In this week’s global roundup, we’re exploring a host of regulatory updates across the banking, investment, and insurance industries. From changes in capital rules and digital operational resilience to advancements in sustainability reporting and climate risk governance, regulators are working to adapt financial oversight to meet the demands of new market conditions, digital progress, and ESG priorities. This blog brings together all the essential highlights you should be aware of, neatly organized in one place.
Important Updates from Week 29
Business Line | Country | Regulator | Regulatory Update | Summary |
All | European Union | European Union | Regulation to streamline financial data reporting and promote reuse | The European Commission has endorsed a Council position to simplify financial reporting by reducing duplication and enhancing data sharing among EU authorities. The new regulation mandates EU-level regulators, including the ESAs and the ECB, to improve information exchange. It also tasks the ESAs with developing a roadmap for an integrated reporting system. However, national authorities remain outside the mandatory data-sharing scope, limiting potential efficiency gains. The initiative also supports voluntary data sharing for research and innovation, aiming to reduce burden on financial institutions without compromising confidentiality. |
European Union | EBA | The European Supervisory Authorities have released guidance on how oversight expectations under DORA will apply to critical ICT providers. The guide outlines how Lead Overseers will assess ICT risk, operational resilience, and subcontracting arrangements. It includes expectations for information sharing, audit rights, and incident handling. This step aims to ensure ICT providers align with DORA’s resilience and supervisory standards and support the financial sector’s digital stability. | ||
Japan | JFSA | Japan’s Financial System Council has proposed a staged rollout of mandatory sustainability disclosures using the SSBJ standards. Starting 2027, large, listed firms must report ESG data aligned with global investor expectations. Requirements will expand gradually based on market capitalization, with limited assurance covering Scope 1, Scope 2 emissions, governance, and risk management in the first two years. Broader assurance and faster timelines may follow based on international trends and market readiness. | ||
United Kingdom | FCA | Major redress reforms to improve predictability and early harm resolution | The FCA and Financial Ombudsman want to overhaul the UK’s redress system. Their joint consultation aims to improve how complaints are handled, especially during mass redress events. Firms will be expected to identify harm early and notify the FCA before issues escalate. The plan includes clearer rules, stronger collaboration between regulators, and a defined framework for mass events. A new registration stage for complaints and better dismissal grounds will speed up outcomes. These changes are designed to boost market confidence and support fairer, quicker resolutions for consumers and firms alike. | |
United Kingdom | FCA | The UK Financial Conduct Authority has launched a consultation to reform the Senior Managers & Certification Regime. The changes aim to cut compliance costs and reduce unnecessary complexity for solo- and dual-regulated firms. Key proposals include extending the validity of criminal record checks, relaxing deadlines for updating the Directory, allowing more flexibility in using the 12-week rule, and reducing duplication in certification roles. The FCA also plans to raise financial thresholds for Enhanced SM&CR firms and streamline how Statements of Responsibilities are submitted. Further reforms may follow, pending legislative changes from HM Treasury. | ||
Banking | Chile | CMF | Mandatory uptime and accessibility rules for bank service channels | Chile’s financial regulator has proposed new rules to modernize customer service channels in banks. The rules require banks to operate at least one service channel—digital or physical—with high availability standards. Digital platforms must meet a minimum uptime of 95% daily and 99% monthly. Physical branches must operate from 9 AM to 2 PM, Monday to Friday. The proposal also mandates better public communication around branch closures, service hours, and complaint handling. The move aligns with Chile’s Fintech Law and aims to strengthen consumer protection, access, and operational transparency. |
European Union | European Union | Updated market risk standards for trading desk back-testing and P&L attribution | The European Commission has amended its rules to clarify how banks should calculate actual, hypothetical, and theoretical changes in trading desk portfolio values. These updates specify the technical elements for back-testing and profit and loss attribution under the internal model’s approach. Institutions must now apply consistent pricing methods; document excluded adjustments and regularly classify trading desks into risk zones using statistical tests like Spearman correlation and the Kolmogorov-Smirnov metric. This aims to improve comparability and supervisory confidence in risk modelling across EU banks. | |
European Union | European Union | Updated prudential rules for credit institutions with expanded ESG and crypto-asset risk definitions | The EU has revised Regulation 575/2013 to strengthen risk coverage for credit institutions. It now explicitly includes environmental, social, and governance (ESG) risks, defining physical and transition risks under environmental risk. The update also introduces definitions for crypto-assets, crypto-asset exposures, and tokenised traditional assets. Institutions must now assess prudential requirements for these assets and risks under clear supervisory standards. These changes aim to align regulation with digital finance trends and sustainability goals, improving resilience and transparency in EU banking. | |
