Senior Managers / Governance

What Changed

Effective January 1, 2023, amendments to FINRA Rule 1240 mandate annual completion of both Regulatory Element and Firm Element for all registered persons, per CE Council recommendations.[https://www.finra.org/rules-guidance/notices/information-notice-20250814] Launched July 1, 2024, the Financial Learning Experience (FLEX) serves as an optional centralized catalog for Firm Element e-learning courses to support written training plans.[https://www.finra.org/rules-guidance/notices/information-notic

What You Need To Do

• Registered persons
• Verify FinPro access/recovery; contact FINRA Testing and Continuing Education Department for questions

Key Dates

References

• [1] stcusa.com
• [2] nasaa.org
• [3] finra.org
• [4] questce.com
• [5] finra.org
• [6] finra.org

What Changed

Inflation-adjusted monetary thresholds for consumer detriment: Detriment exceeding £210 million is more likely deemed "significant," while below £45 million is unlikely to meet the threshold unless qualitative factors (e.g., consumer vulnerability, widespread impact) apply. These replace 2013 levels and will be reviewed periodically. No other substantive changes from the 2013 policy; refinements emphasize internal "lessons learned" reviews for non-statutory cases to avoid resource duplication in

What You Need To Do

• Monitor for triggering events
• Enhance internal reviews
• No direct firm obligations
• Document qualitative factors (e

Key Dates

References

• [1] fca.org.uk
• [2] fca.org.uk
• [3] jdsupra.com
• [4] finreg.aoshearman.com
• [5] slaughterandmay.com
• [6] taylorwessing.com
• [7] lexisnexis.co.uk

What Changed

COCON amendments: Expands scope to non-banks for work-related serious NFM involving financial services personnel; provides flowcharts, examples, and factors (e.g., seriousness, pattern, dishonesty, violence) to assess breaches consistently; clarifies only "serious" NFM qualifies, aligned with Equality Act concepts, and excludes trivial/private matters. FIT sourcebook updates: Integrates NFM into fit and proper tests for employees/senior personnel; firms assess case-by-case without investigating

What You Need To Do

• Review and update policies/handbooks to incorporate COCON/FIT guidance on NFM assessment, including flowcharts and factors for breaches/fitness
• Train HR, compliance, and managers on applying rules consistently, emphasizing seriousness thresholds, case-by-case judgement, and alignment with employment law/privacy
• Enhance regulatory reference processes to disclose past NFM; ensure reporting of serious breaches to FCA
• Assess current NFM handling for gaps (e
• Firms not to investigate trivial/improbable allegations or overstep privacy laws

Key Dates

References

• [1] fca.org.uk
• [2] traverssmith.com
• [3] regulationtomorrow.com
• [4] osborneclarke.com
• [5] sidley.com
• [6] employmentlawworldview.com
• [7] simmons-simmons.com
• [8] globalfinregblog.com

What Changed

The circular consolidates and updates governance rules, focusing on: Management bodies: Responsibilities, composition, qualifications, organization, and functioning, including CSSF authorization of members based on professional experience, standing (e.g., police records), and irreproachable conduct. Internal control functions: Responsibilities, characteristics, organization, and execution of work for compliance officers and internal auditors, with notifications to CSSF including detailed persona

What You Need To Do

• Gap analysis
• Updates and notifications
• Implementation
• Documentation

Key Dates

References

• [1] cssf.lu
• [2] cssf.lu
• [3] cssf.lu
• [4] cssf.lu
• [5] financialcrime.lu
• [6] elvingerhoss.lu

What Changed

Consolidation and repeal: Replaces outdated circulars with unified requirements under the amended Law of 10 November 2009 on payment services, covering central administration (decision-making must be in Luxembourg), management body responsibilities, internal control functions (compliance, risk management, internal audit as independent second/third lines), conflicts of interest management, new product approval processes, and client funds safeguarding (e.g., segregation, daily/weekly reconciliatio

What You Need To Do

• Assess and update governance frameworks
• Confirm control functions
• Implement operational safeguards
• Document proportionality
• Retain records and report

Key Dates

References

• [1] financialcrime.lu
• [2] cssf.lu
• [3] cssf.lu
• [4] elvingerhoss.lu
• [5] cssf.lu
• [6] cssf.lu

What Changed

Institutions must establish proportionate strategies, policies, processes, and systems for ESG risk management, covering short-, medium-, and long-term horizons, including transition and physical environmental risks. Develop plans per Article 76(2) CRD with specific timelines, intermediate quantifiable targets, and milestones to address ESG financial risks, consistent with EU objectives (e.g., 55% GHG reduction by 2030, climate neutrality by 2050). Incorporate ESG into internal governance, risk

