February 2026

CONTENT

EUROPEAN UNION

ANTI-MONEY LAUNDERING / COMBATING TERRORISM FINANCING / COMBATTING PROLIFERATION FINANCING (AML/CFT/CPF)

AMLA launches 3 consultations on key mandates for the private sector and harmonized supervision

On 9 February 2026, the AMLA launched 3 consultations on on key mandates for the private sector and harmonized supervision.

AMLA published three consultation papers containing Draft Regulatory Technical Standards (RTS) under Article 19(9) AMLR, Article 28(1) AMLR, and Article 53(10) AMLD, which together aim to harmonise the EU’s AML/CFT framework and strengthen supervisory convergence.

The RTS under Article 19(9) AMLR define criteria for distinguishing business relationships from occasional transactions and for identifying linked transactions. By introducing horizontal criteria and sector-specific provisions for higher-risk areas (e.g., currency exchange, money remittance, crypto-asset services), AMLA seeks to ensure consistent application of customer due diligence (CDD) thresholds and prevent circumvention by transaction structuring. The paper concludes that current evidence does not justify introducing new, lower CDD thresholds beyond those already embedded in the AMLR.

The RTS under Article 28(1) AMLR establish detailed requirements for standard, simplified and enhanced CDD, including information that must be collected for identification and verification, expectations for understanding complex ownership structures, and safeguards for non-face-to-face verification through electronic identification and remote technologies. The RTS also provide PEP identification rules, targeted financial sanctions screening requirements, and risk factors for exemptions related to certain electronic money instruments. AMLA emphasises proportionality, technological neutrality, and applicability across both financial and non-financial sectors.

The RTS under Article 53(10) AMLD introduce a harmonised enforcement methodology, specifying indicators to classify breaches into four gravity categories and criteria for determining pecuniary sanctions and administrative measures. The RTS also define the framework for imposing periodic penalty payments, including procedural safeguards, calculation rules and collection limitations, with the overarching aim of ensuring consistent, proportionate and dissuasive supervisory outcomes across Member States.

The first and second Consultation closes on 8 May 2026. The third Consultation closes on 9 March 2026.

DATA PROTECTION FRAMEWORK

EDPB publishes its work programme 2026-2027

On 12 February 2026, the EDPB published its work programme 2026-2027.

The work programme is based on the priorities set out in the EDPB strategy and the needs identified as most critical for stakeholders.

Built on the four pillars of the EDPB strategy, the work programme focuses on 1) enhancing harmonisation and promoting compliance, 2) reinforcing a common enforcement culture and effective cooperation, 3) safeguarding data protection in the developing digital and cross-regulatory landscape, and 4) contributing to the global dialogue on data protection.
The EDPB will continue to provide timely and clear guidance on key issues and concepts of EU data protection law to make GDPR compliance easier. For example, the EDPB is working on guidelines on Consent or Pay, guidelines on anonymisation, guidelines on pseudonymisation and guidelines on children’s data. The Board will also develop and promote tools for a broader audience, by producing content for non-experts, such as templates, illustrative examples, checklists, FAQs and “how to” guides.

The EDPB will support the implementation of compliance measures for controllers and processors.

The EDPB will advise the EU legislature on important issues related to the protection of personal data in the EU. This includes giving advice on legislative proposals, together with the EDPS in the context of joint opinions such as with the Digital Omnibus, in response to any requests from the European Commission.

FINANCIAL INSTRUMENTS

ESMA publishes statement on identifying derivatives within the scope of the national product intervention measures on CFDs

On 24 February 2026, European Securities and Markets Authority (ESMA) published a statement on identifying derivatives within the scope of the national product intervention measures on CFDs.

Here is a summary of the ESMA Public Statement on CFD product intervention measures:

ESMA and national competent authorities (NCAs) have noticed a growing offering of derivatives marketed as "perpetual futures" or "perpetual contracts" providing leveraged exposure to underlying assets, including crypto-assets like Bitcoin and Ethereum. ESMA is reminding firms that these products may fall within the scope of existing national CFD product intervention measures.

The commercial name given to a product (e.g. "perpetual futures") is not important. What matters is the product's actual characteristics. If a derivative provides exposure to an underlying value and is not exclusively physically settled, it will likely be caught by the CFD intervention measures, which impose leverage limits, mandatory risk warnings, margin close-out rules, negative balance protection, and a ban on monetary and non-monetary benefits.

Investor protection requirements firms must also observe:

Product governance: given the complexity and risk of these products, firms must define a narrow target market and avoid mass marketing campaigns or approaches targeting inexperienced investors
Appropriateness: firms must conduct appropriateness assessments before providing non-advised services involving these products
Conflicts of interest: firms must manage conflicts, particularly where the derivative is issued by a group entity or traded on a group-owned venue
PRIIPs: these products qualify as packaged investment products, requiring firms to prepare a KID for retail clients

EU publishes Commission Delegated Regulations (EU) 2026/465 and (EU) 2026/466 specifying regulatory technical standards on the characteristics of liquidity management tools under AIFMD and the UCITS Directive

BACKGROUND

On 27 February 2026, the European Commission published in the Official Journal of the European Union Commission Delegated Regulation (EU) 2026/465 supplementing Directive 2011/61/EU (AIFMD) and Commission Delegated Regulation (EU) 2026/466 supplementing Directive 2009/65/EC (UCITS Directive) with regard to regulatory technical standards specifying the characteristics of liquidity management tools.

These Delegated Regulations form part of the EU framework on liquidity management tools (LMTs) for investment funds. They supplement the provisions introduced under AIFMD and the UCITS Directive by specifying the characteristics and operational features of selected LMTs. Their objective is to establish a harmonised framework for the application of those tools across the Union, including activation conditions, calculation methodologies and investor treatment.

The measures apply, respectively, to AIFMs managing open-ended AIFs and to UCITS. They address the operation of tools intended to manage liquidity risk, mitigate dilution and support investor protection in stressed market conditions or in exceptional circumstances.

WHAT'S NEW?

The Regulations specify harmonised operational rules for the principal liquidity management tools available under the AIFMD and UCITS frameworks. They provide that suspensions of subscriptions, repurchases and redemptions must apply simultaneously, for the same period and to all investors.

They also specify the characteristics of:

redemption gates, including activation thresholds and pro rata execution;
extension of notice periods, without changing redemption frequency;
anti-dilution tools, namely redemption fees, swing pricing, dual pricing and anti-dilution levies, including the treatment of explicit and implicit transaction costs;
redemptions in kind;
side pockets, through accounting segregation or physical separation.

For open-ended AIFs, redemption gates may be set at fund level, investor level, or as a combination of both. For UCITS, redemption gates are set at fund level only. The Regulations also clarify that soft closures do not qualify as liquidity management tools, and that certain transfers of underlying securities in the normal course of exchange-traded AIF and UCITS operations do not constitute activation of redemptions in kind.

The timeline is short. The Regulations were published only a few weeks before their date of application, which leaves a limited period for updating fund documentation, internal processes and operational arrangements. The texts nevertheless provide a one-year transition for pre-existing open-ended AIFs and UCITS.

WHAT'S NEXT?

Both Delegated Regulations enter into force on the twentieth day following publication in the Official Journal, namely 19 March 2026. They apply from 16 April 2026.

For open ended AIFs and UCITS constituted before 16 April 2026, a transitional period applies until 16 April 2027, which is the final deadline for compliance. During this period, pre-existing funds are deemed compliant, although they may opt in earlier from 16 April 2026 by notifying the competent authority of their home Member State.

MARKET ABUSE

ESMA launches consultation on its MAR guidelines

On 19 February 2026, the ESMA launches consultation on its MAR guidelines.

The Listing Act, effective from June 2026, revises the disclosure regime for issuers by excluding intermediate steps of protracted processes from immediate public disclosure. Under the new framework, only the final event or circumstance in such processes must be disclosed as soon as possible after it occurs.

Given this structural shift, ESMA proposes to delete existing legitimate interests for delaying disclosure that relate to protracted processes, as these will no longer fall under disclosure obligations until completion. ESMA also seeks feedback on whether to retain the legitimate interest related to situations where an issuer’s financial viability is in grave and imminent danger, as this may still justify a delay.

To support issuers under the new regime, ESMA proposes additional legitimate interests justifying delayed disclosure:

complying with a confidentiality order issued by a public authority, including for reasons of public policy, security, or health;
needing additional time to collect information on exceptional events, such as major incidents or cyberattacks;
avoiding loss of business opportunities in cases of parallel procurement processes where disclosure of one award would jeopardise participation in others.

ESMA further proposes removing Guideline 2 on situations where delay would mislead the public, as this is no longer part of ESMA’s mandate under the amended MAR.

The consultation runs until 29 April 2026, with ESMA intending to publish the final Guidelines ahead of the new MAR disclosure regime’s application date of 5 June 2026, and a Final Report expected in Q4 2026.

Overall, the proposals aim to simplify disclosure obligations, reduce administrative burden, and provide clarity to issuers under the revised MAR framework.

OTHER - CFO - FINANCE & ACCOUNTING

ESMA publishes its statement on Implementation of IFRS 18 presentation and disclosure in financial statements

On 17 February 2026, the ESMA published its statement on Implementation of IFRS 18 presentation and disclosure in financial statements.

The Statement emphasises the need for high quality application, transparency on the expected impacts, and early preparation given the mandatory retrospective application of the Standard from 1 January 2027, including restatement of 2026 comparatives.

ESMA highlights the main IFRS 18 requirements: (i) introduction of three categories of income and expenses (operating, investing, financing) and two required subtotals; (ii) new rules on management defined performance measures (MPMs), including reconciliations, disclosures, and alignment with ESMA’s existing APM Guidelines; (iii) detailed guidance on location, aggregation/disaggregation and labelling, with a focus on informative and consistent line items; (iv) revised requirements for presentation of operating expenses by nature and/or function; and (v) consequential amendments to IAS 7, IAS 33 and other IFRS standards.

The Statement stresses that issuers may need to modify IT systems, internal reporting processes, classification policies, and governance frameworks. Issuers with specified main business activities (e.g., banks, insurance companies, investment property entities) must reassess classification of certain items, including interest expenses, hedging results, FX differences, and long-term provisions.

ESMA also expects robust disclosures prior to 2027, covering anticipated impacts, accounting policy choices, judgements, main business activity assessments, and planned changes to MPMs.

Furthermore, IFRS 18 has major consequences for ESEF reporting, requiring issuers to conduct a remapping exercise, adapt to revised taxonomy structures, and reassess extension taxonomies.

Overall, ESMA signals a clear expectation of early, well governed, and transparent implementation, reinforced through supervisory monitoring.

EU publishes Commission Regulation (EU) 2026/338 amending Regulation (EU) 2023/1803 as regards IFRS 18

BACKGROUND

On 16 February 2026, the European Commission published Commission Regulation (EU) 2026/338 of 13 February 2026, amending Commission Regulation (EU) 2023/1803 as regards International Financial Reporting Standard 18 Presentation and Disclosure in Financial Statements (IFRS 18).

The Regulation formally incorporates IFRS 18 into the EU-endorsed IFRS framework. IFRS 18 was issued by the International Accounting Standards Board (IASB) on 9 April 2024 with the objective of improving the information communicated in financial statements, in particular in the statement of profit or loss. According to the Regulation, the new standard is intended to strengthen the quality of financial reporting by introducing more consistent presentation requirements, including defined subtotals, enhanced disclosures on management-defined performance measures, and new principles for the aggregation and disaggregation of information.

WHAT'S NEW?

The Regulation inserts IFRS 18 into the annex to Regulation (EU) 2023/1803 and, as a direct consequence, amends a broad set of existing IFRS and IAS standards and interpretations to align them with the new presentation framework. It also withdraws IAS 1 Presentation of Financial Statements, which is replaced by IFRS 18.

At a substantive level, IFRS 18 introduces a revised structure for financial statement presentation. It sets out new rules for how entities must present and disclose information in the statement(s) of financial performance, the statement of financial position, the statement of changes in equity, and the notes. The standard clarifies the different roles of the primary financial statements and the notes, and requires entities to present only material information, while ensuring that material information is not obscured through inappropriate aggregation.

A key change concerns the statement of profit or loss. IFRS 18 requires entities to classify income and expenses into specific categories, namely:

operating;
investing;
financing;
income taxes; and
discontinued operations.

It also introduces mandatory subtotals, including operating profit or loss, profit or loss before financing and income taxes (subject to specified exceptions), and profit or loss.

Another major innovation is the introduction of a dedicated disclosure framework for management-defined performance measures (MPMs). Where an entity uses subtotals of income and expenses in public communications outside the financial statements to reflect management’s view of performance, IFRS 18 requires these measures to be disclosed in a single note, together with:

an explanation of what aspect of performance the measure communicates;
how the measure is calculated;
a reconciliation to the most directly comparable IFRS subtotal or total; and
the related income tax and non-controlling interest effects.

IFRS 18 also strengthens requirements on aggregation and disaggregation, requiring entities to group items based on shared characteristics and to disaggregate where differences are material. In addition, it provides more specific rules for the presentation of operating expenses, including whether they are classified by nature or by function, and requires additional note disclosures where function-based presentation is used.

WHAT'S NEXT?

Under Article 2 of the Regulation, companies must apply these amendments at the latest from the commencement date of their first financial year starting on or after 1 January 2027.

The Regulation itself enters into force on the twentieth day following its publication in the Official Journal of the European Union. From that point, the EU endorsement of IFRS 18 is in place, but the mandatory application date for companies remains linked to financial years beginning on or after 1 January 2027.

Entities reporting under IFRS in the EU will therefore need to prepare for the transition from IAS 1 to IFRS 18, including updates to financial statement presentation, note disclosures, internal reporting frameworks and any disclosures relating to management-defined performance measures.

REPORTING

ESMA publishes supervisory briefing on AAR representativeness obligation

On 20 February 2026, the ESMA publishes Supervisory briefing on AAR representativeness obligation.

This briefing provides non binding guidance to National Competent Authorities (NCAs) on supervising counterparties subject to Articles 7a and 7b of EMIR and Annex III of Commission Delegated Regulation (EU) 2026/305.

The briefing clarifies supervisory expectations stemming from the EMIR 3 reforms aimed at mitigating financial stability risks created by EU counterparties’ reliance on systemically important third country CCPs (Tier 2 CCPs). The AAR requires certain financial and non financial counterparties to maintain an operational and representative active account at EU CCPs. ESMA’s guidance focuses on the methodology for identifying the “most relevant subcategories” of derivative contracts and on reporting requirements for demonstrating compliance with the representativeness obligation.

For identifying subcategories, ESMA reiterates that counterparties must determine, on a continuous basis and for each reference period, the required number of most relevant subcategories as defined in the RTS. The briefing provides detailed tables specifying the number of subcategories for EUR OTC IRD, PLN OTC IRD and EUR STIR products, including distinctions for counterparties with exposures above or below EUR 100bn.

For compliance assessment, ESMA clarifies that counterparties must demonstrate on an annual average basis - that at least five trades have been cleared in each of the identified most relevant subcategories. Although identification occurs per reference period, reporting and compliance are based on trades cleared during the preceding 12 month rolling period. ESMA notes that this approach simplifies reporting but may create uncertainty for entities with volatile trading patterns. Examples and sample tables are provided to illustrate calculation of averages, selection of subcategories and reporting templates.

The briefing is non binding and intended to promote supervisory convergence, simplify supervisory interactions and reduce unnecessary complexity while safeguarding market integrity.

EU publishes Commission Delegated Regulation (EU) 2026/305 supplementing EMIR AAR

BACKGROUND

On 6 February 2026, the European Commission published Commission Delegated Regulation (EU) 2026/305 of 29 October 2025, supplementing Regulation (EU) No 648/2012 on OTC derivatives, central counterparties and trade repositories (EMIR) with regard to the operational conditions, representativeness obligation and reporting requirements related to the active account requirement.

This delegated regulation specifies how counterparties subject to the active account requirement under Article 7a of EMIR must demonstrate that their EU active account is genuinely operational, how they must comply with the representativeness obligation, and what information they must report to their competent authorities under Article 7b. It therefore operationalises the EMIR active account framework by setting detailed requirements on account functionality, clearing capacity, trade representativeness and supervisory reporting.

WHAT'S NEW?

The regulation introduces detailed requirements across three main areas.

- Operational conditions: counterparties must have contractual arrangements, internal policies and procedures, and sufficient IT connectivity to access and use an active account at an authorised EU CCP, whether directly or through a clearing member or client clearing provider.

- Capacity and testing: counterparties must demonstrate that they have systems to monitor exposures, arrangements to support a large shift of positions or large inflows of trades at short notice, adequate human resources, and annual technical and functional stress tests of the account setup.

- Representativeness obligation: the regulation defines how counterparties must ensure that clearing in the active account is representative for euro-denominated OTC interest rate derivatives, Polish zloty-denominated OTC interest rate derivatives, and euro-denominated short-term interest rate derivatives. It specifies the relevant derivative classes, maturity buckets, trade size ranges and reference periods to be used.

- Reporting requirements: every six months, counterparties must report counterparty and group information, aggregate exposures by derivative category and CCP, confirmation of compliance with operational conditions, and detailed information on the most relevant subcategories and numbers of trades cleared for representativeness purposes, using the standardised templates in Annexes II and III.

The regulation also applies a proportionate approach in some areas, notably for the representativeness obligation, where the applicable reference periods differ depending on product type and, in certain cases, on whether the counterparty’s notional clearing volume exceeds EUR 100 billion.

WHAT'S NEXT?

The regulation enters into force on the twentieth day following its publication in the Official Journal of the European Union. The first reporting submission must take place on the first reporting date falling no earlier than six months from 26 February 2026 and must cover the full period from that date until the reporting date. Thereafter, counterparties must submit reports every six months, on the last day of January and the last day of July.

REPORTING & DISCLOSURES

EU publishes Omnibus I Directive

BACKGROUND

On 26 February 2026, the European Parliament and the Council published in the Official Journal of the European Union Directive (EU) 2026/470 (Omnibus I Directive) amending Directive 2006/43/EC (Audit Directive), Directive 2013/34/EU (Accounting Directive), Directive (EU) 2022/2464 (CSRD) and Directive (EU) 2024/1760 (CSDDD).

The Directive forms part of the European Union’s regulatory simplification agenda aimed at reducing reporting and compliance burdens for companies while maintaining the policy objectives of the European Green Deal and the Sustainable Finance Action Plan. It introduces amendments to the corporate sustainability reporting framework established under the Accounting Directive and the Corporate Sustainability Reporting Directive (CSRD), as well as to the statutory audit framework governing the assurance of sustainability reporting and to the corporate sustainability due diligence framework under the Corporate Sustainability Due Diligence Directive (CSDDD).

The amendments revise the scope of undertakings subject to sustainability reporting obligations, adjust assurance and audit provisions applicable to sustainability disclosures, introduce protections for certain undertakings within reporting entities’ value chains, and amend elements of the EU due diligence framework applicable to large companies operating in the Union.

WHAT'S NEW?

The Directive introduces several modifications to the EU sustainability reporting and due diligence framework.

First, the scope of mandatory sustainability reporting under the Accounting Directive and CSRD is revised. Sustainability reporting obligations now apply to undertakings and groups exceeding EUR 450 million in net turnover and more than 1,000 employees during the financial year. The revised scope also applies to credit institutions and insurance undertakings.

Second, the Directive introduces protections for undertakings in reporting entities’ value chains with fewer than 1,000 employees. These undertakings may decline requests for information exceeding the limits defined in voluntary sustainability reporting standards, and reporting undertakings may rely on self-declarations to determine their size.

Additional changes include:

Postponement of the adoption of limited assurance standards for sustainability reporting to 1 July 2027, and removal of the requirement to adopt reasonable assurance standards.
Introduction of voluntary sustainability reporting standards for undertakings with fewer than 1,000 employees.
Removal of the empowerment for the Commission to adopt sector-specific sustainability reporting standards.
Adjustments to sustainability reporting requirements for third-country undertakings, including revised turnover thresholds.

The Directive also introduces amendments to the CSDDD, including revised scope thresholds of 5,000 employees and EUR 1.5 billion net turnover, and modifications to certain due diligence procedures, stakeholder engagement requirements and enforcement provisions.

Omnibus I “Substance” Directive – publication and timeline

The Omnibus I “Substance” Directive has been published in the EU Official Journal on 26 February 2026. Member States have 12 months from entry into force of the legislation to complete transposition. Member States that have not yet transposed the original CSRD are expected to do so in one step, while others will need to only transpose the ‘Substance’ Directive.

(Potential) exemption for FY 2025 and FY 2026: ‘Wave 1’ CSRD companies that do not meet the revised thresholds.
19 July 2026: DELEGATED ACT ON V-ESRS. EU Commission adoption
18 September 2026: DELEGATED ACT ON ESRS SET 1 REVISION. EU Commission adoption
19 March 2027: Application of CSRD (subject to transposition of Directive), with first report to be submitted in 2028
19 March 2028: third-country group reporting under CSRD (Article 40a).
28 July 2028: transposition of CSDDD
26 July 2029: application of CSDDD for all companies meeting the revised thresholds, with first statement required in 2030

WHAT'S NEXT?

Member States must transpose the provisions relating to sustainability reporting and audit amendments by 19 March 2027.

The revised CSRD framework will apply from 19 March 2027, subject to national transposition. Reporting obligations for third-country groups under Article 40a of the Accounting Directive will apply from 19 March 2028.

Member States must transpose the amendments to the CSDDD by 28 July 2028, and the revised due diligence obligations will apply from 26 July 2029 to companies meeting the updated thresholds.

More
EU publishes Omnibus I Directive

SECONDARY MARKET/TRADING

EC publishes draft Delegated regulation amending MiFID II research and execution

On 20 February 2026, the EC published draft Delegated regulation amending MiFID II research and execution.

The Directive updates the MiFID II framework following changes introduced by Directive (EU) 2024/2811 (“Listing Act”), which provides investment firms greater flexibility in choosing how to organise payment for third-party research and execution services. The publication aims to ensure consistent EU-wide application of these new rules and to promote the availability of high-quality investment research, particularly on small and mid-cap companies.

The amendments primarily revise Article 13 of Delegated Directive (EU) 2017/593. The Directive establishes conditions for firms opting to operate separate research payment accounts (RPAs), including obligations on budgeting, client disclosure, identifying charges, maintaining audit trails, and ensuring research budgets reflect actual needs. The rules prohibit linking research charges to trading volumes and prohibit using RPA funds to finance internal research.

A key addition requires all investment firms, regardless of payment method (joint or separate), to conduct an annual quality assessment of third-party research based on robust criteria assessing quality, usability, value, and contribution to improved investment decisions. Where deficiencies are identified, firms must take appropriate remedial actions, including engaging providers, ceasing use of insufficient research, or changing providers.

The Directive also sets harmonised transposition and application deadlines: Member States must transpose the rules by 5 June 2026, with application from 6 June 2026. Entry into force occurs on the twentieth day following publication in the Official Journal.

Overall, the Delegated Directive ensures improved transparency, investor protection, and consistent supervisory expectations regarding the organisation, financing, and quality control of investment research across the EU.

ESMA publishes final report on draft RTS to further detail the new EMIR clearing thresholds regime

BACKGROUND

On 25 February 2026, ESMA published its Final Report on the draft technical standards amending Commission Delegated Regulation (EU) No 149/2013 to further detail the new EMIR clearing thresholds regime.

The report follows ESMA’s April 2025 consultation and sets out the proposed amendments needed to implement the revised clearing thresholds framework introduced by EMIR 3. The reform changes how counterparties assess whether they are above the clearing thresholds and therefore subject to the clearing obligation. In particular, the new regime moves away from the previous distinction between OTC and exchange-traded derivatives and instead focuses primarily on uncleared OTC derivatives. Under EMIR 3, financial counterparties (FCs) must calculate both their uncleared OTC positions and, where relevant, their aggregate OTC positions (cleared and uncleared), while non-financial counterparties (NFCs) only count their uncleared OTC positions.

The report also covers two related elements of the new framework: the criteria for determining which OTC contracts qualify as hedging transactions for NFCs, and the mechanisms that should trigger a future review of the clearing thresholds. ESMA states that, in designing the new regime, it sought to preserve a broadly similar population of counterparties within scope of mandatory clearing while also reflecting the benefits of central clearing and limiting unnecessary operational burden.

WHAT'S NEW?

The main development is ESMA’s proposed calibration of the new clearing thresholds under EMIR 3.

For financial counterparties, ESMA confirms that an aggregate threshold should continue to apply only for the asset classes already subject to the clearing obligation, namely:

interest rate derivatives: EUR 3 billion;

credit derivatives: EUR 1 billion.

ESMA considers these aggregate thresholds necessary to avoid excluding FCs with large cleared portfolios from the clearing obligation. At the same time, it does not propose aggregate thresholds for equity, FX or commodity derivatives, as there is no clearing obligation for those asset classes and imposing a second layer of thresholds would create unnecessary burden.

For uncleared OTC positions, which will be relevant for both FCs and NFCs, ESMA proposes updated thresholds intended to preserve broadly comparable market coverage under the new methodology. In the part of the report provided, ESMA explains in particular that:

for interest rate derivatives, it proposes an uncleared threshold of EUR 2.2 billion, together with the maintained aggregate threshold of EUR 3 billion for FCs;

for credit derivatives, ESMA analyses possible levels for the uncleared threshold alongside the maintained aggregate threshold of EUR 1 billion.

More broadly, the final report explains that the recalibration exercise is based on updated trade repository data and seeks to keep the framework proportionate by capturing the most relevant counterparties and most of the systemic notional, without materially expanding the scope of mandatory clearing.

The report also confirms several policy choices from the consultation:

NFCs will assess thresholds at entity level, rather than by aggregating all NFCs in the group, while FCs generally remain subject to group-level calculation;
hedging transactions for NFCs remain excluded from the threshold calculation, and ESMA revisits the criteria for identifying such risk-reducing contracts, including specific feedback on structured hedging arrangements such as virtual PPAs;
ESMA does not propose more granular thresholds for commodity derivatives at this stage, despite EMIR 3 inviting consideration of that option;
the report includes a new trigger framework for future reviews of the thresholds, while aiming to keep that process flexible and predictable.

Overall, ESMA presents the new regime as a recalibration rather than a redesign of the clearing obligation: the methodology changes significantly, but the intended outcome is that a similar core population of relevant counterparties remains within scope.

