FCA’s New Consumer Credit Regulatory Return (CCR009)

What Firms Need to Know

From 1 January 2026, many consumer credit firms will face new reporting requirements under the FCA’s CCR009 return. The changes, finalised in Policy Statement PS25/3, mark a significant shift in how the FCA gathers data from credit brokers, lenders, and debt counselling firms. For directors and compliance teams alike, the message is simple: prepare now, or risk being caught short.

Why Has the FCA Introduced CCR009?

The FCA has been under pressure to improve how it supervises the consumer credit sector. In recent years, weaknesses in data collection have limited the regulator’s ability to monitor risks such as:

• Consumer harm in high-risk lending (e.g. affordability, repeat borrowing).
• Mis-use of permissions by firms holding multiple categories of authorisation.
• Market-wide trends in lending volumes, arrears, and debt advice outcomes.

PS25/3 confirms that the FCA wants “more granular, consistent and comparable” data to spot issues earlier. The new return is therefore designed to give supervisors a clearer picture of where risks are building, and which firms may need scrutiny.

Who Will Be Affected?

The CCR009 return applies to most firms with Part 4A permissions in consumer credit, including:

• Credit brokers (whether intermediating loans, motor finance, or BNPL products).
• Lenders (first-charge, second-charge, and unsecured).
• Debt counselling and debt adjusting firms.

There are carve-outs for firms with very limited permissions, but the majority of regulated consumer credit businesses will need to comply.

What’s Changing?

The biggest shift is the withdrawal of three existing returns (CCR004, CCR005 and CCR006) and their replacement with a single, more comprehensive CCR009 form. Key features include:

• Lending activity reporting: new data on balances, new lending, and product type.
• Revenue and commission disclosures: more detail on how firms generate income.
• Debt advice outcomes: tracking customer volumes, sustainability of arrangements, and vulnerability indicators.
• Granularity by permission type: meaning firms must map their internal MI carefully to the new categories.

The FCA has published draft templates and guidance, but firms will need to test how well their systems, CRM platforms, and finance reporting tools align with the new requirements.

Why This Matters for Firms

On paper, CCR009 is “just” a regulatory return. In practice, it will have much wider implications:

1. Regulatory risk – inaccurate or late returns will trigger scrutiny. The FCA has been clear that data quality is itself a supervisory concern.
2. Business model clarity – many firms operate across multiple activities (e.g. credit broking + lending). CCR009 will expose gaps between what permissions a firm holds and what activity it actually undertakes.
3. Operational strain – smaller firms, particularly brokers, may lack the infrastructure to collate data in the format required. Manual workarounds risk errors and compliance failures.

For many firms, external support will be critical to bridge the gap between operational reality and regulatory expectation.

Practical Steps Firms Should Take Now

Even though the first reporting date is January 2026, preparation needs to begin in 2025. Practical actions include:

• Gap analysis: map current MI and regulatory reporting against CCR009 requirements. Identify where data fields don’t align.
• System upgrades: engage IT or CRM providers to build CCR009-ready reporting. Manual spreadsheets are unlikely to be sustainable.
• Governance: ensure the board and SMF16/17 (compliance and MLRO roles) understand the scale of the change. Oversight must be documented.
• Permissions review: check whether your current permissions match actual business activity. If not, consider a Variation of Permission (VoP) or cancellation to avoid red flags when the FCA reviews data.
• Training: frontline staff should understand why the firm is capturing additional data, particularly around customer outcomes in debt advice.

This is where ALPH can add real value. Through business and operational reviews, compliance audits, QA testing, and oversight support, we help firms identify weaknesses early, streamline reporting, and build the governance structures regulators expect. We also support with policy implementation and strategic reviews to make sure CCR009 isn’t just a compliance burden, but part of a stronger framework for long-term resilience.

The Bigger Picture

The FCA’s wider strategy is clear: data-led supervision. By standardising and deepening the information it collects, the regulator can benchmark firms, flag outliers, and focus its resources where harm is most likely.

For firms, this is both a risk and an opportunity. Those that invest early in data quality and governance will not only avoid regulatory pain, but also gain clearer insight into their own operations. Those that don’t may find themselves under the microscope at exactly the wrong time.

Conclusion

CCR009 is more than a box-ticking exercise. It represents a step change in how the FCA supervises the consumer credit market. Firms should treat the next 12 months as a preparation window — not just to avoid penalties, but to strengthen their compliance frameworks and business resilience.

At ALPH, we work with credit firms of all sizes to ensure regulatory readiness through reviews, audits, compliance oversight, policy design, and strategy alignment. For firms unsure where to start, seeking expert support now could be the difference between falling behind and moving confidently into 2026.

ALPH Legal & Compliance can assist with all aspects of your business’ compliance needs whether that be compliance structure and policy, internal/external audit, business and regulatory change support, authorisation, supervision or just some general expert advice and guidance! Contact us now!