FinTech Global FS Regulatory Round-up - w/e 5 June 2026

Global

BIS launches project on behaviour of LLM-based agents in simulated financial market environment

The Bank for International Settlements (BIS) has announced the launch of Project Logos, an initiative aimed at enabling central banks to observe and analyse the behaviour of large language model (LLM)-based agents acting as portfolio managers in a simulated financial market environment.

The project will compare portfolio allocation decisions of heuristic (rules-based) and LLM-based asset managers under controlled conditions, with a focus on how LLM-based agents interpret information, allocate capital and respond to constraints over time, and the conditions that might amplify or dampen correlated decision-making. [4 Jun 2026]  #LLM #AI

BCBS report: ICT risk management – range of practices

The Basel Committee on Banking Supervision (BCBS) has published a range of practices report on information and communication technology (ICT) risk management. The report identifies and compares observed bank ICT risk management practices and regulatory and supervisory approaches across jurisdictions. The paper is designed to complement the BCBS report on cyber resilience by focusing specifically on non-malicious ICT incidents that affect the delivery of critical operations and services.

The BCBS states that the practices documented may serve as reference points for banks and supervisory authorities to adapt and develop ICT risk management practices for their specific circumstances. [2 Jun 2026]  #Cyber #ICT

FSB: London plenary meeting – June 2026

The Financial Stability Board (FSB) has published details of its plenary meeting in London in which members discussed vulnerabilities in the global financial system, sound practices for AI adoption by financial institutions, regulatory and supervisory modernisation initiatives, implementation monitoring, and data challenges related to non-bank financial intermediation (NBFI). With respect to AI adoption, the FSB confirmed that it will publish for consultation a report on sound practices ‘in the coming weeks’. [2 Jun 2026]  #AI

UK

CMORG: Firm guidance for frontier AI

The Cross Market Operational Resilience Group (CMORG) has published a set of guidance for firms in respect of frontier AI. The guidance responds to the growing threat posed by frontier AI models and consolidates into a single reference point industry and public authority thinking in order to enable financial institutions of different sizes and levels of maturity to draw on leading practices. It sets out a structured approach across governance, protection, response, automation and collective resilience. The document is intended to provide a practical and actionable baseline for firms to assess their current capabilities and accelerate their response. It is voluntary and does not constitute regulatory rules or supervisory expectations. [4 Jun 2026] #AI

BoE: Minutes of synchronisation thematic engagement working group – April 2026

The BoE has published the minutes of the first co-creation thematic engagement working group on synchronisation held since the terms of reference were refreshed. The group is intended to gather focused input from industry participants to inform the design of a live synchronisation service, building on previous and ongoing experimentation and policy work; it will meet in a series of focused sessions over the coming months.

The BoE will provide an update on the regulatory status and direction of travel for synchronisation operators when more information is available, likely in early 2027. [4 Jun 2026]  #Synchronisation

FSCP responds to FCA cryptoasset perimeter guidance proposals

The Financial Services Consumer Panel has published its response to the FCA consultation (CP26/13) on a proposed perimeter guidance for the UK’s future cryptoasset regime. The FSCP broadly supports the proposals and believes that the perimeter guidance will strengthen consumer protection and understanding as well as help reduce misleading claims. [4 Jun 2026] #DigitalAsset #Crypto

FCA: Introduction to AML regulations for cryptoasset firms – Q&As

The FCA has published a question and answer (Q&A) document addressing firms’ questions about the anti-money laundering (AML) regulations in relation to cryptoasset activity. Subjects covered in the publication include: the regulatory perimeter, regimes and transition; authorisation expectations and application quality; AML governance, money laundering reporting officer (MLRO) and senior management arrangements; AML framework design and documentation; crypto-specific risk assessment and typologies; transaction monitoring, blockchain analytics and surveillance tools; travel rule and information sharing; sanctions, fraud and broader financial crime controls; operational resilience and systems considerations; and cross-border activity and international alignment. [3 Jun 2026] #DigitalAsset #Crypto

