European

European Union (Anti-Money Laundering: Beneficial Ownership of Trusts) (Amendment) (No. 2) Regulations 2025 published

On 3 October 2025, the European Union (Anti-Money Laundering: Beneficial Ownership of Trusts) (Amendment) (No.2) Regulations 2025 (S.I. No. 440/2025) were published.

The Regulations amend provisions of the European Union (Anti-Money Laundering: Beneficial Ownership of Trusts) Regulations 2021 (S.I. No. 194/2021) to give further effect to Article 31 of Anti-Money Laundering and Terrorist Financing Directive (AMLD) 4 as amended by Article 1(16) of AMLD 5. They introduce new obligations on designated persons in relation to circumstances where details regarding a relevant trust have not been registered in the Central Register of Beneficial Ownership of Trusts.

The Regulations came into force on 1 October 2025 and can be accessed here.

EBA report on tackling ML/TF risks posed by CASPs and issuers of ARTs and EMTs

On 9 October 2025, the European Banking Authority (EBA) published a report on tackling money laundering and terrorist financing (ML/TF) risks for crypto-asset service providers (CASPs) and issuers of crypto-assets. The report is intended to inform competent authorities’ supervisory approaches to the authorisation and oversight of CASPs and issuers and to strengthen anti-money laundering (AML) and counter financing terrorism (CFT) framework. The report:

• outlines significant AML/CFT vulnerabilities across the sector
• provides targeted guidance to competent authorities for improving supervision and oversight
• identifies key elements that will underpin the effective application of the new EU framework
• highlights the safeguards introduced by Markets in Crypto-Assets Regulation (MiCAR) and the revised AML/CFT regime
• describes strategies used by some CASPs and issuers to evade national AML/CFT supervision, including:
  • entities operating without regulatory approval
  • forum shopping
  • exploitation of the reverse solicitation exemption
  • weaknesses in AML/CFT compliance and risk management
  • unclear beneficial ownership and governance structures
  • multi-entity arrangements with high-risk entities

ESAs publish general data protection statement relating to DORA oversight

On 10 October 2025, the European Supervisory Authorities (ESAs) published a general data protection statement relating to Digital Operational Resilience Act (DORA) oversight.

In line with Articles 15 and 16 of the General Data Protection Regulation, the data protection statement provides information to data subjects relating to the processing of their personal data carried out by the ESAs in the context of their oversight activities under DORA.

The statement can be accessed here for more details.

New ESMA Q&As on MiCAR published

On 14 October 2025, the European Securities and Markets Authority (ESMA) issued two new Q&As relating to MiCAR.

The first question asked how to distinguish between different execution services, such as the ‘exchange’ of crypto assets for funds or other crypto assets, the ‘execution’ or ‘reception and transmission’ of orders for crypto-assets on behalf of clients, under Article 3(1) of MiCAR. ESMA distinguished between the subsections and stated it was necessary to assess whether the services for which the CASP requests authorisation actually matches the operational reality. In addition when in doubt where a CASP engages with retail clients, ESMA advises that a more conservative approach should be taken, with an assumption that the CASP acts as an agent and therefore provides execution services.

The second question related to the responsibilities of offerors and CASPs under Article 66(3) with regard to white papers for ‘Title II tokens’ admitted to trading prior to 30 December 2024. In response, ESMA referenced the derogation from Title II under Article 143(2) and explained there is no white paper requirement for Title II crypto-assets admitted to trading prior to 30 December 2024. By 31 December 2027, operators of trading platforms must ensure there is a white paper and publish hyperlinks to any existing white papers. The other CASPs referenced in Article 66(3) must only publish hyperlinks to existing white papers and where none such exist, they bear no responsibility to ensure their production.

ESMA issues supervisory expectations for management bodies of entities it directly supervises

On 15 October 2025, ESMA published its final report on supervisory expectations for the management body of credit rating agencies, benchmark administrators of EU critical benchmarks and third-country recognised benchmarks, third country-central counter parties (CCPs) that qualify as systemically important (Tier 2 CCPs), data reporting service providers, securitisation repositories and trade repositories. The supervisory expectations aim to provide a consistent reference point for these supervised entities regarding governance and oversight arrangements and will be used as an instrument in ESMA’s supervisory dialogue in this context.

The supervisory expectations are structured around 12 high-level principles covering:  

• responsibilities of the management body
• accountability and delegation
• effective challenge
• tone from the top
• the operation of the management body
• effective reporting
• control function access to the management body
• record keeping
• effective leadership
• composition of the management body
• reviewing effectiveness
• training and recruitment

The supervisory expectations will be taken into account by ESMA three months after publication of the final report, which can be accessed here.

