Financial Services Matters - August 2025

UK's financial services sector set for major reforms

July 2025 saw the publication of the Financial Services Growth and Competitiveness Strategy and Leeds Reforms, described by the Chancellor of the Exchequer in her Mansion House speech delivered on the same day, as "the most wide-ranging package of reforms to financial services regulation in more than a decade."

In this special UK Finance blog, we take a look at the reforms. 

New FCA webpage on Berne Financial Services Agreement

On 23 July 2025, the FCA published a new webpage on the Berne Financial Services Agreement (BFSA), setting out details of BFSA market access arrangements and how UK and Swiss firms can express interest in providing cross-border services.

The FCA considers the framework that will apply to the market access arrangements for:

• UK insurance intermediaries and UK insurers seeking to enter the Swiss market
• professional client advisers acting on behalf of UK investment services firms, and to Swiss investment services firms with a UK presence providing services to UK high-net-worth clients. It also considers the interaction between access via the BFSA and the overseas persons exclusion (OPE) set out in article 72 of the Financial Services and Markets Act 2000 (Regulated Activities) Order 2001 (RAO).

The FCA expects the UK regulators to sign a memorandum of understanding with the Swiss Financial Market Supervisory Authority (FINMA) in September 2025. The FCA will also consult on changes to its Handbook to implement the BFSA. In November 2025, the regulators will publish detailed operational guidance.

On 21 July 2025, the government laid two statutory instruments to implement the UK’s commitments under the BFSA. The BFSA is expected to enter into force in early 2026, following ratification by the UK and Switzerland, and firms may make notifications from that date onwards.

BoE supervisory approach to onboarding new FMIs

On 18 July 2025, the Bank of England (BoE) published a document setting out its supervisory approach to onboarding new financial market infrastructures (FMIs) that fall within its regulatory remit.

It covers the process for becoming a BoE-regulated FMI and explains two discretionary stages available to FMIs which could support new firms completing aspects of their operational set-up. The document also covers the regulatory framework for the different types of FMIs, the four stages of the BoE's supervisory approach to onboarding before firms reach baseline supervision (risk assessment, authorisation or recognition, mobilisation and scaling) and the BoE's specific approach for payment systems and central counterparties.

The BoE may revise and reissue the document in response to significant legislative or other developments that result in changes to its approach.

BoE's FMI Committee responds to government remit and recommendations letter

On 18 July 2025, the BoE published its response (dated 15 July 2025) to a letter from HM Treasury setting out the government's remit, recommendations and priorities for the Financial Market Infrastructure (FMI) Committee.

The response explains how the BoE, as regulator of FMIs, is facilitating innovation to support sustainable economic growth. The annex sets out how the BoE's actions support the recommendations in HM Treasury's letter, including:

• changes made to ensure innovation is integrated in its policymaking processes to facilitate safe and sustainable innovation in FMIs
• active consideration of the use of stablecoins for settlement in the digital securities sandbox (DSS), and whether other sandboxes could help experiment with the wholesale use cases for stablecoins
• finalised Fundamental Rules for FMIs. This is the first use of its general rulemaking power for central counterparties (CCPs) and central securities depositories, which clearly sets the outcomes required of FMIs, including in respect of their financial and operational resilience
• ongoing work to increase automation of processes across the market and shorten the settlement cycle to T+1
• seeking views on other instruments that could safely be permitted as eligible collateral or options that could improve the availability of existing collateral, including letters of credit.

FCA and ICO outline future areas of focus on open finance and smart data

On 17 July 2025, the Digital Regulation Cooperation Forum (DRCF) published an article setting out joint insights of the FCA and the Information Commissioner's Office (ICO) on technologies shaping the future of open finance. In March 2025, the FCA hosted an Open Finance Sprint. The ICO participated, utilising the Sprint as an opportunity to build on findings from this research.

To support innovation and competition in financial services, the FCA and ICO are collaborating through the DRFC's Horizon Scanning and Emerging Technology project, allowing people to benefit from their personal data. The article identifies regulatory considerations that the FCA and ICO will need to consider in relation to open finance and smart data:

• how open finance and smart data can empower consumers and businesses by giving them greater control over their own data
• the lawful basis for processing personal data
• the intersection of data minimisation and open finance
• transparency and consumer understanding in relation to AI making decisions about consumers
• the regulators and their role in assisting the development of common standards of interoperability.

The recently enacted Data (Use and Access) Act 2025 sets out a framework for access, sharing and use of customer data. The article explains that statutory instruments will be needed to introduce specific sectoral smart data schemes, including open finance. 

FSB letter on priorities

On 14 July 2025, the Financial Stability Board (FSB) published a letter sent to G20 finance leaders and central bank governors ahead of their July 2025 summit.

