On 12 December 2024, the ESMA published a consultation paper on draft RTS on open-ended loan originating AIFs under the revised AIFMD.

AIFMD review has introduced some harmonised rules on loan originating funds. The goal of these rules is to provide a common implementing framework for AIFMs and NCAs by determining the elements and factors that AIFMs need to consider when making the demonstration to their NCAs that the loan originated AIFs they manage can be open-ended. According to the revised AIFMD, loan-originating AIFs shall be closed-ended unless their manager can demonstrate to its home competent authority that their liquidity risk management system is compatible with their investment strategy and redemption policy. 

Section 2 explains the background and gives detailed explanations on the content of the proposals and seeks stakeholders’ input through specific questions. Annex I sets out the list of questions contained in this paper. Annex II contains the legislative mandate to develop draft RTS. Annex III provides for the cost-benefit analysis related to the draft RTS. Annex IV contains the full text of the draft RTS.

ESMA will receive responses to this consultation until 12 March 2025 and intends to finalise the draft RTS by Q3/Q4 2025.

On 10 December 2024, the European Supervisory Authorities (ESAs) published joint Guidelines intended to facilitate consistency in the regulatory classification of crypto-assets under MiCA.

The Guidelines include a standardised test to promote a common approach to classification as well as templates market participants should use when communicating to supervisors the regulatory classification of a crypto-asset.

To support market participants and supervisors in adopting a convergent approach to the classification of crypto-assets, the templates for explanations and legal opinions provide descriptions of the regulatory classification of crypto-assets in the following cases:

• Asset-referenced tokens (ARTs): The white paper for the issuance of ARTs must be accompanied by a legal opinion that explains the classification of the crypto-asset – in particular, the fact it is not an electronic money token (EMT) nor a crypto-asset excluded from the scope of MiCA.
• Crypto-assets that are not ARTs or EMTs under MiCA: The white paper for the crypto-asset must be accompanied by an explanation of the classification of the crypto-asset – in particular, the fact that it is not an EMT, an ART or crypto-asset excluded from the scope of MiCA.

The overall aim of these Guidelines is to promote convergence in classification for the consistent application of MiCA across the EU. In turn, this is intended to contribute to enhancing consumer/investor protection, securing a level playing field, and mitigating risks of regulatory arbitrage. These guidelines will be translated into the official EU languages and published on the ESAs’ websites. The guidelines will apply from two months after the publication of the translations.

On 13 December 2024, the European Commission adopted a Commission Delegated Regulation (CDR) supplementing MiCA with regard to RTS specifying adjustment of own funds requirement and minimum features of stress testing programmes of issuers of asset-referenced tokens or of e-money tokens.

The provisions of this delegated act further specify the procedure and timeframe to be followed by the competent authority and the issuer in case the issuer needs to adjust to higher own funds requirements (up to 20% above the requirement set out in Article 35(1)(b) of MiCA due to the assessment of the competent authority of a higher degree of risk.

These draft RTS establish the steps needed for the competent authority to produce the assessment of higher degree of risk and also provide for the issuer to submit a plan to adjust its own funds. These draft RTS also include the (maximum) timeframes which the competent authority may provide to the issuer to implement the plan to increase its own funds, having regard to the materiality of its higher degree of risk.

Furthermore, the draft RTS establish the criteria for the competent authority when making the determination referred to in Article 35(3) to produce an assessment of higher degree of risk.

These draft RTS also include specific minimum requirements for issuers for the design of stress testing programmes from a capital and liquidity prospective, setting minimum frequencies and considering proportionality. To ensure the robustness and application of the stress testing exercises, these draft RTS include provisions on internal governance arrangements, relevant data infrastructure and guidance on the methodology, common reference parameters and plausibility of assumptions.

On 2 December 2024, the Council of the European Union published an adopted a Commission Delegated Regulation (CDR) supplementing Markets in Crypto-assets Regulation (Regulation (EU) 2023/1114 – MiCA) with regard to RTS specifying the manner in which CASPs operating a trading platform for crypto-assets are to present transparency data.

MiCA regulates issuers of crypto-assets that are not already covered by other financial services acts as well as crypto-asset service providers. Its objective is to promote safe and sustainable innovation while addressing the risks to consumers, market integrity, financial stability as well as the risks to monetary policy transmission and monetary sovereignty arising from this new class of assets.

Article 1 lays down the general principles of presentation regarding the information on operating rules for trading platforms.

Article 2 provides for pre-trade transparency obligations for crypto-asset trading platforms.

Article 3 provides for post-trade transparency obligations for crypto-asset trading platforms.

Article 4 specifies the requirement for crypto-asset trading platforms to publish transaction details as close to real-time as possible.

Article 5 specifies the requirements regarding data disaggregation of pre-trade and post-trade data.

Article 6 lays down the date of entry into force of the delegated act.

On 3 December 2024, the European Union published a Commission Implementing Regulation (EU) 2024/2984 of 29 November 2024 laying down ITS for the application MiCA with regard to forms, formats and templates for the crypto-asset white papers.

In accordance with MiCA, it is necessary to establish standard forms, formats and templates for crypto-asset white papers so that they can be made available in a machine-readable format. Those templates should provide for data fields for the information to be included in accordance with the Regulation.

To avoid duplication of requirements and reduce the compliance burden, where a valid LEI code is provided in the crypto-asset white paper, it is not required for the crypto-asset white paper to contain the information that is retrievable from that LEI. That concerns the legal form, registered address and head office (where different) and identity of the parent company of the issuer. To ensure a unique and consistent identification, a CASP identifier is necessary in addition to the name. To obtain authorisation as CASP, a LEI is also required in accordance with Article 62(2), point (a).

To avoid duplication of requirements and reduce the compliance burden, where a valid Digital Token Identifier is provided in the crypto-asset white paper, it is not required for the crypto-asset white paper to contain data that is retrievable from the Digital Token Identifier Foundation Registry. That concerns the following information: crypto-asset’s name and abbreviation, commercial name or trading name of the issuer, and distributed ledger technology.

To further facilitate the analysis and comparability of the crypto-asset white papers, they should be marked up using eXtensible Business Reporting Language (XBRL). XBRL is a machine-readable format which allows for the automated consumption of large amount of information. It is well established and in use in a number of jurisdictions. To ensure the protection of retail investors, crypto-asset white papers should be human readable and easily accessible without specialised software. The use of Inline XBRL technology for embedding XBRL markups in XHTML documents enables such documents to be at the same time machine-readable and human readable. To achieve a harmonised approach to the use of XBRL, the elements of the taxonomy to be used for the crypto-asset white papers will be exclusively the fields included in the standardised templates. The taxonomy for the use of XBRL is accessed in the form of XBRL files (‘XBRL taxonomy files’), which provide a structured representation of the fields to be reported. The fields and their appropriate data type should be made available in a simple human-readable form. To facilitate compliance and to enhance transparency, the ESMA will publish the XBRL taxonomy files on its website in a machine-readable and freely downloadable format.

To allow time to adapt to the requirements related to the preparation of the white paper in the machine-readable format, it is necessary to defer the date of application of this Regulation by 12 months. Persons drawing up the white papers are required to publish them on their websites in separate sections titled ‘white papers’ in accordance with the requirements laid down respectively in Articles 6, 19 and 51 and in Annexes I, II and III from the date of entry into application of the relevant provisions.

The Regulation entered into force on 23 December 2024 and it applies from 23 December 2025.

On 18 December 2024, the EBA published final Guidelines on reporting requirements under MiCA.

These Guidelines aim at closing the reporting data gaps identified by the EBA, enhancing supervisory convergence, facilitating a common supervisory approach across Member States as well as ensuring a level playing field in the Single Market. They will equip Competent Authorities with sufficient comparable information to supervise compliance of issuers with MiCA requirements. Additionally, they will ensure that the EBA has the necessary information to conduct the annual significance assessment under MiCA.

These Guidelines also include common templates and instructions that issuers should use to collect the data they need from the relevant CASPs, in line with the data sharing approach implemented by the MiCA ITS with regard to reporting related to ARTs and to EMTs denominated in a currency that is not an official currency of a Member State (Regulation (EU) 2024/2902). In addition, the EBA also published a visual explainer providing guidance on which templates should be submitted by the different types of issuers.

On 18 December 2024, the European Commission adopted Commission Delegated Regulations (CDRs) under MiCA.

Commission Delegated Regulation supplementing MiCA with regard to RTS specifying the detailed content of information necessary to carry out the assessment of a proposed acquisition of a qualifying holding in a CASP.

Article 1 specifies the general information relating to the proposed acquirer. 

Article 2 specifies the additional information relating to the proposed acquirer that is a natural person. 

Article 3 specifies the additional information relating to the proposed acquirer that is a legal person. 

Article 4 specifies the information to be submitted by persons acquiring an indirect qualifying holding in the target entity. 

Article 5 specifies the information on the persons that will direct the business of the target entity. 

Article 6 provides for the requirements on the information relating to the proposed acquisition. 

Article 7 provides for the requirements for the information on the new proposed group structure and its impact on supervision. 

Article 8 provides for the information relating to the financing of the proposed acquisition. 

Article 9 provides for the additional information for qualifying holdings of up to 20 %. 

Article 10 provides for the requirements on the additional information for qualifying holdings of more than 20 % and up to 50 %. 

Article 11 provides for the requirements on the additional information for qualifying holdings of more than 50 %. 

Article 12 provides for the requirements on the reduced information requirements for acquisition. 

Article 13 lays down the date of entry into force of the delegated act.

Commission Delegated Regulation supplementing MiCA with regard to RTS specifying the detailed content of information necessary to carry out the assessment of a proposed acquisition of a qualifying holding in an issuer of an ART.

The RTS lay down the detailed content of the information to be included in the notification of proposed acquisition or increase of direct or indirect qualifying holdings in issuers of ARTs, that is necessary for the prudential assessment of the proposed acquisition or increase.

Such assessment has to be performed by the competent authority against the five criteria set out in Article 42(1) of the Regulation, namely:

a) reputation of the proposed acquirer (integrity and professional competence);

b) suitability of the persons who will direct the business of the target undertaking, to the extent the proposed acquirer intends to appoint any;

c) financial soundness of the proposed acquirer;

d) compliance with prudential requirements of the target undertaking;

e) reasonable ground to suspect an attempt or increase in the money laundering or terrorist financing risk by the proposed acquisition.

Against these criteria, the information request set out in the draft RTS includes information on:

• the identity and the integrity of the natural or legal persons intending to acquire the qualifying holding;
• the good repute, knowledge skill and experience of the members of the management body where the proposed acquirer intends to appoint/replace members of the management body of the issuer that is the target of the acquisition;
• the description of the proposed acquisition, e.g. the proposed acquirer’s strategy in respect of the acquisition and the information on the new group structure after the acquisition of the qualifying holding;
• the legitimate origin of the sources of funding for the acquisition such as details on the assets that have to be sold by the acquirer, as well as the details on the channels used to transfer such funds.

The principle of proportionality has been considered and integrated in the RTS by envisaging the provision of different sets of information by the proposed acquirers of indirect qualifying holdings depending on whether the proposed acquirer indirectly acquiring or increasing a qualifying holding in the target entity holds or intends to acquire the control of an existing holder of qualifying holding in the target entity, or where the existence of a qualifying holding is determined by multiplying the qualifying holding held in the target entity per the percentages of the qualifying holdings held indirectly along the holding chain. Furthermore, proportionality has been reflected in the RTS by allowing proposed acquirers to submit a set of reduced information in specific cases explicitly identified where the proposed acquirer has been assessed by the same competent authority in the last two years, or where the proposed acquirer is an undertaking authorised and under the supervision of the same competent authority of the target entity.

On 4 December 2024, the European Union published Commission Implementing Regulations laying down rules for the application of eIDAS Regulation (Regulation (EU) No 910/2014).

The Regulations are as follows:

• Commission Implementing Regulation (EU) 2024/2977 of 28 November 2024 laying down rules for the application of eIDAS Regulation as regards person identification data and electronic attestations of attributes issued to European Digital Identity Wallets.
  This Regulation lays down rules for the issuance of person identification data and electronic attestations of attributes to wallet units, to be updated on a regular basis to keep in line with technology and standards developments and with the work carried out on the basis of Recommendation (EU) 2021/946, and in particular the Architecture and Reference Framework.
• Commission Implementing Regulation (EU) 2024/2979 of 28 November 2024 laying down rules for the application of eIDAS Regulation as regards the integrity and core functionalities of European Digital Identity Wallets.
  This Regulation lays down rules for the integrity and core functionalities of the wallets, to be updated on a regular basis to keep in line with technology and standards developments and with the work carried out on the basis of Recommendation (EU) 2021/946, and in particular the Architecture and Reference Framework.
• Commission Implementing Regulation (EU) 2024/2980 of 28 November 2024 laying down rules for the application of eIDAS Regulation as regards notifications to the Commission concerning the European Digital Identity Wallet ecosystem.
  This Regulation establishes obligations in relation to notifications that enable the validation of:
  (1) the electronic registers used by a Member State to publish information on wallet-relying parties registered in that Member State in accordance with Article 5b(5) of Regulation (EU) No 910/2014 (‘registers of wallet-relying parties’), the location of the registers of wallet-relying parties, and the identification of the registrars of wallet-relying parties;
  (2) the identity of the registered wallet-relying parties;
  (3) the authenticity and validity of wallet units;
  (4) the identification of the wallet providers;
  (5) the authenticity of person identification data;
  (6) the identification of the providers of person identification data;
  to be updated on a regular basis to keep in line with technology and standards developments and with the work carried out on the basis of Recommendation (EU) 2021/946, and in particular the architecture and reference framework.
• Commission Implementing Regulation (EU) 2024/2981 of 28 November 2024 laying down rules for the application of eIDAS Regulation as regards the certification of European Digital Identity Wallets.
  This Regulation sets out reference standards and establishes specifications and procedures to build a robust framework for the certification of wallets to be updated on a regular basis to keep in line with technology and standards developments and with the work carried out on the basis of Recommendation (EU) 2021/946 on a common Union Toolbox for a coordinated approach towards a European Digital Identity Framework, and in particular the Architecture and Reference Framework.
• Commission Implementing Regulation (EU) 2024/2982 of 28 November 2024 laying down rules for the application of eIDAS Regulation as regards protocols and interfaces to be supported by the European Digital Identity Framework.
  This Regulation lays down rules on the protocols and interfaces of wallet solutions for:
  (1) the issuance of person identification data and electronic attestations of attributes to wallet units;
  (2) the presentation of attributes of person identification data and electronic attestations of attributes, to wallet-relying parties and other wallet units;
  (3) the communication of data erasure requests to wallet-relying parties;
  (4) the reporting of wallet-relying parties to supervisory authorities established under Article 51 of Regulation (EU) 2016/679;
  to be updated on a regular basis to keep in line with technology and standards developments and with the work carried out on the basis of Recommendation (EU) 2021/946, and in particular the Architecture and Reference Framework.
  The Regulations entered into force on 24 December 2024.

On 4 December 2024, the European Supervisory Authorities (ESAs) published a statement on DORA application.

As the DORA together with the technical standards and guidelines developed by the ESAs in January and July 2024 will apply from 17 January 2025, the ESAs call on financial entities and third-party providers to advance their preparations to ensure their readiness.

As DORA does not provide for a transitional period, the ESAs emphasise the importance for financial entities to adopt a robust, structured approach in order to meet their obligations in a timely manner.

Financial entities are expected to identify and address in a timely manner gaps between their internal setups and the DORA requirements. The latter are not entirely new as many financial entities have been subject to existing sectorial guidelines, regulations or supervisory expectations in the areas of ICT risk management, incident reporting and outsourcing for years. The ESAs also acknowledge that the efforts to comply with DORA may be higher for some financial entities which have been subject to less sectoral requirements regarding digital operational resilience management so far.

Financial entities should also prepare for the new reporting obligations. In particular, they need to have their registers of ICT third-party providers’ contractual arrangements available for competent authorities early in 2025, as the latter will have to report them to the ESAs by 30 April 2025. They should draw on the lessons learnt from the 2024 ESAs dry-run exercise in support of industry preparation and consider the ITS on the Register of Information adopted by the Commission on 29 November 2024. Furthermore, it is important that financial entities are equipped to classify and report their major ICT-related incidents from the date of application.

The ESAs also invite ICT third-party service providers, which consider they may meet the criticality criteria published in May 2024, to assess their operational setup against DORA requirements. The first designation of CTPPs is expected to take place in H2 2025.

On 11 December 2024, the European Banking Authority (EBA) updated its Q&As on DORA.

The questions are as follows:

• Article 6 of the Delegated Act on the Classification of Major Incidents states that:
  "For the purpose of determining the criticality of the services affected as referred to in Article 18(1), point (e), of Regulation (EU) 2022/2554, financial entities shall assess whether the incident:
  (a) affects or has affected ICT services or network and information systems that support critical or important functions of the financial entity;
  (b) affects or has affected financial services provided by the financial entity that require authorisation, registration or that are supervised by competent authorities;
  (c) constitutes or has constituted a successful, malicious and unauthorised access to the network and information systems of the financial entity."
  
  Can you confirm please that ALL three of the components are cumulatively required to trigger the criteria on Critical Services Affected?
• Is it accurate to interpret that an ICT intra-group service provider established outside the EU (non-EU country), providing critical services to an EU-based financial institution (parent undertaking), falls within the exemption outlined in Article 31(8) of DORA, thereby exempting the need for establishing a subsidiary within the EU?
• Is duplicate incident reporting via the ECB SSM Cyber Incident Reporting Framework required, alongside DORA incident reporting under Article 19?

On 17 December 2024, the ESAs published a summary report with the key findings from the 2024 Dry Run exercise on reporting the registers of information under DORA.

The key findings presented in the summary report and all supporting materials provided by the ESAs should be carefully considered by all industry stakeholders, including those financial entities that did not participate in the Dry Run exercise, as they will help them to be better prepared to report the registers in 2025.

The quality of data observed in the registers submitted by almost 1,000 financial entities across the EU was in line with the ESAs' expectations, considering the 'best effort' nature of the exercise. Of the registers analysed, 6.5% successfully passed all data quality checks, while 50% of the remaining registers failed less than 5 out of 116 data quality checks.

The ESAs are confident that the objective of having registers of sufficient quality in 2025 that would allow for the designation of critical third-party service providers (CTPPs) is not out of reach, subject to some additional efforts from the industry.

To support the Dry Run exercise and wider industry preparation, the ESAs provided tools such as templates for the registers, a draft data point model, a draft reporting taxonomy, examples and instructions for filling data fields, and a tool for converting submissions into the required reporting format. Furthermore, the ESAs supported financial entities through a series of workshops, maintained and updated a ‘FAQ’ document and responded to the individual queries through an email-based ‘hotline’.

The ESAs have applied data quality checks to all the registers that have been received and have shared individual feedback on the data quality issues with the competent authorities, which were in turn shared with the participating financial entities.

In November 2024, the ESAs also published a list of validation rules that will be used when analysing the registers of information in the official reporting in 2025 as well as the visual representation of the data model. These rules will be included in the updated technical reporting package (including updated data point model, taxonomy and validation rules), which will be published in the coming weeks. All preparatory materials are collated on the dedicated EBA webpage.

On 16 December 2024, the ESMA published final reports under MiFIR/D on bond transparency and reasonable commercial basis (RCB), on Consolidated Tape Providers (CTPs) and other Data Reporting Services Providers (DRSPs), commodity derivatives and equity transparency.

• Final Report on the Review of RTS 2 on transparency for bonds, structured finance products and emission allowances and RTS on reasonable commercial basis (MiFIR review).
  The report includes the amendments to RTS on the mandates for bonds, structured finance products (SFPs) and emission allowances (EUA). Regarding the bond deferral regime, ESMA has performed a new data analysis, focusing on metrics such as the average daily volumes, to improve the deferral regime initially proposed in the public consultation. The proposed pre- and post-trade transparency requirements for non-equity instruments are designed to ensure a high level of transparency whilst ensuring that liquidity providers are protected from undue risk. The RTS also ensures that the new deferral regime is in place ahead of the go live of the bond consolidated tape. Regarding the new mandate on RCB, the report covers the obligation to make pre- and post-trade data available on a reasonable commercial basis. The fees of market data will need to be based on the cost of producing and disseminating the market data and a reasonable margin. The RTS is designed to ensure that market data is available to all market participants in an accessible, fair and non-discriminatory manner and this will be fundamental to guarantee a proper implementation of the MiFIR Review. 
• Final Report on the Technical Standards related to Consolidated Tape Providers and DRSPs (MiFIR Review).
  The technical standards outlined cover the new rules applicable to CTPs regarding data quality and reporting, revenue redistribution and authorisation, and update the provisions on the authorisation and the organisational requirements for Approved Publication Arrangements (APAs) and Authorised Reporting Mechanisms (ARMs) and on the synchronisation of business clocks across market infrastructures. ESMA also publishes a feedback statement providing an overview of responses received from stakeholders to the public consultation on the future selection of CTPs. This statement also clarifies certain aspects of the CTP selection procedures. After submitting the final report, the European Commission has three months to decide whether to endorse the proposed amendments to the RTS. ESMA launched the selection procedures for the bonds CTP on 3 January 2025, and for the equity CTP in June 2025.
• Final Report on the amendments to certain technical standards for commodity derivatives.
  Section 2 presents the overall approach to this final report. 
  Section 3 recalls the approach proposed in the CP and presents the feedback received from the consultation as well as the proposed way forward in relation to the RTS on position management controls. In particular, ESMA proposes to extend the general monitoring obligations as well as the requirements to set, review and report accountability levels to trading venues trading derivatives on emission allowances.
  Section 4 covers ESMA’s proposed Implementing Technical Standards on the format of position reports (ITS 4) along with ESMA’s proposed Technical Advice on position reporting to the European Commission (Art. 83 of CDR 2017/565). The section reviews the received stakeholder feedback and concludes on the envisaged way forward. The main amendments concern the exclusion of spot emission allowances from position reporting and the new obligation to publish a second weekly position report excluding options in certain circumstances.
  The amended draft technical standards are submitted to the European Commission for adoption within 3 months.
• Final Report on equity transparency.
  The report includes proposals for the amendment of the RTS as well as technical advice (TA) on the provisions on equity transparency, covering:
  - Changes to the definition of a liquid market for equity instrument;
  - Specification of information to be disclosed for pre-trade transparency purposes, which is also of relevance for the equity consolidated tape;
  - Review of the pre-trade transparency requirements for Systematic Internalisers (SIs), including the calibration of two quoting sizes.; and
  - Post-trade transparency reports, including flags for equity instruments.
  In addition, the RTS and TA include changes related to the discontinuation of reporting of data for the purpose of transparency calculations. Going forward, ESMA will perform these calculations using transaction data reported under Article 26 of MiFIR. By removing this reporting obligation and the reuse of the other already reported data, ESMA aims at reducing the reporting burden for market participants. 

Similar amendments will be proposed in early 2025 for the volume cap mechanism.

On 2 December 2024, the European Union published the Commission Implementing Regulation (EU) 2024/2956 of 29 November 2024 laying down ITS for the application of DORA with regard to standard templates for the registers of information.

Financial entities shall assign a rank to each ICT third-party service provider. The rank shall be any natural number higher or equal to ‘1’ where the lower the natural number assigned to the rank, the closer the arrangement is to the financial entity. The rank of the direct ICT third-party service provider in the ICT service supply chain shall always be ‘1’. The rank of the subcontractor in the ICT service supply chain shall always be higher than ‘1’.

