On 23 January 2026, the European Systemic Risk Board (ESRB) issued a summary compliance report that assesses compliance with certain aspects of Recommendation ESRB/2019/18 on exchange and collection of information for macroprudential purposes on branches of credit institutions having their head office in another Member State or in a third country. The Recommendation is aimed at harmonising the scope and frequency of the exchange of information on branches available to relevant authorities across Member States.  The Recommendation has three parts: Recommendation A of Recommendation ESRB/2019/18 recommends that the relevant authorities cooperate and exchange, on a need-to-know basis, information deemed necessary for the discharge of their tasks related to the adoption and/or activation of macroprudential policy measures or for other financial stability tasks, in an effective and efficient manner. Recommendation B of Recommendation ESRB/2019/18, addressed to the European Commission, is aimed at ensuring the removal of any impediments which might exist in Union legislation, and which might prevent the relevant authorities from having or obtaining necessary information on branches. Recommendation C of Recommendation ESRB/2019/18, addressed to the European Banking Authority, is aimed at ensuring a consistent, effective and efficient approach to the exchange of information for the purposes of the Recommendation. The overall results of this latest assessment show a high level of compliance with the ESRB Recommendation across all addressees.

On 23 January 2026, the European Banking Authority (EBA) issued a Final Report containing updated draft Regulatory Technical Standards (RTS) on resolution plans and on the functioning of resolution colleges. The revisions aim to simplify and refocus resolution planning while improving the effectiveness of cooperation and coordination among authorities.The Bank Recovery and Resolution Directive gave the EBA mandates to specify the content of resolution plans for entities and groups, the assessment of the resolvability of institutions and groups, and the operational functioning of the resolution colleges for the performance of its tasks in relation to cross-border banking groups. The RTS were delivered by the EBA to the European Commission in July 2014 and adopted by the Commission in Delegated Regulation 2016/1075 in July 2016, which bundled together a number of regulatory standards.In light of over a decade of experience in resolution planning and implementation and drawing on key lessons from recent crisis scenarios and simulation exercises, the EBA is revising these RTS. The revisions target both the structure and content of resolution plans as well as the operational functioning of resolution colleges for cross-border groups.The draft RTS will be submitted to the Commission for endorsement, following which they will be subject to scrutiny by the European Parliament and the Council before being published in the Official Journal of the European Union.

On 12 December 2025, the Financial Conduct Authority published a Final Notice imposing a fine of £44,078,500 on Nationwide Building Society for inadequate anti-financial crime systems and controls between October 2016 and July 2021. For the key takeaways from this case, as well as the key findings, please see our latest Notice in a Nutshell briefing here. All of our publications in this series can also be found here.

