In a rapidly shifting regulatory environment, businesses face increasing demands to adapt to new standards and frameworks. This week’s updates highlight critical developments aimed at strengthening compliance, enhancing operational resilience, and addressing emerging risks across various sectors. Staying informed about these changes is key to maintaining compliance and mitigating risks in an interconnected global economy.
Business Line | Country | Regulator | Regulatory Update | Summary |
All | Australia | ASIC | Buy Now Pay Later Providers to Obtain Credit Licenses Under New Laws | The Australian Securities and Investments Commission (ASIC) has announced new regulations requiring Buy Now Pay Later (BNPL) providers to obtain a credit licence under the National Credit Code, following the passage of the Treasury Laws Amendment (Responsible Buy Now Pay Later and Other Measures) Act 2024. The new laws, effective from 10 June 2025, aim to enhance consumer protection in the BNPL sector. Providers must apply for and have their credit licence applications accepted by ASIC before this date to benefit from transitional arrangements, which allow operations to continue during the licensing process. Additionally, providers must join the Australian Financial Complaints Authority (AFCA) and update their systems to comply with the new regime. ASIC has advised providers to act promptly, as delays in completing application requirements, such as criminal history checks, could result in non-compliance and unlicensed operations. |
Belgium | FSMA | FSMA Urges Financial Entities to Prepare for DORA Implementation | The Financial Services and Markets Authority (FSMA) has highlighted the need for financial entities to intensify their efforts to comply with the European Digital Operational Resilience Act (DORA), which comes into effect on January 17, 2025. A recent FSMA survey revealed mixed results regarding readiness, with some progress in areas like ICT risk management frameworks, but significant gaps in meeting core requirements such as business continuity planning, ICT incident response, and third-party ICT risk management. Notably, 40% of surveyed entities admitted their business continuity plans do not fully align with DORA’s stringent standards. FSMA has urged financial entities to prioritize DORA compliance in 2025, emphasizing the importance of operational resilience in protecting clients and mitigating risks across the financial ecosystem. | |
Bermuda | BMA | Monetary Authority Proposes Operational Resilience and Outsourcing Code | The Bermuda Monetary Authority (BMA) has issued a consultation paper on a proposed Operational Resilience and Outsourcing Code, aiming to enhance the resilience of financial institutions against operational disruptions. This Code sets requirements for identifying critical business services, managing outsourcing risks, and ensuring continued service delivery during disruptions. It applies to entities licensed under multiple financial acts, including banks, insurers, investment firms, and digital asset businesses, with full compliance deadlines set for March 2026 for banks and March 2028 for others. The Code emphasizes governance, testing, impact tolerance metrics, and communication plans to prevent and recover from operational disruptions. Feedback on the proposals is open until March 14, 2025. | |
European Union | EDPB | Guidelines on Pseudonymisation: A New Standard for Data Security | The European Data Protection Board (EDPB) has released updated guidelines on pseudonymisation and is inviting public comments, which provide detailed clarifications on how organizations can implement this security measure under the GDPR. These guidelines focus on ensuring the separation of identifying information from datasets to enhance privacy while maintaining utility for data analysis. The document outlines technical and organizational measures, emphasizing encryption and tokenization as effective techniques for pseudonymisation. By standardizing practices, the EDPB aims to support controllers and processors in achieving compliance, reducing the risk of re-identification, and safeguarding personal data in an increasingly data-driven economy. Submissions should be sent no later than February 28, 2025, using the provided form. | |
European Union | EBA` | The European Banking Authority (EBA) has released draft guidelines on Environmental, Social, and Governance (ESG) scenario analysis aimed at strengthening the financial resilience of institutions to ESG risks. The guidelines provide a framework for scenario-based approaches, focusing on climate-related risks initially and gradually expanding to other ESG factors. Key elements include setting scenarios based on scientific data, defining risk transmission channels, and integrating results into institutional decision-making processes. The document highlights tools like Climate Stress Tests (CST) and Climate Resilience Analysis (CRA) to assess financial and business model vulnerabilities over short and long-term horizons. Institutions are encouraged to progressively refine their methodologies and align with international best practices, ensuring proportionality for smaller institutions. The guidelines emphasize strategic foresight, risk management, and compliance with EU sustainability objectives. | ||
