In this article, we look ahead to the regulatory priorities across the UK, Europe, and the US for 2025, and how best to navigate them. Topics covered include:

Key Regulatory Priorities for the UK and Europe

Financial Crime

Market Abuse

Operational Resilience and Digital Operational Resilience Act (DORA)

European Market Infrastructure Regulation (EMIR)/US Treasury (UST) Clearing

Consumer Duty

Environmental, Social & Governance (ESG)

Artificial Intelligence

 

 

Key Regulatory Priorities for the UK and Europe

United Kingdom 

The key regulatory themes emerging within the UK financial services industry for 2025 are:

• Operational Resilience
• Sustainability
• Financial Crime Prevention
• Consumer Protection

The FCA has recently increased its use of Market Watch newsletters as an essential form of UK regulatory communication, issuing six this year, with more expected in 2025.

Evolving UK Supervisory Practices

The UK is considering aligning their supervisory approaches with international market standards to promote economic growth and boost competition within financial services. The FCA’s proposal to publicise enforcement investigations via Consultation Paper 24/2 received significant industry attention regarding potential repercussions. Whilst there is currently no information from the PRA on this matter, the UK regulatory bodies often align their policies to ensure consistency in UK supervisory approaches. Firms should track updates on this proposal, which are due early 2025, and ensure strong compliance programs to mitigate the risks of any potential issues such as reputational damage. Developing an effective communication strategy in handling public disclosures of enforcement investigations is essential, with the FCA now aiming to give at least 10 days’ notice.

Enhanced Payment Flexibility for UK Buyside Firms

Another FCA proposal, aimed at asset managers, within Consultation Paper 24/7 provides clients with optionality on how they wish to pay for investment research, reintroducing the option to pay via trading commissions, which was previously prohibited in 2018. The financial services industry will monitor how the FCA plan to transpose these incoming legislations into regulation in 2025, which aim to simplify the current complex and resource-intensive payment methods. Firms must develop a formal policy on bundling payments for third-party research and execution services, with a clear approach for cost allocation and transparency when communicating with stakeholders on the new payment structures. 

Evaluating the UK Listing Rules

The FCA also published the final UK Listing Rules through Policy Statement 24/6, which applied from 29 July 2024, detailing a simplified listings regime with a single category. This streamlines eligibility for UK-listed equity issuers by reducing barriers and increasing competitiveness. The FCA have noted that whilst the overhaul of listing rules allows for greater risk, this better aligns the UK’s regime with international market standards. This demonstrates the risk appetite the UK economy needs to achieve their secondary objective to facilitate international competitiveness and growth. Firms should establish a robust monitoring system and revise their internal policies to reflect these new rules, specifically within enhancing transparency surrounding comprehensive disclosures regarding significant transactions and related party dealings.

Exploring the Shift to T+1 Settlement

In the US, there has been widespread industry discussion on the T+1 settlement timeframe, with the go-live date having occurred on 28 May 2024. Whilst there are currently no defined regulations, the UK government has accepted the move to T+1 by 2027, with operational changes starting in 2025. Firms should conduct a readiness assessment by undertaking a gap analysis of their current systems and processes to meet future T+1 requirements. This may require budget adjustments for enhanced automation, testing plans and training investments to reduce the risk of settlement failures.

In 2025, UK financial services firms should focus on maintaining robust compliance with evolving regulations, embracing technological advancements and prioritising consumer protection to navigate the dynamic regulatory landscape effectively and gain a competitive edge.

Europe 

Elevating Standards in Senior Accountability 

In the Republic of Ireland, the Central Bank of Ireland implemented the Senior Executive Accountability Regime, as part of the Individual Accountability Framework, from 1 July 2024. Firms should have clear statements of responsibility, including management responsibility maps for senior stakeholders, and communicate conduct standards for all employees through training. This requirement extends to independent non-executive directors within certain financial institutions from 1 July 2025. In terms of the UK, a commitment to review and potentially reform the Senior Managers and Certification Regime was announced as part of the 2022 Edinburgh Reforms. In the UK, the FCA intend to publish a final policy on non-financial misconduct and a policy statement on diversity and inclusion to enhance focus on culture and governance within firms throughout 2025.

ESMA seeks to become EU’s SEC

In October, the European Securities and Markets Authority (ESMA) announced its plans to expand its role in central EU supervision, aiming to become a European version of the U.S. Securities and Exchange Commission (SEC). Currently overseeing a limited number of entities, the proposed centralised approach would grant ESMA more authority to supervise 'larger, cross-border players' such as Euronext and Deutsche Börse. These entities, as noted by ESMA Chair Verena Ross, 'often serve not just one or a few countries but genuinely serve investors across the entire EU'. She added that smaller markets and companies would continue to be supervised locally.

