Regulatory Changes, Financial Markets – Week 13

Regulatory Changes, Regulatory Updates, Financial Markets, DORA, ESG, Horizon Scanning, AI, Gen AI

We have highlighted the most important advancements in data protection, digital operational resilience, prudential regulation, and crypto-asset oversight in this edition of our weekly global regulatory round-up. The updates, which range from technical standards and supervisory frameworks to capital adequacy and consumer protection initiatives, demonstrate how global financial regulators are adjusting their strategies in response to changing market dynamics, technological advancements, and climate risks. In order to keep financial institutions informed and compliant, this summary compiles the most important publications, consultations, and directives that were released during Week 13 of 2025.

Business Line

Country

Regulator

Regulatory Update

Summary

All

Austria

DSB

Clarification on Data Subjects’ Rights in Credit Scoring

The Austrian Data Protection Authority (DSB) has issued guidance following the recent CJEU judgment (C-203/22, Dun & Bradstreet Austria GmbH) regarding data subject rights under GDPR Article 15(1)(h), particularly in relation to automated credit scoring. The Court emphasized that data subjects are entitled to receive meaningful, specific, and comprehensible explanations of the logic and principles behind automated processing—not merely complex formulas or generic descriptions. These explanations must pertain to the individual case and could include how changes in personal data might alter the scoring outcome. Importantly, if disclosing such information may affect trade secrets or third-party rights, the data controller must submit the relevant details to the competent authority for balancing interests. The DSB confirms it will now apply this stricter interpretation in its oversight and warns that non-compliance may lead to penalties under GDPR Article 83. The WKO (Austrian Economic Chamber) has been asked to inform financial service providers accordingly, and discussions on sector-wide conduct codes are welcomed.

European Union

ESMA

EU Supervisory Authorities Report Broad Compliance with DORA Oversight Cooperation Guidelines

the European Securities and Markets Authority (ESMA) published a compliance table showing the implementation status of the Joint Guidelines on oversight cooperation under the Digital Operational Resilience Act (DORA) (JC/GL/2024/36). These guidelines, which took effect on 17 January 2025, set out the framework for structured cooperation and information exchange between national competent authorities (NCAs) and the European Supervisory Authorities (ESAs) in overseeing critical third-party ICT service providers (CTPPs). Most EU and EEA NCAs have confirmed compliance or intent to comply, with some pending legislative alignments in select jurisdictions. The report also outlines implementation timelines for specific guidelines, such as reporting (GL 5.1) starting 30 April 2025, and secure communication tools (GL 1.6) expected by Q3 2025. The broad alignment across Member States underlines the EU’s collective commitment to enhancing digital resilience and supervisory convergence in the financial sector.

European Union

European Commission

RTS on ICT Subcontracting to Strengthen Digital Operational Resilience in Finance

The European Commission has adopted a Delegated Regulation supplementing the Digital Operational Resilience Act (DORA – Regulation EU 2022/2554), establishing detailed regulatory technical standards (RTS) for subcontracting of ICT services supporting critical or important functions. This RTS outlines the obligations of financial entities when outsourcing ICT services through third-party providers who may further subcontract. It mandates due diligence, ex-ante risk assessments, explicit contractual requirements, and clearly defined rights of termination in the event of unauthorized subcontracting or material changes. The RTS emphasizes a proportionate and risk-based approach, tailored to the size, complexity, and systemic relevance of the financial entity. It also reinforces audit and access rights across subcontracting chains, addresses ICT concentration and geopolitical risks, and ensures that service continuity and regulatory compliance are not compromised when ICT services are layered through subcontractors.

Singapore

MAS

Consultation on Prudential Standards for Crypto asset Exposures and Capital Instruments

The Monetary Authority of Singapore (MAS) has released a consultation paper proposing the prudential treatment of banks’ exposures to crypto assets and the requirements for Additional Tier 1 (AT1) and Tier 2 (T2) capital instruments. The proposals align with the Basel Committee’s standard on the treatment of crypto asset exposures and aim to ensure that risks arising from digital asset activities are appropriately managed. MAS outlines criteria for classifying crypto assets, introduces capital and liquidity requirements, and details approval processes for recognising AT1 and T2 instruments as regulatory capital. The consultation is open for public feedback until 22 April 2025, reflecting MAS’s commitment to maintaining financial soundness while responding to emerging financial innovations.

