-
Financial Services and Markets Bill concludes Lords committee stage
9 July 2026
The House of Lords has announced the conclusion of committee stage scrutiny of the Financial Services and Markets Bill following six days of detailed examination. During the final day of committee stage, members considered amendments relating to tokenisation in wholesale financial markets, regulation of the digital asset sector, improving public understanding of financial services, and financial services dispute resolution. The Bill will now proceed to report stage, where further amendments may be considered.
Topic: Other Developments -
EBA final draft RTS on the implementation of the supervisory reporting framework under CRR
8 July 2026
The European Banking Authority (EBA) has published a final report with draft implementing technical standards (ITS) on the implementation of international financial reporting standard (IFRS) 18 in supervisory financial reporting (FINREP) under the Capital Requirements Regulation (CRR). IFRS 18, which replaces International Accounting Standard (IAS) 1 and applies from 1 January 2027, introduces a new structure for statements of profit or loss. The final report sets out the amendments required to align FINREP with IFRS 18, including amended versions of the relevant reporting templates which can be found in the press release.
The EBA also published an opinion providing guidance on how institutions can report profit or loss information during the interim period between the first application date of IFRS 18 and the first application date of the amending ITS on the supervisory FINREP (which is currently under consultation until 10 July). While institutions must apply IFRS 18 in their public financial statements from 1 January 2027, the amended FINREP ITS incorporating IFRS 18 are expected to apply from the end of September 2027. To bridge this gap, the EBA advises competent authorities to allow institutions to use a set of IFRS 18-aligned FINREP templates on a voluntary basis during the interim period, thereby avoiding the operational burden of maintaining two different profit or loss reporting frameworks.
The data point model and the XBRL taxonomy based on the revised templates for the implementation of IFRS 18 will be published by the end of July, or at the latest at the beginning of September. The final report will be merged with the final report on the supervisory FINREP, which the EBA expects to submit to the European Commission by the end of the year.
Topic: Prudential Regulation -
ESMA launches CSA on CASPs' digital operational resilience for custody
8 July 2026
The European Securities and Markets Authority (ESMA) has announced it is launching a common supervisory action (CSA) on the digital operational resilience of crypto-asset service providers (CASPs), with a particular focus on custody services. The CSA will assess the maturity of CASPs' operational resilience frameworks in relation to custody activities, focusing on risks inherent to distributed ledger technology (DLT). These include governance arrangements, key and storage management, transaction controls, incident detection and response, smart contract risks, and reliance on third-party providers.
National competent authorities will conduct the review on a risk-based sample of authorised CASPs between the second half of this year and the first half of 2027. ESMA will consolidate the findings into a final report for its board of supervisors following completion of the exercise in the second half of 2027.
-
HM Treasury highlights the value of cyber resilience in strengthening economic and organisational security
8 July 2026
HM Treasury has published a report setting out evidence on the economic and financial value of operational resilience in financial services, with a particular focus on cybersecurity.
The report highlights the growing challenges facing organisations and markets as cyber risk intensifies, identifying an increase in the severity of cyber-attacks and the scale of their consequences. It warns that a small number of severe incidents can lead to disproportionate financial losses, with losses for large firms potentially approaching GBP466 million, significantly exceeding the cost of day-to-day incident activity. The consequences of such losses are becoming larger and more persistent, with potentially lasting effects on affected firms. Beyond financial loss, the impact can extend to customer trust, reputation, and investor confidence, highlighting the importance of resilience.
The report also encourages firms to reframe operational resilience as a source of growth, rather than merely as a compliance obligation or cost. HM Treasury suggests that more resilient firms are better positioned for growth and performance, as they can recover faster and sustain operational momentum. The report cites evidence that more resilient firms outperform their peers in areas such as revenue growth and profitability.
Furthermore, the report notes that, as digital technologies evolve, the scale and severity of cyber threats are likely to increase. Organisations with stronger resilience will be better equipped to modernise systems and adopt new technologies with less disruption. The report also notes that only 10% of organisations report being prepared for AI-augmented cyber threats and that 77% lack essential data and AI security practices.
The report concludes that operational resilience and cybersecurity should be treated as strategic capabilities that support financial, operational and reputational growth. It emphasises the significant value of improving resilience in order to protect firms against increasingly sophisticated cyber threats, including those augmented by AI.
-
ESMA final draft RTS on CCP admission criteria elements
8 July 2026
The European Securities and Markets Authority (ESMA) has published its final report with final regulatory technical standards (RTS) on the elements that central counterparties (CCPs) should consider when setting admission criteria for clearing members. The RTS were developed under the revised European Market Infrastructure Regulation (EMIR 3), which amended the CCP participation requirements framework, including by allowing for non-financial counterparties (NFCs) to become clearing members, subject to requirements. The RTS do not prescribe specific admission criteria; instead, they establish a harmonised set of factors that CCPs should take into account when assessing the applicants, including NFCs, and designing their participation requirements. The final draft RTS considers the feedback received through ESMA's October 2025 consultation and public hearing. The RTS have been submitted to the European Commission for endorsement and will subsequently be scrutinised by the European Parliament and the Council of the EU.
-
AMLA final draft RTS on pecuniary sanctions, administrative measures and periodic penalty payments
8 July 2026
The EU Authority for Anti-Money Laundering and Countering the Financing of Terrorism (AMLA) have published its final report with draft regulatory technical standards (RTS) under Article 53(10) of the sixth Anti-Money Laundering Directive (EU) 2024/1640 (AMLD 6). The RTS establish a framework for assessing the gravity of breaches, determining the level of pecuniary sanctions and administrative measures, and imposing periodic penalty payments (PePPs). They set out indicators for assessing breaches, classify breaches into four levels of severity, and establish criteria for determining sanctions and other measures. They also include provisions relating to natural persons, including senior management and supervisory board members, and procedural aspects for the imposition of PePPs.
Following the February consultation, AMLA made targeted amendments, including clarifications on the application of the framework to non-financial sector firms, confirmation that category 3 and 4 breaches constitute "serious, repeated or systematic" breaches for the purposes of AMLD 6, and revisions allowing supervisors to rely on any reliable and relevant information when assessing breaches. The draft RTS will now be submitted to the European Commission for adoption before publication in the Official Journal of the EU.
-
UK PRA final regulated fees and levies for 2026/27
8 July 2026
The UK Prudential Regulation Authority (PRA) has published policy statement PS17/26 confirming the final regulated fees and levies for 2026/27. The PRA received no responses to its April consultation and confirmed that only minor changes have been made to the draft policy. The PRA';s total funding requirement is finalised as GBP345.3 million, being GBP1.3m lower than proposed in the consultation. The reduction reflects a reduced budget requirement for workforce adjustment costs. The PRA also made a small adjustment to its annual funding requirement to account for lower-than-expected model maintenance fee income arising from the correction of an earlier fee allocation error. The amended PRA fees rules will take effect on 13 July.
Topic: Fees / Levies -
BoE fees regime for FMI supervision for 2026/27
8 July 2026The Bank of England (BoE) has published a policy statement confirming its fees regime for the supervision of financial market infrastructures (FMIs) for the 2026/27 fee year. Following the April consultation, the BoE has adopted its proposals as consulted on and confirmed the supervisory fees payable by central counterparties (CCPs) and central securities depositories (CSDs). The BoE's FMI levy will increase by 3% from the 2025/26 budget to GBP18 million. There is a 3.2% reduction for UK CCPs fees and an increase of 7.7% for UK CSDs compared to 2025/26. The statement also confirms an extension to the phased recovery period for costs associated with developing the UK CCP rulebook, with the 2026/27 recovery instalment remaining at GBP1.5m and any excess costs to be recovered in 2027/28. In addition, the BoE expects to begin levying supervision fees for firms participating in the Digital Securities Sandbox during the 2026/27 fee year. Invoices for FMI fees are expected to be issued before the end of August for the 2026/27 fee year.Topic: Fees / Levies
-
UK FCA and PRA report on progress in advancing secondary competitiveness and growth objective
8 July 2026
The UK Financial Conduct Authority (FCA) and UK Prudential Regulation Authority (PRA) have highlighted their progress in advancing their secondary competitiveness and growth objective in response to the House of Lords Financial Services Regulation Committee June 2025 report. In a one-year update dated 12 June, the FCA reported on a range of measures it has worked on, aimed at supporting UK competitiveness, including capital markets reforms, initiatives to improve retail investment and mortgage access, expanded innovation services, reduced regulatory reporting burdens and more streamlined supervisory and authorisation processes. Looking ahead, the FCA identifies further focus areas including open banking and open finance, tokenisation and investment reforms, and broader market initiatives.
