Regulatory Digest - February 2025

EMEA

European Union 🇪🇺

Regulation Name: Enhanced Cooperation to Combat Online Consumer Fraud‍

Effective Date: Ongoing (workshop held on 21 February 2025, with follow-up actions planned)‍

Summary:
The European Commission has brought together consumer protection and law enforcement agencies to tackle online fraud. The focus is on sharing best practices and using AI tools to detect and prevent scams.‍

Impact of Changes:

• Consumers: Better protection against online fraud, which affects nearly half of EU citizens.
• Businesses: Increased scrutiny on fraudulent practices means tighter compliance measures.‍

‍Action Required:‍

Businesses operating in the EU should ensure they comply with consumer protection rules and stay alert to emerging fraud trends.‍

Source: European Commission News

‍

Regulation Name: CRD VI and CRR III – Impact on Non-EU Enterprises and EU Branches‍

Effective Date: 11 January 2026 (implementation deadline for Member States), with restrictions on cross-border services effective from 11 January 2027‍

Summary:
The EU has finalised CRD VI and CRR III, introducing a harmonised framework for non-EU banks operating in the EU. Key changes include stricter authorisation, capital, and reporting requirements.‍

Impact of Changes:

• Non-EU Enterprises: Must establish licensed branches in the EU to continue offering core banking services.
• EU Branches: Existing branches may need to reapply for authorisation.‍

‍‍Action Required:‍

Non-EU enterprises should assess whether they need to set up licensed branches or rely on exemptions.‍

Source: Dentons Insights

‍

United Kingdom 🇬🇧

Regulatation Name: Ransomware Legislative Proposals: Reducing Payments to Cyber Criminals and Increasing Incident Reporting

Effective Date: Pending (Consultation open from 14 January to 8 April 2025)

Summary: 

The UK Home Office has launched a public consultation on three key proposals to combat ransomware:

• ‍Targeted Ban on Ransomware Payments: Prohibiting public sector bodies and Critical National Infrastructure (CNI) operators from paying ransoms to cyber criminals. ‍
• Ransomware Payment Prevention Regime: Requiring victims to report their intention to pay a ransom before making payment, with authorities reviewing and potentially blocking payments. ‍
• Ransomware Incident Reporting Regime: Introducing mandatory reporting requirements for supervised ransomware victims, with thresholds for reporting based on the size of the organisation of the ransom demanded. 

These measures aim to disrupt the ransomware business model, reduce financial incentives for attackers, and improve intelligence gathering to support law enforcement efforts.

Impact of Changes: 

• Public Sector and CNI Operators: A ban on ransom payments will make the UK a less attractive target for ransomware gangs.
• Businesses and Individuals: The payment prevention regime will provide guidance and support to victims, discouraging ransom payments and improving recovery options. 

Action Required:

• Public Sector and CNI Operators: Prepare for compliance with the proposed ban on ransom payments.
• Businesses and Individuals: Review and strengthen cybersecurity measures, including backup systems and incident response plans.
• Stakeholders: Provide feedback on the consultation proposals by 8 April 2025.

Source: UK Home Office Consultation

‍

United Arab Emirates 🇦🇪

Regulation Name: Enhanced AML and CTF Regime in the UAE‍

Effective Date: Ongoing (key reforms implemented in 2024, with further developments expected in 2025)‍

Summary:
The UAE has significantly strengthened its Anti-Money Laundering (AML) and Counter-Terrorism Financing (CTF) regime in 2024, following its removal from the FATF’s “grey list” in February 2024. Key reforms include:

• New AML/CTF Guidelines: Enhanced guidelines for financial institutions and Designated Non-Financial Businesses and Professions (DNFBPs).
• Increased Enforcement: Suspension of licenses for 32 gold refineries, financial penalties for non-compliance, and cross-border cooperation on financial crime investigations.

Impact of Changes:

• Financial Institutions and DNFBPs: Must comply with stricter AML/CTF rules.
• Virtual Asset Sector: Increased oversight and licensing requirements.‍

Action Required:‍

Financial institutions and DNFBPs should update their AML/CTF policies to align with the new guidelines.‍

Source: Allen & Overy Insights

‍

America

United States 🇺🇸

Regulation Name: FinCEN Alert on Relationship Investment Scams‍

Effective Date: Immediate (February 26, 2025)‍

Summary:
FinCEN has warned financial institutions about relationship investment scams, where fraudsters use fake identities to trick victims into investing in virtual currency or foreign exchange schemes. These scams caused over $650 million in losses in 2023.‍

Impact of Changes:

• Financial Institutions: Must step up monitoring and reporting of suspicious activities.
• Consumers: Greater awareness aims to protect vulnerable individuals, particularly older adults.‍

Action Required:‍

Institutions should review FinCEN’s alerts and use specific SAR filing instructions to flag suspicious activities.‍

Source: FinCEN News Release

‍

Regulation Name: FinCEN Penalises Brink’s Global Services USA, Inc. for Bank Secrecy Act Violations‍