United Kingdom

BOE

FSCS Management Expenses Levy Limit for 2025/26

On 28 March 2025, the Prudential Regulation Authority (PRA) issued Policy Statement PS4/25, finalising the Financial Services Compensation Scheme (FSCS) Management Expenses Levy Limit (MELL) for the 2025/26 financial year. The MELL is set at £108.6 million, comprising a management expenses budget of £103.6 million and an unlevied reserve of £5 million for unforeseen costs. This limit enables the FSCS to cover operating costs such as staffing, IT, legal services, and infrastructure. The PRA confirmed no changes were made to the draft proposal published in CP1/25, with the FSCS continuing to operate within the proposed budget despite future premises relocation. The new levy limit takes effect from 1 April 2025 to 31 March 2026.

United Kingdom

FCA

Action Plan to Streamline Rules Following Consumer Duty Implementation

The UK Financial Conduct Authority (FCA) published Feedback Statement FS25/2 outlining immediate and long-term regulatory reforms to simplify its rulebook considering the Consumer Duty. The FCA plans targeted amendments across four core areas: (1) Reviewing the Foundations, including clarifying definitions and reviewing the international scope of conduct rules; (2) Future-Proofing Disclosure, to enable more flexible, digital-friendly consumer communications; (3) Reducing the Administrative Burden, especially for insurance, asset management, and client asset rules; and (4) Streamlining Requirements, including retiring outdated guidance and launching a small firm support guide. The FCA will consult further in May and June 2025 and provide a detailed programme update in September 2025. This initiative reflects a broader effort to align regulatory expectations with technological change and consumer needs while maintaining robust consumer protection.

United Kingdom

FCA

Launch of 5-year strategy to support growth and improve lives

The Financial Conduct Authority (FCA) has published its Strategy for 2025 to 2030, outlining an ambitious vision to deepen trust, rebalance risk, and support economic growth through smarter regulation. The strategy focuses on four key priorities: becoming a more efficient and predictable regulator, enabling growth through innovation and competitive markets, helping consumers make informed financial decisions, and intensifying efforts to combat financial crime. Key initiatives include streamlining supervisory processes, enhancing digital authorisation, reforming redress and disclosure regimes, supporting Open Finance, and maintaining the UK’s position as a global financial hub. The FCA also aims to improve consumer outcomes by embedding the Consumer Duty, fostering financial inclusion, and embracing technological change such as AI and data sharing. Progress will be measured against clear metrics, including improvements in market efficiency, innovation uptake, and consumer engagement.

Banking

Australia

ASIC

Update on 31-Day Notice Term Deposits Instrument 2025/172

The Australian Securities and Investments Commission (ASIC) has introduced a new legislative instrument—ASIC Corporations (31-day Notice Term Deposits) Instrument 2025/172—which modifies the application of the Corporations Act 2001 to certain term deposits with notice requirements. This instrument updates the definition of “basic deposit product” to include term deposits that require up to 31 days’ notice for early withdrawals. It mandates that authorised deposit-taking institutions (ADIs) clearly disclose key information, such as withdrawal conditions, notice periods, and potential penalties or reduced returns. Furthermore, ADIs must provide detailed pre- and post-maturity notices to depositors who agree to roll over their funds, including interest rate information and grace period terms. The instrument aims to enhance depositor understanding and promote transparent practices in the offering and renewal of term deposit products. This regulation is effective from the date following its registration and remains in force until 1 April 2030.

European Union

EBA

Draft Technical Package for Reporting Framework 4.1 to Support Transition to DPM 2.0

On 27 March 2025, the European Banking Authority (EBA) published the draft technical package for version 4.1 of its reporting framework, offering reporting entities early access to the upcoming changes to facilitate timely implementation. This version supports several reporting mandates, including updated Pillar 3 disclosure templates, MiCAR-related supervisory reporting, and the integration of Instant Payments reporting requirements into the data point model (DPM) and XBRL taxonomy. Enhancements also include new validation rules for ESG ad-hoc data collection. The release continues the transition to DPM 2.0, aligning with the EBA’s broader digitalisation and data standardisation strategy. The final version, expected by the end of May 2025, will reflect stakeholder feedback and necessary corrections. Entities are encouraged to submit comments on the draft by 15 April 2025.

