Insurance Newsletter - April 2026

From January through March 2026, principal regulatory insurance updates in the UK included Prudential Regulation Authority (PRA) 2026 priorities, the Financial Conduct Authority (FCA) Insurance Regulatory Priorities Report, proposed reforms to the UK Appointed Representatives (AR) Regime, an update on FCA supervision of operational resilience, UK Solvency II Own Funds: amendments to rules and expectations, and AI in financial services reform of the redress system.

In the EU, we review the European Insurance and Occupational Pensions Authority (EIOPA) Single Programming Document 2026–28, the EIOPA draft supervisory statement on the Authorisation and Supervision of Undertakings Owned by Private Equity Firms, and updated EIOPA guidelines on the supervisory review process.

UK Updates

1. PRA 2026 Priorities

On 15 January, the PRA published its 2026 supervisory priorities through sector-specific “Dear CEO” letters for banks, insurers, and other regulated firms. These outline key areas of supervisory focus and are accompanied by broader streamlining initiatives, including faster reviews of senior manager applications, firm authorisations, and internal model approvals. The PRA is also progressing forward-looking initiatives, including development of a UK captive insurance regime (consultation in summer 2026, launch in 2027) and modernisation of reporting via the Future Banking Data project.For insurers, many 2025 themes remain, including pressures in the bulk purchase annuity market, a softening general insurance cycle, and the need for continued investment in operational resilience.

Key 2026 priorities include improving consumer outcomes (claims handling, service quality, and model performance gaps); addressing weak exposure management; strengthening oversight of delegated underwriting arrangements; and conducting the Dynamic General Insurance Stress Test in May 2026.

The PRA will also focus on operational resilience and require all in-scope firms to complete a Solvent Exit Analysis by 30 June 2026.Additionally, the PRA will monitor firms’ use of AI to ensure safety and soundness while supporting competition through initiatives such as the captive regime and improved engagement with smaller insurers.

 
2. FCA Insurance Regulatory Priorities Report

The FCA published its 2026 Insurance Regulatory Priorities report on 24 February 2026, outlining key areas of focus for the year ahead. A central theme is improving retail consumer outcomes, particularly understanding of insurance products, access to cover, and overall customer experience.

In addition, the FCA has identified several priority areas. On AI, the FCA will assess how firms are using AI in internal processes, with a focus on identifying barriers to adoption and understanding associated risks. It has confirmed there are no current plans to introduce AI-specific rules.

Simplification of the regulatory framework is another key focus. The FCA is expected to respond to consultations on product-specific rules, rationalising conflicts-of-interest requirements, and removing certain pricing practices data returns. Further consultations are planned on disapplying the Consumer Duty to non-UK business, reviewing the international scope of the FCA Insurance Conduct of Business Sourcebook and its handbook on product governance, and simplifying guaranteed asset protection and other insurance rules, including disclosure and reporting obligations.

The report also highlighted the upcoming changes to operational incidents and material third-parties reporting. On 18 March 2026, the FCA, PRA, and Bank of England jointly introduced a new UK framework for reporting serious operational incidents and material third-party arrangements. The rules aim to provide the UK regulators with better visibility of operational disruption and third-party dependencies, supporting a data-driven supervisory approach.

The new rules are effective from 18 March 2027. Please see the corresponding Sidley briefing note for further information.

Finally, the FCA is reviewing firms’ financial crime systems and controls. This work will assess the effectiveness of current frameworks, with findings expected later in 2026.

3. Proposed Reforms to the UK AR Regime

HM Treasury launched a consultation on reforms to the AR regime, aiming to strengthen oversight, enhance consumer protection, and modernise the framework. The AR regime allows firms that are not FCA-authorised firms to undertake regulated activities where an FCA-authorised principal agrees to take regulatory responsibility but supervisory analysis has identified gaps in oversight and consumer outcomes.

Key proposals include introducing a principal permission gateway, requiring firms to obtain FCA approval before acting as AR principals. Existing principals would be grandfathered initially, but the FCA could vary or revoke permissions where oversight is insufficient.

HM Treasury also proposes extending the Financial Ombudsman Service (FOS) jurisdiction to allow complaints directly against ARs where an AR has acted outside the scope of its AR agreement with its principal. This is intended to close gaps in consumer redress.

