Regulatory Updates Newsletter : November 2025
- Staff Correspondent
- 4 hours ago
- 8 min read
Welcome to the November 2025 edition of our regulatory newsletter, featuring landmark reforms in financial supervision and prudential policy worldwide. This month, regulators worldwide continued to sharpen rules on digital innovation, AI risk, and financial stability.
This month’s highlights: The Bank of England (BoE) kicked off a consultation on sterling stablecoin oversight, while Singapore’s MAS set out draft AI governance standards. The U.S. Federal Reserve unveiled new supervisory principles focused on material risks, and the ECB identified its top supervisory priorities through 2028. Additional developments included FinCEN updates on AML jurisdiction lists and the EBA’s analysis of the EU AI Act’s impact on banking. Firms and risk teams should review these changes to stay ahead of evolving compliance and supervision expectations.
Dive in for official updates and actionable insights from leading jurisdictions.
Bank of England Proposes Regulatory Regime for Systemic Stablecoins
The BoE published a consultation paper outlining a new regime for UK “systemic” stablecoins, designed to protect financial stability as the use of digital money grows. Key proposals allow systemic issuers to back their coins with up to 60% in short-term UK government debt, with the remaining 40% held as unremunerated reserves at the BoE. (Issuers classified as systemic at launch may initially hold up to 95% in government debt to ensure viability as they scale.)
The BoE will explore central bank liquidity backstops for these issuers in stress scenarios. To guard against a sudden run into stablecoins, the BoE also proposes temporary holding limits on coin balances - £20,000 per individual and £10 million per firm - until banks and markets adapt. (These limits would not apply to stablecoins used in approved wholesale or settlement sandboxes.) Non‐systemic stablecoins (e.g., most crypto payment coins today) would remain under FCA oversight.
Implications:
Stablecoin issuers will need to comply with stricter backing and liquidity rules, adjusting asset investments and operations for BoE oversight.
Banks and payment firms should update risk models and systems for potential fund flows from deposits to stablecoins, and for accessing central-bank liquidity facilities.
Compliance teams must monitor the consultation and prepare for new KYC/AML and reporting rules under joint Bank-FCA supervision.
Treasury and industry coordination on legal implementation and joint guidance will be critical (BoE and FCA will issue a joint framework next year).
MAS Proposes AI Risk Management Guidelines for Financial Institutions
In mid-November, MAS released a consultation paper proposing a set of Guidelines on AI Risk Management for banks, insurers, and other financial firms. The draft guidelines articulate expectations for governance, oversight, and lifecycle controls of AI systems used in finance. Covered topics include board and senior management accountability for AI, risk assessment and control frameworks for AI projects, policies on data integrity and explainability, and ongoing monitoring of AI performance.
Importantly, MAS explicitly covers emerging technologies like generative AI and “AI agents” under these rules. The consultation notes that firms should align AI use with MAS’s principles on fairness, explainability, and robustness. Industry feedback is invited through early 2026.
Implications:
Financial institutions must inventory all AI use cases and establish robust governance (including audit trails, performance tests, and human oversight) in line with MAS expectations.
Risk and compliance teams should prepare to incorporate new model risk and data quality controls and to document AI “sign-off” processes for senior management review.
The technology and audit functions need to upgrade the model validation and algorithmic monitoring tools for AI/ML systems, especially for high-impact applications (e.g., credit scoring).
Broader sectors, the guidelines signal MAS’s intent to harmonize with global AI regulatory trends; institutions operating in multiple markets should watch for similar rules abroad.
Federal Reserve Outlines New Supervisory Operating Principles
On November 18, the Fed Board announced a new Statement of Supervisory Operating Principles to refocus bank examinations. The memo - distributed to all Fed supervisory staff - directs examiners to concentrate on “material financial risks” to bank safety and soundness, and to act quickly on significant deficiencies. Among the key principles are aligning exam scope with critical risks, eliminating duplicate examinations, and speeding up issue resolution. The guidance urges supervisors to use streamlined processes and enhanced training so examiners can assess risk more efficiently. The Board indicated that these principles will be incorporated into future public guidance or regulations as needed.
Implications:
Large banking organizations should expect exams to become more targeted, with fewer overlapping reviews and more emphasis on capital, liquidity, and credit risk models.
Compliance and risk managers need to ensure key risk factors (e.g. concentration risk, model assumptions) are well-documented and remediated promptly, as supervisors will be looking for “material” issues.
Audit and assurance teams may be called on to provide supporting evidence more quickly, since examiners are instructed to accelerate follow-up on identified problems.
Industry observers- The change suggests the Fed is aiming for more efficient supervision; banks should revise internal audit plans to match a tighter, risk-focused exam cycle.
ECB Sets Banking Supervision Priorities for 2026-2028
The ECB’s banking supervision arm announced its strategic priorities for 2026-2028 in a Nov 18 report. The top priority is resilience to macroeconomic shocks and geopolitical risks. This includes maintaining strong credit underwriting standards, adequate capital buffers (notably implementing the final Basel III reforms, CRR3), and proactive management of climate- and nature-related financial risks (transition and physical risks from climate change). The second priority is operational resilience and ICT risk. Banks are expected to bolster their operational risk frameworks, remediate any data-reporting or governance weaknesses, and invest in reliable IT systems and continuity planning.
In summary, ECB supervisors will focus on ensuring banks remain well-capitalized and liquid, and can withstand financial and non-financial shocks.
Implications:
Banks must continue strengthening capital and loss absorption capacity, including compliance with finalized CRR3 rules. Risk teams should embed climate/nature risk considerations into credit and market risk models.
IT and operations firms need to address shortcomings in risk data aggregation, incident response, and cybersecurity. The ECB explicitly expects “reliable systems” and quicker fixes for ICT vulnerabilities.
