Compliance Is No Longer About Detection. It’s About Proof
What the FCA’s 2026 Wholesale Markets Report Means for Surveillance and Control
Regulatory expectations for surveillance have entered a new phase.
For more than a decade, financial institutions have focused on establishing surveillance capabilities, utilizing systems to monitor trading activity, capture communications and generate alerts tied to potential misconduct. Today, however, that benchmark has changed.
The Financial Conduct Authority’s Regulatory Priorities: Wholesale Markets (March 2026) report suggests that simply having surveillance systems in place is no longer sufficient. Instead, regulators are increasingly focused on whether those systems are effective, complete and defensible in practice. Firms are expected not only to detect risk, but to demonstrate that their surveillance, data and control frameworks operate reliably and without material gaps.
As the FCA makes clear, firms must have “effective systems and controls to identify, assess and mitigate risk – to ensure they meet legal and regulatory obligations.”
This shift reflects a broader evolution toward what can be described as regulatory certainty: the ability to prove that surveillance frameworks operate as intended across data, models and operational processes.
Understanding this shift requires examining both what the FCA is explicitly calling for, and how compliance architectures must evolve in response.
What the FCA Report Reveals: The Shift to System Accountability
The FCA’s report outlines a wide range of priorities, including improving market resilience, enhancing transparency, enabling innovation and strengthening controls around financial crime and market abuse. However, across these themes, a consistent pattern emerges: regulators are increasingly focused on the integrity of systems and controls, rather than isolated outcomes.
The report emphasizes that firms must strengthen “surveillance, data quality, governance and controls to identify, prevent and report financial crime and market abuse risks.” It also highlights the importance of ensuring that operational and technological dependencies do not introduce vulnerabilities.
This focus is grounded in observable risk. In 2025, firms covered in the report documented 170 operational incidents, with 26% attributed to third-party failures, underscoring how dependencies within complex technology ecosystems can create systemic exposure. At the same time, the scale of wholesale markets continues to grow, with the UK accounting for 37.8% of global foreign exchange trading and 49.5% of OTC interest rate derivatives trading. In such an environment, even minor control failures can have amplified consequences.
The FCA’s supervisory posture reflects these realities. It is “pivoting to a more outcomes-focused and agile supervisory model,” where firms are expected to demonstrate that their controls function effectively under real conditions.
When viewed together, these expectations align closely with three foundational pillars that define regulatory certainty:
First: Data Observability and Completeness
The FCA repeatedly highlights the importance of data quality and integrity, particularly in the context of surveillance and transaction reporting. It explicitly identifies weaknesses such as “incomplete or inaccurate data feeds” and notes the need for firms to ensure “complete and accurate transaction reporting.” These gaps are not viewed as isolated technical issues. Rather, they are treated as failures in control frameworks.
Second: Model Observability and Explainability
The report’s emphasis on surveillance effectiveness and governance reflects growing scrutiny of how detection systems operate. The FCA points to weaknesses including “ineffective alert calibration” and “weak testing and governance of surveillance models.” Firms are expected not only to deploy surveillance models, but to ensure they are appropriately governed, tested and capable of detecting relevant risks. This expectation is reinforced by the scale of regulatory monitoring activity. For example, the FCA received 3,806 suspicious transaction and order reports (STORs) in 2025, with 82% linked to insider dealing.
Third: Operational Effectiveness at Scale
While not framed explicitly in terms of alert volumes, the FCA’s focus on operational resilience and control effectiveness makes the expectation clear. Weak controls can “disrupt services, amplify market stress and – in severe cases – threaten a firm’s viability.” Firms must ensure that their systems and processes remain effective under real-world conditions, including periods of stress, complexity and scale.
Taken together, these pillars reflect a clear regulatory direction: firms are no longer evaluated solely on whether they detect misconduct, but on whether they can demonstrate that their systems are complete, transparent and operationally effective. Without that ability to demonstrate, compliance shifts from evidence to assumption, and assumption is no longer sufficient.
How Compliance Architectures Must Evolve: From Fragmentation to Integration
Meeting this new standard requires more than incremental improvements. It requires a shift in how compliance systems are designed and operated.
Many organizations continue to operate fragmented architectures, where data capture, archiving, surveillance and investigation workflows exist across separate systems. While each component may function independently, fragmentation introduces gaps: gaps in data visibility, gaps in model governance and gaps in operational consistency.
Regulators, however, do not evaluate these components in isolation. They evaluate outcomes.
This is where integrated platforms such as NICE Actimize’s Compliancentral play a critical role in enabling regulatory certainty.
Compliancentral is designed to address the three pillars directly by unifying data, analytics and operational workflows into a single, end-to-end compliance architecture.
From a data perspective, the platform provides comprehensive capture and archiving across communication channels and trading activity, supporting global recordkeeping requirements. More importantly, it introduces data observability through dynamic reconciliation and pipeline monitoring, allowing firms to verify that data is complete and continuously accounted for, which directly addresses the FCA’s emphasis on data quality and control.
In this model, the objective is not simply to capture data, but to make its completeness provable at all times. The most significant risk is not system failure. It is failure that goes undetected. By identifying gaps in real time rather than retrospectively, firms move from reactive remediation to proactive control.
From a model perspective, Compliancentral embeds transparency and governance into surveillance systems. Capabilities such as AI Model Fact Sheets, chain-of-reasoning audit logs, and data lineage tracking enable firms to demonstrate how models operate, how decisions are made and how performance is validated. This directly aligns with the FCA’s concerns around weak model governance and ineffective calibration.
From an operational perspective, the platform leverages AI-driven automation to improve both efficiency and consistency. By automating Level 1 alert reviews, reconstructing trades alongside related communications and standardizing investigative workflows, Compliancentral helps reduce noise while ensuring that investigations are conducted in a consistent and defensible manner. As the FCA makes clear, firms must be able to maintain effective controls (even under stress), and demonstrate that these controls operate reliably in practice.
Embedded quality assurance and feedback loops further support continuous improvement, aligning with the FCA’s expectation that firms maintain strong governance and oversight across their control frameworks.
What distinguishes this approach is not any single capability, but the integration of all three pillars into a unified system. Complete data informs better models. Better models drive more effective investigations. And consistent operations provide measurable, defensible outcomes.
This is how compliance moves from a collection of tools to a cohesive control framework.
Conclusion: The New Standard Is Proof
The FCA’s Regulatory Priorities: Wholesale Markets (March 2026) report signals a clear and lasting shift in how compliance is evaluated.
Surveillance is no longer defined by the presence of systems, but by the ability to demonstrate that those systems work: across data, models, and operations.
This is the essence of regulatory certainty.
Firms that continue to rely on fragmented architectures and implicit assumptions will find it increasingly difficult to meet this standard. Those that invest in integrated, observable and explainable compliance frameworks will be better positioned to demonstrate control, and as a result, withstand regulatory scrutiny as well.
The critical question for compliance leaders is straightforward: can you prove that your system is complete, that your models are explainable and that your operations are effective at scale?
If the answer is uncertain, the gap is no longer theoretical. It’s operational.
NICE Actimize’s Compliancentral is designed to help close this gap, enabling firms to move from surveillance capability to true regulatory certainty.
Learn More
If aligning with the FCA’s evolving expectations is on your agenda, reach out to us to schedule a meeting to see how NICE Actimize can assist.