Global

IAIS mid-year Global Insurance Market Report 2026

The International Association of Insurance Supervisors (IAIS) has released the mid-year preview of its Global Insurance Market Report 2026. The report, based on preliminary findings from the IAIS’ 2026 Global Monitoring Exercise (GME), analyses emerging trends and risks within the global insurance sector.

Among others, supervisors have identified a key sector-wide theme for deeper analysis in the 2026 GME: the impact of advancements in AI and technology on insurers’ cyber resilience. [9 Jul 2026] #AI #CyberResilience

FATF report urges use of Public-Private Partnerships to combat illicit finance

The Financial Action Task Force (FATF) has published a new report which highlights the urgent need for authorities and the private sector to work together to combat money laundering, terrorist financing and proliferation financing (ML/TF/PF), in an era of increased digitalisation, and given the speed and complexity of cross-border transactions. The report examines how public-private partnerships (PPPs) and other information-sharing mechanisms can help jurisdictions and the private sector to detect, analyse and disrupt financial crime activity at speed and scale.

It identifies at least 84 public-private partnerships globally, and finds that PPPs stand out as permanent, effective instruments for combatting ML/TF/PF when supported by a robust legal basis, clear governance, and technological innovation.

To encourage adoption and strengthening of PPPs, the FATF sets out different models being used around the world, and highlights the need for stronger cooperation with financial institutions, virtual asset service providers, the non-financial sectors and non-traditional stakeholders, given the exponential rise of fraud globally.

The report finds that more than 75% of reporting jurisdictions are using PPPs to share strategic information such as typologies, red flags and risk trends while 55 – 66% of jurisdictions have PPPs for operational information sharing such as case intelligence, suspicious transaction report indicators and customer due diligence or Know Your Customer (KYC) data reflecting different needs, context, stages and evolution of PPPs.

Key innovations being used to strengthen information sharing are set out in the report, including encrypted platforms, secure exchanges and the involvement of a broader range of stakeholders such as telecom operators and digital platforms. [8 Jul 2026] #Digitalisation


UK

HM Treasury announces that HM Government has designated four major global cloud services and technology providers as CTPs

HM Treasury has announced that HM Government has designated four major global cloud services and technology providers as Critical Third Parties (CTPs). Four global Cloud Service Providers are to be brought under a new regime to help strengthen the resilience of the UK’s financial system.

The designation means the Bank of England (BoE), PRA and FCA will work together to jointly oversee the critical services they provide to the financial sector, helping reduce the risk of widespread disruption and strengthening collaboration across the financial services ecosystem.

Through the new regime, the regulators will be able to gather information, assess resilience, and work with third parties to address risks to the continuity of critical services, including through making and enforcing CTP-specific rules where necessary.

The BoE has also published a release which announced that the regulators will start overseeing the first CTPs on 13 July 2026, following designation by HM Treasury. [10 Jul 2026] #OpRes #CyberSecurity #Cloud

FCA cracks down on illegal promotions and market abuse in first year of new strategy

The FCA has published its annual report and accounts 2025/26. In the annual report, the FCA stated that it had led an international crackdown on illegal finfluencer promotions, resulting in three arrests and 650 social media takedown requests, and secured a combined 11 years in prison for two cases of insider dealing in the first year of its 5-year strategy. [9 Jul 2026] #Finfluencers #SocialMedia

PSR publishes Annual Report and Accounts for 2025/26

The Payment Systems Regulator (PSR) has published its annual report and accounts for 2025/26, setting out how it has promoted competition and innovation in payment systems, improved protections for users and supported the UK’s evolving payments landscape.

Over the past year, the PSR made progress in key priority areas, including tackling authorised push payment (APP) fraud, advancing open banking, and improving transparency and competition in card markets. The PSR also worked closely with the FCA, the Bank of England (BoE) and HM Treasury to deliver the government’s National Payments Vision and to support the development of next generation payments infrastructure.

Alongside delivering against its commitments, it continued to support the government’s plans to consolidate the PSR into the FCA. [9 Jul 2026] #Payments #APPFraud

FCA Deputy CEO discusses approach to regulation and ‘solving for growth, risk and trust’

The FCA has published a speech by Deputy CEO, Sarah Pritchard, which was delivered to the Whitehall Industry Group. Ms Pritchard discussed how the FCA is approaching the dual objectives of consumer protection and economic growth.

