On 25 February 2025, the ECB updated its document on Eurosystem Collateral Management System (ECMS) key milestones - detailed description.

The Governing Council of the ECB has decided to reschedule the ECMS project by seven months, following discussions with Europe’s financial community. The ECMS is planned to go live in June 2025. It will replace the existing National Central Bank (NCB) systems managing the assets used as collateral in Eurosystem credit operations with an impact on the current interactions between NCBs and their community (CSDs, TPAs, and Counterparties). For further details on the scope of the ECMS, including a description of ECMS new features, please refer to the ECMS Business Description Document.

All actors affected by the ECMS project must prioritise any necessary adaptations to their systems and ensure their readiness for the go-live, in a synchronised manner across all national communities.

As the ECMS project will be implemented following a big-bang approach (i.e. simultaneous discontinuation of the current local systems with the go-live of ECMS), close monitoring and cooperation by NCBs and their communities is a key success factor for the timely go-live of the ECMS project in June 2025.

The Eurosystem shall act in a monitoring role for the timely readiness of the NCBs and their community. Information on the progress of the project shall be provided to the Eurosystem on a regular basis.

The following project key milestones need to be considered by the NCBs and their communities in their internal adaptation plan to ensure their readiness by the go-live date of the ECMS project. Difficulties to meet these milestones should be flagged as early as possible. Each actor would need to communicate to its respective NCB any relevant information on their adaptation implementation and of any potential risks and issues which ultimately might jeopardise the go-live date of the ECMS project.

On 11 February 2025, the ECB published a document on TIBER-EU Framework - How to implement the European framework for Threat Intelligence-Based Ethical Red teaming.

The Framework for Threat Intelligence-based Ethical red teaming (TIBER-EU) provides a uniform and high-quality standard for implementing realistic intelligence-led red team tests on live production systems throughout (and beyond) the European Union. It delivers a controlled, bespoke, intelligence-led red team test of entities’ critical or important functions (CIFs), and the underlying systems supporting these CIFs, i.e. people, processes and technologies, and mimics the tactics, techniques and procedures (TTPs) of real-life threat actors. TIBER-EU enables European and national authorities to work with financial and other entities (hereafter referred to collectively as “entities”) to put in place a programme to test and improve their resilience against sophisticated cyber-attacks. It can help entities to assess their protection, detection, and response capabilities.

This framework document provides an overview of TIBER-EU and how it can be implemented across the EU, with details of the key phases, activities, deliverables and interactions involved in a TIBER-EU test. The document is aimed at:

• authorities responsible for the adoption, implementation and management of the TIBER-EU framework at national and European levels; 
• entities looking to undertake voluntary TIBER-EU tests; 
• entities using this framework as operational guidance for performing TLPT as required by the Regulation (EU) 2022/2554, referred to as the Digital Operational Resilience Act (DORA); 
• supervisors and overseers of above-mentioned entities; 
• providers interested in providing cyber threat intelligence services and red team testing services under TIBER-EU.Red Team Testers (RTT) interested in providing red team testing services under TIBER-EU.

The TIBER-EU framework is designed to be used for entities that carry a certain degree of systemic importance at national or at European level, and are sufficiently mature from an ICT perspective. However, the framework itself can be used by any type or size of entity across the financial and other sectors.

On 13 February 2025, the European Union published several Regulatory Technical Standards (RTS) on Markets in Crypto-assets Regulation (Regulation 2023/1114 – MiCA).

The Regulations are as follows:

• Commission Delegated Regulation (EU) 2025/292 of 26 September 2024 supplementing Regulation (EU) 2023/1114 of the European Parliament and of the Council with regard to regulatory technical standards establishing a template document for cooperation arrangements between competent authorities and supervisory authorities of third countries
  The template document to be used by competent authorities of Member States, where possible for cooperation arrangements pursuant to Article 107(1) of Regulation (EU) 2023/1114 is set out in the Annex to this Regulation.
  Where competent authorities rely on an administrative arrangement pursuant to Article 46(3), point (b), of Regulation (EU) 2016/679 for the transfer of personal data to supervisory authorities of third countries, that arrangement shall be annexed to the cooperation arrangement entered into in accordance with Article 107(1) of Regulation (EU) 2023/1114.
• Commission Delegated Regulation (EU) 2025/293 of 30 September 2024 supplementing Regulation (EU) 2023/1114 of the European Parliament and of the Council with regard to regulatory technical standards specifying the requirements, templates and procedures for the handling of complaints relating to asset referenced tokens.
  In the interest of consumer protection, and in accordance with Article 31 of Regulation (EU) 2023/1114, issuers of asset-referenced tokens, and, where applicable, the third-party entities as referred to in Article 34(5), first subparagraph, point (h), of that Regulation, should provide holders of asset-referenced tokens and other interested parties with information on the complaints handling procedures. Furthermore, those issuers and third-party entities should make available to them a harmonised template in the languages that those issuers and third-party entities use to market their services or in the languages that they use to communicate with the holder of asset-referenced tokens.
• Commission Delegated Regulation (EU) 2025/294 of 1 October 2024 supplementing Regulation (EU) 2023/1114 of the European Parliament and of the Council with regard to regulatory technical standards specifying the requirements, templates and procedures for the handling of complaints by the crypto-asset service providers.
  In the interests of protection of clients, crypto-asset service providers should provide their clients with easy access on their website to both a clear, understandable and up-to-date description of their complaints-handling procedure and the standard template set out in the Annex in the languages used by the crypto-assets service provider to market its services or in the languages they use to communicate with clients.
• Commission Delegated Regulation (EU) 2025/296 of 31 October 2024 supplementing Regulation (EU) 2023/1114 of the European Parliament and of the Council with regard to regulatory technical standards specifying the procedure for the approval of a crypto-asset white paper
  In order to ensure the swift and efficient completion of the crypto-asset white paper approval process in the most proportionate way, the submission of the application for approval of the crypto-asset white paper and other communication or exchange of information between the credit institution and the competent authority as well as between the competent authority and the ECB or, as applicable, a relevant central bank, should be made via electronic means, which allow easier and faster communication and record-keeping. Given the high expectations of diligence on both public authorities and institutions, a high level of security should be expected to be achieved.
• Commission Delegated Regulation (EU) 2025/297 of 31 October 2024 supplementing Regulation (EU) 2023/1114 of the European Parliament and of the Council with regard to regulatory technical standards specifying the conditions for the establishment and functioning of consultative supervisory colleges.
  Under Article 119(1) of Regulation (EU) 2023/1114, the European Banking Authority (‘EBA’) is to establish, manage and chair a consultative supervisory college (‘the college’) for each issuer of a significant asset-referenced token or of a significant e-money token, to facilitate the carrying out of supervisory tasks and to allow for the coordination of supervisory activities under that Regulation. Article 119(2) thereof lists the entities that comprise the core membership of the college.
• Commission Delegated Regulation (EU) 2025/298 of 31 October 2024 supplementing Regulation (EU) 2023/1114 of the European Parliament and of the Council with regard to regulatory technical standards specifying the methodology to estimate the number and value of transactions associated to uses of asset-referenced tokens and of e-money tokens denominated in a currency that is not an official currency of a Member State as a means of exchange.
  The concept of a ‘transaction’ in Article 22(1) of Regulation (EU) 2023/1114 is indifferent as to the type of wallets used by the payer or by the payee for initiating or receiving a transaction associated to the use of an asset-referenced token as a means of exchange. Accordingly, for specifying the methodology referred to in Article 22(6) of Regulation (EU) 2023/1114, it is necessary to consider that the reporting in Article 22(1), point (d), of that Regulation should include transactions between custodial wallets as well as transactions between a custodial wallet, on the one hand, and a non-custodial wallet or other types of distributed ledger addresses that are not controlled by a holder of an asset-referenced token or by a crypto asset service provider, on the other hand. Transactions between non-custodial wallets, or between non-custodial wallets and other types of distributed ledger addresses that are not controlled by a holder of an asset-referenced token or by a crypto asset service provider, should not be included in the scope of the reporting in Article 22(1), point (d), of Regulation (EU) 2023/1114, taking into account that issuers may not have the necessary information to report such transactions under those provisions. That should be without prejudice to the reporting obligations of issuers in respect of such transactions under Article 22(1), point (c), of Regulation (EU) 2023/1114 and Commission Implementing Regulation (EU) 2024/ 2902.
• Commission Delegated Regulation (EU) 2025/299 of 31 October 2024 supplementing Regulation (EU) 2023/1114 of the European Parliament and of the Council on markets in crypto-assets with regard to regulatory technical standards on continuity and regularity in the performance of crypto-asset services.
  Articles 11 and 12 of Regulation (EU) 2022/2554 provide for requirements relating to response and recovery, backup policies and procedures, restoration and recovery procedures and methods concerning the ICT systems of financial entities, including crypto-asset services providers. Commission Delegated Regulation (EU) 2024/1774 further specifies components of the ICT business continuity policy, the testing of ICT business continuity plans, the components of the ICT response and recovery plans of financial entities, including crypto-asset service providers. This Regulation complements those provisions of Regulation (EU) 2022/2554 and of Delegated Regulation (EU) 2024/1774 with respect to continuity and regularity in the performance of the crypto-asset services.

The Regulations enter into force on 5 March 2025.

On 20 February 2025, the European Union published a Commission Delegated Regulation (EU) 2025/303 supplementing Markets in Crypto-assets Regulation (MiCA) with regard to Regulatory Technical Standards (RTS) specifying the information to be included by certain financial entities in the notification of their intention to provide crypto-asset services.

To enable competent authorities to assess whether certain financial entities that intend to provide crypto-asset services meet the applicable requirements laid down in Title V and, where relevant, Title VI of Regulation (EU) 2023/1114, the information to be notified by certain financial entities of their intention to provide crypto-asset services should be sufficiently detailed and comprehensive without imposing undue burden.

In accordance with Article 60(7), point (a) of Regulation (EU) 2023/1114, a notification of the intention to provide crypto-asset services is to contain a programme of operations. In order to provide a full picture of the operations the notifying entity intends to undertake, the programme of operations should comprise a description of the notifying entity’s organisational structure, their strategy in providing crypto-asset services to their targeted clients, and their operational capacity for the 3 years following the date of notification. Regarding the strategy used to target clients, the notifying entity should describe the marketing means that it intends to use, such as websites, mobile phone applications, face-to-face meetings, press releases, or any form of physical or electronic means, including social media campaign tools, internet advertisements or banners, retargeting of advertising, agreements with influencers, sponsorships agreements, calls, webinars, invitations to events, affiliation campaigns, gamification techniques, invitations to fill in a response form or to follow a training course, demo accounts or educational materials.

To enable competent authorities to assess the notifying entity’s resilience to withstand external financial shocks, including those concerning the value of crypto-assets, the notifying entity should include in their notification stress scenarios simulating severe but plausible events in their forecast accounting plan.

To avoid outages of operations as they can have major financial, regulatory and reputational consequences for the notifying entity and more generally, crypto-asset markets in general, it is critical to maintain operations or at least essential functions of crypto-asset service providers and to minimise downtime due to unexpected disruptions, including cyberattacks and natural disasters. A notification should therefore contain detailed information on the notifying entity’s arrangements to ensure continuity and regularity in the provision of crypto-asset services, including a detailed description of its risks and business continuity plans.

Due to the decentralised and digital nature of crypto-assets, cybersecurity risks for crypto-asset service providers are significant and take many forms. To ensure that the notifiying entity is able to prevent data breaches and financial losses that could be caused by cyberattacks, the information on the notifying entity’s deployed ICT systems and related security arrangements such as identity and geographical location of the providers, description of the outsourced activities or ICT services with their main characteristics, copy of contractual agreements, as referred to in Article 60(7), point (c), of Regulation (EU) 2023/1114, should include the human resources dedicated to addressing cybersecurity risks.

The segregation of clients’ crypto-assets and funds protects clients from losses of the crypto-asset service provider and from misuse of their crypto-assets and funds. Article 70 of Regulation (EU) 2023/1114 therefore requires crypto-asset service providers to make adequate arrangements to safeguard the ownership rights of clients. That requirement also applies to crypto-asset service providers that do not provide custody and administration services.

The Regulation enters into force on 12 March 2025.

On 20 February 2025, the European Union published a Commission Implementing Regulation (EU) 2025/304 laying down implementing technical standards (ITS) for the application of Markets in Crypto-assets Regulation (MiCA - Regulation (EU) 2023/1114) with regard to standard forms, templates and procedures for the notification by certain financial entities of their intention to provide crypto-asset services.

Regulation (EU) 2023/1114 requires that common standard forms, templates and procedures are set out to ensure a uniform mechanism by which national competent authorities effectively exercise their powers in respect of the notifications they receive from already regulated entities of their intention to become crypto-asset service providers.

To facilitate the communication between a notifying entity and the relevant competent authority, competent authorities should designate a contact point for the notification process and should publish the contact information on their website.

In order to facilitate access to the information submitted and facilitate its control and future accessibility and analysis, the notification should be submitted in a digital format (web form) that automatically controls and performs preliminary checks on the information submitted and then stores it when complete.

The information submitted by the notifying entity should be accurate, complete and up-to-date. Pursuant to Article 60(9) of Regulation (EU) 2023/1114, where the information referred to in Commission Delegated Regulation (EU) 2025/303 has previously been submitted to the competent authority, the notifying entity is to expressly state that any information that was submitted previously is still up-to-date. Given that some information may only refer to the future, any future date included in the information should be specifically identified in the application.

To ensure a prompt and timely handling of notifications from financial entities, competent authorities should confirm the receipt of the notification by sending electronically, on paper, or in both forms, an acknowledgement of receipt to the notifying entity. That acknowledgement of receipt should include the contact details of the persons or function in charge of handling the notification.

The Regulation enters into force on 12 March 2025.

On 27 February 2025, the EBA published an Opinion in response to the European Commission’s (EC) proposed changes to its draft Regulatory Technical Standards (RTS) on the information to be provided to competent authorities when authorising the offer to the public of asset-referenced tokens (ARTs) or the admission to trade them under the Markets in Crypto-Assets Regulation (MiCAR).

In this Opinion, the EBA accepts the changes proposed by the European Commission, in particular those considered as substantive. At the same time the EBA invites the European Commission to consider amending the Level 1 text at the next available opportunity, to include those elements that were set out in the draft RTS submitted to the Commission, given their importance from a supervisory perspective. Namely, the requirements of a market policy abuse, of an independent third-party audit about the issuer’s proprietary DLT that is operated by the issuer or by a third-party operator, and of a comprehensive notion of good repute aligned with the rest of the financial sector.

On 27 February 2025, the European Commission adopted a Commission Delegated Regulation supplementing Markets in Crypto-Assets Regulation (Regulation 2023/1114 – MiCA) as regards regulatory technical standards (RTS) specifying the requirements for policies and procedures on conflicts of interest for the crypto-asset service providers (CASPs) and the details and methodology for the content of disclosures on conflicts of interest.

MiCA regulates issuers of crypto-assets that are not already covered by other financial services acts as well as providers of services in relation to such crypto-assets (crypto-asset service providers). Its objective is to promote safe and sustainable innovation while addressing the risks to consumers, market integrity, financial stability as well as the risks to monetary policy transmission and monetary sovereignty arising from this new class of assets.

Article 72 of MiCA provides for the requirements for crypto-asset service providers to implement and maintain effective policies and procedures to identify, prevent, manage and disclose conflicts of interests, as well as to make public those conflicts and the steps taken to mitigate them. More particularly, Article 72(1) of MiCA details the types of conflicts that should be covered by such policies and procedures.

Pursuant to Article 72(5) of MiCA, the European Securities and Markets Authority (ESMA) has been mandated, in close cooperation with the European Banking Authority (EBA), to develop draft regulatory technical standards to further specify the requirements for conflicts of interest policies and procedures and the details and methodology for disclosing those conflicts and steps taken to mitigate them.

Article 72(5) of MiCA empowers the Commission to supplement the Regulation by adopting the regulatory technical standards in accordance with Articles 10 to 14 of Regulation (EU) No 1095/2010.

