IOSCO and ESMA statements on role of platform providers in combatting online harm

On 21 May 2025, the International Organization of Securities Commissions (IOSCO) published a statement highlighting measures used in certain jurisdictions that disrupt online harm arising from financial misconduct. The statement calls on platform providers (including internet search engines, social networks and providers of apps) to consider adopting the measures, which include:

• Due diligence on unauthorised offerings: ensuring that entities wishing to advertise paid content on their platforms are not the subject of regulatory investor warnings and are legally authorised to operate in the relevant jurisdictions.
• User compliance: enforcing applicable terms of services by monitoring and removing investment scams or advertisements that breach platform policies.
• Internal processes: developing and regularly updating internal rules, policies and processes for detecting scams.
• Legal requirements and regulatory engagement: establishing active communication with financial regulators and government authorities and ensuring knowledge of and compliance with all applicable laws and regulations in jurisdictions where the platform provider operates. 

In a parallel development, on 28 May 2025, the European Securities and Markets Authority (ESMA) announced that it had written to several social media and platform companies encouraging them to take proactive steps to prevent the promotion of unauthorised financial services and highlighting IOSCO's initiative. 

IOSCO final reports on finfluencers, online imitative trading practices and digital engagement practices

On 19 May 2025, IOSCO published three final reports as part of its roadmap for retail investor online safety, having consulted on these reports in November 2024: 

• Finfluencers (FR/08/2025): This considers the potential benefits and risks of finfluencers (financial influencers) and the global regulatory response. It sets out 'proposed good practices' that may be helpful to securities regulators, market intermediaries and finfluencers interested in promoting market integrity and aligning with securities regulations and investor protection standards. 
• Online Imitative Trading Practices: Copy Trading, Mirror Trading, Social Trading (FR/06/2025): This considers the potential for investor harm associated with the automated nature of imitative trading strategies (such as copy trading, mirror trading and social trading), allowing retail investors to replicate the trades of more experienced or professional traders. It contains good practices intended to strengthen investor protection, and comments on the contribution of finfluencers to the increase in online imitative trading practices.
• Digital Engagement Practices (FR/07/2025): Digital Engagement Practices (DEPs) are digital engagement techniques that include notifications, nudges and gamification. The report considers IOSCO work, its members' regulatory approaches and international guidance to identify potential issues with DEPs, particularly the importance of ensuring DEPs used to communicate investment advice prioritise the interest of retail investors over the those of market intermediaries. 

The roadmap aims to safeguard retail investors globally from fraud, excessive risk and misinformation by focusing on investor education and the promotion of robust regulatory frameworks. 

FCA key findings from Financial Lives survey: May 2024

On 16 May 2025, the FCA published the key findings from its 2024 Financial Lives survey (FLS) which tracks adults' financial behaviour, perceptions and experience with financial services. The FCA adopted a new reporting approach and produced a shorter main report alongside an expanded set of side-reports focused on retail sectors and different subject areas. The FLS is conducted every two years, with the last report published in July 2023.

Notable findings of the report include:

• 24% of adults had low financial resilience, which was not statistically different from the FCA's May 2022 survey.
• Altogether, 49% of adults had characteristics of vulnerability (such as poor health, negative life events, low resilience and low capability), which was down from 52% in May 2022.
• 65% of adults were aware of the FCA, unchanged from May 2022.
• 84% of adults held at least one credit or loan product in May 2024 or had done so at some point in the previous 12 months, slightly higher than 83% in 2022 and much higher than 78% in 2017.  
• Buy Now Pay Later was the most widely used type of non-regulated loan in 2024 (20% of adults using it in the previous 12 months compared to 17% in 2022).
• Regarding financial inclusion, 1.6% of adults had no current account and 17% found it difficult to access a branch using their normal forms of transport.
• Attitudes towards the financial services industry have improved with 36% of adults believing most financial firms were honest and transparent (up from 31% in 2017).

FCA appoints permanent Executive Director for Payments and Digital Finance

On 8 May 2025, the FCA published a press release announcing the appointment of David Geale as permanent Executive Director for Payments and Digital Finance, responsible for supervising payments and cryptoasset firms. Mr Geale has also been appointed as Managing Director of the Payment Systems Regulator (PSR). He will play a key role in the work to consolidate the PSR into the FCA.