Noting that the FCA oversees more than 35,000 regulated firms, with a further 60,000 businesses and 100,000 senior individuals expected to come within scope in the coming years, she highlighted the important roles of data, AI and technology in driving supervisory efficiency. In terms of operational improvements which leverage data and technology, examples include a reduction in low-risk supervisory case processing times from an average of four hours to just six minutes, with nearly 40% of the FCA's caseload now comprising proactively identified cases (up from 28% the previous year).

She also drew attention to the FCA's innovation infrastructure, including the Scale-up Unit, the Pre-Application Support Service (PASS), and the AI Supercharged sandbox run in partnership with Nvidia; a new Climate Scenarios Sandbox cohort has been announced for later in 2026. On the Targeted Support regime, which went live in April 2026, Ms Pritchard acknowledged that it will take time to scale, but seven firms have already approved and 23 more have applied or are engaged with the PASS. [8 Jul 2026] #AI

FCA: Information about the authorisation application form for cryptoasset firms

The FCA has published the document: Information about the authorisation application form for cryptoasset firms, which is intended to help applicant firms understand the information that they will need to include with their application. The components of an application fall into two broad categories:

  • sections/questions that relate to the applicant firm but are broadly not crypto specific; and
  • the information that applicant cryptoasset firms will need to provide based on their business model and the regulated activities for which they are applying.

This document covers the questions in both these categories.

The FCA notes, among other matters, that the information is being provided on a best endeavours basis and does not constitute guidance or legal advice. The application form itself is still being finalised and while the FCA does not expect the structure and content of the application form to change, there may be changes to some details. The finalised application form will be available via the FCA’s online system for firms to complete from 30 September 2026 when the gateway opens and the application period starts. [8 Jul 2026] #Crypto #DigitalAssets

BoE’s fees regime for FMI supervision for 2026/27

The Bank of England (BoE) has published its PS on fees for financial markets infrastructure (FMI) supervision. Among other things, the BoE expects to begin levying supervision fees for the Digital Securities Sandbox (DSS) in the 2026/27 fee year. Supervision fees for the DSS were addressed in a PS published on 30 September 2024 and are included in this document for information.

Invoices are expected to be issued before the end of August for the 2026/27 fee year. [8 Jul 2026] #DigitalSandbox

HM Treasury publishes report on the economic and financial benefits of operational resilience

HM Treasury has published a report, The Value of Resilience: Cyber Resilience in Financial Services, which sets out evidence on the economic and financial benefits of operational resilience, with a particular focus on cyber disruption in the financial sector. It demonstrates that stronger resilience not only reduces the likelihood and impact of disruptions, but also supports faster recovery, improved financial performance and long-term growth. The report aims to strengthen the evidence base for resilience investment by showing that resilience should be viewed as a strategic enabler of growth and stability, rather than solely as a compliance cost. [8 Jul 2026] #CyberResilience

DSIT: Cyber Resilience Pledge launched with 60+ signatories

The Department for Science, Innovation and Technology (DSIT) has announced that more than 60 businesses have committed to strengthen their cyber defences in response to the growth in scale, frequency and sophistication of cyber threats. The voluntary pledge asks signatories to take three concrete actions to improve their cyber security:

  • making cyber security a board-level responsibility, by implementing the Cyber Governance Code of Practice and ensuring all board members complete the National Cyber Security Centre’s (NCSC’s) Cyber Governance Training;
  • Registering for the NCSC’s free Early Warning service, a tool that alerts organisations to potentially suspicious activity on their networks; and
  • Taking a risk-based approach to requiring the government-backed Cyber Essentials certification across their supply chain.

