Banking Regulations Update

📣 Breaking: Two big moves in Brussels on EU sustainability regulation: 1️⃣ EFRAG has officially been tasked with simplifying the ESRS (see the letter below). The Commission’s letter sets a tight timeline: advice due by 31 October 2025. The revised standards could apply from FY2026 and must apply by FY2027. What does simplification mean in practice? -Cut low-priority datapoints -Prioritise quantitative over narrative reporting -Provide clearer instructions on materiality to reduce over-reporting -Ensure interoperability with global standards This is a chance to course-correct some of the confusion and concerns that have surrounded CSRD implementation. 2️⃣ The European Parliament has just approved urgent procedure for the ‘stop-the-clock’ measure in the Omnibus Regulation. That means the final vote on the CSRD/CSDDD delays is scheduled for 3 April. If adopted, co-legislators can begin negotiating the final legal text. Why it matters: The decisions made in the coming weeks will define the direction of EU sustainability policy for the next several years. Simplification may be overdue, but if ambition is lost along the way, the cost will be much higher than administrative burden. #CSRD #CSDDD #EUGreenDeal #sustainabilityreporting #EFRAG #ESRS #sustainablefinance

When it comes to #openbanking, the #US has been known for their market-led approach - contrary, for example, to Europe or the UK. Now with the Personal Financial Data Rights rule a U-turn is being made. Let’s take a look.   Like most other things in the US, Open Banking has been left to the market to sort out. That means that the access to data and the connections between the various parties (mainly financial institutions and front-end providers like #fintech players) were not subject to centrally designed and imposed rules. As a result, market players jumped in to cover the gap: Plaid has managed to build within the past years APIs to almost every financial institution in the country (about 18,000), acting, in essence, as the main intermediary or gateway to thousands of apps, the likes of Venmo, PayPal, Coinbase or Robinhood.    On the other end, we have geographies where Open Banking has been triggered by regulation, with financial institutions forced to open up and provide access to their data to authorized third parties (i.e. in Europe via PSD2 and in the UK via OBIE).   However as open banking initiatives around the world are increasingly setting the bar higher, voices were becoming louder in the US since quite some time in favour of a regulatory approach that would expedite and facilitate the path to open banking.   This is what just happened a few days ago with the Consumer Financial Protection Bureau (CFPB) proposing a rule (still in draft) that practically facilitates this.   Here is what changes:   —     Consumers own their #data for free and banks and other FIs are obliged to provide access to personal financial data via dedicated digital interfaces   —     Consumers can share their data with third parties, which is the basis for providers to build new innovative services on top   —     Competition will be boosted by allowing consumers to easily switch providers   These changes will be enforced via a number of measures:   —     Measures to prevent unchecked surveillance and misuse of data   —     Measures to give consumers control (i.e. revoking data access)   —     Standards will be still set by the market but rules by the CFPB in order to ensure that they are fair, open, and inclusive   Implementation will be done in phases with larger providers subject to the rules much sooner than smaller ones and community banks and credit unions without digital interfaces to their customers would be exempted.   If there is one thing that stands out, it is the following: the entire transformation evolves around data. Or better the access to data. Exactly as Europe has recently done with its draft Financial Data Access (FIDA) framework announced in the summer. This is not by accident or coincidence. Data is the main driver behind the rise of open banking and its further transition to open #finance. The new rule has the potential to completely change the US finance landscape.    What do you think?   Opinions: my own

