FCA Fines Tripled to £176M Last Year. Small Finance Firms Are Next.
The FCA's enforcement posture has shifted. Fines for compliance failures nearly tripled in 2024, and the regulator is explicitly targeting smaller firms. Here's what small advisory and accountancy practices need to know—and do.
FCA Fines Tripled to £176M Last Year. Small Finance Firms Are Next.
In its 2024 annual report, the UK Financial Conduct Authority reported total financial penalties of £176 million—nearly triple the 2023 figure. More significant than the number is what's changed in how the FCA is targeting enforcement.
For the first time, the regulator is explicitly naming smaller firms as a primary enforcement focus. The era of compliance scrutiny being reserved for major banks and large asset managers is ending.
For small advisory practices, independent financial advisors, and boutique accountancy firms, that's a material change in operating environment.
What's Driving the Shift
Three factors are converging:
1. AI tool adoption creating new documentation risk
Staff at small firms are using AI tools for client communications, due diligence drafts, and compliance documentation. These tools weren't in existence when most firms wrote their AI and technology use policies—which means most firms have no written policy at all.
When an FCA examiner asks for your firm's policy on AI tool use in client-facing contexts, "we don't have one" is not a defensible position. It's an enforcement flag.
2. AML failures at smaller firms
The FCA's 2024 enforcement actions included a notable cluster of AML (Anti-Money Laundering) violations at firms with under 50 employees. The pattern: procedures existed on paper, but staff couldn't demonstrate they understood them in practice. Training records were absent or insufficient.
Under the UK's Senior Managers and Certification Regime (SMCR), senior managers at small firms are personally accountable for compliance failures in their teams. "I didn't know" is not a defense. "My staff weren't trained" is the evidence of the violation.
3. Consumer Duty creating active monitoring requirements
The FCA's Consumer Duty framework, which came into full force in 2023, requires firms to demonstrate ongoing monitoring of customer outcomes—not just point-in-time compliance. For small firms, this has implications for how staff are trained on client interaction standards, disclosure requirements, and outcome documentation.
Firms that can demonstrate staff training tied to Consumer Duty requirements are measurably better positioned in examination. Firms that can't are exposed.
The Specific Gaps FCA Examiners Are Finding
Based on published enforcement actions and sector guidance from the FCA, examiners at smaller firms are consistently finding:
Inadequate AML training records
The FCA requires that all relevant staff receive AML training appropriate to their role and that firms maintain records demonstrating who was trained, when, and on what content. At smaller firms, "training" often means a manager explaining the procedures verbally once. That's not a record. It's not sufficient.
No documented AI use policy
As noted above: if your staff are using AI tools in client-facing or compliance-sensitive contexts, you need a written policy governing when it's permitted, when it's not, what review is required before using AI-generated content with clients, and how that use is documented. Most small firms don't have this.
Undifferentiated training across roles
An independent financial advisor has different compliance obligations than a para-planner, who has different obligations than a client service associate. Generic compliance training that doesn't map to role-specific risk profiles is an FCA examination weakness.
Stale certifications
Under SMCR, Certified Functions must hold and maintain appropriate qualifications and training. Examiners are increasingly checking that certifications are current and that ongoing training is documented—not just that initial qualifications were obtained at hire.
What Compliant Small Firms Are Doing
Maintaining a training register
A training register doesn't have to be complex. It needs to record: which staff received which training, on which date, and with what documented outcome. Firms that can produce this on examination day are in a fundamentally different position than firms that can't.
Building role-specific compliance paths
AML training for a client service associate covers different content than AML training for a compliance officer. Consumer Duty training for an IFA covers different scenarios than for a financial planning administrator. Role-specific training produces better knowledge outcomes and creates clearer documentation.
Training on AI tool governance
This is the most urgent gap for most small firms. Staff are already using AI tools. The question is whether they're doing it with clear policy guidance or ad hoc. A documented AI use policy, combined with training on what it requires, creates an evidence record that the firm is managing the risk.
Quarterly refreshers instead of annual box-ticking
Annual training sessions with a year-end checkbox don't produce compliance behavior. Brief quarterly refreshers—focused on recent regulatory developments, recent enforcement actions, and any changes in firm procedures—maintain awareness and produce better examination outcomes.
The SMCR Personal Liability Dimension
The Senior Managers and Certification Regime makes personal accountability explicit. If your firm has a compliance failure and you are the senior manager responsible for the function, you can be held personally liable—not just the firm.
The FCA's view on training is direct: senior managers are expected to ensure their teams are adequately trained, adequately supervised, and that training records are maintained. A firm-level compliance failure that traces back to inadequate staff training is a senior manager compliance failure.
This is why compliance training at small firms is not an administrative overhead. It's risk management for the people at the top of the org chart.
Where to Start
If your firm hasn't conducted a structured compliance skills assessment recently, that's the right first step. Not an annual quiz—a genuine gap analysis that shows which staff have which knowledge gaps against their role-specific requirements.
From there, the priority order is:
- AML training records — Document who was trained, when, on what. Close gaps immediately.
- AI use policy — Draft and distribute a written policy. Train staff on what it requires.
- Consumer Duty mapping — Map your training program to Consumer Duty requirements by role.
- SMCR certification currency — Verify all certified functions hold current appropriate certifications.
- Quarterly cadence — Replace the annual checkbox with quarterly refreshers tied to regulatory developments.
The FCA has made its priorities clear. Small firms are in scope. The compliance gap between firms that can demonstrate adequate staff training and firms that can't has become a primary examination differentiator.
Need to assess where your finance team's compliance knowledge actually stands? OpenSkills runs role-specific compliance assessments and builds training tracks matched to FCA, FINRA, and AML requirements—at flat monthly pricing that works for small practices.
Get practical AI rollout playbooks by email
Weekly templates for SMB teams shipping AI training without extra headcount.
Move from AI reading to AI adoption this week.
Launch role-based learning paths, coach your team in real workflows, and track adoption from one dashboard.
Start Free Trial- 14-day free trial
- No credit card required
- Cancel anytime