The launch of the pledge comes ahead of the new National Cyber Action Plan, which will set out how HM Government will continue to work with industry to protect the nation from the cyber threats it faces in the AI era, including through investment in AI-powered defensive capabilities, the adoption of new secure technologies, and through new measures under the National Security Bill to tackle cyber crime. [8 Jul 2026] #CyberResilience #AI

TSC publishes PSR’s update on independent evaluation of the APP scams reimbursement policy

The Treasury Select Committee (TSC) has published correspondence from David Geale, Managing Director of the Payment Systems Regulator (PSR), which provides an update on the independent evaluation of the authorised push payment (APP) scams reimbursement policy. The evaluation considered the policy’s impact on: payment services provider (PSP) efforts to tackle APP fraud; fraud levels; consumer welfare; PSPs; and other markets. The PSR says that the evaluation confirms this policy is working, with fraud losses having fallen by an estimated £73 million per year. The number of APP scams has fallen by nearly 35,000. Reimbursement rates for all claims have risen from 54% to 65%, and for in-scope claims, firms are now reimbursing 97%.

The PSR also says it is engaging with stakeholders and expects to consult on proposed policy changes in the second half of 2026. [8 Jul 2026] #Payments #APPFraud

FPC Financial Stability Report - July 2026

The Financial Policy Committee (FPC) of the Bank of England (BoE) has released the July 2026 edition of the Financial Stability Report, along with the FPC record for July 2026 and a focus report on the FPC’s assessment of bank capital requirements which describes a package of reforms.

As an overall summary of the risk environment, the FPC sets out, among others, the following comment in the Financial Stability Report: recent rapid advances in frontier AI capabilities have increased financial stability risks related to cyber and operational resilience.

With regard to frontier AI, the FPC emphasises that firms need to act in response to the May 2026 joint statement from the BoE, FCA and HM Treasury on frontier models, and on existing cyber and operational resilience frameworks. The FPC notes that the authorities are providing support through supervision and sector engagement, including through the Cross Market Operational Resilience Group (CMORG), and through the BoE’s and PRA’s upcoming consultation on cyber and ICT risk management. The FPC comments that these developments require firms and authorities to reassess the continuing robustness of current deep cyber recovery capabilities, coordination arrangements and the resilience of key technology providers. It notes that increasing coordination across authorities and key vendors domestically and internationally will be critical. Further, this underlines the importance of operationalising the UK’s critical third party regime.

The FPC also addresses the macrofinancial implications of AI, setting out an assessment of the near and medium-term channels through which the ‘AI transition’ could affect UK financial stability. The focus is on the effects of AI-related investment and broader adoption on financial markets, including sovereign bond markets, and financing conditions for the real economy (the ‘macrofinancial’ channels). The BoE is considering the macroeconomic effects in further work. The FPC will continue to monitoring these channels over time, assessing how they are contributing to structural change, and embedding the analysis in the BoE’s mainstream monitoring of financial system resilience.

In addition, the FPC notes that the BoE and FCA will publish the next iteration of their AI Survey later this year. [7 Jul 2026] #AI #CyberResilience #OperationalResilience

FCA publishes report of the Mills Review into impact of AI on retail financial services

The FCA has published the outcome of the Mills Review, which considered how AI could reshape retail financial services by 2030 and beyond. The initiative was led by FCA Executive Director, Sheldon Mills. Research for the review found that while there is consumer appetite for using agentic AI in financial services, concerns about trust and control of AI are present. The report itself explains that, with AI set to become a ‘defining force in retail financial services’, there are both benefits and risks. On one hand, it has the potential to improve access, personalisation and efficiency, while on the other, AI may amplify risks related to fraud, cyber security, consumer harm and market concentration  

The review makes seven priority recommendations for the FCA:

  • secure and adapt the regulatory perimeter;
  • strengthen system-wide coordination and oversight. Monitor the transition to autonomous models and adapt regulatory frameworks;
  • scale up the FCA's AI Lab to support AI models and system innovation in financial services;
  • enable the foundations for agentic finance;
  • build and adopt an AI-enabled agentic supervisory model; and
  • develop a trusted public-interest AI-enabled financial capability service.

Running in parallel to this work, the FCA plans to launch an AI good and poor practice publication later in 2026. As part of this work, the regulator has engaged directly with firms to find out what is working well, where firms are facing challenges, and where further clarity would help. [6 Jul 2026] #AI

FSCP response to the Future of Tokenisation – Call for Input

The FCA has published the Financial Services Consumer Panel’s (FSCP’s) responses to the Call for Input on the Future of Tokenisation. The Panel supports the authorities’ commitment to maintaining high standards of market integrity, operational resilience, and consumer protection as tokenised and traditional infrastructures evolve in parallel. It also welcomes the development of the Digital Securities Sandbox, the ambition to ensure equivalent prudential and collateral treatment for tokenised and non‑tokenised assets, and the progress on initiatives such as the Digital Gilt Instrument and the Real Time Gross Settlement (RTGS) Synchronisation Service.