Financial entities shall use the templates set out in Annex I to IV to maintain and update the register of information in accordance with Article 28(3) of DORA, at entity level, or at sub-consolidated and consolidated level. Financial entities shall ensure that the templates include all of the following:

(a) the relevant information in relation to all the ICT services provided by direct ICT third-party providers;

(b) information on all subcontractors that effectively underpin ICT services supporting critical or important functions or material parts thereof.

Financial entities shall review the information contained in the templates regularly and shall promptly correct any errors or discrepancies detected. In case of groups, financial entities responsible for maintaining and updating the register of information at sub-consolidated and consolidated level shall ensure that information in relation to entity level in the consolidation is correct and consistent with the information at the sub-consolidated and consolidated level.

Financial entities shall use a valid and active LEI or the EUID, and where available both of these identifiers, to identify all of their ICT third-party service providers that are legal persons, except for individuals acting in a business capacity.

Unless otherwise specified in the instructions, each template composing the register of information shall be a table with a predefined number of columns and an indefinite number of rows. Financial entities shall complete each data element with a single value. Where more than one value is valid for a specific data element, financial entities shall add an additional row in the corresponding template for each valid value.

Financial entities shall include in the register of information, in accordance with the instructions set out in Annex I, the following information:

(a) general information on the financial entity maintaining and updating the register of information at entity, sub-consolidated and consolidated level, respectively, as specified in template B_01.01 of Annex I;

(b) general information on the entities in the consolidation as specified in template B_01.02 of Annex I;

(c) identification of the branches of financial entities located outside the home country listed in template B_01.02, where applicable, as specified in template B_01.03 of Annex I;

(d) general information on the contractual arrangements as specified in template B_02.01 of Annex I;

(e) specific information on the contractual arrangements as specified in template B_02.02 of Annex I;

(f) information on the links between intra-group contractual arrangements and contractual arrangements with ICT third-party service providers which are not part of the group using the contractual reference numbers when part of the ICT service supply chain is intra-group as specified in template B_02.03 of Annex I;

(g) information on the entities signing the contractual arrangements with the direct ICT third-party service providers for receiving ICT services or on behalf of the entities using the ICT services as specified in template B_03.01 of Annex I;

(h) identification of the ICT third-party service providers signing the contractual arrangements for providing ICT services as specified in template B_03.02 of Annex I;

(i) identification of the entities signing the contractual arrangements for providing ICT services to other entities in the consolidation as specified in template B_03.03 of Annex I;

(j) information on the entities making use of the ICT services provided by the ICT third-party service providers as specified in template B_04.01 of Annex I;

(k) information on the direct ICT third-party service providers and subcontractors, as specified in template B_05.01 of Annex I;

(l) information on the ICT service supply chain, as specified in template B_05.02 of Annex I;

(m) information on the identification of functions as specified in template B_06.01 of Annex I;

(n) information on the assessment of the ICT services provided by ICT third-party service providers supporting a critical or important function or material parts thereof as specified in template B_07.01 of Annex I;

(o) information on the terminology used by financial entities and the terms included in the closed lists and classification systems used when filling in the templates as specified in template B_99.01 of Annex I.

Where relevant for their risk management or contract management purposes, financial entities may include into the register of information additional information in the format that is most appropriate for the purposes of such additional information.

In the case of groups, the parent undertakings shall take into account the relevant sectorial Union legislation when determining which entities to be included in the register of information. A register of information maintained and updated at sub-consolidated and consolidated levels shall include all financial entities and ICT intra-group service providers, which are part of the sub-group and group.

This Regulation entered into force on the twentieth day following that of its publication in the Official Journal of the European Union, meaning on 22 December 2024.

On 9 December 2024, the EBA published a joint statement on Financial Data Sharing under FiDA.

As the European Parliament adopted its position and the Council reached its General Approach, the Association for Financial Markets in Europe (AFME), the European Association of Co-operative Banks (EACB), the EBF, the European Fund and Asset Management Association (EFAMA), the European Savings and Retail Banking Group (ESBG), and Insurance Europe call on the co-legislators to deliver on commitments to boost European competitiveness and to avoid concluding the Financial Data Access (FiDA) Regulation before a thorough assessment of its impact across the entire value chain is completed.

The financial industry highlights the following recommendations to ensure an effective FiDA framework:

• The framework should balance value for customers, market demand, and costs for financial institutions prior to implementation. It is noted that in the impact assessment for the proposed legislation the costs have not been adequately assessed, nor has customer and market demand for data sharing been evidenced. The FiDA framework needs to be driven by demonstrated evidence of benefits to customers and market demand, as otherwise it risks undermining the competitiveness of financial institutions operating in the EU/EEA, by diverting resources from innovation plans, including from areas where FiDA can be successful.
• As FiDA creates new entities (financial information service providers – FISPs) that will be on the receiving end of large quantities of sensitive customer data, implications for data security and privacy need to be carefully considered. This necessitates, at a minimum, robust regulation and supervision of FISPs (to the same standards as those applied to regulated financial institutions), while ensuring the rigorous protection of European companies’ data. These key aspects of data sharing cannot be adequately achieved by the current design of FiDA, therefore creating risks to upholding European citizens’ fundamental right to data protection.

Following the ECON vote and the COREPER mandate for negotiations, and despite some positive improvements introduced in the EP and the Council positions, they remain very broad in scope, particularly in terms of data categories, and do not adequately address the competitiveness and data protection concerns mentioned above. The financial services industry has repeatedly raised these and other key concerns, also proposing relevant solutions, however they remain largely unaddressed.

On 18 December 2024, the FinDatEx published version 1.1.3 of its European ESG Template (EET).

This new version brings minor amendments in comparison with its predecessor. The amendments implement the ESMA fund naming guidelines (ESMA34-1592494965-657), and PAB and CTB compliance. FinDatEx recommends using version 1.1.3 as of 1 January 2025 and decommissioning version 1.1.2 as of 1 July 2025.

Not included in this update but currently discussed by the EET working group are amendments to data fields in relation to national regulatory requirements to flag a negative ESG target market (NTM), or the introduction of (a small number of) new data fields required by CSRD/EFRAG standards when making investments. As of 18 December 2024, any adjustment regarding NTM will be reflected in national data fields and announced on this website.

On 13 December 2024, the ESMA published Q&As on the application of the Guidelines on fund names.

The objective is to ensure a smooth application of the Guidelines through common understanding of key concepts.

• The Q&A on green bonds explains that investment restrictions related to the exclusion of companies do not apply to investments in European Green Bonds. For other green bonds, fund managers may use a look-through approach to assess whether the activities financed are relevant for the exclusions;
• The Q&A on “meaningfully investing in sustainable investments” presents a common understanding among national competent authorities that funds may not be “meaningfully investing in sustainable investments” if they contain less than 50% of sustainable investments; and 
• The Q&A on controversial weapons specifies that the reference for the exclusion related to controversial weapons should be the one referred to in SFDR principal adverse impact indicator 14. 

ESMA has decided to clarify the treatment of Green Bonds because of the imminent application of the European Green Bonds Regulation and the reference in the mandates in the AIFMD and UCITS Directive noting that sectoral legislation takes precedence.

On 2 December 2024, the Financial Services and Markets Authority (FSMA) published a Circular on the notification procedure for Belgian UCITS.

The field of application relates to UCIs under Belgian law that meet the conditions of UCITS Directive and that intend to market their units in another Member State of the EEA.

This Circular contains information on the file that Belgian UCITS must submit to the FSMA:

• when they intend to market their shares in another Member State of the EEA;
• in the event of a change in the information contained in the initial notification letter or in the event of a change in the classes of shares intended to be marketed;
• when they wish to withdraw the initial notification.

Such a Belgian UCITS must, in particular, take account of Article 92 et seq. of the Law of 3 August 2012 on CIUs which meet the conditions of UCITS Directive and on undertakings for the investment of claims (UCITS Law), and Article 210 et seq. of the Royal Decree of 12 November 2012 on CIUs which satisfy the conditions of the UCITS Directive. These provisions constitute the partial transposition of Articles 91 to 96 on the coordination of laws, regulations and administrative provisions relating to UCITS.

On 3 December 2024, the Financial Services and Markets Authority (FSMA) updated a Communication on the practical arrangements for the submission and processing of public offer documents.

The application relates to cases brought pursuant to Regulation (EU) 2017/1129 (Prospectus Regulation) on the prospectus to be published when securities are offered to the public or admitted to trading on a regulated market, the Law of 11 July 2018 on offers to the public of investment instruments and admissions of investment instruments to trading on regulated markets, the Law of 1 April 2007 on takeover bids and its implementing decrees, as well as Articles 7:193, § 2, and 7:145 of the Companies and Associations Code.

This Communication deals with the practical arrangements to be followed for the submission and processing of files relating to a public offer, as well as the language regime in force. Dossiers submitted on the basis of Article 20 of the Prospectus Regulation are referred to as "harmonised prospectus dossiers" and dossiers submitted on the basis of Article 8 of the Prospectus Act and Article 20 of the Prospectus Regulation are referred to as "non-harmonised prospectus dossiers".

The content of the files and the time at which they must be submitted to the FSMA are determined by the legislation in force. They are therefore not the subject of this Communication.

The FSMA would like to point out that:

• each document sent by email may correspond to only one file,
• it can read files created in a normal Windows environment,
• each file must be printable and must be submitted in a searchable electronic form,

- the sender is responsible for the protection of his data (authentication, confidentiality, etc.). In the event of the use of electronic signatures or encryption, the user must contact the FSMA to determine the terms and conditions for the transmission of the data.

On 2 December 2024, the Brazilian Financial and Capital Markets Association (ANBIMA) announced transition rules from the current to the new investment distribution certifications.

ANBIMA launched the transition rules from the current investment product distribution certifications (CPA-10, CPA-20 and CEA) to the new certifications (CPA, C-Pro R and C-Pro I). 

The change in certifications will take place through ANBIMA Edu.

To help certified people with the changes, ANBIMA has defined a transition rule, based on current certifications:

• Professionals with CPA-10 can obtain CPA.
• Professionals with CPA-20 can obtain CPA and C-Pro R.
• Professionals with CEA can obtain CPA, C-Pro R and C-Pro I.

Starting in 2026, professionals will no longer update their distribution certification every three or five years (depending on the type of relationship), as is done currently. The new update model will be annual.

On 10 December 2024, the Comissão de Valores Mobiliários (CVM) approved an amendment to the technical cooperation agreement with ANBIMA regarding the supervision of Credit Rights Investment Funds (FIDC).

The amendment and its work plan provide for the inclusion of Annex VI, which deals with the possibility of CVM taking advantage of the supervision work carried out by ANBIMA on service providers to FIDC, as regulated by CVM Resolution 175.

The new annex details the activities to be carried out by ANBIMA, within the scope of the Market Supervision Pillar, in relation to FIDCs, which include:

• carrying out routine, episodic and thematic filters in order to verify compliance with the self-regulation rules relating to FIDCs. Based on these filters, the funds that will be evaluated in more detail will be selected.
• sending requests for information to the service providers of the funds, in order to supervise the Participating Institutions in compliance with the rules set forth in the ANBIMA Code of Self-Regulation of Administration and Management of Third-Party Resources.
• routine monitoring of news and facts through different sources and media, in addition to the promotion of guidance and support actions for participating institutions, with a focus on preventing possible violations of self-regulation codes.

The agreement aims to take advantage of self-regulation activities in the investment fund industry, in order to optimize the activities developed and greater efficiency in institutional actions in the regulated markets. 

The amendment will come into force on 2 January 2025 and will include the result of the supervisions carried out as of this date. 

On 13 December 2024, the Banco Central do Brasil (BCB) announced that the CVM released its 2025 calendar with deadlines for submission of information by regulated parties.

The calendar is a support and consultation tool, in which it is possible to quickly and objectively search for the content necessary to comply with the obligations required by the CVM, reducing the number of punitive fines for non-delivery of such information, acting correctly and transparently with the market.

The information disclosed in the calendar is only that subject to the punitive fine, as provided for in CVM Resolution 47, and may change depending on the publication of ordinances of the Ministry of Management and Innovation in Public Services  that establish the holidays and optional points of the year in question.

The calendar is updated until 15 December, so that participants can plan in advance regarding the disclosure of information in the following year. 

Each regulated group has a seperate calendar:

1. Investment banking; Multiple bank with investment portfolio; Brokers; Distributors; Organized securities market; Securities bookkeeper; Securities custodian
2. Participatory investment electronic platform service provider
3. Fiduciary Agents
4. Independent Auditor
5. Incentivized Company (with fiscal year ended on 03/31)
6. Incentivized Company (with fiscal year ended on 12/31)
7. Publicly-held company (with fiscal year ended on 2/28)
8. Publicly-held company (with fiscal year ended on 3/31)
9. Publicly-held company (with fiscal year ended on 6/30)
10. Publicly-held company (with fiscal year ended on 12/31)
11. Foreign Company (with fiscal year ended on 12/31)
12. Portfolio Administrators; Consultants; Rating Agencies
13. Non-resident investors
14. ICVM 555 Investment Funds
15. Real Estate Investment Funds (FIIs)
16. Receivables Investment Funds (FIDCs) and Non-Standardized FIDCs
17. Market Index Investment Funds (ETFs)
18. Real Estate Receivables Certificate (CRI) and Agribusiness Receivables Certificate (CRA)
19. Private Equity Investment Funds (FIPs)
20. Municipalities issuing Certificates of Additional Construction Potential (CEPAC), which have an ongoing Consortium Urban Operation registered with the CVM (Mayor or his Representative)
21. Securitization Plants
22. FIAGRO - FII
23. FIAGRO - FIDC
24. Coordinators of Public Offerings for the Distribution of Securities

On 19 December 2024, the Banco Central do Brasil (BCB) published the CMN Resolution No. 5,194 and BCB Resolution No. 447 that amends Resolutions and Circulars to exclude or include from their scopes of application securities brokerage firms, securities distribution companies and exchange brokerage companies authorized to operate by the Central Bank of Brazil.

CMN Resolution No. 5,194, of 19 December 2024 amends Resolutions nos. 4,553, of 30 January 2017; 4,557, of 23 February 2017; and 4,606, of 19 October 2017; and CMN Resolutions nos. 4,945, of 15 September 2021; 4,955 and 4,958, of 21 October 2021, to exclude from their scopes of application securities brokerage firms, securities distribution companies and exchange brokerage companies authorized to operate by the BCB.

The provisions of this Resolution shall not apply to consortium administrators, payment institutions, securities brokerage companies, securities distribution companies and to exchange brokerage companies, which will follow the rules issued by the BCB in the exercise of their legal duties.

This Resolution entered into force on 1 January 2025.

BCB Resolution No. 447, of 19 December 2024 amends Circulars nos. 3,634, 3,635, 3,636, 3,637, 3,638, 3,639 and 3,641 of 4 March 2013, 3,809 of 25 August 2016, 3,846 of 13 September 2017, 3,861 and 3,863 of 7 December 2017, 3,876 of 31 January 2018, and 3,979 of 30 January 2020, and BCB Resolutions nos. 54 of 16 December 2020, 111 of 6 July 2021, 139 of 15 September 2021, 199, 200, 201 and 202 of 11 March 2022, 229 of 12 May 2022, 265 of 25 November 2022, 291 of 8 February 2023, 303 of 16 March 2023, 307, of 23 March 2023, 313, of 26 April 2023, 319, of 18 May 2023, 331, of 27 June 2023, and 356, of 28 November 2023, to include in their scopes of application securities brokerage companies, securities distribution companies, and exchange brokerage companies authorized to operate by the BCB.

This Resolution entered into force on 1 January 2025.

On 24 December 2024, the Brazilian Financial and Capital Markets Association (ANBIMA) announced that new certification rules and procedures are published and come into force on 2 January 2025.

The document consolidates self-regulation requirements for institutions that follow our Distribution and Resource Administration and Management Codes to hire and retain professionals.

Most of the rules, such as the certifications required for each type of professional and the principles that institutions must follow, were already part of the Certification Code. As it was discontinued, the requirements for institutions moved to the new document.

One of the novelties is the obligation for the institution to have – or hire – a substitute professional for cases in which the person working in the management of resources is unavailable. Both professionals must have certifications related to the function.

For professionals who have or want to apply for ANBIMA certifications, they have consolidated the technical guidelines, previously provided for in the Certification Code, in another document.

These changes are unrelated to the new Distribution certifications, which take effect in January 2026.

On 27 December 2024, the Comissão de Valores Mobiliários (CVM) published the CVM Resolution 225 on the Investor Access Registry, as an alternative to compliance with the content provided for in CVM Resolution 50 (article 1, I, of Annex B).

The rule establishes, on an experimental basis, the Access Registry of new investors and brings facilitating conditions for the registration of individuals, with Brazilian nationality and residing in the country, with securities intermediaries.

The normative change began with the establishment of a Strategic Project, within the scope of the CVM's Strategic Management Committee, with the aim of improving the regulatory approach and the operational dynamics related to registration procedures in the securities market.

The Access Registry can be applied to individuals who have assets of up to R$ 30 thousand reais with the intermediary. In addition to the list of more endless information, the investor will be exempt from filling out the suitability register and must be included in the most conservative profile.

Intermediaries interested in using the Access Registry must qualify with the organized market management entity in which they are linked as participants and must prove to have adequate systems to carry out the appropriate identification and qualification of investors. 

The experimental registration of the Investor Access Registry must be evaluated by the CVM within 5 years after the issuance of this rule. During this period, the CVM will evaluate the benefits acquired, as well as the associated risks and any problematic cases to consider the permanent adoption of the measure.

The CVM Resolution 225 enters into force on 3 March 2025.

On 13 December 2024, the Comissão de Valores Mobiliários (CVM) published the Joint Circular Letter CVM/SIN/SSE 2/2024 presenting additional interpretations of provisions of CVM Resolution 175.

The document provides additional guidance to administrators and managers of investment funds on the interpretation of provisions of the general part of CVM Resolution 175 and its normative annexes. It also complements the previous Circular Letters issued by the SIN and SSE.

The letter presents the clarifications in the form of a response to questions, which were consolidated from doubts received from the market. The themes are:  

• Absence of distribution fee when acting as a manager-distributor;
• Organization of classes and subclasses in investment funds;
• International ETFs as assets of FIFs;
• Temporary new operational dynamics for transformations.

On 23 December 2024, the Comissão de Valores Mobiliários (CVM) initiated a public consultation on Private Equity Investment Funds (FIP).

The rule, when edited, will replace Normative Annex IV of CVM Resolution 175. This Consultation is another step by the CVM focused on the modernization of the investment fund industry in Brazil. The proposal seeks to make compatible and update the rules applicable to FIPs, in line with the evolution and sophistication observed by this industry. 

This initiative promotes democratization both from the point of view of investors, by enabling retail access to this type of investment, and from the issuer, by expanding investment opportunities by this category of fund. FIPs can be an important player in the entrepreneurship ecosystem, especially given their potential to mobilize resources for small business companies and smaller companies.

In addition to the public's access to the product, other important measures for modernization are also planned, such as:

• FIP share classes may be exposed to capital risk
• Possibility for funds intended for qualified investors to invest up to the entirety of their equity in assets abroad
• Creation of a standardized form for providing periodic information on the asset portfolio.

The objective is for FIP managers to be increasingly qualified to prepare good companies for the capital market, including those that fall under the FÁCIL experimental regulatory regime, which is currently in the analysis phase of public contributions to the proposal released by the CVM.

Suggestions and comments can be sent to the email conpublicaSDM0324@cvm.gov.br. The deadline ends on 28 March 2025.

On 12 December 2024, the Brazilian Financial and Capital Markets Association (ANBIMA) announced that new rules allow for the classification of customers without complete suitability.

ANBIMA's self-regulation has been updated due to the new CVM recommendations on investor profile analysis.

Distributors can now classify customers who have not completed the suitability process (analysis of the investor's profile) for conservative investors (with a lower risk appetite). The measure applies to all customers with an active account who have not completed the Investor Profile Analysis questionnaire. However, it will be mandatory that the investor has his personal data registration complete and updated at the institution and has never invested in a portfolio of non-conservative investment products. Once classified as conservative, these clients will be subject to the same rules that already exist for this investor profile, including due monitoring by the rules related to AML/FPT (Prevention of Money Laundering, Terrorist Financing and Proliferation of Weapons of Mass Destruction).

Distributors will be able to refer low-risk investments to these customers. In the Distribution Code, the criteria for the risk classification of investment products for suitability purposes are defined, which consider characteristics of the security and the issuer, such as credit risk, market risk and maturity period. In the case of COEs (Structured Operations Certificates), for example, the classification was adjusted and started to consider more risk factors, such as the pricing scenarios of these assets. Institutions must communicate to the investors when automatic classification occurs, before offering products. In addition, distributors must share guidelines for accessing the Investor Profile Analysis questionnaire so that the customer can carry out the complete procedure of identifying their investor profile, in case they want to change their classification.

On 3 December 2024, the Banco Central do Brasil (BCB) published the Joint Resolution No. 13 that provides for the investment of non-residents in the financial market and in the securities market.

This Joint Resolution regulates the flows, inventories, investor registration and the provision of information on non-resident investment in the market financial and securities market, including through the of Depositary Receipts. 

Main points include the:

• simplification of procedures for non-resident individual investors and adoption of value criteria for exemption of representative; the measure reduces compliance costs, facilitating foreign investments in the country;
• simplification for non-resident investors with regard to the obligation to constitute a custodian prior to the start of operations; the measure contributes to the simplification of operations and facilitates the landing of operations by non-foreign investors, approaching international practice in countries with the same degree of depth and market development as Brazil. It should be noted that the measure does not rule out the role of the custodian, but makes its prior constitution optional.
• facilitation of investments via non-resident account (CNR) and prepaid payment account, maintaining, in this case, requirements for the constitution of a representative and registration with the CVM only for investments by non-resident legal entities in securities; the measure brings the form of investment of non-residents closer to the conditions currently applicable to resident investors, benefiting, inclusively, people who have moved abroad and who would like to continue investing in the country in a more simplified way;
• greater clarity in the process of changing the investor's residence condition; the measure clarifies the possibility for investors to maintain the conditions originally agreed upon without the need for redemption or closure of the position, also benefiting, for example, people who have moved abroad and who would like to continue investing in the country in a more simplified way;
• expansion of assets eligible for Depositary Receipts (DRs); the measure allows the expansion of the possibilities of raising funds from non-residents through the issuance of Depositary Receipts abroad (such as ADRs or GDRs);
• end of the Electronic Declaratory Registration, Portfolio Module (RDE-Portfolio); reduces compliance costs and requirements for non-residents to make portfolio investments;
• end of the need for foreign exchange operations and international transfers in simultaneous reais on a mandatory basis; a measure that also reduces the cost of compliance and requirements for making investments in the portfolio;
• extension of the possibility of receiving abroad amounts from non-resident investors related to investments in adjustments and settlement in the country of agricultural derivatives in the country;
• inclusion of clearing and settlement clearing houses and service providers in the list of entities that may act as representatives of the non-resident investor;
• extension to 10 years of the period for the storage of information and supporting documents; a measure in line with the best practices for the prevention of money laundering, the financing of terrorism and the proliferation of weapons of mass destruction (AML/FTP) and the deadlines already defined in the rules related to foreign direct investment, foreign credit and the foreign exchange market; and
• adoption of the "risk-based approach" for the application of documents related to investments, and the specific requirements set forth in the AML/FTP regulations must be observed.

This Resolution entered into force on 1 January  2025.

