On 15 April 2025, the Financial Stability Board (FSB) published its finalised Format for Incident Reporting Exchange (FIRE), a global standardised format aimed at streamlining cyber and operational incident reporting and enhancing cross-border cooperation.
FIRE is a common framework that financial firms can use to report operational incidents, including cyber
On 11 April 2025 the European Commission (“the Commission”) launched a public consultation on the review of Regulation (EU) 2019/881 on the European Union Agency for Cybersecurity (ENISA) and on information and communications technology cybersecurity certification (Cybersecurity Act). The consultation forms part of the Commission’s simplification agenda, which is a key
On 9 April 2025 the European Commission (the Commission) launched a public consultation on the proposal for a Cloud and AI Development Act. The initiative forms part of the Commission’s AI Continent Action Plan that was published the same day. In the accompanying Call for Evidence, the Commission sets out background to its proposed
We have published a new online briefing note which discusses the draft Financial Data Access Regulation.
Our briefing note is here.
On 24 March 2025, the European Commission adopted a draft Delegated Regulation supplementing the Regulation on digital operational resilience for the financial sector (DORA) with regard to regulatory technical standards specifying the elements that a financial entity has to determine and assess when subcontracting ICT services supporting critical or important functions.
The draft
On 24 March 2025, there was published in the Official Journal of the EU (OJ), Commission Delegated Regulation (EU) 2025/420 of 16 December 2024 supplementing the Regulation on digital operational resilience for the financial sector (DORA) with regard to regulatory technical standards to specify the criteria for determining the composition of the joint
On 18 March 2025, the European Securities and Markets Authority published the official translations of the joint European Supervisory Authority (ESA) guidelines on the estimation of aggregated annual costs and losses caused by major ICT-related incidents under the Regulation on digital operational resilience for the financial sector (DORA).
The joint guidelines
On 12 March 2025, the International Organisation of Securities Commissions (IOSCO) issued a consultation report on neo-brokers.
Neo-brokers are a subset of brokers, characterized by providing online-only investment services and by the absence of physical operating branches, thereby using technology to facilitate those services and access to financial markets. Neo-brokers have very limited
On 12 March 2025, the International Organisation of Securities Commissions (IOSCO) issued a new consultation report on artificial intelligence (AI) in capital markets.
The purpose of the consultation report is to create a shared understanding among IOSCO members of the issues, risks and challenges that emerging AI technologies used in financial
Earlier this year the European Commission (Commission) announced that it was rejecting the draft Delegated Regulation supplementing the Digital Operational Resilience Act (DORA) with regard to regulatory technical standards (RTS) on subcontracting ICT services supporting critical or important functions.
The basis of the rejection was that the requirements introduced