Welcome to the first edition of Financial Services Matters for 2026. This month's highlights include the Financial Services Regulatory Forum's regulatory initiatives grid, the FCA's policy statement on tackling non-financial misconduct in financial services, the latest on the UK's new cryptoasset regulatory regime, and a fine levied against Nationwide Building Society for financial crime failings.

• General
• Digital assets
• Payment services and systems
• Consumer credit and mortgages
• AI
• Operational resilience
• Financial crime
• This month's question

General

Economic growth update 

HM Treasury responds to House of Lords Financial Services Regulation Committee criticisms

On 17 December 2025, the House of Lords Financial Services Regulation Committee (Committee) published a letter from HM Treasury (HMT).

The letter responds to criticisms made by the Committee in October 2025 regarding the government's engagement with the Committee's second report on the FCA and PRA secondary objective of facilitating the UK economy's growth and international competitiveness, which we covered in our November 2025 update.

In its letter, HMT provides additional information on the key issues highlighted by the Committee. 

• Facilitating economic growth. The response sets out the details of the evidence-based approach used by HMT and the regulators to support economic growth and steps being taken by the government to build the evidence base. These include a "frank and comprehensive" assessment of the sector's past performance and the development of a bespoke methodology to produce financial services clusters to help focus future policy to ensure it supports the wider economy. The response also outlines what the government is doing to support SME financing and proposals to require regulators to take account of the government's remit letter when determining long-term strategies.
• Growth metrics. The government does not intend to undertake a further review of the FCA and PRA growth metrics.
• Performance metrics. The government believes the right balance has been struck in the new timelines for regulators to determine authorisation applications and will bring forward legislation to change the statutory deadlines when parliamentary time allows. 
• International comparisons. The government acknowledges that international comparison on the cost of regulation would be beneficial but highlights some of the difficulties in making such comparisons (including the absence of collected data on the costs of regulation across jurisdictions and the lack of accepted uniform metrics for measuring regulatory performance) and that there are other factors that influence UK competitiveness aside from regulatory costs including strengthening trade, investment and partnerships "between nations with shared interests." 

The letter concludes by noting that HMT will give a further progress update in summer 2026.

FCA and PRA update to government on economic growth work

On 9 December 2025, the FCA and PRA published letters sent to the government providing an update on their respective work to support the government's UK economic growth objective. 

The FCA provided an overview of its work during 2025 and highlights plans to support growth in 2026, including:

• Unlocking capital investment and liquidity. The FCA intends to reform rules for venture capital and alternative investment fund managers and consult on the pension charge cap so consumers are not disincentivised from investments due to higher performance fees.
• Accelerating digital innovation to enhance productivity. The FCA intends to oversee the launch of variable recurring payments to give people more control of regular payments and drive competition, finalise digital assets rules and progress UK-issued sterling stablecoins, and set the delivery plan for open finance, prioritising SME lending.
• Reducing regulatory burden. The FCA intends to further overhaul mortgage rules to enable more people to get on the housing ladder and unlock housing wealth in later life and finalise reforms to the redress system including providing clarity on fair motor finance compensation.
• Making it easier for firms to start up and grow. The FCA intends to propose removal of the seven-day research waiting period to reduce delays in IPO application and prepare to allow some early-stage firms to conduct regulated business before full authorisation upon the passing of legislation.
• Improving exports and inward investment. The FCA intends to establish a presence in Singapore and deepen integration with the USA. Our December 2025 update discusses the initial announcement of the FCA to establish a presence in Singapore through a strategic partnership with the AI Monetary Authority of Singapore.

The FCA also intends to adapt its supervisory approach, with more tailoring to firms' size and type, and prioritise enforcement of the most egregious harms. It calls for the government to provide clearer articulation of its risk appetite to assist with the implementation of its innovation and growth plans. 

FSB report on non-bank financial intermediation 

On 16 December 2025, the Financial Stability Board (FSB) published its annual Global Monitoring Report on Non-Bank Financial Intermediation 2025.

The report, which includes the annual FSB monitoring exercise, describes broad trends in non-bank financial intermediation (NBFI) across 29 jurisdictions that account for over 90% of global GDP. 

The main findings include:

• In 2024, the NBFI sector grew 9.4%, double the pace of the banking sector (4.7%), increasing its share of total global financial assets to 51% (US$256.8 trillion). 
• All NBFI subsectors grew in 2024. The sector 'other financial intermediaries' (money market funds, hedge funds, other investment funds, trust companies, and structured finance vehicles) was the fastest growing sub-sector, growing by 11% over the year, to US$169.4 trillion. 
• Pension fund and insurance corporation assets grew 7% and 6%, respectively.
• The narrow measure of the NBFI sector, consisting of entities involved in credit intermediation activities that may pose bank-like financial stability risks, increased 12% to US$76.3 trillion. 
• Most vulnerability metrics for entities within the narrow measure of the NBFI remained broadly stable. Fixed income and mixed funds showed high degrees of liquidity transformation, while finance companies, broker-dealers, and structured finance vehicles displayed high levels of leverage.

