The European Commission (EC) has adopted a Delegated Regulation proposing targeted amendments to the EU prudential framework for banks' market risk, specifically the Fundamental Review of the Trading Book (FRTB) under the Capital Requirements Regulation (CRR). While most Basel III reforms have applied since 1 January 2025, the FRTB has been deferred on several occasions, most recently to 1 January 2027 in response to uncertainty around implementation timelines and potential deviations from the Basel standards in other major jurisdictions. The Delegated Regulation sets out amendments to support a level playing field for EU banks competing internationally in trading activities by offsetting the negative capital impact of the FRTB for a period of three years. It reflects feedback from the November 2025 consultation and the most recent April consultation, as well as input from member state experts. The Delegated Regulation will now be reviewed by the European Parliament and the Council of the EU, with a three-month scrutiny period (extendable by a further three months). If no objection is raised, the measures will enter into application on 1 January 2027, for a period of three years. The EC has published Q&As alongside the adopted Delegated Regulation.

The Cross Market Operational Resilience Group (CMORG) has published guidance on frontier AI and cyber resilience for financial institutions. The guidance highlights that advanced AI systems are accelerating the speed, scale and sophistication of cyber-attacks, significantly compressing the time between vulnerability discovery and exploitation. This creates an immediate challenge for firms to adapt now to maintain resilience.

CMORG indicates that remediation timelines may need to compress from weeks to days, and in some cases hours, requiring firms to operate with greater urgency, coordination and discipline. Financial institutions are advised to place stronger emphasis on rapid patch deployment, balanced against potential impacts such as service availability. An effective response will also require coordinated action across governance and leadership, operating models, technology architecture, detection and response capabilities, and the management of supply chain and ecosystem risk.

Given the pace of development in frontier AI, this guidance is expected to evolve over time. It is intended to provide a practical and actionable baseline for firms to assess their current capabilities and accelerate their response.

The Financial Services and Markets Act 2023 (FSMA 2023) (Commencement No. 14) Regulations 2026 have been made and published. The Regulations use powers under FSMA 2023 to revoke assimilated law relating to short selling in anticipation of the new UK regime coming into force on 13 July under the Short Selling Regulations 2025 and the FCA rules published in April.

The Regulations will revoke on 13 July:

• Regulation (EU) No 236/2012 of the European Parliament and of the Council of 14 March 2012 on short selling and certain aspects of credit default swaps ("the Short Selling Regulation").
• The Financial Services and Markets Act 2000 (Short Selling) Regulations 2012.
• Instruments made under the Short Selling Regulation, as assimilated into UK law.
• The Short Selling (Notification Thresholds) Regulations 2021.
• The Short Selling (Notification Threshold) Regulations 2023.

Commission Delegated Regulation (EU) 2026/440 amending Delegated Regulation (EU) 2015/63 on ex ante contributions to resolution financing arrangements, was published in the Official Journal of the European Union (OJ). It amends the framework to align with recent changes to the Bank Recovery and Resolution Directive (BRRD), the Investment Firms Regulation (IFR) and the Investment Firms Directive (IFD) and to reduce administrative burden and improve proportionality The amendments include:

• Updates to the definition of "investment firms" and "competent authority".
• A simplified contribution methodology for certain Class 2 investment firms (with an option to apply risk‑adjusted calculations where this results in a lower contribution).
• Removal of the risk indicator based on own funds and eligible liabilities held in excess of the minimum requirement for own funds and eligible liabilities (MREL).
• Removal of the denominator from the interbank loans and deposits indicator.
• A limitation period for requesting restatements and revisions of data submitted to resolution authorities.

Read more.

The EU Authority for Anti-Money Laundering and Countering the Financing of Terrorism (AMLA) has launched a consultation on draft guidelines on ongoing monitoring of business relationships under Article 26(5) of Regulation 2024/1624. The guidelines aim to ensure a proportionate, risk based and effective application of monitoring obligations across all obliged entities and set out key principles including:

• Expectations for updating customer information through periodic and event driven reviews.
• The sources of information that may be used alongside non exhaustive lists of factors to assess during periodic customer information reviews and event trigger reviews.
• How monitoring frameworks should be designed and implemented to detect unusual or suspicious activity, using appropriate manual or automated controls.

They further reflect the need for clear governance, adequate documentation, appropriate staff training, and the responsible use of advanced analytical tools, supported by effective human oversight, where appropriate. The deadline for comments is 3 September, with a public hearing scheduled for 2 July. Final guidelines are expected in Q4.

The European Supervisory Authorities (the European Banking Authority, the European Insurance and Occupational Pensions Authority and the European Securities and Markets Authority) have published their first annual report on major ICT-related incidents under the Digital Operational Resilience Act (DORA). The report covers 2025 and records 3,383 major incidents across all financial sectors. The ESAs emphasise that this figure does not indicate structural weakness as the direct impact on clients and transactions was generally limited.

The report also highlights that ICT risks are increasingly borderless, with around one third of incidents having a cross-border impact. System failures and external events were the main drivers. Nearly one third of incidents originated from third-party failures, with the ESAs highlighting the critical role of outsourced services and the need for robust third-party risk management and oversight. By contrast, the relatively low number of cybersecurity-related incidents suggested that existing safeguards and detection mechanisms were broadly effective. While the sector has demonstrated resilience to ICT-related threats, the ESAs stress that firms must maintain high cybersecurity standards, particularly to keep pace with the potential use of highly capable AI-driven tools.

The House of Lords (Financial Services Regulation) Committee has published a report following its inquiry into the growth and proposed regulation of stablecoins in the UK. Among other things, the report examines the Bank of England (BoE) and UK Financial Conduct Authority's (FCA) proposed regulatory regimes for systemic and non systemic stablecoins and assesses whether they are measured and proportionate. The Committee finds that the UK is lagging behind the U.S. and EU in developing its regulatory framework and urges regulators to adhere to existing timelines to avoid delay.

