Global Regulatory Pulse Q2 2026

Regulatory Updates

June 30, 2026

Global Regulatory Pulse – Q2 2026

The Q2 2026 Global Regulatory Pulse highlights accelerating regulatory momentum across major financial centers, with a shift toward more prescriptive frameworks and increased focus on digital assets. Hong Kong is strengthening cross-border controls and enforcement, while the EU advances liquidity, governance and operational resilience reforms. In the Middle East, regulators are enhancing AML and prudential standards. The UK continues progress on artificial intelligence (AI), crypto, and resilience frameworks, while the U.S. is undergoing a broader transition with evolving enforcement priorities and a more structured approach to digital asset regulation.

APAC

Cross-Border Relationships

In May 2026, the Hong Kong Securities and Futures Commission (SFC) issued a circular outlining expectations for enhanced due diligence during account opening and ongoing compliance with legal and regulatory requirements when dealing with cross-border counterparties.

The circular introduces stricter measures for licensed corporations, particularly in relation to investment accounts for mainland Chinese investors, signaling a more rigorous regulatory stance on cross-border fund activities.

Key Requirements:

  • Obtain written declarations confirming:
  • Lawful funding sources
  • Clean account-opening history
  • Monitor funding sources of client accounts
  • Strengthen controls for cross-border account opening and maintenance

Enforcement

The SFC continues to prioritize enforcement, with a strong emphasis on senior management accountability. Personal account dealing remains a consistent supervisory focus.

  • Impression Investment Limited: The firm was fined HKD 2 million; its former director, responsible officer and manager-in-charge have been banned for eight months after conducting personal trades that breached internal policies and the Fund Manager Code of Conduct.
  • Segantii Capital Management: A trial is underway against the firm, its chief investment officer and a former trader for alleged insider dealing involving material nonpublic information linked to a 2017 block trade.
  • Regulatory Impact: These cases have reinforced tighter SFC scrutiny over personal trading, block transactions and the handling of sensitive information, including through the introduction of the May 2024 Market Sounding Guidelines.

Circular on Tokenization of SFC-Authorized Investment Products

The SFC issued a circular on April 20, 2026, outlining requirements for the tokenization of SFC-authorized investment products, covering product structure, dealing, disclosure and prior consultation. The central principle is “same product, same risk, same regulation,” meaning tokenized products are subject to the same regulatory standards as traditional products, with no lighter treatment. Firms must comply with all applicable rules while addressing additional technology, operational and custody risks.

European Union

Liquidity Management Tools

New European Securities & Markets Authority (ESMA) guidelines on liquidity management tools (LMTs) for UCITS and open-ended AIFs went live April 16 for new UCITS and AIFs. Existing UCITS and AIFs have until April 16, 2027, to comply with the new requirements.

Key updates concern redemption gates and the treatment of transaction costs within anti-dilution tools (ADTs). The document provides detailed guidance on quantitative tools such as suspensions, notice-period extensions and redemptions in kind. It also provides ADT guidance, including swing pricing, dual pricing, redemption fees and anti-dilution levies.

Final Report by ESMA CSA on Fund Managers’ Compliance and Internal Audit Functions

ESMA has published the results of its 2025 Common Supervisory Action (CSA) on fund managers’ compliance and internal audit functions, carried out with the participation of all EU and EEA national supervisors.

Key findings include: 

  • Weaknesses in independence and resourcing 
  • Lack of depth in risk assessments and monitoring plans 
  • Poor documentation and governance evidence
  • Overreliance on group frameworks 

The report effectively signals a supervisory expectation for:

  • Stronger local ownership and challenge
  • More granular risk-based monitoring
  • Better-documented governance and remediation processes
  • Clearer independence from operational functions
  • Robust oversight of outsourced or group-provided control functions

The report is likely to drive more targeted supervisory reviews and remediation requests by supervisors in the near term. 

ESAs Annual Report on Major ICT-Related Incidents

The European Supervisory Authorities (ESAs) recently published their first annual report on major ICT-related incidents. This follows the introduction of DORA in January 2025. In total, 3,383 major incidents were reported during the period, with one-third of these having a cross-border impact. System failures and external events were the main drivers of incidents. The ESAs highlighted the need for robust third-party risk management and effective oversight of outsourced services in their report. 

