FinTech Matters - July 2025

FCA launches new Handbook website

On 4 July 2025, the FCA published a press release announcing it has launched a new website to host its Handbook of rules and guidance. It also published a related how-to-guide and FAQs.

The FCA highlights the following key points relating to the new website:

• The structure and content will remain the same.

• It is currently available as a beta version. Users can continue to access the existing Handbook website while the FCA ensures that the new one works as expected. Both of the Handbook websites will be updated as normal.

• While in beta phase, the FCA will continue to test and refine the website. It welcomes feedback.

• It expects to fully roll out the new Handbook website later in the year.

• Users with an account on the current Handbook website will need to create a new account on the new Handbook website. This will enable a user to "favourite" key parts of the Handbook and sign up to alerts.

FCA final policy and further consultation paper on tackling non-financial misconduct in financial services

On 2 July 2025, the FCA confirmed its final policy and published a further consultation paper (CP25/18) on tackling non-financial misconduct (NFM) in financial services.

The FCA is introducing a new rule that will amend the scope of COCON as it applies to non-banks. The rule, which applies from 1 September 2026, will bring more instances of NFM within its regulatory remit and will align the approach the FCA takes across all Senior Manager and Certification Regime (SMCR) firms.

The FCA is also seeking views on whether additional guidance in COCON and FIT is needed and, if so, on the form any such guidance should take. The draft guidance explains in more detail how NFM forms part of the fit and proper test in the Senior Personnel sourcebook (FIT), applying to SMCR firms. 

The consultation is open until 10 September 2025 and the FCA intends to set out its final regulatory approach before the end of the year.

FOS annual complaints data and insight for 2024/25

On 2 July 2025, the FOS published its annual complaints data and insight for 2024/25 which covers complaints data for individual business for the period 1 April 2024 to 31 March 2025.

Complaints have significantly increased with 305,726 new complaints in 2024/25 compared to 198,798 in 2023/24. In 2024/25, the FOS upheld 34% of complaints in the consumers' favour, compared to 37% in 2023/24. Around 27% of complaints brought by professional representatives were upheld, while around 37% of cases brought directly by consumers were upheld.

The FOS also published its:

• Annual report and accounts for 2024/25

• Quarterly complaints data on financial products and services for 2024/25. Between January and March 2025, the FOS received 87,692 new complaints about financial products. On average it upheld 33% of the complaints resolved in Q4 2024/25. The most complained-about product was hire-purchase (motor) followed by current accounts and credit cards.

UK digital regulators to launch new 'one stop' tool to boost UK's FinTech sector

On 1 July 2025, the government announced a partnership between the Regulatory Innovation Office and the Digital Regulation Cooperation Forum (DRCF) to develop a unified digital library, aiming to simplify access to digital policy and regulation for innovators and help businesses focus on growth and innovation.

The DRCF welcomed the initiative in a press statement published on 2 July 2025. Nathalie Lowe, DRCF Director of Projects, said: “The UK is a leading FinTech hub, and we know that when fintechs can understand rules quickly, and with confidence, they can focus on building, scaling and delivering value. By making regulatory support more accessible and easier to use, we’re helping to ensure the UK remains the best place to build the future of financial technology.”

The DRCF was established in July 2020 and brings together four regulators: the Competition and Markets Authority, the Financial Conduct Authority, the Information Commissioner's Office and the Office of Communications.

In April 2024, the DRCF launched a one-year AI and Digital Hub pilot, to give innovators the opportunity to receive informal advice relating to new products, services or business models. The pilot has now closed. The DRCF has published a number of case studies, which summarise some of the advice given.

The Regulatory Innovation Office was launched in October 2024 – see our article here.

Annual reports on whistleblowing disclosures: 2024/25

On 27 June 2025, the Bank of England (BoE) and the PRA published their 2024/25 annual report under the Prescribed Persons (Reports on Disclosures of Information) Regulations 2017 (Regulations). On 24 June 2025, the FCA published its 2024/25 annual report on the whistleblowing disclosures made to it under the Regulations. The regulators' reports cover whistleblowing disclosures made during the period 1 April 2024 to 31 March 2025.

The BoE and PRA received 264 disclosures that were subject to assessment, 252 of which were protected disclosures under the Employment Rights Act 1996. The report contains three case studies that the BoE and PRA describe as anonymised examples of the concerns reported and the action taken by their Whistleblowing Team. The case studies cover risk management, governance failings and financial irregularities.

The FCA received and assessed 1,131 new whistleblower reports, which resulted in 2,684 separate allegations. Overall, 51% of all reviews concluded within the reporting period resulted in direct action. The top ten allegations related to: compliance, fitness and propriety, consumer detriment, culture of the organisation, Consumer Duty, systems and controls, fraud, data security, unauthorised business, and the Financial Services and Markets Act 2000 (FSMA).

UK modern industrial strategy: financial services aspects

On 23 June 2025, the UK government published the UK's Modern Industrial Strategy 2025, a ten-year plan intended to increase business investment and grow the industries of the future.

The government intends to focus on eight sectors that it considers having the highest potential for growth, one of which is the financial services sector. Its aim is that, by 2035, the UK will be the location of choice for financial services firms to invest, grow and sell their services to the world, with the sector increasing its contribution of exports to UK gross value added. The government provides some indication as to the contents of the financial services sector plan, which will be published on 15 July 2025 alongside the Mansion House address.

