on 1 december 2025, the commission de surveillance du secteur financier (cssf) announced the launch of its 2025 annual aml/cft questionnaire on 23 february 2026. this initiative aims to gather standardised information on money laundering and terrorism financing risks faced by entities under cssf supervision, as well as the measures implemented to mitigate these risks. the questionnaire is a key component of the cssf's risk-based supervision approach for combating financial crime. key details: submission deadline: responses must be submitted via the cssf edesk platform by 3 april 2026. changes in 2025 questionnaire: updates and new questions have been incorporated, with changes clearly marked. responsibility for completion: the compliance officer in charge of the day-to-day compliance (rc) or the person responsible for overall compliance (rr) must ensure the questionnaire is completed. delegation to another employee or third party is permitted, but ultimate responsibility remains with the rc or rr. all involved must have an edesk account authenticated via luxtrust. api solution: the application programming interface (api) remains available for submissions, with a user guide accessible on the cssf website. additional ad hoc questionnaire: in the first half of 2026, the cssf will release an additional questionnaire targeting credit and financial institutions. this will collect data to assist the european anti-money laundering authority (amla) in selecting entities for direct supervision starting 1 january 2028. amla plans to directly oversee 40 entities, with the selection process occurring in 2027. entities are encouraged to ensure their edesk accounts are active to avoid connectivity issues. cssf’s press release can be found here

on 24 october 2025, the cyprus securities and exchange commission (cysec) issued circular c736 to address compliance issues observed among cyprus investment firms (cifs) regarding the prudential supervision of investment firms law (law 165(i)/2021) and regulation (eu) 2019/2033 (ifr). below are the key points: prudential reporting: cifs must ensure timely and accurate submission of prudential and remuneration reports via cysec’s xbrl portal, adhering to article 54 of the ifr. compliance with prudential requirements: cifs are required to continuously monitor and meet prudential obligations under articles 9, 11, and 43 of the ifr, taking immediate corrective actions when deficiencies arise. data consistency: material discrepancies between prudential reports and other financial documents (e.g., audited statements) must be avoided. cifs should ensure accurate data mapping during report preparation and are urged to refer to commission implementing regulation (eu) 2021/2284 for guidance. remuneration policies: class 2 cifs must ensure compliance with sections 24 and 26 of law 165(i)/2021 regarding remuneration policies, including deferral of variable pay and adherence to eba guidelines. governance committees: cifs must establish risk and remuneration committees as per law 165(i)/2021, ensuring proper composition, gender balance, and compliance with governance standards. internal governance: cifs should enhance policies on conflicts of interest in the context of loans and other transactions with members of their management body and their related parties to align with the eba’s guidelines. liquid assets: cifs must ensure that items be accurately recorded as liquid assets under article 43(1) of the ifr. unencumbered short-term deposits should qualify as liquid assets only if they are unencumbered short-term deposits at a credit institution, therefore amounts held with electronic money institutions (emis) or payment service providers (psps) are excluded. cifs are advised to refer to eba q&a 2021 6299 for further guidance. prudential consolidation: cifs must regularly assess alterations to group structures to accurately assess whether entities qualify as financial institutions or union parent investment firms. entities that fall under those definitions must ensure compliance with ifr prudential consolidation requirements. audited financial statements: cifs must accurately disclose modified auditor opinions and pillar iii links by ensuring that the relevant form is completed fully and accurately. next steps: cifs are urged to review their practices to ensure full compliance with applicable laws, regulations, and guidelines. cysec will continue monitoring and may impose sanctions for non-compliance. for further details, cifs are encouraged to consult the full circular here

the cayman islands monetary authority (cima) released a desk-based review of the virtual asset service providers (vasps) to assess compliance with the virtual assets (service providers) act (vasp act) and related regulations in november 2025. the review, covering 11 entities, focussed on corporate governance, internal controls, cybersecurity, financial stability, and virtual asset custody arrangements. key findings: corporate governance: gaps in board composition and succession planning were identified. boards lacked diversity and independent directors, contrary to regulatory requirements. internal controls: deficiencies in business continuity planning, internal audits, and complaints handling were noted. many entities lacked comprehensive policies and regular reviews. cybersecurity: weaknesses included inadequate governance, risk management, and data protection measures. many entities failed to conduct regular audits or implement robust cybersecurity frameworks. virtual asset custody: policies for managing virtual asset custody and private keys were insufficient. over 80 per cent of entities had not conducted independent audits of custody platforms. recommendations: strengthen governance by ensuring board diversity and formal succession plans. enhance internal controls, including business continuity plans and regular audits. improve cybersecurity frameworks, conduct regular risk assessments, and secure insurance against cyber risks. develop robust policies for virtual asset custody, including independent audits and client disclosures. regulatory reminders: vasps must promptly notify cima of changes in key personnel, cybersecurity incidents, or operational changes. compliance with the vasp act, aml regulations, and other legal obligations is critical. for more information cima’s desk-based review can be found here