The letter sets out the FSB's work priorities, relating to:

• Enhancing surveillance capabilities. The FSB will publish its assessments of vulnerabilities, to support an evidence-based response to risks.
• Addressing key risks to financial stability. The FSB will support implementation of agreed policies on non-bank financial intermediation (NBFI) and explore vulnerabilities from the growing role of private finance, alongside giving more focus to existing initiatives such as the G20 cross-border payments roadmap. It will also assess the increasing role of stablecoins for payment and settlement purposes.
• Strengthening effectiveness of FSB. The G20 Implementation Monitoring Review will be the starting point for considering possible improvements in the effectiveness of the FSB, applying to areas such as communicating with stakeholders outside of its membership and the implementation of agreed standards.

The letter also covers three reports that the FSB has recently delivered to the G20 relating to NBFI, non-bank data and an update on its climate roadmap.

FCA outcomes report on open finance sprint

On 11 July 2025, the FCA published an outcomes report following the two-day open finance sprint it held in March 2025.

The sprint involved 110 stakeholders, including organisations from the financial services industry, regulators and technology experts, and focused on developing practical data and sharing use-case ideas to support the following areas:

• Financial wellbeing through optimised credit data-driven decisions and debt management. Personalised credit scoring, automated debt consolidation, holistic financial dashboards and AI driven debt management were key use cases.
• Financial growth through data-enabled tools and personalised insights leveraging data sharing. Key use cases included life event planning, real-time analytics for early risk detection and automated emergency fund management.
• Financial resilience through the use of technologies like AI, blockchain and advanced consent frameworks to navigate major life events and financial shocks.
• Consumer empowerment through digital verification. Digital identity was identified as a critical enabler, facilitator or catalyst of open finance, allowing for secure, seamless and user-controlled access to financial and cross-sector services.

The FCA is launching the Smart Data Accelerator, which it will use to test high impact use cases and accelerate the development and implementation of open finance and smart data in the UK. The FCA will shortly open registrations for two TechSprints in the autumn, which will focus on SME finance and mortgages. The FCA will also produce a roadmap for open finance by March 2026, supported by a research note that it will share later in 2025.

Annual report season

The regulators have published the following annual reports and accounts:

• On 10 July 2025, the FCA published its Annual Report and Accounts for the period 31 March 2024 to 31 March 2025. It also published its outcomes and metrics following the end of its Strategy 2022-2025
• On 10 July 2025, the Payment Systems Regulator (PSR) published its Annual Report and Accounts for the period 31 March 2024 to 31 March 2025.
• On 3 July 2025, the Financial Services Compensation Scheme published its Annual Report and Accounts for the period 1 April 2024 to 31 March 2025.
• On 2 July 2025, the Financial Ombudsman Service (FOS) published its Annual Report and Accounts for the period 31 March 2024 to 31 March 2025.
• On 26 June 2025, the Bank of England (BoE) and the PRA published their Annual Report for the period 1 March 2024 to 28 February 2025.

FCA to modernise rules to unlock investment

On 10 July 2025, the FCA published a press release, declaring its intention to review its client categorisation rules to unlock more opportunities for wealthy investors and support capital markets, to drive economic growth.

The FCA’s completed growth initiatives include:

• more flexible regulation, such as setting out steps to improve access to mortgages
• unlocking investment, such as PISCES, the new private stock market facilitating trade in private shares
• accelerating innovation, such as the Digital Securities Sandbox (DSS) to explore new technologies
• helping firms set up and grow, such as the extension of the pre-application support service to all wholesale, payments and cryptoassets firms
• promoting the UK, such as the establishment of a presence in the US and Asia-Pacific to help the export of UK financial services and attract inward investment.

As part of this review, the FCA will consult on the elective professional client categorisation later in 2025.

The FCA said that the review will build on 10 initiatives already delivered since January 2025, with around 50 more to be completed before the end of the year.

FCA update on delivering its secondary international competitiveness and growth objective

On 10 July 2025, the FCA published several documents that indicate how it plans to deliver on its secondary international competitiveness and growth objective (SICGO) during the second half of 2025.

The FCA published its SICGO report 2024/25 containing the following annexes:

• Annex 1 provides a 6-month update on goals set out in the FCA's January 2025 letter to the government and contains information on next steps for each initiative.
• Annex 2 summarises how rules and guidance have advanced the FCA's operational and secondary objectives and identifies the initiatives it has decided to stop, deprioritise, pause, reduce in scope or merge into its wider work.

The FCA also published its response to HM Treasury's recommendations in the November 2024 remit letter, setting out how it is supporting the government's growth mission. 

FCA statement on retail access to cETNs

On 1 August, the FCA confirmed that from 8 October 2025 crypto exchange traded notes may be sold to retail clients (cETNs), provided the cETNs are admitted to trading on a UK Recognised Investment Exchange (RIE).

UK RIE cETNs will be categorised as restricted mass market investments (RMMIs) and be subject to marketing restrictions including risk warnings and appropriateness testing. While the Consumer Duty will apply to firms that offer these products to retail clients, the Financial Services Compensation Scheme will not provide coverage.

The FCA consulted on removing the ban on retail access to cETNs in June 2025 – see our July 2025 update.