ESMA publishes market report on crowdfunding in the EU 2025

On 22 December 2025, ESMA published its market report on crowdfunding within the EU, which provides an overview of the state of the EU crowdfunding market, based on data received from national competent authorities under the EU Crowdfunding Regulation.

By the end of 2024, across the EU, 181 crowdfunding service providers raised over EUR4 billion of crowdfunding, with 21 Member States hosting at least one active provider. Loan-based projects were most prevalent, making up over half (58%) of crowdfunding in 2024, followed by debt-based projects at 23% and equity-based amounting to 12%. Debt-based crowdfunding differs from loan-based crowdfunding in that it involves transferable securities.

Similar to the previous report, the majority of crowdfunding investors focused on the retail industry, with 88% being classified as retail investors during 2024. 

The top five countries in terms of capital raised were France (EUR1.45 billion), the Netherlands (EUR 1 billion), Spain (EUR0.45 billion), Italy (EUR0.29 billion) and Lithuania (EUR0.28 billion). Among the top five countries, France was the only country to have predominantly debt-based crowdfunding, amounting to 50% of funding raised, with loan-based crowdfunding amounting to 23% of funding raised. In contrast, loan-based crowdfunding was the most common type in the Netherlands (81%), Spain (60%), Italy (50%) and Lithuania (96%).

FCA launches review of bespoke market risk rules for non-banks

On 16 December 2025, the FCA published an engagement paper on the possible introduction of bespoke market risk rules for non-bank trading firms. 

The primary focus will be a review of the current requirements in sections 4.11, 4.12 and 4.13 of the Prudential sourcebook for MiFID Investment Firms (MIFIDPRU) and the corresponding sections of the UK Capital Requirements Regulation (UK CRR). 

Chapter 3 identifies a range of possible approaches to setting capital requirements for market risk. The FCA is seeking stakeholder engagement, to narrow the options for more detailed consideration. The possible approaches presented are:

• Amend the existing standardised approach. Amend the current K-NPR calculation (a capital requirement based on net position risk) and incorporate requirements within the FCA Handbook, or allow firms to scale down K-NPR calculations via a simple discount factor.
• A margin-based approach. Extend the current K-CMG approach (based on the third highest daily total margin over three months) to uncleared over-the-counter derivatives using historic margins or apply it to cash products using derived margins from futures contracts.
• An internally modelled approach. Amend the current internal model approach to make it more proportionate and risk-sensitive or use other risk management techniques such as variance-covariance matrices, Monte Carlo simulations, or scenario analyses to set regulatory capital.
• A net capital rule (NCR) approach. Adopt an NCR approach based on firms maintaining specified minimum levels of net liquid assets.
• Repurposing K-TCD for exposure to price risk. Investment firms that deal in their own name may also have to calculate a separate capital requirement to protect against the default of a trading counterparty (K-TCD). This includes the firm having to calculate a transaction’s exposure value to capture the replacement cost of an asset or contract and, for a derivative, its potential future exposure. These basic concepts could be repurposed to capture risk currently addressed by K-NPR. Replacement cost and potential future exposure can reflect current market risk of a given position.
• A weighted liquid exposure method. Develop a methodology where firms assess the time required to close an exposure without moving market prices, with capital charges applied to the overall weighted liquidity profile.

The FCA intends to conduct a roundtable in January 2026 prior to the deadline for responses on 10 February 2026. It aims to publish a consultation paper later in 2026 and a policy statement in 2027.

FCA policy statement on tackling non-financial misconduct in financial services

On 12 December 2025, the FCA published a policy statement, amending its guidance in the Code of Conduct (COCON) to explain in what circumstances non-financial misconduct (NFM) could amount to a breach of the conduct rules. The policy statement also amends the guidance in the Fit and Proper test for Employees and Senior Personnel sourcebook (FIT) to explain how NFM forms part of FIT.

