For institutions navigating compliance landscapes, staying abreast of the most recent developments in global financial rules is crucial. The regulatory updates for digital finance, banking, investing, and insurance this week cover a wide range of important topics, from new crypto-asset standards and extended compliance deadlines to cybersecurity improvements and financial supervisory reforms. A global trend toward more stringent governance, risk management, and financial resilience is reflected in these improvements. This blog makes sure that financial professionals are prepared to handle new compliance issues by highlighting significant regulatory developments in major jurisdictions.
Business Line | Country | Regulator | Regulatory Update | Summary |
All | Italy | BancadItalia | Italy Adopts DORA’s TLPT Cybersecurity Framework for Financial Resilience | The Banca d’Italia has reinforced its cybersecurity testing strategy by aligning the Threat-Led Penetration Testing (TLPT) framework under the Digital Operational Resilience Act (DORA) with its existing TIBER-IT methodology. As cyber threats targeting financial institutions increase globally, TLPT testing has become a crucial regulatory requirement under DORA, mandating periodic penetration testing for financial entities deemed critical. Italy has already implemented TIBER-IT, a localized adaptation of the TIBER-EU framework, allowing financial institutions to conduct advanced cybersecurity tests voluntarily. Recent tests in Italy have revealed key vulnerabilities, particularly in intrusion detection and access management. With third-party service providers playing an increasing role in financial infrastructure, DORA also introduces stricter risk management requirements for critical ICT suppliers. The Bank of Italy has urged financial institutions, even those outside DORA’s mandatory scope, to adopt proactive cyber risk testing as part of their resilience strategy. |
Malta | MFSA | Compliance Outcomes-Based Supervision Across All Financial Sectors in 2025 | The Malta Financial Services Authority (MFSA) has announced that its Compliance Outcomes-Based Supervision framework, initially piloted in digital finance and trust beneficial ownership registers in 2024, will be extended to all financial services sectors in 2025. This approach emphasizes measurable regulatory outcomes, ensuring that supervised entities align with pre-determined compliance objectives. The 2025 supervisory priorities focus on Governance, Risk and Compliance (GRC); Financial Crime Compliance; Consumer Protection and Education; Resilience of Supervised Entities; Sustainable Finance; Digital Finance; and Cross-Border Supervision. MFSA CEO Kenneth Farrugia emphasized the authority’s commitment to fostering financial stability and integrity through proactive regulation, industry collaboration, and alignment with European Supervisory Authorities. | |
Banking | Austria | FMA | Austria Updates Bank Auditors’ Reporting Obligations under § 63 Abs. 3 BWG | The Austrian Financial Market Authority (FMA) has issued an updated circular clarifying the reporting obligations of bank auditors under § 63 Abs. 3 of the Banking Act (BWG). The revision mandates that auditors must promptly report any findings that may indicate a bank’s financial instability, significant risk deterioration, or non-compliance with banking regulations. This includes concerns over the bank’s ability to meet obligations, major balance sheet discrepancies, and potentially fraudulent activities. The update reinforces auditors’ role in maintaining financial stability and transparency by requiring direct reporting to the FMA and the Austrian National Bank. The circular aims to ensure timely regulatory intervention to safeguard banking sector integrity. |
Czechia | CNB | The Czech National Bank (CNB) has announced a major regulatory overhaul, aiming to abolish 36 financial market rules and reporting obligations by the end of 2025. The decision follows an internal analysis identifying cases where Czech financial legislation imposes requirements exceeding EU minimum standards, a practice known as “gold plating.” The CNB’s initiative will simplify compliance, ease administrative burdens on financial institutions, and promote a more business-friendly environment. Additionally, the CNB will propose further legislative changes to the Ministry of Finance to align regulations more closely with European norms while maintaining effective financial oversight. | ||
European Union | EBA | Consultation on Amendments to Benchmarking of Internal Models for 2026 | The European Banking Authority (EBA) has launched a consultation on amendments to the Implementing Technical Standards (ITS) for the 2026 benchmarking exercise of internal models used for credit and market risk calculations. The proposed changes reflect updates under CRR3 and the Fundamental Review of the Trading Book (FRTB), including revised templates for the Alternative Internal Model Approach (AIMA) and the Alternative Standardised Approach (ASA). The amendments aim to enhance supervisory consistency, improve risk parameter benchmarking, and align credit risk asset classifications with the latest supervisory reporting standards. The consultation is open until May 26, 2025, with final ITS expected to be submitted for European Commission endorsement. | |