Registration and change in control thresholds for crypto businesses

On 17 July 2025, HM Treasury published a response to its consultation on improving the effectiveness of the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (MLRs). The consultation was launched in March 2024 – see our April 2024 update.

Among the policy changes announced, HM Treasury has confirmed that it will bring the registration and change in control thresholds for crypto businesses that are within the scope of the MLRs in line with FSMA thresholds. It intends to publish the draft statutory instrument in the coming months for technical feedback, before laying it in Parliament later in 2025, if parliamentary time allows.

Property (Digital Assets etc) Bill: second reading in House of Commons

On 16 July 2025, the Property (Digital Assets etc) Bill passed its second reading in the House of Commons with no amendments.

The Bill had its first reading in the House of Commons on 12 May 2025, having completed its passage through the House of Lords on 8 May 2025. The Bill takes forward a recommendation of the Law Commission in its June 2023 report on digital assets and will establish in statute the common law position that certain digital assets can constitute property. 

The next stage is for it to be considered by a Committee of the whole House on a date to be confirmed.

HM Treasury policy paper on UK wholesale financial markets digital strategy

On 15 July 2025, HM Treasury published a policy paper setting out the government's digital strategy for the UK's wholesale financial markets, one of the package of reforms that the government announced in its new Financial Services Growth and Competitiveness Strategy (see above).

Under the digital strategy, the government plans to drive forward the digitalisation of the UK's wholesale financial markets across three broad areas:

• Market optimisation. HM Treasury commits to removing paper-based transactions and progressing share dematerialisation, driving automation and removing manual processing. It also commits to advancing the adoption of smart data principles to ensure wholesale market data is shared, reported and utilised effectively. It will work with the private sector to explore how digital identity could be adopted in wholesale markets and what the best use cases are.
• Market transformation. It will apply the potential benefits of new technologies like distributed ledger technology (DLT), AI and quantum to transform wholesale financial markets. It commits to ensuring a cross-sectoral approach to DLT adoption and enabling the sector to test, scale and roll out solutions that tokenise financial assets and support the digitalisation of post-trade processes, providing a regulatory and legislative framework that allows new digital solutions to be taken forward.
• Market leadership. It commits to develop a cross-cutting approach to digitalisation of wholesale financial markets and appointing a digital markets champion to provide leadership for the sector and join up work in the UK sector with other jurisdictions.

ESMA final report on guidelines for assessing knowledge and competence under MiCA

On 11 July 2025, ESMA published a final report containing the guidelines for the criteria to assess knowledge and competence of the staff at cryptoasset service providers (CASPs) under the Regulation on markets in cryptoassets (MiCA). ESMA have developed the guidelines under a mandate in Article 81(15) of MiCA.

The guidelines help both CASPs meet their obligations to act in the best interest of their clients and support competent authorities in assessing how CASPs meet those obligations by:

• providing guidance on the minimum level of knowledge and competence of staff through examples
• addressing specific features and risks of cryptoassets markets and services, such as cyber security risks, through the criteria for the assessment of the relevant staff's knowledge and competence.

An Annex to the guidelines provides illustrative examples of the application of certain aspects of the guidelines, including their scope. A feedback statement summarising the comments received and ESMA's response is set out in section 3 of the final report.

The guidelines, set out in Annex III of the final report, will now be translated into the official EU languages and published on the ESMA website. They will apply 6 months after their publication.

ESMA peer review report and recommendations on CASP authorisations under MiCA

On 10 July 2025, ESMA published the executive summary of a peer review report on the authorisation and supervision of a cryptoasset service provider (CASP) in Malta under the Regulation on markets in cryptoassets (MiCA).

The peer review targeted one national competent authority (NCA) (the Malta Financial Services Authority), and directly addressed some recommendations to it. The peer review committee (PRC) also makes recommendations that are relevant to all NCAs in their ongoing and upcoming CASP authorisations, advising NCAs in the authorisation process to pay particular attention to:

• Business growth: The PRC recommends that NCAs assess entities' business plans in a forward-looking way, and encourages NCAs to make use of the Digital Finance Committee (DFSC) to keep sharing information on their supervisory settings, resources and tools for CASPs supervision
• Conflicts of Interests, including those related to the combination of CASPs' services and the associated disclosure requirements
• Governance and intragroup arrangements: The PRC encourages NCAs to use as a baseline the cross-cutting principles on third-party risks supervision that ESMA published recently
• ICT architecture, including intragroup reliance and use of sub-providers: The PRC recommends that, before granting an authorisation, NCAs review the ICT systems (including business continuity) in the light of the requirements of the Regulation on digital operational resilience (DORA), focusing on the functions and services that are most critical to CASPs' business, such as custody. 
• Web3 and decentralised products: The PRC recommends that NCAs assess the inherent exposure to DeFi risks and whether CASPs have in place adequate controls to manage them. NCAs should also evaluate the promotion of any unregulated services to avoid any risk of customer confusion over those and regulated services.

