On 10 June 2025, the EC updated its list of high-risk countries to strengthen international fight against financial crime.

A number of third country jurisdictions were added to the list – Algeria, Angola, Côte d’Ivoire, Kenya, Laos, Lebanon, Monaco, Namibia, Nepal and Venezuela), while other jurisdictions were delisted (Barbados, Gibraltar, Jamaica, Panama, the Philippines, Senegal, Uganda, and the United Arab Emirates).

The updated list takes into account the work of the Financial Action Task Force (FATF) and in particular its list of “Jurisdictions under Increased Monitoring”. As a founding member of FATF, the Commission is closely involved in monitoring the progress of the listed jurisdictions, helping them to fully implement their respective action plans agreed with FAFT. Alignment with FATF is important for upholding the EU´s commitment to promoting and implementing global standards.

The Commission has carefully considered the concerns expressed regarding its previous proposal and conducted a thorough technical assessment, based on specific criteria and a well defined methodology, incorporating information collected through the FATF, bilateral dialogues and on site visits to the jurisdictions in question.

Article 9 of the 4th Anti money Laundering Directive (AMLD IV) mandates the Commission to regularly update the list of high risk third country jurisdictions. The update of the list takes the legal form of a delegated regulation, which will enter into force after scrutiny and non objection of the European Parliament and the Council within a period of one month (which can be prolonged for another month).

On 25 June 2025, the ESMA published final report on the functioning and review of the DLT Pilot Regime.

The report contains information about business models, types of DLT financial instruments offered, and technical or legal issues encountered by supervisors to date. It also analyses the types of exemptions requested by DLT market infrastructures and the conditions under which National Competent Authorities (NCA’s) have granted those exemptions (including the compensatory measures imposed to mitigate risks).   

This report comes at an inflection point for the DLT Pilot Regime, which, despite an initially limited uptake, is now seeing growing interest from potential applicants. This recent momentum confirms the relevance of continued efforts to enhance the regime’s attractiveness and functionality. 

To build on this momentum, ESMA presents strategic recommendations to the European Commission (EC), prepared with feedback received by NCAs and the European Central Bank (ECB), about:  

• how to make the DLT Pilot Regime more attractive to the market, and 
• suggested amendments to the Pilot Regime to make it permanent and allow for more flexibility in the regulatory thresholds or eligible assets depending on the risks of each business model.  

These recommendations will complement the EC’s public consultation on the DLT Pilot Regime for market stakeholders, which is part of the wider consultation on the Savings and Investments Union (SIU).   

On 27 June 2025, the EC published Commission Delegated Regulation (EU) supplementing Regulation (EU) 2023/1114 of the European Parliament and of the Council with regard to regulatory technical standards specifying the minimum contents of the liquidity management policy and procedures for certain issuers of asset-referenced tokens and e-money tokens.

Pursuant to Article 35(4) and Article 58 of Regulation (EU) 2023/1114, the requirements laid down in Article 45(3) of that Regulation apply not only to issuers of significant asset referenced tokens, but also to electronic money institutions issuing significant e-money tokens and, where required by their competent authorities, to issuers of asset referenced tokens that are not significant and to electronic money institutions issuing e-money tokens that are not significant.

In accordance with Regulation (EU) 2023/1114, the Commission is to specify the minimum contents of the liquidity management policy and procedures for managing the liquidity risk of issuers of asset-referenced tokens or e-money tokens ensuring that the value of the reserve of assets can meet requests for redemption by holders of such tokens under normal and stress scenarios ensuring the normal continuity of the business. In order to meet requests for redemption, issuers of asset-referenced tokens or e-money tokens should pay particular attention to the volatility of the assets referenced relative to the reserve of assets and should perform a subsequent analysis of the necessary overcollateralisation. To mitigate any counterparty risk, issuers of asset referenced tokens or e-money tokens should avoid risks of concentration of the custodians of the reserve of assets.

In accordance with Regulation (EU) 2023/1114, the Commission is to specify the minimum contents of the liquidity management policy and procedures for managing the liquidity risk of issuers of asset-referenced tokens or e-money tokens ensuring that the value of the reserve of assets can meet requests for redemption by holders of such tokens under normal and stress scenarios ensuring the normal continuity of the business. In order to meet requests for redemption, issuers of asset-referenced tokens or e-money tokens should pay particular attention to the volatility of the assets referenced relative to the reserve of assets and should perform a subsequent analysis of the necessary overcollateralisation. To mitigate any counterparty risk, issuers of asset-referenced tokens or e-money tokens should avoid risks of concentration of the custodians of the reserve of assets.

This Regulation is based on the draft regulatory technical standards, developed in close cooperation with the European Securities and Markets Authority, submitted to the Commission by the European Banking Authority.

BACKGROUND

On 10 June 2025, the EU published Commission Delegated Regulation (EU) 2025/1140 of 27 February 2025, supplementing Regulation (EU) 2023/1114 of the European Parliament and the Council. This regulation focuses on specifying the regulatory technical standards for the records to be maintained by crypto-asset service providers. These records cover a wide range of activities, including crypto-asset services, orders, and transactions undertaken by these providers.

The publication of this regulation is a crucial step in reinforcing the regulatory framework for crypto-asset markets. By setting clear requirements for record-keeping, it aims to promote market transparency, enhance surveillance, and ensure that financial markets remain robust and compliant with EU regulations.

WHAT'S NEW?

1. Adaptation of Record-Keeping Obligations:

The regulation establishes that crypto-asset service providers must keep records that are tailored to their specific business models and the services they offer. This includes records for each activity, order, and transaction related to crypto-assets. The records must be sufficiently detailed and aligned with the scope of each provider's operations, ensuring comprehensive documentation of all crypto-asset-related activities.

2. Alignment with EU Financial Regulations (Regulation No. 600/2014):

To ensure consistency and minimize the reporting burden on crypto-asset service providers, the regulation stipulates that the record-keeping standards should align with those set out in Regulation (EU) No 600/2014. This approach leverages the existing financial sector reporting standards to ensure that crypto-asset service providers adopt consistent and efficient record-keeping practices that mirror the broader financial services sector.

3. Compatibility with Other Regulatory Frameworks:

The regulation emphasizes that the standards set forth in Commission Delegated Regulation (EU) 2025/416 should be followed when records are also required under that regulation. This is to ensure coherence and consistency across related financial and crypto-asset regulatory frameworks. By applying the same standards, the EU ensures a seamless regulatory environment across different types of financial markets.

4. Client Identification and Code Requirements:

To enhance market surveillance and ensure comparability across records, the regulation mandates that clients of crypto-asset service providers that are legal entities be identified using a unique code. This code must adhere to internationally recognized standards for financial market monitoring. The code should be neutral, reliable, open source, scalable, and available at a reasonable cost. This system will allow for consistent client identification and enable more accurate tracking of crypto-asset transactions, thus improving the ability of regulators to monitor market activity.

5. Legal Entity Identifiers (LEIs) for Crypto-Asset Providers:

In order to ensure clear identification of crypto-asset service providers, the regulation stipulates that these providers must use validated Legal Entity Identifiers (LEIs) in their records. These identifiers, which must be duly renewed and up-to-date, will be used to identify the entities responsible for executing orders or transactions. LEIs are critical for ensuring transparency and accountability in the crypto-asset market. Under Article 62 of Regulation (EU) 2023/1114, crypto-asset service providers are required to obtain an LEI as part of their authorization process. The LEI will also allow competent authorities to properly fulfill their supervisory roles and enforce measures, as stipulated in Article 68(10) of Regulation (EU) 2023/1114.

WHAT'S NEXT?

Commission Delegated Regulation (EU) 2025/1140 came into force on 30 June 2025, and crypto-asset service providers operating in the EU are now required to comply with the updated record-keeping obligations. These requirements help strengthen regulatory oversight and enhance the ability of supervisory authorities to track and monitor crypto-asset transactions in real-time.

As of the effective date, all crypto-asset service providers must ensure their systems are aligned with the new requirements for client identification, LEI usage, and the recording of transactions. These steps are part of the broader effort by the EU to regulate the crypto-asset sector in line with traditional financial markets, ensuring that crypto assets are handled in a transparent, accountable, and legally compliant manner.

On 10 June 2025, the EU publishes supplementing Regulation (EU) 2023/1114 of the European Parliament and of the Council as regards regulatory technical standards specifying the requirements for policies and procedures on conflicts of interest for issuers of asset-referenced tokens.

Pursuant to Article 32(1) of Regulation (EU) 2023/1114, issuers of asset-referenced tokens are to implement and maintain effective policies and procedures to identify, prevent, manage and disclose conflicts of interest between themselves and certain categories of persons. Where implementing and maintaining the policies and procedures required pursuant to Article 32(1) of Regulation (EU) 2023/1114, issuers of asset-referenced tokens should take into account the principle of proportionality with a view to ensuring that the policies and procedures take into account their size, internal organisation, business model, nature, scale and complexity of their activities, are consistent with, where applicable, group policies and sufficient to effectively achieve the objectives of that Article.

Conflicts of interest come from a broad range of situations, relationships and affiliations as the interests of the issuer of asset-referenced tokens, its owners, its staff, management body, stakeholders, entities belonging to the same group as the issuer of asset-referenced tokens and other stakeholders may differ when issuing asset-referenced tokens, making them available to the public and managing them. When deciding what kind of situations and circumstances should be covered by their conflicts of interest policies and procedures, issuers of asset-referenced tokens should take into consideration all situations which may influence or affect or may be perceived to influence or affect, the ability of the issuer of asset-referenced tokens or any person connected to the issuer of asset-referenced tokens to take impartial and objective decisions.

The reserve of assets is a key element of asset-referenced tokens, and its sound management contributes to the protection of holders of asset-referenced tokens. When identifying, preventing, managing and disclosing conflicts of interest, issuers of asset-referenced tokens should take into account the potential conflicts of interest arising from the management and investment of the reserve of assets referred to in Article 36 of Regulation (EU) 2023/1114 and the policies and procedures of the issuers of asset-referenced tokens should cover those aspects. Similarly, issuers of asset-referenced tokens should take into account the potential conflicts of interest with third parties that provide services related to the operating, the investment or the custody of the reserve assets and, where applicable, the distribution of the asset-referenced tokens to the public. For the same reason, issuers of asset-referenced tokens should establish, implement and maintain arrangements to ensure that the third party, that provides one of the functions as referred in Article 34(5), point (h) of Regulation (EU) 2023/1114 acts in a manner consistent with their conflicts of interest policies and procedures.

The conflict of interest policies and procedures referred to in Article 32(1) of Regulation (EU) 2023/1114 as further specified in the regulatory technical standards set out in this Regulation should provide for the communication of personal data when necessary and proportionate to ensure the adequate identification, prevention, management and disclosure of conflicts of interest potentially detrimental to the holders of asset-referenced tokens or to the issuers of asset-referenced tokens, taking into account the fundamental rights to privacy and to the protection of personal data of the connected persons. In line with the principle of data minimisation as laid down in Regulation (EU) 2016/679, the issuers of asset-referenced tokens should specify which categories of personal data they will process to identify, prevent and manage conflicts of interest in their policies and procedures referred to in Article 32(1) of Regulation (EU) 2023/1114, in a way appropriate to their size and internal organisation, to the group where applicable, their business model, suitable for the nature, scale and complexity of their activities. The regulatory technical standards set out in this Regulation specify the criteria to identify categories of personal data that are necessary and proportionate to ensure the adequate identification, prevention, management and disclosure of conflicts of interest potentially detrimental to the holders or issuers of asset-referenced tokens, having regard to the risks to the fundamental rights to privacy and to the protection of personal data of the persons referred to in Article 32(1), points (a) to (d) and point (f), of Regulation (EU) 2023/1114.

This Regulation is based on the draft regulatory technical standards submitted to the Commission by the European Banking Authority.

This Regulation entered into force on 30 June 2025. 

On 10 June 2025, the EBA published no action letter on the interplay between PSD2/3 and MiCA.

The letter assesses the provisions set out in MiCA and PSD2 and advises NCAs under PSD2 to view the transfer of crypto assets as a payment service under PSD2 where they entail EMTs and are carried out by the entities on behalf of their clients. It sets out provisions to regard the custody and administration of EMTs as a payment service and to regard a custodial wallet as a payment account where the wallet is held in the name of one or more clients and allows to send and receive EMTs to and from third parties.

For these services, the No Action letter advises NCAs to require an authorisation under PSD2 only from 2 March 2026 onwards and, during the authorisation process, to apply streamlined procedures that make maximum use of information that legal entities provide during their CASP authorisation process.

Once an authorisation as a payment services provider is held, NCAs are advised not to prioritise the supervision and enforcement of several elements of PSD2, such as safeguarding, the disclosure of information to consumers (pertaining to the level of applicable charges, the maximum execution time of payment transactions, the unique identifier such as IBAN, and open banking). However, NCAs are also advised to insist on the compliance with other PSD2 provisions, such as strong customer authentication (SCA) for accessing custodial wallets that qualify as payment account and the initiating of EMT transfers, the reporting of payment fraud, and the cumulative calculation of own funds requirements. This is to ensure equally high standards of consumer protection regardless of whether a consumer is using EMTs or more traditional funds as a means of payment.

Furthermore, NCAs are advised not to consider as payment services (and therefore not to subject to the application of PSD2, including its provisions on licensing) the ‘exchange of crypto-assets for funds’ and ‘exchange of crypto-assets for other crypto-assets’ as defined in MiCA. Additionally, the EBA advises NCAs not to regard as a payment service cases where crypto-asset service providers intermediate the purchase of any crypto-assets with EMTs, and, therefore, not to enforce the application of PSD2 nor to require an authorisation under PSD2 in such cases.

This advice will result in a large number of EMT transactions not being subject to PSD2 requirements during the intervening period while the Directive still applies. The EBA bases this advice solely on the acknowledgement that any alternative advice would require a much larger number of CASPs to obtain a second authorization. The EBA considers such an alternative to be undesirable, given the burden that dual authorisation would impose on CASPs.

BACKGROUND

On 18 June 2025, the EU published Commission Delegated Regulation (EU) 2025/1190 of 13 February 2025, which supplements Regulation (EU) 2022/2554 regarding regulatory technical standards (RTS) on threat-led penetration testing (TLPT). This regulation provides essential guidelines for the identification of financial entities required to conduct TLPT, the use of internal testers, the scope and methodology of testing phases, and the supervisory and cooperation requirements for TLPT implementation and mutual recognition.

The regulation has been developed in accordance with the TIBER-EU framework, ensuring consistency with the processes, methodologies, and structure used in the TIBER-EU framework. It aims to provide a structured approach to cybersecurity testing within financial institutions by ensuring that financial entities adhere to consistent and harmonized standards for penetration testing.

WHAT'S NEW?

1. Alignment with the TIBER-EU Framework:

The Commission Delegated Regulation (EU) 2025/1190 is structured to mirror the TIBER-EU framework, which is a key part of the EU's cybersecurity strategy for the financial sector. It ensures that TLPT methodologies, processes, and implementation steps are consistent with the TIBER-EU guidelines. Financial entities required to conduct TLPTs have the option to follow either the TIBER-EU framework or its national implementations, provided these are consistent with the regulations laid out in Articles 26 and 27 of Regulation (EU) 2022/2554.

2. Designation of Competent Authorities:

The regulation outlines the designation of a single public authority within the financial sector at the national level, responsible for TLPT-related matters. This is in accordance with Article 26(9) of Regulation (EU) 2022/2554. However, the regulation also maintains that the European Central Bank (ECB), for instance, retains the authority over TLPT-related tasks for certain institutions such as significant credit institutions under its supervision.

In cases where TLPT responsibilities are delegated to other national authorities, the competent authority of the financial institution will remain responsible for non-delegated TLPT tasks. This ensures that consistent oversight is maintained across the entire TLPT process.

3. Active Red Team Testing Phases:

During the active red team testing phase, the testers are required to deploy a wide range of tactics, techniques, and procedures (TTPs). These TTPs are designed to simulate real-world cyber-attacks on financial institutions, helping them identify vulnerabilities within their systems. The phases include:

• Reconnaissance: Collecting information on the target systems.
• Weaponization: Analyzing infrastructure and preparing for attacks.
• Delivery: Launching the attack on the target.
• Exploitation: Attempting to compromise systems and exploit vulnerabilities through
  social engineering.
• Control and Movement: Moving from compromised systems to higher value targets.
• Actions on Target: Gaining further access to systems and acquiring sensitive data, as outlined
  in the test plan.

This structured approach ensures that institutions are thoroughly tested against potential cybersecurity risks and attacks.

4. TLPT Cyber Teams:

To facilitate effective testing, TLPT cyber teams will be established, with responsibilities that align closely with those of the TIBER-EU cyber teams. These teams will consist of test managers who oversee individual TLPT tests, ensuring the tests are properly planned and coordinated. The TLPT cyber teams will act as a single point of contact for communication with internal and external stakeholders and will collect and process feedback from previously conducted tests.

These teams will also provide essential support to financial entities undergoing TLPT testing, ensuring that institutions receive guidance on improving their cybersecurity measures and addressing any vulnerabilities identified during the testing phase.

5. Supervisory and Cooperation Requirements:

The regulation sets out supervisory and cooperation requirements for the implementation of TLPT. These guidelines ensure that there is consistent cooperation between national and EU supervisory authorities. Institutions will be required to report on their TLPT results, share lessons learned, and ensure that all necessary data is made available to relevant authorities to support the mutual recognition of TLPT results across jurisdictions.

6. Regulatory Support from European Supervisory Authorities (ESAs):

The regulation was drafted in close collaboration with the European Supervisory Authorities (ESAs) – the European Banking Authority (EBA), the European Insurance and Occupational Pensions Authority (EIOPA), and the European Securities and Markets Authority (ESMA), alongside the European Central Bank (ECB). This joint effort ensures that TLPT aligns with the broader EU financial regulations and provides a robust framework for addressing cybersecurity risks in the financial sector.

WHAT'S NEXT?

Commission Delegated Regulation (EU) 2025/1190 entered into force on 8 July 2025, bringing into effect the new TLPT regulatory requirements for financial institutions across the EU. Financial entities now must ensure they are fully compliant with the new testing standards and the enhanced methodologies set out in the regulation.

Moving forward, financial institutions will need to prepare for TLPT testing and ensure that their internal cybersecurity teams are equipped to handle the complex penetration testing process. Institutions must also work closely with national authorities and EU supervisory bodies to ensure effective supervision and cooperation in the implementation of TLPT.

Regulatory authorities will begin monitoring the implementation of TLPT across the financial sector, ensuring that institutions are actively working to strengthen their cybersecurity defences. As the testing processes evolve, further updates and guidelines may be issued to address emerging risks and ensure the ongoing resilience of the financial sector in the face of evolving cyber threats.

BACKGROUND

On 6 June 2025, the European Central Bank (ECB) announced the expansion of the euro short-term rate (€STR) reporting population, which will take effect on 2 July 2025 (with reference to 1 July). The number of reporting banks contributing to the daily calculation of the €STR will increase from 45 to 69 banks. These 24 new banks were added to the Money Market Statistics Reporting (MMSR) population on 1 July 2024, but their data was not included in the €STR calculation until it was confirmed that the reported data met the required quality standards.