WHAT'S NEXT?

The draft amending regulatory technical standards (RTS) will now be submitted to the European Commission for adoption. In accordance with Article 10 of Regulation (EU) No 1095/2010, the Commission has three months to decide whether to endorse the proposed amendments.

Until the amended RTS enter into force, the current clearing thresholds framework under Commission Delegated Regulation (EU) No 149/2013 continues to apply.

ESMA also clarifies that, once the amended Delegated Regulation enters into force, counterparties may perform the new clearing threshold calculations at the same time of the year as under the current regime, which is mostly June, or earlier for counterparties that wish to apply the new regime sooner.

EU publishes Commission Delegated Regulation (EU) 2026/482 amending rules on liquid markets and post-trade risk reduction services

BACKGROUND

On 27 February 2026, the European Commission published in the Official Journal of the European Union Commission Delegated Regulation (EU) 2026/482 amending Delegated Regulation (EU) 2017/567 as regards the determination of what constitutes a liquid market for equity instruments, the obligation to provide market data on a reasonable commercial basis, the size specific to the instrument for the purposes of obligations for systematic internalisers, and the definition of and disclosure for post-trade risk reduction services.

The Regulation supplements Regulation (EU) No 600/2014 (MiFIR) and updates technical provisions contained in Delegated Regulation (EU) 2017/567. The amendments reflect changes introduced by Regulation (EU) 2024/791, which revised elements of the MiFIR transparency framework, including the criteria for determining liquid markets for equity instruments, requirements relating to market data access, provisions concerning systematic internalisers, and rules governing post-trade risk reduction (PTRR) services.

The objective of the Regulation is to align existing technical standards with the updated MiFIR framework, clarify the methodology used to assess liquidity in equity instruments, and specify the conditions under which certain post-trade risk reduction services may benefit from exemptions from transparency and trading requirements. The provisions apply to market operators, investment firms operating trading venues, systematic internalisers, approved publication arrangements (APAs), consolidated tape providers, and other market participants subject to MiFIR transparency requirements.

WHAT'S NEW?

The Regulation introduces several amendments to Delegated Regulation (EU) 2017/567 to reflect changes introduced by Regulation (EU) 2024/791.

First, the criteria used to determine whether a share has a liquid market are updated. The previous free-float criterion is replaced by a market capitalisation criterion, reflecting the revised MiFIR framework. Under the updated methodology, a share traded daily is considered to have a liquid market where:

market capitalisation is at least EUR 100 million,
the average daily number of transactions is at least 250, and
the average daily turnover is at least EUR 1 million.

The Regulation also clarifies how the average daily turnover and the average daily number of transactions are calculated, specifying that the denominator corresponds to the number of days on which the financial instrument was available for trading on the most relevant market in terms of liquidity.

In addition, the Regulation introduces a clarification that other financial instruments similar to shares, depositary receipts, ETFs or certificates are deemed illiquid throughout their entire trading life.

Further amendments include:

Deletion of Chapter II of Delegated Regulation (EU) 2017/567, following the adoption of Commission Delegated Regulation (EU) 2025/1156 specifying the obligation to provide market data on a reasonable commercial basis.
Removal of provisions on size specific to the instrument for systematic internalisers in non-equity instruments, following amendments to MiFIR.
Deletion of publication requirements relating to portfolio compression services.

The Regulation also introduces provisions specifying the characteristics of post-trade risk reduction (PTRR) services. These services must be provided by a third-party provider on the basis of predefined non-discretionary rules, aim to reduce risk in derivatives portfolios, be market-risk neutral, and not contribute to price formation. PTRR services include compression, rebalancing and basis risk optimisation services.

WHAT'S NEXT?

The Regulation enters into force on the third day following its publication in the Official Journal of the European Union.

Most provisions apply from that date. However, the deletion of Chapter II of Delegated Regulation (EU) 2017/567, relating to the obligation to provide market data on a reasonable commercial basis, will apply from 23 August 2026, aligning with the application date of Delegated Regulation (EU) 2025/1156.

The Regulation is binding in its entirety and directly applicable in all Member States.

SUPERVISION

ESMA publishes its 2027-2029 Programming Document

On 5 February 2026, the ESMA published its 2027-2029 Programming Document.

The document outlines the general context shaping ESMA’s mandate, including modest economic growth, elevated geopolitical risks, digitalisation, and increased supervisory responsibilities. Across 2027–2029, ESMA will focus on implementing major EU reforms—including the Savings and Investment Union (SIU), EMIR 3 revision, CSDR Refit, MiFID/MiFIR amendments, the SFDR review, and progressive implementation of DORA. ESMA highlights simplification and burden reduction as horizontal priorities, aiming to streamline guidance, reduce regulatory complexity, and modernise reporting frameworks.

A central part of the programme is the operationalisation of expanded direct supervisory mandates, including Consolidated Tape Providers (CTPs), ESG rating providers, external reviewers of European Green Bonds, benchmark administrators, and systemically important third country CCPs. Key milestones include supervising equity and derivatives CTPs, monitoring the EU wide shift to T+1 settlement by October 2027, and delivering new Level 2/3 measures resulting from legislative reviews.

Digital and data driven supervision feature prominently, with further implementation of the ESMA Data Strategy and Digital Strategy, enhanced AI powered supervisory tools, rollout of the ESMA Data Platform, and phased deployment of the European Single Access Point (ESAP) from 2027. ESMA also sets out multi annual staffing and budget needs, including resource pressures linked to DORA oversight of critical ICT third party providers.

Overall, the document reflects a transition period in which ESMA must absorb new mandates, reinforce supervisory convergence, and evolve its capabilities in data, digitalisation, sustainability, crypto assets, and market infrastructure, while ensuring resilient, transparent, and well supervised EU financial markets.

BELGIUM

ANTI-MONEY LAUNDERING / COMBATING TERRORISM FINANCING / COMBATTING PROLIFERATION FINANCING (AML/CFT/CPF)

BnB publishes circular NBB_2026_02, launching the annual AML/CFT periodic questionnaire for supervised financial institutions

BACKGROUND

On 16 February 2026, the National Bank of Belgium (NBB) published Circular NBB_2026_02 on the periodic questionnaire relating to the prevention of money laundering and terrorist financing.

The circular sets out the 2026 AML/CFT reporting framework for Belgian credit institutions, stockbroking firms, life insurance undertakings, payment institutions, electronic money institutions, clearing institutions, as well as relevant EU and non-EU branches and certain EEA firms operating in Belgium through agents or distributors. It forms part of the NBB’s risk-based supervisory approach and is intended to collect standardised information on both institutions’ inherent ML/TF risks and the quality of the mitigating controls they have implemented.

The circular also anticipates the future operationalisation of the new EU Anti-Money Laundering Authority (AMLA). While the overall structure of the questionnaire remains broadly stable compared with the previous edition, the 2026 exercise introduces a new form intended to assess institutions’ possible eligibility for direct AMLA supervision, ahead of the broader European convergence of AML/CFT supervisory practices expected from 2027 onwards.

WHAT'S NEW?

The 2026 edition maintains the NBB’s annual AML/CFT data collection but introduces a more explicit European dimension by preparing for the future AMLA framework.

A first key development is the introduction of a new common form dedicated to AMLA eligibility assessment. This form is designed exclusively to gather factual information allowing the NBB to determine whether an institution, or the group to which it belongs, may meet the geographical criteria for direct AMLA supervision under Regulation (EU) 2024/1620. In particular, institutions must indicate whether they belong to a group, identify the EU parent where relevant, map physical establishments across Member States, and provide quantitative information on cross-border activity carried out under the freedom to provide services, including client numbers and annual transaction volumes.

The circular also confirms that institutions must continue to complete the common questionnaire plus the sector-specific forms relevant to the activities they actually perform, via OneGate. The periodic exercise therefore remains structured around both common AML/CFT risk information and activity-based modules, while adding the AMLA-related component.

In addition, the annexed common questionnaire shows that the NBB expects a broad and granular data set covering, among other things:

governance and organisation, including the persons responsible at board, compliance and AML/CFT levels, staffing levels, internal audit involvement, training arrangements and outsourcing oversight;
geographical footprint and cross-border exposure, including subsidiaries, branches, agents, introducers and customer exposure to higher-risk jurisdictions;
customer base and risk profile, including client numbers, legal form, occasional clients, customer risk segmentation, remote onboarding, beneficial owners and politically exposed persons;
products and business activities, including banking and financing, investment and wealth management, payment and e-money services, life insurance activities, and also whether the institution already provides or plans to provide crypto-asset services or issue crypto-assets within the meaning of Regulation (EU) 2023/1114;
transaction monitoring and control effectiveness, including atypical transactions, suspicious transaction reporting to the CTIF, fraud cases, account closures for AML/CFT reasons, sanctions screening and embargo-related controls.

The questionnaire therefore goes beyond a high-level compliance check and seeks detailed supervisory information on the institution’s risk exposure, control framework, operational set-up and business model.

WHAT'S NEXT?

Institutions must submit their responses through the OneGate platform by 15 May 2026 at the latest.

The reporting package includes:

a common form applicable to all institutions within scope;
one or more sector-specific forms, depending on the activities effectively carried out
a common form relating to eligibility for direct AMLA supervision.

Forms that are not relevant to the institution’s activities must be marked as non-applicable through the dedicated OneGate functionality.

The reporting reference date remains 31 December 2025. Quantitative questions generally relate either to the position as at that date or to the full 2025 calendar year, while qualitative answers must also reflect the institution’s situation as at 31 December 2025.

The NBB states that the information submitted through the questionnaire will be used together with other supervisory sources, such as inspections, contacts with institutions, auditor findings, CTIF information and exchanges with other authorities, in order to assess institutions’ residual AML/CFT risk and determine supervisory priorities. It also indicates that this 2026 edition is a transitional step before a broader restructuring of the questionnaire expected for 2027, aligned with the future harmonised EU risk assessment methodology.

FSMA publishes circular FSMA_2026_03, which introduces and explains the updated periodic AML/CFT questionnaire

BACKGROUND

On 12 February 2026, the FSMA published Circular FSMA_2026_03 on the periodic questionnaire relating to anti-money laundering and counter-terrorist financing (AML/CFT). The circular informs supervised entities about the content of, and submission arrangements for, the annual questionnaire used by the FSMA to assess the compliance and effectiveness of the AML/CFT framework they have put in place.

The questionnaire is presented as an important tool supporting the FSMA’s ongoing AML/CFT supervision. It is intended to collect standardised information on both the inherent ML/TF risks affecting supervised entities and the quality of their risk-mitigation measures, allowing the FSMA to establish each entity’s AML/CFT risk profile and set supervisory priorities accordingly.

The circular applies to a broad range of Belgian-regulated entities and Belgian branches, including, among others, investment firms, UCITS and AIF managers, bureaux de change, independent financial planners, self-managed investment companies, banking and investment services brokers, insurance intermediaries active in life business, and certain lenders.

WHAT'S NEW?

The circular sets out the 2026 periodic AML/CFT reporting exercise and provides operational detail on its scope, format and submission process.

Annual AML/CFT questionnaire confirmed
The FSMA confirms that supervised entities must submit annual standardised AML/CFT information allowing it to assess both inherent risk exposure and the effectiveness of internal controls.

Six sector-specific questionnaires
Rather than using a single form, the FSMA maintains six distinct questionnaires, tailored to the different categories of supervised entities:

AML_AMC for asset management-related entities;
AML_EXC for bureaux de change;
AML_IFP for independent financial planners;
AML_INBABR for banking and investment services brokers;
AML_INAS for insurance intermediaries; and
AML_LE for lenders.

Common questionnaire structure
Each questionnaire is organised into five sections:

entity/intermediary/lender;
clients;
transactions;
overall risk assessment; and
procedures.

Exclusive use of the FiMiS platform
Submission must be made electronically via the FiMiS platform. Other transmission methods will not be taken into account.

Different access arrangements depending on entity type
Intermediaries and lenders access FiMiS through CABRIO, while the other entities access it through the FSMA’s digital portal. For entities in scope under points 1 to 10, two authorised persons must be officially designated to submit the AML questionnaires.

Clarification of reporting methodology
The circular explains how questions must be answered, distinguishes between statistical questions and qualitative questions, and confirms that responses must be sincere, objective and aligned with the entity’s actual AML/CFT framework.

Filter questions and nil returns
Certain questionnaires include filter questions that may exempt some entities from completing the full questionnaire. In such cases, the questionnaire must still be submitted, with the relevant filter responses and “Nihil” boxes completed where required.

Management accountability reinforced
The FSMA states that the effective management remains ultimately responsible for the accuracy of the responses, while expecting the AMLCO to play a central role in preparing the submission.

WHAT'S NEXT?

The circular sets out the reporting timetable and the practical steps expected from supervised entities.

The questionnaire relating to 31 December 2025 is made available on the FiMiS platform from 12 February 2026 and must be completed as soon as possible and no later than 12 March 2026.

Entities should ensure that they use the correct questionnaire for their sector, verify that the persons authorised to submit through FiMiS are properly designated, and complete the questionnaire in accordance with the methodology described by the FSMA. For statistical questions, responses should generally reflect either the position at 31 December 2025 or the 2025 calendar year, depending on the wording of the question. For qualitative questions, entities should answer based on their situation at the time of completion.

The FSMA also indicates that it may use the information collected through the questionnaire together with other supervisory sources, including on-site inspections, contacts with entities, complaints, auditor reports, information exchanged with the CTIF and other authorities, to assess AML/CFT risk and define supervisory priorities. It further notes that it may verify the accuracy and quality of the answers during targeted controls or inspections.

DIGITAL ASSETS

Belgium publishes royal decree on FSMA funding for crypto-asset supervision

On 3 February 2026, Belgium published a royal decree concerning the coverage of FSMA’s operating costs related to the supervision of public offers of crypto assets and crypto asset service providers.

The text specifies that issuers of crypto assets, persons seeking admission to trading, and platform operators must contribute to FSMA’s costs when notifying white papers. A fee of six thousand euros is charged for each notification, while modifications to a white paper require an additional contribution of five hundred euros. The decree also sets fixed annual contributions for issuers of asset referenced tokens, amounting to ten thousand euros per year, and introduces a detailed fee schedule for crypto asset service providers.

Applicants seeking authorization to provide crypto asset services must pay a base contribution of twenty thousand euros, supplemented by service specific surcharges such as twenty five thousand euros for operating a trading platform or fifteen thousand euros for custody services. Once authorized, providers are subject to annual supervisory fees of twenty thousand euros plus the same service specific surcharges. These measures ensure that the FSMA’s supervisory activities are sustainably funded and that the costs of regulation are borne directly by the actors operating in the crypto asset market.

In essence, the Royal Decree formalizes the financial obligations of crypto asset issuers and service providers in Belgium, aligning national practice with MiCA’s requirements and reinforcing the FSMA’s capacity to oversee this rapidly evolving sector.

The decree entered into force retroactively on 3 January 2026 and establishes a comprehensive framework for financing the regulator’s oversight activities under the EU MiCA Regulation.

FSMA publishes supervisory communications integrating ESMA and ESA guidelines on crypto-asset classification under MiCA

On 10 February 2026, the FSMA published two supervisory communications announcing the integration of new ESMA and European Supervisory Authorities (ESA) guidelines into its supervisory framework concerning the classification of crypto assets under the EU MiCA Regulation (Regulation 2023/1114).

The first communication, FSMA_2026_04, concerns ESMA’s guidelines on the conditions and criteria for determining whether a crypto asset should be considered a financial instrument. ESMA issued these guidelines on 19 March 2025 under Article 16 of Regulation 1095/2010, which requires authorities and market participants to “make every effort” to comply. Their purpose is to ensure a uniform understanding of Article 2(4)(a) MiCA, which governs the boundary between MiCA and the MiFID II regime. The guidelines provide clarification on when a token such as a utility token, NFT, or hybrid token possesses characteristics that bring it within the definition of a financial instrument. The FSMA explicitly states that it will incorporate these guidelines into its supervisory practice when assessing compliance with MiCA.

The second communication, FSMA_2026_05, introduces ESA guidelines on explanatory models, opinion templates, and the standardised regulatory test required to classify crypto assets under Article 97(1) MiCA. These guidelines, published on 10 December 2024, set out a harmonised model for issuers, offerors, and trading platform operators who must notify their crypto asset white paper to the competent authority and justify why the asset falls within MiCA rather than being categorised as an Asset Referenced Token (ART) or E Money Token (EMT). The guidelines also include a detailed flowchart based assessment tool and structured explanation templates (Annex A and C), designed to ensure consistent application of MiCA classification rules across the EU. The FSMA confirms it will integrate these guidelines into its enforcement and supervisory processes.

These documents significantly reinforce Belgium’s alignment with EU MiCA implementation and provide essential guidance for all market participants engaged in crypto asset issuance, trading, and service provision.

DIGITAL OPERATIONAL RESILIENCE

FSMA announces a limited update to the DORA Register of Information (ROI) process for 2026

On 17 February 2026, the FSMA announced a limited update to the DORA Register of Information (ROI) process for 2026.

In 2025, all entities subject to DORA created an ROI listing their contractual arrangements with ICT third party service providers, which the FSMA collected via the FiMiS survey and transmitted to the ESAs (EBA, ESMA, EIOPA) to enable the designation of critical ICT providers. The exercise will be repeated in 2026 but on a smaller scale: only a restricted set of entities will need to resubmit their ROI. Those whose situation has not changed since last year may simply confirm this, while others may update previous data or submit a new register. The submission process and FiMiS technical specifications remain unchanged.

For 2026, the obligation to file an ROI applies to market operators, portfolio management and investment advisory firms, UCI and OPCA management companies, and self managed UCIs. Grouped entities must file only at the highest FSMA supervised consolidation level. Insurance intermediaries, IORPs, and crowdfunding platforms are exempt from submission but must still maintain an up to date internal register and provide it upon request.

The 2026 ROI must be submitted by 20 March 2026, using the same FiMiS templates as in 2025. Firms that filed last year may reload their data automatically, if changes are needed, they can amend entries manually or upload a compliant CSV/JSON package. The reference date for all data is 31 December 2025.

BRAZIL

ACCOUNTING

CVM publishes Ofício Circular 1/2026/SNC/SEP providing accounting guidance on the treatment of cloud computing arrangements

On 3 February 2026, the CVM published Ofício Circular 1/2026/SNC/SEP providing accounting guidance on the treatment of cloud computing arrangements, particularly Software as a Service (SaaS) contracts, in the financial statements of publicly held companies.

The circular responds to market inconsistencies observed by CVM and aligns local practice with the IFRS Interpretations Committee (IFRS IC) Agenda Decisions issued in 2019 and 2021. CVM clarifies that SaaS arrangements, as typically structured, do not transfer control of the underlying software to the customer. Instead, they grant only a right of access to software hosted and controlled by the provider. As a result, SaaS contracts should be treated as service contracts, not as leases (CPC 06/IFRS 16) and not as intangible assets (CPC 04/IAS 38). The customer does not control the software, cannot direct its use, and does not obtain substantially all economic benefits from it.

The circular also provides detailed guidance on the accounting treatment of configuration and customization costs incurred during SaaS implementations. In most cases, these expenditures do not meet the definition of an intangible asset because they do not create a separable, controllable resource. Such costs should therefore be recognized as expenses when the related services are received. Only in specific cases such as when configuration work creates additional code or modifies local systems that the customer controls may capitalization be appropriate.

CVM further explains how to determine the timing of expense recognition depending on whether services are provided by the SaaS supplier or by a third party and reminds issuers to comply with CPC 23 regarding accounting policies, estimates, and error corrections. The circular aims to promote consistency, comparability, and faithful representation in financial reporting involving cloud computing arrangements.

ANTI-MONEY LAUNDERING / COMBATING TERRORISM FINANCING / COMBATTING PROLIFERATION FINANCING (AML/CFT/CPF)

CVM publishes Report 01/26, which disseminates the February 2026 FATF statements

On 25 February 2026, the CVM published CVM Report 01/26, which disseminates the February 2026 FATF statements concerning countries and jurisdictions with strategic deficiencies in anti money laundering, counter terrorist financing and counter proliferation financing (AML/CFT/CPF).

The CVM stresses that monitoring FATF communiqués is a mandatory requirement under CVM Resolution 50, and highlights that the information supports obliged entities in risk assessment and monitoring of clients and operations.

The FATF documents included in the communication list two groups of countries. First, jurisdictions subject to a call for countermeasures (“blacklist”), currently Iran and the Democratic People’s Republic of Korea (DPRK). FATF reiterates that these countries pose significant AML/CFT/CPF risks and calls on all jurisdictions to apply enhanced due diligence or full countermeasures, including restrictions on correspondent banking, prohibitions on branches, and increased scrutiny of transactions. FATF notes Iran’s continued failure to complete its action plan and highlights serious proliferation financing risks in both jurisdictions.

Second, FATF provides an updated list of jurisdictions under heightened monitoring (“grey list”), which continue to work with FATF to address deficiencies but have not yet met required standards. These jurisdictions include Algeria, Angola, Bolivia, Bulgaria, Cameroon, Democratic Republic of Congo, Côte d’Ivoire, Haiti, British Virgin Islands, Yemen, Kuwait, Laos, Lebanon, Monaco, Namibia, Nepal, Papua New Guinea, Kenya, South Sudan, Syria, Venezuela, and Vietnam. The statements detail the progress and outstanding actions for each country, including improvements needed in beneficial ownership transparency, risk based supervision, suspicious transaction reporting, FIU effectiveness, sanctions implementation, prosecution of money laundering, and proliferation finance controls. While enhanced due diligence is not automatically required for grey listed countries, FATF urges members to incorporate this information into their risk analysis frameworks, taking into account humanitarian exceptions established under UN Security Council Resolution 2761 (2024).

The CVM explains that distributing this information forms part of its coordination efforts between its AML/CTF centre and supervisory departments, ensuring that Brazilian intermediaries, institutional investors, and securitisation entities maintain up to date country risk assessments. The publication ensures that market participants have the necessary inputs to maintain ongoing monitoring of customers and operations, in alignment with Brazilian AML legislation and FATF standards

REPORTING

CVM publishes Annual Circular Letter 2026 CVM/SEP

On 26 February 2026, the CVM published Annual Circular Letter 2026 CVM/SEP, a comprehensive regulatory guide that consolidates the obligations, procedures, and supervisory expectations applicable to all publicly held companies in Brazil.

The document outlines how issuers must organize, submit and disclose periodic and event driven information, emphasizing transparency, governance quality, and the use of fully digital reporting environments through the Empresas.NET and Protocolo Digital systems. It clarifies that all filings must be electronic, searchable, and free of restrictions, and that certain actions, such as requests for confidential treatment, appeals, and issuer registration, must be executed using advanced or qualified digital signatures authenticated via the gov.br platform under standards introduced by Decreto nº 10.543/20.

The circular confirms the scope of obligations under Resoluções CVM nº 80/22, 81/22 and 44/21, covering registration, financial reporting, governance practices, and disclosure of material events. It defines categories of issuers (A and B), details the procedures for initial registration and subsequent updates, and explains fees, including annual supervisory fees calculated from the issuer’s prior year equity. It further stresses the importance of accurate, timely financial reporting, requiring annual audited financial statements, quarterly ITRs, management reports, auditor opinions, and supporting declarations from directors. For financial institutions and payment institutions regulated by the BCB but also registered with CVM, the circular emphasizes the obligation to prepare consolidated financial statements under IFRS, as mandated by Resolution CMN nº 4.818/20 and Resolution BCB nº 02/20, thereby directly affecting fintechs, payment processors, digital wallets, acquirers, PSPs, and investment related digital platforms that operate within the securities market perimeter.

The document also highlights the increasing digitalization of compliance processes that impact IM, payments, and digital companies, including the mandatory use of structured electronic forms (FRE, DFP, ITR), OCR processed documents, and fully digital corporate governance workflows. It specifies requirements for the disclosure of cyber risks, operational risks, technology dependencies, cloud computing accounting treatment, and other technology driven exposures in the Formulário de Referência. In addition, sustainability disclosure gains prominence with the phased introduction of ISSB aligned sustainability reporting through Resolution CVM nº 193/23, optional in 2024–2025 and mandatory from 2026, signaling a material shift for digital and financial businesses that must align climate related and operational resilience disclosures with international standards.

The circular further provides detailed guidance for assemblies, digital voting mechanisms, corporate actions, projections, related party transactions, insider trading restrictions, and the rules that govern disclosure of material information, all of which are essential for companies operating in fast moving digital and financial markets. For sectors such as investment management and digital payments, where capital increases, reorganizations, derivative exposure, and operational disruptions are common, the document reinforces that any information capable of influencing investor decisions must be promptly disclosed and that digital or hybrid assemblies must guarantee transparency, auditability, and accessible communication with shareholders.

Annual Circular Letter 2026 CVM/SEP emphasis on digital reporting, governance, IFRS financial requirements, sustainability standards, and robust event disclosure makes it a critical reference for ensuring full alignment with CVM’s regulatory expectations in 2026 and beyond.

CVM publishes circular letter 01/2026/SSE clarifying application of daily fines for late fund reporting

On 6 February 2026, the CVM published circular letter 01/26/CVM/SSE to administrators of FIDC, FIAGRO and FII, clarifying the criteria and procedures for applying ordinary daily fines for late or missing periodic reports required under Resolution CVM 175/22 and Resolution CVM 47/21.

CVM explains that the delivery of periodic information listed in Annexes II, III and VI of RCVM 175 constitutes a mandatory and recurring obligation, and therefore delays automatically trigger daily ordinary fines, independently of the administrator’s justification. These fines are objective, automatic, and applied per document and per reference date, up to a maximum of 60 consecutive days, with values that may reach R$ 60,000 per document.

The circular notes that many administrators have appealed the fines, often claiming disproportionate punishment, but CVM reiterates that the fines do not constitute sanctions, they merely enforce compliance with deadlines. Allegations such as system overload, lack of awareness, or operational difficulties will not prevent the fine unless the delay is proven to result from a CVM system failure.

CVM emphasises that administrators must maintain robust internal controls, including dual checks, contingency plans, proper governance, and timely accounting of provisions for fines. Administrators are also responsible for ensuring timely filings during transitions, such as when a fund changes administrators, undergoes category transformation, enters liquidation, or is closed with outstanding reporting obligations.

