As regulatory landscapes continue to evolve globally, staying updated on key compliance developments is essential for businesses and financial institutions. In Week 7 of 2025, regulators worldwide introduced new policies and amendments covering data protection, ICT risk management, banking capital rules, sustainability disclosure, and more. These updates reflect ongoing efforts to strengthen financial resilience, enhance transparency, and align with emerging digital and environmental risks. In this blog, we summarize the most significant regulatory changes across multiple jurisdictions, helping organizations navigate their compliance obligations effectively.
Business Line | Country | Regulator | Regulatory Update | Summary |
All | China | CAC.GOV.CN | Compliance Audit Rules to Strengthen Personal Data Protection | China has introduced the Personal Information Protection Compliance Audit Measures (“Measures”), further refining its regulatory framework for personal data protection audits. These Measures, backed by the Personal Information Protection Law (PIPL), establish clear requirements for periodic compliance audits conducted by personal data processors and audits mandated by regulatory authorities. Companies handling over 10 million individuals’ data must conduct audits at least once every two years, while other organizations are subject to audits based on regulatory triggers such as major security incidents. To enhance audit credibility, third-party institutions must conduct regulatory-mandated audits independently, ensuring transparency and professionalism. The Measures also outline a structured audit process, balancing compliance obligations with operational flexibility, and include detailed audit guidelines aligning with global best practices. This regulatory development marks a significant step in China’s personal data protection governance, reinforcing compliance expectations while supporting the country’s digital economy growth. |
European Union | EBA | The European Banking Authority (EBA) has updated its Guidelines on ICT and security risk management (EBA/GL/2019/04) to align with the Digital Operational Resilience Act (DORA), which will apply from January 2025. With DORA introducing harmonized ICT risk management, incident reporting, and third-party risk management rules for financial entities, the EBA has narrowed the scope of its guidelines to avoid regulatory overlap. The updated guidelines will now focus primarily on relationship management between payment service providers and users. Other sections of the previous guidelines have been repealed, as DORA comprehensively covers ICT and security risks for most financial institutions. The changes aim to ensure regulatory clarity and avoid duplicative compliance obligations for affected entities. | ||
Indonesia | OJK | The Otoritas Jasa Keuangan (OJK) has issued 12 new regulations (POJKs) in the financing and microfinance sector (PVML) to enhance industry resilience, consumer protection, and sustainable growth. These regulations, derived from Indonesia’s Financial Sector Development and Strengthening Law (UU P2SK), cover key areas such as risk management, governance, human resource development, and financial technology-based funding services. Nine of these POJKs were introduced at the end of 2024, focusing on regulatory oversight, prudential standards, and cooperative finance. OJK also introduced new fit and proper assessment guidelines for key stakeholders in PVML institutions. These regulatory updates are aimed at ensuring a more robust, transparent, and well-governed financial sector in Indonesia. | ||
Netherlands | Dutch Central Bank | Climate and Environmental Risk Management Guide for Financial Institutions | The De Nederlandsche Bank (DNB) has updated its Guide for Managing Climate and Environmental Risks, provided new best practices and expanded regulatory insights for financial institutions, including pension funds, investment firms, insurers, and electronic money/payment institutions. The guide emphasizes four key focus areas: business model and strategy, governance, risk management, and information provision. It introduces updated methodologies for assessing nature-related risks, enhanced sustainability commitments guidance, and compliance recommendations aligned with European regulatory frameworks such as the CSRD (Corporate Sustainability Reporting Directive). The guide also reflects DNB’s risk-based supervisory approach, ensuring institutions integrate climate and environmental risks into their core processes and compliance strategies. | |
Banking | European Union | EBA | The European Banking Authority (EBA) published the Final Report on Implementing Technical Standards (ITS) for public disclosures by large and other institutions under the Capital Requirements Regulation (CRR 3). This initiative introduces the Pillar 3 Data Hub (P3DH), a centralized platform that will collect, store, and publicly disclose prudential information from all European Economic Area (EEA) banks. The new framework aims to enhance transparency, standardize disclosures, and improve market discipline by providing a single access point for financial and risk-related data. Large and other institutions must start submitting data by June 30, 2025, while small and non-complex institutions (SNCIs) will be covered under a separate process. The platform will also integrate with the European Single Access Point (ESAP) by 2030, ensuring broader access to financial data across the EU. | |
Hong Kong | HKMA | The Hong Kong Monetary Authority (HKMA) has proposed several amendments to the Banking (Capital) Rules (BCR), aiming to enhance regulatory clarity and align with international standards, including the Basel Framework. The changes include revisions to definitions, adjustments in capital adequacy calculations, and refinements to risk-weighting approaches for financial institutions. Notable updates involve removing outdated jurisdictional references, modifying credit risk assessment criteria, and updating terminology related to derivative contracts. The amendments also provide greater flexibility for banks that have re-domiciled while ensuring that capital treatment remains robust. These refinements are expected to improve regulatory transparency, risk management, and alignment with global banking regulations. | ||
United Kingdom | BOE | The Prudential Regulation Authority (PRA) has published Policy Statement 2/25 (PS2/25), streamlining firm-specific capital communications for banks, building societies, investment firms, and PRA-approved holding companies. The changes simplify the process for setting Pillar 2A capital, systemic buffers, and the Additional Leverage Ratio Buffer (ALRB) without affecting firms’ capital requirements. The new rules replace complex regulatory procedures with clearer, rule-based guidelines, reducing compliance burdens and costs. Firms are not required to take any actions for implementation, as the new policy automatically takes effect on March 31, 2025. The PRA expects this update to enhance regulatory efficiency and facilitate competition in the UK financial sector. | ||