The amendments are intended to make it easier for firms within the Senior Managers and Certification Regime, to consistently interpret and apply the rules and follows the introduction of a new rule in COCON in July 2025, which amends the scope of COCON as it applies to non-banks (see our July 2025 update). Updates to the guidance include: 

• New examples and flow diagrams within the Handbook are intended to help firms apply COCON consistently, in particular, the rules in COCON 1. A decision tree is included to help firms decide if NFM amounts to a rule breach.
• The guidance has been revised, where possible, to further align with relevant provisions in employment and equality law. This includes an example suggested by a respondent to demonstrate that the purpose of the conduct is as important as its effect. This shows how an individual can breach COCON even if their hostile and intimidatory communication is intercepted before it reaches the intended subject.
• Clarification that managers’ accountability is relative to their knowledge and authority. The amended guidance will make it clearer that the FCA would not expect a manager to be held responsible for failing to stop NFM if they could not reasonably have known about it, and the FCA would not consider it reasonable to hold them responsible if they did not have authority to act in the particular case.
• Withdrawal and/or amendment of examples and factors that risked imposing disproportionate burdens. This includes deleting existing guidance that gave a misleading impression of individual SMF managers’ disclosure obligations and publishing new guidance at COCON 1.3.3G.
• Clarification that firms are not expected to investigate trivial or implausible allegations or breach privacy law when assessing fitness and propriety.

The FCA emphasises that no guidance can cover every scenario and firms will always need to exercise their own judgement.

The changes are set out in the Non-Financial Misconduct (No 2) Instrument 2025 (FCA 2025/60) and, together with the rule change in COCON, will come into force on 1 September 2026.

Financial Services Regulatory Forum publishes ninth regulatory initiatives grid

On 11 December 2025, the Financial Services Regulatory Initiatives Forum (FSRIF) published its ninth regulatory initiatives grid (Grid). The members of the FSRIF are the Bank of England, the PRA, the FCA, the Payment Systems Regulator, the Competition and Markets Authority, The Pensions Regulator, and the FRC. HM Treasury (HMT) is an observer member.

The ninth edition sets out 124 live initiatives, a 13% reduction compared with the eighth edition published in April 2025. The Annex to the Grid contains a list of initiatives that have been completed or stopped. 

Initiatives added to the Grid since the previous edition are: 

• Multi-sector. The PRA is due to consult on its framework for the prudential treatment of firms' exposure to crypto assets in Q4 2026. Stakeholder engagement and key milestones are expected in H1 2027. 
• Investment management. The FCA will review data collection for asset managers and funds. Stakeholder engagement is expected between Q4 2025 and Q1 2026. 
• Banking, credit and lending. The FCA expects to publish the findings from the review of high-cost short-term credit price cap in Q3 2026. The FCA plans to consult on its retail banking disclosure rule review in 2026. 
• Banking, credit and lending. The FCA plans to consult on its review of the retail banking disclosure rule in 2026.
• Payment services. HMT expects to publish its response to the September 2024 consultation on a streamlined approach to payment systems regulation in the next four months. 

State of suptech report

On 11 December 2025, Cambridge SupTech Lab, Cambridge Centre for Alternative Finance, Cambridge Judge Business School, and Digital Transformation Solutions published the State of SupTech Report 2025 (Report). 

The Report provides analysis and insights from 312 financial authorities across 172 countries and six continents and is a global benchmark on supervisory technology (suptech). 

Key findings of the Report include: 

• Adoption. Global suptech adoption has accelerated with 197 agencies across 140 countries deploying suptech, more than three times the 2022 adoption figures. Financial authorities in advanced economies have greater deployment compared to their peers in emerging markets and developing economies (EMDEs), highlighting a global capability gap shaped by strategy and governance, skills, infrastructure, and budget constraints.
• Suptech value recognition. Recognition of the value of adopting supervisory technologies has increased, with 18% of agencies rating suptech applications as very effective, 33.5% rating applications as moderately effective and 34% as somewhat effective.
• Modernisation and AI. Technology adoption shows steady modernisation with continued reliance on foundational tools. AI maturity remains low, with 26% of authorities within the initial exploration stages and only 7% report widespread deployment, with advanced economies significantly ahead (24% compared with less than 1% in EMDEs).
• Barriers. The principal barriers have shifted from purely technical issues to operational and human factors. Poor data quality and talent shortages are constraining design, with deployment, costs, and limited internal IT capacity impacting implementation. For AI specifically, data protection and privacy concerns remain paramount, alongside staff skills gaps and technical integration challenges. 
• Enablers and barrier removal. Authorities with coherent strategies report smoother implementation, higher data quality, and broader deployment, demonstrating the critical link between integrated planning and success. Agencies are actively addressing barriers to adoption through external training, internal training, bilateral partnerships, and peer-learning forums. Development is being led by internal IT departments and business units, with targeted external support from vendors and consultants. Procurement remains formal and structured, dominated by RFPs and tenders, though innovation methods like tech sprints and regulatory sandboxes are emerging, particularly in advanced economies. 

