Market Structure Update – What's going on? 28 August 2025 edition

Welcome to the latest edition of the Ashurst Market Structure Update.

Regulatory and public bodies didn't take August off, the last two or so weeks have seen:

• The FCA has published its review of algorithms, highlighting both good and bad findings. At times, we wonder whether the nuance is lost in the FCA’s messaging;
• Regulatory reports and regulatory data discussed. Data remains high up the regulatory agenda with a focus (worry) on public authority visibility over the market (in particular, the non-bank sector);
• The EC has published a definition of post-trade risk reduction service under Article 31 of MiFID – it’s a good start, we have some thoughts; and
• ESMA publishes list of data contributors to the Equity CTP, who are subject to a number of unrealistic requirements in relation to contributing the data.

Lastly, it's more internal compliance than market structure, but we couldn't resist including a few points on the FCA's multi-firm review on off-channel communications.

As usual, we'd love to hear from you so let us have any thoughts on these topics.

This edition will cover the following updates:

Trading and Settlement

1. FCA publishes multi-firm review of algorithmic trading controls

2. FCA finalises Derivatives Trading and PTRRS reforms

3. European Commission publishes MiFIR post-reform changes

4. ESMA publishes net short position notification thresholds for sovereign issuers

5. FCA publishes fireside chat with Jamie Bell regarding T+1 settlement

Transaction / Trade Reporting

6. Trade Repository (TR) Data Collections

7. Amendments to the UK EMIR Trade Repository reporting requirements

8. FCA webpage on Derivative Reporting Requirements under UK EMIR

9. FCA advances UK Bond Consolidated Tape

10. ESMA publishes list of data contributors to the Equity CTP

11. EU Commission proposes revised IIPs and RRMs regulation

Operational Resilience

12. AFME publishes position paper on DORA Incident Reporting

13. FCA publishes Cyber Resilience Insights

Digital Markets

14. GFMA publishes call for recalibration of Basel Crypto

15. New EU Regulation on Market Abuse Prevention in Crypto-Assets

16. FCA Stablecoin and Cryptoasset Regulatory Update – Key Points for Market Participants

17. FMLC responds to FCA consultation on stablecoin issuance and cryptoasset custody rules

18. ISDA publishes Response to BIS Consultation on Tokenization of Payments and Financial Transactions

19. IMF reviews existing approaches to technology solutions to support central bank digital currency with limited connectivity

Capital

20. HM Treasury: Updated Webpage: Policy paper: Applying the FSMA 2000 model of regulation to the Capital Requirements Regulation

21. EBA confirms postponement of FRTB Market Risk Framework 2027

Things we saw of interest

22. BIS launches Project Noor with respect to AI models for financial supervision

23. FCA publishes its Multi-firm review into off-channel communications

24. EC ECB publishes Working Paper on Digital Deposits

25. ECB publishes Working Paper on Higher Order Exposures

26. ECB: Working Paper: Gaming the test? Window-dressing and portfolio similarity around the EU-wide stress tests

27. Leveraging the non-bank sector – in good times and bad

28. Should we mind the gap? The ECB's assessment of the benefits of equity markets and policy implications for Europe’s capital markets union

Trading and Settlement

1. FCA publishes multi-firm review of algorithmic trading controls

On 21 August 2025, the FCA published a multi-firm review of algorithmic trading controls, assessing principal trading firms’ compliance with MiFID RTS 6 standards. This review has received a negative response in the press but we think many consider most of it reasonable (or at least expected!). We have highlighted a few points of nuance to some of the good and bad practices set out by the FCA.

The review found improvements in governance, self-assessment, and technical understanding since 2018, but noted significant variation in the quality and detail of firms’ approaches.

The FCA noted good practices included external audits of self-assessments. This may be true, but we'd note that external audits (at least in the UK) are not necessarily required. And many firms that do not have external audits are technologically sophisticated dealers – who struggle to find auditors that have a comparable / equivalent skill set. So while its clear that external audits have benefits and is a good idea used in the right space, we're not sure they're good or necessary everywhere. It would have been nice to see the qualifier.

Separately, the FCA also drew attention to how firms had not addressed all aspects of RTS 6 in their internal assessments:

"In some cases, firms did not address certain elements of RTS 6 at all in their self-assessments, such as IT outsourcing and Compliance training. It is important that firms fully assess their compliance with the requirements of RTS 6."