While broadly supportive of the proposals, the report highlights aspects which require re-consideration. It notes there are several elements which diverge from international approaches, particularly proposals relating to unremunerated backing assets requirements, the stablecoin holding limits and the restrictions on commercial bank issuance. The report calls for: further BoE analysis on the impact of holding limits on high-value cases; greater clarity from HM Treasury (HMT) on how it will determine whether stablecoins are systemic; and re-consideration by the FCA of the proposed k-factor requirement for stablecoin issuers. It also notes HMT's intention to bring stablecoins into the payments regulatory perimeter but highlights the lack of detail on scope.

The Committee further calls on HMT and the UK regulators to assess whether existing legal frameworks adequately address risks from unhosted and unregulated wallets, and to be prepared to legislate where necessary. It urges the government and UK regulators to consider its recommendations on how the proposed regulations may need to be re-adjusted to bring certainty and confidence.

The European Securities and Markets Authority (ESMA) has published a letter addressed to the European Commission (EC) de-prioritising certain 2026 deliverables under its annual work programme. Due to the increased workload arising from the market integration and supervision package (MISP) proposal and the broader political focus towards simplification and burden reduction, ESMA confirms that a small number of planned policy deliverables (set out in Table A of Annex I in the work programme) may become obsolete or altered depending on the final outcome of the legislative negotiations of the MISP package. To avoid duplication or inconsistency, ESMA has also decided to postpone related consultations until after the package is adopted. For more information on MISP and its potential implications for market participants, you may wish to watch our webinar.

Read more.

UK Payments Initiative Ltd (UKPI) has announced the launch of a new industry-led payment scheme designed to support scalable account‑to‑account payments using open banking. The scheme supports the ambitions set out in the UK government's National Payments Vision. It introduces a framework for variable recurring payments, enabling consumers to authorise recurring or flexible payments directly from their bank accounts without sharing card details or relying on traditional direct debit, within their own agreed limits. This gives consumers greater control over who can collect money, how much can be taken and how long that permission lasts.

The UKPI scheme establishes a common rulebook, commercial model and operational standards, developed collaboratively by UK banks and fintech firms. Initially, the payments will be available for use cases such as payments to government, utilities, charities and financial services. The framework incorporates consumer protection measures, including safeguards and dispute processes to support trust across participants. The rulebook has been finalised and the scheme is now moving into market rollout following successful live proving. The UK Financial Conduct Authority published a statement on the same day signalling its support for the UKPI's launch.

The Basel Committee on Banking Supervision (BCBS) has published a report outlining observed practices in banks' information and communication technology (ICT) risk. The report aims to compare regulatory, supervisory and industry practices across jurisdictions relevant to addressing non-malicious ICT incidents in global systemically important banks, domestic systemically important banks and other banks of interest (e.g., digital-only banks) that affect the delivery of critical operations. It complements the BCBS's earlier cyber resilience work.

Drawing on a survey of 16 jurisdictions and industry engagement, the BCBS identifies key findings, including that non malicious ICT incidents have varied across jurisdictions in recent years and are most driven by change control gaps, weaknesses in system design, capacity and performance issues, and failures linked to external dependencies. The report highlights core practices adopted by banks relating to governance, business continuity, change management, technology solutions and third-party risk management. It is intended to serve as a reference point for firms and supervisors in strengthening their ICT risk management practices for their specific circumstances. The BCBS will continue to monitor developments related to the digitalisation of finance and financial technology from a prudential perspective, including developments in AI models and the implications for banks' cybersecurity.

The Commission Delegated Directive (EU) 2026/374 amending Delegated Directive (EU) 2017/593 under the Markets in Financial Instruments Directive (MiFID II) has been published in the Official Journal of the European Union (OJ). The Directive updates the rules on the provision of third-party execution and research services to investment firms that provide portfolio management or other investment or ancillary services. The amendments reflect changes introduced by Directive (EU) 2024/2811, allowing investment firms greater flexibility to pay for research and execution services either jointly or separately.

The Delegated Directive introduces enhanced requirements where firms operate research payment accounts, including obligations on budgeting, controls, and audit trails, and reinforces that research charges must be based on a pre-set budget and not linked to transaction volumes. It also imposes a strengthened obligation on firms to assess the quality, value and usability of third-party research on at least an annual basis against robust criteria, and to take remedial action where deficiencies are identified. The Directive will enter into force on 22 June, being the 20th day following publication in the OJ. Member states must transpose the Directive by 5 June, with application from 6 June.

The UK Financial Conduct Authority (FCA) has published Q&A responses from its 2026 webinar on the UK anti money laundering (AML) framework for cryptoasset firms. They clarify how the current Money Laundering Regulations 2017 (MLRs) will operate alongside the forthcoming cryptoasset regime under the Financial Services and Markets Act 2000 (Cryptoassets Regulations) 2026, which commences on 25 October 2027. Topics addressed include:

• Applications under the Financial Services and Markets Act 2000 (FSMA) regime.
• MLR registration will remain the route for firms providing in scope cryptoasset services until the new regime commences, but firms will need to obtain FSMA authorisation to continue operating under the new regime, with no automatic conversion. Current FSMA authorised firms must apply to vary their permissions if they wish to undertake the new cryptoasset regulated activities when the regime commences. Applications for the new regime will open on 30 September until 28 February 2027. Firms should consider the impact of when they submit their application. Firms are encouraged to prioritise securing FSMA authorisation over MLR-registration (with more guidance set out in an earlier webpage) and undertake early gap analyses against threshold conditions and proposed rules.

Read more.

The International Organization of Securities Commissions (IOSCO) has published its final report on valuing collective investment schemes (CIS), following the November 2025 consultation. The report updates and consolidates IOSCO's earlier principles on the valuation of CIS (2013) and the valuation of hedge fund portfolios (2007) into a single set of recommendations to enhance the reliability, consistency and transparency of fund valuation practices across jurisdictions. Specifically, the report reflects feedback from market participants, recent market developments including the increased exposure to illiquid and private assets and heightened retail participation, and periods of market stress and volatility.

The recommendations focus on: (i) governance and oversight arrangements (including under stressed market conditions); (ii) management of conflicts of interest; (iii) the application of sound and consistently applied valuation methodologies; (iv) appropriate use and oversight of third party valuation providers, and (v) transparency, disclosure and record keeping. These are set out in more detail in chapter 3 of the report. IOSCO states the recommendations are intended to be proportionate and adaptable across jurisdictions while promoting a more harmonised and globally consistent valuation framework.