ESMA Consultation on Revised Guidelines on Standardized Procedures and Messaging Protocols Under T+1

ESMA has issued a consultation on updated guidelines on standardized procedures and messaging protocols. This is part of ESMA’s preparation for the transition to a T+1 settlement cycle.

The updates are designed to make post-trade communication faster, clearer and more consistent across the EU, reflect the amendments proposed in ESMA’s Final Report on Amendments to the RTS on Settlement Discipline, and support firms in meeting tighter timelines related to the transition to T+1.

Middle East

AML/CFT Regulatory Developments—ADGM FSRA and CBUAE

1. ADGM FSRA Consultation Paper No. 1 of 2026 

The FSRA of ADGM has launched Consultation Paper No. 1 of 2026. The paper proposes targeted enhancements to FSRA’s AML framework, with a scope covering authorized persons, DNFBPs, recognized bodies and NPOs.

  • Regulatory Alignment: Updates aim to align the Financial Services and Markets Regulations 2015 and the AML Rulebook with UAE federal laws and FATF standards, while minimizing additional compliance burden.
  • Scope of Amendments: Proposed changes extend across the FSMR, AML Rulebook, General Rulebook, Glossary, and Guidance and Policies Manual.

2. CBUAE Updated AML/CFT/CPF Guidance

The Central Bank of the UAE has issued updated AML, CFT and CPF guidance aligned with FATF standards and the UAE National Strategy (2024–2027).

  • Core Guidance: Four regulatory documents addressing proliferation financing risks, trade-based money laundering and transshipment, correspondent banking, and customer due diligence and recordkeeping, supported by two best-practice manuals
  • Regulatory Objective: Strengthens compliance frameworks and enhance the ability of licensed financial institutions and Registered Hawala Providers to detect and prevent suspicious activity

DFSA Thematic Review:

1. Conflicts of Interest Across DIFC Firms

The Dubai Financial Services Authority (DFSA) conducted a thematic review of conflict-of-interest management across 710 DIFC firms, based on desk-based assessments and on-site visits. While some good practices were identified, most firms require stronger systems and controls.

  • Key Findings: The review found weaknesses in governance, conflict identification and reporting, recordkeeping, and staff training and awareness.
  • Regulatory Expectation: Firms must ensure conflict management frameworks are robust, well documented, and proportionate to their size and complexity.
  • Supervisory Focus: Firms are expected to remediate gaps and embed stronger conflict management practices as part of the DFSA’s broader effort to protect clients and maintain market integrity.

Global Regulatory Pulse Q2 2026

2. New DFSA Thematic Review: Continuing Professional Development for MLROs

The DFSA has published a thematic review on Continuing Professional Development (CPD) for MLROs at authorized firms in the DIFC, highlighting the importance of staying current with evolving financial crime risks, regulatory developments and industry best practices.

  • Key Findings: Practices are generally sound, but gaps remain in meeting CPD obligations and in the level of firm support provided to MLROs.
  • Regulatory Expectation: Firms and MLROs must strengthen compliance frameworks; enhance technical competence; and ensure structured, ongoing professional development.
  • Supervisory Focus: The review reinforces financial crime prevention as a core priority, with firms expected to address identified gaps and embed a culture of continuous learning.

Notice of Amendments to Legislation: May 2026

The DFSA has finalized amendments under CP 167 to align its framework with the Basel Core Principles, effective January 1, 2027. The changes strengthen governance, risk management and prudential standards across DIFC firms.

1. General Module (GEN—No. 437):

  • Firms must implement robust risk management systems covering credit, market, operational, liquidity, conduct, reputational, strategic and emerging risks (digitalization, climate).
  • Large firms require a dedicated risk function led by senior, independent staff.
  • A mandatory internal audit function must remain independent and report directly to the governing body.
  • Management information systems must provide accurate, timely data; large firms must enable risk aggregation and reporting.
  • Strong corporate governance and a defined risk culture are required, with governing bodies setting strategy and oversight.
2. Prudential Module (PIB—No. 438):
  • Risk appetite statements are mandatory for Category 1, 2 (non-Matched Principal) and 5 firms, covering emerging risks and requiring escalation procedures.
  • Capital rules allow IFRS 9 Stage 1 provisions up to 1.25% of RWA.
  • Enhanced credit risk management introduces new classifications and stricter provisioning (20% substandard, 50% doubtful, 100% loss).
  • Concentration limits: single counterparty ≤25% of Tier 1 capital with aggregate exposures ≤800%.
  • Requirements are expanded for operational risk, liquidity risk and stress testing, including climate-related risks.