On 23 January 2026, the Financial Conduct Authority (FCA) issued: Consultation Paper 26/4: Application of FCA Handbook for regulated cryptoasset activities – part 2 (CP26/4). Guidance Consultation 26/2: Application of the Consumer Duty to cryptoasset firms (GC26/2). CP26/4Recently, the FCA has consulted on different aspects of the future regulatory regime for cryptoassets as set out in its Crypto Roadmap (CP25/14, CP25/15, CP25/25, CP25/40, CP25/41, CP25/42). CP26/4 should be considered alongside these consultations. The proposals should also be considered alongside other consultation proposals, such as CP25/36.In CP26/4 the FCA is consulting on: Consumer Duty – how the Consumer Duty (the Duty) will apply to cryptoasset firms, supported by additional non-Handbook guidance (see below), so firms deliver good outcomes for retail customers. Redress and Dispute Resolution (DISP) – the FCA’s approach to complaints handling and redress, ensuring consumers have clear routes to resolve issues. For example, the FCA is proposing that cryptoasset firms follow the dispute resolution requirements (including consumer access to the Financial Ombudsman Service). This will require cryptoasset firms to properly handle consumer complaints, and report complaints data on a regular basis to the FCA. Conduct of Business Standards (COBS) – applying key conduct rules to cryptoasset activities, so firms act fairly and transparently. For example, the FCA is proposing to extend its Handbook glossary definition of ‘designated investment business’ to include the cryptoasset regulated activities. Credit for crypto purchases – rules on using credit to buy cryptoassets, to reduce risks of harm from borrowing to invest. Training and competence – standards for staff knowledge and skills, so cryptoasset firms have competent people managing crypto services. Cryptoasset firms will be required to comply with the Training and Competence Sourcebook. Senior Managers and Certification Regime (SM&CR) – the FCA’s approach to categorising cryptoasset firms under the Senior Managers and Certification Regime. The FCA sets out proposed requirements for categorising cryptoasset firms as ‘Enhanced’ under the SM&CR. Regulatory reporting (SUP 16) – requirements for cryptoasset firms to report data to the FCA, so the regulator can monitor risks and supervise effectively. Firms will be required to submit regular reports on redress activity, complaint and client volume data and outcomes, with specific metrics for crypto-related products and services. Cryptoasset safeguarding – applying safeguarding rules to firms conducting multiple regulated cryptoasset activities, and the FCA’s proposed approach to custody of specified investment cryptoassets (SICs). The FCA’s proposed intervention expands upon its proposals set out in CP25/14 to include safeguarding of SICs. It is also proposing minor amendments to rules consulted on in CP25/14. Retail collateral treatment in cryptoasset borrowing – how retail consumers’ collateral should be treated when they borrow cryptoassets, to protect their interests. Location policy guidance – clarifying the FCA’s expectations on where cryptoasset firms should be based, to ensure effective oversight. GC26/2In GC26/2 the FCA sets out proposed guidance which explains how firms involved in cryptoasset activities should apply the Duty.The Duty applies to cryptoasset activities in the same manner as it does to existing regulated and ancillary activities. When a firm is undertaking cryptoasset activities or activities ancillary to these, the proposed guidance will supplement the Final non-Handbook guidance for firms on the Duty (Finalised Guidance (FG) 22/5). In addition, firms may refer to the previous FCA Guidance for firms on the fair treatment of vulnerable customers (FG21/1). The Duty also applies where authorised firms communicate and approve financial promotions that are addressed to or disseminated in such a way that they are likely to be received by a retail customer. Further guidance on the application of the Duty to cryptoasset financial promotions can be found in Finalised non-Handbook guidance on Cryptoasset Financial Promotions (FG23/3).The proposed guidance in GC26/2 describes how the Duty applies to different types of cryptoasset firms and business models including cryptoasset manufacturers and distributors, UK Qualifying Cryptoasset Trading Platform Operators and the Admissions and Disclosures regime for UK issued qualifying stablecoins. It also provides these firms with guidance as regards the cross-cutting rules (acting in good faith towards retail customers, avoiding causing foreseeable harm to retail customers and enabling and supporting retail customers to pursue their financial objectives) that apply across the four Duty outcomes and this includes examples of good and poor practices. It does the same for the Duty outcomes – Product and Services, Price & Value, Consumer Support and Consumer Understanding.Next stepsThe deadline for comments on CP26/4 and GC26/2 is 12 March 2026.The FCA plans to open its gateway for firms to apply for cryptoasset permissions in September 2026.The FCA has previously set out the timeline for crypto regulation in its Crypto Roadmap.

On 13 January 2026, there was made The Financial Services and Markets Act 2023 (Commencement No. 12 and Saving Provisions) Regulations 2026.These Regulations are the 12th commencement regulations made under the Financial Services and Markets Act 2023 (FSMA 2023).Section 1(1) of FSMA 2023 revokes the legislation listed in Schedule 1 to that Act, which includes assimilated direct principal legislation, subordinate legislation and EU tertiary legislation.Among other things the Regulations bring into force on: 1 July 2026 section 1(1) of, and Schedule 1 to, FSMA 2023 so far as they relate to the revocation of some provisions of Commission Implementing Regulation (EU) 2016/1646 of 13 September 2016 laying down implementing technical standards with regard to main indices and recognised exchanges in accordance with the Capital Requirements Regulation (CRR). 1 January 2027 section 1(1) of, and Schedule 1 to, FSMA 2023 so far as they relate to the revocation of provisions of the CRR and other instruments relating to the CRR.

Navigating change in financial services requires foresight and agility. As regulatory landscapes evolve and new technologies reshape risk and compliance, institutions must proactively assess how these developments affect their operations, governance, and growth strategies. Our latest insights explore critical developments, from Canada’s Federal Budget 2025 and its implications for operating models and tax strategies, to emerging challenges in crypto-asset oversight, AI governance, and increased enforcement activities. We also examine trends such as the rise of private credit funds and asset-intensive reinsurance transactions, alongside strategies for enhancing cyber resilience and privacy.The full report is here.