Separately, in a letter dated 28 June, the PRA outlined progress in embedding the objective through prudential reforms designed to improve proportionality and reduce unnecessary burdens, including the strong and simple regime for smaller banks, changes to reporting requirements, reforms to capital and resolution frameworks, and initiatives to support investment and operational efficiency. The annex to the letter provides more information on the PRA's response to each of the Committee's recommendations it had set out to the PRA. Both regulators emphasised that promoting competitiveness and growth must remain consistent with their primary objectives of maintaining financial resilience, market integrity and consumer protection.
Topic: Other Developments -
UK FCA publishes information document for cryptoasset authorisation applicants
8 July 2026
The UK Financial Conduct Authority (FCA) has published an information document for firms seeking authorisation under the forthcoming Financial Services and Markets Act 2000 (FSMA) cryptoasset regime. The document outlines the information that firms will need to provide in the cryptoasset authorisation application form when the application gateway opens on 30 September. The FCA notes that the form is still being finalised and will be available through its online system from that date. While it does not expect the structure and content of the form to change, there may be changes to the detail of the wording of the question and the level of explanation required.
Applications will cover both standard authorisation requirements and cryptoasset-specific requirements tailored to the regulated activities being undertaken. While all the cryptoasset-specific sections and questions are included in this document, firms will only need to complete those that are required for their business model. The document will also assist existing FSMA-authorised firms seeking a variation of permission to undertake new regulated cryptoasset activities.
The FCA states that the document is provided on a best endeavours basis for information only and does not constitute guidance or legal advice. Firms remain responsible for ensuring the accuracy and completeness of their applications. The FCA also published an updated financial data template, which firms must complete as part of the application process.
For further background, you may wish to read our blog post titled "Final rules for new UK crypto regime".
Topic: FinTech -
BoE's FPC and UK PRA propose to modernise the bank capital framework
7 July 2026
The Bank of England's Financial Policy Committee (FPC) has published a financial stability in focus report proposing reforms to modernise the UK bank capital framework to make it simpler, more effective, proportionate and better calibrated to current risks while maintaining financial resilience. The package aims to address unintended consequences in the leverage framework and strengthen the releasability and usability of buffers.
The FPC reaffirms its assessment from its December 2025 report that an appropriate benchmark for system wide Tier 1 capital requirements remains around 13% of risk weighted assets (equivalent to a Common Equity Tier 1 ratio of around 11%). Since December, the FPC, working with the UK Prudential Regulation Authority (PRA), has progressed its analysis of buffer usability and the leverage ratio, and is announcing a package of reforms informed by the feedback it has received. In this report, the FPC sets out its longer term vision for a simpler capital buffer framework centred on a single buffer that is releasable in stress and can be used without automatic distribution restrictions. As an initial step, the FPC welcomes the PRA statement with its decision to make the other systemically important institution buffers releasable in the event of systemic stress. We cover the PRA's statement in a separate update.
In addition, the FPC and PRA intend to consult on reforms to the leverage ratio framework, including: (i) removing the countercyclical leverage buffer; (ii) increasing the additional leverage ratio buffer for firms with systemic buffers to 50% of corresponding risk weighted systemic buffers in line with international standards; and (iii) reducing the minimum leverage ratio requirement from 3.25% to 3%, and applying a simple general leverage ratio buffer set at 25 basis points for firms subject to leverage requirements. The FPC and PRA will further assess the impact of these proposals on financial stability and market functioning at the Q3 FPC meeting. Separately, the FPC expects to update its assessment of the interaction of capital requirements related to domestic exposures in its Q4 2026 financial stability report.
Topic: Prudential Regulation -
EBA final guidelines on authorisation of third-country branches under CRD VI
7 July 2026
The European Banking Authority (EBA) has published its final report on the guidelines on the authorisation of third-country branches (TCBs) under Article 48c(8) of the Capital Requirements Directive (CRD), as amended by CRD VI (Directive (EU) 2024/1619). Following the November 2025 consultation, no changes have been made by the EBA.
The guidelines set out: (i) the list of information to be included in the application, concerning matters such as the business plan, capital endowment, liquidity, internal governance, booking arrangement and reporting requirements and information about head undertaking(s), in particular their compliance with prudential requirements and a reasoned, third party legal opinion stating that there is no obstacle for the applicant head undertaking to comply with EU and national law, in as much as applicable, in relation to the TCB.; (ii) the procedure for authorisation, as well as standard forms and templates for the provision of the information required; (iii) the conditions for granting authorisation; and (iv) the conditions under which competent authorities may rely on information that has already been provided in the process of any prior third-country branch authorisation. The guidelines will be translated into the official EU languages and published on the EBA website. Competent authorities will have two months from the publication of the translations to report on whether they comply, intend to comply or reasons for non-compliance. The guidelines will apply from 11 January 2027.
Topic: Prudential Regulation -
UK FCA Enforcement Watch 2: the consumer duty
7 July 2026
The UK Financial Conduct Authority (FCA) has published its second edition of its Enforcement Watch newsletter, explaining how it is using supervision and enforcement to drive compliance with the consumer duty. The FCA notes that nearly three years after the duty's implementation, it has opened 11 investigations into potential breaches, up from six reported in the first edition. These investigations span the insurance, pensions, wealth management, consumer investments, peer-to-peer lending and claims management sectors.
The FCA uses this edition to help shine a light on the threshold between assertive supervision (intervening where concerns are identified) and taking enforcement action. The FCA states that where interventions are sufficient to address the harm, there may be no need for a formal enforcement investigation.
A key focus of the FCA's 11 open investigations is whether consumers received fair value in accordance with the FCA's Handbook rules and the consumer duty. The FCA emphasises that fair value is not solely a question of price; products that fail to meet customer needs, cause foreseeable harm or provide little meaningful benefit are unlikely to represent fair value. Given the overlap between the duty's outcomes, the FCA may also examine whether products were designed for an appropriate target market, met that market's needs, were communicated clearly to consumers throughout the product lifecycle, and consumers were given support when issues arose.
The FCA also outlines the types of investigations it has opened and notes that it has "taken the unusual step" of publicly announcing two investigations in the motor finance claims sector to enable affected customers to consider their options, including whether to complain. The FCA expects firms to maintain high standards, proactively identify and prevent consumer harm, and demonstrate good consumer outcomes. While the FCA will work pragmatically with firms that do the right thing, it emphasises that it will take enforcement action where necessary.
Topic: Consumer / Retail -
BoE's Financial Policy Committee publishes July 2026 financial stability report
7 July 2026
The Bank of England's (BoE) Financial Policy Committee (FPC) has published its July financial stability report alongside the record of its 26 June meeting. The FPC meets to identify risks to financial stability and agree policy actions aimed at safeguarding the resilience of the UK financial system.
Key topics covered include:
- Markets: Vulnerabilities in risky asset valuations, sovereign debt markets and risky credit markets, including private credit, remain and some have become more pronounced since the December 2025 financial stability report. Notably, there has been a substantial increase in the use of leverage in equity markets.
- AI-related risks: The FPC examined the macro financial risks arising from the AI transition across a range of sectors. It also notes that recent rapid advances in frontier AI capabilities have increased financial stability risks related to cyber and operational resilience.
- Countercyclical capital buffer (CCyB): The FPC maintained the UK CCyB rate at its neutral setting of 2%.
- Private markets: The FPC welcomed the BoE's publication of the stress scenario for the private markets system wide explanatory scenario (SWES). The FPC expects to use the SWES to improve its understanding of how banks and non-banks active in private markets would respond to a severe but plausible global downturn.
