with transparency continuing to be deployed as a key lever in its arsenal. This is evident in its recent decision to announce an investigation into The Claims Protection Agency Limited (TCPA), which was the subject of an unsuccessful judicial review application by TCPA, who objected to their identification as the subject of an investigation. 

The High Court's two-part judgment offers a rare glimpse into the FCA's decision-making processes. It reveals that the case team assigned to the matter initially recommended that an anonymised announcement of the investigation be made. However, Therese Chambers, the regulator's joint executive director of enforcement, requested that this be reconsidered in favour of a public announcement, because of certain factors that she believed "[did] not feature or [were] underplayed" in the original recommendation, in particular, the need to protect consumers. This suggests that the drive for transparency is being led by decision makers at the highest levels of the FCA, and the High Court's ruling is likely to embolden the regulator in the pursuit of this goal. We expect the FCA to invoke the 'exceptional circumstances' test with increasing frequency.

DPAs are a settlement tool enabling companies to avoid prosecution by admitting facts, paying a financial penalty, and implementing remedial measures to address wrongdoing alleged by the prosecutor.

In the first UK case alleging breach of a DPA, in January 2026, the High Court clarified that a DPA will remain enforceable after its stated expiry date if its financial terms are breached, which opened the door for the Serious Fraud Office to revisit prosecution of the original offence (bribery).

The High Court confirmed that, while DPAs are agreements operating in the public interest, they remain subject to ordinary principles of contractual construction. If the financial terms of a DPA are satisfied in full by its expiry date, the agreement ceases to have effect but, if they are not satisfied, the DPA remains in force post-expiry and the SFO is free to take further steps to obtain full payment (for instance by way of variation of the DPA) or alternatively continue to prosecute the original offence.

The High Court's ruling is a significant judgment and welcome news for the SFO, not least because it preserves the integrity of the DPA regime. The decision effectively states that DPAs cannot be circumvented through technical arguments. Had the High Court made a decision to the contrary, it could have severely undermined and thrown into doubt the effectiveness of the UK DPA regime because it would have permitted a counterparty to evade agreed financial penalties simply by delaying payment.

The unexpected announcement that Nick Ephgrave will step down as Director of the UK’s Serious Fraud Office (SFO) halfway through his five-year term, at the end of March, raises broader questions regarding the direction of the SFO.

Within the first three months of his tenure, starting in September 2023, he oversaw more dawn raids than had been conducted in the previous three years combined. Throughout his time in post, he has overseen the opening of 12 new corporate investigations, including the bribery charges brought against former executives of mining company, Glencore in August 2024.

One of Ephgrave’s most significant reforms was his proposal to pay whistleblowers in order to incentivise people to come forward. Such a policy would bring the UK system more closely in line with the approach taken in the US. Despite Ephgrave's impending departure, we expect whistleblower incentivisation to remain a key pillar of the agency's future ambitions. Ephgrave's approach to witness incentivisation has been followed by other branches of government, including HMRC, who announced plans in November 2025 to introduce an incentivisation programme to encourage individuals to come forward with valuable information to tackle high-value tax avoidance and evasion.

However, Ephgrave’s tenure has not been without controversy, with failures in the SFO’s evidence disclosure software resulting in the agency abandoning a decade-old bribery prosecution and re-examining the integrity of 20 of its cases.

Predictably, Ephgrave’s sudden departure has raised questions about the agency’s future, including speculation about a possible merger with the National Crime Agency. There will inevitably be internal restructuring following the departure of Ephgrave and the reported departure of three senior SFO prosecutors. The significant loss of senior experience comes at a time when the SFO has a larger caseload than in recent years. The high-profile trials listed for 2026 include Petrofac, Buy2Let Cars and Patisserie Valerie, the latter of which has now been postponed until 2028 (some ten years on from the accounting crisis that led to the company's collapse). 

The SFO’s chief operating officer, Graham McNulty, has been appointed to lead the agency on an interim basis. 

Significant employment law reforms are set to take effect this year, following the enactment of the Employment Rights Act 2025 and the FCA’s recent Policy Statement on non-financial misconduct. Businesses and regulated firms will need to re-evaluate their compliance and HR programmes to avoid falling foul of these developments. We consider a few of the most notable developments below.

Establishment of the Fair Work Agency

In April 2026, the Government will establish the Fair Work Agency (FWA), a new single enforcement body for employment rights in the UK. The FWA is intended to transform labour market enforcement and protect workers from unscrupulous employers who breach minimum wage and other labour laws.

The FWA will be empowered to inspect workplaces, require employers to demonstrate compliance with employment laws, deploy a civil penalty regime where workers have been underpaid, and initiate proceedings on behalf of workers.

The FWA intends to publish guidance on its approach to implementation later this year – keep an eye out for this in future editions of the Crisis Management and Investigations Circular.