Official translations of ESMA guidelines on preventing and detecting market abuse under MiCA

On 9 July 2025, ESMA published a webpage with the official translations of its guidelines on supervisory practices for national competent authorities (NCAs) to  prevent and detect market abuse under Article 92(3) of the Regulation on markets in cryptoassets (MiCA).

The guidelines set out general principles to ensure effective risk-based and proportionate supervision on market abuse in cryptoassets, as well as more specific practices for NCAs regarding detection and prevention. 

The guidelines will apply from 9 October 2025, 3 months after the date of their publication on ESMA's website.

BoE consults on longer RTGS and CHAPS operating hours

On 29 July 2025, the Bank of England (BoE) published a consultation paper on extending Real-Time Gross Settlement (RTGS) and CHAPS operating hours.

The BoE sets out a proposal for consultation and two discussion topics:

• Proposal to open CHAPS for settlement from 1.30am. Proposals for participation, participant support models and BoE lending facilities between 1.30am and 6.00am are included in the consultation paper, which apply to both urgent and non-urgent settlement of payments. The BoE plans to publish a policy statement in early 2026 and aims to implement this in the second half of 2027 as it considers it a stepping stone towards its ongoing aim of near 24x7 settlement.
• Potential expansion of the CHAPS contingency window from its current hours (6.00pm to 8.00pm) to 6.00pm to 10.00pm. The BoE will use the information in responses it receives to help it prepare future proposals, with a view to implementing a later contingency window by the end of 2028.
• Potential additional settlement days for its renewed RTGS system (RT2). The BoE calls for initial views on introducing settlement windows for RT2 over certain bank holiday weekends. For those additional days, one option is net settlement only, and the other is a broader settlement window where both CHAPS settlement and net settlement would be allowed during a short window of around two to three hours. Implementation would not be before 2027.

The BoE will publish a phase two consultation paper on the two discussion topics in early 2026, followed by a policy statement on the proposals later in 2026.

The deadline to submit comments on the consultation paper is 21 October 2025.

PSR regulatory fees figures for 2025/26

On 18 July 2025, the Payment Systems Regulator (PSR) published a document setting out the figures it uses to calculate the regulatory fees for each PSR fee payer in 2025/26.

Each year, the PSR receives regulatory fees from PSR fee payers to fund its functions under relevant legislation, including the functions under and as a result of:

• the Financial Services (Banking Reform) Act 2013
• the Payment Card Interchange Fee Regulations 2015
• the Payment Services Regulations 2017.

There are no current plans to increase fees, and the FCA and PSR expect ongoing costs will continue to be funded through fees from regulated firms, in line with the current model. The PSR notes that the funding requirements in terms of actual budgeting decisions post-consolidation of the PSR into the FCA will be informed by organisational priorities and work expectations.

Payments Vision Delivery Committee update

On 15 July 2025, HM Treasury published an update on the work of the Payments Vision Delivery Committee (PVDC), which has agreed a new model to deliver the next generation of UK retail payments infrastructure. The update includes the following points of interest:

• The PVDC will publish the strategy for retail payments and infrastructure in autumn 2025, which will establish key priorities for next-generation infrastructure and inform the work of the new Retail Payments Infrastructure Board, the Delivery Company and Pay.UK. The PVDC will also publish the payments forward plan by the end of 2025, which will set out a sequenced plan of initiatives across the payments ecosystem including initiatives in both retail and wholesale payments, and the role of digital assets.
• The Bank of England (BoE) will set up and chair the Retail Payments Infrastructure Board.
• Industry experts will lead the procurement and delivery of new infrastructure.
• Pay.UK will retain its role as operator of existing interbank payment systems.

HM Treasury has published an updated terms of reference for the PVDC.

Innovation in the UK's payments infrastructure 

Andrew Bailey, the Governor of the Bank of England (BoE), used part of his Mansion House speech on 15 July 2025 to set out opportunities for innovation in the UK’s payments infrastructure. 

He spoke about the benefits that digital technologies can bring to both domestic and cross-border retail payments and the new Real Time Gross Settlement platform.

Bailey referred to the current debate on the future of payments. He said that while there may be a role for stablecoins, they were not a substitute for commercial bank money.  The BoE's role was to ensure that stablecoins purporting to be money are safe. On the possibility of a central bank digital currency, he said he "remain[s] to be convinced why the natural next step is to create a new form of money rather than put technology into retail payments and bank accounts."

Bailey's observations follow comments he made in an interview with The Times reported on 13 July 2025, where he placed more emphasis on the role of tokenised deposits than stablecoins.  

FCA multi-firm review findings on risk management and wind-down planning at e-money and payment firms

On 26 June 2025, the FCA published a new webpage containing the findings of its multi-firm review of risk management and wind-down planning at e-money and payments firms.

During 2024/25, the FCA reviewed a sample of 14 firms with e-money and payments permissions and aggregated its findings to identify themes, good practices and areas for improvement with the aim of helping these firms understand existing regulatory expectations.