What You Need To Do

• Map and integrate ESG risks into governance, risk management frameworks, and business strategies, proportionate to scale/risk exposure
• Develop and document ESG risk management plans with quantifiable targets, milestones, timelines, and scenario analyses (broad requirements now; detailed later)
• Conduct assessments of ESG risks in portfolios, including sustainability products, transition finance, and loan origination policies, for SREP submission
• Embed in internal processes per Articles 74, 76, 87a CRD: identify/measure ESG risks (minimum standards), monitor over time horizons, and report to CSSF
• Review and update existing policies/systems for compliance by applicable dates; prepare for CSSF supervisory evaluation of plan robustness

Key Dates

References

• [1] cssf.lu
• [2] cssf.lu
• [3] cssf.lu
• [4] cssf.lu
• [5] cssf.lu
• [6] reporting4066.rssing.com
• [7] cms.law
• [8] lsfi.lu

What Changed

*Credit Risk Framework** Implementation of restrictions on Internal Ratings-Based (IRB) approach scope, effective 1 January 2027, with firms required to reclassify certain exposures (e.g., slotting approach IPRE exposures) as High-Volatility Commercial Real Estate (HVCRE) where applicable. Minor clarifications and amendments to the Standardised Approach and credit risk mitigation techniques. *Operational Risk** Updated Business Indicator Component (BIC) calculation methodology requiring inclusi

What You Need To Do

• *Immediate (by mid-2026)
• *Conduct impact assessment
• *Review IRB permissions
• *Assess FRTB-IMA readiness
• *Arrange board-level assurance

Key Dates

References

• [1] bankofengland.co.uk
• [2] bankofengland.co.uk
• [3] grantthornton.co.uk
• [4] tlt.com
• [5] regulationtomorrow.com
• [6] rics.org
• [7] finreg.aoshearman.com
• [8] afme.eu

What Changed

The PRA has introduced new rules for the calculation of risk-weighted assets, including changes to the credit risk standardised approach, market risk framework, and operational risk requirements. The rules also include amendments to the definitions of probability of default, loss given default, and conversion factor.

What You Need To Do

• Review and update credit risk policies and procedures to ensure compliance with the new standardised approach
• Assess the impact of the new market risk framework on trading book positions and capital requirements
• Update operational risk management frameworks to reflect changes to the Business Indicator and subcomponents

Key Dates

Related Regulations

What Changed

Revised Consumer Protection Code: Introduces new Standards for Business, building on the Code reviewed with industry input; focuses on delivering good outcomes for consumers and the economy. Individual Accountability Framework (IAF): Implemented 18 months prior (circa mid-2024); enhances clarity on responsibilities, supports governance, and aligns with outcomes-focused regulation rather than enforcement-heavy approaches. Supervisory Approach Evolution: Shifting in 2025-2026 to risk-based, outcom

What You Need To Do

• Implement Revised Consumer Protection Code
• Adopt Outcomes-Focused Practices
• Engage with CBI
• Leverage Technology

Key Dates

References

• [1] centralbank.ie
• [2] charteredaccountants.ie
• [3] compliance.ie
• [4] centralbank.ie
• [5] compliance.ie
• [6] centralbank.ie
• [7] practiceguides.chambers.com
• [8] centralbank.ie

What Changed

This announcement reflects structural reforms rather than new substantive regulations: Replacement of Regional Directors with Deputy Directors, centralizing reporting from local offices (e.g., Boston, Fort Worth, Atlanta) and specialized units directly to headquarters-led Deputy Directors. Enhanced supervision of enforcement decisions, aiming for consistency and reduced regional variations in handling investigations. Complements parallel Wells process reforms under Chairman Paul Atkins, includin

What You Need To Do

• Review and update internal protocols for SEC investigations to align with centralized reporting structures, anticipating uniform standards across regions
• Train legal/compliance staff on refined Wells process (e
• Monitor upcoming SEC communications for Enforcement Director Judge Margaret Ryan's guidance on fraud-focused priorities
• Assess current or potential matters for earlier engagement with Deputy Directors on case theories and resolutions

Key Dates

References

• [1] jdsupra.com
• [2] dlapiper.com
• [3] mwe.com
• [4] corpgov.law.harvard.edu
• [5] foley.com
• [6] skadden.com
• [7] sec.gov
• [8] capx.cooley.com