European Union

EBA

Updated methodology on the regulatory and supervisory equivalence of non-EU countries

The European Banking Authority (EBA) has released its Step 2 Questionnaire – March 2025 as part of its ongoing assessment of the equivalence between third-country regulatory and supervisory frameworks and the EU’s prudential standards. This stage of the process builds upon initial reviews and seeks comprehensive input from non-EU jurisdictions on key elements such as Basel III implementation, structural features of national banking sectors, supervisory review processes, operational risk management, governance, and disclosure requirements. The aim is to ensure a consistent and robust approach to assessing whether third-country regimes can be considered equivalent to the EU’s, thus facilitating cross-border regulatory cooperation and ensuring the integrity and stability of the EU financial system. Jurisdictions are invited to provide detailed, evidence-based responses covering both qualitative and quantitative aspects of their frameworks.

Global

BIS

Update on Basel III Implementation and Monitoring – March 2025

The Basel Committee on Banking Supervision released its latest Basel III Monitoring Report, assessing the impact of the Basel III reforms using data as of 30 June 2024. The report indicates a continued increase in risk-based capital ratios for large internationally active banks (Group 1), while leverage ratios and liquidity metrics such as the Net Stable Funding Ratio (NSFR) have remained stable. Notably, the revised market risk and operational risk frameworks are contributing to a diversified impact across jurisdictions. Group 1 banks are experiencing an average increase of 6.8% in operational risk capital requirements, whereas some global systemically important banks (G-SIBs) may see reductions due to internal model usage and national discretion options like setting the Internal Loss Multiplier (ILM) to 1. The report also underscores the full phase-in trajectory toward 2028, where the output floor will reach 72.5%, further standardising risk-weighted asset calculations. These developments provide regulators, banks, and stakeholders with critical insights into capital adequacy, resilience, and compliance preparedness under the evolving Basel III framework.

Japan

JFSA

Revisions to Supervision Guidelines to Strengthen Safe Deposit Box Controls

Japan’s Financial Services Agency (FSA) has released draft revisions to its supervisory guidelines for major banks and regional financial institutions. The proposed changes aim to enhance compliance and risk controls concerning the operation of safe deposit box services. Key revisions include requiring financial institutions to implement stricter internal controls to prevent employee misconduct, such as theft or misappropriation of customer assets, and to counter the misuse of deposit boxes for money laundering or terrorist financing. Specific measures outlined include biometric authentication, surveillance systems, multi-person access verification, and periodic reviews of contractual terms to exclude high-risk items (e.g., large cash holdings). Institutions must also publicly disclose incidents of misconduct unless exceptions apply and are expected to analyse incidents to prevent recurrence. These updates signal a stronger regulatory emphasis on customer asset protection and anti-money laundering (AML) compliance in ancillary banking services​.

Luxembourg

CSSF

Reporting requirements for credit institutions – Final version

The Commission de Surveillance du Secteur Financier (CSSF) has issued version 8.2 of its reporting framework, introducing significant updates to align with the latest EU banking regulations, including CRR3, CRDVI, and the new ITS on supervisory reporting (EU 2024/3117). Notable changes include the incorporation of EBA taxonomy versions v3.5 and v4.0, with the first reference date under version 4.0 set for 31 March 2025. In response, the CSSF has extended the submission deadline for COREP Own Funds and Leverage reports to 30 June 2025. Additionally, the standardisation of the eDesk/API transmission channel across all EBA ITS quarterly and annual reports effective 1 April 2025 underscores the shift toward greater digitalisation and consistency in regulatory submissions. These changes mark a pivotal step in harmonising Luxembourg’s supervisory reporting practices with evolving European requirements​

South Africa

Reserve Bank

Climate Risk Framework for National Payment System

The South African Reserve Bank has issued a consultation paper proposing a comprehensive policy and regulatory framework to address climate-related risks within the National Payment System (NPS). The framework aims to ensure that payment institutions and financial market infrastructures integrate climate risk into governance, strategy, risk management, scenario analysis, and disclosures. The proposal highlights the systemic risks climate change poses to payment operations and financial stability and promotes the adoption of green payment solutions to support South Africa’s transition to a low-carbon economy. The SARB emphasizes the importance of resilience, sustainable operations, and public accountability in mitigating environmental risks. Stakeholder comments are invited until 30 April 2025.

South Africa

Reserve Bank

Directive on Forms BA600 and BA610 Reporting

The Prudential Authority (PA) of the South African Reserve Bank has issued a proposed directive under the Banks Act, requiring all banks, controlling companies, and offshore operations of South African banks to comply with revised instructions for completing Forms BA600 and BA610. Form BA600 pertains to consolidated group data, including capital requirements and intra-group exposures, while Form BA610 covers financial and risk-based data related to offshore operations. These revisions aim to align reporting with the updated banking regulations and enhance consistency across returns. Submissions are required quarterly, with the directive taking effect alongside the amended Regulations as outlined in Guidance Note 3 of 2023.