This expansion is designed to improve the robustness and representativeness of the €STR benchmark. With the addition of these new reporting institutions, the benchmark will now be supported by higher transaction volumes from a wider range of financial entities. Although the impact on the level of the rate is expected to be minimal—approximately -0.2 basis points during the testing period—the expansion ensures greater reliability and transparency.

WHAT'S NEW?

1. Expansion of the €STR Reporting Population:

Starting 2 July 2025, the ECB will expand the €STR reporting population by adding 24 new banks, bringing the total number of contributing banks to 69. These new banks were initially incorporated into the MMSR population on 1 July 2024, but their data was withheld from the €STR calculation until it was confirmed to meet the necessary data quality standards. This increase in the number of reporting banks will lead to a broader dataset, improving the accuracy and representativeness of the €STR.

2. Improved Representativeness of the Benchmark:

The inclusion of the new banks will help enhance the robustness of the €STR benchmark, as it will now be supported by higher transaction volumes from a wider variety of reporting institutions. This move ensures that the benchmark reflects a more diverse set of market participants and provides a more comprehensive view of the euro money market.

3. Minimal Impact on the Rate Level:

The ECB expects the impact of the new banks on the level of the €STR to be limited. During the testing phase from July 2024, the difference observed between the current and expanded population was approximately -0.2 basis points, indicating that the addition of these new banks will not significantly alter the rate, but will help strengthen its overall accuracy.

WHAT'S NEW?

Starting 2 July 2025, the new group of 24 banks will officially contribute to the €STR calculation. Financial institutions and market participants can expect a more robust and representative benchmark as the data from the expanded reporting population is integrated. The ECB will continue to monitor the quality of data provided by the new reporting agents, ensuring that it meets the standards required for the accurate calculation of the €STR.

For supervisory authorities and market participants, this expansion means that the €STR will be even more reflective of the broader market, providing greater reliability for use in financial transactions, contracts, and instruments tied to the rate.

BACKGROUND

On 26 June 2025, the European Securities and Markets Authority (ESMA) published advice on the UCITS Eligible Assets Directive (EAD). This advice was issued in response to a formal request from the European Commission, which sought input on the appropriateness of the types of underlying assets UCITS can invest in, either directly or indirectly. The UCITS EAD has been in effect since 2007, with only limited updates, and the Commission is now considering whether the framework requires changes. The advice aims to provide clarity and updates on the UCITS framework, particularly regarding asset eligibility, liquidity management, and the treatment of alternative assets.

WHAT'S NEW?

ESMA’s advice introduces several key recommendations aimed at modernizing and clarifying the UCITS framework:

1. Transferable Security Definition: ESMA recommends aligning the UCITS definition of transferable securities with MiFID II, ensuring greater consistency and clarity in how these securities are classified and treated under both frameworks.

2. Regulatory Harmonisation: ESMA proposes moving towards a directly applicable EU regulation, rather than a directive, for the UCITS framework. This would ensure more consistent implementation across Member States, avoiding differences in local legislation or gold-plating, which could lead to regulatory fragmentation.

3. Look-through Requirement: A mandatory look-through approach is introduced for all UCITS portfolio investments, particularly for structured or wrapped products. This would require UCITS managers to assess investments at the level of the final underlying asset. Additionally, at least 90% of the portfolio must remain exposed to UCITS-eligible assets.

4. "Trash Bucket" Expansion: ESMA proposes expanding the types of non-UCITS eligible assets that a UCITS may invest in on an ancillary basis, often referred to as the "trash bucket." However, it recommends a strict 10% limit on the aggregate indirect exposure to ineligible assets like commodities, crypto-assets, and real estate. Additionally, ESMA proposes extending the "trash bucket" to include all UCITS eligible assets, such as derivatives and units of open-ended AIFs.

5. Additional Eligible Asset Classes: While ESMA recognizes that expanding the list of eligible asset classes would require amendments to the UCITS Directive (Level 1 changes), it suggests that this could be addressed in a future workstream.

6. No Liquidity Presumption: ESMA recommends removing the presumption of liquidity for listed instruments. UCITS managers would be required to formally assess and document liquidity and tradability, both at the asset and portfolio levels, ensuring ongoing compliance with liquidity requirements.

7. Financial Indices: UCITS could invest in derivatives that provide exposure to financial indices, even if the index constituents include non-eligible assets, as long as the index is sufficiently diversified and composed mostly of eligible assets. Additionally, UCITS would need to apply the look-through approach to the underlying index constituents to determine their eligibility.

8. Ancillary Liquid Assets: ESMA sees no merit in prescribing a maximum amount of ancillary liquid assets a UCITS can hold, but it proposes applying a counterparty limit of 20% to such assets, in line with deposits made with the same body.

WHAT'S NEXT?

The European Commission will now review ESMA’s advice and may initiate a public consultation to gather further feedback from stakeholders. Based on the outcome of the consultation, the Commission will determine the next steps for updating the UCITS framework, which could include the adoption of a directly applicable regulation. UCITS managers should assess their current portfolios in light of the proposed changes, particularly with respect to liquidity management and asset eligibility criteria, to determine if any adjustments are necessary. They may also need to develop strategies for managing indirect exposures and compliance with the new look-through requirements. The Commission is expected to publish its proposed changes in the coming months, which could lead to significant adjustments in how UCITS manage their assets and portfolios.

On 20 June 2025, the EFAMA published its annual review 2024-2025.

EFAMA's Annual Review highlights their key achievements over the past 12 months and provides a useful overview of the main topics the EFAMA covers.

The Review is structured around the work of the Standing Committees and Taskforces. These bodies are the lifeblood of the Association as they develop sound, unified and evidence-based common positions around relevant EU/global initiatives and campaigns.

BACKGROUND

On 12 June 2025, the European Commission (EC) published a Commission Delegated Regulation amending Regulation (EU) No 575/2013 of the European Parliament and the Council concerning the own funds requirements for market risk. This regulation is a postponement of the implementation timeline for the new market risk requirements as binding own funds requirements. The regulation defers the application of the new provisions introduced by Regulation (EU) 2024/1623, which was set to amend the Capital Requirements Regulation (CRR) in relation to the market risk framework. The provisions concerning Part Three, Title IV of the CRR, including Articles 430b, 445, and 455, will now become applicable on 1 January 2027.

Until that date, the current market risk requirements, including those related to the calculation of own funds requirements, market risk reporting, and disclosure requirements, will remain in effect. This delay is intended to allow for more time to address the uncertainty around implementation timelines and to facilitate a smoother transition into the new framework.

WHAT'S NEW?

1. Postponement of FRTB Standards Implementation:

The delegated regulation postpones the application of the Fundamental Review of the Trading Book (FRTB) standards, which were previously introduced under Regulation (EU) 2019/876 and further amended by Regulation (EU) 2024/1623. These standards, developed by the Basel Committee on Banking Supervision (BCBS), form the basis for the binding own funds requirements for market risk exposures. Initially, these standards were expected to become applicable in 2026, but the application date is now deferred to 1 January 2027 due to high levels of uncertainty regarding their implementation in jurisdictions with many internationally active banks.

2. Continued Use of Pre-FRTB Approaches:

In the interim period, institutions are required to continue using pre-FRTB approaches to calculate their own funds requirements for market risk. The regulation specifies that financial institutions must maintain reporting on their own funds requirements under the previous market risk framework (pre-FRTB) until the new standards are applicable on 1 January 2027. This approach ensures that supervisors can continue to monitor market risk exposures and gather relevant data while awaiting the full implementation of the FRTB.

3. Impact Monitoring and Reporting Requirements:

Competent authorities need to have access to consistent reporting data to monitor the impact of the FRTB and to identify potential implementation issues. To facilitate this, institutions will continue to report market risk data under the existing framework and provide updates as required by Article 430b of Regulation (EU) No 575/2013 in its version in force on 8 July 2024. This ongoing reporting is crucial for maintaining transparency and ensuring effective communication between institutions and regulatory bodies during the transition period.

WHAT'S NEXT?

The Commission Delegated Regulation on own funds requirements for market risk has been officially postponed, and the new FRTB standards will not be applicable until 1 January 2027. Until that time, institutions must continue applying the pre-FRTB calculation methods for own funds requirements related to market risk and continue their supervisory reporting accordingly.

During the transition, supervisors will continue to monitor market risk exposures using the existing standards. Financial institutions are expected to maintain their reporting obligations under the current framework, ensuring that they remain in compliance with Regulation (EU) No 575/2013 while awaiting the transition to the new standards. As the 2027 application date approaches, further guidance may be issued to ensure a smooth and consistent implementation of the FRTB across all jurisdictions.

This delay provides institutions with additional time to adjust to the new regulatory framework and for regulators to resolve any outstanding issues regarding its global application. Institutions should be prepared to align their systems and reporting mechanisms with the FRTB standards when they come into effect, as this will impact their capital requirements for market risk exposures.

On 5 June 2025, the ECB published its monteray policy decisions.

The Governing Council decided to lower the three key ECB interest rates by 25 basis points. In particular, the decision to lower the deposit facility rate – the rate through which the Governing Council steers the monetary policy stance – is based on its updated assessment of the inflation outlook, the dynamics of underlying inflation and the strength of monetary policy transmission.

Inflation is currently at around the Governing Council’s 2% medium-term target. In the baseline of the new Eurosystem staff projections, headline inflation is set to average 2.0% in 2025, 1.6% in 2026 and 2.0% in 2027. The downward revisions compared with the March projections, by 0.3 percentage points for both 2025 and 2026, mainly reflect lower assumptions for energy prices and a stronger euro. Staff expect inflation excluding energy and food to average 2.4% in 2025 and 1.9% in 2026 and 2027, broadly unchanged since March.

The Governing Council is determined to ensure that inflation stabilises sustainably at its 2% medium-term target. Especially in current conditions of exceptional uncertainty, it will follow a data-dependent and meeting-by-meeting approach to determining the appropriate monetary policy stance. The Governing Council’s interest rate decisions will be based on its assessment of the inflation outlook in light of the incoming economic and financial data, the dynamics of underlying inflation and the strength of monetary policy transmission. The Governing Council is not pre-committing to a particular rate path.

The Governing Council decided to lower the three key ECB interest rates by 25 basis points. Accordingly, the interest rates on the deposit facility, the main refinancing operations and the marginal lending facility will be decreased to 2.00%, 2.15% and 2.40% respectively, with effect from 11 June 2025.

On 30 June 2025, the ECB updated its monetary policy strategy.

Following the strategy review carried out in 2020-21, the Governing Council announced that it would periodically assess the appropriateness of its monetary policy strategy. The assessment published today meets this commitment, ensuring that our framework, toolkit and approach remain fit for purpose.

The monetary policy strategy enables the Governing Council to respond effectively to major changes in the inflation environment. This is especially important as ongoing structural shifts, such as geopolitical and economic fragmentation, increasing use of artificial intelligence, demographic change and the threat to environmental sustainability, suggest that the inflation environment will remain uncertain and potentially more volatile, with larger deviations from the symmetric 2% inflation target.

To maintain the symmetry of the target, appropriately forceful or persistent monetary policy action in response to large, sustained deviations of inflation from the target in either direction is important. This will help to avoid inflation expectations becoming de-anchored and inflation deviations from the target becoming entrenched:

• Governing Council confirms symmetric 2% inflation target over the medium term;
• Symmetry requires appropriately forceful or persistent policy response to large, sustained deviations of inflation from target in either direction;
• All tools remain in toolkit and their choice, design and implementation will enable an agile response to new shocks;
• Structural shifts such as geopolitical and economic fragmentation and increasing use of artificial intelligence make the inflation environment more uncertain.

BACKGROUND

On 16 June 2025, the European Banking Authority (EBA) published key regulatory products that address operational risk capital requirements and related supervisory reporting. These regulatory products are essential for the implementation of the EU Banking Package and are designed to support supervisors in effectively monitoring institutions’ compliance with operational risk requirements. This, in turn, helps ensure consistent and enhanced supervision across the European banking sector.

The EBA published three critical final draft technical standards (RTS and ITS), which play a pivotal role in improving how operational risk is calculated, reported, and supervised. These standards cover several aspects of operational risk management, aiming to streamline reporting processes and reduce the operational burden on institutions, while also ensuring the accuracy and relevance of reported data.

WHAT'S NEW?

1. RTS on Business Indicator (BI) Calculation and Adjustments:

One of the most significant components of the EU Banking Package is the harmonised application of operational risk capital requirements, which rely on the calculation of the Business Indicator (BI). The RTS on BI focuses on defining the calculation and adjustments of the BI. This includes refinements to the BI components, such as incorporating updates to accounting standards and providing detailed breakdowns of the operational risk impacts and exclusions. Additionally, clarifications have been provided on the approaches for calculating the financial component of the BI.

These refinements aim to ensure that the BI accurately reflects operational risks in the financial statements of banks and provides a standardised and consistent approach to determining capital requirements for operational risk. The updates are designed to provide greater clarity and precision in measuring operational risk across different institutions.

2. ITS on Mapping to FINREP:

The ITS on mapping to FINREP ensures that the reporting of operational risk components is aligned with the FINREP framework. This aims to improve consistency in the reporting process, and significantly reduces implementation, administrative, and operational costs for financial institutions. By standardising the mapping, institutions will be able to report operational risk-related data more effectively, reducing duplication and the potential for errors in the reporting process.

3. Amendments to the ITS on Operational Risk Reporting:

The final draft of the ITS on operational risk reporting introduces amendments that will keep the supervisory reporting framework relevant and meaningful. These amendments are aligned with the updated regulatory requirements for operational risk reporting and focus on assessing compliance with operational risk own funds requirements. Specifically, the amendments will enhance existing reporting requirements by requesting more detailed information on the calculation of the BI components. This ensures that supervisors have access to essential data to fulfil their oversight responsibilities, while also taking into account the efforts required by institutions to meet these new data reporting standards.

4. Adjustments for Mergers, Acquisitions, and Disposals:

A key aspect of the final RTS is its approach to mergers and acquisitions. When an institution undergoes a merger or acquisition, the RTS mandate that the institution uses actual three-year historical data for the calculation of the BI, or provides alternative methodologies if the data is not available. For disposals, the RTS outline the conditions under which BI items related to disposed entities can be excluded. A materiality threshold for disposals is also introduced, allowing institutions to adjust their records without requiring supervisory permission for minor disposals. These adjustments aim to provide institutions with greater flexibility, ensuring they can accurately reflect changes in their operational structure without unnecessary regulatory hurdles.

5. Mapping the BI Components to FINREP Reporting Cells:

To ensure the proper reporting of BI components, the standard items for each component of the BI have been mapped to their respective reporting cells in FINREP. This mapping ensures that the operational risk data aligns with existing financial reporting standards, which promotes consistency in the data submitted by banks to supervisory authorities.

WHAT'S NEXT?

The publication of these technical standards marks an important step towards the full implementation of the EU Banking Package, with a particular focus on improving the management and supervision of operational risk in the banking sector. Financial institutions must now implement the updated BI calculation and reporting requirements, including the new mapping to FINREP and the detailed amendments to the operational risk reporting framework. These updates will significantly impact how operational risk capital is reported and calculated across the sector.For supervisory authorities, the updated technical standards will enable more effective monitoring of compliance with capital requirements for operational risk. The introduction of more detailed reporting requirements and clearer guidelines will enhance transparency and ensure that supervisors can assess operational risk with greater precision.As the EBA moves forward with the implementation of these standards, banks will need to ensure that their systems are updated to comply with the new requirements, particularly in the areas of reporting, data collection, and capital allocation for operational risk.

On 23 June 2025, the ESMA published consultation on how to integrate funds reporting.

Funds reporting in the asset management sector is now subject to significant fragmentation due to the coexistence of several reporting regimes at national and European level, resulting in high compliance burdens.  

To identify solutions, the discussion paper outlines options for improving different aspects of reporting, such as the scope of data, reporting processes and systems to ensure more efficient reporting and sharing of data between the authorities. Among the possibilities, there are proposals related to the integration of multiple reporting templates and the centralisation of reporting processes and infrastructures. 

This paper adds to ESMA’s simplification and burden reduction initiative, launched earlier this year, and it is directly contributing to the debate on how to simplify, harmonise and eliminate barriers to produce an effective burden reduction in the financial sector, while preserving the main objectives of financial stability, orderly markets and investor protection. 

ESMA’s actions mark a shift from technical sectorial amendments to an integrated approach in funds supervisory reporting, similar to the comprehensive approach to financial transaction reporting. The idea is to take a step back and review reporting in a more comprehensive manner rather than focusing on the incremental sectorial changes.

The Consultation closes on 21 September 2025.

BACKGROUND

On 12 June 2025, the European Commission (EC) adopted Commission Delegated Regulation (EU) 2025/1190, amending Regulation (EU) No 575/2013 concerning the application date of the own funds requirements for market risk. This regulation postpones the implementation of the new market risk requirements by one additional year, meaning the new provisions that were to become binding on 1 January 2026 will now become applicable on 1 January 2027.

The amendment concerns Regulation (EU) 2024/1623, which introduced the revised market risk framework—specifically provisions amending Part Three, Title IV of the Capital Requirements Regulation (CRR) and Articles 430b, 445, and 455. Until the new framework becomes applicable, the current market risk requirements (including the calculation of own funds requirements, market risk reporting, and disclosure requirements) will remain in place.

The regulation also clarifies the postponement of disclosure requirements related to market risk and sets a new application date for January 2026. This is essential for maintaining consistency and ensuring that institutions continue to apply the pre-FRTB calculation approaches for own funds requirements during this deferral period.

WHAT'S NEW?

1. Postponement of Market Risk Requirements:

This delegated regulation introduces a one-year delay in the application of the new market risk framework, now set to apply on 1 January 2027. The new framework, which incorporates the Fundamental Review of the Trading Book (FRTB), was initially set to be effective from 1 January 2026, but the delay is necessary to account for ongoing international discrepancies and to preserve a level playing field for institutions across borders.

2. Continuation of Current Requirements:

Until 1 January 2027, institutions will continue to apply the current market risk requirements. These include:

• Part Three, Title IV of the CRRArticles 430, 430b, 445, and 455: The current provisions will remain in effect, and institutions are required to follow the existing rules for calculating own funds requirements, reporting on market risk, and disclosing these requirements.

3. Disclosure Requirements:

The regulation also defers the disclosure requirements related to market risk under the FRTB framework until 1 January 2027. During the postponement period, institutions are required to continue disclosing information based on the pre-FRTB calculation approaches. This ensures that market discipline remains intact, and stakeholders still have access to important market risk data.

4. International Level Playing Field:

The delay is intended to address concerns regarding discrepancies in the implementation of the FRTB across different jurisdictions. While countries like Canada, Switzerland, Singapore, Hong Kong, and Japan have made progress, there are significant delays in the US and the UK, which have not yet fully implemented the standards. The deferral ensures that EU financial institutions will not face a competitive disadvantage compared to banks in these jurisdictions, preserving the international level playing field.

5. Regulatory Monitoring and Coordination:

The European Commission continues to monitor the global implementation of FRTB standards, especially in jurisdictions with many internationally active banks. The Commission has also provided guidance to competent authorities on how to manage internal models during this deferral period. It ensures that flexibility is maintained in the assessment of institutions’ own funds requirements while keeping in line with global standards.

WHAT'S NEXT?