What Changed

This is not a regulatory change but rather an enforcement action clarifying existing obligations: Mandatory Annual Questionnaire Requirement: All CSSF-supervised professionals must submit an annual questionnaire on financial crime covering the preceding calendar year. Cooperation Obligation: Article 5(1) of the amended Law of 12 November 2004 on AML/CFT imposes a non-negotiable duty to cooperate with CSSF supervisory requests. Enforcement Escalation: The CSSF will issue reminders before imposin

What You Need To Do

• regulated entities must
• *Identify Reporting Obligations
• *Calendar Management
• *Documentation
• *Escalation Protocol

Key Dates

References

• [1] cssf.lu
• [2] cssf.lu
• [3] cssf.lu
• [4] opensanctions.org
• [5] cliffordchance.com
• [6] elvingerhoss.lu
• [7] imf.org

What Changed

This is an enforcement action, not a regulatory change; it enforces existing requirements under Article 51(1) (1st and 7th indents) and Article 51(2) (1st sub-paragraph, 3rd indent) of the amended Law of 12 July 2013 on AIFMs (AIFM Law), and related provisions like Article 92(1) of Commission Delegated Regulation (EU) No 231/2013 (CDR 231/2013). Key breaches include: failure to properly assess risks tied to AIFs' strategies and AIFMs' organization for oversight processes; lack of processes to ve

What You Need To Do

• related entities) must
• Conduct immediate gap analyses on risk assessment processes for AIF strategies and AIFM organization per Article 92(1) CDR 231/2013
• Implement robust verification processes for AIFM compliance with asset delegation rules
• Ensure availability of key documentation and evidence of controls for the depositary function, addressing pre-2022 gaps if applicable
• Develop and test oversight processes, leveraging self-identified improvements and action plans as mitigating factors, as JTC did prior to inspection

Key Dates

References

• [1] cssf.lu
• [2] cssf.lu
• [3] cssf.lu
• [4] cssf.lu
• [5] media.permira.com

What Changed

This is an enforcement action, not a new regulation, but it reinforces existing AMF requirements under the French Monetary and Financial Code for asset managers to maintain operational procedures. Key breaches highlighted include: Imprecise investment allocation processes lacking traceability, rendering systems non-operational. Failure to fulfill conflict of interest identification, prevention, and management obligations. Deficient AML/CFT systems with inadequate due diligence on fund assets/lia

What You Need To Do

• Conduct immediate gap analysis of investment processes for operationality, traceability, and precision in allocation rules
• Enhance AML/CFT systems
• Review conflict of interest frameworks for identification, prevention, and management; document controls rigorously
• Senior managers
• Audit marketing materials, fee retrocessions, and valuation procedures (e

Key Dates

References

• [1] amf-france.org
• [2] amf-france.org
• [3] amf-france.org
• [4] amf-france.org
• [5] amf-france.org
• [6] solutions-atlantic.com
• [7] amf-france.org
• [8] amf-france.org

What Changed

Revised LFR Structure: Comprises four parts in a single digital document: (1) yearly SAQ completed by investment firms; (2) descriptive elements verified by approved statutory auditors (REAs); (3) AML/CFT report with risk assessments, declarations on audits, and data on incomplete fund transfers; (4) REA's independent assessment of ML/FT risks and organizational aspects. Digital Format: Completion and submission via CSSF's online portal, supporting CSSF 4.0 digital strategy for efficient process

What You Need To Do

• Investment Firms
• REAs/Auditors

Key Dates

References

• [1] cssf.lu
• [2] bakermckenzie.com
• [3] cssf.lu
• [4] cssf.lu
• [5] cssf.lu
• [6] cssf.lu
• [7] cliffordchance.com
• [8] ogier.com

What Changed

Updates to Descriptive Report and Self-Assessment Questionnaire: Refines content, format, and submission requirements for support PFS's annual submissions, emphasizing more detailed disclosures on operations, risks, and controls (building on CSSF 24/850). Auditor Engagement Rules: Introduces specific practical guidelines for approved statutory auditors, including mandatory scope of work, independence confirmations, and standardized procedures for reviewing support PFS reports. Management Letter

What You Need To Do

• *Review and Update Processes
• *Engage/Confirm Auditors
• *Implement Templates and Testing
• *Training and Governance
• *Submit on Time

Key Dates

What Changed

Standardized Reporting Templates: Introduces detailed formats and content requirements for the annual descriptive report and self-assessment questionnaire, covering governance, risk management, internal controls, and operational metrics specific to support PFS activities (e.g., IT services, administrative support, custody). Auditor Engagement Rules: Mandates approved statutory auditors to perform specific procedures, issue a management letter highlighting control weaknesses, and prepare a separa