However, the Panel is concerned that the Call for Input places significant emphasis on industry infrastructure and operational considerations, with consumers referenced only briefly. It also encourages the authorities to provide greater clarity on the sequencing of asset classes and the rationale for a phased approach. The Panel further highlights the importance of interoperability, liquidity, and international alignment. [6 Jul 2026] #Tokenisation #DigitalSandbox


Europe

ESMA: New Q&As available

ESMA has published the questions and answers (Q&As) in relation to, among others, Markets in Cryptoassets Regulation (MiCAR). [10 Jul 2026] #MiCAR #Crypto #DigitalAssets

EIOPA: Exclusion of GLMs and GAMs from the AI Act high-risk classification – EIOPA’s further input

The European Insurance and Occupational Pensions Authority (EIOPA) has published a correspondence from its Chairperson, Petra Hielkema, to the European Commission’s (EC’s) Director General for Financial Stability, Financial Services and Capital Markets Union (FISMA), John Berrigan, and its Director General for Communications Networks, Content and Technology (CNECT), Roberto Viola. In the correspondence, Ms Hielkema, among other things, states that EIOPA considers that the conditions set out in Article 7(3) of the AI Act are met for a targeted exclusion from Annex III, point 5(c), of systems relying solely on generalised linear models (GLMs), including linear or logistic regression, and generalised additive models (GAMs) under human supervision. [10 Jul 2026] #AI

ESMA launches Common Supervisory Action on CASPs’ digital operational resilience for custody

The European Securities and Markets Authority (ESMA) has launched a common supervisory action (CSA) focusing on the digital operational resilience of cryptoasset service providers (CASPs), with a specific emphasis on custody services. It will focus on risks inherent to distributed ledger technology (DLT), including governance arrangements, key and storage management, transaction controls, incident detection and response, smart contract risks, and dependencies on third-party providers.

National competent authorities (NCAs) will carry out the exercise on a risk-based sample of authorised CASPs. The exercise will run from the second half of 2026 to the first half of 2027.

The findings collected from NCAs will be consolidated into a final report, which will be submitted to ESMA’s Board of Supervisors following the conclusion of the exercise in the second half of 2027. [8 Jul 2026] #Crypto #DLT #OperationalResilience #DigitalAssets

ECB ‘Dear CEO’ letter: Addressing AI-enabled cybersecurity threats

The European Central Bank (ECB) Banking Supervision has published a template version of the ‘Dear CEO’ issued to all significant institutions under the ECB’s direct supervision regarding the rapidly evolving AI-enabled cybersecurity threat landscape. Signed by Claudia Buch, Chair of the Supervisory Board, the letter warns that advances in AI systems have fundamentally compressed the timeline between discovering a vulnerability and it being exploited. This is a structural shift in the risk environment for banks' ICT and security infrastructure rather than a temporary phenomenon.

The ECB calls on supervised entities to assess the impact of the evolving threat landscape without delay, and to develop a comprehensive action plan outlining concrete measures to strengthen relevant controls, allocating the necessary resources, assigning clear roles and responsibilities, and defining timelines for implementation. This action plan should build upon existing cyber-risk strategies and address both immediate priorities and longer-term aspects. In the short term, particular focus should be placed on:

  • accelerating vulnerability and patch management at scale;
  • enhancing monitoring, detection and AI-enabled defensive capabilities; and
  • verifying that third-party risk management is fit for purpose in the current situation.

As part of the short-term effort, prioritising protection of perimeter technologies and internet-facing and externally exposed ICT assets is identified as key to preparing for the rise in AI-enabled cybersecurity threats.

In addition to these short-term actions, operational and cyber resilience should be advanced through structural measures, including:

  • reinforcing defence-in-depth and cyber hygiene;
  • modernising infrastructure by replacing or updating legacy, unsupported or end-of-life technologies; and
  • improving operational resilience through response and recovery mechanisms, including crisis management, as well as information sharing arrangements.

