On 3 October 2025, updated guidance was published regarding the information sharing measures in the Economic Crime and Corporate Transparency Act 2023 (ECCTA) (the Revised Guidance). ECCTA allows the direct and indirect sharing of information between businesses in the anti-money laundering (AML) regulated sector in order to prevent, detect and facilitate the investigation of economic crime. These measures came into force on 15 January 2024 and are voluntary. The Home Office, HM Treasury, Ministry of Justice, Companies House, Serious Fraud Office and Department for Business and Trade publish joint guidance to support AML regulated firms (within Schedule 9 of the Proceeds of Crime Act 2002) in utilising these information sharing measures. This guidance was first published in October 2024 and was subsequently updated in December 2024. The latest Revised Guidance includes a number of drafting clarifications to the December 2024 guidance, including, amongst other things, wording that sets out that: the measures will allow for the disapplication of confidentiality, as well as civil liability, for direct sharing of customer information, for the purposes of preventing, detecting or investigating economic crime between AML regulated firms. The measures also allow for the indirect sharing of customer information through a third-party intermediary between certain types of firms listed in the guidance; economic crime in this context is defined in schedule 11 of ECCTA; the measures do not enable the disclosure of privileged information or information that could contravene the UK General Data Protection Regulation; and the Secretary of State can make regulations bringing additional businesses within scope of the direct or indirect sharing provisions. The Revised Guidance also includes a new section on the application of measures when AML regulated firms undertake AML-regulated and non-AML regulated activity.

On 8 October 2025, the Treasury Laws Amendment (Strengthening Financial Systems and Other Measures) Bill 2025 reached the third reading stage in the House of Representatives. The Bill is an omnibus Bill which amends the Corporations Act 2001 (Cth) in addition to various taxation, charities, financial regulation oversight, competition and foreign investment laws in the Treasury portfolio. Schedule 1 to the Bill amends Chapters 6 and 6C of the Corporations Act to enhance the substantial holding and tracing notice regimes, which, among other things, govern the disclosure of beneficial ownership for listed entities, by requiring holders to disclose certain “derivative-based interests” to the market. The changes are consistent with the Government’s 2022 election commitment to introduce reforms in relation to beneficial ownership. Schedule 1 to the Bill includes amendments intended to: Bring interests arising from equity derivatives into the Chapter 6C disclosure regime – streamlining disclosure requirements and ensuring the same level of regulatory oversight, and penalties for misconduct, apply with respect to all interests required to be disclosed to the market. Require foreign-registered entities listed on Australia’s financial markets and their shareholders to disclose interests in securities to the same standard as Australian-registered listed entities and their shareholders. Clarify when the existing and new disclosure requirements crystallise and introduce greater flexibility to simplify some of the disclosures required. Improve access to, and usability of, existing registers of information about relevant interests in listed entities collected via tracing notices. Confer on ASIC appropriate powers to incentivise compliance with the streamlined disclosure regime and protect market participants, including increased penalties for existing offences in Chapter 6C.

On 29 September 2025, the European Banking Authority (EBA) announced the launch of its 2025 EU-wide Transparency Exercise (Exercise), with the aim to enhance transparency and market discipline in the EU financial system. The Exercise will disclose data from over 100 major EU banks covering capital positions, financial and sovereign exposures, asset quality and risk metrics, complementing Pillar 3 disclosures under the EU Capital Requirements Directive IV. For the first time, the EBA will also offer interactive tools to allow users to explore and compare data across time, countries and individual banks. The data will cover the period from Q3 2024 to Q2 2025, with final results being released in early December 2025 alongside the EBA’s Risk Assessment Report.

On 26 September 2025, the European Parliament’s Committee on Economic and Monetary Affairs (ECON) issued a Recommendation for Second Reading on the European Council’s position to amend Regulations for certain reporting requirements of financial services and investment support. The targeted amendments focus on several foundational Regulations in the EU’s financial supervisory framework, including Regulations (EU) No 1092/2010; (EU) No 1093/2010; (EU) No 1094/2010; (EU) No 1095/2010; (EU) No 806/2014; (EU) 2021/523 and (EU) 2024/1620. These amendments are intended to refine the reporting landscape by removing duplication, clarifying obligations and streamlining reporting requirements. The Recommendation contains a draft European Parliament legislative resolution, as well as a short justification for the Recommendation. The draft legislative resolution, among other things, approves the Council’s position at first reading, and instructs the President to sign the act with the Council President.