In particular, the FCA found that the firms were not following the guidance on assessing adequate financial resources in FG20/1, and identified 3 main areas where firms need to improve their frameworks:

• Enterprise-wide risk management frameworks. Staff in operational roles received limited oversight and challenge. Risk appetites were not clear and were not always based on the firm's activities. Financial resources levels were determined using judgement instead of quantitative methods, such as stress testing.
• Liquidity risk management. Firms were relying on cash balances to mitigate liquidity risk without appropriate analysis (such as stress testing) to assess whether they have sufficient resources.
• Consideration of group risk. Risks arising from the relationships and interlinkages between entities were not adequately considered, affecting financial and non-financial resources available to firms.

Almost all the wind-down plans (WDPs) reviewed were disconnected from the firm's risk management framework. The WDPs reviewed also lacked sufficient detail, testing and validation. The FCA will continue to engage with the sector to ensure effective risk management and WDPs are in place.

Supreme Court judgment on motor finance commission

On 1 August 2025, the Supreme Court handed down a unanimous judgment in three motor finance appeals: Hopcraft v Close Brothers Limited, Johnson v FirstRand Bank Limited (t/a MotoNovo Finance) and Wrench v FirstRand Bank Limited (t/a MotoNovo Finance). It allowed the appeals brought by lenders but upheld the unfair relationship claim brought by Mr Johnson. 

On 3 August 2025, the FCA published a statement announcing its intention to consult on an industry-wide motor finance consumer redress scheme, along with a related press release and transcript of a conference call it held with market analysts. It notes that the judgment provides helpful clarity on the factors that suggest an unfair relationship under the Consumer Credit Act 1974 (CCA), which had previously been interpreted differently by the courts.

The FCA intends to launch the six-week consultation by early October 2025. If the redress scheme goes ahead, the FCA aims to launch it and start paying compensation to consumers in 2026. The FCA will propose that the scheme covers arrangements from 2007 onwards.

Look out for our forthcoming article that will take an in depth look at the Supreme Court judgment and the potential motor finance consumer redress scheme.

Regulators warn claims management companies over poor practices in motor finance commission claims

On 31 July 2025, the Solicitors Regulation Authority (SRA) and FCA published a press release warning law firms and claims management companies (CMCs) over poor practices in motor finance claims.

The FCA expects CMCs to inform clients of the existence of a redress scheme or where there is a realistic prospect of one being introduced. This would allow them to pursue a claim for themselves free of charge, even if the redress scheme has not yet been confirmed, provided this is done before a client signs any agreement with them. Under FCA rules, CMCs must inform customers of their right to exit the agreement at any time and any fee that may be payable by them.

The regulators concerns include:

• The volume and accuracy of marketing materials, and how information is shared or verified when clients are passed on from third parties.
• A failure to advise consumers about the availability of free-to-claim alternatives.
• Law firms and CMCs providing inaccurate or misleading information on the likelihood of success or potential value of a claim.

FCA asks CMCs to review financial promotions regarding motor finance claims

On 4 August 2025, the FCA published a letter (dated 31 July 2025) it has sent to CMCs, asking them to review their financial promotions relating to motor finance claims, to ensure they comply with relevant rules in the FCA Handbook (as set out in Annex 1 of the letter), including the Consumer Duty.

The letter sets out the FCA's concerns regarding financial promotions across a range of media platforms, including social media, banner advertisements and paid ads, that may breach the requirements set out in the Claims Management: Conduct of Business sourcebook (CMCOB) and the Consumer Duty. It includes concerns on financial promotions that exaggerate potential claims or falsely imply refunds have been secured or are guaranteed, and on promotions where CMCs sign-up consumers without their consent. To prevent customers from being misled, the FCA asks CMCs to:

• Review and revise their financial promotions to ensure they are clear, fair and not misleading
• Avoid misleading outcome guarantees. They must not imply that refunds or compensation are guaranteed or have already been secured

• Avoid using language that implies a false sense of urgency
• Monitor and update promotions regularly

The FCA says that it will be proactively monitoring the market to check compliance. It will take appropriate supervisory action where it finds financial promotions that break the rules or sees that a CMC is not taking adequate mitigating actions.

FCA consults on regulating deferred payment credit

On 18 July 2025, the FCA published a consultation paper (CP25/23) on its proposed approach to regulating deferred payment credit (DPC), commonly referred to as Buy Now Pay Later products. We will be publishing an article shortly, which will look at the proposals in detail.

Digital design in customers' online journeys – good practice and areas for improvement

On 31 July 2025, the FCA published its findings on digital acquisition journeys and customer outcomes for consumer credit providers, as part of its ongoing work on the Consumer Duty. The review assessed how digital platforms and apps influence customer engagement, product applications and borrowing.

Key good practices include:

• designing digital journeys to meet the needs of diverse customer groups, providing adequate support (especially for vulnerable customers), using clear language, offering visual aids and involving frontline agents in design feedback
• introducing appropriate friction to help customers make informed decisions, ensuring clear presentation of product features, and robust testing for customer understanding.

