Government to meet with industry leaders

On 20 January 2025, HM Treasury published a press release announcing plans to host a series of Industry Forums with leaders across key financial services sub-sectors including retail banking and FinTech to inform the development of the first Financial Services Growth and Competitiveness Strategy. The Strategy aims to foster growth in the financial services sector, a key part of the government’s broader Plan for Change to boost the economy and increase prosperity. Financial services has been identified as a crucial growth sector in the government’s Modern Industrial Strategy.

The Industry Forums will build on the government’s Call for Evidence to inform the Strategy, which closed in December 2024, and together with further engagement at official and ministerial levels, will ensure the Strategy addresses the most critical issues facing the sector.

FCA letter to Prime Minister outlining approach to ensure support of growth 

On 17 January 2025, the FCA published a letter from Nikhil Rathi, its Chief Executive, to the Prime Minister Sir Kier Starmer, the Chancellor of the Exchequer and the Secretary of State, outlining its work to ensure that it is supporting the government's UK growth mission.

The areas addressed by the FCA include:

• Accelerating digital innovation to improve productivity: The FCA proposes removing the £100 contactless payment limit to increase customer flexibility and level the playing field with digital wallets. It also suggests government support in this area by introducing digital identity authentication, improving the Companies House database to reduce costs for business, and digitalising court systems to reduce delays.

• Reducing the regulatory burden: The FCA plans to simplify responsible lending and mortgage advice rules, support homeownership, and review consumer protection consultations to assess if the Consumer Duty is sufficient. It also proposes reducing anti-money laundering (AML) compliance costs by relaxing know-your-customer requirements for small transactions.

• Facilitating firm start-ups: The FCA aims to speed up the authorisation process for firms, noting that some innovative start-ups struggle to meet all the threshold conditions immediately. It seeks to work with HM Treasury to create a legislative framework allowing these firms to carry out limited regulated activities under streamlined conditions.

• Certainty and predictability: To boost business and investor confidence, the FCA is exploring reforms to the redress framework, aiming to prevent further large-scale consumer redress exercises, which may require legislation.

The FCA concludes that, by enabling more risk-taking, it must prioritise resources and accept that some failure will occur. 

BIS Innovation Hub work programme for 2025-26

On 14 January 2025, the Bank for International Settlements (BIS) updated its Innovation Hub webpage to outline the Innovation Hub's work programme for 2025-26.

As of early 2025, the Innovation Hub is managing 26 active projects and has completed 31 projects since its launch in 2019. In 2024, the BIS initiated 16 new projects (see our February 2024 update).

Key highlights for 2025-26 include:

• enhancing horizon scanning to identify impactful financial technology trends and developments 

• exploring synergies across projects and themes to develop solutions supporting central banks in their core responsibilities: money provision, monetary policy, payments infrastructure, financial stability, and regulation and supervision

• launching two new AI-driven projects: Project AISE (AI Supervisor Enhancer) aims to develop a virtual assistant to automate tasks and enhance financial supervision, while Project Gaia will build on an already developed proof of concept, which addressed the specific use case of climate-related risk analysis, by extending it to other uses cases in and beyond the area of green finance.

• advancing ongoing projects, like Project Agora, where seven central banks partners and over 40 private sector financial institutions are exploring how tokenisation can enhance wholesale cross-border payments

• exploring central bank community-driven ecosystems in the creation of code and other solutions that can add value to central banking.

BIS notes that project implementation decisions rests with partner central banks. In 2024, two significant projects were transitioned to central banks.

FMSB workplan for 2025

On 14 January 2025, the Financial Markets Standards Board (FMSB) published its workplan for 2025. The plan outlines current and potential work streams across FMSB's five committees:

• Market practices: Work in progress relates to pre-hedging, grey market trading and carbon markets. Potential work concerns topics including price discovery in illiquid swaps securities and private market valuations.

• Electronic trading and technology: FMSB is currently considering AI use cases in financial services, focusing on internal productivity and efficiency. It also plans to review auto pre-hedging in 2025. This is where liquidity providers systematically pre-hedge on receipt of a client request and before responding to the client with a price.

• ESG: The committee plans to meet in Q1 2025 to determine its focus areas for the year.

• Conduct and ethics: FMSB refers to its recently published statement of good practice for front office supervision of wholesale traded markets. In 2025, it intends to consider issues relating to non-financial misconduct.

• Post-trade: In 2025 the focus will be on expanding client onboarding applications by jurisdiction and client type.

These topics aim to bridge the gap between regulation and market developments and promote international market standard convergence. The outputs focus on behaviour in wholesale financial markets and addresses either conduct or operational issues that impact the fairness and effectiveness of wholesale financial markets.

MiCA updates

ESMA supervisory briefing on authorisation of CASPs under MiCA

On 31 January 2025, ESMA published a supervisory briefing outlining expectations on applicant cryptoasset service providers (CASPs) and national competent authorities (NCAs) when they are processing authorisation requests under the Regulation on markets in cryptoassets (MiCA).

The briefing contains guidance on matters including the following:

• Substance and governance: CASPs must meet core governance standards, including compliance and risk functions of CASPs and when it is acceptable to use staff outside the country of authorisation and factors to determine if a CASP has sufficient local autonomy.