On 26 September 2025, the Single Resolution Board (SRB) published Operational Guidance on Resolvability Testing for Banks (Operational Guidance). The SRM Vision 2028 calls for an increased focus on banks’ operational readiness to implement resolution strategies. A key component of the SRM Vision 2028 is resolvability testing. The purpose of the Operational Guidance is designed to implement the revised European Banking Authority (EBA) guidelines on improving resolvability by providing practical direction on the establishment of multi-annual testing programmes (MATPs). The Operational Guidance applies to banks under the SRB’s direct remit that are earmarked for resolution, including bank resolution groups, in line with paragraph 26 of the EBA guidelines on improving resolvability. The Operational Guidance covers: Testing areas and sub-areas. MATP. Testing methods. Testing governance expectations. Testing environment expectations. Steps involved in designing, preparing, performing, reporting and following up on tests. The Operational Guidance is divided into two parts, with Part 1 containing general guidance and Part 2 containing guidance specific to each testing area/sub-area. The SRB has also published a Feedback Statement following its earlier consultation on the Operational Guidance. Among other things the Feedback Statement notes that to address industry concerns, the Operational Guidance clarifies that banks do not need to replicate their entire IT infrastructure for testing purposes. The SRB also clarifies that banks may rely on production environments for resolvability testing, provided adequate safeguards are in place, and that test environments are only expected where expressly outlined in the Operational Guidance. Furthermore, the SRB emphasises that test environments do not need to be maintained and updated on a permanent basis, and that there is no expectation that they will interact with third-party test environments.

On 25 September 2025, HM Treasury (HMT) issued a consultation and call for evidence on the UK’s Commercial Credit Data Sharing (CCDS) scheme. The government committed to consult on the CCDS scheme at Autumn Budget 2024, to assess potential enhancements. CCDS scheme CCDS is an initiative dating back to 2013. It requires major lenders (banks designated by HMT) to share credit information on their small and medium-sized business customers (SMEs) with credit reference agencies (CRAs) designated by HMT, in order to improve access to finance. CCDS operates under the Small and Medium Sized Business (Credit Information) Regulations 2015, made under powers in the Small Business, Enterprise and Employment Act 2015. Proposals After setting out the background to the statutory framework for the CCDS, HMT provides an analysis of areas where action may be warranted and invites feedback. HMT’s proposals include: The implementation of a standard data format that is used by all participants consistently across industry. HMT recognises that such a standard is already in train with industry but wants to know if there should be a role for it or the Financial Conduct Authority to ensure that a single standard for data submission is established and in use, and that the use of previous versions is sunsetted. Seeking views on whether CRAs should set up online data amendment portals, similar to those they have under the consumer credit data sharing scheme, to allow for ease of data amendment, and the costs and benefits of them doing so. HMT is also seeking evidence of the status quo for amending data and what challenges may arise to help formulate a position. Asking whether the timeframe for designated banks to submit data to a designated CRA should be shortened to enhance timeliness and improve data accuracy. Potential amendments to the legislation to account for issues arising from the definition of an SME Potential adjustments to the application of the CCDS regime which currently imposes a duty on designated banks to be able to designate a wider set of designated providers of finance, given that the marketplace for lending has diversified considerably since the original regulations were enacted. Next steps The deadline for comments on the consultation and call for evidence is 20 November 2025. Depending on stakeholder feedback HMT may explore whether existing legislation needs to be amended or whether the policy objectives can be achieved by alternative means such as through relevant guidance.