Hong Kong | HKMA | The Hong Kong Monetary Authority (HKMA) has published the results of its second Climate Risk Stress Test (CRST 2.0), assessing the banking sector’s resilience against climate-related shocks. Conducted with the participation of 46 authorized institutions covering over 90% of the banking sector’s total lending, the stress test evaluated risks under two primary scenarios: a short-term scenario with simultaneous climate shocks and an economic downturn, and three long-term transition pathways. The results show that the Hong Kong banking sector remains resilient, with stressed capital ratios staying well above the international minimum requirement of 8%. While capital ratios may decline by 1.4 to 3.1 percentage points under severe conditions, the sector’s overall capital buffer remains strong at over 20%. The HKMA highlighted industry advancements in stress testing capabilities, data analytics, and AI-driven risk assessments. The authority plans to further integrate climate risks into its supervisory stress testing framework to enhance financial sector preparedness. | ||
Malta | MFSA | Financial Institutions to Strengthen Client Fund Protection Measures | The Malta Financial Services Authority (MFSA) has issued a warning to financial institutions, including Payment Institutions and Electronic Money Institutions, emphasizing the need to enhance their safeguarding mechanisms for client funds. Following two thematic reviews, the MFSA identified gaps in compliance with the recently updated Financial Institutions Rulebook, which aligns with the EBA Guidelines on Outsourcing, the Digital Operational Resilience Act, and the Financial Institutions Act. Key concerns include inadequate safeguarding policies, lack of proper reconciliation processes, and failures in outsourcing governance. The Authority also highlighted conflicts of interest in outsourcing arrangements and urged stronger Board oversight to ensure compliance. Financial institutions must now integrate client fund safeguarding measures into their annual audit plans and improve documentation standards. The MFSA has committed to ongoing supervisory engagement, including inspections, to enforce compliance and uphold financial stability. | |
Insurance | Singapore | MAS | Compliance Toolkit for Captive Insurers to Strengthen Regulatory Adherence | The Monetary Authority of Singapore (MAS) has revised its Compliance Toolkit for Captive Insurers to reflect the latest regulatory requirements and submission processes. The updated version, last revised in February 2025, provides enhanced guidance on approvals, notifications, and regulatory submissions that captive insurers must adhere to under various legislative frameworks, including the Insurance Act 1966, Financial Services and Markets Act 2022, and several MAS Notices and Guidelines. Key updates include the integration of the MAS-Tx platform for regulatory submissions, additional compliance requirements on outsourcing, risk management, and financial resilience, and stricter anti-money laundering (AML) and counter-terrorism financing (CFT) obligations. Captive insurers are expected to align their governance, reporting, and operational practices with the revised toolkit to ensure compliance with MAS regulations. |
Singapore | MAS | The Monetary Authority of Singapore (MAS) has updated its Compliance Toolkit for Direct Insurers and Reinsurers, incorporating new regulatory requirements and submission procedures effective February 2025. The revised toolkit provides detailed guidance on approvals, notifications, and regulatory submissions required under various legislative frameworks, including the Insurance Act 1966, Financial Services and Markets Act 2022, and numerous MAS Notices. Key updates include a transition to the MAS-Tx platform for regulatory submissions, enhanced corporate governance requirements, stricter anti-money laundering (AML) and counter-terrorism financing (CFT) measures, and strengthened risk management obligations. Insurers must align their compliance practices with the updated toolkit to meet MAS expectations and ensure adherence to Singapore’s evolving regulatory landscape. | ||