• Outsourcing: The guidance sets principles for outsourcing, ensuring it doesn't result in the delegation of responsibility by the CASP. NCAs should refer to the requirements under the Regulation on digital operational resilience for the financial sector where ICT services are involved.

• Fit and proper assessment: As part of the core principles, the guidance states that the complexity and relevance of the CASP in the overall crypto ecosystem should be considered when assessing individual and collective suitability. NCAs should investigate previous supervisory violations.

• Business plan: CASPs must submit realistic business plans based on current activities. NCAs should ensure CASPs assess the impact of potential revenue shortfalls on their operations.

• Notifications: NCAs should ensure clients can identify, in national registers or in a dedicated section of the NCA's official website, that an entity is allowed to provide cryptoasset services (either as a MiCA authorised entity or through a notification).

NCAs are expected to apply the principles during the authorisation process and ensure ongoing compliance for authorised CASPs.

ESMA opinion on draft RTS on conflicts of interest for CASPs under MiCA 

On 24 January 2025, ESMA published an opinion on draft regulatory technical standards (RTS) specifying certain requirements relating to conflicts of interest for cryptoasset service providers (CASPs) under Article 72 of the Regulation on markets in cryptoassets (MiCA).

ESMA submitted its final report with final draft RTS to the European Commission in May 2024. In November 2024, the Commission sent a letter to ESMA expressing plans to adopt the draft RTS with amendments and requested the ESMA submit a new draft of the RTS reflecting the proposed amendments.

Under Article 10(1) of the ESMA Regulation, ESMA must amend and resubmit the RTS within six weeks of receiving the Commission’s letter.
In the opinion, ESMA suggests minor changes to the amendments proposed by the Commission, aiming to balance investor protection, financial stability and innovation.

ESMA’s proposed changes are outlined in Section 3 of the opinion and reflected in the amended draft RTS in the Annex.

The Commission may adopt or reject the RTS. If the RTS are adopted, the European Parliament and the Council of the EU have three months to object the relevant Delegated Regulation.

ESMA statement on non-MiCA compliant ARTs and EMTs 

On 17 January 2025, ESMA published a statement on the provision of certain cryptoasset services in relation to asset-referenced tokens (ARTs) and electronic money tokens (EMTs) that are non-compliant under the Regulation on markets in cryptoassets (MiCA). The European Commission also published a Q&A to guide cryptoasset service providers (CASPs) on compliance with MiCA's Titles III and IV, clarifying that certain cryptoasset services may require public offerings or trading admissions in the EU.

ESMA emphasised the importance of national competent authorities (NCAs) assisting CASPs in this transition. To avoid market disruptions, NCAs must ensure CASPs comply with MiCA by the end of Q1 2025. CASPs operating cryptoasset trading platforms must stop offering non-MiCA compliant ARTs and EMTs unless the issuer is authorised in the EU. CASPs unsure about classification should consult their NCA for clarification.

CASPs providing services that amount to offering to the public or seeking admission to trading are expected to prioritise restricting existing services when they facilitate the acquisition of non-MiCA compliant ARTs and EMTs. They should also avoid entering into new products and offering services involving non-MiCA compliant ARTs and EMTs. Restrictions on existing services should be completed by the end of January 2025.

To allow EU investors to liquidate or convert non-compliant ARTs and EMTs, CASPs may offer "sell only" services until the end of Q1 2025. CASPs should also inform investors about the impact of MiCA on non-compliant tokens and implement measures to help with liquidation or conversion to MiCA-compliant alternatives. CASPs are also expected to implement technical procedures and initiatives to facilitate the liquidation of EU investors' holdings in non-MiCA compliant ARTs and EMTs or their conversion into MiCA-compliant alternatives.

EBA and ESMA joint report on recent developments in cryptoassets

On 16 January 2025, the EBA and ESMA published a joint report on recent developments in cryptoassets under the Regulation on markets in cryptoassets (MiCA).

Article 142 of MiCA requires the European Commission, after consulting the EBA and ESMA, to submit a report to the European Parliament and Council of EU on cryptoassets developments. In February 2024, the Commission requested that the EBA and ESMA provide a contribution focusing on certain elements related to Decentralised Finance (DeFi) and the lending and borrowing of cryptoassets, including staking. The report represents this contribution.

Key points include:

• DeFi remains niche, with 4% of global cryptoasset market value locked in DeFi protocols. Whilst EU adoption is higher than the global average, it lags behind other developed countries like the US and South Korea.

• DeFi hacks and the value of stolen cryptoassets generally correlates with the DeFi market size. DeFi protocols present significant risks of money laundering (ML) and terrorist financing (TF), with decentralised exchanges representing 10% of global spot trading volumes. The lack of anti-money laundering and counter terrorist financing controls and the cross-border nature of transactions heighten these risks.

• Crypto lending, borrowing and staking services are offered by several cryptoasset service providers (CASPs) in EU jurisdictions, but engagement from EU consumers and financial institutions is limited. The report outlines and assesses the specific risks associated with each of these services, such as excessive leverage, information asymmetries, exposure to ML and TF risks, and systemic risks arising from re-hypothecation and collateral chains, procyclicality, and interconnectedness. No immediate financial stability risks have been identified.