Italy | BancadItalia | The Bank of Italy has launched a public consultation on extending anti-money laundering (AML) and counter-terrorism financing (CFT) obligations to crypto-asset service providers (CASPs). This initiative follows the implementation of the EU Transfer of Funds Regulation (TFR recast) and updates to the national AML framework. The proposed changes aim to subject CASPs to the same rules as other financial intermediaries, including customer due diligence and internal controls to prevent money laundering and terrorism financing. Stakeholders have 60 days from the publication date to submit their feedback, which will help shape the final regulatory framework. These measures align with European Banking Authority guidelines and will impose reporting obligations and governance requirements for CASPs. | ||
Malta | CBM | The Central Bank of Malta (CBM) has updated Directive No. 1 on the Provision and Use of Payment Services to incorporate changes brought by the Digital Operational Resilience Act (DORA). The directive now aligns with Regulation (EU) 2022/2554, which aims to enhance the resilience of the financial sector against ICT and cyber risks. DORA applies to various entities covered by CBM Directive No. 1, including credit institutions, payment institutions, electronic money institutions, and account information service providers. Notably, Paragraph 71 of the directive has been amended to avoid overlaps with DORA’s major incident reporting requirements, transferring this responsibility to the Malta Financial Services Authority (MFSA). These changes reinforce the regulatory framework to address digital and operational resilience comprehensively. | ||
United States | SEC | The U.S. Securities and Exchange Commission (SEC) has adopted a series of technical amendments to various rules and forms under the Securities Act of 1933 and the Securities Exchange Act of 1934, as outlined in Release Nos. 33-11361 and 34-102243. These amendments correct typographical errors, outdated references, and erroneous cross-references within multiple regulations, including Regulation S-X, Regulation S-K, and forms such as Form S-3, Form 8-K, and Form 10-Q. The changes aim to enhance clarity and accuracy in regulatory reporting and compliance without substantive alterations to policy. Notable updates include adjustments to disclosure requirements, alignment of terminology, and corrections to cross-references in line with recent legislative and procedural updates. The amendments are effective upon publication in the Federal Register. | ||
Banking | European Union | EBA` | The European Banking Authority (EBA) has released revised guidelines on reporting major operational or security incidents under the Payment Services Directive (PSD2). These updates refine the incident classification criteria, simplifying the thresholds for reporting, and introducing enhancements for more effective communication between payment service providers (PSPs) and competent authorities. The revisions aim to ensure uniformity in reporting standards across the European Union, improve oversight, and reduce the compliance burden for PSPs. These updated guidelines will apply from 1 January 2025, replacing the existing framework. | |
European Union | European Union | Update on Bank Recovery and Resolution Directive (BRRD): Strengthened Measures for Resolvability | The latest amendments to Directive 2014/59/EU, also known as the Bank Recovery and Resolution Directive (BRRD), introduce significant enhancements to ensure the resolvability of credit institutions and investment firms within the EU. Key updates include reinforced requirements for recovery and resolution plans, new frameworks for group-level resolution strategies, and measures to address impediments to resolvability. The directive emphasizes cross-border cooperation among resolution authorities, sets stricter conditions for early intervention, and outlines enhanced powers to restructure institutions in financial distress. These measures aim to mitigate systemic risks, protect financial stability, and safeguard depositors’ interests across the EU. | |