On this, we have seen master document style approaches to RTS 6 obligations to ensure that all obligations have been touched on. This master document sets out RTS 6 obligations and where the relevant policies and procedures of relation to that – its then updated periodically or on an event based occurrence.

Moving on, RTS 6 imposes an obligation on compliance staff to have an understanding of the firm's algorithms. This has always been a tortuous requirement. Understandably, in some cases this obligation falls to the risk department. The FCA has suggested that some compliance functions do not have a strong technical knowledge of algorithmic trading. We would note that this needs to be taken with a degree of proportional-salt. If a broker provides relatively straightforward algorithms via a third party and from a reputable service provider (with appropriate services), then the knowledge requirements should be understandably less than a compliance function of, say, a proprietary trader. We think the FCA would agree with all that though – so no need to panic if you work in compliance but haven't yet finished your part time degree in computer programming.

Some other things the FCA highlighted (we've focused on the doom and gloom here but there were also plenty of good points, for those interested, the full report is not a lengthy read):

• poorly defined conformance testing procedures;
• outdated policies – this is an easy one to mitigate. An outdated policy always sends the wrong message to the reader;
• simulation testing "carried out by some firms lacked sophistication or did not appear to consider a wide range of market scenarios". It will be useful to have some extra detail here from the FCA on what type of algos and what type of firms they are specifically referring to. Not all algos need the same simulation tests;
• pre-trade controls: in certain cases ownership of pre-trade and post-trade controls was poorly defined and not documented; and
• in some cases, the FCA reported that firms had not done enough to update or invest in their market surveillance systems. This seemed to be from the FCA raising mainly a case of some firms which have grown their initial surveillance kit.

2. FCA Finalises Derivatives Trading and PTRRS Reforms

FCA has published its final policy statement on reforms to the UK derivatives trading obligation (DTO) and the regulatory framework for post-trade risk reduction services (PTRRS), effective 30 June 2025.

Key changes include the "Libor-tidy up" i.e. expanding the DTO to cover specified classes of SOFR OIS (Secured Overnight Financing Rate Overnight Index Swaps), reflecting the transition from LIBOR to risk-free rates.

On the PTRRS framework, this represents a concerted action on the UK and EU's part to clarify how these services sit within the regulatory framework. Not much thought was given to this at the time of MiFID II (save for references to portfolio compression). So we now have a UK framework (that closely follows the EU) which exempts PTRRS - specifically portfolio compression, portfolio rebalancing, and basis risk optimisation - from the DTO, best execution, and transparency requirements. And importantly the users (e.g. banks) of such services.

Providers of PTRRS must notify the FCA before offering services and comply with new record-keeping and public disclosure obligations. Although the UK rules are not explicitly drafted with third country PTRRS in mind, we think third country PTRRS providers can send notices to the FCA on this (if, for example, clients request).

3. European Commission publishes MiFIR post-reform changes

The European Commission has published draft amendments to Delegated Regulation (EU) 2017/567. This does three interesting things.

Firstly, it amends the definitions of shares, depositary receipts and ETFs. For exchange-traded funds (ETFs), the threshold is set at 100 units issued, with at least 10 daily transactions and EUR 500,000 in daily turnover. These thresholds will need to be included in trading venues transparency systems.

Second, the provisions on the 'reasonable commercial basis' for market data have been deleted, with ESMA now empowered to develop technical standards in this area. A much watched space, given the debate over data costs (who should pay/how much should be charged etc).

Thirdly, and finally, we have a definition of post-trade risk reduction (PTRR) services. The market has been waiting for it since Article 31 MiFIR empowered ESMA to advise on technical standards. The European Commission looks likes like it doesn't want to wait for ESMA.

A few thoughts from us on the legislation. The definition given is workable, but needs a few amendments, including:

1. on the first limb, removing the reference to PTRRs by "algorithm"- in most cases this will be fine but it's better to keep the legislation tech neutral;
2. on the second limb, submission should be by or "on behalf" of counterparties - there's no reason why someone should not be able to submit to a PTRRS on behalf of a counterparty; and
3. on the forth limb, we think the market risk neutral limb should be removed for something more positive - the FCA has this as: for the purpose of reducing non-market risks in derivatives portfolios, which we think is a good approach.

4. ESMA publishes net short position notification thresholds for sovereign issuers

On 6 August 2025, ESMA published a quarterly update on notification thresholds for net short positions on sovereign debt. The list provided by the authority sets out the adjusted amount of outstanding debt, as approximated by competent authorities, for over 60 sovereign issuers.