On 21 January 2025, the Bank of England published a web page concerning the latest annual CBEST Thematic publication which presents insights derived from recent CBEST assessments conducted across firms and financial market infrastructures (FMIs).OverviewCBEST is a threat-led penetration testing assessment framework that mirrors real-world attacks to enable firms and FMIs to identify, understand and remediate vulnerabilities in their cyber resilience. The publication does not introduce any new or additional regulatory expectations but rather articulates gaps observed in firms’ and FMIs’ cyber defences to ensure they have adequate resilience capabilities to prepare for, and respond to, cyber incidents that could cause operational disruption and impact financial stability.Overall, the thematic publication mentions firms and FMIs should take a structured and proactive approach to address identified vulnerabilities, prioritise actions based on risk and assign clear responsibilities and timelines. The CBEST Implementation Guide provides guidance on remediation planning to mitigate risks. The thematic publication also includes for the first time commonly used tactics, techniques and procedures (TTPs) identified in its MITRE ATT&CK technique which also identify a list, albeit non-exhaustive, of non-linear or unpredictable techniques.Technical observations of firms and FMIs’ weaknessesThe thematic publication aggregates its technical observations into five cyber security areas which identify the following firm or FMI weaknesses: Infrastructure and Security: Firms or FMIs that did not maintain strong configuration practices or cryptographic protections for data-at-rest were exploited during CBESTs. Identity management and access control: Weaknesses in the secure management and control of identities, authentication and access that were exploited during CBESTs included weak passwords, credentials and overly permissive access controls such as the lack of role-based access controls or inadequate restrictions on administrator and service accounts. Detection and response: Firms or FMIs with insufficient detection capabilities such as poorly tuned monitoring or alerting for adverse incidents and ineffective network monitoring were vulnerable to attackers or less able to detect potential early-stage simulated cyber-attacks. Network security: Weaknesses in security architecture such as firms or FMIs not maintaining effective network segmentation such as segmentation between critical assets increased the risk of unauthorised access to sensitive information and systems, and this were exploited during CBESTs. Staff culture, awareness and training: A firm or FMI culture that exhibited weaknesses in its cyber resilience and were exploited during CBESTs included staff who were susceptible to social engineering tactics (such as phishing or indirectly through exposure of sensitive information), routinely storing credentials in unprotected facilities and having insecure protocols for helpdesks such as limited or no authentication of users during interactions with cyber attackers. TIMAFindings from the Threat Intelligence Maturity Assessment (TIMA), part of CBEST, showed that firms and FMIs demonstrated a range of maturities across cyber threat intelligence management domains. TIMA also noted that firms and FMIs experienced a disconnect between the intelligence produced and their actual business or operational needs which could potentially result in difficulties scaling or evolving threat intelligence programmes. Enhancing maturity in this area or assessing maturity by benchmarking themselves against industry peers can help strengthen a firm’s overall resilience.In addition, the most common CBEST threat intelligence scenarios or threat actors identified included highly capable attackers and advanced persistent threats (APTs), third party and supply chain attacks, social engineering attacks and malicious insiders. Collectively, the thematic publication highlights that these factors emphasise the importance of firms and FMIs reinforcing their controls, enhancing visibility, and maintaining rigorous oversight to effectively manage these high-impact risks.

On 21 January 2026, the Financial Stability Board (FSB) published its 2025 Resolution Report (the Report).OverviewThe Report reviews the progress achieved on enhancing crisis readiness across banks, insurers and central counterparties (CCPs) in 2025 and the FSB’s priorities for 2026 to advance the operationalisation of resolution frameworks.Building on the momentum of the FSB 2024 Resolution Report, which focused on supporting resolution authorities’ operational readiness, the Report focuses on removing the remaining challenges to cross-border bail-in execution and funding in resolution, and advancing cross-sector information sharing and collaboration to further strengthen global financial stability.The Report mentions that foundational resolution frameworks are now mostly in place across the three sectors yet challenges persist on the implementation of critical areas for bank resolution such as funding in resolution and effective bail-in execution, particularly in cross-border contexts.BanksAs the FSB has advanced its work to support authorities’ operational readiness by publishing a practice paper to transfer tools, share insights and experiences from the 2023 bank failures, the Report notes that the FSB will focus on the following this year: Progressing bail-in execution through the formation of a dedicated FSB taskforce. Sharing information and experiences among members on funding in resolution. Improving coordination with authorities beyond firm-specific crisis management groups. Insurers and CCPsIn 2026, the FSB will focus on enhancing the implementation and operationalisation of existing resolution standards.For insurers this has involved a consultation on guidance to set out the criteria to identify insurers that should be subject to resolution and recovery planning and an updated list of 17 insurers that are subject to resolution planning standards.As for CCPs, the FSB will publish the implementation of its guidance on financial resources and tools for resolution to enhance operational planning and cross-border coordination.Looking aheadThe FSB is planning to launch a strategic review of its crisis preparedness activities which aims to strengthen coordination among the FSB and standard-setting bodies and adapts the FSB’s approach to emerging vulnerabilities and structural changes in the financial system.

