Most FCA compliance breaches start quietly inside the business. A month-end calculation that doesn’t reconcile, or a RegData submission that lands a day after the deadline. By the time anyone calls it an FCA compliance breach, the position has already shifted, and the work to put it right has already begun.

For directors at FCA-regulated businesses, the practical question is what to do next. The reporting, the conversations with investors, the months that follow the initial submission. Most directors are surprised to find the fine sits well down the list of consequences.

This article covers where breaches commonly start, what they actually cost once they land, what the weeks afterwards typically look like for the management team, and how regulated businesses recover and rebuild the compliance function. It’s written for Heads of Compliance, Finance Directors and CEOs at FCA-regulated businesses, including hedge funds, wealth managers and private equity managers, who want a calm read on the territory.

What an FCA compliance breach actually means

An FCA compliance breach happens when an FCA-regulated business fails to meet a capital, liquidity or reporting obligation set by the Financial Conduct Authority. The reporting obligations begin as soon as FCA registration is granted, and they’re continuous, not one-off tasks. Capital adequacy, liquidity monitoring and ICARA assessments sit at the core, and the rules apply to businesses of all sizes, including start-ups.

When a breach occurs, the business has to act on it immediately. That means filing a special report with the FCA outlining the breach, explaining the cause, the corrective action, and the preventative measures put in place so it doesn’t happen again. None of that is optional, and it lands on top of everything else the management team is trying to do that week.

The mechanics aren’t dramatic, but the downstream consequences can reshape how the business runs for months afterwards.

The most common causes of an FCA compliance breach

Most breaches don’t come from negligence. They come from routine business decisions that nobody flagged as compliance-relevant at the time. A few patterns recur across regulated firms.

Capital adequacy breaches

This is the most common entry point. Capital adequacy works on tight thresholds, and everyday financial decisions can push a business below them without anyone noticing until the next month-end check. A few patterns Wilson Partners sees regularly:

• Excessive drawings can reduce available capital, pushing the business below the required threshold.
• Bonuses paid above performance fees can deplete reserves faster than expected.
• Profit can’t be included in capital adequacy calculations unless it’s audited profit, which means mid-year profits don’t count.

Each is a legitimate business activity, and none of them feels like a compliance event when the decision is made. The adjusted capital has to remain above the higher of the base capital requirement or the Fixed Overhead Requirement (FOR), and for most regulated businesses the FOR is the primary capital adequacy threshold to meet.

Liquidity threshold failures

Alongside capital adequacy, regulated businesses have to meet their Liquid Asset Threshold Requirement (LATR). That means holding enough readily accessible cash to cover one month of fixed costs, plus any Ongoing Liquid Asset requirement based on classification. Cash in the bank has to be accessible within 30 days, and core and non-core liquid reserves have to exceed the LATR.

A business can be perfectly solvent and still breach the LATR. If liquidity is only monitored quarterly, a mid-quarter drawdown can take it below the threshold for weeks before anyone sees the issue.

Reporting failures

RegData is the FCA’s online reporting platform, and many regulated businesses follow a RegData reporting calendar with quarterly and annual filing deadlines. A missed deadline counts as a compliance reporting failure, and it triggers the same downstream consequences as a substantive breach. An inaccurate return does the same.

Errors around capital adequacy or liquidity in RegData submissions can trigger audits and investigations. The risk is highest where data is pulled from inconsistent sources or where reporting still depends on spreadsheets and email chains, with deadlines met reactively rather than to a structured framework.

Governance and ICARA gaps

Under the Investment Firms Prudential Regime (IFPR), regulated investment businesses have to prepare an annual three-year forecast and stress test their assumptions. The ICARA report has to demonstrate how the business would respond to a significant drop in AUM, the departure of a key staff member, market downturns or operational disruptions.

A weak ICARA or fragmented governance documentation can constitute a compliance gap on its own. Senior managers are now held personally accountable under the Senior Managers and Certification Regime (SMCR), which means governance issues sit with named individuals as well as the business.

The real cost beyond the fine

When directors think about FCA breaches, they tend to think about penalties first. The headline fine, the regulatory notice. In reality, that fine is usually the smallest line in the spreadsheet.

The lasting impact of a compliance breach sits in three places: how the business is run day to day, how its strategy plays out over the next 12 months, and what investors and counterparties think when they next sit across the table. Each of those costs the business in ways the fine doesn’t.

A breach may lead to:

• Increased capital requirements
• Restrictions on activities
• Enhanced supervisory monitoring
• Ongoing reporting obligations

The direct financial impact compounds beyond the initial penalty. More importantly, it diverts management attention at precisely the wrong time.

Where weaknesses are identified around capital adequacy, liquidity monitoring or governance, the FCA may require additional capital buffers. The effect can run for as long as the buffer is in place, restricting distributions and constraining how the management team can deploy cash.

Enhanced supervision also means more frequent data requests, regulatory meetings and detailed reviews of internal systems. The regulatory relationship changes shape. That shift influences how confidently the business operates and how quickly it can move on commercial decisions.