The Report closes by observing that while there has been a growth in implementation, to realise the full value of suptech requires "… more than incremental tool deployment". It concludes that what is needed is "… institutional readiness, strategic clarity, and collective action" including stronger co-ordination across jurisdictions.

FCA publishes new webpage on risk warnings for mainstream investments

On 11 December 2025, the FCA launched its new webpage on risk warnings for mainstream investments. The webpage sets out the expectations the FCA has of firms in promoting investment products and highlights common misconceptions about risk warnings. 

The key expectations of the FCA are: 

• Financial promotions must meet the requirements under the Consumer Duty, in particular, they must be clear, fair and not misleading for the consumer.
• Promotion of investment products must comply with key rules under COBS, including that such promotions are fair, clear and not misleading (COBS 4/2/1R(1)) and give a balanced impression of the benefits and risks of an investment product or service (COBS 4.5.2R(2) or COBS 4.5A.3R(2)(b)).
• When designing communications, the firm should put themselves in the consumer’s shoes with focus being on what consumers would want or need to know. Where appropriate, this includes testing communications.
• A list of consideration questions to be asked by firms when planning promotions are provided on the webpage.

Common misconceptions highlighted are: 

Back to contents

Digital assets

FCA update on new cryptoasset regulatory regime 

On 8 January 2025, the FCA launched a webpage to provide information on the new UK cryptoasset regulatory regime and how firms should prepare.

Key points to note include:

• Commencement of regime and application gateway. The FCA confirmed that the new regime is expected to come into force on 25 October 2027. The Financial Services and Markets Act 2000 (Cryptoassets) Regulations 2025 (Regulations) (currently awaiting parliamentary approval) enable the FCA to set a period ahead of the commencement of the regime for businesses to submit applications to the FCA, and this is expected to open in September 2026.
• Authorisation. Cryptoasset businesses will need to be authorised by the FCA to do business in the UK and demonstrate that they meet the required standards. Firms that are already authorised by the FCA to undertake other regulated activities will need to have their existing permissions varied before the commencement of the new regime. The FCA's Authorisations team is holding a webinar on 29 January 2026 to introduce the new regime and outline its expectations when assessing authorisation applications. Registration for the webinar can be completed here. 
• Transitional provision for existing cryptoasset firms. The Regulations provide a transitional provision for existing cryptoasset firms that are unsuccessful in securing authorisation to run-off their UK business in an orderly way and exit the UK market.

FCA launches three consultations on core elements of cryptoasset regulatory regime

On 16 December 2025, the FCA published three consultation papers (CPs) on core elements of its regulatory regime for cryptoassets.

• CP25/40 covers proposed rules and guidance for firms conducting regulated cryptoasset activities such as trading platforms, intermediaries (including cryptoasset lending and borrowing), staking, and decentralised finance.
• CP25/41 covers proposed rules and guidance based on the designated activities regime (see above) for the offering to the public of qualifying cryptoassets that are or will be admitted to trading on a UK qualifying cryptoasset trading platform (CATP), the admission of qualifying cryptoassets to trading on CATPs, disclosure obligations relating to admissions to trading and the issuance of UK-issued qualifying stablecoins, and requirements to prevent, detect and disrupt market abuse in cryptoasset markets.
• CP25/42 sets out the proposed prudential rules and guidance for in-scope cryptoasset firms. It builds on CP25/15, which we discussed in an earlier update.

A detailed review of the CPs is provided in our article here. 

The CPs were published a day after the draft Financial Services and Markets Act 2000 (Cryptoassets) Regulations 2025 (Regulations) were laid before parliament – see our article here for further detail. The Regulations must now be approved by both Houses of Parliament. 

FCA publishes cryptoassets consumer research

On 16 December 2025, the FCA published the sixth edition of its cryptoassets consumer research note. 

Key findings of the research include:

• Awareness and holdings. Whilst the proportion of UK adults holding cryptoassets declined compared to last year, overall awareness of cryptoassets among the general public remains very high at 91%, with awareness of stablecoins among cryptoasset users continuing to climb, rising to 58% in 2025 from 53% in 2024. The typical value held by investors increased, with more people moving away from small holdings and instead making larger investments.
• Centralised exchanges remain the most popular route to purchase. Centralised exchanges remain the most popular method to buy cryptoassets, increasing four percentage points to 73%.
• Call for regulation. Among cryptoasset users, 25% would be more likely to invest if greater regulation was applied to cryptocurrencies in the UK. 

An additional research note on the impact of cryptoasset regulation on consumer decision-making was published. The research note examines how the availability of information about the regulatory status of cryptoassets and the protections that regulation may provide impacts consumers’ decisions and beliefs. 