on 20 november 2025, the british virgin islands international tax authority (ita) announced that economic substance (es) reporting obligations will transition from the beneficial ownership secure search system (bosss) to the virtual integrated registry regulatory general information network (virrgin) portal. the ita has confirmed that the new virrgin es filing portal is in its final stages of preparation and will be deployed for filings due in 2026. key points to note: final bosss filings: filings due in december 2025, which relate to financial periods ending in july 2025, are expected to be the last conducted via the boss portal. new virrgin filings: filings for financial periods ending after july 2025 will be made in the new virrgin es portal, which is anticipated to be available for use in 2026. action required: registered agents with es information ready before the end of december are strongly encouraged to file as early as possible to mitigate any potential disruption during the transition period. final dates for the boss portal closure and the virrgin portal launch will be confirmed by the ita shortly. we advise all affected parties to be aware of this transition. need support? for further guidance, the harneys team remains available to assist with navigating the transition and related es compliance considerations.

on 9 october 2025, the european banking authority (eba) released a report addressing money laundering (ml) and terrorist financing (tf) risks in the crypto-asset sector. here is a concise summary of the key points: evolving risks in crypto the crypto sector’s dynamism is rapidly transforming the financial landscape; however, this also makes it a prime target to ml/tf risks. key channels of exposure include: exploitation of regulatory gaps by crypto firms, often engaged in "forum shopping" or misuse of exemptions like reverse solicitation. weak governance, opaque beneficial ownership structures and inadequate aml/cft measures. high-risk exposure through decentralised finance (defi) platforms, which were often identified as entry and exit points for illicit funds. enhanced framework insufficient without effective implementation the report welcomes the introduction of further safeguards through the eu's markets in crypto-assets regulation (mica) and amendments to the eu anti-money laundering directives (amld), including: unified authorisation and passporting regime accompanied by transparency requirements, and stronger governance standards. the empowerment of competent authorities to enforce compliance, monitor unauthorised activities and ensure effective implementation of these frameworks. public registers for authorised crypto-asset service providers (casps) and consumer outreach campaigns aim to improve transparency and protect users from unauthorised operators. however, the report stresses the need for effective implementation of the regimes by the national competent authorities of eu member states and issues a number of supervisory recommendations, including: upholding cross-border cooperation and information-sharing among authorities to close regulatory gaps. monitoring linked entities and ensure transparency in ownership structures to prevent misuse of complex arrangements. addressing legacy compliance issues before granting authorisations under mica. leveraging advanced tools like blockchain forensics, supervisory technology (suptech) solutions and public-private dialogue to stay ahead of emerging risks. ensuring effective implementation of the central contact point (ccp) mechanism to enhance oversight of cross-border entities. adopt innovative tools and techniques such as surveys on market exposure to specific casps raising ml/tf concerns. the report concludes that supervisors must remain agile and informed about evolving risks, including those linked to new technologies, products and geopolitical developments. continuous training, risk assessments and collaboration with private sector stakeholders are critical to addressing these challenges. eba’s press release can be found here and the report here.

