In 2026, the role of Training & Competence (T&C) managers in UK financial services isn’t just about continued administrative compliance. As firms build out AI, data, cloud and outsourced capabilities – and as our supervisory environment evolves – competence management is becoming a strategic function critical to compliance, resilience, culture and business success.
The regulators are increasingly less concerned with whether you are simply meeting established baseline requirements – and more interested in whether your systems, people and processes deliver robust, sustainable outcomes. That demands a refreshed approach to training, evidence practice and mindset.
Let’s walk through the key challenges for T&C overseers and managers in the year ahead – for both larger organisations and smaller firms – and why they matter now more than ever.
AI & data literacy: resetting the baseline in 2026
AI, Machine Learning, Automation, Generative AI, and Data Analytics now touch almost every role, not just IT and quantitative specialists. This widespread adoption creates a literacy gap that affects decision-making, risk management, and client outcomes.
AI and data now influence decisions and outcomes, insufficient literacy is no longer a technical problem – it becomes a material risk.
Time then, to consider implementing tiered competence ladders rather than one-size-fits-all training. All staff need baseline awareness of AI capabilities and risks, while advisers, underwriters, and operational teams require tailored, role-specific training to interpret outputs, understand limitations, and exercise sound judgement.
Consider, for example, the impact on financial advisers: If you find yourselves drawn to the idea that AI driven ‘robo-advice’ means the opportunity to “set it and forget it,” think again. In 2026, AI is now embedded in almost every corner of financial advice – from portfolio optimisation to credit scoring, risk profiling, and customer suitability assessments. But for all its power, AI cannot replace judgement, ethics, or communication skills. And that’s where a critical training gap is emerging: Understanding AI outputs and how to mitigate risks associated with AI – the new literacy test if you will.
Financial advisers now rely on AI models daily. But many have yet to develop the skills to interpret outputs correctly. A recommendation flagged by an algorithm isn’t automatically suitable for every client. Without training, advisers risk over-reliance, misinterpretation, and poor client outcomes.
The Regulators position: “We do not plan to introduce extra regulations for AI. Instead, we’ll rely on existing frameworks, which mitigate many of the risks associated with AI.” – AI and the FCA: our approach [last updated 5/12/2025]
To interpret that though, the FCA’s position doesn’t necessarily mean current T&C frameworks are appropriate in the context of a rapidly evolving environment. Rather, we should assume the Regulators expect that anyone using AI-driven tools must understand their assumptions and limitations – with firms and accountable individuals retaining ultimate responsibility for the advice given.
Does that mean there might be a need in your organisation to review the suitability of materials and your approach to training when considering things like data literacy, bias detection, and model limitations?
Training should be practical and appropriate for role: examples might include lab simulated model failure (learning environments that simulate or replicate conditions under which a system or a predictive model could fail), bias-detection exercises, vendor-scenario drills, output-interpretation sessions, and so on. The goal: firm-wide fluency, not fragmented pockets of expertise. When done well, this builds resilience across the whole organisation, which limits over-reliance on “black-box” models, and spreads the risk and precision of data-driven judgement throughout the organisation.
Given how deeply AI and data now influence decisions and outcomes, insufficient literacy is no longer a technical problem – it becomes a material risk.
Mapping a fragmented regulatory world – and adapting as it evolves
We all recognise the traditional view of Training and Competence in UK financial services as qualifying sales staff, ensuring advisers have CPD, and managing the obligations under regulated-activity frameworks. But today, the regulatory burden is layered and dynamic: FCA conduct rules, PRA prudential oversight, BoE resilience expectations, data protection, outsourcing supervision, SM&CR obligations, and now AI literacy.
What’s more, the nature of supervision is changing; mostly due to evolutions within our industry rather than any updated regulatory policy or guidance – but the context is evolving, nonetheless.
According to the FCA’s published framework, you’ll recognise their stated supervisory model as “forward-looking,” “outcomes-focused,” “judgement-based,” and “evidence-led.” – FCA-Our approach to Supervision
If we revisit our response to that supervisory approach in the context of our rapidly evolving environment then, it’d be fair to assume that Training and Competence needs to move beyond a traditional activity led universal framework. Instead, T&C teams should be considering initiatives such as regulatory-mapping frameworks: a living matrix that links regulations, roles, expected behaviours and competencies, evidence types, supervisory sign-off and audit trails to internal policies, procedures and controls.
And crucially, firms should consider embedding regular reviews of that living matrix so that as and when the environment continues to advance, training and competence standards evolve too.
No more “set and forget” for this either then.
Embedding operational resilience – core competence cover for real-world disruption
Operational resilience is no longer just a risk or business-continuity issue. Regulators now expect staff across the business to respond effectively under real-world stress – and not only expect firms to have policies on resilience – but they also expect firms to show that staff, across the business, can respond when things go wrong.
For T&C teams, this means moving resilience training beyond occasional e-learning. Instead, resilience must become part of living, tested capability. Table-top drills, simulated outages, vendor failure scenarios, cloud-service interruptions, third-party dependencies – these should be role-specific, cross-departmental and repeated regularly.
The aim: for people to know not just what to do on paper, but how to act – when the phone rings at midnight, or a vendor fails, or a key system misbehaves. For firms, that builds real defence; for supervisory authorities, that builds assurance that you have not just processes – but practical resilience capability.
Demonstrating competence – from certificates to outcomes, logic and audit-grade evidence
Under the evolving supervisory environment, “competence” is no longer simply a matter of completion certificates or training logs. Supervisory authorities expect firms to show that staff have the skills, judgement and oversight to do the job – and to demonstrate it.