• The new market risk framework under the FRTB standards will now be fully applicable on 1 January 2027, providing more time for institutions to adjust to the new requirements.
• Until that date, institutions must continue to apply the current market risk rules and report their own funds requirements based on the pre-FRTB approaches.- Competent authorities will monitor institutions’ progress and continue assessing the implementation of the FRTB standards internationally, adjusting as necessary to ensure a level playing field across jurisdictions.
• Institutions should prepare for the transition to the FRTB framework, aligning their systems and practices with the new requirements when they come into effect.

On 20 June 2025, the EBF published study on 2025 Cumulative Capital.

Since the beginning of the regulatory reform in 2010, the European banking system has achieved a level of resilience far beyond the original targets. In 2024, all the capital, own funds and liquidity ratios of European banks have reached levels way above the minimum requirements.

However, the EU regulatory framework has become particularly complex. And despite the large level of resilience achieved, European banks operate under a permanent flux of ever rising capital requirements stemming from changing EU regulation, national authorities’ discretions and supervisory decisions. In a short time frame, the regulatory requirements can change, the capital buffers can be significantly increased upon decision of different authorities absent any idiosyncratic justifications, and the supervisory expectations regularly add pressure to the already enhanced requirements. Such complexity has given way to gold plating of international standards and duplication of measures to address the same risk. As a result, capital planning in European banks is a conundrum.

In this context of enhanced and fragmented capital requirements, The European Banking Federation wanted to know how much of the aggregate capital requirement corresponds to the Basel Committee minimum, and how much is the result of discretionary decisions and gold-plating of the multiple EU and national authorities involved in the complex regulatory and supervisory EU framework. The former is referred to as the “Basel Baseline”. The latter is referred to as the “Supervisory Discretion”, or “capital add-ons”. For that purpose, it asked the Global Benchmark Initiative (GBI) of the Global Association of Risk Professionals (GARP) to conduct a fact-based study to inform about:

• The relative size of the mandatory Basel Baseline and of the EU capital add-ons;
• The trend of the capital add-ons part from 2021 to 2024;
• An estimation of the amount of lending that the capital add-ons part has prevented.

The exercise has been conducted in April and May of 2025 with the participation of 15 EU banks representing 66.4% of the EU banking assets. GARP GBI collected publicly available data and the banks submitted capital buffer, supervisory capital provisioning and deduction data for year-end 2024, 2023, 2022 and 2021 using a bespoke template.

Three conclusions stand out:

• In 2024, at CET1 level the relative size of EU capital add-ons is very significant increasing the Basel baseline by 67%;
• Such Supervisory discretions represent an incremental CET1 capital requirement of €273.2 billion, impacting financing capacity by an estimated €1.9 to €2.7 trillion;
• While the Basel baseline has remained stable between 2021 and 2024, the supervisory discretion has increased by more than €100 billion or 60% during the same period.

On 12 June 2025, the ESMA published final reports on the Prospectus Regulation and on civil prospectus liability.

These reports provide recommendations meant to facilitate capital market activity by reducing regulatory burden and also include the results of ESMA’s Call for Evidence on civil prospectus liability (CfE). 

Key proposals and findings

The technical advice on the Prospectus Regulation contains:

• advice relating to the content and format of prospectuses;
• proposed disclosure annexes for non-equity securities that are advertised with ESG features;
• advice relating to the scrutiny of information in prospectuses as well as advice relating to the procedures for the approval of a prospectus; and
• proposals to updates to the data reporting requirements in line with changes introduced by the Listing Act and in relation to the implementation of ESAP.

The technical advice on civil prospectus liability presents:

• feedback received on the CfE  where many stakeholders consider that the current regime is well-balanced and argue that reform is unnecessary at this stage;
• ESMA’s ensuing advice; and
• an update of the sections of the 2013 Report on prospectus liability related to civil prospectus liability.

On 12 June 2025, the EBA published revised list of validation rules on supervisory reporting.

The EBA issued a revised list of validation rules in its Implementing Technical Standards on supervisory reporting, highlighting those which have been deactivated either for incorrectness or for triggering IT problems. Competent Authorities throughout the EU are informed that data submitted in accordance with these ITS should not be formally validated against the set of deactivated rules. The EBA also released today a small validation package including a micro taxonomy package and DPM VR deactivation updates scripts, which are needed from release 4.0, for each deactivation exercises, to deactivate rules in taxonomy and in DPM in a consistent manner.

On 13 June EBA updated its Q&A on CRR.

The newly introduced paragraph 2(b) in article 394 of CRR3 requires institutions to report as well the total Shadow Bank Exposure. This request is in addition to the top 10 such SBEs, already reported under CRR2, in line with paragraph 2(a) of the same article. Nonetheless the new ITS published under taxonomy v4.0, do not include any field which would allow us to report such information.

The newly introduced subparagraph in paragraph 2 in article 394 of Regulation (EU) 575/2013 will be reflected in the next update of the Implementing regulation (EU) 2024/3117 (ITS on reporting).

Could EBA provide guidance on whether institutions that do not apply the transitional arrangements set out in Article 465(5) of CRR can leave the rows 0151 and 0152 ‘of which: exposures secured by mortgages on residential property up to 55% of the property value’ and ‘of which: exposures secured by mortgages on residential property between the 55% and 80% of the property value’ empty in template C 10.00?  

In the template C 10.00 of Implementing Regulation (EU) 2024/3117, institutions that do not apply the transitional arrangements set out in Article 465(5) of CRR shall leave the rows 0151 and 0152 ‘of which: exposures secured by mortgages on residential property up to 55% of the property value’ and ‘of which: exposures secured by mortgages on residential property between the 55% and 80% of the property value’ empty.

In the report C0700 we saw that the new dynamism with the errata 5 is using the value qEC:qx1 to display the “total” breakdown and for us it seems to be fine qEC2 20392 4.0 1012404739 qx01 All exposure classes and approaches.

For the case of Corep own funds C8 template of Implementing regulation 2024/3117 (ITS on reporting) the instructions shall be followed. Therefore, qx01 does not need to be reported but the sub totals for F-IRB and A-IRB do (similarly to what was in place before). This is also the case for template C 34.07.

For DPM 4.0 the cells {C_08.01.c, r0070, c0130, s*} and {C_08.01.c, r0180, c0130, s*} are identified as identical and have the same VariableID. Considering the instructions for reporting the data in rows 0070 and 0180 different values are expected.

In template C 08.01.c, in the DPM 4.0, the rows 0070 and 0180 have the same modelling, which implies that only one row can be reported. This mistake in the modelling will be amended in the next DPM release for COREP own funds. In the meantime, the data should only be reported for C 08.01.c, row 0070.

C 02.00 – Row 690/ Col 0020 (Other RWA under S-TREA):

If the firm were back testing any models that identified a shortfall, would this necessarily result in the equivalent Fully Standardised RWA needing to be computed, given that the fully standardised position would be driven by rule-based criteria, so in essence captured in the appropriate rows before Row 690 (risk types) already? In addition, for any regulator driven add-ons, again assume the same would be applied.

In template C 02.00 of Implementing technical standard (EU) 2024/3117 (ITS on reporting), there will be no impact on S-TREA (c0020, r0690) for additional RWA due to PMA / model shortfall; as well as competent authority (regulator) driven add ons.

On 12 June 2025, the EC publishes Commission Delegated Regulation (EU) supplementing Regulation (EU) No 600/2014 of the European Parliament and of the Council with regard to regulatory technical standards on the authorisation and organisational requirements for approved publication arrangements and approved reporting mechanisms, and on the authorisation requirements for consolidated tape providers, and repealing Delegated Regulation (EU) 2017/571.

Regulation (EU) No 600/2014 of the European Parliament and of the Counci (MiFIR) governs how trading works in the EU. The latest legislative amendments to MiFIR were introduced by Regulation (EU) 2024/791 of the European Parliament and of the Council (MiFIR review). 

To enable the European Securities and Markets Authority (ESMA), or, where relevant, the national competent authority, to assess whether the APA or ARM has sufficient human resources and oversight over its business, the organisational structure referred to in Article 27d(1) of Regulation (EU) No 600/2014 should identify who is responsible for the different activities of that APA or ARM. To identify areas which may affect the independence of the APA or ARM and give rise to a conflict of interest, the organisational structure should not only cover the scope of the data reporting services performed by the APA or ARM, but also cover any other services that the APA or ARM provides. To enable competent authorities to assess whether the policies, procedures and corporate governance structure ensure the independence of the APA or ARM and the avoidance of conflicts of interest, an applicant seeking authorisation as an APA or ARM should also provide information on the composition, functioning and independence of its governing bodies.

The internal control’s environment of APAs and ARMs is an essential part of their organisational structure as referred to in Article 27d(1) of Regulation (EU) No 600/2014. To enable ESMA, or, where relevant, the national competent authority to assess whether APAs and ARMs have put in place all the necessary arrangements to meet their obligations at the time of initial authorisation, applicant APAs and ARMs should submit to their competent authority information on their internal control’s environment, including information regarding their internal control, compliance, risk management and internal audit functions.

To comply with their reporting obligation under Regulation (EU) No 600/2014, ARMs should ensure the smooth flow of information to and from a competent authority. ARMs should therefore be able to demonstrate that they can comply with the technical specifications set out by a competent authority regarding the interface between those ARMs and the competent authority.

To ensure that all members of the management body of a CTP are persons who are of sufficiently good repute and possess sufficient knowledge, skills and experience, an applicant for authorisation as a CTP should be able to demonstrate that it has a robust process for appointing and evaluating the performance of members of the management body, and that clear reporting lines and regular reporting to the management body are in place.

Conflicts of interest can arise between the CTP, on the one hand, and data contributors or data users, on the other hand. Those conflicts may arise in particular where the CTP is engaged in other activities, including acting as a market operator, investment firm, or trade repository. As part of its corporate governance, an applicant for authorisation as a CTP should prove to ESMA that it has established frameworks that are appropriate to identify, prevent, and manage existing and potential conflicts of interest, including by preparing an inventory of conflicts of interest and implementing policies and procedures that are appropriate to manage those conflicts and, where necessary, by separating business functions and personnel to limit the flow of sensitive information between different business areas of the CTP.

On 23 June 2025, ESMA published its final report on Regulatory Technical Standard (RTS) 23, which concerns the provision of reference data under Article 27 of MiFIR.

The revised versions of MiFIR and MiFID II were published in the Official Journal of the EU on 8 March 2024. ESMA was empowered to develop various technical standards to further specify certain requirements. In May 2024, ESMA launched a public consultation that included proposals to amend RTS 23, the technical standard setting out requirements for reference data under Article 27 of MiFIR.

The final report summarizes the feedback received during the consultation. The first section (Section 2) explains the document’s content and the reasons why ESMA decided not to propose any amendments to the current RTS 23 text. The following sections summarize the feedback on specific topics:

• Adaptation of reference data for transparency requirements (Section 3.1);
• New OTC derivative identifier (Section 3.2);
• Reporting deadlines for data (Section 3.3);
• Alignment with EMIR and SFTR reporting requirements and international standards (Section 3.4);
• Changes related to publication under CSDR (Section 3.5);
• Other enhancements to the list of fields to be reported (Section 3.6);
• Reporting format (Section 3.7);
• Reporting of Data Processing Entities (DPEs) (Section 3.8); and
• Scope of reporting (Section 3.9).

Based on feedback from market participants during the review of Level 2 reporting technical standards, including RTS 23, ESMA concluded that the main burden of these reporting obligations stems from the siloed, sector-specific approach embedded in the respective Level 1 frameworks. This approach has resulted in overlaps and misalignments across regimes. While ESMA made every effort during the Level 2 work to ensure the best possible alignment of reporting requirements across all frameworks, the issues related to duplicative obligations and inefficient processes caused by this fragmented rulemaking approach could not be fully resolved.

On 23 June 2025, the ESMA published final report on RTS 22 on transaction data reporting under Art. 26 and RTS 24 on order book data to be maintained under Art. 25 of MiFIR.

The revised text of MIFIR and MiFID II were published in the Official Journal of the EU on 8 March 2024. ESMA has been empowered to develop various technical standards further specifying certain requirements. ESMA launched a Consultation on October 2024, which included proposals for the amendment of Regulatory Technical Standards specifying the requirements on transaction data under Art.26 of MiFIR (RTS 22) and order book data under Art.25 MiFIR (RTS 24).

This final report provides a summary of the feedback to the consultation.

This Final Report does not include proposed changes to the existing RTSs 22 and 24 nor includes a draft RTS for submission to the European Commission. The Final Report includes a summary of the responses received to the Consultation. As further detailed in the document the feedback received was quite negative on some aspects, pointing at limitations of the current regime and as such supporting the need to rethink from a broader perspective the regulatory reporting framework before implementing amendments to the technical standards. It is relevant to note that given the interconnected nature of RTS 23, 22 and 24 the same approach has been applied to the review of RTS 22 and 24 as done for RTS 23.

On 30 June 2025, the EBA published news on harmonised implementation of updated NACE classification across EU reporting frameworks.

The European Banking Authority (EBA), in collaboration with the European Central Bank (ECB), welcomes the advice of the Joint Bank Reporting Committee (JBRC) to implement the revised statistical classification of economic activities, NACE Rev. 2.1, in a harmonised manner across their reporting frameworks. This harmonisation is essential to reduce costs for banks and to enhance the analytical quality of reported data.

Following an in-depth assessment of the implications for European statistical, supervisory, and resolution reporting frameworks, the JBRC concluded that a harmonised implementation of NACE Rev. 2.1 is essential to reduce costs for banks and enhance the analytical quality of reported data. The JBRC, therefore, recommends that institutions begin using the updated classification for all reporting with reference dates from 1 January 2026 onwards.

This coordinated approach reflects the commitment of EU authorities to ensure maximum harmonisation across Member States and minimise the reporting costs on institutions. In light of the JBRC advice, the Q&A 2024_7158 will be archived as no longer applicable.

The JBRC advice has also been consulted on and shared with the Reporting Contact Group (RCG).

BACKGROUND

On 19 June 2025, the European Securities and Markets Authority (ESMA) published its final report on the Active Account Requirement (AAR) under EMIR 3. The AAR is a key measure introduced under the EMIR 3 framework, which aims to enhance the resilience of the EU clearing landscape by reducing exposure to third-country central counterparties (CCPs), specifically Tier 2 CCPs. This requirement mandates EU market participants to maintain an active account at an EU-based CCP for certain derivatives, thus ensuring better control and stability within the European financial system.

The report follows ESMA’s public consultation process, in which feedback from a wide range of stakeholders, including CCPs, clearing members, and other market participants, was considered. Based on this feedback, ESMA has streamlined the operational conditions, adjusted the stress-testing requirements, and simplified the reporting obligations related to risks, activities, and the representativeness obligation. These changes aim to make compliance less burdensome while ensuring robust risk mitigation for the financial system.

WHAT'S NEW?

1. Active Account Requirement (AAR):

The AAR requires certain counterparties (both financial and non-financial) to maintain at least one active account at a EU CCP and clear a representative number of transactions. This is designed to address the risks posed by exposures to Tier 2 CCPs, especially in derivatives markets.

The AAR applies to counterparties with over €3 billion in notional value of OTC interest rate derivatives. This includes Euro-denominated contracts as well as Polish Zloty derivatives and short-term interest rate derivatives (STIRs) in euros.

2. Operational Conditions for AAR Compliance:

• ESMA specifies the operational conditions for entities subject to the AAR, outlining requirements for the management of active accounts, the clearing of representative transactions, and stress-testing. These conditions are intended to ensure that participants have sufficient engagement with EU CCPs to help mitigate financial stability risks.
• Stress-Testing Requirements: The final report includes provisions for stress-testing, which will ensure the robustness of the system and the ability of market participants to handle extreme market conditions while fulfilling the AAR.

3. Representativeness Obligation:

Under Article 7a(3)(d) of EMIR, counterparties are required to clear a representative sample of transactions across various derivatives classes. This ensures that the clearing activity is reflective of the counterparties’ overall market exposure. The report clarifies how this obligation will be assessed, taking into account the size of transactions, maturity ranges, and derivative sub-categories.

4. Simplification of Reporting Requirements:

In response to stakeholder feedback, ESMA has streamlined the reporting obligations under Article 7b of EMIR. The reporting requirements now focus on clearer and more manageable disclosures of the market participants' activities and their compliance with the AAR. This includes providing detailed information on transaction types, counterparty sectors, and clearance volumes.

5. Consultation Feedback and Adjustments:

Based on responses from the public consultation held from 20 November 2024 to 27 January 2025, ESMA has made adjustments to the operational conditions and stress-testing requirements. The simplification of the representativeness obligation and the operational conditions aims to reduce the compliance burden on market participants while maintaining robust oversight of risk exposure.

WHAT'S NEXT?

Finalization of RTS:

The final report outlines the Regulatory Technical Standards (RTS) for the AAR, which will now be submitted to the European Commission for approval. The Commission has three months to decide whether to adopt the RTS as a delegated regulation. If adopted, these RTS will be subject to the Parliament and Council’s scrutiny through a no-objection procedure.

Enforcement and Compliance Timeline:

Once adopted, the RTS will enter into force and will be directly applicable in all EU Member States. Market participants will then have six months to ensure they comply with the AAR and establish the necessary active accounts for derivatives clearing.

Ongoing Monitoring and Future Adjustments:

As the EU moves toward full implementation of the AAR, ongoing monitoring and supervisory guidance will be provided to ensure compliance with the evolving requirements. Institutions will need to adapt to new regulatory demands, especially as they relate to risk mitigation and the representation of their market activity in the derivatives market.

On 26 June 2025, the ESMA published final report on technical advice on the scope of CSDR settlement discipline.

One of the changes brought by CSDR Refit refers to the need for further specification of the scope of the settlement discipline rules to make them more operational and better tailored to the diversity of market operations and transactions that can potentially be subject to the regime.

In line with the revised settlement discipline framework set out in CSDR Refit, ESMA provides technical advice to the European Commission (EC) on the scope of settlement discipline, identifying:  

• the causes of settlement fails that are considered as not attributable to the participants in the transaction, and 
• the circumstances in which operations are not considered as trading.  

According to the technical advice, a broad range of scenarios would not trigger CSDR cash penalties. These include:  

• technical failures at the CSD level, such as system outages, cyberattacks, or network disruptions;  
• full-day trading suspensions of an ISIN on its most liquid market;  
• technical creation and redemption of fund units or shares on the primary market, including those related to Exchange-Traded Funds (ETFs).

On 12 June 2025, the ESMA published  Principles on third-party risks supervision.

The Principles provide guidance to supervisory authorities to identify, assess and supervise the third-party risks of EU entities operating in securities markets, in compliance with the relevant legal framework while applying the principle of proportionality.

The Principles are non-binding. They intend to fit into supervisory authorities’ risk-based, data driven and outcome-focused supervisory approaches. Supervisory authorities should apply the Principles in a proportionate manner, having regard for the size and overall risk profile of the entities, having consideration to the nature, scale and complexity of their services, activities, products and operations and potential effects on investor protection, financial stability, and orderly markets.

The Principles apply to all types of third-party arrangements, whether the third-party belongs to the same group or not, is located in the EU or in a third-country, and independently from the underlying technology that might be used to provide the service. In addition, specific risks or situations are addressed under section 2.4 (third-party located in a third country, intragroup arrangement , supply chain , use of third party for internal controls, access and audit rights).