bermuda enacted the beneficial ownership act 2025 (the act), a significant legislative reform designed to consolidate and enhance the jurisdiction's framework for corporate transparency. pursuant to the beneficial ownership act 2025 commencement day notice 2025, the act is in force as of 3 november 2025. this legislation aligns bermuda with revised international standards set by the financial action task force (fatf) and introduces fundamental changes to compliance obligations for legal persons operating in the jurisdiction. for businesses and legal professionals, understanding these changes is paramount. this summary guides you through the act's most critical updates, including the transfer of the central register, new verification duties, expanded definitions and the implications for legal entities in bermuda. key objectives and legal framework the beneficial ownership act 2025 was introduced with several strategic goals. it aims to: consolidate the legal framework: the act unifies multiple pieces of legislation governing beneficial ownership into a single, streamlined statute. it repeals and replaces the previous fragmented regime found across the companies act 1981, limited liability company act 2016, and various partnership acts. align with fatf standards: it addresses key recommendations from the caribbean financial action task force (cfatf) and ensures bermuda's framework meets the latest international standards on transparency and anti-money laundering (aml). enhance regulatory oversight: the act transfers responsibility for the central register from the bermuda monetary authority (bma) to the registrar of companies (roc), creating a single, authoritative body for managing beneficial ownership information. to support this new framework, the beneficial ownership (consequential amendments) order 2025 makes necessary changes to related laws, including the companies act 1981, the economic substance act 2018, and the exchange control act 1972, ensuring a cohesive regulatory environment. changes introduced by the act the legislation brings about several pivotal changes that all legal persons in bermuda must understand. expanded scope and reduced exemptions perhaps the most significant change is the expansion of the act's scope. the new regime applies to all "legal persons," which includes companies, limited liability companies and all forms of partnerships (exempted, limited and overseas). critically, many previous exemptions have been removed. under the old framework, entities like certain financial institutions and permit companies were exempt. now, the only exemption applies to legal persons whose shares are listed on the bermuda stock exchange or another appointed stock exchange, along with their direct subsidiaries. this means a large number of entities previously out of scope must now comply with the new beneficial ownership requirements. all such "in-scope entities" must establish and maintain a beneficial ownership register. transfer of the central register to the roc to streamline oversight, responsibility for bermuda's central register has been transferred from the bma to the roc. the roc will now manage the collection, maintenance and security of all beneficial ownership data through a new, dedicated electronic portal. approval for new beneficial owners will now be handled by the roc, a key change for non-regulated entities. however, existing beneficial owners approved under prior laws will not need to seek new approval. new verification and information requirements the act places a stronger emphasis on the accuracy and verification of data. section 2 of the act defines key terms for data quality: adequate: information sufficient to identify registrable persons and the means by which control is exercised. accurate: information that has been verified against reliable, independent sources. current: information that is up-to-date and reflects the latest changes. in-scope entities now have a legal duty to take "reasonable measures" to verify the identity of their beneficial owners using independent source documents and must maintain records of these verification measures. the minimum required information has also expanded to include details from a valid government-issued id, such as the number, country of issue and expiry date. revised definition of "beneficial owner" the definition of a "beneficial owner" has been updated to align more closely with fatf terminology, focussing on "ultimate effective control." an individual is considered a beneficial owner if they meet one of the following conditions: own or control 25 per cent or more of the shares, voting rights or partnership interests. exercise ultimate effective authority over the governance of the legal person. exercise control through other means. if no individual meets these conditions, the entity must identify the senior manager (eg, ceo, managing director) as the beneficial owner. enforcement, penalties and dispute resolution the act introduces robust mechanisms for enforcement and clarifies the roles of the roc and the courts. the role of the court sections 13 and 14 of the act empower the supreme court of bermuda to handle disputes and rectify registers. where a bona fide legal dispute over beneficial ownership is being adjudicated, no changes can be made to the register without a court order. any person aggrieved by their inclusion or omission from a register may apply to the court for rectification. penalties for non-compliance compliance is enforced through the registrar of companies (compliance measures) act 2017. failure to adhere to the act's provisions can result in significant penalties. for instance, knowingly or recklessly disclosing information from the central register without the roc's consent can lead to fines of up to $100,000 and two years’ imprisonment on summary conviction, or up to $250,000 and five years’ imprisonment on indictment. access to the central register another key feature of the act is the provision for expanded access to the central register. while the register is not public, access may be granted to specific parties for legitimate purposes, including: competent authorities: the bma and other statutory bodies can access data to perform their functions. obliged entities: financial institutions and designated non-financial businesses can access the register to conduct customer due diligence (cdd). notably, section 18(3) of the act grants the registrar the authority to restrict or prohibit the disclosure of information as deemed appropriate, providing a safeguard in circumstances where a beneficial owner may be at risk of harm. bermuda’s beneficial ownership act 2025 can be found here the beneficial ownership act 2025 commencement day notice here beneficial ownership (consequential amendments) order 2025 can be accessed here