Insurance

Singapore

MAS

Consultation on Equity Counter-Cyclical Adjustment and Capital Instrument Criteria for Insurers

The Monetary Authority of Singapore (MAS) has released a consultation paper proposing enhancements to the Risk-Based Capital (RBC 2) framework for insurers. The proposed changes aim to strengthen capital adequacy by introducing a counter-cyclical adjustment to the equity investment risk requirement, allowing for better responsiveness to market volatility. Additionally, MAS proposes new eligibility criteria for Additional Tier 1 (AT1) and Tier 2 (T2) capital instruments to ensure higher quality capital. These measures reflect MAS’s continued efforts to align with evolving global standards and market developments. Stakeholders are invited to submit feedback by 28 April 2025.

Investment

European Union

European Commission

Reforms to Benchmark Regulation for Enhanced Oversight and Market Resilience

The European Commission has endorsed the Council’s position on amending Regulation (EU) 2016/1011, marking a significant step in reforming benchmark oversight within the EU. The amendments aim to reduce regulatory burdens by focusing rules on benchmarks with significant economic impact while ensuring continued access to third-country benchmarks. Key changes include the introduction of qualitative criteria alongside a EUR 50 billion threshold to define significant benchmarks, mechanisms to permit temporary use of discontinued benchmarks, and adjusted treatment of commodity and spot FX benchmarks. Importantly, ESG-related benchmarks now face stricter oversight, requiring administrators of EU Climate Transition and Paris-aligned Benchmarks to be registered or authorised, with broader ESG disclosures mandated. The reform also enhances ESMA’s supervisory powers over third-country administrators, creating a more streamlined and equitable regulatory framework across endorsement and recognition regimes. These changes are designed to bolster market integrity, reduce disruption risks, and align with the EU’s broader financial and sustainability strategies.

European Union

ESMA`

Guidelines on Suitability and Periodic Reporting under MiCA for Crypto-Asset Portfolio Management

The European Securities and Markets Authority (ESMA) has published detailed guidelines outlining the suitability assessment requirements and the format of periodic statements for crypto-asset portfolio management under the Markets in Crypto-Assets Regulation (MiCA). These guidelines clarify the obligations of crypto-asset service providers (CASPs) when offering investment advice or portfolio management services. They cover client profiling, data collection proportionality, understanding crypto-assets and associated risks, and the evaluation of investment suitability, including cost-benefit analysis and alternative product assessments. Specific provisions are also set out for robo-advice and group clients. Additionally, ESMA prescribes the minimum content and format of periodic statements, requiring disclosures on portfolio composition, performance, costs, and how services align with client preferences. The guidelines aim to ensure consistent supervisory practices across the EU, strengthen investor protection, and enhance transparency in crypto-asset portfolio management. Competent authorities and CASPs are expected to implement these rules within 60 days of publication.

European Union

European Union

EU Finalises RTS on Own Funds Adjustment for Crypto-Asset Token Issuers

On 24 March 2025, the European Commission adopted Commission Delegated Regulation (EU) 2025/419, which supplements the Markets in Crypto-Assets Regulation (MiCA – Regulation EU 2023/1114) by specifying the procedure and timeframe for issuers of asset-referenced tokens (ARTs) and e-money tokens (EMTs) to adjust their own funds. The RTS outlines that issuer, once classified as significant or otherwise required by competent authorities, must receive a timeframe—no longer than six months—for compliance. Issuers must submit a time-bound plan for increasing own funds, update authorities if delays occur, and notify upon completion. The goal is to safeguard financial stability by ensuring timely and transparent capital adequacy among crypto token issuers, particularly where systemic relevance may be present.

European Union

European Union

EU Adopts RTS on Machine-Readable Classification of Crypto-Asset White Papers

The European Commission has published a Commission Delegated Regulation (EU) 2025/421, introducing regulatory technical standards (RTS) under the Markets in Crypto-Assets Regulation (MiCA – Regulation EU 2023/1114). This RTS specifies the required dataset and machine-readable format for classifying crypto-asset white papers submitted to the official EU register. It mandates the use of identifiers such as the ISO 17442 Legal Entity Identifier (LEI), ISO 24165 Digital Token Identifier (DTI), and the Functionally Fungible Group DTI (FFG DTI). These standards aim to support supervisory consistency and facilitate efficient data handling by ESMA and national authorities. The rules align with ESAP (European Single Access Point) data provisions and are designed to reduce operational burden by enabling data extraction from already prepared white papers. The regulation will apply from 23 December 2025, allowing market participants time to adapt.

