FinTech Global FS Regulatory Round-up - W/e 5 December 2025

In this edition we round up FinTech-related financial services regulatory developments for the week ending 5 December 2025.

10 December 2025

ICYMI

• Some stories of genies, fable and funk 
• Cyber security: A month in retrospect (Australia) - November 2025

Global

BCBS consults on standard format for machine-readable disclosures

The Basel Committee on Banking Supervision (BCBS) has published a consultation on a standard format for machine-readable disclosures by banks (Pillar 3 disclosures). The proposed standard would introduce a requirement and technical specifications to produce machine-readable quantitative Pillar 3 disclosures, without changing the underlying disclosure requirements for banks. National supervisors would decide whether banks should publish machine-readable Pillar 3 disclosures on their own websites or via a centralised data repository.

Responses are requested by 5 March 2026. [5 Dec 2025] #Disclosures

UK

HM Treasury: G7 fundamental elements of CCIRR in the financial sector

HM Treasury has published the G7 fundamental elements of collective cyber incident response and recovery in the financial sector (CCIRR).

The CCIRR has been developed by the G7 Cyber Expert Group, which is co-chaired by the U.S. Department of the Treasury and the Bank of England. The fundamental elements are non-binding, high-level principles that may guide the establishment and refinement of collective cyber incident response and recovery arrangements in the financial sector and more widely. The CCIRR is structured in three overarching pillars: establishing, utilising, and maintaining and testing the CCIRR Arrangement. The fundamental elements pillars leverage the same structure as the Financial Stability Board's (FSB) practices for cyber incident response and recovery, and consist of three to four elements. [4 Dec 2025] #Cyber

 FCA AI Live Testing – window to join second cohort opens in January 2026

The FCA has issued a release about its AI Live Testing initiative which aims to help firms who are ready to use AI in UK financial markets; the regulator highlighted those firms which were in the first group to take part. Participating firms receive tailored support from the FCA's regulatory team and its technical partner Advai, to develop, assess and deploy safe and responsible AI.

The FCA notes that testing is helping firms to address key questions around evaluation frameworks, live monitoring governance and risk management to ensure that AI is deployed safely and responsibly for consumers and markets. Many of the AI applications currently being tested as part of the project focus on retail financial services including use cases to harness AI to support debt resolution or provide financial advice. Applications are also exploring the potential for AI to help improve customer engagement, streamline complaints handling and help consumers to make smarter spending and saving decisions.

Applications for the second cohort for AI Live Testing will open in January 2026 and participating firms will be able to start testing in April. [3 Dec 2025] #AI

Legislation: Property (Digital Assets etc) Act 2025

The Property (Digital Assets etc) Act 2025 has been enacted. The Act makes provision about the types of things that are not prevented from being objects of personal property rights. [3 Dec 2025] #DigitalAsset

FPC Financial stability report December 2025 and meeting record

The Financial Policy Committee (FPC) of the Bank of England (BoE) has published its December 2025 financial stability report, which sets out the FPC's view on the stability of the UK financial system and what it is doing to address risks.

The FPC has also published the record of its meeting on 25 November and 1 December 2025. Among other headline judgments and policy actions, the FPC highlighted that many risky asset valuations remain materially stretched, particularly for technology companies focused on AI. [2 Dec 2025] #AI

Europe

EBA: Follow-up report on authorisation of payment institutions and EMIs

The EBA has published a follow-up to the 2023 peer review report assessing progress in the authorisation of payment institutions and electronic money institutions (EMIs) under the revised Payment Services Directive (PSD2).

The review found that while improvements and convergence have been observed, significant differences persist in key areas such as governance, internal control mechanisms and local substance. The EBA highlighted that such divergent implementations continue to pose risks of regulatory arbitrage and an uneven playing field across Member States. [5 Dec 2025] #Payments

ESMA: Statement on MiCAR Transitional Measures

The European Securities and Markets Authority (ESMA) has published a Statement on Markets in Cryptoassets Regulation (MiCAR) Transitional Measures. In its statement ESMA sets out its expectation that cryptoasset service providers (CASPs) not yet authorised under MiCAR:

• have implemented orderly wind-down plans for the services they provided in Member States in which the transitional period is over;
• have orderly wind down plans in place ready for implementation ahead of the end of the remaining transitional periods in case they should not be authorised by then (or at all).

ESMA also reminds national competent authorities (NCAs) that they are expected to:

• treat 'last minute' applications for authorisation under MiCAR with considerable caution and assess their compliance with MiCAR upholding the same standard as for any other, including if that implies the applicant CASP must wind-down its crypto-asset services in a given Member State(s) or the EU more widely while the application is assessed; and
• be ready to (cooperate with one another to) enforce against the unauthorised provision of cryptoasset services. [4 Dec 2025] #Crypto #DigitalAsset #MiCAR

ASC publishes report on AI and systematic risk

The Advisory Scientific Committee (ASC) to the European Systemic Risk Board (ESRB) has published a report that analyses 11 specific features of AI, and examines the interplay between them and the main sources of systemic risk in the financial system. The ASC reports that five of the features – concentration and entry barriers, model uniformity, monitoring challenges, overreliance and excessive trust, and speed – might significantly amplify systemic risks in the financial system.