New FCA webpage on appointed representatives data

On 7 May 2025, the FCA published a new webpage providing data on the appointed representative (AR) population and their financial services activity. 

The FCA collects data on principal firms and ARs through principals completing "Add, Change and Terminate AR" forms and REP025 data submissions, to prioritise its supervision and identify potential risks. It also uses other data provided by firms, such as the Retail Mediation Activities Return (RMAR).

The webpage provides data on: 

• AR population. From February 2024 to February 2025, there were 2,571 principals and 33,830 ARs, a reduction of 190 principals (7.4%) and 410 ARs (1.2%).
• AR's financial service activity and revenue generated. In 2024, ARs generated £11.1bn regulated revenue from financial services. Of this, £2.4bn came from ARs whose principals are mainly retail investment firms, £3.6bn from insurance firms and £2.3bn from consumer finance, of which £709m was from mortgage broking.

Data on the website is updated every 6 months. 

FOS business complaints data for H2 2024

On 6 May 2025, the Financial Ombudsman Service (FOS) published its half-yearly complaints data for individual businesses for the period 1 July to 31 December 2024 (H2 2024). 

• New complaints for this period (141,846) rose by 49%, compared to H2 2023 (95,349). 
• The average uphold rate across all products was 33%, compared to 36% in H2 2023.
• Across all sectors, professional representatives accounted for 46% of new complaints, compared to 22% in H2 2023.

The FOS explains that complaints about banking fraud, credit affordability and motor finance commission were the main drivers for the rise in complaints. 

FCA publishes consultation papers on stablecoins and crypto custody

On 28 May 2025, the FCA published two significant consultation papers on the UK's regulatory regime for cryptoassets. The papers, which should be read together, cover proposed rules and guidance for firms carrying on the new regulated activities of issuing qualifying stablecoins and safeguarding qualifying cryptoassets. Please read our article for further details.

FMLC letter to HM Treasury highlighting legal uncertainties relating to draft cryptoassets regulated activities

On 27 May 2025, the Financial Markets Law Committee (FMLC) published the letter it sent to HM Treasury highlighting areas of legal uncertainty relating to the new cryptoassets regulated activities set out in the draft Financial Services and Markets Act 2000 (Regulated Activities and Miscellaneous Provisions) (Cryptoassets) Order 2025. The draft Order relates to the new cryptoassets regulated activities to be created under the Financial Services and Markets Act 2000 (Regulated Activities) Order 2001 (RAO), which was published in April 2025. 

Key issues identified in the letter include:

• Overlap between "qualifying stablecoin" and "electronic money" definitions. It is not possible to conclude whether several existing stablecoins would be deemed to be qualifying stablecoins or electronic money under the draft Order. 
• Expansion of new safeguarding activity. There is concern that the expanded scope of the new safeguarding activity (Article 90) in comparison to the existing safeguarding and administering investments activity under Article 40 of the RAO may be disruptive to market practices. 
• Potential application of new safeguarding activity to traditional securities recorded on an electronic register. The new safeguarding activity applies to relevant specified investment cryptoassets, which are defined by reference to the definition of cryptoasset under section 417(1) of the Financial Services and Markets Act 2000 (FSMA). This definition is very broad, and it is possible that the registration or safeguarding of any securities custodied in the UK (including securities recorded in CREST) could be in scope of the new safeguarding activity.
• Territorial scope of new regime in respect of overseas persons servicing institutional clients in the UK. The FMLC understands that the policy intention is that overseas cryptoasset firms serving only UK institutional customers will not require authorisation. However, it is not clear that this policy outcome has been achieved via the amendments to section 418 of FSMA.

BIS empirical analysis of cross-border Bitcoin, Ether and stablecoin flows

On 8 May 2025, the Bank for International Settlements (BIS) published its working paper on the trends and drivers of cross-border flows of the two major cryptoassets, Bitcoin and Ether, and the two major asset-backed stablecoins, Tether and USD Coin between 184 countries from 2017 to 2024. 

The flows peaked at $2.6 trillion in 2021 with stablecoins accounting for close to half of the volume. The paper found that there is a diminishing significance of geographical proximity in crypto flows, particularly for stablecoins. The network concentration was seen to vary across cryptoassets, but is notably lower than for cross-border banking, whereas network density is considerably higher. 