- Bank capital reform: Following its review of bank capital requirements, the FPC announced that it will work with the UK Prudential Regulation Authority (PRA) to modernise the capital framework. The proposed reforms aim to improve the usability of capital buffers and make leverage ratio requirements more proportionate and effective while maintaining overall financial system resilience.
- Stablecoins and money market funds (MMFs): The FPC welcomed the BoE's policy statement and consultation on the draft code of practice for systemic sterling-denominated stablecoins and recent statements by HM Treasury and the UK Financial Conduct Authority on their plans to strengthen the resilience of MMFs.
-
UK FCA findings on consumer access to basic bank accounts
7 July 2026
The UK Financial Conduct Authority (FCA) has published the findings of a mystery shopping exercise assessing how effectively firms promoted awareness and helped consumers access basic bank accounts (BBAs), outlining good and poor practice. The FCA found that while firms delivered good outcomes, inconsistent and poor practices are still widespread. Specifically, three themes stood out:
- Firms did not consistently mention and discuss BBAs early enough in the conversation.
- For consumers who did not have standard identification or a fixed address, staff often did not clearly explain what alternative evidence of identification consumers could use or what next steps they needed to take.
- Staff often did not recognise and respond to characteristics of vulnerability or adapt their approach for consumers who needed help to complete a standard or digital journey.
The FCA states that this creates a risk of firms preventing people from getting an appropriate account which can deepen financial exclusion. In response, the FCA has required firms to implement remedial plans and, through UK Finance, the firms have agreed a clear commitment to: (i) improve the identification and promotion of BBAs; (ii) reduce barriers for consumers with non-standard identification or no fixed address; and (iii) recognise and enhance support for vulnerable customers. The FCA will monitor progress through firm-specific oversight and sector-wide reviews and has indicated that it may take further action if sufficient improvements are not achieved.
Topic: Consumer / Retail -
Amending Regulation to RTS for risk weights on immovable property exposures published in OJ
7 July 2026Commission Delegated Regulation (EU) 2026/807 amending the regulatory technical standards (RTS) set out in Delegated Regulation (EU) 2023/206 was published in the Official Journal of the European Union (OJ). The Amending Regulation is technical in nature and updates the RTS to ensure consistency with changes introduced to the Capital Requirements Regulation (EU) No 575/2013 (CRR) by Regulation (EU) 2024/1623 (CRR3). It was initially adopted on 10 March, and we cover the amendments it made on our blog here. The Amending Regulation is based on final draft RTS developed by the European Banking Authority and published in December 2025. It will enter into force on 28 June, being the 20th day following publication in the OJ.Topic: Prudential Regulation
-
ESRB issues warning on systemic cyber risks from frontier AI models
7 July 2026
The European Systemic Risk Board (ESRB) has published a warning issued on 25 June on the systemic cyber risks posed by frontier AI models. The warning highlights how frontier AI models are transforming the cybersecurity landscape by enabling threat actors to increase the speed, scale, and sophistication of cyber-attacks in the short to medium term. The ESRB urged all EU stakeholders, including financial institutions, to enhance their cybersecurity capacities and encouraged relevant authorities to reflect these risks in their supervisory and oversight work.
On the same date, the European Supervisory Authorities (ESAs) published a press release welcoming and supporting the warning. The ESAs raise concerns that AI-enabled cyber-attacks could threaten the operational resilience of financial institutions. In their view, while the Digital Operational Resilience Act (DORA) and the EU AI Act provide a strong regulatory foundation for managing these risks, they urge financial entities to strengthen their cybersecurity arrangements and call on competent authorities to reflect these developments in their supervisory activities. They also reiterate the ESRB's call on the EU to scale up its capacity, expertise and strategic autonomy in this critical area, which requires all parties to be involved, including AI providers, software providers, security firms, open-source maintainers, financial institutions, and authorities at both national and Union level.
The ESAs are working closely with the EU supervisory community to oversee that risks are identified and mitigated in line with the requirements of DORA. They are also engaging with critical ICT third-party providers on the measures they are taking to adapt to the situation to manage risks.
Topic: Operational Resilience -
UK PRA statement on enhancing the usability and releasability of capital buffers
7 July 2026
The UK Prudential Regulation Authority (PRA) has published a statement clarifying that it may release other systemically important institution (O‑SII) buffers during periods of systemic stress. Consistent with the Bank of England's Financial Policy Committee's vision to modernise the bank capital framework, and as a near-step in support of that vision, the PRA intends to do so by exercising its existing powers to vary O‑SII buffer rates. This includes reducing them to zero under the Capital Buffers and Macro-prudential Measures Regulations 2025 while engaging with the FPC. The PRA explains that releasing O‑SII buffers would lower the capital threshold at which automatic distribution restrictions apply in stress, which in its view will support banks' ability to absorb losses rather than taking defensive actions such as reducing lending.
The PRA states that, following any release of the O-SII buffer, it would provide an indicative period during which no increase in O‑SII buffer rates would be expected, and that any subsequent rebuild would be phased over a period consistent with banks' ability to restore capital while continuing to lend to creditworthy UK households and businesses.
The PRA intends to consult later this year on proposed changes to its statement of policy on the approach to implementation of the O-SII buffer and related aspects of its approach to varying O-SII buffer rates in the event of systemic stress. This will include further guidance on rebuild expectations. The PRA will also consider whether greater clarity on the use of the PRA buffer outside periods of systemic stress, together with further engagement with investors and rating agencies, could improve the usability and understanding of regulatory capital buffers.
Topic: Prudential Regulation -
ESMA publishes supervisory briefing on triangular passporting
7 July 2026
The European Securities and Markets Authority (ESMA) has published a new supervisory briefing on triangular passporting under the EU Markets in Financial Instruments Directive (MiFID II), which aims to clarify the appropriate use of the practice, enhance certainty and improve supervisory consistency. It forms part of the EU's wider simplification drive, seeking to reduce the burden of regulation by setting clear expectations for firms. Triangular passporting occurs where an investment firm authorised in one Member State (Member State A) uses a branch or tied agent in another Member State (Member State B) to provide investment services cross-border into a third Member State (Member State C), under the Article 34 freedom to provide services under MiFID II. The practice is not covered or prohibited under MiFID II, but ESMA recognises that this model can create: (i) compliance complexity for firms (which may need to comply with conduct of business rules in multiple Member States); (ii) investor protection risks (such as determining where complaints should be directed); and (iii) uncertainty over supervisory responsibilities.
ESMA's briefing does not create new legal obligations, is non-binding, and is not subject to a "comply or explain" mechanism, nor does it prescribe a single supervisory approach. However, investment firms using, or considering, triangular passporting may expect greater scrutiny of their approach to the practice, including by national supervisors. Notably, the European Banking Authority has not co-authored the supervisory briefing, so at this stage there is no new guidance on triangular passporting for firms within scope of the Capital Requirements Directive (CRD) or existing Payment Services Directive (PSD2). Currently, CRD and PSD2 make no explicit provision for triangular passporting, but support for it can be found in various supervisory publications, while Recital 56 of the European Commission's proposal for the Payment Services Directive 3 explicitly acknowledges the possibility of triangular passporting.
Under the briefing, ESMA expects firms relying on triangular passporting to notify their home supervisor (in Member State A) and specify which authorised services and activities they intend to provide, using the relevant MiFID II templates related to Article 34. They should regularly review and, where necessary, carry out internal risk assessments of, the model. Firms relying on tied agents are expected to explicitly authorise the tied agent to provide cross-border services on behalf of the firm (given the tied agent's separate legal personality). Firms should not use the structure to engage in "forum shopping" for example, establishing a branch or tied agent in Member State B in order to passport services into Member State C may be considered to circumvent the MiFID II Article 35 branch establishment requirements. ESMA also expects firms to give clients clear information on who is providing the service, which authority supervises it, how complaints can be made, and which redress and compensation arrangements may be available. Clients will be entitled to submit complaints to either the head office or the branch/tied agent that is supplying the service.