FCA warns football clubs about sponsorship deals with unauthorised firms

The FCA has published the template version of its letter to football clubs raising concerns about sponsorship deals with unauthorised firms, including those operating cryptocurrency exchanges or trading platforms. The regulator expects all UK football clubs to conduct proper due diligence on financial services sponsors before signing, and on an ongoing basis. The FCA notes that sponsorship deals with unauthorised firms may ‘expose clubs to legal liability, money laundering risks and serious reputational damage’. [3 Jun 2026] #DigitalAsset #Crypto

FSRC report: Stablecoins – waiting for regulation

The HoL Financial Services Regulation Committee (FSRC) has published a report on the regulation of stablecoins. The paper sets out the FSRC’s findings following an inquiry launched in January 2026 into the growth and proposed regulation of stablecoins in the UK, with a focus on the regulatory proposals from the BoE and the FCA. Key conclusions and recommendations include:

• the UK is currently lagging behind in developing its regulatory regime compared to the US and the EU;
• regulators must adhere to current timelines and ensure that the final regulatory regime is not delayed;
• there are several elements of the UK’s proposed regime which would diverge from international equivalents, including in requirements for systemic issuers to hold unremunerated backing assets, the proposed stablecoin holding limits, and the restrictions on commercial banks issuing stablecoins;
• the BoE should conduct more granular modelling of the impact of imposing holding limits on high-value use cases;
• HM Treasury should consider with the BoE and the FCA whether the existing legal frameworks are sufficient to detect and deter illicit activity using private unhosted and unregulated wallets, and should be prepared to legislate to restrict their use if necessary;
• HM Treasury should set out further details about how it will determine whether stablecoins are systemic; and
• the FCA should reconsider whether a k-factor requirement for stablecoin issuers that increases with the volume of stablecoins is appropriate. [3 Jun 2026]  #DigitalAsset #Stablecoin

UKPI: New UK payment scheme launched

The UK Payments Initiative (UKPI) has announced the launch of a scheme aimed at enabling widespread adoption of account-to-account payments under HM Government’s National Payments Vision (NPV). Developed collaboratively with banks and fintechs, the scheme establishes a shared rulebook, commercial model and operational standards for flexible, automated, or recurring account-to-account payments, powered by open banking. Initially, the function will be available for payments to organisations such as HM Government, utilities, charities and financial services providers.

Responding to the announcement, the FCA confirmed it is supporting industry efforts to establish an independent standards-setting body, and that it will consult on a long-term regulatory framework by the end of 2026, subject to legislation granting it new powers. [2 Jun 2026]  #Payments

Europe

EC proposes tech sovereignty package

The EC has published the European Technological Sovereignty Package, comprising four legislative and policy measures aimed at reducing the EU's strategic dependence on non-European technology providers. The package consists of:

• the Cloud and AI Development Act (CADA) which is part of the AI Continent Action Plan, introduces a single EU-wide framework for cloud computing and AI sovereignty. The CADA also addresses data centre capacity, aiming to triple this over the next five to seven years.
• Chips Act 2.0 which addresses overdependence on third countries for semiconductor design and manufacturing;
• an open source strategy which commits the EC to scaling up open source alternatives in priority areas, investing in digital skills and infrastructure, supporting start-ups and promoting open source adoption across public administrations; and
• a strategic roadmap for digitalisation and AI in the energy sector.

A set of supporting documents on the tech sovereignty package (in addition to a factsheet) and the strategic roadmap have also been published. [4 Jun 2026]  #AI #Digitalisation #Cloud #Data #Chips #OpenSource

ESAs: 2025 report on major ICT-related incidents – DORA

The European Supervisory Authorities (EBA, EIOPA and ESMA – the ESAs) have published their first annual report on major ICT-related incidents in the EU financial sector based on a reporting mechanism established by the Digital Operational Resilience Act (DORA).

Overall, 3,383 major incidents were reported in 2025 across all financial sectors, with the majority occurring in the credit and payments sectors. Around one third of the reported incidents had a cross-border impact, underscoring the growing interconnectedness through shared infrastructures and services.