Understanding the Imperative: Basel III and Post-Crisis Reforms The financial crisis of 2008 was a stark reminder of the interconnectedness and vulnerabilities within the international financial system. The crisis exposed significant weaknesses in the global regulatory framework, particularly under Basel II, necessitating a more robust and resilient banking system. Understanding why Basel III and other post-crisis reforms were introduced is crucial for banking professionals who are navigating these regulatory environments. Although Basel II was a significant advancement over its predecessor, it became apparent during the financial crisis that it did not go far enough in preventing the build-up of systemic risk. Basel II was heavily reliant on internal risk assessments by banks, which proved to be overly optimistic and insufficient in the face of financial distress. The framework also lacked stringent requirements for liquidity and leverage, allowing banks to operate with high leverage while maintaining insufficient liquid assets. Basel III was developed to address these shortcomings and to significantly strengthen the global capital framework. Key enhancements introduced by Basel III include: 1. Higher Capital Requirements: stricter capital requirements, increasing both the quantity and quality of capital banks must hold. This includes a higher ratio of equity to risk-weighted assets, ensuring that banks have enough capital to absorb losses during periods of financial stress. 2. Countercyclical Buffers: To prevent excessive credit growth that can lead to asset bubbles, Basel III introduced countercyclical capital buffers, requiring banks to hold additional capital during periods of high credit growth, which can be reduced when conditions worsen. 3. Leverage Ratio: Unlike Basel II, Basel III introduced a non-risk-based leverage ratio to serve as a safeguard against excessive leverage on banks' balance sheets. This measure helps ensure that banks' expansion is matched by solid capital support. 4. Liquidity Requirements: Basel III established two key liquidity ratios - the Liquidity Coverage Ratio (LCR) and the Net Stable Funding Ratio (NSFR). These ensure that financial institutions maintain sufficient high-quality liquid assets to withstand a 30-day stressed funding scenario and promote more stable funding structures. The implementation of Basel III and its ongoing updates reflect an ongoing commitment to fortifying the global banking system against future crises. These reforms have led to a more conservative banking environment where institutions must operate with higher levels of capital and stronger risk management practices. Understanding the rationale and requirements of Basel III is not just about regulation, but about appreciating the role of these reforms in fostering a more stable banking system. As the landscape continues to evolve, the insights gained from these reforms will be essential in guiding future regulatory changes.

India has officially notified the DPDP Rules 2025, triggering the operational rollout of the DPDP Act. For the banking sector, this is a defining moment. The rules now make data governance, breach reporting, consent, and security controls a regulatory obligation — not a best practice. Banks handle the most sensitive personal data in the country. With the new rules, they must strengthen security (encryption, access controls, audit logs), redesign customer consent journeys, and notify customers and the government quickly in case of a breach. Retention and deletion rules also tighten — data can’t be kept beyond its purpose without legal basis. Most large banks will now fall under the category of Significant Data Fiduciaries, bringing additional responsibilities like annual data-protection audits, DPIAs, and tighter oversight on data flows, especially cross-border. This will force banks to rethink their data architecture, vendor ecosystem, and operating model over the next 12–18 months. My view: this is not just a compliance change — it’s a trust opportunity. Banks that act early and communicate transparently will earn customer confidence and stand out in an increasingly digital financial ecosystem. The DPDP era has begun. Are we ready to lead it?

#OpenBanking in the United States has marked a significant stride with the recent release of the Consumer Financial Protection Bureau's draft rules. In the wake of the executive order issued in July 2021, encompassing Open Banking as one of 72 prominent initiatives, we now have access to the draft rules meticulously crafted by the CFPB. Who do these rules apply to? These regulations are applicable to all banks, credit card providers, prepaid card providers, and digital wallets. What is within the scope of these rules? The rules primarily include: - 24 months of transactional data including settled and pending payments - Comprehensive product data, such as fees, overdrafts, and rewards - Customer identity data including name, DoB and contact details Furthermore, bank account details and routing numbers for processing ACH payments can be provided directly or in the form of tokens, exclusively designated for ACH transactions. (Note, this may cause interoperability issues with new products such as FedNow) How will data be accessed under these rules? Data access will be facilitated through dedicated interfaces, specifically Application Programming Interfaces (APIs), which third parties are not authorized to handle credentials for. The specifications of these APIs will be established by accredited standards bodies, subject to rigorous oversight by the CFPB. Customers will grant authorization to third parties, accompanied by a clear disclosure outlining the intended use of their data and the mechanisms for access revocation. Banks are mandated to authenticate customers and facilitate confirmation of data access. Third parties will be able to access data for up to 12 months, following which further authorization will be mandated. When can we expect the implementation of these rules? The CFPB is presently in the process of gathering feedback from the industry, and we anticipate the publication of a final rule in approximately Q3/Q4 2024. The rules will come into effect 60 days after publication and from that moment the largest banks ($500bn+ in assets) and non-bank institutions ($10bn+ revenue) will have 6 months to offer. After 12 months all non-banks and banks with over $50bn in assets will need to offer APIs. Smaller banks, such as those with assets under $850 million, will have up to four years to comply. In conclusion, the CFPB's draft rules represent a comprehensive framework for implementing Open Banking in the United States. This development holds great promise for American consumers who should start to benefit from an acceleration in innovation and competition. Furthermore, this should give businesses comfort to begin working with Open Banking data today as there is a clear road map for the future.