On 3 December 2024, the Comissão de Valores Mobiliários (CVM) published the CVM/SIN Circular Letter 8/2024 that provides guidance on new operational dynamics for obtaining registration and CPF for non-resident investors (INR) exempt from registration with the Authority under the terms of CVM Resolution 13.

Currently, the CVM generates a fictitious code to serve the B3 system, which requires a similar operational code, when registration was granted prior to the issuance of CVM Resolution 64. As a way to optimize the process, the code will be generated by B3 itself, developing a new functionality for this purpose. The CVM will continue to generate the code for 30 days after the launch of the new tool, as a contingency to stabilize this transition.

Based on the CPF, the system will check if this information already exists in the Integrated Registration System (SINCAD) and will start the process of generating the fictitious document. If the investor does not have a CPF, this document will be requested through the integration between B3 and CVM.

For those who choose to maintain the conventional inclusion of passengers in a collective account, the CVM will continue to be responsible for generating the CVM operational code, according to the guidance contained in Circular Letter 9/2023/CVM/SIN.

On 19 December 2024, the Brazilian Financial and Capital Markets Association (ANBIMA) announced that its membership and supervision fees will be reduced in 2025.

Membership fees, semester/annual supervisory fees, and registration fees (fund class, subclass, FIDC, FIP, offerings, and CRI) will be reduced by 5% next year. The reduction was approved by the Board of Directors at a meeting on 12 December 2024. 

In addition, the values of certification tests and other services will not be readjusted in 2025, remaining the same as in 2024. Since 2019, the values of the associative fees and other ANBIMA fees have not been high. In 2022 and 2023, the prices of certification exams, fund registration fees, offerings, and supervision were reduced by between 5% and 30%, with the aim of democratizing access to our services and the main certification program in the investment industry.

The new table comes into force from 2 January 2025.

On 19 December 2024, the Ministerio de Hacienda y Crédito Público published a Draft Decree on Open Finance.

An open finance system shall be understood as the set of rules, standards, infrastructures and participants that interact to allow access to and standardised provision of personal data held by financial institutions, with the prior authorisation of the Owner, in order to promote inclusion, innovation and competition in the financial system.

The open finance system includes the circulation of information and the provision of the following service: 

1. Information on the financial consumer's use of financial products and services, including, but not limited to, deposit, credit, insurance, and investment products. 
2. Linking information provided by the Account Holder to access financial products and services.
3. Information on the general characteristics of the financial products and services offered by financial institutions. 
4. The payment initiation service.
   
   These provisions aim to consolidate an open finance system that enables access to new sources of information to promote financial inclusion and the development of new business models for the benefit of financial consumers. Likewise, these provisions contribute to the fulfillment of the public policy objectives proposed by the national government related to the access, use and exploitation of data to promote social transformation, the empowerment of people and the development of the popular and community economy.

This decree is in force as of its publication, without prejudice to the transitional regime provided for in Article 2, replaces Title 8 of Book 35 of Part 2 of Decree 2555 of 2010, and repeals Title 10 of Book 35 of Part 2 of Decree 2555 of 2010.

On 12 December 2024, the Ministerio de Hacienda y Crédito Público published the Amending Decree 2555 of 2010 in relation to the value of the Risk-Weighted Asset and the framework of large exposures.

The value of the Risk-Weighted Asset relates to the line of credits of libranza of the consumer portfolio and with the framework for identifying and managing large exposures and concentration of risks for credit institutions.

That regulation aims for adequate risk and capital management that Basel III promotes. In particular, banks must have a sufficient amount of equity to cover potential losses arising from their operations, including those arising from loans and products such as drafts. In addition, they must manage risks related to credit, liquidity and operational risk. Drafts, like any form of credit, must be carefully evaluated to ensure that they do not compromise the financial stability of credit institutions.

As part of the process of adopting international practices, the Financial Regulation Unit planned to update the rules related to credit quotas and risk concentration. This update, known in the Basel standard as "Large Exposures", incorporates the Committee's recommendations for managing the concentration of credit risks in a counterparty or a group of connected counterparties. After the implementation of these new regulatory frameworks, there is a need to review specific aspects of the Colombian credit market. 

These reviews focus on two main points: 

1. Adjustment to the solvency margin framework and equity requirements, establishing the level of capital consumption through risk-weighted assets for a particular credit line. 
2. Adjustments to the framework of large exposures, defining the transactions eligible for guarantees, the concentration of operations of territorial and decentralized entities, and a review of capital investments in supervised entities. 

On 23 December 2024, the Autorité des marchés financiers (AMF) published a page on MiCA to help companies comply.

Starting 30 December 2024, under the MiCA regulation, issuers and service providers wishing to list crypto-assets must notify the competent authorities with a white paper. The AMF provides guidance on its Fintech website, detailing essential elements of this process. 

The AMF is responsible for the white paper submissions for crypto-assets that are not asset-referenced or e-money tokens, as per MiCA. The AMF’s page also covers timing requirements and obligations regarding the delay of privileged information under MiCA.

Version française

Le 23 décembre 2024, l'Autorité des marchés financiers (AMF) a publié une page sur MiCA pour aider les entreprises à s'y conformer.

À compter du 30 décembre 2024, en vertu du règlement MiCA, les émetteurs et prestataires de services souhaitant coter des crypto-actifs doivent en informer les autorités compétentes au moyen d’un livre blanc. L’AMF fournit des orientations sur son site Internet Fintech, détaillant les éléments essentiels de cette démarche. 

L’AMF est responsable des soumissions de livres blancs pour les crypto-actifs qui ne sont pas des actifs référencés ou des jetons de monnaie électronique, selon MiCA. La page de l’AMF couvre également les exigences et obligations temporelles concernant le délai de transmission des informations privilégiées dans le cadre du MiCA.

On 24 December 2024, France's Official Journal (Legifrance) published Decree No. 2024-1205 of 23 December 2024 on crypto-asset markets and the strengthening of anti-money laundering and anti-terrorist financing obligations with regard to the transfer of crypto-assets.

The notice states that the decree modifies the regulatory part of the Monetary and Financial Code in application of Regulation (EU) 2023/1113 of the European Parliament and of the Council of May 31, 2023, on information accompanying transfers of funds and certain crypto-assets, and amending Directive (EU) 2015/849. This regulation was transposed into legislative form by Ordinance n° 2024-937 of October 15, 2024, which strengthens obligations to combat money laundering and terrorist financing in the context of crypto-asset transfers.

Version française

Le 24 décembre 2024, le Journal officiel (Legifrance) a publié le décret n° 2024-1205 du 23 décembre 2024 relatif aux marchés des crypto-actifs et au renforcement des obligations de lutte contre le blanchiment et le financement du terrorisme en matière de transfert de crypto-actifs.

L'avis précise que le décret modifie la partie réglementaire du Code monétaire et financier en application du règlement (UE) 2023/1113 du Parlement européen et du Conseil du 31 mai 2023 relatif aux informations accompagnant les transferts de fonds et de certaines crypto-monnaies. actifs et modifiant la directive (UE) 2015/849. Cette réglementation a été transposée sous forme législative par l’ordonnance n° 2024-937 du 15 octobre 2024 qui renforce les obligations en matière de lutte contre le blanchiment et le financement du terrorisme dans le cadre des transferts de crypto-actifs.

On 23 December 2024, the Autorité des Marchés Financiers (AMF) published a thematic report dedicated to the implementation of the DORA regulation. 

As the regulation is set to come into force on 17 January 2025, the AMF provides an overview of the primary obligations related to cyber and IT risk management arising from this regulation, including conditions for notifying major incidents related to information and communication technology (ICT).

The DORA regulation, part of a series of measures on digital finance within the European Union, establishes a common framework for managing ICT risks, covering cybersecurity and broader IT risk management. It includes provisions that require financial entities to implement a risk management framework for ICT, notify major ICT incidents to relevant authorities, conduct digital operational resilience tests, manage risks associated with third-party ICT service providers, and maintain a register of contractual agreements with these providers. Additionally, DORA encourages the voluntary sharing of information on cyber threats and vulnerabilities among financial sector players.

To facilitate the implementation, the AMF's dossier outlines the main provisions of the regulation and specifies the conditions for reporting major ICT incidents. It highlights the importance of financial entities maintaining a register of their contractual agreements and adhering to new contractual requirements. DORA also mandates the adoption of technical standards and implementing technical standards (RTS and ITS) developed by the European Supervisory Authorities (EBA, EIOPA, ESMA) to guide financial entities in complying with DORA obligations. The regulation's application texts include details on ICT risk management, incident reporting, and criteria for classifying ICT-related incidents.

For more detailed information, the AMF dossier provides links to relevant European Commission and ESMA resources.

Version française

Le 23 décembre 2024, l'Autorité des marchés financiers (AMF) a publié un rapport thématique consacré à la mise en œuvre du règlement DORA. 

L’entrée en vigueur du règlement étant prévue le 17 janvier 2025, l’AMF dresse un aperçu des principales obligations liées à la gestion des risques cyber et informatiques découlant de ce règlement, notamment les conditions de déclaration des incidents majeurs liés aux technologies de l’information et de la communication (TIC).

Le règlement DORA, qui fait partie d'une série de mesures sur la finance numérique au sein de l'Union européenne, établit un cadre commun pour la gestion des risques informatiques, couvrant la cybersécurité et une gestion plus large des risques informatiques. Il comprend des dispositions qui obligent les entités financières à mettre en œuvre un cadre de gestion des risques pour les TIC, à notifier les incidents informatiques majeurs aux autorités compétentes, à effectuer des tests de résilience opérationnelle numérique, à gérer les risques associés aux prestataires de services TIC tiers et à tenir un registre des accords contractuels avec ces derniers. fournisseurs. De plus, DORA encourage le partage volontaire d’informations sur les cybermenaces et les vulnérabilités entre les acteurs du secteur financier.

Pour faciliter la mise en œuvre, le dossier de l'AMF rappelle les principales dispositions du règlement et précise les conditions de déclaration des incidents informatiques majeurs. Il souligne l'importance pour les entités financières de tenir un registre de leurs accords contractuels et d'adhérer aux nouvelles exigences contractuelles. DORA impose également l'adoption de normes techniques et de normes techniques de mise en œuvre (RTS et ITS) développées par les autorités européennes de surveillance (EBA, EIOPA, ESMA) pour guider les entités financières dans le respect des obligations de DORA. Les textes d'application du règlement incluent des détails sur la gestion des risques TIC, le reporting des incidents et les critères de classification des incidents liés aux TIC.

Pour des informations plus détaillées, le dossier de l'AMF fournit des liens vers les ressources pertinentes de la Commission européenne et de l'ESMA.

On 3 December 2024, the Autorité des marchés financiers (AMF) published the report on corporate governance and executive remuneration for 2024.

The report provides a comprehensive assessment of the practices and disclosures of publicly traded companies in France. Conducted by the AMF, the report primarily analyzes data from corporate governance reports published by listed companies. 

The aim is to identify recent trends in governance, including legislative and regulatory updates such as the Directive Women on Boards and the "Attractivité" law. The report strives to highlight evolutions in governance practices based on information made public by companies listed on the regulated market Euronext Paris, focusing particularly on compliance with articles L. 544-3 to L. 544-6 of the code monétaire et financier.

The methodology involves a detailed review of corporate governance reports and follows a multi-criteria selection process as per ESMA guidelines. Key findings are drawn from these reviews, and companies are observed for any deviations from legal requirements or best practice recommendations. These observations help the AMF recommend improvements in corporate governance and transparency. Furthermore, the report addresses the handling and transparency of conflicts of interest, such as significant relationships between institutional clients and service providers like ISS and Glass Lewis, and underscores the importance of fact-checking and error-tracking in vote recommendations and research reports.

Additionally, the report encourages companies to integrate and assess non-financial risks, such as cybersecurity and ESG factors, while fostering transparency and accountability in their governance and remuneration disclosures. This integration aims to avoid controversies like greenwashing and promotes the adoption of a robust internal carbon pricing policy and biodiversity strategy.

Version française

Le 3 décembre 2024, l'Autorité des marchés financiers (AMF) a publié le rapport sur le gouvernement d'entreprise et la rémunération des dirigeants pour l'année 2024.

Le rapport fournit une évaluation complète des pratiques et des informations fournies par les sociétés cotées en bourse en France. Réalisé par l'AMF, le rapport analyse principalement les données issues des rapports sur le gouvernement d'entreprise publiés par les sociétés cotées. 

L'objectif est d'identifier les tendances récentes en matière de gouvernance, notamment les mises à jour législatives et réglementaires telles que la Directive Femmes dans les Conseils d'Administration et la loi « Attractivité ». Le rapport s'attache à mettre en lumière les évolutions des pratiques de gouvernance fondées sur les informations rendues publiques par les sociétés cotées sur le marché réglementé d'Euronext Paris, en s'attachant notamment au respect des articles L. 544-3 à L. 544-6 du code monétaire et financier.

La méthodologie implique un examen détaillé des rapports de gouvernance d'entreprise et suit un processus de sélection multicritère conformément aux lignes directrices de l'ESMA. Les principales conclusions sont tirées de ces examens, et les entreprises sont observées pour détecter tout écart par rapport aux exigences légales ou aux recommandations de bonnes pratiques. Ces observations permettent à l’AMF de recommander des améliorations en matière de gouvernance d’entreprise et de transparence. En outre, le rapport aborde la gestion et la transparence des conflits d'intérêts, tels que les relations significatives entre les clients institutionnels et les prestataires de services comme ISS et Glass Lewis, et souligne l'importance de la vérification des faits et du suivi des erreurs dans les recommandations de vote et les rapports de recherche.

En outre, le rapport encourage les entreprises à intégrer et à évaluer les risques non financiers, tels que la cybersécurité et les facteurs ESG, tout en favorisant la transparence et la responsabilité dans leurs informations en matière de gouvernance et de rémunération. Cette intégration vise à éviter des controverses telles que le greenwashing et favorise l’adoption d’une politique interne solide de tarification du carbone et d’une stratégie pour la biodiversité.

On 18 December 2024, the Autorité des marchés financiers (AMF) updated its guidelines on the preparation of portfolio management companies' business programs. 

This update modifies the provisions related to the capital requirements of portfolio management companies within the AMF's guide for preparing business programs for portfolio management companies and self-managed collective investment schemes (position-recommendation DOC-2012-19), to reflect the provisions of Regulation (EU) 2019/2033 on the prudential requirements for investment firms (IFR Regulation).

The decree of 27 November 2024 amended Articles 317-2, 321-10, and 321-154 of the AMF General Regulation to transpose the changes made by Directive (EU) 2019/2034 on the prudential supervision of investment firms (IFD Directive) into Directive 2011/61/EU on alternative investment fund managers (AIFM Directive) and Directive 2009/65/EC (UCITS Directive) regarding the calculation methods for one-fourth of overheads in determining the required capital for portfolio management companies. These three articles of the General Regulation, which previously referred to Articles 34 ter to 34 quinter of Delegated Regulation (EU) No 241/2014, now refer to Article 13 of the IFR Regulation and Delegated Regulation (EU) 2022/1455. The impact for portfolio management companies primarily involves the ability to deduct more variable costs in the calculation of overheads, such as the full remuneration paid to tied agents.

In response, the AMF has updated the provisions of paragraph 6 concerning capital requirements in its position-recommendation DOC-2012-19, as well as the simplified capital calculation table in Annex II.

Version française

Le 18 décembre 2024, l'Autorité des marchés financiers (AMF) a mis à jour ses lignes directrices relatives à l'élaboration des programmes d'affaires des sociétés de gestion de portefeuille. 

Cette actualisation modifie les dispositions relatives aux exigences de capital des sociétés de gestion de portefeuille au sein du guide de l'AMF pour l'élaboration des programmes d'affaires des sociétés de gestion de portefeuille et des organismes de placement collectif autogérés (position-recommandation DOC-2012-19), pour refléter les dispositions du Règlement (UE) 2019/2033 relative aux exigences prudentielles applicables aux entreprises d’investissement (Règlement IFR).

Le décret du 27 novembre 2024 a modifié les articles 317-2, 321-10 et 321-154 du règlement général de l'AMF pour transposer les modifications apportées par la directive (UE) 2019/2034 relative à la surveillance prudentielle des entreprises d'investissement (directive IFD) dans Directive 2011/61/UE relative aux gestionnaires de fonds d'investissement alternatifs (directive AIFM) et directive 2009/65/CE (directive OPCVM) concernant les modalités de calcul du quart des frais généraux pour la détermination du capital requis des sociétés de gestion de portefeuille. Ces trois articles du Règlement Général, qui faisaient auparavant référence aux articles 34 ter à 34 quinter du Règlement Délégué (UE) n° 241/2014, font désormais référence à l'article 13 du Règlement IFR et du Règlement Délégué (UE) 2022/1455. L'impact pour les sociétés de gestion de portefeuille concerne principalement la possibilité de déduire davantage de coûts variables dans le calcul des frais généraux, comme par exemple la rémunération intégrale versée aux agents liés.

En réponse, l'AMF a mis à jour les dispositions du paragraphe 6 concernant les exigences de fonds propres dans sa position-recommandation DOC-2012-19, ainsi que le tableau simplifié de calcul du capital en annexe II.

On 20 December 2024, the Autorité des marchés financiers (AMF) updated their page and notification form templates for EMIR 3.

On 4 December 2024, the EMIR 3 regulation was published in the Official Journal of the European Union, with certain provisions taking effect from 24 December 2024. As part of this, the AMF outlined the notification requirements related to the obligation to maintain an active account in accordance with Article 7a(1) of EMIR.

From 24 December 2024, French financial counterparties (FCs) or non-financial counterparties (NFCs) subject to the active account obligation must inform both the AMF and ESMA. This notification must follow the specific procedures detailed on the AMF's website under the section “mes relations avec l’AMF” and “Effectuer mes reporting et déclarations,” specifically in the "Les notifications au titre d’EMIR" section.

For notifications, FCs and NFCs must use the ESMA-provided notification model available on the ESMA website under "Active Account Notification" and send it to emir-notifications@amf-france.org. It is crucial not to modify the file’s structure or format. Notifications that deviate from the prescribed structure or are in a different format will not be considered. It is also important to follow the email and file naming conventions as detailed by the AMF.

Version française

Le 20 décembre 2024, l'Autorité des marchés financiers (AMF) a mis à jour ses modèles de page et de formulaire de notification pour EMIR 3.

Le 4 décembre 2024, le règlement EMIR 3 a été publié au Journal officiel de l'Union européenne, dont certaines dispositions prennent effet à compter du 24 décembre 2024. Dans ce cadre, l'AMF a précisé les exigences de notification liées à l'obligation de tenue d'un compte actif. conformément à l’article 7 bis, paragraphe 1, d’EMIR.

A compter du 24 décembre 2024, les contreparties financières (FC) ou non financières (NFC) françaises soumises à l'obligation de compte actif doivent en informer à la fois l'AMF et l'ESMA. Cette notification doit suivre les procédures spécifiques détaillées sur le site Internet de l'AMF dans la rubrique « mes relations avec l'AMF » et « Effectuer mes reporting et déclarations », plus précisément dans la rubrique « Les notifications au titre d'EMIR ».

Pour les notifications, les FC et NFC doivent utiliser le modèle de notification fourni par l'ESMA disponible sur le site Internet de l'ESMA sous « Active Account Notification » et l'envoyer à emir-notifications@amf-france.org. Il est crucial de ne pas modifier la structure ou le format du fichier. Les notifications qui s'écartent de la structure prescrite ou qui sont dans un format différent ne seront pas prises en compte. Il est également important de respecter les conventions de dénomination des courriers électroniques et des fichiers détaillées par l'AMF.

On 2 January 2025, the Autorité des marchés financiers (AMF) updated position-recommandation DOC-2020-03 to account for the ESMA guidelines on ESG fund names.

The AMF decided to comply with ESMA guidelines on fund names related to ESG or sustainability criteria, resulting in amendments to the AMF position-recommendation 2020-03. 

This originally aimed to prevent greenwashing and set standards for collective investments marketed in France. The amendments now incorporate ESMA's guidelines, replacing existing fund naming criteria for all collective investment schemes, including professional ones. 

These changes are effective from 21 November 2024 for new funds, and from 21 May 2025 for existing funds. The modifications also clarify the interaction between these naming guidelines and existing marketing material requirements. Funds must comply with both ESMA guidelines and AMF 2020-03 to use ESG-related terms. Specific measures have been introduced to reconcile these rules, which include counting fossil fuel exclusions and adapting warnings for foreign funds. These amendments are effective immediately.

Version française

Le 2 janvier 2025, l'Autorité des marchés financiers (AMF) a mis à jour la position-recommandation DOC-2020-03 pour tenir compte des orientations de l'ESMA sur les noms de fonds ESG.

L’AMF a décidé de se conformer aux lignes directrices de l’ESMA sur les noms de fonds liés à des critères ESG ou de développement durable, ce qui a conduit à modifier la position-recommandation AMF 2020-03. 

Celui-ci visait à l’origine à prévenir le greenwashing et à fixer des normes pour les placements collectifs commercialisés en France. Les amendements intègrent désormais les lignes directrices de l'ESMA, remplaçant les critères de dénomination des fonds existants pour tous les organismes de placement collectif, y compris professionnels. 

Ces changements entrent en vigueur le 21 novembre 2024 pour les nouveaux fonds et le 21 mai 2025 pour les fonds existants. Les modifications clarifient également l'interaction entre ces directives de dénomination et les exigences existantes en matière de matériel de marketing. Les fonds doivent se conformer à la fois aux lignes directrices de l’ESMA et de l’AMF 2020-03 pour utiliser des termes liés à l’ESG. Des mesures spécifiques ont été introduites pour concilier ces règles, notamment le décompte des exclusions liées aux énergies fossiles et l'adaptation des avertissements pour les fonds étrangers. Ces modifications entrent en vigueur immédiatement.

On 10 December 2024, the Autorité des marchés financiers (AMF) published a report on sustainability reporting.

This report provides an overview of the AMF's review concerning the non-financial performance declarations (DPEF) of listed companies. During its supervision efforts, the AMF particularly relied on the European supervision priorities defined by the European Securities and Markets Authority (ESMA). The report is based on the comments made by the AMF to issuers whose DPEF was reviewed in 2023 or 2024.

The AMF highlights key points of attention regarding the information to be published on Environmental, Social, and Governance (ESG) issues, which remain relevant in light of the Corporate Sustainability Reporting Directive (CSRD), pending any potential European decisions on this text. The report includes numerous examples of reporting and regulatory focus on this directive and covers the following reporting areas: business model description; identification of impacts, risks, and opportunities (materiality analysis); presentation of objectives and performance indicators; presentation of policies and actions; description of governance related to sustainability issues; and reporting under Article 8 of the Taxonomy Regulation.

The comments from the AMF mainly focus on the addition of necessary information for a proper understanding of the company's sustainability issues and their management, which is crucial for investors. Specific areas include the scope covered by reporting and the methodology for data analysis and calculation. The comments also emphasize the importance of ensuring overall consistency between the published financial and sustainability information. A significant portion of the comments targets climate-related reporting, aligning with ESMA's previous European supervision priorities.

These comments on the DPEF remain relevant in the context of the CSRD, which requires a more in-depth analysis of the company's sustainability issues and a considerably larger amount of data to be provided. Regarding taxonomy reporting, the comments to companies mainly focus on the presentation of indicators in regulatory tables and the publication of contextual information needed to understand the methodology for analyzing and calculating indicators. The AMF stresses the importance of a thorough analysis of the company's activities in relation to all the environmental objectives of the taxonomy.