The circular also reinforces the mandatory submission of CADOC 3040 and CADOC 3044 for FIDC, where applicable, and notes that dispensations must be obtained directly from the Central Bank of Brazil. It further clarifies the updated appeals process under RCVM 159/22, where the Superintendent is now the final decision maker without suspensive effect. Appeals based on the arguments commonly raised will be denied.

FRANCE

ALTERNATIVE PRODUCTS

France Post-Marché publishes position paper on the proposed EU depositary passport under MIP / France Post-Marché publie une prise de position sur le passeport dépositaire UE proposé dans le cadre de MIP

On 25 February 2026, France Post-Marché published a position paper on the European Commission’s proposal to introduce a European depositary passport under the Market Integration and Supervision Package (MIP).

The document sets out France Post-Marché’s assessment of the proposed regulatory change, where the European Commission seeks to allow UCITS and AIF investment funds to appoint a depositary located in a different EU Member State than the fund’s domicile. The paper acknowledges the strategic objective of deeper capital market integration but emphasises the central role of the depositary function in safeguarding investor assets, overseeing compliance with management decisions, and monitoring cash flows. Consequently, France Post-Marché argues that any removal of the current requirement to appoint a depositary in the fund’s home Member State must be approached with exceptional care.

France Post-Marché identifies multiple concerns with the proposed passport: the timing is premature since AIFMD II implementation is ongoing and no prior impact study has been carried out; such a passport risks weakening investor protection by introducing geographic, legal and supervisory complexities; significant national differences in fund regulatory frameworks persist; and the Commission’s rationale, such as potential cost reductions, is unsubstantiated.

The position paper warns of supervisory arbitrage, possible regulatory fragmentation, and structural risks to national asset-management ecosystems if depositary functions were cross-border with insufficient harmonisation. France Post-Marché also highlights that current derogations within AIFMD already accommodate markets with limited local depositary capacity, negating urgency for passporting. It concludes that while the passport concept aligns with liberalisation, its implementation without comprehensive analysis or stakeholder engagement could undermine investor protection and European regulatory stability.

Version française

Le 25 février 2026, France Post-Marché a publié un document de position relatif à la proposition de la Commission européenne visant à introduire un passeport européen pour les dépositaires dans le cadre du Market Integration and Supervision Package (MIP).

Le document présente l’analyse de France Post-Marché concernant cette évolution réglementaire proposée, par laquelle la Commission européenne souhaite permettre aux fonds d’investissement UCITS et AIF de désigner un dépositaire situé dans un État membre de l’UE différent de celui du domicile du fonds. Le document reconnaît l’objectif stratégique visant à renforcer l’intégration des marchés de capitaux, mais souligne le rôle central de la fonction de dépositaire dans la protection des actifs des investisseurs, la surveillance de la conformité des décisions de gestion, ainsi que le suivi des flux de trésorerie. En conséquence, France Post-Marché estime que toute suppression de l’obligation actuelle de désigner un dépositaire dans l’État membre d’origine du fonds doit être abordée avec une prudence particulière.

France Post-Marché identifie plusieurs préoccupations liées au projet de passeport : le calendrier est jugé prématuré dans la mesure où la mise en œuvre de l’AIFMD II est encore en cours et qu’aucune étude d’impact préalable n’a été réalisée ; un tel passeport pourrait affaiblir la protection des investisseurs en introduisant des complexités géographiques, juridiques et de supervision ; des différences nationales importantes subsistent entre les cadres réglementaires applicables aux fonds ; et la justification avancée par la Commission, notamment en matière de réduction potentielle des coûts, n’est pas démontrée.

Le document de position met également en garde contre des risques d’arbitrage prudentiel, une fragmentation réglementaire potentielle, ainsi que des risques structurels pour les écosystèmes nationaux de gestion d’actifs si les fonctions de dépositaire devenaient transfrontalières sans harmonisation suffisante. France Post-Marché souligne également que les dérogations existantes dans l’AIFMD permettent déjà de répondre aux situations où la capacité locale de dépositaires est limitée, ce qui réduit l’urgence d’introduire un passeport. Le document conclut que, bien que le concept de passeport s’inscrive dans une logique de libéralisation du marché, sa mise en œuvre sans analyse approfondie ni consultation des parties prenantes pourrait fragiliser la protection des investisseurs et la stabilité réglementaire européenne.

DIGITAL OPERATIONAL RESILIENCE

eSurfi updates DORA Bank remittance and taxonomy information on eSurfi portal / eSurfi met à jour les informations de remise et de taxonomie DORA Bank sur le portail eSurfi

On 16 February 2026, eSurfi announced updates to the pages dedicated to the DORA Bank regulation. The publication specifies that the sections relating to remittance terms and technical information have been updated. In addition, a new page dedicated to the taxonomy is available on the EBA website.

The update concerns the “Banking – Technical information collected” section of the eSurfi website and relates specifically to reporting requirements under the Digital Operational Resilience framework applicable to banks. The reference to remittance terms indicates modifications or clarifications regarding the modalities for submission of information, while the update to technical information suggests changes or refinements to data specifications, formats, or reporting instructions. The creation of a new taxonomy page signals the formalisation or publication of structured data classifications associated with DORA reporting.

The announcement does not introduce new regulatory requirements but confirms updates to existing guidance and technical documentation supporting DORA-related reporting for banks. The publication is presented as an operational update to the reporting infrastructure and documentation environment maintained by ACPR. No implementation deadlines, transitional arrangements, or enforcement measures are specified in the notice. The communication is informational in nature and limited to the scope of documentation updates on the supervisory reporting portal.

Version française

Le 16 février 2026, eSurfi a annoncé des mises à jour des pages consacrées à la réglementation DORA Bank. La publication précise que les sections relatives aux conditions de transfert et aux informations techniques ont été mises à jour. En outre, une nouvelle page consacrée à la taxonomie est disponible sur le site web de l'ABE.

La mise à jour concerne la section « Banque - Informations techniques collectées » du site web eSurfi et porte spécifiquement sur les exigences de reporting dans le cadre du dispositif de résilience opérationnelle numérique applicable aux banques. La référence aux conditions de transfert indique des modifications ou des clarifications concernant les modalités de soumission des informations, tandis que la mise à jour des informations techniques suggère des changements ou des améliorations au niveau des spécifications, des formats ou des instructions de reporting. La création d'une nouvelle page consacrée à la taxonomie marque la formalisation ou la publication de classifications structurées des données associées aux déclarations DORA.

L'annonce n'introduit pas de nouvelles exigences réglementaires, mais confirme les mises à jour des orientations et de la documentation technique existantes qui soutiennent les rapports liés à la DORA pour les banques. La publication est présentée comme une mise à jour opérationnelle de l'infrastructure de reporting et de l'environnement documentaire gérés par l'ACPR. Aucun délai de mise en œuvre, aucune disposition transitoire ni aucune mesure d'application n'est précisé dans l'avis. La communication est de nature informative et se limite à la portée des mises à jour de la documentation sur le portail de reporting prudentiel.

FINANCIAL INSTRUMENTS

AMF publishes amendments to its General Regulation following ELTIF II / L'AMF publie des modifications à son Règlement Général suite à ELTIF II

On 4 February 2026, the AMF published a communication announcing amendments to its General Regulation to align it with the changes introduced by Regulation (EU) 2023/1114 on European Long-Term Investment Funds (ELTIF II). The legal amendments themselves had already been adopted through the Decree of 26 November 2025 approving modifications to the AMF General Regulation, which was published in the Journal officiel de la République française on 26 December 2025. The AMF publication highlights how the General Regulation has been updated to reflect both the ELTIF II framework and Ordinance No. 2024-662 of 3 July 2024 adapting the national regime applicable to alternative investment funds. The amendments primarily revise Book IV of the AMF General Regulation with the objective of facilitating the application of ELTIF II in France, simplifying valuation and disclosure requirements, and strengthening the competitiveness of collective investment schemes.

The decree aligns the regime applicable to feeder retail investment funds with the AIFM Directive and relaxes conditions governing the creation of unit or share classes conferring different rights over assets, notably for specialised financing vehicles, real estate collective investment undertakings (OPCI) and professional real estate collective investment undertakings (OPPCI). It establishes a regulatory framework for the creation of carried interest units for these funds. The amendments also simplify the procedures for determining, communicating and updating realisation and reconstitution values for real estate investment trusts (SCPI), forest savings companies and forestry investment groups, including changes to valuation frequency requirements.

In addition, the amendments enhance flexibility for professional funds by making share class regimes more adaptable, authorising ELTIF-approved professional specialised funds to offer subscriptions below net asset value under ELTIF II conditions, and extending to all UCITS and AIFs the option to calculate and disclose an estimated value. The decree specifies the calculation methodologies and investor information obligations associated with this estimated value. The revised provisions entered into force on 1 January 2026.

Version française

Le 4 février 2026, l'AMF a publié un décret approuvant les modifications apportées à son règlement général. Le 26 décembre 2025, le Journal officiel de la République française a publié le décret du 26 novembre 2025 approuvant les modifications apportées au règlement général de l'AMF, qui mettent en œuvre les conséquences du règlement (UE) 2023/1114 sur les fonds d'investissement à long terme européens (ELTIF II) et de l'ordonnance n° 2024-662 du 3 juillet 2024 adaptant le cadre national applicable aux fonds d'investissement alternatifs. Les modifications révisent principalement le livre IV du règlement général de l'AMF dans le but de faciliter l'application de l'ELTIF II en France, de simplifier les exigences en matière d'évaluation et d'information et de renforcer la compétitivité des organismes de placement collectif.

Le décret aligne le régime applicable aux fonds communs de placement de détail sur la directive AIFM et assouplit les conditions régissant la création de catégories de parts ou d'actions conférant des droits différents sur les actifs, notamment pour les véhicules de financement spécialisés, les organismes de placement collectif immobilier (OPCI) et les organismes de placement collectif immobilier professionnels (OPPCI). Il établit un cadre réglementaire pour la création de parts avec participation aux plus-values pour ces fonds. Les modifications simplifient également les procédures de détermination, de communication et de mise à jour des valeurs de réalisation et de reconstitution des sociétés civiles de placement immobilier (SCPI), des sociétés d'épargne forestière et des groupements d'investissement forestier, y compris les changements apportés aux exigences en matière de fréquence d'évaluation.

En outre, les modifications renforcent la flexibilité des fonds professionnels en rendant les régimes de catégories d'actions plus adaptables, en autorisant les fonds professionnels spécialisés agréés ELTIF à proposer des souscriptions en dessous de la valeur liquidative dans les conditions prévues par l'ELTIF II, et en étendant à tous les OPCVM et FIA la possibilité de calculer et de publier une valeur estimée. Le décret précise les méthodes de calcul et les obligations d'information des investisseurs associées à cette valeur estimée. Les dispositions révisées entreront en vigueur le 1er janvier 2026.

PRIMARY MARKET

AMF publishes amendments to its General Regulation under the Listing Act Package and Attractiveness Law / L'AMF publie des modifications à son Règlement Général dans le cadre du Listing Act Package et de la loi Attractivité

On 4 February 2026, the AMF published the Order of 4 December 2025 approving amendments to its General Regulation, which updates Books I and II to reflect recent French and EU legislative developments.

The order formally approves a set of amendments to the AMF General Regulation aimed at aligning the regulatory framework with (i) French Law No. 2024-537 of 13 June 2024 on attractiveness (the “Attractiveness Law”) and its implementing decree, (ii) Regulation (EU) 2024/2809, known as the “Listing Act Package”, and (iii) Decree No. 2022-1284 of 3 October 2022 concerning whistleblower procedures.

First, the amendments incorporate changes stemming from the Attractiveness Law by refocusing the obligation to recognise foreign markets. This obligation is now limited to cases involving direct promotional communications addressed to retail investors, thereby narrowing its scope compared with the previous regime.

Second, the General Regulation is adapted to the EU Listing Act Package. The changes concern several aspects of financial information and market transparency requirements, including:

the obligation to translate the summary of a prospectus or a simplified disclosure document;
the threshold triggering the reporting of transactions carried out by persons discharging managerial responsibilities (PDMRs), which is increased to €50,000; and
adjustments to reporting procedures applicable to share buyback programmes.

Third, the order amends the deadline for sending acknowledgements of receipt of whistleblower reports, in order to ensure consistency with the whistleblowing framework introduced by Decree No. 2022-1284.

The order is a formal approval act and does not introduce additional requirements beyond those expressly described, but ensures the enforceability of the revised regulatory provisions within the AMF framework.

Version française

Le 4 février 2026, l'AMF a publié l'arrêté du 4 décembre 2025 approuvant les modifications apportées à son règlement général, qui actualise les livres I et II afin de refléter les récentes évolutions législatives françaises et européennes.

Cet arrêté approuve formellement une série de modifications apportées au règlement général de l'AMF visant à aligner le cadre réglementaire sur (i) la loi française n° 2024-537 du 13 juin 2024 relative à l'attractivité (la « loi Attractivité ») et son décret d'application, (ii) au règlement (UE) 2024/2809, connu sous le nom de « paquet Listing Act », et (iii) au décret n° 2022-1284 du 3 octobre 2022 relatif aux procédures d'alerte.

Premièrement, les modifications intègrent les changements découlant de la loi Attractivité en recentrant l'obligation de reconnaître les marchés étrangers. Cette obligation est désormais limitée aux cas impliquant des communications promotionnelles directes adressées aux investisseurs de détail, ce qui réduit son champ d'application par rapport au régime précédent.

Deuxièmement, le règlement général est adapté au paquet législatif européen sur les cotations en bourse. Les modifications concernent plusieurs aspects des informations financières et des exigences de transparence du marché, notamment :

l'obligation de traduire le résumé d'un prospectus ou d'un document d'information simplifié ;
le seuil déclenchant la déclaration des transactions effectuées par les personnes exerçant des responsabilités de direction (PDMR), qui est porté à 50 000 euros ; et
les ajustements apportés aux procédures de déclaration applicables aux programmes de rachat d'actions.

Troisièmement, l'arrêté modifie le délai d'envoi des accusés de réception des signalements, afin d'assurer la cohérence avec le dispositif de lancement d'alerte mis en place par le décret n° 2022-1284.

L'arrêté est un acte d'approbation formel qui n'introduit pas d'exigences supplémentaires au-delà de celles expressément décrites, mais garantit l'applicabilité des dispositions réglementaires révisées dans le cadre de l'AMF.

REPORTING

eSurfi publishes updates to the AML/CFT reporting template following anomaly corrections / eSurfi publie des mises à jour du modèle de rapport AML/CFT suite à des corrections d'anomalies

On 19 February 2026, eSurfi published a notice announcing an updated version of the “annuel_qlb_general_banque” model under Order 12/2025, correcting previously identified anomalies.

The publication concerns the AML/CFT reporting framework applicable to banks via the eSurfi platform. eSurfi indicates that a corrected version of the “annuel_qlb_general_banque” reporting template has been made available under the section “Statements and Notices – AML-CFT Banque” on the eSurfi Banque et Assurance portal. The update follows the detection of certain anomalies affecting the prior version of the model.

The notice does not introduce new substantive AML/CFT obligations but formally replaces the existing reporting template with a corrected version. The scope is limited to the technical and reporting aspects of the annual AML/CFT questionnaire applicable to banks. The communication does not specify transitional arrangements, revised submission deadlines, or changes to the underlying legal basis beyond referencing Order 12/2025.

The impact is operational and reporting-focused: institutions subject to this annual AML/CFT return must ensure they are using the corrected template for future submissions via eSurfi.

Version française

Le 19 février 2026, eSurfi a publié un avis annonçant une version mise à jour du modèle « annuel_qlb_general_banque » en vertu de l'ordonnance 12/2025, corrigeant les anomalies précédemment identifiées.

Cette publication concerne le cadre de déclaration AML/CFT applicable aux banques via la plateforme eSurfi. eSurfi indique qu'une version corrigée du modèle de déclaration « annuel_qlb_general_banque » est disponible dans la section « Déclarations et avis – AML-CFT Banque » du portail eSurfi Banque et Assurance. Cette mise à jour fait suite à la détection de certaines anomalies affectant la version précédente du modèle.

L'avis n'introduit pas de nouvelles obligations AML/CFT substantielles, mais remplace formellement le modèle de déclaration existant par une version corrigée. Son champ d'application se limite aux aspects techniques et déclaratifs du questionnaire AML/CFT annuel applicable aux banques. La communication ne précise pas les dispositions transitoires, les délais de soumission révisés ou les modifications de la base juridique sous-jacente au-delà de la référence à l'ordonnance 12/2025.

L'impact est opérationnel et axé sur la déclaration : les institutions soumises à cette déclaration annuelle en matière de LBC/FT doivent s'assurer qu'elles utilisent le modèle corrigé pour les futures soumissions via eSurfi.

SUSTAINABLE FINANCE / GREEN FINANCE

Legifrance publishes decree amending the ISR label control and supervision framework / Legifrance publie un décret modifiant le cadre de contrôle et de supervision du label ISR

On 27 February 2026, the French Official Journal published the Decree of 18 February 2026 amending the Decree of 8 January 2016 defining the reference framework and the control and monitoring plan for the “socially responsible investment” label, which formally replaces Annex I governing the control and surveillance plan of the SRI label. The Decree was adopted pursuant to Decree No. 2016-10 of 8 January 2016 and the implementing Decree of 8 January 2016.

Article 1 provides that Annex No. 1 to the 8 January 2016 Decree is replaced in full by a new annex attached to the amending Decree. The revised annex sets out the updated control and monitoring plan applicable to funds benefiting from the “socially responsible investment” label. The annex is made available on the website of the Ministry of the Economy, Finance and Industrial, Energy and Digital Sovereignty. Article 2 provides for publication in the Official Journal. No transitional provisions or phased implementation measures are specified in the published text.

In parallel, the French Treasury (Direction générale du Trésor) published a report detailing the revised control and monitoring framework for the SRI label. The report outlines the operational architecture, supervisory expectations and adjustments to the control methodology underpinning the updated annex. While the Decree provides the formal legal amendment, the Treasury report presents the structured description of the revised framework and its implementation parameters.

Together, the Treasury report and the amending Decree form a coordinated update of the SRI label’s governance and oversight regime: the report sets out the revised control model, and the Decree gives it binding legal effect through the substitution of Annex I.

Version française

Le 27 février 2026, le Journal officiel français a publié le Décret du 18 février 2026 modifiant l’arrêté du 8 janvier 2016 définissant le référentiel ainsi que le plan de contrôle et de suivi du label “investissement socialement responsable”, lequel remplace formellement l’Annexe I régissant le plan de contrôle et de surveillance du label ISR. Le décret a été adopté en application du Décret n° 2016-10 du 8 janvier 2016 et de l’arrêté d’application du 8 janvier 2016.

L’article 1 prévoit que l’annexe n° 1 de l’arrêté du 8 janvier 2016 est remplacée intégralement par une nouvelle annexe jointe au décret modificatif. L’annexe révisée présente le plan de contrôle et de suivi mis à jour applicable aux fonds bénéficiant du label “investissement socialement responsable”. L’annexe est mise à disposition sur le site internet du ministère de l’Économie, des Finances et de la Souveraineté industrielle, énergétique et numérique. L’article 2 prévoit la publication au Journal officiel. Aucune disposition transitoire ni mesure de mise en œuvre progressive n’est mentionnée dans le texte publié.

Parallèlement, la Direction générale du Trésor a publié un rapport détaillant le cadre révisé de contrôle et de suivi du label ISR. Le rapport décrit l’architecture opérationnelle, les attentes de supervision et les ajustements apportés à la méthodologie de contrôle qui sous-tendent l’annexe mise à jour. Alors que le décret prévoit la modification juridique formelle, le rapport du Trésor présente la description structurée du cadre révisé et de ses paramètres de mise en œuvre.

Ensemble, le rapport du Trésor et le décret modificatif constituent une mise à jour coordonnée du régime de gouvernance et de supervision du label ISR : le rapport présente le modèle de contrôle révisé, et le décret lui confère un effet juridique contraignant par la substitution de l’Annexe I.

GERMANY

ARTIFICIAL INTELLIGENCE

Bundesrat publishes Draft law implementing Regulation (EU) 2024/1689 of the European Parliament and of the Council of 13 June 2024 laying down harmonised rules on AI

On 13 February 2026, the Bundesrat published Draft law implementing Regulation (EU) 2024/1689 of the European Parliament and of the Council of 13 June 2024 laying down harmonised rules on AI.

The draft law operationalises the EU AI Act by designating national authorities, defining market-surveillance responsibilities, regulating cooperation structures, and introducing sanctioning mechanisms. The EU Regulation entered into force on 1 August 2024 and becomes fully applicable on 2 August 2026; Member States must designate at least one notifying and one market?surveillance authority by 2 August 2025.

The law assigns the Bundesnetzagentur (BNetzA) a central role: it becomes the primary market-surveillance authority (unless sectoral rules apply), central contact point, coordinator of national authorities, operator of at least one national KI-Reallabor, and innovations hub providing guidance, training, and technical expertise. A fully independent KI-Marktüberwachungskammer is established within BNetzA for certain high-risk KI systems applied in law enforcement, border management, justice, or democracy-related contexts.

Sectoral authorities remain responsible where relevant: BaFin oversees KI systems directly linked to regulated financial activities; Landesbehörden supervise KI systems used by public-sector bodies of the Länder; Landesmedienanstalten oversee KI used for journalistic or advertising purposes. Additional responsibilities fall to BSI, ZITiS, BAuA, BfDI, and the Deutsche Akkreditierungsstelle.

The law amends the Hinweisgeberschutzgesetz, Sozialgesetzbuch, and FinDAG to include KI?related provisions. New obligations apply primarily to authorities, not to citizens or companies; the economic sector faces no additional requirements beyond those already defined in the EU AI Act. Annual administrative costs amount to approx. €49 million (Bund €15.9m; Länder €33.1m).

The legislation includes provisions on sanctions (up to €50,000 for certain violations), coordination rules, testing of high-risk KI systems under real-world conditions, and multi-level reporting procedures. It will be evaluated after three years to assess efficiency, innovation-friendliness, and resource adequacy.

CONSUMER PROTECTION

BGBL publishes Act transposing Directives (EU) 2023/2673 on distance financial services contracts and (EU) 2024/825 on empowering consumers for the green transition.

On 5 February 2026, the BGBL published Act on the Amendment of Consumer Contract and Insurance Contract Law and on the Amendment of Treatment Contract Law.

The act primarily implements Directive (EU) 2023/2673 on distance financial services contracts and Directive (EU) 2024/825 on empowering consumers for the green transition. Key measures tighten information, explanation and withdrawal requirements across distance contracts and off premises contracts, particularly for financial services, insurance contracts and digital distribution channels.

Major elements include:

Expanded pre contractual information duties for distance financial services (Art. 246b §1 EGBGB), covering identity, costs, risks, contract duration, withdrawal modalities and communication channels.
New design requirements for online user interfaces to prevent manipulative design practices (“dark patterns”), including rules on highlighting options, preventing repeated prompts and ensuring simple service termination (Art. 246b §4 EGBGB). -- Mandatory electronic withdrawal function (“cancel contract”) for online distance contracts, with requirements for accessibility, confirmation mechanisms and immediate receipt acknowledgement (§356a BGB).
Revised withdrawal periods and conditions across financial services and insurance law; new obligations regarding provision of contract terms, disclosure of rights and processing of refunds (amendments to §§8–9 and §152 VVG).
Alignment of withdrawal rights in the investment and asset management space (KAGB, VermAnlG) with BGB rules for distance contracts.

The act enters into force largely on 19 June 2026, with certain provisions taking effect the day after publication and others on 27 September 2026.

Overall, the law fundamentally strengthens consumer protection and imposes substantial organisational, technical and compliance requirements on providers of financial and insurance services, especially those using digital channels.

FINANCIAL INSTRUMENTS

BaFin updates its Information sheet Submission of an electronic Notification of Major Holdings

On 3 February 2026, the BaFin updated its Information sheet Submission of an electronic Notification of Major Holdings.

The document outlines the steps required for market participants to submit legally valid notifications of major holdings. It specifies that users must first register and obtain admission to the MVP portal and to the specialised procedure before filing notifications. The sheet then details the submission process (Step 3–5), covering system navigation, selection of the registered person/entity, choice of submission method (XML upload or online form), and technical requirements for each method.

The online form section provides extensive guidance on all mandatory fields, including issuer details, reason for notification, notifiable person information, chain of controlled undertakings, relevant dates, total positions, instruments under Sec.?38 WpHG, proxy voting situations, and technical features such as automated calculations, session time limits, and error messages. It also describes constraints such as the impossibility of saving draft entries and the need to re enter data for each new notification.

The sheet further explains the treatment of annex information submitted only to BaFin, document generation after successful filing, and the mandatory requirement to send both the PDF and XML versions of the notification to the issuer. It clarifies that issuers may set their own technical requirements for receiving electronic notifications, including designated email addresses or portals.

Overall, the information sheet provides a detailed procedural and technical guide to ensure complete, accurate, and compliant submission of major holdings notifications using the MVP portal.

OTHER - PRUDENTIAL REQUIREMENTS

Bundesrat publishes Act on the Implementation of Directive (EU) 2024/1619 of the European Parliament (Banking Directive Implementation and Bureaucracy Relief Act - BRUBEG)

On 13 February 2026, the Bundesrat published Act on the Implementation of Directive (EU) 2024/1619 of the European Parliament (Banking Directive Implementation and Bureaucracy Relief Act - BRUBEG).

The act introduces extensive amendments across the Kreditwesengesetz (KWG) and numerous connected financial sector regulations. It implements new EU requirements on supervisory powers, including expanded intervention rights, strengthened cooperation with EU authorities, and harmonised procedures for assessing acquisitions of qualifying holdings. It also introduces comprehensive rules for CRD third country branches, including risk based classification, governance, capital, liquidity, reporting, and system relevance assessments.

The act integrates environmental, social and governance (ESG) risks into prudential frameworks by introducing new obligations for risk management, strategic planning, stress testing and ESG risk plans (§§?26c–26d KWG). It strengthens requirements for corporate governance, including fit and proper assessments, notification duties for managers, internal control functions, documentation requirements, and expanded supervisory review processes.

In addition, BRUBEG modernises rules for refinancing registers, insolvency related Sachwalter functions, and reporting obligations. It revises capital and liquidity provisions (§§?10–11 KWG), reinforces rules on large exposures, introduces updated buffers, and refines the framework for global and domestic systemically important institutions. The law also expands supervisory inspection, information access, and search rights, including the ability to access premises and secure evidence in specific circumstances.