On 26 September 2025, the Financial Conduct Authority (FCA) issued Consultation Paper 25/26: Consequential Handbook changes following the proposals in CP25/17 (CP25/26). Background Earlier this year the FCA published Consultation Paper 25/17 (CP25/17), setting out detailed rules for a new regulated proposition for targeted support in pensions and retail investments. The deadline for comments on CP25/17 was 29 August 2025. In CP25/17 the FCA said that its proposals interact with various rules in the FCA Handbook, and that it would consult on additional consequential amendments to its rules to ensure that the proposals work with the existing requirements. The FCA is consulting on these additional proposals in CP25/26. Proposals The FCA is proposing changes in three areas to: Ensure that its proposed targeted support framework interacts effectively with existing rules, such as those relating to pensions choices. Refine some of the proposals set out in CP25/17, such as those around commissions and charging. Ensure that the proposed new targeted support activity aligns with the wider regulatory framework, such as reporting requirements. A table set out at paragraph 1.10 of CP25/26 provides an overview of the main changes the FCA is consulting on. Chapter 2 of CP25/26 provides further detail about the proposed changes and these are all shown in the draft Handbook text in Appendix 1. Next steps The deadline for comments on CP25/26 is 17 October 2025. The FCA intends to publish a Policy Statement and final rules this December. The application of the FEES sourcebook to targeted support – including the appropriate fee blocks, basis of calculation, and any related Handbook amendments – will be consulted on as part of the FCA’s FEES Policy consultation, due to be published in November 2025.

On 28 July 2025, the Prudential Regulation Authority published a Final Notice in respect of the London branch of Barents Reinsurance S.A., imposing a fine of £1,785,000 for failing to organise and control its affairs responsibly and effectively, as well as governance and regulatory reporting failures for more than two years post Brexit. For the key takeaways from this case, as well as the key findings, please see our latest Notice in a Nutshell briefing here. All of our publications in this series can now also be found here.

On 25 September 2025, the Australian Securities and Investments Commission (ASIC) published Report 815 Hardship, not so hard to get help (REP 815). REP 815 sets out the actions that ASIC has taken since the publication in May 2024 of Report 782 Hardship, hard to get help: Findings and actions to support customers in financial hardship and sets out certain observations since the release of the report.  REP 782 was a review of 10 large home lenders to understand how they were supporting customers experiencing financial hardship. Whilst ASIC has observed continued improvements in lender approaches including lenders communicating more proactively with customers on their options there are still some lenders who have been slower to show progress and there are concerns with the quality of some hardship responses. ASIC Commissioner O’Rourke said, ‘We urge all lenders to adopt a proactive, continuous improvement approach to supporting their customers experiencing financial hardship, and to ensure adequate focus on customer experience and outcomes in their practices. ‘Financial hardship assistance continues to be a key focus area for ASIC, particularly as some consumers continue to experience cost-of-living pressures.’

On 25 September 2025, the Australian Government opened a consultation on draft legislation to regulate digital asset platforms and tokenised custody platforms by introducing each as new financial products. The draft legislation seeks to implement the Australian Government’s commitment in the 2024-2025 Budget to modernise Australia’s digital asset regulations. The proposals would address the current regulatory gaps and uncertainty when dealing with digital assets and the infrastructure and arrangements that support them in the context of Australia’s financial regulatory framework. The proposed framework is designed to align with peer jurisdictions like the European Union and United Kingdom. It targets the same activities using Australian domestic concepts of ‘financial product’ and ‘financial service’– making only minor changes to how those existing laws would apply. This is consistent with the ‘same risk, same regulation’ approach used in other jurisdictions. The term “digital asset” is not currently used or defined in Australia’s financial services laws, despite those laws applying to digital assets in the same way as any other asset. The draft legislation will also avoid using or defining the concept of digital asset. As such: New and existing references to “asset” within the financial services laws will continue to cover bundles of rights, including rights that are legally recognised as being held by a person who in fact possesses a digital token. New references to “digital tokens” within the financial services laws signify that a provision is ambivalent to the type or class of asset being held by a person who in fact possesses a digital token. The existing financial services laws will continue to be used to determine whether an arrangement (such as a contractual agreement) is a financial product. In the context of digital assets, this may mean identifying whether a person who in fact possesses a digital token is legally recognised as the “holder” of a financial product. The draft legislation introduces two new financial products within the Corporations Act 2001 – digital asset platform and tokenised custody platform. Existing consumer protections and licensing rules will generally apply. Providers of the new financial products will be required to hold an Australian Financial Services Licence, they will be subject to both the existing obligations of the license and targeted obligations. Platforms holding less than $5,000 per customer and facilitating less than $10 million in transactions per year will be exempt. The deadline for comments on the draft legislation is 24 October 2025.

On 25 September 2025, the European Securities and Markets Authority (ESMA) published updated reporting instructions and XML schema (version 1.2.0) for the weekly reporting of commodity derivatives positions under the Markets in Financial Instruments Directive II, reflecting the changes from the latest review. ESMA will start applying the new XML schema and reporting instructions on 1 April 2026. As of that date, reporting entities should only use the latest version 1.2.0.

