FCA Enforcement Actions Against Insurance Firms 2025-2026: Lessons for Compliance Teams

The FCA levied £124 million in fines across the financial sector in 2025. Its Enforcement Watch confirmed six active Consumer Duty investigations, with two of the most serious involving insurance firms in the home and travel markets. The regulator conducted thematic reviews of claims handling practices and found widespread failures. It responded to a formal super-complaint about home and travel insurance from the consumer group Which? And it imposed voluntary requirements on at least one insurer, restricting its ability to grow while governance and financial control weaknesses were remediated.

And this was a year in which the FCA described itself as conducting "fewer investigations, faster" — a strategic ambition to resolve cases more efficiently rather than to pursue fewer failures.

For compliance teams at insurance firms, 2025 was a year that made several things clear: the Consumer Duty has moved from implementation to active enforcement, claims handling is under sustained scrutiny, and the FCA's preference for supervision over formal enforcement does not mean reduced regulatory pressure — it means cost and operational restriction arrive faster, before a formal investigation is even opened.

This analysis examines what happened in 2025, what triggered the FCA's interventions, what evidence gaps were consistently identified, and what compliance teams should do differently.

The Shift from Implementation to Enforcement

When the Consumer Duty came into force in July 2023 for existing products and July 2024 for closed book products, the FCA gave firms a significant implementation period. Throughout 2023 and into 2024, the regulator's primary mode was guidance: writing to CEOs, publishing good practice examples, issuing letters identifying areas for improvement. The message was essentially: here is what good looks like; now demonstrate it.

By 2025, that period was over. The FCA's Joint Executive Director of Enforcement, Therese Chambers, confirmed at an October summit that the regulator was using its enforcement powers assertively, with a focus on resolving investigations faster rather than opening fewer of them. In its FCA Enforcement Watch publication, the regulator was explicit that its six Consumer Duty investigations — including those involving insurers — represented the most serious failures identified across its multi-firm supervisory work.

For insurance firms, this shift has a specific character. The FCA is not primarily investigating governance documentation or policy frameworks. It is investigating outcomes: what actually happened to consumers when they made claims. And when it finds poor outcomes, it is working backwards to identify the governance and oversight failures that allowed those outcomes to occur.

The Claims Handling Thematic Review: What the FCA Found

One of the most significant regulatory documents of 2025 for the insurance sector was the FCA's publication on home and travel claims handling arrangements: "Good Practice and Areas for Improvement." This thematic review synthesised findings from multi-firm supervisory work and identified patterns of failure that are instructive for any insurer or MGA with claims authority.

Lack of Control Over Outsourced Arrangements

The most commonly cited failure across the review was inadequate oversight of outsourced claims handlers. The FCA found multiple instances where insurers had delegated claims handling to third-party administrators and then effectively lost visibility of what was happening. Data was not flowing back to the insurer in a form that permitted meaningful oversight. Governance meetings were occurring but not generating actionable management information. Audit rights existed in contracts but were not being exercised.

The consequences were predictable: high claim rejection rates, poor customer communication, elevated complaints, and walkaways — customers abandoning valid claims after experiencing friction in the process. In at least one specific case the FCA examined, it found that an outsourced claims handler was responsible for the poor outcomes, but the insurer was held accountable because it had inadequate oversight arrangements.

The lesson is direct: under the Consumer Duty, you cannot outsource accountability. If your third-party administrator is delivering poor outcomes, that is your regulatory problem, not your contractor's. Firms need structured oversight of outsourced claims handling, with data feeds, regular audits, and clear escalation triggers that work in practice — not just on paper.

Poor Management Information

The second recurring finding was the quality of management information used to monitor claims outcomes. The FCA identified firms where senior management received MI that was too high-level to identify specific failure patterns, where outcome-based metrics were absent (only activity metrics were tracked), and where data was not disaggregated by product, channel, or customer characteristic in ways that would reveal differential treatment of vulnerable customers.

The FCA was explicit about what good practice looks like here: firms should be measuring claim acceptance rates, settlement speeds, complaints rates, walkaways, and customer outcomes at granular levels, and should be using this data to identify products or processes that are not delivering value. Where the data reveals problems, there should be documented escalation and remediation.

For compliance teams, this creates a documentation imperative. It is not sufficient to collect outcome data. The data must be presented to governance forums, the governance forums must record their analysis of what it shows, and where problems are identified, remediation actions must be documented and tracked. The FCA will ask to see this trail when it investigates.