These amendments materially raise supervisory expectations, reinforcing stronger governance, risk oversight and financial resilience across DFSA-regulated firms.

CBUAE AML/CFT/CPF Skilled Person Reviews—Kroll’s Role and Impact

The CBUAE launched an initiative in Q1 2026 to conduct AML, CFT and CPF Skilled Person reviews across all categories of Licensed Financial Institutions (LFIs), including banks, insurance companies, payment service providers, stored-value facility providers and exchange houses.

  • Regulatory Objective: The objective is to assess and strengthen the robustness of AML, CFT and CPF frameworks across LFIs and enhance the overall control environment of the UAE financial sector.
  • Kroll Involvement: Appointed as a qualified Skilled Person, Kroll conducted reviews for approximately 15 LFIs in H1 2026, delivering targeted and impactful recommendations to address control gaps.
  • Regulatory Engagement: Kroll maintains active engagement with the CBUAE throughout the process, with positive feedback received from both the regulator and the reviewed institutions.

Regulatory Pulse: CBUAE Remuneration Regulation (Circular No. 5/2026)

The Central Bank of the UAE (CBUAE) has issued a landmark Remuneration Regulation for Banks and Insurance Companies (Circular No. 5/2026), replacing the earlier principles-based framework under Article 12 of the Corporate Governance Regulation (2019).

Key Shifts

  • From Principles to Prescription: Detailed requirements across 18 articles, including explicit deferral thresholds (40% over three years for MRTs; 60% over five years for senior MRTs)
  • Expanded Scope: Coverage that now includes insurance and reinsurance companies, creating a unified financial sector standard
  • Risk Alignment: Mandatory share-based pay (≥50% for MRTs), hedging prohibitions, malus/clawback triggers, and conduct risk integration
  • Governance Intensity: Clear responsibilities for boards, remuneration committees, and risk committees, plus mandatory independent reviews every three years
  • New Provisions: Severance governance, Internal Shari’ah Supervision Committee (ISSC) remuneration rules, and enhanced regulatory reporting

International Benchmarking: The regulation closely aligns with EU CRD V/VI standards and goes beyond GCC peers (e.g., SAMA, CBB) in areas like ISSC governance and insurance sector inclusion.

Strategic Implications

  • Financial institutions must redesign compensation strategies within a 15-month compliance window.
  • MRT identification becomes a governance priority, overlapping with fitness and propriety rules.
  • Remuneration committees face expanded responsibilities and independence requirements.
  • Insurance companies, new to such frameworks, face steep compliance challenges.
  • Talent management will be affected by deferrals, share-based pay and clawbacks.
  • The 180-day gap analysis is both a compliance requirement and a strategic opportunity for transformation.

United Kingdom

Treasury Committee Report on AI and FCA Review of AI

In January 2026, the House of Commons Treasury Committee published its report on AI in financial services. The report examined the opportunities and risks posed by AI. It found that, although AI offers substantial benefits, it also poses serious risks to consumers and financial stability that are not adequately addressed under the current regulatory approach. The FCA in January 2026 announced the Mills Review, which will review the long-term impact of AI on retail financial services.

FCA’s New Cryptoasset Regime

The FCA announced its new regime for cryptoasset regulation, and firms can now apply for pre-application meetings. The meetings will take place beginning in July 2026, and the application window will open September 30, 2026. Cryptoasset firms will be brought into regulation and require authorization before carrying out activities in the UK. The regime will go live October 25, 2027. The FCA is currently consulting on rules, perimeter guidance and application of the Consumer Duty for the UK’s crypto regime.

FCA Regulatory Priorities Reports

In March 2026, the FCA published its Regulatory Priorities reports on wholesale buy side and wholesale markets. The wholesale buy side report highlighted the central role that buy side plays in the UK economy and the increasing impact of digitization on the market for investment products. Firms were required to submit an FCA return attesting that senior management had considered the FCA’s report and priorities.

FCA Final Rules for Operational Incidents and Third-Party Reporting

Following a previous consultation, the FCA, Prudential Regulation Authority and Bank of England have created single regulatory regimes for operational incident and third-party reporting. Operational incident reporting will apply to all firms with Part 4A permissions, and third-party reporting will apply to enhanced-scope Senior Managers and Certification Regime firms. The new rules will apply starting March 18, 2027.