The UK Joint Money Laundering Steering Group (JMLSG) has published a consultation on proposed amendments to Part I of its anti-money laundering and counter-terrorist financing (AML/CFT) guidance for the financial services sector. It reflects changes introduced by the draft Money Laundering and Terrorist Financing (Amendment) Regulations 2026 (as laid and not yet made) including:

• Clarification of the term "unusually" in paragraph 2.9.
• Introduction of a bank insolvency exception in paragraph 5.2.4A.
• Updates relating to pooled client accounts in paragraph 5.3.142 and Annex 5 V.
• Amendments concerning due diligence and verification of authority where a person acts on behalf of others in paragraphs 5.3.94A and 5.3.99.

The deadline for comments is 29 June.

The European Securities and Markets Authority (ESMA) has published its annual report on the quality and use of data in 2025. This sixth edition expands the scope of coverage to include prospectus reporting, credit rating agency reporting, central counterparty supervisory reporting, crowdfunding reporting, major ICT-related incident reporting under the Digital Operational Resilience Act (DORA), reference data under the Markets in Financial Instruments Regulation (MiFIR) and ESMA registers.

The report shows continued progress in improving the quality, usability and supervisory application of regulatory data across EU financial markets. However, the report also highlights differing levels of maturity across datasets. Reporting under the European Market Infrastructure Regulation (EMIR) reached a steady state, with stable reporting rules and reconciliation requirements during 2025. MiFIR transaction reporting showed similar progress, with targeted data quality measures supporting more systematic supervisory use. As a result, transparency indicators are now calculated using MiFIR transaction data. Other regimes, notably the Securities Financing Transactions Regulation (SFTR) and the Alternative Investment Fund Managers Directive (AIFMD) also showed positive developments but require further improvements in data quality and usability. For less mature datasets, the report presents first indicative measures of quality and use.

Looking ahead, ESMA, together with national competent authorities, will continue to further support sustained improvements in the quality of regulatory data with next steps set out in Chapter 5 of the report.

The UK Financial Conduct Authority (FCA) has published Handbook Notice 141, outlining amendments to the FCA Handbook resulting from the following statutory instruments:

• Collective Investment Schemes (Use of Distributed Ledger Technology in Authorised Funds) Instrument 2026 and Collective Investment Schemes (Direct Dealing) Instrument 2026, which entered into force on 30 April. These reflect Handbook changes following PS26/7 on progressing fund tokenisation.
• Consumer Credit (Regulatory Reporting) (Amendment) Instrument 2026, which entered into force on 29 May. This makes minor amendments in SYSC 1.5.3R and SUP 16.
• Supervision Manual (Amendment) Instrument 2026, which entered into force on 1 June and introduces a new annual retail banking business model regulatory return, replacing the previous series of ad hoc data collections. 

Read more.

The UK Financial Conduct Authority (FCA) has published policy statement PS26/8 confirming final rules introducing a new annual regulatory return, replacing previous ad hoc retail banking business models (R2B2) data collections. The return will apply to banks and building societies meeting specified thresholds, including providing services to UK retail customers, reporting at least 200,000 UK customer relationships and having revenues of GBP5 million or more.

The reporting framework comprises two elements: (i) a core financial data request covering key product segments (including mortgages, personal banking and lending, and business banking), wholesale funding, and firm level financial metrics; and (ii) an "off the shelf" document request requiring readily available business documents, such as business plans and management reporting.

Following feedback to the January consultation, the FCA has made targeted amendments to the rules and the R2B2 template to streamline requirements, clarify definitions and group reporting rules, and reduce operational burden. Firms must submit the return annually in line with their accounting periods, with the first submission due by the end of November. The FCA will review the data annually to ensure it is of high quality and will review the collection after five years. The Supervision Manual (Amendment) Instrument 2026, which will make the relevant Handbook changes, comes into force on 1 June.

The UK Prudential Regulation Authority (PRA) has published a policy statement (PS15/26) on phase 1 of its Pillar 2A review. The policy statement provides feedback on the PRA's previous May 2025 consultation paper (CP12/25). In addition, having considered the responses to CP12/25, the PRA has made changes to the draft policy materials to provide greater detail and increase clarity where relevant, including:

• Excluding exposure to SMEs from the systematic methodology for unconditionally cancellable commitments in the retail exposure class.
• Removing exposures secured by collateral recognised through the Financial Collateral Simple Method (FCSM) from the scope of the systematic methodology.
• Providing greater flexibility in how firms are expected to assess their idiosyncratic credit risks, compared to the consultation proposal to introduce expectations for firms to use credit scenarios.
• Clarificatory updates to improve transparency and guidance for all firms, and changes to the small domestic deposit takers (SDDT) policy materials to align the operational risk Pillar 2A methodology for SDDTs and non-SDDTs.

Read more.

The European Commission (EC) has adopted a Delegated Regulation regarding regulatory technical standards (RTS) specifying operational risk requirements under the Capital Requirements Regulation (CRR), as amended by the CRR3. The Delegated Regulation is based on draft RTS submitted by the European Banking Authority (EBA) and specifies key aspects of the operational risk framework. The RTS, amongst others:

• Business indicator components—specify the components of the business indicator by setting out a list of items and the elements to be excluded from the business indicator.
• Mergers, acquisitions and disposals—set out how institutions are to determine adjustments to the business indicator and their loss data set following mergers, acquisitions and disposals. In the case of disposals, they specify the conditions under which competent authorities may grant permission to exclude amounts related to disposed entities or activities from the business indicator, and the timing of such adjustments.

Read more.

The UK Financial Conduct Authority (FCA) has set out guidance in a new report on compliance with the UK sanctions regimes. The FCA acknowledges that the rules on sanctions have become more complicated since February 2022.