Poor Oversight of Cash Settlements

A third finding concerned the oversight of cash settlements, particularly where insurers offered cash alternatives to repair or replacement. The FCA found evidence that cash settlement values were being set at levels that did not genuinely reflect the cost of repair or replacement, that the basis for settlement calculation was not being explained to customers, and that customers who accepted cash settlements without understanding that the amount might be insufficient to fund the reinstatement had suffered real financial harm.

This finding is directly connected to the Consumer Duty's price and value outcome. A cash settlement that does not allow a customer to restore their position is not delivering the value the policy promised.

The Markerstudy Case: Governance, Growth, and Restriction

One of the most significant insurance-sector supervisory actions of 2025 involved Markerstudy, a major UK general insurer that had grown rapidly through acquisitions. The FCA identified weaknesses in the firm's leadership, governance, and financial controls, and imposed voluntary requirements that restricted customer numbers and capital deployment while the firm remediated those weaknesses.

The Markerstudy case illustrates a pattern that compliance teams should understand clearly. Rapid growth through acquisition creates integration risk: systems, processes, and compliance frameworks need to be unified, governance structures need to be rebuilt, and the management information necessary to oversee a larger, more complex operation needs to be established. When this work is not completed, or not completed fast enough, the FCA will notice — and the consequence is operational restriction that disrupts business strategy.

The "voluntary requirement" mechanism used in this case deserves specific attention. A voluntary requirement (VREQ) is agreed between the firm and the FCA without formal enforcement action being initiated. It is not a fine and it does not appear in the FCA's Final Notices. But it can be as commercially damaging as a fine: restrictions on customer numbers directly constrain revenue and market position. Firms that regard VREQs as a lighter form of intervention than enforcement action may be underestimating the commercial significance.

The Which? Super-Complaint: What It Tells Compliance Teams

In September 2025, consumer group Which? exercised its statutory super-complaint power to formally allege that significant numbers of insurers in the home and travel markets were not complying with Consumer Duty requirements. The complaint cited high claim rejection rates, excessive complaint volumes, and widespread poor claims experiences as evidence that the Duty was not producing the outcomes it was designed to achieve.

The FCA's response — published in late 2025 — chose not to open a formal market study, but made clear that the supervisory and enforcement investigations already underway in these markets were continuing. The FCA published specific examples of how it had been using the Duty to drive change, including its engagement with the "outlier" insurer with high rejection rates described above.

The super-complaint matters to compliance teams beyond the home and travel markets because of the mechanism it represents. The FCA uses value measures data — published comparative data on claim acceptance rates, claims frequency, average claims paid, and complaints — to identify outlier firms. If your firm's data shows you as an outlier on any of these metrics, expect FCA engagement. Which? demonstrated that civil society organisations are actively monitoring this data and using it to escalate regulatory pressure.

Common Patterns Across 2025 Enforcement Activity

Across the claims handling thematic review, the supervisory actions in specific firms, and the Consumer Duty investigations confirmed in Enforcement Watch, several patterns emerge consistently.

The Oversight Gap

The single most common failing across 2025 insurance regulatory actions is the gap between what governance documents say should happen and what actually happens in operations. Policies, procedures, and frameworks exist. They are not being implemented consistently. Senior management cannot see whether they are being implemented because the management information is inadequate. When the FCA investigates, this gap becomes visible immediately.

The Evidence Failure

When the FCA examines a firm, it asks for evidence: evidence that processes were followed, that customers were treated fairly on specific claims, that governance forums discussed outcome data and took action. Firms that cannot produce this evidence — whose compliance is real but undocumented — are in a difficult position. The FCA cannot distinguish between a firm that was compliant but did not document it and a firm that was not compliant. In both cases, the absence of evidence is treated as a compliance failure.

The Third-Party Oversight Failure

The FCA consistently found that firms using third-party administrators, outsourced claims handlers, or delegated authority arrangements had inadequate visibility of what those third parties were doing. Contract protections existed; audit rights existed; reporting requirements existed — but they were not being operationalised effectively. Under the Consumer Duty, this is a primary firm responsibility.

What Compliance Teams Should Do Differently

The following operational changes would directly address the failure patterns identified across 2025 enforcement activity.

Implement Outcome-Based Monitoring with Documentation

Move from activity metrics to outcome metrics in your claims MI: claim acceptance rates, settlement times, walkaway rates, complaints rates. Present this data to relevant governance forums. Document the analysis and any remediation actions. The audit trail from data to governance decision to action is what the FCA expects to see.