BFSA Between UK and Switzerland

The Berne Financial Service Agreement (BFSA) between the UK and Switzerland went into effect on January 1, 2026. The agreement allows cross-border market access for financial services between the two countries and is based on mutual recognition of domestic laws and regulations. It covers financial sectors such as investment services, banking, financial infrastructure and insurance.

Financial Action Task Force Update

FATF added Kuwait and Papua New Guinea to the gray list of jurisdictions under increased monitoring in February 2026. The black list remains the same, although the statement on Iran has been updated. The gray list can be found here and the black list here.

Updates to JMLSG Guidance

Amendments to Part I of the Joint Money Laundering Steering Group (JMLSG) guidance on anti-money laundering and counter-terrorism financing were published in February and are currently awaiting approval from HM Treasury. The revisions primarily focus on Chapters 3 and 6 of the guidance, which pertain to requirements for MLROs, particularly in relation to cross-border oversight and data protection.

Treasury Call for Evidence

The Treasury published a Call for Evidence on the ownership and control test in UK financial sanctions regulation. The Treasury is seeking views on how UK financial sanctions regulations on ownership and control are applied in practice, how firms implement the regulations, and where they face challenges. Firms, representative bodies and other interested stakeholders are invited to respond.

Other Publications

In Q1 2026, the FCA and Treasury published several consultation papers and reports covering the following areas (list not exhaustive):

  • Consultations
  • FCA Reviews and Reports

United States

SEC

The SEC has experienced notable leadership and policy shifts in 2026, signaling potential changes in enforcement priorities and regulatory direction.

  • Leadership Changes: Enforcement Director Judge Margaret Ryan resigned in March after six months, with David Woodcock appointed in April. Woodcock has emphasized a “quality over quantity” enforcement approach, with continued focus on private fund advisers and oversight of volatile private credit markets. Commissioner Hester Peirce is also expected to depart in November 2026, which could leave the commission with only two members absent new appointments.
  • Policy Direction: The SEC has rescinded its long-standing restriction on settling parties that publicly deny allegations and has signaled potential reconsideration of Form PF and climate-related disclosure rules.
  • Other Updates: The SEC has increased the “qualified client” threshold for inflation, reflecting periodic regulatory adjustments to eligibility standards.

Overall, these developments point to a period of transition, with implications for enforcement strategy, regulatory priorities and market oversight.

Form PF Developments

Form PF remains a moving target, with the SEC shifting from expansion to recalibration.

  • 2024 Amendments: The SEC significantly expanded reporting, requiring more granular and standardized data on fund structures, exposures, liquidity and event-driven risks.
  • Recent Developments: The compliance deadline was extended to October 1, 2026, with April 2026 proposals to narrow scope, including raising reporting thresholds to $1 billion and streamlining or eliminating certain requirements.
  • Implication: After materially increasing reporting burdens, regulators are reassessing the framework, creating uncertainty around final requirements and compliance investment decisions.

CFTC

The CFTC has adopted an increasingly assertive approach to regulating prediction markets and event contracts, including platforms such as Kalshi and Polymarket, where users trade on binary outcomes of real-world events.

  • Regulatory Stance: The CFTC maintains that most event contracts qualify as swaps under Dodd-Frank and fall within its exclusive jurisdiction. In March 2026, it issued an advance notice of proposed rulemaking seeking input on a tailored regulatory framework for Swap Execution Facilities, derivatives clearing organizations and designated contract markets.
  • Jurisdictional Tension: The agency is litigating against several U.S. states that contend these products should instead be regulated under state gaming laws. Courts have issued mixed rulings, increasing legal uncertainty and raising the likelihood of escalation to the U.S. Supreme Court.
  • Supervisory and Enforcement Focus: Rapid growth in retail participation has heightened concerns around market manipulation and misuse of material nonpublic information. In April 2026, the CFTC and U.S. Department of Justice filed actions against a U.S. servicemember for allegedly using sensitive military information to trade event contracts.

Overall, the combination of regulatory expansion, legal challenges and enforcement activity underscores heightened scrutiny and ongoing uncertainty in this evolving market segment.