Article 1 provides for the definitions.

Article 2 sets out the circumstances that could create conflicts of interest potentially detrimental to the crypto-asset service provider, which are related to the performance of duties and responsibilities of persons connected to it. 

Article 3 specifies the types of conflicts of interest potentially detrimental to clients. 

Article 4 specifies the conflicts of interest policies and procedures to be maintained by crypto-asset service providers. 

Article 5 provides for remuneration procedures, policies and arrangements that crypto-asset service providers are required to maintain to prevent conflicts of interest. 

Article 6 specifies the requirements applicable to personal transactions. 

Article 7 lays down the requirements applicable to disclosures of conflicts of interest by crypto-asset service providers. 

Article 8 provides for additional requirements related to identifying and addressing the types of conflicts of interest that arise where the crypto-asset service provider provides placing services. 

Article 9 lays down the date of entry into force of the delegated act.

On 27 February 2025, the European Commission adopted a Commission Delegated Regulation supplementing Markets in Crypto-Assets Regulation (Regulation 2023/1114 – MiCA) as regards regulatory technical standards (RTS) specifying records to be kept of all crypto-asset services, activities, orders and transactions undertaken.

MiCA regulates issuers of crypto-assets that are not already covered by other financial services acts as well as providers of services in relation to such crypto-assets (crypto-asset service providers). Its objective is to promote safe and sustainable innovation while addressing the risks to consumers, market integrity, financial stability as well as the risks to monetary policy transmission and monetary sovereignty arising from this new class of assets.

Article 1 provides for the definitions. 

Article 2 specifies the modalities of retaining the records. 

Article 3 lays down the requirements for record-keeping of policies and procedures CASPs are required to maintain pursuant to Regulation (EU) No 2023/1114. 

Article 4 specifies the record-keeping of the respective rights and obligations of the CASP and the client. 

Article 5 specifies the record-keeping requirements in relation to the safekeeping of client’s crypto-assets and funds. 

Articles 6 and 7 respectively set out the record keeping requirements for orders and transactions executed by the CASP. 

Article 8 provides for the requirements for the identification of a person or computer algorithm making the investment decision. 

Article 9 specifies the requirements for the identification of natural persons in the records of the CASP. 

Article 10 provides for the record-keeping requirements relating to the identification of a person or computer algorithm determining the conditions for the execution of a transaction.

Article 11 specifies the record-keeping requirements for the reception and transmission of orders to another CASP. 

Article 12 and 13 respectively provide for the record-keeping requirements in relation to orders executed by, or transmitted to entities to which Regulation (EU) 2023/1114 does not apply. 

Article 14 specify the requirements pertaining to the identification of legal persons in the records of the CASP. 

Article 15 specifies the requirements pertaining to the identification of crypto-assets. 

Article 16 lays down the requirement for the CASP to keep records of transactions undertaken by its branches. 

Article 17 specifies the requirements for identification of CASPs undertaking orders or transactions using legal entity identifiers. 

Article 18 lays down the date of entry into force and application of the delegated act.

On 11 February 2025, the EBA narrowed down the scope of its existing Guidelines on ICT and security risk management measures, due to the application of harmonised ICT risk management requirements under the Digital Operational Resilience Act (DORA) from 17 January 2025.  

These amendments aim at simplifying the ICT risk management framework and providing legal clarity to the market.

DORA has introduced harmonised requirements on ICT risk management that apply to financial entities across the banking, securities/markets, insurance and pensions sectors.

To avoid duplication of requirements and to provide legal clarity to the market, the EBA has amended its Guidelines on ICT and security risk management. In particular, the EBA has narrowed down:

• the entity scope of the Guidelines to only those that are covered by DORA, namely credit institutions, payment institutions, account information service providers, exempted payment institutions and exempted e-money institutions; and
• the scope of the Guidelines to the requirements on relationship management of the payment service users in relation to the provision of payment services.

It is important to note that security and operational risk management requirements under the Payment Services Directive (PSD2), which are applicable since March 2018, continue to apply to other types of payment service providers (PSPs), such as post-office giro institutions and credit unions, that are not covered by DORA. PSPs that are still subject to security and operational risk management under the PSD2 can potentially be subject to additional national requirements, regardless of the existence of the EBA Guidelines that would apply to them. Competent authorities or Member States’ governments wishing to retain the approach set out in the EBA Guidelines for those PSPs can continue to do so under their national legal framework or supervisory measures.

On 13 February 2025, the European Parliament published a Commission Delegated Regulation (EU) 2025/295 supplementing the Digital Operational Resilience Act (Regulation (EU) 2022/2554 -DORA) with regard to RTS on harmonisation of conditions enabling the conduct of the oversight activities.

The framework on digital operational resilience for the financial sector established by Regulation (EU) 2022/2554 introduces a Union oversight framework for the information and communication technology (ICT) third-party service providers to the financial sector designated as critical in accordance with Article 31 of that Regulation.

An ICT third-party service provider which decides to submit a voluntary request to be designated as critical should provide the receiving European Supervisory Authority (ESA) with all the necessary information to demonstrate its criticality according to the principles and criteria set out in Regulation (EU) 2022/2554. For this reason, the information to be included in the voluntary request application should be sufficiently detailed and complete to enable a clear and complete assessment of criticality under Article 31(11) of that Regulation. The relevant ESA should reject any incomplete application and request the missing information.

The legal identification of ICT third-party service providers within the scope of this Regulatory Technical Standard should be aligned with the identification code set out in Commission Implementing Regulation adopted in accordance with Article 28(9) from Regulation (EU) 2022/2554.

As a follow-up to the recommendations issued by the Lead Overseer to critical ICT third-party service providers, the Lead Overseer should monitor critical ICT third-party service providers’ compliance with the recommendations. With a view to ensure efficient and effective monitoring of the actions that have been taken or the remedies that have been implemented by the critical ICT third-party service providers in relation to these recommendations, the Lead Overseer should be able to require the reports referred to in Article 35(1), point (c), of Regulation (EU) 2022/2554, which should be intended as interim progress reports and final reports.

For the purpose of the assessment specified in Article 42(1) of Regulation (EU) 2022/2554, according to which Lead Overseer is obliged to evaluate whether the explanation provided by critical ICT third-party service provider is sufficient, the notification to the Lead Overseer by the critical ICT third-party service provider of its intention to follow the recommendations received should be complemented by a description of the actions and measures that have been taken to mitigate the risks outlined in the recommendations, along with their respective deadlines. Such explanation should take the form of a remediation plan.

As the Lead Overseer is expected to assess the subcontracting arrangements of the critical ICT third-party service provider, a template needs to be developed for providing information on those arrangements. The template should take into account the fact that the critical ICT third-party service providers have different structures than financial entities.

The Regulation enters into force on 5 March 2025.

On 13 February 2025, the European Commission adopted a Commission Delegated Regulation (CDR) supplementing the Digital Operational Resilience Act (DORA - Regulation (EU) 2022/2554) with regard to Regulatory Technical Standards (RTS) specifying the criteria used for identifying financial entities required to perform threat-led penetration testing, the requirements and standards governing the use of internal testers, the requirements in relation to the scope, testing methodology and approach for each phase of the testing, results, closure and remediation stages and the type of supervisory and other relevant cooperation needed for the implementation of TLPT and for the facilitation of mutual recognition.

One of the objectives of Regulation (EU) 2022/2554 on digital operational resilience for the financial sector is to ensure that financial entities regularly test their ICT systems to assess the effectiveness of their preventive and resilience measures and to identify and address potential ICT vulnerabilities, as well as to reduce single market fragmentation and enable cross-border acceptance of testing results.

In that regard, Article 26(11) of Regulation (EU) 2022/2554 mandates the ESAs in agreement with the ECB, to develop joint draft regulatory technical standards in accordance with the TIBER-EU framework in order to specify further the following:

• The criteria to identify financial entities required to perform TLPT.
• The requirements regarding test scope, testing methodology and results of TLPT. 
• The requirements and standards governing the use of internal testers. 
• The rules on supervisory and other cooperation needed for the implementation of TLPT and for mutual recognition of testing. 

This draft RTS in the form of a delegated regulation corresponds to that mandate.

As part of developing the standards set out in this draft regulation, the ESAs published the draft RTS on 8 December 2023 for a consultation period that ended on 4 March 2024. The ESAs received 111 responses from a variety of stakeholders across the financial sector.

The ESAs have assessed the responses from the public consultation and have made changes to the draft RTS where relevant. Respondents appeared to be very concerned with the requirements applying to TLPT providers (both testers and threat intelligence providers), which were mostly deemed too strict considering the limited availability of these providers on the existing market. The proposed testing process has also been largely commented, including many requests for more clarity, in particular in respect of TLPTs involving several financial entities and an ICT service provider (in case of pooled testing), and for more time in particular for the closure phase

The main changes introduced as a follow-up to the public consultation relate to: (i) the criteria to be used to select insurance and reinsurance undertakings required to perform TLPT by default, which have been revised to allow for more predictability for market stakeholders, (ii) TLPTs involving several financial entities and/or ICT service providers (intragroup or third parties) in pooled TLPTs and joint TLPTs, with clarifications of the related processes which also require extended cooperation between the involved TLPT authorities, and (iii) the requirements applicable to testers, external and internal, and threat intelligence providers, which have been revised to include different criteria on past experience and more flexibility, in conjunction with appropriate risk management measures.

The ESAs have also performed a proportionality assessment. The proposed draft RTS includes the proportionality principle in the criteria that are used to identify financial entities required to perform TLPT. Only financial entities that carry a certain degree of systemic importance and are mature enough from an ICT perspective are required to perform a TLPT. Therefore, since all financial entities that are required to perform TLPT must meet a high level of ICT maturity and have to fulfil the further criteria set out in the proposed draft RTS, the testing methodology does not include any further proportionality considerations and measures.

Article 1 establishes the definitions used throughout the delegated regulation. Article 2 sets out the criteria for the identification of financial entities required to perform TLPT. Articles 3 to 14 establish the requirements regarding testing scope, testing methodology and the results of TLPT, including the testing process. Article 15 lays down the requirements and standards governing the use of internal testers. Article 16 to 17 contains the rules on the supervisory cooperation and mutual recognition of TLPT, as well as the final provisions on entry into force.

On 18 February 2025, the European Supervisory Authorities (ESAs) published a roadmap towards the designation of critical ICT third-party service providers (CTPPs) under the Digital Operational Resilience Act (DORA).

The ESAs are advancing in the implementation of the pan-European oversight framework of CTPPs with the objective to designate the CTPPs and to start the oversight engagement this year.

To designate the CTPPs in 2025, the ESAs will perform the following steps:

• Collection of the Registers of Information: Competent Authorities are required to submit to the ESAs, by 30 April 2025, the Registers of Information on ICT third-party arrangements they received from financial entities.
• Criticality assessments: The ESAs will perform the criticality assessments mandated by DORA and notify ICT third-party service providers of their classification as critical by July 2025. This notification will start a six-week period during which ICT third-party service providers may object to the assessment with a reasoned statement and relevant supporting information.
• Final Designation: After the six-week period, the ESAs will designate CTPPs and start oversight engagement with them.

ICT third-party service providers not designated as critical may voluntarily request to be designated as critical once the list of CTPPs is published. Details on how to request this will be provided soon.

The ESAs have been preparing the governance, procedures and methodologies necessary to conduct oversight activities.

To maximise synergies, ensure consistency in the oversight tasks and use resources efficiently, the ESAs have set up a joint DORA oversight function, led since October 2024 by a joint Director. The establishment of this function will allow the ESAs to perform their day-to-day oversight duties with an integrated approach across their sectors.

To provide clarity to the market on preparatory activities, the designation process and on the ESAs’ oversight approach, the ESAs plan to organise an online workshop with ICT third-party providers in the second quarter of 2025.

On 20 February 2025, the European Union published a Commission Delegated Regulation (EU) 2025/301 supplementing the Digital Operational Resilience Act (DORA - Regulation (EU) 2022/2554) with regard to regulatory technical standards (RTS) specifying the content and time limits for the initial notification of, and intermediate and final report on, major ICT-related incidents, and the content of the voluntary notification for significant cyber threats.

To ensure the harmonisation and simplication of the notification and reporting requirements for major ICT-related incidents referred to in Article 19(4) of Regulation (EU) 2022/2554, the time limits for reporting major ICT-related incidents should follow a consistent approach for all types of financial entities. For these reasons, the time limits should also, to the greatest extent possible, follow a consistent approach with, and at least be equivalent in effect to, the requirements set out in Directive (EU) 2022/2555 of the European Parliament and of the Council

To avoid imposing an undue reporting burden on financial entities at a time when they are handling the ICT-related incident, the content of the initial notification should be limited to the most significant information. To be able to take proper supervisory action, competent authorities need to receive information about major ICT-related incidents as quickly as possible after the financial entity has classified an ICT-related incident as major. Consequently, the time limit for submitting an initial notification as referred to in Article 19(4), point (a), of Regulation (EU) 2022/2554 should be as short as possible after an ICT-related incident has been classified as major, whilst still allowing for flexibility, especially for service business models that are not particularly time-critical, in case financial entities need more time to handle the ICT-related incident after becoming aware of it.

Financial entities shall include in the initial notification, the intermediate report, and the final report, as referred to in Article 19(4) of Regulation (EU) 2022/2554, the following general information:

(a) the type of submission (initial notification, intermediate report, or final report);

(b) the name of the financial entity, its LEI code, and the type of financial entity, as referred to in Article 2(1) of Regulation (EU) 2022/2554;

(c) the name and identification code of the entity that submits the initial notification, or intermediate or final report, for the financial entity;

(d) where applicable, the names and LEI codes of all financial entities covered in the aggregated initial notification or intermediate or final report;

(e) the contact details of the persons responsible for communicating with the competent authority on the major ICT-related incident;

(f) where applicable, the identification of the parent undertaking of the group to which the financial entity belongs;

(g) where there is monetary impact, the currency the amounts are based on.

Taking into account the criteria set out in Article 20, first paragraph, point (a), of Regulation (EU) 2022/2554, the reporting timelines should not pose a disproportionate burden to microenterprises and to other financial entities that are not significant. In addition, to avoid a disproportional burden on financial entities, the reporting time limits should take into account weekends and bank holidays.

Since significant cyber threats are to be notified on a voluntary basis, the content of such notifications should not impose a burden on financial entities and should be more limited than the information requested for major ICT-related incidents.

The Regulation enters into force on 12 March 2025.

On 20 February 2025, the European Union published a Commission Implementing Regulation (EU) 2025/302 laying down implementing technical standards (ITS) for the application of the Digital Operational Resilience Act (DORA - Regulation (EU) 2022/2554) with regard to the standard forms, templates, and procedures for financial entities to report a major ICT-related incident and to notify a significant cyber threat.

To ensure that financial entities report major incidents to their competent authorities in a consistent manner and to ensure that they provide those authorities with data of good quality, it should be specified which data fields financial entities need to provide at the various stages of the reporting referred to in Article 19(4) of Regulation (EU) 2022/2554. It is important that that information is presented in a way that allows for a single overview of the incident. It is therefore necessary to lay down a single reporting template for those purposes.

Financial entities should complete those data fields of the reporting template that correspond to the information requirements of the respective notification or report. However, financial entities that already have information which they are to provide at a later reporting stage, i.e. in the intermediate or final report, should be allowed to anticipate the submission of the data.

Since multiple or recurring incidents may constitute a major incident as referred to in Article 8 of Commission Delegated Regulation (EU) 2024/1772, the design of the reporting template and of the data fields should enable financial entities to report such recurring incidents.

To ensure accurate and up to-date information, the reporting template should enable financial entities, when submitting the intermediate and final report, to update any information that was submitted previously, and where necessary reclassify major incidents as non-major.

Where financial entities outsource the major ICT-related incident reporting obligations to a third party, competent authorities should be aware of the identity of the third-party reporting on behalf of the financial entity prior to the submission of the first notification or reporting, in order to verify the legitimacy of the reporting third party.