BRUBEG further aims to reduce bureaucracy, for example by streamlining notification processes, aligning terminology, removing outdated provisions, and enabling digital submission of supervisory filings. The act includes multiple consequential amendments across sectoral laws (e.g., Pfandbriefgesetz, Versicherungsaufsichtsgesetz, Wertpapierinstitutsgesetz). It enters into force mainly the day after promulgation, with certain sections subject to phased application.

SECONDARY MARKET/TRADING

BaFin publishes a general decree on revocation of Post-Trade Transparency Rules (June 2023)

BACKGROUND

On 27 February 2026, BaFin published a general administrative decision partially revoking its 15 June 2023 decision concerning post-trade transparency deferrals for OTC transactions in non-equity instruments. The measure relates to Article 21(4) of Regulation (EU) No 600/2014 (MiFIR) and the deferral framework previously established under Delegated Regulation (EU) 2017/583 (RTS 2).

The original 2023 BaFin decision allowed investment firms executing transactions on own account or on behalf of clients in certain non-equity instruments to publish post-trade information with a delay (“deferrals”), where specific conditions under MiFIR and RTS 2 were met.

The new decision reflects regulatory changes introduced through the MiFIR Review under Regulation (EU) 2024/791 and the subsequent amendment of RTS 2 through Delegated Regulation (EU) 2025/1246. These reforms introduced revised and harmonised EU rules governing deferrals for post-trade transparency in non-equity instruments. The BaFin decision therefore addresses the interaction between the previous national authorisation for deferrals and the new EU-level framework.

WHAT'S NEW?

BaFin partially revokes its 15 June 2023 general decision with effect from 2 March 2026, but only for bonds, structured finance products and emission allowances. The 2023 decision remains in force for derivatives.

BaFin explains that the legal basis previously contained in Article 11(1) MiFIR for national authorities to grant deferrals for non-equity instruments has been removed following the MiFIR Review. For bonds, structured finance products and emission allowances, the revised RTS 2 now lays down a harmonised deferral regime in Article 8a and Annex III, applicable from 2 March 2026.

The decision states in particular that:

from 2 March 2026, the 2023 BaFin general decision would no longer be consistent with directly applicable EU law for bonds, structured finance products and emission allowances;
the partial revocation is intended to ensure an EU-wide uniform level of transparency and restore a Union-law-compliant situation;
for derivatives, the previous regime continues to apply because RTS 2 has not yet been revised for those instruments.

BaFin also states that the transitional continuation of the national deferral regime until 2 March 2026 was considered necessary to ensure a smooth transition, taking into account ESMA’s statement of 27 March 2024.

WHAT'S NEXT?

The partial revocation takes effect on 2 March 2026 for bonds, structured finance products and emission allowances. From that date, the revised RTS 2 deferral regime applies to those instruments.

The 2023 BaFin general decision continues to apply to derivatives until RTS 2 is revised in that area. The new general decision is deemed notified on the day following its public announcement.

According to the notice, an objection may be lodged with BaFin within one month after notification.

BaFin publishes a general decree on the partial revocation of the general decree of 15 June 2023 on post-trade transparency requirements for trading venues with regard to bonds, structured financial products, emission allowances and derivatives

BACKGROUND

On 27 February 2026, BaFin published a general administrative decision partially revoking its 15 June 2023 decision concerning post-trade transparency requirements for trading venues in relation to bonds, structured finance products, emission allowances and derivatives. The measure relates to the post-trade transparency framework under Article 11 of Regulation (EU) No 600/2014 (MiFIR) and the deferral regime previously set out in Delegated Regulation (EU) 2017/583 (RTS 2).

The original 2023 BaFin decision allowed market operators and investment firms operating trading venues to publish post-trade transaction details with a delay (“deferrals”) where the conditions laid down in MiFIR and RTS 2 were met.

The new decision reflects regulatory changes introduced through the MiFIR Review under Regulation (EU) 2024/791 and the revision of RTS 2 through Delegated Regulation (EU) 2025/1246, which introduced a harmonised EU framework governing deferrals for certain non-equity instruments. The BaFin measure addresses the interaction between the national deferral regime granted in 2023 and the updated EU-level regulatory framework.

WHAT'S NEW?

BaFin partially revokes the 15 June 2023 general decision with effect from 2 March 2026, but only for specific non-equity instruments traded on trading venues.

The revocation applies to:

bonds,
structured finance products, and
emission allowances.

For those instruments, the revised deferral regime introduced under Delegated Regulation (EU) 2025/1246, which amended RTS 2, will apply from 2 March 2026. As a result, the national authorisation previously granted by BaFin allowing delayed publication of transaction details for those instruments will no longer apply.

BaFin states that the partial revocation is intended to ensure alignment with the revised MiFIR transparency framework and to maintain an EU-wide harmonised level of post-trade transparency.

The decision does not revoke the 2023 general decision for derivatives. For derivatives, the existing deferral regime remains applicable because RTS 2 has not yet been revised for those instruments. BaFin indicates that the current framework therefore continues to apply until further amendments are adopted at EU level.

WHAT'S NEXT?

The partial revocation takes effect on 2 March 2026, from which date the revised RTS 2 deferral regime applies to bonds, structured finance products and emission allowances traded on trading venues.

The BaFin general decision of 15 June 2023 continues to apply for derivatives until the RTS 2 framework is updated for those instruments.

The decision is deemed notified on the day following its public announcement, and an objection may be submitted to BaFin within one month after notification.

BaFin publishes a notice on general rulings on post-trade transparency for non-equity instruments partially revoked

On 27 February 2026, BaFin published a notice on general rulings on post-trade transparency for non-equity instruments partially revoked , which announces the partial revocation of its general rulings on post-trade transparency for trading venues and over-the-counter (OTC) trading.

The publication states that the partial revocations for trading venues and OTC trading apply from 2 March 2026. The measure concerns post-trade transparency requirements for non-equity instruments executed on trading venues and via direct bilateral OTC trading without a central exchange.

According to BaFin, the background to the revocation is the application, as of 2 March 2026, of amended European legal requirements under Commission Delegated Regulation (EU) 2017/583. As a result of the amendment, the rules governing the deferral of post-trade transparency obligations for bonds, structured finance products and emission allowances will in future derive directly from the EU delegated regulation. Consequently, the corresponding provisions in BaFin’s general rulings are revoked to the extent they overlap with or are superseded by the directly applicable EU framework.

With regard to derivatives, the publication clarifies that the previous requirements will continue to apply in line with the transitional provisions of European law until the delegated regulation has also been amended for derivatives. Reference is made to an ESMA statement concerning this transitional approach.

The notice further indicates that BaFin had previously initiated a hearing procedure on the intended partial revocation for trading venues and OTC trading prior to adopting the measure.

SUPERVISION

BGBL publishes Act on the Promotion of Private Investments and the Financial Location (Economic Development Act — StoFöG)

On 9 February 2026, the BGBL published Act on the Promotion of Private Investments and the Financial Location (Economic Development Act — StoFöG).

The act spans 64 articles and updates core laws including the Commercial Code, Securities Trading Act (WpHG), Stock Exchange Act (BörsG), Securities Prospectus Act, Banking Act (KWG), Insurance Supervision Act, Investment Code, REIT Act, Anti Money Laundering Act, and others.

A central objective is the integration of the EU’s European Single Access Point (ESAP) via mandatory electronic reporting channels, data extractable formats, and metadata standards. Multiple laws designate national authorities—primarily BaFin and the Unternehmensregister—as “collection points” responsible for forwarding regulatory disclosures to ESMA. The act also introduces new transparency rules, including detailed disclosure obligations for issuers with multiple voting share structures, applicable to both regulated markets and SME growth markets.

The law modernises market structure rules, revising definitions for systematic internalisation, enhancing position management controls, updating trading transparency, and adjusting minimum free float requirements for listings. It further establishes new conduct, labelling, and quality standards for issuer sponsored research, requiring compliance with an EU behavioural code and enabling BaFin to suspend distribution.

The act substantially expands fitness and probity, competence, and reliability requirements for staff in advisory, portfolio management, distribution, and compliance roles, requiring annual reassessment and detailed qualification evidence. Administrative sanctioning frameworks are strengthened across sectors, with fines up to €15 million, 15% of turnover, or triple the gains avoided, depending on entity size and breach severity.

The act contains numerous targeted amendments across capital markets, prudential, tax, investment fund, and corporate law frameworks. It includes transition rules for specific regimes, with most provisions effective upon publication and selected obligations phased in through 2030.

IRELAND

ALTERNATIVE PRODUCTS

CBI publishes updated AIFMD II authorisation process and streamlined filing process for UCITS and AIF documentation

On 27 February 2026, the CBI published updates to its post-authorisation framework for AIFMs and clarified the filing process for documentation updates arising from the transposition of AIFMD II and related amendments to the AIF Rulebook and UCITS Regulations.

1. Updated authorisation process for AIFMs managing loan-originating AIFs:

The CBI has implemented a proportionate approach to extensions of authorisation for AIFMs currently managing loan-originating AIFs. The streamlined process applies to firms seeking to regularise or extend their permissions in light of AIFMD II.

Where an AIFM intends to extend its authorisation to provide additional functions or services permitted under AIFMD II, it must engage directly with the CBI’s authorisations team.

The publication also reiterates key ongoing post-authorisation obligations, including notification of changes to directors (subject to Fitness & Probity), prior approval for changes in qualifying holdings, approval of company name changes, notification of address changes, and requirements relating to capital contributions and subordinated loans. The Joint ESA Guidelines on the prudential assessment of acquisitions and increases of qualifying holdings continue to apply.

2. Finalised streamlined filing process for updates to UCITS and AIF documentation:

To support orderly implementation of AIFMD II, the CBI has finalised a streamlined filing process for existing UCITS and AIFs seeking to update prospectuses, supplements and constitutional documents.

The process opened on 2 March 2026 and remains open with no fixed closing date (advance notice will be provided before closure). Submissions must include final dated documents and an attestation from the Manager confirming that the amendments do not constitute a change to the investment objective, policy or strategy.

Changes to investment objective, policy or strategy must follow the standard post-authorisation process via the Portal. SFDR reclassifications are expressly excluded from the streamlined route. The CBI will conduct sample reviews at a later stage and may require further amendments notwithstanding automated noting.

New fund or sub-fund applications remain subject to the standard authorisation review process.

CONSUMER PROTECTION

Ireland publishes Credit Review Act 2026

On 3 February 2026, the Irish Statute Book published the Credit Review Act 2026, which establishes a statutory body known as An tSeirbhís um Athbhreithniú Creidmheasa (the “Service”) and provides for the review of certain credit decisions and lending practices.

The Act is structured into five Parts.

Part 1 sets out preliminary provisions, including interpretation, prescribed minimum and maximum amounts, regulation-making powers, service of notices, repeal and revocations, and expenses.
Part 2 provides for the establishment of the Service and the office of the Credit Reviewer. It defines the Service’s functions and those of the Credit Reviewer (as chief executive officer), and sets out governance arrangements, including appointment, ineligibility, disqualification, staffing, superannuation, engagement of consultants, accounts and audit, accountability to the Committee of Public Accounts and other Oireachtas committees, reporting to the Minister, strategy statements, liability provisions, and restrictions on unauthorised disclosure of confidential information.
Part 3 establishes the framework for the review of credit decisions and lending practices. It defines relevant terms, provides for applications for review of credit decisions, circumstances in which a review may be declined, prescribed fees, a credit review levy, and the review of lending practices, activities and policies of relevant persons.
Part 4 sets out transitional provisions, including the transfer of rights and liabilities, records, preservation of contracts, and liability for losses occurring before the establishment day.
Part 5 introduces consequential amendments to other enactments, including amendments to the Taxes Consolidation Act 1997 and the Financial Services and Pensions Ombudsman Act 2017, and repeals section 210 of the National Asset Management Agency Act 2009 together with related guidelines.

The Act provides that its provisions commence by Ministerial order, with an “establishment day” to be appointed for the Service.

EUROPEAN SINGLE ACCESS POINT (ESAP)

Ireland publishes European Union (European Single Access Point) Regulation 2026 (S.I. Nos. 32, 33 and 34 of 2026)

On 13 February 2026, the Houses of the Oireachtas published three statutory instruments (S.I. Nos. 32, 33 and 34 of 2026) which implement Regulation (EU) 2023/2859 establishing the European Single Access Point (ESAP) and related amending Regulation (EU) 2023/2869 into Irish law.

The instruments collectively designate national “collection bodies” responsible for submitting regulated financial, sustainability and corporate information to ESAP in accordance with EU requirements. They amend a broad range of Irish legislation , including the Central Bank Act 1942, Companies Act 2014, Pensions Act 1990, Asset Covered Securities Act 2001 and other sectoral financial services enactments , to integrate ESAP reporting obligations and definitions into domestic law.

The Regulations specify that information required under relevant EU financial services legislation must be submitted in prescribed formats, including machine-readable formats and associated metadata where mandated under EU law. They introduce amendments to ensure that supervisory authorities and reporting entities comply with ESAP technical and procedural requirements.

The measures provide for phased application dates, including certain provisions applying from January 2030, in line with the EU framework timeline. They also clarify the responsibilities of competent authorities in transmitting regulated information to ESAP and align existing reporting regimes with EU data accessibility standards.

The instruments were laid before the Oireachtas and are published on the Irish Statute Book as part of Ireland’s formal transposition and implementation of the ESAP legislative package.

SUPERVISION

Central Bank of Ireland publishes its Regulatory & Supervisory Priorities 2026

On 26 February 2026, Central Bank of Ireland published its Regulatory & Supervisory Outlook 2026, which sets out the Bank’s latest risk assessment for the Irish financial sector and the supervisory actions it will prioritise in response to evolving external conditions. The publication is the third annual Outlook and reflects a backdrop of geoeconomic fragmentation, rapid technological change and structural transitions within the financial system.

The Bank judges operational risks, particularly cyber and other technology?linked exposures, to be very high, driven by increasing digitalisation and complex operating models. Asset valuation and market risks have also risen relative to the prior year, while inflation and interest rate risks have lessened due to shifts in the macroeconomic environment and industry preparedness.

The Outlook outlines a set of supervisory priorities designed to address the identified risks and support the Bank’s safeguarding outcomes (consumer and investor protection; safety and soundness; integrity; and financial stability). These include maintaining and building resilience to geopolitical and macro?financial uncertainties, securing consumer and investor interests in a rapidly changing world, and responding to technology?driven change with significant emphasis on operational resilience and how firms manage risks associated with data, models and AI.

The Bank also highlights the need to enhance efficiency and effectiveness in its own regulatory and supervisory approach, including embedding its integrated supervisory model and improving gatekeeping and reporting processes. The publication underscores that while technological and external shifts provide opportunities, they also expose vulnerabilities that require proactive supervisory responses.

ITALY

PRIMARY MARKET

On 24 February 2026, the Borsa Italiana published notice no. 9368 on amendments to the Market Regulations and related Instructions.

The publication introduces revisions across several areas:

ETFPlus Market: The admission documentation for ETC/ETN issuers is simplified. The requirement to provide financial statements for the last two years is removed for newly incorporated issuers. Admission remains subject to the absence of negative or disclaimed audit opinions. The changes align admission requirements with Euronext Group practices and refer extensively to Notice 6 04 for documentation harmonisation.
MOT Market (Bonds and Debt Instruments): Clarifications are made regarding the eligibility of “notes” as a subcategory of other debt securities. Requirements for structured bonds are amended, including removal of mandatory redemption at no less than nominal value. Procedures for early repayment of convertible bonds are explicitly regulated, introducing a rule for delisting two days before scheduled early repayment when no final conversion deadline exists.
Legal Entity Identifier (LEI): Issuers must maintain a valid and continuously updated LEI for the entire period of listing. This strengthens operational discipline and aligns rules with Euronext legacy markets.
Static and Dynamic Price Definitions: Amendments clarify Borsa Italiana’s authority to establish price collars and reference price criteria in the Guide to Parameters, with flexibility to adjust intraday to ensure orderly trading. This aligns cash markets with the derivatives market framework.
Membership Requirements: Requirements for non supervised operators are simplified, focusing on reputation, organisational adequacy, and trading expertise. The concept of “extension of membership” is introduced for firms already participating in Euronext markets, reducing duplicative documentation.
ABS Admission Forms: Application models are updated to allow eligibility opinions for ABS programmes and permit admission of unrated ABS to the Professional Segment of MOT.

This Amendments enters into force on 3 March 2026.

JERSEY

ANTI-MONEY LAUNDERING / COMBATING TERRORISM FINANCING / COMBATTING PROLIFERATION FINANCING (AML/CFT/CPF)

JFSC updates its AML/CFT/CPF Handbook

On 16 February 2026, the JFSC updated its AML/CFT/CPF Handbook.

The document specifies that no countries or territories were added to or removed from the main list, and no changes were made to Source 1 (neither additions nor removals).

The update introduces two new jurisdictions—Kuwait and Papua New Guinea to Source 2. No jurisdictions were removed from Source 2 as part of this amendment.

No other sections, sources, or underlying criteria were changed on this date. The amendment exclusively documents the status of country listings as of the publication date and does not introduce new compliance obligations, methodologies, definitions, or timelines. It does not provide rationale or contextual assessment, nor does it modify implementation requirements. Instead, the publication functions as a point in time register update reflecting changes to external risk classifications.

For compliance and risk functions, this update’s scope is therefore limited to monitoring and recording the updated Source 2 composition. Institutions relying on Appendix D2 for geographic risk classification, sanctions screening, due diligence scoping, or similar frameworks must ensure that Kuwait and Papua New Guinea are treated in line with their internal mapping of Source 2’s risk implications. No other operational, procedural, or reporting requirements arise directly from this amendment.

LUXEMBOURG

ALTERNATIVE PRODUCTS

Chambre des députés publishes the first constitutional vote on draft law 8628 on the transposition of AIFMD 2 / La Chambre des députés publie le premier vote constitutionnel sur le projet de loi 8628 relatif à la transposition d'AIFMD 2

On 12 February 2026, Chambre des députés published the first constitutional vote on draft law 8628 on the transposition of AIFMD 2. The result of the vote is 58 votes for and 2 votes against.

On 3 October 2025, Chambre des députés published draft law modifying the Law of 17 December 2010 on undertakings for collective investment and the Law of 12 July 2013 on alternative investment fund managers, which transposes Directive (EU) 2024/927 (AIFMD 2) amending the AIFMD and UCITS frameworks with regard to delegation, liquidity risk management, supervisory reporting, depositary services and loan-origination by alternative investment funds (AIFs).

The draft law aims to implement the EU harmonisation introduced under the Capital Markets Union agenda, aligning where appropriate the legal regimes governing AIF managers and UCITS management companies while reinforcing investor protection across the Union. A key feature is the explicit recognition of the right of AIFs to grant loans, accompanied by harmonised rules intended to facilitate a functioning internal market for loan-originating funds. The text highlights the potential benefit for Luxembourg’s established private debt fund market, enabling managers to structure lending strategies within a common EU framework.

At national level, and for consumer protection reasons, the bill introduces a specific prohibition preventing AIFs from granting loans to consumers in Luxembourg. The directive’s changes also expand the list of services that AIFMs and UCITS management companies may provide and clarify the conditions under which services may be supplied to third parties, seeking to improve operational efficiency.

The proposal recognises delegation as an essential operational tool, while strengthening oversight arrangements. It introduces measures enhancing liquidity risk management in line with the European Systemic Risk Board’s recommendations, aimed at improving resilience during market stress and protecting investors. Additional provisions concern the possibility for AIFs in Member States with limited depositary competition to appoint depositaries established in another Member State.

Further amendments strengthen supervisory data reporting to improve risk detection and monitoring of potential systemic spillovers. The proposal also clarifies substance requirements for funds and managers, including minimum resource thresholds, while noting that similar expectations already exist in Luxembourg practice. Finally, the text includes targeted amendments relating to cooperation between competent authorities and third-country requirements under the AIFMD framework.

Version française

Le 12 février 2026, la Chambre des députés a publié le premier vote constitutionnel sur le projet de loi 8628 relatif à la transposition de la directive AIFMD 2. Le résultat du vote est de 58 voix pour et 2 voix contre.

Le 3 octobre 2025, la Chambre des députés a publié un projet de loi modifiant la loi du 17 décembre 2010 sur les organismes de placement collectif et la loi du 12 juillet 2013 sur les gestionnaires de fonds d'investissement alternatifs, qui transpose la directive (UE) 2024/927 (AIFMD 2) modifiant les cadres AIFMD et OPCVM en ce qui concerne la délégation, la gestion du risque de liquidité, les rapports prudentiels, les services de dépositaire et l'octroi de prêts par les fonds d'investissement alternatifs (FIA).

Le projet de loi vise à mettre en œuvre l'harmonisation européenne introduite dans le cadre du programme de l'Union des marchés de capitaux, en alignant, le cas échéant, les régimes juridiques régissant les gestionnaires de FIA et les sociétés de gestion d'OPCVM, tout en renforçant la protection des investisseurs dans l'ensemble de l'Union. L'une des principales caractéristiques est la reconnaissance explicite du droit des FIA à octroyer des prêts, accompagnée de règles harmonisées visant à faciliter le fonctionnement du marché intérieur des fonds octroyant des prêts. Le texte souligne les avantages potentiels pour le marché luxembourgeois des fonds de dette privée, en permettant aux gestionnaires de structurer leurs stratégies de prêt dans un cadre européen commun.

Au niveau national, et pour des raisons de protection des consommateurs, le projet de loi introduit une interdiction spécifique empêchant les FIA d'accorder des prêts aux consommateurs au Luxembourg. Les modifications apportées à la directive élargissent également la liste des services que les gestionnaires de FIA et les sociétés de gestion d'OPCVM peuvent fournir et clarifient les conditions dans lesquelles ces services peuvent être fournis à des tiers, dans le but d'améliorer l'efficacité opérationnelle.

La proposition reconnaît la délégation comme un outil opérationnel essentiel, tout en renforçant les dispositifs de surveillance. Elle introduit des mesures visant à améliorer la gestion du risque de liquidité, conformément aux recommandations du Comité européen du risque systémique, dans le but d'améliorer la résilience en période de tension sur les marchés et de protéger les investisseurs. Des dispositions supplémentaires concernent la possibilité pour les FIA des États membres où la concurrence entre dépositaires est limitée de désigner des dépositaires établis dans un autre État membre.

D'autres modifications renforcent la communication des données prudentielles afin d'améliorer la détection des risques et la surveillance des répercussions systémiques potentielles. La proposition clarifie également les exigences de fond applicables aux fonds et aux gestionnaires, y compris les seuils minimaux de ressources, tout en notant que des attentes similaires existent déjà dans la pratique luxembourgeoise. Enfin, le texte comprend des modifications ciblées concernant la coopération entre les autorités compétentes et les exigences applicables aux pays tiers dans le cadre de la directive AIFMD.

ANTI-MONEY LAUNDERING / COMBATING TERRORISM FINANCING / COMBATTING PROLIFERATION FINANCING (AML/CFT/CPF)

ChD publishes draft transposing the Asset Recovery and Confiscation Directive / ChD publie un projet de loi transposant la directive sur le recouvrement et la confiscation des avoirs

On 2 February 2026, the Chambre des députés published a draft law (Dossier 8698) which transposes EU Directive 2024/1260 on the recovery and confiscation of criminal assets into national law.

The draft law proposes comprehensive amendments to multiple national legal texts—including the Penal Code, the Code of Criminal Procedure, and existing asset recovery legislation—to align Luxembourg law with the directive’s requirements. It targets the legal framework governing the detection, identification, freezing, confiscation, and management of proceeds of crime in criminal proceedings.

The directive being transposed establishes minimum standards across the EU for effective asset recovery in criminal justice, expanding the scope of application to all crimes listed under Article 83(1) of the Treaty on the Functioning of the European Union and other harmonised offences, including serious organised crime. Under the directive, Member States must also adopt national strategies for asset recovery and strengthen the operational capacities of national asset recovery offices.

Key elements transposed include:

Extended scope of confiscation (including unexplained wealth and assets linked to serious crime).
Mandatory rapid screening and identification of assets potentially subject to freezing or confiscation.
Enhanced powers and access to information for asset recovery bodies, with safeguards for judicial oversight and data protection.
Governance changes, such as merging asset recovery and asset management bodies to improve operational efficacy.

The draft law also proposes procedural changes to ensure that confiscated assets can be efficiently managed, including provisions on costs allocation and administration of confiscated property. The directive requires transposition into national law by 23 November 2026, establishing that this bill is designed to meet that timeline.

Version française

Le 2 février 2026, la Chambre des députés a publié le projet de loi (Dossier 8698) transposant la directive UE 2024/1260 relative au recouvrement et à la confiscation des avoirs criminels en droit national.

Le projet de loi propose des modifications complètes de plusieurs textes législatifs nationaux — notamment le Code pénal, le Code de procédure pénale et la législation existante en matière de recouvrement d'avoirs — afin d'aligner le droit luxembourgeois sur les exigences de la directive. Il cible le cadre juridique régissant la détection, l'identification, le gel, la confiscation et la gestion des produits du crime dans les procédures pénales.

La directive transposée établit des normes minimales à l'échelle de l'UE pour un recouvrement efficace des avoirs dans la justice pénale, étendant le champ d'application à toutes les infractions listées à l'article 83, paragraphe 1, du Traité sur le fonctionnement de l'Union européenne ainsi qu'à d'autres infractions harmonisées, dont la criminalité organisée grave. En vertu de la directive, les États membres doivent également adopter des stratégies nationales de recouvrement des avoirs et renforcer les capacités opérationnelles des bureaux nationaux de recouvrement des avoirs.

Les éléments clés transposés comprennent :

Un périmètre élargi de la confiscation (incluant l'enrichissement inexpliqué et les avoirs liés à la criminalité grave).
Un dépistage et une identification rapides obligatoires des avoirs susceptibles d'être gelés ou confisqués.
Des pouvoirs renforcés et un meilleur accès à l'information pour les organes de recouvrement des avoirs, avec des garanties en matière de contrôle judiciaire et de protection des données.
Des modifications de gouvernance, notamment la fusion des organes de recouvrement et de gestion des avoirs pour améliorer l'efficacité opérationnelle.