Despite opposition from smaller member states such as the Republic of Ireland and Luxembourg, which fear the measure could weaken their thriving financial sectors, Ms. Ross emphasised that this shift would enhance the efficiency of Europe’s financial markets for both investors and issuers.

Centralising supervision under ESMA could significantly impact compliance by potentially creating more consistent regulatory standards across the EU. For larger players operating across multiple jurisdictions, this could simplify compliance by providing a single regulatory oversight.

MiFID III

MiFID III is on the horizon for late 2025 / early 2026 with the aim of improving transparency and access to market data. These changes are designed to make financial markets more competitive and integrated across the EU.

The Designated Publishing Entity (DPE) regime under MiFIR will become operational on February 3 2025, meaning certain financial firms will need to publicly report their OTC trades through approved channels to comply with transparency rules.

MiFID II has been updated with enhanced transparency requirements for equities and derivatives to improve market integrity. It bans Payment for Order Flow (PFOF) to eliminate conflicts of interest and mandates more detailed transaction reporting. A consolidated tape will also centralise trade data, making market information more accessible.

These changes enhance market transparency, reduce conflicts of interest, and make trade data more accessible. EU member states have until September 29 2025 to fully implement the amendments or face punishment from regulators.

Firms can anticipate additional workload in respect of transaction reporting & transparency requirements to meet the demands laid out in the above changes in respect of MiFID & MiFIR.

Basel 

Basel IV represents a critical shift in global banking regulation. As the January 2025 deadline approaches, staying ahead of these changes is essential for maintaining capital strength and competitive positioning. By enhancing the consistency and transparency of capital requirements, Basel IV seeks to mitigate systemic risk and ensure a more resilient financial system for the future.

Key Regulatory Changes 

A core aspect of Basel IV is the revamp of the standardised approach for credit risk. This change ensures that banks' capital levels better reflect the actual risk of their assets. With more stringent rules on real estate-backed loans and a refined distinction between high and low risk lending, financial institutions will need to reassess their risk exposures. Additionally, the reform limits the reliance on internal models, addressing concerns over inconsistencies in risk-weighted asset calculations across the industry.

Basel IV also introduces an "output floor", capping the capital benefit banks can gain from internal models. This means that internal model-based calculations cannot fall below 72.5% of what the standardised approach would yield. Firms should monitor the impact of this on their capital requirements and take steps to ensure compliance, including conducting impact analyses, updating models, managing capital and maintaining clear communication with stakeholders.

Strategic Impact for Banks 

For banks, these changes mean increased capital requirements and potential shifts in business strategy. To comply, financial institutions may need to strengthen equity buffers or revise portfolio compositions. The regulatory push toward aligning risk assessments between internal models and the standardised approach is set to level the playing field across the banking industry.

The tighter framework around credit risk is expected to influence lending practices, particularly for high-risk assets such as commercial real estate and certain corporate exposures. Additionally, changes to the operational risk assessment process will require financial institutions to adopt a standardised model based on their financial performance, improving comparability across the market.

Basel IV represents a critical shift in global banking regulation. As the January 2025 deadline approaches, staying ahead of these changes is essential for maintaining capital strength and competitive positioning. By enhancing the consistency and transparency of capital requirements, Basel IV seeks to mitigate systemic risk and ensure a more resilient financial system for the future.

 

Financial Crime

UK Focus Areas 

FCA publication on multi-firm review of treatment of PEPs  

In July 2024, the FCA published the outcome of a multi-firm review on how financial firms treat Politically Exposed Persons (PEPs) for anti-money laundering purposes.

The FCA identified key areas that required improvement across the financial services industry which included: 

• Definitions of a PEP: Some firms used broader definitions for PEPs and their relatives & close associates (RCAs) than those specified in FCA regulations. 

• Risk Assessment: A few firms did not reassess the PEP classification after the individual left public office. 

• Risk Rating: Some firms did not consider the actual risk posed by the customer and lacked clear rationale for their risk ratings. 

• Communication: Firms needed to improve the clarity and detail of their communications with PEP and RCA customers. 

• Staff Training: Most firms needed to enhance their staff training on handling PEPs. 

• Policy Updates: Firms needed to update their policies to reflect recent legislative changes, treating UK PEPs and RCAs as lower risk compared to foreign PEPs, unless other risk factors were present. 

The FCA stated that firms under its supervision must review their policies, procedures and controls in relation of the handling of PEPs.