In the Industrial Strategy, the government confirmed that:

• Wholesale services, capital markets, FinTech, insurance and reinsurance markets, and sustainable finance are the subsectors that will be priority growth opportunities in the sector plan.

• HM Treasury will consult in summer 2025 on consolidating the Payment Systems Regulator (PSR) and its functions within the FCA.

• The sector plan will set out the conclusions of HM Treasury's review of the Financial Ombudsman Service (FOS) and establish a bespoke financial services concierge service for international firms. HM Treasury announced these initiatives in March 2025 as part of its Action Plan for ensuring regulators and regulation support growth – see our article.

Data (Use and Access) Act 2025

The Data (Use and Access) Act 2025 (Act) received Royal Assent on 19 June 2025.

Please see our overview of the Act here, and a more detailed article here.

Sections 14 to 17 of the Act specifically address the financial services sector, aiming to transition regulatory oversight of the open banking interface from the CMA to the FCA and extend its benefits to an open finance scheme. Open banking allows consumers and small businesses to share their transaction data securely with third parties for various services. For further details, please see our November 2024 update.

House of Lords Financial Services Regulation Committee report on FCA and PRA secondary growth and competitiveness objective

On 13 June 2025, the House of Lords Financial Services Regulation Committee published its report on the FCA and PRA secondary objective of facilitating the UK economy's growth and international competitiveness.

The report investigates how far regulators have progressed in supporting growth in the financial services sector and in the wider UK economy since the introduction of their secondary international competitiveness and growth objective.

The report identifies a lack of rigorous evidence or sufficient understanding as to the link between financial services regulation and growth in the wider economy. The Committee also concludes that a variety of issues have created unnecessary frictions to firms' ability to grow, innovate, and compete, identifying pervasive risk aversion, regulatory uncertainty and inefficiency in the regulatory system.

The Committee makes a large number of recommendations, including:

• The government should commission an independent study to assess the cumulative cost of compliance in the sector relative to international jurisdictions, with the aim of identifying where regulatory overlap can be eliminated. 

• The regulators should develop a rigorous approach to assess the burden of compliance on firms and do more to improve supervisory staff's practical understanding of firms.

• The focus of any redress framework reform should ensure that FCA and FOS views on regulatory requirements are consistent, including on the Consumer Duty. The FOS cannot continue to function as a quasi-regulator. Rather than examining major complex issues, the FOS' remit must be brought closer in line with its original mandate, to provide swift redress. 

• The FCA must work swiftly to remove requirements which are redundant or duplicative, to provide firms with the certainty and clarity they need to maximise the benefits of the Consumer Duty. 

• The PRA should consider whether a more proportionate and tailored approach could be applied to determining capital requirements for domestic lenders, rather than applying the Basel standards to all UK domestic lenders.

The Committee asks the regulators to report on how they have responded to the recommendations within 12 months.

FSCS lists firms declared in default in April and May 2025

On 11 June 2025, the Financial Services Compensation Scheme (FSCS) published a press release confirming the 12 firms which were declared in default in April and May 2025. The press release provides practical information for customers owed money by regulated financial firms that are no longer trading and cannot pay a customer's claim. If certain requirements are met, the FSCS may be able to pay compensation.

FCA appoints Deputy Chief Executive to manage growing remit, support growth and drive reform

On 10 June 2025, the FCA published a press release announcing that it has appointed Sarah Pritchard as FCA Deputy Chief Executive to manage its growing remit, support growth and drive reform.

Ms Pritchard joined the FCA in June 2021 to jointly lead the supervision, policy and competition division. Having previously led the FCA's market function, she has most recently been responsible for consumers and competition.

The new role has been created to reflect the FCA's increasingly international focus and expanding remit, with the integration of the PSR into the FCA, the regulation of stablecoin and cryptoasset firms, as well as Buy Now Pay Later activities. There will be no immediate changes to Ms Pritchard's areas of responsibility.

FOS consults on interest that applies to compensation awards 

On 4 June 2025, the FOS published a consultation paper to amend the interest rate that applies to compensation awards. A standard discretionary interest rate of 8% currently applies to both pre-determination interest and post-determination interest. 

The FOS seeks views on proposed changes to pre-determination and post-determination interest, and suggests its preferred approach to applying: 

• a standard interest rate linked at 1% above the Bank of England (BoE) base rate, where the base rate is calculated as an average rate over the period that the money was due until the date redress the payment is made

• the new rate to new complaints submitted to the FOS from the date that the new rate is implemented.

The consultation does not propose changes to interest that forms part of a money award or any other awards an ombudsman may recommend when making a decision. The FOS also seeks views on the circumstances in which an ombudsman may ask a firm not to apply interest and on the frequency with which the FOS's approach to interest on awards should be reviewed.

The deadline for responses was 2 July 2025. The FOS intends to publish a policy statement in September 2025, with a view to implementing any change as soon as possible.

EBA publishes opinion on overlap between PSD2 and MiCA

On 10 June 2025, the EBA published an opinion (EBA/Op/2025/08) on the interplay between the revised Payment Services Directive (PSD2) and the Regulation on markets in cryptoassets (MiCA).

The letter, referred to by the EBA as a "No Action Letter", responds to a December 2024 request from the European Commission to address issues arising from the interplay between MiCA and PSD2 relating to cryptoasset service providers (CASPs) that transact electronic money tokens (EMTs).