ESAs’ Joint Committee publishes work programme for 2026

On 16 October 2025, the Joint Committee of the ESAs has published their work programme for 2026 outlining key areas of collaboration. The ESAs will execute the work programme in the context of the EU’s simplification agenda. The ESAs will explore ways to foster simplification in areas within its remit, and joint deliverables and initiatives below may evolve accordingly.

Areas of collaboration include:

• digital operational resilience
• consumer protection and financial innovation
• sustainable finance
• risk assessments
• securitisation
• financial conglomerates
• external credit assessment institutions (ECAIs)
• European Single Access Point
• European Market Infrastructure Regulation (EMIR)

The programme can be read here.

ESMA report on administrative sanctions and measures imposed by EEA NCAs in 2024

On 16 October 2025, ESMA published a report on administrative sanctions and measures imposed by EEA national competent authorities (NCAs) in 2024 across financial sectors under ESMA’s remit, and covers enforcement actions such as administrative fines, temporary or permanent bans, suspensions or withdrawals of authorisations and cease and desist orders, public statements, disgorgement of profits gained or losses avoided and gain-based pecuniary sanctions.

Overall, the data show discrepancies in the use of sanctioning powers across Member States, particularly in terms of the amounts of fines, number and types of sanctions and measures, and the use of settlements. Among the key statistical highlights of the report are:

• 975 administrative sanctions and measures were imposed across 29 EEA Member States, which is nearly identical to 2023.
• The total value of fines issued in 2024 was just over €100m, marking an increase of €29m since 2023.
• The highest number of administrative sanctions and measures imposed were in relation to breaches of the Market Abuse Regulation (MAR) (at 377) and Markets in Financial Instruments Directive II (MiFID II)/Markets in Financial Instruments Regulation (MiFIR) (at 294).
• The highest aggregated amount of administrative fines were imposed for breaches of MAR (at €45.5m) and MiFID II and MiFIR (at €44.5m), followed by sanctions in relation to the Alternative Investment Funds Manager Directive (AIFMD) at 209 sanctions and measures, at a value of €5.5m.
• The figures relating to MAR breaches include enforcement action taken by the Central Bank of Ireland (CBI) against Goodbody Stockbrokers, which was the highest fine imposed by settlement under MAR (at €1.2m).
• Out of the 975 administrative sanctions and measures imposed, administrative fines represent over 60%, cease and desist orders represent 10%, and ‘other’ enforcement sanctions/measures represent 16%.
• Out of all the administrative sanctions and measures imposed, 94 (or 10%) were issued using settlement procedures.

The report can be accessed here.

FATF removes jurisdictions from the ‘grey list’

On 24 October 2025, the Financial Action Task Force (FATF) announced the removal of Burkina Faso, Mozambique, Nigeria and South Africa from its list of jurisdictions subject to increased monitoring for AML/CFT purposes, which is known as the ‘grey list’. This removal may prompt the EU to align its list of high-risk third countries (EU HRTCs) with the FATF's blacklist.

Although no new jurisdictions have been added to the grey or black lists, FATF has updated its public statement on Iran, called for countermeasures in the Democratic People’s Republic of Korea and for enhanced due diligence for Myanmar.

Whilst the EU's identification of EU HRTCs must be based on a jurisdiction's compliance with 4AMLD criteria, and is independent from that of FATF, the European Commission acknowledges the work at international level, including by FATF, and aims to closely align its list with lists agreed internationally so as to ensure the integrity of the global financial system.

Until an EU updated list of EU HRTCs comes into effect, EU "obliged entities" - including, for example, banks, investment firms, payment and e-money institutions, CASPs, funds, auditors and legal professionals - are required to apply enhanced customer due diligence measures when dealing with persons and entities based in EU HRTCs.

FATF’s announcement can be read here.

EBA opinions on European Commission amendments to draft RTS on liquidity requirements of the reserve of assets and definition of highly liquid financial instruments

On 10 October 2025, the EBA published two opinions in response to the European Commission’s proposed amendments to draft RTS under MiCAR regarding:

• liquidity requirements of the reserve of assets under Article 36(4) of MiCAR - access opinion
• the definition of highly liquid financial instruments with minimal market risk, credit risk and concentration risk under Article 38(5) of MiCAR - access opinion

The EBA found that proposed amendments were inconsistent with Articles 36(1)(b) and 38(1) of MiCAR and reaffirmed its original standards to ensure alignment with the MiCAR’s prudential framework and broader EU financial stability objectives.