On the 10 June 2025, the NBB published guidance from the European Financial Supervisory Authorities on the European Markets in Crypto-assets Regulation (MiCAR) .

MiCAR (Regulation (EU) 2023/1114) establishes a harmonised framework for crypto-asset activities across the EU, entering into force on 30 December 2024. It distinguishes three categories of crypto-assets, e-money tokens, asset-referenced tokens and other tokens, and regulates public offerings, issuance, trading applications and specified service activities, such as custody, placement and portfolio management. Stricter prudential requirements and transparency obligations, including the publication of a white paper, apply to EMT and ART issuers given their potential impact on financial stability.

The European Banking Authority (EBA), the European Securities and Markets Authority (ESMA) and the European Insurance and Occupational Pensions Authority (EIOPA) have issued joint guidance to ensure consistent classification of crypto-assets under MiCAR, including standard tests and templates for white papers and legal opinions. ESMA has further clarified the criteria for determining when a crypto-asset qualifies as a financial instrument and issued detailed protocols on system maintenance, security access and cryptographic-key management for offerors and trading applicants of non-EMT/ART tokens.

For ART and EMT issuers, the EBA guidelines set common benchmarks for liquidity stress-testing scenarios, define recovery plan and redemption plan formats, and specify periodic review and triggering events. Separate EBA guidance details mandatory reporting to competent authorities and the EBA covering holders, market capitalization, asset-reserve composition, transaction volumes and governance, and mandates governance arrangements for ART issuers to address operational, cyber, compliance, money laundering and terrorist financing risks. Joint EBA/ESMA guidelines prescribe suitability assessments for management body members of ART issuers and crypto-asset service providers (CASPs), as well as for shareholders with qualifying holdings.

ESMA’s guidance on CASPs addresses the reverse solicitation exception and defines MiCAR’s investor protection requirements. The National Bank of Belgium expects credit institutions, payment institutions and brokerage firms to notify it at least 40 working days before commencing crypto-asset services, supplementing the notification under Article 60 of MiCAR and allowing prudential supervisors sufficient lead time.

On the 25 June 2025, the Chambre des représentants de Belgique published draft law amending various provisions for the implementation of certain provisions, instant transfers in euro, certain aspects of the minimum capital requirement and eligible debts.

The present bill aims to ensure the transposition of Directive 2024/1174 of April 11, 2024, regarding certain aspects of the minimum requirement for own funds and eligible liabilities (MREL). Liquidation entities, whose resolution plan stipulates that they are subject to a liquidation procedure rather than resolution, are excluded from the MREL requirement. At the same time, resolution authorities may continue to impose an MREL on these entities in certain cases. 

Furthermore, the bill aims to ensure the partial implementation of Regulation 2024/886 of March 13, 2024, regarding instant payments in euros. This regulation aims to allow payment institutions and electronic money institutions to participate in designated payment systems where payment transactions are settled definitively. This should enable the relevant institutions to provide instant payments in euros efficiently and competitively.

On 12 June 2025, CNV published the CVM Resolution 175/22 providing detailed guidance and clarifications on the financial and accounting regulations for investment funds.

Key highlights include:

Financial Statement Presentation: The resolution discusses the closure of the fiscal year every twelve months for investment funds, requiring the presentation of financial statements for all categories of quotes within the same period. The current model can be maintained, such as the one from ICVM 577, until new regulations are introduced.

Sub-Category Structures: It outlines the treatment of sub-categories within funds as internal arrangements for quota holders, which don't necessitate asset segregation or separate audits due to the integrated nature of the categories.

Event-specific Document Submission: Article 121 of RCVM 175 requires documentation submission to the CVM via an online system for corporate events, although such features are still anticipated for release.

Accounting Framework: The document refers to adaptations in accounting principles due to structural changes and the potential for funds with different quota categories to establish separate assets responsible for associated obligations.

Compliance with IFRS Norms: It emphasizes the direction toward uniform accounting standards aligned with IFRS, highlighting that financial assets should be recorded and evaluated uniformly, regardless of their placement within different fund types.

Audit Exemptions in Structural Changes: When transitioning from master-feeder structures to class/sub-class frameworks, the document notes no audit requirements, reflecting adaptation to the new regulatory standards.

These insights are crucial for fund managers aiming to comply with evolving regulations while maintaining accurate financial documentation.

BACKGROUND

On 11 June 2025, the Central Bank of Brazil (BCB) published Resolution No. 483, amending BCB Resolution No. 146, of September 28, 2021, BCB Resolution No. 168, of December 1, 2021, and BCB Resolution No. 352, of November 23, 2023. This update addresses the prudential subconglomerate and the accounting concepts applicable to financial instruments. The amendments aim to clarify and enhance the prudential requirements for Brazilian financial institutions, particularly those regarding the consolidation of financial data and management of financial instruments.

WHAT'S NEW?

1. Amendments to Resolution No. 146/2021:

Financial institutions that choose to determine the leverage ratio on a subconsolidated basis will now be required to submit two new reports to the BCB:

• An Analytical Balance Sheet – Prudential Subconglomerate, submitted monthly.
• A Balance Sheet – Prudential Subconglomerate, submitted semiannually, on June 30 and December 31. This introduces a more frequent and detailed reporting structure to enhance transparency and oversight.

2. Amendments to Resolution No. 168/2021:

• The definition of prudential subconglomerate has been clarified, outlining that it includes the leading institution of the conglomerate and other domestic entities that face no impediments to transferring resources within the subconglomerate.
• Additionally, institutions must follow specified accounting consolidation criteria when preparing consolidated accounting information for the prudential subconglomerate, aligning with broader regulatory requirements for consistency and clarity.

3. Amendments to Resolution No. 352/2023:

The amendment gives financial institutions the authority to cancel, block, or suspend contracts or disbursements of funds, ensuring that these actions can be performed effectively in the normal management of financial instruments, thus enhancing control over financial transactions.

WHAT'S NEXT?

The changes outlined in BCB Resolution No. 483 are set to come into effect on July 1, 2025, for amendments related to Resolution No. 352/2023, and on July 1, 2026, for the other provisions. Financial institutions in Brazil need to prepare for these updates by revising their internal processes and systems, particularly those involved in financial reporting and the management of financial instruments. Institutions will need to implement the new reporting requirements and adapt their accounting practices for prudential subconglomerates in line with these amendments. Additionally, the BCB may provide further guidance or clarification ahead of the effective dates to assist in the transition.

BACKGROUND

On 5 June 2025, the Comissão de Valores Mobiliários (CVM) published guidance from its technical areas on reservations and abstentions of opinion in audit reports for investment funds. This document aims to clarify the responsibilities of administrators, managers, and auditors of investment funds in cases where there are reservations or abstentions in the auditor's opinion on financial statements. It highlights the key obligations that administrators and managers must fulfill in maintaining accurate financial records and ensuring the audit process is conducted transparently and efficiently.

WHAT'S NEW?

1. Responsibilities of Fund Administrators:

According to CVM Resolution No. 175, fund administrators are responsible for maintaining updated and accurate accounting records of the fund’s operations and assets. They must also ensure that the financial statements are audited and submit all necessary documentation to the independent auditor, including details about any unaudited investee entities.

2. Responsibilities of Fund Managers:

Fund managers must ensure the timely update and accuracy of the documentation regarding the fund’s operations. Additionally, managers are required to forward relevant documentation to the fund administrator as needed for audits and proper record-keeping.

3. Independent Auditor’s Role:

The CVM's guidance clarifies that fund administrators must hire an independent auditor to review the entire set of financial statements of the fund. The auditor must also be informed about all investments, especially when there are significant unaudited investee entities or investments in securitization assets.

4. Abstention of Opinion:

The guidance emphasizes that the auditor must not accept a limitation on their scope of work that could result in an abstention of opinion, unless required by law. It clarifies that it is the responsibility of the administrator and manager to provide the necessary information for a comprehensive audit. The auditor is required to document all work related to any modifications in their opinion.

5. Impact of Modified Opinions:

The guidance stresses that financial statements accompanied by modified audit opinions, particularly those with reservations or scope limitations, may fail to provide adequate and transparent information to investors. This may signal a lack of diligence from administrators or managers, leading to potential sanctions under CVM Resolution No. 175.

WHAT'S NEXT?

The technical areas emphasize the need for administrators, managers, and auditors to comply with the applicable rules. If the rules are not followed:

• Administrators, managers, and auditors who fail to meet their responsibilities may be subject to the applicable sanctions, as stipulated in the relevant regulations.
• Investment funds with audit reports that include reservations or abstentions may fail to provide adequate and transparent information to investors, potentially violating the obligations set forth in CVM Resolution No. 175.

On 19 June 2025, the AMF has concluded a thematic inspection campaign (SPOT) focused on the systems in place within five asset management companies to verify and assess the financial knowledge and competencies of their staff. The inspections covered firms managing between €500 million and €150 billion in assets and aimed to strengthen investor protection by ensuring financial professionals are adequately trained.

The AMF found that while most firms had clear procedures for verifying knowledge through the AMF exam, internal verifications often lacked the required rigor. In particular, internal success rates were lower than those required by the official AMF exam, and procedures governing internal exams were sometimes insufficiently formalized.

The inspections also revealed confusion between the legal obligations of knowledge verification (ensuring key staff possess a minimum understanding of relevant regulations) and skills evaluation (assessing whether client-facing staff have the necessary qualifications and experience). Both are distinct requirements, and procedures must reflect this.

In the area of anti-money laundering and counter-terrorism financing (AML/CFT), the AMF noted persistent shortcomings. Many firms relied solely on e-learning modules, without tailoring content to their specific risk profiles or ensuring real understanding. Fundamental AML/CFT topics such as asset freezes and politically exposed persons were sometimes poorly covered, and practical case studies were limited. However, good practices were identified, such as linking AML/CFT training completion to annual performance reviews and implementing reminders for overdue training.

Training on sustainable finance was generally more robust. Firms had structured training plans, clearly defined learning modules, and designated sustainability experts. In some cases, passing the AMF exam on sustainable finance is now mandatory for relevant staff.

Finally, the AMF observed that when firms delegate training or knowledge checks to their parent groups, they often fail to receive or analyze the resulting data, weakening oversight.

To address inconsistencies and raise standards, the AMF has updated its Position DOC-2009-29. The revised doctrine, which takes effect on 1 January 2026, aligns internal knowledge checks more closely with the formal AMF exam process and clarifies implementation requirements.

Version française

Le 19 juin 2025, l'AMF a conclu une campagne d'inspection thématique (SPOT) axée sur les systèmes en place au sein de cinq sociétés de gestion d'actifs pour vérifier et évaluer les connaissances financières et les compétences de leur personnel. Les inspections ont couvert des entreprises gérant entre 500 millions et 150 milliards d'euros d'actifs et visaient à renforcer la protection des investisseurs en s'assurant que les professionnels de la finance soient suffisamment formés.

L'AMF a constaté que, bien que la plupart des entreprises aient des procédures claires pour vérifier les connaissances via l'examen de l'AMF, les vérifications internes manquaient souvent de rigueur. En particulier, les taux de réussite internes étaient inférieurs à ceux exigés par l'examen officiel de l'AMF, et les procédures régissant les examens internes étaient parfois insuffisamment formalisées.

Les inspections ont également révélé une confusion entre les obligations légales de vérification des connaissances (s'assurer que le personnel clé possède une compréhension minimale des règlements pertinents) et l'évaluation des compétences (évaluer si le personnel en contact avec les clients possède les qualifications et l'expérience nécessaires). Ces deux exigences sont distinctes et les procédures doivent en tenir compte.

Dans le domaine de la lutte contre le blanchiment d'argent et le financement du terrorisme (AML/CFT), l'AMF a noté des lacunes persistantes. De nombreuses entreprises se contentaient de modules d'apprentissage en ligne, sans adapter le contenu à leurs profils de risques spécifiques ni s'assurer de la véritable compréhension. Les sujets fondamentaux d'AML/CFT, tels que les gels d'avoirs et les personnes politiquement exposées, étaient parfois mal couverts, et les études de cas pratiques étaient limitées. Cependant, des bonnes pratiques ont été identifiées, telles que lier la complétion de la formation AML/CFT aux évaluations de performance annuelles et mettre en place des rappels pour les formations en retard.

La formation sur la finance durable était généralement plus robuste. Les entreprises disposaient de plans de formation structurés, de modules d'apprentissage clairement définis et d'experts désignés en durabilité. Dans certains cas, la réussite de l'examen AMF sur la finance durable est désormais obligatoire pour le personnel concerné.

Enfin, l'AMF a observé que lorsque les entreprises délèguent la formation ou la vérification des connaissances à leurs groupes parents, elles échouent souvent à recevoir ou analyser les données résultantes, ce qui affaiblit la surveillance.

Pour résoudre ces incohérences et élever les normes, l'AMF a mis à jour sa Position DOC-2009-29. La doctrine révisée, qui entre en vigueur le 1er janvier 2026, aligne davantage les vérifications internes des connaissances avec le processus formel de l'examen AMF et clarifie les exigences de mise en œuvre.

On 19 June 2025, AMF published the summary of SPOT inspections employee qualification and Knowledge Level.

Key points include:

• Training and Information: SGPs are required to provide regular information and training to staff, particularly concerning regulations, anti-money laundering (AML), combating the financing of terrorism (CFT), and related preventative measures.
• Organizational Structure: Companies must enforce clear decision-making procedures and organizational structures. These should document hierarchies, role distribution, and responsibilities.
• Internal Procedures: Some SGPs have internalized procedures around training and examination. They rely on existing procedural frameworks and operational processes to integrate new employees, deliver training, and conduct internal controls.
• Evaluation Campaigns: These efforts align with AMF's guidelines to define policies for SGPs that choose internal verification. The audits review the extent to which employees meet the required knowledge and competencies, particularly for advisory roles.
• Documentation and Compliance: The document highlights missing formal recognition for some compliance procedures, such as the "grandfather clause," which affects internal mobility for employees who held key positions before July 2010.
• Regulatory Alignment: The guidelines comply with ESMA's and AMF's recommendations to ensure personnel providing financial advice meet higher standards of knowledge compared to those providing basic information.
• Lack of Training Initiatives: Some platforms used by SGPs have limited offerings focused mainly on regulations. There is a noted lack of operational depth in trainings, with no collaborative evolution within HR departments to expand training catalogs.
• Supervision: When necessary, SGPs enforce supervision through structured assessments that involve detailed questionnaires, supervision schedules, and specific requirements from managers.

This synthesis provides a thorough examination of the current landscape and recommendations for improving compliance mechanisms in line with international and national financial regulations.

Version française

Le 19 juin 2025, l'AMF a publié le résumé des inspections SPOT sur la qualification des employés et le niveau de connaissances.

Les points clés incluent :

• Formation et Information : Les SGP (Sociétés de gestion de portefeuille) sont tenues de fournir des informations et une formation régulières à leur personnel, en particulier concernant les réglementations, la lutte contre le blanchiment d'argent (AML), la lutte contre le financement du terrorisme (CFT), et les mesures préventives associées.
• Structure Organisationnelle : Les entreprises doivent mettre en place des procédures de prise de décision claires et des structures organisationnelles. Celles-ci doivent documenter les hiérarchies, la distribution des rôles et des responsabilités.
• Procédures Internes : Certaines SGP ont internalisé des procédures concernant la formation et les examens. Elles s'appuient sur des cadres procéduraux existants et des processus opérationnels pour intégrer les nouveaux employés, dispenser la formation et effectuer les contrôles internes.
• Campagnes d'Évaluation : Ces efforts sont en ligne avec les directives de l'AMF pour définir des politiques pour les SGP qui choisissent la vérification interne. Les audits examinent dans quelle mesure les employés satisfont aux connaissances et compétences requises, notamment pour les rôles de conseil.
• Documentation et Conformité : Le document met en évidence le manque de reconnaissance formelle pour certaines procédures de conformité, telles que la "clause de grandfather", qui affecte la mobilité interne des employés occupant des postes clés avant juillet 2010.
• Alignement Réglementaire : Les lignes directrices respectent les recommandations de l'ESMA et de l'AMF pour garantir que le personnel fournissant des conseils financiers respecte des normes de connaissances plus élevées que celui fournissant des informations de base.
• Manque d'Initiatives de Formation : Certaines plateformes utilisées par les SGP proposent des formations limitées, principalement axées sur la réglementation. Il y a un manque de profondeur opérationnelle dans les formations, sans évolution collaborative au sein des départements RH pour élargir les catalogues de formation.
• Supervision : Lorsque cela est nécessaire, les SGP appliquent la supervision à travers des évaluations structurées impliquant des questionnaires détaillés, des plannings de supervision et des exigences spécifiques des gestionnaires.

Cette synthèse fournit un examen approfondi du paysage actuel et des recommandations pour améliorer les mécanismes de conformité conformément aux réglementations financières internationales et nationales.

On 6 June 2025, the BaFin published a draft general Decree on withdrawal of AMLA exemptions.

Obliged entities within the meaning of Section 2 (1) Nos. 1 to 9 GwG could be exempted from the provisions of the GwG in accordance with Section 1 (1) GwG in the versions in force until 20.08.2008. The Federal Banking Supervisory Office, as a predecessor authority of the Federal Financial Supervisory Authority as well as the Federal Financial Supervisory Office, made use of this option and issued indefinite exemption notices, which were also issued with the reservation of revocation.

The new Regulation (EU) 2024/1624 of the European Parliament and of the Council of 31.05.2024 on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing (hereinafter: EU Money Laundering Regulation) was published on 19.06.2024 and entered into force on 09.07.2024.

The public interest in the general application of the provisions of the EU Anti-Money Laundering Regulation and the AMLA can only be ensured by withdrawing all the exemptions granted. The great importance of the fight against money laundering and terrorist financing is underlined by the fact that the European prevention regulations are being tightened up again and regulated uniformly throughout Europe for the first time by a directly applicable EU regulation. On the other hand, the individual interest in the protection of the status quo must take precedence over exemptions granted under the old legal situation. The persons concerned cannot rely on a legal situation that will always remain unchanged, as the reservations of revocation issued in the exemption notices have already made clear.

The exemptions can therefore no longer be valid from 10.07.2027 and must be withdrawn.

The announcement of the withdrawal at the earliest possible date serves the interest of those currently exempted in a sufficient preparation period with a view to uniform EU regulation from 10.07.2027 and uniform European supervision from 2028 in order to adapt to the new legal situation with all its follow-up obligations as well as risk-based supervision.

On 23 June 2025, the BMI published Draft Act on the Implementation of the NIS 2 Directive and on the Regulation of Key Principles of Information Security Management in the Federal Administration.

Expanded Scope: The bill extends cybersecurity obligations to approximately 29,500 entities in Germany, including sectors like energy, transport, healthcare, digital services, and public administration.

The bill proposes broadening the scope to cover a larger number of entities, integrating minimum security standards into the BSI Act, and introducing a three-level incident reporting system. It also seeks to enhance the supervisory powers of the Federal Office for Information Security (BSI) and establish a federal Chief Information Security Officer (CISO) to oversee information security coordination. Additionally, the bill focuses on aligning cybersecurity requirements for federal administrative bodies with both national and EU regulations.