Notable findings include:

• Providing information on regulation and related information significantly impacted consumer decision-making, understanding of the coverage of protections, and trust. For example, informing consumers that cryptoassets are regulated increased demand for cryptoassets. 
• Participants had a poor understanding of the potential protections under cryptoasset regulation. Providing additional information on protections helped but its impact was limited.
• Providing additional information about cryptoassets and the protections that regulation might provide supported consumer understanding of protections and trust in cryptoassets.

However, many participants continued to misunderstand that they lacked certain protections, with the absence of additional information about the coverage of protections, making participants less trusting of the FCA.

Back to contents

Payment services and systems

PSR launches consultation on card scheme and processing fees

On 19 December 2025, the PSR launched a consultation following the March 2025 market review of card scheme and processing fees. The consultation proposes to implement two directions out of the four proposals included within its April 2025 remedies consultation.

The proposals the PSR intends to implement as remedies are:

• Information, transparency and complexity remedy (ITC Remedy). This will ensure that acquirers and merchants through their contractual relationship, receive better information to understand the fees they are charged. 
• Pricing governance remedy (Pricing Governance Remedy). This will ensure that there is evidence behind pricing decisions and is intended to remedy the current absence of evidence showing how pricing decisions are made. 

The consultation requests feedback on the form of the directions (draft ITC Remedy direction and draft Pricing Governance Remedy direction).

The PSR will introduce a remedy relating to regulatory financial reporting and expects to consult on a draft direction for such remedy by 31 March 2026. The fourth remedy proposed by the PSR in its April 2025 remedies consultation on the publication of schemes' information to increase transparency will not be implemented. 

The deadline for responses is 17:00 on 13 February 2026. 

FCA statement on contactless payment limits for PSPs

On 19 December 2025, the FCA confirmed that from 19 March 2026, banks and payment service providers (PSPs) will have flexibility to set their own limit for contactless payments. 

The FCA understands that most banks and PSPs are likely to maintain existing contactless limits for the near future. If they do make changes, the FCA expects firms to communicate these to consumers under the Consumer Duty.

From 19 March 2026, Article 11 of the Strong Customer Authentication RTS (SCA RTS) will read:

"Article 11 Contactless payments at point of sale

Subject to compliance with Article 2, payment service providers shall be allowed not to apply strong customer authentication where the payer initiates a contactless electronic payment transaction identified by the payment service provider as posing a low level of risk."

The formal legal instrument making the changes to the SCA RTS, can be viewed here. Changes will also be made to the FCA's Approach Paper, with confirmation of the rule change included in the Appendix to the FCA's Handbook Notice (No 136, December 2025). 

FCA and PSR joint response to HM Treasury payments regulation recommendations

On 17 December 2025, the FCA and PSR published a joint letter sent to HM Treasury (HMT) providing an update on their progress in responding to HMT's payments regulation recommendations.

Key progress updates provided are:

• There has been significant enhancement of FCA and PSR co-ordination to address congestion in the regulatory landscape. Collaborative efforts highlighted were the consolidation of PSR functions into the FCA, working jointly with the CMA on digital wallets, and the revision of the Memorandum of Understanding with the Bank of England and Prudential Regulation Authority to establish principles for better co-operation. 
• Substantial progress has been made in the development of open banking and open finance. Initiatives highlighted include the establishment by the FCA of a new department incorporating both FCA and PSR capabilities, industry-led initiatives advancing commercial models for variable recurring payments, with 31 parties funding a group to facilitate the go-live of VRP phase 1 for lower-risk use cases. 
• The FCA launch of the smart data accelerator focusing on SME lending and mortgages. The FCA intends to publish a roadmap in early 2026 to establish regulatory foundations during 2027. 
• Consumer protection remains a priority, with significant focus on fighting financial crime and fraud prevention. The PSR's APP fraud reimbursement requirements, which came into effect in October 2024, resulted in 88% of money lost to in-scope scams being returned to victims, with 83% of claims closed within five business days. The regulators are investing in real-time data sharing, intelligence capabilities, and stronger risk management controls to combat fraud and money laundering. Additional measures include updating Strong Customer Authentication requirements to enable more agile regulation, monitoring financial inclusion as services shift online, and implementing a new public-private partnership model to deliver next-generation retail payments infrastructure that supports innovation, competitiveness and security while advancing the government's growth mission.

FCA progress update on Open Banking 

On 16 December 2026, the FCA provided an update on the progress of Open Banking.