The FCA expects firms to understand when they could be engaging in activities which are at risk of causing sanctions breaches, for example:

• Transferring funds out of accounts shortly after an individual or entity is sanctioned.
• Accessing financial services or economic resources through complex ownership chains, relatives, or close associates.
• Using third parties, intermediaries, or correspondent banks to obscure connections to a sanctioned person.
• Routing funds through cryptoasset or e-money wallets to conceal links to designated persons.
• Conducting cash withdrawals for onward movement to high-risk jurisdictions.
• Mis-declaring the nature or end use of goods in trade transactions.
• Providing falsified or incomplete trade documentation.

Read more.

The UK prudential regulation authority (PRA) has published a policy statement providing feedback on the PRA's July 2025 consultation paper CP19/25 on the restatement of UK Capital Requirements Regulation (CRR) definitions in the PRA Rulebook, along with its final policy. Following respondent feedback, the PRA is making the following changes to the draft policy it consulted on:

• Consistent italicisation of embedded CRR terms in the PRA Rulebook Glossary definitions and cross-references to legislative definitions throughout.
• Change to the "branch" definition in the PRA Rulebook Glossary to better align its wording with the CRR definition.
• Additional wording in Article 229(3) of the Credit Risk Mitigation (CRR) Part to specify the meaning of "market value" in that context.
• Change to the "recognised exchange" definition to reflect the policy position confirmed in PS6/26—Recognised exchanges policy and transfer of main indices.

Read more.

The UK Financial Conduct Authority (FCA) has updated its webpage on quality controls in the benchmarks sector, which is relevant to benchmark administrators, price reporting agencies and data suppliers. The update sets out the FCA's findings following a multi-firm review of the quality of calculation controls, looking in particular at error identification, classification, prioritisation and notification. The FCA identified two distinct approaches taken by firms: first, a quantitative approach led by data; and second, a qualitative approach which was judgement-led. Quantitative approaches are more easily applied consistently, although the FCA noted that they needed frequent recalibration and there may be data gaps. Qualitative approaches are less consistent but can allow for judgement to be applied, which may reduce data gaps.

The FCA has also noted that well-designed management information, i.e., details of how errors were identified and root cause insights, could help identify where there may be recurring weaknesses. However, there are limitations with such record-keeping, which makes it hard for firms to demonstrate that their control and governance arrangements are effective. The FCA also commented that conflicts of interest policies and registers needed to be fully considered and put into practice to be effective in the context of error handling.

The FCA will carry out further work in 2026 on other risks set out in its portfolio letter, including corporate governance. Firms should take note of the FCA's findings and address any weaknesses identified.

The UK Financial Conduct Authority (FCA) has published a press release highlighting that some firms, when approving financial promotions, should be doing more to protect consumers in line with the consumer duty. The FCA carried out a review that assessed ten authorised firms that approve financial promotions for businesses which are not authorised by the FCA, looking at firms who were approving financial promotions for buy-now, pay-later (also now referred to as deferred payment credit), crowdfunding and corporate finance firms. The new rules on authorised firms approving promotions for unauthorised firms came into force on 7 February 2024. The FCA's review focussed on sampling promotions that had been approved since the firm was authorised.

The FCA found that the strongest firms were applying the consumer duty from the start of their processes and were able to make sure that every promotion approved was accurate, clear and reached the right audience. However, some firms approved adverts with unsubstantiated claims or allowed retail investors to see promotions intended for professional clients. In some cases, firms relied on third-party templates instead of doing the checks themselves. As a result of the FCA's work, one firm has already had to conduct a remediation exercise, and some websites have been blocked to retail customers. The FCA will continue to monitor compliance and hold firms to account if they fall short.

The European Commission (EC) has adopted a Delegated Regulation supplementing Regulation (EU) 2024/3005 (ESG Rating Regulation) with regard to regulatory technical standards (RTS) specifying the information to be included in the application for authorisation as an ESG rating provider and in the application for recognition of an ESG rating provider. Before supervision of ESG rating providers can take place, ESMA must first authorise an applicant in accordance with the processes set out in Articles 6 to 8 of the ESG Rating Regulation or recognise an applicant in accordance with Article 12 of the ESG Rating Regulation. In October 2025, ESMA published a final report on the technical standards on the transparency and integrity of ESG rating activities which included final draft RTS on authorisation and recognition.

This Delegated Regulation sets out in Annex II the information that needs to be included in an application for authorisation or recognition to operate as an ESG rating provider in the EU, including information on:

• General and contact person details.
• Ownership structure, activities and senior management.
• Procedures and methodologies of ESG ratings.
• Policies and procedures to identify conflicts of interest.
• Outsourcing arrangements.
• Previous ESG ratings.

Annex III of the Delegated Regulation also sets out specific, additional information which must be provided in an application for recognition of ESG rating providers established outside the EU. The Delegated Regulation is due to apply from 2 July.

The European Securities and Markets Authority (ESMA) has published a consultation paper on amendments to its guidelines on standardised procedures and messaging protocols used between investment firms and their professional clients under Article 6(2) of the Central Securities Depositories Regulation (CSDR). This forms part of ESMA's work to support market participants in preparing for the transition to a T+1 settlement cycle. ESMA is proposing to amend the guidelines in light of the proposed amendments to Articles 2 and 3 of Commission Delegated Regulation (EU) 2018/1229 (RTS on Settlement Discipline), as set out in its final report on the RTS on Settlement Discipline published in October 2025. The updates aim to make post-trade communication faster, clearer and more consistent across the EU. In addition, ESMA is proposing to clarify the discretion available to investment firms and professional clients when documenting their contractual arrangements and is seeking stakeholders' views on potential amendments to the existing guidelines that could support its objective of simplification and reducing regulatory burden.

Key changes to the guidelines include:

• Reflecting the mandatory use of electronic, standardised communication channels and international messaging standards.
• Removing references to non-electronic and non-machine-readable communication methods, such as oral allocations and confirmations, except in cases of temporary technical disruptions.

Read more.

The European Commission (EC) has published a report on its assessment of the markets for commodity derivatives, emission allowances and derivatives of emission allowances under Article 90(5) of the MiFID II Directive, as amended by MiFID III. The report is addressed to the European Parliament and the Council of the EU. Input was provided by the European Securities and Markets Authority (ESMA) and the Agency for the Cooperation of Energy Regulators (ACER). The European Banking Authority (EBA) did not provide input as they informed the EC that this would require a more in-depth analysis.