Key areas identified for improvement include:

• insufficient support for vulnerable customers
• lack of friction leading to rushed decisions
• bias in digital layouts that may nudge customers towards certain products
• inadequate disclosure of key product information such as fees and charges.

The FCA expects firms to use analytics and customer feedback to monitor and improve digital journeys, test communications for clarity and avoid over-reliance on positive online reviews as indicators of good outcomes. Firms should regularly review customer outcomes and ensure digital design supports the Consumer Duty requirements.

FCA publishes terms of reference for AI Live Testing initiative and opens applications window

On 9 July 2025, the FCA published the terms of reference for its AI Live Testing initiative and opened the application window.

The terms of reference explain that:

• AI Live Testing complements the FCA's Supercharged Sandbox, which we featured in last month's edition.  Supercharged Sandbox will assist firms that are in the discovery and experimental phase of their AI product’s development.  In contrast, AI Live Testing is designed for the deployment of AI systems in controlled live market environments and involves engaging with real customers.
• The FCA is interested in working with Chief Information Officers, Chief AI Officers, Chief Data Officers and AI solution providers.
• To be eligible, applications must meet certain criteria, including demonstrating that the firm will be actively using AI within their specific use case, which must be relevant to financial services and markets.
• Applications for the first cohort, to be made via the Digital Sandbox portal, opened on 9 July 2025 and close on 20 August 2025. The FCA will communicate application results by mid-September 2025. It expects to open a further application window for a second cohort in the autumn.
• The FCA anticipates each cohort will be made up of between 5 and 10 participating firms, although it may accept a higher number of firms depending on the range of use cases submitted and their representativeness of the UK financial services sector.
• The initiative is expected to run for approximately 12 months, with each live testing cohort running for approximately six months (depending on the individual circumstances of the AI use case). After the 12 months, the FCA will evaluate whether the initiative has met its stated objectives and will publish an evaluation report. Depending on industry feedback and overall evaluation, AI Live Testing could become a permanent FCA service.

ECB finalises guide for banks on outsourcing cloud services to cloud service providers

On 16 July 2025, the European Central Bank (ECB) published the final version of its guide for banks on outsourcing cloud services to cloud service providers. One of the guide's aims is to provide clarity on the ECB's expectations on the related requirements set out in the Regulation on digital operational resilience for the financial sector (DORA).

The final version more clearly differentiates the requirements set out in DORA from the good practices recommended by the ECB. It also:

• aligns its language with the language in DORA
• explains the application of the principle of proportionality
• clarifies that it is non-binding and does not introduce new rules or requirements
• provides a list of observed good practices based on experiences from the ECB's ongoing onsite supervision, as well as feedback from its interactions with the industry.

The final version emphasises the importance of maintaining a risk-based approach and applying proportionality to outsourcing cloud services, while accounting for the various organisational set-ups, areas of activity and risk profiles of the banks that the ECB supervises.

The ECB also published a speech by Anneli Tuominen, Member of the ECB Supervisory Board, relating to the new guide.

ESAs guide on oversight of critical ICT third-party providers under DORA

On 15 July 2025, the European Supervisory Authorities (ESAs) published a guide on the oversight of critical ICT third-party service providers (CTPPs) under the Regulation on digital operational resilience for the financial sector (DORA). It also describes the:

• governance structure and organisation of the oversight framework, including the various oversight bodies and their functions
• oversight activities performed by the overseers, including the designation of CTPPs, risk assessment and oversight planning, examinations, recommendations and follow-up
• oversight processes followed by the overseers when carrying out the oversight activities, including the processes relating to requests for information, general investigations and inspections.

The guide is mainly addressed to CTPPs, financial entities and national competent authorities (NCAs), and other external stakeholders. It provides an overview of the DORA oversight framework, including its scope, objectives, underlying principles and the role of NCAs. The guide may be revised as oversight experience continues to develop.

Discontinuance of FCA proceedings against Tom Hayes and revocation of Carlo Palombo’s prohibition order

On 25 July 2025, the FCA announced that it had revoked Carlo Palombo's ban from the financial services industry and is ending its action against Tom Hayes following the recent Supreme Court judgment quashing their criminal convictions for LIBOR manipulation.

The FCA will take no further action against either individual.

FCA fines and bans former deputy CEO for deliberately misleading FCA

On 25 July 2025, the FCA published the final notice (dated 22 July 2025) it issued to Jean-Noël Yves Alba, former deputy CEO of H2O AM LLP (an asset manager), fining him £1,049,500 and prohibiting him from working in the financial services industry for deliberately misleading the FCA. That figure is after a 30% (Stage 1) discount was applied, following Mr Alba's agreement to resolve the matter.

It found that, between August 2019 and July 2021 (the relevant period), Mr Alba failed to:

• act with integrity in breach of statement of Principle 1 and Individual Conduct Rule 1
• be open and co-operative in his interactions with the FCA in breach of statement of Principle 4 and Individual Conduct Rule 3.

