FinTech Global FS Regulatory Round-up - w/e 2 April 2026

In this edition we round up FinTech-related financial services regulatory developments for the week ending 2 April 2026.

ICYMI

• Cyber security: A month in retrospect (Australia - March 2026)
• US courts find privilege applies to use of public AI tools by self-represented litigants

UK

FOS responds to the FCA review into the long-term impact of AI on retail financial services

The Financial Ombudsman Service (FOS) has published its response to the FCA review of the long-term impact of AI on retail financial service – also known as The Mills Review. The FOS' positions its response as being concerned with the complaints that are eligible to come to its service and its ability to resolve complaints efficiently and effectively.

The FOS outlines what it is seeing and the potential impacts from consumers and professional representatives using AI in the financial services redress system. It notes an increase in use of AI by consumers making complaints to it and in general correspondence and observes that this can be useful for preparing 'well organised, accurate and clear submissions'. Conversely, the FOS has also seen examples of excessive use of generative AI – with submissions being overly long, 'incoherent' and containing incorrect information ('hallucinations'). Such complaints may also see parties taking more entrenched positions. While based on a small sample, FOS estimates 'that AI is likely to have contributed to up to a third (35%) of responses to initial assessments'.

Use of AI by professional representative has also been seen, with challenges similar to consumer use. FOS relates that it has seen examples of submissions which run to 200 pages with 'multiple inaccuracies' in response to a six-to-eight page provisional decision. [2 Apr 2026] #AI

DRCF publishes report which provides an international review of Smart Data initiatives

The Digital Regulation Cooperation Forum (DRCF) has published a report which provides an international review of Smart Data initiatives, offering a comparative analysis of implementation models to inform strategic considerations for the UK. This report categorises these into three main types: Regulator-Mandated; Market-Facilitated; and Public Infrastructure-Led. It should be noted that in some jurisdictions, a combination of the models may have been leveraged in the development of data sharing schemes. The considerations, provided in this report, for the UK include:

• establish a clear liability framework;
• ensure sustained participation;
• implement transparent cost-benefit analysis (CBA); and
• strengthen security standards and breach protocols. [2 Apr 2026] #SmartData

BoE/PRA publishes its response to HM Treasury, DSIT and DBT on AI in financial services

The Bank of England (BoE) and PRA have published their response to HM Treasury, the Department of Science, Innovation and Technology (DSIT) and the Department for Business and Trade (DBT) on AI in financial services. The letter responds to the departments' requests that BoE and PRA:

• work closely with HM Treasury and DSIT to publish a plan setting out how the BoE and the PRA will help enable safe AI innovation, including agreeing a suitable timeline in the first half of 2026; and
• report annually on how regulatory approach of the Bank and the PRA has enabled innovation and growth driven by AI in the financial sector.

The letter sets out the BoE's and PRA's recent and forthcoming activities, including:

• running the fourth edition of the biennial survey of AI adoption by the financial sector with the FCA;
• the forthcoming publication of the AI Consortium's report on managing the key risks to the financial system arising from AI;
• engaging with the industry via AI roundtables; and
• in addition to other international engagement and via Andrew Bailey's leadership of the Financial Stability Board (FSB), prioritising work with international standard-setters on sound practices for AI adoption, use, and innovation by financial institutions. [1 Apr 2026] #AI

DRCF: The Future of Agentic AI

The Digital Regulation Cooperation Forum (DRCF) has published a foresight paper – The Future of Agentic AI. This paper serves as a forward-looking exploration of agentic AI and how the UK regulatory frameworks can help realise the opportunities of this technology in a responsible and safe way. The paper includes: the definition of agentic AI; emerging opportunities and risks; ensuring adoption of AI agents is safe and trusted; potential future developments and regulatory considerations; and next steps.