The report found that stakeholders' responses and the EC's assessments did not point to an urgent need to make substantive changes to the relevant commodity derivatives framework. However, targeted amendments could be considered in the future. The findings from the report include:

• Data-sharing and reporting—the EC acknowledges that the current reporting framework for commodity derivatives is complex. Under a gradual approach, short-term measures to facilitate data-sharing between authorities and improve the interoperability of data sets could be explored. This could include the institutionalisation of data exchanges between financial and energy regulators, with systematic access granted to respective supervisory data, eliminating the need for ad hoc access requests. The EC could also explore the adoption of unique identifier formats for transactions reported under both financial and energy frameworks.

Read more.

The International Organization of Securities Commissions (IOSCO) has published its final report on a Supervisory Toolkit for AI Use in Capital Markets. The report is based on IOSCO's previous work, and provides supervisors with a practical, multi-phased approach to monitoring ongoing advancements in AI, the concentration and dependency on AI service providers, and AI's expanding range of applications and risks in capital markets. The report is designed to complement, not replace, national frameworks, and to offer a common foundation for supervisory dialogue between authorities and firms.

The report sets out three complementary layers to support supervisory oversight:

• Areas of supervisory consideration: the first layer outlines areas of supervisory consideration, building on the work conducted for previous IOSCO reports on AI.
• Tools for supervisory oversight of key areas: the second layer provides supervisors with more detailed tools to support evaluation across four areas of focus: (i) governance and risk management; (ii) third-party and outsourcing risk management; (iii) disclosure; and (iv) recordkeeping and reporting. It also includes practical examples of questions that supervisory authorities may find helpful when planning examinations of supervised firms' AI use.
• Indicators and data sources: the third layer provides supervisors with suggested indicators for monitoring AI adoption and use, alongside a range of engagement methods to gather relevant information.

Read more.

The UK Financial Conduct Authority (FCA) has published a report setting out findings from its transition finance pilot exercise on barriers to scaling finance for UK climate solutions. The FCA focused on UK-led climate solutions and drew on extensive engagement with capital providers and climate solutions companies at different stages of maturity. The FCA found no material regulatory barriers but identified three system level challenges: (i) many climate solutions struggle to reach sufficient commercial maturity to attract private capital; (ii) capital is not always well matched to opportunities, despite strong appetite, owing to misalignment in the scale, tenor or risk-return profile of climate solution opportunities; and (iii) information and capacity gaps across the market create frictions, increasing costs and reducing confidence, particularly for small and medium-sized enterprises (SMEs). These barriers can be addressed through coordinated action across government, public finance institutions and market participants. The FCA also sets out key takeaways separately for climate solutions companies, capital providers and insurers, alongside supporting resources to guide next steps.

The FCA confirmed that it will use the findings to inform policy development and market coordination, and to continue its broader work on sustainable finance and SME access.

The International Organization of Securities Commissions (IOSCO) has published a consultation report on regulatory considerations and good practices on the evolution of market liquidity during the trading day for equity markets. The consultation highlights a growing concentration of trading activity at market close, driven by technological developments and trading strategies, noting that while deeper closing auctions may enhance price discovery, they may also pose risks. IOSCO therefore proposes a set of good practices aimed at supporting fair, orderly and resilient markets. This is based on the analysis of how liquidity is distributed throughout the trading day, the implications of evolving liquidity patterns and auction designs, and the effectiveness of existing regulatory and supervisory approaches. The deadline for feedback is 21 August.

In parallel, IOSCO has published a report on extended trading hours for equity markets. This report looks at how extended trading works across IOSCO jurisdictions and its benefits and risks. It finds that trading outside normal hours varies between jurisdictions and is mainly retail-driven, with limited institutional involvement. Where it exists, it is usually introduced by trading venues in response to demand. However, this is characterised by lower liquidity, wider bid-ask spreads, and different execution conditions compared to regular hours. Based on the findings, IOSCO emphasises the importance of continued monitoring and information-sharing to ensure that market integrity, operational resilience and investor protection remain central as trading practices evolve. While the report focuses on equity markets, IOSCO may explore related areas (such as asset management, valuations, risk management or derivatives) in the future.

The UK Payment Systems Regulator (PSR) has published its consultation paper CP26/1 on proposals to require specific card schemes to report UK financial performance. The proposals stem from one of four remedies identified as possible ways to address the findings of the market review of card scheme and processing fees, which were published last year. Proposals in relation to two of the other remedies (the information, transparency and complexity remedy and the price governance remedy) have already been taken forward, while the fourth remedy is not being pursued. This consultation paper sets out the proposals to introduce the regulatory financial reporting remedy (which relates to publishing scheme information).

Read more.

The European Commission has adopted a Delegated Regulation setting out regulatory technical standards (RTS) establishing an EU code of conduct for issuer-sponsored research under the Markets in Financial Instruments Directive (MiFID II). This follows the European Securities and Markets Authority's final report on the code of conduct, which was published with final draft RTS in October 2025. The code of conduct is provided for by measures introduced by the EU Listing Act Directive, which amend MiFID II, with the aim of increasing the use of issuer-sponsored research.

The RTS require investment firms to obtain information from research providers so that they can assess whether research should be labelled as "issuer-sponsored research", which is produced in compliance with the EU code of conduct which is set out in the RTS annex. As a reminder, research providers must comply with the code if they intend their research product to be labelled as "issuer-sponsored" research rather than a marketing communication.

The RTS shall enter into force on the third day following its publication in the Official Journal of the European Union (OJ). This differs from the timing set out in the final draft RTS, which provided that the RTS would enter into force on the 20th day following publication in the OJ and would apply from 6 June.