5. FCA publishes fireside chat with Jamie Bell regarding T+1 settlement

We've discussed T+1 settlement issues previously (see here for a link to a recent MSU briefing on it) and its almost a standing item now.

At a recent industry event, Jamie Bell, the FCA’s head of capital markets, highlighted the regulator’s ongoing engagement with market participants. A poll at the event revealed that approximately 87% of respondents have already identified the necessary changes required for T+1 readiness. In our experience, these tend to relate to cross-border currency issues/corporate actions. The FCA suggested it is monitoring the market and wants firms to ensure they are adequately prepared for the deadline.

Transaction / Trade Reporting

6. Trade Repository (TR) Data Collections

The Bank of England recently published a helpful overview of its Trade Repository (TR) data collection efforts, which are designed to enhance transparency and stability in key financial markets. The data from EMIR and SFTR has got a bad reputation for data quality issues, gaps and flaws in design. Its main virtue, according to some, is that it is the best the regulators/public bodies currently have. It's no surprise that there are ongoing efforts to improve the information collected.

Andrew Bailey's recent FSB speech highlights how he and the FSB are renewing focus on data. One, perhaps theoretical, question we've seen raised is how would regulatory actions have changed if in the years between, say, 2000-2007 data from EMIR and SFTR was available? Commentators can chew over that question. More pragmatically from our perspective, does the data currently supplied give the most efficiently collected view on concentration, leverage and correlation?

On the technical side, the webpage highlights how the Bank and the FCA have issued new validation rules, XML schemas, and industry guidance, with ongoing consultations to refine the reporting regime.

7. Amendments to the UK EMIR Trade Repository reporting requirements

While we have you on reporting, on 8 August, the Bank of England published a policy statement summarising the feedback received on its consultation regarding the Bank's proposed amendments to the UK EMIR Trade Repository reporting requirements, as well as the finalised rules. There are two new primary changes: the addition of a new 'Execution agent' field (Field 30) to Table 3 of the reporting technical standards, and a correction to cross-referencing in the rules for Unique Transaction Identifiers. There are some more minor updates in terms of validation rules and XML reporting schemes for those in the weeds.

The bank has also listened to the industry on timing and moved the implementation date from 1 December 2025 to 26 January 2026.

8. FCA webpage on Derivative Reporting Requirements under UK EMIR

To continue the theme of fine tuning of the UK EMIR reporting regimes on 8 August 2025, the FCA and the Bank of England published a consultation on two additional draft Q&As relating to derivatives reporting under the revised UK EMIR Article 9 requirements. These Q&As address specific issues raised by market participants, including the use of technical ISINs in certain scenarios where no standard ISIN is available, and the correct approach to reporting FX swaps - clarifying when separate or single reports are required depending on how the transaction is concluded. We know that there has been significant engagement around both the ISIN and FX issues.

9. FCA Advances UK Bond Consolidated Tape

The FCA has recently announced that it is progressing with the creation of a consolidated tape (CT) for bonds.

On the emotive topic of pricing, the FCA's Invitation to Tender provides that during the term of the contract, the CTP will set prices for licence types, but prices will be capped by a weighted-average price control set through an e-auction.

The FCA expects to decide on the CTP by the end of 2025. Once a provider is selected and authorised, the successful bidder will be expected to promptly set up a CT service. The contract and licensing details will also be published for transparency.

We are seeing a number of interesting questions around CTPs - in particular, whether they will be profitable enterprises and therefore attractive to third party investors. Before we get to this, we wonder whether there may be some minor wrinkles to work through – the EU have demanded that contributors send data to the CTP in timeframes that are, well, ambitious to the point of lacking realism. We suggest that the UK may want to give this a bit more thought.

10. ESMA publishes list of data contributors to the Equity CTP

ESMA has published a list of investment firms and trading venues that contribute data to the equity tape. This list encompasses entities that are required to contribute, those that are eligible to opt in, and those that have already chosen to do so.

Eligible firms and operators wishing to opt in must notify both ESMA and their National Competent Authority, and are required to begin contributing data within 30 days of notification.

ESMA will update the list immediately in response to changes in trading venue operations or opt-in decisions, and will conduct quantitative assessments twice a year starting in 2026. Each entity’s status is clearly indicated as “MANDATED,” “OPTED-IN,” or “OPT-IN” (eligible but not yet opted in). Firms are encouraged to review the list to ensure compliance with their data contribution obligations. For further guidance or to discuss specific implications, clients should contact their usual firm representative.