What You Need To Do

• Annual Reporting Cycle
• February to review submissions, test controls, and issue management letter (flagging deficiencies) plus separate compliance report
• Governance Updates
• Auditor Coordination
• Record-Keeping

Key Dates

What Changed

This is an enforcement action, not a regulatory change; it reinforces existing obligations under French UCITS rules (transposing UCITS Directive V) for depositaries. Key upheld objections include: Failure to perform sufficient checks on the asset management company's (AMC) systems for monitoring UCITS investment ratios and valuing unlisted securities. Inadequate verification of investment decision legality, such as compliance with prospectus limits on debt security ratings, derivative types, and

What You Need To Do

• Conduct gap analysis
• Enhance oversight processes
• Training and audits
• Monitor appeals

Key Dates

References

• [1] amf-france.org
• [2] finascope.fr
• [3] amf-france.org
• [4] amf-france.org
• [5] amf-france.org
• [6] amf-france.org
• [7] opalesque.com
• [8] amf-france.org

What Changed

This is an enforcement decision, not a new regulation, but it reinforces existing requirements under AMF professional obligations for asset managers (sociétés de gestion), including: Fully operational investment and divestment procedures that ensure traceability of compliance checks against fund policies and constraints. Formalized due diligence prior to allocating investment projects to funds. No explicit changes to rules; instead, it clarifies enforcement expectations for procedure completenes

What You Need To Do

• Review and enhance investment/divestment procedures: Ensure completeness, traceability of all compliance checks (e
• Document all processes rigorously
• Conduct gap analysis against AMF expectations
• Senior manager training
• Appeal monitoring

Key Dates

References

• [1] amf-france.org
• [2] amf-france.org
• [3] amf-france.org
• [4] amf-france.org
• [5] amf-france.org
• [6] amf-france.org
• [7] amf-france.org
• [8] amf-france.org

What Changed

Authorisation Requirements: Prior CSSF authorisation is mandatory for appointment as UCI administrator, via full application under sectoral laws or a simplified administrative procedure; application must include details per Annex A, with ongoing updates for substantial changes. Scope of UCI Administration: Defines three core functions—registrar, NAV calculation/accounting, and client communication—requiring only one designated service provider per function per UCI (or compartment); UCI/IFM may p

What You Need To Do

• Submit authorisation application to CSSF with Annex A information before commencing UCI administration; notify substantial changes and keep file updated
• Establish/implement governance, controls, escalation processes, resource adequacy, ICT/business continuity per circular; ensure single provider per function
• For delegations
• Conclude written contracts with UCI/IFM; submit annual UCIA activity reports

References

• [1] cssf.lu
• [2] lexnow.lu
• [3] cssf.lu
• [4] stibbe.com
• [5] cssf.lu
• [6] cssf.lu
• [7] ey.com
• [8] simmons-simmons.com

What Changed

No new rules or requirements are introduced; this is a supervisory strategy update highlighting FCA's full range of tools beyond enforcement. Key emphases include: Prioritizing supervision for quick fixes, such as multi-firm reviews, good/poor practice guidance, and skilled person reviews (s.166) under FSMA. Integration of Consumer Duty (Principle 12) as a core principle for assessing and remedying poor outcomes, e.g., unclear policy renewals or inadequate support. Examples from insurance (e.g.,

What You Need To Do

• Embed proactive monitoring
• Respond swiftly to FCA contact
• Improve practices market-wide
• Evidence compliance
• Facilitate redress

Key Dates

References

• [1] cms.law
• [2] fca.org.uk
• [3] thepfs.org
• [4] fca.org.uk
• [5] tlt.com
• [6] cliffordchance.com
• [7] complianceconcourse.willkie.com
• [8] youtube.com

What Changed

This is not a regulatory change or new requirement but an enforcement precedent reinforcing existing obligations under the 1994 Regulations for insurers to maintain adequate technical reserves reflecting true liabilities. It highlights CBI's focus on senior executive accountability for deliberate policy circumvention, such as undocumented processes overriding claims handlers' estimates, which inflated reported profits and understated liabilities. No new rules were introduced; instead, it applies

What You Need To Do

• Review senior management oversight of claims handling; document all approvals and prohibit informal (e
• Enhance governance training for executives on personal liability under ASP, including simulations of reserving decisions and policyholder risk scenarios
• Assess historical exposures for under-reserving; remediate if needed, and prepare for potential CBI inquiries (noting 10+ year investigation timelines)
• Update conduct and culture frameworks to align with CBI expectations for CEOs to drive compliance, as per Deputy Governor Colm Kincaid's comments

