Executive Summary

This week’s regulatory landscape was driven by three dominant themes: the deepening focus on Artificial Intelligence governance, significant progress in EU data sharing frameworks, and a landmark consumer protection initiative in the UK. International bodies like the FSB and G7 are signalling a move towards harmonised monitoring of AI, demanding that firms strengthen internal governance around model risk, third-party dependencies, and cybersecurity. 

Concurrently, the EU is advancing its Better Data Sharing Regulation to streamline supervisory reporting. The most immediate high-impact development comes from the UK’s FCA, which has proposed a major compensation scheme for the motor finance industry, creating significant financial and operational risk for affected firms. Other key developments include ongoing work in financial crime, with a focus on crypto-assets, and the continued transition of EU regulations into UK rulebooks.

1. Introduction

This report provides a summary of key regulatory developments and their implications for risk and compliance functions within the financial services sector for the week ending 10 October 2025. The week was dominated by significant publications on the adoption and risks of Artificial Intelligence (AI), essential strides in EU data sharing frameworks, and a landmark consultation in the UK on consumer redress for motor finance agreements. Other notable areas include financial crime, cybersecurity, and ongoing reforms in markets and payments regulation.

2. Artificial Intelligence, Technology, and Cyber Security

The rapid evolution of AI and its integration into financial services remains a primary focus for international and national regulators.

• FSB Report on Monitoring AI Adoption: The Financial Stability Board (FSB) published a pivotal report on monitoring AI adoption and its associated vulnerabilities.

  • Key Findings: While most jurisdictions are collecting data, many are in the early stages of monitoring AI-related vulnerabilities. The FSB highlights that mapping indicators to specific risks is crucial as AI adoption evolves.

  • Risk & Compliance Implications: Firms must be prepared for increased supervisory scrutiny of their AI usage. Key risk areas identified include third-party dependencies (especially with generative AI), market correlations, model risk, data governance, and cyber risks. The report signals a move towards more robust and harmonised monitoring frameworks, requiring firms to enhance their own internal governance and risk management for AI systems.

• G7 Statement on AI and Cyber Security: The G7 Cyber Expert Group (CEG) issued a statement raising awareness of AI’s dual role in cyber security—both as a tool for defence and a potential amplifier of threats.

  • Risk & Compliance Implications: The CEG encourages financial institutions to update risk frameworks to reflect AI-specific cyber vulnerabilities. Compliance and security teams should review incident response plans to account for AI-enhanced attacks. A critical takeaway is the need for adequate in-house expertise to evaluate and monitor AI use, as a significant incident at a primary AI provider could have systemic effects.

3. Data Sharing, Reporting, and Open Finance

Regulators are actively working to streamline data flows to enhance supervision while reducing the reporting burden on firms.

• EU Better Data Sharing Regulation: The proposed Regulation moved closer to final adoption after the European Parliament approved the Council’s position.

  • Key Findings: The regulation aims to facilitate better information sharing between EU authorities (including ESRB, EBA, EIOPA, ESMA, and AMLA) and reduce duplicative data requests to financial institutions.

  • Risk & Compliance Implications: While the primary goal is to ease the burden on firms, the implementation will require adjustments to reporting systems and processes to align with the new, more efficient data-sharing channels.

• FCA on Open Banking and Open Finance: The FCA published a research note and outlined its next steps, signalling a continued commitment to expanding data-sharing frameworks.

  • Risk & Compliance Implications: The FCA is actively exploring the use of AI and blockchain to support open finance infrastructure. Firms should monitor the development of the open finance roadmap (due by March 2026) and the introduction of commercial Variable Recurring Payments (VRPs), which will present new opportunities and associated operational and conduct risks.

4. Financial Crime (AML/CTF)

Anti-money laundering and countering the financing of terrorism (AML/CTF) supervision continues to be a priority, particularly in the context of emerging technologies.

• EBA Report on AML/CTF Banking Supervision: The EBA’s final stocktake report acknowledged significant progress in CAs’ risk-based approach to AML/CTF supervision but highlighted areas for improvement.

  • Risk & Compliance Implications: The findings provide a clear indication of future supervisory focus, which will be inherited by the new Anti-Money Laundering Authority (AMLA). Firms can expect continued pressure to ensure their AML frameworks are robust, particularly concerning supervisory strategies and comprehensive planning.

• EBA Report on Cryptoasset ML/TF Risks: The EBA published a report on lessons learned in tackling ML/TF risks in crypto services.

  • Risk & Compliance Implications: The report highlights attempts by some crypto firms to circumvent regulation. It reinforces that the MiCA authorisation process will act as a critical “gatekeeper,” requiring crypto-asset service providers to demonstrate robust AML/CTF controls before being granted a license.

• UK ECCTA Guidance Updated: The UK government updated its guidance on the information-sharing provisions within the Economic Crime and Corporate Transparency Act 2023 (ECCTA).

  • Risk & Compliance Implications: This guidance provides clarity for regulated firms on how to voluntarily share customer information to combat economic crime while remaining compliant with data protection laws like UK GDPR. Compliance teams should review this guidance to leverage these provisions effectively.

5. Markets, Investments, and Infrastructure

Significant developments occurred in the regulation of EU and UK markets, focusing on post-trade infrastructure, crypto-assets, and organisational requirements.

• ESMA Statement on MiFID II / MiFIR Amendments: ESMA provided practical guidance for firms on the application of recently amended provisions, including the new single volume cap mechanism and revised transparency rules.

  • Risk & Compliance Implications: This is a critical update for trading and compliance functions. Firms must ensure they are prepared to comply with the revised rules for the SI regime, position reporting for commodity derivatives, and new transparency requirements, regardless of the timing of related Level 2 legislation.

• UK Digitisation of Shareholdings: The government established the Dematerialisation Market Action Taskforce (DEMAT) to oversee the replacement of paper-based share certificates with digitised registers.

  • Risk & Compliance Implications: This long-term project will require significant operational changes for issuers, registrars, and intermediaries. The goal is to complete the first step (eliminating paper certificates) before the end of 2027.

• FCA & PRA Policy Statements on MiFID Org Regulation: The regulators confirmed they will proceed with restating the MiFID Org Regulation into their respective rulebooks, with an intended implementation date of 23 October 2025.

  • Risk & Compliance Implications: Firms must prepare for the transition from the retained EU regulation to the new FCA Handbook and PRA Rulebook provisions. This is a key step in the UK’s Smarter Regulatory Framework programme.

#FinancialRegulation #RiskManagement #Compliance #FSB #FCA #RegTech #AIgovernance #ConsumerCredit #MiCA #OpenFinance