Le projet de loi propose également des modifications procédurales pour garantir une gestion efficace des avoirs confisqués, notamment des dispositions sur la répartition des coûts et l'administration des biens confisqués. La directive requiert une transposition en droit national avant le 23 novembre 2026, délai que ce projet de loi est conçu à respecter.

CRF publishes goAML indicators part 1 / Le CRF publie les indicateurs goAML partie 1

On 26 February 2026, CRF published goAML handbook indicators part 1. The handbook frames the indicators as a collaboration tool between reporting entities and the Financial Intelligence Unit (FIU), intended to address increasing financial crime complexity and to improve the clarity, precision, and consistency of suspicion reporting. It explains that indicators are organised into categories (e.g., transaction patterns, triggers, typologies, sectors, products, contextual factors). Reporting entities may select multiple indicators, including several from the same category. The handbook notes that in an initial phase, five categories are available, with remaining categories to be introduced later.

The document states that using indicators is not mandatory, but reporting entities are strongly encouraged to include them whenever they add meaningful context. It describes expected benefits for the FIU (improved readability, faster identification of red flags, better ability to detect typologies and trends, and more efficient prioritisation and processing of higher-risk cases) and for reporting entities (reduced uncertainty and more targeted, consistent articulation of suspicion).

Operationally, the handbook provides indicator definitions and selection guidance, including:

a “Reporting Mode” category (including “Reporting Light” for specific predefined scenarios);
a “Trigger of Suspicion” category listing common triggers (e.g., beneficial ownership issues, sanctions lists, high-risk country links, smurfing, transit accounts, use of forged documents, third-party involvement, use of virtual assets);
a “Suspected Predicate Offence” category with a selectable list (e.g., fraud, corruption, tax crime, sanctions evasion, terrorism/TF, proliferation financing);
a “Suspicious Amount” category with ranges and a rule to avoid double counting related in/out flows; and
a “Time Elapsed” category used in fraudulent-operation cases.

Illustrative case studies and an FAQ section are included to demonstrate practical application and address common implementation questions. The handbook includes a disclaimer that it is informational and does not replace legal or regulatory obligations, and states it is strictly confidential and intended for reporting entities and competent national authorities.

Version française

Le 26 février 2026, le CRF a publié la première partie du manuel des indicateurs goAML. Ce manuel présente les indicateurs comme un outil de collaboration entre les entités déclarantes et la cellule de renseignement financier (CRF), destiné à faire face à la complexité croissante de la criminalité financière et à améliorer la clarté, la précision et la cohérence des déclarations de soupçons. Il explique que les indicateurs sont classés par catégories (par exemple, modèles de transaction, déclencheurs, typologies, secteurs, produits, facteurs contextuels). Les entités déclarantes peuvent sélectionner plusieurs indicateurs, y compris plusieurs indicateurs de la même catégorie. Le manuel précise que, dans un premier temps, cinq catégories sont disponibles, les autres catégories devant être introduites ultérieurement.

une catégorie « Mode de déclaration » (incluant « Déclaration allégée » pour des scénarios prédéfinis spécifiques),
une catégorie « Éléments déclencheurs de suspicion » répertoriant les éléments déclencheurs courants (par exemple, problèmes liés à la propriété effective, listes de sanctions, liens avec des pays à haut risque, smurfing, comptes de transit, utilisation de documents falsifiés, implication de tiers, utilisation d'actifs virtuels),
une catégorie « Infraction présumée » avec une liste sélectionnable (par exemple, fraude, corruption, criminalité fiscale, évasion de sanctions, terrorisme/financement du terrorisme, financement de la prolifération),
une catégorie « Montant suspect » avec des fourchettes et une règle visant à éviter le double comptage des flux entrants/sortants, et
une catégorie « Temps écoulé » utilisée dans les cas d'opérations frauduleuses.

Des études de cas illustratives et une section FAQ sont incluses pour démontrer l'application pratique et répondre aux questions courantes relatives à la mise en œuvre. Le manuel comprend une clause de non-responsabilité précisant qu'il est fourni à titre informatif et ne remplace pas les obligations légales ou réglementaires, et indique qu'il est strictement confidentiel et destiné aux entités déclarantes et aux autorités nationales compétentes.

CRF publishes its 2024 annual report / Le CRF publie son rapport annuel 2024

On 26 26 February 2026, the CRF published the “Rapport annuel 2024”, which presents the CRF’s activity, priorities and statistics for 2024 relating to anti-money laundering and counter-terrorist financing (AML/CFT), including reporting trends, cooperation and operational measures.

The report states that a risk-based approach guides the CRF’s work and that, in 2024, the CRF continued efforts to identify, analyse and disseminate cases presenting the most significant ML/TF risks, including contributions to national and sectoral (“vertical”) risk assessments and information-sharing with professionals registered in goAML.

Operationally, the report indicates that the volume of suspicious reports remains high and describes actions to optimise information exchange with foreign counterparts, including increased use of standardised exchanges via FIU.net in line with EU processes referenced in the report. It highlights growing fraud-related reporting, enhanced cooperation with prosecutors and judicial police to trace and seek blocking of defrauded funds (often abroad), and continued increases in declarations linked to financial sanctions targeting, notably, Russia.

The report provides key statistics, including that 51,130 suspicious reports linked to money laundering, terrorist financing or associated predicate offences were received in 2024, described as a 15% increase versus 2023, and presents multi-year trend visuals. It notes that fraud remains the leading suspected predicate offence category, followed by “counterfeiting and piracy of products” and then “criminal tax offences.”

On terrorist financing, the report describes cooperation and notes six blocking orders amounting to approximately EUR 1.9 million in 2024 in TF matters. The report also includes sectoral breakdowns of suspicious reports (e.g., payment institutions, e-money institutions, online banks, virtual asset service providers, banks/credit institutions, insurance, investment sector, DNFBPs, other PFS).

Version française

Le 26 février 2026, le CRF a publié le « Rapport annuel 2024 », qui présente les activités, les priorités et les statistiques du CRF pour 2024 en matière de lutte contre le blanchiment d'argent et le financement du terrorisme (LBC/FT), y compris les tendances en matière de déclaration, la coopération et les mesures opérationnelles.

Le rapport indique que l'approche fondée sur les risques guide les travaux de la CRF et qu'en 2024, la CRF a poursuivi ses efforts pour identifier, analyser et diffuser les cas présentant les risques les plus importants en matière de BC/FT, notamment en contribuant aux évaluations des risques nationaux et sectoriels (« verticaux ») et en partageant des informations avec les professionnels enregistrés dans le système goAML.

Sur le plan opérationnel, le rapport indique que le volume des déclarations suspectes reste élevé et décrit les mesures prises pour optimiser l'échange d'informations avec les homologues étrangers, notamment le recours accru aux échanges standardisés via FIU.net, conformément aux processus de l'UE mentionnés dans le rapport. Il souligne l'augmentation des déclarations liées à la fraude, le renforcement de la coopération avec les procureurs et la police judiciaire pour retrouver et bloquer les fonds frauduleux (souvent à l'étranger), et l'augmentation continue des déclarations liées aux sanctions financières visant notamment la Russie.

Le rapport fournit des statistiques clés, notamment le fait que 51 130 déclarations suspectes liées au blanchiment d'argent, au financement du terrorisme ou à des infractions sous-jacentes associées ont été reçues en 2024, soit une augmentation de 15 % par rapport à 2023, et présente des graphiques illustrant les tendances sur plusieurs années. Il note que la fraude reste la principale catégorie d'infractions sous-jacentes suspectées, suivie par la « contrefaçon et le piratage de produits », puis par les « infractions fiscales pénales ».

En ce qui concerne le financement du terrorisme, le rapport décrit la coopération et fait état de six ordonnances de blocage pour un montant total d'environ 1,9 million d'euros en 2024 dans le domaine du financement du terrorisme. Le rapport comprend également une ventilation sectorielle des déclarations suspectes (par exemple, établissements de paiement, établissements de monnaie électronique, banques en ligne, prestataires de services d'actifs virtuels, banques/établissements de crédit, assurances, secteur de l'investissement, professions non financières désignées, autres prestataires de services financiers).

CSSF publishes a circular letter announcing the 2026 AML/CFT standardised data collection exercise / La CSSF publie une lettre circulaire annonçant l'exercice 2026 de collecte standardisée de données AML/CFT

BACKGROUND

On 12 February 2026, the CSSF published a circular letter on the AML/CFT standardised data collection exercise taking place in 2026. The circular is addressed to a wide range of Luxembourg supervised entities, including credit institutions, investment firms, investment fund managers (including registered AIFMs and Luxembourg branches of IFMs), payment institutions and electronic money institutions, virtual asset service providers, crypto-asset service providers, specialised professionals of the financial sector, and central securities depositories, as well as Luxembourg branches of such entities.

The CSSF announced that for 2026 it will replace its usual annual Questionnaire on Financial Crime with the data collection templates developed by the European Authority for Anti-Money Laundering and Countering the Financing of Terrorism (AMLA), in cooperation with EU national competent authorities, for most supervised entities.

This decision follows the launch of a major AMLA data collection exercise covering a large number of EU financial institutions. According to the CSSF, requesting entities to complete both the AMLA questionnaire and the usual CSSF questionnaire would create duplication and reduce representativeness. The new approach therefore aims to simplify reporting, reduce burden, and support the development of a common EU AML/CFT supervisory methodology.

WHAT'S NEW?

The 2026 AML/CFT data collection framework changes significantly. Instead of a single CSSF questionnaire applicable to all entities, the circular introduces three categories of supervised entities depending on their participation in the AMLA exercise:

A. Supervised entities selected for the AMLA “calibration exercise”
Certain entities have been selected by the CSSF to participate in the AMLA 2026 AML/CFT Risk Assessment and Selection Methodology Calibration Exercise. Participation is mandatory for these entities. They must report a defined set of quantitative and qualitative data points used to calibrate the EU methodology for assessing the ML/TF risk profile of credit and financial institutions. The relevant data points are derived from draft AMLA regulatory technical standards on risk assessment and on the selection of institutions for direct AMLA supervision.

B. All other supervised entities (except specialised professionals of the financial sector)
Institutions that were not selected for the AMLA calibration exercise will nevertheless be required to complete the AMLA-based questionnaire for the CSSF’s 2026 AML/CFT data collection. These entities will report information regarding their 2025 ML/TF risks and mitigation measures using the AMLA-developed templates instead of the usual CSSF Financial Crime Questionnaire.

C. Specialised professionals of the financial sector
These entities are outside the scope of the AMLA data collection exercise. As a result, they will continue to complete the standard CSSF questionnaire used in previous years. This questionnaire collects key information on ML/TF risk exposure, risk mitigation measures, and targeted financial sanctions implementation.

The CSSF also indicates that it may launch an additional ad-hoc questionnaire later in the year to collect specific data not covered by the AMLA templates, including information required for FATF reporting.

WHAT'S NEXT?

The circular sets out the operational timeline for each category of entities.

A. AMLA calibration exercise participants

Data collection will launch on 2 March 2026 via the CSSF eDesk platform.
Submissions must be made by 15 April 2026.
AMLA will provide the final templates and interpretative guidance shortly.

B. Other supervised entities (except specialised professionals of the financial sector)

The AMLA-based questionnaire will also launch on 2 March 2026 via eDesk.
The CSSF will communicate further modalities and reporting deadlines at a later stage.

C. Specialised professionals of the financial sector

The usual CSSF AML/CFT questionnaire will launch on 23 February 2026.
Responses must be submitted through eDesk by 3 April 2026 at the latest.

Version française

BACKGROUND

Le 12 février 2026, la CSSF a publié une circulaire relative à l'exercice de collecte de données standardisées en matière de lutte contre le blanchiment d'argent et le financement du terrorisme (AML/CFT) qui aura lieu en 2026. Cette circulaire s'adresse à un large éventail d'entités supervisées au Luxembourg, notamment les établissements de crédit, les entreprises d'investissement, les gestionnaires de fonds d'investissement (y compris les gestionnaires de fonds d'investissement alternatifs enregistrés et les succursales luxembourgeoises d'IFM), les établissements de paiement et les établissements de monnaie électronique, les prestataires de services d'actifs virtuels, les prestataires de services de crypto-actifs, les professionnels spécialisés du secteur financier et les dépositaires centraux de titres, ainsi que les succursales luxembourgeoises de ces entités.

La CSSF a annoncé qu'en 2026, elle remplacera son questionnaire annuel habituel sur la criminalité financière par les modèles de collecte de données élaborés par l'Autorité européenne de lutte contre le blanchiment de capitaux et le financement du terrorisme (AMLA), en coopération avec les autorités nationales compétentes de l'UE, pour la plupart des entités surveillées.

Cette décision fait suite au lancement d'un vaste exercice de collecte de données de l'AMLA couvrant un grand nombre d'établissements financiers de l'UE. Selon la CSSF, demander aux entités de remplir à la fois le questionnaire de l'AMLA et le questionnaire habituel de la CSSF créerait une duplication et réduirait la représentativité. La nouvelle approche vise donc à simplifier les déclarations, à réduire la charge administrative et à soutenir le développement d'une méthodologie commune de surveillance AML/CFT au niveau de l'UE.

WHAT'S NEW?

Le cadre de collecte des données AML/CFT 2026 subit des changements importants. Au lieu d'un questionnaire CSSF unique applicable à toutes les entités, la circulaire introduit trois catégories d'entités supervisées en fonction de leur participation à l'exercice AMLA :

A. Entités supervisées sélectionnées pour l'« exercice d'étalonnage » AMLA
Certaines entités ont été sélectionnées par la CSSF pour participer à l'exercice d'étalonnage de la méthodologie d'évaluation et de sélection des risques AML/CFT de l'AMLA 2026. La participation est obligatoire pour ces entités. Elles doivent communiquer un ensemble défini de données quantitatives et qualitatives utilisées pour étalonner la méthodologie de l'UE d'évaluation du profil de risque ML/TF des établissements de crédit et des institutions financières. Les données pertinentes sont tirées du projet de normes techniques réglementaires de l'AMLA sur l'évaluation des risques et la sélection des établissements soumis à la surveillance directe de l'AMLA.

B. Toutes les autres entités supervisées (à l'exception des professionnels spécialisés du secteur financier)
Les établissements qui n'ont pas été sélectionnés pour l'exercice d'étalonnage de l'AMLA devront néanmoins remplir le questionnaire basé sur l'AMLA pour la collecte de données AML/CFT 2026 de la CSSF. Ces entités communiqueront des informations sur leurs risques ML/FT et leurs mesures d'atténuation pour 2025 à l'aide des modèles élaborés par l'AMLA, au lieu du questionnaire habituel de la CSSF sur la criminalité financière.

C. Professionnels spécialisés du secteur financier
Ces entités ne sont pas concernées par la collecte de données AMLA. Elles continueront donc à remplir le questionnaire standard de la CSSF utilisé les années précédentes. Ce questionnaire recueille des informations clés sur l'exposition au risque de BC/FT, les mesures d'atténuation des risques et la mise en œuvre de sanctions financières ciblées.

La CSSF indique également qu'elle pourrait lancer un questionnaire ad hoc supplémentaire dans le courant de l'année afin de collecter des données spécifiques non couvertes par les modèles LBA, notamment les informations requises pour les rapports du GAFI.

WHAT'S NEXT?

La circulaire définit le calendrier opérationnel pour chaque catégorie d'entités.

A. Participants à l'exercice d'étalonnage AMLA

La collecte des données débutera le 2 mars 2026 via la plateforme eDesk de la CSSF.
Les soumissions doivent être effectuées avant le 15 avril 2026.
L'AMLA fournira prochainement les modèles définitifs et les directives d'interprétation.

B. Autres entités supervisées (à l'exception des professionnels spécialisés du secteur financier)

Le questionnaire basé sur l'AMLA sera également lancé le 2 mars 2026 via eDesk.
La CSSF communiquera ultérieurement les modalités et les délais de déclaration.

C. Professionnels spécialisés du secteur financier

Le questionnaire habituel de la CSSF en matière de LBC/FT sera lancé le 23 février 2026.
Les réponses doivent être soumises via eDesk au plus tard le 3 avril 2026.

CSSF publishes an annex of Circular 22/822 concerning high-risk jurisdictions and jurisdictions under increased monitoring / La CSSF publie une annexe de la Circulaire 22/822 concernant les juridictions à haut risque et sous surveillance renforcée

BACKGROUND

On 17 February 2026, the CSSF updated the Annex to Circular 22/822, aligning Luxembourg’s AML/CFT requirements with the latest Financial Action Task Force (FATF) lists of high-risk jurisdictions and jurisdictions under increased monitoring.

The annex reflects the FATF’s most recent statements and specifies the risk-mitigation measures that professionals supervised by the CSSF must apply when dealing with these jurisdictions. The update forms part of Luxembourg’s framework to ensure that financial institutions integrate FATF geopolitical risk assessments into their AML/CFT controls, including measures related to money laundering (ML), terrorist financing (TF), and proliferation financing (PF).

The annex distinguishes between:

High-risk jurisdictions, where enhanced due diligence and potentially counter-measures must be applied; and
Jurisdictions under increased monitoring (commonly referred to as the FATF “grey list”), where institutions must account for identified deficiencies within their risk management frameworks.

WHAT'S NEW?

The updated annex clarifies the risk classification and supervisory expectations for several jurisdictions.

Democratic People’s Republic of Korea (DPRK)
The FATF maintains its call for counter-measures due to serious and persistent deficiencies in the country’s AML/CFT regime and the risks linked to weapons of mass destruction proliferation financing. Jurisdictions are expected to terminate correspondent banking relationships with DPRK banks, close subsidiaries or representative offices where applicable, and restrict business relationships and financial transactions with DPRK persons.

Iran
Iran remains subject to FATF counter-measures because its AML/CFT action plan remains incomplete. Jurisdictions are urged to apply measures such as limiting business relationships and financial transactions, restricting the establishment of branches or subsidiaries by Iranian financial institutions or virtual asset service providers, and reviewing correspondent banking relationships. While applying these measures, jurisdictions should ensure that legitimate humanitarian flows—such as food, health supplies, diplomatic costs, and personal remittances—are handled on a risk-based basis.

Myanmar
Myanmar continues to be subject to enhanced due diligence requirements following insufficient progress in addressing the deficiencies identified in its FATF action plan. Jurisdictions must apply enhanced due diligence measures proportionate to the risks while ensuring that humanitarian assistance, legitimate non-profit activities, and remittances are not disrupted. The FATF indicates that counter-measures may be considered if no further progress is made by June 2026.

Jurisdictions under increased monitoring
The annex also lists jurisdictions that remain under FATF monitoring due to strategic AML/CFT deficiencies but are working with the FATF to address them. These include Algeria, Angola, Bolivia, British Virgin Islands, Bulgaria, Cameroon, Côte d’Ivoire, Democratic Republic of Congo, Haiti, Kenya, Kuwait, Lao PDR, Lebanon, Monaco, Namibia, Nepal, Papua New Guinea, South Sudan, Syria, Venezuela, Vietnam, and Yemen.

WHAT'S NEXT?

The annex specifies the AML/CFT measures expected from CSSF-supervised professionals when dealing with the jurisdictions concerned.

For Iran and DPRK, professionals must apply enhanced due diligence and monitoring measures, strengthen transaction monitoring, and ensure that business relationships cannot be used to bypass or evade AML/CFT counter-measures. Correspondent banking relationships with institutions from these jurisdictions must be reported to the CSSF.
For Myanmar, professionals must give special attention to transactions and business relationships involving entities from the jurisdiction and maintain enhanced mechanisms for reporting suspicious activities to the Financial Intelligence Unit (FIU).
For all listed high-risk jurisdictions, professionals are expected to increase the number and timing of controls, review transaction patterns requiring additional scrutiny, and obtain further information on the purpose and rationale of transactions.

More broadly, Luxembourg-regulated entities must integrate these jurisdictional risks into their risk assessments, transaction monitoring frameworks, and suspicious activity reporting processes, ensuring alignment with the FATF’s risk-based approach to AML/CFT supervision.

Version française

BACKGROUND

Le 17 février 2026, la CSSF a mis à jour l'annexe à la circulaire 22/822, alignant les exigences luxembourgeoises en matière de lutte contre le blanchiment d'argent et le financement du terrorisme (AML/CFT) sur les dernières listes du Groupe d'action financière (GAFI) des juridictions à haut risque et des juridictions faisant l'objet d'une surveillance renforcée.

L'annexe reflète les dernières déclarations du GAFI et précise les mesures d'atténuation des risques que les professionnels supervisés par la CSSF doivent appliquer lorsqu'ils traitent avec ces juridictions. Cette mise à jour s'inscrit dans le cadre mis en place par le Luxembourg pour garantir que les institutions financières intègrent les évaluations des risques géopolitiques du GAFI dans leurs contrôles en matière de LBC/FT, y compris les mesures liées au blanchiment de capitaux (BC), au financement du terrorisme (FT) et au financement de la prolifération (FP).

L'annexe établit une distinction entre :

les juridictions à haut risque, où une diligence raisonnable renforcée et des contre-mesures potentielles doivent être appliquées ; et
les juridictions faisant l'objet d'une surveillance renforcée (communément appelées « liste grise » du GAFI), où les institutions doivent rendre compte des lacunes identifiées dans leurs cadres de gestion des risques.

WHAT'S NEW?

L'annexe mise à jour clarifie la classification des risques et les attentes en matière de surveillance pour plusieurs juridictions.

République populaire démocratique de Corée (RPDC)
Le GAFI maintient son appel à des contre-mesures en raison des lacunes graves et persistantes du régime de lutte contre le blanchiment de capitaux et le financement du terrorisme (LBC/FT) du pays et des risques liés au financement de la prolifération des armes de destruction massive. Les juridictions sont tenues de mettre fin à leurs relations de correspondance bancaire avec les banques de la RPDC, de fermer leurs filiales ou bureaux de représentation le cas échéant, et de restreindre leurs relations commerciales et leurs transactions financières avec les personnes de la RPDC.

Iran
L'Iran reste soumis aux contre-mesures du GAFI car son plan d'action en matière de LBC/FT reste incomplet. Les juridictions sont invitées à appliquer des mesures telles que la limitation des relations commerciales et des transactions financières, la restriction de la création de succursales ou de filiales par des institutions financières iraniennes ou des prestataires de services d'actifs virtuels, et la révision des relations de correspondance bancaire. Tout en appliquant ces mesures, les juridictions doivent veiller à ce que les flux humanitaires légitimes, tels que les denrées alimentaires, les fournitures sanitaires, les frais diplomatiques et les transferts de fonds personnels, soient traités en fonction des risques.

Myanmar
Le Myanmar continue d'être soumis à des exigences renforcées en matière de diligence raisonnable en raison des progrès insuffisants accomplis pour remédier aux lacunes identifiées dans son plan d'action du GAFI. Les juridictions doivent appliquer des mesures de diligence raisonnable renforcées proportionnées aux risques tout en veillant à ne pas perturber l'aide humanitaire, les activités légitimes à but non lucratif et les transferts de fonds. Le GAFI indique que des contre-mesures pourraient être envisagées si aucun progrès supplémentaire n'est réalisé d'ici juin 2026.

Juridictions sous surveillance renforcée
L'annexe énumère également les juridictions qui restent sous la surveillance du GAFI en raison de lacunes stratégiques en matière de LBC/FT, mais qui travaillent avec le GAFI pour y remédier. Il s'agit notamment de l'Algérie, de l'Angola, de la Bolivie, des îles Vierges britanniques, de la Bulgarie, du Cameroun, de la Côte d'Ivoire, de la République démocratique du Congo, d'Haïti, du Kenya, du Koweït, de la République démocratique populaire lao, du Liban, de Monaco, de la Namibie, du Népal, de la Papouasie-Nouvelle-Guinée, du Soudan du Sud, de la Syrie, du Venezuela, du Vietnam et du Yémen.

WHAT'S NEXT?

L'annexe précise les mesures AML/CFT attendues des professionnels soumis à la surveillance de la CSSF lorsqu'ils traitent avec les juridictions concernées.

Pour l'Iran et la RPDC, les professionnels doivent appliquer des mesures renforcées de vigilance et de surveillance, renforcer la surveillance des transactions et veiller à ce que les relations d'affaires ne puissent être utilisées pour contourner ou éluder les mesures AML/CFT. Les relations de correspondance bancaire avec des institutions de ces juridictions doivent être signalées à la CSSF.
Pour le Myanmar, les professionnels doivent accorder une attention particulière aux transactions et aux relations d'affaires impliquant des entités de cette juridiction et maintenir des mécanismes renforcés pour signaler les activités suspectes à la cellule de renseignement financier (CRF).
Pour toutes les juridictions à haut risque répertoriées, les professionnels sont tenus d'augmenter le nombre et la fréquence des contrôles, d'examiner les modèles de transactions nécessitant un examen supplémentaire et d'obtenir des informations complémentaires sur l'objet et la justification des transactions.

Plus généralement, les entités réglementées au Luxembourg doivent intégrer ces risques juridictionnels dans leurs évaluations des risques, leurs cadres de surveillance des transactions et leurs processus de signalement des activités suspectes, en veillant à s'aligner sur l'approche fondée sur les risques du GAFI en matière de supervision de la lutte contre le blanchiment de capitaux et le financement du terrorisme.

PFI publishes a communication announcing the launch of the new RAIF 2026 campaign / PFI publie une communication annonçant le lancement de la nouvelle campagne RAIF 2026

BACKGROUND

On 13 February 2026, the Luxembourg indirect tax portal (PFI) announced the start of the new FIAR 2026 campaign. In this context, the AED made available the updated “FIAR AML/CFT Questionnaire 2025” and confirmed that the Responsable du contrôle (RC) of each RAIF/FIAR must also submit the RC report 2025 relating to the activity of the fund, with data as of 31 December 2025.

The campaign forms part of the AED’s supervisory role over RAIFs as “other financial institutions” under the Luxembourg AML/CFT framework. It is presented as an annual cooperation exercise requiring RAIFs to submit AML/CFT information and supporting reporting to the AED.

WHAT'S NEW?

For the 2026 reporting campaign, the AED requires RAIFs/FIARs to submit two separate AML/CFT reporting documents covering their activities as of 31 December 2025.

First, RAIFs/FIARs must complete the FIAR AML/CFT Questionnaire 2025, which collects information on the AML/CFT framework implemented by the fund. The questionnaire must be submitted annually, in its original Excel format, and must follow a specific naming convention when transmitted to the AED. The authority has also published guidelines to assist RAIFs/FIARs in completing the questionnaire, supporting consistency in the information provided.

