How a Compliance Plan Supports FCA Expectations and Strengthens Governance in 2026

The Financial Conduct Authority expects regulated firms to demonstrate that compliance is not only monitored, but planned, resourced, and embedded into the way the business operates. While most FCA-regulated firms maintain a Compliance Monitoring Programme, this alone is no longer sufficient to evidence effective governance. Firms are expected to take a forward-looking approach to compliance, one that anticipates regulatory change, aligns with business strategy, supports senior management decision-making, and uses technology intelligently. This is where a Compliance Plan plays a critical role.

What is a Compliance Plan?

A Compliance Plan is a strategic document that sets out how a firm intends to manage and meet its regulatory obligations over a defined period, typically twelve months. It provides a structured overview of the firm’s key regulatory risks, priorities, and planned actions for the year ahead. Rather than focusing on retrospective testing, a Compliance Plan explains how compliance will be achieved and maintained in practice. It acts as a roadmap for the business, helping senior management understand what needs to be done, when, and by whom to remain compliant.

How a Compliance Plan Differs from a Compliance Monitoring Programme

Although closely linked, a Compliance Plan and a Compliance Monitoring Programme serve different purposes. A Compliance Monitoring Programme is primarily assurance-focused. It looks back at whether policies, procedures, and controls are operating effectively and identifies weaknesses or breaches that require remediation. A Compliance Plan, by contrast, is forward-looking and strategic. It focuses on anticipating risk, managing regulatory change, and ensuring that compliance activity is aligned with the firm’s business objectives and available resources. The FCA increasingly expects firms to be able to evidence both.

What Should a Compliance Plan Cover?

A Compliance Plan should be proportionate to the firm’s size, complexity, and risk profile, but it will typically include several core components.

The plan should clearly identify the regulated entity, the period covered, and the individual accountable for its delivery, reinforcing ownership and Senior Management accountability. It should then describe the compliance function itself; how it is structured and resourced, reporting lines and escalation routes, any use of outsourced compliance support, and the role of any compliance committees or governance forums.

A key part of the plan should focus on the firm’s regulatory and conduct risk priorities for the year. This section should explain where the firm considers its greatest risks to lie, taking into account regulatory developments and FCA priorities, the firm’s business model and activities, and findings from previous monitoring, audits, or reviews.

Another important area is business change. The plan should describe how compliance will support and oversee new initiatives, changes to strategy, growth plans, or operational changes that may have regulatory implications.

Each key focus area should then be translated into clear initiatives or actions, including:

• The nature of the initiative

• The regulatory rationale

• Ownership and accountability

• Indicative timelines

• How success will be measured

Finally, the plan should describe how progress will be monitored and reported throughout the year, including the management information provided to senior management or the Board and how issues will be escalated and addressed.

How AI Can Support a Compliance Plan

AI is increasingly being used by FCA-regulated firms to support and enhance compliance planning and execution. AI can help firms become more efficient, proactive, and data-driven in several ways.

1. AI can support regulatory horizon scanning. Instead of relying on manual review of regulatory updates, AI tools can monitor regulatory feeds, FCA publications, and supervisory statements to identify relevant changes and emerging themes. This enables compliance teams to update their Compliance Plans faster and with greater accuracy.

2. AI can also improve risk identification and prioritisation by analysing large datasets: for example, monitoring trends in breaches, customer complaints, or control failures, to highlight areas of elevated risk. This can help shape the focus areas in a Compliance Plan and ensure risk mitigation efforts are data-driven.

3. AI can help with monitoring and testing. AI-enabled tools can automate elements of compliance monitoring, flag anomalies, and surface patterns that may require human review. When integrated with a Compliance Plan, this helps firms move from reactive testing to proactive oversight.

4. AI can also support training and awareness. Natural language AI assistants can generate tailored training materials, simulate regulatory scenarios, or help staff quickly find regulatory guidance. This supports compliance culture and ensures that the Compliance Plan’s objectives are understood across the firm.

Importantly, the FCA remains clear that using AI does not reduce senior management accountability. Firms must ensure that AI tools are used appropriately, with human oversight, clear governance, and documented validation of models and outputs.

Why is a Compliance Plan Important in 2026?

A well-designed Compliance Plan demonstrates effective governance and shows that the firm understands its regulatory obligations and risk profile. It provides clear evidence to the FCA that compliance is being managed proactively and proportionately.

As a Board-level document, a Compliance Plan supports senior management accountability. It helps ensure that regulatory risks and priorities are understood, challenged, and addressed at the appropriate level. From a practical perspective, having a clear Compliance Plan reduces the likelihood of reactive and costly remediation. Firms that plan ahead are better placed to respond to regulatory change and supervisory scrutiny in a controlled and efficient way.

A Compliance Plan also supports operational efficiency by aligning compliance activity with business strategy and available resources, reducing duplication and unnecessary cost. When combined with appropriate AI and technology, firms can enhance their ability to anticipate issues and act with greater confidence.

A Living, Practical Document

A Compliance Plan should not be treated as a static or theoretical document. It should be reviewed and updated throughout the year to reflect:

• Regulatory developments

• Changes in the firm’s activities or risk profile

• Emerging issues or lessons learned

• Insights from AI-enabled monitoring and analytics

Used properly, it becomes a practical management tool that supports informed decision-making rather than a tick-box exercise.

Compliance Angle Can Help

A Compliance Plan demonstrates to the FCA that a firm has taken reasonable and proportionate steps to understand its regulatory obligations, identify its key risks, and manage them effectively over time. In the current regulatory environment, where expectations of forward-looking governance are higher and the pace of change is accelerating, a robust Compliance Plan is a core component of effective FCA governance, not an optional extra.

Compliance Angle drafts and implements Board-ready FCA Compliance Plans aligned to regulatory expectations and supervisory priorities. Our approach combines regulatory insight with practical implementation support, including how to integrate technology and emerging tools such as AI.

To discuss how we can support your firm, contact info@complianceangle.co.uk.