The opinion contains advice to the Commission, the Council of the European Union, and the European Parliament on long-term resolutions to the issue of dual authorisation requirements for the activity of transacting EMTs (under PSD2 and MiCA). The EBA recommends that they make use of the ongoing legislative process for the proposals for a Directive on payment services and electronic money services (PSD3) and a Regulation on payment services (PSR).

The EBA also provides advice to national competent authorities (NCAs) on the period of two to three years during which PSD2 still applies. The EBA sets out the types of EMT transaction that are not to be regarded as payment services and which PSD2 provisions should be deprioritised for supervision and enforcement purposes.

The EBA recognises that, while its advice will result in a large number of EMT transactions not being subject to PSD2 requirements during the intervening period, any alternative advice would require a much larger number of CASPs to obtain a second authorisation, which is undesirable given the burden dual authorisation would impose.

Official Journal of the European Union publishes Delegated Regulations supplementing the Regulation on MiCA

On 10 June 2025, the following Delegated Regulations supplementing MiCA were published in the Official Journal of the European Union (OJ), concerning RTS relating to record-keeping and conflicts of interest.

• Delegated Regulation 2025/1140 regarding RTS specifying records to be kept of all cryptoasset services, activities, orders and transactions undertaken, under Article 68(10) of MiCA.

• Delegated Regulation 2025/1141 regarding RTS that specify the requirements for policies and procedures on conflicts of interest for issuers of asset-referenced tokens (ARTs), under Article 32(5) of MiCA.

• Delegated Regulation 2025/1142 regarding RTS that specify the requirements for policies and procedures on conflicts of interest for cryptoasset service providers (CASPs) and the details and methodology for the content of disclosures on conflicts of interest, under Article 72(5).

The Delegated Regulations entered into force on 30 June 2025, 20 days after their publication in the OJ.

FCA proposes removing ban on retail access to cryptoasset exchange traded notes

On 6 June 2025, the FCA published its 48th quarterly consultation paper (CP25/16). In the consultation paper, the FCA proposes lifting its ban on the retail sale, marketing and distribution of cryptoasset exchange traded notes (cETNs) where these are admitted to a UK recognised investment exchange (RIE).

In January 2021, the FCA prohibited the sale, marketing, and distribution of derivatives and exchange traded notes referencing certain types of cryptoassets to retail investors due to concerns over the risks posed by the products. In March 2025, the FCA updated its position and confirmed it would not object to requests from RIEs to create a UK-listed market segment for cETNs, available to professional investors.

Following a review of the ban, the FCA is now considering lifting these restrictions to reflect the changing market landscape and regulatory framework.

The FCA proposes to:

• Amend the prohibition on retail marketing of cryptoasset exchange traded notes (cETNs) in COBS 22.6 to remove cETNs from the scope of its ban on marketing, sale or distribution to retail customers of certain products giving exposure to cryptoassets where these products are traded on UK REIs.

• Include UK RIE cETNs within the category of restricted mass market investments (RMMIs) to ensure application of the financial promotion rules under COBS 4.12A.

• Include a new bespoke risk summary for UK RIE cETNs in COBS 4 Annex 1 and appropriate assessment considerations in COBS 10 to properly apply COBS 4.12A requirements on the promotion of RMMIs.

These changes seek to categorise all UK RIE cETNs as RMMIs, avoiding the scenario where some UK RIE cETNs may fall into a different category of product under the FCA's financial promotions rules, therefore ensuring the rules apply consistently across UK RIE cETNs. After these changes, firms will be able to offer UK RIE cETNs to retail consumers provided they have the appropriate FSMA permissions and comply with applicable requirements including financial promotions rules.

The FCA has confirmed that its ban on retail access to cryptoasset derivatives remains in place. 

The deadline for comments on the proposals was 7 July 2025.

European Commission introduces Delegated Regulation on RTS on authorisation information for issuers of ARTs under MiCA

On 6 June 2025, the European Commission adopted a Delegated Regulation containing regulatory technical standards (RTS) specifying the information in an application for authorisation to offer asset-referenced tokens (ARTs) to the public or to seek their admission to trading under MiCA.

Article 18 of MiCA contains provisions governing applications for authorisations by persons that intend to offer to the public or seek the admission to trading of ARTs, including information to be submitted with the application. The Commission has a mandate under Article 18(6) of MiCA to adopt RTS further specifying the details of this information.

The RTS covers issues including:

• the identification details of the applicant

• the applicant's programme of operations

• the applicant's internal governance arrangements and structural organisation

• the members of the applicant's management body and the applicant's shareholders or members with direct or indirect qualifying holdings.

The Council of the EU and the European Parliament will now scrutinise the Delegated Regulation, and if neither objects, the regulation will come into force 20 days after its publication in the OJ.

APPG on Fair Banking report on APP fraud

On 2 July 2025, the All-Party Parliamentary Group (APPG) on Fair Banking published a report on authorised push payment (APP) fraud (Report). The Report is a follow-up to the APPG's report on APP fraud published in April 2025, which we covered in our April 2025 edition.