To support companies in transitioning to the new regulatory framework, the AMF highlights numerous examples of best practices in this report that can help companies prepare their sustainability statements (CSRD and Taxonomy reporting). 

Acknowledging that actors will inevitably experience a learning curve in the first years of CSRD implementation, the AMF encourages large companies to focus on materiality analysis, the structure and scope of the sustainability statement, and taxonomy reporting during the first CSRD reporting exercise, in line with ESMA's 2024 priorities.

Version française

Le 10 décembre 2024, l'Autorité des marchés financiers (AMF) a publié un rapport sur le reporting développement durable.

Ce rapport donne un aperçu de l'examen mené par l'AMF concernant les déclarations de performance extra-financière (DPEF) des sociétés cotées. Dans le cadre de ses efforts de surveillance, l'AMF s'est notamment appuyée sur les priorités européennes en matière de surveillance définies par l'Autorité européenne des marchés financiers (ESMA). Le rapport s'appuie sur les commentaires formulés par l'AMF aux émetteurs dont le DPEF a été examiné en 2023 ou 2024.

L’AMF souligne les points clés d’attention concernant les informations à publier sur les questions environnementales, sociales et de gouvernance (ESG), qui restent pertinentes au regard de la directive sur le reporting développement durable des entreprises (CSRD), dans l’attente d’éventuelles décisions européennes sur ce texte. Le rapport comprend de nombreux exemples de reporting et d'accent réglementaire sur cette directive et couvre les domaines de reporting suivants : description du modèle économique ; identification des impacts, des risques et des opportunités (analyse de matérialité) ; présentation des objectifs et des indicateurs de performance ; présentation des politiques et des actions ; description de la gouvernance liée aux questions de durabilité ; et la déclaration au titre de l'article 8 du règlement sur la taxonomie.

Les commentaires de l'AMF portent principalement sur l'ajout d'informations nécessaires à la bonne compréhension des enjeux de développement durable de l'entreprise et de leur gestion, ce qui est crucial pour les investisseurs. Les domaines spécifiques incluent le périmètre couvert par le reporting et la méthodologie d’analyse et de calcul des données. Les commentaires soulignent également l’importance d’assurer une cohérence globale entre les informations financières et durables publiées. Une partie importante des commentaires porte sur le reporting lié au climat, ce qui s'aligne sur les précédentes priorités de supervision européenne de l'ESMA.

Ces commentaires sur la DPEF restent pertinents dans le cadre du CSRD, qui nécessite une analyse plus approfondie des enjeux de développement durable de l'entreprise et la fourniture d'un volume de données considérablement plus important. Concernant le reporting taxonomique, les commentaires adressés aux entreprises portent principalement sur la présentation des indicateurs dans des tableaux réglementaires et la publication des informations contextuelles nécessaires à la compréhension de la méthodologie d'analyse et de calcul des indicateurs. L'AMF souligne l'importance d'une analyse approfondie des activités de l'entreprise au regard de l'ensemble des objectifs environnementaux de la taxonomie.

Pour accompagner les entreprises dans leur transition vers le nouveau cadre réglementaire, l’AMF met en avant dans ce rapport de nombreux exemples de bonnes pratiques pouvant aider les entreprises à préparer leurs déclarations de développement durable (reporting CSRD et Taxonomie). 

Reconnaissant que les acteurs connaîtront inévitablement une courbe d'apprentissage au cours des premières années de mise en œuvre de la CSRD, l'AMF encourage les grandes entreprises à se concentrer sur l'analyse de matérialité, la structure et la portée de la déclaration de durabilité et le reporting taxonomique lors du premier exercice de reporting CSRD, conformément aux Les priorités de l'ESMA pour 2024.

On 10 December 2024, the Autorité des marchés financiers (AMF) published a report on taxonomy reporting.

In a report on the initial taxonomy alignment reports of seven French banks and insurers, the AMF assesses their practices and obligations under the European taxonomy regulation, addressing challenges faced by these entities. Committed to promoting sustainable finance in its 2023-2027 strategy, the AMF reviewed the published information and difficulties encountered, providing key findings to improve transparency.

The AMF emphasizes the need for transparency, urging financial actors to clearly state assumptions and difficulties, especially the reasons for not publishing certain indicators. It also calls for greater coherence between taxonomy reporting, ESG strategies, and other non-financial performance information to enhance relevance for investors. The availability and reliability of data are highlighted as crucial, as the financial sector depends on counterparties' data. Simplifying this information is considered desirable.

The Taxonomy Regulation aims to promote sustainable investments by identifying environmentally sustainable activities. An activity must fall within the expanding scope of the taxonomy and meet scientific or existing standard-based sustainability criteria based on six environmental objectives: climate change mitigation, climate change adaptation, sustainable use and protection of water and marine resources, transition to a circular economy, pollution prevention and reduction, and protection and restoration of biodiversity and ecosystems.

Version française

Le 10 décembre 2024, l'Autorité des marchés financiers (AMF) a publié un rapport sur le reporting taxonomique.

Dans un rapport sur les premiers rapports d’alignement taxonomique de sept banques et assureurs français, l’AMF évalue leurs pratiques et obligations au titre du règlement taxonomique européen, répondant aux défis rencontrés par ces entités. Engagée dans la promotion de la finance durable dans sa stratégie 2023-2027, l’AMF a passé en revue les informations publiées et les difficultés rencontrées et a apporté des conclusions clés pour améliorer la transparence.

L'AMF souligne le besoin de transparence, invitant les acteurs financiers à clairement énoncer leurs hypothèses et leurs difficultés, notamment les raisons pour lesquelles certains indicateurs ne sont pas publiés. Il appelle également à une plus grande cohérence entre les rapports taxonomiques, les stratégies ESG et d’autres informations sur les performances non financières afin d’en accroître la pertinence pour les investisseurs. La disponibilité et la fiabilité des données sont soulignées comme étant cruciales, car le secteur financier dépend des données des contreparties. Il est jugé souhaitable de simplifier ces informations.

Le règlement taxonomie vise à promouvoir les investissements durables en identifiant les activités écologiquement durables. Une activité doit s'inscrire dans le champ d'application croissant de la taxonomie et répondre à des critères de durabilité scientifiques ou normatifs existants basés sur six objectifs environnementaux : atténuation du changement climatique, adaptation au changement climatique, utilisation durable et protection de l'eau et des ressources marines, transition vers une économie circulaire. , la prévention et la réduction de la pollution, ainsi que la protection et la restauration de la biodiversité et des écosystèmes.

On 9 December 2024, the Autorité de contrôle prudentiel et de résolution (ACPR) announced new page for Non-Bank Financial Intermediation (Shadow Banking).

The Banque de France has recently enhanced its website by adding a page dedicated to non-bank financial intermediation (NBFI). 

This initiative aims to provide a comprehensive understanding of this sector, previously known as "shadow banking," which plays a significant role in financing the economy. NBFI includes activities of fund collection and financing by entities outside the banking sector, such as investment funds, insurance companies, and pension funds. The new page specifically addresses the financial stability issues related to this sector, including liquidity risks and connections with the traditional banking system. 

Additionally, the page offers educational resources like infographics and explanatory videos to help a broad audience understand NBFI better.

Version française

Le 9 décembre 2024, l'Autorité de contrôle prudentiel et de résolution (ACPR) a annoncé une nouvelle page dédiée à l'intermédiation financière non bancaire (Shadow Banking).

La Banque de France a récemment enrichi son site internet en y ajoutant une page dédiée à l'intermédiation financière non bancaire (IFNB). 

Cette initiative vise à fournir une compréhension globale de ce secteur, anciennement connu sous le nom de « shadow banking », qui joue un rôle important dans le financement de l'économie. Les IFNB comprennent les activités de collecte et de financement de fonds par des entités extérieures au secteur bancaire, telles que les fonds d'investissement, les compagnies d'assurance et les fonds de pension. La nouvelle page aborde spécifiquement les questions de stabilité financière liées à ce secteur, y compris les risques de liquidité et les liens avec le système bancaire traditionnel. 

De plus, la page propose des ressources pédagogiques telles que des infographies et des vidéos explicatives pour aider un large public à mieux comprendre NBFI.

On 10 December 2024, the Federal Financial Supervisory Authority (BaFin) published a draft Revised Circular for requirements for the appointment of external valuers for real estate assets and real estate companies.

This is intended to make it easier to prove that the requirements under Section 216 (2) KAGB are met. It is true that the Circular applies directly only to the appointment of external valuers for real estate and real estate companies. However, the principles set out in the Circular will also be applied mutatis mutandis when appointing external valuers for other assets.

The BaFin consults on the procedures and requirements for the appointment and monitoring of external appraisers for investment assets. This includes details on the necessary registration, certification, and documentation for appraisers, as well as the processes for their rotation and termination. Additionally, BaFin outlines the need for periodic reporting by IFMs regarding the active appraisers and ensures compliance with statutory and administrative regulations.

The circular in the version dated 25 November 2024 applies for the first time to notifications for external evaluators received by BaFin from 1 January 2025. For the first notification of an external valuer (who is not yet known to BaFin and does not have a BaFin ID) for public and/or special funds, the "notification letter for the appointment of an external valuer" attached to the appendix and published on the website of the BaFin is to be used.

On 17 December 2024, the Federal Financial Supervisory Authority (BaFin) published guidance on requirements according to the Digital Operational Resilience Act (DORA).

DORA contains numerous requirements for the documentation of companies in the financial sector. BaFin has prepared a detailed overview of these requirements. The overview is not mandatory and does not constitute an interpretation of the law, but serves as a guide. Companies must apply DORA from 17 January 2025. It is intended to strengthen the European financial market against cyber risks and information and communication technology (ICT) incidents.

On 27 December 2024, the Federal Financial Supervisory Authority (BaFin) updated its page on European Market Infrastructure Regulation (EMIR).

As a result of the amendments to the EMIR REFIT, a distinction is now also made for financial counterparties as to whether the aggregated gross notional volume of the OTC derivatives transactions of the FCs and NFCs consolidated in the group are below or above the clearing threshold, resulting in the following notification obligations:

• According to Art. 4a EMIR, financial counterparties must inform BaFin and ESMA if they have exceeded the clearing threshold or if they do not carry out a calculation. If financial counterparties do not perform a calculation, or perform calculations and are above the clearing threshold, they will be required to clear for all OTC derivatives classes.
• According to Art. 10 EMIR, non-financial counterparties must inform BaFin and ESMA if they have exceeded the clearing threshold or if they do not carry out a calculation. Unless NFCs perform a calculation, they become subject to clearing for all OTC derivatives classes. If NFCs perform calculations and the clearing threshold is exceeded, they will only be subject to clearing in the derivatives class in which the clearing threshold has been exceeded. In addition, non-financial counterparties can deduct from the calculation OTC derivatives contracts that serve to reduce the economic risks of their business activities in an objectively measurable way.

If the calculation shows that the clearing threshold has not been exceeded, no notification to BaFin and ESMA is necessary. However, companies must check after one year that the clearing thresholds are not exceeded. However, notification is only required if this leads to a change of status (subject to clearing/not subject to clearing).

The parent company of a company exempt from the reporting obligation for intragroup transactions under Article 9 EMIR must notify BaFin on a weekly basis of the aggregated net positions by derivative category, provided that the parent company is domiciled in Germany and the conditions of Article 10 (1) subparagraph 2 EMIR (status as NFC+) are met for at least one group member. The information can be summarised for all relevant group companies (including the parent company).

On 19 December 2024, the Federal Financial Supervisory Authority (BaFin) published a Supervisory Notice on the introduction of eXtensible Business Reporting Language (XBRL) in the reporting of insurance companies and pension funds.

The BaFin is introducing XBRL as the new standard for quantitative reporting in national reporting. The change affects reports on reporting dates after 31 December 2024, meaning that companies will have to apply the new format for the first time for reporting from the 1st quarter of 2025 onwards.

With XBRL, BaFin standardizes reporting formats and the validation of reports. The changeover is an important step towards a modern reporting system and optimizes the digital reporting process. BaFin is calling on all companies to test the new reporting format to ensure a smooth start in 2025. A test taxonomy including documentation is available on the BaFin website.

On 18 December 2024, the Deutscher Bundestag adopted the Financial Market Digitization Act (Finanzmarktdigitalisierungsgesetz - FinmadiG).

The FinmadiG serves as the German implementation of several European rules, inter alia, Regulation (EU) 2023/1114 on Markets in Crypto-Assets (MiCA) and Regulation (EU) 2023/1113 on information accompanying transfers of funds and certain cryptoassets (FTR). Under the amendments introduced by the FinmadiG, the existing German regulatory framework for cryptoassets will transition to the European rules under MiCA. A central component of the FinmadiG is the introduction of the new Crypto Markets Supervision Act (Kryptomärkteaufsichtsgesetz —KMAG). 

The DORA (Regulation 2022/2554), which primarily applies directly in EU Member States, also necessitates minor adjustments in German laws. Key updates include:

• Inclusion of DORA guidelines in audit regulations for annual financial statements.
• Redefinition of the status of certain institutions under the KWG: Institutions that were not yet directly addressed by DORA (such as leasing companies or factoring companies) are treated as if they were ‘financial entities’, equating them to financial entities governed directly by DORA. 
• Simplified risk management requirements apply to smaller KWG-institutions, with exemptions from strict testing obligations like TLPT and the omission of specific IT third-party risk management rules.

The Law entered into force on 30 December 2024.

On 3 December 2024, the Federal Financial Supervisory Authority (BaFin) updated its page on the submission of prospectuses, supplements, investment information documents and securities information sheets in accordance with the Securities Prospectus Act  (Wertpapierprospektgesetz - WpPG) and German Capital Investment Act (Vermögensanlagengesetz – VermAnlG).

These documents must be prepared by issuers or providers as well as other authorized persons (e.g., lawyers) and can be submitted electronically to BaFin. For the electronic submission, BaFin provides the electronic specialist procedure "Prospectuses (EU-VO/WpPG/VermAnlG)" via the MVP Portal.

From 21 December 2024, issuers, offerors and, if applicable, originators and other authorised persons (e.g., lawyers) information pursuant to Art. 15 para. 4 of the European Securities and Exchange Commission Regulation can be provided electronically via the specialist procedure "Prospectuses (EU Regulation/WpPG/VermAnlG)".

The update of the page relates to Filing of an Annex IX document. This document contains the following sections:

• Information about the submitter,
• Information on the issuer/provider,
• Submission details,
• Information on the type of prospectus.

On 23 December 2024, the Federal Financial Supervisory Authority (BaFin) published information on suspicious transaction reports (STOR) pursuant to Art. 92 para.1 Markets in Crypto Assets Regulation (MiCA).

From 30 December 2024, persons who professionally broke or execute transactions in crypto-assets are obliged under Art. 92 para.1 MiCA to immediately report any reasonable suspicion regarding an order or transaction in crypto-assets to BaFin, if circumstances could exist that indicate that market abuse has been committed, is being committed or is likely to be committed. For these STORs, the EU-wide uniform form for suspicious transaction reports must be used.

On 3 December 2024, the BaFin published the Circular 10/2024 (GW) on third countries that have strategic deficiencies in their AML/CFT systems which pose material risks to the international financial system (high-risk jurisdictions).

The Circular is addressed to all obliged entities under the supervision of BaFin under the Money Laundering Act (Geldwäschegesetz – GwG) in the Federal Republic of Germany.

The FATF remains concerned about North Korea's failure to address the significant deficiencies in its AML/CFT system and the serious threats posed by North Korea's illicit activities related to the proliferation and financing of weapons of mass destruction. Obliged entities under the GwG should therefore remain vigilant and apply increased due diligence measures.

With regard to Iran, the FATF reaffirms in its Declaration of 25 October 2024 their call for countermeasures to be applied due to the increased risks of financing proliferation.

Since the FATF's statement of 21 October 2022, Myanmar has been classified as a country subject to a request by the FATF to its members and other countries to apply enhanced due diligence measures that are proportionate to the risks Tosed by this country. In this context, the FATF requires financial institutions to increase the scope and nature of the monitoring of the business relationship as part of the enhanced due diligence requirements to determine whether transactions or activities appear unusual or suspicious.

As part of the ongoing country reviews by the FATF and the FATF Regional Groups (FSRBs), individual countries continued to show deficits with regard to key FATF recommendations. Four countries have also been added to the list: Algeria, Angola, Ivory Coast and Lebanon. Senegal was removed from the list. Thus, the following 24 countries have been put under observation where progress is being made:

Algeria, Angola, Bulgaria, Burkina Faso, D.R. Congo, Ivory Coast, Haiti, Yemen, Cameroon, Kenya, Croatia, Lebanon, Mali, Monaco, Mozambique, Namibia, Nigeria, Philippines, South Africa, South Sudan, Syria, Tanzania, Venezuela and Vietnam.

Finally, the Circular refers to the legal consequences and measures taken by BaFin in relation to countries listed under jurisdictions with increased risk. It must be ensured that these additional measures are also taken by branches and subsidiaries of German institutions or insurance companies abroad.

On 17 December 2024, the Guernsey Financial Services Commission (GFSC) published the Regulated Investment Exchange Operator Rules and Guidance, 2024 (the “RIEO Rules”), made under the Protection of Investors (Bailiwick of Guernsey) Law, 2020 (the “POI Law”). 

These rules will come into operation on 31 January 2025. 

This follows the public consultation in respect of the RIEO Rules, which closed on 12 November 2024. The RIEO Rules will replace the current Investment Exchange Rules 1998 which will be revoked upon the RIEO Rules becoming operative on 31 January 2025.

The RIEO Rules will apply to any firm licensed under the POI Law to conduct the Restricted Activity of operating an investment exchange.  These rules aim to provide one consolidated and transparent point of reference for an operator of an investment exchange, incorporating relevant elements of the IEN Rules and other applicable rules made under the POI Law.

On 5 December 2024, the Guernsey Financial Services Commission (GFSC) published Commission Fees for 2025.

The Commission plans to increase licence fees paid by firms from 1 January 2025 by 5.3%.

On 11 September 2024, the Commission issued a consultation paper on the fee rates to apply from 1 January 2025 which contained the following proposals:

• an overall increase in fees of 5.3%;
• an increase in fees for Retail General Insurers to recognise the additional supervisory effort required to mitigate the risks, including reputational, they pose to the Bailiwick;
• the creation of a specific authorisation fee for an entity that is looking to apply to operate an Investment Exchange; and
• a rationalisation of the fee regulations.

The consultation ran for a period of four weeks and closed on 4 October 2024. The Commission’s response to the feedback received as part of the consultation is available on the GFSC Consultation Hub.

On 28 December 2024, the Italy published Legislative Decree No. 204 of 27 December 2024: Adaptation of national legislation to the provisions of Regulation (EU) 2023/1113 on information accompanying transfers of funds and certain crypto-assets and amending Directive (EU) 2015/849, and for the implementation of Directive (EU) 2015/849 on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing, as amended by Article 38 of that Regulation (EU) 2023/1113.

It involves amendments to existing legislation, specifically targeting the prevention of money laundering and terrorism financing, and includes measures for identifying individuals involved in crypto-asset transactions, obtaining additional information on the origin and destination of transferred crypto-assets, and enhanced monitoring of transactions involving self-hosted addresses.

The key elements include:

• -Existing provisions continue to apply to entities operating in compliance with the specified transitional period until the full implementation of the new regulations.
• Financial intermediaries, including those dealing in crypto-assets, have specific obligations to transmit data on cross-border transfers of payment instruments to the Italian Revenue Agency. 
• The decree includes measures for enhanced due diligence and monitoring of cross-border transactions involving crypto-assets, especially with third-country intermediaries. Also, financial intermediaries and service providers for crypto-assets must adopt risk-based measures to identify and verify the identities of parties involved in crypto-asset transactions, request additional information on the origin and destination of such assets, and continuously monitor transactions to mitigate risks of money laundering and terrorism financing.
• Non-compliance with the provisions specific to fund and crypto-asset transfers will incur administrative fines. However, detailed amounts and specific conditions for these fines are not provided in the content reviewed.

The competent authority identified is the Ministero dell'economia e delle finanze (Ministry of Economy and Finance).

The decree came into effect on 30 December 2024.

On 30 December 2024, the Banca d'Italia published the EBA Guidelines on information requirements relating to transfers of funds and certain cryptoassets under Regulation (EU) 2023/1113 (Guidelines on the so-called "Strategic Assessment- Travel rule".

The European Banking Authority (EBA) published its final Guidelines on the so-called ‘travel rule’, i.e. the information that should accompany transfers of funds and certain crypto assets. This rule will help tackle the abuse of such transfers for money laundering and terrorist financing purposes.

Regulation (EU) 2023/1113 on information accompanying transfers of funds and certain crypto-assets was published on 9 June 2023. It recasts Regulation (EU) 2015/847 and extends its scope to the transfer of certain crypto-assets. Its main objective is to make the abuse of funds and certain crypto-asset transfers for terrorist financing and other financial crime purposes more difficult, and to enable relevant authorities to fully trace such transfers where this is necessary to prevent, detect or investigate money laundering and terrorism financing (ML/TF). 

Regulation (EU) 2023/1113 does not set out in detail what payment service providers (PSPs), intermediary PSPs (IPSPs), crypto-asset service providers (CASPs), and intermediary CASPs (ICASPs) should do in order to comply with it. Instead, it mandates the European Banking Authority (EBA) to issue guidelines to PSPs, IPSPs, CASPs, and ICASPs on the steps they should take to detect missing or incomplete information that accompanies a transfer of funds or crypto-assets, and the procedures they should put in place to manage a transfer of funds or a transfer of crypto-assets lacking the required information. 

The EBA delivers the mandates by repealing the 2017 Joint European Supervisory Authorities (ESAs) Guidelines under Article 25 of Regulation (EU) 2015/847 on the measures payment service providers should take to detect missing or incomplete information on the payer or the payee, and the procedures they should put in place to manage a transfer of funds lacking the required information. The risk-based approach put in place by the ESAs at the time sets clear regulatory and supervisory expectations while leaving sufficient room for PSPs, IPSPs, and now CASPs and ICASPs, to define their approach in a way that is proportionate to the nature and size of their business, and commensurate with the ML/TF risk to which they are exposed. It therefore remains relevant and has been maintained in the final report. 

Competent authorities will refer to these Guidelines when assessing whether the procedures PSPs, IPSPs, CASPs and ICASPs have put in place to comply with Regulation (EU) 2023/1113, are adequate and effective.

The Guidelines will apply from 30 December 2024.

On 13 December 2024, the Commissione Nazionale per le Società e la Borsa (CONSOB) published amendments to secondary legislation implementing Legislative Decree no. 125 of 6 September 2024 transposing Directive 2022/2464/EU of the European Parliament and of the Council on corporate sustainability reporting into national law.

As is well known, Directive 2014/95/EU1 (disclosure of non-financial and diversity information NFRD), had introduced a first European regulation on so-called "non-financial" reporting, through the insertion of two new articles, 19-bis and 29-bis, in Directive 2013/34/EU (the so-called Accounting Directive ). 

In particular, these provisions had provided for the obligation for companies falling into the category of so-called "significant public-interest entities"  to publish, together with the management report or in a separate report, an individual non-financial statement ("NFS") and, in the event that they were parent companies of a large group with at least 500 employees.

That said, in line with the Action Plan on Financing Sustainable Growth approved on 8 March 20188 and the commitment made in the Green Deal Communication of 11 December 20199 , the European Commission ("EC") has promoted the revision of the non-financial reporting framework introduced by the NFRD, through the publication in April 2021 of the proposal for a directive on Corporate Sustainability Reporting (so-called Corporate Sustainability Reporting).

