FinTech Global FS Regulatory Round-up - w/e 20 March 2026

In this edition we round up FinTech-related financial services regulatory developments for the week ending 20 March 2026.

ICYMI

• Hong Kong court declares crypto arbitration settlement agreement null and void due to signatory's lack of authority
• CSSF Circular 26/906: A consolidated framework for governance and risk management in payment and e-money institutions
• Decision-making in modern financial services – Using tech while staying within the lines

UK

FCA publishes updated Approach to PSRs 2017, EMRs and payment services and e-money-related rules in its Handbook – SCA and contactless

The FCA has published an updated version of the Finalised Guidance that describes its approach to implementing the Payment Services Regulations 2017 (PSRs 2017), the Electronic Money Regulations 2011 (EMRs) and the payment services and e-money-related rules in its Handbook. This edition (version 7) includes updated guidance on exemptions from strong customer authentication (SCA), including the contactless payments exemption, in Chapter 20. [19 Mar 2026] #Payments

HM Treasury: Japan-UK Financial Regulatory Forum Joint Statement 2026

HM Treasury has published the joint statement between the UK and Japan following the fourth meeting of the Japan-UK Financial Regulatory Forum held on 18 March 2026 in Tokyo. The meeting was attended by HM Treasury, the Japan Financial Services Authority, the Bank of England (BoE) and the UK FCA. The joint statement covers discussions on a number of topics, including digital finance, AI, cyber and operational resilience. [19 Mar 2026] #AI #CyberResilience #OperationalResilience

FCA seeks views on helping SMEs to access finance

The FCA has published a call for input (CfI) on how its regulation can help small and medium-sized enterprises (SMEs) to access finance. The FCA would like to explore:

• barriers to SME finance, including regulatory barriers to providing SME finance;
• opportunities to better support the provision of SME finance, such as industry collaboration and adopting innovation and new tech;
• sector-specific issues in getting finance, particularly for high-growth sectors; and
• future trends, including the role of open finance.

Responses are requested by 17 April 2026. The FCA timeline is:

• engage directly with SME representatives and trade associations in March 2026;
• hold a roundtable with key stakeholders in May 2026; and
• produce a summary of the insights from engagement and international research, with an update on the next steps later in 2026. [18 Mar 2026] #OpenFinance

FCA, PRA and BoE finalise respective incident and third party reporting requirements – operational resilience frameworks

The FCA, PRA and Bank of England (BoE), in its capacity as supervisor of financial market infrastructure (FMI), have issued their respective policies for operational incident and third party reporting. The requirements will take effect on 18 March 2027. The FCA has indicated that it will review the regime two years after implementation.

The FCA has published Policy Statement 26/2 Operational Incident and Third Party Reporting (PS26/2). The FCA's final rules for operational incident reporting:

• define what an operational incident is;
• set out the thresholds for when firms must report an incident;
• introduce a standardised reporting process for firms to make a single submission regardless of the regulator(s) the report is for; and
• set out how firms will submit standard or enhanced incident reports.

Its final rules for third party reporting:

• define what a material third party arrangement is;
• require firms to notify the FCA of any new, or any significant changes to, material third party arrangements; and
• require firms to maintain a register for their material third party arrangements, and to submit this to the FCA annually.

Alongside the final rules, the FCA has also published Finalised Guidance for incident reporting (FG26/3) and for third party reporting (FG26/4).

The FCA will host a webinar on 29 April 2026 to provide firms with the opportunity to find out more and to ask questions.

The PRA has published PS7/26 Operational resilience: Operational incident and third party reporting. Changes from the proposals consulted on include:

• updating and clarifying the approach to material third-party (MTP) reporting policy through amending the rule on notification;
• amending the scope of MTP notification requirements to exclude credit unions with less than £50 million in assets and all third country branches;
• reducing the reporting burden by updating and refining the MTP reporting templates to ensure full alignment across supervisory authorities;
• an updated incident report which merges the three proposed initial, interim and final incident reports into one report;
• the PRA has further clarified how firms should identify MTP arrangements by setting out expectations and examples in Supervisory Statement 2/21 Outsourcing and third party risk management(SS2/21); and
• further clarity provided on operational incident reporting by improving guidance on the interpretation of the reporting thresholds, timings for reporting and minor policy changes to ensure further alignment across supervisory authorities.

The BoE has published its operational incident and outsourcing and third party reporting (IOREP) rules for FMIs. The key changes from the consultation proposals are:

• addressing overlaps with existing incident reporting requirements;
• providing more detail on the interaction with the requirement for FMIs to disclose ‘information of which the BoE would reasonably expect notice’ within the meaning of Fundamental Rule 7;
• providing greater clarity around the operational incident reporting threshold;
• updating the operational incident Reporting Fields Document and associated guidance to present the three forms as a single form, which will be completed in three stages;
• updating the material third party reporting policy and guidance in the associated supervisory statements to support alignment across the supervisory authorities; and
• providing separate templates for the notification of material third party arrangements and the register of material third party arrangements.

