Regulatory Updates Newsletter: February 2026

The Bank of England released a detailed summary of discussions held with banks, insurers and financial market participants regarding the adoption of AI and machine learning in financial services.

The roundtables explored practical implementation challenges, governance bottlenecks, model validation constraints, and systemic risk considerations. Participants broadly supported the UK’s principles-based regulatory framework, including the PRA’s model risk management expectations (SS1/23), but flagged several operational concerns:

• Traditional model validation techniques are not always suitable for generative AI or adaptive models.

• Second-line risk functions are slowing AI deployment due to uncertainty around control frameworks.

• Data privacy fragmentation across jurisdictions complicates cross-border AI implementation.

• Explainability requirements for complex models remain technically challenging.

  
  

The Bank noted that firms are increasingly embedding AI into critical functions such as trading algorithms, credit assessments, fraud detection, liquidity forecasting, and operational resilience tools.

Importantly, the BoE highlighted potential macro-financial risks, including concentration risk from reliance on a small number of AI vendors and the risk of correlated model behaviour across institutions.

The Bank signalled continued supervisory engagement but did not propose immediate rule changes, reinforcing its incremental and adaptive regulatory approach.

Implications

• Firms should expect supervisory deep-dives into AI governance frameworks during PRA reviews.

• Concentration risk and third-party AI dependencies may become a prudential focus area.

• Risk functions must develop new validation techniques suitable for probabilistic and generative models.

• Cross-border firms may need jurisdiction-specific AI documentation frameworks.

  
  

The BoE’s engagement signals that AI risk is transitioning from innovation dialogue to supervisory scrutiny.

UK Prudential Regulation Authority (PRA) launched Consultation Paper 2/26 with proposals to update the UK’s securitisation framework. 

Key measures include making due-diligence requirements less prescriptive, introducing a new combined risk-retention approach, and streamlining disclosure obligations. The PRA also proposes exempting simple single-loan securitisations from some complex rules and refining the definition of credit-granting, to encourage market liquidity. These changes aim to reduce compliance burden and align UK rules with market practice. 

Firms can submit feedback through 17 April, 2026. If approved, implementation is expected in mid-2027.

Implications

Should lower operational costs for banks using securitisations as a funding tool. Facilitates the revival of the UK securitisation market post-Brexit by easing overly burdensome rules. Banks and sponsors will need to reassess their securitisation structures and systems to take advantage of the proposed simplifications.

The Central Bank of the UAE (CBUAE) released a comprehensive Guidance Note addressing the responsible adoption and use of Artificial Intelligence in financial services, with a strong emphasis on consumer protection.

The guidance applies to all licensed financial institutions and establishes supervisory expectations across the full AI lifecycle - from procurement and development to deployment and post-implementation monitoring. Importantly, the CBUAE does not treat AI risk as purely technical; instead, it frames AI as a governance, conduct and accountability issue.

Key pillars of the guidance include:

• Board-level accountability for AI systems and clear allocation of responsibility

• Robust model validation, including bias detection and fairness assessments

• Transparency and explainability in AI-driven decision-making (especially in credit underwriting and pricing)

• Data governance and privacy compliance

• Ongoing monitoring and incident management mechanisms

• Human oversight safeguards for high-impact decisions

  
  

The CBUAE stresses that financial institutions must ensure AI systems do not produce discriminatory outcomes or undermine customer trust. Firms are expected to maintain documentation evidencing risk assessments, validation processes, and control testing.

This guidance positions the UAE among the more advanced jurisdictions in AI supervisory expectations and aligns broadly with emerging standards in the EU and Singapore.

Implications for Financial Institutions

• AI governance frameworks must now be formalised, documented, and board-approved.

• Firms using third-party AI vendors remain fully accountable for outcomes.

• Consumer-facing AI models (credit scoring, fraud detection, onboarding) will face heightened scrutiny.

• Internal audit and compliance functions must expand coverage to include AI risk assessment.

  
  

This is a foundational development and may serve as a template for regional regulatory convergence in the GCC.

PRA has published Consultation Paper 3/26 to incorporate the UK’s new Overseas Prudential Requirements Regime (OPRR) into its rulebook.

The OPRR, established by HM Treasury, is the framework for setting capital and liquidity requirements on non-UK banks and investment firms. The PRA’s amendments largely recast existing equivalence provisions (formerly in the CRR) into the new OPRR structure. In practice, this means UK rules for overseas firms will remain unchanged but defined under the OPRR titles. The consultation notes that these technical changes should have minimal impact on firms, as they formalize measures already in place.

The proposed rules would take effect from 1 January 2027, alongside the broader Basel 3.1 capital reforms.

Implications

Ensures continuity for foreign banks operating in the UK while completing the UK’s post-Brexit regulatory reorganization. Prevents unexpected capital effects for globally active banks, since existing thresholds and relaxations are preserved. Clarifies the UK’s equivalence treatments for cross-border banking under the new regime

On 25 February 2026, the European Banking Authority (EBA) and European Securities and Markets Authority (ESMA) launched a joint consultation on new guidelines and regulatory technical standards for assessing managers’ suitability under the Capital Requirements Directive (CRD). 

Key changes include requiring pre-approval by competent authorities for appointments to senior roles (expanding existing guidance), introducing formal suitability tests for certain key function holders (e.g., finance and IT heads), and embedding anti-money laundering checks into fit-and-proper assessments. The package also standardizes reporting (common templates, questions) to reduce firms’ paperwork. The aim is to harmonize practices across the EU and ensure that all senior finance firm officials meet consistent integrity, expertise and experience standards. 

The consultation runs through 25 May 2026.

Implications

Investment firms and banks should prepare for a more rigorous, EU-unified process when nominating board and management candidates. Comprehensive documentation (dossiers, CVs, AML clearances) will be needed for regulatory submission. The emphasis on AML in fit-and-proper checks reflects broader integration of financial crime controls into governance frameworks.

EBA announced it will become the central validator for pro forma internal models of initial margin for uncleared OTC derivatives (specifically the ISDA Standard Initial Margin Model, SIMM) across the EU. 

Under EMIR, large banks can use approved margin models, but until now each model had to be assessed by multiple EU regulators. The new process will have the EBA (in coordination with other European authorities) review the SIMM’s overall design, calibration, and coverage just once. All future material changes to the SIMM will also be evaluated centrally. This unified approach begins 1 March 2026 and aims to ensure consistent margin model validation, reducing duplication and model risk in the derivatives market.

Implications

Banks using the ISDA SIMM can anticipate a single EU-wide validation decision rather than multiple local reviews. This streamlines margining compliance and promotes uniform standards for collateral requirements. The move highlights the EBA’s expanding role in ensuring cross-border financial market consistency under EU regulations