The Report analyses the mandatory reimbursement requirement (MRR) established by the Payment Systems Regulator (PSR). In Q4 2025, there will be an independent one-year review assessing the impact of the MRR, as well as the PSR's wider policy approach to APP fraud. The Report sets out a number of recommendations relating to the review, which include:

• Investigating whether the £85,000 reimbursement threshold balances consumer protection and costs to PSPs, particularly as early data shows that victims in the first three months of the scheme only got back 86% of loss value.

• Engaging with the Financial Ombudsman Service (FOS) to understand the experience of customers whose complaints are not resolved or disputed under the terms of the MRR, and understand how many claims over £85,000 were successfully reimbursed after going to the FOS.

• Engaging with PSPs to understand how they are implementing the MRR, especially in terms of how the "consumer standard of caution" is applied, as well as where cases have been deemed a civil dispute.

• Engaging with PSPs to better understand the steps they have taken to improve detection and prevention. This would help the APPG assess whether further guidance, standards and support should be introduced in these areas.

• Examining whether the MRR is inadvertently shifting fraud elsewhere and if so, where, including looking outside the PSR's remit to cryptocurrency.

The Report also considers what further measures should be prioritised in the updated government Fraud Strategy to address the problem of APP fraud in a way that is comprehensive, collaborative and fair.

BoE, PRA, FCA and PSR revise MoU on regulation of UK payment systems

On 24 June 2025, the FCA published a revised version of the memorandum of understanding (MoU) between it, the Bank of England (BoE), the PRA and the Payment Systems Regulator (PSR) (the authorities) on their roles in the regulation of UK payments, together with a press release on the authorities' review of the MoU. 

The authorities have made extensive changes to the MoU, which is now structured around five principles that the authorities have committed to. These principles relate to:

• clarifying their respective roles and responsibilities to improve market participants' understanding of the regulatory landscape

• taking a holistic approach in scenarios where an authority identifies a matter of common regulatory interest and considers that a decision may have a material impact on the advancement of another authority's objectives or regulatory functions

• ensuring effective co-ordination and co-operation when exercising relevant functions in relation to matters of common regulatory interest

• sharing relevant information and advice between them, to support co-ordination and co-operation when exercising their functions

• reviewing the MoU and their co-ordination efforts on an annual basis.

The FCA has also published a webpage on how the regulatory remits of the authorities fit together in the regulation of payments in the UK. It summarises the objectives and relevant principles of the authorities and their functions and regulatory remits in respect of different types of firms in the payments industry, and the legislative basis for those functions and remits. It has also published a diagram illustrating the authorities' various workstreams and the extent to which they overlap.

The government intends to consolidate the PSR's functions largely into the FCA. The FCA states that the MoU reflects the PSR's current responsibilities and that the authorities will revise the MoU at an appropriate time.

The authorities are required under section 99 of the Financial Services (Banking Reform) Act 2013 (FSBRA) to prepare and maintain an MoU on their functions in the regulation of the payments sector.

Payment Services and Payment Accounts (Contract Termination) (Amendment) Regulations 2025 published

On 13 June 2025, the Payment Services and Payment Accounts (Contract Termination) (Amendment) Regulations 2025 (SI 2025/688) were published on legislation.gov.uk, together with an explanatory memorandum.

The Regulations will amend regulation 51 of the Payment Services Regulations 2017 (SI 2017/752) (PSRs 2017) and introduce new regulations 51A to 51D. These changes apply to framework contracts for payment services concluded for an indefinite period and entered into on or after 28 April 2026 (when the Regulations come into force). They include:

• extending the minimum notice period for contract terminations from two months to 90 days

• requiring PSPs to provide sufficiently detailed and specific explanations for contract termination so payment service users can understand why their contract is being terminated

• informing payment service users of any right they may have to complain to the Financial Ombudsman Service (FOS).

Certain exceptions are provided for in the Regulations (for example, to enable PSPs to comply with their financial crime obligations). Amendments will also be made to regulations 25 and 26 of the Payment Accounts Regulations 2015 (SI 2015/2038) (PARs 2015). These changes bring the notice period and requirements to give reasons applicable to framework contracts for accounts with basic features into line with the new requirements in the PSRs 2017.

The FCA will update the guidance relating to contract terminations in its Payment Services and Electronic Money Approach Document to reflect the legislative changes. We covered the draft Regulations in an April 2025 article. The Regulations were made on 12 June 2025 and come into force on 28 April 2026.

EU payments legislation update

Comparison tables on trialogue negotiating positions on proposed PSD3 and PSR

On 30 June 2025, the Council of the EU published working documents from the General Secretariat about trialogue negotiations connected to the legislative proposal relating to the proposed Directive on payment services and electronic money services in the internal market (PSD3) and the proposed Payment Services Regulation (PSR).

The working documents contain:

• A comparison table comparing the negotiating positions taken by the European Commission, the Council and the European Parliament on the proposed Directive on payment services and electronic money services in the internal market (PSD3).

• A comparison table comparing the negotiating positions taken by the European Commission, the Council and the European Parliament on the proposed Regulation on payment services in the internal market (PSR).

The Council of the EU and the European Parliament have agreed their respective negotiating positions on the legislation - see below.

Council of EU compromise proposals on proposed PSD3 and PSR

On 13 June 2025, the Council of the EU published the following compromise proposals on the proposed Directive on payment services and electronic money services in the internal market (PSD3) and the proposed Payment Services Regulation (PSR):

• Proposed text for PSD3 (10176/25).

• Proposed text for PSR (10268/25).

