FinTech Global FS Regulatory Round-up - w/e 29 May 2026

Global

CPMI publishes insights to operational payment systems from 2025 monitoring survey

The Committee on Payments and Market Infrastructure (CPMI) has published a brief which provides insights to operational payments systems from the 2025 monitoring survey, conducted by CPMI, in cooperation with the Financial Stability Board (FSB). Highlights include:

• Expanded access to payment systems, extended operating hours and interoperability by design form the foundation for enhanced cross-border payment services.
• Aligning with ISO 20022 harmonisation requirements and adopting standardised application programming interface (API) frameworks can reduce inefficiencies and maximise benefits. Scaling FPS links and expanding access for non-banks and foreign banks can boost competition. Extending payment system operating hours, particularly in the Americas and Europe will broaden the global settlement window.
• Continued international cooperation and targeted technical assistance are crucial for advancing the objectives of the G20 Roadmap.

The views expressed in this publication are those of the authors and do not necessarily represent the official views of the Committee, its members or the Bank for International Settlements (BIS). [29 May 2026] #Payments

BIS: Project Agorá shows how tokenisation can improve wholesale cross-border payments

The BIS has announced that Project Agorá has successfully delivered a prototype that demonstrates that tokenised commercial bank deposits can be successfully combined with the trust and safety of tokenised central bank reserves on a shared platform. The prototype enables atomic, multi-currency settlement of wholesale cross-border payments, which could occur on an around-the-clock basis if implemented.

The project, involving several centrals banks and more than 40 private sector financial institutions, published a report detailing the findings of this exploratory work. The report highlights the following key findings from the development of the prototype including:

• tokenisation can help to address inefficiencies in wholesale cross-border payments in a safe and secure manner through multi-currency settlement using tokenised central bank reserves and tokenised commercial bank deposits;
• atomic settlement is achievable securely across currencies and jurisdictions;
• a layered prototype architecture enables central banks to retain autonomy over national currencies and operations within an interoperable shared platform;
• privacy can be safeguarded at both balance and transaction levels through technologies that protect sensitive data while supporting regulatory compliance;
• tokenisation, as contemplated in Project Agorá, does not alter the legal characterisation of, or associated obligations relating to, central bank reserves and commercial bank deposits;
• legal analysis finds that settlement finality is achievable across all seven participating jurisdictions;
• further work is needed to define technical, operational and contractual requirements best aligned with the legal frameworks in each jurisdiction; and
• the modular design can unlock new capabilities while enabling future enhancements in areas such as anti-money laundering (AML), countering the financing of terrorism (CFT), sanctions compliance and fraud detection, as regulatory and data-sharing frameworks evolve. [27 May 2026] #Payments #Tokenisation

IOSCO published Final Report: Supervisory Toolkit for AI Use in Capital Markets

The International Organization of Securities Commissions (IOSCO) has published its Final Report: Supervisory Toolkit for AI Use in Capital Markets. The toolkit in this report aims to cover the full lifecycle of a particular AI system and to apply to all AI system types, from those based on more traditional forms of machine learning (ML) to those using GenAI and emerging Agentic AI techniques. The report provides supervisors with a toolkit to support risk-based and proportionate supervision of AI use in capital markets through three complementary layers: areas of supervisory consideration; tools for supervisory oversight of key areas; and indicators and data sources.

IOSCO welcomes feedback from stakeholders on the supervisory toolkit set out in this report and on emerging practices in industry. Responses are requested by 26 June.