The EBA and ESMA will continue to assess market developments as part of their ongoing mandate to monitor innovative activities in the EU banking, payments and securities sectors.

ESMA: Factsheets

On 24 January 2025, the European Securities and Markets Authority (ESMA) published factsheets on recent developments in cryptoassets:

• Factsheet on crypto lending and staking and its accompanying webpage.

• Factsheet on Decentralised Finance (DeFi) and its accompanying webpage.

Financial Services and Markets Act 2023 (Digital Securities Sandbox) (Amendment) Regulations 2025 published

On 30 January 2025, the Financial Services and Markets Act 2023 (Digital Securities Sandbox) (Amendment) Regulations 2025 were published, alongside an explanatory memorandum amending the Financial Services and Markets Act 2023 (Digital Securities Sandbox) Regulations 2023 (the DSS Regulations).

These amendments temporarily disapply certain provisions of the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (MLRs 2017) in relation to cryptoassets and activities within the scope of the DSS. A new fifth table has been added to the DSS Regulations to specify which legislation is modified, disapplied, or applied to entities in the DSS.

The DSS framework, which is overseen by the Bank of England (BoE) and the FCA, allows firms and regulators to test developing technologies such as distributed ledger technology. Activities within the DSS scope include central securities depository (CSD) activities (such as notary, settlement, and maintenance) and the operation of trading venues like multilateral trading facilities (MTFs), organised trading facilities (OTFs), or recognised investment exchanges (RIEs).

The Regulations will come into force on 3 March 2025.

Crypto developments in the US

On 23 January 2025, the White House released an Executive Order titled "Strengthening American leadership in digital financial technology" (Order). The Order focuses on fostering innovation in digital assets, blockchain technology, and related sectors, while prioritising economic liberty, consumer protection, and national security.

The Order outlines several key policies:

• Support for digital assets: The US will promote responsible growth and use of digital assets, including blockchain networks, ensuring that individuals and private-sector entities can access these technologies for lawful purposes without persecution.

• Sovereignty of the US dollar: The Order seeks to protect the US dollar’s global position, advocating for the development of dollar-backed stablecoins.

• Access to banking services: The Order emphasises the importance of fair and open access to banking services for all law-abiding citizens and businesses.

• Regulatory clarity: The US will adopt technology-neutral regulations to support digital economy innovation whilst maintaining transparency and clear jurisdictional boundaries.

• Protection from central bank digital currencies (CBDCs): The Order takes a firm stance against the development of CBDCs, citing concerns over financial system stability, privacy, and US sovereignty. It prohibits the establishment, issuance, circulation, and use of CBDCs in the US.

It also establishes the President’s Working Group on Digital Asset Markets, which will be led by the Special Advisor for AI and Crypto, David Sacks. The group will include key government officials from agencies like the Treasury, the Justice Department, and the Securities and Exchange Commission (SEC). The group is tasked with identifying existing regulations that impact the digital asset sector and proposing a federal framework for regulating digital asset issuance and operations, including stablecoins.

Additionally, the Order calls for halting any ongoing CBDC initiatives and ensures public input through hearings and expert consultations will be part of the process.

For its part, the SEC has formed a Crypto Task Force, led by Commissioner, Hester M. Peirce. Peirce provided her personal thoughts on the Crypto Task Force in a statement published on 4 February 2025.

BoE design note on digital pound

On 14 January 2025, the Bank of England (BoE) published its first design note related to a possible digital pound.

The BoE will use design notes to set out its emerging thinking on specific topics related to a digital pound. The first design note lays out the BoE's initial thinking for a blueprint framework for a digital pound, the blueprint being one of the four workstreams in the digital pound design phase, alongside proofs of concept and experimentation, a "national conversation", and the assessment phase.

The blueprint aims to provide a comprehensive proposition for a digital pound, including technology, operational, ecosystem, commercial, regulatory and financial considerations. It also discusses the roles that both the BoE and the private sector could play in delivering it.

The BoE notes that no decision has been made on building a digital pound and design notes do not represent final policy or formal consultation proposals. The introduction of a digital pound would require public consultation and the introduction of primary legislation by government.

Feedback on the considerations set out in the design note, especially regarding the proposed components for the blueprint, is welcomed via email. The BoE also published a progress update summarising its work over the past year and will continue to publish minutes from industry forums, relevant research and policy outputs as the project progresses

FCA Dear CEO letter on key priorities for payment firms in 2025

On 03 February 2025, the FCA published a Dear CEO letter to payments firms, outlining three key priorities for the sector:

• Effective competition and innovation to meet customers’ needs, characteristics and objectives: The FCA highlights its Innovation Hub and encourages firms to attend its Tech and Policy Springs. It will monitor firms' implementation of the Consumer Duty, focusing on the clarity of foreign exchange (FX) pricing in payment services to ensure consumers can easily understand the price they pay for these services.

• Firms do not compromise financial system integrity: Tackling financial crime continues to be a top priority. Firms must have the necessary governance arrangements and systems and controls in place. The FCA emphasises its expectations regarding the PSR's reimbursement rules for APP fraud and its recent guidance on payment delays legislation. The FCA also reminds firms that the transition period for the new operational resilience rules ends on 31 March 2025, requiring firms to identify critical business services and set impact tolerances.