On 25 September 2025, there was published in the Official Journal of the EU (OJ), Commission Delegated Regulation (EU) 2025/1493 of 11 June 2025 amending Commission Delegated Regulation (EU) No 876/2013 supplementing the European Markets Infrastructure Regulation as regards changes to the functioning and management of colleges for central counterparties. Our earlier blog on Commission Delegated Regulation (EU) 2025/1493 can be found here. Commission Delegated Regulation (EU) 2025/1493 enters into force on the twentieth day following its publication in the OJ (15 October 2025).

On 25 September 2025, the Financial Conduct Authority (FCA) published a statement in parallel with HM Revenue and Custom’s (HMRC) newsletter 173 on pension schemes, clarifying how its existing rules on cancellation rights operate. FCA rules Under FCA rules, consumers have a right to cancel certain contracts typically within 30 days of entering the contract, if they change their mind. However, the right to cancel does not arise in all circumstances and a consumer accessing tax-free cash in itself does not trigger cancellation rights under FCA rules. Also, the FCA rules do not exempt firms from HMRC requirements. Under the Conduct of Business sourcebook (COBS) 15.2, cancellation rights apply when a consumer enters certain specified contracts. In the pensions and retirement space, specified cancellable contracts include a pension transfer contact and a contract to join a personal pension scheme. A contract allowing a person to take a Pension Commencement Lump Sum (PCLS), sometimes known as a tax-free lump sum, is not listed as a cancellable contract in COBS 15.2 so a contractual term allowing someone to take a PCLS does not of itself trigger cancellation rights. The remainder of the statement discusses taking a PCLS. In particular the FCA states that: FCA rules do not prevent a pension provider from choosing to offer cancellation rights in their contracts in additional circumstances beyond those set out in FCA rules. Firms will need to consider the implications of tax legislation when voluntarily offering cancellation rights. Where a consumer has taken a PCLS and then wishes to return that money to a pension, tax legislation will affect what firms and their customers are able to do and whether a consumer will incur a tax charge. HMRC’s newsletter provides further information.

On 19 September 2025, the Joint Committee of the European Supervisory Authorities published a report on risks and vulnerabilities in the EU financial system. The report highlights that global trade and security developments have led to sudden structural changes and contributed to a deteriorating economic outlook, increasing the risks to financial stability. On this basis, the Joint Committee advises the European Supervisory Authorities, Member State competent authorities, financial institutions and market participants to take the following policy actions: Continue to embed geopolitical risks in their day-to-day business operations and risk assessments. Prepare for short and medium-term challenges, amid high uncertainties, such as market corrections, by maintaining adequate provisions and stress testing their liquidity positions. Strengthen vigilance against cyber risks and their potential impact on operational and financial stability, also via third-party service providers. Monitor contagion risks from crypto assets as the market expands, and the link between crypto markets and traditional financial sectors strengthens. Play an active role in supporting the Savings and Investments Union initiative, whilst considering the liquidity characteristics and risk profiles of alternative investments and their suitability for retail investors.

On 19 September 2025, there was published in the Official Journal of the European Union (OJ), Commission Delegated Regulation (EU) 2015/1496 which amends the Capital Requirements Regulation (CRR) concerning own funds requirements for market risk, notably delaying the implementation of the Fundamental Review of the Trading Book (FRTB) framework. Key amendments: Postponement of FRTB implementation: The application date for FRTB own funds requirement has been deferred to 1 January 2027 due to delays to the implementation of FRTB standards in other jurisdictions. Continued application of pre-FRTB framework: In accordance with Article 430(b) of CRR, institutions should continue to report to their Member State competent authorities for the calculation of own funds requirements for market risk until the FRTB framework has been implemented. Disclosure requirements: Institutions are required to continue disclosing information relevant to their exposure to market risk and related own funds requirements based on pre-FRTB calculation approaches until the new disclosure requirements under Regulation (EU) 2024/1623 (CRR III) are applicable, which have also been deferred by one additional year. The Delegated Regulation enters into force on the day following that of its publication in the OJ and shall apply from 1 January 2026.