The UK Financial Conduct Authority (FCA) has published consultation paper CP26/16, proposing amendments to the regime governing the registration of authorised fund assets. A key driver of the consultation is enabling access to private market investments for funds. Currently, the regulatory rules restrict depositaries' ability to delegate certain registration and safekeeping functions in relation to certain types of private market assets. This means that depositaries (or their controlled nominees) are required to hold legal title to certain types of assets, which may expose them to legal, reputational and financial risk. Consequently, authorised alternative investment funds may be limited as to their ability to invest in such assets where depositaries are unwilling to take on these risks. This set of proposals relates to AIFs rather than UK undertakings for collective investment in transferable securities (UCITS), as UCITS funds are not impacted in the same way as AIFs.

The FCA proposes to ease these restrictions in relation to the registration function, so that depositaries are able to delegate the functions subject to certain conditions. Specifically, the FCA is proposing to allow depositaries of authorised AIFs managed by full-scope AIFMs to delegate certain registration and safekeeping functions for private market assets. For assets which are not safe custody investments or AIF custodial assets, the ability to delegate is limited to affiliates of the authorised fund manager. For assets which are safe custody investments but not AIF custodial assets, depositaries would be able to delegate to a regulated third party. Regarding UCITS, the consultation proposes a new rule that a UCITS depositary must not delegate any function to the authorised fund manager.

Read more.

The UK Securitisation (Overseas STS Equivalence) (European Union, Iceland, Liechtenstein and Norway) Regulations 2026 have been laid before Parliament. The Regulations introduce a permanent equivalence regime for European securitisations designated under the EU Securitisation Regulation as "simple, transparent and standardised" (STS). The effect of UK equivalence is that such securitisations benefit from preferential treatment under various UK regimes, including in relation to regulatory capital requirements. It is worth noting that there is no reciprocal recognition of UK STS securitisations.

The permanent equivalence regime will replace the existing temporary recognition regime which is due to expire on 30 June. Accordingly, the Regulations will come into force at 11:00pm on 30 June.

For those tracking this development, you may be interested to read our article on this: EU STS recognition in the UK moves from temporary to permanent.
 

The UK Financial Conduct Authority (FCA) has published a new webpage inviting applications for its Scale-up Unit for FCA solo-regulated firms. The Unit was launched in October 2025 and is designed to provide bespoke regulatory support to fast-growing firms across three groups: banks and building societies, insurers, and FCA solo-regulated firms. For the pilot cohort of FCA solo-regulated firms, applicants must demonstrate that they meet the eligibility criteria, including: being FCA-regulated and operating for at least three years; experiencing a period of sustained growth, with average income growth exceeding 20% over a three-year period and projected to continue at that rate; and generating gross annual revenue of over GBP100 million and/or achieving an investor valuation of over GBP250m (for example, through funding rounds). Meeting the criteria will not automatically guarantee acceptance. The FCA will also consider whether an application meets the definitions set out in the webpage. Applications are open until 22 June.

The European Commission has launched consultations on the review of the Markets in Crypto Assets Regulation (MiCAR). The framework, implemented in 2024, establishes a harmonised regime covering crypto assets, including asset referenced tokens and e money tokens, as well as their issuers and crypto asset service providers. The consultation involves: (i) a public consultation on general views in relation to the different types of digital assets and the associated services industry used by individual retail users; and (ii) a targeted consultation covering more technical and legal questions for stakeholders on whether MiCAR remains fit for purpose in light of evolving market and international developments. Of particular interest in the targeted consultation is the section on topics beyond the initial scope of MiCAR, which covers questions on decentralised finance and prediction markets and perpetual futures.

Feedback will inform the EC's report on the application of MiCAR and the latest developments in markets crypto-assets, mandated by Articles 140 and 142 of the Regulation. The report may, if needed, be accompanied by a new legislative proposal to amend and complement this regulation. The deadline for feedback on both consultations is 31 August.

The House of Commons Treasury Committee has published a letter addressed to the UK Financial Conduct Authority (FCA) seeking further clarification on its motor finance redress scheme. This is following the FCA's announcement that the scheme is subject to legal challenges. The letter raises questions in relation to the consequences of the legal challenges, the additional administration caused by the legal challenges, the potential impact of any changes needed as a result of the challenges, the conduct of market participants more broadly, and the FCA's powers.

More specifically, key points of examination include: (i) current advice to consumers, the impact on complaint handling and compensation timelines, and potential risks such as fraud; (ii) details on the costs incurred by the FCA to date, additional costs arising from the litigation, and any impact on ongoing regulatory workstreams; (iii) how changes to or failure of the scheme could affect consumers, firms and the UK Financial Ombudsman Service; (iv) how lenders, claims management companies and law firms have responded to the scheme and the effect of their conduct on consumers; and (v) the adequacy of the FCA's powers to implement a compensation scheme and any lessons for Parliament. The Committee has requested the FCA to respond by 4 June.

The UK Financial Services Regulatory Initiatives Forum has published the tenth edition of the Regulatory Initiatives Grid, setting out the ongoing and upcoming initiatives impacting the UK financial services sector. The Grid provides an overview of the current state of play as opposed to launching new initiatives, and is also used to communicate timing updates on deliverables where relevant. The grid includes a multi-sector section which covers cross-cutting and omnibus topics such as sustainable finance and operational and financial resilience. There are further sector specific sections including in relation to: banking, credit and lending; payment services and cryptoassets; investment management; retail investment; and wholesale financial markets.

The grid includes a number of UK developments in relation to other items in this week's update, including those mentioned in the King's speech, and the prospective changes in the Financial Services and Markets Bill. Further information is detailed in those specific items covered this week. Separate press releases announcing the Grid have also been published by the UK Financial Conduct Authority and the Bank of England.

Readers are also invited to provide feedback on the Grid and its usefulness in enabling planning for regulatory initiatives and any suggested improvements.

The Bank of England (BoE) has published a discussion paper on central counterparty (CCP) resolution execution and resolvability. The paper focuses on three key resolution execution topics on the use of the BoE's resolution powers to resolve a CCP:

• Resolution powers and the credit hierarchy: how the BoE would manage the complexity arising in the calculation and execution of a resolution cash call.
• Returning value to CCP creditors: how value would be returned to CCP creditors that have recapitalised a CCP.
• Considerations in the execution of a statutory partial tear up: how the BoE would use its discretion when exercising its statutory tear up power in a default loss resolution, to return the CCP to a matched book.