Supervised entities’ action plans should be submitted to the entities’ Joint Supervisory Teams (JSTs) by 31 October 2026. Each JST will further engage with the supervised entity to discuss the action plan and will monitor its progress.

The ECB will conduct a horizontal analysis of the submitted action plans to identify trends, challenges and areas for improvement; it will share the conclusions of this analysis to support efforts to strengthen cyber and operational resilience.

As the ECB is committed to enabling supervised institutions to prioritise their efforts and focus resources on the relevant key areas, it has extended the deadline for the annual collection of the IT Risk Questionnaire from September 2026 to February 2027. [7 Jul 2026] #AI #OperationalResilience #CyberResilience #CyberSecurity

ESRB publishes a warning on systemic cyber risks stemming from frontier AI models

The European Systematic Risk Board (ESRB) has published a formal warning on systemic cyber risks stemming from frontier AI models. This warning comes after the ESRB General Board assessed systemic cyber risk as ‘severe’ in June, up from ‘elevated’ in March.  The ESRB explains that frontier AI models are reshaping the cyber threat landscape by enabling threat actors to discover vulnerabilities and execute cyberattacks with increased speed, scale and sophistication. The warning also highlights the EU's strategic dependency on leading AI providers located outside the European Union, creating additional geopolitical risk exposure.

Accompanying the warning, the ESRB General Board approved the publication of an analytical note, Addressing Frontier AI Models with cyber capabilities from a financial stability perspective, which provides further analysis of the identified risks. The ESRB calls for a coordinated response involving AI providers, software providers, security firms, open-source maintainers, financial institutions, and national and EU-level authorities, and has called on the EU to scale up its capacity, expertise and strategic autonomy in this critical area.

The European Supervisory Authorities (EBA, EIOPA and ESMA – the ESAs) have welcomed and supported the ESRB’s action. [7 Jul 2026] #AI

ECB: Update on the digital euro rulebook

The ECB has published the sixth progress report informing on the status of the draft digital euro scheme’s rulebook and the work of the Rulebook Development Group from 30 October 2025 to 30 April 2026. The update covers work on consultation feedback, further consultation and agreements with European standardisation bodies, among other matters. [7 Jul 2026] #DigitalEuro #CBDC


Hong Kong

SFC requires internet brokers and VATPs to adopt phishing-resistant authentication methods

The SFC has issued a circular requiring internet brokers and SFC-licensed virtual asset trading platform operators (VATPs) to adopt phishing-resistant authentication methods for client login and device binding, in response to increasing phishing attacks and account takeover incidents involving stolen client credentials.

The SFC states that one-time passwords (OTPs) should no longer be used for client login and device binding. The circular identifies passkeys and bound devices as examples of acceptable authentication solutions, with further details set out in the Appendix.

The SFC also expects firms to:

  • Implement effective monitoring and surveillance measures to identify suspicious login, trading and withdrawal activities;
  • Promptly notify clients of successful logins and other high-risk account activities;
  • Establish procedures to respond to and report hacking incidents; and
  • Regularly educate clients on phishing and other cybersecurity risks.

Internet brokers and VATPs are expected to implement phishing-resistant authentication solutions as soon as practicable, and no later than 8 July 2027, while large internet brokers are expected to adopt them immediately. During the implementation period, firms should strengthen monitoring of suspicious activities and take immediate action where potentially fraudulent activity is identified.

The SFC reminds senior management that they are ultimately responsible for protecting client accounts and assets and may be held accountable for client losses arising from inadequate controls. [9 Jul 2026] #VirtualAssets


Singapore

MAS: PQ response on PayNow retail user nicknames

MAS has published its response to a Parliamentary question (PQ) on whether the Government will consider permitting some registered PayNow retail users to adopt nicknames as display names. In response, MAS highlighted that allowing nicknames on a case-by-case basis undermines the purpose of the initiative, as PayNow participating institutions are unable to assess the legitimacy of such requests and may inadvertently approve nicknames that could later be used for impersonation scams. [7 Jul 2026] #Payments

MAS paper: Safeguards for AI agents in finance

MAS has published a white paper, developed in collaboration with industry partners, on safeguards for AI agents in finance. The paper proposes an industry-developed framework that enables AI agents in financial services to carry out financial tasks safely, securely and reliably. It sets governance checkpoints to verify and record an AI agent’s proposed actions before tasks are executed.