Major ICT-related incidents are events that have a high adverse impact on the network and information systems that support critical or important functions of financial entities. [3 Jun 2026]  #ICT #Cyber #DORA

ESMA: Letter on prioritisation of 2026 deliverables

The European Securities and Markets Authority (ESMA) has published its letter to the EC on its annual prioritisation exercise. Highest priority workstreams in 2026 include targeted convergence actions to support effective Markets in Cryptoassets Regulation (MiCAR) implementation, and assessing the impact of tokenisation and monitoring risks arising from geopolitical instability;

The letter also lists several planned deliverables that could become obsolete or altered depending on the final outcome of the legislative negotiations on the market integration and supervision package (MISP). ESMA has decided to postpone consultations on those deliverables until the new package has been adopted. [3 Jun 2026]  #DigitalAsset #MiCAR #Crypto

ECB supervisor highlights frontier AI cyber threats and announces forthcoming Dear CEO letter on operational resilience

The European Central Bank (ECB) has published a speech by Frank Elderson, Member of the ECB's Executive Board and Vice-Chair of its Supervisory Board, at the Goldman Sachs European Financials Conference 2026. Mr Elderson set out the ECB's assessment of the threat posed by frontier AI models to banks' operational resilience, characterising advanced AI tools as a structural shift in the economics of cyber risk rather than an incremental development.

Mr Elderson also announced that the ECB will be sending a ‘Dear CEO’ letter to supervised banks asking them to take proactive measures to ensure the robustness and security of their systems. Mr Elderson stressed that operational resilience is not a standalone compliance matter but a foundational component of banking competitiveness, requiring multi-year investment in people, systems and governance. He acknowledged that smaller and medium-sized banks may face greater challenges given more limited IT budgets, but was clear that this cannot excuse inaction, and that enhanced regulatory proportionality cannot come at the expense of prudent risk management. [3 Jun 2026]  #Cyber #AI

ECB: Statement to ECON on progress of digital euro and Single Currency Package

The ECB has published the introductory statement by Piero Cipollone, Member of the ECB's Executive Board, at a session of the Committee on Economic and Monetary Affairs (ECON) on progress with the digital euro project and the broader Single Currency Package. 

Mr Cipollone highlighted the importance of ensuring access to cash before discussing two key updates in respect of the digital euro project: first, the agreements signed with three European standard-setting bodies; and, second, further preparations for next year’s piloting exercise. On the latter, Mr Cipollone confirmed that selected payment service providers (PSPs) will be announced in July 2026, with development commencing in Q3 2026 and the pilot itself expected to start in H2 2027. [3 Jun 2026]  #CBDC #DigitalEuro #Payments

EBA and NYDFS sign MoU on supervision of international stablecoin activities – MiCAR

The EBA has announced that it signed a memorandum of understanding (MoU) with the New York State Department of Financial Services (NYDFS). ​The MoU establishes principles and procedures to facilitate the exchange of information and the coordination of supervisory activities related to stablecoins issued in both the New York State and the EU, including by entities directly supervised by the EBA under MiCAR. It also provides a framework for mutual assistance in ongoing supervision, as well as timely coordination in crisis or emergency situations. [2 Jun 2026]  #DigitalAsset #Stablecoin #MiCAR #Crypto

ECB speech: From money market funds to stablecoins – lessons for central banks

The ECB has published a speech by Isabel Schnabel, Member of the ECB’s Executive Board, at the 2026 Bank of Korea International Conference on Central Banks and the Future of Money. Ms Schnabel highlighted the parallels and differences between the emergence of money market funds and that of stablecoins to provide a perspective on the challenges posed by stablecoins and other forms of tokenisation to the financial system.

She identified three key challenges:

• financial stability risks, including the potential for bank disintermediation, vulnerability to runs and fire sales of reserve assets;
• implications for monetary policy transmission, which vary depending on how stablecoins are used, e.g. as a payment instrument or store of value, and how stablecoin holders respond;
• the risk that dollar-denominated stablecoins could further cement the international dominance of the US dollar, which may amplify international transmission of US monetary policy, potentially at the expense of the euro's role in the international monetary system.