11. EU Commission proposes revised IIPs and RRMs regulation

On 18 August 2025, the EU Commission published two draft regulations designed to modernise and strengthen the transparency of the EU's wholesale energy markets, in accordance with Regulation (EU) No 1227/2011 on Wholesale Energy Market Integrity and Transparency (REMIT). This is an area that has become a focus point in the market as a growing amount of fines are handed out for breaches of REMITS (MAR inspired) inside information framework.

The delegated regulation sets out requirements for IIPs (Inside Information Platforms) and RRM (Registered Reporting Mechanisms) including organisational, technical, and security standards, and introduces a streamlined authorisation process managed by the European Union Agency for the Cooperation of Energy Regulators (ACER).

Secondly, there is a proposed Implementing Regulation to improve data reporting, transparency, and market integrity in EU wholesale energy markets. Implementing Regulation include new reporting obligations for market participants, such as quarterly exposure reporting (covering trading positions, forecasted production, and forecasted sales for the next 24 months), with exemptions for small participants (below 600 GWh/year). One important point to note is that reporting deadlines are shortened: OTC contracts must be reported within ten working days, and trades on organised marketplaces within two working days. The new rules will be phased in, with transitional periods to allow adaptation.

The aim with these new rules is to smooth out the data issues that have dragged REMIT reports down - inconsistent data quality and formatting.

Operational Resilience

12. AFME publishes position paper on DORA Incident Reporting

The Association for Financial Markets in Europe (AFME) published a position paper highlighting significant operational challenges encountered by financial institutions in implementing the Digital Operational Resilience Act (DORA) incident reporting requirements, which came into effect on 17 January 2025. We mention in passing just in case you thought you were alone in grappling with DORA pain points.

The AFME document has a lot of sensible suggestions, including recalibrating incident reporting thresholds (we're hearing market reports of minor incidents), clarifying the scope of reportable incidents, and streamlining reporting processes - such as through a single reporting portal and pre-populated data fields - to ensure proportionality and effectiveness.

We think there is lots of good sense in DORA (and note that some US regulatory authorities are increasingly referring to it (see our previous briefing here), but it needs to be tailored, trimmed and made fit for purpose.

13. FCA publishes Cyber Resilience Insights

Firstly, relax, this publication does not introduce new requirements, but it is intended to inform firms' cyber-resilience strategy.

The FCA has published its 2024 Cyber Coordination Group (CCG) Insights that give an overview of current cyber resilience challenges and best practices within the UK financial sector. The update sets out some takeaways from the discussions with member CCG member firms, focusing on three core areas: third-party and reconnection frameworks, threat and vulnerability management, and the integration of artificial intelligence (AI) and emerging technologies.

What stood out for us was the focus on threat and vulnerability management. The FCA underscores the effectiveness of threat-led penetration testing, including frameworks like CBEST and STAR-FS, in uncovering previously unknown vulnerabilities. Secondly, perhaps unsurprisingly, how combined non-critical vulnerabilities can be as damaging as single critical flaws, and stresses the importance of robust risk management for legacy systems.

There's also something for those who are implementing AI tools / systems within their organisation (i.e. everyone…). The FCA notes both the opportunities and risks associated with its deployment in cyber defence. While AI can enhance automation and threat detection, insufficient understanding of its impacts may expose firms to new risks. While the FCA gave a nod to its papers on the topic of AI, something more detailed on cyber-resilience and perhaps some case studies would be useful here.

Digital Markets

14. GFMA publishes call for recalibration of Basel Crypto

Full disclosure, we acted on this one so we're biased.

On 19 August 2025, the Global Financial Markets Association (GFMA) published a joint letter to the Basel Committee on Banking Supervision (BCBS) alongside leading global financial trade associations (Joint Trades) and technical advisors, calling for a pause and recalibration of the Cryptoasset Exposures Standard (SCO60). The Joint Trades, which includes the GFMA, ASIFMA, SIFMA and AFME, highlighted concerns that the current Basel prudential treatment of cryptoassets is misaligned with market risks. The letter argues that the capital requirements risk pushing innovation outside the regulatory perimeter, undermining the safety and soundness benefits of bank participation in cryptoasset markets. The Joint Trades and technical advisors recommended the BCBS to make revisions to SCO60 to better reflect actual risk profiles and to support responsible innovation within the regulatory perimeter.