IOSCO is now turning its attention to emerging industry practices across governance, disclosure, and recordkeeping and reporting of AI systems in capital markets. It is also, in light of recent developments in AI-enabled cyber capabilities, examining how such AI-driven cyber risks, and the need for more continuous assessment and remediation, should be reflected in its ongoing work on AI in financial markets. [26 May 2026] #AI

BIS working paper - Disciplining digital risk: evidence from cyber stress tests

BIS has published a working paper, Disciplining digital risk: evidence from cyber stress tests. Using confidential supervisory data from the ECB, the authors first identify ’laggard’ banks that underinvest relative to their cyber-risk profiles, and then examine how supervisory scrutiny affects incentives to invest. The authors documented four main findings:

• the stress test announcement increased cyber security investment across the banking sector by around 45%;
• The response was concentrated among laggard banks;
• the stronger response by laggard banks was driven by supervisory scrutiny rather than by cyber incidents or losses; and
• the investment response was strongest among laggard banks subject to more intensive supervisory oversight, including deeper reviews and supervisory findings.

Views expressed in BIS working papers are those of the authors and do not necessarily reflect the views of the BIS or its member central banks. [26 May 2026] #CyberSecurity

UK

FCA: Handbook Notice 141

The FCA has published Handbook Notice 141 which describes the changes made by the FCA Board to the Handbook and other material. Among others, the instruments in this edition makes changes to support the use of distributed ledger technology (DLT) in authorised funds and to introduce an optional Direct‑to‑Fund (D2F) dealing model.

The publication also includes FCA feedback regarding consultations related to the above noted changes for which separate policy statements will not be issued. [29 May 2026] #DLT

HM Treasury and FCA respond to APPG on crypto regime preparedness

The Chairs of the Crypto and Digital Assets All-Party Parliamentary Group (APPG) wrote  to HM Treasury and the FCA regarding preparedness for the UK’s new cryptoasset regulatory regime in March 2026.  HM Treasury responded to the letter in early May, confirming that:

• HM Government’s commitment to ‘making the UK a world-leading destination for digital assets’;
• the FCA should finalise its rules by mid-2026, with the application for authorisation period opening from 30 September 2026, this will give firms reasonable time in advance of the regime coming into force on 25 October 2027; and
• the FCA has put in place arrangements, such as pre-application meetings, to assist firms through the process;
• the FCA has increased its resources to ensure it has the right expertise for the regime.

In a separate response, the FCA explained how it had engaged with the development of the new regime, and noted that it was considering transitional arrangements for disclosure and admission processes. [28 May 2026] #Crypto #DigitalAssets

HM Treasury response to question on cryptocurrency payments to domestic PEPs

The following response from HM Treasury to a question raised by a member of the House of Commons has been published. On the question: what guidance the FCA provided on cryptocurrency payments to domestic Politically Exposed Persons (PEPs), HM Treasury responded the FCA publishes guidance on the requirements of the Money Laundering Regulations (MLRs) with regard to PEPs. The MLRs require financial institutions, including FCA-registered cryptoasset exchange providers and custodian wallet providers, to apply enhanced customer due diligence measures and enhanced ongoing monitoring to all customers who are PEPs. This includes taking adequate measures to establish the source of wealth and source of funds which are involved in the proposed business relationship or transactions with that person. #Crypto

Europe

ESMA publishes new Q&A regarding MiCAR

ESMA has published a new Q&A regarding the Markets in Cryptoassets Regulation (MiCAR). ESMA responds to a question regarding an exemption from white paper requirements when offering a cryptoasset other than an asset-referenced token (ART) or electronic money token (EMT) [28 May 2026] #Crypto

Eurosystem outlines roadmap for extending the operating hours of T2

The Eurosystem has published a report outlining its roadmap for extending the operating hours of T2, the real-time gross settlement system (RTGS) of its Trans-European Automated Real-time Gross settlement Express Transfer (TARGET) Services.