The CSRD has significantly innovated multiple aspects of the previous discipline on non-financial reporting, increasing the level of harmonization of the rules and addressing the most critical issues that emerged in the first years of application of the NFRD, according to the following guidelines: 

a) a significant extension of the subjective scope of application of the discipline which, in addition to expanding the number of European companies included in this area on the basis of two distinct criteria relating, respectively, to exceeding the size requirements of the large company provided for by the Accounting Directive and to the trading of transferable securities on EU regulated markets (with the exception of the so-called micro-enterprises) , also adds non-European companies on the basis of the importance of their operations in the Member States;

b) a strengthening of reporting obligations, through the provision of disclosure duties characterized by a greater degree of granularity and a clearer affirmation of the principle of double materiality; 

c) the mandatory inclusion of sustainability reporting in the management report15 , overcoming the option of a separate location provided for in the previous regime, e the digitization of the same with a view to greater comparability; 

d) the provision of mandatory European reporting standards ("ESRS") for companies in scope, adopted by delegated act by the European Commission, with the aim of overcoming some of the main critical issues of the previous regime, i.e. the absence of standardisation and comparability of non-financial statements; 

e) the provision at European level (overcoming the previous optionality left to the Member States) of the obligation to submit sustainability reporting to the assurance of a third party with respect to the corporate structure, in order to certify the compliance of the reporting with the reference legislation and European reporting standards, according to a limited assurance assignment and, in perspective, reasonable assurance;

f) the extension to this assurance activity, where carried out by the auditors, of numerous requirements provided for the statutory audit by Directive 2006/43/EC (the so-called Audit Directive). 

As mentioned, the new rules will also apply to SMEs with transferable securities traded on regulated markets ("listed SMEs"). In order to take into account the specificities of this type of company, the European legislator has however introduced some specific provisions inspired by the principle of proportionality, including: 

• the adoption of specific simplified reporting standards; 
• the deferred application of reporting obligationsstarting from the financial year 2026 (phase-in), with first publication therefore in 2027; 
• the option for listed SMEs not to publish sustainability reporting for a further two years (and therefore up to and including the financial year 2028), provided that they briefly indicate in the management report the reasons for this choice.

In order to fully transpose the Directive into national law according to the principles and criteria of delegation indicated in Article 13 of Law No. 15 of 21 February 202420 , the Government approved Legislative Decree No. 125 of 6 September 2024 (hereinafter, the "Decree"), published in the Official Gazette of the Italian Republic on 10 September 2024. In particular, the Decree: 

a) lays down the substantive rules on sustainability, sustainability and assurance reporting obligations; 

b) introduces some necessary coordination changes to the TUF23;

c) extend CONSOB's supervisory powers and functions only to sustainability reports published by issuers of transferable securities traded on regulated markets;

d) makes significant amendments to Legislative Decree no. 39 of 27 January 2010;

e) reaffirms, with wording similar to that used by art. 3, paragraph 7, of Legislative Decree no. 254/2016, the role and responsibilities of the corporate bodies with respect to the correct fulfilment of the sustainability reporting obligations provided for by the legislative decree (cf. Article 10, paragraph 1); 

f) regulates in Article 18 a complex transitional regime for the phase of first application of the new legislation30. In particular, it is worth mentioning the provision according to which the assignments of certification on NFS already conferred by companies in compliance with the previous regime may reach their natural expiry and also have as their object the sustainability reporting governed by the new regime (cf. Article 18, paragraph 1) and the temporary favourable sanctioning regime provided for the first two years of application of the discipline.

As described in the previous paragraph, the Decree lays down precise rules on sustainability reporting obligations, significantly innovating the national regulatory framework in force prior to the non-financial statement. Nevertheless, the Decree also grants CONSOB some regulatory powers in relation to specific aspects of the discipline, albeit of a more limited scope than the regulatory delegations provided for in the previous context, in light of the high level of detail of the primary discipline and the CSRD's provision of mandatory reporting and assurance standards.

On 20 December 2024, the Commissione Nazionale per le Società e la Borsa (CONSOB) published Attention call no. 2/24 on climate disclosures provided in the financial statements.

That said, without prejudice to compliance with the provisions of international accounting standards, this document draws the attention of issuers to certain key elements which, in the light of the monitoring activity conducted and the operational approaches detected in the supervisory activities, are considered to be worthy of careful consideration also taking into account the entry into force of the disclosure obligations on sustainability reporting governed by the decree no. 125/2024. The elements referred to here do not exhaust the profiles worthy of attention which, given the complexity and evolution of the matter, may emerge in the continuation of the supervisory action.

Attention points for financial reporting:

• Making it easier for investors to identify climate-related information
• Promoting consistency between financial and sustainability reporting
• Provide clear information on the considerations made regarding the impacts of climate factors

This Warning does not introduce new information obligations but underlines provisions already in force. This is in order to promote the transparency of the information provided, ensure its compliance with international accounting standards and discourage greenwashing.

On 2 December 2024, the Commissione Nazionale per le Società e la Borsa (CONSOB) published a Notice on the EBA Guidelines on STS criteria for on-balance-sheet securitisations.

By notice of 20 November 2024, CONSOB notified the EBA that it complies with the Guidelines issued by the same on STS criteria for on-balance-sheet securitisations and that they amend the EBE/GL/2018/08 and EBA/GL/2018/09 guidelines on STS criteria for ABCP and non-ABCP securitisations, as they are integrated into its supervisory practices.

They specify how the requirements of simplicity, standardisation and transparency as well as the requirements relating to the credit protection agreement, the third-party verifier and the synthetic positive margin, as set out in Articles 26-ter to 26-sexies of that Regulation, apply to on-balance-sheet securitisation in order for such securitisation to be considered STS.

In addition, those guidelines amend the EBA/GL/2018/08 and EBA/GL/2018/09 guidelines on STS criteria for ABCP and non-ABCP securitisations, issued pursuant to Articles 19 and 23 of Regulation (EU) 2017/2402 (Securitisation Regulation), published in 2018 and applicable from 15 May 2019.

The Guidelines are addressed to originators, original lenders, securitisation special purpose vehicles (SSPEs), investors, competent authorities and third-party verification agents who verify STS compliance pursuant to Article 28 of Regulation (EU) 2017/2402 across the EU.

The Guidelines apply from 9 December 2024.

On 17 December 2024, the Commission de Surveillance du secteur financier (CSSF) made available the UCI forms for the notification of errors and instances of non-compliance under Circular CSSF 24/856.

The new Circular CSSF 24/856, which focuses on investor protection in the event of an NAV calculation error, non-compliance with investment rules, and other errors at UCI level, becomes effective on 1 January 2025, repealing Circular CSSF 02/77. This circular introduces a new category of errors and updates the current notification forms, also providing a secure transmission channel via the eDesk platform or automated API (S3 protocol) submission.

The implementation will follow a two-stage approach. The first stage makes the new notification forms available in the eDesk PREPROD platform starting today, allowing UCIs, IFMs, and UCI administrators to familiarize themselves with these forms. It is important to note that the eDesk PREPROD platform does not replace the PRODUCTION platform, and submissions through the PREPROD platform are not considered official. Errors or non-compliances detected by 31 December 2024 must be reported using the current forms under Circular CSSF 02/77.

The second stage begins on 1 January 2025, when the notification forms will be available in the eDesk PRODUCTION platform, and errors after this date must be reported through the new channels. The CSSF will publish a user guide detailing the production procedure. The CSSF also acknowledges potential delays during the first three months of implementation as industry participants adjust to the new process.

Version française

Le 17 décembre 2024, la Commission de Surveillance du secteur financier (CSSF) a mis à disposition les formulaires OPC de notification des erreurs et des non-conformités au titre de la circulaire CSSF 24/856.

La nouvelle circulaire CSSF 24/856, axée sur la protection des investisseurs en cas d'erreur de calcul de la VNI, de non-respect des règles d'investissement et d'autres erreurs au niveau des OPC, entre en vigueur le 1er janvier 2025, abrogeant la circulaire CSSF 02/77. Cette circulaire introduit une nouvelle catégorie d'erreurs et met à jour les formulaires de notification actuels, en fournissant également un canal de transmission sécurisé via la plateforme eDesk ou la soumission automatisée d'API (protocole S3).

La mise en œuvre suivra une approche en deux étapes. La première étape rend les nouveaux formulaires de notification disponibles dans la plateforme eDesk PREPROD dès aujourd'hui, permettant aux OPC, IFM et administrateurs d'UCI de se familiariser avec ces formulaires. Il est important de noter que la plateforme eDesk PREPROD ne remplace pas la plateforme PRODUCTION et que les soumissions via la plateforme PREPROD ne sont pas considérées comme officielles. Les erreurs ou non-conformités constatées au 31 décembre 2024 doivent être déclarées au moyen des formulaires en vigueur dans la circulaire CSSF 02/77.

La deuxième étape commence le 1er janvier 2025, lorsque les formulaires de notification seront disponibles sur la plateforme eDesk PRODUCTION, et les erreurs après cette date devront être signalées via les nouveaux canaux. La CSSF publiera un guide d'utilisation détaillant la procédure de production. La CSSF reconnaît également des retards potentiels au cours des trois premiers mois de mise en œuvre, à mesure que les acteurs du secteur s’adaptent au nouveau processus.

On 9 December 2024, the Commission de Surveillance du secteur financier (CSSF) published a press release on the 2024 Questionnnaire on Financial Crime.

The press release from the CSSF details the launch of the 2024 AML/CFT questionnaire for financial crime, which will commence on 24 February 2025. The deadline for final submission of responses through the CSSF eDesk platform is 4 April 2025. 

This questionnaire aims to gather standardized key information about the risks of money laundering and terrorism financing to which supervised professionals are exposed and the measures implemented to mitigate these risks. The 2024 questionnaire remains largely unchanged from the previous year, with only a few questions added, removed, or amended. 

The manual input of responses is possible, but entities can also utilize an API solution introduced in 2024, which allows the pre-filling of the questionnaire using a structured exchange file in json format transmitted via the S3 protocol. The ultimate responsibility for completing the questionnaire lies with the compliance officer or the person responsible for compliance, who must have a LuxTrust authentication. The CSSF has invited all supervised entities to ensure they have an eDesk account to avoid connection issues. Further details on API usage and authentication are available in the user guides provided by the CSSF.

Version française

Le 9 décembre 2024, la Commission de Surveillance du secteur financier (CSSF) a publié un communiqué de presse relatif au Questionnaire 2024 sur la criminalité financière.

Le communiqué de presse de la CSSF détaille le lancement du questionnaire LBC/FT 2024 sur la criminalité financière, qui débutera le 24 février 2025. La date limite de soumission finale des réponses via la plateforme eDesk de la CSSF est le 4 avril 2025. 

Ce questionnaire vise à recueillir des informations clés standardisées sur les risques de blanchiment d’argent et de financement du terrorisme auxquels sont exposés les professionnels surveillés et les mesures mises en œuvre pour atténuer ces risques. Le questionnaire 2024 reste largement inchangé par rapport à l'année précédente, avec seulement quelques questions ajoutées, supprimées ou modifiées.

La saisie manuelle des réponses est possible, mais les entités peuvent également utiliser une solution API introduite en 2024, qui permet le pré-remplissage du questionnaire à l'aide d'un fichier d'échange structuré au format json transmis via le protocole S3. La responsabilité ultime de remplir le questionnaire incombe au responsable de la conformité ou à la personne responsable de la conformité, qui doit disposer d'une authentification LuxTrust. La CSSF a invité toutes les entités surveillées à s'assurer qu'elles disposent d'un compte eDesk pour éviter les problèmes de connexion. De plus amples détails sur l’utilisation et l’authentification de l’API sont disponibles dans les guides d’utilisation fournis par la CSSF.

On 18 December 2024, the Commission de Surveillance du secteur financier (CSSF) published a feedback report on the self-assessment questionnaire, separate report and management letter for funds.

The CSSF Feedback Report primarily centers on improving the compliance and performance of UCIs by noting various observations and providing recommendations. The report emphasizes the responsibility of UCIs and their investment fund managers to benchmark against the observations made and take corrective measures where necessary.

Key observations include issues related to the organization and oversight of the fund, investment compliance, and valuation policies. The CSSF also highlighted deficiencies in disclosures, notably in areas like performance fees, securities financing transactions, and ESG disclosures. Additionally, there was an emphasis on the importance of ensuring all necessary documentation for fair valuation of assets is available before and during the investment period. Instances of high costs and fees in comparison to market standards were observed, with suggestions for renegotiating contracts or taking other corrective actions promptly. 

The overarching goal of the report is to ensure a high level of regulatory compliance and efficient management in the best interest of investors.

Version française

Le 18 décembre 2024, la Commission de Surveillance du secteur financier (CSSF) a publié un rapport de retour d'expérience sur le questionnaire d'auto-évaluation, un rapport séparé et une lettre de gestion des fonds.

Le rapport d’évaluation de la CSSF se concentre principalement sur l’amélioration de la conformité et des performances des OPC en notant diverses observations et en fournissant des recommandations. Le rapport souligne la responsabilité des OPC et de leurs gestionnaires de fonds d'investissement de se comparer aux observations formulées et de prendre des mesures correctives si nécessaire.

Les principales observations comprennent des questions liées à l'organisation et à la surveillance du fonds, à la conformité des investissements et aux politiques d'évaluation. La CSSF a également souligné des lacunes dans les informations fournies, notamment dans des domaines tels que les commissions de performance, les opérations de financement sur titres et les informations ESG. En outre, l'accent a été mis sur l'importance de garantir que tous les documents nécessaires à la juste évaluation des actifs soient disponibles avant et pendant la période d'investissement. Des cas de coûts et de frais élevés par rapport aux normes du marché ont été observés, avec des suggestions de renégociation des contrats ou de prise rapide d'autres mesures correctives. 

L'objectif primordial du rapport est d'assurer un haut niveau de conformité réglementaire et une gestion efficace dans le meilleur intérêt des investisseurs.

On 13 December 2024, the Commission de Surveillance du secteur financier (CSSF) published an FAQ on AML/CFT asset due diligence obligations in accordance with CSSF Regulation No 12-02.

The FAQ on AML/CFT asset due diligence provides clarifications on the obligations for professionals under CSSF Regulation No 12-02, focusing on money laundering (ML) and terrorist financing (TF) risk assessment and due diligence measures.

The document emphasizes the responsibility of professionals to carry out risk assessments and apply appropriate measures. It clarifies that securities admitted to trading on regulated markets are less exposed to ML/TF risks, requiring professionals to demonstrate their admission to such markets. For assets not traded on regulated markets, due diligence should be conducted when changes increase ML/TF risks, with initial risk assessments guiding the extent of due diligence. Annual risk assessment renewal is not mandatory if no relevant changes occur.

Version française

Le 13 décembre 2024, la Commission de Surveillance du secteur financier (CSSF) a publié une FAQ sur les obligations de diligence raisonnable en matière d'actifs en matière de LBC/FT conformément au règlement CSSF n° 12-02.

La FAQ sur la diligence raisonnable en matière d’actifs en matière de LBC/FT apporte des précisions sur les obligations des professionnels en vertu du règlement CSSF n° 12-02, en se concentrant sur l’évaluation des risques et les mesures de diligence raisonnable en matière de blanchiment d’argent (BC) et de financement du terrorisme (FT).

Le document souligne la responsabilité des professionnels de procéder à des évaluations des risques et d'appliquer les mesures appropriées. Elle précise que les titres admis aux négociations sur les marchés réglementés sont moins exposés aux risques de BC/FT, obligeant les professionnels à démontrer leur admission sur ces marchés. Pour les actifs non négociés sur des marchés réglementés, une diligence raisonnable doit être effectuée lorsque les changements augmentent les risques de BC/FT, des évaluations initiales des risques guidant l'étendue de la diligence raisonnable. Le renouvellement annuel de l’évaluation des risques n’est pas obligatoire si aucun changement pertinent ne se produit.

On 20 December 2024, the Chambre des députés - Luxembourg adopted draft Bill 7961 on the RCS and UBO registry at first constitutional vote.

This draft bill aims to amend regulations for the Register of Commerce and Companies (RCS) and the Register of Beneficial Owners (RBE). It updates the Law of 19 December 2002 concerning the RCS, adapting it to current practices and enhancing the quality of registered information. The bill also equips RCS managers with new tools to ensure entities comply with registration and filing obligations and maintains up-to-date and accurate data.

For the RCS, the bill proposes cross-referencing data with other national registers for consistency, automating updates, and actively monitoring registered information. It includes measures to remind entities of their legal obligations and enforce compliance through administrative actions if necessary.

Similar changes are proposed for the RBE, focusing on technical improvements, database access, and interconnecting RBE and RCS databases. This aims to simplify administrative procedures and ensure effective data control, essential for combating money laundering and terrorism financing. The bill also introduces a new secure electronic platform to optimize information flow between RBE managers and users.

Overall, the bill provides both RCS and RBE managers with necessary measures to enforce timely and accurate maintenance of registered information.

Version française

Le 20 décembre 2024, la Chambre des députés - Luxembourg a adopté lors d'un premier vote constitutionnel le projet de loi n° 7961 relatif au registre RCS et UBO.

Cet avant-projet de loi vise à modifier les règlements du Registre du commerce et des sociétés (RCS) et du Registre des ayants droit économiques (RBE). Elle actualise la loi du 19 décembre 2002 relative au RCS, l'adapte aux pratiques actuelles et améliore la qualité des informations enregistrées. Le projet de loi dote également les gestionnaires du RCS de nouveaux outils pour garantir que les entités se conforment aux obligations d'enregistrement et de dépôt et maintiennent des données à jour et exactes.

Pour le RCS, le projet de loi propose de croiser les données avec d'autres registres nationaux pour des raisons de cohérence, d'automatiser les mises à jour et de surveiller activement les informations enregistrées. Il comprend des mesures visant à rappeler aux entités leurs obligations légales et à faire respecter le respect par des mesures administratives si nécessaire.

Des changements similaires sont proposés pour le RBE, se concentrant sur les améliorations techniques, l’accès aux bases de données et l’interconnexion des bases de données RBE et RCS. Celui-ci vise à simplifier les procédures administratives et à garantir un contrôle efficace des données, indispensable à la lutte contre le blanchiment d'argent et le financement du terrorisme. Le projet de loi introduit également une nouvelle plateforme électronique sécurisée pour optimiser le flux d'informations entre les gestionnaires de RBE et les utilisateurs.

Dans l'ensemble, le projet de loi fournit aux gestionnaires du RCS et du RBE les mesures nécessaires pour assurer une maintenance rapide et précise des informations enregistrées.

On 27 December 2024, Luxembourg published the Laws of the 20 December 2024 on certain implementing rules and penalties under the transposition of the AI Act.

The legal texts pertain to the law enacted on 20 December 2024, which outlines various measures and sanctions related to the implementation of Regulation (EU) No 2019/881, also known as the Cybersecurity Act. This regulation involves the European Union Agency for Cybersecurity (ENISA) and the cybersecurity certification framework for ICT products, services, and processes. 

The Grand Duchy of Luxembourg specifies the ILNAS as the national authority responsible for cybersecurity certification, as stipulated in the regulation. The law details the penalties for non-compliance, including fines ranging from 251 to 500,000 euros and imprisonment for up to five years. These penalties apply to holders of EU cybersecurity certificates and issuers of EU conformity declarations that fail to provide necessary information to ILNAS or hinder its investigations. 

The law also mandates certain operational standards for conformity assessment bodies, including the timely reporting of vulnerabilities and irregularities. Furthermore, modifications are made to the law reorganized on 4 July 2014 related to ILNAS, emphasizing the replacement of certain departmental terms and expanding the rights and investigative powers of officers related to the enforcement of this law.

Version française

Le 27 décembre 2024, le Luxembourg a publié les lois du 20 décembre 2024 portant certaines règles d'application et sanctions dans le cadre de la transposition de la loi IA.

Les textes juridiques concernent la loi promulguée le 20 décembre 2024, qui prévoit diverses mesures et sanctions liées à la mise en œuvre du règlement (UE) n° 2019/881, également appelé loi sur la cybersécurité. Ce règlement implique l'Agence de l'Union européenne pour la cybersécurité (ENISA) et le cadre de certification de cybersécurité pour les produits, services et processus TIC. 

Le Grand-Duché de Luxembourg désigne l'ILNAS comme l'autorité nationale chargée de la certification de cybersécurité, comme le prévoit le règlement. La loi détaille les sanctions en cas de non-respect, notamment des amendes allant de 251 à 500 000 euros et une peine d'emprisonnement pouvant aller jusqu'à cinq ans. Ces sanctions s'appliquent aux titulaires de certificats UE de cybersécurité et aux émetteurs de déclarations UE de conformité qui ne fournissent pas les informations nécessaires à l'ILNAS ou entravent ses enquêtes. 

La loi impose également certaines normes opérationnelles aux organismes d'évaluation de la conformité, notamment le signalement en temps opportun des vulnérabilités et des irrégularités. Par ailleurs, des modifications sont apportées à la loi réorganisée le 4 juillet 2014 relative à l'ILNAS, mettant l'accent sur le remplacement de certains termes départementaux et élargissant les droits et pouvoirs d'enquête des agents liés à l'application de cette loi.

On 4 December 2024, the National Commission for Data Protection (CNPD) announced its designation as the competent authority under the AI Act.

On 29 November 2024, the government approved a draft law to carry out key provisions of the EU regulation, which aims to establish harmonized rules for artificial intelligence across the EU. 

The CNPD will assume multiple roles, including acting as the single point of contact and coordinating national authorities, supervising the market for certain AI systems, and ensuring the protection of fundamental rights alongside other agencies such as ALIA and ITM. Additionally, the CNPD is required to set up a regulatory sandbox as part of the European regulation. 

The AI Act promotes reliable, human-centric AI, facilitates the free movement of AI systems within the EU, and seeks to maintain high standards of health, safety, and fundamental rights while also encouraging innovation and employment to establish the EU as a leader in AI.

Version française

Le 4 décembre 2024, la Commission nationale pour la protection des données (CNPD) a annoncé sa désignation comme autorité compétente au titre de la loi IA.

Le 29 novembre 2024, le gouvernement a approuvé un projet de loi visant à mettre en œuvre les dispositions clés du règlement de l'UE, qui vise à établir des règles harmonisées en matière d'intelligence artificielle dans l'ensemble de l'UE. 

La CNPD assumera de multiples rôles, notamment celui d'agir en tant que point de contact unique et de coordination des autorités nationales, de superviser le marché de certains systèmes d'IA et d'assurer la protection des droits fondamentaux aux côtés d'autres agences telles que l'ALIA et l'ITM. Par ailleurs, la CNPD est tenue de mettre en place un bac à sable réglementaire dans le cadre de la réglementation européenne. 

La loi sur l’IA promeut une IA fiable et centrée sur l’humain, facilite la libre circulation des systèmes d’IA au sein de l’UE et vise à maintenir des normes élevées en matière de santé, de sécurité et de droits fondamentaux tout en encourageant l’innovation et l’emploi pour faire de l’UE un leader dans le domaine de l'IA.

On 27 December 2024, Luxembourg published Law of 20 December 2024 on dematerialized securities, the financial sector, and the establishment of a financial sector oversight commission in Luxembourg. 