on 7 november 2025, the cayman islands government announced fee adjustments across the financial services sector to ensure proportionality, align with international standards and improve administrative efficiency by simplifying compliance and reducing the administrative burden. these changes will take effect progressively from 1 january 2026. key updates: class “a” banking licence renewal fees: transition to a tiered fee structure based on total assets. phased implementation from 2026 to 2028: less than usd 1 billion: no change ($1m annually). usd 1–3 billion: increases to $1.75m by 2028. usd 3 billion or more: increases to $2.25m by 2028. consolidated annual fees for mutual and private funds: combines existing annual fees into a single payment. annual return fee increases: from $300 to $450 for funds. from $150 to $225 for sub-funds. new annual fee for registered offices of exempted limited partnerships (elps): introduction of a $100 annual fee for elp-registered offices. payable by licensed service providers. class b(i), (ii), and (iii) insurer fees: 10 per cent increase in annual fees across all categories. implementation timeline: 2026–2028: tiered banking licence fees. 2026: all other changes. industry stakeholders are advised to assess these changes and make necessary preparations for their implementation. the industry advisory can be found here

the british virgin islands (bvi) introduced its first annual frozen assets reporting (far) process for 2025, aligning with the virgin islands’ sanctions framework and uk sanctions legislation. bvi entities, that are in scope for this reporting, are reminded of their mandatory statutory obligation to report frozen assets linked to uk-designated persons. key reporting details for bvi: who must report: any bvi person or entity holding, controlling or managing funds or economic resources of uk-designated persons. this includes assets located both inside and outside the bvi. note: assets frozen solely under other sanctions regimes (eg, ofac) are excluded. reference date: close of business on 30 september 2025. submission deadline: reports must be submitted by 30 november 2025. how to file: persons to whom this reporting is relevant are required to report the details of the frozen assets by competing and submitting to the sanctions unit within the attorney general’s chambers the relevant parts of the compliance reporting form using parts a and c (frozen assets) and annex ii, here or by using the dedicated frozen assets reporting template, here circulated by the sanctions unit with the notice of this reporting obligation. a link to the sanctions unit notice dated 20 november 2025 can be found here. submit completed forms to the sanctions unit, attorney general’s chambers via email: sanctions@gov.vg. refer to the virgin islands sanctions guidelines for detailed instructions on freezing obligations, reporting standards, and required supporting information:sanctions guidelines (revised december 2024)compliance reporting form key considerations: reporting frozen assets is a statutory requirement under bvi sanctions legislation. failure to report or submitting inaccurate reports may constitute an offence. entities should maintain robust screening processes and promptly freeze any funds or economic resources of designated persons. stakeholders must: review their client base and accounts for any exposure to uk-designated persons. confirm that asset-freezing controls are operating effectively. prepare the report: start gathering the data as of 30 september 2025 and submit the required report by 30 november 2025. seek guidance if you are unsure about your reporting scope or obligations. if you need assistance to determine if your bvi entity is in scope of this reporting requirement, please do feel free to get in touch with us. stay compliant and ensure your reports are submitted on time to avoid penalties. post updated: 28 november 2025

on 8 october 2025, the european banking authority (eba) released a comprehensive report summarising six years of reviews of the approach of national competent authorities on anti-money laundering (aml) and countering the financing of terrorism (cft) supervision across eu/eea member states. the report highlights significant progress in the following areas: aml/cft supervision notably, 81 per cent of national competent authorities (ncas) have revised their supervisory manuals in line with eba standards. key measures include providing guidance on how to assess the adequacy and effectiveness of obliged entities’ aml/cft systems and controls, as well as enhancing customer sampling policies. an impressive 90 per cent of ncas have enhanced their strategic use of supervisory tools, increasing both the intrusiveness and impact of their oversight. key measures include the use of external parties to carry out specific supervisory tasks and introducing new supervisory tools. cooperation domestic cooperation has strengthened, with significant advances in formalising arrangements with financial intelligence units (fius) and tax authorities, though some authorities are still working to improve practical information-sharing. on the international front, 55 per cent of ncas have fully or largely addressed any findings on the effectiveness of the bilateral cooperation with their counterparts in other jurisdictions. aml/cft colleges now play a central role in facilitating cross-border collaboration and even though challenges persist when cooperating with third-country authorities, improvements have been recorded. despite ongoing resource constraints and a complex geopolitical landscape, overall effectiveness has improved. the new anti-money laundering authority (amla) is poised to build on this progress, addressing lingering challenges and driving standardisation of aml/cft supervision across the eu. eba’s press release can be found here and the final report here