Between 2015 and 2019, H2O made a series of high-risk investments through the funds it managed into other entities. Following significant investor redemption, the FCA opened an investigation and censured H2O in August 2024, which we covered in our September 2024 update. Please also see our briefing, which discusses the governance and compliance lessons learned from the FCA's investigation.

Mr Alba (referred to as "Senior Manager A" in the final notice) was the principal point of contact with the FCA during its investigation. The FCA considers that Mr Alba acted intentionally, or in the alternative, recklessly to mislead the FCA. The FCA also considers that Mr Alba's objective in the continued provision of misleading information to it was, in part, to hide the fact that he had knowingly made earlier inaccurate and misleading statements to the FCA. It therefore views Mr Alba's misconduct as serious and considers that he is not a fit and proper person.

FCA fines Barclays for poor handling of financial crime risks

On 16 July 2025, the FCA published the final notices (both dated 14 July 2025) that it issued to Barclays Bank UK plc (Barclays UK) and Barclays Bank plc (Barclays plc), fining them a total of £42,408,300 for separate instances of failings in financial crime risk management.

The FCA has fined Barclays UK £3,093,600 for failing, between January 2021 and April 2023, to ensure that it gathered sufficient information to understand and manage the money laundering risk before opening a client money account for WealthTek LLP. That figure is after a 30% (Stage 1) discount was applied, following Barclays UK's agreement to resolve the matter. The FCA found that:

• its account opening procedures did not require it to check the Financial Services Register, which would have shown that WealthTek was not permitted to hold client money
• Barclays UK breached Principle 3 (Management and control) of the FCA's Principles for Business and SYSC 6.1.1R (Adequate policy and procedures), by failing to organise and control its affairs responsibly and effectively with adequate risk management systems for account opening procedures
• matters set out in the final notice were evidence of wider systemic failings in Barclays UK's approach to opening client money accounts.

In addition to the fine, Barclays UK has agreed to make a voluntary payment of £6,281,757 to WealthTek's clients.

The FCA fined Barclays plc £39,314,700 for failing to adequately identify, assess, monitor and manage the money laundering risks associated with providing banking services to Stunt & Co Ltd between January 2015 and April 2021. That figure is after a 30% (Stage 1) discount was applied, following Barclays plc's agreement to resolve the matter. The FCA found that Barclays plc:

• failed to apply an appropriate level of customer due diligence at the start of the business relationship, resulting in it being unable to assess the money laundering risks appropriately, in breach of Principle 2 (Skill, care and diligence)
• failed to conduct appropriate ongoing monitoring of the business relationship, including scrutiny of the transactions undertaken, despite several instances of significant information indicative of high-risk activity, in breach of Principle 2.

FCA enforcement data 2024/25 

On 10 July 2025, the FCA published its 2024/25 enforcement data, which forms part of its Annual Report, showing the enforcement action it took in 2024/25.

From 31 March 2024 to 31 March 2025, the number of open enforcement operations fell from 188 to 130. During the same period, the FCA:

• issued 37 final notices
• secured 5 criminal convictions
• imposed fines of over £186m
• cancelled the authorisation of 1,456 firms
• achieved 135 outcomes using its formal intervention tools.

BoE fines financial market infrastructure firm £11.9 million for compliance failure

On 9 July 2025, the Bank of England (BoE) published its final notice issued to Vocalink Ltd, finding the company £11.9 million for a compliance failure under section 196 of the Banking Act 2009.

Vocalink was brought under the BoE's regulatory remit in April 2018 having been specified as a service provider to certain recognised payment systems. A review in 2020 into the performance of Vocalink's systems and control identified a number of weaknesses. Vocalink implemented a remediation programme, issued by the BoE via a direction under section 191 of the Banking Act 2009.  A related press release explains that an ineffective risk management framework, combined with weaknesses in its controls, governance arrangements and escalation processes, meant that it failed to comply in full with the direction's requirements by the 28 February 2022 deadline.

This is the first time the BoE has fined a financial market infrastructure (FMI) firm. The BoE and Vocalink reached an agreement to settle during the discount stage of the BoE's penalty policy, and a 30% discount was applied to the Step 4 figure.

EBA opinion on money laundering and terrorist financing risks affecting EU financial sector

On 28 July 2025, the European Banking Authority (EBA) published its fifth opinion on the risks of money laundering (ML) and terrorist financing (TF) that are affecting the EU's financial sector, as required every two years under Article 6(5) of the Fourth Money Laundering Directive (MLD4) and Articles 16a(1) and 29(1)(a) of the EBA Regulation.