Looking forward, this will have an impact on how firms carry out PEP reviews and may require extensive remediation exercises to ensure firms are in line with FCA guidance relating to PEPs already on their books.

The need for subject matter expertise in relation to PEPs has been thrust into the spotlight by this publication. There could be considerable impact on firms, especially when considering the need for ongoing due diligence and transactional analysis into 2025 and beyond.

Ultimately, the FCA wishes to achieve its regulatory aim of a balanced approach to ensuring PEPs are not unfairly treated, whilst also ensuring firms maintain robust AML policies and controls to protect the financial system.

Companies House Reform   

The reform of Companies House is intended to boost transparency, which has repeatedly been highlighted as a major blocker in the prevention of financial crime in the UK. Companies House has been subject to a lot of criticism over the years, due to the lack of verification and controls and the relative ease with which you can incorporate a company in the UK.

From now until the end of the transition period in December 2026, the following changes will come into effect for Companies House:

• Companies House can issue financial penalties for offences.
• A strike-off process for companies formed on false grounds will roll out.
• Companies House will annotate public registers.
• A new portal will allow voluntary identity verification, and intermediaries like accountants can register as authorised corporate service providers (ACSPs).
• Identity verification will be mandatory for new incorporations, new directors, and new persons with significant control (PSCs), with existing directors and PSCs given 12 months to comply.
• All document presenters at Companies House must have completed identity verification or be registered as ACSPs, and documents from disqualified directors will be rejected.

These changes will have significant impact on directors and companies:

• Companies House will not register new directors or other entities without verified accounts.
• Companies must ensure directors’ identities are verified and failure to do so will be a criminal offence for both individuals and companies.
• Anyone submitting documents to Companies House must have their own identity verified, with a statement confirming their status.

In addition:

• The government plans to ban corporate directors, with limited exceptions.
• Companies will no longer need separate registers of directors, residential addresses, secretaries, and PSCs, as all information will be centralised at Companies House. However, companies must maintain their own register of members, and private companies can no longer store this register centrally.
• Non-traded companies must provide a full list of shareholders, and listed companies must disclose shareholders holding at least 5% of any share class.

To prepare for these impending changes, companies will need to:

• Review and update their processes for keeping registers and consider maintaining non-statutory records for internal audits.
• Ensure all statutory registers are current and start forming a register of members if reliant on the central register.
• Conduct a thorough audit of compliance practices to identify gaps.
• Engage legal advice to ensure all aspects of the reform are understood and implemented correctly.

Fraud 

There is a continuing trend towards a convergence between the tackling of Fraud and Anti-Money Laundering, which has been dubbed FrAML.

In 2024, the European Banking Authority identified new types and patterns of payment fraud and is seeking to develop future-proof proposals to deal with an increase in these types of fraud. The EBA wishes to further strengthen forthcoming legislative framework under the Third-Party Payment Services Directive and the Payment Services Regulation which will enhance anti-fraud requirements across the bloc.

Fraudsters have become more complex in their techniques and there is a need for more robust measures to tackle this. The UK is adopting a similar approach to strengthen its legal framework in the prevention of fraud in the wake of an increase in complex fraud cases.

This is a hot topic moving into 2025 and beyond with governments and regulators taking a forward-thinking approach to ensure the legislative framework is fit for purpose to meet the evolving demands of the prevention of complex fraud and financial crime.

The Economic Crime and Corporate Transparency Act 2023 outlined that large organisations will be criminally liable if an employee, agent or subsidiary commits fraud on its behalf, unless the organisation can prove reasonable fraud prevention measures. In November 2024, the UK government issued guidance on what constitutes reasonable fraud prevention procedures giving firms until 1 September 2025 to ensure their fraud prevention procedures are up to standard.

Looking ahead, large organisations may require additional support and guidance to establish and maintain robust fraud prevention networks and ensure they are adequately maintained to avoid criminal liability under this legislation.

UK Sanctions Outlook

Over recent years, global sanction regimes have evolved rapidly due to developments in the geopolitical landscape and conflicts across the Middle East and Russia / Ukraine. In addition, sanctions professionals have had to adapt to the variance in the application of sanctions; specially designated nationals (SDNs), sectoral, specific products like oil and gas.

Most recently, we have seen:

• Increased sanctions on Iran and, in particular, sanctions against leading Iranian military figures and entities. 
• An increase in sanctions targeting Hamas leaders and financiers aiming to cut off its access to financial networks.
• Sanctions in relation to human rights offences in regions such as Myanmar and Haiti have become more prevalent too.
• Increased focus on and enforcement against individuals, companies and even states deemed to be supporting or enabling sanctions evasion and circumvention.