Key Dates

References

• [1] centralbank.ie
• [2] irishexaminer.com
• [3] lawsociety.ie
• [4] insurancetimes.co.uk
• [5] centralbank.ie
• [6] irishtimes.com
• [7] centralbank.ie
• [8] centralbank.ie

What Changed

Full deletion of SS20/15: Removes all expectations on treasury and lending activities, including the "Treasury Approaches" framework, without replacement. Consequential amendments: Updates SS31/15 (Internal Capital Adequacy Assessment Process and Supervisory Review and Evaluation Process) to excise references to SS20/15. Alignment with broader policy: Addresses inconsistencies with PRA's approach for banks, improved sector risk management maturity, and proportionality for smaller firms; supports

What You Need To Do

• Review and update policies
• Assess risk management
• Update governance documents
• Engage supervisors
• Monitor related reforms

References

• [1] addleshawgoddard.com
• [2] regulationtomorrow.com
• [3] bankofengland.co.uk
• [4] pwc.co.uk
• [5] regulationtomorrow.com
• [6] bankofengland.co.uk
• [7] bankofengland.co.uk
• [8] fca.org.uk

What Changed

The main changes in SS5/25 from SS3/19 and CP10/25 responses include: Proportionate application clarification: New 'Overarching aims' section in Chapter 3 explains how firms should tailor expectations to their climate risk exposure, business size, and complexity via a two-step process (assess materiality, then respond). Governance strengthening: Boards and senior management must actively oversee climate risks, embedding them in strategy and ensuring accountability. Risk management enhancements:

What You Need To Do

• Conduct gap analysis against SS5/25 within 6 months and remediate (e
• Integrate climate risks into board oversight, strategy, risk registers, ICAAP/ILAAP (banks), ORSA/stress testing (insurers), and financial reporting
• Perform CSA exercises commensurate with exposures, using suitable scenarios to inform decisions; enhance data quality and disclosures
• Document proportionate application (two-step process: materiality assessment, risk response); leverage existing structures where robust
• Ensure senior accountability and alignment with standards like SS1/21

Key Dates

References

• [1] regulationtomorrow.com
• [2] bankofengland.co.uk
• [3] pwc.co.uk
• [4] kpmg.com
• [5] managementsolutions.com
• [6] forvismazars.com
• [7] katalysys.com
• [8] grantthornton.co.uk

What Changed

Replaces SS3/19 entirely: Introduces a more mature, consolidated framework reflecting international standards (e.g., BCBS), with detailed transmission channels for climate risks across credit, market, liquidity, insurance, and operational categories. Governance enhancements: Emphasizes board accountability, integration into business strategy, climate risk appetite statements, and linkage to Senior Managers & Certification Regime (SM&CR) without new Senior Management Functions (SMFs); promotes ch

What You Need To Do

• Conduct materiality assessment of climate risks to scope proportionality (leverage TCFD/CSRD work)
• Embed climate risks in governance
• Integrate into risk frameworks
• Perform climate scenario analysis
• Enhance data

Key Dates

References

• [1] bankofengland.co.uk
• [2] forvismazars.com
• [3] kpmg.com
• [4] pwc.co.uk
• [5] grantthornton.co.uk
• [6] bankofengland.co.uk
• [7] mapimpact.io
• [8] fathom.global

What Changed

This is not a formal rule change but supervisory guidance via roundtable insights reinforcing SS1/23 principles (effective since 2023). Key emphases include: Risk appetite: Boards must articulate AI/ML-specific model risk appetite pre-deployment to avoid exceeding tolerances, given higher uncertainty from opacity. Model inventories and tiering: Address inaccurate/incomplete inventories and aggregate risks from deploying similar AI/ML across portfolios/jurisdictions; challenge tiering for complex

What You Need To Do

• Review and strengthen board-level model risk appetite statements to explicitly cover AI/ML opacity and uncertainty; integrate into governance triggers like re-validation
• Enhance model inventories for completeness, aggregate risk assessment, and cross-jurisdictional tiering challenges
• Update model development policies to evaluate AI/ML trade-offs (e
• Revise ongoing monitoring policies for more frequent, quantitative checks on AI/ML (e
• Participate in PRA initiatives like MRM roundtables or AI Consortium for dialogue; align first/second-line defenses per SS1/23

Key Dates

References

• [1] bankofengland.co.uk
• [2] bankofengland.co.uk
• [3] validmind.com
• [4] articsledge.com
• [5] finextra.com
• [6] marcusevans.com
• [7] cdao-fall.coriniumintelligence.com
• [8] garp.org

What Changed

New fee structures: Introduction of a periodic fee block for PISCES operators based on regulated income (baseline £2,200 annual fee, variable above £500,000 threshold); extension of fee-block A.13 to include "targeted support" activities (Category 2 variation fee for existing firms, Category 4 for new entrants); registration fees for Deferred Payment Credit (DPC/buy-now-pay-later) activities aligned with Temporary Permissions Regime, added to FOS consumer credit fee-block but excluded from FSCS.