Singapore | MAS | Compliance Toolkit for Special Purpose Reinsurance Vehicles (SPRVs) | The Monetary Authority of Singapore (MAS) has revised its Compliance Toolkit for Special Purpose Reinsurance Vehicles (SPRVs), with the latest updates published in February 2025. The updated toolkit provides enhanced regulatory guidance for SPRVs, covering approvals, notifications, and regulatory submissions required under the Insurance Act 1966, Financial Services and Markets Act 2022, and various MAS regulations. Key updates include transitioning to the MAS-Tx platform for regulatory filings, stricter requirements for corporate governance, outsourcing, financial resilience, and heightened anti-money laundering (AML) and counter-terrorism financing (CFT) obligations. MAS has emphasized that SPRVs must ensure compliance with these revised regulatory frameworks to maintain financial stability and operational integrity in Singapore’s reinsurance sector. | |
Investment | Australia | ASIC | Australia’s Evolving Capital Markets: Regulatory Discussion on Public and Private Markets | The Australian Securities and Investments Commission (ASIC) has released a discussion paper on the evolving dynamics between public and private capital markets in Australia. The paper highlights key concerns, including the declining number of listed companies, the growth of private markets, and the increasing role of superannuation funds in shaping investment trends. ASIC is seeking industry feedback on how regulatory settings impact market efficiency, transparency, and investor confidence. With public markets facing cyclical and structural challenges, ASIC is evaluating whether regulatory interventions are necessary to maintain market attractiveness while ensuring appropriate investor protections. The consultation is open until April 28, 2025. |
European Union | European Union | New Conflict of Interest Standards for Asset-Referenced Tokens under MiCAR | The European Commission has adopted a Delegated Regulation supplementing the Markets in Crypto-Assets Regulation (MiCAR), setting out new regulatory technical standards (RTS) for issuers of asset-referenced tokens (ARTs). The regulation mandates strict conflict of interest policies and procedures, requiring issuers to identify, manage, and disclose conflicts that could affect their impartiality, decision-making, or financial stability. Key provisions include enhanced transparency, governance requirements, disclosure obligations, and measures to prevent potential misuse of inside information. The regulation also outlines guidelines on remuneration structures and third-party service providers to ensure a fair and compliant digital asset market. These standards aim to bolster investor protection, financial integrity, and trust in the crypto-assets sector. | |
European Union | European Union | New Conflict of Interest Rules for Crypto-Asset Service Providers Under MiCAR | The European Commission has introduced Regulatory Technical Standards (RTS) under the Markets in Crypto-Assets Regulation (MiCAR), detailing new requirements for conflict-of-interest policies and disclosures for crypto-asset service providers (CASPs). The rules mandate identification, management, and disclosure of conflicts that could impact service providers’ objectivity, financial stability, or investor protection. Key provisions include stricter remuneration policies, governance structures, and transparency obligations to mitigate risks. The regulation also requires clear disclosures about crypto-asset service providers’ roles and business models, ensuring that clients can make informed decisions. These measures align crypto regulations with traditional financial market standards, aiming to enhance trust, integrity, and market stability in the EU’s digital asset sector. | |
European Union | European Union | Comprehensive Record-Keeping for Crypto-Asset Service Providers Under MiCAR | The European Commission has adopted Regulatory Technical Standards (RTS) under the Markets in Crypto-Assets Regulation (MiCAR), requiring crypto-asset service providers (CASPs) to maintain detailed records of all services, activities, orders, and transactions. These records must ensure regulatory compliance, market integrity, and investor protection. The new standards align CASP record-keeping with traditional financial markets, mandating uniform data formats, transaction identifiers, and client verification processes. Notably, CASPs must record investment decisions, order execution details, and safekeeping arrangements for client funds. These measures enhance regulatory oversight and transparency, enabling authorities to detect market abuse, ensure fair trading, and uphold financial stability in the EU’s crypto sector. | |
European Union | ESMA | Guidelines on Transfer Services for Crypto-Assets Under MiCA | The European Securities and Markets Authority (ESMA) has published guidelines on the procedures and policies for crypto-asset transfer services under the Markets in Crypto-Assets Regulation (MiCA). The guidelines, developed in collaboration with the European Banking Authority (EBA), aim to ensure uniform application of Article 82 of MiCA, focusing on investor protection. They set requirements for crypto-asset service providers regarding the execution of transfers, client rights, and disclosure obligations. The guidelines cover aspects such as execution times, rejection or suspension of transfers, liability for incorrect transactions, and security measures to prevent fraud. Compliance with these guidelines is mandatory for relevant service providers and competent authorities within 60 days of their publication on ESMA’s website. | |