Crypto Update

The second quarter of 2026 marked a shift toward structural taxonomy and legislative momentum for the U.S. digital asset market, moving past purely enforcement-led oversight.

  • Coordinated Agency Token Classification and Legislative Framework: On March 17, 2026, the SEC and CFTC issued interpretive guidance establishing a five-category token taxonomy (digital commodities, digital collectibles, digital tools, digital securities, and stablecoins). Partially codifying this regulatory posture, the Senate Banking Committee voted 15–9 on May 14, 2026, to advance the Digital Asset Market CLARITY Act substitute text. The bill explicitly defines CFTC-regulated “network tokens” (digital commodities like BTC and ETH) versus SEC-regulated “ancillary assets,” and mandates initial and periodic disclosure for token issuers alongside a formal SEC certification process to prove non-security status.
    The CLARITY Act explicitly leaves digital securities under the SEC’s purview. Addressing this fact, SEC Chair Paul Atkins championed a highly anticipated “Innovation Exemption” framework under “Project Crypto” to create a regulatory sandbox allowing tokenized public stocks to trade 24/7 on platforms with lighter compliance structures. While pushback from traditional exchanges (including Nasdaq, NYSE, and Cboe) caused the SEC to abruptly delay its rollout, agency leadership maintains that it is refining the framework and still plans to deliver the exemption in the near future.
  • White House Executive Order on Fintech and Payments System Access: A new Executive Order directs U.S. regulators and the Federal Reserve to reassess barriers limiting digital asset firms’ access to payment systems and Fed accounts. It builds on the GENIUS Act to streamline integration of compliant stablecoins into the financial system.

FinCEN Proposes Overhaul of AML/CFT and Stablecoin Programs

FinCEN has issued a proposed rule shifting Bank Secrecy Act (BSA) programs from a “check-the-box” approach to an effectiveness-based standard, focusing on whether monitoring produces actionable intelligence. The proposal also allows firms, including digital asset platforms, to allocate resources more dynamically toward higher-risk areas.

Separately, FinCEN and OFAC introduced a joint “Stablecoin Rule” under the GENIUS Act, designating Permitted Payment Stablecoin Issuers as financial institutions under the BSA. This requires robust sanctions compliance programs, independent audits and the ability to block or freeze illicit transactions across primary and secondary markets.

Front-End Safe Harbors

U.S. regulators have introduced parallel safe harbors to distinguish technology infrastructure providers from regulated intermediaries.

  • CFTC Relief: Regulators issued No-Action Letter 26-09 to Phantom Technologies, confirming that self-custodial wallet developers are not required to register as introducing brokers or associated persons when offering interfaces that connect users to regulated derivatives markets.
  • SEC Position: The Division of Trading and Markets introduced a five-year “non-objection” safe harbor from broker-dealer registration for Covered User Interface Providers, subject to conditions.

These measures signal a clearer regulatory boundary, supporting innovation in front-end technology while maintaining oversight of core regulated activities.

Newsletter Subscription

Sign Up for Kroll's Global Regulatory Pulse Newsletter

From policy changes to enforcement actions, stay informed and prepared for the evolving regulatory landscape.

Stay Ahead with Kroll

Financial Services Compliance and Regulation

In the ever-evolving financial services landscape, Kroll's award-winning team offers comprehensive regulatory and compliance services, guiding clients through registration, licensing, and compliance support to minimize risks and enhance efficiency globally.

UK Financial Services Compliance and Regulation Solutions

The UK regulatory landscape is constantly evolving, with new Financial Conduct Authority (FCA) initiatives introduced and working practices regularly updated at a European level.

U.S. Financial Services Compliance and Regulation

Navigate the ever-changing U.S. financial regulatory environment with confidence. Kroll provides unparalleled expertise in SEC, FINRA, NFA and CFTC regulations, helping clients mitigate risks, maintain current compliance programs and confidently overcome regulatory challenges.

APAC Solutions

Our Asia Pacific team remains closely connected to regulators and industry associations, enabling us to provide our clients with up-to-date insights despite fast-moving and ever-evolving regulatory landscapes and industry trends.

Middle East Solutions

Kroll’s Financial Services Compliance and Regulation experts help clients build, manage and protect their businesses both in the United Arab Emirates and more broadly in the Middle East.

Compliance and Regulation

End-to-end governance, advisory and monitorship solutions to detect, mitigate and remediate security, legal, compliance and regulatory risk.