The roadmap includes short-term measures aimed at improving liquidity management and proposals for medium to long-term implementation. The Eurosystem plans to launch a market consultation by early 2027. [28 May 2026] #Payments

OJ: ECB Opinion on the Digital Omnibus

The Opinion of the European Central Bank (ECB) on a proposed regulation as regards the simplification of the digital legislative framework (Digital Omnibus) has been published in the Official Journal of the EU (OJ). Among other matters, the ECB welcomed the initiative to simplify and harmonise the ICT-related incident reporting procedures and implement a centralised reporting of major ICT-related incidents. However, it contends that the Digital Operational Resilience Act (DORA) should be excluded from the proposed regulation, and sets out reasons why. [26 May 2026] #DigitalOmnibus #DORA

Hong Kong

SFC and HKMA issue circular guidance to VATPs, licensed corporations, registered institutions, and authorised institutions on provision of Relevant Stablecoin services

The SFC has issued a circular to set out its expected standards for licensed virtual asset trading platforms (VATPs) and licensed corporations when conducting activities in Relevant Stablecoins, ie, ‘specified stablecoins’ under the Stablecoins Ordinance that are issued by a licensed entity under the Ordinance.

This circular also clarifies the application of the Guidelines for Virtual Asset Trading Platform Operators and the joint SFC-HKMA circular on intermediaries’ virtual asset (VA)-related activities (joint circular of 22 December 2023 together with supplemental joint circular of 30 September 2025 - see our previous update) to activities in Relevant Stablecoins.

The regulatory requirements applicable to both VATPs and licensed corporations include those relating to:

• liquidity and index requirements for tokens available for trading by retail clients;
• disclosure;
• assessment of client knowledge of VA;
• exposure limit; and
• suitability.

The regulatory requirements applicable only to licensed corporations include those relating to:

• partnering arrangement;
• dealing through VATPs;
• deposit and withdrawal arrangement; and
• ongoing reporting and notification.

The circular introduces revised licensing conditions for VATPs (see Appendix 1) and corresponding updates to the terms and conditions for licensed corporations and registered institutions that provide VA dealing and advisory services, and those that manage portfolios investing in VAs, as set out in Appendices A1 and A2.  The versions showing tracked changes in Appendices B1 and B2.

In parallel, the HKMA has issued a circular to provide guidance to registered institutions on the requirements for their VA dealing services, advisory services or asset management services or the distribution of investment products with exposure to VAs, where the VA concerned is a Relevant Stablecoin.  The guidance focuses on the applicability of the requirements in the SFC-HKMA joint circular referred to above to registered institutions' Relevant Stablecoin-related activities.  The updates to the licensing or registration terms and conditions are in Appendices A1 and A2.

The HKMA has also issued another circular to provide guidance on authorised institutions' provision of dealing, advisory and portfolio management services involving Relevant Stablecoins, referring to the guidance to registered institutions above. 

Finally, the SFC has updated the following as a consequence of the commencement of the stablecoin regime:

• Circular on SFC-authorised funds with exposure to VAs (superseding the 7 April 2025 version of the circular); and
• Frequently asked questions on the Code on Unit Trusts and Mutual Funds (Question 20G has been added). [27 May 2026] #Stablecoins #VirtualAssets

HKMA publishes circular guidance on offering of financing for VA dealing, shared order book, and client VA withdrawals

The HKMA has issued a circular setting out the standards expected of registered institutions in offering financing for virtual asset (VA) dealing, participating in shared order books, and permitting client VA withdrawals.

This follows the SFC's circular dated 11 February 2026 (see our previous update), which enables licensed corporations providing VA dealing services under omnibus account arrangements with SFC‑licensed VA trading platforms to offer financing for VA dealing, and establishes expected standards for VA brokers participating in shared order books, as well as requirements for client VA safeguards by brokers permitting VA withdrawals.

• VA financing – Registered institutions providing VA dealing services may provide VA financing by observing similar standards expected by the SFC on VA brokers providing VA financing, as set out in the SFC's 11 February 2026 circular.
• Shared order book – Registered institutions providing VA dealing services to conduct agency trading of clients on a shared order book and offering retail clients access to the shared order book should follow the same guidance given by the SFC to VA brokers as set out in paragraphs 15–17 of the SFC's 11 February 2026 circular.
• Client VA withdrawals – To better safeguard client VAs, in addition to the HKMA’s prevailing requirements on related matters (such as e-banking, technology and operational risk management), the expected standards and measures regarding client VA withdrawals as set out in paragraphs 18–20 of the SFC's 11 February 2026 circular are also applicable to registered institutions that permit client VA withdrawals. [27 May 2026] #VirtualAssets

HKMA updates guidance on provision of custodial services for digital assets

The HKMA has reviewed and updated its guidance on the provision of custodial services for digital assets by authorised institutions (AIs).  The updated guidance reflects market and technological developments, including the implementation of the Stablecoins Ordinance, and supersedes the HKMA’s circular dated 20 February 2024 (see our previous update).  