the british virgin islands (bvi) introduced its first annual frozen assets reporting (far) process for 2025, aligning with the virgin islands’ sanctions framework and uk sanctions legislation. while no standalone notice has been issued, entities in the bvi are reminded of their statutory obligation to report frozen assets linked to uk-designated persons. key reporting details for bvi: who must report: any person or entity in the bvi holding, controlling or managing funds or economic resources of uk-designated persons. this includes assets located both inside and outside the bvi.note: assets frozen solely under other sanctions regimes (eg, ofac) are excluded. reference date: close of business on 30 september 2025. submission deadline: reports must be submitted by 30 november 2025. how to file: use the bvi compliance reporting form, which includes a dedicated section for frozen assets. submit completed forms to the sanctions unit, attorney general’s chambers via email: sanctions@gov.vg. refer to the virgin islands sanctions guidelines for detailed instructions on freezing obligations, reporting standards, and required supporting information: sanctions guidelines (revised december 2024) compliance reporting form uk template reporting form key considerations: reporting frozen assets is a statutory requirement under bvi sanctions legislation. failure to report or submitting inaccurate reports may constitute an offence. entities should maintain robust screening processes and promptly freeze any funds or economic resources of designated persons. stakeholders must: review their client base and accounts for any exposure to uk-designated persons. confirm that asset-freezing controls are operating effectively. prepare the report: start gathering the data as of 30 september 2025 and submit the required report by 30 november 2025. seek guidance if you are unsure about your reporting scope or obligations. stay compliant and ensure your reports are submitted on time to avoid penalties.

on 13 october 2025, the uk office of trade sanctions implementation (otsi) shared a compelling case study that underscores the importance of due diligence in preventing breaches of uk trade sanctions. the case involves a multinational bank's uk branch, which successfully identified and stopped payments linked to sanctioned goods originating from russia. this proactive action not only ensured compliance with the russia (sanctions) (eu exit) regulations 2019 but also safeguarded the bank's reputation and business interests. case overview between april and june 2025, the uk branch of the bank flagged several transactions involving the trade of a sanctioned product from russia to a third country. under uk sanctions law, it is illegal for uk persons or entities to facilitate the movement of such goods, including providing financial services like payment processing. the bank's internal account screening system detected the payments, prompting enhanced due diligence checks. as a result, the payments were declined, and the activity was reported to otsi using their online reporting tool. otsi's investigation confirmed that the uk branch had not breached sanctions, as the payments were never processed. this case highlights the effectiveness of internal compliance systems in identifying and mitigating risks before they escalate. key lessons for businesses understand sanctions regulations: businesses, especially in the financial sector, must be well-versed in how uk sanctions impact their operations. this includes understanding the specific obligations for uk branches of multinational corporations. adopt a risk-based approach: conduct enhanced due diligence on high-risk clients and transactions, particularly those involving jurisdictions with a history of sanctions evasion. regularly update these checks to reflect changes in transactional patterns. strengthen internal screening: develop robust internal systems to flag and review transactions that may breach sanctions regulations. this includes implementing safeguards to stop payments before they are processed. mandatory and voluntary reporting: regulated sectors must comply with mandatory reporting requirements, while other businesses can benefit from making voluntary disclosures to otsi. prompt reporting can mitigate potential penalties and demonstrate a commitment to compliance. learn from the financial sector: businesses outside the financial industry can adopt similar compliance practices to enhance their sanctions awareness and counter evasion tactics. leverage otsi resources: utilise tools like otsi's online reporting system to report suspected breaches or near misses. this not only aids compliance but also contributes to global efforts to prevent sanctions evasion. this case study serves as a reminder of the global nature of trade sanctions and the need for international cooperation. otsi's ability to share information with counterparts in other jurisdictions ensures a coordinated approach to investigating and preventing sanctions breaches. for businesses, it reinforces the importance of maintaining strong compliance frameworks to navigate the complexities of international trade regulations. by taking proactive measures, businesses can protect themselves from legal and reputational risks while contributing to the broader goal of upholding international sanctions regimes. the official article can be accessed here