Supervisors will incorporate these priorities into the annual review process (SREP) and stress tests, so banks should align their internal stress scenarios and risk-appetite statements accordingly.
Global coordination- these objectives mirror international supervisory concerns (cyber, climate, geopolitical); non-EU banks with EU branches should take note.
FinCEN Highlights FATF Jurisdiction Updates for AML Compliance
On November 21, the U.S. Treasury’s FinCEN notified firms of the latest FATF (Global AML standard‐setting body) list revisions. At its recent plenary, the FATF removed Burkina Faso, Mozambique, Nigeria, and South Africa from its “increased monitoring” list (the “grey list”) as of Oct 24, 2025.
The FATF’s high-risk “call for action” list remains unchanged - Iran, North Korea and Myanmar (Burma) are still flagged for enhanced due diligence and countermeasures. FinCEN reminded U.S. banks that these decisions affect correspondent banking and due diligence practices. In particular, jurisdictions that were dropped from monitoring may ease certain reporting burdens, whereas the listed high-risk countries still require robust screening and vigilance for suspicious activity.
Implications:
AML/CFT compliance- Financial institutions should update their country risk assessments and FATF-screening lists (e.g., Correspondent Account rule checks) based on the November 2025 changes.
Enhanced due diligence: Banks must continue to apply additional controls for transactions involving Iran, DPRK, and Burma, as per FATF’s calls for action. The renewed emphasis on Iran in particular means firms should reinforce any counter-proliferation and sanctions screening.
Risk policies- The shift in monitored jurisdictions could lead to recalibration of risk ratings and compliance resources; for example, less frequent reporting or monitoring for Burkina Faso, etc., though overall AML programs remain stringent.
International coordination- Institutions operating globally should note that FATF’s decisions will influence other countries’ regulations and reviews of cross-border banking activities.
EBA Publishes AI Act Factsheet for EU Banking Sector
On November 21, the EBA published a factsheet mapping the new EU AI Act against existing banking and payment regulations. The analysis confirms that many high-risk AI uses in finance (notably credit scoring and creditworthiness models) are already regulated under the EU’s Capital Requirements and DORA frameworks. The factsheet notes that credit-scoring AI is explicitly classified as “high-risk” under the AI Act, which triggers additional safeguards on data and explainability. Crucially, the EBA found “no immediate need” to introduce new banking-specific guidelines, as the AI Act obligations are largely aligned or complementary to current financial regulations.
Going forward, EBA will focus on supervisory cooperation to ensure both the AI Act and financial rules are implemented consistently across firms.
Implications:
Banks and FinTechs- EU firms using AI for loan decisions should ensure compliance with both sets of rules- e.g., credit risk models must meet CRD/CRR requirements and now also AI Act standards (risk management, transparency).
Governance- Firms will need to document how they comply with dual requirements (financial supervision and AI Act) and be ready to demonstrate this to supervisors. The EBA’s guidance suggests no new regulatory burdens at this time, but firms should watch for future joint guidelines.
Innovation vs. compliance- The EBA’s view that existing rules cover most risks means banks can rely on known frameworks (e.g., internal model validation) while incorporating AI Act mandates (like human oversight and quality management).
Supervisory approach: Supervisors across the EU may coordinate to test AI controls (especially for credit AI) under the new Act, so institutions should prepare for questions on both financial and AI governance.
Summary of Other Notable Updates
Jurisdiction | Regulator | Update | Source |
UK | Financial Conduct Authority (FCA) | FCA proposes streamlining transaction reporting- FCA proposals aim to reduce MiFID transaction reporting burdens: foreign-exchange derivatives would be removed from reporting requirements, millions of low-use securities would be delisted, and the error-correction window would be shortened from 5 to 3 years. These changes aim to deliver £100m in annual industry cost savings while preserving market oversight. | |
Australia | APRA finalizes minor prudential framework updates- On Nov 21, APRA released final updates to prudential and reporting standards for banks, insurers, and super funds. The package includes revised CPS 001 (definitions), new GPS 410 (insurance transfers), and updated capital adequacy standards (HPS 115). These modest changes reflect refinements from public feedback and will take effect immediately. | ||
EU | European Central Bank (ECB) | ECB revises collateral haircut framework- The ECB completed a review of its collateral risk controls. It will update the haircut schedule for eligible assets to reflect credit quality and maturity better better. Notable changes include new granular haircuts for covered bonds and retained ABS, as well as refined haircuts for individual loans. The amendments will enter force by November 2026 to maintain risk coverage while ensuring collateral availability. | |
UK | Prudential Regulation Authority (PRA) | PRA raises deposit protection limit to £120,000- In its Nov 2025 Policy Statement, the PRA confirmed it will increase the Financial Services Compensation Scheme deposit guarantee from £85,000 to £120,000 (effective Dec 1, 2025). The limit on temporary high balances will rise from £1m to £1.4m. Firms must update customer disclosures and systems to reflect the higher coverage, intended to preserve depositor confidence. | |
UK | FinCEN | FinCEN names Sinaloa-cartel casinos as ML concern- FinCEN (Nov 13) issued a proposed rule under Section 311 of the PATRIOT Act, designating 10 Mexican casinos linked to the Sinaloa Cartel as a “primary money laundering concern.” Covered U.S. banks would be barred from correspondent accounts facilitating those casinos’ transactions. This action (coordinated with Mexico) aims to cut off illicit flows and underscores scrutiny of transactions connected to transnational crime. |
Stay informed with our regulatory updates and join us next month for the latest developments in risk management and compliance!
For any feedback or requests for coverage in future issues (e.g., additional countries or topics), please contact us at info@riskinfo.ai. We hope you found this newsletter insightful.
Best regards,
The RiskInfo.ai Team