What You Need To Do

• Review current fee/levy exposure and model impacts of new blocks (e
• Assess invoice processes if paying £50,000+ in FCA/PRA fees; prepare for aligned due dates
• Submit consultation responses by deadlines, focusing on targeted support by 9 January 2026
• Budget for potential fee increases; monitor Spring 2026 fee-rates CP
• For applicants

Key Dates

References

• [1] fca.org.uk
• [2] jdsupra.com
• [3] regulationtomorrow.com
• [4] bankofengland.co.uk
• [5] finreg.aoshearman.com
• [6] policymogul.com
• [7] lexisnexis.co.uk
• [8] bankofengland.co.uk

What Changed

This announcement itself introduces no new regulatory changes or requirements; it is a personnel update. However, it occurs amid broader Enforcement Division restructuring, including: Consolidation from one Deputy Director to four (three regional: Northeast, Southeast, West; one for specialized units), reducing reporting lines for a more unified nationwide enforcement program. Rescission in March 2025 of delegated authority for the Enforcement Director to issue formal orders of investigation, no

What You Need To Do

• Review ongoing Northeast Regional Office investigations for potential leadership changes and engage early with new deputies on cooperation opportunities
• Enhance internal self-reporting and remediation protocols to align with Enforcement's stated rewards for cooperation and robust Wells processes
• Update compliance training on restructured reporting lines and Commission-authorized formal orders, ensuring defenses stick to established securities laws rather than novel theories
• Monitor SEC staff directory for replacement announcements, such as potential roles for Samuel Waldon or others in the Northeast

Key Dates

References

• [1] mcguirewoods.com
• [2] sec.gov
• [3] dechert.com
• [4] corpgov.law.harvard.edu
• [5] skadden.com
• [6] perkinscoie.com
• [7] morganlewis.com
• [8] clearygottlieb.com

What Changed

This is an enforcement action, not a regulatory change, but it clarifies and strengthens application of existing AMF rules for conseillers en investissements financiers (CIFs) under French regulations: Mandatory compliant documentation (e.g., investment proposals). Obligation to act honestly, fairly, and professionally in clients' best interests, including systems to prevent managers exploiting positions for undocumented investments. AML/CFT compliance, including prohibitions on directors receiv

What You Need To Do

• Audit documentation
• Strengthen governance
• Enhance AML/CFT
• Improve inspection readiness
• Senior manager reviews

Key Dates

References

• [1] amf-france.org
• [2] amf-france.org
• [3] steel-eye.com
• [4] amf-france.org
• [5] amf-france.org
• [6] amf-france.org
• [7] amf-france.org
• [8] amf-france.org

What Changed

CSSF 21/765: Updated provisions following amendments to CSSF Regulation No 12-02, refining notification and operational requirements for branches and FOPS. CSSF 22/827: Further amendments to align with CRD and MiFID II changes, including enhanced notifications for programme alterations (e.g., one-month prior written notice for changes in operations, services, or activities). CSSF 25/898: Latest update (noted in CSSF Newsletter No 298, November 2025), incorporating recent legal/regulatory develop

What You Need To Do

• Notifications
• Supervision cooperation

Key Dates

References

• [1] bakermckenzie.com
• [2] cssf.lu
• [3] cssf.lu
• [4] cssf.lu
• [5] cssf.lu
• [6] cms.law
• [7] loyensloeff.com
• [8] caceis.com

What Changed

The supervisory statement establishes several core regulatory expectations: *ICAAP Requirements** Firms must assess on an ongoing basis whether they hold sufficient capital to cover all material risks, including interest rate risk in the banking book (IRRBB), market risk, operational risk, concentration risk, group risk, pension obligation risk, and foreign currency lending to unhedged retail and SME borrowers Firms must implement stress testing and scenario analysis as integral components of c

What You Need To Do

• *Immediate Compliance Actions
• *Establish ICAAP Framework
• *Risk Identification and Assessment
• *Stress Testing and Scenario Analysis
• Results of stress tests carried out in accordance with CRR requirements for firms using IRB approaches or internal models