To identify easily the impact of an incident that occurred at, or was caused by a third-party provider, and that affects multiple financial entities within a single Member State, and to reduce the reporting effort for financial entities, the reporting template should allow for the submission of an aggregated report covering aggregated information about the impact of the incident on all impacted financial entities that have classified the incident as major.

The reporting template should be designed in a technology neutral way to allow for its implementation into various incident reporting solutions that already exist or that may be developed for the implementation of the requirements of Regulation (EU) 2022/2554.

The Regulation enters into force on 12 March 2025.

On 28 February 2025, the ESMA published the results of the annual transparency calculations for equity and equity-like instruments, which will apply from 7 April 2025.

The calculations made available include:

• the liquidity assessment as per Articles 1 to 5 of CDR 2017/567;
• the determination of the most relevant market in terms of liquidity as per Article 4 of CDR 2017/587 (RTS 1);
• the determination of the average daily turnover relevant for the determination of the pre-trade and post-trade large in scale thresholds;
• the determination of the average value of the transactions and the related the standard market size; and
• the determination of the average daily number of transactions on the most relevant market in terms of liquidity relevant for the determination of the tick-size regime.

Currently, there are 1,283 liquid shares and 1,003 liquid equity-like instruments other than shares, subject to MiFID II/MiFIR transparency requirements.

Market participants are invited to monitor the release of the transparency calculations for equity and equity-like instruments on a daily basis to obtain the estimated calculations for newly traded instruments and the four-weeks calculations applicable to newly traded instruments after the first six-weeks of trading. 

ESMA’s annual transparency calculations are based on the data provided to Financial Instruments Transparency System (FITRS) by trading venues and approved publication arrangements in relation to the calendar year 2024.

The full list of assessed equity and equity-like instruments will be available through ESMA’s FITRS in the XML files with publication date from 28 February 2025 and through the Register web interface. 

The transparency requirements based on the results of the annual transparency calculations published from 1 March 2025 for equity and equity-like instruments will apply from 7 April 2025 until 5 April 2026. From 6 April 2027 the next annual transparency calculations for equity and equity-like instruments, to be published by 1 March 2026, will become applicable. 

On 3 February 2024, the European Commission published a consultation on the Savings and Investments Union (SIU).

The purpose is to gather views, facts and evidence from consumers and stakeholders on progress made on the Capital Markets Union, as well as identifying significant challenges that the Savings and Investments Union should address. 

Building on the achievements of the Capital Markets Union and Banking Union, the SIU is a key initiative to strengthen EU prosperity and competitiveness. It aims at developing a strategy for supporting household wealth creation by increasing the returns on savings of EU citizens (in a risk appropriate manner), while widening the financing opportunities for businesses. It encompasses capital markets and the banking sector, as well as retail investment, and is considered a crucial enabler of competitiveness in the EU Competitiveness Compass. It aims to unlock funds to boost the EU's sustainable competitiveness, support innovation, drive the clean transition and promote digital and tech diffusion. It will focus on increasing returns on savings for EU citizens and financing opportunities for businesses. To achieve this, the Commission plans to present a comprehensive strategy on the SIU, aiming to ensure that all Member States and stakeholders benefit from strong, integrated financial markets, together with well-developed domestic markets.  

A number of impactful measures can be envisaged in the following areas that have a clear link to boosting competitiveness and productivity in the EU economy:

• Mobilising savings more effectively, notably by supporting retail participation in capital market through simple and low-cost saving and investment products and including through appropriate fiscal or other incentives, thereby pooling large amounts of investment capital and enabling more wealth creation.
• Making more investments available for EU companies, including for young and innovative companies, notably by incentivising European private and institutional investors to channel funding to productive and innovative firms.
• Fostering greater market integration and efficiency in capital markets so as to support the creation of market depth and scale, by identifying and removing barriers to cross-border activity whether they be supervisory, taxation, authorisation or other barriers.
• Enhancing supervisory arrangements to ensure that the single rulebook is effectively applied and that oversight of capital markets is of high quality across the EU.

The feedback period closes on 3 March 2025.

On 24 February 2025, the European Securities and Markets Authority (ESMA) published translations of Guidelines on stress test scenarios under the Money Market Fund (MMF) Regulation.

These guidelines apply to competent authorities, money market funds and managers of money market funds as defined in the MMF Regulation.

The purpose of these guidelines is to ensure common, uniform and consistent application of the provisions in Article 28 of the MMF Regulation. In particular, and as specified in Article 28(7) of the MMF Regulation, they establish common reference parameters of the stress test scenarios to be included in the stress tests taking into account the following factors specified in Article 28(1) of the MMF Regulation:

• hypothetical changes in the level of liquidity of the assets held in the portfolio of the MMF;
• hypothetical changes in the level of credit risk of the assets held in the portfolio of the MMF, including credit events and rating events;
• hypothetical movements of the interest rates and exchange rates;
• hypothetical levels of redemption;
• hypothetical widening or narrowing of spreads among indexes to which interest rates of portfolio securities are tied;
• hypothetical macro systemic shocks affecting the economy as a whole.

In accordance with Article 28(7) MMF Regulation, these guidelines will be updated at least every year taking into account the latest market developments. In 2024, sections 4.8 and 5 of these guidelines were updated so that managers of MMFs have the information needed to fill in the corresponding fields in the reporting template referred to in Article 37 of the MMF Regulation, as specified by Commission Implementing Regulation (EU) 2018/708. This information includes specifications on the types of stress tests mentioned in section 5 and their calibration.

These guidelines are already in application since 2018 and 2019, as per the dates specified in Articles 44 and 47 of the MMF Regulation. However, for the parts noted in red, these guidelines will apply from two months after the date of publication of the guidelines on ESMA’s website in all EU official languages.

BACKGROUND

On 26 February 2025, the European Commission published the Omnibus proposal on sustainability. The package aims to simplify regulatory requirements under the Corporate Sustainability Reporting Directive (CSRD), the Corporate Sustainability Due Diligence Directive (CSDDD), and the EU Taxonomy Regulation.

The Omnibus proposal responds to concerns from businesses, particularly SMEs, about the complexity and administrative burden of sustainability reporting. 

WHAT'S NEW?

1. CSRD: the reporting timelines are extended by two years to 2028, with requirements now applying only to companies with over 1,000 employees (while turnover thresholds remain unchanged). Wave 1 companies must still comply with CSRD as planned, but wave 2 and 3 companies receive a two-year delay to avoid a scenario where companies that do not yet report under CSRD would need to start reporting, only to potentially be excluded shortly thereafter if they have fewer than 1,000 employees. With the new criteria, the number of companies in scope of CSRD is significantly reduced, with 80% less companies needing to report. Such reporting companies do not have to collect data from non-CSRD companies in their value chains and may only use sector-agnostic standards. Importantly, the Commission has made a commitment to revise and simplify the first set of ESRS.
2. CSDDD: the reporting timelines are pushed by one year and there's a reduced scope of due diligence to own operations, subsidiaries and direct business partners, while simplifying other aspects of the due diligence requirements and limiting information requests in the value chain. Aligns the transition plan requirement with the CSRD. Removes the EU-wide civil liability regime and further constrains Member States from gold-plating due diligence requirements.
3. Taxonomy Regulation: sustainability reporting under Art. 8 is voluntary for certain large companies (within the future scope of the CSRD with over 1,000 employees, but below net turnover EUR 450 million). The Commission is also looking to simplify reporting templates to reduce data points by almost 70%, amend the Green Asset Ratio for banks, and simplify the Do No Significant Harm criteria.

WHAT'S NEXT?

The European Commission proposal needs to be discussed by and agreed with the Council of the EU and European Parliament (Trilogues). During trilogues, the Council and Parliament can propose amendments on the way to trying to reach a compromise. The Commission has asked the co-legislators to treat the package as a priority, in particular the proposal to postpone certain CSRD disclosure requirements and the CSDDD transposition deadline.Given the political sensitivity of aspects of the package and prior statements from key EU Member States (Germany, France, Spain, Italy, Denmark) and political groups (EPP, S&D, Greens), negotiations are expected to be challenging, with one side pushing for further simplification and the other seeking to maintain the status quo. While it’s likely that there will be a push to agree the proposal on CSRD and CSDDD timings quickly, the process for the wider package is expected to be lengthy and potentially last 9-12 months. The transposition is expected to take place within 12 months of the package being finalized, except for the changes regarding the new timelines which are expected to be transposed by the end of 2025. The draft Delegated Act amending the Taxonomy Regulation Delegated Acts will be adopted after a consultation period and will apply at the end of the scrutiny period by the European parliament and Council.

On 4 February 2025, the EBA published its final draft Implementing Technical Standards (ITS) on reporting of data on charges for credit transfers and payments accounts, and shares of rejected transactions.

The ITS deliver on the mandate in the Instant Payment Regulation (IPR) amending the SEPA Regulation, and aim at standardising reporting from banks, payment institutions and e-money institutions (i.e. Payment Service Providers - PSPs) to their National Competent Authorities. The reported data will help to ensure consumers benefit from access to instant credit transfers, and that the latter are no longer more expensive than regular credit transfers. Following its public consultation, the EBA has postponed the first harmonised reporting from PSPs by 12 months, from April 2025 to April 2026.

The ITS specify uniform reporting templates, instructions, and methodology for the purpose of reporting of charges for credit transfers, payment accounts and shares of rejected transactions due to the application of the EU sanctions regime.

In developing the ITS, the EBA has sought to find the appropriate balance between the competing aims of obtaining the data required for a robust analysis of the impact of the amended SEPA Regulation on the pricing of payment accounts and credit transfers, and the shares of rejected transactions, on the one hand, and the need to avoid an excessive reporting burden for the industry on the other.

The ITS will also support the European Commission in monitoring whether consumers benefit from access to instant credit transfers, and that instant credit transfers are not more expensive than regular credit transfers.

As part of reducing the burden on the industry, and in response to comments received to the consultation, the draft final ITS postpone the deadline set in the amended SEPA Regulation for the first harmonised reporting by 12 months, to April 2026, and the subsequent reporting from the National Competent Authorities to the EBA and the European Commission to October 2026. The additional 12 months will provide sufficient time for the European Commission to adopt the EBA’s final draft ITS, and for the EBA to develop the taxonomy, datapoint model and validation rules, which the industry then needs to implement. Until the first reporting, National Competent Authorities should deprioritise collecting data from the PSPs, discourage institutions from providing unharmonised reporting prior to the availability of the EBA’s taxonomy, datapoint model and validation rules, and not take enforcement action in relation to PSPs that do not report in 2025.

On 7 February 2025, the ESMA published two public consultations following the review of the European Market Infrastructure Regulation (EMIR 3).

ESMA is encouraging stakeholders to share their views on:  

• The conditions for extensions of authorisation and the list of required documents and information for applications by central counterparties (CCPs) for initial authorisations and extensions.
  This Consultation Paper presents the draft RTS prepared by ESMA. Section 4 outlines ESMA’s proposal to specify the conditions for the accelerated procedure under Article 17a of EMIR. Section 5 presents the procedure for consulting ESMA and the college on whether or not those conditions, under Article 17a of EMIR, are fulfilled. Section 6 sets out the conditions for the exemption from authorisation under Article 15a of EMIR. Section 7 covers the frequency of notification of exemptions under Article 15a of EMIR. Section 8 presents the list of required documents that are to accompany an application for initial authorisation of a CCP under Article 14 of EMIR, and an application for extension of authorisation under Article 17 of EMIR and under Article 17a of EMIR (accelerated procedure). Section 9 provides a clarification on the determination of the concept of ‘working days’ under EMIR. Finally, Section 10 contains all the relevant annexes (Annex I provides the summary of all questions posed in this Consultation Paper; Annex II provides the legislative mandate for the development of this draft RTS; Annex III contains the cost-benefit analysis; Annex IV contains the draft RTS).
• The conditions for validations of changes to CCP’s models and parameters and the list of required documents and information for applications for validations of such changes. 
  This Consultation Paper presents the draft RTS prepared by ESMA. Section 4 outlines ESMA’s proposed quantitative thresholds and qualitative elements to be considered when determining whether a model change is significant. Section 5 further describes the changes to models that can be considered as already covered by the approved model. Section 6 presents the list of required documents that are to accompany an application for validation of a change to models or parameters. Section 7 provides a clarification on the determination of the concept of ‘working days’ under EMIR. Finally, Section 8 contains all the relevant annexes (Annex I provides the summary of all questions posed in this Consultation Paper; Annex II provides the legislative mandate for the development of this draft RTS; Annex III contains the cost-benefit analysis; Annex IV contains the draft RTS).

EMIR 3 introduces several measures to make EU clearing services and EU CCPs more efficient and competitive, notably by streamlining and shortening supervisory procedures for initial authorisations, extensions of authorisation and validations of changes to models and parameters. 

The deadline for responses to the consultation paper is 7 April 2025. 

Based on the responses received, ESMA will prepare the final report and intends to submit the final draft technical standards to the European Commission by 25 December 2025.

On 17 February 2025, the ESMA updated its Q&A on European Market Infrastructure Regulation (EMIR - Regulation (EU) No 648/2012).

The question is as follows:

How should the Settlement Rate Option be reported for FX products, such as FX non-deliverable forwards or FX non-deliverable options?

The answer is as follows:

When reporting currency derivatives based on an underlying benchmark, both sets of reporting fields are applicable, depending on the terms of the contract being reported. Therefore, both the ‘currency derivatives-related’ fields and ‘benchmark-related’ fields should be reported as appropriate.

In addition to the relevant currency and benchmark fields, the following fields should be populated as outlined below to accurately identify the derivative. For example, in the case of NDFs based on an underlying benchmark:

• Field 2.11 ‘Asset Class’ should be populated with the corresponding value for currency derivatives (‘CURR’).
• Field 2.13 ‘Underlying identification type’ should be populated with ‘X’, indicating that the derivative relates to an Index.
• Field 2.14 ‘Underlying identification’ should be populated with the ISIN of the underlying benchmark. If the benchmark does not have an associated ISIN, this field should be left blank.
• Field 2.16 ‘Name of underlying index’ should be populated with the full name of the underlying index as assigned by the index provider.

On 20 February 2025, the European Securities and Markets Authority (ESMA) published a technical standards on different aspects of the Central Securities Depositories Regulation (CSDR) Refit.

The rules relate to the information to be provided by European CSDs to their national competent authorities (NCAs) for the review and evaluation process, to the criteria for assessing the importance of European CSDs in a host Member State and to the information to be notified by third-country CSDs.

The technical standards are set out in three separate final reports: 

• The review and evaluation process of EU CSDs, where ESMA suggest a harmonisation of the information to be shared by CSDs for feeding the overall assessment of the competent authorities, plus a one-year implementing period for the new reporting items that will require an adaptation of the IT processes of CSDs.
• The criteria under which the activities of an EU CSD in a host Member State could be considered of substantial importance for the functioning of the securities markets and the protection of investors. It includes details about the data collection process for the indicators needed to assess the substantial importance of European CSDs in a host Member State. This will be the basis to determine the CSDs for which colleges of supervisors have to be established. 
• The notifications from third country CSDs, where ESMA is proposing to streamline the information to be notified, aiming for an accurate understanding of the provision of notary, central maintenance and settlement services in the Union.

The CSDR Refit aims to fine-tune and clarify the CSDR framework. All the Final Reports published today considered the input from the relevant stakeholders and the cross-cutting effort of regulatory burden reduction when possible.

The three final reports with the draft technical standards have been submitted to the European Commission (EC) for adoption.

On 14 February 2025, the ESMA updated its Q&A on European Market Infrastructure Regulation (EMIR).

The questions is as follows:

(a) How should counterparties conduct the significance assessment referred to in Articles 9(1)(a) and 9(1)(c) of Commission Delegation Regulation (EU) 2022/1860 (ITS on reporting under EMIR REFIT)?

More specifically, how should the “NumOfAffReports” and the “Average Monthly Number of Submissions” referred to in the formula for significance in Paragraph 392 of the Guidelines on reporting under EMIR REFIT be calculated?

