The Compliance Playbook: Navigating the Financial Services Industry’s Compliance Priorities in 2025

Regional 2025 priorities

North America

The idiosyncratic issues for North America are largely the result of current circumstances in the US.

Heightened Uncertainty

Even before the recent US presidential election, regulatory rulemaking and enforcement processes had been upended by a series of Supreme Court decisions which stripped agency heads of some of their authority to interpret law and enforce penalties for non-compliance. (Refer to this Vision article for additional details.) As a result of these decisions, we can expect a more protracted rulemaking process and more litigation to challenge agency interpretations and enforcement.

The Trump 2.0 administration adds to the uncertainty. While the financial services industry is generally buoyed by the prospect of less regulation (including potential rollback of some existing requirements) and “lighter touch” enforcement, there are concerns that the Trump economic agenda could lead to interest rates remaining higher and to inflation. Further, a lighter regulatory touch at the federal level could lead to actions by states to address perceived gaps, adding to the industry’s compliance challenges.

Competitive Landscape

Three other issues in the headlines are banking as a service (BaaS), open banking and crypto. For the last year, the banking regulators in the US have been issuing enforcement actions against BaaS providers stemming from their exposure to less-regulated crypto and payment companies. One result of these enforcement actions has been a leveling of the playing field between fintechs and banks by having the banks require them to improve their compliance programmes.

In October, The Consumer Financial Protection Bureau (CFPB) finalised a new rule to facilitate open banking in the US. Banks have challenged the rule, arguing that it exceeds the agency's legal powers and could jeopardise consumer data security. Underlying these concerns is a view that the rule would hurt banks and help fintechs.

Even prior to the presidential election, there were indications that there would finally be legislation to establish a regulatory framework for crypto. Given recent announcements about the incoming President’s choice to lead the Securities and Exchange Commission as well his appointment of a Crypto and AI Czar, the future outlook for crypto in the US is strong.

Exactly how the new administration, which has said it is committed both to innovation and curbing regulation, will address these issues remains to be seen.

Europe

While the top concerns for Europe mirror those of North America and APAC, the following stand out as reflecting differing regulatory priorities. We expect to see European regulators continuing a focus on environmental, social and governance (ESG) regulation as well as seeking to introduce and supervise crypto-asset regulation consistent with existing financial regulatory frameworks. The implementation of DORA and its supervision for the financial sector and critical third-party providers will be a key priority as will the transition of supervision to the new EU AML Authority during 2025.

ESG

The EU continues to develop and implement a substantial body of legislation as part of its sustainable finance strategy. The package of measures is extensive, covering corporate sustainability reporting, green bond regulations, ESG rating regulations, actions to address greenwashing and changes to the Sustainable Finance Disclosure Regulations, to name a few. In addition, the Corporate Sustainability Due Diligence Directive (also called the CS3D) will require in-scope companies to set up due diligence processes to identify adverse human rights and environmental impacts that arise in their own operations and those across all tiers of their supply chain. This move is expected to be far-reaching and demand much greater onboarding requirements.

The U.K. ESG position is emerging more slowly as U.K. regulators initially focus on corporate reporting through the adoption of the International Sustainability Standard Board (ISSB) disclosures and standards, the focus on greenwashing and sustainability disclosure regulations (including new investment labels) with ESG ratings regulations in final consultation and the publication of a policy statement on non-financial misconduct in the financial sector also expected in 2025.

Virtual Assets (MiCAR)

The Markets in Crypto-Assets Regulation (MiCAR) establishes EU market rules for crypto assets that are not currently regulated by existing financial services legislation. Key provisions for those issuing and trading crypto-assets (including asset-reference tokens, e-money tokens and crypto-asset service providers) cover transparency, disclosure, authorisation and supervision of transactions. organisational structures, business conduct rules, and consumer protection measures.

U.K. regulation of virtual assets is still in the legislative phase. The Financial Services and Markets Act 2023 and the proposed Property (Digital Assets) Bill set out further details of the regulatory landscape for crypto assets. The regulatory approach proposes leveraging current financial regulatory structures to oversee crypto assets, bringing a wider array of crypto assets and related activities into the scope of regulation, regulating a wider scope of activities, and enhancing financial crime standards.

APAC

The three concerns not included on the North American and European lists are conduct and culture, fintech, and economic implications. Drilling down into these issues suggests more commonality with other regions than might at first be apparent.

Culture and conduct are not new areas of focus for APAC. Numerous countries in the region have adopted or enhanced conduct and culture standards. In Australia for example, culture and conduct are also the driving forces behind consumer protection rules.

The APAC region has been a leader in permitting newer market entrants – crypto and other fintech firms - but there is a lack of regulatory uniformity that creates challenges both for regulators and for fintech firms looking to expand across borders. This is driving a push for greater regional cooperation and harmonisation of regulatory standards.

While the medium and long-term economic prospects for APAC remain strong, current economic conditions (e.g., the slow recovery in China, persistent inflation in Japan, and depressed consumer spending in Australia) still loom heavily, with potential impacts on the financial services industry ranging from credit quality concerns to aggressive cost cutting.

Horizon Scanning

In prior years, we have talked about how critical horizon scanning is to compliance management. Identifying emerging risks and trends allows financial institutions to be more strategic, thoughtful and innovative in the way they address these issues, which in turn helps institutions avoid compliance problems and provides them with a competitive edge.

In a recent speech, former member of the board of the European Central Bank and New York State Department of Financial Services Superintendent Elizabeth McCaul talked about horizon scanning using an analogy to vision.

Ms. McCaul highlighted the importance of central, fringe and peripheral vision to both supervision and risk management. To paraphrase her words:

• Central vision is what’s right in front of us, the risks of which we are all aware.
• Fringe vision is just outside of our central vision, the changes we see developing and beginning to have an impact.
• Peripheral vision is the wider risk landscape that includes the structural trends that could have a profound effect on business models and the environment in which financial institutions operate.

Peripheral vision issues, by their nature, are emerging risks which may arise over several years (such as the widespread adoption of online banking and financial services) or which can move from peripheral to central vision in a remarkably short time frame (for example, the emergence of AI). Most peripheral vision changes can be categorised as emerging from one of the following drivers of change: political, economic, social, technological, legal or environmental – the PESTLE analysis^[3], a framework for exploring the external factors that may impact a business. Many of these drivers can have a multi-layered impact on business. But as Ms. McCaul points out, we need to use our “athletic capabilities to identify the peripheral vision risks.” Her areas to watch include the potential reconfiguration of the financial value chain caused by big tech and other non-banking companies providing financial services, the impact of digitalisation and social media on liquidity, and the rise of non-bank financial institutions. Our additions to this list include open banking and APIs, quantum, and supervisory technology (SupTech).

Image

As we enter another year of change and uncertainty, we would recommend that the boards of directors and senior management of every financial institution evaluate their horizon scanning function against Ms. McCaul’s standards.

And since we think we may be in for a very active 2025, check back with us mid-year when we plan to reassess the compliance environment.

1. https://www.mckinsey.com/capabilities/quantumblack/our-insights/the-state-of-ai
2. Key requirements include information and communication technology (ICT) risk management; ICT third-party risk management, digital operational resilience testing; ICT related incidents, information sharing and oversight of critical third-party providers.
3. https://pestleanalysis.com/what-is-pestle-analysis/