The unprecedented rapid evolvement in the sanctions landscape has significantly impacted compliance departments in financial services in several key areas: 

• Additional resource has been required to manage the increased workload.  

• The greater sophistication of sanctions has meant an increase in complexity and a need for enhanced monitoring and reporting.  

• Continuous training is required to ensure all employees understand the latest sanctions and their implications. 

2025 is likely to be another busy and interesting year given the recent re-election of Donald Trump as the President of the United States of America. Sanctions Compliance Teams will be required to be responsive and display ongoing flexibility and agility in their approach. Financial services firms need to continue to put increased value on upskilling team members and using skilled partner firms to bridge any knowledge gaps.

US Focus Areas 

In line with other countries, the US is placing increased focus on transparency and moving towards a more risk-based regime.

On January 1 2024, the Corporate Transparency Act (“CTA”) came into effect. This sweeping new law amends Bank Secrecy Act Regulations and imposes significant reporting obligations upon entities that are required to report beneficial ownership and registrant information to the U.S. Treasury’s Financial Crimes Enforcement Network (FinCEN).

• The new standard applies to specific domestic and international companies doing business in the US, but several exemptions are included which may limit its scope slightly.
• A key goal of this legislation is to create an online platform which houses all this new information – BOSS (Beneficial Ownership Secure System). Unlike the UK’s Companies House referenced above, it is not going to be publicly available. It is currently intended for use only by law enforcement, the IRS, and other government agencies.

Firms will have until 1 January 2025 to ensure they are compliant with the Act.

On 28 June 2024, FinCEN issued a proposed rule to strengthen and modernise the AML/CFT Programs of Covered Financial Institutions.

This proposed rule would amend existing regulations to expressly require that such programs be “effective, risk-based, and reasonably designed.”

• It also seeks to avoid one-size-fits-all approaches to customer risk that can lead to financial institutions declining to provide financial services to entire categories of customers.
• It seeks to bring those financial institutions more broadly in line with their counterparts in the EU/UK and ensure they are focusing more resources on their high-risk customers, rather than towards lower-risk customers and activities – making the process more efficient as a by-product. 

This will require financial institutions to look at their policies, procedures and AML controls to ensure they are meeting the criteria outlined by FinCEN into 2025 and beyond.

Another key objective for the US government and regulators in 2024 was to bring investment adviser sector in line with financial institutions like banks, securities broker-dealers, credit unions and mutual funds.

The first is the August 2024 final rule which aligns covered investment advisers with the Bank Secrecy Act definition of ‘financial institutions’ and therefore confers on them a requirement to establish and maintain anti-money laundering/counter-terrorism financing programs and files suspicious activity reports. Entities will be expected to be compliant by August 2025.

The second initiative is still in proposal stage but mandates that registered investment advisers (RIAs) and exempt reporting advisers (ERAs) should establish, document, and maintain written customer identification programs (CIPs). 

EU Focus Areas

AML Authority (“AMLA”) – In 2021 the European Commission embarked on a project to create a European-wide dedicated entity in charge of Counter Terrorist Financing and Anti-Money Laundering, the AML Authority (AMLA), which is expected to be fully operational starting July 1 2025. From this date AMLA will be empowered to start exercising its influence to achieve the following goals:  

• Direct Supervision of High-Risk Institutions 

• Harmonisation of AML Rules  

• Enhancement of Beneficial Ownership and Data sharing Obligations 

• Cross Border Cooperation Enforcement 

• Use of Technology for Compliance & Supervision 

• Crypto Assets Supervision 

The AML Authority will also be given the authority to impose fines and other penalties on financial institutions failing to comply with their standards. Penalties that are foreseen as potentially stricter than what the industry was so far accustomed to.

In summary, European Financial Institutions, with the apparition of the AML Authority, should expect heightened scrutiny and enhanced collaboration between the members of EU. 

6^th Anti-Money Laundering Directive (6AMLD) – Published in June 2024, 6AMLD will deploy its new wave of regulation in 2025.

By 10 July, EU state members will have to provide comprehensive access to beneficial ownership information registers to competent authorities such as EPPO (European Public Prosecutor’s Office) and OLAF (European Anti-Fraud Office).  

By mid-2027, EU state members will have to gradually implement the remainder of the directive which includes:

• More direct communication network between Financial Intelligence Units (FIUs)
• Alignment of AML definitions  

Uniformity is vital for effective enforcement and prosecution, as it removes inconsistencies that criminals could otherwise exploit.

6AMLD also extends criminal liability to entities and not just individuals. This means that businesses can be held accountable for money laundering activities conducted by their employees or associates. 