Effective Date: February 6, 2025‍

Summary:
FinCEN has fined Brink’s Global Services USA, Inc. $37 million for failing to comply with the Bank Secrecy Act (BSA). The company didn’t implement proper AML controls or file suspicious activity reports (SARs), allowing high-risk transactions to slip through.‍

Impact of Changes:

• Brink’s Global Services USA, Inc.: Faces a hefty penalty and must overhaul its AML program.
• Armored Car Industry: This case sets a precedent for stricter AML compliance in the sector.‍

‍Action Required:‍

Armored car companies and similar businesses must ensure they meet BSA requirements, including registering with FinCEN and filing SARs.‍

Source: FinCEN News Release

Canada 🇨🇦

Regulation Name: Payments Canada Membership Expansion Consultation

Effective Date: Pending (Consultation open from February 4 to March 6, 2025)

Summary:

Payments Canada has launched a public consultation on policy proposals to expand membership eligibility under the Canadian Payments Act (CP Act). The proposed amendments will allow payment service providers (PSPs) under the Retail Payments Activities Act (RPAA), credit union locals, and clearing houses of designated clearing and settlement systems to become members. This expansion aims to broaden access to Canada’s payment infrastructure, fostering innovation and greater payment choices for Canadians.

Impact of Changes: 

• Payment Service Providers (PSPs): PSPs performing retail activities will be eligible for membership, subject to registration with the Bank of Canada under the RPAA.
• Credit Union Locals: Credit union locals that are members of a central or cooperative credit association will gain access to Payment Canada’s systems. 
• Clearing Houses: Clearing houses of designated clearing and settlement systems will also be eligible for membership.

Action Required:

Interested parties are invited to provide feedback on the policy proposals by March 6, 2025. Feedback will inform drafting instructions for amendments to Payment Canada’s by-laws and rules.

Source: Payments Canada Consultation Paper

‍

APAC

Hong Kong 🇭🇰

Regulation Name: SFC Reprimands and Fines Hang Seng Bank HK$66.4 Million for Misconduct in Investment Product Sales‍

Effective Date: 27 January 2025 (disciplinary action announced)

Summary:
The Securities and Futures Commission (SFC) has reprimanded and fined Hang Seng Bank Limited (HSB) HK$66.4 million for serious regulatory failures related to the sale of collective investment schemes (CIS) and derivative products, as well as overcharging clients and inadequate disclosure of monetary benefits. These violations occurred over a nine-year period between February 2014 and May 2023.

Key findings include:

• CIS Sales Practices: HSB relationship managers solicited clients into excessively frequent CIS transactions, contradicting investment objectives and client preferences, resulting in significant transaction costs.
• Derivative Product Sales: HSB sold high-risk derivative products to clients who lacked sufficient knowledge or risk tolerance.

Overcharging and Disclosure Failures: HSB retained unauthorised monetary benefits, charged excess fees, and failed to disclose trailer fee arrangements, resulting in at least HK$22.4 million in improper charges.‍

Impact of Changes:

• Clients: Affected customers faced significant financial losses due to excessive fees.
• Financial Institutions: The case highlights the need for stronger internal controls and compliance.‍

‍Action Required:‍

Financial institutions must review their sales practices and ensure they meet regulatory standards.‍

Source: HKMA Press Release

‍

Australia

Regulation Name: AUSTRAC Campaign Targeting Remitters and Digital Currency Exchanges‍

Effective Date: Ongoing (campaign initiated in early 2024, with recent actions in February 2025)‍

Summary:
AUSTRAC has ramped up its campaign to ensure remittance service providers (RSPs) and digital currency exchanges (DCEs) comply with the Anti-Money Laundering and Counter-Terrorism Financing (AML/CTF) Act. So far, 13 providers have faced enforcement actions, including cancellations and suspensions, while over 50 others are under investigation for failing to report suspicious activities.‍

Impact of Changes:

• Remittance and DCE Providers: Non-compliant businesses risk losing their registrations or facing suspensions.
• Industry: The campaign aims to raise reporting standards and reduce systemic non-compliance.
• Law Enforcement: Better reporting from RSPs and DCEs will help authorities tackle financial crime more effectively.‍

‍Action Required:‍

Providers must ensure they meet AML/CTF obligations, including timely and accurate reporting of suspicious transactions.‍

Source: AUSTRAC Media Release

‍

Regulation Name: Buy Now Pay Later (BNPL) Draft Regulations 2025‍

Effective Date: Pending (Draft Regulations under consultation as of February 2025)‍

Summary:
The Australian government is proposing new rules to regulate BNPL services under consumer credit laws. While the move introduces much-needed consumer protections, a last-minute amendment allowing higher late fees has sparked criticism from advocacy groups.‍

Impact of Changes:

• Consumers: Higher late fees could hit low-income users hardest, potentially worsening financial stress.
• BNPL Providers: Stricter oversight means adapting to new compliance requirements.‍

Action Required:‍

BNPL providers should prepare for tighter regulations, including enhanced consumer protections and reporting obligations.‍

Source: Financial Counselling Australia