Brief

SIPP reform: due diligence and asset controls under FCA CP26/20

CP26/20 proposes explicit SIPP due-diligence rules and a Pension Scheme Money and Assets regime. We examine the evidence and operating-model decisions.

MC

Michaela Clarke

Operations & Compliance Coordinator

Week of 13 July 20267 min read
Open asset-record case beside a pension ledger and reconciliation sheet, showing varied assets matched to controlled records

At a Glance

The FCA's CP26/20 consultation on self-invested personal pensions proposes two connected reforms: explicit due-diligence rules for SIPP operators and a new Pension Scheme Money and Assets regime for structures using unauthorised trustees. The consultation closes on 24 August 2026. These are proposals, not final rules.

CP26/20: proposal and implementation checkpoints Consultation dates and proposed future stages are kept distinct SOURCE Consultation opens 22 Jun 2026 SOURCE Responses close 24 Aug 2026 FUTURE FCA final rules After feedback PROPOSED Implementation 12 months Fixed FCA date or current source fact Proposed or future stage, not a current rule
MEMA visual summary based on CP26/20 on self-invested personal pensions. Future stages remain subject to the FCA consultation and final rule-making. On smaller screens, scroll the visual horizontally to see every stage.

The scale explains the attention. The FCA says SIPP assets under administration reached approximately £567bn across 5.3 million consumers in 2024. Its concern is not that flexibility is inherently harmful. It is that inconsistent investment and third-party checks, weak trustee-bank-account controls and poor books and records can leave consumers exposed when an asset proves fraudulent, a transfer stalls or an operator fails.

Why the Current Control Model Is Changing

SIPP operators already have due-diligence obligations under high-level rules, including Principle 2 and COBS 2.1.1R, alongside the Consumer Duty. The FCA's case for change is that high-level requirements have produced differing interpretations and inconsistent practice. CP26/20 would put more explicit requirements into the Handbook and retire the 2013 non-Handbook guidance in FG 13/8 if the proposed rules are made.

The second problem concerns pension scheme money and assets where an unauthorised trustee holds them and the detailed CASS regime does not apply. Some operators have chosen to mirror elements of CASS, but the FCA says practice varies. The proposed PSM&A regime is intended to create a consistent minimum for secure holding, accurate records, checks, oversight and information flows without simply copying every CASS provision.

The Boundary Firms Must Get Right

The proposed due-diligence rules are aimed at personal pension schemes designed to give consumers ongoing flexibility and choice over underlying investments. CP26/20 says they would not apply in the same way to schemes offering a limited set of pre-selected investments, such as a target-date fund or risk-rated model portfolios, where the firm remains responsible for the investment offering. Existing Handbook obligations would still apply to those products.

That distinction matters because investment due diligence is not the same as assessing suitability for an individual consumer. The FCA says the proposed rules are intended to test whether investments are genuine and involve credible propositions, and to reduce exposure to scams or fraud. They are not intended to turn the SIPP operator into the consumer's suitability assessor or to remove legitimate investment choice.

What the FCA Is Proposing

CP26/20 has two reform workstreams but one common control problem: the operator needs evidence that links a decision or recorded asset to the underlying third party, investment and operating arrangement.

Investment and third-party due diligence

The proposed framework would require initial and ongoing risk-based checks on relevant third parties, including introducers, advisers and discretionary investment managers. The evidence would need to show who was checked, what regulatory status and adverse information were considered, which risks required enhanced work and why the relationship remained acceptable. For proposed investments, the file would need to support the conclusion that the asset and proposition are genuine and credible, not merely record that a checklist was completed.

CP26/20 also proposes governance and monitoring controls. Firms would review the effectiveness of due-diligence processes at least annually and after a significant event. Management information would be updated at least every six months and would include declined investments and trends in introducer business. Those frequencies are proposed requirements. They should inform gap analysis now, but they do not replace the current rules before the FCA completes its rule-making.

Pension Scheme Money and Assets

For relevant unauthorised-trustee structures, the central question is whether the operator can identify each member's money and assets promptly and demonstrate that records are complete and accurate. The proposed regime covers secure holding, record quality, regular checks, oversight of third parties and the information needed when assets transfer or a firm winds down. A credible review therefore has to follow the asset through the operating model, not stop at a policy owned by the operator.

