Risk & Compliance Report For the Weekending 21 November 2025

Executive Summary

Substantive structural developments across multiple jurisdictions characterised the regulatory landscape for the week ending 21 November 2025. In the United Kingdom, the Financial Conduct Authority (FCA) has launched a consultation on the 2026/27 fee structure, while HM Treasury has formally signalled the transition to a T+1 settlement cycle by October 2027. Concurrently, the European Union is advancing a comprehensive reform of the Sustainable Finance Disclosure Regulation (SFDR) to enhance market transparency and mitigate greenwashing risks. Across all observed regions, the operationalisation of digital resilience frameworks (DORA) and the clarification of the legal status of digital assets remain preeminent strategic priorities.

1. FCA Fees & Levies Consultation (CP25/33)

Jurisdiction: United Kingdom | Source: Financial Conduct Authority (FCA)

The FCA has published Consultation Paper 25/33 (CP25/33), outlining policy proposals for regulatory fees and levies for the 2026/27 financial year. This consultation represents a critical planning juncture for regulated entities.

Key Policy Proposals

• PISCES & Cryptoasset Frameworks: The Regulator has proposed distinct fee structures for the Private Intermittent Securities and Capital Exchange System (PISCES) and for cryptoasset firms. Specific focus is placed on application fees and the recalibration of deferred payment credit fees.

• Financial Ombudsman Service (FOS) Scope: Following industry feedback, the FCA has elected to retain the existing definition of “relevant business” for FOS reporting purposes. The proposal to expand this definition to encompass non-consumer complainants has been shelved.

• Invoice Settlement Terms: In a joint initiative with the Prudential Regulation Authority (PRA), amendments are proposed regarding invoice due dates for firms with aggregate annual fees exceeding £50,000.

• Cross-Border Arrangements: The FCA confirmed that incoming Swiss firms operating under the Berne Financial Services Agreement will remain exempt from specific regulatory fees.

Strategic Compliance Considerations

• Financial Planning: It is recommended that Finance and Compliance functions conduct a preliminary impact assessment of the proposed 2026/27 fee blocks to ensure accurate budgetary forecasting.

• Market Entry Strategy: Firms contemplating entry into the cryptoasset space or expansion of existing permissions should evaluate the implications of the revised application fee structures.

• Regulatory Reporting: Teams may cease preparatory work related to the reporting of “relevant business” for non-consumer complainants, aligning internal procedures with the decision to maintain the status quo.

• Consultation Timeline: Responses to the consultation are due by 16 January 2026, with a priority deadline of 9 January 2026 for targeted support proposals.

2. Operational Resilience & Technology Infrastructure

Jurisdiction: EU, UK | Source: ESAs, ECB, HM Treasury

Regulatory Developments

• DORA Implementation (EU): The European Supervisory Authorities (ESAs) have formally published the designated list of Critical ICT Third-Party Service Providers (CTPPs), marking a pivotal step in the oversight regime.

• TIBER-EU Framework (EU): The European Central Bank (ECB) has released an implementation guide regarding Threat Intelligence-based Ethical Red Teaming (TIBER-EU), tailored explicitly for significant institutions.

• Settlement Cycle Compression (UK): HM Treasury has released a draft statutory instrument mandating the migration to a T+1 settlement cycle, with a definitive compliance deadline of 11 October 2027.

Compliance & Risk Implications

• Third-Party Risk Management (TPRM): Regulated entities are advised to reconcile their ICT vendor inventories against the ESAs’ CTPP designations. Engagement with designated critical vendors should be prioritised to assess potential impacts on Service Level Agreements (SLAs) arising from direct supervisory oversight.

• Cyber Resilience Assurance: Significant institutions within the EU jurisdiction should review their Threat-Led Penetration Testing (TLPT) protocols to ensure complete alignment with the enhanced TIBER-EU guidance.

• Operations & Technology Transformation: UK-based investment firms and custodians should commence or accelerate strategic change programs to upgrade technology stacks and liquidity management workflows to accommodate the compressed T+1 settlement timeframe.