A further proposal is to align conduct and fitness and propriety frameworks across principals and ARs. This could involve greater FCA flexibility to apply standards similar to those for authorised firms, potentially incorporating elements of the Senior Managers and Certification Regime, while removing outdated provisions.

Although still at consultation stage, the reforms signal a shift toward stricter oversight and clearer accountability. Firms using AR models should review governance, oversight capacity and risk exposure, particularly in complex networks.

The consultation closed on 9 April 2026, with HM Treasury and the FCA expected to outline implementation and legislative changes in due course.


4. Update on FCA Supervision of Operational Resilience
Operational resilience: insights and observations one year on

On 27 March 2026, the FCA published supervisory feedback on firms’ first post-transition operational resilience self-assessments, setting out its conclusions and providing a useful benchmark as frameworks mature. The FCA notes that while overall progress is positive, several recurring gaps remain relevant to insurers.

The FCA highlights that firms are expected to apply clear and consistent definitions of important business services and to set robust impact tolerances. It observes weaknesses where firms do not clearly distinguish between consumer harm and market integrity and places increasing emphasis on the use of quantitative, non-time-based metrics alongside regular reassessment.

In relation to mapping, the FCA indicates that firms should undertake comprehensive, end-to-end identification of resources and dependencies, including third parties. It notes that gaps persist in the assessment of third-party risks and vulnerabilities.

On scenario testing, the FCA states that firms should consider severe but plausible events, including cyber incidents and third-party failures. It identifies instances where firms have asserted resilience without sufficiently rigorous testing, and expects clearer links between testing outcomes and remediation actions.

The FCA further notes that firms should be able to demonstrate robust vulnerability identification and remediation frameworks, supported by appropriate evidence. It also highlights the need for improvement in communications planning, particularly in the testing of contingency arrangements.

Finally, the FCA emphasises that governance remains a priority, with expectations of strong board oversight, clear accountability, and effective challenge. It identifies areas for improvement including clearer ownership of actions, greater involvement from second and third lines of defence, and more consistent board engagement.

Overall, the FCA emphasises that operational resilience should be embedded as a core business capability rather than treated solely as a compliance exercise.

5. UK Solvency II Own Funds: Amendments to Rules and Expectations
PRA Consultation on UK Solvency II Own Funds: Updates and fixes to rules and expectations (CP4/26)

On 25 February 2026, the PRA launched a consultation on targeted amendments to the UK Solvency II own funds requirements in the PRA Rulebook.

Under PS15/24 Review of Solvency II: Restatement of assimilated law, the PRA previously restated Solvency II rules from assimilated EU law without significant change to provide certainty for UK insurers. This consultation now proposes limited updates to address known issues and inconsistencies identified by the PRA and industry.

Key proposals include removing the requirement for PRA permission to classify equity-accounted subordinated instruments within own funds tiers, reducing administrative burden, alongside related updates to reporting templates. The PRA also proposes to clarify expectations on the sequencing of tender offers and new issuances when refinancing own funds instruments.

Further changes aim to correct drafting inconsistencies carried over from assimilated law and introduce minor consequential amendments. In addition, relevant EIOPA guidelines on own funds and ancillary own funds classification will be incorporated into PRA supervisory statements.

The PRA proposes implementation from 31 December 2026, aligning with broader reporting and disclosure changes under CP22/25 UK Solvency II reporting and disclosure: Post-implementation amendments to enable a single year-end implementation for firms.

The consultation closes on 24 April 2026.

6. AI in Financial Services

Regulators remain in a monitoring phase on AI, but pressure for a more formal framework is increasing. On 22 January 2026, the Treasury Committee published its final report following its inquiry into AI in financial services, criticising the lack of AI-specific legislation. In particular, it warned that the current “wait and see” approach by the FCA, PRA, Bank of England, and HM Treasury risks consumer harm and financial instability.

The committee highlighted the need for a more proactive framework, including clear accountability across developers, firms deploying AI, and data providers. It also recommended AI-specific stress testing to assess resilience to cyber and operational risks, alongside expanding the Critical Third Parties regime to cover major AI and cloud providers.

On 28 January 2026, government ministers wrote to regulators seeking clarity on their approach to enabling safe AI innovation. In response (1 April 2026), the PRA and Bank of England outlined ongoing and planned initiatives, including a new AI adoption survey, further work by the AI Consortium, industry roundtables, and enhanced reporting on AI in future business plans.