• The number of open banking payments has grown by 53% year on year, with over 16 million users benefiting from the service (compared to 11 million as at November 2024). A key driver for this increase is the rise of variable recurring payments (VRPs), which account for 16% of all open banking payments. VRPs allow consumers and businesses to set up flexible, automated payments tailored to individual needs, offering greater control compared to traditional direct debits.
• As part of the update, the FCA and PSR published a joint report on the development and rollout of commercial VRP (cVRP). Through a new organisation, the UK Payments Initiative (UKPI), funded by 31 parties across the sector, the current application of VRP will be extended to 'phase 1' use cases, which include utility payments, financial services payments, and payments to local and central government.
  
  UKPI was incorporated on 16 December 2025. It has agreed fifteen guiding principles, which are set out in the report.
  
  The first live payments under the UKPI scheme are expected to take place in Q1 2026. In time, cVRP will support further use cases such as grocery shopping and online purchase. 

• HMT is expected to introduce secondary legislation in 2026 under the Data (Use and Access) Act 2025. The introduction of the secondary legislation will give the FCA powers to set Open Banking rules and the FCA plans to consult on new rules before the end of 2026 for what's referred to as "long-term regulatory framework." Lessons learned from phase 1 of the cVRP will feed into the FCA's rules.

Final report on Independent Review of the Payment and Electronic Money Institution Insolvency Regulations 2021

On 16 December 2025, HM Treasury (HMT) published the final report on the Independent Review of the Payment and Electronic Money Institution Insolvency Regulations 2021. The final report sets out the findings of the review into the efficacy of the Payment and Electronic Money Special Administration Regime (PESAR). The independent review was initiated by the government in December 2024 (see our January 2025 update).

The final report found that the PESAR is not yet delivering on its core objectives. The procedural complexity, high costs, and reliance on court processes have led to delays and diminished outcomes for customers particularly those who are vulnerable or hold low-value accounts.

The review identified key issues with the PESAR: 

• Objective structure. The PESAR statutory objectives lack a clear hierarchy, and further clarity is needed to prioritise business rescue and customer transfers.
• Court and cost burden. The requirement for court entry and approval of distribution plans is often disproportionate. The review proposes several measures to reduce the cost burden of PESAR proceedings, including providing firms and IPs with an out-of-court entry route to enter the PESAR without in-court approval, to reduce costs and delays, particularly for smaller institutions, and limiting court involvement by reserving court processes for the more complex and/or disputed cases.
• Customer fund return. The absence of any FSCS protection is a gap that could be addressed as the industry matures to improve consumer outcomes. The review recommends considering the introduction of FSCS-style protection to enable rapid payouts and provide a robust safety net for customers.
• Scalability and contingency planning. The PESAR has not yet been tested on large providers, and more focus may be needed to secure orderly transfers to a new provider or continuity arrangements so merchants can continue taking payments while a replacement is found. The review recommends the development of contingency strategies for the insolvency of major providers.
• Market and legal efficiency. Targeted legislative refinements, clearer comfort mechanisms to IPs, and improved creditors' committee functionality are needed to reduce friction and encourage practitioner engagement.

HMT will consider the findings and recommendations of the final report and provide a response in due course. 

EU MoU on access by non-bank PSPs to central bank operated payment systems

On 18 December 2025, the EBA published a memorandum of understanding (MoU) between the EBA, ECB, NCBs, and NSAs on the co-operation framework for information sharing in support of the access of non-bank payment service providers (PSPs) to central bank operated payment systems.

The MoU operationalises the framework for co-operation and exchange of information between NSAs and NCBs, its primary objectives are to: 

• establish co-operation between NSAs and NCBs in the EEA for the exchange of information to support NCBs in their assessment of the compliance of NB-PSPs with requirements for granting access to central bank-operated payment systems in the EU
• establish procedures in a cross-border scenario for the NCB operating the payment system in the host member state to notify the NSA of the home member state about the NB-PSP's application and the NCB's decision regarding its participation
• harmonise the processes and procedures across the EEA for the exchange of information between NSAs and NCBs, by specifying the types of information to be shared, the timing and means of exchange.

To facilitate communication and exchange of information, all NSAs and NCBs will designate single points of contact and notify them to the European Banking Authority (EBA) and the European Central Bank (ECB). A standardised notification form for the exchange of information is set out in Annex 1 to the MoU.

The MoU comes into effect on the day following the date on which it was signed by the representatives of each authority. 

Back to contents

Consumer credit and mortgages

FCA feedback statement on mortgage rule review

On 15 December 2025, the FCA published its feedback statement on the mortgage rule review. The review aims to simplify the FCA mortgage rules and consider options to support sustainable home ownership. 

The feedback statement sets out the actions the FCA will take as part of the long-term strategy to modernise and simplify the mortgage rules. The roadmap sets out four key themes under which FCA actions are prioritised. 

