By Éilis Corcoran, Senior Compliance Consultant
Acquiring an FCA (Financial Conduct Authority) authorised firm can present an attractive strategic opportunity, but it also brings immediate and far-reaching regulatory responsibility. Once the FCA approves a Change in Control, the buyer becomes fully accountable for the firm’s regulatory position, including historic weaknesses that may not have been identified during the transaction.
With the FCA adopting an increasingly interventionist and outcomes-focused supervisory approach, regulatory due diligence has become a critical component of deal risk management. Buyers who rely solely on financial and legal due diligence risk inheriting regulatory issues that can materially affect valuation, growth plans, and long-term exit strategy, not to mention supervisory or enforcement action by the regulator.
Here are six regulatory considerations buyers need to understand before committing to the acquisition of an FCA-regulated firm.
1. Regulatory responsibility transfers immediately on FCA approval
Once a Change in Control is approved, regulatory liability transfers in full to the buyer. This includes issues that predate the acquisition and may not have been identified during the transaction.
Common examples include:
- Weak governance structures and unclear senior management accountability
- Compliance frameworks that exist on paper but don’t operate effectively in practice
- Historic failures in regulatory reporting or recordkeeping
- Longstanding financial crime, anti-money laundering (AML) or CASS deficiencies
From the FCA’s perspective, these are not “legacy” issues – they are current supervisory concerns for which the new controllers are accountable from day one.
2. Late discovery drives cost, disruption and regulatory visibility
When regulatory issues are identified only after completion, remediation is typically reactive and conducted under heightened regulatory scrutiny. This can be disproportionately disruptive at a time when management attention should be focused on integration, execution of the business plan and delivering deal value.
Post-acquisition remediation often involves:
- Urgent redesign of governance, risk and control frameworks
- Retrospective reviews, lookbacks or skilled person style exercises
- Enhanced FCA engagement, reporting obligations and supervision
- Significant management time and unplanned external advisory costs
These costs are rarely reflected in the original valuation and can directly impact growth plans, transaction timelines, and exit readiness.
3. Ownership change increases supervisory scrutiny
The FCA has made it clear that changes in ownership represent a key supervisory inflection point. Firms undergoing acquisition are often subject to closer regulatory attention both during the Change in Control process and shortly after completion.
Regulatory consequences may include:
- Delays to, or conditions attached to, Change in Control approval
- Restrictions on new business, onboarding or expansion
- Limitations on permissions or client activity
- Requirements to undertake substantial and time-critical remediation programmes
For acquirers, this creates immediate commercial, operational and reputational risk.
4. Financial and legal due diligence may not assess regulatory resilience
Financial and legal due diligence traditionally focus on historic performance and legal risk exposure. They don’t assess whether a firm is likely to meet FCA expectations in practice or the Threshold Conditions against which the target firm was authorised.
In particular, they don’t test whether:
- Governance and decision-making structures are effective and clearly documented
- SM&CR obligations are embedded, understood and operating day-to-day
- Compliance monitoring and controls function in practice, not just in policy
- The FCA is likely to identify heightened risk following the transaction
Regulatory due diligence fills this gap by assessing how the target firm operates in practice against FCA expectations and supervisory priorities.
5. Effective regulatory due diligence must be comprehensive and practical
A robust regulatory due diligence review should provide a clear assessment of supervisory risk across key areas, including:
- Governance and senior management accountability
- The compliance framework and monitoring programme
- Financial crime and market abuse controls
- Prudential obligations and CASS compliance
- Complaints handling and Consumer Duty (where applicable)
- Record-keeping and business continuity
- Regulatory reporting (financial and non-financial)
- Management information provided to the governing body
Reviews should be benchmarked against FCA minimum standards, practical regulatory expectations and peer group practices. This allows buyers to understand not only what is non-compliant, but what is likely to attract regulatory focus.
6. Early regulatory insight protects deal value
Well-executed regulatory due diligence enables buyers to:
- Ensure the target firm’s compliance regime doesn’t inhibit the delivery of strategic objectives
- Identify red and amber flags before committing to a purchase
- Price regulatory risk appropriately
- Plan remediation in a structured and proportionate way
- Approach the Change in Control process with confidence
- Assess whether regulatory risks align with their own risk appetite
Done well, it supports informed decision-making rather than hindering transactions.
Final thought – identify regulatory risk before it becomes your problem
Acquiring an FCA-regulated firm without regulatory due diligence exposes buyers to avoidable cost, disruption and supervisory risk. Identifying issues early allows buyers to control remediation, protect deal value and engage with the FCA from a position of strength.
Our UK compliance consulting team supports prospective buyers through regulatory due diligence, Change in Control application approvals and post-acquisition remediation where required.
Get in touch with our regulatory experts before committing to a purchase.
