Practical advice for handling regulatory investigations in an evolving and uncertain business landscape
The UK regulatory landscape is incredibly dynamic right now, with significant changes expected to continue well beyond the end of 2025.
This may require businesses to undertake a number of new regulated activities – from changes to environmental regulations, employment rights, cyber security, and consumer protection laws.
Businesses under scrutiny
In today’s evolving regulatory environment, even organisations with the most robust compliance procedures can find themselves under scrutiny from regulatory bodies.
In fact, last year:
- HMRC launched 480 serious tax fraud and avoidance investigations, with a record £1.1 billion being recouped by the tax authority in 2023/24.
- FCA enforcement data for 2023/24 records 188 enforcement operations against firms and individuals.
- The UK Competition and Markets Authority (CMA) considered 1,037 mergers, and formally investigated 38 of them.
- Between July 2024 and March 2025, the Environment Agency initiated a record 81 criminal investigations into UK water companies.
- In 2023–24, the Gambling Commission received 443 suspicious activity reports and generated 3,077 intelligence reports. Its Issues Management Group considered 177 cases, and it conducted 122 operator assessments. In total, 8 operators paid more than £13.4 million in fines (£7.16 million) and regulatory settlements (£6.24 million).
- The Solicitors Regulation Authority (SRA) conducted 3,048 AML file reviews and carried out 545 proactive engagements in the year 2023-2024.
A sound, strategic response
Navigating an investigation by UK regulators demands a sound, strategic response, combining forensic sharpness with intellectual rigour. Drawing on Leverets’ deep expertise acting on behalf of SMEs, large international enterprises, UK institutions, and high net worth individuals, this blog offers a pragmatic roadmap for businesses on how to navigate a regulatory investigation.
Leverets 10-step framework for navigating regulatory investigations
1. Understand the scope
Your business must be prepared to represent the company & its senior personnel. Regulators have specific areas of focus & goals they are mandated to uphold. The process can involve evidence collection, interview under caution, interim measures, enforcement actions & even prosecution. The process can span months or years, with serious reputational & financial consequences for non-compliance.
2. Initiate crisis response
A well-structured plan, developed with your legal counsel, is the best way ensure a swift and effective response, ma with a strategic approach to the management of potential reputation harm. For more detail, read our guide to effective crisis management planning.
3. Conduct investigations
Following a regulatory incident, it’s essential to conduct an internal review - this should ideally be undertaken by an independent agency or consultant. This will assist your business in assembling all relevant factual evidence and lay the groundwork for a robust defence or mitigation. As well as demonstrating good faith cooperation, transparency, and compliance best practice.
4. Engage with regulators
In the spirit of transparency and cooperation, engaging constructively with regulators can positively influence outcomes and reduce potential penalties.It’s vital to prioritise responsive dialogue with regulators and propose corrective measures promptly.
5. Manage outcomes
As a result of an investigation’s findings your business could be on the receiving end of stop notices, written warnings, fixed Penalty Notices, formal cautions or even prosecution. Handling follow-up thoughtfully, strategically and swiftly, as well as implementing corrective action and notifying stakeholders is crucial to mitigating damage – both financial and reputational.
6. Defend escalation
Appoint specialist legal counsel early to prepare legal strategy, and align your corporate response across finance, operations, and communications. A good corporate litigation lawyer makes it easier to fulfil legal obligations at each stage of the investigation process, and avoid costly litigation.
7. Embed changes
The best defence is to prevent investigations altogether. Put in place the right processes, lines of responsibility and legal partnerships to handle required operational changes, updated governance requirements, amendments to protocols and procedures, and monitoring and compliance policies. Some useful guidance can be found here.
8. Continue to respond
Appoint specialist legal counsel early to prepare legal strategy, and align your corporate response across finance, operations, and communications. A good corporate litigation lawyer makes it easier to fulfil legal obligations at each stage of the investigation process, and avoid costly litigation.
9. Invest in training
Train leaders and all members of staff on relevant regulatory and legislative changes, the implications of getting it wrong and the importance of a robust and compliant response to investigations. This builds resilience and ensures everyone understands their role if regulators come knocking.
10. Review your legal support
Expert legal counsel is your best line defence in preventing regulatory investigation. Experienced legal advice is crucial to negating financial and reputational damage, ensuring investigations are wrapped up as quickly as possible, with minimal disruption and the best potential outcome.
