top of page
Search

Risk and Compliance Report: Week Ending 1 August 2025

Executive Summary


The week ending 1 August 2025 saw significant regulatory activity across the UK and the European Union, spanning digital assets, prudential requirements, financial crime, consumer protection, and sustainability.


In the UK, the Financial Conduct Authority (FCA) finalised a significant policy shift by lifting the ban on retail access to particular cryptoasset Exchange Traded Notes (cETNs), introducing stringent marketing restrictions. The Prudential Regulation Authority (PRA) continued refining the post-Brexit framework, consulting on the migration of UK CRR definitions and adjusting implementation timelines for specific Pillar 2A reforms. Enforcement actions highlighted persistent failures in transaction reporting and governance within third-country branches.


In the EU, the focus remained on implementing the CRR III/CRD VI package and addressing ESG requirements. The European Commission issued a recommendation on voluntary sustainability reporting for SMEs to ease the burden of value chain due diligence under the CSRD. The European Banking Authority (EBA) consulted on new reporting requirements for third-country branches. It issued a critical opinion on ML/TF risks, emphasising challenges posed by AI, FinTech, and cryptoassets. The European Central Bank (ECB) updated its guide on internal models, notably addressing supervisory expectations for the use of machine learning.

ree

Section 1: United Kingdom


1.1. Markets, Conduct, and Cryptoassets


FCA Lifts Ban on Retail Access to Cryptoasset ETNs (cETNs)


The FCA published Handbook Notice 132, confirming that from 8 October 2025, the ban on the sale, distribution, and marketing of certain cETNs to retail clients will be lifted. This applies only to cETNs admitted to trading on a UK Recognised Investment Exchange (RIE).


  • Risk and Compliance Considerations: These products will be classified as Restricted Mass Market Investments (RMMIs). Firms intending to distribute these products must urgently update their frameworks to comply with RMMI restrictions, including implementing robust appropriateness testing and mandatory risk warnings. Firms must disclose that these products are excluded from the Financial Services Compensation Scheme (FSCS).


FCA Review of Digital Design in Consumer Credit


The FCA published findings on consumer credit providers' use of digital channels, emphasising the impact of online design on customer outcomes under the Consumer Duty.


  • Risk and Compliance Considerations: Firms across all sectors must critically evaluate their digital acquisition journeys. The FCA expects firms to avoid designs that exploit behavioural biases (sludge practices), incorporate "positive friction" to ensure customers understand key information, and utilise Management Information (MI) to monitor how customers engage with digital processes.


Motor Finance Discretionary Commission Arrangements


Regulatory and litigation activity continues in the motor finance sector. The FCA and the Solicitors Regulation Authority (SRA) warned Claims Management Companies (CMCs) and law firms about poor practices, including speculative advertising and inadequate disclosure of potential free redress options.


Concurrently, the Competition Appeal Tribunal (CAT) further extended the stay on the Doug Taylor collective proceedings until 31 October 2025.


  • Risk and Compliance Considerations: This signals continued scrutiny ahead of a potential FCA-mandated redress scheme. CMCs must ensure transparency regarding fees and the availability of free redress channels. Motor finance firms should continue preparations for handling claims and potential redress.


1.2. Prudential Regulation


PRA Consults on Restating UK CRR Definitions (CP19/25)


The PRA is consulting on restating definitions from the UK Capital Requirements Regulation (UK CRR) into the PRA Rulebook, as part of the transition to the FSMA model.


  • Risk and Compliance Considerations: While essentially a restatement without substantive policy changes, firms should review the targeted improvements and clarifications. Implementation is proposed alongside Basel 3.1 on 1 January 2027.


PRA Revises Pillar 2A Implementation Date and Extends Consultation


The PRA has delayed the implementation of proposed reforms related to pension obligation risk, market risk, and counterparty credit risk (from CP12/25) to 1 July 2026 (previously March 2026). The consultation deadline was also extended to 30 September 2025.


  • Risk and Compliance Considerations: Firms must adjust their implementation project plans. The implementation date for credit risk and operational risk proposals remains 1 January 2027.


FPC Finalises O-SII Buffer Framework Amendments


The Financial Policy Committee (FPC) finalised changes to the framework for the Other Systemically Important Institutions (O-SII) buffer, indexing the thresholds that determine buffer rates by 27% for 2025 onwards, effective immediately.


  • Risk and Compliance Considerations: Affected ring-fenced banks and large building societies must immediately incorporate the updated thresholds into their capital planning for rates applying from 1 January 2026.


PRA Discussion Paper on IRB Approach for Residential Mortgages (DP1/25)


The PRA published a discussion paper exploring options to facilitate the adoption of the Internal Ratings Based (IRB) approach by medium-sized firms for residential mortgages, including a potential Foundation IRB (FIRB) approach with PRA-prescribed LGD values.