Specifically, it introduces new roles for a control agent who can issue certificates for dematerialized securities, convert registered securities, and maintain security accounts. The law details modifications across several articles of the original law dated 6 April 2013, including the addition of responsibilities for control agents and specifying secure electronic recording systems for maintaining securities. 

Additionally, a new governance structure is mandated for control agents to ensure risk management and internal controls. Compliance with these new provisions will be overseen by the CSSF, as stated in the amendments to the law from 23 December 1998.

Version française

Le 27 décembre 2024, le Luxembourg a publié la loi du 20 décembre 2024 relative aux titres dématérialisés, au secteur financier et à la création d'une commission de surveillance du secteur financier au Luxembourg. 

Plus précisément, il introduit de nouveaux rôles pour un agent de contrôle qui peut émettre des certificats pour des titres dématérialisés, convertir des titres nominatifs et tenir des comptes de titres. La loi détaille les modifications apportées à plusieurs articles de la loi originale du 6 avril 2013, notamment l'ajout de responsabilités pour les agents de contrôle et la spécification de systèmes d'enregistrement électronique sécurisés pour la conservation des titres. 

De plus, une nouvelle structure de gouvernance est mandatée pour les agents de contrôle afin d'assurer la gestion des risques et les contrôles internes. Le respect de ces nouvelles dispositions sera contrôlé par la CSSF, comme le prévoient les modifications législatives du 23 décembre 1998.

On 19 December 2024, the Commission de Surveillance du secteur financier (CSSF) updated the FAQ concerning the Luxembourg Law of 17 December 2010 to provide clarifications regarding portfolio transparency for actively managed ETFs.

It highlights the need for frequent portfolio information for market makers (MMs) and authorized participants (APs) to ensure efficient arbitrage and an active secondary market. IFMs must publish detailed portfolio holdings for ETFs but may do so less frequently to protect proprietary information and prevent strategy replication. 

The updated FAQ clarifies the different transparency requirements in these ETFs.

Version française

Le 19 décembre 2024, la Commission de Surveillance du secteur financier (CSSF) a mis à jour la FAQ concernant la loi luxembourgeoise du 17 décembre 2010 afin d'apporter des précisions concernant la transparence du portefeuille des ETF gérés activement.

Il souligne la nécessité d'informations fréquentes sur le portefeuille pour les teneurs de marché (MM) et les participants autorisés (AP) afin de garantir un arbitrage efficace et un marché secondaire actif. Les GFI doivent publier des titres de portefeuille détaillés pour les ETF, mais peuvent le faire moins fréquemment pour protéger les informations exclusives et empêcher la réplication de la stratégie. 

La FAQ mise à jour clarifie les différentes exigences de transparence de ces ETF.

On 24 December 2024, the Commission de Surveillance du secteur financier (CSSF) published an FAQ on the Circular CSSF 24/856 concerning the protection of investors in case of an NAV calculation error.

The circular applies from 1 January 2025 and covers significant NAV calculation errors, internal controls, corrective measures, and notification procedures to the CSSF.

Key points include:

• UCIs must notify the CSSF in case of significant NAV calculation errors, including the source of the error and corrective measures.
• If the UCI's internal tolerance threshold for NAV errors is lower than the one specified in Circular 24/856, the UCI must adhere to the lower threshold for notifications.
• Closed-ended UCIs, unless specified otherwise, are not required to submit notifications for NAV calculation errors if they fall outside the scope of Chapter 4 of the circular.
• Requirements are specified for the use of "de minimis" amounts for compensating impacted investors.
• Specific sections address the correction methods for underpayment errors and the conditions under which management fees can be retroactively corrected.

Version française

Le 24 décembre 2024, la Commission de Surveillance du secteur financier (CSSF) a publié une FAQ sur la circulaire CSSF 24/856 concernant la protection des investisseurs en cas d'erreur de calcul de la VNI.

La circulaire s’applique à compter du 1er janvier 2025 et couvre les erreurs significatives de calcul de la VNI, les contrôles internes, les mesures correctives et les procédures de notification à la CSSF.

Les points clés comprennent :

• les OPC doivent informer la CSSF en cas d'erreurs significatives dans le calcul de la VNI, incluant la source de l'erreur et les mesures correctives.
• si le seuil de tolérance interne de l'OPC pour les erreurs de VNI est inférieur à celui précisé dans la circulaire 24/856, l'OPC doit respecter le seuil inférieur de notification.
• les OPC de type fermé, sauf indication contraire, ne sont pas tenus de notifier les erreurs de calcul de la VNI si celles-ci ne relèvent pas du champ d'application du chapitre 4 de la circulaire.
• des exigences sont spécifiées pour l'utilisation de montants « de minimis » pour indemniser les investisseurs concernés.
• des sections spécifiques abordent les modalités de correction des erreurs de sous-paiement et les conditions dans lesquelles les frais de gestion peuvent être corrigés rétroactivement.

On 31 December 2024, the Commission de Surveillance du secteur financier (CSSF) published a practical guide for UCI notifications.

The User Guide for UCI Notifications provides practical and technical information on UCI notifications in accordance with Circular CSSF 24/856. The guide is designed to help applicants understand the scope of UCI notifications, the types of notifications required, and the specific procedures for submitting them to the CSSF. Notifications must be sent via the specific notification form provided by the CSSF, available through the eDesk/S3 platforms. The document is divided into two main parts:

• General information about the scope of UCI notifications, including the objectives of the document, types of notifications (e.g., NAV calculation errors, non-compliance with investment rules, incorrect application of swing pricing, non-compliant payment of costs/fees, incorrect application of cut-off rules, and investment allocation errors), and the funds covered by these notifications (UCITS, UCIs Part II, SIFs, SICARs).
• Technical details regarding the submission of notifications, including authentication on the eDesk platform, the process for creating and submitting notifications, downloading forms, and handling special audit reports. Notifications can be submitted via the S3 system using a structured exchange file or through an online form on the eDesk platform. The guide also includes annexes with synopses of the information to be transmitted for various types of errors and non-compliance issues.

The guide emphasizes the importance of providing accurate and complete information to ensure regulatory compliance and efficient processing by the CSSF.

Version française

Le 31 décembre 2024, la Commission de Surveillance du secteur financier (CSSF) a publié un guide pratique pour les notifications d'UCI.

Le Guide d'utilisation des notifications OPC fournit des informations pratiques et techniques sur les notifications OPC conformément à la circulaire CSSF 24/856. Le guide est conçu pour aider les candidats à comprendre la portée des notifications OPC, les types de notifications requises et les procédures spécifiques pour les soumettre à la CSSF. Les notifications doivent être envoyées via le formulaire de notification spécifique fourni par la CSSF, disponible via les plateformes eDesk/S3. Le document est divisé en deux parties principales :

• informations générales sur la portée des notifications OPC, y compris les objectifs du document, les types de notifications (par exemple, erreurs de calcul de la VNI, non-respect des règles d'investissement, application incorrecte du swing pricing, paiement non conforme des frais/frais, application des règles de cut-off et erreurs d'allocation des investissements), ainsi que les fonds couverts par ces notifications (OPCVM, OPC Partie II, FIS, SICAR).
• détails techniques concernant la soumission des notifications, y compris l'authentification sur la plateforme eDesk, le processus de création et de soumission des notifications, le téléchargement des formulaires et le traitement des rapports d'audit spéciaux. Les notifications peuvent être soumises via le système S3 à l'aide d'un fichier d'échange structuré ou via un formulaire en ligne sur la plateforme eDesk. Le guide comprend également des annexes récapitulant les informations à transmettre pour différents types d'erreurs et de non-conformités.

Le guide souligne l’importance de fournir des informations précises et complètes pour garantir la conformité réglementaire et l’efficacité du traitement par la CSSF.

On 11 December 2024, the Banque Centrale du Luxembourg (CBL) published Circular BCL 2024/245 modifing the statistical data collection from investment funds (starting from the reference period of December 2025).

Issued by the BCL and the CSSF, it outlines updates to the reporting requirements for MMFs and non-MMF investment funds. 

Effective from 1 December 2025, the Circular aims to comply with ECB regulations while minimizing the reporting burden on agents, ensuring consistent data collection for supervisory purposes, and addressing financial stability and prudential supervision needs.

The modifications introduce new versions of existing reports and additional reports, including monthly and quarterly balance sheet reporting for investment funds, alongside monthly security-by-security reporting and annual reporting on marketing countries. Specific reports include, but are not limited to, S 1.3 for monthly statistical balance sheets, S 2.13 for quarterly statistical balance sheets, and S 4.4 for annual data on marketing countries. Notably, non-UCITS investment funds with less frequent asset valuation have distinct reporting requirements.

The Circular emphasizes the quality of transmitted data, urging reporting agents to comply with detailed verification rules. It also highlights the confidentiality of collected data, which, under certain conditions, may be shared with other regulatory bodies like the CSSF and STATEC. Additionally, the circular repeals previous guidelines, consolidating the regulatory framework to meet the ECB's standards.

Version française

Le 11 décembre 2024, la Banque Centrale du Luxembourg (CBL) a publié la circulaire BCL 2024/245 modifiant la collecte des données statistiques auprès des fonds d'investissement (à compter de la période de référence de décembre 2025).

Publié par la BCL et la CSSF, il présente les mises à jour des exigences de reporting pour les fonds monétaires et les fonds d'investissement non monétaires. 

Entrée en vigueur le 1er décembre 2025, la Circulaire vise à se conformer aux réglementations de la BCE tout en minimisant la charge de déclaration des agents, en garantissant une collecte cohérente de données à des fins de surveillance et en répondant aux besoins de stabilité financière et de surveillance prudentielle.

Les modifications introduisent de nouvelles versions des rapports existants et des rapports supplémentaires, notamment des rapports de bilan mensuels et trimestriels pour les fonds d'investissement, ainsi que des rapports mensuels titre par titre et des rapports annuels sur les pays de commercialisation. Les rapports spécifiques incluent, sans s'y limiter, S 1.3 pour les bilans statistiques mensuels, S 2.13 pour les bilans statistiques trimestriels et S 4.4 pour les données annuelles sur les pays de commercialisation. En particulier, les fonds d'investissement non OPCVM dont les actifs sont valorisés moins fréquemment ont des exigences de déclaration distinctes.

La circulaire met l'accent sur la qualité des données transmises, invitant les agents déclarants à se conformer à des règles de vérification détaillées. Elle met également en avant la confidentialité des données collectées qui, sous certaines conditions, peuvent être partagées avec d'autres organismes de contrôle comme la CSSF et le STATEC. En outre, la circulaire abroge les lignes directrices précédentes, consolidant le cadre réglementaire pour répondre aux normes de la BCE.

On 11 December 2024, the Banque Centrale du Luxembourg (CBL) updated its reporting instructions for investment funds. 

The provided documents are the following: 

• Definitions and Concepts for Statistical Reporting of Investment Funds (English Version)
• Electronic Transmission Manual for Statistical Reporting of Investment Funds (English Version)
• S 1.3 & S 2.13 "Statistical Balance Sheet of Investment Funds"
• S 1.6 "Information on Valuation Effects on the Balance Sheet of Non-Monetary Investment Funds"
• TPTOBS "Security-by-Security Reporting of Investment Funds"
• S 2.20 "Quarterly Financial Information" 11.12.2024
• S 4.4 "Countries of Marketing" 11.12.2024
• Summary of Reporting Modifications from December 2025 (English Version)

Version française

Le 11 décembre 2024, la Banque Centrale du Luxembourg (CBL) a mis à jour ses instructions de reporting pour les fonds d'investissement. 

Les documents fournis sont les suivants : 

• définitions et concepts pour le reporting statistique des fonds d'investissement (version anglaise)
• manuel de transmission électronique pour le reporting statistique des fonds d'investissement (version anglaise)
• S 1.3 & S 2.13 « Bilan statistique des fonds d'investissement »
• S 1.6 "Informations sur les effets de valorisation sur le bilan des fonds d'investissement non monétaires"
• TPTOBS "Reporting titre par titre des fonds d'investissement"
• S 2.20 « Informations financières trimestrielles » 11.12.2024
• S 4.4 « Pays de commercialisation » 11.12.2024
• résumé des modifications de reporting de décembre 2025 (version anglaise)

On 11 December 2024, the Banque Centrale du Luxembourg (CBL) published an FAQ on Statistical reporting of investment funds.

The «Frequently Asked Questions» are updated based on requests for clarification made by Investment funds and their publication on the BCL's website should allow to complete the instructions for the statistical reporting of investment funds. 

This new version clarifies specific questions linked to the reporting changes as from December 2025.

Version française

Le 11 décembre 2024, la Banque Centrale du Luxembourg (CBL) a publié une FAQ sur le reporting statistique des fonds d'investissement.

Les « Questions Fréquemment Posées » sont mises à jour en fonction des demandes de précisions formulées par les fonds d'investissement et leur publication sur le site Internet de la BCL devrait permettre de compléter les instructions relatives au reporting statistique des fonds d'investissement. 

Cette nouvelle version clarifie des questions spécifiques liées aux changements de reporting à compter de décembre 2025.

On 6 December 2024, the Commission de Surveillance du secteur financier (CSSF) published Circular CSSF 24/867 updating Circular CSF 19/724 on technical specifications regarding submission to the CSSF of documents under Regulation (EU) 2017/1129 and the Law of 16 July 2019 on prospectuses for securities and general overview of the regulatory framework on prospectuses.

The circular CSSF 24/867 outlines the regulatory framework governing prospectuses and the CSSF's roles and responsibilities in this regard. It also updates Circular CSSF 19/724 by incorporating the amendments introduced by Regulation (EU) 2024/2809, which seeks to make the EU public capital markets more appealing to companies and facilitate access to capital for small and medium-sized enterprises. The circular specifies the technical procedures for document submissions to the CSSF required for approval, notification or filing concerning offers of securities to the public and admissions of securities to trading on a regulated market.

This updated circular includes the relevant changes in "tracked changes" for clarity. It emphasizes the importance of following these procedures to ensure prompt and efficient processing by the CSSF. The modifications introduced by Prospectus Regulation (EU) 2024/2809 to Regulation (EU) 2017/1129 are meant to simplify the prospectus documentation process and reduce associated costs, thereby reinforcing the attractiveness of Union public markets. Changes include new exemptions from the obligation to publish a prospectus for secondary issuances and other regulatory adjustments to enhance market competitiveness. 

The circular repeals and replaces CSSF 12/539 and its later amendments. It provides detailed guidance on the submission process for various documents like the universal registration document, registration document, and prospectus, either as a single or separate documents.

Version française

Le 6 décembre 2024, la Commission de Surveillance du secteur financier (CSSF) a publié la circulaire CSSF 24/867 actualisant la circulaire CSF 19/724 relative aux spécifications techniques relatives à la soumission à la CSSF de documents au titre du règlement (UE) 2017/1129 et de la loi du 16 décembre 2024. Juillet 2019 relatif aux prospectus sur valeurs mobilières et aperçu général du cadre réglementaire en matière de prospectus.

La circulaire CSSF 24/867 précise le cadre réglementaire régissant les prospectus ainsi que les rôles et responsabilités de la CSSF à cet égard. Elle met également à jour la circulaire CSSF 19/724 en intégrant les modifications introduites par le règlement (UE) 2024/2809, qui vise à rendre les marchés publics des capitaux de l'UE plus attractifs pour les entreprises et à faciliter l'accès au capital pour les petites et moyennes entreprises. La circulaire précise les modalités techniques de transmission à la CSSF des documents nécessaires à l'agrément, à la notification ou au dépôt concernant les offres de valeurs mobilières au public et les admissions de valeurs mobilières à la négociation sur un marché réglementé.

Cette circulaire mise à jour inclut les modifications pertinentes dans les « modifications suivies » pour plus de clarté. Elle souligne l’importance de suivre ces procédures pour garantir un traitement rapide et efficace par la CSSF. Les modifications introduites par le Règlement Prospectus (UE) 2024/2809 au Règlement (UE) 2017/1129 visent à simplifier le processus de documentation du prospectus et à réduire les coûts associés, renforçant ainsi l'attractivité des marchés publics de l'Union. Les changements comprennent de nouvelles exemptions de l'obligation de publier un prospectus pour les émissions secondaires et d'autres ajustements réglementaires visant à améliorer la compétitivité du marché. 

La circulaire abroge et remplace la CSSF 12/539 et ses modifications ultérieures. Il fournit des conseils détaillés sur le processus de soumission de divers documents tels que le document d'enregistrement universel, le document d'enregistrement et le prospectus, sous forme de documents uniques ou séparés.

On 5 December 2024, the Commission de Surveillance du secteur financier (CSSF) published a statement on the application of DORA.

The key takeaways for financial entities (FEs) are the following:

1. DORA does not come with a transitional period meaning that all FEs should be fully compliant from 17 January 2025. 
2. Those FEs that still do not have an LEI code, have to proceed with the procurement and activation of an LEI code to be able to fulfil DORA requirements.
3. From 17 January onwards, FEs have to report major ICT incidents based on the DORA RTS (and not the CSSF Circular 24/847). Reporting channel and processes will nevertheless remain the same (eDesk). FEs that still did not create the specific role on eDesk “IT Incident Notifier”, have to do so ASAP and in any case, before the deadline.
4. DORA requires FEs to inform the CSSF in a timely manner about any planned contractual arrangement on the use of ICT services supporting critical or important (CoI) functions, as well as when a function has become CoI. CSSF clarifies that FEs that have already notified outsourcing of a CoI function under the Outsourcing Circular 22/806 do not need to notify this outsourcing again.
5. DORA furthermore requires FEs to report to the CSSF, at least yearly, information about all new contracts with ICT TPSP (those that support CoI as well as others). In this context, the CSSF clarifies that FEs do not need to notify to the CSSF the backlog of these contracts (that are already concluded before DORA application date). However, FEs do need to list all these (existing) contracts in the Register of Information.
6. The final ITS on the Registers of Information were published in the Official Journal of the EU on 2 December 2024. The CSSF will communicate soon the date by which FEs need to submit their registers (which will be in any case at the latest by 30 April 2025). 

Version française

Le 5 décembre 2024, la Commission de Surveillance du secteur financier (CSSF) a publié un communiqué sur l'application de DORA.

Les principaux points à retenir pour les entités financières (EF) sont les suivants :

1. DORA ne comporte pas de période de transition, ce qui signifie que tous les FE devraient être pleinement conformes à partir du 17 janvier 2025. 
2. Les FE qui ne disposent toujours pas d'un code LEI doivent procéder à l'acquisition et à l'activation d'un code LEI pour pouvoir répondre aux exigences DORA.
3. À partir du 17 janvier, les FE doivent déclarer les incidents informatiques majeurs sur la base du DORA RTS (et non de la Circulaire CSSF 24/847). Le canal et les processus de reporting resteront néanmoins les mêmes (eDesk). Les FE qui n'ont pas encore créé le rôle spécifique sur eDesk « IT Incident Notifier » doivent le faire dès que possible et en tout cas, avant la date limite.
4. DORA exige que les FE informent la CSSF en temps utile de tout accord contractuel prévu concernant l'utilisation de services TIC prenant en charge des fonctions critiques ou importantes (CoI), ainsi que du moment où une fonction est devenue CoI. La CSSF précise que les FE ayant déjà notifié l’externalisation d’une fonction CoI au titre de la Circulaire d’externalisation 22/806 n’ont pas besoin de notifier à nouveau cette externalisation.
5. DORA exige en outre que les FE déclarent à la CSSF, au moins une fois par an, des informations sur tous les nouveaux contrats avec ICT TPSP (ceux qui prennent en charge CoI ainsi que d'autres). Dans ce contexte, la CSSF précise que les FE n'ont pas besoin de notifier à la CSSF le retard dans ces contrats (qui sont déjà conclus avant la date d'application de DORA). Toutefois, les FE doivent répertorier tous ces contrats (existants) dans le registre d'informations.
6. Les ITS définitives sur les registres d'informations ont été publiées au Journal officiel de l'UE le 2 décembre 2024. La CSSF communiquera prochainement la date à laquelle les FE doivent soumettre leurs registres (qui sera en tout cas au plus tard le 2 décembre 2024) 30 avril 2025).

On 18 December 2024, the Commission de Surveillance du secteur financier (CSSF) published a press release on the ESMA Guidelines on funds’ names using ESG or sustainability-related terms.

The CSSF released a follow-up communiqué to their announcement on 21 October 2024, regarding the implementation of Circular CSSF 24/863. This Circular integrates the Guidelines on the use of ESG or sustainability-related terms in fund names into the Luxembourg regulatory framework. It also provides a priority processing procedure for existing UCITS and AIFs limiting their document updates to amendments required by the Guidelines.

On 13 December 2024, ESMA published Q&As clarifying aspects of the Guidelines' practical application. These Q&As address green bonds, "meaningful investment in sustainable investments," and the definition of controversial weapons. ESMA explained that European Green Bonds are exempt from exclusionary investment restrictions, while other green bonds can use a look-through approach for exclusions. For "meaningful investment in sustainable investments," ESMA suggested a threshold of at least 50% investment in sustainable investments for funds using "sustainable" terms in their names, subject to specific circumstances. The definition of controversial weapons should follow SFDR indicator 14.

The CSSF expects financial market participants to consider these Q&As when applying the Guidelines and to ensure fund names comply. The Guidelines are effective from 21 November 2024 for new funds and from 21 May 2025 for existing funds. 

Version française

Le 18 décembre 2024, la Commission de Surveillance du secteur financier (CSSF) a publié un communiqué de presse sur les lignes directrices de l'ESMA concernant les noms de fonds utilisant des termes ESG ou liés au développement durable.

La CSSF a publié un communiqué faisant suite à son annonce du 21 octobre 2024, concernant la mise en œuvre de la circulaire CSSF 24/863. Cette circulaire intègre les lignes directrices sur l'utilisation de termes ESG ou liés au développement durable dans les noms de fonds dans le cadre réglementaire luxembourgeois. Il prévoit également une procédure de traitement prioritaire pour les OPCVM et FIA existants limitant la mise à jour de leurs documents aux modifications requises par les Orientations.

Le 13 décembre 2024, l'ESMA a publié des questions-réponses clarifiant certains aspects de l'application pratique des lignes directrices. Ces questions-réponses abordent les obligations vertes, « les investissements significatifs dans les investissements durables » et la définition des armes controversées. L'ESMA a expliqué que les obligations vertes européennes sont exemptées des restrictions d'investissement d'exclusion, tandis que d'autres obligations vertes peuvent utiliser une approche transparente pour les exclusions. Pour les « investissements significatifs dans des investissements durables », l'ESMA a suggéré un seuil d'au moins 50 % d'investissement dans des investissements durables pour les fonds utilisant des termes « durables » dans leurs noms, sous réserve de circonstances spécifiques. La définition des armes controversées devrait suivre l’indicateur SFDR 14.

La CSSF attend des acteurs des marchés financiers qu’ils prennent en compte ces questions/réponses lors de l’application des Orientations et qu’ils s’assurent que les noms de fonds s’y conforment. Les lignes directrices entrent en vigueur le 21 novembre 2024 pour les nouveaux fonds et le 21 mai 2025 pour les fonds existants.

On 18 December 2024, the Commission de Surveillance du secteur financier (CSSF) updated their FAQ on Sustainable Finance Disclosure Regulation (SFDR).

These updates included modifications to Section I which deals with Key European and CSSF publications, and Section II which covers CSSF FAQs. Specifically, questions 6 and 7 were updated while questions 2, 9, and 10 were deleted.

Additionally, the application date of periodic disclosure requirements, particularly the information of Article 11 in an annex to the annual report using mandatory templates set out in Annexes IV and V of the SFDR RTS, was addressed with relevant sections being deleted.