During 2026/27, the DRCF plans horizon-scanning work on: the future of interfaces (between users/firms/digital services) and how these may be integrated into operating systems; (ii) the future of consumer robotics and physical AI, which has an important agentic component; and the consumer experience of the near-term future. Further DRCF research into consumer attitudes towards AI (including agentic) and how regulatory tools can support trusted and safe adoption is also in plan. [1 Apr 2026] #AI

FSRC publishes correspondence from BoE on unhosted stablecoin wallets and DSS

The Financial Services Regulation Committee (FSRC) has published the correspondence from Sarah Breeden, the Bank of England's (BoE's) Deputy Governor for Financial Stability, which was a follow-up to evidence given to the FSRC on 11 March. The Deputy Governor addresses two topics: unhosted stablecoin wallets and the Digital Securities Sandbox (DSS).

On unhosted stablecoin wallets, Ms Breeden explained that coinholders may choose to access their stablecoins via unhosted wallets. However, such arrangements will have to meet the relevant regulatory standards, which is likely to be challenging due to their pseudonymous nature.

For the DSS, the Deputy Governor clarified how the Bank is operating its DSS with the FCA. [30 Mar 2026] #Stablecoin

DBT publishes Smart Data Strategy policy paper – Open Banking and Open Finance

The Department for Business and Trade (DBT) has published the Smart Data 2035 policy paper which sets out the Government’s next steps to develop a smart data economy in the UK. This will involve schemes that maximise benefits for customers across the economy and that work well with one another and with the UK’s wider data ecosystem, including AI.

Banking and finance are sectors in which the Government will progress schemes. In particular, the UK Government has committed to establishing a long-term regulatory framework for Open Banking under the Data (Use and Access) Act 2025. Oversight is to transition to the FCA, with the intention that this will ensure the scheme’s continued evolution. The Government will consult on the Open Banking scheme in early 2026, and subject to consultation outcomes, will lay regulations for Open Banking as soon as parliamentary time allows.

The FCA is also working on development of a Smart Data Accelerator to support experimentation and innovation. The regulator will publish a Roadmap for Open Finance in March 2026; the Government will build on this, setting out its next steps for Open Finance in Summer 2026. [30 Mar 2026] #OpenBanking #OpenFinance #SmartData

Europe

EIOPA publishes Third Report on the application of the IDD

EIOPA has published its third report on the application of the Insurance Distribution Directive (IDD). Among others matters, the report examines:

• changes in insurance intermediaries' market structure;
• developments in cross-border activity;
• the quality of advice and selling methods;
• the impact of the IDD on insurance intermediaries that are small and medium-sized enterprises (SMEs); and
• whether competent authorities are sufficiently empowered and have adequate resources to carry out their tasks.

EIOPA has concluded that the IDD continues to provide minimum standards for fair and transparent insurance distribution across the EU. However, ongoing challenges in digitalisation (in particular AI), sales processes and the integration of sustainability preferences, require continued attention. [31 Mar 2026] #AI

Eurosystem sets out comprehensive strategy for future of European payments

The Eurosystem has published its comprehensive payments strategy outlining its vision for the evolution of payments in the EU. It complements the Eurosystem’s cash strategy and extends the Eurosystem’s retail payments strategy by covering wholesale, business-to-business and cross-border payments.

The strategy has four main strategic aims:

• maintaining the key role of central bank money in retail and wholesale markets to ensure the effectiveness of monetary policy, financial stability and the smooth functioning of payment systems;
• making Europe’s payment system more robust and autonomous;
• encouraging more integrated, innovative and competitive payments for people and businesses; and
• supporting the international role of the euro.