Key points include the following:

• Many FinTech firms lack the expertise and governance structures needed to identify and deal with ML and TF risks effectively, including exposure to cybercrimes, outsourcing without effective oversight and inadequate customer due diligence controls.
• RegTech tools have not been implemented effectively but offer the potential to improve compliance and reduce manual errors.
• The risk of cryptoasset services being abused for financial crime purposes remains high during the transition to the new regulatory framework for cryptoassets (Regulation on markets in cryptoassets (MiCA)).
• The EBA emphasises the need for responsible AI deployment, supported by robust governance, staff training and real-time monitoring capabilities to mitigate against new risks arising from the use of AI for ML and fraud.
• Increasing numbers and complexity of EU sanctions packages continue to create significant challenges for financial institutions; many firms still lack adequate policies and procedures.
• Risks related to tax crimes and unwarranted de-risking have decreased overall and levels of supervisory engagement have increased across sectors.

National Risk Assessment of Money Laundering and Terrorist Financing 2025 published

On 17 July 2025, HM Treasury published the National Risk Assessment of Money Laundering and Terrorist Financing 2025 (NRA).

The NRA identifies the key money laundering and terrorist financing risks for the UK. It identifies how the risks, and actions taken against them, have changed since the previous risk assessment was published in 2020. The key changes identified include:

• increased global instability, leading to increased convergence between money laundering and sanctions evasion
• the adoption of new financial technologies, including electronic money institutions (EMI) and payment services providers (PSP), cryptoassets and AI
• the increased risk from informal value transfer systems (IVTS) such as underground banking and Hawala.

The money laundering risk in the regulated EMI and PSP sector has increased from medium to high, largely as a consequence of the rapid scaling of the sector since 2020 and increased complexity and diversification of services, making it more attractive to criminals. Similarly, the risk of money laundering through cryptoassets has increased since 2020 and is now assessed to be high, driven by the increase in use by the general public, alongside the speed with which money can be moved.

The NRA also addresses terrorist financing and sector specific risks, and highlights three emerging "cross cutting risks" in AI, schools and universities and football clubs and agents. 

OFSI cryptoasset threat assessment report

On 21 July 2025, the Office of Financial Sanctions Implementation (OFSI) published a threat assessment report relating to cryptoassets.

The report outlines OFSI's assessment of threats to sanctions compliance involving UK cryptoasset firms between January 2022 and May 2025. Its aim is to provide information on suspected sanctions breaches and assist stakeholders to prioritise as part of a risk-based approach to compliance.

Key findings in the report include the following:

• Factors for firms to consider when reporting suspected breaches of financial sanctions to OFSI, given that it thinks that UK cryptoasset firms have under-reported suspected breaches since August 2022.
• Inadvertent non-compliance by UK cryptoasset firms has likely occurred as a result of direct and indirect exposures to designated persons (DPs) and suspected breaches being identified after a delay in attribution, which also contribute to failures to implement the asset freeze. The report includes a list of red flags to assist firms in strengthening their compliance with UK financial sanctions.
• It is highly likely that UK-based cryptoasset firms are currently at risk of being targeted by North Korean-linked hackers to steal funds.
• It is likely that UK cryptoasset firms are currently facilitating transfers to Iranian cryptoasset firms with suspected links to DPs.

Russia accounts for over 90% of cryptoasset-related suspected breach reports made to OFSI since January 2022, with Iran making up the remaining 10%. 

Proceeds of Crime (Money Laundering) (Threshold Amount) (Amendment) Order 2025

On 16 July 2025, the Proceeds of Crime (Money Laundering) (Threshold Amount) (Amendment) Order 2025 was made and comes into force on 31 July 2025.

The order increases the threshold amount specified in section 339A(2) and (6A) of the Proceeds of Crime Act 2002 (POCA), from £1,000 to £3,000. The threshold amount refers to the value of criminal property below which a regulated firm can carry out a transaction in operating an account for a customer without committing an offence under sections 327 to 329 of POCA.

FCA amends PEP guidance

On 15 July 2025, the FCA published an amended version of its guidance on the treatment of politically exposed persons (PEPs) for anti-money laundering (AML) purposes (FG25/3).

The FCA published the final version of its guidance on 7 July 2025, which we covered in last month's edition.  The new guidance is in the last bullet on page 12 in the "Who should be treated as a PEP" section. It clarifies that firms should not treat non-executive board members of civil service departments in the UK as PEPs, unless they already meet the PEP definition in another capacity (e.g. a Member of the House of Lords).

European Supervisory Authorities' MoU with AMLA

On 3 July 2025, the European Banking Authority (EBA) published a memorandum of understanding (MoU) (dated 27 June 2025) entered into between the European Supervisory Authorities (ESAs) (that is, the EBA, ESMA and EIOPA) and the EU Authority for Anti-Money Laundering and Countering the Financing of Terrorism (AMLA).

The MoU aims to promote supervisory convergence throughout the EU financial services sector, and provides a framework that will enable the ESAs and the AMLA to exchange information and co-operate to perform their respective tasks.

The answer to last month's question: 9 regulators were involved in the "global week of action against unlawful influencers", which began on 2 June 2025.

This month's question: According to the UK's latest National Risk Assessment of Money Laundering and Terrorist Financing, what was the total payments value reported for electronic money institutions and payments firms for the 2023 calendar year?

• £2.06 trillion
• £1.66 trillion
• £1.42 trillion
• £921 billion