Ms Schnabel also set out some of the ECB's work in this area, including two wholesale central bank digital currency (CBDC) projects. [1 Jun 2026]  #DigitalAsset #Stablecoin

Hong Kong

HKMA establishes Tokenised Bond Expert Group to drive further adoption and scalability of tokenised bonds

The HKMA has announced the establishment of a Tokenised Bond Expert Group to drive further adoption and scalability of tokenised bonds in Hong Kong.

The expert group brings together industry representatives, including those from industry associations, financial institutions, legal advisory firms, and financial infrastructure and technology providers (see Annex).  It will build on the progress achieved so far through the HKMA’s tokenised bond-related initiatives, and explore policy measures, market practices, and innovations.

The first series of the Expert Group discussions was held in May 2026, where members exchanged views on Hong Kong’s current legal and regulatory regime and its application to tokenised bond issuance and transactions.  These views will inform the HKMA’s ongoing work with the Financial Services and the Treasury Bureau on reviewing and identifying potential enhancements to Hong Kong’s legal and regulatory regime to facilitate the broader adoption of tokenisation technology in the fixed income market.  Further details will be announced separately.

The HKMA indicates that it will continue to engage with the expert group on key topics relevant to market development and will review and update the composition of the group as appropriate.  [5 Jun 2026] #Tokenisation

HKMA clarifies condition for classification of cryptoassets under SPM module CRP‑1

The HKMA has issued a circular to provide clarification in relation to paragraph 2.6.4 of Supervisory Policy Manual (SPM) module CRP‑1 'Classification of Cryptoassets', which came into effect on 1 January 2026 (see our previous update).

Paragraph 2.6.4 includes a requirement in respect of tokenised traditional assets operating on permissionless blockchains, where the tokenised instrument must be approved by a financial market regulator.  The HKMA clarifies that this condition may also be satisfied where the business activities associated with such tokenised traditional assets are subject to regulatory supervision, even if explicit prior approval from a financial market regulator is not required.

This update is effective immediately and will be incorporated into module CRP‑1 in due course.  [3 Jun 2026]  #DigitalAsset #Crypto

SFC issues circular on enhanced cybersecurity measures against AI-enabled cyber threats

The SFC has issued a circular urging licensed corporations, virtual asset trading platforms and their associated entities (collectively, licensed firms) to strengthen cybersecurity measures in light of emerging threats enabled by frontier artificial intelligence (AI) models. 

The SFC noted that Hong Kong recorded a 27% increase in overall cyberattack incidents from 2024 to 2025.  Fast-advancing frontier AI models have the potential to enable more frequent, targeted and sophisticated cyberattacks, which could result in significant operational disruptions and risks for licensed firms, their staff and clients.  In addition,  the proliferation of AI-enabled tools lowers the barriers for malicious actors to engage in phishing, social engineering, deepfake impersonation and reconnaissance.

The SFC urges licensed firms, especially internet brokers and virtual asset trading platforms, to implement robust and up-to-date measures to protect their systems, prevent confidential client information from unauthorised access or disclosure, and safeguard client assets against misappropriation. 

The SFC sets out areas for licensed firms to review and enhance their cybersecurity frameworks to ensure they remain up-to-date and effective, namely:

• patching and vulnerability management;
• access and privilege controls;
• detection and monitoring measures;
• third-party supply chain risk management; and
• incident response and recovery.

Examples of controls and procedures in relation to the above areas are set out in an Appendix.

The SFC reminds licensed firms that their senior management, including the Manager-in Charge of Information Technology, is ultimately responsible for managing cybersecurity risks faced by their firms.  In particular, such individual should ensure that changes to the firm’s cybersecurity framework are adequately reviewed and approved and that enhancements to cybersecurity measures are implemented properly and promptly.

The SFC will continue to engage with the industry, technology service providers and local and overseas regulators on this issue.  As part of its ongoing efforts, the SFC will:

• Organise webinars to raise industry awareness;
• Conduct thematic reviews to assess licensed firms’ preparedness and resilience in responding to cybersecurity incidents and attacks; and
• Take appropriate supervisory action in response to these evolving risks.  [2 Jun 2026]  #Cybersecurity #AI #DigitalAsset

HKMA issues circular regarding expectations on strengthening cyber resilience in light of AI-empowered threats and the support it will provide to the industry

The HKMA has issued a circular reminding authorised institutions to stay vigilant and strengthen their cyber resilience in light of evolving threats posed by frontier artificial intelligence (AI) models.