Global factors, such as heightened market volatility and widening credit spreads, were found to be significant determinants for native cryptoassets. The research highlights the dual purpose of cryptoassets as both a speculative financial asset and a medium of exchange, emphasising the need for further research to assess its impact on financial inclusion and economic stability.  

Property (Digital Assets etc) Bill passes to House of Commons

On 8 May 2025, the Property (Digital Assets etc) Bill passed its third reading in the House of Lords with no amendments. It was first introduced in the Lords in September 2024. Following the Bill's first reading in the House of Commons on 12 May 2025, it was referred to a second reading committee who will debate the Bill and report to the House. A date for the Bill's second reading is yet to be announced. 

The Bill makes provision about the type of things (including a thing that is digital or electronic in nature) that are not prevented from being objects of personal property rights, simply because it does not fit into the two well-established categories of personal property under case law: a thing in possession (generally, tangible things) or a thing in action (personal property that can only be claimed through a court action). 

BoE speech on proposed stablecoin regulatory framework

On 6 May 2025, the Bank of England (BoE) published a speech by Sarah Breeden, BoE Deputy Governor, Financial Stability, that discusses the proposed framework for regulating stablecoins in the UK. The speech highlights three key themes of industry feedback to the BoE's proposals for a regulatory regime for stablecoins in retail payments, which were set out in its November 2023 discussion paper:

• Existing business models. The proposed regime does not align with existing stablecoin business models whose revenues are based on interest income. The BoE wants to reflect on how the broader UK regime should support stablecoin use cases that are not centred on becoming widely used payment mechanisms in the real economy such as supporting settlement in the crypto ecosystem.
• FCA regime for non-systematic stablecoins. The challenges associated with the transition from the FCA regime to the BoE's proposed regime increase the more the two regimes differ.  
• Cross-border challenges. The industry highlighted concerns over the difference in the proposed regime to the regimes being implemented in other countries, and the challenges this will bring to business operating internationally. 

The speech demonstrates the importance of differentiating between "payment coins" used in the real world, the focus of the BoE's regime, and other types of stablecoin with more investment use cases. The BoE will maintain its focus on the singleness of money and financial stability. 

APP fraud: testing the limits of recovery

Please see our article on the evolving legal landscape surrounding banks/PSPs' responsibilities in preventing fraud and recovering stolen funds, following the judgments in Santander v CCP Graduate School Ltd and Hamblin & Ors v Moorwand & Ors. 

PSR consolidated policy statement on APP scam reimbursement requirement

On 22 May 2025, the Payments Systems Regulator (PSR) published a consolidated policy statement (PS25/5) on its authorised push payment (APP) fraud reimbursement requirement scheme.

It provides consolidated guidance on the reimbursement requirement and a summary of the most significant and frequently asked questions, including information on the scope of the scheme and rejecting APP fraud claims under the scheme. Unless stated to the contrary, the policy statement applies to payments made over the Faster Payment System (FPS) and CHAPS.

The policy statement is general guidance. The PSR's definitive requirements are set out in its legal instruments, which can be found on its website. The reimbursement requirements for the FPS are on Pay.UK's website and reimbursement requirements for CHAPS are on the Bank of England's website.

The PSR aims to keep the policy statement under review and update it as appropriate.

ECB postpones amendments to TARGET Guideline on non-bank PSPs participation in system

On 15 May 2025, the European Central Bank (ECB) published a press release announcing postponement of the amendment to the TARGET Guideline (Guideline (EU) 2022/912) that would enable participation by non-bank payment service providers (NB-PSPs) in the EU Trans-European Automated Real-time Gross settlement Express Transfer system (TARGET).

The ECB has decided to postpone due to delays in some euro-area countries in transposing the required amendments to the Settlement Finality Directive (98/26/EC) (SFD) and the Payments Services Directive ((EU) 2015/2366) (PSD2) into their national law. Without transposition of these amendments, the Eurosystem believes that legal risks may arise relating to the eligibility of NB-PSPs to access TARGET, including T2 (for settling payments) and TIPS (for settling instant retail payments).