• Firms keep customers’ money safe: Firms must safeguard customers' funds in line with the guidance in the FCA's Approach Document. They are advised to stay updated on new interim rules, set to be finalised in mid-2025. The FCA also stresses the importance of effective prudential risk management and wind down planning.

The FCA stresses the importance of good governance, oversight and leadership in achieving these three outcomes. 

The FCA also highlighted two of its policy priorities:

• Open Banking: The FCA is progressing its work on Open Banking, focusing on the development of the Future Entity, the prevention of fraud, consumer protection, and the development of the long-term regulatory framework (LTRF). The LTRF will ensure the sustainability of the Open Banking ecosystem and will expand over time to include new Open Finance use cases. The FCA will prioritise its work on variable recurring payments as a pilot for rolling out wider Open Finance premium API use cases. It is also working with the Payment Systems Regulator (PSR) to deliver Phase 1 as soon as possible, while continuing its work on e-commerce uses.

• Strong Customer Authentication (SCA): The FCA will work with industry and other stakeholders on its approach to replacing SCA. This will include consideration of contactless limits.

PSR and BoE update CHAPS co-operation principles 

On 27 January 2025, the Payment Systems Regulator (PSR) published correspondence exchanged with the Bank of England (BoE) regarding updating the principles for ongoing co-operation and co-ordination on the CHAPS system operation.

The PSR sent a letter (dated 15 January 2025) to the BoE, which included a set of principles that were updated in 2024 following the introduction of the CHAPS reimbursement requirement.

The letter outlines how the PSR and BoE will share information and notify each other of proposed or potential changes to documents issued by the respective parties with regard to the CHAPS reimbursement requirement, by adding to the existing arrangements.

The PSR also set out the key steps required to ensure co-operation and co-ordination in relation to the CHAPS reimbursement requirement. These concern the following:

• Sharing compliance data that the BoE receives from CHAPS participants regarding authorised push payment (APP) scams.

• The BoE notifying the PSR of potential changes to the CHAPS reimbursement rules.

• The PSR notifying the BoE of any proposed or potential changes to specific direction 21, or any other regulatory change (such as those for the reimbursement arrangements for Faster Payments), that may affect CHAPS reimbursement rules and policy.

In the BoE's response (dated 22 January 2025), it agreed with the updated principles and supported key steps outlined by the PSR. The BoE has been delivering the CHAPS service since November 2017.

FCA and PSR set out next steps for open banking

On 23 January 2025, the FCA and the Payment Systems Regulator (PSR) published a press release outlining their next steps for open banking.

The regulators highlight the benefits of variable recurring payments, which allow consumers greater control over their regular payments by enabling them to manage how much can be paid at one time or over the course of a month, reducing the risk of unexpected expenditure. It will also increase competition in payment methods, which could help reduce processing fees.

As part of the next steps to deliver variable recurring payments, Open Banking Limited will play a key role in establishing an independent central operator to coordinate how variable recurring payments are made.

The regulators will continue to collaborate, overseen by a joint steering committee. They will work with industry and trade associations to make significant progress in 2025. This will include enabling consumers to make recurring payments to utility companies, government and financial services firms. Additionally, the regulators are focused on developing the commercial arrangements needed for both variable recurring payments and the use of open banking for e-commerce.

The regulators note that continued success in this area is critical for the UK, as outlined in the government's National Payments Vision (see our December 2024 update) and growth agenda. They confirm their full support to meet this challenge, as detailed in the FCA's January 2025 letter to the Prime Minister and the PSR's January 2025 strategy update.

FCA highlights the role of the Online Safety Act in tackling APP fraud

On 21 January 2025, Matthew Long, Director of Payments and Digital Assets at the FCA, discussed the UK's Online Safety Act's role in tackling APP fraud on tech platforms. For further detail on this see our article.

PSR five-year strategy update

On 16 January 2025, the Payment Systems Regulator (PSR) published a strategy update.

The PSR set out its five-year strategy in January 2022 and announced a mid-seat review in May 2024. The strategy update, along with a stakeholder engagement factsheet summarises feedback received and how it was addressed.

The PSR will focus on three core commitments for the remainder of the strategy term:

• Completing the important work underway that protects users and promotes competition and innovation. Key initiatives include fully embedding authorised push payment (APP) fraud reimbursement requirements, commissioning an independent review, and implementing outcomes from its card market reviews. It will work closely with the FCA on the overall framework for commercial Open Banking payments, particularly focusing on variable recurring payments.

• Advancing work with the Bank of England (BoE) to upgrade the Faster Payments system, reform of Pay.UK, and assess long term retail infrastructure needs.

• Sharpening the PSR's focus on competition and innovation in payments systems, supporting economic growth and enabling the ecosystem of the future.

In a related press release, the PSR states it will work more closely with the FCA, BoE and other authorities to deliver positive outcomes. It plans to deepen collaborations with other regulators. To strengthen alignment, the roles of the Managing Director of the PSR and FCA Executive Director of Payments and Digital Assets have been combined. This will further support the delivery of an innovative, safe and competitive payments sector into the future.