On the supervisory side, ESMA expects the home Member State supervisor (in Member State A) to notify the supervisors in Member States B and C of the firm's intention to rely on triangular passporting. ESMA provides some guidance on the responsibilities of the supervisors in Member States A-C but notes that a degree of supervisory cooperation will be required and refers to existing Level 2 measures under MiFID II (Commission Delegated Regulation (EU) 2017/586 and Commission Delegated Regulation (EU) 2017/980) which require supervisors to exchange information and cooperate in any cross-border supervisory activities.
Topic: MiFID II -
ECB calls significant institutions to draft an action plan against AI related cybersecurity threats
7 July 2026
The European Central Bank (ECB) has published an open letter to CEOs of significant institutions on AI related cybersecurity threats. The ECB warns that advances in AI are accelerating vulnerability discovery and exploitation, marking a long-term shift in the cyber threat landscape rather than a temporary or tool-specific risk. The letter identifies bank management bodies as primarily responsible for responding to the evolving cyber risk, suggesting they may need to revisit ICT investments, resource allocation and bank information and communication technology (ICT) risk-tolerance frameworks, and strengthen governance and control systems where necessary.
The ECB expects significant institutions to assess the impact of the evolving threat landscape and to develop a comprehensive action plan to strengthen relevant controls. The plan should build on existing cyber-risk strategies, cover short- and longer-term measures, allocate resources, assign responsibilities and set implementation timelines. The action plan must be submitted to the respective joint supervisory team (JST) by 31 October after which the JST will discuss the plan with the bank and monitor progress.
In the short term, the ECB expects banks to prioritise vulnerability and patch management, monitoring and detection, AI-enabled defensive capabilities, third-party ICT risk management, and protection of perimeter technologies and externally exposed ICT assets. Longer-term measures should include reinforcing defence-in-depth and cyber hygiene, modernising legacy or unsupported technology, and strengthening response, recovery, crisis-management and information-sharing arrangements.
The ECB also urges banks to remediate outstanding ICT-related supervisory findings without delay, noting that unresolved weaknesses identified through prior supervisory activity may become increasingly material in the evolving threat landscape.
The ECB confirms that DORA requirements remain highly relevant and that it will extend the deadline for the annual IT Risk Questionnaire from September 2026 to February 2027. The ECB also notes that the responsible CERT (Computer Emergency Response Team) / CSIRT (Computer Security Incident Response Team) authorities may provide additional guidance. For more information, you may like to read our client bulletin titled "ECB requires significant institutions to address AI-enabled cybersecurity threats".
-
UK FCA Primary Market Bulletin 64: TVR disclosures and observations on significant transactions
6 July 2026
The UK Financial Conduct Authority (FCA) has published Primary Market Bulletin 64, setting out its findings from a 2025 follow-up review of total voting rights (TVR) disclosures and providing observations on significant transaction notifications under the UK Listing Rules (UKLR). The FCA found that, while most issuers disclosed information relevant to TVRs, some announcements lacked sufficient clarity because they neither contained a dedicated TVR subsection nor made any direct mention of the total number of voting rights. This made it difficult for shareholders to identify the TVR used to calculate shareholding thresholds.
The FCA reminds issuers to confirm TVR figures clearly, use appropriate headline disclosure classifications where possible, and refer expressly to "total voting rights" when such information is included within broader announcements.
The FCA also reported on its review of significant transaction notifications under the UKLR, following the July 2024 reforms that removed the requirement for commercial companies with equity shares to publish an FCA-approved circular and obtain shareholder approval for significant transactions. Instead, companies are now required to notify shareholders under a notification-based regime. The FCA observed differing approaches to the number and presentation of risks disclosed by companies and noted that some issuers relied on overly generic risk disclosures. The FCA reminds issuers that risk disclosures should be tailored to the company, taking into account the nature and circumstances of the transaction, and should clearly articulate the specific risks posed to the company rather than relying on generic descriptions.
On board statements, the FCA noted that some issuers had not used the prescribed wording required by the UKLR. The FCA emphasises that issuers must follow the prescribed text and that bespoke wording that dilutes the intent of the rule is not acceptable. Board statements should therefore include the wording: "the transaction is, in the board's opinion, in the best interests of security holders as a whole". The requirement to use prescribed wording also applies to the fair and reasonable statement in related party transaction notifications under UKLR 8.2.2R(4).
Topic: Securities -
Draft Building Societies Act 1986 (Assimilation to Company Law and Changes to Funding Limit) Order 2026 published
6 July 2026
The draft Building Societies Act 1986 (Assimilation to Company Law and Changes to Funding Limit) Order 2026 was published and laid before Parliament, alongside an explanatory memorandum. The draft Order amends the Building Societies Act 1986 (BSA 1986) to align the provisions on common seals and the execution of documents by building societies with the equivalent regime under the Companies Act 2006. Building societies will therefore be able to choose whether to execute documents using a common seal or through authorised signatories, bringing them into line with the more flexible arrangements available to companies.
In addition, under section 7 of the BSA 1986, subject to specific exemptions, at least 50% of a building society's liabilities must be shares owned by individuals (known as "the funding limit"). The draft Order makes provisions to exclude certain sources of funding for the purposes of calculating the funding limit. This includes: liquidity facilities which form part of the BoE's sterling monetary framework; debt instruments issued by building societies to meet BoE's Minimum Requirements for Own Funds and Eligible Liabilities (MREL); and sale and repurchase agreements entered into by building societies using High Quality Liquid Assets held to meet the UK Prudential Regulation Authority's Liquidity Coverage Requirement.
These changes are intended to ensure building societies are not discouraged from practices which support prudent management of liquidity, and that instruments issued to meet MREL requirements are treated appropriately with other excluded regulatory capital instruments. The Order is expected to come into force on 1 January 2027.
-
Draft Over the Counter Derivatives (Intragroup Transactions) Regulations 2026 published
6 July 2026
The draft Over the Counter Derivatives (Intragroup Transactions) Regulations 2026 were laid before the UK Parliament and published, accompanied by an explanatory memorandum. The proposed Regulations aim to replace the temporary intragroup exemption regime (TIGER), which expires on 31 December, with a permanent framework for intragroup exemptions from clearing and margin requirements under the UK European Market Infrastructure Regulation (UK EMIR). The draft Regulations amend the definition of an intragroup transaction in Article 3 of UK EMIR so that any transaction between entities within the same consolidated group qualifies as intragroup, regardless of the jurisdiction in which those entities are established. They also amend the processes applicable to the intragroup exemptions in Article 4 and Article 11 of UK EMIR and provide for a notification process for transactions between a UK entity and an overseas entity in the same group or between two overseas entities in the same group, subject to a 30-day period within which the FCA can object. Finally, the Regulations also include transitional provisions to ensure that firms already benefiting from intragroup exemptions granted under TIGER can continue to rely on those exemptions after TIGER expires without having to submit a new notification to the FCA, provided certain conditions are met.
The draft Regulations were initially published for technical feedback in November 2025. While feedback was generally positive, some respondents requested that the notification requirement to the FCA be removed entirely to lighten the regulatory burden even further. The FCA has not made this change to ensure that it maintains appropriate regulatory oversight of market activity. Feedback was otherwise focused on drafting points to ensure the legislation would operate as intended and deliver the desired policy effect. Subject to Parliamentary approval, the new regime is expected to come into force before the expiry of TIGER on 31 December.
-
EC adopts Delegated Regulations on amending RTS under CSDR
6 July 2026
The European Commission has adopted two Delegated Regulations under the Central Securities Depositories Regulation No 909/2014 (CSDR):
- The first Delegated Regulation amends the regulatory technical standards (RTS) laid down in Commission Delegated Regulation (EU) 2018/1229 on settlement discipline, to introduce measures aimed at improving settlement efficiency in the EU and supporting the transition from a T+2 to a T+1 settlement cycle on 11 October 2027. The revised RTS strengthen allocation, confirmation and settlement processes, establish earlier deadlines for the provision of settlement information by professional and retail clients, and enhance the monitoring, reporting and analysis of settlement fails. The Delegated Regulation is based on the final report published by the European Securities and Markets Authority (ESMA) in October 2025.