The Decision was stated to enter into force on 26 February 2025 and was set to apply to Member States from 9 April 2025 (see our March 2025 edition of FinTech Matters). The ECB now advises that the amendment is expected to enter into force in October 2025, and notes that the postponement does not prevent national central banks from providing NB-PSPs access to national payment systems (other than TARGET) in countries where the amendments to the SFD and PSD2 have been transposed into national law.

PSR update on impact of implementation of APP fraud reimbursement requirement

On 15 May 2025, the Payment Systems Regulator (PSR) published an update on what it has seen since the implementation of its authorised push payment (APP) fraud reimbursement requirement in October 2024.

The PSR is pleased with the data and stakeholder opinion it has collected in the first seven months of the policy. It notes that a high proportion of APP fraud victims are being reimbursed consistently across a larger number of payment service providers (PSPs), without a spike in the number of claims. As both the sending PSP and the receiving PSP share the cost of reimbursing victims, the PSR believes there is a much stronger incentive to prevent APP fraud in the first place.

The data only covers UK payments made over the Faster Payment System from the start of the reimbursement policy, 7 October 2024, up until 31 December 2024. The PSR will continue to monitor progress, alongside the FCA, and share further updates. It will start an independent review on the effectiveness of the policy in October 2025.

PSR policy statement on decision to revoke Specific Direction 3 and consultation on revoking Specific Direction 2

On 8 May 2025, the Payment Systems Regulator (PSR) published a policy statement and consultation paper (PS25/4) setting out its decision to revoke Specific Direction 3 (SD3) on competitive procurement of central infrastructure (FPS) and Specific Direction 3a (SD3a), and to consult on revoking Specific Direction 2 (SD2), relating to Bacs.

SD3 requires that all central infrastructure for Faster Payments in place on or after 1 July 2026 is provided under a contract that was the result of competitive procurement. Pay.UK became unable to meet its obligations under SD3 due to the significant changes of the New Payments Architecture programme, leading the PSR to consult in December 2024 on amending SD3.

Following responses, the PSR has decided to revoke SD3 on the basis that the revocation will provide the PSR with the necessary space and certainty to work towards the National Payment Vision (NPV) of reassessing the requirements for retail payments infrastructure and strengthening the governance and funding arrangements needed to deliver this. The PSR has indicated that its reasons to revoke SD3 may also apply towards the revocation of SD2 and Specific Direction 2a, which it is currently consulting on.

The consultation closes on 5 June 2025.

Credit reporting IWG response to FCA credit information market study final report

On 23 May 2025, the credit reporting interim working group (IWG) published its response to the FCA's final report on the credit information market study (CIMS) (MS19/1.3), published in December 2023. 

CIMS set out a new governance framework for the credit information market, and the FCA mandated IWG to make recommendations on the establishment of a governance body named "Credit Reporting Working Body" (CRGB). 

IWG's response includes the following proposals:

• Effective governance: the CRGB's purpose should be to provide effective governance of credit information for consumers and stakeholders, with three objectives relating to operations, consumer-focus and future-looking that set its agenda and priorities. 

• Transparency and accountability: the CRGB should be subject to high levels of transparency and accountability towards public and private sector stakeholders. Although the CRGB will be self-regulated, it would still be expected to fulfil the same tasks as a regulator, with its most pertinent role being the governance of shared data.

• Positive effect: comprehensive process and safeguards should be implemented to ensure that the decisions and actions of the CRGB have a positive effect on the credit information industry.

• Funded by its subscribers: the CRGB will be funded by its subscribers with an annual fee structure reflecting the nature and size of the entities. A large percentage of subscribers will be exempt from payment due to their smaller size or social purpose objectives.

The IWG will respond to the FCA’s feedback on the final report and adapt its recommendations, as appropriate.

FCA data flow diagrams on new regulatory reporting return for consumer credit firms

On 20 May 2025, the FCA published a set of data flow diagrams on its webpage to support consumer credit firms that are required to complete the new consumer credit data return CCR009 (Relevant ancillary credit firm).

The CCR009 return came into effect on 7 May 2025. It replaces CCR004 (Debt management firms) and CCR005 (Client money and assets) and replaces elements of CCR002 (Volumes) and CCR007 (Key data for credit firms with limited permissions).