The review reflects trends in payments, the government's growth mission and the impact of the National Payments Vision (see our December 2024 update).

The PSR also responded to the government's call for regulators to support growth. This response outlines how the PSR intends to contribute to the UK's economic growth whilst fulfilling its statutory objectives.

Motor finance

Permission to appeal granted against judgment dismissing judicial review claim of FOS decision concerning motor finance discretionary commission arrangements (Administrative Court) 

On 28 January 2025, the Court of Appeal has updated its civil appeals case tracker to reflect that permission to appeal has been granted in R (Clydesdale Financial Services Ltd) v Financial Ombudsman Service Ltd [2024] EWHC 3237 (Admin). The appeal, with the case reference CA-2025-000102, was granted permission on 24 December 2024 and is scheduled to be heard by 8 December 2025.

In the initial judgment, the Administrative Court found in favour of the Financial Ombudsman Service (FOS), dismissing Clydesdale Financial Services (trading as Barclays Partner Finance) Ltd’s judicial review claim regarding a discretionary commission arrangement (DCA) in a motor finance agreement.

FCA's proposed summary grounds of intervention in support of application to intervene in Supreme Court motor finance appeals

On 20 January 2025, the FCA published its proposed summary grounds of intervention to support its application to intervene in the appeals against the Court of Appeal's decision in Johnson v FirstRand Bank Ltd (London Branch) t/a Motonovo Finance [2024] EWCA Civ 1282.

The Supreme Court will hear the three appeals (Hopcraft v Close Brothers Ltd, Johnson v FirstRand Bank Ltd and Wrench v FirstRand Bank Ltd) together, from 1 to 3 April 2025 (see our January 2025 update). These cases concern lender liability for secret and "half-secret" commissions paid by lenders to credit brokers in the motor finance sector.

The FCA seeks to assist the court by providing insight on:

• the proper approach to the interpretation of FCA rules and related legislation (including the Consumer Credit Act 1974 (CCA))

• the interaction between private law remedies and the regulatory framework

• the broader context of the motor finance and related consumer markets, including its market-wide investigatory work.

The FCA outlines its interest in the appeals in section B of the grounds. It explains the proposed scope of its submissions in section C.

The FCA seeks permission to intervene both in writing and orally for up to one hour in the three-day hearing. It aims not to duplicate the parties' arguments but provide independent submissions within its expertise.

The FCA thanks the court for its expeditious approach to handling the appeals and respectfully requests a prompt ruling on the intervention application to allow preparation of detailed submissions.

It has also been reported that the government has applied to intervene in the Supreme Case hearing given its concerns that the Court of Appeal ruling may adversely impact the motor finance industry and the wider economy.

FCA response to Financial Services Regulation Committee letter on motor finance judgment: January 2025

On 17 January 2025, the FCA published a letter that it has sent to the House of Lords Financial Services Regulation Committee regarding the Court of Appeal judgment on motor finance commission in Johnson v FirstRand Bank Ltd (London Branch) (t/a MotoNovo Finance) [2024] EWCA Civ 1282. The letter responds to the Committee's letter from December 2024.

The FCA confirms the relevant FCA rules and principles governing discretionary and fixed commissions. It notes that whilst its legal teams were heavily involved in the CONC rule changes introduced in 2021, the FCA did not seek legal advice on the relevance of fiduciary duties regarding commission disclosure and the ban of discretionary commission agreements (DCA).

Once the Supreme Court has settled the law in this area, the FCA will consider if any intervention is needed. This will include reviewing its rules to take account of the court's judgment. The letter also discusses the hearing between the FCA and the Committee on 22 January 2025 where the judgment was discussed.

The Supreme Court is scheduled to hear the appeal of the Court of Appeal decision between 1 and 3 April 2025 (see our January 2025 update).

FCA portfolio letter for credit reference agencies and credit information service providers: January 2025

On 10 January 2025, the FCA published a portfolio letter outlining its supervisory strategy for credit reference agencies (CRAs) and credit information service providers (CISPs). The priority areas for the next two years are:

• Embedding the Consumer Duty: The FCA has concerns that raising a data dispute or complaint can be difficult for consumers. It plans to assess firm's compliant practices and the actions they have taken under the duty to improve outcomes. The FCA will continue to evaluate how firms meet the price and value outcome.

• Cyber resilience: Firms should stay vigilant to technological advances and emerging threats, regularly reviewing systems and controls, and oversight arrangements, to identify vulnerabilities and weaknesses.

• Financial resilience: Firms should regularly review their capital and liquidity to ensure that they have the financial resilience to withstand a range of stress-tested scenarios. Firms should proactively engage with the FCA as soon as possible if emerging liquidity or capital risks are identified. Given the current economic environment, the FCA strongly recommends that firms have detailed, up-to-date wind-down plans in place, even where they believe they have adequate financial resources, as circumstances can quickly change.

• Credit information market study: Once the new Credit Reporting Governance Body is established, the FCA expects firms to support its work. Firms should also ensure their consumer-facing information about statutory credit reports meet the FCA's expectations under the consumer understanding outcome of the Consumer Duty. A consultation paper on mandatory data sharing between CRAs and CISPs will be published in due course.