(b) Paragraph 392 of the Guidelines for reporting under EMIR REFIT states that the actual number of reports should be based on the previous 12 months. In the context of EMIR REFIT being applicable as of 29 April 2024, should data from before 29 April 2024 be included in the 12-month calculation?

The answer is as follows:

(a) For the purpose of the significance assessment, counterparties should calculate the “NumOfAffReports” and the “AverageMonthNum” separately for each category.

(b) The calculation for the ‘Average Monthly Number of Submissions’ should cover data from the 12 months immediately preceding the notification. Where feasible and not overly burdensome, this calculation should also include data from before EMIR REFIT’s applicability (i.e., prior to 29 April 2024). 

On 13 February 2025, the ESMA published a consultation on the revision of the disclosure framework for private securitisations under the Securitisation Regulation (SECR).

The consultation proposes a simplified disclosure template for private securitisations designed to improve proportionality in information-sharing processes while ensuring that supervisory authorities retain access to the essential data for effective oversight. The new template introduces aggregate-level reporting and streamlined requirements for transaction-specific data, reflecting the operational realities of private securitisations. 

The proposal of the simplified template follows ESMA’s previous consultation,  where industry stakeholders called for short-term solutions to address key challenges and advocated for a simplified template for private securitisations. A summary of these responses was published in the December 2024 Feedback Statement.

It also adds to the recently announced ESMA initiative on simplification and burden reduction actions, while preserving the main objectives of financial stability, orderly markets and investor protection.   

ESMA will consider all comments received by 31 March 2025. ESMA will work closely with the European Commission (EC) to explore whether adjustments to the technical standards, particularly regarding disclosures for private securitisations, can be implemented before the review of the regulation itself.

On 12 February 2025, the EC published a proposal for Regulation amending Regulation (EU) No 909/2014 as regards a c in the Union.

Shortening the settlement cycle in the EU would significantly change the way in which markets function today, with different impacts depending on the type of stakeholder, the category of transaction and the type of security. Quantifying some of the costs and benefits related to the shortening of the settlement cycle in the EU is challenging because of the lack of data, but the elements assessed by ESMA suggest that the benefits of a move in terms of risk reduction, margin savings and the reduction of costs incurred because of inefficiencies stemming from the misalignment with other major jurisdictions globally, represent important benefits for the Savings and Investments Union. Moreover, investment in modernising, harmonising and improving the efficiency and resilience of post-trade processes that would be prompted by a move to T+1 would facilitate achieving the objective of further promoting settlement efficiency in the EU, promoting market integration and ultimately the Savings and Investments Union, and avoiding a competitive disadvantage for EU capital markets, which could see traders favour other, more efficient markets. Finally, maintaining the current settlement cycle in the EU would contribute to further fragmenting the Savings and Investments Union as different EU stakeholders would continue to implement divergent solutions to cope with shorter settlement in most of the world’s capital markets.

Most of the identified costs associated with a move to T+1 would manifest in the short term, and are related to the investments needed to modernise, standardise and digitalise various steps in the settlement process. On the other hand, the elements assessed by ESMA suggest that the impact of T+1 in terms of risk reduction, margin savings and the reduction of costs linked to the misalignment with other major jurisdictions globally, represent important benefits for the competitiveness of EU capital markets and for moving towards the Savings and Investments Union and would ultimately improve the efficiency of EU capital markets and hence maintain their competitiveness at global level.

Settling securities transactions on T+1 is already technically and legally possible in the EU. Hence a move to T+1 could be left entirely in the hands of the EU securities industry to coordinate and carry out. However, the higher level of complexity of EU financial markets - due to the number of different actors, systems and currencies involved - compared to other jurisdictions that already moved to T+1, would make coordinating the process extremely challenging for that industry and would not provide legal or even planning certainty.

It is therefore appropriate to introduce a targeted amendment to Regulation (EU) 909/2014 in order to shorten the current mandatory settlement cycle to one day after the trading takes place. Such shortening of the settlement cycle would not prevent central securities depositories from voluntarily settling transactions on the same date as the trade date, where technologically capable.

On 13 February 2025, the ESMA published a consultation on the Amendments to the Regulatory Technical Standards (RTS) on Settlement Discipline.

ESMA is consulting on a set of proposals to amend the technical standards on settlement discipline that include:

• reduced timeframes for allocations and confirmations,
• the use of electronic, machine-readable allocations and confirmations according to international standards, and
• the implementation of hold & release and partial settlement by all central securities depositories.

ESMA also wants to gather stakeholders' views on additional measures that could potentially enhance settlement efficiency, for which there are no specific policy proposals yet.

This consultation takes into account the transition to T+1 in the European Union and the legislative proposal published by the Commission on 12 February 2025.  It is aligned with the roadmap outlined in ESMA’s Final Report on Shortening the Settlement Cycle.

ESMA will consider the feedback to this consultation until 14 April 2025 and expects to publish a final report and submit the draft technical standards to the European Commission (EC) by October 2025.

On 11 February 2025, the European Commission published its work programme 2025.

The EU has long been a hub of industry and innovation, with a distinctive social market economy. To help boost competitiveness, prosperity and resilience in the EU, a vision and tools for an implementation and simplification agenda is laid out in a Communication accompanying this work programme. By forging strong partnerships with businesses and stakeholders, the Commission will examine the design and application of the legislation to streamline regulations and implement policies more effectively. It will first and foremost benefit small and medium-sized enterprises (SMEs).

This work programme presents a first set of Omnibus proposals that simplify various pieces of legislation, alongside a record number of initiatives with a strong simplification dimension. They will contribute to achieving the goal of reducing administrative burdens by at least 25%, and at least 35% for SMEs. It also includes an annual plan of evaluations and fitness checks to ensure continuity of the simplification and burden reduction exercise.

The Omnibus proposals, adopted in subsequent steps, will tackle priority sectors signalled by stakeholders and referred to in the Draghi report. They will concentrate efforts to ensure coherence, build momentum and thereby maximise simplification by addressing the consequences of interactions of different pieces of legislation. Notably, the Commission will propose streamlining and simplification of sustainability reporting, sustainability due diligence and taxonomy, and create a new category of small mid-caps with adapted requirements. Other measures will facilitate the implementation of the InvestEU programme and the European Fund for strategic investments, including by simplifying reporting and boosting investment.

The Commission will accelerate the path to a digital regulatory environment, and will propose to remove inefficient requirements for paper formats in product legislation and build synergies and consistency for data protection and cybersecurity rules. Simplification measures concerning the Common Agriculture Policy and other policy areas affecting farmers will further address sources of complexity and excessive administrative burden for national administrations and farmers. Further simplification proposals will be explored, including a possible omnibus in the area of defence to help reach the investment goals that will be set out in the White Paper and to allow innovative companies to flourish.

On top of the Omnibus proposals, other initiatives are dedicated to simplifying legislation in order to streamline permit granting, authorisations and reporting requirements and make investment easier in Europe. This includes, for example, the Industrial Decarbonisation Accelerator act that will support energy intensive industries.

With the European Business Wallet, the Commission will simplify business-to-business and business-to-government exchanges for businesses. In addition to facilitating secure data exchange, the business wallet would unlock new business opportunities for trust service providers.

On 26 February 2025, the European Commission published a consultation on Taxonomy Delegated Acts – amendments to make reporting simpler and more cost-effective for companies.

This initiative accompanies the Omnibus simplification package on sustainability reporting and due diligence. It aims to make them simpler and more cost-effective for companies, by making certain requirements more flexible and reducing the amount of data to be provided.

The initiative aims to help balance EU environmental goals with business competitiveness.

It comprises amendments to the:

• Taxonomy Disclosures Delegated Act,
• Taxonomy Climate Delegated Act,
• Taxonomy Environmental Delegated Act.

The Regulation is based on Articles 8(4), 10(3), 11(3)12(2), 13(2), 14(2) and 15(2) of the Taxonomy Regulation. It amends the Disclosures Delegated Act, the Climate Delegated Act and the Environmental Delegated Act.

Article 1 of the Regulation provides a list of amendments to the Disclosures Delegated Act.

Points (1) to (5) of Article 1 add new provisions to Articles 2 to 6 of the Disclosures Delegated Act to ensure that it should be permissible for undertakings subject to Articles 19a or 29a of Directive 2013/34/EU not to assess compliance with the technical screening criteria laid down in the Climate and Environmental Delegated Acts of economic activities that are not financially material for their business. Undertakings would have to report separately these non-material activities. In addition, point (1) adds a provision allowing non-financial undertakings not to report on operational expenditures where the cumulative turnover of their eligible activities do not exceed 25% of total turnover.

Point (6) excludes the undertakings other than large undertakings which, on their balance sheet dates, exceed the average number of 1000 employees during the financial year from the denominator of KPIs of financial undertakings.

Point (7) postpones the application of the KPI Trading book portfolio and KPI on services other than lending (Fees and Commissions) until 2027.

Points (8) to (12) of Article 1 replace the templates provided in Annexes II, IV, VI, VIII and X to the Disclosures Delegated Act with new templates that simplify the presentation of the information to be disclosed under Article 8(1) of the Taxonomy Regulation by undertakings subject to Articles 19a or 29a of Directive 2013/34/EU concerning environmentally sustainable economic activities.

Those provisions also reduce the templates provided in Annex XII to the Disclosures Delegated Act to avoid duplicative information with information disclosed in the templates provided in Annexes II, IV, VI, VIII and X of that Regulation.

Articles 2 and 3 provide a list of amendments respectively to Annexes I and II to the Climate Delegated Act and to Annexes I, II and IV to the Environmental Delegated Act. These amendments clarify the application of certain exemptions from EU environmental legislation referenced in the criteria of Appendix C. They also repeal [or replace] the provision of the additional paragraph after point (f) of Appendix C.

Article 4 provides that this Regulation should enter into force on the twentieth day following that of its publication in the Official Journal of the European Union and should apply from 1 January 2026.

The consultation closes on 26 March 2025.

BACKGROUND

On 4 February 2025, the Brazilian Financial and Capital Markets Association (ANBIMA) announced the upcoming discontinuation of Position File version 4.01, a tool used for exchanging information on funds and managed portfolios. This update follows the initial announcement made in September 2024.

WHAT'S NEW?

After June 2025, only Position File version 5.0 will be valid for reporting funds and managed portfolios.

The transition is necessary to align with CVM Resolution 175, the new regulatory framework for investment funds, and to ensure compliance with international best practices.

To use Position File 5.0, fund managers and administrators must install the validator tool (Bolletator). If the installation is blocked due to the .exe file extension, users should manually allow the download in their browser settings.

WHAT'S NEXT?

ANBIMA recommends an immediate transition to Position File 5.0 to avoid disruptions. The new version is available on the Fiduciary Services page of ANBIMA’s website.

Fund managers and administrators should ensure they have installed the necessary validator tool to facilitate compliance.

For further assistance, stakeholders can contact ANBIMA via fifs.servicos@anbima.com.br.

On 11 February 2025, the ANBIMA published news on ANBIMA's distribution certifications will have new prices and annual update starting in 2026.

Starting in 2026, the new CPA, C-Pro R, and C-Pro I investment product distribution certifications will take effect and will be priced lower than the current CPA-10, CPA-20, and CEA.

ANBIMA will also adopt the mandatory annual update of its certifications, conduct in line with market practices. The focus will be on professional development based on studies by ANBIMA Edu, the Association's free qualification platform.

The exam and update fees are:

• CPA - R$ 225 (exam) and R$ 115 (annual update);
• C-Pro R - R$ 500 (exam) and R$ 325 (annual update);
• C-Pro I - R$ 500 (exam) and R$ 325 (annual update).

Institutions that choose to pay for the update of their employees will have to pay the amount of R$ 30.

These changes are valid both for the public that will automatically and freely migrate from the current model to the new one and will need, at some point, to renew their certifications, as well as for those who intend to take exams in order to achieve the new certifications starting next year. 

On 5 February 2025, the Brazilian Financial and Capital Markets Association (ANBIMA) published news on Certification exams starting in March will include questions on crypto assets and ethical conduct.

The inclusion of the new topics is part of ANBIMA’s ongoing commitment to boost the qualification of those who work in the financial and capital markets. The topics that will be charged in the tests are included in the detailed certification programs on ANIMBA’s website.

Last year, ANBIMA launched the Code of Ethical Conduct for people who work or want to work in the financial market. The material deals with professional conduct, managing conflicts of interest, protecting confidential information and promoting fair and transparent market practices.

Employees, agents and third parties hired by ANBIMA member institutions or adhering to the ANBIMA Codes ("Participating Institutions"), as well as any individual who is interested ("Single Registrations") may take the exams. 

On 19 February 2025, the ANBIMA published an updated Q&A document about transparency rules in distributor remuneration.

With the first edition published in November 2024, the document now has 33 answers to frequently asked questions from institutions. The material is divided into: scope of standards; qualitative and general information; quantitative and specific information and quarterly statement.

With the update, the document gained two new questions, which deal with situations in which the rules do not apply.

According to CVM guidelines, managers who distribute only shares of funds under their management are not subject to the rules because there is no distribution fee to be informed. Private offerings of closed-end fund quotas are also exempt from the rules, since the costs of these customized operations are agreed upon among the shareholders and approved at the meeting.

Institutions will also not need to make the quarterly statement available to customers who only have publicly offered securities, such as CRAs and CRIs (Agribusiness and Real Estate Receivables Certificates, respectively), for example. This is because CVM Resolution 160 already provides for the transparency of distribution costs in a specific section of the offering documents, to which the client will be directed when contracting the operation.

BACKGROUND

On 5 February 2025, the Banco Central do Brasil (BCB) issued Normative Instruction No. 590, which amends BCB Normative Instruction No. 330 of 24 November 2022, which consolidates the procedures for the registration of registration information in the Registration System Information on Entities of Interest to the Central Bank (Unicad). The update is based on BCB Resolution No. 209 and aligns with Joint Resolution No. 6 of 23 May 2023, which sets requirements for financial institutions to share data and information on fraud evidence.

WHAT'S NEW?

Normative Instruction No. 590 introduces a requirement for financial institutions to register, within Unicad, any contracted company providing fraud-related data-sharing services. The registration must include:The CNPJ (Corporate Taxpayer ID) of both the financial institution and the contracted companyThe start and end dates of the serviceAny relevant observationsIf an institution does not contract an external company, it must register its own CNPJ instead. The registration must be completed within ten days of contracting the service.

WHAT'S NEXT?

Normative Instruction No. 590 enters in force on 3 March 2025. Institutions hiring companies for fraud-related data-sharing services should follow the new registration procedures to ensure compliance with the updated Unicad requirements.

On 18 February 2025, the Comissão de Valores Mobiliários (CVM) published Circular Letter CVM/SIN/SMI 1/2025 on procedures for reporting irregularities and reporting to the Authority.

The document aims to complement the guidelines of CVM/SMI Circular Letter 1/2024, which deal with the monitoring of operations and communication to the CVM provided for in article 33 of CVM Resolution 35.

When evidence of irregular management of the securities portfolio is identified, in operations executed by intermediaries, the communication of the facts must be forwarded to the Supervision of Institutional Investors (SIN) through the electronic protocol. If other irregularities are detected, in addition to evidence of management of third-party resources, the communication must be forwarded to the two superintendencies SIN and Market Relations and Intermediaries (SMI).

Irregular administration comprises the application of third-party financial resources, carried out by intermediaries, without prior accreditation with the CVM. The person can check if the advisor is accredited by consulting the CVM general register.

Communications must be sent with as many supporting documents and information as possible, such as contact details of the monitored people (name, CPF or CNPJ, e-mail address, links to social networks, telephone numbers, among others). 

On 21 February 2025, Legifrance published the decree n.2025-169 on markets in crypto-assets.

The decree modifies the regulatory part of the Monetary and Financial Code to ensure its coherence and compliance with Regulation (EU) 2023/1114 of the European Parliament and the Council of 31 May 2023 on markets in crypto-assets, and amending Regulations (EU) No 1093/2010 and (EU) No 1095/2010 and Directives 2013/36/EU and (EU) 2019/1937. It temporarily adjusts, until 30 June 2026, the registration and approval procedure for digital asset service providers and sets the amount of the contribution from crypto-asset service providers to the Financial Markets Authority, as well as the one required in case of notification of a white paper on crypto-assets other than asset-referenced tokens or e-money tokens.

