An analysis of a decade of FCA enforcement actions using our comprehensive fines database, revealing patterns in breach categories, fine sizes, targeted sectors, and what compliance teams should learn.
Enforcement data tells a story that policy documents and dear CEO letters cannot. When you analyse a decade of FCA fines, not individual cases in isolation but the full dataset viewed as a time series, patterns emerge that are far more instructive than any single headline penalty. The trends reveal where the regulator's priorities actually lie, as opposed to where it says they lie, how enforcement severity is escalating, which sectors bear the heaviest regulatory burden, and which types of misconduct the FCA has decided it will not tolerate under any circumstances.
At MEMA, we maintain a comprehensive database of FCA enforcement actions spanning over a decade, publicly accessible at fcafines.memaconsultants.com. This database captures every published final notice, including the firm or individual involved, the fine amount, the breach categories, the date of the enforcement action, and the regulatory provisions breached. What follows is our analysis of what this data reveals about the FCA's enforcement trajectory and, more importantly, what it means for compliance teams at regulated firms in 2026.
Total Fines Over Time: The Escalation Is Real
The headline trend is unmistakable. The FCA's total annual fine values have been on an upward trajectory over the past decade, with periodic spikes driven by landmark cases but an underlying baseline that has increased significantly.
The year-on-year figures show substantial variation, which can be misleading if viewed in isolation. A single billion-pound penalty, such as those imposed in connection with LIBOR manipulation or large-scale AML failures, can distort the annual total dramatically. The more revealing metric is the median fine size, which strips out the impact of outlier cases and reveals the FCA's baseline enforcement severity.
Over the past decade, the median fine imposed by the FCA has approximately doubled. This reflects a deliberate policy choice. The FCA's penalty framework, set out in DEPP 6, uses a five-step process that begins with a calculation based on the firm's relevant revenue. The regulator has progressively applied higher multipliers within this framework, particularly for repeat offenders, firms that failed to cooperate, and cases involving consumer detriment. The message to compliance teams is clear: the financial cost of enforcement action is rising faster than inflation, and the trend shows no sign of reversing.
For compliance officers presenting risk assessments to their boards, the data provides a compelling quantitative basis for compliance investment. The average cost of an FCA enforcement action, including the fine itself, legal costs, remediation expenses, and reputational damage, now significantly exceeds the cost of the compliance programmes that would have prevented it.
AML Dominates the Breach Landscape
If there is a single finding from the fines database that every compliance officer should internalise, it is this: anti-money laundering failures account for a disproportionate share of FCA enforcement actions, and the penalties for AML breaches are consistently among the largest the regulator imposes.
Our analysis of breach categories across the full dataset reveals that AML-related breaches, including failures in customer due diligence, transaction monitoring, suspicious activity reporting, and sanctions screening, appear in a substantial proportion of all enforcement actions. More significantly, when AML is the primary or contributing breach category, the average fine is materially higher than for other breach categories.
This is not coincidental. The FCA has identified financial crime as one of its strategic priorities, and the regulator's approach to AML enforcement reflects a view that AML failures are not merely technical compliance breaches but enablers of serious organised crime, terrorism financing, and sanctions evasion. The FCA's enforcement rhetoric consistently frames AML failures in these terms, and the penalty amounts reflect that framing.
The practical implication for compliance teams is that AML controls must be treated as a first-order priority, not because the rules are more complex than other areas of regulation (they are, but that is not the point) but because the enforcement consequences of failure are disproportionately severe. A firm that has adequate but imperfect controls in most areas of regulation but genuinely robust AML controls is in a stronger position than a firm with the opposite profile.
Key AML enforcement themes from the database include:
- Customer due diligence failures at account opening, particularly for high-risk customers and politically exposed persons (PEPs), remain the single most common AML breach category
- Transaction monitoring deficiencies, including systems that generate excessive false positives (leading to alert fatigue and missed genuine suspicious activity) and systems that are inadequately calibrated to the firm's risk profile
- Suspicious activity report (SAR) filing failures, where firms either failed to file SARs when they should have or filed them too late for law enforcement to act
- Sanctions screening gaps, particularly in firms that rely on automated screening tools without adequate human oversight of potential matches
Sectors Most Targeted
The FCA's enforcement actions are not evenly distributed across the financial services landscape. Certain sectors attract disproportionate regulatory attention, and the fines database reveals these concentrations clearly.