Global | UNEP FI | The UNEP Finance Initiative (UNEP FI) and WWF have jointly released a guide designed to help banks align with emerging nature-related regulatory expectations. This comprehensive resource emphasizes the importance of integrating biodiversity and ecosystem considerations into financial decision-making processes. Highlighting the urgent need for financial institutions to adopt sustainable practices, the guide also addresses regulatory trends and frameworks influencing the banking sector. With increasing global focus on nature-positive financing, this guide equips banks to proactively adapt to evolving compliance requirements and leverage opportunities in the transition to a nature-focused financial system. | ||
Ireland | GOV.IE | The Department of Finance in Ireland has initiated a public consultation on the transposition of national discretions under the Capital Requirements Directive VI (CRD VI), in alignment with Regulation EU 2024/1619. This directive introduces amendments to the existing Capital Requirements Directive (2013/36/EU) and aims to strengthen financial regulation, bank supervision, and risk management. Stakeholders, including financial institutions and regulatory professionals, are invited to provide input on how national discretions should be implemented, focusing on areas such as cooling-off periods, third-country branch regulations, and periodic penalty payments. The consultation period runs from January 16, 2025, to February 14, 2025, with submissions influencing the final implementation in Irish law. | ||
United Kingdom | GOV.UK | Application of the FSMA 2000 Model to the Capital Requirements Regulation | HM Treasury has initiated significant changes to the prudential regulatory framework for banks, building societies, and investment firms by transitioning from the EU’s Capital Requirements Regulation (CRR) to the UK’s Financial Services and Markets Act 2000 (FSMA 2000) model. This policy shift empowers the Prudential Regulation Authority (PRA) and the Bank of England to design and enforce prudential rules tailored to the UK’s needs. The changes will align regulatory standards with Basel 3.1 requirements by January 2026, replacing CRR articles with PRA rules that emphasize capital adequacy, streamlined compliance for small domestic deposit takers, and risk management in line with international competitiveness. Moreover, the revocation and restatement of specific CRR provisions will ensure a seamless transition while maintaining financial stability. | |
Insurance | China | NFRA | On January 7, 2025, the National Financial Regulatory Administration (NFRA) released the Insurance Company Regulatory Rating Method to strengthen the classification and supervision of insurance companies based on their risk profiles. Effective from March 1, 2025, the method introduces a comprehensive framework for evaluating insurance firms across key factors such as governance, solvency, risk management, and consumer protection. The ratings, ranging from 1 (low risk) to 5 (high risk), guide supervisory intensity, with provisions for adjustments based on significant risks or compliance failures. This method applies to insurers operating for at least one full fiscal year and includes annual evaluations to promote sound risk management practices and ensure the stability of the insurance sector. | |
European Union | European Union | Update on Solvency II Directive Amendments: Enhancing Governance and Risk Management in Insurance | The European Union has updated Directive 2009/138/EC (Solvency II), incorporating new provisions to strengthen governance and risk management within insurance and reinsurance undertakings. Key enhancements include the requirement for firms to maintain robust governance systems that ensure sound and prudent management, with mandatory internal reviews and contingency planning. Additionally, the amendments emphasize improved risk management systems covering underwriting, asset-liability management, investments, and operational risks. The updates also include transparency requirements for public disclosures and supervisory processes, reinforcing accountability across the sector. These changes aim to bolster the stability of the insurance market while protecting policyholders and beneficiaries. | |
Investment | European Union | ESMA | The European Securities and Markets Authority (ESMA) has issued a public statement emphasizing the need for crypto-asset service providers (CASPs) to comply with the Markets in Crypto-Assets Regulation (MiCA) concerning asset-referenced tokens (ARTs) and electronic money tokens (EMTs). CASPs operating in the EU are required to halt services involving non-MiCA-compliant ARTs and EMTs, including public offerings, trading admissions, and execution of related orders, by the end of Q1 2025. To facilitate investor transitions, CASPs may offer a “sell-only” mode for these assets until Q1 2025 and are encouraged to launch awareness campaigns to inform clients about the implications of MiCA. Additionally, CASPs must implement technical measures to assist in converting or liquidating non-compliant holdings into MiCA-compliant alternatives. | |