Authorised Push Payment (APP) fraud continues to be one of the most damaging and rapidly evolving forms of financial crime in the UK. In these scams, victims are tricked into willingly transferring money to fraudsters under the guise of legitimate transactions. Unlike unauthorised fraud, where criminals gain access to accounts without consent, APP fraud exploits trust, making it harder to detect and prevent. The UK has seen significant developments in relation to APP fraud in recent years, including the APP fraud reimbursement requirement (the Reimbursement Requirement) which came into effect in October 2024, further preventative steps taken by industry to reduce instances of fraud and a number of cases working their way through the courts.In our latest briefing we discuss: (i) some of the issues facing firms in operating the Reimbursement Requirement; (ii) the practical impact of the Reimbursement Requirement; (iii) proposals regarding a review of the Reimbursement Requirement by the Payment Systems Regulator; and (iv) recent litigation relating to APP fraud and the key takeaways for firms.

On 20 January 2026, the Prudential Regulation Authority (PRA) published Policy Statement 4/26 – The Strong and Simple Framework: The simplified capital regime for Small Domestic Deposit Takers (PS4/26).BackgroundIn CP7/24, the PRA proposed to create a significantly simpler capital regime for small domestic deposit takers (SDDTs), while ensuring they maintain adequate capital. In PS20/25, the PRA published the near-final policy for the SDDT capital regime, along with additional simplifications to liquidity requirements.Key changesThe PRA has confirmed in PS4/26 that it has not made substantive changes to the near-final policy and rules set out in PS20/25.However, the PRA has highlighted that it has made minor: Amendments to the rules published as near-final, principally to reflect minor amendments made to PRA Rulebook: CRR Firms: (CRR) Instrument 2026 and PRA Rulebook: CRR Firms: (CRR No.2) Instrument 2026. Amendments to the supervisory statements (SS) and statements of policy (SoPs) to enhance clarity and readability. Corrections and clarifications to the reporting templates and instructions. The PRA also confirms the deletion of the paragraph in SS4/25 – The Internal Capital Adequacy Assessment Process (ICAAP) and the Supervisory Review and Evaluation Process for SDDTs, which refers to SS20/15 – Supervising building societies’ treasury and lending activities. In Policy Statement 26/25 – Discontinuing SS20/15: Supervising building societies’ treasury and lending activities, the PRA stated its intention to remove the paragraph that referred to SS20/15 that was in the near-final version of SS4/25 when it publishes final policy and rule instruments on the SDDT capital regime.Next stepsThe PRA has also confirmed that the SDDT capital regime will take effect on 1 January 2027, other than the changes to SoP2/23 which takes effect on the date when PS4/26 is published (20 January 2026).

On 8 December 2026, the Financial Conduct Authority (FCA) published webpages setting out further information in relation to its proposed approach to the new regulatory regime for Cryptoassets.BackgroundIn October 2023, HM Treasury (HMT) published proposals for the creation of a regulatory regime for cryptoassets and, in December 2025, the government laid The Financial Services and Markets Act 2000 (Cryptoassets) Regulations 2025 before Parliament, which will require firms wishing to carry out the relevant activities in or to the UK to be authorised and supervised by the FCA.SummaryThe FCA explained that it is publishing these webpages to help firms that are within scope of the new regime, in particular where this is the first time they will be regulated by the FCA, and that firms should consider familiarising themselves with the following: FSMA and the FCA Handbook:  HMT’s proposed new cryptoasset regulated activities, the Financial Services and Markets Act 2000 and an overview of the FCA Handbook. FCA standards: The FCA’s minimum standards for cryptoasset firms and individuals including its Principles for Businesses, the Consumer Duty and the Senior Managers and Certification Regime. Authorisation, supervision and enforcement: The FCA’s approach to authorisation, supervision and enforcement for firms that will be undertaking the new cryptoasset regulated activities. How the gateway will operate:  How the authorisations gateway for firms that want to undertake the new cryptoasset regulated activities will operate, including information sessions, pre-application support and details of the application period. The transitional provision: HMT’s proposed transitional provision for existing cryptoasset firms that are unsuccessful in securing authorisation to allow them to run-off their UK business in an orderly way and exit the UK market. Next stepsThe FCA confirmed that it will continue to publish further consultations setting out proposed rules and guidance and that, following consideration of the responses, its final rules and guidance will be set out in policy statements ahead of the implementation of the new regime.The FCA also confirmed that the new cryptoasset regime is expected to come into force on 25 October 2027 and that, as a result, firms wishing to undertake any of the new cryptoasset regulated activities will need to be authorised by the FCA with permission to undertake those activities at the point the new regime commences.