The Wolfsberg Group’s New Approach to Monitoring Suspicious Activity – The Wolfsberg Group has released a new statement in 2024, emphasising the need for financial institutions (FIs) to adopt more effective methods for monitoring suspicious activity.

The statement also addresses current challenges, such as the high volume of low-value Suspicious Activity Reports (SARs).

Looking ahead, key recommendations include:

• Shifting from a prescriptive, rules-based risk management to a flexible, risk-based approach that focuses on high-value outputs.
• The Group highlights the importance of leveraging modern technologies like Machine Learning (ML) and Artificial Intelligence (AI) to enhance detection capabilities and reduce false positives.  
• Calls for better collaboration between FIs, regulators, and law enforcement, emphasising the need for feedback on the usefulness of SARs to improve monitoring programs.  

By adopting these recommendations, FIs can better detect and prevent financial crimes, providing more actionable intelligence to authorities and enhancing the overall effectiveness of financial crime risk management. 

Our Experts Say… 

Emerging Technologies  

Technology, Automation and Artificial Intelligence are the most widely discussed topics across banking conferences, strategy sessions and industry papers. There is constant debate around end-to-end CLM (Client Lifecycle Management) utilities versus a CLM ecosystem, the impact of A.I. on the detection and prevention of financial crime, and the impact on human resource currently working in the CLM space. On one hand there is a multitude of FinTechs claiming they can automate the full customer journey and achieve the utopian state of PKYC (Perpetual Know Your Customer), yet on the other it feels that very few financial institutions have a clear technology pathway or can quantify the benefit of A.I. adoption in terms of cost or effort.  

One thing that is clear, if implemented correctly and safely technology should be welcomed by financial institutions in the coming years. It should allow practitioners to focus on risk management and mitigation, while enhancing client experience. Strides have been made in Intelligent Document Processing, Abnormal Behaviour Detection and Client Interface Tooling, however, there is still a lot of ground to cover. Moving into next year, banks need to take stock and review their current resource pool, skillset and talent to ascertain the upskilling, reskilling and recruitment required to move to a more digital and automated landscape. Roles across CLM will undoubtedly change, with much more focus on data and technology SMEs. The introduction of the EU A.I. Act (and other global legislation), as well as the tolerance of global regulators will dictate how widely and quickly these new technologies are deployed by banks. Watch this space…

 

Market Abuse

Market abuse regulation has evolved steadily, maintaining a predictable path despite initial concerns of impact following the Brexit Referendum. The implementation of UK Market Abuse Regulation (UK MAR) in 2021 has ensured continuity and alignment with EU standards while also introducing stricter penalties for insider dealing and market abuse being increased to 10 years.

Market abuse focus themes include:

E-Communications

• Major focus for regulators over the last few years with many SEC fines for failing to capture E-Communications records for surveillance.
• No reported fines in the UK during 2024 and SEC fines have been outside the top tier banks.
• Improvements have been made across firms’ platforms.
• Common practice is now to self-report failures and adapting a zero-tolerance approach to non-compliance.

AI and Machine Learning

• Increased adoption of these technologies within Investment banks, especially harnessing the benefits in trade & E-Comms surveillance.
• Benefits of adopting this technology in market abuse detection is reducing false positives and providing efficiencies that will free time for advanced oversight of complex issues and calibrating of programmes.
• This is not without risk; firms must ensure there is appropriate testing of AI with regular monitoring in place.
• The FCA has emphasised the need to maintain a “human in the loop” to ensure standards and outcomes continue to be met. Market Watch 79 specifically notes governance needs to keep pace and remain effective considering AI developments.

AI Washing

• “AI Washing” has become an area the SEC are beginning to tackle. This is, in essence, where firms make misleading claims of using AI.
• SEC fined two firms in March 2024: Delphia (USA) Inc & Global Predictions Inc.
• According to the regulator, these firms represented to clients that they were using AI in a certain way when in fact they weren’t.
• As AI usage rises, firms must be aware of AI washing and ensure their products are marketed accurately to avoid regulatory Action.

Firms need to continue to maintain robust market abuse controls, enhance surveillance frameworks and ensure robust governance and oversight of AI systems are in place to assure they are achieving the desired outcome.

 

DORA and Operational Resilience

The Vendor Perspective

The Digital Operational Resilience Act’s (DORA) requirements across the different aspects of the vendor relationship will apply to all vendors offering a critical function and forming part of the global supply chain supporting the European financial sector —whether those vendors are based within the EU or not.

In other words, DORA’s requirements include any global enterprise that provides Information and Communications Technologies (ICT) related services such as cloud platforms, data analytics or software-as-a service (SaaS) products and services to EU financial institutions, especially when those services support functions to satisfy the criticality criteria of DORA.