Firms are expected to consider how these issues apply to their business and take appropriate action, including discussing the letter with directors and board members, and agreeing actions to ensure the firm complies with the FCA's requirements.

Reframing our relationship with risk: consumer-led sustainable growth

On 22 January 2025, the FCA published a speech by Emily Shepperd, its Chief Operating Officer, delivered at the 2025 Risk Leader Summit hosted by the Professional Risk Managers International Association in London. The speech highlighted the critical role risk managers play in driving consumer-led sustainable growth, focusing particularly on the Consumer Duty and its alignment with the FCA’s upcoming strategy.

Key points include:

• Consumer Duty as a framework for growth and resilience: Shepperd outlined how the Consumer Duty is designed to set high standards of protection and put consumers’ needs first. By prioritising consumer outcomes, firms can build trust, safeguard their reputations, and boost operational resilience. These efforts ultimately reduce the risk of costly redress and foster a more competitive financial market. Since the FCA's 2024 review, savers have seen improved rates, with easy access rates rising to 2.11% in June, generating £4 billion in annual interest. This demonstrates how the Duty can create value for all involved.

• Strategy 25: Resilience and Growth Hand in Hand: The FCA's upcoming strategy (2025-2030) will focus on helping consumers make informed financial decisions and improving their resilience, supporting economic growth, tackling financial crime and enhancing operational effectiveness.

• The intersection of consumer protection and growth: Shepperd argues that consumer protection and growth are mutually reinforcing. Confident, informed consumers drive market innovation and growth, whilst growth promotes healthy competition and enhances financial inclusion.

• Risk management as a driver of progress: Shepperd addressed the critical role of risk management in balancing innovation with consumer protection. She stressed that firms must distinguish between ‘good’ risk, which drives innovation and new opportunities, and ‘bad’ risk, which is reckless and harmful to the financial system. The Consumer Duty provides a framework for firms to navigate this distinction and make strategic, thoughtful decisions.

Shepperd calls on risk managers to embrace their role in shaping a financial system that balances growth, innovation, and consumer protection.

Treasury Committee launches inquiry into AI in financial services

On 3 February 2025, the House of Commons Treasury Committee launched an inquiry into AI in financial services and issued a Call for Evidence.

The inquiry aims to explore how UK financial services can leverage AI opportunities, whilst mitigating risks to financial stability and protecting consumers.

The committee welcomes evidence on the following areas:

• current and future use of AI in financial services

• the extent to which AI can improve productivity in financial services

• risks to financial stability arising from AI and how they can be mitigated

• the benefits and risks to consumers arising from AI, particularly for vulnerable consumers

• how the government and financial regulators can balance AI innovation with consumer protection and financial stability.

The deadline for submissions is 17 March 2025.

UK Finance report on generative AI opportunities and risks in financial services

On 28 January 2025, UK Finance, in collaboration with Accenture, published a report on how generative AI (GenAI) is being used by financial services firms to enhance operations, improve customer engagement, and drive innovation, whilst managing risks.

The report highlights increasing investment in AI and the importance of responsible innovation in technology. It found that firms are benefitting from their investment in generative AI, and that ongoing collaboration with regulators, government and customers is crucial for continued innovation.

Key conclusions from the report include:

• Innovation in the sector has been careful and responsible, with use cases being implemented as risk mitigations develop. 

• Firms must balance emerging technology with evolving risk management and governance practices.

• Conservative use of GenAI has minimised environmental impact but scaling it will require a greater focus on sustainability.

• Firms should focus on education and awareness of their workforce, boards and customers to build trust and demonstrate responsible practices.

• Industry collaboration is key for responsible uptake, and the UK's flexible regulatory model should adapt to technological developments. Over time, guidance on specific AI issues may be needed. Industry bodies need to work with firms and regulators to facilitate knowledge sharing and identify emerging areas of regulatory uncertainty.

• Clarifying regulatory expectations and industry best practices on the roles of GenAI providers and firms will enhance consistency and efficiency. Similarly, best practices need to emerge around the information GenAI providers ought to make available to their customers for due diligence purposes.

The report concludes that ongoing collaboration with regulators, government, and customers is essential to foster further innovation in generative AI within the financial services sector.

GFIN report on use of consumer-facing AI in global financial services

On 27 January 2025, the Global Financial Innovation Network (GFIN) published a report on consumer-facing AI in global financial services and its implications on global financial innovation. The report is based on the GFIN AI Project, which was co-led by the FCA and the Dubai Financial Services Authority (DFSA) in 2024, exploring use cases like robo-advice and personalised finance.

GFIN members and affiliates shared their experiences in supporting the safe and beneficial adoption of AI, along with examples of regulatory approaches. Participants also discussed regulatory challenges and strategies for supporting responsible AI use in the sector. The report includes practical examples and approaches to consumer-facing AI provided by GFIN members and affiliates.

Key insights include:

• encouraging innovation to offer consumers better solutions

• innovative solutions for consumers should be explored, understood and the risks assessed as they evolve

• regulators need to strike a balance between encouraging innovation whilst ensuring the protection of consumers, firms and markets

• the importance of international collaboration for AI technologies.

Participants recommended creating a formal GFIN AI Working Group, with the potential to invite non-GFIN stakeholders to explore various AI topics.