The Council has also published an "I" item note (10175/25) from its General Secretariat of the Council inviting the Permanent Representatives Committee (COREPER) to adopt these proposed texts as its negotiating mandate ahead of trialogue negotiations with the European Parliament.

FCA proposes changes to consumer credit data returns

On 6 June 2025, the FCA published its 48th quarterly consultation paper (CP25/16). In the consultation paper, the FCA proposes the following amendments to consumer credit data returns. 

• Change the timing of work relating to consumer credit data returns so that, for an interim period, limited permission firms in scope of CCR009 will have to submit data to the FCA on relevant activities across two returns (that is, CCR007 and CCR009). This will mean that for those firms, the reporting period and due date of the submissions will be the same for both returns, aligning with the new calendar year and removing the dual reporting requirements. 

• Amend the scheduling of the CCR007 return to align with the new calendar year reporting, including the requirements for publishing complaints for limited permission firms as set out in DISP.

• End CCR002, CCR003, CCR006 and CCR007 returns to remove dual reporting requirements on firms. The FCA notes it has decided to delay the introduction of any further returns to ensure any burden on firms is proportionate and to assess the value and impact of these changes.

These changes follow publication of a May 2025 policy statement (PS25/3), which we covered in last month's edition of FinTech Matters. 

The proposals will not impact any submissions due in 2025, which should continue to be reported as expected. For any submission that relates to an accounting year that ends in 2026 and any subsequent years going forward, the submission will be due following the end of the calendar year. The changes will come into force from 1 January 2026.

The deadline for comments on the proposals is 14 July 2025.

Motor finance update

Barclays car finance appeal must wait for Supreme Court ruling 

On 1 July 2025, the Court of Appeal decided that Barclays' application to overturn a ruling by the Financial Ombudsman Service (FOS) on motor finance commissions should be delayed until after the Supreme Court delivers its judgment on the Court of Appeal decision in Johnson v FirstRand Bank Ltd (London Branch) (t/a MotoNovo Finance) [2024] EWCA Civ 1282, which is expected to be later this month.

Justice Stephen Males said that it was "necessary to know what the Supreme Court is going to decide" for Barclays' challenge "to be heard on the appropriate legal basis."

The Court decided to postpone the hearing to an available date from September on an expedited basis.

The FCA is intervening in both motor finance cases and is considering implementing a redress scheme – see below.

FCA statement on key considerations for implementing motor finance consumer redress scheme

On 5 June 2025, the FCA published a statement on its key considerations in implementing a possible motor finance consumer redress scheme.
Following the outcome of the Supreme Court judgment on the Court of Appeal decision in Johnson v FirstRand Bank Ltd (London Branch) (t/a MotoNovo Finance) [2024] EWCA Civ 1282, the FCA is likely to consult on an industry-wide consumer redress scheme if it concludes motor finance customers have lost out from the failing of firms.

In the statement, the FCA sets out the issues concerning the potential design of such a scheme, including:

• Principles. The FCA would be guided by principles in the scheme's design, including comprehensiveness, fairness, certainty, simplicity and cost effectiveness, timeliness, transparency and market integrity. It notes that there may be tensions between some of these principles and the FCA will need to consider how to strike the right balance.

• Application. The FCA is considering whether the scheme should be opt-out or opt-in. Under an opt-in redress scheme, customers would have to confirm to the relevant firm by a certain date that they wish to be included. Under an opt-out redress scheme, customers are automatically included unless they opt out.

• Calculation of redress by firms. The FCA states that it has seen highly speculative redress figures from claims management companies (CMCs) and firms. In some cases, these were based on past decisions taken by the Financial Ombudsman Service (FOS). The FCA warns that it may take a different approach to calculating redress in any intervention, compared to the approach taken by the FOS. The FCA emphasises that any redress scheme must be fair to consumers who have lost out and ensure the integrity of the motor finance market.

The Supreme Court is expected to deliver its judgment later in July 2025. The FCA intends to confirm within six weeks of the Supreme Court judgment whether it will introduce a redress scheme, with details of timings for the publication of a consultation paper on the scheme. The implementation date for the scheme is expected to be in 2026.

FCA speech outlines industry response to new AI Live Testing service

On 1 July 2025, the FCA published a speech given by Jessica Rusu, FCA Chief Data, Information and Intelligence Officer, on harnessing AI and technology to deliver the FCA's 2025 strategic priorities.

Rusu explained that the FCA wants the UK to be a global hub for responsible AI adoption, which can be achieved by the FCA and financial services industry working together. 

In addition to referring to the FCA's new Supercharged Sandbox (see below), she also spoke about the FCA's new AI Live Testing service:

• The FCA has had 70 responses to its April 2025 engagement paper, and applications for AI Live Testing will go live in week commencing 7 July 2025.

• Firms view AI Live Testing as a valuable opportunity to support innovation across a range of use cases and firm type, and want access to synthetic data, shared tools and AI evaluation techniques to help encourage experimentation.

• One theme highlighted is the question around regulatory uncertainty, which firms have expressed concerns about, and the impact this has on firms innovating with AI. The FCA believes the existing frameworks, such as the Senior Managers Regime (SMR) and the Consumer Duty, give it oversight of AI in financial services and there is no need for new rules. Avoiding new regulation allows the FCA to remain nimble and responsive as technology and markets change.