ICT vendors will no longer be just technology suppliers to a financial institution. Rather, they will become partners — subject to meeting the same operational resiliency tests and requirements, such as penetration testing, disaster recovery and security controls.

For an ICT vendor that provides services to a financial institution subject to the requirements of DORA, the need to consider how DORA impacts them is essential. If a vendor is providing business critical services to a financial institution or is providing services that may impact upon an institution if such services are unavailable, then the requirements of DORA need to be carefully analysed – not just in the context of the vendor’s services, but also the services provided to the vendor by other third parties and sub-contractors in their supply chain.

Vendors may be required to provide:

• More transparency, accountability, security and flexibility for their customers and additional technological capabilities.
• Unrestricted audit rights to finance customers and regulators.
• Risk management of their supply chain.
• Participation in disaster recovery (DR), penetration testing, and assisting the financial institution with overall operational resilience testing.

A vendor should be asking themselves:

• Do they have adequate contingency plans in place for the provision of their services if a business continuity event takes place?
• What is the Plan B for the continuation of those services if, for example, a key server goes down or a data centre becomes unavailable? Is this plan tested and is it a viable option?
• Is the means to deliver services it has sub-contracted robust and is there a viable alternative if these services are unavailable?
• Are there documented agreements between the vendor and the financial institution, as well as between the vendor and sub-contractors, regarding the provision of such services, to ensure operational resilience?
• Are these documented agreements available to the regulated institution as may be required under the scope of DORA?
• Is it robustly monitoring all of its risks, given the reliance placed upon it by the financial institution?
• Are there any risks arising from sub-contracting vendor activities in terms of IT concentration?

While not all the above questions may be mandatory for vendors under DORA, there is a risk that if vendors are not in a position to provide sufficiently satisfactory answers to their clients that this may require remediation and/or may run the risk of losing vendor contracts.

Contractually, DORA raises the bar for financial entities regarding their contractual arrangements with ICT service vendors. This may include locating third party contracts, identifying any gaps with DORA requirements, and remediating any contracting standards to meet new requirements. This work must be done by 17 January 2025 and is an additional risk for vendors if this work is requested to be done by their client institutions.

UK Focus 

Risk management is an essential aspect of organisational planning and decision-making to ensure the ability to deliver operations and to identify vulnerabilities. For these reasons, Operational Resilience continues to be a focus for the FCA and, by 31 March 2025, the FCA expects financial institutions to implement the rules and guidance to strengthen their own Operational Resilience.

To effectively implement the FCA’s Operational Resilience requirements, organisations need to put in place specific measures and controls that ensure continuity and adaptability so that they operate consistently within their set impact tolerances. It sets out requirements for firms:

• To prevent, adapt, respond and learn from operational disruptions including cyberattacks and third-party supplier failure.
• To carry out scenario testing to establish impact tolerances for business services in the event of disruption to its operations so there is no intolerable harm to the firm’s clients or wider UK financial system.
• To identify the important business services that they provide so there is business continuity planning in place to assess and identify potential disruptions.
• To conduct lessons learned exercises to retain institutional memory regarding Operational Resilience and to prepare self-assessment documentation summarising vulnerabilities.

The disruption caused by Covid had a significant impact on the global financial markets and created an unprecedented level of risk and increase in market volatility. This is why it is critically important for firms to invest in their resilience to protect not only themselves but their clients and customers.

With the EU DORA and the FCA Operational Resilience Regime requirements deadline approaching, it is expected that financial institutions are finalising preparations for the application of these requirements. It is of critical importance once the deadlines have past that these financial institutions continue to identify their important business services and map out processes to proactively mitigate and manage their risk. 2025 will be a challenging year for financial institutions balancing their implementation of the regulatory requirements in global economic uncertainty but FinTrU can assist with ensuring operational resilience remains at the forefront of business activity and that their risk management framework is robust.

Mandatory UST Clearing 

On December 13 2023, the U.S. Securities and Exchange Commission adopted a Final Rule under the Securities Exchange Act of 1934 which will mandate the central clearing of certain secondary market transactions involving U.S. Treasury Securities (USTs).

The Final Rule will require that direct participants of a covered clearing agency (CCA) that engages in UST clearing, to clear all their repurchase and reverse repurchase transactions involving USTs and other cash market transactions in USTs.

Whilst the Final Rule amendments only directly impose the requirement to clear on the direct participants of a CCA, counterparties who trade USTs with a direct participant of a CCA may be indirectly subject to the clearing requirements and will likely need to put in place new documentation and operational arrangements in order to clear these transactions.