The diagrams provide a visual representation of applicable rules in SUP 16 Annex 38R. They also map out which questions in CCR009 to complete and what data to provide.

The webpage follows the FCA's commitment in PS25/3 (see below) to provide additional supporting material and guidance.

Government publishes first consultation paper on CCA reforms 

On 19 May 2025, HM Treasury (HMT) published its Phase 1 consultation on reforms to the Consumer Credit Act 1974 (CCA), marking a significant step toward modernising the UK's consumer credit regulatory framework. This consultation follows the government's June 2022 announcement of its intention to reform the CCA and represents the first of a two-phase consultation process aimed at creating a more proportionate, aligned, forward-looking and simplified regulatory regime. For further details on the proposed reforms, please see our more detailed article. 

Government publishes Buy Now Pay Later legislation

On 19 May 2025, the government published and laid before parliament the Financial Services and Markets Act 2000 (Regulated Activities etc.) (Amendment) Order 2025 (Order) together with an explanatory memorandum.

The Order brings currently exempt interest-free Buy Now Pay Later (BNPL) products within the UK's financial services regulatory regime. BNPL products will become subject to rules to be developed by the Financial Conduct Authority.

The new regime is due to apply from mid-2026.

For further details, please see our article.

FCA policy statement on new regulatory reporting return for consumer credit firms

On 7 May 2025, the FCA published a policy statement (PS25/3) setting out its final rules relating to a new regulatory reporting return for consumer credit firms who engage in one, or more, of the regulated activities of credit broking, debt adjusting, debt counselling and providing credit information services (CCR009).

The FCA received 74 responses to its September 2024 consultation on the rules (CP24/9). The new return has five mandatory sections for firms to complete, followed by questions specific to a firm's permissions. The return will ask for data about permission, business model, marketing, revenue and staff.

The policy statement confirms the changes to SYSC, CASS and SUP set out in the Consumer Credit (Regulatory Reporting) (Amendment) (No 2) Instrument 2025, coming into force with immediate effect. The new return will also replace elements of CCR002 (Volumes) and CCR007 (Key data for credit firms with limited permission), though the FCA notes that this is an interim stage until it completes its review of the remaining credit-related returns. Implementation of the remaining phases to replace all of the FCA's existing consumer credit returns is to be slowed down to lessen the burden on firms and allow time for the FCA to consider the impact of the new return and the product sales data return.

Updated version of UK Finance's financial abuse code

On 30 April 2025, UK Finance published an updated version of its financial abuse code, which relates to the control of an individual's financial affairs.

The code, originally launched in 2018 and updated in 2021, was designed to increase awareness among firms of financial abuse and how to identify its signs. The latest iteration is the output of a comprehensive review of the code following the launch of the FCA's Consumer Duty. 

The updated code, effective from 30 April 2025, is structured around a new seven-pillar framework which is aligned with the Consumer Duty requirements:

• understand customers and encourage disclosure

• communicate and engage

• product and service design

• product and service delivery

• skills, capabilities and leadership

• external education and awareness

• continuous improvement (monitoring and evaluation).

It is for each signatory to the code to decide how best to implement its requirements proportionately, to ensure good consumer outcomes. 

UK Finance will continue to explore suggestions put forward by the review, including the suggestion of an economic task force charged with removing structural barriers that prevent victims from regaining their financial independence and achieving economic safety.

FCA and ICO blog outlines key points from AI roundtable with industry

On 2 June 2025, the FCA published a blog by Nikhil Rathi, Chief Executive of the FCA, and John Edwards, UK Information Commissioner, on how the FCA and the Information Commissioner's Office (ICO) are working together to help firms use AI responsibly. 

They refer to the AI roundtable with industry leaders in May 2025, and its key message that uncertainty and lack of familiarity are the main blockers to innovation, rather than regulation. The regulators want to support firms to build familiarity, while firms are developing their AI capabilities. The regulators call on firms and trade bodies to engage with them earlier on in the innovation journey, not just when there is a problem. 

The FCA will continue to work with other regulators in the Digital Regulation Cooperation Forum (DRCF) to explain its expectations, recognising that many decisions made by firms are based on risk appetite. The FCA will also help firms to develop, test and evaluate AI as part of its AI Lab, and plans to host a roundtable with firms later in 2025 to better their understanding of the challenges firms face in relation to AI adoption. In addition to the ICO's existing guidance on AI, the regulators will also develop a statutory code of practice for organisations developing or deploying AI and automated decision making.