3. ESG & Sustainable Finance Disclosure

Jurisdiction: European Union | Source: European Commission

Regulatory Developments

• SFDR Structural Reform: The European Commission has adopted a legislative proposal to amend the Sustainable Finance Disclosure Regulation (SFDR).

  • Proportionality Measures: The proposal removes entity-level disclosure requirements for smaller market participants, retaining them only for the largest Financial Market Participants (FMPs).

  • Categorisation Framework: The complex Article 8 and 9 classifications are proposed to be replaced with three voluntary, distinct categories: Sustainable, Transition, and ESG Basics.

  • Strategic Objective: These amendments aim to simplify the disclosure landscape and rigorously address valid concerns regarding greenwashing and labelling ambiguity.

Strategic Compliance Considerations

• Product Governance: Asset managers with EU exposure should consider a moratorium on significant re-papering exercises for existing Article 8/9 funds pending finalisation of the “Sustainable/Transition” categorisation definitions.

• Regulatory Divergence Analysis: Compliance functions should undertake a gap analysis between the proposed EU categories and the UK’s Sustainability Disclosure Requirements (SDR) labels to mitigate regulatory divergence risks and ensure coherent cross-border product distribution strategies.

4. Prudential Risk, Capital & Liquidity Management

Jurisdiction: UK, EU, International | Source: PRA, HM Treasury, BCBS

Regulatory Developments

• Depositor Protection (UK): The PRA has confirmed an increase in the Financial Services Compensation Scheme (FSCS) deposit protection limit from £85,000 to £120,000, effective 1 December 2025.

• Life Insurance Stress Testing (UK): While the sector demonstrated resilience in recent stress tests, the PRA has highlighted specific prudential concerns regarding Funded Reinsurance (FundedRe) recapture risks under severe stress scenarios.

• Market Risk / FRTB (EU): The European Commission has issued a call for evidence on the potential postponement of market risk capital requirements, seeking to align implementation timelines with those of the US and UK.

Compliance & Risk Implications

• System & Disclosure Readiness: UK banking institutions must ensure Single Customer View (SCV) systems are calibrated for the £120,000 limit by 1 December 2025, with updated customer disclosure materials required by 31 May 2026.

• Reinsurance Capital Treatment: Life insurers utilising FundedRe structures should anticipate heightened supervisory scrutiny and review their capital treatment and recapture plans accordingly.

• Capital Adequacy Planning: EU-based institutions should closely monitor the legislative timeline for the Market Risk Delegation Act (expected in March 2026) to optimise capital planning and ensure a level playing field.

5. Financial Crime & Market Conduct

Jurisdiction: UK | Source: High Court, NCA, JMLSG, FCA

Regulatory Developments

• Quincecare Duty Jurisprudence: The High Court, in the Arena TV case, denied a summary judgment application by defendant banks regarding Quincecare duty claims. The ruling underscored that corporate agents (directors) cannot possess actual authority to defraud the principal, potentially exposing banks to liability for processing payment instructions from fraudulent directors.

• Digital Assets Legislation: The Property (Digital Assets etc) Bill has passed its third reading, establishing a formal legal precedent that digital assets constitute personal property.

• Transaction Reporting Reform (CP25/32): The FCA has proposed rationalising the MiFIR reporting regime, including reducing data fields and removing reporting obligations for FX derivatives and instruments traded exclusively in the EU.

Compliance & Risk Implications

• Payment Authorisation Controls: Financial institutions should review “red flag” parameters for corporate payments. The ruling suggests that reliance on “authorised signatory” mandates may be an insufficient defence where the instruction itself furthers a fraud that should have been detectable.

• Asset Recovery & Collateral: Legal departments should update collateral management frameworks to leverage the enhanced legal certainty regarding cryptoassets as property, particularly for lien and recovery purposes.

• Reporting Architecture: Transaction reporting teams are advised to review the proposed reductions in data fields. While intended as a simplification, implementation will likely require substantial re-engineering of reporting engines upon finalisation in 2026.

Summary of Critical Deadlines

#FinancialRegulation #ComplianceStrategy #Tplus1 #SFDR #OperationalResilience #FCA #DORA