To achieve the SECs stated goal, the Final Rule provides that a CCA engaged in UST clearing will be required to mandate, as part of its rules for participation, that its direct participants submit all “eligible secondary market transactions” to which they are a party for clearance – for this purpose, an eligible secondary market transaction is defined as:

• Repurchase or Reverse Repurchase transactions which are collateralised by USTs in which one party is a direct member of a CCA.

• Sales and purchases of USTs between a direct participant and a counterparty that is a registered broker-dealer, government securities dealer or government securities broker.

There will be a phased implementation of the Final Rule, which must be implemented by:

• December 31 2025, in respect of sales and purchases of USTs; and
• June 30 2026, in respect of repurchase and reverse repurchase transactions.

To allow market participants to meet their clearing obligation documentation needs in a timely and efficient manner, SIFMA and SIFMA AMG recently published the 2024 SIFMA Master Treasury Securities Clearing Agreement, drafted in a CCA agnostic manner and to be used with the “Done With” clearing model.

It is expected that SIMFA and SIMFA AMG will publish further documentation, including an amendment template to enable market participants to add UST Clearing as an add-on to their existing Master Repurchase Agreements and a separate suite of documentation to be used by market participants adopting the “Done Away” clearing model.

 

European Market Infrastructure Regulation 3.0 (EMIR 3.0) 

In December 2022, the European Commission published a proposal recommending a series of amendments to the European Market Infrastructure Regulation (EMIR) which has been dubbed EMIR 3.0.

Whilst EMIR 3.0 is primarily concerned with enhancing the competitiveness of EU central counterparties (CCPs), promoting greater volume of clearing activity within the EU, it does include reforms outside of clearing.

A provisional political agreement on the high-level substance of EMIR 3.0. was agreed in February 2024 and is expected to enter into force before the end of the year. The European Supervisory Authorities will be mandated to submit draft RTS to the commission within six to twelve months following EMIR 3.0’s entry into force. The following is a summary of the key reforms that are being proposed:

Active Account Requirement

EMIR 3.0 will introduce a requirement for EU financial counterparties (FC) and non-financial counterparties, who are subject to the clearing obligation under EMIR (NFC+), to have an active account open with at least one EU CCP for certain types of OTC derivatives transactions.

The active account requirement would apply to (a) Euro or Polish Zloty denominated interest rate derivatives; (b) Euro denominated short-term interest rate derivatives; and (c) Euro denominated credit default swaps.

CCP and Clearing Member Transparency

EMIR 3.0 will require additional transparency from CCPs and their clearing members on matters such as pricing, fees, margin and the possibility of clearing a given product at an EU CCP.

Clearing Thresholds

EMIR 3.0 proposes to amend the clearing threshold calculations for FCs, NFC+ and NFC- so that only derivative contracts that are not cleared at an ESMA authorised or recognised CCP are included in the calculation.

Uncleared Margin Rules: NFC Phase-in Period

A four-month phase in period would be granted to an NFC which becomes subject to the uncleared margining requirements for the first time to allow them time to establish their margining arrangements.

Initial Margin: Equity Option Exemption

The temporary exemption for non-centrally cleared OTC single-stock equity options and index options (currently due to expire on 4 January 2026) from the EMIR Initial Margin requirement will be made permanent under EMIR 3.0.

Reporting Obligation Penalties 

EMIR 3.0 proposes to introduce a specific penalty regime where ESMA could impose penalty payments where data reported under Article 9 of EMIR contains manifest errors or the entities with the reporting obligation have not exercised due diligence when checking and reporting the data.

 

Consumer Duty

2024 has been a busy year for firms regarding consumer duty compliance with the FCA releasing several updates on progress, including:

• FCA Good Practice and areas of improvement analysis.
• Dear CEO Letters for closed products and services ahead of the July 31, 2024, deadline.
• Good and Poor Practice update for Price and Value outcomes.
  

Many firms will agree the above updates are helpful in providing guidance during a challenging period for firms to meet the required standards. It remains clear that consumer duty has a lasting role in strengthening conduct, culture, governance measures and consumer relations.

The Chief Executive of the Consumer Duty Alliance conference noted recently we have entered a "watershed moment” now that the regulators, government, and financial sectors can work together to ensure better outcomes for consumers.

What is the FCA’s focus area of the Consumer Duty?

Financial Inclusion is one area of importance with some timely recent updates:

• The Labour party have made efforts to highlight how a significant portion of the population tends to be excluded from the financial services market and noted their plans to support financial inclusion as a means of protecting consumers.
• The Director of Consumers and Competition at the FCA has stated firms often fail to consider vulnerable customers.
• The FCA have been testing key aspects of the duty including service, design and communications and whether they support good outcomes for vulnerable customers.