To address potential risks, the report proposes a 'thoughtful and measured policy approach combining competition and consumer protection policies, complemented by specific adjustments to prudential regulation'. [4 Dec 2025] #AI 

ESMA releases list of MiCAR grandfathering periods

ESMA has released the list of MiCAR grandfathering periods decided by each Member State. [1 Dec 2025] #Crypto #DigitalAsset #MiCAR

Australia

ASIC issues updated guidance on digital disclosures

ASIC has updated Regulatory Guide 221 (RG 221) which provides guidance on facilitating digital financial services disclosures. The changes follow consultation with industry. Broadly, these changes are intended to ensure that the guidance remains current and that ASIC's expectations in relation to digital disclosures are clear. [3 Dec 2025] #DigitalFinance

Hong Kong

SFST outlines insurtech strategy and regulatory initiatives at Insurtech Insights Asia 2025

At Insurtech Insights Asia 2025, the Secretary for Financial Services and the Treasury (SFST), Mr Christopher Hui, discussed the Hong Kong's development as a risk management hub.

• The Insurance Authority is pursuing a balanced, two-pronged strategy that provides regulatory clarity while actively nurturing innovation. It will 'soon issue' updated supervisory guidance on the use of artificial intelligence (AI) (with industry consultation commencing in early 2026), ensuring that innovation is accompanied by fairness, accountability, transparency, as well as robust policyholder protection.
• The Insurance Authority is working closely with the industry on more than 30 open application programming interface use cases covering the entire insurance value chain. It aims to foster interoperability and lay the foundation for a truly connected insurance marketplace that benefits consumers and distributors.
• Mr Hui also discussed other ongoing initiatives and developments, including the AI Cohort Programme launched in August 2025, authorisation of digital insurers under the Fast Track for virtual insurers, the Insurtech Sandbox, and the cybersecurity framework.

The SFST stated that these initiatives form part of a broader policy agenda for risk management, including the extended Pilot Insurance-linked Securities Grant Scheme, the new risk-based capital regime, the forthcoming review of infrastructure investment capital charges, the newly established commercial marine specialty risk pool, and continuing efforts to attract captive insurers and international players to the Hong Kong market. [3 Dec 2025] #AI #Insurtech #Cybersecurity

Malaysia

 BNM revises policy document on RMiT

The BNM has revised the policy document on risk management in technology (RMiT). It aims to strengthen financial institutions' management of technology and cyber risks, improve service availability and resilience of financial services, and maintain public trust in the security of the financial system.

The policy document has been updated to include the following:

• expand the applicability to include non-bank merchant acquirer (MAs) and intermediary remittance institution (IRIs) with more than 5% market share of transaction value or volume;
• enhance financial institutions' resilience to service disruptions, including the adoption of a customer-centric approach to managing intermittent issues;
• heighten cyber security controls and practices in line with global standards and best practice;
• strengthen the security of digital services through stronger fraud detection, proactive monitoring and customer empowerment; and
• facilitate the secure adoption of new or advanced technology.

The policy document is effective 28 November 2025 except where otherwise specified in the text. [28 Nov 2025] #Cybersecurity

US

CFTC announces listed spot crypto trading on U.S. regulated exchanges

The Commodity Futures Trading Commission (CFTC) has announced that listed spot cryptocurrency products will begin trading for the first time in U.S. federally regulated markets on CFTC registered futures exchanges. The announcement follows recommendations by the President's Working Group on Digital Asset Markets and stakeholder insights from the CFTC's Crypto Sprint and cooperative engagement with the SEC. [4 Dec 2025] #Crypto #DigitalAsset

Treasury: G7 Cyber Expert Group paper on cyber incident response and recovery

The U.S. Department of the Treasury has announced the publication of a report by the G7 Cyber Expert Group – chaired by the Treasury and the Bank of England (BoE) – on collective cyber incident response and recovery (CCIRR) in the financial sector. The paper outlines a set of fundamental elements of CCIRR structured in three overarching pillars: establishing, utilizing, and maintaining and testing the CCIRR arrangement. The pillars leverage the same structure as the Financial Stability Board's (FSB's) practices for cyber incident response and recovery, and consist of three to four elements.

The fundamental elements are non-binding, high-level principles which aim to facilitate greater convergence and compatibility among different approaches, while allowing flexibility and tailoring to national, sectoral, or organizational needs based on the unique markets and regulations within each jurisdiction. [3 Dec 2025] #Cyber

SEC: Crypto Task Force roundtable on financial surveillance and privacy

The Securities and Exchange Commission (SEC) has announced that its Crypto Task Force will host a roundtable to facilitate an in-depth discussion on policy matters related to financial surveillance and privacy on December 15, 2025. Registration is required for in-person attendance. [1 Dec 2025] #Crypto #DigitalAsset

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.