Second, the RC report 2025 must be prepared and submitted by the Responsable du contrôle (RC). This report provides a synthesis of the AML/CFT activities carried out by the RAIF/FIAR and must cover several key elements, including:

the RAIF’s identification details and RCS number;
the identification and assessment of AML and terrorist financing risks and the measures taken to mitigate them;
the results of due diligence carried out on investors, initiators, delegated portfolio managers and investment advisers;
enhanced due diligence on intermediaries and politically exposed persons (PEPs);
due diligence measures applied to the assets of the RAIF/FIAR;
monitoring of blocked positions and financial sanctions-related transactions;
periodic review of business relationships according to risk levels;
controls performed on delegated AML/CFT functions where tasks have been outsourced;
statistics on suspicious transaction reports submitted to the Luxembourg Financial Intelligence Unit (CRF) and related amounts; and
the number of identified AML/CFT breaches, including an explicit statement where none have been identified.

The AED also clarifies submission responsibilities: the Responsable du respect (RR) must transmit the questionnaire, although the RR may mandate the RC to submit it on their behalf.

WHAT'S NEXT?

Both the FIAR AML/CFT Questionnaire 2025 and the RC report 2025 must be submitted no later than 31 May 2026 (close of business).

The two documents must be transmitted separately to the AED via the dedicated email address aed.raif@en.etat.lu.
The questionnaire must be sent in Excel format, while the RC report must be transmitted as a signed PDF consisting of a single document. The AED also requires entities to follow specific file naming conventions when sending both files.

RAIFs/FIARs are therefore expected to ensure that the questionnaire and RC report are prepared using data as of 31 December 2025, comply with the required technical formats, and are submitted within the deadline set by the AED.

Version française

BACKGROUND

Le 13 février 2026, le portail luxembourgeois des impôts indirects (PFI) a annoncé le lancement de la nouvelle campagne FIAR 2026. Dans ce contexte, l'AED a mis à disposition le « Questionnaire FIAR AML/CFT 2025 » mis à jour et a confirmé que le Responsable du contrôle (RC) de chaque RAIF/FIAR doit également soumettre le rapport RC 2025 relatif à l'activité du fonds, avec les données au 31 décembre 2025.

Cette campagne s'inscrit dans le cadre du rôle de surveillance de l'AED sur les RAIF en tant qu'« autres institutions financières » au titre du cadre luxembourgeois en matière de LBC/FT. Elle se présente comme un exercice de coopération annuel qui impose aux RAIF de soumettre à l'AED des informations et des rapports justificatifs en matière de LBC/FT.

WHAT'S NEW?

Pour la campagne de déclaration 2026, l'AED exige que les RAIF/FIAR soumettent deux documents distincts de déclaration AML/CFT couvrant leurs activités au 31 décembre 2025.

Tout d'abord, les RAIF/FIAR doivent remplir le questionnaire FIAR AML/CFT 2025, qui recueille des informations sur le cadre AML/CFT mis en œuvre par le fonds. Le questionnaire doit être soumis chaque année, dans son format Excel d'origine, et doit respecter une convention de nommage spécifique lorsqu'il est transmis à l'AED. L'autorité a également publié des lignes directrices pour aider les RAIF/FIAR à remplir le questionnaire, afin de garantir la cohérence des informations fournies.

Deuxièmement, le rapport RC 2025 doit être préparé et soumis par le Responsable du contrôle (RC). Ce rapport fournit une synthèse des activités AML/CFT menées par le RAIF/FIAR et doit couvrir plusieurs éléments clés, notamment :

les coordonnées et le numéro RCS du RAIF ;
l'identification et l'évaluation des risques liés à la lutte contre le blanchiment d'argent et le financement du terrorisme, ainsi que les mesures prises pour les atténuer ;
les résultats des contrôles préalables effectués sur les investisseurs, les initiateurs, les gestionnaires de portefeuille délégués et les conseillers en investissement ;
les contrôles préalables renforcés sur les intermédiaires et les personnes politiquement exposées (PPE) ;
les mesures de contrôle préalable appliquées aux actifs du RAIF/FIAR ;
le suivi des positions bloquées et des transactions liées à des sanctions financières ;
l'examen périodique des relations d'affaires en fonction des niveaux de risque ;
les contrôles effectués sur les fonctions déléguées en matière de LBC/FT lorsque des tâches ont été externalisées ;
les statistiques sur les déclarations d'opérations suspectes soumises à la cellule de renseignement financier luxembourgeoise (CRF) et les montants correspondants ; et
le nombre de violations identifiées en matière de LBC/FT, y compris une déclaration explicite lorsqu'aucune violation n'a été identifiée.

L'AED clarifie également les responsabilités en matière de soumission : le responsable du respect (RR) doit transmettre le questionnaire, mais il peut mandater le RC pour le soumettre en son nom.

WHAT'S NEXT?

Le questionnaire FIAR AML/CFT 2025 et le rapport RC 2025 doivent être soumis au plus tard le 31 mai 2026 (à la fermeture des bureaux).

Les deux documents doivent être transmis séparément à l'AED via l'adresse e-mail dédiée aed.raif@en.etat.lu.
Le questionnaire doit être envoyé au format Excel, tandis que le rapport RC doit être transmis sous forme de PDF signé constituant un document unique. L'AED exige également que les entités respectent des conventions de nommage spécifiques lors de l'envoi des deux fichiers.

Les RAIF/FIAR doivent donc s'assurer que le questionnaire et le rapport RC sont préparés à partir des données au 31 décembre 2025, qu'ils respectent les formats techniques requis et qu'ils sont soumis dans les délais fixés par l'AED.

DIGITAL ASSETS

CSSF publishes its updated FAQ on Crypto-Assets – Undertakings for collective investment / CSSF met à jour ses FAQ sur les Crypto-Actifs - Organismes de placement collectif

On February 4 2026, the CSSF published its updated FAQ on Crypto-Assets – Undertakings for collective investment (previously FAQ Virtual Assets – Undertakings for collective investment).

The FAQ clarifies how Luxembourg investment funds and IFMs may engage with crypto-assets (MiCAR scope) and what the CSSF expects in terms of risk governance, disclosure, custody arrangements, and AML/CFT controls.

1) UCITS
UCITS may invest only indirectly in crypto-assets, up to 10% of the NAV, via eligible transferable securities that do not embed derivatives. The CSSF highlights that the volatility, limited liquidity, and technological risks of crypto-assets can materially affect a fund’s risk profile. Managers should update risk management policies, strengthen internal controls for approving new products or strategies, and ensure investors are informed clearly and transparently. Any exposure to crypto-assets must be notified to the CSSF in advance.

2) AIFs
AIFs may invest directly or indirectly in crypto-assets, while complying with all applicable fund rules. For AIFs open to retail investors (other than “well-informed investors”), exposure is limited to 10% of NAV. Managers should assess case by case the impact on the fund’s risk profile, maintain updated policies and documentation, and ensure investors are properly informed.

3) IFMs – Authorisation
A Luxembourg IFM managing an AIF with more than 10% exposure to crypto-assets must obtain prior CSSF authorisation for the strategy “Other-Other Fund-Crypto-assets”. The CSSF expects a detailed submission including the project description, service providers/delegates, direct vs. indirect exposure, updated risk and valuation policies, portfolio manager experience, custody arrangements, target investors and distribution channels, and an asset-side AML/CFT analysis. Particular attention is given to control of private keys and compliance with MiCAR crypto-asset service provider (CASP) requirements.

4) Depositaries
Depositaries may support funds investing directly in crypto-assets, provided they have a robust operational model and notify the CSSF in a timely manner. The CSSF specifies that: “A depositary providing direct custody of crypto-assets must be authorised or notified under MiCAR and inform the CSSF in a timely manner.”
If custody is delegated to an external specialist, responsibilities and contracts must be clearly defined.

5) AML / CFT
The CSSF highlights that crypto-assets increase the risk of money laundering and terrorist financing. Funds and managers must assess the risk of each asset, perform appropriate due diligence depending on the type of crypto-asset and acquisition method (exchange, ICO, ITO, etc.), and understand the origin and destination of the assets.
Compliance and control officers must demonstrate a solid understanding of these risks and implement measures to mitigate them.

Crypto-assets offer opportunities, but careful governance, risk management, and compliance are essential to protect investors and ensure regulatory alignment and CSSF's expectations.

Version française

Le 4 février 2026, la CSSF a publié sa FAQ mise à jour sur les crypto-actifs – Organismes de placement collectif (anciennement FAQ Actifs virtuels – Organismes de placement collectif).La FAQ précise comment les fonds d'investissement luxembourgeois et les GFI peuvent s'exposer aux crypto-actifs (périmètre MiCAR) et ce que la CSSF attend en matière de gouvernance des risques, de divulgation, de modalités de conservation et de contrôles LBC/FT.

1) OPCVM
Les OPCVM ne peuvent investir qu'indirectement dans des crypto-actifs, dans la limite de 10 % de la VNI, via des valeurs mobilières éligibles n'intégrant pas de dérivés. La CSSF souligne que la volatilité, la liquidité limitée et les risques technologiques des crypto-actifs peuvent affecter substantiellement le profil de risque d'un fonds. Les gestionnaires doivent mettre à jour leurs politiques de gestion des risques, renforcer les contrôles internes pour l'approbation de nouveaux produits ou stratégies, et veiller à ce que les investisseurs soient informés de manière claire et transparente. Toute exposition aux crypto-actifs doit être notifiée au préalable à la CSSF.

2) FIA
Les FIA peuvent investir directement ou indirectement dans des crypto-actifs, dans le respect de toutes les règles applicables. Pour les FIA ouverts aux investisseurs de détail (autres que les « investisseurs avertis »), l'exposition est limitée à 10 % de la VNI. Les gestionnaires doivent évaluer au cas par cas l'impact sur le profil de risque du fonds, maintenir des politiques et une documentation à jour, et veiller à ce que les investisseurs soient correctement informés.

3) GFI – Agrément
Un GFI luxembourgeois gérant un FIA dont l'exposition aux crypto-actifs dépasse 10 % doit obtenir au préalable l'agrément de la CSSF pour la stratégie « Autre-Autre Fonds-Crypto-actifs ». La CSSF attend un dossier détaillé comprenant la description du projet, les prestataires de services/délégataires, l'exposition directe ou indirecte, les politiques de risque et de valorisation mises à jour, l'expérience du gérant de portefeuille, les modalités de conservation, les investisseurs cibles et les canaux de distribution, ainsi qu'une analyse LBC/FT côté actifs. Une attention particulière est portée au contrôle des clés privées et au respect des exigences applicables aux prestataires de services sur crypto-actifs (PSCA) au titre de MiCAR.

4) Dépositaires
Les dépositaires peuvent accompagner les fonds investissant directement dans des crypto-actifs, à condition de disposer d'un modèle opérationnel solide et d'en informer la CSSF en temps utile. La CSSF précise que : « Un dépositaire assurant la conservation directe de crypto-actifs doit être agréé ou notifié au titre de MiCAR et en informer la CSSF en temps utile. » Si la conservation est déléguée à un spécialiste externe, les responsabilités et les contrats doivent être clairement définis.

5) LBC/FT
La CSSF souligne que les crypto-actifs accroissent le risque de blanchiment de capitaux et de financement du terrorisme. Les fonds et gestionnaires doivent évaluer le risque de chaque actif, effectuer les diligences appropriées en fonction du type de crypto-actif et du mode d'acquisition (bourse, ICO, ITO, etc.), et comprendre l'origine et la destination des actifs. Les responsables de la conformité et du contrôle doivent démontrer une solide compréhension de ces risques et mettre en œuvre des mesures d'atténuation.Les crypto-actifs offrent des opportunités, mais une gouvernance rigoureuse, une gestion des risques et une conformité irréprochables sont essentielles pour protéger les investisseurs et garantir l'alignement réglementaire avec les attentes de la CSSF.

DIGITAL OPERATIONAL RESILIENCE

CSSF publishes a communication announcing the opening of the eDesk submission window for the DORA register of information / La CSSF publie une communication annonçant l'ouverture de la fenêtre de soumission eDesk pour le registre d'information DORA

On 11 February 2026, the Commission de Surveillance du Secteur Financier (CSSF) published a communiqué announcing the opening of the eDesk submission window for the DORA register of information, in accordance with Article 28(3) of Regulation (EU) 2022/2554 (DORA).

Under DORA, financial entities must maintain and regularly update a register of information covering all contractual arrangements relating to ICT services provided by ICT third-party service providers, at individual, sub-consolidated and consolidated levels. As required by Circular CSSF 25/882, supervised entities (excluding those under direct ECB supervision) must submit this register annually to the CSSF.

For the 2026 campaign, the submission period runs from 11 February 2026 to 31 March 2026, via the CSSF eDesk Portal. The reference date for the register is 31 December 2025, meaning that all contractual arrangements concluded up to that date must be included. Following ESA Q&A #102, third-country branches falling within DORA scope and supervised by the CSSF are also required to submit a register within the same timeframe.

Validation checks defined by the ESAs (last updated April 2025) remain unchanged but will apply to a broader set of data fields, potentially leading to rejections of registers previously accepted. Registers must be submitted as plain CSV files within a ZIP file following the ESA-defined folder structure and naming conventions.

Entities must communicate their LEI to the CSSF beforehand and assign at least one employee the “DORA Reporting” role in eDesk. Registers may be subject to re-submission requests by the CSSF or ESAs if validation errors are detected.

Version française

Le 11 février 2026, la Commission de Surveillance du Secteur Financier (CSSF) a publié un communiqué annonçant l'ouverture de la fenêtre de soumission eDesk pour le registre d'informations DORA, conformément à l'article 28, paragraphe 3, du règlement (UE) 2022/2554 (DORA).

En vertu de la DORA, les entités financières doivent tenir et mettre à jour régulièrement un registre d'informations couvrant tous les accords contractuels relatifs aux services TIC fournis par des prestataires de services TIC tiers, aux niveaux individuel, sous-consolidé et consolidé. Conformément à la circulaire CSSF 25/882, les entités soumises à surveillance (à l'exception de celles sous la surveillance directe de la BCE) doivent soumettre ce registre chaque année à la CSSF.

Pour la campagne 2026, la période de soumission s'étend du 11 février 2026 au 31 mars 2026, via le portail eDesk de la CSSF. La date de référence pour le registre est le 31 décembre 2025, ce qui signifie que tous les accords contractuels conclus jusqu'à cette date doivent être inclus. Conformément à la question-réponse n° 102 de l'AES, les succursales de pays tiers relevant du champ d'application de la DORA et supervisées par la CSSF sont également tenues de soumettre un registre dans le même délai.

Les contrôles de validation définis par les AES (dernière mise à jour en avril 2025) restent inchangés, mais s'appliqueront à un ensemble plus large de champs de données, ce qui pourrait entraîner le rejet de registres précédemment acceptés. Les registres doivent être soumis sous forme de fichiers CSV simples dans un fichier ZIP, conformément à la structure des dossiers et aux conventions de nommage définies par l'AES.

Les entités doivent communiquer au préalable leur LEI à la CSSF et attribuer à au moins un employé le rôle « DORA Reporting » dans eDesk. Les registres peuvent faire l'objet de demandes de resoumission par la CSSF ou les AES si des erreurs de validation sont détectées.

FINANCIAL INSTRUMENTS

CSSF publishes the updated FAQ relating to the Law of 17 December 2010 on Undertakings for Collective Investment (UCITS) / La CSSF publie la FAQ mise à jour relative à la loi du 17 décembre 2010 sur les organismes de placement collectif (OPCVM)

On 17 February 2026, the Luxembourg supervisor CSSF published Version 23 of its FAQ relating to the Law of 17 December 2010 on Undertakings for Collective Investment (UCITS). The FAQ acts as supervisory guidance clarifying interpretation and implementation questions that arise in practice for UCITS management companies, depositaries, UCI administrators and related fund service providers operating under Luxembourg law.

The document consolidates a wide range of regulatory clarifications covering investment eligibility, diversification rules, delegation arrangements, governance and independence requirements, PRIIPs implementation, share-class structuring, data transfer, MiFID interactions, and treatment of global exposure breaches. The updates in Version 23 notably include if loans constitute eligible investments for UCITS (Question 1.14) and on the portfolio transparency requirements applicable to UCITS ETFS (Question 12.1).

The FAQ plays a practical role by translating high-level legislative provisions and EU regulatory texts into supervisory expectations applicable to Luxembourg UCITS structures. It provides clarity on recurring operational issues such as eligibility of instruments, treatment of structured products, use of margin accounts, applicability of MiFID services to fund managers, and governance independence between management companies and depositaries.

For market participants, the document reinforces supervisory consistency and reduces legal uncertainty by codifying positions that historically emerged through case-by-case interactions with the regulator. It also reflects ongoing alignment with broader EU frameworks (e.g., UCITS V, PRIIPs, MiFID) and evolving market practices such as SPAC investments, hedged share classes, and delegation models.

Overall, this FAQ is not a new legal act but an interpretative supervisory instrument, which in practice strongly influences compliance expectations and operational setups for Luxembourg-domiciled UCITS funds. Firms should treat updates as actionable supervisory guidance requiring review of governance frameworks, liquidity practices, disclosure mechanisms and operating models to ensure continued alignment with CSSF interpretations.

Version française

Le 17 février 2026, l'autorité de surveillance luxembourgeoise CSSF a publié la version 23 de sa FAQ relative à la loi du 17 décembre 2010 sur les organismes de placement collectif (OPCVM). La FAQ sert de guide de surveillance clarifiant les questions d'interprétation et de mise en œuvre qui se posent dans la pratique aux sociétés de gestion d'OPCVM, aux dépositaires, aux administrateurs d'OPC et aux prestataires de services liés aux fonds opérant sous le droit luxembourgeois.

Le document regroupe un large éventail de clarifications réglementaires couvrant l'éligibilité des investissements, les règles de diversification, les accords de délégation, les exigences en matière de gouvernance et d'indépendance, la mise en œuvre des PRIIP, la structuration des catégories d'actions, le transfert de données, les interactions avec la MiFID et le traitement des violations de l'exposition globale. Les mises à jour de la version 23 portent notamment sur la question de savoir si les prêts constituent des investissements éligibles pour les OPCVM (question 1.14) et sur les exigences de transparence du portefeuille applicables aux OPCVM ETF (question 12.1).

La FAQ joue un rôle pratique en traduisant les dispositions législatives de haut niveau et les textes réglementaires de l'UE en attentes prudentielles applicables aux structures OPCVM luxembourgeoises. Elle apporte des éclaircissements sur des questions opérationnelles récurrentes telles que l'éligibilité des instruments, le traitement des produits structurés, l'utilisation des comptes sur marge, l'applicabilité des services MiFID aux gestionnaires de fonds et l'indépendance de la gouvernance entre les sociétés de gestion et les dépositaires.

Pour les acteurs du marché, ce document renforce la cohérence de la surveillance et réduit l'incertitude juridique en codifiant les positions qui ont historiquement émergé à travers des interactions au cas par cas avec l'autorité de régulation. Il reflète également l'alignement continu avec les cadres européens plus larges (par exemple, OPCVM V, PRIIP, MiFID) et l'évolution des pratiques du marché telles que les investissements SPAC, les classes d'actions couvertes et les modèles de délégation.

Dans l'ensemble, cette FAQ n'est pas un nouvel acte juridique, mais un instrument de surveillance interprétatif qui, dans la pratique, influence fortement les attentes en matière de conformité et les configurations opérationnelles des fonds OPCVM domiciliés au Luxembourg. Les entreprises doivent considérer ces mises à jour comme des orientations de surveillance exploitables nécessitant un examen des cadres de gouvernance, des pratiques de liquidité, des mécanismes de divulgation et des modèles opérationnels afin de garantir un alignement continu avec les interprétations de la CSSF.

GOVERNANCE & ORGANISATION

Chambre des députés publishes draft law 8705 on CRDVI transposition / La Chambre des députés publie le projet de loi 8705 relatif à la transposition de CRDVI

On 13 February 2026, Chambre des députés published draft law 8705 depositing a bill partially transposing Directive (EU) 2024/1619 (CRD6), which introduces changes relating to supervisory powers, sanctions, third-country branches and ESG risks, and which amends the laws governing the Luxembourg financial supervisory authorities.

The draft law primarily aims to incorporate CRD6 provisions into the law establishing the Commission de Surveillance du Secteur Financier (CSSF), focusing on governance, independence and accountability requirements for competent authorities. It introduces statutory obligations ensuring the CSSF has adequate resources and operational independence, and requires publication of supervisory objectives and annual reporting on their execution. The bill also formalises existing practices concerning conflict-of-interest prevention, including declaration of interests, restrictions on trading financial instruments issued by supervised entities, cooling-off periods, and limits on the duration of mandates for members of management.

The text strengthens cooperation mechanisms between supervisory authorities and the public prosecutor where administrative and criminal sanctions may overlap. It codifies safeguards intended to ensure impartiality in sanctioning procedures, such as appointing independent mission leaders or investigators and requiring abstention of certain supervisory directors during sanction decisions. The law further introduces settlement procedures for administrative sanctions and clarifies that monetary penalties will accrue to the State budget, with recovery procedures assigned to tax authorities.

Beyond CRD6 transposition, the bill modernises governance frameworks for both the CSSF and the Commissariat aux Assurances (CAA), aligning organisational structures, clarifying appointment and dismissal criteria for directors, formalising internal audit functions, and organising whistleblowing channels in line with EU whistleblower protection legislation. It also embeds financial education roles and updates organisational and staffing provisions to reflect institutional growth and operational complexity.

Overall, the draft law aims to reinforce supervisory independence, governance consistency, transparency, and procedural robustness across Luxembourg’s financial supervisory framework while aligning national legislation with EU prudential governance requirements.

Version française

Le 13 février 2026, la Chambre des députés a publié le projet de loi 8705 déposant un projet de loi transposant partiellement la directive (UE) 2024/1619 (CRD6), qui introduit des modifications relatives aux pouvoirs de surveillance, aux sanctions, aux succursales de pays tiers et aux risques ESG, et qui modifie les lois régissant les autorités de surveillance financière luxembourgeoises.

Le projet de loi vise principalement à intégrer les dispositions de la CRD6 dans la loi portant création de la Commission de Surveillance du Secteur Financier (CSSF), en mettant l'accent sur les exigences en matière de gouvernance, d'indépendance et de responsabilité des autorités compétentes. Il introduit des obligations légales garantissant que la CSSF dispose de ressources adéquates et d'une indépendance opérationnelle, et exige la publication des objectifs de surveillance et la présentation d'un rapport annuel sur leur exécution. Le projet de loi formalise également les pratiques existantes en matière de prévention des conflits d'intérêts, notamment la déclaration d'intérêts, les restrictions sur la négociation d'instruments financiers émis par des entités surveillées, les délais de réflexion et les limites de durée des mandats des membres de la direction.

Le texte renforce les mécanismes de coopération entre les autorités de surveillance et le ministère public lorsque les sanctions administratives et pénales peuvent se chevaucher. Il codifie les garanties visant à assurer l'impartialité des procédures de sanction, telles que la nomination de chefs de mission ou d'enquêteurs indépendants et l'obligation pour certains administrateurs de s'abstenir lors des décisions de sanction. La loi introduit en outre des procédures de règlement pour les sanctions administratives et précise que les sanctions pécuniaires seront versées au budget de l'État, les procédures de recouvrement étant confiées aux autorités fiscales.

Au-delà de la transposition de la CRD6, le projet de loi modernise les cadres de gouvernance de la CSSF et du Commissariat aux Assurances (CAA), en harmonisant les structures organisationnelles, en clarifiant les critères de nomination et de révocation des administrateurs, en officialisant les fonctions d'audit interne et en organisant des canaux d'alerte conformément à la législation européenne en matière de protection des lanceurs d'alerte. Il intègre également des rôles en matière d'éducation financière et actualise les dispositions relatives à l'organisation et au personnel afin de refléter la croissance institutionnelle et la complexité opérationnelle.

Dans l'ensemble, le projet de loi vise à renforcer l'indépendance de la surveillance, la cohérence de la gouvernance, la transparence et la robustesse des procédures dans l'ensemble du cadre de surveillance financière luxembourgeois, tout en alignant la législation nationale sur les exigences prudentielles de l'UE en matière de gouvernance.

OTHER - TAX

Legilux publishes the law of 3 February amending the Income Tax Law and the AIFM Law / Legilux publie la loi du 3 février modifiant la loi sur l'impôt sur le revenu et la loi sur les gestionnaires de fonds d'investissement alternatifs

On 3 February 2026, the Grand Duchy of Luxembourg published the Law of 3 February 2026 which amends the Law of 4 December 1967 on income tax and the Law of 12 July 2013 relating to alternative investment fund managers.

The law introduces targeted amendments to the Luxembourg income tax regime applicable to carried interest derived from alternative investment funds (AIFs) and removes a provision from the AIFM legal framework. Its provisions apply from the 2026 tax year.

First, the law revises Article 99bis, paragraph 1a of the income tax law by clarifying the definition and tax treatment of carried interest. Carried interest is defined as participation in the overperformance of an AIF based on a specific contractual entitlement granting rights over the net assets and income of the fund, where such entitlement is granted to a natural person acting as a manager or providing services to AIF managers or management companies. The law explicitly includes individuals acting as employees, partners, managers or directors, as well as individual service providers intervening in AIF management through advisory service agreements, whether directly or indirectly.

The law further distinguishes carried interest that is exclusively contractual from carried interest that is indissociably linked to a direct or indirect participation in the AIF. Where carried interest is linked to such a participation, it is treated as a speculative gain. However, where the holding period between acquisition or constitution of the participation and its disposal exceeds six months, the resulting speculative gain is not taxable, subject to the application of Article 100 of the income tax law. For AIFs organised as common funds or entities referred to in Article 175, carried interest is always deemed to constitute a speculative gain, irrespective of the nature of the income realised by the fund.

Secondly, the law amends Article 132 of the income tax law by classifying certain carried interest income as extraordinary income taxable under Article 131.

Finally, the law repeals Article 213 of the Law of 12 July 2013 on alternative investment fund managers. The law applies as from the 2026 tax year.