The GFIN is considering this suggestion as it plans future steps for continued collaboration.

Government publishes response to House of Commons Committee report on governance of AI

On 10 January 2025, the government published its response to the House of Commons Science, Innovation and Technology Committee report on the governance of AI. This follows recommendations on AI governance made by the Science, Innovation and Technology Committee of the House of Commons (the Committee recommendations). The government agrees with the Committee's recommendation for specific AI legislation and outlines plans to:

• Introduce AI-specific legislation, following a consultation, to govern organisations developing frontier AI systems (the most powerful AI systems).

• Support regulators in developing sector-specific guidance, including through the newly established Regulatory Innovation Office (RIO) and other government advice services, such as the AI and Digital Hub. The RIO will help regulators update regulation, speed up approvals and promote coordination across regulatory bodies.

• Place the AI safety institute (AISI) on a statutory footing to strengthen its voluntary collaboration role with AI developers and support the international co-ordination of AI safety. The government established the Central AI Risk Function (CAIRF) within the Secretary of State for the Department of Science, Innovation, and Technology (DSIT) to work with AISI and help government departments reduce the likelihood and impact of AI-related risks.

The government also outlines various plans to support AI adoption and increase public trust. The government confirms its involvement in existing AI governance initiatives (such as public sector transparency and responsible AI practices) and in international AI safety activities and standards development. A consultation detailing legislative proposals for frontier AI will be published soon.

FCA research note on bias in natural language processing

On 9 January 2025, the FCA published a research note on a pilot study into bias in natural language processing (NLP).

The note presents the results of an investigation into biases in word embeddings highlighting the potential for machine learning models trained on human-generated text to perpetuate bias and spread discriminatory attitudes.

Key findings include:

• No single bias metric provides a comprehensive view of bias. Multiple measurement techniques odder a more nuanced understanding of how bias manifests in embeddings.

• Addressing bias in embeddings remains complex due to the inherent limitations of existing measurement and mitigation techniques, even when multiple metrics are used together. Bias is context-dependent and influenced by various linguistic and social factors, requiring systematic, context-specific evaluations in NLP applications.

• Post-processing techniques like "Hard Debiasing" are unreliable in completely removing bias.

The note suggests future research in this area focuses on bias measurement and mitigation techniques designed for contextual and sentence embedding models, as well as testing bias in final products. Engaging consumers and end-users in research efforts could provide valuable insights into how bias impacts their experiences with these technologies.

On a related webpage, the FCA notes that it is researching AI bias as part of its work to deepen its understanding of AI's impact on financial services. It is publishing a series of research notes on how AI intersects with financial services, drawing on a variety of academic and regulatory perspectives. The FCA hopes that these notes will interest model builders, financial firms and consumer groups in understanding complex debates on building and implementing AI systems.

In December 2024, the FCA published a research note on bias in supervised machine learning models (see our December 2024 update).

ESAs approve terms of reference for new EU-SCICF Forum under DORA

On 27 January 2025, the Joint Committee of the European Supervisory Authorities (ESAs) published the terms of reference (ToR) for the EU-SCICF Forum established under the Regulation on digital operational resilience for the financial sector (DORA).

The EU-SCICF is a pan-European systemic cyber incident co-ordination framework, established under Article 49(1) of DORA. The EU-SCICF Forum is part of the framework. The Forum includes representatives from national and EU authorities of both national and EU-level authorities, including the ESAs, the European Systemic Risk Board (ESRB), the European Union Agency for Cybersecurity (ENISA) and the European Commission.

The ToR defines two operational modes for EU-SCICF's: non-crisis mode (developing, maintaining and testing the framework) and crisis mode (co-ordinating members' responses when systemic cyber incidents occur). The Forum's activities cover non-crisis mode, aiming to facilitate effective EU-level co-ordination for major ICT-related incidents with potential systemic impacts on the EU's financial sector. Specifically, the Forum is tasked with:

• Developing and maintaining documents, protocols, procedures, arrangements, taxonomy and plans to support crisis mode coordination, considering existing frameworks and the cyber threat landscape.

• Establishing an ad-hoc group for managing crisis mode when activated.

• Conducting exercises to test the protocols and procedures, ensuring continued preparedness if crisis mode is activated.

The Joint Committee will produce an internal annual or multi-annual work plan outlining thematic focus areas and actions, including a testing programme. The plan will form part of its Joint Committee's work programme. A dedicated webpage with more information on the EU-SCICF will be maintained on the ESAs' websites.

The ToR will be reviewed every two years, updated and endorsed as necessary by the Joint Committee, and subsequently approved by the ESAs' Board of Supervisors. The ToR came into effect on 17 January 2025.

Joint Committee of ESAs report on feasibility of further centralisation of reporting of major ICT-related incidents under DORA

On 17 January 2025, the Joint Committee of the European Supervisory Authorities (ESAs) published a joint report on the feasibility of further centralisation of reporting of major ICT-related incidents by financial entities, as required by Article 21 of the Regulation on digital operational resilience for the financial sector (DORA).