The current government aims to expedite the legislative process, with potential enactment in late 2025.

On 24 June 2025, the BMJ publishes draft law on the implementation of the Consumer Credit Directive.

Key points

Broadened Scope:

• Includes interest-free loans, small loans under €200, short-term loans (repayable within 3 months), and Buy Now, Pay Later (BNPL) schemes.
• Aims to apply consistent consumer protections across various credit types.

Exemptions Proposed:

• Micro, small, and medium enterprises can offer interest-free payment deferrals up to 50 days with limited late fees and no third-party involvement.
• Large enterprises can offer interest-free deferrals up to 14 days under similar conditions.

Simplified Contract Process:

• Credit agreements can be concluded electronically or in writing without requiring a handwritten signature, facilitating digital transactions.

Stronger Consumer Rights:

• Consumers have a 14-day withdrawal (cooling-off) period for credit agreements.
• Removes previous rule where silence was considered acceptance of credit offers.

Consultation is open until July 23, 2025.

Expected entry into force on November 20, 2026. To the extent that there is room for manoeuvre in implementation, the BMJV has generally used it to regulate regulation with as little bureaucracy as possible, for example with regard to the scope of pre-contractual information obligations. The scope of the Directive has also been used in the form of conclusion of contracts, so that in future general consumer loans can be concluded in text form instead of in writing. In principle, the draft law does not provide for any national tightening or expansion beyond the mandatory European requirements (no so-called gold plating).

On 11 June 2025, the GFSC published its 2024 Annual Report.

In the report, the Commission discusses: its preparations for, and the positive outcome of, the Bailiwick’s MONEYVAL inspection and what this means for supervision; its continued development of digital technology to enhance performance and streamline processes for industry, including its new Applications and Authorisations Portal; policy developments with a focus of ease of use and simplification; and becoming a signatory to the International Organization of Securities Commissions (IOSCO) Enhanced Multilateral Memorandum of Understanding (EMMoU).

A key focus for the Commission in 2024 was the Bailiwick’s MONEYVAL evaluation, with the onsite inspection taking place in April 2024. The Commission worked closely with other authorities and industry in the lead up to, during and after the onsite inspection, resulting in a positive result for the Bailiwick. This included co-hosting with the States of Guernsey, well-attended presentations on the Bailiwick’s second money laundering and terrorist financing national risk assessment and its first proliferation financing assessment, and the legal persons and legal arrangements national risk assessment held in January 2024 and April 2024 respectively.

The Commission’s focus on enhancing performance and streamlining processes through digital technology continued throughout 2024, with the alpha release of the Commission’s innovative Applications and Authorisations Portal (A&A Portal) in November 2024, following a year of extensive development, and establishment of a Technology Supervision Unit and Technology Innovation Unit. The alpha release of the A&A Portal saw a number of representatives from industry and the legal sector test and provide feedback on the system ahead of the successful Beta release in April 2025. The A&A Portal has been designed to streamline the applications process, enabling online collaboration and communication between parties drafting an application prior to submission, and with the Commission post submission, making it easier to do business in the Bailiwick.

On 25 June 2025, the GFSC published feedback paper following consultation on Equity Release.

Nineteen respondents submitted feedback to the consultation. Although GFSC received comments from a wide range of Guernsey and UK respondents, including banks, equity release providers, law firms and industry groups, the majority of responses were from local and UK based financial advice firms and local credit providers. Overall, feedback supported the proposed regime, with respondents agreeing that specific consumer protections are fundamental for the regulation of a Guernsey equity release market. Stakeholders were also generally pleased that requirements are consistent with those set out within the UK.

Respondents raised a number of queries regarding specific aspects of the regime, which the GFSC have addressed within this Feedback Paper. Some of the main topics and issues that emerged during this consultation were:

• Adviser qualifications;
• Advisers’ knowledge and understanding of the Bailiwick market;
• Independent legal advice;
• Customer circumstances and vulnerability;
• Informing family members Customary Law.

On 3 June 2025, the CONSOB published notice on compliance with ESMA Guidelines on the conditions and criteria for the qualification of crypto-assets as financial instruments.

On 19 March 2025, ESMA published on its website the translations into all EU languages of the "Guidelines on the conditions and criteria for the qualification of crypto/assets as financial instruments", (hereinafter, also, the "Guidelines"), adopted by the European Authority, pursuant to Article 16 of Regulation No. 1095/2010/EU.

The Guidelines are issued with the aim of specifying the conditions and criteria for determining whether a crypto-asset should be classified as a financial instrument and, therefore, ensuring the common, uniform and consistent application of the provisions of Article 2(4)(a) of the MiCAR. In addition, the Guidelines clarify some characteristics of utility tokens, NFTs and hybrid tokens.

The Guidelines also contain examples for illustrative purposes which, while they aim to provide clarity and support in the assessment by national competent authorities and market participants, should not replace a comprehensive assessment of whether a crypto-asset should be classified as a financial instrument and therefore should not be interpreted as a definitive classification or replace the necessary case-by-case analysis.

The Guidelines shall apply to competent authorities and financial market participants, including issuers as defined in Article 3(1)(10), offerors as defined in Article 3(1)(13) of MiCA,CASPs as defined in Article 3(1)(15) of MiCA, investors and all persons who carry out activities related to crypto-assets.

The Guidelines apply in relation to Article 2(5) of the MiCA Regulation.

In compliance with paragraph 3 of the aforementioned Article 16 of Regulation (EU) of the European Parliament and of the Council no. 1095/2010, Consob has informed ESMA that it complies with the Guidelines in question, as they are integrated into its supervisory practices.

On 12 June 2025, the CONSOB published Resolution no. 23574 amending the Issuers’ Regulation (Resolution no. 11971/1999) implementing Legislative Decree no. 58/1998.

Article 1

(Amendments to the regulation implementing Legislative Decree no. 58 of 24 February 1998 concerning the regulation of issuers, adopted by resolution no. 11971 of 14 May 1999 and subsequent amendments)

1. In Part II, Title I, Chapter II of the Issuers' Regulation, the following article is added after Article 8:

"Article 8-bis

(Definition of the procedure for approving the prospectus by personnel with managerial qualifications)

1. The final act of the procedure for the approval of the prospectus, in whatever form presented, of its constituent parts subject to approval and of the supplements, relating to securities other than equity securities, shall be adopted by the Head of the Consob Division responsible for the subject matter who, for this purpose, may also delegate the Deputy Head of the Division on a general basis.

2. For the purposes of this article, securities other than equity securities shall mean securities other than those indicated in art. 2(1)(b) of the Prospectus Regulation, as well as any type of transferable security conferring the right to acquire shares or other transferable securities equivalent to shares by conversion or exercise of the rights conferred by them, even if those transferable securities are not issued by the issuer of the underlying shares or by an entity belonging to the group of that issuer. Non-equity securities do not include units or shares of UCITS.

3. The final act of the procedure for approving the prospectus shall remain vested in the Commission if:

a) there are elements of uncertainty about the business continuity of the issuer, as resulting from the financial statement information, the reports of the issuer's control bodies or the report of the independent auditors;

b) the issue of securities covered by the prospectus is part of a corporate recovery or restructuring operation of the issuer pursuant to Legislative Decree no. 14 of 12 January 2019 or sector regulations or the same is subject to insolvency proceedings;

c) the issuer has submitted a formal request for omission from the prospectus of certain information that must be included pursuant to the provisions of art. 18 of the prospectus regulation;

d) the approval is requested by an issuer of a third country that intends to offer securities to the public, or request admission to trading in securities, using a prospectus drawn up in accordance with its national law, pursuant to art. 29 of the prospectus regulation;

e) the prospectus concerns securities of a novelty and complexity nature, as well as securities with value and/or underlying referable to crypto-assets or derivatives on crypto-assets or complex derivatives with an innovative structure.

4. If the competent Offices detect the existence of one of the cases provided for in the previous paragraph, they shall report on it in the notice of initiation of the procedure.

5. In the cases provided for in the first paragraph of this article, the Head of the Division or the Deputy Head delegated by him, shall also adopt the certificate of approval referred to in Article 25 of the prospectus regulations.

6. The Head of the Consob Division responsible for the subject matter shall periodically inform the Commission, through the Director General, of the acts adopted pursuant to the first and fifth paragraphs".

Art. 2

(Transitional and final provisions)

1. This Resolution enters into force on 18 July 2025.

2. The provisions of Article 1 shall apply to applications for approval of prospectuses submitted after the date of entry into force of this resolution.

3. Pending the designation of the Deputy Manager, the Head of the Division may delegate, also in general, another manager assigned to the Staff of the same Division to adopt the acts referred to in Article 1, paragraphs 1 and 5.

BACKGROUND

On 27 June 2025, the Commission de Surveillance du Secteur Financier (CSSF) published Circular CSSF 25/894, which reforms and replaces Circular CSSF 15/612. The reform is crucial for enhancing the CSSF’s supervisory capabilities over Investment Fund Managers (IFMs) in Luxembourg, ensuring transparent oversight of all funds managed by Luxembourg-based IFMs, especially those not authorised by CSSF. The revised circular applies to both European UCITS and European AIFs managed by IFMs, and it comes into effect on 27 June 2025.

This new circular broadens the scope of application compared to the previous version and introduces updated reporting requirements, aiming to improve the CSSF's ability to maintain comprehensive, real-time knowledge of all funds under management. The reform ensures alignment with EU regulations, especially regarding funds managed by Luxembourg IFMs, and establishes new procedures for submitting detailed information about these funds.

WHAT'S NEW?

1. Expanded Scope of Application:

The new circular extends to all non-authorised funds managed by Luxembourg IFMs. IFMs must notify the CSSF about the management of European UCITS and European AIFs via the eDesk procedure, making it clear that these notifications need to be submitted before those related to the European management passport under the freedom to provide services or the freedom of establishment. This ensures a more comprehensive oversight of Luxembourg’s fund management activities.

2. Updated Information Requirements:

The circular requires IFMs to submit additional information on fund service providers for each notified fund. This includes:

• UCI administrators
• Portfolio management delegates and sub-delegates

These expanded details ensure that the CSSF has a clearer understanding of the fund’s structure and its key service providers, further improving regulatory transparency.

3. Timely and Accurate Reporting:

IFMs are reminded of their responsibility to report timely and accurate information regarding non-authorised funds. The revised circular emphasizes the use of the eDesk platform for submitting these notifications. IFMs must notify the CSSF before beginning to manage a European UCITS or an additional AIF, and within 10 working days of starting management for registered AIFMs.

4. Revised Submission Process for Fund Management Roles:

The circular clarifies when IFMs assume responsibility for managing a fund, specifying that the role is officially assumed on the signature date, effective date of the management agreement, or when the fund is established. This helps to ensure that the reporting requirements are clear and consistent.

5. Replacement of Circular CSSF 15/612:

Circular CSSF 25/894 formally replaces Circular CSSF 15/612, which was previously in place for reporting rules related to non-authorised funds. This update streamlines the reporting process, provides clearer guidelines, and allows for more efficient communication between IFMs and the CSSF.

WHAT'S NEXT?

The updated Circular CSSF 25/894 will come into effect on 27 June 2025, and will replace Circular CSSF 15/612. The reform introduces new reporting procedures, requiring Luxembourg IFMs to notify the CSSF regarding the management of non-authorised funds, including both European UCITS and European AIFs.

This circular aims to enhance regulatory transparency and oversight, ensuring that the CSSF has a comprehensive, up-to-date view of funds under Luxembourg’s management. By broadening the scope and requiring additional information about fund service providers, the circular strengthens Luxembourg’s position in EU fund regulation.

For IFMs, it is essential to comply with the updated notification procedures and ensure that all required information is submitted via the eDesk platform in a timely and accurate manner. This will help IFMs remain compliant with regulations while allowing the CSSF to continue its effective supervision of Luxembourg-based investment funds.

Version française

BACKGROUND

Le 27 juin 2025, la Commission de Surveillance du Secteur Financier (CSSF) a publié la Circulaire CSSF 25/894, qui réforme et remplace la Circulaire CSSF 15/612. Cette réforme est essentielle pour améliorer les capacités de supervision de la CSSF sur les gestionnaires de fonds d'investissement (IFMs) au Luxembourg, garantissant une surveillance transparente de tous les fonds gérés par des IFMs basés au Luxembourg, en particulier ceux non autorisés par la CSSF. La circulaire révisée s'applique à la fois aux UCITS européens et aux AIFs européens gérés par les IFMs, et elle entre en vigueur le 27 juin 2025.

Cette nouvelle circulaire élargit le champ d'application par rapport à la version précédente et introduit des exigences de reporting mises à jour, visant à améliorer la capacité de la CSSF à maintenir une connaissance complète et en temps réel de tous les fonds sous gestion. La réforme garantit l'alignement avec les réglementations européennes, en particulier en ce qui concerne les fonds gérés par les IFMs luxembourgeois, et établit de nouvelles procédures pour soumettre des informations détaillées sur ces fonds.

WHAT'S NEW?

1. Champ d'application élargi :

La nouvelle circulaire s'applique à tous les fonds non autorisés gérés par les IFMs luxembourgeois. Les IFMs doivent notifier à la CSSF la gestion des UCITS européens et des AIFs européens via la procédure eDesk, en précisant que ces notifications doivent être soumises avant celles liées au passeport de gestion européen dans le cadre de la liberté de fournir des services ou de la liberté d'établissement. Cela garantit une surveillance plus complète des activités de gestion de fonds au Luxembourg.

2. Exigences de transmission d'informations mises à jour :

La circulaire oblige les IFMs à soumettre des informations supplémentaires sur les prestataires de services de fonds pour chaque fonds notifié. Cela inclut :

• Administrateurs de l'UCI
• Délégués de gestion de portefeuille et sous-délégués

Ces détails supplémentaires permettent à la CSSF de mieux comprendre la structure du fonds et ses principaux prestataires de services, améliorant ainsi la transparence réglementaire.

3. Transmission d'informations précise et en temps utile :

Les IFMs sont rappelés de leur responsabilité de transmettre des informations exactes et en temps utile concernant les fonds non autorisés. La circulaire révisée met l'accent sur l'utilisation de la plateforme eDesk pour soumettre ces notifications. Les IFMs doivent notifier la CSSF avant de commencer à gérer un UCITS européen ou un AIF supplémentaire, et dans les 10 jours ouvrables suivant le début de la gestion pour les AIFMs enregistrés.

4. Révision du processus de soumission des rôles de gestion de fonds :

La circulaire clarifie quand les IFMs assument la responsabilité de la gestion d'un fonds, précisant que ce rôle est officiellement assumé à la date de signature, à la date effective de l'accord de gestion ou lorsque le fonds est établi. Cela permet de garantir que les exigences de notification sont claires et cohérentes.

5. Remplacement de la Circulaire CSSF 15/612 :

La Circulaire CSSF 25/894 remplace officiellement la Circulaire CSSF 15/612, qui était auparavant en place pour les règles de notification relatives aux fonds non autorisés. Cette mise à jour simplifie le processus de notification, fournit des lignes directrices plus claires et permet une communication plus efficace entre les IFMs et la CSSF.

WHAT'S NEXT?

La Circulaire CSSF 25/894 révisée entrera en vigueur le 27 juin 2025 et remplacera la Circulaire CSSF 15/612. La réforme introduit de nouvelles procédures de notification, obligeant les IFMs luxembourgeois à notifier la CSSF concernant la gestion des fonds non autorisés, y compris les UCITS européens et les AIFs européens.

Cette circulaire vise à renforcer la transparence réglementaire et la supervision, en veillant à ce que la CSSF dispose d'une vue complète et à jour des fonds sous gestion au Luxembourg. En élargissant le champ d'application et en exigeant des informations supplémentaires sur les prestataires de services de fonds, la circulaire renforce la position du Luxembourg dans la réglementation des fonds européens.

Pour les IFMs, il est essentiel de se conformer aux procédures de notification mises à jour et de veiller à ce que toutes les informations requises soient soumises via la plateforme eDesk de manière rapide et précise. Cela aidera les IFMs à rester conformes aux réglementations tout en permettant à la CSSF de continuer sa supervision efficace des fonds d'investissement basés au Luxembourg.

On 17 June 2025, the CSSF published CSSF 22/822 Annex following the latest FATF update.

Following the latest FATF update of 13 June 2025, the CSSF has issued an updated annex to Circular 22/822. Professionals subject to AML/CFT obligations must take note of the following:

1. High-Risk Jurisdictions – Enhanced Due Diligence and Possible Counter-Measures:

Enhanced due diligence measures are mandatory for dealings involving:

• Democratic People’s Republic of Korea (North Korea);
• Iran;
• Myanmar (remains on the list; FATF may impose counter-measures after October 2025 if progress stalls).

These jurisdictions pose a significant risk to the international financial system and may be subject to additional counter-measures.

2. Jurisdictions under Increased Monitoring (FATF "Grey List"):

Clients and transactions linked to the following jurisdictions should be subject to heightened scrutiny and ongoing monitoring, though they are actively working to improve their AML/CFT frameworks:

Newly added in June 2025:

• Bolivia;
• British Virgin Islands (UK).

Continuing under monitoring:

Angola, Bulgaria, Burkina Faso, Cameroon, Côte d’Ivoire, Democratic Republic of the Congo, Haiti, Kenya, Monaco, Mozambique, Namibia, Nigeria, South Africa, South Sudan, Venezuela, Vietnam.

Removed in June 2025:

• Croatia;
• Mali;
• Tanzania.

The Professionals should apply enhanced due diligence for high-risk jurisdictions (esp. North Korea, Iran, Myanmar).

Maintain risk-based monitoring for clients linked to grey-listed jurisdictions.

Stay updated on future FATF updates (February, June, October cycles).

Version française

Le 17 juin 2025, la CSSF a publié l'annexe CSSF 22/822 suite à la dernière mise à jour du GAFI.

Suite à la dernière mise à jour du GAFI du 13 juin 2025, la CSSF a publié une annexe mise à jour de la Circulaire 22/822. Les professionnels soumis aux obligations AML/CFT doivent prendre en compte ce qui suit :

1. Juridictions à haut risque – Diligence renforcée et contre-mesures possibles :

La diligence renforcée est obligatoire pour les transactions impliquant :

• La République populaire démocratique de Corée (Corée du Nord),
• L'Iran,
• Le Myanmar reste sur la liste; le GAFI pourrait imposer des contre-mesures après octobre 2025 si les progrès stagnent).

Ces juridictions posent un risque significatif pour le système financier international et peuvent être soumises à des contre-mesures supplémentaires.

2. Juridictions sous surveillance accrue (Liste grise du GAFI) :

Les clients et transactions liés à ces juridictions doivent faire l'objet d'une surveillance accrue et d'un suivi continu, bien qu'elles travaillent activement à améliorer leurs cadres AML/CFT:

Nouveaux ajouts en juin 2025 :

• Bolivie,
• Îles Vierges britanniques (Royaume-Uni).

Sous surveillance :

Angola, Bulgarie, Burkina Faso, Cameroun, Côte d'Ivoire, République Démocratique du Congo, Haïti, Kenya, Monaco, Mozambique, Namibie, Nigéria, Afrique du Sud, Soudan du Sud, Venezuela, Vietnam

Retirés en juin 2025 :

• Croatie,
• Mali,
• Tanzanie.