Investment | European Union | ESMA | Finalized Technical Standards for European Green Bonds Regulation | The European Securities and Markets Authority (ESMA) has published its Final Report on Technical Standards under the European Green Bonds (EuGB) Regulation. The report outlines regulatory and implementing technical standards (RTS and ITS) that establish criteria for external reviewers, covering senior management requirements, conflicts of interest, analytical expertise, outsourcing rules, and reporting templates. Following a public consultation process from March to June 2024, ESMA refined the draft standards to enhance proportionality, reduce compliance burdens, and align with EU sustainable finance regulations. The final standards aim to ensure transparency, credibility, and investor confidence in the European Green Bonds market. ESMA has submitted these standards to the European Commission for adoption, with application expected by June 2026. |
European Union | ESMA | Consultation on Amendments to CSDR Settlement Discipline Standards | On February 13, 2025, the European Securities and Markets Authority (ESMA) published a Consultation Paper on proposed amendments to the Regulatory Technical Standards (RTS) on Settlement Discipline under the Central Securities Depositories Regulation (CSDR) Refit. The proposed changes focus on enhancing settlement efficiency and reducing settlement fails, covering areas such as timing of allocations and confirmations, partial settlement, hold & release mechanisms, reporting obligations, and the alignment of settlement cycles. The consultation invites industry feedback on key regulatory changes, including the introduction of electronic, machine-readable formats for trade allocations and new standards for settlement instruction deadlines. ESMA will consider stakeholder responses before submitting the final RTS amendments to the European Commission in October 2025. | |
European Union | ESMA | The European Securities and Markets Authority (ESMA) has released a Consultation Paper on revising the disclosure framework for private securitisation under Article 7 of the Securitisation Regulation. The proposed framework introduces a simplified disclosure template, aiming to reduce reporting burdens while ensuring transparency. This initiative follows industry feedback that current reporting requirements are too complex and not fully aligned with private transactions. The new approach focuses on key transaction details, exposure data, and risk retention, streamlining information-sharing while maintaining regulatory oversight. Stakeholders are invited to submit feedback by March 31, 2025, before ESMA finalizes the technical standards and submits them to the European Commission later this year. | ||
Luxembourg | CSSF | The Commission de Surveillance du Secteur Financier (CSSF) has released an updated version (6.1) of its U1.1 reporting guidelines, introducing changes aimed at improving reporting accuracy and transmission efficiency for Undertakings for Collective Investment (UCIs). Key updates include the removal of external transmission channels and the mandatory use of XML format for submissions. Additionally, the guidelines align with Circular CSSF 24/866, set to take effect in December 2025, and refine reporting requirements on fund structure, financials, income, expenses, and investor details. These changes ensure greater regulatory oversight and streamlined reporting for investment funds operating under CSSF supervision. | ||
Malta | MFSA | The Malta Financial Services Authority (MFSA) has introduced two key regulatory initiatives under the Investment Services Act, aimed at enhancing flexibility and innovation in asset management. First, the Special Limited Partnership Fund (SLPF) has been launched as a new non-retail Collective Investment Scheme (CIS), offering an alternative to the existing limited partnership framework under the Companies Act. Second, the Notified Professional Investor Fund (NPIF) framework has been extended to include self-managed funds, which were previously restricted to externally managed funds. These updates provide cost efficiencies, operational benefits, and streamlined onboarding processes, reinforcing Malta’s position as an attractive hub for investment funds. | ||
Romania | ASF Romania | Romania Amends Capital Market Law to Enhance Investor Protection and Market Efficiency | The Chamber of Deputies in Romania has adopted amendments to Law No. 24/2017 on issuers of financial instruments and market operations, introducing key reforms to simplify capital-raising procedures, enhance investor protection, and improve transparency. The changes include a reduction in the preference right exercise period from 30 days to a minimum of 10 working days, streamlined publication timelines for corporate decisions, and new provisions for executing court rulings on share capital annulments. Additionally, quarterly reporting obligations are maintained but with an extended deadline from 45 to 60 days, aligning with international financial reporting standards. These updates are part of Romania’s 2023-2026 Capital Market Development Strategy, ensuring a more efficient, transparent, and competitive capital market. The law will now be sent to the President of Romania for promulgation. | |
United Kingdom | FCA | Extending Sustainability Disclosure Rules to Portfolio Management | The UK Financial Conduct Authority (FCA) has released a consultation paper (CP24/8) proposing to extend the Sustainability Disclosure Requirements (SDR) and investment labels regime to portfolio management services. This expansion follows the FCA’s earlier introduction of sustainability labelling and anti-greenwashing measures for fund managers. The new rules would apply to wealth managers, private equity firms, and investment advisors, requiring them to provide clear sustainability labels, enhanced disclosures, and stricter marketing rules. The initiative aims to protect investors from greenwashing, enhance transparency, and support the UK’s position as a leader in sustainable finance. The consultation is open for feedback until June 14, 2024, with final rules expected in late 2024. |
Navigating the ever-changing regulatory landscape can be complex and resource intensive. FinregE simplifies compliance management with AI-powered automation, real-time regulatory alerts, and intuitive monitoring tools. Our solutions ensure that financial institutions stay ahead of compliance challenges by providing accurate, timely, and actionable insights. Whether it’s adapting to new data protection rules, banking regulations, or sustainability disclosures, FinregE helps businesses maintain compliance with confidence and efficiency. Book a demo today.