• The FCA recognises that where technology creates opportunity, it can also create the opportunity for abuse. Firms that are concerned about the AI they want to develop should talk to the FCA.

FCA launches Supercharged Sandbox to support AI innovation

On 9 June 2025, the FCA published a press release announcing that it has launched a Supercharged Sandbox to help firms experiment safely with AI and speed up innovation.

The Supercharged Sandbox is open to any financial services firm who are in the discovery and experiment phase with AI. The FCA is collaborating with NVIDIA to enhance its Digital Sandbox by providing firms with access to greater computing capabilities, enhanced datasets and more advanced tooling.

The FCA has updated its AI Lab webpage to include a section on the Supercharged Sandbox and an application link. The deadline for applications is 11 August 2025. Application results will be communicated by 16 September 2025. The Supercharged Sandbox will be open between 30 September 2025 and 9 January 2026. The FCA will hold an in-person demo day in January 2026.

Further information is in the participation pack and the FCA explains that an application should demonstrate that a firm's project:

• is at an early stage of development, focused on proofs of concept, prototypes or early validation

• is clearly relevant to financial services, including (but not limited to) consumer products, regulatory compliance solutions, operational enhancements or risk management tools

• offers a genuinely innovative approach, proposing new methods, techniques or applications of AI to address financial services challenges.

ESMA working paper on leveraging large language models in finance

On 4 June 2025, ESMA published a report on large language models (LLMs), which summarises and builds on a June 2024 workshop involving 38 technology and financial experts. The report gives an overview of the current use of LLMs and their nascent application in the finance industry, the potential harms associated with their use, possibilities to facilitate their trustworthy adoption and the current and future regulatory framework. 

85% of respondents in the workshop indicated that their organisation already uses LLMs, with half of those respondents using LLMs provided by third parties and developed on a closed-source model. The report identifies four main areas as having the greatest potential for LLM application in financial decision-making processes:

• Public communication and customer engagement. This includes financial communications to the public (eg simplifying technical jargon) and customer service.

• Financial services safety. This includes fraud detection and prevention, market and trade surveillance and financial product risk assessment.

• Financial insight generation. Market surveillance and insights related to markets, business finance data, personal investment and ESG assessment. 

• Financing and investment activities. Asset management, investment banking, treasury optimisation, private equity and venture capital strategy development.

Most workshop participants agreed that LLMs would be adopted by their firm within the next two years and would augment the capabilities of experts rather than replace them.

The risks from integrating AI systems deep into financial businesses can emerge at various levels, including data, models and governance. The report discusses practical challenges and mitigation approaches, including:

• Robustness: Reliability and reproducibility are critical in identifying, reducing and mitigating hallucinations and other unexpected outputs.

• Data dependency and asymmetry: Regulations around data anonymisation and access could help mitigate asymmetry. Proposals include creating systems akin to open banking and allowing controlled data access.

• Security and privacy: Protecting against unauthorised access and use, the ability to maintain functionality and recover from disruptions, and protect individual privacy throughout the lifecycle (eg by minimising data collection and ensuring data storage is secure).

• Fairness and bias: Evaluating how outcomes of services can differentially affect members of distinct socioeconomic groups, and how biases in data and algorithms interact with human decision-making throughout the AI lifecycle.

• Accountability and explainability: A vital concept in AI governance, consisting of ensuring that clear lines of responsibility exist for AI system decisions and outcomes.

FCA research note on using AI for consumer guidance

On 30 May 2025, the FCA published a research note on lessons from two large language model (LLM) pilots focused on consumer guidance, with annexes to the note published separately.

The note examines the potential usefulness and limitations of LLMs in consumer-facing contexts in financial services. Simplification use cases were chosen given the low level of financial literacy and numeracy among the general UK population. One pilot focused on simplifying financial concepts and GPT-3.5 and GPT-4 were asked to generate simplified definitions of complex financial terms. The second focused on providing consumer guidance on the features of one type of cash savings product.

The main lessons learned were as follows:

• LLMs demonstrate strong potential in simplifying complex information, enhancing readability and accessibility. However, validating their outputs requires a robust evaluation framework that combines human judgement with automated tools.

• The effectiveness of LLMs is context dependent. Outcomes (such as customer comprehension and engagement) are influenced by how and where an LLM is used and incorporated within a customer journey.

• There is a clear appetite for AI-driven assistance. Many users responded positively to automated support, indicating a readiness to engage with intelligent systems in decision-making processes.

The research concludes that there are important opportunities to provide effective and tailored support with AI. For example, this could include providing financial guidance, tailored explanations of financial concepts or agent-based chatbots for resolving complex consumer queries. However, careful testing is important and there is still a lot to learn about how to use AI with consumers.

The FCA will be conducting pilots of AI models with firms. It remains engaged with the idea of testing and welcomes potential pilots on questions similar to those covered in the note.

Delegated Regulation on RTS on sub-contracting ICT services supporting critical and important functions under DORA published in OJ

On 2 July 2025, Commission Delegated Regulation (EU) 2025/532 was published in the Official Journal of the European Union (OJ). It contains regulatory technical standards (RTS) specifying the elements that a financial entity must determine when sub-contracting ICT services supporting critical or important functions. 