European Union | Banking Supervision | The European Central Bank (ECB) has published a detailed guide outlining supervisory expectations for banks outsourcing cloud services. It clarifies how institutions should apply the Digital Operational Resilience Act (DORA) when using cloud service providers. The guide stresses that management bodies retain full responsibility for ICT risk, even when services are outsourced. It promotes rigorous ex ante risk assessments, including concentration and vendor lock-in risks. The ECB highlights the need for clear governance, consistent cloud strategies, strong business continuity plans, and granular exit strategies. Banks are also expected to enforce robust identity, access, and data encryption controls. Internal audits must not rely solely on third-party certifications and should include joint audit initiatives where needed. The guide draws on ECB supervision experience and aims to harmonize expectations without adding new legal obligations. | ||
Poland | FSA | Benchmark reform group recommends standards for POLSTR-based OIS contracts | Poland’s National Working Group for benchmark reform published guidance to standardize OIS transactions referencing the POLSTR index. The recommendation sets parameters for interest calculation, fixing times, day count conventions, and payment lags. It aims to align Polish OIS practices with ISDA standards while ensuring operational consistency across the local money market. Financial institutions may still tailor terms based on risk management needs. | |
Singapore | MAS | Tighter rules for large exposures of banks and merchant banks | The Monetary Authority of Singapore plans to tighten its large exposures framework for local banks and merchant banks. The proposed changes reduce exposure limits to 25% of Tier 1 capital, covering all types of exposures across currencies. Exemptions for intergroup and sovereign-related exposures are now more narrowly defined. Banks must also identify economically connected counterparties and apply look-through approaches to structured products. Regular reporting and immediate action on breaches will become mandatory. The changes aim to improve risk capture and align with global Basel standards. | |
United Kingdom | FCA | The UK’s Financial Conduct Authority (FCA) has proposed new rules to regulate Deferred Payment Credit (DPC), more widely known as Buy Now Pay Later. From July 2026, third-party lenders offering DPC will need FCA authorisation and must comply with conduct, affordability, and data reporting rules. Merchants offering DPC directly remain exempt. The FCA aims to protect consumers by requiring clearer information, proportionate creditworthiness checks, and fair treatment for those in financial difficulty. The new regime balances consumer protection with flexibility for firms to innovate, using the existing Consumer Duty wherever possible. | ||
United Kingdom | BOE | Rules to restate CRR and Solvency II capital requirements from 2026 | The UK’s Prudential Regulation Authority (PRA) has confirmed new rules to restate elements of the Capital Requirements Regulation (CRR) and Solvency II into its own Rulebook. The updated rules, effective from 1 January 2026, include changes to the definition of capital, ECAI mapping for credit ratings, and supervisory expectations for securitisation. The aim is to improve clarity, maintain consistency with international standards, and align regulatory treatment post-Brexit. The PRA also clarified expectations around use of interim profits in CET1 capital and senior manager oversight in securitisation risk transfer. These changes come ahead of the UK’s Basel 3.1 implementation. | |
United Kingdom | BOE | PRA updates large exposures framework to address prudential risks | The UK Prudential Regulation Authority has amended its large exposures rules to tighten credit risk practices. It removed exemptions for exposures to the UK deposit guarantee scheme and disallowed the use of immovable property as credit risk mitigation. It also eliminated stricter limits for exposures to certain French counterparties. These changes aim to reduce overreliance on illiquid assets and ensure consistent treatment of sovereign and connected client exposures. A new supervisory statement now guides firms in identifying groups of connected clients using clearer control definitions. The updated framework takes effect from 1 January 2026. | |
United Kingdom | BOE | New guidance on identifying connected clients for large exposure rules | The PRA has published Supervisory Statement SS3/25 to guide firms on how to identify groups of connected clients (GCCs) under the large exposures framework. It clarifies how to assess control relationships and economic dependencies that could pose single-risk exposures. Firms can apply an alternative approach when dealing with central government-linked entities. The statement also includes scenarios like upstream contagion and overlapping client groups to illustrate application. Firms must now strengthen internal procedures to detect and document these connections. The rules take effect from 1 January 2026. | |
United States | FDIC | Proposed changes to Community Reinvestment Act to boost clarity and performance metrics | The Federal Reserve, FDIC, and OCC have proposed revisions to the Community Reinvestment Act regulations. These changes aim to simplify regulatory language and improve clarity for stakeholders. They also refine performance tests for small banks, allowing more flexibility in evaluating retail lending and community development activities. The proposal adjusts asset-size thresholds and provides better data tools for assessment. Public comments on the notice are open until October 2, 2025. | |