Back to contents

AI

FATF horizon scan on AI and deepfakes

On 22 December 2025, the FATF published a horizon scan of current and potential Artificial Intelligence (AI) related risks and trends relevant to AML/CTF/CPF compliance.

Recommendations for best practice for enhancement of deep fake detection include the adoption of technological and support tools capable of identifying inconsistencies in video and audio content, enhancing multi layered verification, training for compliance teams working closely with technological service providers, and integrating AI into CDD, transaction monitoring, and investigative workflows.

Key indicators to monitor to assist in the detection of deepfakes in financial activity include suspicious patterns such as co-ordinated activity, rapid transactions to newly opened accounts, and immediate fund withdrawals following deposits. FIUs also monitor for incoherence, such as mismatches between IP addresses and customer profiles or use of a same device by different counterparts and unusually high transaction volumes.

Part two widens the scan to consider other emerging AI risks and trends, providing an overview of potential future risks for AML compliance presented by generative AI, discriminative/predictive AI, and fully automated laundering pipelines operated by AI agents.

EBA's AI Act mapping exercise outcomes published

On 17 December 2025, the EBA published a letter sent to the European Commission detailing the outcome of its mapping exercise on the Artificial Intelligence Act (AI Act).

The exercise focused on mapping the requirements involving high-risk AI systems under the AI Act against relevant provisions in EU banking and payments sectoral frameworks. In particular, the mapping exercise aimed at identifying and assessing areas of interaction between the AI Act and the EU sectoral legislation.

The outcomes of the mapping exercise are:

• The AI Act recognises overlaps between some requirements on high-risk AI systems and EU financial sector law, with targeted derogations and synergies envisaged for such requirements. 
• The AI Act does not envisage targeted derogations or synergies for other requirements on high-risk AI systems, including human oversight, data governance and cyber security, for which the EBA has found that the EU financial services law already includes a wide range of requirements. Notable examples of existing sufficient requirements includes the extensive coverage of cyber security and business continuity requirements within the EU Digital Operational Resilience Regulation (DORA) framework as required in the AI Act. Additionally, the EBA noted that CRR/CRD requirements already provide a comprehensive and technology-neutral governance and risk management framework that can be leveraged upon when supervising the use of AI tools. 

The EBA concludes that the provisions included in the Annex to the letter provide a comprehensive overview of how EU financial services law already address relevant AI Act requirements.

EFAMA launches new and improved AI assessment tool

On 11 December 2025, The European Fund and Asset Management Association (EFAMA) launched version 2 of its AI System Assessment Tool. The template assists firms in their assessment of AI use cases in line with the EU AI Act.

Updates to the tool include:

• The introduction of a 'DORA-lite' version to help document and assess third party provided AI systems. 
• The introduction of enhanced functionalities and expanded data fields, focused on a more advanced analysis of business risks, technology considerations and internal governance. 

A full copy of updated AI System Assessment Tool can be requested here.

EFAMA has published tutorial videos (Part 1, Part 2, and Part 3) to complement the AI-system Assessment Tool.

Back to contents

Operational resilience

ESAs advise on whether statutory auditors should be subject to DORA

On 17 December 2025, the European Supervisory Authorities (ESAs) published a joint report (dated 4 December 2025) (Report) to the European Commission advising on whether statutory auditors should be subject to the EU Digital Operational Resilience Regulation (DORA).

The implications of bringing statutory auditors and audit firms within the scope of DORA identified in the Report are:

• Market perspective. Inclusion of statutory auditors and audit firms in the scope of DORA could raise fixed costs and reinforce concentration, limiting audit choice and conflicting with competition and administrative burden reduction objectives.
• Auditees’ perspective. Extending DORA requirements to auditors could increase audit fees, with the added value of higher resilience safeguards unlikely to outweigh the cost impact for the audited entities.
• Supervisory perspective. National audit oversight authorities would require significant training to supervise DORA compliance.
• Implementation & governance perspective. Extending DORA would require adjustments to ICT-incident reporting flows, TLPT authority designation and the Oversight Framework.
• Co-operation between authorities. Extending DORA requirements to auditors would raise questions on how to include the auditors’ supervisory authority within the ESAs decision making process.
• Inclusion of service providers in the scope of DORA. Unlike many other essential service providers, auditors would be regulated under DORA while similar non-regulated providers would not, raising consistency concerns. 

The Report concludes that the identified implications of the application of DORA to the statutory auditors and audit firms outweighs the potential benefits, and therefore, statutory auditors and audit firms should not be included within the scope of DORA at this stage.