This summer, a single vote in Congress rewrote the playbook for America’s wealthiest families. With the passage of the “One Big Beautiful Bill,” sweeping estate law changes and expanded exemptions are forcing Family Offices to take a hard look at their future. For years, estate planning has often been treated as a technical exercise in tax efficiency. But 2025 feels different. What we’re seeing at Family Office Access is not just paperwork shifting from one folder to another. Families are reimagining what to do with farmland, private operating companies, and philanthropic vehicles that carry their values into the next generation. The numbers tell the story. Early 2025 surveys show that more than half of single-family offices are revisiting legacy structures this year. Our analytics show a 30% increase in inquiries about estate transition strategies in our client network. UBS and Campden Wealth reports confirm the same global trend: succession planning and governance now rank alongside direct investing as top priorities for Family Offices. The OBBA has become a catalyst. Families are asking harder questions around mission, continuity, and the role of capital in shaping long-term legacy. Farmland is being treated as a commitment to sustainability. Operating businesses are being restructured with generational leadership in mind. Philanthropic vehicles are moving toward impact models designed to outlast their founders. Aviation, surprisingly, has also become part of the conversation. Buried in the bill is a generous incentive that allows private aircraft to be written into estate structures with favorable treatment. For some families, this means jets can be transitioned across generations with reduced tax friction. For others, it opens the door to structuring ownership through trusts or family partnerships, turning what was once viewed purely as a lifestyle expense into an asset that supports both mobility and long-term planning. This moment extends well beyond tax mechanics. Families are navigating generational purpose and deciding whether these changes will create opportunity or present new burdens. Do you believe the OBBA will ultimately benefit or hurt Family Offices? And beyond families themselves, what ripple effects will these changes create across the broader business world?

Major #SFDR Overhaul: EU sustainable finance rules completely restructured The European Commission just proposed a fundamental redesign of the Sustainable Finance Disclosure Regulation (SFDR). Here's what's changing: THE TRANSFORMATION FROM: Complex disclosure-heavy framework TO: Streamlined 3-category product system Impact: 25-50% cost reduction for financial firms NEW PRODUCT CATEGORIES Article 9 - Sustainable: Already sustainable investments | 70% threshold | Strictest exclusions (no fossils, high-carbon) Article 7 - Transition: Companies transitioning to sustainability | 70% threshold | Moderate exclusions plus fossil expansion limits Article 8 - ESG Basics: Broader ESG integration | 70% threshold | Light exclusions (weapons/tobacco/violations) BEFORE vs AFTER: KEY CHANGES Scope Before: Financial market participants + advisers After: Only product manufacturers/managers Entity Disclosures Before: Principal adverse impacts + remuneration policies required After: Completely eliminated (€56M annual savings) Product Framework Before: Articles 8 & 9 as vague quasi-labels After: Clear categories with specific criteria "Sustainable Investment" Before: Complex definition causing confusion After: Definition deleted; embedded in category criteria Disclosure Length Before: Lengthy templates, no limits After: Maximum 2 pages pre-contractual Marketing Rules Before: Must not contradict disclosures After: ONLY categorised products can use sustainability terms in names MAJOR DELETIONS ⇢Entity-level principal adverse impact disclosures ⇢Remuneration policy requirements ⇢"Sustainable investment" definition ⇢Entire Delegated Regulation 2022/1288 repealed NEW ANTI-GREENWASHING MEASURES ⇢Only categorised products can use ESG terms in names ⇢"Impact" term reserved for specific strategies ⇢Member States prohibited from adding requirements KEY ADDITIONS ⇢Fast-track: 15%+ EU Taxonomy-aligned = automatic qualification ⇢Formal data & estimates documentation requirements ⇢Clear fund-of-funds framework TIMELINE ⇢General application: 18 months after entry into force ⇢Insurance/pension products: 30 months (12-month grace period) WHAT DOES THIS MEAN ⇢For Asset Managers: Lower compliance costs, clearer rules, predictable supervision ⇢For Investors: Better comparability, reduced greenwashing, easier product matching ⇢For Markets: Efficient capital allocation, stronger single market, competitive advantage The EU is choosing clarity and enforceability over comprehensive complexity. This fundamental restructuring bets that simpler rules with stronger enforcement better serve both market integrity and the sustainable transition. #sustainablefinance #sfdr #esg #regulation #assetmanagement #greenfinance #compliance #europeanunion