Les professionnels doivent appliquer une diligence renforcée pour les juridictions à haut risque (notamment la Corée du Nord, l'Iran, le Myanmar).

Maintenir une surveillance basée sur les risques pour les clients liés aux juridictions figurant sur la liste grise.

Rester à jour sur les futures mises à jour du GAFI (cycles de février, juin et octobre).

On 27 June 2025, CSSF published FATF the new guidance on Financial Inclusion and AML/CFT  measures from FATF

FATF Updated Guidance – Financial Inclusion & AML/CFT/CPF (2025)

Purpose:

To support countries and the private sector in expanding access to financial services through proportionate, risk-based approaches while maintaining strong safeguards against illicit finance.

Key Messages:

• Financial inclusion and AML/CFT/CPF controls are mutually supportive.
• Improved transparency and integrity in the financial sector enhance the effectiveness of AML/CFT efforts.
• The Risk-Based Approach (RBA) must take into account both the risks of financial crime and the negative effects of financial exclusion.

Updates to FATF Recommendation 1:

• Reinforces the use of proportionate, risk-based AML/CFT/CPF measures.
• Encourages countries to promote access to financial services for underserved populations.
• Recognizes that most financially excluded individuals are not high-risk but face obstacles such as high costs or lack of formal documentation.

Best Practices and Global Examples:

• Sweden: The Swedish Bankers Association and Migration Agency developed a process to verify asylum seekers' identities online to allow bank account access.
• Netherlands: The Dutch banking industry published a risk-based baseline for applying AML/CFT measures to low, neutral, and high-risk situations, including those involving EU high-risk third countries.
• Singapore: The Monetary Authority of Singapore collaborated with banks to offer Limited Purpose Banking Accounts for individuals with higher ML/TF risks, combining basic access with enhanced monitoring and defined review processes.

Implications:

• Low-risk individuals should be able to access appropriate financial services with simplified due diligence.
• High-risk individuals can be served under enhanced controls and oversight.
• Risk assessments must be well documented, and institutions should adopt proportionate and inclusive measures in line with FATF standards.

Version française

Le 27 juin 2025, la CSSF a publié les nouvelles lignes directrices du GAFI sur l'inclusion financière et les mesures AML/CFT.

Lignes directrices mises à jour du GAFI – Inclusion financière et mesures AML/CFT/CPF (2025)

Objectif :

Soutenir les pays et le secteur privé dans l’élargissement de l’accès aux services financiers par des approches proportionnées et basées sur les risques, tout en maintenant des garanties solides contre les financements illicites.

Messages clés :

• l'inclusion financière et les contrôles AML/CFT/CPF sont mutuellement complémentaires.
• une meilleure transparence et intégrité dans le secteur financier renforcent l’efficacité des efforts AML/CFT.
• l'approche basée sur les risques (RBA) doit prendre en compte à la fois les risques de criminalité financière et les effets négatifs de l'exclusion financière.

Mises à jour de la Recommandation 1 du GAFI :

• renforce l’utilisation de mesures AML/CFT/CPF proportionnées et basées sur les risques.
• encourage les pays à promouvoir l'accès aux services financiers pour les populations mal desservies.
• reconnaît que la plupart des individus financièrement exclus ne présentent pas de risque élevé, mais font face à des obstacles tels que des coûts élevés ou un manque de documentation formelle.

Meilleures pratiques et exemples mondiaux :

• Suède : L'Association des Banquiers Suédois et l'Agence des Migrations ont développé un processus pour vérifier l'identité des demandeurs d'asile en ligne afin de leur permettre d'accéder à des comptes bancaires.
• Pays-Bas : L'industrie bancaire néerlandaise a publié une ligne de base basée sur les risques pour appliquer les mesures AML/CFT à des situations à faible, neutre et haut risque, y compris celles impliquant des pays tiers à haut risque de l'UE.
• Singapour : L'Autorité Monétaire de Singapour a collaboré avec les banques pour offrir des comptes bancaires à usage limité pour les individus présentant un risque plus élevé de blanchiment de capitaux et de financement du terrorisme (ML/TF), combinant un accès de base avec un suivi renforcé et des processus de révision définis.

Implications :

• les individus à faible risque devraient pouvoir accéder à des services financiers appropriés avec une diligence raisonnable simplifiée.
• les individus à haut risque peuvent être servis sous un contrôle et une supervision renforcés.
• les évaluations des risques doivent être bien documentées, et les institutions doivent adopter des mesures proportionnées et inclusives conformément aux normes du GAFI.

BCL and CSSF Announce Updated TIBER-LU Implementation Document – 20 June 2025

The Banque centrale du Luxembourg (BCL) and the Commission de Surveillance du Secteur Financier (CSSF) are pleased to announce the release of the updated TIBER-LU Implementation Document, effective as of 20 June 2025.

This revision follows the entry into force of the Digital Operational Resilience Act (DORA), particularly its Threat-Led Penetration Testing (TLPT) requirements, and the publication of the revised TIBER-EU Framework by the European Central Bank (ECB) on 11 February 2025.

Initially launched on 3 November 2021, the TIBER-LU framework was developed jointly by the BCL and CSSF to support controlled, intelligence-led cyber resilience testing for critical financial entities in Luxembourg. The newly revised version represents a significant step forward in aligning TIBER-LU with DORA’s regulatory requirements and ensuring the continuity and effectiveness of the programme in the evolving cyber threat landscape.

The updated document reflects the ongoing commitment of the BCL and CSSF to enhance the operational resilience of Luxembourg’s financial sector and to ensure consistency with European standards.

Version française

La BCL et la CSSF annoncent la mise à jour du document de mise en œuvre TIBER-LU – 20 juin 2025

La Banque centrale du Luxembourg (BCL) et la Commission de Surveillance du Secteur Financier (CSSF) ont le plaisir d'annoncer la publication du document mis à jour de mise en œuvre de TIBER-LU, en vigueur à partir du 20 juin 2025.

Cette révision fait suite à l'entrée en vigueur du Digital Operational Resilience Act (DORA), en particulier à ses exigences en matière de Threat-Led Penetration Testing (TLPT), ainsi qu'à la publication du cadre révisé TIBER-EU par la Banque centrale européenne (BCE) le 11 février 2025.

Lancé initialement le 3 novembre 2021, le cadre TIBER-LU a été développé conjointement par la BCL et la CSSF pour soutenir les tests de résilience cybernétique contrôlés et axés sur le renseignement pour les entités financières critiques au Luxembourg. La version révisée représente un progrès important dans l'alignement de TIBER-LU avec les exigences réglementaires de DORA et dans la garantie de la continuité et de l'efficacité du programme face à l'évolution du paysage des menaces cybernétiques.

Le document mis à jour reflète l'engagement continu de la BCL et de la CSSF pour renforcer la résilience opérationnelle du secteur financier luxembourgeois et pour assurer la cohérence avec les normes européennes.

On 5 June 2025, the CSSF published Version 4 of its FAQ on the Money Market Funds Regulation (MMFR) to clarify Luxembourg-specific interpretations of EU Regulation 2017/1131.

Key updates include:

• The deletion of one outdated question
• Clarification on deposit concentration limits
• Treatment of non-compliance with liquidity and duration thresholds under Circular 24/856
• Confirmation that MMFs must disclose internal credit assessments
• The FAQ also confirms AIFMs must be EU-authorised to manage MMFs and outlines rules for transparency, valuation, and risk. It applies to all Luxembourg MMFs and provides important guidance on MMFR implementation.

Version française

Le 5 juin 2025, la CSSF a publié la version 4 de sa FAQ sur la réglementation des fonds monétaires (MMFR) afin de clarifier les interprétations spécifiques au Luxembourg du règlement UE 2017/1131.

Les principales mises à jour incluent :

• Suppression d'une question obsolète ;
• Clarification sur les limites de concentration des dépôts ;
• Traitement de la non-conformité avec les seuils de liquidité et de durée en vertu de la Circulaire 24/856 ;
• Confirmation que les MMF doivent divulguer les évaluations de crédit internes ;
• La FAQ confirme que les AIFM doivent être autorisés dans l'UE pour gérer des MMF et définit les règles de transparence, de valorisation et de risque. Cela s'applique à tous les MMF luxembourgeois et fournit des orientations importantes sur la mise en œuvre du MMFR.

BACKGROUND

On 13 June 2025, the Commission de Surveillance du Secteur Financier (CSSF) published the Law of 4 June 2025 on Electronic Signatures in Administrative Matters. This new legislation allows administrative authorities and entities, as well as citizens, to sign administrative documents using qualified electronic signatures. It also introduces the use of qualified electronic seals and qualified registered electronic delivery services in administrative contexts. This law is an important step in modernizing and securing administrative processes through digital means, aligning with broader European digital and trust service standards.

The law further amends the 2015 Law on Electronic Archiving by updating the definition of a "digital original" to include documents signed or sealed under this new law. This is a significant step towards ensuring that digital documents are legally recognized and properly archived in Luxembourg.

On 27 June 2025, the Commission de Surveillance du Secteur Financier (CSSF) published Circular CSSF 25/894, which reforms and replaces Circular CSSF 15/612. The reform is crucial for enhancing the CSSF’s supervisory capabilities over Investment Fund Managers (IFMs) in Luxembourg, ensuring transparent oversight of all funds managed by Luxembourg-based IFMs, especially those not authorised by CSSF. The revised circular applies to both European UCITS and European AIFs managed by IFMs, and it comes into effect on 27 June 2025.

This new circular broadens the scope of application compared to the previous version and introduces updated reporting requirements, aiming to improve the CSSF's ability to maintain comprehensive, real-time knowledge of all funds under management. The reform ensures alignment with EU regulations, especially regarding funds managed by Luxembourg IFMs, and establishes new procedures for submitting detailed information about these funds.

WHAT'S NEW?

1. Qualified Electronic Signatures and Seals:

The new law enables both administrative authorities and citizens to use qualified electronic signatures to sign documents in administrative matters. This includes requests made by citizens to authorities, and any administrative actions taken by authorities themselves. The qualified electronic seals are introduced for applying seals on administrative documents, ensuring their authenticity and integrity in digital form.

2. Qualified Electronic Registered Delivery Services:

The law also mandates the use of qualified electronic registered delivery services when sending registered documents electronically. This enhances the security and reliability of document delivery between authorities and citizens, ensuring that it meets high standards of verification and trust.

3. Amendment to the 2015 Law on Electronic Archiving:

The law amends the 2015 Law on Electronic Archiving, particularly the definition of "digital original". The definition now includes documents signed or sealed electronically under this new law, allowing for these documents to be archived as digital originals, aligning them with existing standards for legal recognition and electronic archiving. This update enhances the credibility of digital documents in legal and administrative contexts.

4. Expanded Scope of Application:

The new circular extends to all non-authorised funds managed by Luxembourg IFMs. IFMs must notify the CSSF about the management of European UCITS and European AIFs via the eDesk procedure, making it clear that these notifications need to be submitted before those related to the European management passport under the freedom to provide services or the freedom of establishment. This ensures a more comprehensive oversight of Luxembourg’s fund management activities.

5. Updated Information Requirements:

The circular requires IFMs to submit additional information on fund service providers for each notified fund. This includes:

• UCI administratorsPortfolio management delegates and sub-delegates

These expanded details ensure that the CSSF has a clearer understanding of the fund’s structure and its key service providers, further improving regulatory transparency.

6. Timely and Accurate Reporting:

IFMs are reminded of their responsibility to report timely and accurate information regarding non-authorised funds. The revised circular emphasizes the use of the eDesk platform for submitting these notifications. IFMs must notify the CSSF before beginning to manage a European UCITS or an additional AIF, and within 10 working days of starting management for registered AIFMs.

7. Revised Submission Process for Fund Management Roles:

The circular clarifies when IFMs assume responsibility for managing a fund, specifying that the role is officially assumed on the signature date, effective date of the management agreement, or when the fund is established. This helps to ensure that the reporting requirements are clear and consistent.

8. Replacement of Circular CSSF 15/612:

Circular CSSF 25/894 formally replaces Circular CSSF 15/612, which was previously in place for reporting rules related to non-authorised funds. This update streamlines the reporting process, provides clearer guidelines, and allows for more efficient communication between IFMs and the CSSF.

WHAT'S NEXT?

The law provides clear guidelines for the future use of digital signatures and electronic seals in administrative procedures. It will enable more efficient and secure interactions between citizens and administrative bodies, reducing reliance on paper documents and improving overall efficiency. The amendment to the 2015 law ensures that electronic documents signed or sealed under the 2025 law will be treated as digital originals, making them legally valid and ensuring their compliance with Luxembourg’s digital archiving regulations. This move is in line with the broader European Union Digital Single Market goals, making administrative procedures more digitally resilient and future-proof.

The updated Circular CSSF 25/894 will come into effect on 27 June 2025, and will replace Circular CSSF 15/612. The reform introduces new reporting procedures, requiring Luxembourg IFMs to notify the CSSF regarding the management of non-authorised funds, including both European UCITS and European AIFs.

This circular aims to enhance regulatory transparency and oversight, ensuring that the CSSF has a comprehensive, up-to-date view of funds under Luxembourg’s management. By broadening the scope and requiring additional information about fund service providers, the circular strengthens Luxembourg’s position in EU fund regulation.

For IFMs, it is essential to comply with the updated notification procedures and ensure that all required information is submitted via the eDesk platform in a timely and accurate manner. This will help IFMs remain compliant with regulations while allowing the CSSF to continue its effective supervision of Luxembourg-based investment funds.

Version française

BACKGROUND

Le 13 juin 2025, la Commission de Surveillance du Secteur Financier (CSSF) a publié la loi du 4 juin 2025 sur les signatures électroniques en matière administrative. Cette nouvelle législation permet aux autorités administratives et aux entités, ainsi qu'aux citoyens, de signer des documents administratifs à l'aide de signatures électroniques qualifiées. Elle introduit également l'utilisation de cachets électroniques qualifiés et de services de livraison électronique enregistrée qualifiée dans les contextes administratifs. Cette loi constitue une étape importante dans la modernisation et la sécurisation des processus administratifs par le biais de moyens numériques, en alignement avec les normes européennes en matière de services numériques et de confiance.

La loi modifie également la loi de 2015 sur l'archivage électronique en mettant à jour la définition de l'"original numérique" pour inclure les documents signés ou cachetés en vertu de cette nouvelle loi. Il s'agit d'une étape significative pour garantir que les documents numériques soient légalement reconnus et correctement archivés au Luxembourg.

Le 27 juin 2025, la Commission de Surveillance du Secteur Financier (CSSF) a publié la Circulaire CSSF 25/894, qui réforme et remplace la Circulaire CSSF 15/612. Cette réforme est essentielle pour améliorer les capacités de supervision de la CSSF sur les gestionnaires de fonds d'investissement (IFMs) au Luxembourg, garantissant une surveillance transparente de tous les fonds gérés par des IFMs basés au Luxembourg, en particulier ceux non autorisés par la CSSF. La circulaire révisée s'applique à la fois aux UCITS européens et aux AIFs européens gérés par les IFMs, et elle entre en vigueur le 27 juin 2025.

Cette nouvelle circulaire élargit le champ d'application par rapport à la version précédente et introduit des exigences de reporting mises à jour, visant à améliorer la capacité de la CSSF à maintenir une connaissance complète et en temps réel de tous les fonds sous gestion. La réforme garantit l'alignement avec les réglementations européennes, en particulier en ce qui concerne les fonds gérés par les IFMs luxembourgeois, et établit de nouvelles procédures pour soumettre des informations détaillées sur ces fonds.

WHAT'S NEW?

1. Signatures électroniques qualifiées et cachets électroniques :

La nouvelle loi permet aux autorités administratives et aux citoyens d’utiliser des signatures électroniques qualifiées pour signer des documents en matière administrative. Cela inclut les demandes faites par les citoyens aux autorités, ainsi que toute action administrative entreprise par les autorités elles-mêmes. Les cachets électroniques qualifiés sont introduits pour apposer des cachets sur les documents administratifs, garantissant ainsi leur authenticité et leur intégrité sous forme numérique.

2. Services de livraison électronique enregistrée qualifiée :

La loi impose également l’utilisation de services de livraison électronique enregistrée qualifiée pour l’envoi de documents enregistrés par voie électronique. Cela renforce la sécurité et la fiabilité de la livraison des documents entre les autorités et les citoyens, garantissant que cette livraison respecte des normes élevées de vérification et de confiance.

3. Modification de la loi de 2015 sur l’archivage électronique :

La loi modifie la loi de 2015 sur l’archivage électronique, en particulier la définition de l'"original numérique". Cette définition inclut désormais les documents signés ou cachetés électroniquement en vertu de cette nouvelle loi, permettant ainsi que ces documents soient archivés en tant qu'originaux numériques, en les alignant sur les normes existantes de reconnaissance légale et d’archivage électronique. Cette mise à jour renforce la crédibilité des documents numériques dans les contextes juridiques et administratifs.

4. Champ d'application élargi :

La nouvelle circulaire s'applique à tous les fonds non autorisés gérés par les IFMs luxembourgeois. Les IFMs doivent notifier à la CSSF la gestion des UCITS européens et des AIFs européens via la procédure eDesk, en précisant que ces notifications doivent être soumises avant celles liées au passeport de gestion européen dans le cadre de la liberté de fournir des services ou de la liberté d'établissement. Cela garantit une surveillance plus complète des activités de gestion de fonds au Luxembourg.

5. Exigences de transmission d'informations mises à jour :

La circulaire oblige les IFMs à soumettre des informations supplémentaires sur les prestataires de services de fonds pour chaque fonds notifié. Cela inclut :

• Administrateurs de l'UCI
• Délégués de gestion de portefeuille et sous-délégués

Ces détails supplémentaires permettent à la CSSF de mieux comprendre la structure du fonds et ses principaux prestataires de services, améliorant ainsi la transparence réglementaire.

6. Transmission d'informations précise et en temps utile :

Les IFMs sont rappelés de leur responsabilité de transmettre des informations exactes et en temps utile concernant les fonds non autorisés. La circulaire révisée met l'accent sur l'utilisation de la plateforme eDesk pour soumettre ces notifications. Les IFMs doivent notifier la CSSF avant de commencer à gérer un UCITS européen ou un AIF supplémentaire, et dans les 10 jours ouvrables suivant le début de la gestion pour les AIFMs enregistrés.

7. Révision du processus de soumission des rôles de gestion de fonds :

La circulaire clarifie quand les IFMs assument la responsabilité de la gestion d'un fonds, précisant que ce rôle est officiellement assumé à la date de signature, à la date effective de l'accord de gestion ou lorsque le fonds est établi. Cela permet de garantir que les exigences de notification sont claires et cohérentes.

8. Remplacement de la Circulaire CSSF 15/612 :

La Circulaire CSSF 25/894 remplace officiellement la Circulaire CSSF 15/612, qui était auparavant en place pour les règles de notification relatives aux fonds non autorisés. Cette mise à jour simplifie le processus de notification, fournit des lignes directrices plus claires et permet une communication plus efficace entre les IFMs et la CSSF.

WHAT'S NEXT?