Operationalise Third-Party Oversight

If you use an outsourced claims handler or third-party administrator, implement structured data reporting that gives you real-time visibility of outcomes — not just activity. Exercise your audit rights on a scheduled basis. Document the results of those audits. Establish clear escalation triggers so that performance deterioration is identified and escalated before it becomes a compliance failure.

Build Evidence Generation into Operations

Compliance infrastructure that generates evidence as a byproduct of normal operations is more reliable than retrospective documentation. Systems that automatically capture what happened, who decided it, and on what basis — and make that evidence immediately retrievable — change the compliance risk profile fundamentally. See our guidance on audit trail requirements for a fuller treatment of what this looks like in practice.

Stress-Test Your Claims Handling Against Consumer Duty Outcomes

Run a structured review of your claims handling process against each of the Consumer Duty's four outcomes. For each outcome, identify the evidence you would produce to demonstrate compliance if the FCA asked tomorrow. Where the evidence does not exist or is difficult to produce, that is your compliance vulnerability.

The Connection to Compliance Infrastructure

The pattern that emerges from 2025 enforcement activity is not primarily about firms behaving badly. In most cases, the firms involved were attempting to operate compliantly. The failures are failures of infrastructure: the systems and processes that make compliance visible, documentable, and demonstrable.

The FCA cannot examine a firm's intentions. It can examine records, data, documentation, and evidence. A compliance programme that does not generate that evidence is functionally invisible to a regulator — which means that even genuine compliance cannot be demonstrated when it needs to be.

This is what makes investment in compliance infrastructure a regulatory risk mitigation as much as a commercial decision. Firms with automated audit trails, structured claims data, and documented governance processes approach FCA engagement from a fundamentally different position than firms that must reconstruct evidence retrospectively under time pressure.

The full scope of UK insurance compliance requirements — from the Consumer Duty through PROD rules, ICOBS, and delegated authority standards — creates a substantial documentation burden. Technology that makes compliance visible as a byproduct of normal operations substantially reduces the cost and risk of meeting that burden.

FCA Enforcement Priorities for 2026

The FCA has been explicit about where its supervisory and enforcement attention will focus in 2026 for the insurance sector.

• Claims handling continues as the primary area of scrutiny — the FCA has stated that "too many people have poor claims experiences" and will continue its supervisory programme in this area, with particular attention to the oversight of outsourced arrangements
• Home and travel insurance markets remain under direct investigation following the Which? super-complaint, with the FCA committed to assessing whether its interventions are producing measurable improvement in consumer outcomes
• The pure protection market is subject to a formal market study examining whether products are understood by consumers and whether competitive dynamics are delivering fair value
• Four thematic multi-firm Consumer Duty reviews will cover product design, outcomes monitoring, customer journey design, and consumer understanding — any of which could produce enforcement referrals
• Premium finance and buy-now-pay-later products enter the FCA's regulatory perimeter in 2026, expanding the scope of scrutiny for insurers offering instalment products
• Value measures data will continue to be used to identify outlier firms and trigger supervisory engagement — if your firm's statistics appear to deviate from market norms, expect contact

The FCA's stated ambition of "fewer investigations, faster" is a signal for compliance teams. The cases that proceed to full investigation will be the most serious, but supervisory interventions — VREQs, own-initiative requirements, and mandated remediation — will be used actively in the many cases that do not reach formal investigation. The cost of regulatory engagement is shifting earlier in the process.

How Regure Helps Prevent Becoming an Enforcement Case

The specific failures identified in 2025 FCA actions — inadequate oversight of outsourced arrangements, poor management information, insufficient evidence of governance decisions, inability to demonstrate consumer outcomes at a granular level — are all addressable with appropriate technology infrastructure.

Regure provides claims management with built-in audit trails that capture every decision, every document, every approval, and every communication in a retrievable, timestamped format. The platform generates the management information that the FCA expects to see at governance level: outcome metrics, rejection rates, settlement timelines, and complaint data, presented in forms that support genuine oversight rather than activity reporting.

For insurers using third-party administrators or operating through delegated authority structures, the platform provides the data visibility and oversight documentation that the FCA found lacking in its 2025 thematic work. And for firms preparing for FCA engagement — whether a supervisory visit, a thematic review, or a data request — Regure makes evidence production a matter of seconds rather than weeks of reconstruction.

The gap between a firm that becomes an enforcement case and a firm that does not is, in most instances, not a gap in intentions — it is a gap in infrastructure. If your current compliance infrastructure would leave you unable to demonstrate your compliance in a regulatory examination tomorrow, request a Regure demonstration. We will show you what a compliance-ready infrastructure looks like, and how it changes the regulatory risk position of an insurance operation.