The DRCF workplan for 2025/26 commits the regulators to develop their collective understanding of how each of their regimes might apply to AI and work to identify and resolve any points of conflict.

CMORG releases AI baseline guidance review

On 15 May 2025, the Cross Market Operational Resilience Group (CMORG) published its AI baseline guidance review, intended to support firms in the financial sector in responding to risks posed by generative AI (GenAI).

CMORG is a joint initiative between the regulators, UK Finance and industry that supports the improvement of the operational resilience of the financial services sector in the UK, through both private and public collective action. The review contains the following sections:

• Government and regulatory approaches, providing an overview of how authorities are balancing the competing forces of GenAI opportunity and risk, and emerging regulation. 

• Risk management principles and frameworks, exploring the principles and framework that can facilitate safe GenAI adoption and establish public trust in its usage.

• Technical implementation, providing guidance for firms on deploying control frameworks to manage risks associated with GenAI adoption and implementation. It focuses on data protection and privacy, cyber-information security and model risk. 

• Third party and legal considerations, encouraging firms to identify roles and responsibilities along the supply chain, manage legal risks and determine the permitted usage of GenAI solutions by third parties. 

• Education and awareness, providing guidance on building and embedding a "responsible AI" culture, including advice on training employees to mitigate GenAI risks.

ECON draft report on the impact of AI on the financial sector

On 15 May 2025, the European Parliament's Committee on Economic and Monetary Affairs (ECON) published a draft report on the impact of AI on the financial sector. The European Commission published a targeted consultation on this issue in June 2024.

The draft report considers the state adoption of AI in the financial sector. It concludes that while a few use cases represent high-risk innovation, there is no immediate likelihood of a financial system run, and we are far from being heavily dependent on AI models that threaten financial stability and consumer interests. It considers the significant potential of AI in the sector, particularly in relation to sector efficiency, enhanced consumer services, increased competition between firms and more effective anti-money laundering and fraud detection practices.

The report raises concerns on the regulatory landscape, including the overlaps and legal uncertainties between the Artificial Intelligence Act (EU) and sectoral financial services legislation. It also suggests that the requirements in the General Data Protection Regulation (EU) imposes limitations on the use of AI in financial services. The report calls for:

• the European Commission to ensure clarity and guidance on how existing financial services regulations apply to the use of AI in financial services

• the use of consistent definitions and the simplification of the regulatory framework to avoid duplication of requirements

• the European and national supervisory authorities to promote consistent interpretations of AI and avoid overly strict application of existing regulations.

Corrigendum to Commission Delegated Regulation on RTS on risk management tools under DORA published in OJ

On 15 May 2025, a corrigendum to Commission Delegated Regulation (EU) 2024/1774 containing regulatory technical standards supplementing the Regulation on digital operational resilience for the financial sector ((EU) 2022/2554) (DORA), was published in the Official Journal of the European Union (OJ). 

Commission Delegated Regulation (EU) 2024/1774 contains regulatory technical standards (RTS) specifying ICT risk management tools, methods, processes and policies and the simplified ICT risk management framework. It reflects mandates under Articles 15 and 16(3) of DORA.

The corrigendum replaces a reference to Article 15 of the Commission Delegated Regulation (EU) 2024/1774 in Article 22 of the Delegated Regulation (ICT-related incident management policy) with a reference to Article 8(2) of that Delegated Regulation.

House of Commons Treasury Committee correspondence with banks on February 2025 IT failures

On 8 May 2025, the House of Commons Treasury Committee published letters that it received from HSBC UK, Nationwide Building Society, TSB Bank and Lloyds Banking Group (the banks) relating to the impact of IT failures that occurred in February 2025.

On 28 February 2025, some customers of the banks suffered delays to payments with difficulty logging into their online accounts. The Committee wrote to the banks in April 2025, requesting information on these IT failures. In their response letters, the banks set out details of the failures and their reaction, the impact of the failures on customers, steps taken to reduce the risk of future similar IT failures and the extent to which there was an increase in fraudulent activity during the incident. TSB's letter included the extent to which its services have been unavailable to UK customers over the last two years as a consequence of the IT failures.