Key Dates

References

• [1] prarulebook.co.uk
• [2] scribd.com
• [3] bankofengland.co.uk
• [4] bankofengland.co.uk
• [5] bankofengland.co.uk
• [6] cadwalader.com
• [7] regulationtomorrow.com
• [8] lexisnexis.co.uk

What Changed

MRT Identification: Simplified quantitative threshold to the top 0.3% of earners (assessed against risk impact); qualitative criteria unchanged; raised proportionality threshold for disapplying rules from £44,000 variable pay to £660,000 total pay (with variable pay ≤33% of total); reintroduced exemption for MRTs serving <3 months. Deferral Periods: 4-year minimum for non-SMF MRTs (previously varied); reduced to 5 years for SMFs (from 7 years); aligns with FCA and international practice. Deferra

What You Need To Do

• Review and update MRT identification processes, applying simplified top 0
• Revise remuneration policies for deferral (4/5 years, marginal rates), upfront cash flexibility, and instrument expectations; update bonus award calculations
• Embed SMR-linked adjustments
• For dual-regulated firms
• Optional early adoption for specified changes on 2025/unvested awards; document governance for RemCo approvals and board policies

Key Dates

References

• [1] bankofengland.co.uk
• [2] dacbeachcroft.com
• [3] bankofengland.co.uk
• [4] insights.issgovernance.com
• [5] regulationtomorrow.com
• [6] jdsupra.com
• [7] globalfinregblog.com
• [8] finreg.aoshearman.com

What Changed

Restatement of requirements: Provisions from MiFID Org Reg Articles on outsourcing, record-keeping, control procedures, risk management, compliance, internal audit, and governance are transferred verbatim or with minor clarifications into PRA Rulebook parts (e.g., Risk Control). Supervisory function adjustment: Following consultation feedback, PRA retained Article 25 provisions but substituted "governing body" for "supervisory function" to fit UK firm structures, preserving board-level oversight

What You Need To Do

• Review and map existing MiFID Org Reg compliance processes against restated PRA Rulebook provisions (e
• Confirm governing body oversight aligns with adapted Article 25 requirements; document any adjustments for UK structures
• Update internal references in algorithmic trading governance documents to new rule 2
• Conduct gap analysis and training on minor clarifications; prepare for dual FCA/PRA alignment if applicable
• Monitor HMT commencement order; if delayed, reassess implementation plans

Key Dates

References

• [1] fca.org.uk
• [2] bankofengland.co.uk
• [3] natlawreview.com
• [4] regulationtomorrow.com
• [5] bankofengland.co.uk
• [6] lexisnexis.co.uk
• [7] slaughterandmay.com

What Changed

This is an enforcement action rather than new legislation, but it reinforces and clarifies existing professional obligations under AMF regulations for asset managers (sociétés de gestion), particularly under the AIFM regime. Key expectations highlighted include: Operational investment/divestment procedures: Must be fully implemented, with traceability of checks on lender authorizations and compliance with fund policies. AML/CFT due diligence: Systematic verification required on fund assets and l

What You Need To Do

• Audit procedures immediately
• Enhance AML/CFT systems
• Validate marketing and fees
• Senior manager training
• Mock AMF inspections

Key Dates

References

• [1] amf-france.org
• [2] amf-france.org
• [3] amf-france.org
• [4] amf-france.org
• [5] amf-france.org
• [6] amf-france.org
• [7] amf-france.org
• [8] navacelle.law

What Changed

This is an enforcement decision, not a regulatory change introducing new rules; it enforces existing professional obligations under AMF jurisdiction for asset managers. Key requirements reaffirmed include: Providing comprehensive, accurate, and understandable information to investors on fee retrocessions to distributors in AIF marketing. Implementing effective systems for preventing and managing conflicts of interest, particularly in joint investments like club deals classified as Other AIFs. Ma

What You Need To Do

• Verify investor disclosures on fee retrocessions are comprehensive and understandable; update marketing materials for AIFs and club deals accordingly
• Formalize independent valuer roles and implement monitoring for external experts per activity programs
• Enhance AML/CFT due diligence on fund assets/liabilities, including risk mapping and procedure testing
• Senior managers
• Test procedures via internal audits; remediate deficiencies proactively to mitigate enforcement risk

Key Dates

References

• [1] amf-france.org
• [2] amf-france.org
• [3] amf-france.org
• [4] amf-france.org
• [5] amf-france.org
• [6] amf-france.org
• [7] solutions-atlantic.com
• [8] amf-france.org