For a deeper read on the operational, strategic and reputational dimensions, see The true cost of an FCA compliance breach: it’s more than just a fine.

What happens in the days and weeks after a breach

The first response is administrative. The firm files the special report with the FCA, sets out the cause, the corrective action and the preventative measures. Internal advisers are engaged. Board reporting kicks in.

Then the wider operational shift starts.

Senior management attention narrows immediately. Board meetings shift towards remediation, external advisers are engaged, and reporting frameworks get reviewed and rebuilt over the following weeks. Energy that should be sitting on growth, client relationships or strategic planning gets redirected into damage control.

For entrepreneurial leadership teams, the bigger frustration tends to be tempo. Momentum slows. Expansion plans are paused. The opportunity cost outweighs the cash cost in almost every breach we’ve worked through with clients.

There’s an investor and counterparty dimension too. Institutional investors, private equity houses and other sophisticated capital providers conduct rigorous due diligence on FCA-regulated businesses, and that due diligence goes beyond financial performance. They’ll ask whether RegData submissions have been filed accurately and on time, whether capital requirements have ever been breached, how Own Funds are monitored, and whether liquidity is stress-tested. After a breach, those conversations get harder. The work shifts from demonstrating control to explaining what happened and what’s been put in place since.

Internally, breaches have a cultural dimension as well. Compliance failures put pressure on the people most exposed under SMCR and can knock confidence across finance and compliance teams. Restoring that confidence usually requires more than a corrected calculation. It means rebuilding the underlying structure that allowed the breach to happen.

How to recover and harden the compliance function

Recovery rarely sits as a single project. It works as a shift in how the business runs its month-end, its reporting and its board oversight. A few things tend to make the difference.

Treat every month-end as if it were a year-end

Monthly financial reporting catches issues that quarterly reporting misses. By monitoring capital adequacy and liquidity thresholds at every month-end, the business gets early warnings before it approaches regulatory limits. That avoids the need to file exception reports for non-compliance and prevents compliance breaches from escalating into larger financial risks.

The basic five-step framework most regulated businesses work to looks like this:

1. Establish the base capital requirement (£75,000 for MiFID investment firms, £150,000 under MIFIDPRU 4.4, with additional requirements for firms managing over £250m AUM).
2. Calculate the Fixed Overhead Requirement (FOR) based on three months of fixed costs, excluding variable costs like performance bonuses.
3. Determine capital adequacy by assessing Tier 1 capital, adjusting for partner current accounts, and deducting any excess drawings beyond current year profit.
4. Monitor liquidity thresholds, ensuring cash is accessible within 30 days and core and non-core liquid reserves exceed the LATR.
5. Run ongoing monthly compliance monitoring rather than waiting for quarterly submissions.

Centralise compliance data and standardise reporting

Many regulated businesses struggle with compliance because they rely on outdated, manual processes. Pulling information from multiple systems creates inconsistencies, and spreadsheet-based reporting increases the risk of errors and missed deadlines. A reactive approach means scrambling to meet FCA deadlines rather than working to a structured framework.

A single source of truth for compliance data, with clear workflows and regular internal audits, catches potential issues before they become problems.

Consider outsourced FCA compliance reporting

Many regulated businesses outsource compliance reporting to specialist providers, both during recovery and as a longer-term position. The trade-offs depend on the business. Outsourcing tends to make sense where there isn’t deep in-house FCA expertise, where compliance is draining too much internal time and resource, or where the business wants scalable support as it grows. Keeping it in-house can suit businesses with a dedicated compliance team, highly bespoke compliance frameworks, or a strong preference for full internal control. We’ve covered the trade-offs in Should you outsource FCA compliance reporting?

The Wilson Partners FCA Compliance Reporting Team works alongside regulated businesses across financial services, covering RegData submissions (Own Funds MIF001, Liquid Assets MIF002, Monitoring Metrics MIF003, Balance Sheet FSA029, Income Statement FSA030), monthly or quarterly monitoring of Capital Resource Requirement and Liquid Asset Threshold Requirement, and early insights into potential compliance deficits. The team sits inside Wilson Partners alongside Corporate Finance, Audit and CoSec capability, so clients get joined-up oversight rather than fragmented advice across multiple providers.

Rebuild the compliance narrative for investors

Compliance weaknesses introduce uncertainty, and uncertainty reduces valuation. Strong compliance signals operational control. After a breach, the most important shift is external: how the business presents itself to existing investors and to the market when next fundraising. A business that can demonstrate monthly monitoring and forward-looking forecasting at board level changes the shape of those conversations. Read more on what investors actually look for in FCA compliance and fundraising.

Where the work goes from here

A breach is a forced moment of reset. The businesses that come out of it strongest treat the response as a chance to embed compliance into management reporting and board oversight, instead of bolting on a fix and hoping nothing else surfaces.

In regulated markets, resilience is competitive advantage. For an FCA-regulated business with ambitions to scale or attract institutional capital, that foundation is worth protecting properly.

If you want to work through where your business sits today, what a recent breach or near-miss really means in practice, or how the FCA Compliance Reporting Team can help, get in touch with us. Big enough to count, small enough to care.