Alongside the final IOREP policy, the BoE is consulting on revoking Rule 4 of the Recognised Clearing House Rules Instrument 2018 for central counterparties (CCPs) which duplicates the effect of the IOREP incident reporting rules. This consultation is open until 18 June 2026. [18 Mar 2026] #OpRes #Cyber

Hong Kong

SFC publishes quarterly report for October to December 2025

The SFC has published its quarterly report, summarising key developments from October to December 2025. The highlights covered by the report include (among others):

Transforming markets via technology and ESG

• The SFC published joint consultation conclusions with the Financial Services and the Treasury Bureau on legislative proposals to regulate virtual asset (VA) dealing and custodian service providers under the ASPIRe Roadmap. A further consultation was launched to introduce new regulatory regimes for VA advisers and managers.
• The SFC has enabled licensed VA trading platforms to tap global liquidity and broaden product and service offerings. They are allowed to integrate their order books with their affiliated overseas VA trading platforms, and offer trading in VAs without a 12-month track record for professional investors and for HKMA-licensed stablecoins.
• Progress continued on tokenisation initiatives under Project Ensemble, with the launch of the pilot phase (EnsembleTX) enabling real‑value transactions involving tokenised deposits and assets. [19 Mar 2026] #VirtualAsset #Tokenisation #Stablecoins

HKMA shares findings from thematic review of sanctions screening systems and encourages AIs and SVF licensees to conduct gap analysis

The HKMA has issued a circular to share its observations from a recent thematic review assessing the effectiveness of sanctions screening systems used by authorised institutions (AIs).

The review covered the extent to which system setting and performance, ongoing tuning and testing comply with the regulatory requirements and expectations set out in Chapter 6 of the Guideline on Anti-Money Laundering and Counter-Financing of Terrorism and the associated guidance.

Overall, the HKMA found that the AIs' sanctions screening systems generally met the regulatory expectations and operated within industry benchmarks, and thought it would be helpful to set out in the circular the good practices observed and areas for improvement. The circular covered, among others, adoption of technologies, including artificial intelligence, to optimise sanctions screening processes.

While the thematic review covered only AIs, the observations are also useful to stored value facility (SVF) licensees. AIs and SVF licensees should review their sanctions risk controls through a gap analysis, consider adopting the good practices identified, and be prepared to provide sanctions screening system testing results to the HKMA upon request. [16 Mar 2026] #AI

Taiwan

FSC: Primary examination findings and corrective actions for FIs in H2 of 2025

The Financial Supervisory Commission (FSC) has announced its primary examination findings and for financial institutions (FIs) in the H2 of 2025. The findings are set out by business activity, accompanied by recommended corrective actions. The findings cover 12 industry sectors including financial holding companies. The main issues include: anti-money laundering, countering the financing of terrorism and countering proliferation financing (AML/CFT/CPF); customer protection; cyber security; and real estate lending business. [19 Mar 2026] #CyberSecurity

US

SEC issues interpretation regarding crypto; CFTC joins to provide guidance

The SEC has issued an interpretation clarifying how the federal securities laws apply to certain crypto assets and transactions involving crypto assets. The interpretation:

• Provides a coherent token taxonomy for digital commodities, digital collectibles, digital tools, stablecoins, and digital securities.
• Addresses how a "non-security crypto asset"—which is a crypto asset that itself is not a security—may become subject to, and how it may cease to be subject to, an investment contract.
• Clarifies the application of federal securities laws to airdrops, protocol mining, protocol staking, and the wrapping of a non-security crypto asset.

The CFTC joined the interpretation to provide guidance that the CFTC and its staff will administer the Commodity Exchange Act consistent with the SEC’s interpretation.

An SEC Fact Sheet has also been published. [Mar 17, 2026] #Cryptoassets #Stablecoins

CFTC staff issues no-action position to self-custodial crypto asset wallet software provider

The CFTC Market Participants Division has issued a no-action position in response to a request from a developer of self-custodial crypto asset wallet software. The position relates to the developer's proposed provision and marketing of software to facilitate trading by its users with registered futures commission merchants (FCMs), introducing brokers, and designated contract markets (DCMs). It states that, subject to certain specified conditions, the Division will not recommend enforcement action against the developer or its relevant personnel for failure to register as an introducing broker or associated person of an introducing broker solely in relation to these activities. [Mar 17, 2026] #Cryptoassets

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.