The updated guidance applies to AIs and subsidiaries of locally incorporated AIs conducting custodial activities in respect of ‘digital assets’, defined broadly to include virtual assets, tokenised securities, and other tokenised assets, as well as the means of access to such assets (such as private keys and seeds).

The updated guidance underscores the importance of robust security, governance, and operational controls to ensure that client digital assets held by AIs in custody are adequately safeguarded and that the risks involved are properly managed.

The HKMA has refined the expected standards in the guidance with reference to international standards and emerging industry practices, incorporating flexibility for AIs to put in place operational arrangements that are commensurate with the nature, features and risks of the digital assets under custody.  These standards apply irrespective of whether custody is provided as a standalone service or in connection with other activities, including acting as an intermediary in virtual asset-related activities or distributing tokenised products.

The updated guidance covers the following areas:

• governance and risk management;
• segregation of client digital assets;
• safeguarding of client digital assets;
• delegation and outsourcing;
• disclosure;
• record keeping and reconciliation of client digital assets;
• ongoing monitoring; and
• provision of staking services for VAs from custodial services.

In terms of implementation, AIs or subsidiaries of locally incorporated AIs intending to provide digital asset custodial services are required to engage with the HKMA in advance and demonstrate compliance with the expected standards and requirements. Those already providing such services are expected to review and, where necessary, revise their systems and controls to align with the updated guidance. [27 May 2026] #Stablecoins #DigitalAssets #VirtualAssets

FSTB and SFC conclude consultations on VA advisory and management regimes and aim to introduce Bill into LegCo within 2026

The SFC and the Financial Services and the Treasury Bureau have published their joint consultation conclusions on proposals to regulate virtual asset (VA) advisory and management service providers, with broad market support.

The licensing regimes for VA advisory and management service providers will follow the ‘same business, same risks, same rules’ principle, and their scope will be aligned with that of Type 4 (advising on securities) and Type 9 (asset management) regulated activities under the Securities and Futures Ordinance.  The consultations conclusions follow previous consultation conclusions published in December 2025 on proposals for establishing licensing regimes for VA dealers and custodian service providers (see our previous update).

The SFC and the FSTB will finalise the legislative proposals for establishing the VA advisory and management regimes under the Anti-Money Laundering and Counter-Terrorist Financing Ordinance, with a view to introducing a Bill into the Legislative Council (LegCo) within 2026.

The SFC will in due course engage pre-applicants to initiate the pre application process, conduct consultation on the regulatory requirements for the regimes, and issue such regulatory requirements, as appropriate.

Existing and prospective VA advisory and management service providers are strongly encouraged to engage with the SFC early to initiate pre-application discussions.  This will allow entities to better understand the proposed regimes, facilitate more efficient licensing processes, and ensure their regulatory compliance under the new regimes.  [26 May 2026] #VirtualAssets

Thailand

SECT consults on revisions to digital asset custody regulations and net capital requirements

The Securities and Exchange Commission Thailand (SECT) has published a consultation on proposed principles for revising the net capital requirements and the digital asset custody regulations of digital asset business operators. The revisions aim to enable greater connectivity and collaboration among digital asset business operators, support local activities in digital asset trading and the custody of customers’ assets, and reduce reliance on foreign service providers. Responses are requested by 25 June 2026.  [26 May 2026] #DigitalAssets