The RTS, which reflect a mandate under Article 30(5) of DORA, cover:

• proportionality and the application of the requirements within groups

• due diligence and risk assessment obligations that apply to financial entities when they use sub-contractors that support critical or important functions

• requirements relating to the conditions under which ICT services supporting critical or important functions may be sub-contracted and the terms of the contractual arrangements between the financial entity and the ICT third party service provider

• what happens when material changes are made to sub-contracting arrangements of ICT services supporting critical or important functions

• the financial entity's right to terminate the contract with the ICT third-party service provider in certain situations.

The Delegated Regulation will enter into force on 22 July 2025, 20 days after its publication in the OJ. 

Building cyber resilience in the financial sector

Cyber security remains a growing risk for financial services. In this article, we explore the key lessons for central banks, regulators and policymakers from two cyber security surveys of the International Monetary Fund.

Delegated Regulation on RTS on threat-led penetration testing under DORA published in OJ

On 18 June 2025, Commission Delegated Regulation (EU) 2025/1190 was published in the OJ. It contains RTS on threat-led penetration testing (TLPT), supplementing the Regulation on digital operational resilience for the financial sector (DORA).

The RTS, which reflect a mandate in Article 26(11) of DORA, set out:

• criteria for the identification of financial entities required to perform TLPT

• requirements relating to testing scope, testing methodology and the results of TLPT, including the testing process

• requirements and standards governing the use of internal testers

• rules on supervisory and other co-operation needed for the implementation of TLPT and for mutual recognition of testing.

The Delegated Regulation will come into force on 8 July 2025, 20 days after publication in the OJ.

ESMA principles for third-party risks supervision

On 12 June 2025, ESMA published a document setting out its principles on third-party risks supervision.

ESMA recognises that the use of third-party services may bring benefits to an entity, such as new or higher quality services, dedicated expertise and reduced costs arising from economies of scale. However, deciding to use a third-party may also bring third-party risks such as a loss of control, non-compliance with regulatory provisions and reduced operational resilience.

ESMA has developed 14 principles to address the growing risks associated with the use of outsourcing, delegation or other types of third-party services by supervised firms. The principles are intended to provide a common supervisory basis to national competent authorities (NCAs) and ESMA, enhancing the robustness of supervisory frameworks and helping supervised entities understand and manage third-party risks. They focus on critical activities. The term "critical" means any term used in relevant sectoral legislation or any situation assessed by the entity or by the supervisor to identify activities or functions where a defect would materially impair the entity's compliance, financial performance, soundness or continuity.

The principles take account of and are consistent with established international standards (such as those of the Financial Stability Board (FSB), International Organization of Securities Commissions (IOSCO) and the Basel Committee on Banking Supervision (BCBS).

FCA decision to ban former Barclays Bank CEO upheld (Upper Tribunal)

On 26 June 2025, the Upper Tribunal (Tax and Chancery Chamber) upheld the FCA's May 2023 decision to ban James Edward Staley (known as Jes Staley), former Barclays Bank plc CEO, from holding senior management roles in the financial services industry.

The FCA considered that Mr Staley had recklessly and with a lack of integrity approved a letter it received from Barclays in October 2019 that contained misleading statements as to the nature of his relationship with Jeffrey Epstein and when they were last in contact.

As a consequence, he was in breach of:

• Individual Conduct Rule 1 (requirement to act with integrity)

• Individual Conduct Rule 3 (requirement to be open and cooperative with the FCA, the PRA and other regulators)

• Senior Manager Conduct Rule 4 (requirement to disclose appropriately any information of which the FCA or PRA would reasonably expect notice).

In particular, the Tribunal found that:

• It is self-evident the statements were significant to the fitness and propriety of Mr Staley and so were material to the FCA.

• The statements were misleading.

• Mr Staley knew the statements were inaccurate.

• It is not credible Mr Staley did not think the letter would mislead the FCA. It was obvious to him there was a risk that it would.

The Tribunal considered that the case is sufficiently strong to justify the sanctions the FCA is seeking purely on the basis of Mr Staley having acted without integrity in approving the statements in the letter. However, it reduced the FCA's proposed fine from £1.8 million to £1.1 million as, after the FCA issued its decision notice, Barclays decided not to permit Mr Staley to receive deferred shares to which he could have been entitled.

The FCA's statement on the Tribunal decision can be found here.

FCA leads international campaign against finfluencers using illegal financial promotions

On 6 June 2025, the FCA issued a press release announcing it has led an international campaign against finfluencers that use illegal financial promotions.

The FCA led and participated in a "global week of action against unlawful influencers" with regulators in Australia, Canada, Hong Kong, Italy and the United Arab Emirates. The regulatory action occurred because there are concerns that some finfluencers sell products or services illegally and without authorisation through online videos and posts, where they use the pretence of a lavish lifestyle, often falsely, to promote success. The term finfluencers refers to social media personalities who use their platforms to promote financial products and share insights and advice with followers.

In the UK, the FCA has:

• made three arrests with the support of the City of London Police and authorised criminal proceedings against three individuals

• invited four finfluencers for interview

• sent seven cease and desist letters

• issued 50 warning alerts. The warning alerts will result in over 650 take down requests on social media platforms and more than 50 websites operated by unauthorised finfluencers.

Final updated version of FCA's PEP guidance

On 7 July 2025, the FCA published its finalised guidance (FG25/3) on the treatment of politically exposed persons (PEPs) for anti-money laundering (AML) purposes, which updates the July 2017 version of the PEP guidance.