🇪🇺𝗣𝗦𝗗𝟯 𝗗𝗲𝗮𝗹 𝗥𝗲𝗮𝗰𝗵𝗲𝗱: 𝗔 𝗦𝗮𝗳𝗲𝗿, 𝗦𝗺𝗮𝗿𝘁𝗲𝗿 𝗙𝘂𝘁𝘂𝗿𝗲 𝗳𝗼𝗿 𝗣𝗮𝘆𝗺𝗲𝗻𝘁𝘀 𝗶𝗻 𝗘𝘂𝗿𝗼𝗽𝗲 Last week, the EU reached a major agreement on the new PSR/PSD3 rules, the biggest update to #payment regulation since #PSD2. Big news for anyone who pays, shops, or banks online in Europe. This one directly impacts consumers, banks, and #fintech companies. 💡𝗖𝗵𝗮𝗻𝗴𝗲𝘀 #𝗣𝗦𝗗𝟯 𝗕𝗿𝗶𝗻𝗴𝘀  ➡️ Stronger protection against online #fraud: Online payment fraud is rising fast, especially impersonation scams. The new rules change the balance: • Banks and payment providers must introduce stronger checks (e.g., name-to-IBAN matching, better risk monitoring). • If they fail to prevent obvious fraud, they must reimburse you. • Even in impersonation cases (e.g., “fake bank employee” scams), customers will now have clearer rights. This is one of the biggest consumer wins so far.  ➡️ No more hidden fees: You’ll know exactly how much you will pay before the transaction, including the currency exchange fees, ATM fees, and extra charges from payment providers. This transparency was long overdue, and will especially help frequent travellers and cross-border users like myself. ➡️ More fairness between banks and fintechs: The deal gives non-bank payment providers clearer rules and fairer access, which will likely boost competition and innovation, and it should lead to better products and more choice for users ➡️More control over who sees your data: Open banking continues, but with stronger user control. Users will get simple dashboards to decide who can access your data, for what, and for how long. ➡️  The human touch: no more relying solely on chatbots, customers must have access to real people. This is a big step toward more trust in data-sharing and a healthier digital-finance ecosystem. ➡️Cash access stays protected: Retailers can continue offering cash withdrawals, even without a purchase. Important for rural regions, elderly citizens, and anyone who still depends on cash. 📌 𝗧𝗵𝗶𝘀 𝘂𝗽𝗱𝗮𝘁𝗲 𝗺𝗮𝗿𝗸𝘀 𝘁𝗵𝗲 𝗺𝗼𝘀𝘁 𝘀𝘂𝗯𝘀𝘁𝗮𝗻𝘁𝗶𝗮𝗹 𝗼𝘃𝗲𝗿𝗵𝗮𝘂𝗹 𝗼𝗳 𝗘𝗨 𝗽𝗮𝘆𝗺𝗲𝗻𝘁 𝗿𝗲𝗴𝘂𝗹𝗮𝘁𝗶𝗼𝗻 𝘀𝗶𝗻𝗰𝗲 𝗣𝗦𝗗𝟮. 𝗢𝗻𝗰𝗲 𝗮𝗴𝗮𝗶𝗻, 𝘁𝗵𝗲 𝗘𝗨 𝗵𝗶𝗴𝗵𝗹𝗶𝗴𝗵𝘁𝘀 𝗶𝘁𝘀 “𝘀𝗮𝗳𝗲 𝗶𝗻𝗻𝗼𝘃𝗮𝘁𝗶𝗼𝗻” 𝗺𝗲𝘀𝘀𝗮𝗴𝗲.    For consumers, it will soon feel like they’re paying for a service they can trust, with no hidden traps and far stronger protection against fraud.  For providers, it means rethinking operations, compliance frameworks, and customer support infrastructures. The roadmap ahead will demand commitment, but ultimately, this deal lays the foundation for a safer, fairer, and more competitive European payments market. (The deal needs to be formally adopted by Parliament and Council before it can come into force.) 💡More information> https://lnkd.in/dUWYd347 #payments #paymentregulation #EU