Creation of an employer liability for third party harassment and strengthening of duty to prevent sexual harassment

From October 2026, employers will be liable for harassment of employees by third parties during the course of their employment, including by customers or clients. This new liability applies both to harassment related to protected characteristics (such as sex, race, disability and sexual orientation) and to sexual harassment. The current duty to take reasonable steps to prevent sexual harassment in the workplace will become a duty to take "all" reasonable steps and new regulations will stipulate the measures employers should put in place. 

The creation of a standalone statutory liability for third-party harassment has attracted controversy. Businesses have raised concerns about the onerousness of these obligations. In response, the Government has confirmed that employers are required only to take steps that are reasonable for their specific circumstances. Employers should take steps to prepare for these changes by reviewing and updating their existing sexual harassment risk assessment and harassment policies and procedures, as well as carrying out a specific third-party harassment risk assessment and implementing appropriate prevention measures (e.g. provisions in third party contracts and codes of conduct).

Non-financial misconduct in financial services

The FCA has published its final rules and guidance on non-financial misconduct (NFM) for all regulated firms. From 1 September 2026:

• under the Code of Conduct sourcebook NFM can be a breach of the Conduct Rules; and
• NFM (both inside and outside work) will form part of the Fit and Proper test for senior managers and certified staff, and the FCA will publish guidance for firms on how to approach different types of NFM.

The definition of misconduct in the FCA's new Conduct Rules closely aligns with the definition of harassment in the Equality Act 2010 but is also broad enough to encompass more general bullying. Under the Conduct Rules, the misconduct will need to be serious and not relate solely to the staff member's private or personal life.

For fit and proper assessments, firms will need to take a broader approach to misconduct. For example, behaviour in the individual's private life could be in scope and behaviour would be relevant wherever in the world it occurs.

Firms will need to consider their policies and processes for assessing Conduct Rule breaches and fitness and propriety, as well as their training for staff, ahead of the new rules and guidance coming into force.

We consider the NFM rules in further detail in our briefing: New FCA guidance on non-financial misconduct | Travers Smith.

The CMA is continuing to use its enforcement powers to promote competition and protect consumers, with the UK government's goal of supporting growth and investment for UK businesses in focus. The regulator's draft Annual Plan for 2026-2027 reiterates the CMA's commitment to consumer protection and builds on the powers it has to investigate practices which may impact effective competition. We briefly consider recent notable developments in these areas below.

The CMA's strengthened consumer enforcement powers

The Digital Markets, Competition and Consumers Act 2024 (DMCCA), which came into force in May 2024, has significantly strengthened the CMA's consumer protection enforcement powers. The enactment of the consumer enforcement aspects of the DMCCA was swiftly followed by the launch of a major consumer protection drive by the CMA, during which it opened eight investigations into online pricing and advertising tactics across a range of sectors. The CMA has also subsequently opened a further consumer law investigation into Adobe (see below). These investigations are the first to be conducted under the new DMCCA consumer enforcement regime. 

Two recent actions highlight the CMA's increasingly robust approach to consumer protection:

1. A £473,000 fine was imposed on Euro Car Parks (ECP) for failing to respond to an information notice: the fine was issued pursuant to the DMCCA, following seven separate attempts by the CMA to secure a response from ECP to its information notice (ECP ignored the notices because it thought they were spam). The CMA's penalty is a stark reminder for businesses that information notices cannot be ignored and legally require businesses to provide information. Providing incomplete or inaccurate information can also give rise to a fine, particularly if the CMA believes that it has been misled or there has been an unjustifiable delay. ECP has appealed the CMA's decision to the High Court.
   
   
2. An investigation has been launched into Adobe's early termination fees: the CMA is investigating whether early termination fees which apply to certain Adobe subscription products breach UK consumer protection law. The CMA's investigation will examine whether these terms are unfair and whether customers are given clear and timely information upfront about the early termination fees, as these are likely to influence their decision to purchase the product. Businesses using a subscription model already face new regulation, which is expected to be brought into force later this year – but this latest investigation highlights how other aspects of their business model, such as charges for early cancellation, are also at risk of being scrutinised by regulators.

Competition enforcement - CMA launches investigation into hotel chains

The CMA has opened an investigation into suspected sharing of competitively sensitive information by three of the world's largest hotel chains, Hilton, IHG Hotels, and Marriott as well as CoStar, which is the operator of the hotel data analytics platform STR.

STR provides a range of data points on the hotel industry's standard metrics including "forward-looking data and forecasts". The CMA is concerned that the sharing of information through the STR platform could have facilitated a reduction in strategic uncertainty between the hotel chains – which are among the largest in the UK.

The CMA will undertake an information-gathering exercise until August and will then decide whether to issue a statement of objections.