Insurance | European Union | European Commission | EU updates Solvency II rules to unlock insurer capital for productive investments | The European Commission has proposed major updates to Solvency II to free up insurer capital and encourage long-term investment. Changes include recalibrated capital charges for equity and securitisation, improved treatment of reinsurance, and streamlined reporting. The reform also clarifies proportionality rules and enhances group supervision. These revisions aim to help insurers support the EU economy while maintaining financial stability and policyholder protection. |
Netherlands | Dutch Central Bank | New guidelines on climate and environmental risk for Dutch insurers | De Nederlandsche Bank (DNB) released supervisory guidance urging insurers to integrate climate and environmental risks into their risk management and governance. The guidelines clarify expectations under Solvency II, focusing on material risk assessment, scenario analysis, and monitoring of physical and transition risks. Insurers must demonstrate how these risks impact their balance sheets and long-term solvency. DNB will assess implementation progress from 2025 through on-site inspections and supervisory reviews. | |
Investment | Australia | ASIC | Australia is reviewing the balance between public and private capital markets to ensure both remain accessible, efficient, and competitive. The discussion paper highlights reduced IPO activity, regulatory burdens, and investor preferences shifting toward private investments. It proposes modernising disclosure regimes, improving access to private markets, and supporting innovative fundraising mechanisms. The goal is to encourage companies to list publicly while maintaining the benefits of private capital growth. Feedback will shape reforms to ensure Australia’s markets serve the broader economy more effectively. | |
Canada | BCSC | Canada refines dispute resolution framework with binding authority for OBSI | The Canadian Securities Administrators are proposing refinements to give the Ombudsman for Banking Services and Investments (OBSI) binding authority in investment disputes. If a party challenges a recommendation of $75,000 or more, an external decision maker must now decide the case. The CSA also introduced a formal oversight framework, including governance rules, reporting requirements, and CSA approval of key OBSI documents. These changes aim to enhance fairness, independence, and public trust in OBSI’s ability to resolve high-value disputes efficiently. Comments on the proposal are open until September 15, 2025. | |
Hong Kong | SFC | Capital rule changes to support OTC derivatives and digital asset markets | Hong Kong’s Securities and Futures Commission (SFC) has proposed new capital requirements for firms handling OTC derivatives, aligning them with global Basel standards. The changes reduce capital thresholds for inter-dealer brokers and simplify rules for transfer pricing. New exemptions support centrally cleared repos, while updated rules enable trading in Chinese stocks, carbon products, and digital asset futures. These measures aim to position Hong Kong as a leading hub for fixed income, currency, and digital asset markets. | |
Indonesia | OJK | Indonesia’s Financial Services Authority (OJK) issued a regulation mandating risk management and health assessments for investment managers. The rule supports early risk detection through a risk-based supervision model aligned with IOSCO principles. It requires firms to establish risk functions, conduct regular assessments, report findings, and follow up with corrective actions. The regulation is effective from 9 May 2025, with full implementation by 9 May 2027, replacing existing provisions under the 2022 conduct guidelines. | ||
Indonesia | OJK | Tightening internal controls and conduct rules for securities firms | Indonesia’s OJK introduced new rules to enhance internal controls and professional conduct across underwriters and brokers, including regional securities firms. The regulation sets clearer obligations for due diligence, conflict of interest management, and oversight of tech systems and social media partnerships. It also mandates specific governance functions for different firm types and restricts certain access and outsourcing. These measures aim to strengthen investor protection and improve the quality and integrity of market participants. | |
Spain | BOE | Updated statistical reporting rules for EU investment institutions | Spain’s securities regulator CNMV issued a new circular to align reporting rules with updated ECB statistical standards. Investment funds, venture capital entities, and closed-end collective investment schemes must now submit detailed monthly or quarterly reports. The update replaces Circulars 5/2008 and 5/2014 and introduces stricter timelines and templates. It also expands data sharing with the Banco de España and ECB. Firms failing to report on time face sanctions under EU and Spanish laws. The new rules take effect from December 2025. |
Staying on top of these fast-paced regulatory changes isn’t just a choice anymore—it’s a must. That’s where FinregE steps in. Our AI-driven platform keeps a constant eye on regulatory updates, highlights what’s important, and assists teams in understanding, aligning, and implementing changes across different regions. Whether it’s horizon scanning or rule mapping, FinregE equips compliance teams to navigate these challenges with clarity and confidence. Book a demo today