The report evaluates three different reporting models: baseline, enhanced data sharing, and fully centralised (by establishing a single centralised EU hub) models. It concludes that all three models are technically feasible with no significant cost differences. The baseline model, implementing existing DORA flows under Article 19, must be operational by 17 January 2025 and is the only feasible option in the short term (within three years from January 2025). The other models, offering further centralisation, are more medium to long-term (three years or more for the data-sharing model and five years or more for the fully centralised model). Timescales depend on centralisation levels, policy and legislative changes, and the integration of existing solutions.

Although further centralisation and a single EU hub bring certain benefits, national solutions already enable reporting by 17 January 2025. Therefore, despite potential cost reductions for a fully centralised scenario, it becomes less attractive due to continued investments needed at the national level. It is therefore important that the ESAs continue to consider the different aspects highlighted in the report when assessing further centralisation, particularly minimising transition costs and the broader context of ICT-related incident reporting, beyond DORA.

The ESAs emphasise considering transition costs and broader ICT-related incident reporting beyond DORA.

The report has been sent to the European Parliament, Council of the EU, and European Commission for review, as they consider potential developments in centralising ICT-related incident reporting within the financial sector.

FCA multi-firm review of use of national fraud database and money mule account detection tools

On 23 January 2025, the FCA published its findings from a multi-firm review of payment services and account providers' use of the national fraud database (NFD), and a money mule account detection tool. The review aimed to understand how these tools help combat fraud and money muling, which is where individuals move criminal proceeds on behalf of criminals.

The FCA reviewed cases across 13 firms with suspected money mule accounts and analysed data from the detection tool to assess how effectively firms combat fraud and muling, as well as identifying challenges in using the tool.

Key findings include:

• Most firms investigated initial alerts related to funds arriving into suspected mule accounts but were less responsive to subsequent alerts, despite clear risk factors.

• The FCA identified patterns of unusual transactions that could have helped firms detect fraud cases internally, before being alerted by external sources. These included customers receiving large deposits shortly after opening accounts that either exceeded or nearly exceeded their stated annual income or turnover, and unusual account activity not aligned with the firm's business. The FCA expects firms to proactively detect and stop fraudulent transactions sooner.

• While firms had a high incidence of reporting suspicious activity reports (SARs) to the National Crime Agency, some cases did not trigger SARs when they could have.

• The FCA shared its findings with Credit Industry Fraud Avoidance System (Cifas) and continues to engage with the reviewed firms to improve fraud detection systems and controls. It expects all other payment services and account providers to review their systems and controls in light of these findings, alongside the FCA's November 2023 report on money mule activity. 

FCA fines firm for financial crime failings following Upper Tribunal decision

On 10 January 2025, the FCA issued a final notice to Arian Financial LLP fining it £288,962.53 for failing to implement effective systems and controls against financial crime.

Arian executed purported over-the-counter (OTC) equity trades totalling approximately £37 billion and £15 billion in Danish and Belgian equities on behalf of clients of four authorised entities (known as the Solo Group), receiving commission of approximately £546,949. The FCA noted the circular nature of the trades, which suggested financial crime, likely related to arranging withholding tax reclaim in Denmark and Belgium. In 2014 and 2015, the Solo Group reclaimed £899.27 million and £188 million from Danish and Belgian authorities.

Following an investigation, a decision notice was issued to Arian in August 2022 imposing a fine of £744,745. The FCA found that, between 29 January and 29 September 2015, Arian had:

• Inadequate systems and controls to identify and mitigate fraudulent trading risks from business introduced by the Solo Group. This was in breach of Principle 3 (Management and control) of the FCA's Principles for Businesses.

• Failed to exercise due skill, care, and diligence in applying anti-money laundering (AML) policies and procedures. This was in breach of Principal 2. Arian also failed properly to assess, monitor and mitigate financial crime risks with Solo Group.

These failings exposed Arian to potential misuse for financial crime. Arian admitted liability but referred the proposed fine to the Upper Tribunal (Tax and Chancery Chamber). Which reduced the amount to £288,962.53, considering fees Arian paid to Solo and the broker. This decision was published in November 2024. 

An accompanying press release states this is the seventh case brought by the FCA concerning cum-ex trading and withholding tax schemes.

JMLSG consults on revisions to Part I of AML and CTF guidance

On 28 January 2025, the Joint Money Laundering Steering Group (JMLSG) announced its consultation on proposed amendments to Part I of its anti-money laundering (AML) and counter-terrorist financing (CTF) guidance for the financial services sector.

The proposed revisions include:

• a new paragraph 5.3.97A on Court of Protection orders and local authorities and professional deputies, and an amendment to paragraph 5.3.99 concerning powers of attorney

• a new paragraphs 5.3.138A and B on group companies

• a new paragraph and amendments to 5.6.36-5.6.38, which relate to intermediaries acting as agent for a customer

• amendments to paragraphs 2.16-2.21 and new paragraphs 2.22-2.24 on outsourcing.

The proposed changes have been approved by the JMLSG board. Responses are due by 28 March 2025.

The answer to last month's question: The FCA is expected to publish a consultation paper on conduct and firm standards for all Regulated Activities Order (RAO) crypto activities in Q3 2025.

This month's question: According to data from Open Banking Limited, approximately how many active users of Open Banking were there at the end of 2024?

• 12 million

• 22 million

• 3 million

• 8 million.