On 17 September 2025, the Council of the EU (Council) published the text of a draft Regulation amending the Central Securities Depositories Regulation (CSDR) to shorten the mandatory settlement cycle for most securities traded on EU trading venues from two business days (T+2) to no later than one business day after trading takes place (T+1). Securities financing transactions that are documented as single transactions composed of two linked operations will be exempt along with margin lending transactions. The next step is for the Council to formally adopt the draft Regulation. In June 2025, the Council and the European Parliament reached political agreement on the draft Regulation. The draft Regulation enters into force on the twentieth day following that of its publication in the Official Journal of the EU and applies from 11 October 2027.

A few months after the Markets in Crypto Asset Regulation (MiCA) took effect on 30 December 2024, regulatory and enforcement issues have already become apparent. In a joint communication, the French, Austrian and Italian national competent authorities (the AMF, the FMA and the Consob) (the NCAs) drew attention to certain gaps in the new regime and proposed possible adjustments around four key priorities. More specifically, the three NCAs noted that MiCA’s application was fragmented across jurisdictions, creating significant coordination costs. Weaknesses were also identified in approval and supervision mechanisms – for example, authorities cannot require cybersecurity certification at the authorization stage. In addition, the location of the largest service providers may weaken the reach of European regulation, as noted by the International Organization of Securities Commissions and the Financial Stability Board. Finally, the growing hybridisation of crypto and traditional financial assets calls for more consistent investor protection across financial services, such as requiring all crypto-asset service providers to collect clients’ information to assess clients’ understanding of the products they intend to trade. Taking this into account, the four NCAs formalized their recommendations into four key directions: 1. Introduction of a mechanism for the direct supervision of a significant cryptoasset service provider (CASP) by the European Securities and Markets Authority (ESMA). Inspired by the Single Supervisory Mechanism, as well as the regulatory frameworks for issuers of asset-referenced tokens (ARTs) and issuers of electronic money tokens (EMTs) that fall under the direct supervision of the European Banking Authority (EBA), the direct supervision of large CASPs would involve ESMA’s powers of approval, supervision and direct sanction over these entities. From the regulators’ perspective, direct supervision would help standardize the adoption of rules across Member States, promote consistent supervisory practices, and reduce the risk of regulatory arbitrage. It would also ensure uniform application of the rules, provide effective oversight of crypto-asset markets, and strengthen protection for European investors. From the perspective of market participants, direct supervision may lower compliance costs and better align with the supervisory powers granted to the European Anti-Money Laundering Authority, which is set to oversee certain CASPs or their groups starting in 2028. 2. Strengthening of the rules applying to global platforms. When a CASP delegates essential functions to an entity in a third country, this arrangement should only be allowed if the third country’s legal framework is deemed equivalent to the MiCA regime and if there is a cooperation agreement in place with that country’s supervisory authority. Alternatively, MiCA could allow a third-country intragroup service provider to voluntarily submit to the full extra-territorial supervision of the CASP’s home authority or of ESMA. Additionally, it is proposed that any European intermediary executing crypto-asset orders on behalf of investors must do so on the order book of a platform that is either subject to MiCA or to an equivalent regulatory regime, as determined by the European Commission based on international standards. It has been observed that major platforms often use structures where entities based outside the EU serve EU customers through brokers authorized in Europe as CASPs, who simply route orders outside the Union. Supervising these arrangements is challenging because key trading decisions and operations occur outside the EU, making order flows difficult to track—especially since authorities may not have access to data on the resulting transactions. Furthermore, investors placing orders on such platforms may not benefit from MiCA’s protections. These include the requirement for customer consent before matched principal trading, safeguards for system resilience against cyber-security risks, measures to detect and prevent market abuse, and transparency regarding crypto-asset prices and trading volumes. 3. Enhancement of supervisory tools on cybersecurity. Before being authorised, all applicants seeking CASP status should be required to undergo a cybersecurity audit conducted by independent and qualified providers. This audit will assess the applicant meets the cybersecurity requirements and is capable of effectively preventing and responding to cyber-attacks. The audit should focus on measures to ensure the safekeeping of cryptoassets and address sector-specific risks, such as  wallet breaches, data leaks, denial-of-service attacks, identity theft, and the inability to investigate in the event of an incident or fraudulent activity. To maintain high standards, these audits should be repeated regularly to reflect evolving practices and emerging risks.. Furthermore, the independence and expertise of audit providers should be established through a harmonized Europe-wide certification scheme for cybersecurity auditors, in line with European Regulation 2019/881 on cybersecurity certification for information and communication technologies; and 4. Creation of a one-stop shop for token offerings. Centralizing the filing and management of token offerings (excluding stablecoins) with ESMA would be beneficial. This approach should be accompanied by a review of current regulations to clarify the responsibilities of authorities before a token offering begins in one or more countries. The main objectives are to simplify the process for issuers, ensure uniform application of the rules, and prevent market fragmentation. Currently, issuers or offerors must notify their token offerings to national authorities, who then forward this information to ESMA within tight deadlines. However, there is a lack of clear guidance on whether the receiving authority is required to review the information before the offering starts in its jurisdiction. Since most cryptoasset offerings are intended to reach investors across the EU, issuers frequently use the passporting mechanism to access multiple Member States. The current fragmented system, where each national authority handles similar filings or notifications, leads to inconsistent document processing, increased complexity for issuers, and unnecessary administrative burdens for authorities. Centralizing these processes with ESMA would help address these issues and create a more efficient and harmonized framework for token offerings across the EU. In conclusion, the three NCAs appear to be advocating for greater alignment between the MiCA regime and the existing MiFID II framework, building on progress made so far. It will be important to monitor whether other EU authorities will join the AMF, the FMA and the Consob in calling for a review, as well as to observe how legislators react. While this is not yet a formal regulatory initiative, the timing—just a few months after MiCA’s introduction—suggests that significant changes, rather than minor adjustments, may be under consideration.