Back to contents

Financial crime

FCA fines Nationwide Building Society for financial crime failings

On 11 December 2025, the FCA published the final notice issued to Nationwide Building Society (Nationwide), imposing a fine totalling £44,078,500 for inadequate financial crime systems and controls.

Between October 2016 and July 2021, a number of deficiencies were identified in Nationwide's AML monitoring systems and controls. In particular:

• Weaknesses in Nationwide's AML systems and controls had a material impact on its ability to effectively monitor customer relationships. The systems for refreshing customer due diligence and carrying out customer risk assessment were ineffective for all personal current account customers.
• Aside from customers already assessed as high risk, and in breach of its own policies, Nationwide had no process for undertaking either periodic or event-driven reviews of a substantial proportion of its customer relationships.
• Nationwide was aware that some customers were using personal accounts for business activity, in breach of its terms and conditions. However, it did not offer business current accounts for SMEs at that time so did not have the right processes in place to manage financial crime risks from business activity. 
• Receipt of Coronavirus Job Retention Scheme (JRS) funds into a personal current account is a strong indicator of business use. In total 33,678 JRS payments totalling £64.6 million were paid into 5,191 personal accounts at Nationwide. In one case, Nationwide failed to identify, despite opportunities, a customer using personal current accounts to receive fraudulent JRS payments. The customer received 24 payments totalling £27.3 million over 13 months, with £26.01 million of this deposited over eight days. HMRC recovered £26.5 million but approximately £800,000 remains unrecovered.

• Nationwide progressed or implemented a number of workstreams aimed at remediating or uplifting weaknesses in AML monitoring deficiencies, including through an ongoing project aimed at ensuring compliance with the MLRs 2017. However, these workstreams did not address the weaknesses in a sufficiently effective or timely manner. 

The FCA found that Nationwide had breached Principle 3, and SYSC rules 6.1.1R and 6.3.1R.

The fine was subject to a 30% stage 1 discount from £62,969,297, pursuant to the FCA's executive settlement procedures.

HM Treasury Anti-Money Laundering and Counter-Terrorist Financing Supervision Report 2024-25

On 8 December 2025, HM Treasury (HMT) published its annual report on anti-money laundering and counter-terrorist financing supervision. 

Key updates in the report include:

• Supervisory consolidation. Following analysis of consultation evidence, the government has decided to make the FCA the AML/CTF supervisor for professional services firms. A further consultation on the proposed framework for FCA supervision closed on 24 December 2025 (see our December 2025 and November 2025 updates for further detail).
• FATF assessment preparation. The Financial Action Task Force (FATF) has begun its fifth round of assessments of global efforts to tackle money laundering, and terrorist and proliferation financing. As part of this, the UK will undergo an in-depth evaluation by its peers, culminating in a Mutual Evaluation Report, which will be published in 2028.

Notable supervisory statistics for the 2024/25 period include:

• Registration activity. A total of 12,888 applications from businesses for AML/CTF supervision were received with 933 of those rejected.
• Risk categorisation. Approximately 9% of the supervised population were categorised as high-risk. This is broadly in line with prior years of 2023-24 (9%) and 2022-23 (10%).
• Direct supervision activity. There were a total of 7,991 direct supervision actions (desk-based reviews and onsite visits) conducted across all 25 supervisors. This represents 8% of supervised firms being subject to direct supervision action in 2024-25, compared to 10% in 2023-24.
• Suspicious activity reports (SARs). 1,412 firms were asked to share SARs with their supervisor, with 798 of those being assessed by a supervisor for quality. Of those, 62 were assessed as inadequate.
• Enforcement fines. The total sum of fines across all 25 supervisors was £59.5 million, compared to £41.5 million in 2023-24. Across all supervisors, £52.5 million of fines were issued to high-risk businesses, £5.5 million of fines were issued to medium-risk businesses, and £1.5 million of fines to low-risk businesses.
• Formal and informal actions. Across all 25 supervisors, 976 formal actions and 731 informal actions were taken against high-risk businesses, 307 formal actions and 555 informal actions were taken against medium-risk businesses, and 235 formal actions and 619 informal actions were taken against low-risk businesses.
• Published enforcement actions. In the 2024-25 reporting period, the 25 supervisors published a total of 1,100 of their enforcement actions online.

Back to contents

This month's question

The answer to last month's question: The PSR's General Direction 1 requires participants and regulated persons to deal with the PSR in an open and co-operative way.

This month's question: what is the name of the new legislative framework that will enable firms to conduct limited regulated activities with streamlined conditions?

• limited scope authorisation regime
• start-up authorisation regime
• provisional licences authorisation regime
• early stage licensing regime.

Back to contents