The Financial Action Task Force (FATF) has finalized its update to Recommendation 16, placing stronger emphasis on structured, end-to-end transparency in cross-border payments. The changes are subtle but significant: • Clearer responsibility: The originating institution is now explicitly accountable for collecting and retaining originator and beneficiary data. • Mandatory structured fields: For transfers ≥ USD/EUR 1,000, minimum information such as full name, address, and date of birth is required—reinforcing the need for clean, structured data. • Fraud and error prevention: Institutions are expected to implement verification controls that catch mismatches before funds move. Where ISO 20022 fits in is critical. Unlike legacy formats, ISO 20022 provides dedicated data elements to capture Travel Rule-relevant information in a machine-readable, audit-ready form—from postal address structures to LEIs and remittance narratives. It transforms compliance from a manual checkbox into a built-in capability. With the global transition to ISO 20022 underway, aligning with these new FATF expectations becomes not just feasible—but scalable. ⸻ Financial institutions now face a clear direction: Move from unstructured legacy formats to intelligent, structured rails that support both innovation and regulatory clarity. If you’re exploring how ISO 20022 can simplify your Travel Rule obligations—now is the time to act. Let’s connect. Image from CGAP Blog: https://lnkd.in/gSYDnF-5 The FATF’s Revised Travel Rule: Key Changes for Payment Transparency | Blog | CGAP #payments #iso20022 #aml #sanctions #fatf #swift

Navigating India's Digital #Banking Future: Reserve Bank of India (RBI) 's New Authorization Directions. The Reserve Bank of India (RBI) has just unveiled its comprehensive "Reserve Bank of India (Digital Banking Channels Authorisation) Directions, 2025". This significant draft, effective from its final issuance date, aims to streamline and strengthen the regulatory framework for digital banking services across India. This isn't just an update; it's a foundational shift for all commercial and cooperative banks operating in India! Let's dive into what these directions mean for the banking landscape: 1. Defining the Digital Frontier: The RBI clearly distinguishes between various digital banking channels: • Digital Banking Channels themselves encompass services offered via websites (internet banking), mobile phones (mobile banking), or other digital channels, involving significant process automation and cross-institutional capabilities. • Internet Banking allows customers to manage accounts and access services online. • Mobile Banking facilitates banking through mobile applications, USSD, and SMS. Crucially, the directions differentiate between two levels of digital service based on functionality: • View Only Banking Facility: This is for non-transactional services that do not alter a customer's assets or liabilities. Think balance inquiries, statement downloads, or viewing. While loans and fund transfers cannot be directly provided, banks can offer downloadable forms for such facilities. • Transactional Banking Facility: This is the full suite, allowing all fund-based or non-fund-based banking services. This distinction is key to understanding the varying compliance requirements. 2. Dual Pathways for Authorization – A Tailored Approach: The RBI has established two distinct eligibility criteria, reflecting the risk profiles of the services offered: • For "View Only" Banking Facility:     ◦ Banks must have fully implemented Core Banking Solution (CBS).     ◦ Their public-facing IT infrastructure must be enabled to handle Internet Protocol Version 6 (IPv6) traffic.     ◦ Upon launching, banks must inform the concerned RBI regional office within thirty days and submit a ‘Gap Assessment and Internal Controls Adequacy’ (GAICA) report. This demonstrates a lighter, but still structured, oversight for lower-risk services. • For "Transactional" Banking Facility:     ◦ This requires prior approval from the Reserve Bank.     ◦ Applications must be submitted via the PRAVAAH portal with a board resolution and supporting documents.     ◦ The criteria are significantly more stringent, emphasizing robust financial health and technological readiness:         ▪ Full CBS and IPv6 enablement of IT infrastructure.         ▪ Compliance with minimum regulatory Capital to Risk-Weighted Assets Ratio (CRAR).         ▪ Net worth of at least the minimum regulatory requirement or ₹50 crore, whichever is higher, as of March 31st of the preceding financial year.