La loi fournit des directives claires pour l'utilisation future des signatures électroniques et des cachets électroniques dans les procédures administratives. Elle permettra des interactions plus efficaces et sécurisées entre les citoyens et les autorités administratives, réduisant ainsi la dépendance aux documents papier et améliorant l'efficacité globale. La modification de la loi de 2015 garantit que les documents électroniques signés ou cachetés en vertu de la loi de 2025 seront traités comme des originaux numériques, leur conférant ainsi une validité légale et garantissant leur conformité avec les réglementations luxembourgeoises sur l'archivage électronique. Cette démarche s'inscrit dans les objectifs plus larges du Marché unique numérique de l'Union européenne, rendant les procédures administratives plus résilientes numériquement et prêtes pour l'avenir.

La Circulaire CSSF 25/894 révisée entrera en vigueur le 27 juin 2025 et remplacera la Circulaire CSSF 15/612. La réforme introduit de nouvelles procédures de notification, obligeant les IFMs luxembourgeois à notifier la CSSF concernant la gestion des fonds non autorisés, y compris les UCITS européens et les AIFs européens.

Cette circulaire vise à renforcer la transparence réglementaire et la supervision, en veillant à ce que la CSSF dispose d'une vue complète et à jour des fonds sous gestion au Luxembourg. En élargissant le champ d'application et en exigeant des informations supplémentaires sur les prestataires de services de fonds, la circulaire renforce la position du Luxembourg dans la réglementation des fonds européens.

Pour les IFMs, il est essentiel de se conformer aux procédures de notification mises à jour et de veiller à ce que toutes les informations requises soient soumises via la plateforme eDesk de manière rapide et précise. Cela aidera les IFMs à rester conformes aux réglementations tout en permettant à la CSSF de continuer sa supervision efficace des fonds d'investissement basés au Luxembourg.

On 3 June 2025, CSSF published a communication announcing that the reporting procedure for internalised settlements under Article 9 of the CSDR is now available for testing on the eDesk PREPROD environment.

Key details:

• Scope: Article 9(1) of Regulation (EU) 909/2014 (CSDR) requires settlement internalisers to report quarterly on the volume and value of securities transactions settled outside a securities settlement system.
• Testing platform: The PREPROD eDesk is available for trial submissions.
• Two submission modes:
  - Manual filing via the eDesk interface
  - Automated API submission using the S3 protocol
• A user guide is available for technical onboarding.
• Queries can be directed to the dedicated PREPROD contact email.

BACKGROUND

On 27 June 2025, the Commission de Surveillance du Secteur Financier (CSSF) published Circular CSSF 25/894, which reforms and replaces Circular CSSF 15/612. The reform is crucial for enhancing the CSSF’s supervisory capabilities over Investment Fund Managers (IFMs) in Luxembourg, ensuring transparent oversight of all funds managed by Luxembourg-based IFMs, especially those not authorised by CSSF. The revised circular applies to both European UCITS and European AIFs managed by IFMs, and it comes into effect on 27 June 2025.This new circular broadens the scope of application compared to the previous version and introduces updated reporting requirements, aiming to improve the CSSF's ability to maintain comprehensive, real-time knowledge of all funds under management. The reform ensures alignment with EU regulations, especially regarding funds managed by Luxembourg IFMs, and establishes new procedures for submitting detailed information about these funds.

WHAT'S NEW?

1. Expanded Scope of Application:

The new circular extends to all non-authorised funds managed by Luxembourg IFMs. IFMs must notify the CSSF about the management of European UCITS and European AIFs via the eDesk procedure, making it clear that these notifications need to be submitted before those related to the European management passport under the freedom to provide services or the freedom of establishment. This ensures a more comprehensive oversight of Luxembourg’s fund management activities.

2. Updated Information Requirements:

The circular requires IFMs to submit additional information on fund service providers for each notified fund. This includes:- UCI administrators- Portfolio management delegates and sub-delegates
These expanded details ensure that the CSSF has a clearer understanding of the fund’s structure and its key service providers, further improving regulatory transparency.

3. Timely and Accurate Reporting:

IFMs are reminded of their responsibility to report timely and accurate information regarding non-authorised funds. The revised circular emphasizes the use of the eDesk platform for submitting these notifications. IFMs must notify the CSSF before beginning to manage a European UCITS or an additional AIF, and within 10 working days of starting management for registered AIFMs.

4. Revised Submission Process for Fund Management Roles:

The circular clarifies when IFMs assume responsibility for managing a fund, specifying that the role is officially assumed on the signature date, effective date of the management agreement, or when the fund is established. This helps to ensure that the reporting requirements are clear and consistent.

5. Replacement of Circular CSSF 15/612:

Circular CSSF 25/894 formally replaces Circular CSSF 15/612, which was previously in place for reporting rules related to non-authorised funds. This update streamlines the reporting process, provides clearer guidelines, and allows for more efficient communication between IFMs and the CSSF.

WHAT'S NEXT?

The updated Circular CSSF 25/894 will come into effect on 27 June 2025, and will replace Circular CSSF 15/612. The reform introduces new reporting procedures, requiring Luxembourg IFMs to notify the CSSF regarding the management of non-authorised funds, including both European UCITS and European AIFs.

This circular aims to enhance regulatory transparency and oversight, ensuring that the CSSF has a comprehensive, up-to-date view of funds under Luxembourg’s management. By broadening the scope and requiring additional information about fund service providers, the circular strengthens Luxembourg’s position in EU fund regulation.

For IFMs, it is essential to comply with the updated notification procedures and ensure that all required information is submitted via the eDesk platform in a timely and accurate manner. This will help IFMs remain compliant with regulations while allowing the CSSF to continue its effective supervision of Luxembourg-based investment funds.

Version française

Le 3 juin 2025, la CSSF a publié une communication annonçant que la procédure de déclaration des règlements internalisés en vertu de l'article 9 du CSDR est désormais disponible pour des tests sur l'environnement eDesk PREPROD.

Détails clés :

• Portée : L'article 9(1) du règlement (UE) 909/2014 (CSDR) exige que les internalisateurs de règlements déclarent trimestriellement le volume et la valeur des transactions de titres réglées en dehors d'un système de règlement de titres.
• Plateforme de test : Le PREPROD eDesk est disponible pour les soumissions d'essai.
• Deux modes de soumission :
  - Soumission manuelle via l'interface eDesk
  - Soumission automatisée via l'API utilisant le protocole S3
• Un guide utilisateur est disponible pour l'intégration technique.
• Les demandes peuvent être envoyées à l'email dédié pour le contact PREPROD.

BACKGROUND

Le 27 juin 2025, la Commission de Surveillance du Secteur Financier (CSSF) a publié la Circulaire CSSF 25/894, qui réforme et remplace la Circulaire CSSF 15/612. Cette réforme est essentielle pour améliorer les capacités de supervision de la CSSF sur les gestionnaires de fonds d'investissement (IFMs) au Luxembourg, garantissant une surveillance transparente de tous les fonds gérés par des IFMs basés au Luxembourg, en particulier ceux non autorisés par la CSSF. La circulaire révisée s'applique à la fois aux UCITS européens et aux AIFs européens gérés par les IFMs, et elle entre en vigueur le 27 juin 2025.

Cette nouvelle circulaire élargit le champ d'application par rapport à la version précédente et introduit des exigences de reporting mises à jour, visant à améliorer la capacité de la CSSF à maintenir une connaissance complète et en temps réel de tous les fonds sous gestion. La réforme garantit l'alignement avec les réglementations européennes, en particulier en ce qui concerne les fonds gérés par les IFMs luxembourgeois, et établit de nouvelles procédures pour soumettre des informations détaillées sur ces fonds.

WHAT'S NEW?

1. Champ d'application élargi :

La nouvelle circulaire s'applique à tous les fonds non autorisés gérés par les IFMs luxembourgeois. Les IFMs doivent notifier à la CSSF la gestion des UCITS européens et des AIFs européens via la procédure eDesk, en précisant que ces notifications doivent être soumises avant celles liées au passeport de gestion européen dans le cadre de la liberté de fournir des services ou de la liberté d'établissement. Cela garantit une surveillance plus complète des activités de gestion de fonds au Luxembourg.

2. Exigences de transmission d'informations mises à jour :

La circulaire oblige les IFMs à soumettre des informations supplémentaires sur les prestataires de services de fonds pour chaque fonds notifié. Cela inclut :

• Administrateurs de l'UCI
• Délégués de gestion de portefeuille et sous-délégués

Ces détails supplémentaires permettent à la CSSF de mieux comprendre la structure du fonds et ses principaux prestataires de services, améliorant ainsi la transparence réglementaire.

3. Transmission d'informations précise et en temps utile :

Les IFMs sont rappelés de leur responsabilité de transmettre des informations exactes et en temps utile concernant les fonds non autorisés. La circulaire révisée met l'accent sur l'utilisation de la plateforme eDesk pour soumettre ces notifications. Les IFMs doivent notifier la CSSF avant de commencer à gérer un UCITS européen ou un AIF supplémentaire, et dans les 10 jours ouvrables suivant le début de la gestion pour les AIFMs enregistrés.

4. Révision du processus de soumission des rôles de gestion de fonds :

La circulaire clarifie quand les IFMs assument la responsabilité de la gestion d'un fonds, précisant que ce rôle est officiellement assumé à la date de signature, à la date effective de l'accord de gestion ou lorsque le fonds est établi. Cela permet de garantir que les exigences de notification sont claires et cohérentes.

5. Remplacement de la Circulaire CSSF 15/612 :

La Circulaire CSSF 25/894 remplace officiellement la Circulaire CSSF 15/612, qui était auparavant en place pour les règles de notification relatives aux fonds non autorisés. Cette mise à jour simplifie le processus de notification, fournit des lignes directrices plus claires et permet une communication plus efficace entre les IFMs et la CSSF.

WHAT'S NEXT?

La Circulaire CSSF 25/894 révisée entrera en vigueur le 27 juin 2025 et remplacera la Circulaire CSSF 15/612. La réforme introduit de nouvelles procédures de notification, obligeant les IFMs luxembourgeois à notifier la CSSF concernant la gestion des fonds non autorisés, y compris les UCITS européens et les AIFs européens.

Cette circulaire vise à renforcer la transparence réglementaire et la supervision, en veillant à ce que la CSSF dispose d'une vue complète et à jour des fonds sous gestion au Luxembourg. En élargissant le champ d'application et en exigeant des informations supplémentaires sur les prestataires de services de fonds, la circulaire renforce la position du Luxembourg dans la réglementation des fonds européens.

Pour les IFMs, il est essentiel de se conformer aux procédures de notification mises à jour et de veiller à ce que toutes les informations requises soient soumises via la plateforme eDesk de manière rapide et précise. Cela aidera les IFMs à rester conformes aux réglementations tout en permettant à la CSSF de continuer sa supervision efficace des fonds d'investissement basés au Luxembourg.

On 13 June 2025, the CNBV published news on amendments to strengthen sustainability disclosure framework.

The CNBV in its capacity as regulatory authority of the Mexican Financial System, and in compliance with its mandate to supervise and regulate financial institutions to preserve their stability and proper functioning, reaffirms its commitment to transparency and sustainability.

In this context, in January 2025, the CNBV published in the Official Gazette of the Federation amendments to the General Provisions applicable to securities issuers and other participants in the securities market. This action is part of institutional efforts to promote the progressive incorporation of ESG criteria into the national regulatory framework, in line with international standards.

The objective of this regulation is to strengthen the quality, comparability and usefulness of the information disclosed by issuers, so that investors and other users of financial information have sufficient elements to make informed decisions.

As a result of these advances, Mexico was recognized by the International Financial Reporting Standards Foundation (IFRS) as a jurisdiction that has adopted the Sustainability Disclosure Standards issued by the International Sustainability Standards Board (ISSB). The CNBV has actively collaborated with the IFRS Foundation in the preparation and validation of Mexico's jurisdictional profile regarding this adoption.

Mexico's jurisdictional profile details the regulatory approach adopted for the disclosure of sustainability-related information, as well as the scope of the implementation of the ISSB Standards and other relevant aspects.

On 6 June 2025, the Monaco issued Sovereign Ordinance No. 11.242 of 30 May 2025, amending Ordinance No. 2.318 of 3 August 2009 on the implementation of Law No. 1.362 concerning anti-money laundering, counter-terrorism financing, and anti-corruption.

Article I.

Chapter XVII is inserted after Article 54-3 of Sovereign Ordinance No. 2.318 of 3 August 2009, as amended, as referred to above, as follows:

"Chapter XVII: The sanction procedure within the service exercising the sanctioning function of the Monegasque Financial Security Authority

Article 55: Pursuant to Article 65-5 of Law No. 1.362 of 3 August 2009, as amended, referred to above, the President of the sanctioning panel established within the service exercising the sanctioning function of the Authority, is recruited in accordance with one of the following procedures:

1°) when he is active in Monaco, the magistrate called upon to exercise these functions is authorised by order of the Director of Judicial Services under the conditions provided for in Article 11 of Law No. 1.364 of 16 November 2009 on the status of the judiciary, as amended.

2°) in other cases, the President of the sanctioning panel is appointed by sovereign order on the proposal of the Director of the Monegasque Financial Security Authority.

The deputies of the President of the sanctioning panel are recruited under the same conditions.

Article 56: The meetings of the Authority's sanction panel referred to in Article 65-6 of Law No. 1.362 of 3 August 2009, as amended, referred to above, shall not be public, except at the request of the person concerned by the proceedings before the sanction panel, presented at the latest at the opening of the session. or his counsel, and specially authorised by the President of the sanctioning panel.

The President of the sanction panel is responsible for policing the hearing and directing the proceedings. In this context, he may suspend at any time the authorisation to publicise the proceedings and prohibit the public from entering the room during all or part of the session in order to preserve public order or when the publicity is likely to infringe any secret protected by Law No. 1.362 of 3 August 2009, as amended, Above.

The President of the sanction panel may hear any person he or she deems useful.

The accused person may also request the hearing, in his or her presence, and with the authorisation of the President of the sanction panel, of any person he or she considers useful for his or her defence, with the exception of officials and agents of the Authority and any other official or agent of the State.

If the person concerned does not have a sufficient command of the French language, he or she may be assisted by an interpreter of his or her choice, who must state his or her identity and profession and undertake to faithfully translate the words exchanged. This is mentioned in the minutes of the meeting.

The person concerned or his or her counsel, when represented, must have the last floor.

Minutes of the meeting shall be drawn up by an agent of the Authority who shall provide the secretariat for the meetings. It shall mention, in particular, the names of the members of the panel who sat, that of the staff member providing the secretariat for the session, those of the persons present and, where applicable, their counsel, as well as the order in which they were heard, the main statements of the parties, and the decision taken after deliberation by the sanction panel or, failing that, the date on which this decision will be rendered.

Article 57: In the context of the processing of individual cases within the sanction panel established by Article 65-5 of Law No. 1.362 of 3 August 2009, as amended, referred to above, civil servants or agents, as well as the magistrate who presides over it, act in complete independence and may not receive instructions from any authority. ».

Art. 2.

An Article 12-2 is inserted in Chapter III and before Article 13 of Sovereign Ordinance No. 2.318 of 3 August 2009, as amended, as referred to above, as follows:

"Article 12-2: Pursuant to the seventh paragraph of Article 21 of Law No. 1.362 of 3 August 2009, as amended, referred to above, the information shall be transmitted by the beneficial owner to the legal person within thirty working days of the request."

Art. 3.

Article 59-1 of Sovereign Ordinance No. 2.318 of 3 August 2009, as amended, referred to above, is repealed.

Art. 4.

Our Secretary of State, Our Secretary of State for Justice, Director of Judicial Services and Our Minister of State are each responsible for the execution of this Ordinance.

On 12 June 2025, Overheid published the Regulation on the Funding of Financial Supervision 2025.

Purpose:

This Dutch regulation sets the 2025 tariffs and methodology for calculating supervisory fees for all financial institutions under the supervision of the AFM (Authority for the Financial Markets) and DNB (Dutch Central Bank).

Legal basis:

Based on Article 9(1) of the 2019 Financial Supervision Funding Decree. It enters into force the day after publication.

Fee structure:

Each institution pays a fixed fee plus a variable fee based on financial metrics such as regulatory capital, turnover, market cap, transactions, assets under management, etc. Degressive tariff bands apply — the larger the size, the lower the marginal rate.

Sectors covered:

• Banks and credit unions
• Investment firms and UCITS managers
• Payment and e-money institutions
• Pension funds and premium pension institutions
• Insurers (life, non-life, health)
• Trust offices
• Audit firms
• Crypto-asset service providers (under MiCAR)
• Market operators and financial infrastructure providers
• Issuers of securities (market and reporting entities)

Supervisory costs in 2025:

• AFM: €152.8 million (+24% from 2024)
• DNB: €264.4 million (+8% from 2024)

Key changes in 2025:

• Introduction of crypto supervision (MiCAR): fixed base fee (€8,000) + per-service add-ons
• Use of levy reserves (€7.7 million total) to smooth cost spikes (esp. for crypto and payment services)
• Major increases in some categories due to ESG, DORA, pension transition, and IT costs
• Recalibration of cost allocation across sectors

Selected examples of tariffs:

• Banks: €11,250 + €1,792 to €118 per €1 million of regulatory capital
• Payment institutions: €8,250 + €0.37 to €76.67 per €1,000 of turnover
• Crypto firms: €8,000 base + €2,500 to €7,500 per service
• UCITS managers: €10,300 + service/activity fees + balance sheet-based additions
• Implications for institutions:
• Expect higher supervision fees in most sectors
• Crypto firms face first-time levies under MiCAR
• Institutions should verify which tariff bands they fall into and ensure accurate reporting of size metrics (e.g. turnover, AUM, transactions)
• Budget accordingly for AFM/DNB invoices in 2025

On the 26 June 2025, the Banco de España published Law 10/2014 on the regulation, supervision and solvency of credit institutions.

Article 54: Preparation of supervisory guides.

The Banco de España may draw up technical guides for supervised institutions and groups, indicating the criteria, practices, methodologies or procedures that it considers appropriate for compliance with supervisory regulations. These guides, which must be made public, may include the criteria that the Banco de España will follow in the exercise of its supervisory activities. The Banco de España may require supervised institutions and groups to provide an explanation of the reasons why, if any, they have departed from such criteria, practices, methodologies or procedures.

The guides prepared by the Banco de España shall cover the following matters:

a) Assessment of the risks to which institutions are exposed and adequate compliance with the rules of organization and discipline.

b) Remuneration practices and risk-taking incentives compatible with adequate risk management.

c) Financial and accounting information and obligations to submit to external audit the annual accounts or financial statements of the supervised entities and groups.

d) Adequate management of the risks arising from the holding of significant shareholdings by credit institutions in other financial institutions or non-financial companies.

e) Implementation of mechanisms for the restructuring or resolution of credit institutions.

f) Corporate governance and internal control.

g) Any other matter within the scope of competence of the Banco de España.

The Banco de España may endorse and transmit as such to institutions and groups, as well as develop, complement or adapt the guidelines on such matters approved by international bodies or committees active in banking regulation and supervision.

On 17 June 2025, FINMA published an update of FATF lists.

High-Risk Jurisdictions subject to a Call for Action (commonly known as the blacklist): includes North Korea, Iran, and Myanmar.

Jurisdictions under Increased Monitoring (commonly known as the grey list): jurisdictions working with FATF to resolve strategic AML/CFT deficiencies.