- The second Delegated Regulation amends the RTS laid down in Delegated Regulation (EU) 2017/392 regarding the information that central securities depositories (CSDs) must provide to competent authorities as part of the review and evaluation process under Article 22(1) of the CSDR. The amendments align the RTS with the reforms introduced by the CSDR Refit Regulation (EU) 2023/2845. The Delegated Regulation specifies: (i) the information the CSD is to provide to the competent authority for the purposes of the review and evaluation; (ii) the information that the CSD's competent authority is to supply to other authorities when sharing the results of the review and evaluation; and (iii) the information that the competent authorities responsible for supervising different CSDs within the same group are to supply to one another when performing the review and evaluation. The Delegated Regulation is based on the final report published by ESMA in February 2025.
The RTS on settlement discipline will generally apply from 7 December, except for certain specified provisions which will apply in 2027. The RTS on the review and evaluation process will apply one year after it enters into force.
-
ESMA reports early impact of AAR on EU clearing activity under EMIR 3
6 July 2026
The European Securities and Markets Authority (ESMA) has published an interim report on the effectiveness of the Active Account Requirement (AAR) under the revised European Market Infrastructure Regulation 2024/2987 (EMIR 3), alongside the first annual report of the Joint Monitoring Mechanism (JMM), which monitors developments and financial stability risks across the EU clearing ecosystem.
ESMA's findings in the interim report indicate early signs of increased clearing activity at EU central counterparties (CCPs), particularly among smaller firms, with some entities fully relocating positions to the EU. The reports also identify a gradual but limited shift in certain products from systemically important third-country CCPs (Tier 2 CCPs) to EU CCPs. The interim report constitutes the first stage of a two-stage process of assessing implementation of the AAR, and its findings should be considered as preliminary. ESMA will complete a final assessment of the AAR in 2027 once additional data becomes available.
Looking more broadly at the EU clearing ecosystem, the JMM report highlights significant cross-border interdependencies, particularly between the EU and the U.S. It finds that EU entities, primarily banks, have considerable exposures to US CCPs, while U.S firms are active participants in EU and Tier 2 CCPs, and provide essential services such as liquidity, custody, and payments. While these interdependencies are said to support market efficiency and liquidity, the report states they may also transmit financial shocks across jurisdictions. In addition, the JMM noted an expansion in the range of products and asset classes cleared in the EU, and conducted a stocktake of existing EU-wide stress testing exercises to identify potential synergies for monitoring risks across the wider clearing ecosystem.
Topic: Derivatives -
ESMA launches common supervisory action with NCAs on risk management function
3 July 2026
The European Securities and Markets Authority (ESMA) has announced the launch of a common supervisory action (CSA), in collaboration with national competent authorities (NCAs), on the risk management function of undertakings for collective investment in transferable securities (UCITS) management companies and alternative investment fund managers (AIFMs) across the EU. The CSA, which will run throughout 2026 and 2027, will examine firms' compliance with key risk-related provisions under the UCITS and AIFM Directive frameworks, with a particular focus on the effectiveness, independence and expertise of the risk management function.
As part of this exercise, NCAs will focus on three key areas: (i) governance and organisation of the risk management function; (ii) identification, measurement and monitoring of risks; and (iii) reporting to senior management and governing bodies. ESMA intends to publish a final report with the findings of the CSA in 2028.
Topic: Fund Regulation -
Mills Review sets out recommendations to the FCA on AI and the future of retail financial services
3 July 2026
The UK Financial Conduct Authority (FCA) has published The Mills Review report, based on an independent review led by Sheldon Mills, Executive Director, Consumers and Competition at the FCA, examining the potential impact of AI on retail financial services by 2030 and beyond. The review concludes that AI is likely to drive a transition from human-led financial activity to increasingly AI-enabled and delegated services, with firms embedding AI across a wide range of functions and consumers making greater use of AI tools and agents to manage their finances. The review identifies four key systemic shifts arising from AI adoption: the transformation of AI becoming core to firms; the emergence of AI-led consumer journeys; changes to competition and market power; and the amplification of financial crime and cyber risks.
While it considers the UK's existing outcomes-based regulatory framework, including the consumer duty, senior managers and certification regime and operational resilience requirements, to be broadly fit for purpose, it highlights the need for them to evolve to keep pace with AI developments.
To support the FCA, the review sets out seven priority recommendations for consideration, including:
- Securing and adapting the regulatory perimeter.
- Strengthening system-wide coordination and oversight.
- Monitoring the transition to autonomous models and adapting regulatory frameworks.
- Scaling up the FCA's AI Lab to support AI models and system innovation in financial services.
- Enabling the foundations for agentic finance.
- Building and adopting an AI-enabled agentic supervisory model.
- Developing a trusted public-interest AI-enabled financial capability service.
-
ESMA statement on application of national product intervention measures on binary options to event contracts
3 July 2026
The European Securities and Markets Authority (ESMA) have published a statement reminding firms to assess whether the new products they offer fall within the scope of existing national product intervention measures on binary options. ESMA's statement responds to the growing popularity of prediction markets—or event contracts— and increasing retail participation globally. ESMA defines "event contracts" as agreements whose financial outcome is binary (a fixed payout or no payout at all) and depends on a yes-or-no answer to a question about a future event. ESMA confirms that not all event contracts are financial instruments, and only event contracts with an event question related to an underlying mentioned in Section C(4) to (10) of Annex I of MiFID II classify as financial instruments. Event contracts qualifying as financial instruments are derivatives and fall within the scope of the temporary product intervention measures on binary options which were initially adopted by ESMA Decision (EU) 2018/7952 and which were subsequently replaced by permanent national product intervention measures mirroring the ESMA temporary measures. As a result, the marketing, distribution or sale of such products to retail clients is prohibited. ESMA reminds firms that product categorisation depends on a product's characteristics rather than its commercial name, and that firms must carefully assess whether the measures apply to the products they offer, while meeting the overarching obligation to act honestly, fairly and professionally in accordance with the best interests of clients. ESMA also reminds firms that providing investment services relating to such instruments requires MiFID II authorisation, even when only distributed to non-retail clients.
-
UK expands FRCC remit to FCA supervision under MLRs
2 July 2026
The Financial Services Act 2012 (Relevant Functions in relation to Complaints Scheme) (Amendment) Order 2026 was published, accompanied by an explanatory memorandum. The Order expands the remit of the Financial Regulators Complaints Commissioner (FRCC), as set out in the Financial Services Act 2012 (Relevant Functions in relation to Complaints Scheme) Order 2014, to cover complaints relating to the UK Financial Conduct Authority's (FCA) supervisory functions under the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (MLRs).
Following a 2024 consultation, the Money Laundering and Terrorist Financing (Amendment) Regulations 2026 were made, which widened the information-sharing gateways in the MLRs to enable the FCA to share supervisory information with the FRCC. Due to an oversight in the 2014 Order, the FRCC's remit did not extend to investigating complaints about the FCA's MLR supervisory functions. This Order addresses that omission and corrects minor drafting errors in the 2014 Order. It enters into force on 23 July.
-
UK lays draft SI for overseas prudential requirements regime
2 July 2026
The draft Overseas Prudential Requirements Regime (Credit Institutions and Investment Firms) Regulations 2026 were published, accompanied by a draft explanatory memorandum. The Regulations support the transition to the FSMA 2000 model of regulation, under which detailed prudential requirements are set by the UK Prudential Regulation Authority within a framework established by government and Parliament. This transition entails the revocation of provisions of the UK Capital Requirements Regulation (UK CRR) and restatements, as needed, in UK legislation to facilitate the FSMA model, with UK CRR provisions replaced with regulator rules, supervisory statements and statements of policy.