On 18 September 2025, the Australian Securities and Investments Commission (ASIC) announced the ASIC Corporations (Stablecoin Distribution Exemption) Instrument 2025/631 (the Instrument) together with an explanatory statement. Temporary relief for named stablecoins The Instrument provides temporary regulatory relief for distributors of certain stablecoins in Australia.  The instrument specifically exempts distributors of a named stablecoin from the requirement to hold an Australian financial services licence, an Australian market licence, and/or an Australian clearing and settlement facility licence under Chapter 7 of the Corporations Act 2001.  The exemption responds to concerns that there would otherwise be a significant cost and compliance burden on distributors due to the costs: associated with applying for one or more licences; and of ongoing compliance with those licences.. As at the date of the execution of the Instrument, ASIC has identified one named stablecoin that the Instrument will apply to. It is intended that the Instrument will be amended to include other stablecoins in the future as appropriate. Distributors relying on the exemption must make available to retail clients the most current Product Disclosure Statement (PDS) for the named stablecoin.  Sunset clause The Instrument commences 20 September 2025 and is set to be repealed on 1 June 2028.  This sunset clause reflects the temporary nature of the relief, intended to bridge the gap until the government’s law reforms are enacted. Broader reforms In December 2024, ASIC issued Consultation Paper 381 Updates to INFO 225: Digital assets: Financial products and services (CP 381). CP 381 included the position that some stablecoin issuers require a licence under the current law, as some stablecoins are a financial product under the current general definitions. ASIC is finalising updates to INFO 225 and expects to publish it in coming weeks, as well as key thematics and public submissions received in response to CP 381.

On 18 September 2025, the Bank of England (BoE) published a speech by Liz Oakes (External Member of the Financial Policy Committee) entitled A systemic risk perspective on operational resilience. Liz Oakes explains how the BoE’s Financial Policy Committee thinks about operational resilience from the perspective of protecting financial stability. She highlights the importance of firms considering system-wide dynamics when managing operational risks, and how collective action initiatives, like the Cross Market Operational Resilience Group, are an important tool to help with this.

On 17 September 2025, The Central Counterparties (Transitional Provision) (Extension and Amendment) Regulations 2025 were made together with an explanatory memorandum. The Regulations extend the temporary recognition regime for overseas central counterparties (CCPs) by 12 months, so that the expiry date is delayed until 31 December 2027. It also extends the transitional regime for overseas qualifying CCPs contained within the Capital Requirements Regulation for an additional 12 months. The expiry date of this transitional regime differs between individual CCPs as it is dependent on when a firm has applied for recognition in the UK. However, for a large percentage of firms within the regime, the expiry date currently falls on 31 December 2025. The Regulations come into force on 28th November 2025.