Financial institutions are reminded by FINMA (Switzerland's financial regulator) to incorporate these FATF updates into their risk assessments and due diligence frameworks. Enhanced due diligence (EDD) or countermeasures may apply depending on the jurisdiction.

Version française

Le 17 juin 2025, FINMA a publié une mise à jour des listes du GAFI.

Les juridictions à haut risque soumises à un appel à l'action (souvent appelées liste noire) comprennent la Corée du Nord, l'Iran et le Myanmar.

Les juridictions sous surveillance accrue (souvent appelées liste grise) sont des juridictions travaillant avec le GAFI pour résoudre les lacunes stratégiques en matière d'AML/CFT.

Les institutions financières sont rappelées par FINMA (le régulateur financier suisse) d'intégrer ces mises à jour du GAFI dans leurs évaluations des risques et leurs cadres de diligence raisonnable. Une diligence accrue (EDD) ou des contre-mesures peuvent s'appliquer en fonction de la juridiction.

On 10 June 2025, FINMA published a press release about the U.S. Securities and Exchange Commission (SEC) has resumed processing registration applications from Swiss asset managers subject to the FINMA who wish to act as registered investment advisers (RIA) in the United States.

Swiss entities providing investment advice and wealth management services that seek cross-border operations in the U.S. must register with the SEC. The SEC had previously suspended the processing of new registration applications for several years. Following negotiations with FINMA, the SEC will now handle both new and pending applications from Swiss institutions. Clarifications have been made regarding the audit procedures of RIA entities under FINMA by the SEC, ensuring compliance according to Swiss and U.S. legal frameworks. Swiss establishments authorized by FINMA can contact ria@finma.ch for further information regarding surveillance cooperation.

Effective cooperation between supervisory authorities is crucial for the cross-border activities of financial institutions. FINMA provides administrative assistance within its mandate and Swiss surveillance law while supporting operational cooperation with foreign surveillance authorities.

Version française

Le 10 juin 2025, FINMA a publié un communiqué de presse concernant la reprise par la Securities and Exchange Commission (SEC) des États-Unis du traitement des demandes d'enregistrement des gestionnaires d'actifs suisses soumis à la FINMA souhaitant agir en tant que conseillers en investissements enregistrés (RIA) aux États-Unis.

Les entités suisses fournissant des conseils en investissement et des services de gestion de patrimoine qui cherchent à réaliser des opérations transfrontalières aux États-Unis doivent s'enregistrer auprès de la SEC. La SEC avait précédemment suspendu le traitement des nouvelles demandes d'enregistrement pendant plusieurs années. À la suite des négociations avec la FINMA, la SEC traitera désormais à la fois les nouvelles demandes et celles en attente des institutions suisses. Des clarifications ont été apportées concernant les procédures d'audit des entités RIA sous la FINMA par la SEC, garantissant la conformité avec les cadres juridiques suisses et américains. Les établissements suisses autorisés par la FINMA peuvent contacter ria@finma.ch pour toute information complémentaire sur la coopération en matière de surveillance.

La coopération efficace entre les autorités de supervision est cruciale pour les activités transfrontalières des institutions financières. La FINMA fournit une assistance administrative dans le cadre de son mandat et de la législation suisse en matière de surveillance, tout en soutenant la coopération opérationnelle avec les autorités de surveillance étrangères.

On 6 June 2025, The Federal Council published a press release proposing  comprehensive reform package to strengthen the Too-Big-To-Fail (TBTF) framework.

Key measures include:

• Raising capital requirements for parent banks with foreign subsidiaries;
• Introducing a liability regime to hold decision-makers accountable;
• Expanding FINMA’s powers for early intervention and administrative fines;
• Enhancing liquidity requirements and easing access to SNB emergency funding;
• Tightening rules on stabilization and wind-up plans;
• Revising ordinances on capital and liquidity, including AT1 instruments.

The reforms will be implemented in two legal phases (late 2025 and early 2026) with potential entry into force by 2027, aiming to reduce systemic risk and safeguard financial stability.

Version française

Le 6 juin 2025, le Conseil fédéral a publié un communiqué de presse proposant un paquet de réformes globales pour renforcer le cadre "Too-Big-To-Fail" (TBTF).

Les principales mesures comprennent :

• Augmenter les exigences de fonds propres pour les banques mères avec des filiales étrangères ;
• Introduire un régime de responsabilité pour tenir les décideurs responsables ;
• Étendre les pouvoirs de la FINMA pour une intervention précoce et des amendes administratives ;
• Renforcer les exigences de liquidité et faciliter l'accès au financement d'urgence de la SNB ;
• Resserrement des règles sur les plans de stabilisation et de liquidation ;
• Révision des ordonnances sur les fonds propres et la liquidité, y compris les instruments AT1.

Les réformes seront mises en œuvre en deux phases légales (fin 2025 et début 2026), avec une entrée en vigueur potentielle d'ici 2027, visant à réduire le risque systémique et à préserver la stabilité financière.

On 6 June 2025, The Federal Council published an ordinance proposing a comprehensive revision of the Capital Requirements Ordinance (OFR), applicable to banks and securities firms.

The key updates include:

• New eligibility rules for AT1 instruments, mandating FINMA pre-approval for early redemption and clarifying voluntary distribution conditions.
• Clarified CET1 deductions, particularly for goodwill, software, and deferred tax assets.
• Refined LEX framework, requiring more granular large exposure reporting and expanded disclosure thresholds.
• Liquidity updates: Enhanced liquidity risk governance, new disclosure requirements during actual or forecasted liquidity shortfalls, and clearer rules on BNS liquidity injections.
• Inclusion of canton-issued debt in LCR, and detailed conditions for asset/liability interdependence to qualify for ASF/RSF coefficients of 0%.
• Tiered leverage ratio and RWA surcharges based on banks’ total exposures.
• Revised transition rules ensure legacy instruments retain eligibility under certain conditions.
• FINMA is empowered to issue technical implementation details aligned with Basel standards and EU delegated regulations.

Version française

Le 6 juin 2025, le Conseil fédéral a publié une ordonnance proposant une révision complète de l'Ordonnance sur les exigences de fonds propres (OFR), applicable aux banques et aux entreprises de titres.

Les mises à jour clés incluent :

• nouvelles règles d'éligibilité pour les instruments AT1, exigeant l'approbation préalable de la FINMA pour un remboursement anticipé et clarifiant les conditions de distribution volontaire ;
• clarification des déductions CET1, en particulier pour le goodwill, les logiciels et les actifs fiscaux différés ;
• affinement du cadre LEX, nécessitant une déclaration plus détaillée des grandes expositions et des seuils de divulgation étendus ;
• mises à jour sur la liquidité : gouvernance accrue des risques de liquidité, nouvelles exigences de divulgation lors de pénuries de liquidités réelles ou prévues, et règles plus claires sur les injections de liquidité de la BNS ;
• inclusion de la dette émise par les cantons dans le LCR, et conditions détaillées pour l'interdépendance des actifs/passifs pour qualifier les coefficients ASF/RSF à 0 % ;
• ratio de levier par paliers et surtaxes RWA basées sur les expositions totales des banques ;
• révision des règles de transition pour garantir que les instruments existants conservent leur éligibilité sous certaines conditions ;
• la FINMA est habilitée à publier des détails techniques de mise en œuvre conformes aux normes de Bâle et aux règlements délégués de l'UE.

On the 10 June 2025, the FCA published PS25/6 on Private Intermittent Securities and Capital Exchange System.

The FCA’s Policy Statement PS25/6 outlines the regulatory framework for the Private Intermittent Securities and Capital Exchange System (PISCES), a new type of sandbox platform that enables private companies to trade their shares during set trading events. PISCES is designed to help private firms access a broader range of investors in an innovative and controlled environment, without the requirements of public market regulation. The system aims to improve market integrity and competitiveness while protecting investors and supporting capital formation.

The policy introduces detailed rules and guidance for platform operators and trading intermediaries that wish to participate in the sandbox. It defines core responsibilities for operators, such as overseeing company disclosures, organizing trading events, managing market conduct, and ensuring transparency. Operators must have systems to monitor activity, address complaints, and take action against misconduct. Companies using PISCES must disclose key information such as financials, governance, share structure, and potential risks, but with flexibility to omit commercially sensitive data under justified circumstances. Optional models like “sweeper” or “ask” approaches allow tailored additional disclosures.

The policy also sets rules for intermediaries that promote or distribute shares, aligning them with standards for high-risk investments and including measures like investor categorization, risk warnings, and cooling-off periods. It emphasizes the need for proportionate oversight, acknowledging that operators do not have statutory enforcement powers. Operators are expected to act when serious breaches threaten market orderliness, balancing investor protection with the sandbox’s experimental nature.

Additional features of the policy include modified applications of FCA Handbook rules, fees for operator participation, and exemptions from certain financial promotion regulations to avoid undue burdens. The FCA will use data from the sandbox to assess the framework’s effectiveness and may later recommend permanent legislative changes. Overall, PS25/6 lays the foundation for a flexible yet accountable system intended to foster innovation in private capital markets while maintaining standards of transparency, fairness, and investor safety.

On the 3 June 2025, the FCA published PS25/5 on Enforcement Guide and greater transparency of enforcement investigations.

FCA is streamlining, focusing, and updating their Enforcement Guide and making changes to their publicity policy to increase transparency in their enforcement investigations. The revised Enforcement Guide is a more accessible and user-friendly document that will better serve both firms and consumers.

This updated policy and guide is relevant to a range of stakeholders, including firms under FCAs regulatory oversight, whether authorised, registered, or conducting activities requiring authorisation, as well as individuals working within those firms. It is also of interest to consumer and investor groups, industry associations, advisers, experts, commentators, and other regulatory or public bodies.

The changes aim to clarify and improve how the FCA communicate and conduct enforcement. FCA has introduced a more transparent investigation publicity policy, while retaining the existing ‘exceptional circumstances’ test for announcing investigations into regulated and listed firms. FCA has also identified three specific scenarios where public announcements will now be considered appropriate:

• Where an announcement would warn consumers or assist an investigation.
• Where the investigation has already been made public by the subject or a related public body.
• Where anonymised announcements can help educate the public about the types of misconduct being investigated.

The revised Enforcement Guide significantly reduces duplication and unnecessary content, cutting over 250 pages. It reflects FCAs strategic focus on improving the pace and impact of enforcement. In recent months, five investigations concluded with public outcomes in less than 16 months, a significant improvement from the average of 42 months in 2023/24.

FCAs enforcement work plays a vital role in maintaining market integrity and supporting the competitiveness of the UK’s financial services sector. By updating and streamlining processes, FCA is enhancing regulatory effectiveness and ensuring that their actions better protect consumers, support markets, and contribute to economic growth.

FCA will continue to monitor the impact of these changes and assess public and industry confidence in their enforcement efforts. Feedback and data will guide future updates, and they remain committed to consulting on further improvements to the Enforcement Guide.

It enters into force on the 3 June 2025.

On the 9 June 2025, the Federal Register published a consultation on concept release on Foreign Private Issuer eligibility.

The SEC's Concept Release invites public feedback on whether the current definition of a Foreign Private Issuer (FPI) should be updated. The FPI definition, which governs when non-U.S. companies can report under less stringent disclosure rules in the U.S.

The SEC notes that the profile of FPIs has changed significantly in recent years. Many are now incorporated in offshore jurisdictions like the Cayman Islands and operate primarily in countries such as China and yet are listed and trade almost exclusively in U.S. markets. This raises concerns about whether these companies are subject to meaningful oversight from foreign regulators.

To address this, the SEC is exploring potential updates. These include revising the criteria for U.S. ownership and business connections, considering new requirements such as a minimum level of foreign trading activity or listing on a major foreign exchange, and possibly assessing the quality of foreign regulatory regimes. The SEC is also considering requiring that FPIs certify they are subject to oversight by foreign regulators who are members of IOSCO’s international cooperation framework.

The purpose of the release is to evaluate whether companies benefiting from FPI status are truly tied to and regulated by non-U.S. systems, as originally intended. The SEC may propose formal rule changes based on the feedback received.

The consultation ends on 8 September 2025.

On the 5 June 2025, the FED announced approval of application by CACEIS Bank.

The Federal Reserve approved CACEIS Bank’s application to establish a representative office in New York. CACEIS Bank, headquartered in Montrouge, France, is the largest custody bank in France and a wholly owned subsidiary of CACEIS, which is itself majority-owned by Crédit Agricole.

The New York office will serve non-banking functions, such as liaising with clients, marketing, conducting market research, and performing administrative tasks. It will not engage in core banking activities like accepting deposits or issuing loans.

The office was formerly operated by CACEIS Investor Services Bank (Luxembourg), which merged into CACEIS Bank in May 2024. The application was evaluated under a less stringent supervision standard than that required for branches or agencies, given the office’s limited functions.

The Federal Reserve determined that:

• CACEIS Bank is adequately supervised by European authorities, including the ECB and ACPR.
• It has sufficient financial and managerial resources.
• France has strong anti-money laundering laws and participates in global compliance efforts.
• The establishment of the office poses no threat to U.S. financial stability.

CACEIS Bank has committed to providing the Board with all necessary information about its operations. The approval is contingent on continued compliance with U.S. regulations and full cooperation with regulatory requests.

On 18 June 2025, the FATF updated its Standards on Recommendation 16 on Payment Transparency.

The changes to Recommendation 16 of the FATF standard, also referred to as the 'Travel Rule' in the context of virtual assets, were agreed by members at the FATF's June 2025 Plenary meeting. They will ensure consistency of information required in payment messages to build a clearer picture of who is sending and receiving money, and help to eliminate fraud and error impacting customers.

The FATF Recommendations set out a comprehensive and consistent framework of measures which countries should implement in order to combat money laundering, terrorist financing and the financing of the proliferation of weapons of mass destruction.

Financial fraud is one of the fastest growing threats on a global scale. The changes to Recommendation 16 will add a critical safety net to the international payment system by increasing transparency of information that accompanies cross-border payments and requiring the introduction of tools to protect against fraud and error. 

Through the revised Standards, the FATF is ensuring that anti-money laundering defences keep pace with the fact that many different actors, such as fin-techs and digital payment systems, are now performing tasks that only a few – traditional banks – did in the past.  

The changes aim to support the G20 roadmap of making cross-border payments faster, cheaper, more transparent and more inclusive. They have been informed by two public consultations which gathered more than 300 responses from financial institutions, industry associations, civil society, practitioners, international organisations and public authorities.

The changes to the Standards include:

• Clarifying responsibilities within the payment chain 
  By clarifying who is responsible in the payment chain for including information in payment messages and ensuring it remains unchanged, the changes will improve accuracy and ensure investigators know where to go to find information, supporting secure payments. Under the new Standard, the payment chain is considered to start with the financial institution which receives an instruction from the customer.
• Standardised information requirements 
  The FATF is applying standardised requirements on what information should accompany the payment messages for peer-to-peer cross-border payments above USD/EUR 1,000 (name, address, date of birth). This will simplify requirements for the private sector, and  make payments more efficient. It will also bring more clarity to who is sending and receiving money, making it easier to detect suspicious transactions.
• Requirements to introduce tools that protect against fraud and error 
  The new Standards will require financial institutions to make use of new technologies that protect against fraud and error, such as verification of recipients' banking information, so that customers can have peace of mind that their money is going to the right place. Such technologies are already in place in parts of the world.
• Clarification on card transactions
  Transactions carried out using a credit, debit, or prepaid card for the purchase of goods or services continue to be exempt from full R.16 requirements, but clarifications have been made to define the scope of “purchase of goods and services”.

The changes will come into effect by the end of 2030, and the FATF will produce guidance and continue to engage with the private sector to help industry prepare for the changes.

On 23 June 2025, the FATF updated its Guidance on Financial Inclusion and Anti-Money Laundering and Terrorist Financing Measures.

The Guidance follows the strengthening of Recommendation 1 of the FATF Standards earlier this year to reinforce the expectation that Anti-Money Laundering, Countering the Financing of Terrorism, and Counter-Proliferation Financing (AML/CFT/CPF) controls must be implemented through a proportionate and risk-based approach, and to encourage countries to promote financial inclusion.

The new guidance highlights that financial inclusion and the fight against financial crime are mutually supportive. Enhanced financial sector transparency and integrity increases the reach and effectiveness of AML/CFT/CPF measures that help keep criminals out of the financial system and facilitate law enforcement investigations.  

The updated FATF Guidance includes examples of how policy-makers, supervisors, the private sector, industry associations and others have implemented the risk-based approach. For example:

• In Sweden, the Swedish Bankers Association, in collaboration with the Swedish Migration Agency, designed a process to enable identification of asylum seekers for the purpose of opening a bank account, through confirmation provided by the Swedish Migration Agency through an online process.
• In the Netherlands, the Dutch Association of Banks published a risk-based industry baseline on implementing AML/CFT measures for low, neutral, and high-risk scenarios related to EU list of high risk third countries. The baseline defines different risk scenarios and specifies how FIs should approach each scenario with practical use cases, thus helping to take proportionate measures.
• In Singapore, the Monetary Authority of Singapore works with retail banks to offer Limited Purpose Banking Accounts to individuals with higher ML/TF risks (e.g. ex-offenders in serious financial crimes). These accounts enable individuals to meet basic banking needs, and are subjected to enhanced monitoring measures to prevent abuse. Banks must document risk assessments and provide clear review processes in case of account closures and rejections.

On 20 June 2025, the FATF published report on Complex Proliferation Financing and Sanctions Evasion Schemes.

Despite the grave threat posed by proliferation financing (PF), only 16% of countries assessed by the FATF and its Global Network have demonstrated high or substantial effectiveness in Immediate Outcome 11 which evaluates countries’ effectiveness in implementing targeted financial sanctions under the United Nations Security Council Resolutions (UNSCRs) on proliferation.

The report underscores that unless both the public and private sectors urgently bolster technical compliance and effectiveness, those seeking to finance WMD proliferation will continue to exploit weaknesses in existing controls.

The report provides a detailed analysis of the evolving methods and techniques used to evade PF-related sanctions, including those imposed under Recommendation 7 of the FATF Standards, as well as other national and supranational regimes beyond the FATF Standards, to inform the reader on how those seeking to evade PF-related sanctions could be doing so. It outlines how proliferation networks are sourcing dual-use goods, technologies, and knowledge—often through procurement networks and front companies—and using various financial channels to access the global financial system.

Based on the current global PF threat, the Democratic People’s Republic of Korea (DPRK), is recognised in the report as the most significant actor. Numerous actors related to the DPRK’s WMD programme are subject to UN sanctions which are covered by the FATF Standards. There are two main aggravating factors contributing to the DPRK’s financing of its WMD programme: the DPRK’s increasing financial connectivity and the diversity of the DPRK’s revenue generation. It has generated billions of dollars through cyberattacks targeting virtual asset-related companies, such as the theft of USD 1.5 billion from ByBit in February 2025. Other sources of revenue include income from overseas IT workers and illicit activities across a range of sectors.

Illicit actors are employing increasingly sophisticated methods to evade sanctions and circumvent export controls. Based on submissions from across the FATF Global Network, the report identifies four major typologies used in sanctions evasion:

• Use of intermediaries to evade sanctions;
• Obscuring beneficial ownership information (BOI) to access the financial system;
• Using virtual assets and other technologies;
• Exploiting the maritime and shipping sectors.