On 9 January 2026, the European Banking Authority (EBA) issued a report on the completeness and appropriateness of the definitions and provisions on consolidation under Article 18(10) of the Capital Requirements Regulation (CRR).The EBA states that the report is the first comprehensive assessment of the EU regulatory framework on prudential consolidation conducted pursuant to Article 18(10) of the CRR. As such it draws on a detailed data collection exercise involving 70 institutions from 26 EU/EEA countries, including global systemically important institutions, other systemically important institutions, and non-systemic banking groups. The assessment combines quantitative analysis of balance sheet data with qualitative insights into institutional practices so as to provide a robust evaluation of how the consolidation provisions are applied in practice.The EBA’s key finding is that it considers the prudential consolidation framework to be overall robust and fit for purpose. Nonetheless it has identified a number of targeted areas where further clarification, harmonisation, or legislative refinements may be warranted. The EBA puts forward a set of targeted recommendations and clarifications to further strengthen the prudential consolidation framework and its implementation among institutions.

On 9 January 2026, the European Banking Authority (EBA) issued a report on prudential consolidation and the final guidelines on ancillary services undertakings (ASU) under the Capital Requirements Regulation (CRR).The EBA has prepared the report in accordance with the mandate given to it under Article 18(10) of the CRR, which mandates the European Supervisory Authority to submit a report to the European Commission on the completeness and appropriateness of the definitions and provisions of the Regulation. The EBA has prepared the guidelines according to the mandate given to it under Article 4(5) of the CRR, which mandates the EBA to specify the criteria for the identification of activities referred to in paragraph 1, first subparagraph, point (18) of this Article.The report on prudential consolidation puts forward targeted recommendations that may support the Commission in considering further legislative adjustments to the EU regulatory framework. It also clarifies several areas where recent EBA investigations have identified implementation challenges across EU institutions. The guidelines on ASU set out criteria for identifying activities falling within the definition of ancillary services undertakings under Article 4(1)(18) of the CRR, namely: (a) activities considered a “direct extension of banking”, (b) activities “ancillary to banking”, and (c) “other similar activities”.

On 9 January 2026, the European Banking Authority (EBA) issued a final report containing final draft Regulatory Technical Standards (RTS) specifying the booking arrangements that third-country branches are to apply for the purposes of Article 48h of the Capital Requirements Directive IV (CRD IV), as amended by the Capital Requirements Directive VI (CRD VI).BackgroundArticle 48h of the CRD IV (as amended by the CRD VI) requires the EBA to develop draft RTS to specify the booking arrangements that third-country branches are to apply for the purposes of that Article. In particular, the EBA is required to specify the: Methodology to identify and keep a comprehensive and precise track record of the assets and liabilities booked by the third-country branch in the Member State. Methodology to identify and keep a record of off-balance sheet items and of the assets and liabilities originated by the third-country branch and booked or held remotely in other branches or subsidiaries of the same group, on behalf of or for the benefit of the originating third-country branch. The EBA issued a consultation on the draft RTS last July.The EBA is required to submit the draft RTS to the European Commission by 10 January 2026.RTSThe final draft RTS have been finalised by the EBA after considering the feedback received to its earlier consultation. The EBA’s response to the consultation feedback can be found in pages 23 to 35 of the final report and includes comments on the treatment of risk transfer to third parties, the use of group processes, systems or procedures and risk management information in the registry book.Next stepsThe draft RTS will be submitted to the Commission for endorsement following which they will be subject to scrutiny by the European Parliament and the Council before being published in the Official Journal of the European Union

On 8 January 2026, there was published in the Official Journal of the EU, Commission Delegated Regulation (EU) 2026/73 of 4 July 2025 amending Delegated Regulation (EU) 2021/2178 as regards the simplification of the content and presentation of information to be disclosed concerning environmentally sustainable activities and Delegated Regulations (EU) 2021/2139 and (EU) 2023/2486 as regards simplification of certain technical screening criteria for determining whether economic activities cause no significant harm to environmental objectives. Commission Delegated Regulation (EU) 2026/73 applies from 1 January 2026.