Version française

Le 3 février 2026, le Grand-Duché de Luxembourg a publié la loi du 3 février 2026 qui modifie la loi du 4 décembre 1967 relative à l'impôt sur le revenu et la loi du 12 juillet 2013 relative aux gestionnaires de fonds d'investissement alternatifs.

La loi introduit des modifications ciblées au régime luxembourgeois de l'impôt sur le revenu applicable aux intérêts reportés provenant de fonds d'investissement alternatifs (FIA) et supprime une disposition du cadre juridique des gestionnaires de FIA. Ses dispositions s'appliquent à partir de l'année fiscale 2026.

Tout d'abord, la loi modifie l'article 99bis, paragraphe 1a, de la loi relative à l'impôt sur le revenu en clarifiant la définition et le traitement fiscal des intérêts reportés. Les intérêts reportés sont définis comme une participation à la surperformance d'un FIA sur la base d'un droit contractuel spécifique accordant des droits sur les actifs nets et les revenus du fonds, lorsque ce droit est accordé à une personne physique agissant en tant que gestionnaire ou fournissant des services à des gestionnaires de FIA ou à des sociétés de gestion. La loi inclut explicitement les personnes physiques agissant en tant que salariés, associés, gérants ou administrateurs, ainsi que les prestataires de services individuels intervenant dans la gestion des FIA par le biais de contrats de services de conseil, que ce soit directement ou indirectement.

La loi distingue en outre les intérêts reportés qui sont exclusivement contractuels des intérêts reportés qui sont indissociablement liés à une participation directe ou indirecte dans le FIA. Lorsque les intérêts reportés sont liés à une telle participation, ils sont traités comme un gain spéculatif. Toutefois, lorsque la période de détention entre l'acquisition ou la constitution de la participation et sa cession dépasse six mois, le gain spéculatif qui en résulte n'est pas imposable, sous réserve de l'application de l'article 100 de la loi relative à l'impôt sur le revenu. Pour les FIA organisés sous forme de fonds communs de placement ou d'entités visées à l'article 175, les participations bénéficiaires sont toujours considérées comme constituant un gain spéculatif, quelle que soit la nature des revenus réalisés par le fonds.

Deuxièmement, la loi modifie l'article 132 de la loi relative à l'impôt sur le revenu en classant certains revenus de carried interest comme des revenus extraordinaires imposables en vertu de l'article 131.

Enfin, la loi abroge l'article 213 de la loi du 12 juillet 2013 relative aux gestionnaires de fonds d'investissement alternatifs. La loi s'applique à partir de l'année fiscale 2026.

REPORTING

BCL publishes lettre circulaire 2026/0050 on changes to the statistical data collection for financial companies / La BCL publie la lettre circulaire 2026/0050 relative aux modifications de la collecte de données statistiques pour les sociétés financières

On 23 February 2026, BCL published the circular letter “Modification of the statistical collection on financial vehicle corporations (FVC) 2026 – ST/26/0050” which announces changes to the BCL’s statistical reporting framework applicable from reference period 2026. The document is addressed to financial vehicle corporations (FVCs) and their reporting agents and sets out the scope, timeline and content of the revised data collection.

The circular explains that, in line with the European Central Bank (ECB) statistical requirements, the BCL is updating the templates and instructions used for the collection of balance sheet and related information from FVCs resident in Luxembourg. The modifications concern the structure and level of detail of certain breakdowns, including instrument categories, counterpart sectors and geographical information, as well as selected memorandum items. The circular specifies that the changes are designed to ensure consistency with the latest ECB regulations and to improve the quality and comparability of statistics compiled by the BCL.

The updated reporting framework will apply as from the first reporting period of 2026. The circular states that revised report layouts, technical formats and instructions will be made available on the BCL website, and that reporting agents must adapt their internal processes and systems to comply with the new requirements within the prescribed deadlines. The BCL also indicates that existing validation rules and transmission procedures will be adjusted to reflect the new templates.

The document clarifies that the legal basis for the collection remains the applicable ECB regulations and the national implementing measures, and reminds reporting entities of their obligation to provide complete, accurate and timely data. The circular highlights that non-compliance may result in sanctions in accordance with the relevant legal provisions.

Version française

Le 23 février 2026, la BCL a publié la circulaire « Modification de la collecte statistique sur les sociétés-écrans (FVC) 2026 – ST/26/0050 », qui annonce des changements dans le cadre de déclaration statistique de la BCL applicables à partir de la période de référence 2026. Ce document s'adresse aux sociétés-écrans et à leurs agents déclarants et définit la portée, le calendrier et le contenu de la collecte de données révisée.

La circulaire explique que, conformément aux exigences statistiques de la Banque centrale européenne (BCE), la BCL met à jour les modèles et les instructions utilisés pour la collecte des bilans et des informations connexes auprès des sociétés-écrans résidentes au Luxembourg. Les modifications concernent la structure et le niveau de détail de certaines ventilations, notamment les catégories d'instruments, les secteurs de contrepartie et les informations géographiques, ainsi que certains postes pour mémoire. La circulaire précise que ces modifications visent à assurer la cohérence avec les dernières réglementations de la BCE et à améliorer la qualité et la comparabilité des statistiques compilées par la BCL.

Le cadre de déclaration actualisé s'appliquera à compter de la première période de déclaration de 2026. La circulaire précise que les modèles de déclaration, les formats techniques et les instructions révisés seront disponibles sur le site web de la BCL et que les agents déclarants devront adapter leurs processus et systèmes internes afin de se conformer aux nouvelles exigences dans les délais prescrits. La BCL indique également que les règles de validation et les procédures de transmission existantes seront ajustées afin de refléter les nouveaux modèles.

Le document précise que la base juridique de la collecte reste les règlements applicables de la BCE et les mesures nationales de mise en œuvre, et rappelle aux entités déclarantes leur obligation de fournir des données complètes, exactes et actualisées. La circulaire souligne que le non-respect de ces obligations peut entraîner des sanctions conformément aux dispositions légales applicables.

CSSF publishes a communication announcing the launch of the PSD2 – PSP ICT Assessment campaign for the financial year 2025 / La CSSF publie une communication annonçant le lancement de la campagne PSD2 – Évaluation ICT des PSP pour l'exercice financier 2025

On 9 February 2026, the Commission de Surveillance du Secteur Financier (CSSF) published a communiqué launching the “PSD2 – PSP ICT Assessment campaign” for the financial year 2025, requiring payment service providers (PSPs) to submit an updated and comprehensive ICT risk assessment in accordance with Circular CSSF 25/880.

The campaign became available to concerned professionals as of 9 February 2026. Through this annual reporting exercise, PSPs must provide the CSSF with a detailed assessment of ICT-related risks associated with the provision of payment services. The reporting obligation forms part of the supervisory framework under PSD2 and aims at ensuring that PSPs maintain an adequate understanding, governance and mitigation of ICT risks.

The required questionnaire must be submitted via the CSSF eDesk platform using the dedicated procedure entitled “PSD2 – PSP ICT Assessment”. In addition to manual completion through the webform, the CSSF provides the possibility of pre-filing the webform via an API solution using the S3 protocol. A dedicated user guide is made available within the eDesk procedure to support institutions in completing and submitting the assessment.

The communiqué does not introduce new reporting requirements but confirms the launch of the 2026 campaign relating to the 2025 financial year and reiterates the submission channels and technical modalities.

Version française

Le 9 février 2026, la Commission de Surveillance du Secteur Financier (CSSF) a publié un communiqué lançant la « campagne PSD2 – Évaluation ICT des PSP » pour l'exercice 2025, exigeant des prestataires de services de paiement (PSP) qu'ils soumettent une évaluation actualisée et complète des risques ICT conformément à la circulaire CSSF 25/880.

La campagne a été mise à la disposition des professionnels concernés à compter du 9 février 2026. Dans le cadre de cet exercice de reporting annuel, les PSP doivent fournir à la CSSF une évaluation détaillée des risques liés aux TIC associés à la fourniture de services de paiement. L'obligation de reporting fait partie du cadre de surveillance prévu par la PSD2 et vise à garantir que les PSP maintiennent une compréhension, une gouvernance et une atténuation adéquates des risques liés aux TIC.

Le questionnaire requis doit être soumis via la plateforme eDesk de la CSSF en utilisant la procédure dédiée intitulée « PSD2 – PSP ICT Assessment ». Outre le remplissage manuel du formulaire en ligne, la CSSF offre la possibilité de pré-remplir le formulaire via une solution API utilisant le protocole S3. Un guide d'utilisation dédié est disponible dans la procédure eDesk afin d'aider les établissements à remplir et à soumettre l'évaluation.

Le communiqué n'introduit pas de nouvelles exigences en matière de reporting, mais confirme le lancement de la campagne 2026 relative à l'exercice 2025 et réitère les canaux de soumission et les modalités techniques.

CSSF publishes a communication on CSSF 21/790 UCI Reports (Jan–Apr 2026) – eDesk Update / La CSSF publie une communication sur les rapports UCI CSSF 21/790 (jan.–avr. 2026) – Mise à jour eDesk

On 10 February 2026, the Commission de Surveillance du Secteur Financier (CSSF) published a communiqué announcing the availability on eDesk (CISERO module) of the UCI Self-Assessment Questionnaire (SAQ), Separate Report (SR) and Management Letter (ML) for financial year-ends 31 January 2026, 28 February 2026, 31 March 2026 and 30 April 2026, together with updates to these reports.

The Reports for later financial year-ends will be made available three months prior to the respective year-end. Based on supervisory assessments, priorities and regulatory developments, the CSSF introduced several changes compared to the reports applicable for year-end 31 December 2025.

For the SAQ, key updates concern valuation, expenses/income and NAV determination. In the valuation section, new questions address stressed market conditions, coverage of new sub-funds or strategies, independent validation of valuation models, and risk-based backtesting controls. Certain asset-specific questions were removed and wording clarified, including conflicts of interest and stale valuations. Some questions are now limited to open-ended UCIs. In the NAV section, the Liquidity Management Tools (LMTs) subsection was aligned with Directive (EU) 2024/927 (AIFM/UCITS Review Directive), applicable from 16 April 2026. In the expenses section, further specifications were added regarding the formalised assessment of costs/fees, including management discussion requirements, and a new question refers to ESMA Guidelines on performance fees (ESMA34-39-992).

For the SR, several procedures were removed (investment compliance, valuation controls for certain MMFs, LMT policy procedures, securities financing transactions), and some were streamlined or risk-based. A new procedure was added to verify the formalised cost assessment and its discussion at management level. Adjustments were also made in the organisation section regarding risk management policies for certain SIFs.

Version française

Le 10 février 2026, la Commission de Surveillance du Secteur Financier (CSSF) a publié un communiqué annonçant la mise à disposition sur eDesk (module CISERO) du questionnaire d'auto-évaluation (SAQ), du rapport séparé (SR) et de la lettre de recommandation (ML) pour les exercices clos au 31 janvier 2026, au 28 février 2026, 31 mars 2026 et 30 avril 2026, ainsi que les mises à jour de ces rapports.

Les rapports pour les exercices financiers ultérieurs seront mis à disposition trois mois avant la fin de l'exercice concerné. Sur la base des évaluations prudentielles, des priorités et des évolutions réglementaires, la CSSF a introduit plusieurs modifications par rapport aux rapports applicables pour l'exercice clos au 31 décembre 2025.

Pour le SAQ, les principales mises à jour concernent l'évaluation, les dépenses/revenus et la détermination de la valeur liquidative. Dans la section consacrée à l'évaluation, de nouvelles questions portent sur les conditions de marché difficiles, la couverture de nouveaux compartiments ou stratégies, la validation indépendante des modèles d'évaluation et les contrôles de backtesting basés sur les risques. Certaines questions spécifiques aux actifs ont été supprimées et la formulation a été clarifiée, notamment en ce qui concerne les conflits d'intérêts et les évaluations obsolètes. Certaines questions sont désormais limitées aux OPC ouverts. Dans la section consacrée à la VNI, la sous-section relative aux outils de gestion de la liquidité (LMT) a été alignée sur la directive (UE) 2024/927 (directive révisée sur les gestionnaires de fonds d'investissement alternatifs/OPCVM), applicable à partir du 16 avril 2026. Dans la section consacrée aux dépenses, des précisions supplémentaires ont été ajoutées concernant l'évaluation formalisée des coûts/frais, y compris les exigences en matière de discussion de la direction, et une nouvelle question fait référence aux lignes directrices de l'AEMF sur les commissions de performance (ESMA34-39-992).

Pour le SR, plusieurs procédures ont été supprimées (conformité des investissements, contrôles d'évaluation pour certains fonds monétaires, procédures relatives à la politique en matière d'outils de gestion de la liquidité, opérations de financement sur titres), et certaines ont été rationalisées ou basées sur les risques. Une nouvelle procédure a été ajoutée afin de vérifier l'évaluation formalisée des coûts et sa discussion au niveau de la direction. Des ajustements ont également été apportés dans la section relative à l'organisation en ce qui concerne les politiques de gestion des risques pour certains SIF.

On 10 February 2026, the Commission de Surveillance du Secteur Financier (CSSF) published “Guidance for interpretation and resolution of CSSF error messages related to the submission of the DORA register (Version 1.0)” which explains the main error and warning messages that may be raised during the upload and validation of the DORA Register of Information (RoI) submitted via eDesk.

The guidance recalls that, under Article 28(3) of Regulation (EU) 2022/2554 (DORA) and Circular CSSF 25/882, in-scope financial entities must maintain and update a RoI covering all contractual arrangements for ICT services provided by ICT third-party service providers and submit it annually to the CSSF at individual or consolidated level, as relevant. For the 2026 submission, the ESA validation checks (last updated April 2025) are unchanged but will be applied to more data fields to improve data quality.

The document explains: (i) the types of messages (errors leading to rejection vs warnings not blocking submission but expected to be corrected where possible), (ii) the concept of dimensions under the ESA reporting framework and how a message can relate to a dimension rather than the displayed field, (iii) the CSSF feedback file downloadable in eDesk (Excel format) and how messages may be grouped in the portal, and (iv) how to locate issues using table, row and column references.

It provides structured descriptions and resolution steps for frequent upload-stage messages (e.g., ZIP format, naming convention, size limit, folder structure, reference date, LEI availability) and content-validation messages raised during analysis (including filing indicators, missing tables/headers, duplicate keys, invalid values/enumerations, date/number formats, foreign key mismatches, and parameters configuration issues). The CSSF indicates the guidance is not exhaustive, should be read with the CSSF submission guide (23 April 2025), and will be updated over time. Contact points are provided for technical (edesk@cssf.lu) and content/validation (ICTRiskSupervision@cssf.lu), queries, with an eDesk tracing code required when relevant.

Version française

Le 10 février 2026, la Commission de Surveillance du Secteur Financier (CSSF) a publié un « Guide d'interprétation et de résolution des messages d'erreur CSSF liés à la soumission du registre DORA (Version 1.0) » qui explique les principaux messages d'erreur et d'avertissement pouvant apparaître lors du téléchargement et de la validation du registre d'informations DORA (RoI) soumis via eDesk.

Les lignes directrices rappellent que, conformément à l'article 28, paragraphe 3, du règlement (UE) 2022/2554 (DORA) et à la circulaire CSSF 25/882, les entités financières concernées doivent tenir à jour et mettre à jour un RoI couvrant tous les accords contractuels relatifs aux services TIC fournis par des prestataires de services TIC tiers et le soumettre chaque année à la CSSF au niveau individuel ou consolidé, selon le cas. Pour la soumission de 2026, les contrôles de validation de l'AES (dernière mise à jour en avril 2025) restent inchangés, mais seront appliqués à davantage de champs de données afin d'améliorer la qualité des données.

Le document explique : (i) les types de messages (erreurs entraînant un rejet vs avertissements ne bloquant pas la soumission mais devant être corrigés dans la mesure du possible), (ii) le concept de dimensions dans le cadre de reporting de l'ESA et la manière dont un message peut se rapporter à une dimension plutôt qu'au champ affiché, (iii) le fichier de commentaires de la CSSF téléchargeable dans eDesk (format Excel) et la manière dont les messages peuvent être regroupés dans le portail, et (iv) comment localiser les problèmes à l'aide des références de tableau, de ligne et de colonne.

Il fournit des descriptions structurées et des étapes de résolution pour les messages fréquents au stade du téléchargement (par exemple, format ZIP, convention de dénomination, limite de taille, structure des dossiers, date de référence, disponibilité du LEI) et les messages de validation du contenu générés pendant l'analyse (y compris les indicateurs de dépôt, les tableaux/en-têtes manquants, les clés en double, les valeurs/énumérations non valides, les formats de date/nombre, les incompatibilités de clés étrangères et les problèmes de configuration des paramètres). La CSSF précise que ces recommandations ne sont pas exhaustives, qu'elles doivent être lues conjointement avec le guide de soumission de la CSSF (23 avril 2025) et qu'elles seront mises à jour au fil du temps. Des points de contact sont fournis pour les questions techniques (edesk@cssf.lu) et les questions relatives au contenu/à la validation (ICTRiskSupervision@cssf.lu), un code de suivi eDesk étant requis le cas échéant.

MALAYSIA

REPORTING

BNM publishes Policy Document on Operational Risk Reporting

On 6 February 2026, the BNM published Policy Document on Operational Risk Reporting.

This Policy Document establishes mandatory requirements for all Reporting Entities (REs) to submit operational risk information through the ORR system. The document aims to promote structured and standardised reporting of Loss Event Data (LED), Key Risk Indicators (KRIs) and Scenario Analysis (SA) across financial institutions, ensuring consistency, accuracy and completeness of operational risk information.

The policy applies broadly to licensed banks, investment banks, Islamic banks, insurers, takaful operators, payment instrument issuers, merchant acquirers, payment system operators, and prescribed DFIs. It is issued pursuant to the FSA, IFSA, and DFIA, and supersedes the previous ORR policy issued on 10 April 2025.

REs must classify all operational risk events as Actual, Potential, or Near Miss, report reference dates (occurrence, detection, confirmation, P&L/provision capture), and submit all financial impacts in Ringgit Malaysia. Reporting obligations cover domestic and overseas operations. Key deadlines include:

High reputational impact events: T+1 working day
Losses ? RM1 million: T+2 working days
Cyber incidents/events: T+14 calendar days
Payment-related fraud: 15th of following month
Shariah non-compliance events: T+1 working day (detection/confirmation) and rectification within 30 days
KRIs: 15th of month/quarter/period depending on frequency.

The document contains extensive taxonomies for business lines, event types, causal categories, KRIs, and modus operandi, and outlines granular data fields required for each reportable event. It also mandates strong internal governance, including role definitions (GCRO/CRO, RE Admin, Submission Officer) and expectations for data consolidation, validation, and timely submission.

NETHERLANDS

ALTERNATIVE PRODUCTS

AFM publishes news on AIFMD II : New European rules for originating loans by fund managers

On 4 February 2026, the AFM published a news item outlining the upcoming application of new European requirements under the revised Alternative Investment Fund Managers Directive (AIFMD II) affecting managers of investment funds that originate loans. The changes will apply from 16 April 2026, the deadline for Member States to transpose the Directive into national law.

The revised Directive (Directive (EU) 2024/927), which entered into force on 15 April 2024, amends both the AIFMD framework and the UCITS Directive and introduces a range of changes across the asset management sector. According to the AFM, these amendments have implications for liquidity management, reporting obligations, outsourcing arrangements, governance, and risk management. The Dutch AIFMD II Implementation Act is currently before the House of Representatives.

This publication focuses specifically on the new regime for funds that originate loans. Managers of such funds will be subject to additional and more detailed requirements relating to the structure of the fund (including whether it is open-ended or closed-ended), the characteristics and conditions of the loans granted, and the establishment of robust credit risk management and monitoring policies. These requirements directly affect how loan-originating activities may be conducted within fund structures.

The AFM highlights that compliance with the new rules may require changes to fund documentation, internal governance arrangements, investment policies, and operational processes. In addition, where loan origination involves offering credit to consumers, such as consumer or mortgage credit, an additional licence may be required under applicable national law.

Given the scope and potential impact of the new obligations, the AFM encourages fund managers to assess in a timely manner whether their funds fall within the scope of the loan origination regime and to identify the measures necessary to ensure compliance by 16 April 2026.

ANTI-MONEY LAUNDERING / COMBATING TERRORISM FINANCING / COMBATTING PROLIFERATION FINANCING (AML/CFT/CPF)

AFM publishes news on AMLA consultation on subordinate regulations and data request

On 24 February 2026, the AFM published news on AMLA's three consultations on Regulatory Technical Standards (RTS) under the new European AML/CFT framework and initiated a test data request in preparation for its future supervisory role.

The consultations concern draft RTS on: (i) Customer Due Diligence (CDD); (ii) the arm’s length principle, incidental transactions and related transactions; and (iii) administrative enforcement measures. These draft RTS form part of AMLA’s subordinate legislation under the EU AML/CFT package and aim to further specify future obligations applicable to in-scope financial institutions. The consultations provide institutions with visibility on upcoming technical requirements and an opportunity to submit feedback before finalisation.

In parallel, AMLA is developing a methodology to determine institutions’ risk scores, which will form part of the future European supervisory system. In early February, a number of randomly selected financial institutions received an email from the Dutch Authority for the Financial Markets (AFM), acting on behalf of AMLA, inviting participation in a test data request and requesting feedback on the format. In March, selected institutions are expected to receive further information regarding the mandatory test request (AMLA data request). The timing of the final formal data request from AMLA in 2027 has not yet been confirmed.

Financial institutions will be required to comply with the European AML/CFT package by 10 July 2027. The AFM has indicated that it is receiving questions from the sector in response to the test request and encourages continued engagement to support a careful and effective implementation of the EU AML/CFT package.

AFM publishes news on sending test request from European anti-money laundering authority for data request risk model

On 10 February 2026, the AFM published “AFM sends test request from European anti-money laundering authority for data request risk model”, announcing that selected financial institutions have received an email from the AFM on behalf of the European Anti-Money Laundering Authority (AMLA) concerning a test data request and request for feedback on its format.

According to the publication, AMLA is developing a methodology to determine institutions’ risk scores for the purpose of assessing money laundering and terrorist financing risks of financial undertakings. As part of this development process, AMLA has randomly selected a number of financial institutions to participate in a test phase. Participation in the test request is described as mandatory.

The selected institutions will receive more detailed information in March 2026 regarding the mandatory test request. Prior to issuing the final test request, AMLA seeks feedback specifically on the format of the data request. Institutions have the option to submit feedback directly to AMLA via the link provided in the email communication. The AFM emphasises that such feedback is considered important to improve the format where necessary.

The AFM also acknowledges that this data request is being conducted concurrently with the AFM’s Market Monitor for Advisers and Mediators (MMAB) and that certain data points requested may overlap. The publication requests understanding from affected institutions in light of this overlap.

The announcement does not describe the final scope of the data to be submitted under the definitive test request but confirms that the current phase concerns format testing and feedback ahead of the formal data collection exercise.

CYBERSECURITY

Overheid publishes Regulation of the Minister of Economic Affairs of 8 February 2026 amending the Cybersecurity Act Implementation Regulation

On 17 February 2026, the Overheid published a Ministerial Regulation amending the Cybersecurity Act Implementation Regulation (Government Gazette 2026, 6765), implementing Commission Implementing Regulation (EU) 2024/482 establishing the European Common Criteria-based Cybersecurity Certification Scheme (EUCC).

The Regulation introduces national implementing provisions required to operationalise the EUCC under Regulation (EU) 2019/881 (Cybersecurity Act) in the Netherlands. It defines key EUCC terms (including EUCC certificate, certification authority (CA), ITSEF, AVA_VAN level and technical domain) and designates applicable obligations under both the Cybersecurity Act and Implementing Regulation (EU) 2024/482 for enforcement purposes.

The Regulation establishes the national authorisation procedure for certification authorities (CAs) and Information Technology Security Evaluation Facilities (ITSEFs) wishing to operate under the EUCC at assurance level “high”. CAs are prohibited from issuing EUCC certificates at assurance level “high” without prior authorisation. Applications must be submitted electronically to the Minister and include evidence of compliance with accreditation, independence, competence and technical requirements set out in the EUCC and Implementing Regulation (EU) 2024/3143.

The Regulation also sets out notification obligations: authorised CAs and ITSEFs must provide specified accreditation and authorisation information to the Minister for onward notification through the European NANDO system.

The State Inspectorate for Digital Infrastructure (RDI), acting as the National Cybersecurity Certification Authority (NCCA), is responsible for supervision, approval of high-assurance certifications and ongoing monitoring of certificate holders.

The Regulation enters into force on the day following its publication in the Government Gazette. It applies to certification bodies established in the Netherlands and ITSEFs established within the EU.

DIGITAL OPERATIONAL RESILIENCE

DNB publishes news on reporting DORA registers of information in March 2026

On 3 February 2026, the DNB published “DORA: Reporting DORA registers of information in March 2026”, which sets out the reporting requirements for financial institutions under Article 28(3) of the Digital Operational Resilience Act (DORA) regarding registers of contractual arrangements for ICT services provided by third-party providers.

Since DORA entered into force, financial institutions must maintain a register of information covering all contractual agreements for ICT services provided by third parties. To initiate the annual European process for designating critical third-party ICT service providers, institutions are required to report their information registers to DNB in March 2026.

The reporting request will be available from 2 March 2026 via MyDNB (Reporting Service). The reporting deadline is 20 March 2026, and the reference date is 31 December 2025. Institutions must submit the register in xBRL-CSV format with a table-oriented layout. The European Supervisory Authorities (ESAs) have provided resources, including validation rules and a visual data model, integrated into the EBA reporting framework.

As an alternative delivery method, DNB permits submission via a standardised Excel template, which DNB will convert into the xBRL-CSV format. However, institutions remain fully responsible for the accuracy and completeness of the reported data. No changes have been made to the taxonomy or Excel template compared to 2025.

After submission, DNB will perform technical and validation checks. Where errors are identified, institutions must rectify and resubmit the report.

The required level of consolidation depends on prudential consolidation, DNB’s supervisory mandate and relevant ESA decisions. Institutions supervised individually by DNB must report at individual level unless DNB supervises them at consolidated EU level. Institutions directly supervised by the ECB must report at consolidated level to the ECB.

SPAIN

DIGITAL OPERATIONAL RESILIENCE

CNMV publishes an extensive set of 74 FAQ on DORA

On 12 February 2026, the CNMV published an extensive set of 74 Frequently Asked Questions on the EU Digital Operational Resilience Act (DORA, Regulation 2022/2554), offering detailed guidance to financial entities on how to interpret and apply the regulatory framework.