The BoE also introduces draft "resolvability outcomes", requiring CCPs to demonstrate timely and robust capabilities to support the BoE's execution of resolution, including the ability to: (i) deploy recovery and resolution tools on the BoE's instruction; (ii) secure continuity of critical clearing services through resolution; and (iii) provide the BoE, HM Treasury and independent valuer with data, modelling and analysis as requested. The deadline for responses is 4 September. Feedback will inform a future consultation on CCP resolvability expected by the end of the year, with a further statement of policy on CCP resolvability expected in 2027. Responses may also be used to assess how the regime will apply to new firms and the appropriate degree of proportionality in the BoE's proposed policy on mobilisation of new CCPs.

The UK Financial Conduct Authority (FCA) has published a notice and terms of reference for a market study into claims management services. The study will examine the causes of potentially harmful practices, their impact on competition and consumer outcomes, and whether intervention is required. It will cover practices observed by FCA-regulated claims management companies (CMCs) and lead generators, as well as legal professionals. The FCA will be working closely with the Solicitors Regulation Authority as it carries out the market study.

The work will focus on claims management services provided in relation to financial services and financial products claims and housing disrepair claims. The deadline for comments is 19 June, with information requests to be issued to firms from June. The FCA intends to share early findings and consult on possible measures later this year, and will publish its final report by 19 May 2027.

The Financial Services and Markets Bill, first introduced in the King's speech as the "Enhancing Financial Services Bill", has had its first reading in the House of Lords. The text of the Bill was published with accompanying explanatory notes. It proposes significant amendments to primary legislation, including the Financial Services and Markets Act 2000, the Consumer Credit Act 1974 and the Financial Services (Banking Reform) Act 2013, as part of the government's growth and competitiveness strategy for the financial services sector.

Key proposals include: (i) modernising the Consumer Credit Act 1974 and reforming the UK Financial Ombudsman Service; (ii) consolidating the regulatory framework with the abolition of the UK Payment Systems Regulator; (iii) improving the operational effectiveness of the UK Financial Conduct Authority and the UK Prudential Regulation Authority; (iv) creating a new 'provisional licences' authorisation regime; (v) amendments to the appointed representatives regime including a requirement for principals to have specific permission to act as principal; (vi) creating a framework for HM Treasury to establish overseas recognition regimes for any financial services activity; (vii) reducing the burden of the Senior Managers and Certification Regime including repealing rules on the senior manager statements of responsibilities and the certification regime; (viii) updating the statutory framework underpinning the ring-fencing regime; and (ix) reforming the supervision of anti-money laundering / counter-terrorism financing.

The UK Prudential Regulation Authority (PRA) has issued a Dear CEO letter setting out updated expectations on the prudential treatment of tokenised assets, stablecoins and other cryptoasset exposures. This replaces the 2022 guidance which set out interim expectations when cryptoasset markets were less developed and international standards were still under development.

The PRA reaffirms that firms should apply the full prudential framework to cryptoasset exposures, including the Fundamental Rules, Pillar 1 and Pillar 2 requirements, and the Internal Capital Adequacy Assessment Process. It emphasises the need to maintain strong governance and risk management, including by carefully assessing whether the characteristics of these assets are sufficiently captured within existing frameworks.

It confirms that a conservative capital treatment remains appropriate for most cryptoassets, including a 100% capital requirement for unbacked cryptoassets, while recognising that certain newer forms of cryptoassets may warrant a more risk-sensitive approach. The PRA also clarifies that tokenised traditional assets should generally receive the same prudential treatment as their non-tokenised equivalents where legal rights and underlying risks are comparable, in line with a "same risk, same regulatory outcome" principle.

Read more.

The Bank of England (BoE) has published a consultation paper setting out its proposed roadmap to extend RTGS and CHAPS settlement hours towards near 24x7 settlement. The paper confirms the previously announced early-morning extension of CHAPS from September 2027 and seeks industry views on the next phase of reforms. In particular, the BoE proposes a phased approach, initially introducing settlement on weekends (most likely Sundays) and certain UK bank holidays from 2029 at the earliest. This would be followed by a further extension of those settlement days from 2031 at the earliest, resulting in CHAPS settlement operating hours for 22 hours per day, Sunday to Friday. The BoE notes that these sequencing steps could be combined if consultation responses indicate sufficient demand.

The consultation outlines key operational, liquidity and financial stability considerations, including the need for changes to liquidity provision, staffing, and risk management frameworks. It also seeks feedback on sequencing, design choices and the long-term end-state, including potential expansion to 22x7 or near-continuous settlement. The deadline for responses is 10 August.

The UK Financial Conduct Authority (FCA) and Bank of England (BoE) have published a joint call for input on the development of tokenisation in UK wholesale financial markets. Tokenisation – being the representation and ownership of assets using distributed ledger technology (DLT) – has the potential to transform how assets are issued, traded and settled. The paper seeks feedback on how existing rules and market infrastructure may support or constrain the adoption of tokenisation and includes the following content.

• A potential framework to consider the future use of tokenisation in wholesale markets, covering both the long-term end state and the transition towards it.
• Identification of the key infrastructure, policy and regulatory principles and operational considerations proposed to feature in future policy and regulation.
• Proposals on the regulatory regime for issuing and exchanging digital assets, prudential and collateral treatment, and central bank money settlement of digital asset transactions.
• An initial roadmap of initiatives that will support market evolution, to help industry engagement.

The deadline for responses is 3 July. A feedback statement is due in summer, with a final cross-authority roadmap for the digitalisation of wholesale markets to follow later in the year.

HM Treasury (HMT) has published a policy statement on the reform of the Consumer Credit Act 1974 (CCA), setting out its response to the phase 1 consultation. HMT confirms plans to modernise the regime by aligning it with the Financial Services and Markets Act 2000 (FSMA) and transferring much of the detailed conduct regulation to UK Financial Conduct Authority (FCA) rules. The original proposals involved a phase 2 consultation; however, HMT considers that it has sufficient evidence to proceed without a further consultation. The related legislative proposals are in the Financial Services and Markets Bill which was published this week, including an enabling power for HMT to make secondary legislation on the transitional provisions to support a smooth transition.