European Union | ESMA | The European Securities and Markets Authority (ESMA) has issued new guidelines to clarify and enforce the reverse solicitation exemption under the Markets in Crypto-Assets Regulation (MiCA). These guidelines define when third-country firms are actively soliciting EU clients and outline supervisory measures to prevent regulatory circumvention. Key provisions include criteria for solicitation, assessment of exclusive client initiatives, and oversight mechanisms to detect unauthorized market targeting. ESMA also provides examples of indirect solicitation, such as digital advertising, influencer marketing, and event sponsorships. Competent authorities must implement these guidelines within 60 days to strengthen market integrity and investor protection. | ||
European Union | ESMA | Guidelines on Stress Test Scenarios for Money Market Funds (MMFs) | The European Securities and Markets Authority (ESMA) has issued updated guidelines on stress test scenarios under the Money Market Fund (MMF) Regulation. These guidelines establish common reference parameters for stress testing MMFs against various hypothetical risks, including liquidity shocks, credit risk events, interest rate fluctuations, and macroeconomic shocks. The revised stress test framework ensures that MMFs can assess their resilience to market stress and fulfil regulatory reporting obligations under Article 37 of the MMF Regulation. These guidelines, which apply to competent authorities and MMF managers, are updated annually to reflect evolving market conditions and must be implemented within two months of publication. | |
Indonesia | OJK | Launches Suptech Integrated Analytics Data (OSIDA) PMDK Application | The Otoritas Jasa Keuangan (OJK), Indonesia’s Financial Services Authority, has launched the Suptech Integrated Analytics Data (OSIDA) PMDK application to strengthen market surveillance, monitoring, and analysis in the capital markets sector. The system leverages Big Data Analytics to improve regulatory oversight, enhance investor protection, and ensure a fair and efficient market. As part of OJK’s 2022–2027 strategic roadmap, OSIDA PMDK will integrate data across multiple financial sectors, including banking, insurance, carbon exchanges, and digital assets. The platform currently features investor profiling and segmentation tools, with plans to incorporate market manipulation recognition, fraud identification, and machine learning-driven monitoring. OJK aims to utilize artificial intelligence and network analysis to improve supervision efficiency and data transparency in Indonesia’s financial markets. | |
United Kingdom | UK Statutory Instruments | Regulations for Unauthorised Co-ownership Alternative Investment Funds (Reserved Investor Funds) | The UK Treasury has introduced The Unauthorised Co-ownership Alternative Investment Funds (Reserved Investor Fund) Regulations 2025, which establish the legal framework for Reserved Investor Funds (RIFs) structured as co-ownership alternative investment funds (AIFs). Effective February 2025, these regulations extend provisions of the Financial Services and Markets Act 2000 to RIFs, ensuring clarity on participant rights, liabilities, and contract enforcement. Key provisions include limited liability for investors, segregated liability for umbrella schemes, and contractual rights for fund operators. The regulations also ensure that AIFs that were previously RIFs but are no longer classified as such continue to be governed under UK law if they meet specific UK-based conditions. This move aims to enhance investor protection and regulatory oversight in the UK alternative investment market. | |
United States | SEC | SEC Extends Compliance Deadlines for U.S. Treasury Clearing Rules | The U.S. Securities and Exchange Commission (SEC) has announced a one-year extension for compliance with newly adopted rules concerning clearing requirements for U.S. Treasury securities transactions. These rules, originally set to take effect in 2025 and 2026, require covered clearing agencies (CCAs) to mandate the submission of all eligible secondary market transactions for clearing and settlement. The new compliance dates are now December 31, 2026, for cash market transactions and June 30, 2027, for repo transactions. The extension follows concerns from industry participants, who cited operational challenges, legal documentation hurdles, and the need for improved onboarding processes. The SEC aims to provide additional time for market participants to implement necessary infrastructure while ensuring a smooth transition to broader central clearing for U.S. Treasury securities. |