The Regulations restate existing UK CRR equivalence provisions in legislation to create a single overseas prudential requirements regime (OPRR), preserving the scope and effect of the current prudential equivalence framework and treating existing equivalence decisions as designations under the new regime. The OPRR enables HM Treasury to designate overseas jurisdictions for specified prudential purposes, with future designations requiring a further statutory instrument and parliamentary approval. In particular, the Regulations provide a framework for designation in the context of: (i) exposures to overseas credit institutions, investment firms and exchanges; (ii) overseas eligible covered bonds; (iii) exposures to overseas central banks, regional governments, local authorities and public sector entities (with specific provision made for those in Gibraltar); and (iv) issuance of capital by overseas intermediate financial holding companies.
The Regulations are expected to enter into force on 1 January 2027.
Topic: Prudential Regulation -
UK FCA motor finance redress scheme partially suspended
2 July 2026
The UK Financial Conduct Authority (FCA) has published a statement announcing that the Upper Tribunal has made an order suspending parts of its motor finance redress scheme while legal challenges brought by several parties are considered. The order was made on terms agreed between the FCA and the challengers, with the partial suspension enabling firms to continue preparing for the scheme while avoiding duplication of work if the challenges succeed. The Tribunal is scheduled to hear the challenges on 14-18 December or 16-26 February 2027. Firms are still expected to comply with all rules that are not suspended and a list of retained scheme rules has been published
Under the suspension, firms are currently not required to calculate, communicate or pay compensation under the scheme timetable; however, they must continue preparatory work, including identifying relevant complaints and gathering data. Firms must also notify complainants who are not entitled to compensation under the scheme within the scheme deadlines, subject to limited exceptions. If a firm requires more time to notify consumers, the FCA will not treat it as non-compliant or take enforcement action as long as consumers are notified within seven weeks of the relevant scheme deadline.
Firms are expected to update complainants to explain when the legal challenge will be heard, what the partial suspension means, and the likely impact on the timetable for dealing with complaints and paying any compensation owed.
The FCA reiterates that it considers the scheme the quickest and fairest route to consumer redress and intends to defend it. If the scheme is ultimately upheld, compensation payments are expected to begin in 2027. If it is overturned, the FCA may instead require firms to resolve complaints through the standard complaints process, which could result in greater involvement from the UK Financial Ombudsman Service. The FCA expects firms to plan for the event of no scheme and to be operationally and financially ready for a complaint-led and supervisory approach to resolve historical liabilities, in line with the default statutory timelines.
In the interim, while the legal challenges are ongoing, the FCA will continue to take a pragmatic approach as previously set out in its May statement.
Topic: Consumer / Retail -
AMLA draft ITS on common format for reporting suspicions under AMLR
2 July 2026
The EU Anti-Money Laundering Authority (AMLA) has launched a consultation on draft implementing technical standards (ITS) establishing a common EU-wide format for reporting suspicious transactions and activities under the Anti-Money Laundering Regulation (EU) 2024/1624. Currently, the way suspicions and transaction records are reported differs from one country to another. This makes it harder for companies operating across borders to know what is expected from them, and harder for Financial Intelligence Units (FIUs) to exchange information with each other and with their partners. The proposed ITS would introduce a harmonised set of data points and reporting templates for obliged entities, while allowing for sector-specific reporting requirements, with the aim of improving consistency across member states, reducing reporting complexity for cross-border firms, and enhancing information sharing and processing by FIUs. The deadline for responses is 20 September. A public hearing will be held on 9 September. -
ESMA final report on the simplification of financial transaction reporting
2 July 2026
The European Securities and Markets Authority (ESMA) has published its final report on the simplification of financial transaction reporting under the Markets in Financial Instruments Regulation (MiFIR), the European Market Infrastructure Regulation (EMIR) and the Securities Financing Transactions Regulation (SFTR), together with a factsheet. This follows the interim report published in May which provided a summary of feedback to its June 2025 call for evidence on how to simplify and streamline reporting.
ESMA recommends a phased reform programme combining short-term burden reduction with a long-term structural reform. At the centre of this strategy is the development of a long-term “report once” model, under which firms would submit data through a single, modular reporting framework capable of serving multiple regulatory and supervisory purposes. This aligns with the “scenario 2a” approach (which evolved from “option 2a” in ESMA’s June 2025 call for evidence). On dual-sided reporting, the final report confirms that a full transition to single-sided reporting was not retained because those data points which are currently reported are used to assess data quality.
In the shorter term, ESMA proposes a series of simplification measures to provide more immediate burden reduction including streamlining intragroup exemptions, reducing or removing certain reporting fields and reconciliation requirements, simplifying error and omission notifications, and reviewing dual-sided reporting requirements, among other measures mentioned in section 5.2 of the report. ESMA will now engage with EU institutions on the policy recommendations, with implementation requiring legislative amendments and phased development of common reporting standards and infrastructure.
-
EBA peer review report on Pillar 3 disclosures
2 July 2026
The European Banking Authority (EBA) has published a report with the results of a targeted peer review assessing how competent authorities supervise compliance with the Capital Requirements Regulation and Bank Recovery and Resolution Directive Pillar 3 disclosure requirements between June 2023 and June 2025. The EBA found that most authorities had fully or largely integrated Pillar 3 requirements into their supervisory frameworks, with supervisory practices generally operating efficiently and demonstrating a high degree of convergence across the EU. However, the review identified some inconsistencies between jurisdictions, including one authority rated as only partially compliant and another receiving largely "not applied" ratings due to the absence of formal assessment methodologies and processes. The EBA sets out specific individual follow-up measures where deficiencies had been identified, as well as best practices for improvement.
-
UK FCA consults on simplifying consumer investment disclosures
2 July 2026
The UK Financial Conduct Authority (FCA) has published consultation paper CP26/24 proposing reforms to streamline consumer investment disclosure requirements across the Markets in Financial Instruments Directive (MiFID), Insurance Distribution Directive (IDD) and non-MiFID investments business. The proposals would align cost disclosure requirements with the Consumer Composite Investments (CCI) regime, which replaced the prescriptive requirements in the Packaged Retail and Insurance-based Investment Products and Undertakings for Collective Investment in Transferable Securities disclosure documents with a new CCI "product summary". The regime allows firms flexibility over how they present information in line with the consumer duty.Following a review of MiFID derived requirements, the FCA intends to make changes to align Conduct of Business Sourcebook (COBS) disclosure rules with the CCI regime on a conceptual and technical level, and apply the same duty-driven approach, focusing on consumer engagement and understanding.
Proposals include:
- Aligning COBS more closely with the CCI regime and making cost disclosures more consistent throughout the investment journey, so that the pre-sale presentation of product costs aligns with the CCI disclosure framework.
- Removing the MiFID-derived cumulative effect illustration pre-sale and post-sale and instead requiring firms to show how costs have impacted returns in regular post-sale reporting.
-
UK FCA final regulated fees and levies for 2026/27
2 July 2026
The UK Financial Conduct Authority (FCA) has published final policy statement PS26/14 confirming the final fees and levies for 2026/27 to fund itself, the UK Financial Ombudsman Service (FOS) and certain government departments, following its March consultation. The FCA's annual funding requirement for 2026/27 will be GBP788.9 million, although GBP72.4m of retained financial penalty income from 2025/26 will be offset against fees, reducing the total amount payable by firms to GBP716.5m, a 0.7% increase from the previous year.The FCA has largely finalised its proposals as consulted on, including a 1% increase to application, transaction and notification fees, continued staged increases to minimum fees in the A and consumer credit fee-blocks, and updated periodic fee rates reflecting changes in the data used to calculate them.
The policy statement also confirms the 2026/27 FOS compulsory jurisdiction levy of GBP86m, the levy rates collected on behalf of government departments, and amendments to the FCA's FEES guidance to clarify that direct debit is the preferred method of payment. The FCA also confirmed that it will respond separately on cryptoasset application fees, with final rules expected in its September Handbook Notice.