The FCA rules will not replicate the CCA exactly but will be designed in line with the FCA's objectives and existing framework, including the consumer duty. Certain provisions will remain in legislation where necessary to preserve key rights, or where they cannot be replicated due to complexity. The government intends to repeal most prescriptive CCA information disclosure requirements and replace them with FCA rules (subject to consultation) and statutory sanctions, such as unenforceability and disentitlement to interest and fees, in favour of the FCA's supervisory and enforcement framework, but retain criminal offences as a deterrent.

The FCA has also published a statement setting out its approach to CCA reform and highlighting some of the existing rights and protections it will consider as part of its policy work.

For more detail on the reforms, you may wish to read our blogpost titled "Phase 2? We don't need phase 2 where we're going...".

The UK Prudential Regulation Authority (PRA) has issued a Dear CEO letter on innovations involving deposit-takers, e-money and regulated stablecoins. The letter supersedes the 2023 letter and provides clarification in light of recent developments including the UK cryptoassets regulatory framework. It should be read alongside the PRA's Dear CEO letter on the prudential treatment of banks' cryptoasset exposures.

The PRA's core expectations remain unchanged but the letter clarifies how firms should manage risks arising from innovation, especially as regards retail customers. In particular, the letter confirms that while deposit-takers may innovate within deposit structures (including tokenised deposits), any issuance of e-money or stablecoins within groups should take place through separate, non-deposit-taking and insolvency-remote entities, with clearly distinct branding and presentation. This should be supported by disclosures, warnings, on-boarding, and customer education, but should not be relied upon as the sole means of mitigating the risk of confusion.

Read more.

HM Treasury (HMT) has published a report with findings from its review on the ring-fencing regime for banks. The review found that while the regime remains an important component of UK financial stability, it should be updated to be more flexible, proportionate and responsive to developments. The government intends to introduce certain changes through the Financial Services and Markets Bill (referred to as the Enhancing Financial Services Bill in the recent King's speech) including:

• Enabling the UK Prudential Regulation Authority (PRA) to remove ring-fencing rules where objectives are met by other prudential or resolution requirements to reduce duplication.
• Removing overly prescriptive elements in primary legislation.
• Improving regulatory alignment as between the ring-fencing rules and the resolution regime.
• Enabling HMT to move aspects of the regime into PRA rules so they can be updated more easily and to increase scope for modifications and waivers.

The government has also made the following commitments which are subject to consultation this summer:

• Introduction of a New Growth Allowance (with an allowance of up to 10% of Pillar 1 risk-weighted assets for credit risk to be consulted on) to unlock up to GBP80 billion of financing.
• Allow ring-fenced banks to offer more risk management products to businesses.
• Enable the participation of ring-fenced banks in certain funding schemes.
• Permit exposures to a wider range of financial institutions.

Read more.

The UK Financial Conduct Authority (FCA) has published findings from a multi firm review of credit rating agencies. The review focused on surveillance processes, credit rating methodologies and internal controls.
​
On surveillance and credit rating methodologies, the FCA made findings in relation to governance, capabilities, and how the process works. While the FCA drew attention to a number of areas where good practice was well-evidenced, it highlighted areas with room for improvement, including:

• On surveillance, clearer, better-interpreted and cohesive monitoring frameworks and practices (including on an ongoing basis rather than just in terms of the minimum requirement of an annual review), better evidence of analytical capability expectations and capacity management, and more fulsome documentation of first line controls, decision-making and oversight.
• On credit rating methodologies, effective annual reviews of key components of methodologies and model types, better governance of adjustments within methodologies and models, clarification of roles and responsibilities (including for independent non-executive directors), and better documentation, feedback and oversight in relation to methodologies and models.

Read more.

The Bank of England, UK Financial Conduct Authority (FCA) and HM Treasury have published a joint statement on frontier AI models and cyber resilience, addressed to regulated firms and financial market infrastructures. The statement notes that frontier AI models already exceed the capabilities of skilled practitioners and can amplify cyber threats to firms' safety and soundness, customers, market integrity and financial stability. This is particularly true in cases where firms have not invested sufficiently in core cyber security.

The joint statement calls on firms to mitigate risks proactively in relation to the following:

• Governance and strategy: ensuring boards and senior management sufficiently understand frontier AI risks to set strategic direction and oversee how control functions manage risks. Firms should also consider whether they have appropriate insurance in place.
• Identification and risk management of vulnerabilities: being able to triage, prioritise, risk assess, and remediate vulnerabilities more quickly, more frequently, and at scale, including through automation where appropriate, while mitigating the operational risks from doing so.
• Managing risks from third parties: effectively managing AI-related cyber risks arising from third parties, supply chains and open-source software, including the capability to monitor and remediate external vulnerabilities.

Read more.

The UK government and UK Financial Conduct Authority (FCA) have published a policy paper announcing plans to reform the UK Money Market Fund Regulation (MMFR) regime, aimed at strengthening money market funds (MMFs) to better withstand periods of market disruption. The reforms are intended to replace the existing regime with a new framework under which most requirements for UK MMFs will be set out in FCA rules and guidance, including expectations for higher levels of liquidity. The government confirms it will introduce legislation when parliamentary time allows, with the new regime expected to be in place by Q4 (subject to parliamentary approval). The FCA is expected to issue a statement shortly with further details on its plans. The government also acknowledges the cross-border nature of MMFs, welcoming ongoing engagement with the EU and the European Commission's report published on 11 May. The government intends to extend the temporary marketing permissions regime, pending a longer-term solution on market access, in line with the UK's framework and process for recognition of overseas firms and funds.

HM Treasury has announced the launch of an independent review into access to banking, assessing the impact of declining face to face banking services across the UK. This is in light of the shift towards digital banking and ongoing bank branch closures. The review will gather evidence on the real world effects of reduced in person services, identify affected groups and communities (including vulnerable consumers and small businesses), and consider whether further action is required to safeguard access to banking. Its findings and recommendations, expected by October, will inform the government's proposed powers to intervene where necessary to protect access to banking services. The announcement is accompanied by terms of reference which set out the review's scope and objectives.