The HKMA notes that advances in frontier AI models may enable faster, more frequent, and increasingly sophisticated cyberattacks.  Authorised institutions are expected to:

• Critically review and assess the sufficiency of their existing cyber defence controls, as well as that of third-party service providers;
• Uplift incident response and recovery capabilities, including conducting suitable scenario testing;
• Enhance data resilience to counter destructive cyber-attacks, including reviewing the sufficiency of the secure tertiary data backup, or the necessity of implementing such backup if they have yet to do so.

The HKMA will continue to actively support the industry through a series of targeted initiatives, including:

• Establishing the Task Force on AI-driven Cyber Risks, to address potential information asymmetry that may arise as a result of rapid cross-jurisdictional developments  (key findings and takeaways will be shared with the broader industry in a timely manner);
• Developing the Cyber Resilience Testing Framework, to provide authorised institutions with a systematic way to stress test their ability to respond to and recover from actual ‘breach’ situations (a dedicated Industry Working Group formed under the Hong Kong Association of Banks is currently working with the HKMA on the framework’s development, with an initial test run with selected institutions is targeted for late 2026);
• Supporting the effective implementation of the Protection of Critical Infrastructures (Computer Systems) Ordinance, including issuing a sectoral Code of Practice (and Annex) that provides practical guidance on how designated authorised institutions can comply with the category 1 and category 2 statutory obligations.  [2 Jun 2026]  #AI #Cyber

Singapore

MAS and ABS respond to comments on PayNow nicknames

The Monetary Authority of Singapore (MAS) and Association of Banks in Singapore (ABS) have published their response to a letter regarding the removal of PayNow nicknames. In their response, MAS and ABS stated that the sole objective in removing nicknames is to address impersonation scams; it is not to support compliance and enforcement or to compromise privacy.

Discontinuing PayNow nicknames does not increase the traceability of financial flows. The identities of PayNow users are already known to their financial institutions, and existing processes for monitoring and reporting remain unchanged. The change relates only to what is shown to the payer during a transaction. Financial institutions continue to conduct customer due diligence, transaction monitoring, and suspicious transaction reporting regardless of nickname usage.

MAS and ABS recognise that some users value the added privacy offered by nicknames. The move to partial name display seeks to strike a balance, supporting payment confidence while continuing to protect privacy by obscuring full names. [3 Jun 2026]  #Payments

India

IFSCA issues advisory on cyber security risks arising from Frontier AI models

The International Financial Centres Authority (IFSCA) has published a Circular: Advisory on Heightened Cyber Security Risks arising from Frontier Artificial Intelligence Models, which encourages Regulated Entities (REs) to comply with measures set out in an annex to the Circular. The advisory should be read in conjunction with the applicable guidelines, and does not dilute any obligation thereunder.

This Circular has immediate effect. [4 Jun 2026]  #AI

RBI: Launch of payment systems’ connectivity between India and Cambodia for QR-code based cross-border merchant payments

The Reserve Bank of India (RBI) has announced the connectivity of payment systems between India and Cambodia for acceptance of Unified Payments Interface (UPI) at QR-Code enabled merchants in Cambodia has been launched. This marks the go-live of the first phase of collaboration between India and Cambodia on enabling the interoperability of QR-code based Person to Merchant (P2M) transactions.

Indian travellers visiting Cambodia can now make QR code-based payments to over 4.5 million merchants enabled with KHQR (national QR standard of Cambodia) using their UPI applications. This will enable real time physical merchant payments in Cambodia, reducing dependency on cash and providing an alternative to payments using cards.  The facility to enable Cambodian travellers to make UPI QR-enabled merchant payments in India will be in the second phase.

RBI has been actively pursuing interlinking of UPI with fast payment systems of other jurisdictions to promote cross-border payments. These initiatives are aligned with the G20 Roadmap for enhancing cross-border payments, with a focus on cheaper, efficient, more transparent, and more accessible payments. [3 Jun 2026]  #Payments

US

SEC Commissioner Peirce sets out principles for applying securities regulation to blockchain and crypto assets

The SEC has published the remarks delivered by Commissioner Hester M. Peirce at the IC3 Blockchain Camp at Princeton University.