The strategy brings together all major Eurosystem initiatives – the digital euro, the work on Pontes (which links DLT and TARGET) and Appia (which focuses on tokenisation), as well as enhancements to cross‑border payments – in a comprehensive framework to ensure that central bank money adapts to the digital age while supporting private sector initiatives in both the wholesale and retail space. [31 Mar 2026] #Payments #DigitalEuro

Australia

ASIC enforcement: Court orders Binance Australia Derivatives to pay $10 million penalty

The Federal Court has ordered Oztures Trading Pty Ltd (trading as Binance Australia Derivatives) (Binance) to pay a $10 million pecuniary penalty after misclassifying more than 85% of its Australian client base between July 2022 to April 2023, resulting in more than $12 million in losses and fees. Earlier in 2023, ASIC also oversaw approximately $13.1 million in compensation from Binance to the affected clients, and cancelled the AFS licence held by Binance.

ASIC commenced civil penalty proceedings against Binance in December 2024. Binance admitted to all contraventions alleged by ASIC, including to serious failures in Binance’s client onboarding and classification systems, which were exacerbated by poor staff training and inadequate oversight by senior compliance staff. These failures in Binance’s classification system left more than 85% of their Australian customer base exposed to high-risk crypto products which they should not have been able to access, and without consumer protections or rights.

Alongside the financial penalty, the Court has ordered Binance to contribute to ASIC’s legal costs. [27 Mar 2026] #Crypto

Hong Kong

HKMA shares good practices for addressing vulnerabilities relating to operational resilience

The HKMA has issued a circular to share good risk management practices observed from its ongoing supervision and industry engagement, to provide practical reference to the industry for addressing vulnerabilities related to operational resilience.

All authorised institutions (AIs) are noted to have made substantial progress in developing and implementing related frameworks in line with the Supervisory Policy Manual module OR-2 'Operational Resilience'.  The HKMA has closely engaged with the AIs, and while the initial efforts centred on refining mapping and scenario testing approaches, AIs’ attentions have naturally re-focused during the 'last mile', such as assessing residual risks and vulnerabilities in order to secure full operational resilience by 31 May 2026.

The HKMA will continue to provide supervisory support leading up to 31 May 2026, after which the supervisory focus will shift to supporting AIs to continually uplift and sustain their operational resilience posture.

The HKMA has set out the good industry practices in an Annex.  AIs are encouraged to consider their applicability and take timely action to enhance risk management practices where appropriate.  The good practices cover the following aspects:

• Information and communication technology (ICT) risk management – Incorporating 'resilience by design' principles within ICT risk management, enhancing the resilience and recovery of key ICT supporting assets, and updating ICT risk management frameworks using a 'resilience-first' mindset.
• Cyber security risk management – Enhancing risk management capabilities across the full cyber risk management lifecycle, leveraging both individual capabilities and broader ecosystem collaboration.
• Third‑party dependency management – Incorporating operational resilience considerations within the third-party risk management framework.
• Business continuity planning (BCP), testing and incident management – Enhancing BCP and testing arrangements, as well as incident management programmes to reflect operational resilience considerations, with a view to narrow recovery timelines and afford greater buffer to stay within the tolerances for disruption set.  [1 Apr 2026] #OperationalResilience #Cybersecurity

Thailand

SECT amends regulations to accommodate tokenised funds

The Securities and Exchange Commission Thailand (SECT) has amended certain regulations to accommodate the sale and redemption of mutual fund units issued in tokenised form. The changes are intended to enable faster transaction processing and to enhance clarity and appropriateness. [2 Apr 2026] #Tokensiation

India

RBI: Payments Vision 2028

The RBI has published the Payments Vision 2028 outlining 15 initiatives that will be undertaken over the next three years. The document focuses on user empowerment, strengthening safeguards against fraud, enhancing efficiency of cross-border payment frameworks and promoting ease of doing business, among others. [27 Mar 2026] #Payments

US

FINRA launches portal to tackle cyber and fraud threats, coordinate responses

FINRA has announced the launch of the Financial Intelligence Fusion Center (FIFC). The FIFC is a secure portal for FINRA and its member firms to share cybersecurity and fraud threat intelligence, and to coordinate responses. [Mar 31 2026] #Cybersecurity

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.