What Changed

Institutions must develop, implement, and maintain up-to-date policies, procedures, and controls for identifying, investigating, and applying restrictive measures without delay, including risk management for violations and circumvention. Management body responsibilities expanded: approve sanctions compliance strategy, oversee implementation, conduct at least annual assessments of exposure and controls, ensure remedial actions, and report deficiencies. Screening and monitoring requirements: Maint

What You Need To Do

• Conduct annual exposure assessments to sanctions risks and circumvention; update policies accordingly
• Appoint senior management/board-level responsibility for approving and overseeing sanctions strategy, including annual reviews and deficiency reporting
• Implement reliable screening systems for customers, transactions, and lists; define screenable datasets; test systems regularly for effectiveness (e
• Provide documented training to relevant staff on sanctions, institutional exposure, and internal processes
• Establish processes for immediate action on matches: suspend transfers, freeze assets, report to Ministry of Finance/CSSF/FIU without delay; maintain whitelists only under strict conditions

References

• [1] cssf.lu
• [2] cssf.lu
• [3] stradalex.lu
• [4] cliffordchance.com
• [5] cssf.lu
• [6] elvingerhoss.lu
• [7] mondaq.com
• [8] forbes.lu

What Changed

The draft RTS propose harmonized methodologies for AML/CFT supervision, including: Risk Assessment of Obliged Entities (Article 40(2) AMLD6): A three-step process with indicators for inherent risk (customers, products/services, geography, distribution channels), control effectiveness (governance, policies, procedures, group supervision), and residual risk; annual reviews and ad-hoc reassessments; standardized scoring for consistent EU supervision. Risk Assessment for Direct Supervision (Article

What You Need To Do

• Participate in EBA consultation
• Conduct compliance gap analysis
• Enhance systems
• Prepare for AMLA supervision
• Ongoing monitoring

Key Dates

References

• [1] grantthornton.ie
• [2] moodys.com
• [3] amf-france.org
• [4] amlwatcher.com
• [5] finreg.aoshearman.com
• [6] eba.europa.eu
• [7] regulationtomorrow.com
• [8] paulhastings.com

What Changed

This is not a regulatory change but an enforcement decision applying existing obligations under the Market Abuse Regulation (MAR), specifically: Article 17 MAR: Requirement to disclose inside information as soon as possible (breached by Pharnext's delays from 10 April 2019 and non-disclosure from 28 October 2020). Article 12(1)(c) MAR: Prohibition on disseminating false or misleading information that could affect market prices, via press releases and shareholder letters overstating FDA progress.

What You Need To Do

• Review inside information policies
• Audit communications
• Director training
• Monitor appeals
• wide actions mandated beyond general MAR compliance, but proactive gap analysis recommended

Key Dates

References

• [1] amf-france.org
• [2] grcreport.com
• [3] amf-france.org
• [4] finascope.fr
• [5] navacelle.law
• [6] acams.org
• [7] amf-france.org

What Changed

This is an enforcement decision, not a regulatory change introducing new rules. It reinforces existing AMF requirements under professional obligations, including: Implementation of operational procedures for investment/divestment processes, such as verifying lender authorizations. Systematic anti-money laundering (AML) and counter-terrorism financing (CTF) due diligence on fund assets and liabilities. Justification of retrocessions (rebates) to distributors, proving enhanced client service quali

What You Need To Do

• Conduct gap analysis of operational procedures for investments/divestments, ensuring lender authorization checks (reference AMF Position-Recommendation DOC-2020-05 on portfolio management)
• Review AML/CTF due diligence frameworks for fund assets/liabilities, aligning with AMF Regulation 2016-01
• Audit retrocession practices to distributors, documenting service quality enhancements (per AMF doctrine on inducements)
• Update marketing materials and advisory processes for compliance with honesty/fairness standards
• Enhance senior manager attestations and training on personal liability under CMF L

Key Dates

References

• [1] amf-france.org
• [2] amf-france.org
• [3] amf-france.org
• [4] amf-france.org
• [5] amf-france.org
• [6] amf-france.org
• [7] amf-france.org
• [8] amf-france.org

What Changed

This is an enforcement action, not a new regulation, but it reinforces existing AMF requirements under French Monetary and Financial Code for asset managers: Operational procedures: Investment allocation processes must be precise, traceable, and fully operational; failure to verify compliance (e.g., loan authorizations) breaches honesty, fairness, and diligence standards. Scope of services: Asset managers acting as tied agents cannot provide unauthorized services like placing financial instrumen

What You Need To Do

• Conduct gap analysis
• Enhance AML/CFT
• Strengthen governance
• Audit marketing/distribution
• Senior manager certification

Key Dates