Commissioner Peirce offered a set of principles which could usefully guide the SEC as it considered how to approach to applying securities regulation when new developments such as blockchain technology and crypto assets arise. In summary:  

• “Publishing code is speech, which the First Amendment protects.” The Commissioner explained that, in her view, individuals who only write open-source code for others to use should not have to register with the SEC.
• “Blockchains are a general-purpose technology.” Commissioner Peirce noted that, as the SEC is not a general-purpose infrastructure regulator, it should not require infrastructure operators to be SEC-registered because the infrastructure they operate is used by others to engage in activity that the SEC regulates.
• “Blockchains work as intended when legal systems respect base-layer neutrality.”
• “If infrastructure providers do nothing more than impartially process data in accordance with verifiable, open, non-discretionary execution logic, the SEC should not treat them as securities market participants. Regulatory frameworks should govern conduct, not proximity to the conduct.”
• “Technology can sometimes stand in for regulation.”
• “When centralized actors in crypto markets have discretion over or otherwise take custody of other people’s securities and funds, securities regulation may be appropriate. Onchain CeFi, in contrast to true DeFi, is fair game for securities regulation, but that regulation may not be identical to regulation of traditional centralized finance.”
• “People should be free to transact without intermediaries.”
• “The fact that multiple people use the same software code to transact in securities does not by itself mean somebody has to register as an exchange. If nobody is in control of the system, who would register?”

The views expressed are those of Commissioner Peirce personally and do not represent the position of the SEC or her fellow Commissioners.  [Jun 2, 2026]  #DigitalAsset #Crypto #DeFi

NYDFS and EBA sign MoU to enable cross-border collaboration on stablecoin supervision

The NYDFS and the European Banking Authority (EBA) have signed a memorandum of understanding (MoU) to facilitate the exchange of supervisory and confidential information related to stablecoins.

The MOU is intended to enhance the supervision of entities engaged in stablecoin activities, identify market trends and risks, and promote the integrity of the stablecoin market; it relates solely to the stablecoin-related activities of supervised entities and does not extend to other activities those entities may undertake.  [Jun 2, 2026]  #DigitalAsset #Stablecoin

CFTC chair Selig sets out policy vision for crypto asset perpetuals in op-ed

The CFTC has published Chair Michael S. Selig’s op-ed for CoinDesk in which he provides his views on the significance of the CFTC’s approval of a bitcoin perpetual contract for listing on a CFTC-registered exchange, describing it as "historic action." Chair Selig comments that the absence of a US regulatory pathway for perpetuals had caused trading activity to migrate offshore, fragmenting liquidity across foreign platforms and competitively disadvantaging American firms and market participants.

He notes that, as part of its broad agenda to promote responsible innovation, the CFTC will continue advancing initiatives related to tokenised collateral, crypto asset market structure, and prediction markets. [May 29, 2026]  #DigitalAsset #Crypto

CFTC issues policy statement on the listing of perpetual contracts

Contemporaneous with an order permitting the listing of a perpetual contract, which references the spot price of bitcoin, by a designated contract market (DCM) as a futures contract, the CFTC has issued a policy statement setting out its views on the listing of perpetual contracts.

The policy statement clarifies that, given the unique and variable characteristics of perpetual contracts depending on the underlying asset, the Commission considers the case-by-case review process under Commission Regulation 40.3 to be the appropriate mechanism for the listing of perpetual contracts referencing asset classes not covered by the Order.  [May 29, 2026]  #Crypto

CFTC approves BTCPERP Contract submitted by KalshiEX

The CFTC has announced that it has issued an Order for Approval to KalshiEX, LLC, a DCM, for the listing of the BTCPERP Contract, a perpetual contract referencing the spot price of bitcoin, as a futures contract. The CFTC has determined that the contract complies with the Commodity Exchange Act and applicable Commission regulations.  [May 29, 2026]  #Crypto