Version française

Le 18 décembre 2024, la Commission de Surveillance du secteur financier (CSSF) a mis à jour sa FAQ sur le Sustainable Finance Disclosure Règlement (SFDR).

Ces mises à jour comprenaient des modifications à la section I qui traite des principales publications européennes et de la CSSF, et à la section II qui couvre les FAQ de la CSSF. Plus précisément, les questions 6 et 7 ont été mises à jour tandis que les questions 2, 9 et 10 ont été supprimées.

En outre, la date d'application des exigences de divulgation périodique, en particulier les informations de l'article 11 dans une annexe au rapport annuel utilisant les modèles obligatoires définis dans les annexes IV et V du SFDR RTS, a été traitée et les sections pertinentes ont été supprimées.

On 9 December 2024, the Commission de Surveillance du secteur financier (CSSF) published Circular CSSF 24/868 regarding amendments to Circular CSSF 19/719: Implementing the EBA Guidelines on the simple, transparent, and standardised (STS) criteria for non-ABCP (Asset-Backed Commercial Paper) securitisation and the STS criteria for ABCP securitisation.

The guidelines were developed to offer a harmonised interpretation of the transaction-level and programme-level criteria applicable to ABCP securitisation, as set out in the EU Regulation 2017/2402. These guidelines aim to provide a consistent understanding across all Union member states, ensuring all parties involved, including originators, original lenders, sponsors, securitisation special purpose entities (SSPEs), investors, and third-party verifiers, comprehend the criteria for achieving STS compliance. 

The document reflects amendments to previous guidelines to address feedback from multiple respondents, focusing on simplifying requirements and clarifying the criteria to enhance transparency and efficiency in the securitisation process.

Version française

Le 9 décembre 2024, la Commission de Surveillance du secteur financier (CSSF) a publié la Circulaire CSSF 24/868 concernant les modifications de la Circulaire CSSF 19/719 : Mise en œuvre des orientations de l'ABE sur les critères simples, transparents et standardisés (STS) pour les non-ABCP. (Asset-Backed Commercial Paper) et les critères STS pour la titrisation des ABCP.

Les lignes directrices ont été élaborées pour offrir une interprétation harmonisée des critères au niveau de la transaction et au niveau du programme applicables à la titrisation du PCAA, tels qu'énoncés dans le règlement UE 2017/2402. Ces lignes directrices visent à fournir une compréhension cohérente dans tous les États membres de l'Union, garantissant que toutes les parties impliquées, y compris les initiateurs, les prêteurs initiaux, les sponsors, les entités à vocation spéciale de titrisation (SSPE), les investisseurs et les vérificateurs tiers, comprennent les critères permettant d'atteindre la conformité STS.

Le document reflète les modifications apportées aux lignes directrices précédentes pour répondre aux commentaires de plusieurs répondants, en se concentrant sur la simplification des exigences et la clarification des critères afin d'améliorer la transparence et l'efficacité du processus de titrisation.

On 3 December 2024, the Bank Negara Malaysia (BNM) published a Policy Document on Product Transparency and Disclosure.

The Policy Document on Product Transparency and Disclosure has been revised to introduce new and enhanced disclosure requirements aimed at enhancing the effectiveness of product disclosure to facilitate consumers in selecting the right financial product that meets their financial needs.

Major revisions made to this Policy Document are as follows:

a. Paragraph 11 on new requirements for product disclosure through digital channels;

b. Paragraph 12 on enhanced requirements on the sharing of customer information for marketing and promotional purposes;

c. Paragraph 14 on revised requirements on the use of Bahasa Melayu; and

d. Paragraph 16 on enhanced requirements on product disclosure sheet.

As financial products become more diverse and complex to address the varying needs of financial consumers, the ability of financial consumers to understand the features and characteristics to assess product suitability and risks becomes more challenging. 

Consequently, there is a need to enhance product specific transparency and disclosure to facilitate sufficient understanding by financial consumers so that they can make informed decisions. Given the greater use of financial products, financial consumers need to be provided with relevant, timely, reliable and comparable information that enable them to select financial products that best meet their financial circumstances and needs.

This Policy Document contains specifications on minimum requirements for enhanced consistency and comprehensive transparency aimed at improving information disclosure on financial products offered by financial service providers (“FSPs”).

This Policy Document sets out the timing and content on disclosure of information on financial products to financial consumers.

The objectives of this Policy Document are to:

a) promote financial consumers’ awareness and understanding of financial products offered by FSPs; 

b) ensure consistency in disclosure of essential information on financial products to enable comparison by financial consumers; 

c) minimise mis-selling of financial products and ensure that financial products sold are suitable to the needs and financial circumstances of financial consumers; 

d) promote informed decision-making by financial consumers; and 

e) facilitate financial consumers in safeguarding their own best interests.

On 16 December 2024, the Overheid (Government Documents in the Netherlands) implemented MiCA and TFR.

The AFM  has highlighted adding some provisions from MiCA (Markets in Crypto-assets Regulation) to the Economic Offenses Act (Wet op de Economische Delicten, WED). This change allows specific enforcement powers from MiCA, which can only be used by the Public Prosecution Service under Dutch law, to be incorporated into criminal law, ensuring that these powers can be applied in particular cases by the Public Prosecution Service.

In this decision, the competent supervisory authorities are designated, and it is determined which articles can be enforced by them. It includes imposing administrative enforcement orders or fines for violations of these articles. The decision also specifies the applicable fine categories.

This provision relates to transitional arrangements under MiCA. It guides the temporary retention of the register as intended in article 23f of the Wwft (Wet ter voorkoming van witwassen en financieren van terrorisme), including the conditions and requirements attached. It also highlights the necessity for crypto-asset service providers to comply with the Sanctions Act of 1977.

The document mentions that the decision has no financial implications for the national budget. All supervisory costs will be borne by the institutions under supervision. Additionally, adjustments may be made to the Decision on the funding of financial supervision 2019, where necessary.

Several provisions from MiCA have been added to existing regulations, including those that do not require implementation due to their nature. For instance, specifics related to the direct application of rules and the sanctions framework.

On 17 December 2024, the Overheid (Government Documents in the Netherlands) published new amendments targeting crypto-assets and money laundering.

The amendments to the Money Laundering and Terrorist Financing (Prevention) Act include several crucial updates aimed at enhancing regulatory measures to combat illicit financial activities. 

New definitions have been introduced, including the term "crypto-asset service provider," aligning with Regulation (EU) 2023/1114. The Regulation now considers specific crypto-assets and integrates provisions for the regulation of crypto-asset markets.

Enhanced CDD measures are required, especially concerning crypto-assets. Providers must have internal policies and procedures to assess and mitigate risks. Specific risk mitigation strategies include verifying the identities of parties involved in crypto-asset transfers and obtaining additional information on the origins and destinations of such transfers.

Several articles have been updated, such as Article 2e, which revises references to specific parts of the legislation. Article 8 now includes the requirement to document the termination of correspondent relationships due to money laundering or terrorist financing concerns.

The regulation on transfers of funds has been updated to include crypto-assets. This includes specifying the information to accompany such transfers and the institutions governed by these rules. Additional measures address the risks of non-implementation and evasion of targeted financial sanctions.

The responsibilities of supervisory authorities like De Nederlandsche Bank and the Netherlands Authority for the Financial Markets have been clarified, particularly regarding the handling of violations under the updated regulations.

These amendments aim to ensure that the regulatory framework in the Netherlands remains robust against evolving financial crimes, especially in the context of emerging technologies like crypto-assets.

On 4 December 2024, the Autoriteit Financiële Markten (AFM) and the DSI Foundation have extended the covenant that concerns the professional competence of professionals who provide information or advice on investing. The covenant has been extended unchanged and follows, among other things, the requirements of the European regulator ESMA. The AFM acknowledges that every professional who is listed in the relevant DSI registers is 'permanently competent'.

Professionals who inform or advise on investments must be demonstrably 'competent'. The requirements for this are described in MiFID II and in guidelines from the European supervisor ESMA. In the covenant that the AFM and DSI have had since 2018, it has been agreed that the DSI Foundation will admit persons who comply with the ESMA guidelines to its registers. Subsequently, the obligation to keep knowledge up-to-date applies through the 'Permanent Professional Competence' programme.

Currently, more than 4100 professionals from the investment sector are certified in one of the seven relevant ESMA registers. The AFM acknowledges that everyone who is included in the relevant DSI registers is competent. The AFM considers skilled employees to be an important precondition for good investment services and careful treatment of clients.

Incidentally, a company does not fully comply with the ESMA guidelines by registering for the relevant persons. These standards are broader. For example, there are organisational requirements for the company and employees must understand and apply the internal rules of conduct and procedures. Because the elaboration of this is specific to each company, it is not part of the certification at DSI.

Companies that do not want to do this can also demonstrate to the AFM that each employee is competent and how this is organised within the organisation.

On 6 December 2024, the Autoriteit Financiële Markten (AFM) announced that it will request the information registers from companies soon after the Digital Operational Resilience Act (DORA) comes into force on 17 January 2025. National supervisors, such as the AFM and De Nederlandsche Bank (DNB), must submit the registers to the European supervisors in April 2025. This means that in February 2025 they will send a request for information to all companies with an AFM licence that fall under DORA.

One of the requirements under DORA is that financial institutions must keep an information register of all contractual agreements with ICT service providers. The European supervisors (EBA, EIOPA, and ESMA) have recently published the timelines for requesting the information register.

In February 2025, a request for information will be sent to all companies that have an AFM licence and fall under DORA. Together with the request for information, companies will also receive a message about the way in which the information register is to be delivered and the response time. Companies are expected to send their entire register. In this way, the registers can be submitted to the European regulators in a timely manner. This must be done by 30 April 2025 at the latest.

Recently, the implementing technical standards (ITS), with more detailed elaboration for the information register, have been adapted by the European Commission. This makes these requirements for the register final. In order to be able to deliver the information register on time, companies must already be in the process of drawing it up. When drawing up the register, it is important to check that all mandatory fields are included. If fields are missing or not filled in, the register cannot be shared with the European supervisors. In that case, the entire information register will have to be requested again.

On 30 December 2024, the Autoriteit Financiële Markten (AFM) announced that providers of crypto-asset services will need a licence or notification from the Netherlands Authority for the Financial Markets (AFM) or another European regulator. For providers who currently have a registration with the Dutch Central Bank (DNB), this will apply as of 30 June 2025. The AFM can take enforcement measures against parties without a license or notification.

Since June 29, 2023, the European legislation Markets in Crypto-Assets Regulation (MiCAR) has already entered into force in phases. Now the part of MiCAR has also started in which the supervision of crypto services and market abuse is arranged. One of the goals of MiCAR is to increase investor protection. For example, crypto-asset service providers (CASPs) must conduct their business with integrity and control and provide correct information to investors. It is forbidden to trade with inside information or manipulate the crypto market. 'Pump and Dump' is therefore no longer allowed.

Even with the entry into force of MiCAR, The AFM continues to consider trading in cryptos risky for consumers.

The AFM started processing permit applications and notifications in April. DNB is responsible for assessing the prudential requirements. Several permits and notifications have now been granted. These are visible in the public register of the AFM and later in that of the European regulator ESMA. There are also applications still pending.

CASPs that are currently registered by DNB can make use of a transition period of 6 months. This means that they must have a permit or notification by 30 June 2025. The AFM calls on these providers to submit an application to the AFM quickly, if they wish. Experience shows that even in the best case, an application takes at least 5 to 6 months. It is essential that applications comply with the applicable standards. The AFM refers to the detailed explanation on the ESMA website and the guidelines available on the AFM website. If the application is of insufficient quality and/or a company has to make several adjustments, the permit granting process takes longer.

On 23 December 2024, the Overheid (Government Documents in the Netherlands) published a consultation on the Sustainability Reporting Assurance Investigation. This decree elaborates on the legislative proposal for implementing the Sustainability Reporting Directive (Directive 2022/2464, CSRD), which requires certain companies to report on sustainability issues, and specifies the legal requirements for auditors and audit firms in assessing this reporting.

Criteria for Different Entity Sizes:

• Large entities: Balance sheet total more than € 20 million, net revenue more than € 40 million, and more than 250 employees.
• Medium-sized entities: Balance sheet total up to € 20 million, net revenue up to € 40 million, and up to 250 employees.
• Small entities: Must meet two of three criteria - balance sheet total not more than € 7.5 million, net revenue not more than € 15 million, and fewer than 50 employees.
• Micro entities: Must meet two of three criteria - balance sheet total up to € 450,000, net revenue up to € 900,000, and fewer than 10 employees

The registration for conducting assurance work on sustainability reporting must be listed, and there are specific quality system requirements.

Information exchange with organizations (like ESMA on a European level and IOSCO globally) is essential to ensure uniform application of standards in financial and sustainability reporting. Improvements to administrative penalty regulations for financial sectors were included, ensuring alignment with oversight activities.

Special note on Chapter 3.1 of the explanatory memorandum concerning member state options not adopted immediately due to impractical implementation timelines. Regulatory burdens and additional standards only apply if accounting organizations choose to offer these assurance services.

Initial and ongoing effects on training requirements for accountants performing assurance work on sustainability reports are mentioned. Attention to implementation costs for professional bodies (like NBA and CEA) and additional costs for authorities like AFM concerning oversight

The consultation ends on 4 February 2025.

On 27 December 2024, Spain published the Circular 1/2024, of 17 December, of Comisión Nacional del Mercado de Valores (CNMV), repealing Circular 1/2022, of 10 January, on the advertising of cryptoassets presented as an object of investment.

Royal Decree-Law 5/2021, of 12 March, on extraordinary measures to support business solvency in response to the COVID-19 pandemic, based on the lack at that time of a European regulatory framework relating to cryptoassets and to the extent that they were increasingly present in the financial system, included a new article 240 bis in Royal Legislative Decree 4/2015, of 23 October, approving the revised text of the Securities Market Law (current article 247 of Law 6/2023, of 17 March, on Securities Markets and Investment Services), to grant the CNMV powers in order to subject the advertising of cryptoassets to administrative control. It also enabled the CNMV to develop the objective and subjective scope, as well as the applicable control mechanisms and procedures, by means of a Circular.

Consequently, Circular 1/2022, of 10 January, of the CNMV, on the advertising of cryptoassets presented as an object of investment, was issued to establish a regulatory framework for advertising of cryptoassets presented as an object of investment, in a context in which it was perceived that the growing presence of cryptoassets in the financial system generated certain challenges in the field of the protection of investors, since at that time there was no regulation that could adequately respond to the risks that these assets could entail.

Regulation (EU) 2023/1114 regulates for the first time the issuance and provision of services related to crypto-assets, establishing uniform rules for issuers of crypto-assets and for service providers in relation to such crypto-assets. Its main objective is none other than to provide, for cryptoassets, a set of uniform rules that promote transparency, protect those who invest in them, facilitate innovation and competition. The regulation also contains specific rules on the advertising of crypto-assets.

The entry into force of this community regulation, which will mean the establishment of a regulation that will grant investors a certain degree of protection when investing in cryptoassets, advises against maintaining a regulation at the national level that regulates the advertising of these assets.

To this end, the approval of a Community regulation on cryptoassets has determined, on the one hand, that the regulatory authorisation provided for in Article 247 of Law 6/2023, of 17 March, on Securities Markets and Investment Services, has lost one of its presuppositions, which is the lack of an appropriate European regulatory framework; and on the other hand, that it is not possible to establish national regulations on the aspects regulated at European level. It is essential to point out that the regulation on this matter does not contain an express reference to the provisions of national law nor does it grant the Member States a discretionary margin to develop these provisions, so that the Member States are prohibited from legislating on the matter.

In short, it is necessary to agree to the repeal of Circular 1/2022, of 10 January, of the National Securities Market Commission, relating to the advertising of cryptoassets presented as an object of investment.

This Circular entered into force on 27 December 2024.

On 12 December 2024, the Comisión Nacional del Mercado de Valores (CNMV) published a report on the outcome of the self-assessment on the readiness of the entities for DORA.

The report contains the results of a self-assessment exercise carried out by 245 entities (Investment Services Companies, Management Companies and Participatory Financing Platforms).

As main conclusions, it has been observed that, in general, the entities that have participated have good governance, cybersecurity and business continuity measures, although in many cases the periodic review or follow-up of these reviews is lacking. However, further gaps have been identified in incident management, evidence management and risk management of ICT service providers.

This self-assessment has made it possible to raise awareness among the entities subject to the CNMV's supervision of the main requirements of DORA and has helped the CNMV to know the current state of preparedness of the entities before the entry into force of the Regulation. In addition, the CNMV has offered advice to entities on various issues raised during the process of answering the questionnaire.

In addition to the analysis of the responses, the report incorporates some implementation tips and recommendations, highlights the main regulatory aspects of DORA and includes references to a variety of tools and documentation that will facilitate the implementation of DORA's main requirements.

On 19 December 2024, the Banco de España launched its 2030 Strategic Plan.

The Governing Council, at its meeting, approved the Strategic Framework that will guide the design and execution of the Bank of Spain's 2030 Strategic Plan. This Strategic Framework includes the Banco de España's mission, values, vision and strategic objectives between now and 2030.

In the coming months, it must be completed with the identification of those specific initiatives and action plans that will allow the objectives that have been set to be achieved. This Strategic Framework and the initiatives that develop it will make up the 2030 Strategic Plan, which will be submitted for approval by the Governing Council next spring.

This is the Banco de España's second Strategic Plan after the one executed between 2020 and 2024 and, based on this acquired experience, an area that is already consolidated in the central banks in our environment is being strengthened. The objective is for this function to act as a lever for transformation and to allow strategic, budgetary and organisational planning to be aligned.

The Plan will focus on the internal transformation of the institution and innovation, and will have priority areas in the areas of technology, talent management and transparency, with the aim of advancing the contribution to society. Periodic monitoring will be carried out to adapt it to changes in the environment and to adapt the resources necessary for its execution, as well as the indicators to measure the achievement of results.

On 18 December 2024, the Eidgenössische Finanzmarktaufsicht (FINMA) published guidance on governance and risk management when using artificial intelligence.

This guidance highlights the risks associated with AI use and reflects FINMA’s observations from ongoing supervision.

With the rapid adoption of AI in finance, there are several associated risks that can be challenging to assess. These include operational risks, particularly model risks (e.g., lack of robustness, correctness, explainability, or bias), data-related risks (e.g., data security, data quality, data availability), IT and cyber risks, increasing third-party dependencies, as well as legal and reputational risks.

During its supervisory activities, FINMA has noticed that most financial institutions are still in the early stages of AI development and are in the process of establishing relevant governance and risk management structures. FINMA emphasizes the importance of proper identification, assessment, management, and monitoring of risks associated with AI adoption. The guidance also provides insights into measures observed during ongoing supervision.

This approach aims to enhance the reputation of the financial sector and assist institutions in sustainably protecting their business models against risks in an ever-changing environment. This can be achieved through investments in a clear business strategy, a robust risk culture and governance, and proactive risk management.

Version française

Le 18 décembre 2024, l'Eidgenössische Finanzmarktaufsicht (FINMA) a publié des orientations sur la gouvernance et la gestion des risques lors de l'utilisation de l'intelligence artificielle.

Ces orientations mettent en évidence les risques liés à l’utilisation de l’IA et reflètent les observations de la FINMA issues de la surveillance continue.

Avec l’adoption rapide de l’IA dans la finance, plusieurs risques associés peuvent être difficiles à évaluer. Ceux-ci incluent les risques opérationnels, en particulier les risques de modèle (par exemple, le manque de robustesse, d'exactitude, d'explicabilité ou de biais), les risques liés aux données (par exemple, la sécurité des données, la qualité des données, la disponibilité des données), les risques informatiques et cybernétiques, les dépendances croissantes envers les tiers. , ainsi que les risques juridiques et de réputation.

Dans le cadre de ses activités de surveillance, la FINMA a constaté que la plupart des institutions financières en sont encore aux premiers stades de développement de l’IA et sont en train de mettre en place des structures de gouvernance et de gestion des risques appropriées. La FINMA souligne l’importance d’une identification, d’une évaluation, d’une gestion et d’un suivi appropriés des risques liés à l’adoption de l’IA. Les lignes directrices donnent également un aperçu des mesures observées lors de la surveillance continue.

Cette approche vise à améliorer la réputation du secteur financier et à aider les institutions à protéger durablement leurs modèles économiques contre les risques dans un environnement en constante évolution. Cet objectif peut être atteint grâce à des investissements dans une stratégie commerciale claire, une culture et une gouvernance du risque solides et une gestion proactive des risques.

On 20 December 2024, the United Kingdom published the Information Sharing (Disclosure by the Registrar) Regulations 2024.

Section 94 of the Economic Crime and Corporate Transparency Act 2023 (c. 56, “the 2023 Act”) inserted into the Companies Act 2006 (c. 46) a power for the registrar to disclose information to a person of a description, and for a purpose, specified in regulations made by the Secretary of State. These Regulations specify the persons to whom, and the non-public purposes for which, the registrar may disclose information.

The Regulations are coming into force on 20 December 2024.

On 12 December 2024, the Financial Conduct Authority (FCA) published priorities under the Consumer Duty for the remainder of 2024/25.

The Consumer Duty is one of the most significant changes to the FCA's regulatory approach in recent years. It has been in force for open products and services since 31 July 2023, and for closed products and services since 31 July 2024. 

As part of meeting the FCA's secondary objective to facilitate international competitiveness and growth, the FCA is now reviewing the FCA's wider rules to see how the FCA can use the Consumer Duty to simplify the FCA's requirements. 

Reducing the complexity of the FCA's rulebook could lower costs, encourage innovation and help support the risk appetite needed to support growth, ultimately boosting international competitiveness and the economy over the long-term.

Affected stakeholders will largely be aware of these initiatives, but the FCA is producing this in response to industry feedback that it would be helpful to show the FCA's Consumer Duty areas of focus in one place.

The FCA's Consumer Duty focus covers thematic, multi-firm and market-wide work, relevant to a wide set of stakeholders. Most work is not in addition to the FCA's usual supervisory activity, but rather a pivot towards the Consumer Duty. The FCA has not included firm-specific supervisory work nor the everyday supervisory work on the Consumer Duty, for example, understanding how firms are delivering good outcomes through the products and services they offer, including looking at any issues around closed products and services.

The FCA has given a short description of the work and expected timelines. Timelines may change, for example, because the FCA needs to prioritise new and emerging consumer harms. The FCA also keeps these areas under review as pressures emerge on specific sectors or the industry as a whole.

The FCA has prioritised initiatives where:

• The FCA believes sharing more information on good and poor practice and the FCA's expectations will benefit industry and help drive better outcomes.
• The FCA sees the greatest need to act to address harm – or potential for harm – due to the size or urgency of that harm.  
• The FCA requires more data to improve the FCA's understanding of the way the Consumer Duty is being embedded.

Based on this prioritisation, the FCA has 4 focus areas for the rest of 2024/25.

• Embedding the Consumer Duty and raising standards,
• Enhancing understanding of the price and value outcome,
• Sector-specific priorities,
• Realising the benefits of the Consumer Duty.

On 13 December 2024, the Financial Conduct Authority (FCA) published a consultation paper CP24/28 on operational incident and third party reporting.

Firms face growing challenges to remaining operationally resilient. When operational incidents do occur, the disruption to the services firms provide can harm consumers and the wider sector. This could include consumers unable to access their accounts or pay bills and disrupt markets, threatening financial stability. Additionally, many of the incidents reported to us originate at third parties, with firms becoming increasingly reliant on the services they provide.