India

RBI sets up quantum technology expert committee

The RBI has announced the formation of an Expert Committee for a Quantum Secure and Adaptive Financial Ecosystem (Q-SAFE). The Committee’s terms of reference include:

• exploring and evaluating the potential benefits, risks and challenges in the financial sector;
• evaluating the financial sector's cryptographic inventory through a Cryptography Bill of Materials (CBOM), assessing crypto agility and identifying the critical systems and processes most vulnerable to such threats;
• undertaking a cross-country analysis and assessing the adequacy of existing regulatory frameworks for safe deployment of quantum applications;
• evaluating industry preparedness for quantum-safe cryptography adoption, including the availability, scalability and maturity of vendor tools and solutions; and
• recommending a roadmap and framework to quantum-secure the Indian financial system.

The Committee will submit its report within six months from the date of its first meeting.  [25 May 2026] #Quantum

US

Fed speech: AI opportunities and risks

Federal Reserve (Fed) Governor Lisa D. Cook delivered a speech at the Stanford Institute for Economic Policy Research on 27 May 2026 addressing both the economic outlook and the implications of AI for the financial system.

On AI, Governor Cook identified significant opportunities for the financial sector, including improved compliance processes, enhanced credit access, and greater capital allocation efficiency. However, she also noted material risks, including those arising with AI-driven algorithmic trading, sector disruption risk, growing leverage to finance AI infrastructure investment, and heightened cyber threats from advanced AI models capable of detecting previously undetectable software vulnerabilities.

She also outlined the Federal Reserve's own use of AI, while emphasising the critical importance of strong governance, human oversight, and built-in verification mechanisms.  [May 27, 2026] #AI

SEC Commissioner calls for greater use of privacy-enhancing technologies

SEC Commissioner Hester Peirce delivered remarks at the Regulatory PETshop Series on Cryptographic Technologies and Financial Services Regulation, hosted by the Institute of International Economic Law at Georgetown Law. Commissioner Peirce shared her view that the goal of facilitating government surveillance is increasingly driving regulatory decisions and expectations about how products and services should be constructed to the expense of individual financial privacy. She argued for a reconsideration of the role of new technologies, explaining that they should offer an opportunity, “to refocus government surveillance on bad actors and activities that are most likely to be nefarious and away from the everyday actions of innocent people.”

Commissioner Peirce opined that privacy and investor protection are complementary rather than competing objectives. She illustrated this point through the Crypto Task Force's work, suggesting that transfer agents could be given flexibility to record securities holdings using blockchain public wallet addresses rather than requiring investors to disclose personally identifiable information, thereby reducing the risk of data exposure. She encouraged firms developing privacy-enhancing technologies capable of satisfying know-your-customers (KYC) and anti-money laundering (AML) requirements with reduced data collection to engage directly with the SEC's Crypto Task Force.  [May 27, 2026] #Crypto

FDIC proposes BSA and sanctions compliance standards for FDIC-supervised permitted payment stablecoin issuers

The Federal Deposit Insurance Corporation (FDIC) Board of Directors has approved a Notice of Proposed Rulemaking that would impose Bank Secrecy Act (BSA) and sanctions compliance requirements on FDIC-supervised permitted payment stablecoin issuers.

The proposed rule is mandated by the Guiding and Establishing National Innovation for US Stablecoins Act (GENIUS Act) and reflects the FDIC's designation as primary federal regulator for this class of permitted payment stablecoin issuers, i.e., those which are subsidiaries of insured state nonmember banks and state savings associations approved by the FDIC to issue payment stablecoins.

The FDIC’s proposal would require compliance with anti-money laundering and countering the financing of terrorism (AML/CFT) programme standards established by the Financial Crimes Enforcement Network (FinCEN) and with economic sanctions obligations administered by the Office of Foreign Assets Control (OFAC); it would also align supervision and enforcement provisions with existing FinCEN requirements.

Feedback on the proposals are requested withing 60 days from publication in the Federal Register.  [May 22, 2026] #Stablecoins