Topic: Fees / Levies -
UK PVDC policy paper on the roles and responsibilities in the future retail payments ecosystem
2 July 2026
The Payments Vision Delivery Committee (comprising HM Treasury, the Bank of England, the UK Financial Conduct Authority and the UK Payment Systems Regulator) has published an update on the future retail payments ecosystem to support the Retail Payments Infrastructure Board's consultation on the design of the UK's next-generation retail payments infrastructure. The update outlines a proposed framework for the roles and responsibilities of participants within the future ecosystem, including a central core infrastructure scheme and operator, the product-level arrangements governing specific payment journeys, and supporting commercial, governance and consumer protection frameworks. It emphasises that the future infrastructure should support innovation, competition, interoperability and broad access while maintaining operational resilience and effective safeguards against fraud, money laundering and other financial crime.
-
ESAs consult on technical advice on selected KPIs under Taxonomy Disclosures Delegated Act
1 July 2026
The European Securities and Markets Authority (ESMA) has launched a consultation on technical advice to the European Commission (EC) regarding selected key performance indicators (KPIs) under the Taxonomy Disclosures Delegated Act. The consultation follows the EC's request to the European Supervisory Authorities (ESAs) in March for targeted technical advice to support its review of the Taxonomy Disclosures Delegated Act under Article 8 of the Taxonomy Regulation (EU) 2020/852. The review forms part of the EC's broader Omnibus simplification agenda and aims to reduce reporting burdens while maintaining meaningful sustainability disclosures for investors.
ESMA proposes measures to simplify the EU Taxonomy disclosure framework for non-financial undertakings and asset managers, including changes relating to the operational expenditure KPI and to address concerns about complexity and reporting burden. Feedback is also sought on a potential pragmatic approach to group-level reporting in mixed groups, based on the parent undertaking's reporting model.
In parallel, the European Banking Authority (EBA) published a discussion paper and the European Insurance and Occupational Pensions Authority launched a consultation on matters within their respective remits, including removing the commissions and fees KPI or narrowing to capital markets-related activities, replacing the trading book KPI or narrowing its scope to providing market liquidity, and the underwriting KPI of insurance/reinsurance undertakings.
The deadline for comments on all three papers is 12 August.
Topic: Sustainable Finance -
ESMA statement on publication and distribution of ESG ratings during transition period
1 July 2026
The European Securities and Markets Authority (ESMA) has issued a statement clarifying the application of transitional arrangements under the new EU authorisation regime under Regulation 2024/3005 for environmental, social and governance (ESG) rating providers. ESMA's statement seeks to clarify whether third parties publishing or distributing the ESG ratings of existing, but still unauthorised providers, may continue doing so during the period from 2 July to authorisation, so as to avoid disruption during the transition to the new regime.
To this end, ESMA confirms that:
- ESG rating providers other than small providers wishing to continue operating in the EU after 2 July must notify ESMA by 2 August of their intention to apply for authorisation or recognition and shall submit their application for authorisation or recognition by 2 November at the latest.
- Small ESG rating providers wishing to continue operating in the EU must notify ESMA by 2 November of their intention to benefit from the temporary regime for such providers.
- From 2 July, third parties may continue publishing or distributing the ESG ratings of such providers until ESMA has adopted a decision to grant or refuse the application for authorisation or recognition, or to register the notifier as a small ESG rating provider, as relevant. ESMA will publish and update at regular intervals a list of entities that have notified it of their intention to continue operating in the EU after that date.
- After 2 November, third parties cannot publish or distribute the ESG ratings of an ESG rating provider, unless that provider: (i) has submitted an application for authorisation or recognition, or has submitted a notification for registration under the temporary regime for small ESG rating providers; and (ii) is listed in the Article 14 register that will become available on the ESMA website.
This means that after 2 November, third parties publishing or distributing the ESG ratings should consult this register to determine the identities of the ESG rating providers from which they will be able to continue to publish or distribute ESG ratings.
Topic: Sustainable Finance -
UK PSR independent review of APP reimbursement policy finds reduction in payment fraud
1 July 2026
The UK Payment Systems Regulator (PSR) has announced that its authorised push payment reimbursement policy is having a positive impact, according to the findings of an independent review. The findings show that payment fraud losses have fallen by GBP73 million per year, APP scam volumes have reduced by approximately 35,000 cases, reimbursement rates have increased from 54% to 65% overall (and to 97% for in-scope claims), and firms with historically higher fraud levels have made the most significant improvements.
The PSR noted that there is no evidence of market exit or significant moral hazard, although some inconsistency in implementation remains across firms. To address this, the PSR has published a roadmap setting out its next steps. The regulator will also consult, before the end of the year, on measures to improve the application of the policy and will continue to monitor evolving fraud risks, including by publishing data on the platforms used by fraudsters to target victims.
-
UK PRA reminds firms of their reporting requirements for FSCS deposits
1 July 2026
The UK Prudential Regulation Authority (PRA) has published a new webpage reminding firms of their obligations under the Depositor Protection Part of the PRA Rulebook regarding the identification, marking and reporting of Financial Services Compensation Scheme (FSCS) protected deposits, following industry queries. The PRA highlights that, under rules 43.1(1) and (2), firms must include in their class A tariff base both covered deposits and the total balance of deposits where the account holder is not absolutely entitled or which constitute safeguarded funds, unless the firm has confirmed that such deposits are not covered deposits.Where a firm lacks sufficient information to determine eligibility, the PRA expects such deposits to be included. Amounts must be calculated consistently with the single customer view and exclusions view requirements in Chapter 12. The PRA also reminds international branches to reflect these requirements when calculating total potential FSCS liability for branch returns, noting this is a factor in its assessment of branch operations under Supervisory Statement SS5/21. Firms are expected to ensure compliance ahead of year-end reporting for 2026 and to engage with supervisors where necessary.
Topic: Consumer / Retail -
UK OFSI and HMT publish insights from call for evidence on ownership and control
30 June 2026
The UK government has published a bulletin confirming initial insights from the earlier call for evidence on the ownership and control test under UK Financial Sanctions Regulations. The call for evidence sought input on the practical operation of the test and any particular challenges in implementing the requirements.Feedback provided the UK Office of Financial Sanctions Implementation (OFSI) with a clearer picture of how often questions of hypothetical control are raised in practice. The term hypothetical control refers to the aspect of the control test which asks the person applying the test to consider whether or not the potential controller would, if they so desired, be able (directly or indirectly) to direct the controlled entity's business as they wished. There is no requirement to demonstrate actual exercise of such hypothetical control for this aspect of the test, and it is notoriously difficult to apply in practice as it is a particularly broad and subjective area.
Respondent feedback confirmed that they encountered challenges most frequently under the Russian sanctions regime and highlighted the cost and operational burden in making assessments based on limited information, requiring enhanced due diligence, legal advice, and delaying and/or escalating business decisions. Feedback also noted the limitations on the usefulness of existing tools and guidance which are not necessarily reliable in applying the test in practice.
The bulletin confirms that this area of policy remains under ongoing review, and the government will continue to consider options for providing greater clarity.
-
EBA publishes final amending POG guidelines for ESG retail banking products
30 June 2026
The European Banking Authority (EBA) has published its final amending product oversight and governance (POG) guidelines for retail banking products, having consulted on them in July 2025. The guidelines make targeted amendments clarifying how firms should address environmental, social and governance (ESG) considerations and greenwashing risks throughout the product lifecycle. The EBA considers the update necessary in light of its June 2024 greenwashing report, which identified growing risks across the financial sector, and to align with recent amendments to the Capital Requirements Directive (CRD) and Capital Requirements Regulation (CRR) on ESG risk management.
Following feedback, the EBA clarifies various provisions and adjusts some of the wording proposed in the consultation, making ESG and greenwashing considerations more explicit within the current requirements where products are offered and sold to consumers. The guidelines adjust only a limited number of existing requirements, relating to the subject matter, the manufacturer's internal control functions, the target market, distribution channels, information for distributors, and information and support for the manufacturer's arrangements.
The EBA also makes consequential updates to reflect wider regulatory developments, including revisions to its Founding Regulation, the internal governance guidelines under the CRD and the sound management of third-party risk regarding non-information communication technology services.
The guidelines are expected to be published in all EU official languages this year and will apply from 11 January 2027. Competent authorities must report whether they comply with the guidelines within two months of the publication of the translations.