Version française

Le 21 février 2025, Legifrance a publié le décret n.2025-169 relatif aux marchés des crypto-actifs.

Le décret modifie la partie réglementaire du Code monétaire et financier afin d'assurer sa cohérence et sa conformité avec le Règlement (UE) 2023/1114 du Parlement européen et du Conseil du 31 mai 2023 sur les marchés des crypto-actifs, et amendant les règlements (UE) No 1093/2010 et (UE) No 1095/2010 et les directives 2013/36/UE et (UE) 2019/1937. Il ajuste temporairement, jusqu'au 30 juin 2026, la procédure d'enregistrement et d'approbation des prestataires de services sur actifs numériques et fixe le montant de la contribution des prestataires de services sur crypto-actifs à l'Autorité des marchés financiers, ainsi que celui requis en cas de notification d'un white paper sur les crypto-actifs autres que les tokens référencés sur des actifs ou les tokens de monnaie électronique.

On 19 February 2025, the AMF published findings from spot controls on invetsment ratios monitoring.

The AMF's February 2025 spot control synthesis evaluates investment ratio compliance and related compensations/claims within UCITS and AIFs. It examines organizational and governance structures, relevant procedures, operational robustness, investor and regulator information, and the internal control framework. The review revealed 19 good practices and 7 deficiencies. Generalist management companies with collective assets under €100 billion were evaluated from 1 January 2021 to 31 December 2023. Key findings include similar human and technical resources across firms, with automatic identification of breaches but manual handling due to varied ratio situations. A notable issue was the failure to regularly assess modifications in ratio control settings. The report stresses the need for clear internal rules to process alerts, distinguishing active from passive breaches, which influenced compensations, rare but significant, arising from active breaches. The results demonstrate well-executed pre- and post-transaction ratio checks, identifying numerous breaches annually, aligned with firms' strategies. No investor claims related to breaches, as most are unaware of their existence or impact. AMF insists on accurate reporting and suggests deploying statistical analyses to preempt structural anomalies.

Version française

Le 19 février 2025, l'AMF a publié ses conclusions tirées des contrôles ponctuels sur la surveillance des ratios d'investissement.

La synthèse des contrôles ponctuels de février 2025 de l'AMF évalue la conformité des ratios d'investissement et les compensations/réclamations associées au sein des OPCVM et des FIA. Elle examine les structures organisationnelles et de gouvernance, les procédures pertinentes, la robustesse opérationnelle, l'information des investisseurs et des régulateurs, et le cadre de contrôle interne. La revue a révélé 19 bonnes pratiques et 7 insuffisances. Les sociétés de gestion généralistes avec des actifs collectifs inférieurs à 100 milliards d'euros ont été évaluées du 1er janvier 2021 au 31 décembre 2023. Les principales conclusions incluent des ressources humaines et techniques similaires entre les entreprises, avec une identification automatique des violations mais une gestion manuelle en raison de situations de ratios variées. Un problème notable était l'évaluation insuffisante des modifications des paramètres de contrôle des ratios. Le rapport souligne la nécessité de règles internes claires pour traiter les alertes, distinguant les violations actives des violations passives, influençant des compensations rares mais significatives résultant de violations actives. Les résultats montrent des contrôles de ratios bien exécutés avant et après transaction, identifiant de nombreuses violations annuelles, alignées sur les stratégies des entreprises. Aucune réclamation d'investisseur liée aux violations, car la plupart sont ignorants de leur existence ou de leur impact. L'AMF insiste sur un reporting précis et suggère le déploiement d'analyses statistiques pour anticiper les anomalies structurelles.

On the 20 February 2025, the Department of Finance of Ireland published a SI on the implementation of DORA. The regulations are designating the CBI as the competent authority for enforcing DORA in Ireland.

Competent authority :

The Central Bank of Ireland (CBI) is designated as the competent authority in the State for the purposes of Articles 26(9) and 32(5), respectively, of the Digital Operational Resilience Regulation. It is designated as :

• The competent authority in the financial sector responsible for TLPT-related matters in the financial sector at national level and shall entrust it with all competences and tasks to that effect
• The competent authority in Ireland whose staff member serves as the country’s high-level representative on the DORA Oversight Forum, in line with the coordination requirements set out in Article 32(5).
  (The Digital Operational Resilience Regulation and these Regulations shall not apply to credit unions )

Powers of Bank :

The Regulations also grant the CBI all the powers necessary for the performance of its functions and duties under DORA and these Regulations.

Sanctions :

The power of the CBI includes the ability to impose sanctions on financial entities and individuals for non-compliance with DORA’s requirements. Possible sanctions include:

• Orders requiring the natural or legal person to cease conduct that is in breach of DORA and prevent its recurrence,
• Temporary or permanent cessation of any practice or conduct that the CBI considers to be contrary to the provisions of DORA and prevent its recurrence,
• The adoption of any type of measure, including of a pecuniary nature, to ensure that financial entities continue to comply with legal requirements;
• The issuance of public notices, including public statements indicating the identity of the natural or legal person and the nature of the breach. 

Where breaches involve legal persons, sanctions may also apply to members of the management body or other individuals responsible for violations. 

The type and level of any sanction or sanctions to be imposed in respect of such a contravention shall take into account the extent to which the contravention is intentional or results from negligence, and all other relevant circumstances, including the following, where appropriate:

• The seriousness and duration of the violation,
• The responsibility of those involved,
• The financial strength of the entity,
• Profits or losses related to the breach,
• Losses to third parties,
• The level of cooperation with the CBI,
• Previous violations by the entity.

Right of appeal :

Any decision taken or sanction imposed under the Digital Operational Resilience Regulation or these Regulations is an appealable decision.

Amendment of Central Bank Act 1942 :

To reflect the introduction of DORA, the Central Bank Act 1942 has been amended to clarify the regulatory obligations of financial entities. Senior management and individuals performing Pre-Approval Controlled Functions (PCFs) or Controlled Functions (CFs) must recognize that financial entities can be subject to regulatory investigations and administrative sanctions if they fail to comply with DORA’s requirements.

These changes reinforce the CBI’s enforcement capabilities and emphasize the importance of operational resilience in Ireland’s financial sector.

On the 06 of February 2025, the Department of Finance published Criminal Justice (Terrorist Offences) Act 2005 (Section 42) (Restrictive measures concerning certain persons and entities with a view to combating terrorism) Regulations 2025.

The purpose of this Council Regulation is to contribute to the combating of terrorism through the adoption of specific restrictive measures, directed at persons, groups or entities, for the identification, detection, freezing or seizure of their assets of any kind.

These Regulations provide for the enforcement of Council Regulation (EC) No. 2580/2001 of 27 December 2001, as amended. Section 42 of the Criminal Justice (Terrorist Offences) Act 2005 creates an offence for breach of the provisions of these Regulations, provides for appropriate penalties and empowers the Minister for Finance to make regulations providing for such incidental, supplementary and consequential provisions as appear to the Minister to be necessary. The Regulations revoke previous domestic instruments created under Section 42 of the Criminal Justice (Terrorist Offences) Act 2005 in relation to Council Regulation (EC) No.2580/2001 of 27 December 2001, as amended.

The previous regulations are revoked.

On 17 February 2025, the Commissione Nazionale per le Società e la Borsa (CONSOB) published a Call for Attention to investment funds. 

The objective of reminder is to accompany the industry in the correct application of the existing provisions, within the regulatory framework relating to the so-called "sustainable finance", providing references for the declination of the same also in the light of ESMA's initiatives aimed at promoting supervisory convergence.

The experience gained so far by Consob has made it possible to identify some key elements of the legislation subject to the recall as well as some good and poor practices with reference to pre-contractual and periodic information at product level and the integration of ESG factors in the decision-making process.

The document is complementary to Consob's recent call for attention (no. 1/24 of 25 July 2024) on the adaptation of funds to sustainable finance obligations in the provision of investment services. This second reminder, however, does not exhaust the profiles worthy of attention which, given the complexity and evolution of the matter, may emerge in the continuation of the supervisory action.

On 24 February 2025, the JFSC published news on updating AML/CFT/CPF Handbook.

JFSC  have updated appendix D1 and appendix D2 of their AML/CFT/CPF Handbook, in response to the latest Financial Action Task Force (FATF) statements of 21 February 2025. 

Effective immediately, countries and territories listed under Sources 1 and 2 of Appendix D2 should be treated as not compliant with FATF Recommendations for the purpose of Article 17A of the Money Laundering Order. 

Supervised persons should: 

• review policies, procedures, and existing customer relationships, to assess the impact of these updates on their business;
• take particular care when considering placing reliance on an obliged person based in one of these countries and territories and
• discuss any concerns with your Supervisor.

Supervised persons may be required to undertake additional actions to mitigate the risk. 

On 19 February 2025, the PFI published a form and guide for RAIF AML/CFT questionnaire 2025.

For the new FIAR 2025 campaign, we are making available the updated version of the "FIAR AML/CFT Questionnaire 2024" as well as the new guide.

In the same context, we invite the Chief Control Officer ("RC") of all RAIF to communicate the report of the RAIF RC on the activity of the said RAIF with the data date 31 December 2024.

The deadline for the submission of the "FIAR AML/CFT Questionnaire 2024", as well as the FIAR RC Report 2024 is 31 May 2025.

Version française

Le 19 février 2025, le PFI a publié un formulaire et un guide pour le questionnaire RAIF LBC/FT 2025.

Pour la nouvelle campagne FIAR 2025, nous mettons à disposition la version mise à jour du "Questionnaire FIAR LBC/FT 2024" ainsi que le nouveau guide.

Dans le même contexte, nous invitons le Responsable du Contrôle ("RC") de tous les RAIF à communiquer le rapport du RC de RAIF sur l'activité de dit RAIF avec une date de données au 31 décembre 2024.

La date limite pour la soumission du "Questionnaire FIAR LBC/FT 2024", ainsi que du rapport RC FIAR 2024 est le 31 mai 2025.

On 25 February 2025, the CSSF published the Circular CSSF 25/873 Application of the Guidelines of the EBA on recovery plans under Articles 46 and 55 of Regulation (EU) 2023/1114

The circular issued on 17 February 2025, informs issuers of ARTs and EMTs about the application of the EBA's Guidelines on recovery plans under Articles 46 and 55 of the Regulation (EU) 2023/1114 (MiCAR). The CSSF adopts these guidelines to promote supervisory convergence and integrates them into its regulatory approach. The guidelines, which became effective on 13 November 2024, outline the specific format and required information for recovery plans that issuers of ARTs and EMTs must prepare and maintain. The applicability of these guidelines is immediate, targeting issuers defined in Article 3(1) of MiCAR, ensuring they meet the obligations set forth in Articles 46 and 55 of MiCAR.

Version française

Le 25 février 2025, la CSSF a publié la Circulaire CSSF 25/873 Application des lignes directrices de l'EBA sur les plans de redressement en vertu des articles 46 et 55 du Règlement (UE) 2023/1114.

La circulaire, publiée le 17 février 2025, informe les émetteurs de ARTs et de EMTs sur l'application des lignes directrices de l'EBA concernant les plans de redressement en vertu des articles 46 et 55 du Règlement (UE) 2023/1114 (MiCAR). La CSSF adopte ces lignes directrices pour promouvoir la convergence de la supervision et les intègre dans son approche réglementaire. Les lignes directrices, entrées en vigueur le 13 novembre 2024, précisent le format spécifique et les informations requises pour les plans de redressement que les émetteurs de ARTs et de EMTs doivent préparer et maintenir. L'applicabilité de ces lignes directrices est immédiate, ciblant les émetteurs définis à l'article 3(1) de MiCAR, afin de garantir qu'ils respectent les obligations définies aux articles 46 et 55 de MiCAR.

On 25 February 2025, the CSSF published a Circular on applying EBA and ESMA Guidelines for assessing the suitability of management body members in issuers of ART and CASPs, as well as shareholders and members with qualifying holdings in these entities.

Circular CSSF 25/875, issued by the Commission de Surveillance du Secteur Financier (CSSF) on 17 February 2025, informs relevant stakeholders that CSSF, as the competent authority, applies the Joint Guidelines of the European Banking Authority (EBA) and the European Securities and Markets Authority (ESMA). These guidelines establish common reference parameters for assessing the suitability of members of the management body and shareholders, whether direct or indirect, with qualifying holdings in issuers of asset-referenced tokens (ARTs) and crypto-asset service providers (CASPs).

The circular applies to applicants seeking authorisation and authorised entities under various articles of the Markets in Crypto-assets Regulation (MiCAR). Specifically, it concerns issuers of ARTs seeking authorisation under Article 18, those authorised under Article 21, CASPs seeking authorisation under Article 62, and those authorised under Article 63, as well as those listed in Article 60 providing crypto-asset services as part of their authorisation under paragraphs (2), (4), (5), and (6) of Article 60. The circular emphasizes the integration of these joint guidelines into CSSF's administrative practice and regulatory approach to enhance supervisory convergence across the sector. This application is immediate as of the circular's issuance date.

Version française

Le 25 février 2025, la CSSF a publié une circulaire sur l'application des directives de l'EBA et de l'ESMA pour évaluer l'aptitude des membres des organes de gestion dans les émetteurs d'ART et les CASP, ainsi que des actionnaires et des membres détenant des participations qualifiées dans ces entités.

La Circulaire CSSF 25/875, émise par la Commission de Surveillance du Secteur Financier (CSSF) le 17 février 2025, informe les parties prenantes concernées que la CSSF, en tant qu'autorité compétente, applique les directives conjointes de l'Autorité Bancaire Européenne (EBA) et de l'Autorité Européenne des Marchés Financiers (ESMA). Ces directives établissent des paramètres de référence communs pour évaluer l'aptitude des membres des organes de gestion et des actionnaires, qu'ils soient directs ou indirects, détenant des participations qualifiées dans les émetteurs de jetons référencés sur actifs (ART) et les prestataires de services d'actifs cryptographiques (CASP).

La circulaire s'applique aux candidats à l'autorisation ainsi qu'aux entités autorisées en vertu de divers articles du règlement sur les marchés des crypto-actifs (MiCAR). Plus précisément, elle concerne les émetteurs d'ART demandant une autorisation en vertu de l'article 18, ceux autorisés en vertu de l'article 21, les CASP demandant une autorisation en vertu de l'article 62, ainsi que ceux autorisés en vertu de l'article 63, ainsi que ceux listés à l'article 60 fournissant des services d'actifs cryptographiques dans le cadre de leur autorisation en vertu des paragraphes (2), (4), (5) et (6) de l'article 60. La circulaire souligne l'intégration de ces directives conjointes dans la pratique administrative et l'approche réglementaire de la CSSF pour améliorer la convergence de la surveillance à travers le secteur. Cette application est immédiate à compter de la date de publication de la circulaire.

On 25 February 2025, the CSSF published the Circular CSSF 25/876 Application of the Guidelines of the EBAon redemption plans under Articles 47 and 55 of Regulation (EU) 2023/1114.

Circular CSSF 25/876, issued by the Commission de Surveillance du Secteur Financier (CSSF) on 17 February 2025, informs stakeholders that the CSSF is applying the Guidelines of the European Banking Authority (EBA) on redemption plans under Articles 47 and 55 of Regulation (EU) 2023/1114, also known as the Markets in Crypto-assets Regulation (MiCAR). 

These guidelines, which were published on 9 October 2024, detail the requirements for redemption plans that issuers of asset-referenced tokens (ARTs) and e-money tokens (EMTs) must prepare and maintain. These plans specify the content, periodicity for review and update, and the triggers for their implementation to ensure operational readiness in satisfying redemption claims. 

The integration of these guidelines into CSSF's administrative practices aims to promote supervisory convergence across European financial sectors. The circular applies immediately to all issuers of ARTs and EMTs as defined in MiCAR.