MEMA's view is that firms should map the legal holder, bank or custodian, internal book of record, data feed, reconciliation owner, exception route and wind-down dependency for each structure. That is MEMA analysis rather than an FCA-prescribed template, but it exposes whether the proposed outcome can be evidenced across organisational boundaries.

MEMA Analysis

The first output should be a decision record, not a large implementation programme. It should identify which products appear within the proposed due-diligence scope, which arrangements use unauthorised trustees, which controls already meet the proposed direction and which conclusions depend on final Handbook text. Firms should also separate improvements worth making under existing obligations from changes that should wait for final rules.

For due diligence, sample files should be reconstructed from the decision backwards: accepted or declined outcome, asset evidence, third-party checks, challenge, approval and monitoring. For PSM&A, the sample should begin with the member record and trace the corresponding money or asset to the legal holder and external confirmation. Exceptions should have an owner, cause, ageing and closure evidence. This produces a more useful baseline than a policy-to-consultation cross-reference on its own.

Decisions Before the Consultation Closes

ActionOwnerTimingEvidenceStatus
Decide whether a consultation response is warrantedPolicy or compliance leadBefore 24 August 2026CP26/20 proposal, cost, feasibility and customer-outcome evidenceMEMA planning decision
Map products against the proposed due-diligence scopeProduct governance leadInitial gap analysisCP26/20 scope, product design, investment choice and responsibility for the offeringProvisional pending final rules
Identify unauthorised-trustee money and asset structuresOperations or trustee-control ownerInitial gap analysisCP26/20 PSM&A proposal, legal holder, records, reconciliation and data flowEvidence question
Separate current weaknesses from future-rule dependenciesSenior compliance ownerRisk-basedCurrent-rule basis, CP26/20 assumption log, customer risk and completion evidenceCurrent-control decision

What Should Wait for Final Rules

After the consultation, the FCA says it will analyse responses and publish a Policy Statement setting out final rules if it proceeds. CP26/20 proposes a 12-month implementation period from the date the instrument is made. Firms can prepare architecture, evidence inventories and cost estimates now, but detailed system commitments should retain assumptions and change control until the final scope, transitional provisions and Handbook wording are known.

This distinction prevents two errors: presenting consultation text as a present obligation, and delaying obvious repairs simply because final rules are pending. Where a sample already shows weak introducer oversight, an unexplained asset discrepancy or an incomplete member record, the firm should assess that issue against its current obligations and customer risk rather than treat the consultation as the only reason to act.

Source Evidence

SourceDocument typePublishedWhy it matters
CP26/20: self-invested personal pensionsFCA consultation paper2026-06-22Primary evidence for scope, due diligence, PSM&A, governance and proposed implementation

Disclaimer

This article is for general information only and does not constitute legal or regulatory advice. Firms should assess the proposals and any final rules by reference to their permissions, products, customers, trustee structures and operating model.

How MEMA Can Help

MEMA can help SIPP operators turn CP26/20 into a source-bounded gap analysis covering product scope, third-party due diligence, asset records, reconciliation and implementation dependencies. Our FCA compliance support can be scoped around the evidence and decisions that matter to your operating model.

For wider context on the regulator's current priorities, read our analysis of the FCA's 2026 compliance priorities. If you want to test the scope before committing to a programme, book a consultation with MEMA.

Frequently asked questions

When does CP26/20 close?

The FCA is accepting responses until 24 August 2026. A firm considering a response should allow time to test the proposal against its operating model, assemble evidence and secure internal approval. After the consultation, the FCA will analyse responses and set out final rules in a Policy Statement if it proceeds.

Would the proposed due-diligence rules require a SIPP operator to assess individual suitability?

No. CP26/20 says the proposed requirements are not intended to make operators assess whether an investment is suitable for a particular consumer. Their focus is whether investments are genuine and involve credible propositions, and whether relevant third parties have been checked on a proportionate, risk-based basis. Existing product, conduct and Consumer Duty obligations continue to matter.

Does the proposed PSM&A regime replace CASS?

No. The proposal addresses SIPP structures not currently covered by detailed CASS requirements, particularly where an unauthorised trustee holds pension scheme money or assets. The FCA proposes minimum standards influenced by relevant CASS principles but adapted to SIPP structures. Firms should therefore map the actual legal holder and applicable regime before defining any gap.

Need expert regulatory guidance?

Our ex-regulator team helps firms navigate complex requirements and evidence compliance with confidence.

Book a Free Scoping Call