The proposals aim to bolster the operational resilience framework for firms and supports the FCA's strategic commitment to minimise the impact of operational disruptions such as cyber-attacks or IT outages. These proposals seek to establish a consistent, sufficient, and timely framework for reporting operational incidents and material third-party arrangements.

The FCA currently receives notifications of operational incidents from authorised firms based on Principle 11. However, the FCA does not currently define what constitutes an operational incident, when one should be reported, what information should be included, or how to submit such reports. 

Feedback from industry, as part of the Transforming Data Collection programme in 2022, indicated that many firms are unclear about how and when to engage with us regarding incidents. 

As a result, the FCA is proposing to define an operational incident, and requiring firms to submit standardised reports on incidents that breach one or more of the proposed thresholds supporting the FCA's objectives. These thresholds relate to consumer harm, market integrity, and safety and soundness.

Chapter 3 of this consultation paper (CP), which covers proposals for operational incident reporting, is relevant to:

• firms,
• payment service providers,
• UK Recognised Investment Exchange (RIE),
• registered trade repository,
• registered credit rating agencies.

Chapter 4 of this CP, which covers proposals for third party reporting, is relevant to: 

• enhanced scope Senior Managers & Certification Regime (SM&CR) firm,
• banks,
• PRA designated investment firms,
• building societies,
• Solvency II firms,
• Client Assets Sourcebook (CASS) large firms, 
• UK recognised investment exchange (RIE), 
• authorised electronic money institutions or authorised payment institutions,
• consolidated tape providers.

Consumers may be interested in how operational resilience is being improved within firms.

The consultation closes on 13 March 2025.

On 13 December 2024, the Prudential Regulation Authority (PRA) published a consultation paper CP17/24 on Operational resilience: Operational incident and outsourcing and third-party reporting.

This CP sets out the PRA proposals to set requirements in rules and expectations for firms to report operational incidents and their material third-party arrangements.

The PRA proposes to establish a framework for timely, accurate and consistent reporting of certain operational incidents, and notification and reporting of material third-party arrangements. The proposals set out clear and robust requirements and expectations for regulatory reporting which aim to support the operational resilience of the UK financial sector and enhance the PRA’s understanding of sector threats and vulnerabilities.

The proposals in this CP would allow the PRA to collect data which would be used to monitor and respond to potential risks arising from operational incidents and firms’ increasing reliance on third parties in an effective but proportionate manner and advance the PRA’s objectives of firm safety and soundness, and policyholder protection.

The proposals set out in this CP are consistent with the approach developed jointly with the Financial Conduct Authority (FCA) and the Bank of England (the BoE), in its capacity as a supervisor of Financial Market Infrastructures (FMIs). The proposals in this CP would result in:

• requirements for firms in the PRA Rulebook as detailed in the relevant CP Chapters;
• a new supervisory statement (SS) setting out the PRA’s expectations of how firms should comply with and interpret the proposed new requirements in the rules; and
• amendments to SS2/21 – Outsourcing and third-party risk management.

Chapter 2 of this CP which deals with operational incident reporting, is relevant to all:

• UK banks, building societies, PRA-designated investment firms and branches of overseas banks (‘banks’); and
• UK Solvency II firms, the Society of Lloyd’s and its managing agents (‘insurers’).

Chapter 3 of this CP which deals with outsourcing and third-party reporting, is relevant to all PRA-regulated firms.

Banks and insurers are collectively referred to as ‘firms’ in this CP.

The CP is structured into the following chapters:

• Chapter 2 – sets out proposals relating to the operational incident reporting.
• Chapter 3 – sets out proposals relating to outsourcing and third-party reporting.

The proposed implementation date for the proposals in the CP is no earlier than the second half of 2026.

This consultation closes on 14 March 2025.

On 19 December 2024, the Financial Conduct Authority (FCA) published a consultation paper CP24/30 on new product information framework for Consumer Composite Investments (CCI).

Consumers often find current product information documents confusing or overwhelming. The FCA wants to make significant changes to the rules for the way product information is presented. The proposals aim to move from an overly prescriptive disclosure regime to a more flexible, simpler approach. The new regime looks to prioritise good consumer outcomes through empowering consumers to make effective, timely and properly informed decisions, and enables firms to tailor their communications to meet consumers’ needs.

Through the CCI regime, The FCA wants consumers to:

• Be presented with information that is accurate, understandable, and broadly comparable.
• Engage with product information and use it in their decision-making process.
• Be able to compare investments more effectively, and more easily find the best product for their needs.

The regime will apply to any firm that manufactures or distributes a CCI to retail investors in the UK. Under the proposed rules, a CCI is an investment where the returns are dependent on the performance of, or changes in, the value of indirect investments. This includes funds, structured products, insurance-based investment products, contracts for difference and other complex investments like derivatives.

The FCA wants to make significant changes to the requirements for the way product information is presented. The FCA wants to move away from the rigidly templated format of PRIIPs and the UCITS Key Investor Information Document (KIID), which does not allow firms to adapt communications as necessary to meet the information needs of retail investors. The FCA wants the regime to be simpler and more flexible.

The current PRIIPs and UCITS disclosures do not effectively help decision-making as they do not consistently engage consumers. This is partly due to the document’s prescriptive format, which the FCA believes fails to capture attention at critical decision points. Consumers who are not engaged with information are more likely to be influenced by behavioural biases. 69% of clients in a survey conducted on behalf of the German Banking Industry Committee did not read the PRIIPs Key Information Document (KID).

Where consumers do engage, the PRIIPs KID can in some cases present inappropriate information due to the prescriptive methodologies not working well across all situations. The FCA has previously made targeted amendments to address these issues, but more action is needed.

This consultation will be of interest to:

• Consumers and consumer organisations.
• Those who manufacture Packaged Retail and Insurance-based Investment Products (PRIIPs), Undertakings for Collective Investment in Transferable Securities (UCITS) (including overseas funds), non-UCITS retail schemes (NURS), or non-PRIIP packaged products (excluding pensions products), including:
  - issuers or underwriters of securities that are or may be classed as PRIIPs (including businesses that do not require Part 4A authorisation under FSMA 2000)
  - fund managers, including overseas fund managers
  - issuers of structured products and derivatives.
• Those who advise on or sell PRIIPs, UCITS, NURS, or non-PRIIP packaged products, including:
  - wealth managers, financial advisers and stockbrokers
  - discretionary investment management firms
  - life insurance companies
  - firms providing services in relation to insurance-based investments
  - firms operating retail investment platforms.
• Industry bodies that represent or provide professional services to these groups.

The consultation closes on 20 March 2025.

On 17 December 2024, the UK Government published Task Force on Climate-related Financial Disclosure (TCFD)-aligned disclosure application guidance.

Climate change is a significant crisis facing the global community, and one the UK will need to continue to confront head-on amid the greater chance of warmer, wetter winters and hotter, dryer summers, plus more variable rainfall and more severe storms. Sea levels are rising by approximately 4 millimetres per year around the UK coastline, increasing the risk to buildings and infrastructure close to the shoreline. Extreme weather – flooding, storms, heatwaves – already cause significant disruption in the UK every year, so everyone should not underestimate the challenges that a more extreme climate will have on our lives, the economy and our environment.

This section provides an overview of the Task Force on Climate-related Financial Disclosures recommendations and explains how public sector bodies should use this guidance, as well as why TCFD-aligned disclosure is being pursued in UK public sector annual reports and accounts.

This guidance should be read in conjunction with the TCFD’s Guidance: Implementing the Recommendations of the Task Force on Climate-related Financial Disclosures. Reporting entities should familiarise themselves with the TCFD recommendations and the relevant supporting guidance.

Necessary interpretations and adaptations for applying the TCFD framework in a public sector context have been addressed in the subsequent sections. These have been explained in Annex A. In addition, Figure A.5 (in Annex A) sets out the TCFD framework’s structure and recommended disclosures.

Where an entity is subject to legislation or regulation relating to climate-related disclosures or similar, they must follow the related requirements in full. This can be summarised as follows:

• Publicly quoted companies, large private companies, and Limited Liability Partnerships (LLPs) should check the mandatory climate-related financial disclosure and UK Sustainability Reporting Standards (UK SRSs)[6] (expected 2025).
• Premium-listed and standard-listed companies should check the Financial Conduct Authority (FCA) Listing Rules.
• FCA-regulated companies should check the FCA Climate-related Disclosure Rules[7]. Relevant types of entities include:
  - Asset managers.
  - Life insurers, including pure insurers.
  - Non-insurer pension providers, including platform firms and Self-Invested Personal Pension (SIPP) operators.
  - FCA-regulated pension providers.

On 13 December 2024, the Financial Conduct Authority (FCA) published a portfolio letter on custody and fund services supervision strategy.

The FCA writes to update on the FCA’s supervision strategy for firms in the custody and fund services sector. This strategy reflects developments in the wider financial markets as well as the external risk environment since the FCA sent the FCA's previous letter in March 2022.

Firms in this sector continue to play pivotal roles in safeguarding, administering, and providing oversight of assets under custody (AuC) totalling c.£14.6 trillion. The effective delivery of these services to high standards remains critical to maintaining confidence and participation in UK financial markets.

The FCA's strategy acknowledges the positive and key role that the custody and fund services industry plays in maintaining trust and credibility in the UK financial services system. In contrast to some other financial service businesses that look to take risks in both stable and volatile markets, firms in this sector generally aim to provide safety and stability, and to ensure the smooth flow of services and information irrespective of market conditions.

At the same time, the FCA recognises the potential negative impact to market stability where sector firms’ standards fall, as they perform activities that underpin important business services and can both amplify risks or have a direct impact on consumers and markets where service levels fall or are disrupted. The significant operations outsourced to custody and fund services providers could cause issues across the value chain if these risks are not managed well.

The FCA has observed trends with risk implications for the sector. These include firms’ significant and increasing roles as outsourced service providers to the UK financial services sector; a heightened external cyber threat environment; changes in transactional standards and structures (such as settlement cycles); modernisation of market infrastructure; rapidly-evolving technological innovations (including digital assets and distributed ledger technology (DLT)); and firms’ readiness to cope with market transformations (including growth of private markets). There is a clear need for sector firms to be prepared for these trends and changing conditions and be responsive to client needs.

This letter seeks to provide clarity on the FCA's current supervisory focus. It sets out the FCA's views on the key risks of harm that firms in the sector must manage in order for financial markets to work well. Shifts in regulation, technology and business environment may require adjustments to the FCA's supervisory strategy and the FCA will update custody and fund services firms as needed where these are material.

The FCA asks custody and fund services firms to consider the key risks of harm below and adopt strategies for mitigating them where relevant. In the FCA's future supervisory engagements with custody and fund services firms , the FCA will consider whether the governing bodies and Senior Managers with accountabilities have taken appropriate actions in response.

At the individual firm level, the responsibility for identifying, assessing and addressing the actual and potential risks of harm remains with the firm, in particular the executives accountable under the Senior Managers Regime as well as the management committees with delegated responsibilities. The FCA expects those to be overseen by an appropriate governing body and governance structure.

The supervisory priorities are as follows:

• Operational resilience.
  
  Sector firms provide critical infrastructure and services to the financial markets and have high levels of operational risk. The FCA continues to see weaknesses in the sector particularly due to operational frictions in transaction processing, settlement, delivery of outsourced services, and end-of-life technology or aged infrastructure assets.
  
  The FCA's supervisory engagements will focus on monitoring in-scope3 firms’ compliance with, and embeddedness of, rules and guidance on building operational resilience as set out in Policy Statement PS21/3.
  
  Under those requirements, in-scope firms must have performed mapping and testing by 31 March 2025 to provide assurance they are able to remain within impact tolerances (ITOLs) for each important business service in severe but plausible scenarios. These firms must also have made the necessary investments and any operational changes to enable them to operate consistently within ITOLs.
  
  The FCA expects to see strong ownership of operational resilience by the governing bodies or equivalent management body. Firms' governing bodies should review and approve annual operational resilience self-assessments as required under PS21/3. The FCA would expect governing bodies to seek relevant technical expertise where prudent to assure themselves of self-assessments' adequacy. The FCA will be looking for evidence of prompt deployment of incident management plans; prioritisation of important business services to reduce operational and client impact; detailed mapping of third-, fourth- and Nth-party relationships for understanding exposure; and processes for clear communication with the regulator where required.

• Cyber resilience.
  
  Firms’ sub-optimal cyber resilience and security measures continue to create risks in this sector, particularly in view of the public alerts issued by the UK National Cyber Security Centre (NCSC) and the CBEST thematic report the FCA published jointly with the Bank of England and the PRA in 2023 that sets out the FCA's observations from the tests carried out in this sector.
  
  The FCA continues to focus on cyber resilience, including on how effectively firms manage critical vulnerabilities, threat detection, business recovery, stakeholder communication and remediation efforts to build resilience.
  
  Firms should remain vigilant on the external cyber threat realities; evaluate the challenges holistically; and focus resources on strengthening their operational and cyber defence environment. Firms should make effective use of threat intelligence-led penetration testing at regular intervals as a diagnostic tool to help ensure a robust environment.
• Third-party management.
  
  The FCA considers the residual risk in respect of sector firms’ third-party management to remain high, noting the extent and frequency of various operational incidents involving third parties. Recent IT events are illustrative of the magnitude and speed at which third-party incidents can arise and the far-reaching impact they can have.
  
  The likelihood of service degradation or failure increases when there is inadequate oversight and mapping of third-, fourth- and Nth-party providers for important business services. The FCA also observes deficiencies in actionable exit strategies and contingency arrangements, such as the identification of alternative providers of key services and the practical capability to stand these up at sufficient pace to avoid harm.
  
  The FCA will assess firms’ third-, fourth- and Nth-party oversight, including key material supplier relationships and management. The FCA will review the understanding of the level of outsourcing; key vulnerability considerations; concentration risk; exit and contingency preparations; “fourth-party” visibility; and the level of bilateral co- operation on testing and change management with key stakeholders (including clients and suppliers).
  
  The FCA expects firms to have effective processes to identify, manage, monitor and report third-party risks, and to perform an assessment on, and mapping of, third-party providers. The FCA will ask custody and fund services firms about the controls to avoid over-reliance and to identify areas where it is important to build the own core resilience.
• Change management.
  
  Technological transformation is affecting this sector and ultimately influencing client and consumer outcomes along the value chain. Firms are updating obsolete technology, increasing utilisation of automation and considering use cases for artificial intelligence (AI). These firms are having to balance the changes against other demands such as digital assets innovation and DLT, regulatory developments (such as settlement cycle changes) and market changes (notably growth of private markets).
  
  Poor change management practices could result in firms failing to adequately address critical and changing operational demands. The FCA is concerned that, where firms are unable to cope with these challenges, there is potential for operational and other issues to adversely affect consumers and market integrity.
  
  The FCA will seek to assess the change management frameworks in a selection of firms. This will include looking at the overall approach and methodology, including testing to understand how client and consumer outcomes have been considered as a critical aspect of the change management framework.
  
  The FCA's  Implementing Technology Change multi-firm review highlighted key areas (such as good governance, resource sufficiency and effective risk management) that contribute towards successful change management. The FCA suggests that custody and fund services firms consider these best practices appropriately in the framework. The FCA also encourages custody and fund services firms to seek early dialogue with us in the planning phases of any major firm initiatives or strategy change that may have significant impact on the business model(s), operations (especially the important business services) and/or the broader market.
• Market integrity.
  
  The size, scale and complexity of sanctions imposed by the UK Government and international partners in response to significant geopolitical events in recent years have increased the risk of firms’ sanctions systems and controls failing to comply adequately with the evolving requirements.
  
  The FCA's supervisory engagements will review the effectiveness of select firms’ systems and controls, governance processes and resource sufficiency in connection with sanctions regime compliance. Where material deficiencies are discovered, the FCA will use appropriate regulatory tools to drive effective and sustainable remediation and step-change for achieving better market integrity outcomes.
  
  The FCA expects firms to have effective governance and oversight, skills and resources, screening capabilities, Customer Due Diligence (CDD) and Know Your Customer (KYC) procedures and regulatory breach reporting mechanisms. Custody and fund services firms should ensure that the firm has proper risk procedures and internal control mechanisms to detect, prevent and deter financial crime.
• Depositary oversight.
  
  Depositaries play a critical role in overseeing the activities of authorised fund managers as well as alternative investment fund managers (collectively, AFMs), safekeeping of fund assets and cashflow monitoring. In discharging their duties, depositaries are expected to act independently, honestly, fairly, professionally and solely in the interest of the relevant fund and its investors.
  
  As the FCA set out in the FCA's discussion paper DP23/2, the FCA will look for opportunities to clarify the FCA's rules and expectations of depositaries.
  
  The FCA expects depositaries to act more proactively in the interests of fund investors. They should be providing effective independent oversight of AFMs’ operations and funds’ adherence to FCA rules on investment and borrowing powers, liquidity, valuation, pricing and dealing. They are expected to have processes in place to ensure they receive the information needed to perform their duties.
• Protection of Client Assets (CASS).
  
  The FCA has observed weaknesses in books and records, change management and dependency on legacy or end-of-life IT infrastructure and high levels of manual processing and controls. The FCA believes these challenges in CASS compliance have root causes in poor governance and oversight, under-investment in systems and failure to fully consider CASS impacts when managing change. The FCA highlighted these risks in the FCA's 2022 portfolio letter and continue to identify residual challenges in these areas for firms.
  
  The FCA will continue to use a range of supervisory tools, from proactive engagements with firms to CASS assessments, to identify weaknesses. For the worst cases, the FCA will use the FCA's formal intervention powers
  
  The FCA expects firms to review their practices and take action on the issues identified. As technological change in this sector remains significant, the FCA continue to expect firms to have considered and be appropriately prepared for developments such as the increasing use of distributed ledger technology and the future financial services regime for cryptoassets as set out in the FCA's discussion paper DP23/4.
  
  Custody and fund services firms should take all necessary actions to ensure the relevant FCA requirements and expectations are met and reinforce accountabilities with the Senior Managers for the risks set out above. Custody and fund services firms can expect us to exercise appropriate supervisory scrutiny on these matters (including asking for supporting evidence on the actions, success measurements and outcomes) during the FCA's future supervisory engagements.

On 11 December 2024, the Financial Conduct Authority (FCA) published Consumer Duty Board Reports: good practice and areas for improvement.

The Consumer Duty sets high and clear standards of protection for retail customers across financial services. The Duty came into force on 31 July 2023, and on 31 July 2024 for closed products and services.

To support effective embedding and implementation of the Duty, firms have asked the FCA to more regularly publish thematic best practice and areas for improvement. This report is being published so that everyone can learn and improve.

This report sets out the results of a targeted and thematic review that the FCA carried out on the first annual Consumer Duty board reports from 180 firms. Under the Duty, a firm must prepare a report for its governing body setting out the results of its monitoring of consumer outcomes and any actions required as a result of the monitoring.

The FCA recognises that every firm’s Board report will be different. The examples of good and poor practice below are not intended to be prescriptive in terms of what board reports must contain – they are being shared to enable firms to decide for themselves how to improve the board oversight and board reporting processes in the next year of embedding the Consumer Duty.

This report does not repeat the detailed standards expected under the Duty – albeit where appropriate the FCA has referenced existing rules and Guidance documents for ease of reference.

Five key aspects of good reports are as follows:

• Clear outcomes focus.
  
  Dedicated sections focussed on each of the 4 outcomes, detailing what good outcomes looked like for customers holding their products.
• Good quality data.
  
  Commentary on good outcomes supported by good quality Management Information (MI) that backed up the firm’s conclusions.
• Analysis of different customer types.
  
  Consideration of different groups of customers, including those with characteristics of vulnerability.
• Clear processes for production of the report.
  
  Processes in place for producing reports for firms’ governing bodies to review and approve within the necessary timeframe.
• A focus on culture throughout the firm.
  
  Commentary emphasising firms’ commitment to effectively implementing the Duty and the role of a positive culture in delivering good outcomes.  

Five Areas for Improvement are as follows:

• Better data quality.
  
  Some firms did not have sufficient data quality to justify conclusions or to give governing bodies adequate assurance that firms are meeting their obligations under the Duty. Some also did not accompany their MI with adequate explanations to clearly illustrate it constitutes evidence of good outcomes for customers.
• Comprehensive view across distribution chains.
  
  Some reports did not contain evidence that an appropriate amount and types of information have been shared between the firm and third parties across the distribution chain.
• Analysis of different customer types.
  
  Some firms did not evidence that adequate consideration had been given to outcomes for different groups of customers, including those with characteristics of vulnerability.
• Challenge from the board.
  
  It was not always evident that there had been effective challenge from firms’ governing bodies on the content of the reports, for example, through the minutes of board meetings.
• Taking effective action.
  
  Some action plans and improvements were not accompanied by further details such as timescales, action owners, and clarity on the data that would be used to evidence good outcomes.

The FCA wants all smaller firms to feel confident in delivering the Duty. The Consumer Duty rules and guidance should be interpreted in light of what is reasonable in the circumstances, taking into account the size, activities and available resources of a firm.

The FCA found areas of good practice from firms of all sizes, including those with fewer than 10 employees. As such, much of the good practice and areas for improvement cited here applies to firms of all sizes. All firms should be able to monitor customer outcomes, take actions and implement a business strategy that aligns with the Duty to ensure those outcomes are good.

However, the FCA knows that smaller firms have different challenges. The FCA has set out suggestions for how smaller firms might meet the requirements below and are open to considering more targeted work where that would be beneficial. The FCA will continue to engage with the Smaller Business Practitioner Panel and other smaller firm stakeholders.

The FCA reviewed reports from 180 firms  from across the retail banking, wholesale, insurance, payments, consumer investments and consumer finance sectors. The sample included a range of small, medium and large firms with a range of business models, to help the FCA understand their differing approaches. This included larger firms with dedicated supervisory support, as well as 55 smaller firms (some of which have less than 10 employees) to provide the FCA with insights into the particular challenges faced by smaller firms.

As well as the reports themselves, the FCA requested any supplementary information provided to the board (or equivalent governing body) to enable them to conduct their assessment, along with minutes where applicable.

Whilst the structure of a board report is for each firm to decide, the FCA wanted to find a consistent way of looking at the content in the reports. The FCA has examined the content of the reports based on the expectations laid out in the rules and guidance, rating them in the following areas: governance and oversight, culture and people, products and services, price and value, consumer understanding, consumer support, vulnerability, third parties (where applicable), data strategies, closed products and services (where applicable), action plan, and a rating for the overall assessment.

This broad sample has enabled the FCA to draw out a wide range of good and poor practices that should be useful to all firms, regardless of sector and size, in producing their future reports.  The FCA has, however, drawn out points that are specific to smaller firms where relevant.

On 23 December 2024, the Financial Action Task Force (FATF) published a follow-up report on Monaco.

In light of the progress made by Monaco since its Mutual Evaluation was adopted in December 2022, the country has been re-rated on 15 Recommendations as follows:

• Recommendations 4, 8, 23, 24, 25, 26, 27, 28, 31, 34, 35 and 37 are re-rated from Partially Compliant to Largely Compliant.
• Recommendations 6, 7 and 12 are re-rated from Partially Compliant to Compliant.

7 recommendations are rated Compliant, 32 rated Largely Compliant and 1 recommendation is rated Partially Compliant.

Monaco will remain in enhanced follow-up and will continue to report back to MONEYVAL on progress to strengthen its implementation of AML/CFT measures. Monaco is expected to report back within three years' time.