Version française

Le 25 février 2025, la CSSF a publié la Circulaire CSSF 25/876 Application des lignes directrices de l'EBA sur les plans de remboursement en vertu des articles 47 et 55 du Règlement (UE) 2023/1114.

La Circulaire CSSF 25/876, publiée par la Commission de Surveillance du Secteur Financier (CSSF) le 17 février 2025, informe les parties prenantes que la CSSF applique les lignes directrices de l'Autorité Bancaire Européenne (EBA) sur les plans de remboursement en vertu des articles 47 et 55 du Règlement (UE) 2023/1114, également connu sous le nom de Règlement sur les marchés des crypto-actifs (MiCAR).

Ces lignes directrices, publiées le 9 octobre 2024, détaillent les exigences relatives aux plans de remboursement que les émetteurs de tokens référencés sur des actifs (ARTs) et de tokens de monnaie électronique (EMTs) doivent préparer et maintenir. Ces plans spécifient le contenu, la périodicité de révision et de mise à jour, ainsi que les déclencheurs pour leur mise en œuvre afin de garantir la préparation opérationnelle pour satisfaire les demandes de remboursement.

L'intégration de ces lignes directrices dans les pratiques administratives de la CSSF vise à promouvoir la convergence de la supervision dans les secteurs financiers européens. La circulaire s'applique immédiatement à tous les émetteurs de ARTs et de EMTs définis dans MiCAR.

On 25 February 2025, the CSSF published Circular CSSF 25/872 Application of the Guidelines of the EBA on the minimum content of the governance arrangements for issuers of asset-referenced tokens.

The Circular issued by the CSSF on 17 February 2025, informs stakeholders that the CSSF is applying the Guidelines of the EBA on the minimum content of governance arrangements for issuers of ARTs, as referenced in EBA/GL/2024/06, and published on 6 June 2024. 

The circular specifies that its scope of application includes all issuers of ARTs, as defined in Article 3(1), point 10, and point 6 of Regulation (EU) 2023/1114, known as the MiCAR. The guidelines detail governance requirements, including the role and composition of the management body, organizational frameworks, risk culture, business conduct, and internal control mechanisms. The circular aims to ensure compliance and effective governance structures among ART issuers, applying these guidelines with immediate effect from the date of its issuance.

Version française

Le 25 février 2025, la CSSF a publié la Circulaire CSSF 25/872 Application des lignes directrices de l'EBA sur le contenu minimal des arrangements de gouvernance pour les émetteurs de tokens référencés sur des actifs.

La Circulaire publiée par la CSSF le 17 février 2025 informe les parties prenantes que la CSSF applique les lignes directrices de l'EBA sur le contenu minimal des arrangements de gouvernance pour les émetteurs de ARTs, comme référencé dans EBA/GL/2024/06 et publié le 6 juin 2024.

La circulaire précise que son champ d'application inclut tous les émetteurs de ARTs, définis à l'article 3(1), point 10 et point 6 du Règlement (UE) 2023/1114, connu sous le nom de MiCAR. Les lignes directrices détaillent les exigences de gouvernance, y compris le rôle et la composition de l'organe de direction, les cadres organisationnels, la culture du risque, la conduite des affaires et les mécanismes de contrôle interne. La circulaire vise à garantir la conformité et des structures de gouvernance efficaces parmi les émetteurs de ARTs, appliquant ces lignes directrices avec effet immédiat à partir de la date de sa publication.

On 17 February 2025, the CSSF announced the publication in the OJ of the Luxembourg law designating the CSSF as the competent authority for MiCAR.

A new step has been taken in the implementation of the European Digital Finance Package through the publication on 10 February 2025 of the national Law of 6 February 2025 in the Official Journal which officially designates the CSSF as the competent authority within the framework of Regulation (EU) 2023/1114 on markets in crypto-assets (“MiCAR”). This law entered into force on the day of its publication and implements other regulations such as Regulation (EU) 2023/1113 on information accompanying transfers of funds and certain crypto-assets.

As a reminder, MiCAR has become fully applicable since 30 December 2024, the date on which regulatory obligations took effect for crypto-asset service providers (“CASPs”). The CSSF is now provided with the supervisory and investigative powers necessary to exercise its functions and has an appropriate sanctions regime in place to ensure the application of the said regulation, the objective of which is to create a harmonised framework for crypto-assets and their players, whether traditional institutions in the financial sector or new emerging players in the crypto ecosystem.

The Law of 6 February 2025 also provides details on the transitional measures targeting virtual asset service providers (“VASPs”). VASPs registered with the CSSF before 30 December 2024 in accordance with Article 7-1 of the amended Law of 12 November 2004 on the fight against money laundering and the financing of terrorism as in force as of 30 December 2024, shall remain registered in the VASP register established by the CSSF until 1 July 2026 or until they are granted or refused authorisation under Article 63 MiCAR, whichever is sooner.

Version française

Le 17 février 2025, la CSSF a annoncé la publication au JO de la loi luxembourgeoise désignant la CSSF comme autorité compétente pour MiCAR.

Une nouvelle étape a été franchie dans la mise en œuvre du Paquet Financier Numérique Européen par la publication le 10 février 2025 de la loi nationale du 6 février 2025 au Journal Officiel, qui désigne officiellement la CSSF comme autorité compétente dans le cadre du Règlement (UE) 2023/1114 sur les marchés des crypto-actifs (MiCAR). Cette loi est entrée en vigueur le jour de sa publication et met en œuvre d'autres règlements tels que le Règlement (UE) 2023/1113 relatif à l'information accompagnant les transferts de fonds et certains crypto-actifs.

Pour rappel, MiCAR est pleinement applicable depuis le 30 décembre 2024, date à laquelle les obligations réglementaires ont pris effet pour les prestataires de services sur crypto-actifs (CASPs). La CSSF est désormais dotée des pouvoirs de supervision et d'enquête nécessaires pour exercer ses fonctions et dispose d'un régime de sanctions approprié pour assurer l'application de ce règlement, dont l'objectif est de créer un cadre harmonisé pour les crypto-actifs et leurs acteurs, qu'il s'agisse d'institutions traditionnelles du secteur financier ou de nouveaux acteurs émergents dans l'écosystème des crypto-monnaies.

La loi du 6 février 2025 fournit également des détails sur les mesures transitoires visant les prestataires de services sur actifs virtuels (VASPs). Les VASPs inscrits auprès de la CSSF avant le 30 décembre 2024 conformément à l'article 7-1 de la loi modifiée du 12 novembre 2004 sur la lutte contre le blanchiment et le financement du terrorisme en vigueur au 30 décembre 2024, restent inscrits dans le registre des VASPs établi par la CSSF jusqu'au 1er juillet 2026 ou jusqu'à ce qu'ils obtiennent ou se voient refuser l'autorisation en vertu de l'article 63 MiCAR, selon la première de ces deux dates.

On 15 January 2025, the CSSF published a communiqué indicating that it would notify financial entities identified as those which, in accordance with article 5, paragraph 5, of the regulatory technical standards (RTS)1, cannot be exempted from reporting a major incident during weekends and bank holidays when the time limit for submitting notification of that incident falls on a weekend day or a bank holiday. This notification by the CSSF to the concerned financial entities was to have taken place before the end of February.

However, considering that Article 5(5) of the RTS refers to Directive (EU) 2022/2555 of 14 December 2022 on measures for a high common level of cybersecurity across the Union (NIS 2 Directive), the CSSF informs financial entities that the notification to the concerned financial entities of their obligation to report a major incident on weekends or bank holidays cannot take place until this Directive is transposed at national level and is therefore postponed.

Version française

Le 15 janvier 2025, la CSSF a publié un communiqué indiquant qu'elle notifierait les entités financières identifiées comme celles qui, conformément à l'article 5, paragraphe 5, des normes techniques de réglementation (RTS)1, ne peuvent être exemptées de déclarer un incident majeur durant les week-ends et jours fériés lorsque le délai de soumission de la notification de cet incident tombe un jour de week-end ou un jour férié. Cette notification de la CSSF aux entités financières concernées devait avoir lieu avant la fin février.

Cependant, compte tenu du fait que l'article 5(5) des RTS se réfère à la Directive (UE) 2022/2555 du 14 décembre 2022 sur les mesures visant à un niveau commun élevé de cybersécurité dans l'Union (Directive NIS 2), la CSSF informe les entités financières que la notification aux entités financières concernées de leur obligation de déclarer un incident majeur les week-ends ou les jours fériés ne peut avoir lieu tant que cette Directive n'est pas transposée au niveau national et est donc reportée.

On 12 February 2025, the Chambre des députés published a draft Bill 8498 transposing MiFID, the Listing Act and ESAP.

Draft Bill 8498, introduced to the Chamber of Deputies by the Government of the Grand Duchy of Luxembourg, aims to transpose multiple EU directives into national law. The primary focus of the bill is to incorporate the provisions of Directive (EU) 2024/790, which amends Directive 2014/65/EU on markets in financial instruments. This directive enhances data transparency, removes obstacles to the establishment of consolidated publication systems, optimizes trading obligations, and bans the receipt of payment for order flow.

Additionally, the bill seeks to transpose Article 3 of Directive (EU) 2023/2864 concerning the establishment and operation of the European Single Access Point (ESAP). This initiative aims to centralize public access to information about entities and their products, thereby enabling investors to make informed decisions.

Key changes introduced by the draft bill include amendments to the modified laws of April 5, 1993, January 11, 2008, and May 30, 2018, which relate to the financial sector, transparency obligations of issuers, and markets in financial instruments respectively. These modifications ensure the transposition of both the new EU directives and their respective protocols into Luxembourg national law.

The draft bill also details procedural aspects, such as the role of designated bodies in collecting and making public the necessary information and the phased approach in extending the scope of regulatory data available in the ESAP.

The proposed legislation highlights the commitment of the Luxembourg government to align with EU regulations, thereby fostering greater transparency, better market integration, and enhanced investor protection in the financial markets.

Version française

Le 12 février 2025, la Chambre des députés a publié le projet de loi 8498 transposant MiFID, le Listing Act et l'ESAP.

Le projet de loi 8498, introduit à la Chambre des députés par le Gouvernement du Grand-Duché de Luxembourg, vise à transposer plusieurs directives de l'UE dans le droit national. L'objectif principal du projet de loi est d'incorporer les dispositions de la Directive (UE) 2024/790, qui modifie la Directive 2014/65/UE sur les marchés d'instruments financiers. Cette directive améliore la transparence des données, élimine les obstacles à la mise en place de systèmes de publication consolidés, optimise les obligations de négociation et interdit la réception de paiements pour l'exécution des ordres.

De plus, le projet de loi cherche à transposer l'article 3 de la Directive (UE) 2023/2864 concernant la création et le fonctionnement du Point d'Accès Unique Européen (ESAP). Cette initiative vise à centraliser l'accès public aux informations sur les entités et leurs produits, permettant ainsi aux investisseurs de prendre des décisions éclairées.

Les principaux changements introduits par le projet de loi incluent des amendements aux lois modifiées du 5 avril 1993, du 11 janvier 2008 et du 30 mai 2018, qui concernent respectivement le secteur financier, les obligations de transparence des émetteurs et les marchés d'instruments financiers. Ces modifications visent à assurer la transposition des nouvelles directives de l'UE ainsi que leurs protocoles respectifs dans le droit national luxembourgeois.

Le projet de loi détaille également les aspects procéduraux, tels que le rôle des organismes désignés dans la collecte et la mise à disposition publique des informations nécessaires et l'approche progressive pour étendre le champ des données réglementaires disponibles dans l'ESAP.

La législation proposée souligne l'engagement du gouvernement luxembourgeois à s'aligner sur les règlements de l'UE, favorisant ainsi une plus grande transparence, une meilleure intégration des marchés et une protection accrue des investisseurs dans les marchés financiers.

On the 07 February 2025, the CSSF published a circular that amends Circular CSSF 15/627 implementing a new monthly reporting to the CSSF – U1.1 reporting. The annex of Circular CSSF 15/627 is now published separately from the circular on the CSSF website.

Version française

Le 7 février 2025, la CSSF a publié une circulaire modifiant la Circulaire CSSF 15/627, mettant en place un nouveau rapport mensuel à la CSSF – le rapport U1.1. L'annexe de la Circulaire CSSF 15/627 est maintenant publiée séparément de la circulaire sur le site web de la CSSF.

On 12 February 2025, the CSSF published the new simplified procedure for creating (a) new share class(es) that do not require a prospectus update. This procedure applies to UCITS, UCI part II, SIFs, and SICARs.

From now on, the simplified procedure applies to new share classes whose characteristics are already defined in the current version of the fund’s prospectus.

For that purpose, the submission must adhere to the principles outlined in the dedicated form and include all relevant information about the share classes using the standardised table.

Version française

Le 12 février 2025, la CSSF a publié la nouvelle procédure simplifiée pour la création de nouvelle(s) classe(s) d'actions ne nécessitant pas une mise à jour du prospectus. Cette procédure s'applique aux OPCVM, OPC partie II, FIS et SICAR.

Dorénavant, la procédure simplifiée s'applique aux nouvelles classes d'actions dont les caractéristiques sont déjà définies dans la version actuelle du prospectus du fonds.

À cet effet, la soumission doit respecter les principes décrits dans le formulaire dédié et inclure toutes les informations pertinentes concernant les classes d'actions en utilisant le tableau standardisé.

On 26 February 2025, The document is structured to answer questions regarding the reporting instructions and offers additional clarifications for investment funds. The FAQ section is regularly updated based on inquiries from investment funds and ensures a structured and efficient implementation of statistical data collection. It includes several sections:

The update of the RIAD database (Register of Institutions and Affiliates Data) involves the registration process, amendments, or cancellations for non-regulated alternative investment funds (NAF). It mentions that investment funds are required to provide legal information, reporter details, and management company information during the first registration and any subsequent amendments must be communicated swiftly.

The BCL reports section details the types of reports required for different types of investment funds including the specifics for money market investment funds (MMF) and non-MMF. Depending on the type of investment fund (UCITS or non-UCITS) and the frequency of net asset value (NAV) calculations, different monthly, quarterly, and annual reports are required.

The document outlines the reporting dates and handling scenarios where NAV compilation is suspended, unavailable by the reporting date, or varies for different reports.

The start and end of reporting obligations section addresses questions related to when reporting should commence and the conditions under which obligations may end or exemptions may be granted. It includes a provision for a delay in starting reporting obligations upon request which allows a period of two to three months for the administration to establish reporting processes.

For investment funds authorized by the CSSF (Commission de Surveillance du Secteur Financier), certain conditions for exemption from statistical reports are outlined, particularly when the net asset value as declared in the U1.1 report is nil or negative.

Lastly, it mentions the necessity to notify the BCL in case of any amendments to registration information or changes in the total assets which could affect the reporting obligations.

Version française

Le 26 février 2025, le document est structuré pour répondre aux questions concernant les instructions de reporting et offre des clarifications supplémentaires pour les fonds d'investissement. La section FAQ est régulièrement mise à jour en fonction des demandes des fonds d'investissement et assure une collecte de données statistiques structurée et efficace. Elle comprend plusieurs sections :

La mise à jour de la base de données RIAD (Register of Institutions and Affiliates Data) concerne la procédure d'enregistrement, les modifications ou les annulations pour les fonds d'investissement alternatifs non réglementés (NAF). Il est mentionné que les fonds d'investissement doivent fournir des informations légales, des détails sur le déclarant et des informations sur la société de gestion lors du premier enregistrement, et les amendements ultérieurs doivent être communiqués rapidement.

La section des rapports de la BCL détaille les types de rapports requis pour différents types de fonds d'investissement, y compris les spécificités pour les fonds d'investissement monétaires (MMF) et non-MMF. Selon le type de fonds d'investissement (OPCVM ou non-OPCVM) et la fréquence des calculs de la valeur nette d'inventaire (VNI), différents rapports mensuels, trimestriels et annuels sont requis.

Le document décrit les dates de rapport et les scénarios de gestion où la compilation de la VNI est suspendue, non disponible à la date de rapport, ou varie pour différents rapports.

