Search for:
Category

Cybersecurity, Data and Tech

Category
In AML & Financial Services Regulatory

United Kingdom: FCA Launches Review on Future AI Approach

by , , and 6 Mins Read

On 27 January 2026 the Financial Conduct Authority (FCA) launched the Mills Review to examine the long-term impact of AI on financial services. Led by Sheldon Mills, this initiative invites industry feedback to help shape how AI might transform consumer experiences, market structures, and regulatory approaches in retail financial services. The call for input closes on 24 February, following which Mills will present recommendations to the FCA board in the summer, culminating in an external publication to foster informed debate.

Read More
In AML & Financial Services Regulatory

United Kingdom: New Cryptoassets Regime Published

by , and 7 Mins Read

On 4 February 2024, the Financial Services and Markets Act 2000 (Cryptoassets) Regulations 2026 were made, establishing a comprehensive regulatory framework for cryptoassets in the UK. Under this new regime, cryptoasset firms falling within scope will be subject to regulatory requirements, including, where relevant, authorisation by the FCA. The Cryptoassets Regulations define the categories of cryptoassets and activities subject to regulation, expand the scope of the financial promotions regime to align with the new regulated activities, and make provision for rules relating to market abuse and public offers. The new regime will take effect on 25 October 2027, with the authorisation gateway opening in September 2026. UK cryptoasset firms should review their current and planned activities to determine if they fall within the scope of the new regime, and those seeking authorisation should start engaging with the process now to ensure they are prepared to move quickly once the gateway opens.

In Cybersecurity, Data and Tech

Spain: Spanish DPA on AI Images and New EU Code

by , , and 5 Mins Read

Recent regulatory developments underscore the growing scrutiny of professional uses of generative AI. On 13 January 2026, the Spanish Data Protection Authority issued a formal notice warning of the legal and privacy risks involved in uploading, transforming or generating images of individuals through AI tools. At the same time, the European Commission has published the first draft of its voluntary Code of Practice on Transparency of AI-Generated Content.

In AML & Financial Services Regulatory

European Union: Commission publishes Market Integration & Supervision Package of reforms

by , , , , , , , , , , , , , , , , , and 1 Min Read

On 4 December 2025, the European Commission introduced the Market Integration & Supervision (MIS) Package to strengthen EU financial market integration.
Key points:
• Direct ESMA oversight of major financial entities and cryptoasset service providers.
• Harmonized rules by converting key directives into regulations for consistent application.
• Goal: Improve market integrity, investor protection, and reduce fragmentation.
Implementation will take several years, with no immediate changes expected.

Read More
In AML & Financial Services Regulatory

United States: IRS issues 2025 transition relief and hints at future tips and overtime information reporting obligations

by , and 1 Min Read

On 16 December 2025, the Internal Revenue Service (IRS) issued two Notices addressing reporting obligations for tips and overtime under the Overtime and Bonus-Based Benefits Act (OBBBA).
The guidance provides transition relief for 2025, recognizing that employers and payors may not have updated systems or forms to comply with new requirements. It also explains how taxpayers can calculate deductions for tips and overtime when employer reporting is unavailable.
In addition, the notices signal future mandatory reporting obligations, indicating that structured compliance processes will be introduced in subsequent years.

In AML & Financial Services Regulatory

Brazil: BCB and CMN establish additional cyber security requirements

by , and 3 Mins Read

On 18 December 2025, Brazil’s Central Bank (BCB) and National Monetary Council (CMN) issued new resolutions strengthening cybersecurity for financial institutions. The rules mandate 14 security controls, including encryption, intrusion detection, and monitoring of the Deep/Dark Web. Additional requirements apply to PIX and RSFN systems, cloud computing isolation, and annual independent intrusion tests. Institutions must comply by 1 March 2026.

In Antitrust / Competition

United States: Department of Justice Reaches Proposed Settlement with RealPage Pertaining to Algorithmic Pricing Tools

by , , , and 4 Mins Read

On 24 November 2025, the U.S. Department of Justice (DOJ) announced a proposed settlement with RealPage Inc. over alleged antitrust violations tied to its rental pricing algorithms. The agreement, effective for seven years, includes no fines or admission of wrongdoing.
Key terms restrict RealPage to using data at least 12 months old, prohibit real-time lease data, and ban geographic modeling below the state level. The company must avoid identical pricing recommendations, remove features discouraging price cuts, and stop sharing nonpublic, forward-looking data. A court-appointed monitor will oversee compliance.
This settlement underscores DOJ’s focus on algorithmic collusion and AI-driven pricing practices.

Read More
In AML & Financial Services Regulatory

Taiwan: Amendment to Personal Data Protection Act

by and 5 Mins Read

On 17 October 2025, Taiwan’s Legislative Yuan passed amendments to the Personal Data Protection Act (PDPA), establishing the Personal Data Protection Commission (PDPC) as the new supervisory authority for personal data matters.
These changes respond to a 2022 Constitutional Court ruling and aim to strengthen independent oversight while enhancing data protection standards across both public and private sectors.
Key updates include mandatory appointment of Data Protection Officers (DPOs) for government agencies, new breach notification and reporting obligations for non-government entities, expanded inspection powers for the PDPC, and a six-year transition period for certain supervisory functions.
The PDPC will also issue baseline security regulations and serve as the appeals body for administrative decisions. The effective date will be set by the Executive Yuan, with implementation expected in 2026.

In Cybersecurity, Data and Tech

Canada: Clarifying compliance – Canadian enforcement trends in youth privacy and age assurance

by , and 3 Mins Read

Canadian privacy regulators are intensifying scrutiny of platforms used by minors, emphasizing age assurance and youth privacy. Investigations reveal that self-declared age gates and adult-oriented consent language are inadequate. Platforms must adopt layered age verification, youth-friendly privacy communications, and contextual data practices. Enforcement is shaping standards ahead of formal guidance, urging proactive compliance measures.

In AML & Financial Services Regulatory

Singapore: MAS issues guidance on responsible digital financial advertising and content creation

by , and 5 Mins Read

In brief On 25 September 2025, the Monetary Authority of Singapore (MAS) introduced initiatives aimed at promoting responsible advertising and sharing of financial content online. The MAS has issued the following guidance: By establishing expectations for both financial institutions (FIs) and online content creators to conduct digital advertising in a…

Read More
Load More