  • Risk and Compliance Considerations: This could reduce the modelling burden for smaller firms, potentially enhancing competition and improving capital efficiency in the mortgage market.


1.3. Financial Crime


Increase in POCA Exemption Thresholds


The government published updated guidance on the Proceeds of Crime Act 2002 (POCA), reflecting an increase in the threshold amount for certain money laundering exemptions from £1,000 to £3,000, effective 31 July 2025.


  • Risk and Compliance Considerations: This threshold applies to the 'operating an account' exemption and the 'paying away' exemption (when ending a customer relationship). Firms must update their AML policies and operational procedures regarding the submission of Defence Against Money Laundering (DAML) SARs for low-value transactions.


1.4. Payments Infrastructure


BoE Consults on Longer RTGS and CHAPS Operating Hours


The Bank of England (BoE) is consulting on extending operating hours, proposing that CHAPS opens at 1:30 am starting in H2 2027, as a step toward near 24/7 settlement.


  • Risk and Compliance Considerations: This proposal carries substantial implications for participants, requiring a review of operational capacity, technology resilience, staffing models, and intraday liquidity management strategies.


1.5. Enforcement and Governance


FCA Fines Broker for Transaction Reporting Failures


The FCA fined Sigma Broking Ltd £1,087,300 for failing to submit complete and accurate transaction reports under UK MiFIR. The firm submitted over 924,000 incorrect reports between 2018 and 2023.


  • Risk and Compliance Considerations: This is the second enforcement action against Sigma for this issue, highlighting the FCA's intolerance for repeated failures and the significantly increased penalties for recidivism. Firms must ensure robust system configurations and ongoing monitoring processes.


PRA Fines Reinsurer for Governance Failures


The PRA fined the London branch of Barents Reinsurance SA £1.785 million for internal controls, governance, and reporting failures while operating in the Temporary Permissions Regime (TPR), noting inadequate preparation for the post-Brexit regulatory impact.


  • Risk and Compliance Considerations: This emphasises that third-country branches must have governance and controls proportionate to their UK operations and must ensure full compliance with the UK regulatory framework.


Section 2: European Union


2.1. Sustainability (ESG)


Voluntary Sustainability Reporting Standard for SMEs


The European Commission adopted a Recommendation on a voluntary sustainability reporting standard for non-listed SMEs (based on EFRAG’s VSME).


  • Risk and Compliance Considerations: This is an interim measure to reduce the "trickle-down effect" of the Corporate Sustainability Reporting Directive (CSRD) on supply chains. Large undertakings subject to CSRD are encouraged to limit their sustainability information requests from SME suppliers to the data points in this voluntary standard, potentially streamlining supply chain due diligence.


2.2. Prudential Regulation and Supervision


EBA Consults on Third-Country Branch (TCB) Reporting


The EBA published a consultation on draft Implementing Technical Standards (ITS) for the supervisory reporting of TCBs under the new CRD VI framework.


  • Risk and Compliance Considerations: Non-EU banks operating in the EU face significant new reporting obligations. The proposed framework requires detailed reporting on both the TCB and its Head Undertaking, applying a proportionate approach based on TCB classification (Class 1 and Class 2). The first reference date is expected in December 2026.


ECB Revised Guide to Internal Models


The ECB published a revised guide to internal models under the Single Supervisory Mechanism (SSM), incorporating CRR III updates.


  • Risk and Compliance Considerations: A key update is the inclusion of supervisory expectations for the use of machine learning (ML) techniques in internal models. Firms using AI/ML must ensure models are adequately explainable and that their complexity is justified by performance.


RTS on Extraordinary Circumstances for Internal Models Published


Delegated Regulation (EU) 2025/789 was published in the Official Journal, specifying the RTS for determining "extraordinary circumstances." This clarifies when competent authorities may permit temporary non-compliance with specific internal model requirements under CRR. It enters into force on 21 August 2025.


2.3. Financial Crime


EBA Opinion on ML/TF Risks


The EBA published its fifth opinion on the risks of Money Laundering (ML) and Terrorist Financing (TF) affecting the EU financial sector.


  • Risk and Compliance Considerations: The EBA highlighted several key emerging risks requiring enhanced controls:

    • Artificial Intelligence (AI): New risks are emerging from the use of AI for ML and fraud. Institutions must develop capabilities to detect AI-driven attacks and ensure robust governance and monitoring for their own AI deployments.

    • FinTech: Concerns were raised that many FinTech firms lack the necessary expertise and governance structures to manage ML/TF risks effectively, particularly concerning cybercrime and Customer Due Diligence (CDD).

    • Cryptoassets: Risks remain high during the transition to the MiCA regulatory framework.

    • Sanctions: The increasing complexity of EU sanctions continues to pose significant compliance challenges.


 
 
 

Comments

bottom of page