Banking and deposit-taking institutions account for the largest share of total fine value, which is unsurprising given that these firms handle the largest volumes of transactions and are the primary gatekeepers against financial crime. The very largest FCA fines in the database are predominantly imposed on banks, reflecting both the scale of the failures and the size of the firms involved.
Wealth management and investment firms represent a significant and growing share of enforcement actions. The FCA's focus on this sector has intensified since the introduction of the Consumer Duty, as fair value assessments and suitability of advice have become active enforcement themes. The database shows an increasing number of enforcement actions against wealth managers for failures in suitability assessments, inadequate disclosure of charges, and conflicts of interest in product recommendations.
Insurance intermediaries and brokers appear in the database with increasing frequency, particularly in relation to financial promotions, fair value, and handling of client money. The FCA's supervisory strategy for the insurance sector has shifted from a primarily thematic approach to firm-specific enforcement, and the fines data reflects this transition.
Payment services and e-money firms are a newer addition to the enforcement landscape but one where activity is accelerating. As the FCA's regulatory perimeter has expanded to cover a broader range of payment and e-money activities, enforcement actions in this sector have grown correspondingly, particularly around AML controls and safeguarding requirements.
For compliance teams, the sectoral analysis provides a useful benchmarking tool. If your firm operates in a sector where enforcement activity is concentrated, your compliance programme should reflect that reality. The argument for investment in compliance controls is materially stronger when supported by sector-specific enforcement data showing that firms like yours are being fined for failures like the ones you are trying to prevent.
The Anatomy of a Large Fine
Analysing the characteristics of the largest fines in the database reveals consistent patterns that compliance teams can use to assess their own exposure.
Multiple concurrent breaches. The largest FCA fines almost always involve multiple categories of breach. A firm that fails on AML will typically also be found to have failures in governance (SYSC), senior management accountability, and systems and controls. The FCA's penalty framework applies aggravating factors for multiple concurrent failures, and the compound effect on the final penalty is significant. This pattern underscores the importance of integrated compliance frameworks that address regulatory requirements holistically rather than in silos.
Duration of the breach. The FCA's penalty calculations are influenced by how long the breach persisted. Firms that identify and remediate issues quickly receive significantly lower penalties than firms where breaches continued for years. The fines database shows a clear correlation between breach duration and penalty severity. This data point alone makes a compelling business case for investment in compliance monitoring and surveillance capabilities that detect issues early.
Cooperation and remediation. The FCA's settlement discount scheme, which provides a 30 per cent reduction in penalty for firms that settle at the earliest opportunity, is well-established. The fines database confirms that firms which cooperate with investigations, self-report issues, and implement voluntary remediation programmes consistently receive lower penalties than firms that contest enforcement proceedings or fail to engage constructively. For compliance teams, this reinforces the importance of having pre-agreed internal protocols for engaging with the regulator when issues are identified.
Senior management accountability. An increasing proportion of enforcement actions in the database include proceedings against named individuals under the Senior Managers and Certification Regime. The FCA has been explicit about its intention to hold senior managers personally accountable for regulatory failures that occur on their watch, and the data confirms that this intention is being translated into enforcement action. For senior managers, the personal financial and reputational consequences of an enforcement action are significant, including fines, prohibition orders, and public censure.
Lessons for Compliance Teams
The enforcement data yields several practical lessons that compliance teams can apply directly to their risk assessments, compliance plans, and board reporting.
Lesson 1: Follow the money, not the rhetoric. The FCA publishes extensive guidance, policy statements, and dear CEO letters on a wide range of topics. Not all of these topics translate into enforcement action with equal frequency or severity. The fines database provides a reality check on where the FCA is actually deploying its enforcement resources, as opposed to where it says it might. AML, Consumer Duty outcomes, and financial promotions are the areas where enforcement activity is concentrated. Compliance investment should reflect this reality.
Lesson 2: The trend is towards higher penalties. The escalation in fine sizes is not driven solely by larger firms or more egregious misconduct. The FCA has been recalibrating its penalty approach across the board, and the data shows that even mid-sized firms and moderately serious breaches attract penalties that would have been considered exceptional a decade ago. Boards must be made aware of this trend when they are making decisions about compliance budgets.
Lesson 3: Speed of remediation matters more than perfection of controls. No compliance framework is perfect, and the FCA does not expect perfection. What the regulator does expect, and what the enforcement data confirms it rewards, is the ability to identify issues quickly, escalate them appropriately, and remediate them effectively. Firms with strong surveillance and monitoring capabilities that detect and address issues early consistently fare better in enforcement proceedings than firms with elaborate but slow-moving governance structures.