The white paper outlines the direction for how these safeguards, including policy-bound execution, real-time validation, auditability and interoperability, can be embedded into system operations so that financial institutions can deploy AI agents with trust and consistency.  [3 Jul 2026] #AI


Malaysia

BNM Governor sets out three priorities for responsible AI adoption in financial services

Bank Negara Malaysia (BNM) has published a speech by its Governor Abdul Rasheed Ghaffour at the inaugural AICB Nexus Conference. Mr Ghaffour set out a framework of three priorities to guide the Malaysian financial sector's approach to AI: purposeful innovation, responsible and risk-aware innovation, and innovation that brings progress for all.

Looking ahead, BNM will phase in its open finance framework from 2027, continue asset tokenisation pilots through the Digital Assets Innovation Hub, and develop its Financial Sector Blueprint 2027–2030 with industry and Government.  [8 Jul 2026] #AI


Vietnam

SBV: Launch of Vietnam–Singapore cross-border QR payment service

The State Bank of Vietnam (SBV) has announced the launch of the Vietnam–Singapore cross-border QR payment service. Through the payment connectivity established between the National Payment Corporation of Vietnam and Liquid Group, Singaporean visitors can now pay for goods and services in Vietnam by using participating payment applications. Transactions are processed in real time with automatic currency conversion.  [3 Jul 2026] #Payments


US

SEC Chair’s statement on the 2026 Regulatory Agenda

The SEC has published the statement made by Chair Paul Atkins regarding the agency’s 2026 Regulatory Agenda. Chair Atkins outlined the agenda, noting the focus on developing a regime for cryptoassets, reversing the decline in the initial public offering (IPO) market, and ensuring the accessibility of private markets.  [Jul 7, 2026] #Crypto #DigitalAssets

CFTC charges commodity pool operator and his company with fraud

The Commodity Futures Trading Commission (CFTC) has announced that it has filed a complaint in the U.S. District Court for the Western District of North Carolina against a commodity pool operator and his company.  According to the complaint, the defendants operated a fraudulent commodity pool that traded equity index futures contracts, options on equity index futures, and cryptoassets, among other purported investments.  It is alleged that over $14m was fraudulently solicited from at least 60 participants.

Among other allegations, the complaint alleges that the individual knowingly made false statements during sworn testimony taken as part of the CFTC’s investigation, and the defendants violated multiple registration provisions under the Commodity Exchange Act (CEA) and CFTC regulations.

The CFTC seeks restitution, disgorgement, civil monetary penalties, trading and registration bans, and a permanent injunction against further violations of the CEA and CFTC regulations, as charged.  [Jul 7, 2026] #Crypto #DigitalAssets

Fed Vice Chair Bowman on FSB AI sound practices consultation

Fed Vice Chair for Supervision Michelle W. Bowman delivered opening remarks at the Financial Stability Board's (FSB’s) Virtual Outreach Event on the FSB's consultation report, Sound Practices for Responsible Adoption of AI. Ms Bowman, who chairs the FSB's Standing Committee on Supervisory and Regulatory Cooperation, initiated work on the report and noted that it has been produced as a deliverable under the U.S. Presidency of the G20.  Ms Bowman thanked Hern Shin Ho from the Monetary Authority of Singapore (MAS) for leading the workstream that produced the report.

The report sets out sound practices for financial institutions to consider when adopting and using AI, with a significant focus on proportionality, recognizing that there is not a one-size-fits-all approach. She explained that it is the materiality of AI use which should inform the type and intensity of governance and controls applied, with lower-risk uses being subject to a lighter supervisory and regulatory touch. 

Feedback to the FSB consultation report is requested by 22 July 2026. The final report is expected to be delivered to the U.S. G-20 presidency later in 2026.  [Jul 7, 2026] #AI


Key contacts

Cat Dankos photo

Cat Dankos

Senior Regulatory Consultant, London

Michael Tan photo

Michael Tan

Senior Associate, London

Chris Ninan Jon Ford Cat Dankos Michael Tan