La section sur le début et la fin des obligations de reporting traite des questions relatives à quand le reporting doit commencer et aux conditions sous lesquelles les obligations peuvent prendre fin ou des exemptions peuvent être accordées. Elle inclut une disposition pour un délai de démarrage des obligations de reporting sur demande, permettant une période de deux à trois mois pour que l'administration établisse les processus de reporting.

Pour les fonds d'investissement autorisés par la CSSF (Commission de Surveillance du Secteur Financier), certaines conditions d'exemption des rapports statistiques sont décrites, en particulier lorsque la valeur nette d'inventaire déclarée dans le rapport U1.1 est nulle ou négative.

Enfin, il mentionne la nécessité de notifier la BCL en cas de modifications des informations de l'enregistrement ou des changements dans les actifs totaux qui pourraient affecter les obligations de reporting.

On 26 February 2025, the BCL published calendar of remittance dates for the  statistical reporting of investment  funds in 2025.

The calendar of remittance dates for the statistical reporting of investment funds in 2025 includes specific deadlines for different types of reports. For Money Market funds (MMF), the monthly reporting dates fall on 14 February 2025, 14 March 2025, 15 April 2025, 16 May 2025, 16 June 2025, 14 July 2025, 14 August 2025, 12 September 2025, 14 October 2025, 14 November 2025, and 12 December 2025. Non-MMF investment funds also have their own remittance dates: 28 February 2025, 28 March 2025, 30 April 2025, 02 June 2025, 02 July 2025, 28 July 2025, 29 August 2025, 26 September 2025, 28 October 2025, 28 November 2025, and 31 December 2025. 

Additionally, there are specific quarterly reports with due dates on 30 April 2025, 28 July 2025, and 28 October 2025. These deadlines are established based on the working days defined by the European Central Bank (ECB) for the transmission of statistics by the national central banks.

Version française

Le 26 février 2025, la BCL a publié le calendrier des dates de remise pour le reporting statistique des fonds d'investissement en 2025.

Le calendrier des dates de remise pour le reporting statistique des fonds d'investissement en 2025 inclut des délais spécifiques pour différents types de rapports. Pour les fonds monétaires (MMF), les dates de reporting mensuel sont le 14 février 2025, le 14 mars 2025, le 15 avril 2025, le 16 mai 2025, le 16 juin 2025, le 14 juillet 2025, le 14 août 2025, le 12 septembre 2025, le 14 octobre 2025, le 14 novembre 2025 et le 12 décembre 2025. Les fonds d'investissement non-MMF ont également leurs propres dates de remise : le 28 février 2025, le 28 mars 2025, le 30 avril 2025, le 2 juin 2025, le 2 juillet 2025, le 28 juillet 2025, le 29 août 2025, le 26 septembre 2025, le 28 octobre 2025, le 28 novembre 2025 et le 31 décembre 2025.

De plus, il y a des rapports trimestriels spécifiques avec des dates d'échéance le 30 avril 2025, le 28 juillet 2025 et le 28 octobre 2025. Ces délais sont établis en fonction des jours ouvrables définis par la Banque Centrale Européenne (BCE) pour la transmission des statistiques par les banques centrales nationales.

On 26 February 2025, the CSSF reminded that starting from 28 February 2025 at 5pm, the transmission of U1.1 reporting can only be transmitted through the following methods :

The dedicated eDesk procedure:

• The API solution based on the submission of XML reports via the S3 protocol
• A user guide detailing the submission procedures for the U1.1 reports is available.

For any questions, please contact edesk@cssf.lu.

Version française

Le 26 février 2025, la CSSF a rappelé qu'à partir du 28 février 2025 à 17h, la transmission des rapports U1.1 ne pourra se faire que par les méthodes suivantes :

La procédure dédiée eDesk :

• la solution API basée sur la soumission de rapports XML via le protocole S3
• un guide utilisateur détaillant les procédures de soumission des rapports U1.1 est disponible.

Pour toute question, veuillez contacter edesk@cssf.lu.

On 03 February 2025, the CSSF issued a press release detailing updates concerning the UCI Reports as mandated by Circular CSSF 21/790. 

It announced that as of 28 January 2025, the Collective Investment Sector Reporting Tool (CISERO) module on the CSSF eDesk platform would include the Self-Assessment Questionnaire (SAQ), Separate Report (SR), and Management Letter (ML) for UCIs with year-ends on 31 January 2025, 28 February 2025, and 31 March 2025. For UCIs with financial year-ends after 31 March 2025, these reports will be available three months before the respective year-end. 

Also, with the Circular CSSF 24/856 coming into force on 1 January 2025, there are subsequent updates in the SAQ and SR, including questions on investment compliance and organizational setups for compensation payment. Additionally, the review procedure of the statutory auditor for non-quoted investments and significant non-standard costs/fees has been simplified. 

Furthermore, CISERO now has a new section for UCIs to submit a letter to the CSSF in the case of a modified audit opinion, in line with section 2.2. of Circular CSSF 21/790.

Version française

Le 3 février 2025, la CSSF a publié un communiqué de presse détaillant les mises à jour concernant les rapports des OPCVM tels que mandatés par la Circulaire CSSF 21/790.

Il a été annoncé qu'à partir du 28 janvier 2025, le module CISERO (Collective Investment Sector Reporting Tool) sur la plateforme eDesk de la CSSF inclurait le Questionnaire d'Auto-Évaluation (SAQ), le Rapport Séparé (SR) et la Lettre de Gestion (ML) pour les OPCVM avec clôture annuelle au 31 janvier 2025, 28 février 2025 et 31 mars 2025. Pour les OPCVM avec clôture annuelle après le 31 mars 2025, ces rapports seront disponibles trois mois avant la clôture annuelle respective.

En outre, avec l'entrée en vigueur de la Circulaire CSSF 24/856 le 1er janvier 2025, il y a des mises à jour dans le SAQ et le SR, incluant des questions sur la conformité des investissements et les configurations organisationnelles pour le paiement des compensations. De plus, la procédure de révision du commissaire aux comptes pour les investissements non cotés et les coûts/frais non standards importants a été simplifiée.

De plus, CISERO dispose maintenant d'une nouvelle section permettant aux OPCVM de soumettre une lettre à la CSSF en cas d'opinion d'audit modifiée, conformément à la section 2.2. de la Circulaire CSSF 21/790.

On 12 February 2025, the CSSF published a press release on the treatment of sustainability reporting fees. The CSSF issued a communiqué addressed to approved statutory auditors and audit firms, as well as audit committees of public-interest entities. This communiqué provides guidance on the treatment of fees for sustainability reporting services in the context of the Corporate Sustainability Reporting Directive (CSRD) and its impact on the fee cap established under Regulation (EU) No 537/2014.

According to Article 4(2) of Regulation (EU) No 537/2014, when non-audit services are provided to an audited public-interest entity for three or more consecutive financial years, the total fees for such services are capped at 70% of the average fees paid for statutory audits over the previous three years. However, Article 4 of the CSRD, effective from 1 January 2024, amends this regulation to exclude fees for assurance engagements on sustainability reporting from the fee cap calculation. This implies that assurance services performed under Articles 19a, 29a, and 29d of the CSRD do not count towards the 70% limit.

The communiqué clarifies that other consultancy, assistance, or assurance services related to sustainability reporting, which do not fall under the specified CSRD articles, are still subject to the fee cap calculation and considered as non-audit services per Regulation (EU) No 537/2014. This treatment ensures the auditors' independence while allowing for the necessary assurance of sustainability information without restricting it under fee limitations.

Version française

Le 12 février 2025, la CSSF a publié un communiqué de presse sur le traitement des frais de reporting de durabilité. La CSSF a adressé ce communiqué aux commissaires aux comptes agréés et aux cabinets d'audit, ainsi qu'aux comités d'audit des entités d'intérêt public. Ce communiqué fournit des directives sur le traitement des frais pour les services de reporting de durabilité dans le contexte de la Directive sur le Reporting de Durabilité des Entreprises (CSRD) et son impact sur le plafond des frais établi par le Règlement (UE) n° 537/2014.

Selon l'article 4(2) du Règlement (UE) n° 537/2014, lorsque des services non liés à l'audit sont fournis à une entité d'intérêt public auditée pendant trois exercices financiers consécutifs ou plus, le total des frais pour ces services est plafonné à 70 % des frais moyens payés pour les audits légaux au cours des trois années précédentes. Cependant, l'article 4 de la CSRD, en vigueur depuis le 1er janvier 2024, modifie ce règlement pour exclure les frais pour les missions d'assurance sur le reporting de durabilité du calcul du plafond des frais. Cela implique que les services d'assurance effectués en vertu des articles 19a, 29a et 29d de la CSRD ne sont pas pris en compte dans la limite de 70 %.

Le communiqué précise que les autres services de conseil, d'assistance ou d'assurance liés au reporting de durabilité, qui ne relèvent pas des articles spécifiés de la CSRD, sont toujours soumis au calcul du plafond des frais et sont considérés comme des services non liés à l'audit conformément au Règlement (UE) n° 537/2014. Ce traitement assure l'indépendance des auditeurs tout en permettant l'assurance nécessaire des informations de durabilité sans les restreindre sous des limitations de frais.

On 25 February 2025, the CSSF published the Annex of Circular CSSF 22/822 on high-risk jurisdictions on which enhanced due diligence and, where appropriate, counter-measures are imposed / jurisdictions under increased monitoring of the FATF.

The following jurisdictions have been added to the list of jurisdictions under increased monitoring by the FATF:

• Laos PDR
• Nepal

Version française

Le 25 février 2025, la CSSF a publié l'annexe de la Circulaire CSSF 22/822 concernant les juridictions à haut risque sur lesquelles des mesures de vigilance renforcées et, le cas échéant, des contre-mesures sont imposées / juridictions sous surveillance accrue du GAFI.

Les juridictions suivantes ont été ajoutées à la liste des juridictions sous surveillance accrue du GAFI :

• Laos RDP
• Népal

On 03 February 2025, the Overheid published the Decision of 28 January 2025 determining the date of entry into force of the of the Crypto-Assets Regulation Implementation Act, the Regulation by transfers of crypto-assets and the Implementing Decree on the MiCA and TFR.

This decree regulates the entry into force of the Crypto-Assets Regulation Implementation Act, the Implementation Act Regulation on transfers of funds and transfers of crypto-assets information to be added and Articles II and III of the MiCA Implementing Decree and TFR. These laws and the relevant articles of the Decree enter into force with effect from the day after the date of issue of the Official Gazette in which this entry into force decree is placed. Part of the MiCA and TFR Implementing Decree (Article I) has been has already entered into force. A speedy entry into force of this part of the decision was necessary in view of the part of MiCA (Titles III and IV) that has already been became applicable on 30 June 2024. This part of the decision also de Nederlandsche Bank (DNB) and the Netherlands Authority for the Financial Markets (AFM) as supervisors in a timely manner designated for MiCA.

The fixed change dates are deviated from because Regulation (EU) 2023/1114 on crypto-asset markets and Regulation (EU) 2023/1113 relating to transfers of funds transfers of certain crypto-assets and amending Regulation (EC) No 100 Directive (EU) 2015/849 became applicable on 30 December 2024. The accompanying implementing laws and the implementing decree should therefore enter into force as soon as possible .

On 14 February, the Netherlands launched a register for data protection officers.

To enhance the position and ensure the quality of Data Protection Officers (DPOs), a quality register, the Dutch Register for Data Protection Officers (NRFG), is being developed, with the aim of being established in 2025. The General Data Protection Regulation (GDPR), effective since 25 May 2018, is often considered complex and restrictive. State Secretary for Legal Protection Struycken emphasized strengthening the DPO's role to mitigate fears and reluctance to comply with the GDPR.

Though the role and responsibilities of a DPO are prescribed by the GDPR and Directive 2016/680, anyone can currently assume the title, leading to varying levels of competence among DPOs. The NRFG aims to standardize quality by requiring DPOs to meet minimum quality criteria, thereby improving compliance with data protection laws.

Commissioned by the Ministry of Justice and Security in early 2023, the Centre for Information Security and Privacy Protection (CIP) conducted an exploratory study. The study concluded that a quality register would enhance DPO cohesion, professionalization, and the overall supervision of data protection, as well as provide recognition for competent DPOs. The Ministry supports the NRFG initiative to reinforce the DPO's role and ensure quality, with more information and updates expected in the coming weeks.

On 26 February 2025, the DNB published the DORA registers of information templates.

The reporting request for the information register will be available from 1 April 2025 via MyDNB. The deadline for reporting is 23 April 2025. The required format for the report is an xBRL-CSV file with a table-oriented layout. The ESAs provide resources on their website to help prepare for the reporting, including validation rules and a data model. For those unable to meet the xBRL-CSV standard, a standardized Excel template will be available, which DNB will convert to xBRL-CSV. The reference date for the data is 31 March 2025. If the information register is not fully completed, prioritizing data quality over completeness is advised. Post-23 April 2025, technical and data quality checks will be conducted, with immediate feedback. Consolidation level for reporting depends on the institution's prudential consolidation and supervisory mandates. Institutions under the direct supervision of the ECB must report at a consolidated level to the ECB.

On 4 February 2025, the Comisión Nacional del Mercado de Valores (CNMV) publishes press release on implementing the European guidelines on the suitability assessment of members of the management body and shareholders of crypto-asset service providers.

More specifically, the latter refers to members of the management body of issuers of asset-referenced tokens and crypto-asset service providers and to shareholders or members, direct or indirect, with qualifying holdings in issuers of Asset-Referenced Tokens (ARTs) or CASPs.

Said Guidelines develop certain aspects of Regulation 2023/1114 of the European Parliament and of the Council of 31 May 2023 on crypto-asset markets (MiCA Regulation) and establish common criteria that the competent authorities and, in the case of members of the management body, crypto-asset service providers (CASPs) must take into account for the assessment of compliance with the suitability requirements mentioned herein.

Both guidelines allow for a sufficient degree of flexibility in applying the principle of proportionality.

With regard to the assessment of the suitability of members of the management body, these Guidelines, among other issues:

• describe the notions of suitability, differentiating between requirements of sufficient good repute, appropriate individual and collective knowledge, skills and experience, and time dedicated by members of the management body;
• establish how CASPs should carry out the suitability assessment and indicate the need for corrective measures, where appropriate; and 
• describe the suitability assessment to be carried out by the competent authority.

On the other hand, regarding the suitability assessment of shareholders with qualifying holdings in issuers of ARTs or CASPs, the Guidelines systematically refer to the joint ESAs Guidelines on qualifying holdings, setting out criteria to determine the existence of concerted action or significant influence among shareholders, as well as assess:

• good repute;
• professional competences; or 
• the absence of reasonable grounds to suspect that money laundering or terrorist financing is attempted. 

Both guidelines shall be applicable from 4 February 2025.

On 28 February 2025, Spain published an Order HAC/184/2025, approving the list of securities traded in trading centres, with their average trading value corresponding to the fourth quarter of 2024, for the purposes of the Wealth Tax return for the year 2024 and the annual informative statement on securities, insurance and income.

The list of securities traded on trading venues with their average price corresponding to the fourth quarter of 2024, which appears in the annex to this order, is approved for the purposes of the Wealth Tax return for the financial year 2024 and for the completion of the annual informative return on securities, insurance and income, approved by Order EHA/3481/2008, of 1 December, which approves form 189 of the annual informative return on securities, insurance and income, the physical and logical designs for the replacement of the inner pages of said form with directly machine-readable supports and establishes the conditions and procedure for its electronic filing.

The Order enters into force on 1 March 2025.

On 19 February 2025, Spain published a Royal Decree 102/2025, of 18 February, amending the Statutes of the Pluralism and Coexistence Foundation, F.S.P., approved by Royal Decree 45/2021, of 26 January, and the Statute of the Independent Authority for the Protection of Whistleblowers, A.A.I., approved by Royal Decree 1101/2024, of 29 October.