Accompanying the letter, the Joint Trades and technical advisors published a report on "The Impact of DLT in Capital Markets: Ready for Adoption, Time to Act”, detailing how Distributed Ledger Technology (DLT) and tokenisation are transforming capital markets, particularly in securities issuance, collateral management and fund operations. The report emphasises the need for technology-neutral regulation that keeps pace with DLT-based finance and market developments, and provides deep dive analyses of live use cases demonstrating that DLT is ready to scale.

Ashurst advised the Joint Trades on both the letter to BCBS and the DLT report – please see our separate briefing here.

15. New EU Regulation on Market Abuse Prevention in Crypto-Assets

In a further step towards bringing crypto-assets within the pillars of traditional regulation, the European Commission has adopted technical standards for preventing/protecting/reporting market abuse in cryptoasset and distributed ledger technology (DLT).

The regulation will look familiar to anyone who is versed in the Market Abuse Regulation and its technical standards. It applies to those entities professionally arranging or executing crypto-asset transactions – such as those receiving and transmitting / executing crypto-asset orders and/or trading interests.

Under the Market Abuse Regulation this requirement gave rise to a series of publications by ESMA and the FCA on its application to corporates (e.g. commodity / energy firms with traders) – with the FCA taking the view that proportionality meant the surveillance standards did not have to apply in all cases or where scaled. The same issue arises here, albeit in a different context.

As was expected, in scope entities must implement effective and ongoing monitoring systems for all orders and transactions, both on-chain and off-chain, to identify potential market abuse. These systems should be proportionate to the scale and nature of the business and must include both automated and human analysis. Regular audits and internal reviews are also required, with documentation retained for five years.

Given the focus on DLT, there are novel elements of this even for seasoned market abuse regulation experts. For example, firms are required to monitor "aspects of the functioning of the DLT, including the consensus mechanism." This requires the capability to detect manipulative behaviours at the protocol level itself.

Suspicious transaction and order reports (STORs) must be submitted without delay once reasonable suspicion arises, using a harmonised electronic template. The regulation details the information to be included in STORs, such as the identity of the reporting entity, transaction details, and the nature of the suspicion. Confidentiality of the reporting process is mandated, and only relevant staff should be informed. This is all standard stuff for banks, brokers and other investment firms but for crypto asset providers in many spaces it is new and daunting.

16. FCA Stablecoin and Cryptoasset Regulatory Update – Key Points for Market Participants

The Association for Financial Markets in Europe (AFME) has responded to the FCA’s July 2025 consultation on stablecoin issuance and cryptoasset custody, broadly supporting the proposed regulatory regime while highlighting areas for refinement to ensure the UK’s competitiveness and market integrity. The themes highlighted in the AFME paper are cross industry themes that the FCA will have seen in other papers – calls for definitional amendments for clarity (tokenised traditional assets versus cryptoassets), and for the custody rules to resemble CASS 6 rules (which there are more of a spectrum of views on).

See also the UK Finance's responses on same topic here.

17. FMLC responds to FCA consultation on stablecoin issuance and cryptoasset custody rules

On 11 August 2025, the Financial Markets Law Committee (FMLC) responded to the FCA’s consultation on proposed rules for stablecoin issuance and cryptoasset custody. We participated in this one (with thanks to Jamie Jefferson), so again we're biased, but we think it is a good paper because it proposes practical solutions to the problems it identifies (and not just legal head scratching).

Key issues raised include:

• Ambiguity around which entities are considered "issuers" of stablecoins, potentially leading to regulatory confusion for various parties, such as service providers or distributors. The FMLC calls for clarification on the scope of the issuance regime.
• The definition of "qualifying stablecoin" mentions fiat currency but lacks a clear explanation, prompting the FMLC to recommend a more precise definition, including whether central bank digital currencies are included.
• The FMLC advocates for an outcomes-based approach to stablecoin backing, rather than requiring issuers to hold assets in a statutory trust, which may not be feasible for global firms.
• Concerns are raised regarding the safeguarding of cryptoassets under the current CASS rules, noting the inconsistency in differentiating custodial functions between securities and cryptoassets. The FMLC also points out that the consultation does not address the potential use of sub-custodians by cryptoasset custodians.