Lesson 4: Enforcement themes are predictable. The fines database reveals that FCA enforcement priorities are remarkably consistent over time. AML has been a dominant enforcement theme for the entire period covered by the database. Consumer protection themes (mis-selling, suitability, fair value) have been a consistent secondary focus. Firms that align their compliance monitoring and testing programmes to these proven enforcement themes are investing their compliance resources where the risk is highest.
Lesson 5: Individual accountability is real and increasing. The proportion of enforcement actions that include proceedings against individuals has been growing. Compliance teams should ensure that senior managers understand their personal regulatory exposure and that the firm's SM&CR framework genuinely allocates responsibilities in a way that is both clear and defensible.
Using Fines Data for Horizon Scanning
One of the most valuable but underutilised applications of enforcement data is as a horizon scanning tool. By monitoring new FCA enforcement actions as they are published, compliance teams can identify emerging enforcement themes before they appear in formal guidance or policy statements.
The FCA's enforcement pipeline typically lags its supervisory priorities by 18 to 36 months. Issues that the FCA identifies through thematic reviews or supervisory interactions today will generate enforcement actions in 2028 or 2029. Conversely, the enforcement actions being published today reflect supervisory concerns from 2023 and 2024. By tracking enforcement actions in real time, compliance teams can observe the transition from supervisory concern to enforcement action and use this intelligence to calibrate their own compliance priorities.
Our FCA Fines Database is designed to support exactly this kind of analysis. The database is searchable by firm, date, breach category, and penalty amount, and is updated as the FCA publishes new final notices. Compliance teams can use it to:
- Benchmark their firm's risk profile against enforcement actions in their sector
- Identify emerging enforcement themes by tracking the breach categories of recent enforcement actions
- Quantify the financial risk of specific compliance failures using actual penalty data
- Support board reporting with evidence-based assessments of regulatory risk
- Inform compliance monitoring and testing programmes by focusing on the areas where enforcement activity is concentrated
The database integrates with our broader regulatory intelligence capability, including our Regulatory Canary horizon scanning platform, which tracks FCA publications, consultations, and regulatory updates in real time. Together, these tools provide compliance teams with a comprehensive view of both the regulatory pipeline (what is coming) and the enforcement record (what the FCA actually does when firms fall short).
The Enforcement Outlook for 2026 and Beyond
The FCA's published enforcement strategy for 2026, articulated through its inaugural Enforcement Watch publication, confirms that the trends visible in the fines database will intensify. The regulator is pursuing fewer but higher-impact cases, using its publicity powers more aggressively, and focusing enforcement resources on systemic failures rather than isolated compliance breaches.
For compliance teams, the strategic implication is that the cost of getting it wrong is increasing while the probability of detection is also increasing, thanks to the FCA's investment in data analytics and automated supervision capabilities. This combination means that the expected cost of non-compliance, the probability of detection multiplied by the cost of enforcement action, has increased materially. Compliance investment that may not have been justified on a cost-benefit basis five years ago may now be clearly justified by the enforcement data alone.
The firms that will navigate this environment most successfully are those that treat enforcement data not as a historical curiosity but as actionable intelligence. The patterns in the data are clear, the trends are consistent, and the implications for compliance strategy are direct. The question is whether firms will act on what the data tells them before the FCA acts on what its own data reveals.
Explore the Full Database
Our complete FCA fines database is freely accessible at fcafines.memaconsultants.com. We encourage compliance officers, senior managers, and board members to explore the data, filter by the sectors and breach categories relevant to their firm, and use the findings to inform their compliance priorities for 2026.
If you would like support interpreting the enforcement data in the context of your firm's specific regulatory position, or if you need help translating enforcement trends into a practical compliance monitoring programme, our regulatory advisory team can help.
Book a consultation to discuss how enforcement intelligence can strengthen your firm's compliance framework and reduce your regulatory risk.
For a broader view of the regulatory landscape, read our analysis of FCA Compliance Priorities for 2026 or explore our Compliance Services.
MEMA Regulatory Team
The MEMA Regulatory Team includes ex-FCA supervisors and Big 4 consultants with deep expertise across all aspects of UK financial services regulation and compliance.
Need regulatory support?
Our team can help with FCA authorisation, compliance outsourcing, and regulatory change implementation.
Book a consultation