European Union

European Union

Minimum Governance Standards for Remuneration Policies of Significant Crypto-Token Issuers

The European Commission has published a Commission Delegated Regulation (EU) 2025/418, setting regulatory technical standards (RTS) under MiCA (Regulation EU 2023/1114) to define the minimum governance arrangements for the remuneration policies of issuers of significant asset-referenced tokens (ARTs) and e-money tokens (EMTs). The RTS introduces detailed requirements to ensure sound risk management, prevent excessive risk-taking, and align staff incentives with long-term issuer sustainability and ESG objectives. It mandates clear distinctions between fixed and variable remuneration, sets deferral and clawback conditions, and requires that at least 50% of variable pay be in instruments such as shares or tokens. The RTS also integrates principles from existing prudential frameworks for investment firms, adapted to the unique risks of crypto-asset issuance. These measures aim to enhance financial resilience, market integrity, and investor protection across the EU’s digital asset landscape.

European Union

European Union

RTS on Own Funds Adjustment and Stress Testing for Crypto-Token Issuers

The European Commission has adopted a Commission Delegated Regulation (EU) 2025/415 to supplement the Markets in Crypto-Assets Regulation (MiCA – Regulation EU 2023/1114). This regulatory technical standard (RTS) defines the criteria under which competent authorities may impose higher own funds requirements on issuers of asset-referenced tokens (ARTs) and e-money tokens (EMTs) and outlines the minimum features for robust stress testing programmes. Issuers must conduct solvency stress tests quarterly (for significant issuers) and semi-annually (for non-significant ones), and liquidity stress tests monthly. These tests must incorporate macroeconomic, operational, and ESG-related risks over predefined time horizons. The RTS also mandates a comprehensive internal governance framework, effective data infrastructure, and scenario-based methodologies to assess vulnerabilities. These measures aim to safeguard financial stability, enhance risk management, and ensure resilience in the fast-evolving crypto-asset landscape.

Singapore

MAS

Update on Capital Framework for Approved Exchanges and Clearing Houses

The Monetary Authority of Singapore (MAS) has published its response to the consultation on proposed amendments to the capital framework for Approved Exchanges (AEs), Approved Clearing Houses (ACHs), and Licensed Trade Repositories (LTRs). The revamped framework introduces a new standalone liquidity requirement—mandating FMIs to maintain liquid assets covering at least six months of operating expenses or the amount needed for orderly recovery or wind-down. Significant updates include stricter definitions of eligible capital, revised methods for calculating total risk requirements (covering operational, investment, and counterparty risks), and expanded reporting and notification obligations. MAS has confirmed that these changes will be extended to LTRs, with a standardised approach across all capital market FMIs. Implementation will begin following a transitional period of three months, extendable to 12 months upon request. These reforms align with evolving international standards and reinforce financial resilience and supervisory transparency in Singapore’s capital markets ecosystem.

United Kingdom

BOE

Amendments to Margin Requirements for Equity Options and Legacy Derivatives Contracts

The Prudential Regulation Authority (PRA) and Financial Conduct Authority (FCA) has jointly issued a Consultation Paper CP5/25 proposing amendments to BTS 2016/2251 under the UK EMIR framework. Key proposals include: (1) granting an indefinite exemption for single-stock equity options and index options from bilateral margining requirements to maintain competitiveness and align with global practices; (2) removing margin requirements for legacy contracts if a counterparty falls below the Initial Margin threshold post-onboarding; and (3) harmonising threshold calculation periods across jurisdictions to reduce operational burdens in cross-border trades. These changes aim to preserve UK market integrity, mitigate disproportionate costs, and avoid regulatory fragmentation. Stakeholder responses are invited by 27 June 2025.

Staying ahead necessitates real-time adaptability rather than merely monitoring change as regulatory complexity increases and compliance expectations change. FinregE’s AI-powered regulatory compliance platform simplifies regulatory mapping, policy impact analysis, and horizon scanning to assist businesses in understanding new regulations and precisely managing their responsibilities. FinregE gives compliance teams the ability to take decisive action and maintain control, whether they are parsing technical standards, managing internal policies, or guaranteeing cross-border compliance. Schedule a demo right now.

Downloads Alert