The Council of Ministers, at its meeting of 15 October 2004, authorized the Ministry of Justice to set up the Pluralism and Coexistence Foundation, with the aim of contributing to the promotion of religious freedom in Spain

In accordance with the provisions contained in Chapter VII of Title II of Law 40/2015, of 1 October, on the Legal Regime of the Public Sector, relating to state public sector foundations, Royal Decree 45/2021, of 26 January, approved the Statutes of the Pluralism and Coexistence Foundation, F.S.P.(Foundation).

These statutes recognize its non-profit foundational nature, and declare that its assets are affected by the promotion of the necessary conditions for the effective exercise of the right to religious freedom in Spain, in the terms that the Spanish Constitution and the laws establish for the development of this fundamental right.

In order to better adapt the operation of the Foundation to the recommendations made by the Court of Auditors to other foundations in the state public sector, avoiding possible conflicts of interest in the call for and granting of subsidies, it is considered appropriate to create a new body within the Foundation, which will be responsible for proposing the call for applications and granting of grants. This body will be made up only of members of the Board of Trustees who do not have the status, nor are they linked, to the potential beneficiaries of the subsidies granted by the Foundation. In addition, this royal decree specifically modifies the Organic Statute of the Independent Authority for the Protection of Whistleblowers, A.A.I., approved by Royal Decree 1101/2024, of 29 October, in order to determine, on the one hand, the headquarters of the aforementioned body, in accordance with the provisions of the single transitional provision of Royal Decree 209/2022, of 22 March, which establishes the procedure for the determination of the physical headquarters of the entities belonging to the state institutional public sector and creates the Advisory Commission for the determination of the headquarters. And, on the other hand, to expressly attribute to the Management the internal legal advice of the organization, without prejudice to the formalization of the corresponding agreement with the State Attorney General's Office.

The Royal Decree enters into force on 20 February 2025.

On 27 February 2025, the FINMA announced updates to the FATF lists of jurisdcitions. 

The FATF added Laos and Nepal to its jurisdictions under increased monitoring.

Version française

Le 27 février 2025, la FINMA a annoncé des mises à jour des listes des juridictions du GAFI.

Le GAFI a ajouté le Laos et le Népal à ses juridictions sous surveillance renforcée.

On 19 February 2025, the FINMA announced updates to the measures in relation to Ukraine.

The Swiss Federal Department of Economic Affairs, Education and Research (WBF) updated Annex 8 of the 4 March 2022 Ordinance on Measures in Connection with the Situation in Ukraine (SR 946.231.176.72). This revision, published on 18 February 2025, will take effect on 19 February 2025. Financial intermediaries are required to implement the prohibitions, freeze the assets of sanctioned individuals, and report affected business relationships to SECO. Additionally, they must conduct further investigations if suspicion arises and, if unresolved, report to the Money Laundering Reporting Office Switzerland (MROS) as per Articles 6 and 9 of the Anti-Money Laundering Act (GwG).

Version française

Le 19 février 2025, la FINMA a annoncé des mises à jour des mesures liées à l'Ukraine.

Le Département fédéral de l'économie, de la formation et de la recherche (DEFR) a mis à jour l'annexe 8 de l'ordonnance du 4 mars 2022 sur les mesures en lien avec la situation en Ukraine (RS 946.231.176.72). Cette révision, publiée le 18 février 2025, entrera en vigueur le 19 février 2025. Les intermédiaires financiers sont tenus de mettre en œuvre les interdictions, de geler les avoirs des personnes sanctionnées et de signaler les relations d'affaires affectées à la SECO. En outre, ils doivent mener d'autres investigations en cas de suspicion et, si celle-ci n'est pas résolue, faire un rapport au Bureau de communication en matière de blanchiment d'argent (BCBA) conformément aux articles 6 et 9 de la Loi sur le blanchiment d'argent (LBA).

On 26 February 2025, the Financial Conduct Authority (FCA) published a letter on Supervisory Strategy for Asset Management & Alternatives.

The FCA is writing to firms in this sector to explain the FCA's current supervision priorities. This letter helps meet the FCA's public commitment to rigorously prioritise resources in line with the FCA's approach to supervision and to support firms to understand these priorities.

This year the FCA intends to focus the its supervision on the following priorities: 

• Supporting confident investing in private markets.
  This year, the FCA will start a multi-firm review focusing on conflicts of interest at firms managing private assets. The FCA will assess how firms oversee application of their conflict-of-interest framework through governance bodies and reviews by the three lines of defence, to ensure investor outcomes are not compromised. With rapid growth in private markets, the FCA expects to see evolving and updated procedures to identify, manage and mitigate conflicts of interest.
• Building firm and financial system resilience against market disruption.
  Recently, the Bank of England (BoE), in collaboration with the FCA, published findings from the System Wide Exploratory Scenario (SWES). The report noted enhanced resilience in a number of sectors, including in the asset management sector. However, it also found some persistent risks and vulnerabilities in the system. Actions by non-bank financial institutions (NBFIs), like rapid asset sales, amplified the impact of the initial scenario shock. The SWES report provides valuable insights for firms to help improve their risk management practices. This includes consideration of system wide dynamics for stress testing and contingency planning. Informed by the vulnerabilities identified in the SWES report, the FCA will focus surveillance on prudent risk management, liquidity management and operational resilience.
  The FCA will continue to improve its supervisory processes to strengthen oversight of these market vulnerabilities. The FCA will also continue to monitor liquidity risk and ensure that the recommendations in IOSCO’s consultation paper on Liquidity Management for Collective Investment Schemes are in place across its systems. Similarly,  the FCA will consider findings on margin preparedness from both the SWES and the FSB’s final report on Liquidity Preparedness for Margin and Collateral Calls and discuss actions with relevant firms. Finally, the FCA will continue its data-led approach to identifying outlier firms and funds to seek assurances about risk management. The FCA will focus particularly on those with high leverage, illiquidity, or concentrated investment strategies.
• Securing positive outcomes for consumers.
  In its 2024 interim portfolio letter the FCA discussed a multi-firm review of unit-linked funds. This work is ongoing. The review is assessing price and value across the value chain for unit-linked funds to ensure good outcomes are being delivered for investors. The FCA plans to publish its findings, including good practices, later this year.
  The FCA will also engage with firms affected by key policy proposals to make its disclosure regime more flexible to support smooth implementation of these proposals. The FCA's Advice-Guidance Boundary Review (AGBR) proposals aim to help consumers get the support they need to make informed financial decisions. The FCA sees the potential for firms to use targeted support to better engage consumers and help them achieve better outcomes with their savings and investments. The Consumer Composite Investments consultation to transform product disclosures will prioritise good consumer outcomes through a more flexible regime.

To maintain and grow the UK’s position as a global investment hub, the sector needs to keep pace with change and meet appetite for sustainable investment. The introduction of the FCA's Sustainability Disclosure Requirements (SDR) and Investment Labels regime, with the anti-greenwashing rule, aims to build trust in the market and ensure that products that are marketed as sustainable do as they claim, with the evidence to back up these claims.

The increasing trend towards investment in private assets requires commensurate risk management to tackle financial crime risks related to complex ownership structures.

Firms should be alert to the risk they could be used to facilitate financial crime, including fraud, money laundering, terrorist financing and bribery and corruption. Appropriate and proportionate systems and controls are key mitigants to this risk, and effective oversight is crucial where controls are outsourced. Proportionate and risk-based due diligence on investors and robust Know Your Client (KYC) checks are particularly important to identify ultimate beneficial owners.

Good governance and a healthy firm culture are critical tools to achieve good outcomes during heightened uncertainty and change. The FCA will continue its focus on how effectively firms’ governance arrangements are assigning senior accountability for the risks the FCA identifies in its priorities , oversight by governance bodies and ensuring appropriate management information about those risks supports good decision making.

BACKGROUND

On 14 February 2025, the Financial Conduct Authority (FCA) published a document titled "Authorised Fund Applications – Our Expectations." This guidance is intended for firms seeking authorization for collective investment schemes, including:

• Authorised Unit Trusts (AUTs)
• Authorised Contractual Schemes (ACSs)
• Authorised Open-Ended Investment Companies (ICVCs)

The document outlines the FCA's expectations regarding the application process and the level of detail required to facilitate efficient assessments.

WHAT'S NEW?

The FCA has emphasized several key expectations for firms submitting fund authorization applications:

• Self-Contained Documents: Each application form should be treated as a standalone document. Firms are advised against referencing other documents (e.g., prospectuses) within their responses. Statements like "see prospectus for further information" are deemed insufficient.
• Product and Distribution Strategy: At the time of application, firms must have a well-developed product and distribution strategy, ensuring the fund's viability upon authorization. The FCA will assess whether the scheme's purposes are reasonably achievable based on the information provided.
• Capacity to Act: All parties involved in the application must possess the necessary permissions to act in their proposed capacities. Any required permissions should be secured before submitting the fund application.
• Consistency of Information: Information across all application documents must be consistent. Any discrepancies should be thoroughly explained. For instance, if there's a misalignment between the fund's policy and its model portfolio, an explanation is required to justify the investment policy language.
• Complete Set of Documents: Firms must ensure that all required documents, such as Key Investor Information Documents (KIIDs), are included with the application. Missing documents may render the application incomplete.
• Solicitor’s Certificate: Applications for new schemes or alterations to existing schemes that involve changes to foundational documents (e.g., instrument of incorporation, trust deed, or ACS deed) must include a solicitor’s certificate signed by an individual solicitor. If no changes are being made to these documents, a solicitor's certificate is not required.

WHAT'S NEXT?

Firms intending to apply for fund authorization should:

• Review the FCA's Published Expectations: Thoroughly understand the detailed expectations outlined in the FCA's document to ensure compliance and completeness in applications.
• Prepare Comprehensive Applications: Ensure that all aspects of the application, including product strategies, necessary permissions, and supporting documents, meet the FCA's standards to facilitate a smooth authorization process.

By adhering to these guidelines, firms can enhance the efficiency of the application process and align with the FCA's regulatory standards.

On 26 February 2025, the United Kingdom published the Unauthorised Co-ownership Alternative Investment Funds (Reserved Investor Fund) Regulations 2025.

Sections 261M to 261O and 261P(1) and (2) of the Financial Services and Markets Act 2000 (c. 8) make provision about contracts and the rights and liabilities of participants in relation to co-ownership schemes authorised by an authorisation order under section 261D(1) of the Act. Section 261M confers certain rights on the operators of such schemes to act on behalf of participants in relation to authorised contracts. 

Section 261N makes provision about the effects of a person becoming or ceasing to be a participant, in terms of rights they acquire and the liabilities to which they are subject in relation to authorised contracts.

Section 261O limits the liability of participants for debts incurred under, or in connection with, contracts which the operator is authorised to enter into on their behalf. Section 261P(1) and (2) provides for the segregation of the liabilities of participants in sub-schemes (where a co-ownership scheme is constituted as an umbrella co-ownership scheme).

These Regulations apply, with modifications, sections 261M to 261O and 261P(1) and (2) so that they also apply in connection with any unauthorised co-ownership AIF that is a RIF (Reserved Investor Fund (Contractual Scheme)) and any unauthorised co-ownership AIF that was previously a RIF but is currently not a RIF (provided it is UK-based).

These Regulations come into force immediately after the Co-ownership Contractual Schemes (Tax) Regulations 2025 come into force (19 March 2025). 

On 3 February 2025, the Financial Conduct Authority (FCA) published priorities for payments portfolio firms.

This letter sets out the priorities for firms supervised by the FCA in the payments portfolio. This includes firms authorised or registered under the Payment Services Regulations 2017 and the Electronic Money Regulations 2011 (EMRs), such as Payment Institutions (PIs), Electronic Money Institutions (EMIs), and Registered Account Information Service Providers (RAISPs).

High standards instil trust and confidence, which are essential for innovation, competition, growth, and the UK’s international competitiveness. The FCA remains concerned that there are still risks of harm to consumers and financial system integrity. Accordingly, in this letter, the FCA has set out three key outcomes for firms, which the FCA believes are essential to good customer outcomes:

• Effective competition and innovation to meet customers’ needs, characteristics and objectives – areas of priority highlighted related to this are innovation and to the Consumer Duty.
• Firms do not compromise financial system integrity – areas of priority highlighted related to this outcome are financial crime and operational resilience.
• Firms keep customers’ money safe – areas of priority highlighted related to this are safeguarding, prudential risk and wind-down planning.

In this letter, the FCA has outlined the importance of governance, oversight and leadership. Weaknesses in these areas are a root cause of many of the regulatory issues the FCA sees in the portfolio. 

In addition to the policy work outlined above, some of the policy priorities include:

• Open Banking: The FCA is committed to fulfilling the function of the UK’s regulator for Open Banking. The FCA is already working at pace to progress Open Banking, continuing the focus on the development of the Future Entity, the prevention of fraud, consumer protection, as well as the work on premium APIs and the development of the long-term regulatory framework (LTRF).
• Strong Customer Authentication: In the Vision, the Government committed to revoking the payments authentication elements of Strong Customer Authentication (SCA). This will enable us to incorporate aspects of the technical standards into the rules.

On 14 February 2025, the Financial Conduct Authority (FCA) published an update on the extension the Sustainability Disclosure Requirements (SDR) to portfolio management.

The FCA is aware that it is taking longer than expected for some asset managers to comply with the SDR and labelling regime and of the potential impact this might have on portfolio managers. This has been highlighted to the FCA in the consultation feedback and industry engagement.

The FCA wants to ensure an extension of SDR to portfolio management delivers good outcomes for consumers, is practical for firms and supports growth of the sector.

The FCA will take the necessary time to deliver these outcomes, therefore the FCA no longer intends to publish a Policy Statement in Q2 2025.

The FCA will continue to reflect on the feedback and provide further information in due course.

On 6 February 2025, the UK Government published an Accelerated Settlement Technical Group report on Accelerated Settlement (T+1).

This T+1 implementation plan is the third and final deliverable from the UK Accelerated Settlement Taskforce (AST) in its current form.

It is the blueprint of changes that Market Participants within the AST believe must be collectively delivered by their peers to harmonise the remaining UK cash securities market with Gilts on a T+1 settlement cycle by the end of 2027.

This implementation plan: 

• Recommends that the first day of UK cash securities trading for settlement on a T+1 cycle should be 11th October 2027, and that this date should be set by the government by amending the relevant part of the UK Central Securities Depositories Regulation.
• Recommends the scope of changes needed to UK CSDR to facilitate the transition to T+1 in the UK whilst remaining flexible enough to accommodate additional jurisdictions such as the EU and CH which may choose to transition on the same date as the UK. These scope changes will be amendments to UK CSDR executed by statutory instrument. 
• Defines a UK T+1 Code of Conduct (UK-TCC) containing the scope, a timetable of recommended actions to enhance market practices and a set of expected behaviours necessary for UK Market Participants to meet their T+1 legislative obligations under UK CSDR.

This implementation plan recommends the next steps for all Market Participants to take in 2025-2027 in preparation for the transition to T+1. Adherence to this implementation plan will, in the opinion of the Market Participants within AST, help firms implement T+1 effectively and efficiently.

The Technical Group’s report recommends 12 ‘critical’ and 27 ‘highly recommended’ actions to facilitate a successful transition to T+1. It also recommends that the UK move to T+1 on 11 October 2027. The government welcomes this report and will set out its response shortly.

On 14 February 2025, the United States published an Order on exemption from the requirement to report certain personally identifiable information to the Consolidated Audit Trail.

The SEC provided an exemption from the requirement to report certain personally identifiable information (PII) – names, addresses, and years of birth – to the Consolidated Audit Trail (CAT) for natural persons.  Bad actors have become increasingly sophisticated and, in the event of a breach, may be able to use the names, addresses, and years of birth to impersonate a customer or broker-dealer and gain access to a customer’s account. Providing an exemption from the requirement to report this PII to the CAT will help mitigate potential security risks.

Names, addresses, and years of birth were originally required to be collected in the CAT to facilitate the generation of unique anonymized customer IDs and to help regulators identify the person(s) responsible for a trade. In 2020, the Commission issued an order exempting the reporting of some of the most sensitive PII, including social security numbers. The Commission issued an order exempting additional PII from the CAT. The CAT will still be able to generate reliable and consistent anonymized customer IDs even if such PII is not reported to the CAT.