18. ISDA publishes Response to BIS Consultation on Tokenization of Payments and Financial Transactions

On 6 August 2025, ISDA published their response, dated 30 July 2025, to the BIS consultation highlighting both the opportunities and challenges of tokenization in financial markets, especially for derivatives. The paper is a good summary of contemporary thinking, outlining both the benefits (atomic settlement/reduction counterparty risk/efficient collateral management/lower transaction costs) but also the issues such as status of tokenized asset, enforceability, and the need for standardisation.

19. IMF reviews existing approaches to technology solutions to support central bank digital currency with limited connectivity

The International Monetary Fund’s August 2025 note reviews the evolving landscape of technology solutions enabling central bank digital currencies (CBDCs) to function in environments with limited or no connectivity. Central banks are looking into digital currencies and the different issues involved, including offline payment capabilities (i.e. where payee/payer don't have access to central bank). The Bank of England issued its own findings on this earlier this year (see here). The IMF and Bank of England seem to agree that there is no single technology solution and that security issues/challenges remain! The Bank of England probably summed it all up best when it said: "Our policy work on offline digital pound payments is ongoing."

Capital

20. HM Treasury: Updated Webpage: Policy paper: Applying the FSMA 2000 model of regulation to the Capital Requirements Regulation

As with EU the implementation of Basel 3.1 in the UK has been delayed by one year, now set for 1 January 2027.

The PRA has published draft legislation that covers transitional provisions, capital buffer definitions, and overseas recognition regimes. These changes are, in part, to support further prudential reforms proposed by the PRA.

HM Treasury and the PRA are seeking technical feedback on the draft legislation and policy updates. The original deadline for feedback was 5 September 2025, however, due to feedback requesting additional time, the deadline has been extended to 12 September 2025 for responses on Basel 3.1 Market Risk Transitional Provision - Draft Regulations and to 30 September 2025 for responses to Overseas Recognition Regimes and Key UK CRR Definitions and the draft Key UK CRR Definitions Statutory Instrument.

21. EBA confirms postponement of FRTB Market Risk Framework 2027

The European Banking Authority (EBA) has confirmed its support for the European Commission’s recent Delegated Act, which defers the application of the Fundamental Review of the Trading Book (FRTB) standards for market risk capital requirements in the EU by a further year, now taking effect from 1 January 2027. This extension, subject to non-objection by co-legislators, maintains the regulatory status quo for EU institutions and provides additional time for market participants to prepare for the new regime.

The EBA’s previously issued no-action letter remains in force, advising national competent authorities not to prioritise supervisory or enforcement actions regarding the trading/non-trading book boundary until the FRTB framework is fully implemented. The EBA also confirms the continued applicability of its prior technical guidance during the postponement period.

Things we saw of interest

22. BIS launches Project Noor with respect to AI models for financial supervision

The use of AI by the regulators is far less discussed than the use of AI by industry.

On 18 August 2025, the BIS Innovation Hub announced it had launched Project Noor, aimed at helping financial supervisors better understand AI models used by banks and financial institutions. By combining explainable AI techniques with risk analytics, the project will develop a prototype tool to assess AI model transparency, fairness, and robustness. Led by the BIS Innovation Hub Hong Kong Centre, in collaboration with the Hong Kong Monetary Authority and FCA – an interesting cross regulatory collaboration and one to watch the results of.

The website gives some examples of what this might mean in "everyday terms". One example is "supervisors gain modern tools to check that similar customers are treated consistently". This brought to mind Consumer Duty requirements in the UK, and perhaps fair and non-discriminatory requirements for trading venues.

23. FCA publishes its Multi-firm review into off-channel communications

Not really market structure, but we couldn't resist including this one. This relates to the strained ongoing regulatory relationship with "communication systems" – be that a phone, WhatsApp or other form of chat. The FCA has prior form on enforcement action in relation to use of Whatsapp, and it has been a pet-enforcement subject of the US regulator for years.

On 7 August 2025, the FCA published its findings of its multi-firm review into the use of unauthorised, or “off-channel”, communications by regulated firms. The review focused on how firms record and monitor business-related communications, particularly those made through private messaging apps and personal devices, which are not captured by official systems.

The FCA found that while some firms have taken steps to address the risks, there are still significant weaknesses in how off-channel communications are managed. Common issues include a lack of clear policies, insufficient staff training, and inadequate monitoring and enforcement. The FCA emphasised that firms must have robust systems in place to ensure all business communications are properly recorded, as required by regulation. The regulator expects senior management to take responsibility for compliance and to foster a culture where staff understand the importance of using approved communication channels.