On 9 January 2026, the European Securities and Markets Authority (ESMA) issued non-binding principles for risk-based supervision which are intended to support a common and effective EU-wide supervisory culture and strengthen the EU Single Market.The principles apply to Member State competent authorities and ESMA when carrying out direct supervision. They are intended to apply to all mandates (markets, entities and products) under an authority’s remit and focus on the supervision of those mandates. The main concepts and processes covered concern: Definition and understanding of risk-based supervision. Risk identification. Risk assessment. Risk prioritisation and treatment. ESMA states that the principles do not constitute a one-size-fits-all common model nor a fully-fledged manual on risk-based supervision. Rather, they are intended to complement pre-existing frameworks, providing elements that promote the effective and consistent application of supervisory capabilities, building on collective practices across the EU. When following the guidance from these principles, Member State competent authorities are expected to use their supervisory judgment, and to consider the specific risks and characteristics of their national market and the entities (including products offered) under their supervision.

On 9 January 2026, the European Banking Authority (EBA) issued a final report containing final draft Regulatory Technical Standards (RTS) on cooperation and colleges of supervisors for third country-branches.BackgroundThe Capital Requirements Directive VI (CRD VI), which amends the Capital Requirements Directive IV (CRD IV), introduces a new regime for branches of third-country credit institutions operating in the EU. The regime establishes a minimum harmonisation framework for authorisation, prudential requirements – including booking arrangements, capital endowment, liquidity, internal governance, common reporting requirements – and supervisory practices and cooperation.RTSThe final draft RTS have been developed in accordance with Article 48p(7) of the CRD IV (as amended by the CRD VI) to specify the effective cooperation and exchange of information between Member State competent authorities supervising institutions and branches of the same third-country group and the conditions for the functioning of colleges of supervisors for class 1 third country branches.The final draft RTS are structured around two main chapters: Establishment and functioning of colleges of supervisors. Requirements for cooperation and information exchange in cases where no college of supervisors needs to be established. The first chapter contains four sections: Establishment of colleges of supervisors. Functioning of colleges of supervisors. Planning and coordination of supervisory activities in going concern situations. Planning and coordination of supervisory activities in preparation for and during emergency situations. The second chapter covers requirements for general cooperation and information exchange in instances where no college of supervisors needs to be established.Next stepsThe draft RTS will be submitted to the European Commission for endorsement following which they will be subject to scrutiny by the European Parliament and the Council before being published in the Official Journal of the European Union.

In the latest episode of our mini-series looking at the UK’s approach to regulating cryptoassets, we discuss the proposed market abuse regime for cryptoassets as set out in the Financial Services and Markets Act 2000 (Cryptoassets) Regulations 2025 and the Financial Conduct Authority’s recent consultation paper on this topic (CP25/41).Listen to this episode here.

On 8 January 2026, the Joint Committee of the European Supervisory Authorities (ESAs) issued their Final Report on Joint Guidelines to ensure that consistency, long-term considerations and common standards for assessment methodologies are integrated into the stress testing of environmental, social and governance (ESG) risks pursuant to Article 100(4) of the Capital Requirements Directive IV (CRD IV) and Article 304c(3) of the Solvency II Directive.The Joint Guidelines should be read in conjunction with the CRD IV and Solvency II Directive which sets out obligations to Member State competent authorities’ (NCAs), procedural rules and prudential assessment criteria on how NCAs perform supervisory stress tests, either as part of the relevant regulatory framework or as an ad hoc assessment.  The Joint Guidelines do not include a new requirement for NCAs to carry out ESG supervisory stress tests. Rather, the Joint Guidelines have two main objectives which are to: Improve the legal certainty, clarity and transparency of the supervisory approval process with regard to the integration of ESG risks into NCAs stress testing frameworks and scenario analysis frameworks. Ensure consistency, long-term considerations and common standards for assessment methodologies throughout the EU and across sectors Next stepsThe Joint Guidelines will be translated into the official languages of the EU and published on the websites of the ESAs. The deadline for NCAs to notify the respective ESA whether they comply or intend to comply with the Joint Guidelines will be two months after the publication of the official translations.The Joint Guidelines apply from 1 January 2027.

Looking ahead into the new year, our latest briefing note looks at key regulatory topics for 2026 that will have a significant impact on institutions operating in the UK financial services space. This includes not every single reform but those that we expect to be the most significant as well as key regulatory enforcement developments.