on 23 october 2025, the bvi international tax authority (ita) published a notice to advise that the organisation for economic co-operation and development (oecd) introduced significant updates to the common reporting standards (crs), now referred to as crs 2.0, alongside the development of the crypto-asset reporting framework (carf). these initiatives aim to improve global tax transparency and address emerging challenges in financial markets. the bvi will implement crs 2.0 starting 1 january 2026, with reporting deadlines set for may 2027. virgin islands financial institutions will need to collect the new information during 2026 to be reported to the ita by may 2027. carf implementation is scheduled for 2028. key updates in crs 2.0: inclusion of digital products: financial accounts now encompass electronic money products and central bank digital currencies (cbdcs). expanded definition of financial assets: relevant crypto-assets, derivatives and indirect crypto-asset investments are now included. due diligence: strengthened procedures mandate validation of self-certifications for account holders and controlling persons. clarified reporting entities: e-money providers and accounts holding cbdcs are now explicitly covered. improved reporting quality: updates include expanded reporting requirements, reliance on aml/kyc procedures and exceptional due diligence for cases lacking valid self-certifications. oecd’s guide highlights: the crs, introduced in 2014, was designed to promote tax transparency for financial accounts held abroad. over 100 jurisdictions have implemented the crs, but evolving financial markets, including the rise of crypto-assets, necessitated a comprehensive review. this review, conducted by the oecd in collaboration with g20 countries, resulted in two major outcomes: crypto-asset reporting framework (carf): a global tax transparency framework for the automatic exchange of tax information on crypto-asset transactions. carf addresses the unique challenges posed by crypto-assets, which often operate outside traditional financial systems, reducing tax administrations' visibility on tax relevant activities. carf includes: rules for domestic implementation, covering the scope of crypto-assets, reporting entities, transactions and due diligence procedures. a multilateral competent authority agreement for information exchange. an xml schema for standardised reporting and exchange of information between tax administrations. amendments to the crs: updates to include new financial assets, products and intermediaries, while avoiding duplicative reporting with carf. enhancements include: detailed reporting requirements. strengthened due diligence procedures. new categories for non-reporting financial institutions (e.g., genuine non-profit organisations) and excluded accounts (e.g., capital contribution accounts). additional guidance to improve consistency in crs application. next steps for financial institutions: financial institutions in the bvi must familiarise themselves with these changes to ensure compliance with the revised reporting standards. for further details, the bvi ita’s notice can be found here

on 15 october 2025, the uk intensified its sanctions against russia, targeting key sectors of its economy in response to the ongoing conflict in ukraine. these measures aim to undermine russia's ability to fund its military operations while signalling the uk's commitment to global security and peace. a breakdown of the latest developments is as follows: key highlights of the new sanctions targeting russian oil giants: the uk has sanctioned rosneft and lukoil, russia's two largest oil companies, which collectively export 3.1 million barrels of oil daily. this follows earlier sanctions on gazprom neft and surgutneftegas. these measures aim to cut off significant revenue streams for russia, which heavily relies on oil exports for funding. crackdown on the "shadow fleet": 44 tankers involved in transporting russian oil, along with four oil terminals in china and an indian refinery (nayara energy ltd), have been sanctioned. seven specialised lng tankers and the chinese beihai lng terminal, linked to arctic lng2, a disrupted russian project, are also targeted. broader economic measures: this package is aimed at tightening enforcement of existing restrictions and at neutralising circumvention channels in global oil flows — which is why the uk has targeted the “shadow fleet”, relevant terminals and lng infrastructure. sanctions on businesses supplying critical electronics for russian drones and missiles, spanning countries including thailand, singapore, turkey, and china. financial impact: since february 2022, uk sanctions have frozen £28.7 billion of russian assets (as of may 2025) under the uk’s russia sanctions regime, showcasing the uk's role in enforcing financial restrictions. legal services general licence (gl) expansion: ofsi in the uk clarified the scope of the new gl, effective 29 october 2025 which requires reporting payments to ofsi within 14 days and runs (as published) until 28 april 2026. the gl now applies to most uk autonomous sanctions regimes, expanding beyond its previous focus on russia and belarus. the gl can be found here and ofsi’s publication notice here. law firms, legal advisors, counsel, and providers of expenses can receive payments from designated persons under these regimes, provided all conditions of the licence are met. payments are permitted from abroad into uk bank accounts or certain non-uk accounts, but the gl does not allow payments to or for the benefit of individuals designated under united nations sanctions. jurisdictional extent: uk sanctions measures apply in the uk overseas territories (ukots) (through orders in council) and implemented in the crown dependencies (cds) through their own domestic legislation, which aligns with uk sanctions policy. the changes referred to above automatically apply in the ukots and in practice in the cds with the exception of the gl which applies only in the uk. the uk's latest sanctions against russia represent a significant escalation in the economic and political pressure on the kremlin. while these measures are expected to have an impact on russia's economy, they also reinforce the uk's commitment to supporting ukraine and upholding international law. please see futher: uk press release dated 15 october 2025 available: here policy paper on “list of russia sanctions targets” dated 15 october 2025” - here general licence int/2025/7323088 (legal services) – here