-
UK FCA confirms final rules for new UK crypto regime
30 June 2026
The UK Financial Conduct Authority (FCA) has published a package confirming the final policy position for the main aspects of the new UK cryptoasset regime which is coming into effect on 25 October 2027. The rules build on a new licensing regime introduced by the Financial Services and Markets Act 2000 (Cryptoassets) Regulations 2026, which extend the regulatory perimeter to include the activities of issuing qualifying stablecoins, safeguarding cryptoassets, operating a qualifying cryptoasset trading platform, dealing (and arranging deals) in qualifying cryptoassets, and staking.The package includes five final policy statements and three sets of finalised guidance:
- PS26/9: Admissions & Disclosures and Market Abuse Regime for Cryptoassets.
- PS26/10: Stablecoin Issuance.
- PS26/11: Regulated Cryptoasset Activities.
- PS26/12: Prudential Regime for Cryptoasset Firms, including additional consultations on related guidance on COREPRU and CRYPTOPRU rules.
- PS26/13: Application of the FCA Handbook to Cryptoasset Activities.
- FG26/5: Application of the Consumer Duty to cryptoasset firms.
- FG26/6: Cryptoasset operational resilience.
- FG26/7: Approach to international cryptoasset firms.
For more information on this week's developments, you may wish to read our blog post titled "Final rules for new UK crypto regime".
Topic: FinTech -
UK DRCF call for input on consumer interest and AI
30 June 2026
The Digital Regulation Cooperation Forum (DRCF) has published a call for input under its "consumer interest and AI" project, project, seeking views on consumer attitudes to, and the management of risks arising from, generative and agentic AI. The call for input is structured in two phases. The first phase focuses on consumer attitudes to the risks associated with generative and agentic AI adoption, including what risks consumers feel they may be exposed to, and to what extent they are, and are not, prepared to tolerate risks in exchange for benefits of AI adoption. The deadline for responses on the first phase is 3 July. The second phase focuses on the tools, governance frameworks and regulatory approaches available to policymakers, regulators and firms to mitigate AI-related harms and deliver effective consumer protection. The deadline for responses on the second phase is 2 September. The DRCF states that responses will inform its ongoing policy work and broader engagement, including future workshops and its Responsible AI Forum, with a view to shaping the debate on proportionate, outcomes-focused regulation of AI across sectors. It does not plan to provide advice or guidance. -
BoE and UK FCA set out approach to joint regulation of systemic stablecoin issuers
30 June 2026
The Bank of England (BoE) and the UK Financial Conduct Authority (FCA) have published their joint approach document on the regulation of systemic stablecoin issuers. Under the regime, the FCA will regulate all UK-issued qualifying stablecoins and, in future, their use in payments. However, HM Treasury (HMT) may bring a stablecoin issuer within the joint regulatory framework of the BoE and the FCA by recognising the issuer as systemic. The consultation builds on the BoE's recent proposals in its June publication and the FCA's final stablecoin issuance rules in PS26/10.
For jointly regulated systemic stablecoin issuers, the regulators are splitting supervisory responsibilities across three key areas:
- Areas where the FCA is the lead authority, and where the FCA rules apply—examples include the consumer duty, conduct and the market abuse regime.
- Areas of overlapping responsibility, where both the FCA rules and the BoE's code of practice (which is currently still in draft) apply—examples include operational resilience, record keeping, and issuance, legal claim and redemption.
- Areas where the BoE is the lead authority, and where the BoE's code of practice applies—examples include backing assets, capital and reserve requirements, safeguarding, and failure arrangements. In the case of overlapping responsibilities, the regulators expect to be able to manage these with tools they have experience using, including coordination of supervision and escalation mechanisms.
-
UK Digital Securities Sandbox: Specific stablecoins may be used as settlement assets
30 June 2026
The Bank of England (BoE) has updated the Digital Securities Sandbox Dashboard to confirm that, going forward, certain stablecoins can be acceptable settlement assets. The change in scope will allow digital securities depositories to settle the cash leg of transactions using approved stablecoins issued in the UK or overseas.UK-issued stablecoins pegged to any currency will be permitted, as long as: (i) before 25 October 2027, the issuer will have to have demonstrated that they will be able to comply with the incoming requirements for UK issuers of qualifying stablecoins and are registered with the UK Financial Conduct Authority (FCA) for the purposes of the money laundering regime; or (ii) after 25 October 2027, the issuer will need to be authorised to issue a qualifying stablecoin. Overseas issued stablecoins will also be permitted if they are pegged to a non-GBP currency.
To be used as settlement assets in the sandbox, the stablecoins will need to meet minimum requirements which mirror the criteria used for stablecoins in the FCA's regime for UK-issued qualifying stablecoins. The minimum requirements relate to:
- Universal rights of redemption for all holders.
- Backing assets comprised of those required for UK issuers by the FCA's final rules and subject to appropriate risk management in relation to composition and redemption.
-
AMLA advisory note on ML/TF risks as the MiCAR transitional period ends
29 June 2026
The EU Anti-Money Laundering Authority (AMLA) has issued an advisory note highlighting money laundering and terrorist financing (ML/TF) risks associated with the end of the transitional period under the Markets in Crypto-Assets Regulation (MiCAR). After 1 July, firms must be authorised as MiCAR-compliant crypto-asset service providers (CASPs) to continue providing crypto-asset services in the EU. The note outlines ML/TF risks arising from the end of the transitional period and identifies measures that can be taken by the crypto-asset sector, anti-money laundering and counter-terrorist financing supervisors, and financial intelligence units to ensure a coordinated and risk-based response that protects the integrity of the EU financial system. The note includes a table setting out the relevant risks and the corresponding suggested mitigation measures.
-
EBA publishes roadmap on the delivery of its mandates under DGSD3
29 June 2026
The European Banking Authority (EBA) has published a roadmap setting out how it will deliver its mandates under the revised EU Deposit Guarantee Schemes Directive 2026/804 (DGSD3). The reforms are part of a package seeking to strengthen the EU bank crisis management framework by opening the possibility to use DGS funds in resolution. The EBA will develop 12 regulatory products over the next three years, structured in phased batches, to support implementation of DGSD3 ahead of its application in May 2028. These relate to matters such as:- Improving depositor information.
- Ensuring faster repayment in both domestic and cross border bank failures.
- The calculation of DGS funds and contributions, and the process to reach the target level.
- Conditions when the cap on contributions of DGS funds to resolution can be lifted.
- Enhancing cooperation between national deposit guarantee schemes and authorities.
- Strengthening stress testing frameworks to ensure crisis preparedness.
- Conditions for the use of DGS in preventative measures.
-
UK FCA consults on scope and proportionality of the consumer duty
29 June 2026
The UK Financial Conduct Authority (FCA) has published consultation paper CP26/23 on the changes to the scope and proportionality of the consumer duty. This follows recent developments in response to calls for clarity on the application of the duty in the context of wholesale markets and complex distribution chains, and the FCA's commitment to address these concerns. For further background on this, you may be interested in our webinar titled "Ahead of the Curve: Consumer duty" is the future brighter for wholesale firms?.The proposals relate to the FCA rules and guidance, including non-handbook guidance. The key proposed changes are as follows:
- Application of the duty limited to retail market business with UK customers. This would amend the current approach where the duty is applied in accordance with sector-specific conduct rules, meaning that if those sector-specific conduct rules apply to cross-border services, so does the duty. The proposal seeks to reduce complexity and cost in potentially applying overlapping regimes for cross-border activity. Note, however, that certain exclusions apply, for example in relation to Crown servants living overseas, pre-paid UK funeral plans and regulated or ancillary activities for UK pensions.
- Clearer delineation of six key concepts which are used by firms to work out how the duty is meant to apply, those concepts being: (i) retail market business; (ii) relevant exclusions depending on the nature of the business; (iii) product definition; (iv) distribution chain; (v) specific disapplication depending on the firm's role; and (vi) material influence.
Topic: Consumer / Retail
The following posts provide a snapshot of selected UK, EU and global financial regulatory developments of interest to banks, investment firms, broker-dealers, market infrastructures, asset managers and corporates.