Although the CNMV explicitly notes that the FAQ document is not normative, its purpose is to provide practical explanations and supervisory expectations for entities subject to DORA, which has applied across the EU since January 2025. The publication groups its clarifications around the main pillars of the Regulation, including ICT risk management, incident classification and reporting, digital operational resilience testing, and third party ICT risk oversight.

A key part of the FAQ explains which CNMV supervised institutions fall within the scope of DORA. These include investment firms, crypto asset service providers authorised under MiCA, market infrastructures such as CSDs, CCPs and trading venues, UCITS management companies, AIFMs, data reporting service providers and crowdfunding platforms. The CNMV clarifies that each entity must proactively determine its own applicability, as there is no national register listing which firms fall under DORA. The document also provides important explanations on proportionality, emphasising that while DORA allows adjustments based on size, risk profile and complexity, entities cannot rely on proportionality to exempt themselves from core obligations. Micro enterprises benefit from simplified frameworks but must still implement proportionate ICT risk management and resilience measures.

The FAQ dedicates significant attention to governance standards, stressing that the Board of Directors holds ultimate responsibility for ICT risk oversight. It must maintain updated knowledge of technology risks, set the risk appetite, approve ICT outsourcing strategies, and ensure proper oversight of essential functions. The CNMV further clarifies that ISO 27001 certifications do not constitute compliance with DORA, and entities must still perform a full regulatory gap analysis to identify shortcomings.

Incident management requirements are covered in detail. The CNMV explains what qualifies as an ICT incident and what constitutes a grave incident, using thresholds defined in EU Delegated Regulations. It also clarifies the treatment of recurrent incidents, cross border incidents and specific cases such as phishing or DDoS attacks. The FAQ reiterates mandatory reporting timelines: firms must submit the initial notification within four hours of classifying an incident as grave and no later than twenty four hours after becoming aware of it, followed by an intermediate report within seventy two hours and a final report within one month. Special rules apply when deadlines fall on weekends or holidays, and the CNMV explains how branches, group entities and outsourced notification arrangements must be handled.

The document also provides extensive detail on digital operational resilience testing. It explains how entities should design risk based testing programmes, the distinction between basic tests and advanced threat led penetration testing (TLPT), and the supervisory criteria for determining when an entity must undergo TLPT. The FAQs emphasise the relationship between DORA’s TLPT requirements and the TIBER ES framework operated jointly by the Bank of Spain, the CNMV and the insurance supervisor.

A final substantial portion of the FAQ focuses on third party ICT risk management. The CNMV clarifies how firms should distinguish ICT services from financial services, how to identify essential or important functions, and how to manage contract clauses, subcontracting chains and concentration risk assessments. It also addresses expectations for intra group ICT service arrangements, explains when software acquisitions qualify as ICT services under DORA, and outlines when and how contracts must be terminated if providers fail to meet resilience standards.

To assist firms further, the CNMV provides a dedicated contact channel for DORA queries at ciberseguridad@cnmv.es and directs entities to its cybersecurity section for updated procedures and regulatory references.

SWITZERLAND

ANTI-MONEY LAUNDERING / COMBATING TERRORISM FINANCING / COMBATTING PROLIFERATION FINANCING (AML/CFT/CPF)

FINMA publishes a press release on the FATF updated statements

On 13 February 2026, FINMA published a press release which informs financial intermediaries of the updates made by the Financial Action Task Force (FATF) to its public statements on high-risk and other monitored jurisdictions following its February 2026 plenary meeting.

The publication refers to two FATF documents dated 13 February 2026: “High-Risk Jurisdictions subject to a Call for Action” and “Jurisdictions under Increased Monitoring”. FATF, an international body tasked with developing and promoting measures to combat money laundering, terrorist financing and proliferation financing, publicly identifies jurisdictions with strategic deficiencies in their AML/CFT/CPF regimes based on assessments conducted by its International Co-operation Review Group.

The “High-Risk Jurisdictions subject to a Call for Action” (commonly referred to as the “black list”) includes the Democratic People’s Republic of Korea, Iran and Myanmar. These jurisdictions are identified as having significant strategic deficiencies. FATF calls on its members and urges all jurisdictions to apply enhanced due diligence to high-risk countries and, in the most serious cases, to apply counter-measures. As of this update, the Democratic People’s Republic of Korea and Iran remain subject to countermeasures, while Myanmar remains subject to enhanced due diligence but not countermeasures.

The “Jurisdictions under Increased Monitoring” (commonly referred to as the “grey list”) includes jurisdictions that have committed to address identified strategic deficiencies within agreed timeframes and are subject to increased monitoring. FATF does not call for enhanced due diligence for these jurisdictions but encourages members to consider FATF information in their risk analysis.

FINMA calls on all financial intermediaries to take the FATF information into account in their risk management strategies and requests recognised self-regulatory organisations to inform their members.

UNITED KINGDOM

ANTI-MONEY LAUNDERING / COMBATING TERRORISM FINANCING / COMBATTING PROLIFERATION FINANCING (AML/CFT/CPF)

JMLSG publishes updated guidance on subject access requests and MLRO responsibilities

On 4 February 2026, JMLSG published updated guidance covering how firms must handle subject access requests (SARs) that include, or potentially include, money laundering or terrorist financing suspicion reports submitted in relation to a customer.

The guidance clarifies that while firms may instinctively assume such information must never be disclosed due to tipping off concerns, they must not adopt an automatic blanket refusal. Instead, each request must be assessed individually, taking into account the risk that disclosure could prejudice crime detection, ongoing investigations, or law enforcement activity.

The document reiterates firms’ obligations under the UK GDPR and the Data Protection Act 2018 (as amended by the Data (Use and Access) Act 2025). Customers are generally entitled to confirmation that their data is being processed, the purposes of processing, categories of recipients, and copies of their personal data. However, an exemption applies where disclosure would likely prejudice the prevention or detection of crime or the apprehension or prosecution of offenders, including where suspicion reports form part of an evidential “jigsaw.” When relying on this exemption, firms may omit the information without informing the customer that anything has been withheld, to avoid creating a tipping off offence. Decisions must be fully documented and authorised by the nominated officer (MLRO).

The guidance also underscores that firms must meet statutory timeframes for responding to SARs (normally one month), meaning any consultation with the NCA or other authorities must be handled promptly.

In parallel, JMLSG’s updated material reiterates the role, accountability and independence of the Money Laundering Reporting Officer (MLRO). The MLRO is designated by the FCA as a Senior Management Function (SMF) under FSMA s.59 and must be individually approved by the FCA before performing that role. The MLRO must have sufficient seniority, independence, authority, and full access to all relevant information, including AML/CTF activities carried out across group entities, so they can oversee AML systems and controls effectively. Failure to meet these duties can amount to a breach of the FCA’s Statement of Principle 7 for Approved Persons.

The MLRO is responsible for overseeing the firm’s risk based AML/CTF framework, supporting senior management focus on money laundering risk, and ensuring coordination across all relevant business units. The guidance stresses the need for clear documentation of responsibilities between the MLRO, senior managers, and any board level AML officer. MLROs must be able to report suspicious activity to the NCA independently and liaise with the FCA without obstruction. Firms must also provide appropriate resources, staffing, technology, and continuity arrangements, including temporary cover where necessary. Delegation of AML tasks is permitted, but ultimate responsibility remains with the MLRO.

The updated guidance further explains that firms must undertake ongoing monitoring and assessment of the adequacy of their AML controls, and in line with regulatory expectations may be required to maintain an independent internal audit function to test AML policies, controls and procedures. Effective systems must also extend to group entities outside the UK where they undertake AML relevant activities under UK regulation.

This JMLSG guidance is currently pending formal approval by HM Treasury.

UK Government publishes new guidance on digital identity verification for MLR compliance

On 26 February 2026, UK Government published guidance explaining how organisations regulated under the Money Laundering Regulations (MLRs) can use digital identities and digital verification services (DVS) to meet identity verification requirements.

The guidance clarifies the relationship between the MLRs and the UK Digital Identity and Attributes Trust Framework, which sets out the rules, principles and technical standards governing the use of digital identities, including certification requirements for providers. Only DVS that are certified against this trust framework and listed on the DVS Register may be used by regulated entities as a reliable, independent source of identity verification for customer due diligence (CDD) checks. The guidance supplements, but does not supersede, existing obligations under the MLRs.

The document explains what constitutes a digital identity - a digital representation of an individual or organisational representative whose verified attributes, such as name, address, or biometrics, can be shared with consent. It outlines how certified DVS undergo independent assessment overseen by UKAS and are subject to continued oversight by the Office for Digital Identities and Attributes, with removal from the DVS Register possible in case of non compliance. Certification provides assurance that the identity information supplied is accurate, secure, and independent of the individual being verified.

In its regulatory interpretation section, the guidance emphasises that banks and other regulated firms may use certified DVS to fulfil identification and verification requirements under Regulation 28 of the MLRs, including verification of individual customers and company directors. However, digital identity tools do not replace broader CDD obligations, such as assessing the purpose and nature of customer relationships or applying enhanced due diligence where required. Regulated entities remain fully responsible for ensuring compliance, risk assessment, and required record keeping under Regulation 40.

DIGITAL ASSETS

FCA publishes direction setting application period for UK cryptoasset permissions

On 27 February 2026, the FCA published a formal direction under Regulation 52 of the Financial Services and Markets Act 2000 (Cryptoassets) Regulations 2026, establishing the mandatory application window for firms seeking authorisation to perform newly regulated cryptoasset activities. The direction confirms that the relevant application period for obtaining a relevant cryptoasset permission under FSMA section 55U will open at 9:00am on 30 September 2026 and close at 11:59pm on 28 February 2027. This window is required to be set at least one year before the regime’s full commencement date of 25 October 2027, when the new cryptoasset regulatory framework becomes fully operational.

The notice also reiterates that the FCA retains the power to amend or extend the application period if necessary, ensuring flexibility in managing the transition into the new regime. Firms intending to undertake any regulated cryptoasset activities such as custody, trading, dealing, arranging, staking, or qualifying stablecoin issuance, must submit their applications within this defined timeframe to benefit from transitional arrangements. The FCA directs firms to its dedicated webpage for further information on how the gateway process will operate under the new regulatory structure.

FINTECH / REGTECH / BIGTECH / SUPTECH

FCA publishes detailed Q&A on the UK’s upcoming cryptoasset regulatory regime

On 27 February 2026, the FCA published detailed Q&A from the January 2026 introductory webinar on the UK’s upcoming cryptoasset regulatory regime, outlining how the future FSMA based framework will operate and what firms should expect as the UK moves toward full authorisation requirements for cryptoasset activities.

The document explains the FCA’s intention to balance innovation with consumer protection and market integrity, noting that the UK regime is being developed in close alignment with international standards such as MiCA, IOSCO recommendations and the FSB’s global framework. It provides clarity on how firms will be able to access regulatory updates, consultations and guidance as the regime evolves, with the FCA emphasising that its dedicated cryptoasset regulation webpage will remain the primary source of information.

The Q&A sets out the activities that will fall within the new regulatory perimeter starting 25 October 2027, including issuing qualifying stablecoins, safeguarding cryptoassets, operating trading platforms, dealing as agent or principal, arranging transactions, and providing staking services. Firms performing any of these activities will require FSMA authorisation, and existing firms registered under the Money Laundering Regulations or authorised under payment or electronic money frameworks will not receive automatic conversion and must apply during the formal application period between 30 September 2026 and 28 February 2027. The FCA stresses that applicants must demonstrate readiness for the full regulatory obligations, including operational resilience, governance, prudential standards and consumer duty expectations, and that poor quality submissions will be rejected without assessment.

The document further explains how the regime will apply to overseas firms, group structures and cross border business models, noting that the FCA generally expects regulated cryptoasset activities to be conducted from a UK entity, though specific branch structures may be permitted in defined circumstances. It describes the transition arrangements for existing firms, including saving and transitional provisions for those that apply on time, while firms choosing not to enter the regime will be required to wind down UK cryptoasset activities before the go live date to avoid operating unlawfully. The Q&A also highlights the FCA’s support mechanisms such as pre application meetings, PASS guidance, and innovation services, aimed at helping firms understand expectations as they prepare applications.

Q&A outlines the prudential, safeguarding and reporting expectations that the FCA plans to apply to cryptoasset firms, including requirements for firms offering custody services, stablecoin issuance, and other regulated cryptoasset activities. It emphasises that firms will need appropriate capital, liquidity systems, risk management, and oversight arrangements, and that custodians will generally be required to follow new safeguarding rules under CASS 17. The FCA also explains how Consumer Duty and vulnerable customer requirements will apply in the crypto context and confirms that outsourcing rules under SYSC 8 will extend to cryptoasset entities. The regulator encourages firms to continue engaging in ongoing consultations, particularly CP26/4, before rules are finalised and published in summer 2026.

OTHER - PRUDENTIAL REQUIREMENTS

UK publishes regulations initiating further FSMA 2023 revocations

On 26 February 2026, the UK published the Financial Services and Markets Act 2023 (Commencement No. 13) Regulations 2026, marking another step in the phased transition away from assimilated EU financial services legislation.

The statutory instrument brings into effect further provisions of FSMA 2023, specifically revoking Articles 4, 4A, 4B and 5 of the Capital Requirements Regulation (EU No 575/2013). These articles contain core prudential definitions used throughout the CRR, including general definitions, regulator related definitions and the concept of the consolidating supervisor. Their revocation continues the UK’s process of replacing retained EU prudential rules with a fully domestic regulatory framework.

The explanatory note clarifies that this change aligns with FSMA 2023’s schedule for removing EU derived legislation and transferring rule making responsibilities to UK regulators. It also notes that the commencement is not expected to impose significant direct costs on the private or public sectors, as it forms part of reforms already assessed through the FSMA legislative process. The regulation additionally lists previous commencement orders issued since 2023, reflecting the structured rollout of the UK’s post EU financial regulatory architecture.

It enters into force on 1 January 2027.

PAYMENTS

FCA publishes policy statement PS26/1, setting out the final regulatory framework for Deferred Payment Credit (DPC)

On 11 February 2026, the FCA published policy statement PS26/1, setting out the final regulatory framework for Deferred Payment Credit (DPC), the interest free credit product more widely known as unregulated Buy Now Pay Later.

The FCA outlines the growth of DPC, from £0.06bn in 2017 to over £13bn in 2024, and highlights concerns about inadequate consumer information, affordability risks, and higher incidences of financial difficulty among DPC borrowers. The policy statement summarises feedback from 45 respondents to consultation paper CP25/23 and confirms the FCA’s final rules, which focus on proportionate regulation aligned with existing consumer credit standards and the Consumer Duty.

The FCA explains that most existing conduct rules in the Consumer Credit sourcebook (CONC) will apply to DPC, and that lenders will be required to provide key product information before an agreement is made. After reviewing feedback, the FCA refined this requirement so that pre contract information focuses on the elements most important for a consumer’s decision making, while other information such as rights to withdraw, cancellation rights, and access to the Financial Ombudsman Service will be included in the additional product information that must still be given or made available. The FCA emphasises that firms must communicate clearly and support consumer understanding in accordance with Consumer Duty.

The FCA also sets rules requiring lenders to contact customers as soon as possible after a missed payment, provide essential information on consequences, and give reasonable notice before taking enforcement action. Following stakeholder feedback, the FCA clarified that firms need not list every possible future consequence but must include those that arise from the specific missed payment and those they consider likely. Importantly, when a firm intends to enforce or terminate an agreement and the customer is in arrears, firms must signpost free and impartial debt advice. The existing creditworthiness rules in CONC 5.2A will apply in full to DPC, including to agreements below £50. Stakeholders broadly supported this, recognising that the rules allow proportionate assessments while ensuring sustainable lending. The FCA declined to add prescriptive new guidance, instead pointing to existing flexibility in the rules and reminding firms that they may rely on internal data or obvious absence of material affordability risk where appropriate.
Beyond conduct standards, the FCA confirms that wider Handbook requirements including Principles for Businesses, Threshold Conditions, SYSC, and reporting rules will apply to DPC lenders. DPC firms will also fall within the Compulsory Jurisdiction of the Financial Ombudsman Service. However, the Voluntary Jurisdiction will not be extended to DPC, and DPC will remain outside the Financial Services Compensation Scheme, consistent with other consumer credit activities. Complaints reporting will not apply to firms operating under temporary permission, though they must report complaints received during that period once fully authorised.

The Policy Statement also outlines authorisation arrangements. Firms offering DPC on 15 July 2025 may enter the Temporary Permissions Regime if they notify the FCA between 15 May and 1 July 2026, allowing them to continue DPC lending while pursuing full authorisation within six months of Regulation Day. Those that fail to register or secure permission will be unable to enter new DPC agreements after 15 July 2026, and doing so would be a criminal offence. Agreements entered into before Regulation Day will remain unregulated, though firms may continue to service them.

The FCA concludes by emphasising that the new regime aims to reduce harm, improve consumer understanding, support sustainable borrowing, and maintain broad access to DPC. It expects benefits such as fewer missed payments, reduced late fees, improved financial wellbeing, and greater trust in the market. Although firms will incur material compliance and reporting costs, the FCA considers the overall approach proportionate and conducive to long term competitiveness and market confidence. It will monitor implementation closely using supervisory work, regulatory data, the Financial Lives Survey, and complaints information to assess outcomes and ensure the rules operate as intended.

DPC will be brought into regulation on 15 July 2026, following legislation made by the Government in July 2025.

RECOVERY & RESOLUTION

BoE publishes a policy statement confirming final changes to the UK’s COREP13 resolution reporting framework

On 12 February 2026, the BoE published a policy statement confirming final changes to the UK’s COREP13 resolution reporting framework.

The consultation concerned the partial revocation of the UK Technical Standards 2018/1624 on resolution reporting, which set out templates and procedures for gathering information needed for resolution planning under the UK’s post Brexit regime. All respondents supported the proposals, and the Bank has therefore decided to implement them without modification.

The Bank explains that the UK retained the former EU resolution reporting framework after withdrawal from the EU, but recognises that some elements now impose unnecessary reporting burden on firms without adding significant supervisory value. COREP13 requirements exist alongside PRA reporting rules and the Bank’s own Resolvability Assessment Framework (RAF), so the Bank has reviewed where duplication can be removed. The changes affect only those UK institutions and UK parent undertakings that are required to submit annual COREP13 data to the Bank as the UK’s resolution authority.

Following consultation feedback, the Bank is deleting six COREP13 templates: Z 02.00, Z 03.00, Z 04.00, Z 05.01, Z 05.02 and Z 06.00, effective 1 April 2026. These templates collected information on: the liability structure of firms (Z 02.00); own funds requirements (Z 03.00); intragroup financial connections (Z 04.00); major liability counterparties (Z 05.01); off balance sheet major counterparties (Z 05.02); and deposit insurance items (Z 06.00). The Bank has concluded that this information is either available through other means or can be obtained when needed through existing supervisory tools. HM Treasury has formally approved the revocation under section 138R of FSMA 2000.

Although the templates are formally revoked from April 2026, they may remain temporarily visible in the RegData reporting system due to systems constraints. Firms must therefore continue to file negative indicators for these templates until the Bank removes them entirely. The Bank emphasises that this is a transitional technical matter only.

The Bank notes that the decision takes account of ongoing development of other resolution information channels, including the PRA’s revised MREL reporting templates, consulted on in CP15/25 and expected to take effect on 1 January 2027, as well as information available through the RAF. It also acknowledges that some respondents used the consultation to provide views on other COREP13 templates beyond the six being deleted, particularly those relating to organisational structure, critical functions, and core business lines. The Bank states it will consider this feedback as part of broader ongoing work on resolution information requirements, referencing PRA Supervisory Statement SS19/13.

The policy statement concludes that the changes reduce reporting burden while ensuring the Bank still receives the data it needs to fulfil its statutory responsibilities as the UK’s resolution authority.

The changes enter into force on 1 April 2026.

SUSTAINABLE FINANCE / GREEN FINANCE

FCA publishes practice guidance for Sustainability Disclosure Requirements (SDR) labels

On 27 February 2026, the FCA published an extensive set of examples illustrating good and poor practice in the use of sustainability labels under the UK’s Sustainability Disclosure Requirements (SDR).

The document is aimed at firms that wish to apply SDR labels to authorised and unauthorised funds and focuses on improving the quality, clarity and credibility of pre contractual disclosures. According to the FCA, the introduction of labels in July 2024 has expanded the range of labelled products, prompting the need for clearer guidance on how firms should meet the technical requirements contained in the ESG Sourcebook, especially ESG 4.2 (criteria for labels), ESG 5.3 (pre contractual disclosures) and the anti greenwashing rule. The FCA notes that while the quality of disclosures has improved as firms become more familiar with the regime, there remain widespread shortcomings. In many cases, it is unclear whether the fund’s sustainability objective is sufficiently specific, measurable and consistent with the label being used, or whether disclosures accurately reflect the holdings shown in model portfolios. The FCA emphasises that disclosures must be concise, logically structured, free from jargon, and tailored to the actual product rather than copied from templates or peers. It stresses that firms must clearly explain their sustainability objectives, identify material negative outcomes, apply a robust evidence based standard of sustainability, and ensure that key performance indicators genuinely measure progress toward the stated goals.

The guidance provides detailed observations for each SDR label. For the Sustainability Focus label, the FCA explains that firms must set out explicit environmental or social objectives supported by a clearly defined, absolute sustainability standard. Disclosures that rely on vague claims such as aiming to “make a positive contribution to planet and people” are insufficient, as are references to SDGs without measurable outcomes. The FCA also highlights the importance of acknowledging negative impacts, warning against presenting only selective sustainability attributes when the wider business activities may conflict with the fund’s objective. For the Sustainability Improvers label, the FCA expects firms to show credible evidence that the assets can improve sustainability performance over time. This includes having transition pathways, validated targets or documented strategies. Poor practice includes assuming assets will improve without evidence or presenting objectives in a way that overstates what the fund can achieve.

For the Sustainability Impact label, the FCA requires disclosures to articulate a specific and measurable positive impact, supported by a robust “theory of change”. Firms must demonstrate how their investment activities, such as stewardship or capital allocation, contribute to real world environmental or social outcomes, and the FCA provides examples of both effective and inadequate approaches. The FCA notes that overly broad statements like “building an inclusive economy” fail to demonstrate how impact will be achieved. Finally, for the Sustainability Mixed Goals label, the FCA stresses that firms combining multiple label types must clearly distinguish which assets satisfy which criteria and avoid misclassifying or double counting assets toward the required threshold. Across all labels, the FCA reiterates that KPIs must align with the sustainability objective and measure progress meaningfully, and that all claims must comply with the anti greenwashing rule.

INTERNATIONAL

ANTI-MONEY LAUNDERING / COMBATING TERRORISM FINANCING / COMBATTING PROLIFERATION FINANCING (AML/CFT/CPF)

FATF publishes its annual report 2024-2025

On 23 February 2026, the FATF published its annual report 2024-2025.

The publication reports on progress during the first year of the Mexican Presidency (July 2024–June 2025) and highlights how the Global Network of over 200 jurisdictions advanced risk based, effectiveness focused implementation of FATF Standards. Key priorities included closing gaps in counter terrorist financing, proliferation financing, fraud, virtual asset misuse, and financial inclusion.

The FATF completed the latest round of country assessments, covering nearly 200 jurisdictions, and introduced a new evaluation cycle emphasising real world impact, more frequent reviews (every six years), and improved assessor training. Several countries—Croatia, Mali, Tanzania, the Philippines, and Senegal—were removed from the grey list after addressing strategic deficiencies. Reforms to the grey listing process aim to reduce the burden on low capacity countries.

The year also saw significant standard setting activity, including major revisions to Recommendation 16 (Payment Transparency) to enhance traceability and reduce fraud; strengthened Recommendation 1 (risk based approach); and updated guidance on financial inclusion. Work on virtual assets highlighted low global compliance with Recommendation 15, but stronger progress among materially important VA jurisdictions.

The FATF published eight major risk reports, including a comprehensive update on terrorist financing risks and a joint FATF Egmont INTERPOL toolkit to detect online child sexual exploitation. Collaboration expanded through 200+ stakeholder engagements, a Private Sector Forum, assessor trainings, and global partnerships across FSRBs.

Operational priorities going forward include strengthening asset recovery, enhancing sanctions evasion detection, and further embedding AML by design principles into technological innovation. Throughout the report, FATF emphasises a results focused, risk based approach to protect financial systems, reduce criminal exploitation, and promote global financial inclusion.

CONTACTS

This publication is produced by the Projects & Regulatory Monitoring teams as well as experts from the Legal Department and the Compliance Department of CACEIS entities, together with the close support of the Communications Department.

Editor
Gaëlle Kerboeuf, Group Regulatory Watch Senior Expert

Permanent Editorial Committee
Gaëlle Kerboeuf, Group Regulatory Watch Senior Expert
Corinne Brand, Group Content Manager

Local
François Honnay, Head of Legal (Belgium)
Fanny Thomas, Head of Legal Client Contracts (France)
Aude Levant, Group Compliance
Jeanne Laurent, Head of Unit - Business Compliance
Stefan Ullrich, Head of Legal (Germany)
Costanza Bucci, Head of Legal & Compliance (Italy)
Luciana Vertulli, Compliance Officer (Italy)
Fernand Costinha, Head of Legal (Luxembourg)
Julien Fetick, Senior Financial Lawyer (Luxembourg)
Gérald Stadelmann, Head of Legal (Luxcellence Luxembourg)
Alessandra Cremonesi, Head of Legal (Switzerland)
Puck Kranénburg (The Netherlands)
Robin Donagh, Head of Legal (Ireland)
Olga Kitenge, Legal, Risk & Compliance (UK)
Katherine Petcher, Group Head, Legal (Common Law Countries)
Beatriz Sanchez Jete, Compliance (Spain)
Jessica Silva, Compliance (Brazil)
Luiz Fernando Silva, Compliance (Brazil)
Libia Andrea Carvajal, Compliance (Colombia)
Daiana Garcia, Compliance (Colombia)
Karim Martínez, Compliance (Mexico)
Edgar Zugasti, Compliance (Mexico)

Design
CACEIS Group Communications

Photos credit
CACEIS, Adobe Stock

CACEIS
89-91 rue Gabriel Péri
92120 Montrouge