on 6 november 2025, the cayman islands financial reporting authority (fra) published a notice requiring all entities holding frozen assets linked to designated persons (dps) under uk sanctions law to submit an annual report. this measure is part of global efforts to combat financial crime, terrorism financing and human rights abuses. here is what you need to know: what you need to do who must report: entities holding funds or economic resources owned, held or controlled by dps listed under uk sanctions law. exemptions: no need to submit a report if no such assets are held. deadline: submit reports by 30 november 2025, detailing assets as of 30 september 2025. going forward, there is now an ongoing obligation to make such reports. reporting requirements: report all funds or economic resources, whether held in the cayman islands and overseas that are frozen under uk sanctions. include asset types, values (in usd if applicable) and account details. use the official frozen assets reporting template available on the fra website. ongoing compliance regularly check for accounts linked to dps. freeze and report newly identified assets immediately. avoid dealing with or making assets available to dps unless licensed. submission details email completed forms to financialsanctions@gov.ky. why this is happening global compliance: the cayman islands implements uk sanctions under the sanctions and anti-money laundering act 2018. these sanctions target individuals, entities and regimes involved in activities like terrorism, corruption and human rights violations. transparency and accountability: reporting ensures that funds and economic resources linked to dps are identified, frozen and not used to support illicit activities. failure to comply is an offence and may result in penalties. for more information, the official notice can be accessed here and the frozen assets reporting template here.

on 6 october 2025, the european supervisory authorities (esas) issued a warning about the risks of crypto-assets. while the eu's new markets in crypto-assets regulation (mica) provides some safeguards, the crypto market encompasses a wide range of assets that remain volatile, complex and prone to scams. key points for consumers: understand the risks: crypto-assets are not all the same. consumers must learn about the product, evaluate and thus anticipate risks such as extreme price swings, liquidity issues, and misleading promotions, especially on social media. check authorisations: verify that the crypto-asset service provider (casp) is authorised under mica via the esma register, accessible here. secure your assets: use secure devices and wallets to protect private keys, as losing them results in irreversible loss. mica, effective from december 2024, regulates certain crypto-assets like electronic money tokens (emts) and asset-referenced tokens (arts), but excludes others like crypto-assets that are unique and non-fungible such as domain names. therefore, consumers should be aware that investing or using crypto-assets not regulated by mica or other eu financial services legislation or that are offered through unauthorised crypto-asset service providers may lead to significant risks and limited or no consumer protection. esma’s press release can be found here the warning letter and the accompanied factsheet explaining what the new eu regulation on mica means for consumers, can be accessed here and here

on 10 october 2025, the eu council updated its list of non-cooperative jurisdictions for tax purposes, maintaining the same 11 countries: american samoa, anguilla, fiji, guam, palau, panama, russia, samoa, trinidad and tobago, the us virgin islands, and vanuatu. these jurisdictions have not fully met eu tax cooperation standards and are urged to improve their legal frameworks to meet these requirements. additionally, the eu council acknowledged progress in its "state of play" document. this document reflects ongoing eu cooperation with its international partners and the commitments of these countries to reform their legislation to adhere to agreed tax good governance standards. vietnam will be removed from the “state of play” document after meeting country-by-country reporting standards, while greenland, jordan, morocco, and montenegro committed to implementing reforms to their legislation. the next update of the list is scheduled for february 2026. the press release can be accessed here

on 12 september 2025, the bermuda monetary authority (bma) published a press release highlighting that bermuda's commercial (re)insurers paid an astounding us$1.1 trillion in claims globally from 2016 to 2024, with us$700 billion directed to u.s. policyholders. these claims addressed catastrophic events, property and casualty losses and life insurance benefits. the data also revealed a consistent annual increase in claims incurred from 2016 to 2024 with total claims incurred in 2024 representing 20 per cent of the cumulative total for the entire nine-year period. in 2024 alone, claims reached us$211 billion, underscoring the resilience of bermuda's (re)insurance market amidst challenges like natural disasters, economic volatility, and geopolitical turmoil. over the nine-year period, us$831 billion was paid to policyholders in the u.s., europe, and the uk, cementing bermuda's pivotal role in global risk management. the bma emphasised the market's strength, supported by regulation and innovation, ensuring policyholders' trust even during significant loss events. bma’s press release can be found here