Global | BIS | Strengthening Margin Practices in Cleared and Non-Cleared Markets | The Basel Committee on Banking Supervision (BCBS), the Committee on Payments and Market Infrastructures (CPMI), and the International Organization of Securities Commissions (IOSCO) have published three final reports to improve margining practices in centrally and non-centrally cleared markets. These reports address issues identified during the 2022 BCBS-CPMI-IOSCO review and are part of a coordinated Financial Stability Board (FSB) initiative following the 2020 market turmoil. Key proposals include enhancing transparency of initial margin requirements, streamlining variation margin processes, and increasing margin model responsiveness. Complemented by the FSB’s report on liquidity preparedness, these efforts aim to ensure predictability, strengthen market liquidity, and promote regulatory alignment across global financial markets. | |
Japan | JFSA | Japan Eases Capital Requirements for Investment Management Firms | Japan’s Financial Services Agency has announced a regulatory relaxation to lower the capital and net asset requirements for investment management firms that do not accept client deposits. Effective under revised laws, the capital threshold is reduced from 50 million yen to 10 million yen. This measure aims to promote new entrants in the investment management industry, enhancing competition and diversifying asset management strategies. The reform aligns with the government’s efforts to foster investment and economic growth in the face of inflation and global economic challenges. Public input was gathered through multiple task force meetings before finalizing the changes. | |
Luxembourg | CSSF | Luxembourg Updates Reporting Requirements for Investment Claims | The Luxembourg financial regulator (CSSF) issued Circular CSSF-CPDI 16/03, amended by Circular CSSF-CPDI 25/44, to clarify reporting requirements for covered claims related to investment businesses. The circular applies to credit institutions, investment firms, UCITS management companies, and alternative investment fund managers operating under Luxembourg law. Members of the SIIL (Système d’indemnisation des investisseurs Luxembourg) must report covered claims based on year-end data via the CSSF eDesk platform or S3 protocol by March 31 annually. Reporting remains mandatory even for entities with no claims, requiring a “zero” value declaration. These measures aim to ensure accurate contributions to the investor compensation scheme in case of institutional failure. | |
Singapore | MAS | Guidelines on Licensing and Conduct of Business for FMCs updated | The Monetary Authority of Singapore (MAS) has revised the Guidelines on Licensing and Conduct of Business for Fund Management Companies (FMCs), effective January 13, 2025. The updates include enhanced compliance requirements, such as independent valuation and risk management, for fund management activities. Venture Capital Fund Managers (VCFMs) are now permitted greater flexibility in their investments, including allowances for a small percentage of non-qualifying investments. The revised guidelines emphasize stricter anti-money laundering (AML) and counter-terrorism financing (CFT) measures, improved governance, and conflict-of-interest management. These changes aim to strengthen investor protection and align with international regulatory standards. | |
Singapore | MAS | The Monetary Authority of Singapore (MAS) released updated Guidelines to MAS Notice SFA02-N05 on January 13, 2025, addressing the prevention of money laundering (ML) and countering the financing of terrorism (CFT). These guidelines apply to approved exchanges and recognized market operators (AEs and RMOs) under Singapore’s Securities and Futures Act. Key updates include enhanced customer due diligence (CDD) measures, risk assessments, and suspicious transaction reporting requirements. The guidelines emphasize a risk-based approach to AML/CFT, reinforced governance, and monitoring protocols to ensure compliance with evolving international standards. Additionally, they provide specific provisions for identifying politically exposed persons (PEPs), high-risk customers, and tax-related suspicious transactions. The guidelines also incorporate mechanisms for addressing proliferation financing risks as mandated by the United Nations Security Council Resolutions. |
Navigating the complexities of global regulations can be challenging, but with FinregE’s AI-powered solutions, compliance management and horizon scanning become seamless. Our tools provide real-time insights and automated tracking, enabling businesses to stay ahead of regulatory changes and focus on achieving their strategic goals with confidence. Book a Demo today.