It provides a summary of feedback to the FCA's July 2024 consultation on amending the PEP guidance and the FCA's response. The FCA has:

• clarified that non-executive board members of civil service departments in the UK should not be treated as PEPs solely for that reason

• made minor changes to senior management approval for signing off business relationships with PEPs, family members or known close associates 

• clarified that a firm's Money Laundering Reporting Officer (MLRO) should retain oversight of the overall PEP compliance process but need not be involved in the opening of the business relationship provided a suitably senior person signs this off

• made minor amendments to the definition of a PEP, including the addition of a link to a government list of international organisations to help firms decide whether someone is a director, deputy director or board member of an international organisation.

The finalised guidance is set out in Annex 1 of FG25/3.

FATF targeted update on implementation of standards on virtual assets and virtual asset service providers

On 26 June 2025, the Financial Action Task Force (FATF) published a targeted update on the implementation of its standards on virtual assets (VAs) (also known as cryptoassets) and virtual asset service providers (VASPs) (also known as cryptoasset service providers (CASPs)).

It sets out the findings from the FATF's assessment of jurisdictions' compliance with recommendation 15 on new technologies (R.15) and its interpretative note (INR.15), as well as recommendation 16 on payment transparency (R.16) (known as the "travel rule") and the related interpretative note (INR.16).

Overall, jurisdictions (including those with materially-important VASP activity) have made progress since 2024 on developing or implementing anti-money laundering (AML) and counter-terrorist financing (CTF) regulations, and taking supervisory and enforcement actions. However, they continue to face challenges in assessing risks associated with VAs and VASPs and implementing appropriate mitigating measures.

99 jurisdictions have passed, or are in the process of passing, legislation implementing R.16, which ensures transparency of information around cross-border payments. The update sets out key areas for improvement and recommendations for both public and private sectors to better address persistent and significant threats.

Alongside the targeted update, the FATF published a report on best practices on travel rule supervision. It sets out good practices such as reinforcing risk understanding ahead of implementation, using thematic reviews in the pre-implementation phase, setting clear regulatory expectations, building a risk-based supervisory lifecycle and engaging with the private sector.

Revised FATF recommendations increase cross-border payment transparency

On 18 June 2025, the FATF published an updated version of its anti-money laundering (AML) and counter-terrorist financing (CTF) recommendations, which increases the transparency of cross-border payments to better detect financial crime.

The FATF has revised recommendation 16 (Wire transfers) (R 16) (known as the "travel rule"), the related interpretative note (INR 16) and the Glossary to reflect changes in payment business models and messaging standards.

The revisions were agreed at the FATF's June 2025 plenary. The FATF believes they will ensure the consistency of information required in payment messages. This will build a clearer picture of who is sending and receiving money, and also help to eliminate fraud and error impacting customers.

An explanatory note states that a transition period is needed before jurisdictions and the private sector can implement the revised R 16. Based on feedback to the second consultation, most respondents agreed on the end of 2030 as a realistic deadline for implementation. The FATF agrees and expects that most, or all, of the new requirements will be in effect by this date. For changes that may take longer to implement, the FATF will leverage on the creation of a public-private payment advisory group.

The FATF will continue to engage with stakeholders to ensure effective and harmonised implementation of the revised R 16. It will also develop guidance on payment transparency to facilitate consistent implementation of the revised R 16. The FATF expects to publish the guidance in late 2026.

European Commission adopts Delegated Regulation amending list of high-risk third countries under MLD4

On 10 June 2025, the European Commission adopted a Delegated Regulation (C(2025) 3815) to amend the list of high-risk third countries with strategic anti-money laundering (AML) and counter-terrorist financing (CTF) deficiencies produced under Article 9(2) of the Fourth Money Laundering Directive (MLD4). 

Under Article 9(2) of MLD4, the Commission is empowered to adopt delegated acts identifying high-risk third countries. Delegated Regulation (EU) 2016/1675 identifies those third countries that have strategic deficiencies in their AML and CTF regimes that pose significant threats to the financial system of the EU. The list of countries in that delegated act is amended periodically to take account of information from international organisations and standard setters in the field of AML and CTF, such as the Financial Action Task Force (FATF).

The Delegated Regulation will amend the Annex to Delegated Regulation (EU) 2016/1675 by:

• Adding Algeria, Angola, Côte d'Ivoire, Kenya, Laos, Lebanon, Monaco, Namibia, Nepal and Venezuela to the table in point I of the Annex as they are currently considered third-country jurisdictions that have strategic deficiencies in their AML and CTF regimes, which pose significant threats to the EU financial system. These jurisdictions have each made written high-level political commitments to address the identified deficiencies and developed action plans with the FATF. 

• Deleting Barbados, Gibraltar, Jamaica, Panama, the Philippines, Senegal, Uganda and the United Arab Emirates (UAE) from the list of third countries that were previously identified as having strategic AML and CTF deficiencies.

The Delegated Regulation will be submitted to the Council of the EU and the European Parliament for scrutiny. If neither objects, it will enter into force 20 days after publication in the Official Journal of the European Union.

The answer to last month's question: Unregulated Buy Now Pay Later products currently take advantage of Article 60F(2) of the Regulated Activities Order.

This month's question: How many regulators were involved in the "global week of action against unlawful finfluencers":

• 6

• 9

• 7

• 4.