Some positive steps have been taken by firms i.e. adopting measures to limit the volume of outreach to vulnerable customers, whilst other firms are actively working with Customer Relationship Management providers to incorporate vulnerability characteristics.

However, there are still improvements to be made. Some firms are still unable to identify their target market and others indirectly exclude onboarding clients with vulnerable characteristics.

The Role of Tech in ensuring Financial Inclusion

The FCA will not accept system restrictions, therefore firms will need to consider the role that tech innovation can play in achieving the four key outcomes of consumer duty for all customers.

• Firms may explore the benefits that AI has to offer including data set analysis and streamlining of repeatable processes so more time can be spent focusing on the needs of vulnerable customers.
• Firms will need to be mindful of the limitations of AI too and balance its use with human contact to support customers.

Overall, firms must continue to demonstrate their commitment to the consumer duty principals by showing proactiveness to identify the needs of vulnerable customers. This will likely include operational and service redesign, from training of customer-facing staff to product reviews. Firms can expect to see examples of good and bad practice by the end of 2024 when the FCA share their findings on how firms are understanding and responding to the needs of vulnerable customers.

 

ESG

In 2024, global issues such as war and climate-related weather events have highlighted the urgent need for action on climate change. Many countries have pledged to improve their efforts in tackling the climate crisis.

United States Climate Commitments 

• The United States is behind schedule on its Paris Agreement commitments (implemented in 2015) to pursue efforts to limit global temperatures to 1.5°C and keep them below 2°C above pre-industrial levels.
• The 2024 US election results are likely to be a pivotal moment for the country’s climate targets (as well as global progress) as the likely withdrawal from the Paris Agreement under the incoming administration could impact global climate commitments.

Inflation Reduction Act 

• The Inflation Reduction Act was passed in August 2022 and is the United States’ largest investment to date in tackling the climate crisis, aiming to reduce greenhouse gas emissions and encourage investments in clean energy.
• The incoming administration could potentially repeal the Inflation Reduction Act and other ESG initiatives, which may lead to an increase in Anti-ESG state legislation being introduced (such as, state anti-boycott laws).
• As other countries make significant advances in clean energy, the repeal of these initiatives could also impact the United States’ competitiveness in the global market.

European Union

Corporate Sustainability Reporting Directive (CSRD)

• One of the biggest developments in 2025 will be the increasing influence of the European Union’s Corporate Sustainability Reporting Directive (CSRD), with US companies operating globally also facing reporting requirements under CSRD.
• The CSRD aims to drive transparency and accountability, whilst promoting sustainable practices and investments.
• It is essential for organisations to understand their current ESG position and approach, including the regulatory requirements they must comply with and plan accordingly by ensuring the correct governance structures are in place.

The Importance of ESG

Going into 2025, at the exponential rate that awareness and understanding around ESG is growing for governments, regulators, stakeholders and customers, what is evident is that accountability and transparency will be crucial going forward.

 

Artificial Intelligence

In 2024, AI’s rapid development continued to outpace evolving regulations. Financial institutions, whilst eager to harness AI’s benefits, recognised the urgent need to understand and mitigate associated risks of the systems they were implementing. Banks handling very sensitive data face high risks, slowing their adoption of advanced technologies like Generative Artificial Intelligence (GenAI).

The big news story for 2024 was the adoption of the EU AI Act, with the enforcement of provisions starting in 2025. This legislation classifies AI systems by risk level, imposing stricter regulations on systems that lead to higher-impact decisions. Requirements for AI literacy are coming into force on 1 February 2025 and requirements for general purpose AI will come into force on 1 August 2025.

Looking ahead to 2025, the EU AI Act is expected to influence global AI governance, with countries like the U.S. and China likely to closely follow suit. Consequently, the majority of financial AI implementers, no matter where they do business, are already working to ensure they can prove that their systems are trustworthy, fair, transparent, secure, and can stand up to scrutiny with respect to privacy requirements. Thus, ensuring that customer data is not only protected but is used responsibly.

FinTrU is heavily involved in coordinating efforts for our clients to be in line with the EU AI Act in 2025. We have helped support our clients create a stable Governance and Risk framework surrounding Generative AI.  In an ever-evolving landscape, FinTrU provides support to global compliance functions, providing guidance throughout the approval lifecycle for the adoption of new Artificial Intelligence or Machine Learning Models and can also help in the effort for continued testing & monitoring within the 2nd line of defence.