on 23 october 2025, the cyprus bar association (cba) issued circular 18/2025 regarding the 19th package of sanctions imposed by the european commission against russia, informing its members on the sanctions targeting actions undermining ukraine's territorial integrity, sovereignty and independence. key points include: members of the cba are urged to review and integrate 19th sanctions package (eu regulation 2025/2037, eu regulation 2025/2033, and eu regulation 2025/2041) into their due diligence processes, particularly in client acceptance policies and risk assessments. regular updates to the eu sanctions regime are expected. routine monitoring and implementation is required to ensure compliance. for further details, members are advised to consult the official eu publications. the cyprus bar association circular can be accessed here (in greek)

on 23 october 2025, the european union has adopted its 19th package of sanctions against russia, marking a significant escalation in its efforts to counter russia's ongoing aggression in ukraine. these measures target critical sectors of the russian economy, including energy, finance, and military industries, while also addressing circumvention tactics and third-party enablers. energy sector measures: a total ban on russian lng one of the most impactful measures is the ban on russian liquefied natural gas (lng) imports. this ban will take effect for long-term contracts starting january 2027 and within six months for short-term agreements. furthermore, the eu has eliminated exemptions for major russian energy companies, rosneft and gazprom neft, further tightening restrictions on oil and gas imports. the sanctions also target russia's "shadow fleet," with 117 additional vessels now banned from eu ports, bringing the total to 557. these ships, often used to bypass sanctions, will face restrictions on services and port access. additional sanctions are notably imposed across the shadow fleet value chain, including on litasco middle east dmcc, lukoil's prominent shadow fleet enabler based in the ua, as well as on maritime registries providing false flags to shadow fleet vessels. the port infrastructure ban enables the eu to list ports in third countries that are instrumental to the russian war effort. additional listings the 19th sanctions package contains 69 additional asset freeze listings. such listings include a russian energy company, a large russian company involved in gold production, a russian company managing the shadow fleet, and two chinese refineries and an oil trader facilitating trade with russia, among other legal and natural persons. financial measures: closing loopholes the eu has introduced sweeping financial restrictions, including: transaction bans on five russian banks prohibitions on russia's payment systems, such as mir and sbp. lists four financial institutions in belarus and kazakhstan that use the russian payments system. trade and military restrictions the sanctions expand export bans on dual-use items and advanced technologies, including metals and chemicals critical for weapon production. additional export bans cover products such as slats and ores, construction material and articles of rubber. individual listings targeting businesspersons and companies involved in russia’s military-industrial complex, as well as operators from the uae and china engaged in the production or supply of military and dual-use goods in russia. the eu has also listed 45 new entities involved in russia's military-industrial complex or in the circumvention of sanctions, including companies in china, india and thailand. measures targeting russia's special economic zones (sezs) these zones aim to attract foreign investment and serve as key drivers of economic growth and infrastructure development. to clearly signal that eu businesses should avoid involvement, the 19th sanctions package proposes a prohibition on entering into new contracts with any entity established in specific russian sezs. two of these sezs, alabuga and technopolis moscow, will be subject to a ban that applies also to existing contracts. humanitarian concerns: protecting ukrainian children in response to the forced deportation and assimilation of ukrainian children, the eu has listed 11 individuals involved in these activities. a new listing criterion has been introduced to streamline future sanctions against those responsible for such violations. diplomatic and service restrictions russian diplomats will now face stricter travel regulations within the eu, requiring prior notification and in some cases, authorisation. introduces service bans related to ai, high-performance computing, and tourism for russian entities. belarus the package reflects similar trade, financial and services‑related measures in the belarus sanctions regime consistent with past practice. five new listings related to the belarusian military‑industrial complex and the lukashenka regime have also been decided. as the eu continues to refine its sanctions framework, these measures underscore its commitment to supporting ukraine and upholding international law. by targeting key sectors and addressing circumvention tactics, the eu aims to encourage a resolution to the conflict while mitigating its broader impacts. the european commission’s press release can be accessed here and the european council’s here

the cayman islands monetary authority (cima) recently announced the withdrawal of the temporary allowance for operator letters in place of notarised affidavits for fund registration and licensing applications. this measure, introduced during the covid-19 pandemic, ceased on 15 october 2025. from this date, all applications under the mutual funds act (2025 revision) and private funds act (2025 revision) must include duly notarised affidavits, as per standard requirements. operator letters will no longer be accepted. industry participants are urged to ensure compliance with these requirements to avoid processing delays. cima’s notice can be accessed here