We all understand the FCA’s supervision frameworks emphasis on “judgement, not process”, and their focus on business models, culture, governance, and the real-world outcomes for consumers – not just whether boxes have been ticked.
That means firms must move beyond simplistic proof (yes/no compliance) to evidence-based competence portfolios: role-mapped learning outcomes; supervisory attestations; documented on-the-job assessments; real-world scenario testing; remediation records; versioned curricula; audit logs; and – when relevant – decision-logic trails ( i.e. monitoring longer-term outcomes or residual risks from past decisions, often concerning staff conduct, product suitability, or compliance failures and needing careful ongoing monitoring).
For T&C managers, this often means re-tooling – maybe replacing or augmenting a traditional LMS or a document management approach with a system that supports multi-dimensional evidence storage, linking people to roles, to course content, to supervisory sign-offs and to real-world assessments. A performance-evidence ecosystem. Not just compliance tick-boxes.
Avoiding T&C drift: The growing challenge for smaller firms
For smaller firms, the challenge of maintaining effective Training & Competence through 2026 and into the future should be focused on clarity, consistency and oversight.
Small firms often face constrained compliance and training resources, limited specialist expertise, and a heavy reliance on key individuals, making it harder to formalise and evidence competence over time. At the same time though, informal or undocumented approaches to T&C are becoming less defensible. The risk for many firms is not deliberate non-compliance, but gradual drift – where training frameworks fail to reflect how the business actually operates.
Firms that proactively simplify, document and regularly review their T&C arrangements, in a way that remains proportionate to their size and risk profile, will be better placed to meet regulatory expectations while retaining the agility that smaller organisations depend upon.
Keeping the human in the loop – soft skills, ethics, judgement alongside tech and compliance
As firms digitise, adopt AI, outsource, and automate, there’s a real risk of organisations becoming technically literate – but culturally brittle. Supervisory authorities still expect senior managers and the workforce to “act with due skill, care and diligence”, to treat customers fairly, to communicate clearly, to escalate appropriately, to manage third-party and model risk proactively.
To provide a couple of indicative study scenarios:
Consider a mid-sized UK based IFA that rolls out a new third-party financial planning platform. The developers tested it, compliance signed off, operations and advisers were trained via a standardised e-learning module. On paper, everything complied with the SMEs’ own internal training-checklist. But once live, system outputs started producing unfamiliar cash flow assessments and somewhat atypical retirement projections for some of the firms high-risk or more complex clients – outputs that were starting to be questioned and challenged. Complaints followed. Remediation costs mounted. Reputational damage ensued.
Or let’s think about an insurance firm who introduces an AI-driven underwriting model to speed up policy approvals for their retail clients. The model had again been tested extensively, compliance signed off, and underwriters completed an e-learning module covering system use and procedural steps. Everything looked fully compliant.
Within a few weeks however, the model began rejecting applicants from certain occupations that were underrepresented in its training data. Premiums were mispriced, coverage delays occurred, and brokers began raising complaints. The firm faced not only financial remediation costs but also reputational damage, as clients also questioned the fairness of its decisions.
In hindsight, these firm realised the problem: they had trained people to use the model – but not to question it, interpret data gaps, or escalate concerns. The models weren’t wrong – the competence framework was.
If only there had been real-world scenario-training (data-bias, customer-impact simulation), supervisory attestations tied to decision-making, and ongoing competence reviews – that misstep might have been avoided.
As an aside, imagine too, if regulators ask for evidence of the decision-logics, challenge records, or remediation steps… and none exist.
That’s the cliff edge.
Consequently, technical training must be paired with human-centred learning – ethics workshops, customer-impact scenario-based role-plays, decision-making under uncertainty, communication, escalation discipline, and cross-functional simulations involving compliance, front-line, tech, and senior oversight.
The aim: build a workforce that doesn’t just understand models, vendor dependencies or resilience protocols – but one that can use judgement, act ethically, communicate clearly, and safeguard clients when systems, models or processes fail. Training & Competence schemes that encompass building character, culture and decision-making agility.
Why it matters – and why 2026 is the turning point
The regulatory climate is shifting from compliance-by-documentation to ongoing supervision: data-driven, outcome-focused, and judgement-led. Our goal is now focused on evidence of capability, logic, and firm-wide resilience rather than static training records, binary attestations and authorisations.
T&C managers are now strategic, operational, and cultural leaders. Competence must be living, measurable capability, encompassing AI, complex models, operational resilience, and human judgement.
By embedding continuous learning, scenario-based testing, and human-centred skills alongside technical competence, firms can protect clients, reduce risk, and thrive in an outcomes-focused regulatory environment.
Key Takeaways
- Competence is evolving: Move from static training and certificates to real-world capability.
- AI literacy matters: Staff must understand, interpret, and challenge AI-driven outputs.
- Regulators expect outcomes: Supervision focuses on judgement, evidence, and operational results.
- Operational resilience is actionable: Scenario-based drills turn policy into preparedness.
- Soft skills are critical: Ethics, communication, and decision-making complement technical expertise.
- Continuous learning is essential: Competence frameworks must adapt to changing models, regulations, and business needs.
- Critical thinking prevents harm: Case studies show unchallenged AI outputs or poor escalation processes can cause financial, reputational, and regulatory damage.
- Evidence is everything: Robust records demonstrate capability, support oversight, enable remediation, and prove staff are not just qualified but accountable and capable.