At EU level, EIOPA’s February 2026 report found growing but cautious adoption of generative AI in insurance, mainly for efficiency gains. Key barriers include data privacy, security, and accuracy concerns, though firms are increasingly implementing formal AI governance frameworks.

7. Reform of the Redress System
FCA and FOS Consultation Modernising the Redress System (CP26/9)

Following a consultation that closed in October 2025, the FCA and the FOS published a further consultation paper on 16 March 2026 seeking input on further proposed amendments to the framework including

• a proposed registration stage that would assess whether a complaint is ready and has sufficient evidence prior to the FOS proceeding to full investigation
• amendments to the FOS’s dismissal grounds (including allowing the FOS to dismiss a case where a complainant fails to supply evidence or comply with a case handling deadline)
• amendments to the FOS’s fair and reasonable test for greater alignment with the FCA’s own rules

The consultation closes on 11 May 2026.

EU Updates

8. EIOPA Single Programming Document 2026–28

In January 2026, EIOPA published its Single Programming Document for 2026–28, setting out its priorities and planned activities.

A key priority is strengthening Single Market integration. EIOPA will assess whether customer-centric business models deliver products that meet minimum standards and achieve appropriate uptake. It will focus on changes to capital requirements and internal model approvals following Solvency II reforms and will increase scrutiny of cross-border business conducted under freedom of services or establishment, including reviewing EU-level enforcement tools. EIOPA will also contribute to initiatives such as threat-led penetration testing to assess digital resilience and continued work on the International Capital Standard.

Enhancing market resilience to emerging risks is another core focus. EIOPA plans to develop tools to better assess financial stability risks, including nontraditional risks such as cyber. It will continue implementing the Insurance Recovery and Resolution Directive and monitor sustainability requirements, with a particular focus on identifying greenwashing. This includes engagement with national authorities and a peer review of supervisory practices in late 2026.

Finally, EIOPA will support supervisory convergence and regulatory development. This includes updating technical standards and guidelines following Solvency II reforms, progressing the Retail Investment Strategy, and assisting national supervisors in identifying and managing risks linked to innovation and market developments.
 

9. EIOPA Draft Supervisory Statement on the Authorisation and Supervision of Undertakings Owned by Private Equity Firms

On 3 February 2026, EIOPA launched a consultation on a draft supervisory statement addressing the authorisation and ongoing supervision of (re)insurers linked to private equity. The aim is to promote consistent, high-quality, and risk-based supervision across the EU. The statement sets out expectations for both acquisitions and ongoing oversight by national authorities.

The consultation follows EIOPA’s review of the increasing level of private equity investment in the European (re)insurance market. Key areas of focus:

• investment horizons in the context of long-term policyholder obligations
• evolving business models
• greater exposure to private credit
•  increased allocation to illiquid assets
• balance sheet optimisation

EIOPA also notes a growing use of reinsurance, including with affiliated reinsurers in third countries, alongside governance considerations such as potential conflicts of interest and related-party transactions (e.g., asset management arrangements). It further observes that more complex ownership structures can present additional considerations for supervisory transparency and effectiveness.

The proposed statement does not introduce new rules but clarifies supervisory expectations and seeks to ensure convergent approaches across member states, reflecting the growing depth of focus on understanding and being consistent in the supervision of private equity-backed firms.

Stakeholders are invited to provide feedback by 30 April 2026.

10. Updated EIOPA Guidelines on the Supervisory Review Process

On 13 February 2026, EIOPA published revised guidelines on the supervisory review process and the treatment of market risks.

The revised guidelines on the supervisory review process align existing provisions with regulatory developments and new supervisory best practices and incorporate new processes to address emerging risks and trends since the guidelines’ initial implementation in 2015.

The guidelines now include new sections on

• business model analysis
• joint on-site inspections
• early intervention measures
• preemptive recovery planning
• the supervision of conduct of business

The guidelines also highlight the need for supervisory authorities to consider sustainability and cyber/IT risks in the supervisory review process. Firms should expect greater scrutiny in relation to their operational resilience framework, in line with regulators’ broader supervisory focus.

The revised guidelines will become applicable on 30 January 2027.

If you would like to discuss how these changes may affect your business, please contact your regular Sidley contact.