FCA policy statement on updated Enforcement Guide and enforcement investigation transparency

On 3 June 2025, the FCA published a policy statement (PS25/5) on its updated Enforcement Guide, providing greater transparency on enforcement investigations. 

In February 2024 (CP24/2) and November 2024 (CP24/2: Part 2), the FCA consulted on proposed measures to update and streamline its Enforcement Guide and increase transparency. The new policy statement sets out the final revisions to the Enforcement Guide, including its amended investigation publicity policy. The FCA abbreviates the new version of the Enforcement Guide as ENFG and refers to the now archived version as EG. 

The FCA has retained the 'exceptional circumstances' test for announcing investigations into regulated and listed firms, but the policy now provides for additional circumstances where the FCA may also make announcements. This will enable the FCA, in limited circumstances, to:

• Announce and name the subjects of investigations into suspected unauthorised activity or criminal offences related to unregulated activity.

• Reactively confirm it is investigating in specific circumstances.

• Share information on an anonymised basis.

The majority of other changes consulted on in CP24/2 have been implemented. Annex 2 to the new policy statement sets out a marked-up version of the revised enforcement investigation policy, including a mapping table where information in EG has been moved to. Appendix 1 sets out the instrument making the new ENFG, revoking the EG and making other changes to material outside of the FCA's Handbook. It was made on 9 May 2025 and came into force on 3 June 2025.

The instrument making Handbook changes is also set out in Appendix 1, which was made on 22 May 2025 and came into force on 3 June 2025. ENFG, including the policy on investigation publicity, came into force immediately on 3 June 2025. The changes will only apply to investigations launched on or after this date.

FCA bans former Credit Suisse vice-president following US corruption conviction

On 23 May 2025, the FCA published its final notice issued to Detelina Subeva, a former Credit Suisse vice-president, following her conviction in the US for arranging corrupt loans to the Republic of Mozambique.

While employed at Credit Suisse in 2013, Ms Subeva helped launder the proceeds of crime by receiving approximately $200,000 from one of her co-conspirators, connected with the arrangement, facilitation and provision of funds to be loaned to the Republic of Mozambique by Credit Suisse. Ms Sebeva was indicted in 2018 by the Department of Justice with four counts of conspiracy, to which she pled guilty in May 2019. In October 2021, the FCA fined Credit Suisse over £147 million for serious financial crime due diligence failings relating to the loans to the Republic of Mozambique. 

The FCA held that Ms Subeva's conviction for conspiring to commit money laundering, and her decision to continue to work with her co-conspirators after leaving Credit Suisse, demonstrates a clear and serious lack of integrity that renders her unfit to perform any function in relation to regulated activity. She is the third Credit Suisse employee banned under section 56 of the Financial Services and Markets Act 2000 following a US conviction.

UK Finance published Annual Fraud Report 2025

On 27 May 2025, UK Finance published its Annual Fraud Report 2025. 

A total of £1.17 billion was lost due to criminal fraud in 2024 across both unauthorised and authorised channels, largely unchanged from the total losses in 2023. Case numbers saw a notable 12% jump to 3.31 million in 2024, compared to 2023.

The report shows that Authorised Push Payment (APP) fraud has fallen, both in relation to the total amount lost (2% less than 2023) and the overall number of cases (20% less than 2023). However, the data also shows that other types of fraud, notably remote purchase fraud, have increased by 11% in 2024 compared to 2023. The report indicates that around four-fifths of the cases were related to e-commerce and split roughly evenly between authenticated and non-authenticated.

The data offers some reassurance that concerted efforts by the industry can reduce loss to fraud, as evidenced by the progress on APP fraud. The report concludes that future strategies must take a broad approach to the prevention of all types of fraud, to mitigate the adaptability and evolving tactics of criminals.

The answer to last month's question: The Financial Services Regulatory Initiatives Forum has eight members: the Bank of England, the PRA, the FCA, the PSR, the CMA, TPR, the ICO, and the FRC. HMT is an observer member.

This month's question: Which exemption within the Regulated Activities Order do unregulated Buy Now Pay Later products currently take advantage of:

• Article 60F(2)

• Article 60G(3)

• Article 60H(1)

• Article 60G(4).