The FCA warns that failure to address these issues could result in enforcement action. Firms are urged to review their policies and controls, ensure staff are aware of their obligations, and take prompt action to close any gaps in their processes.

We have seen reviews of a) existing / traditional communication (mobile/chat functions etc) and b) a sweep of non-traditional / technology enabled communication by firms following this.

24. EC ECB publishes Working Paper on Digital Deposits

The European Central Bank (ECB) published a working paper “Mind the App: do European deposits react to digitalisation?”, which examines how digital banking apps influence depositors’ behaviour in Europe. The study finds that increased digitalisation, particularly through mobile banking apps, can make deposit withdrawals faster and more responsive to news or market events. This suggests that digital tools may increase the risk of rapid deposit outflows, which could have implications for financial stability and bank liquidity management. Would the famous bank queue runs of the GFC had been worse if everyone had had a banking app?

25. ECB publishes Working Paper on Higher Order Exposures

If you wanted more beach reading, the ECB has followed up with another Working Paper on “Higher-order exposures”, which explores the complex interconnections between financial institutions (using data from South Africa, which is slightly confusingly…).

It analyses how indirect exposures - those that arise not from direct links but through chains of relationships - can amplify risks within the financial system. The findings highlight that these higher-order exposures can make the financial network more vulnerable to shocks, as problems can spread more widely and unpredictably than previously understood. For example, if two banks hold large amounts of the same securities, a forced sale by one can depress prices and cause mark-to-market losses to the other.

The ECB towards the end of the paper highlights some practical suggestions, such as building higher order exposures into the regulatory capital "large exposure" framework, or including it in a resolution framework and stress tests. We think that general market risks are typically included in "stress tests", so it would be useful to see exactly the difference the authors are proposing between the current macro stress tests used and those designed to capture "higher order exposures". The paper also interestingly mentions how more data would be needed to properly understand these exposures – maybe, but currently we're still fine tuning EMIR and SFTR data collection (see entry above on Trade Repository Data Collections).

26. ECB: Working Paper: Gaming the test? Window-dressing and portfolio similarity around the EU-wide stress tests

Another ECB Working Paper! This time looking at how EU-wide supervisory stress tests affect European banks’ behaviour and systemic risk.

Using confidential data from the 2021 and 2023 stress tests, the authors find that banks engage in anticipatory “window-dressing” by adjusting their capital ratios - mainly through reducing risk-weighted assets - before the tests begin, especially those expecting poor results. We think that much of this looks like some of the higher order risks referred to in the earlier ECB paper. The punchline is that the ECB thinks that the current design of EU stress tests enhances both individual bank resilience and overall financial stability, without incentivizing harmful herding behaviour. However, the authors note that banks with weaker fundamentals should be closely monitored, as their stronger reactions to stress tests could increase idiosyncratic risk even as systemic risk declines.

27. Leveraging the non-bank sector – in good times and bad

On 11 August 2025, the FCA released an article by Sarah Pritchard, co-chair of the Financial Stability Board's working group on non-bank leverage, in which she reflects on her role and outlines implementation priorities for the UK. She focuses on the importance of non-bank financial institutions and also the well discussed risks, such as leverage. Unsurprisingly, her focus is on data collection and international cooperation in relation to non-bank financial activities. It would be interesting to hear a bit more about what type of data is needed and isn't collected currently - what do regulators miss on the current data set? Is there a way of doing more with less?

28. Should we mind the gap? The ECB's assessment of the benefits of equity markets and policy implications for Europe’s capital markets union

On 6 August 2025, the ECB published an opinion paper on the benefits of equity markets and the policy implications for Europe’s Capital Markets Union. The paper highlights the persistent gap between EU and US equity markets, noting that US markets are significantly larger, more liquid, and more dynamic. Unfavourable comparisons to America's deeper capital markets and the EU's reliance on bank lending are decades old – that's not to say the concerns aren't valid just that they've been around for a while! More positively, the ECB highlights the Listing Act, which helps simplify the listing requirements and reduces some compliance costs.

The ECB also draws attention to the underdevelopment of the EU’s venture capital (VC) ecosystem, which limits the pipeline of innovative firms able to scale and list domestically. The paper advocates for further measures to deepen VC markets, including the creation of larger pan-European funds and harmonisation of regulatory frameworks to attract institutional investors. We think that quite a bit of heavy lifting would be needed for the tax and regulatory framework.