The EBA stated that the Commission’s amendments could be interpreted as allowing investments of issuance proceeds into non-highly liquid financial instruments (such, as commodities or crypto-assets), classifying all money market funds as highly liquid financial instruments while relaxing concentration and look-through limits, and removing undertakings for collective investment in transferable securities concentration rules. While supporting the proposed drafting clarifications, the EBA considers the substantive amendments inconsistent with Articles 36(1)(b) and 38(1), as they would introduce material liquidity risk, weaken alignment with the banking liquidity framework and open scope for regulatory arbitrage.

ESMA publishes EMIR RTS on CCP authorisations, extensions and model validations

On 9 October 2025, ESMA published two final reports on the regulatory technical standards (RTS) on CCPs authorisations, extensions of authorisation and model validations, following the review of the European Market Infrastructure Regulation (EMIR 3). EMIR 3 introduces several measures to make EU clearing services and EU CCPs more efficient and competitive. ESMA conducted public consultations on the draft RTS in Q1 2025 and the final reports consider the feedback received. 

The RTS specify the conditions for extensions of: 

• authorisation and the list of required documents and information for applications by CCPs for initial authorisations and extensions thereof
• changes to CCPs’ models and parameters and the list of required documents and information for applications for validations of such changes

The RTS will now be submitted to the European Commission for endorsement, following which they will be subject to scrutiny by the European Parliament and the Council.

The publication can be accessed here.

ESRB warns against growing financial stability risks posed by EU and non-EU multi-issuance stablecoin

On 20 October 2025, the European Systemic Risk Board (ESRB) published a report on crypto-assets and decentralised finance which examines developments in the crypto-asset ecosystem, with a focus on stablecoins, crypto-asset investment products and multi-function groups. In response to the risks associated with jointly issued stablecoins, the ESRB also adopted a recommendation on third-country multi-issuer stablecoin schemes.

The ESRB report, which can be read here, highlights potential financial stability risks arising from the increasing integration of crypto-assets into the broader financial system, especially through stablecoins jointly issued by EU and non-EU entities. The report recommends that the European Commission and the European Parliament conduct a formal review of the regulatory framework to explicitly address the risks of multi-issuer schemes, and that macroprudential authorities do more to analyse the systemic threats posed by the model.

The recommendation, which can be read here, sets out a two-pronged approach:

• It advises the European Commission to clarify, by the end of 2025, that such issuance models are not permitted under MiCAR.
• If no clarification is provided, the ESRB recommends that relevant authorities implement safeguards, such as enhanced supervisory measures, strengthened international cooperation and legal reforms, by the end of 2026, with full implementation by the end of 2027.

The ESRB will monitor the implementation of the recommendation and requires addressees to report on their actions and provide justification for any inaction.

ESMA’s revised guidelines on outsourcing to cloud service providers applicable from 30 September 2025

On 30 September 2025, ESMA published its revised guidelines (the guidelines) on outsourcing to cloud service providers on ESMA’s website. The revised guidelines, which have been translated into the official EU languages now apply to all cloud outsourcing arrangements entered, renewed or amended on or after the publication date.

• The scope of the revised guidelines is narrower in light of the implementation of DORA - they will apply solely to depositaries referred to in Article 21 of the Alternative Investment Fund Managers Directive and Article 23 of the Undertakings for Collective Investment in Transferable Securities (UCITS) Directive that fall outside the scope of DORA.
• All other entities that currently fell within the scope of the previous guidelines, will not be subject to the revised guidelines - thereby removing any overlap between the guidelines and DORA.
• Apart from the reduced scope, the substantive content of the existing guidelines remains unchanged. As a result, ESMA did not conduct a public consultation on the amendments to the guidelines.

The publication can be accessed here.

EBA report on the efficiency of the regulatory and supervisory framework for credit institutions

On 1 October 2025, the EBA published a report outlining proposals for its contribution to the European Commission’s simplification plans, specifically in furtherance of a more efficient regulatory and supervisory framework for credit institutions. The proposals were prepared by a task force on the efficiency of the regulatory and supervisory framework composed of Board of Supervisors’ members and EBA staff and were approved by the EBA Board of Supervisors.

The proposals fall under the following four areas:

Production of Level 2 (L2) and Level 3 (L3) regulatory products

The EBA developed a methodology to assess the materiality of L2 and L3 mandates, which when applied to the EBA’s upcoming L2 and L3 mandates shows that 20% of these mandates could be de-prioritised. In practice, this would require an EBA agreement with the European Commission and co-legislators.

Reporting burden for financial institutions

Further simplification of the reporting framework is called for, considering both existing reporting requirements and future changes.

EBA’s contribution to the overall EU prudential regulatory framework

Addressing the complexity of the framework may require several fundamental changes its design, execution and calibration, however there are simple practical steps to be taken to start to improve the implementation of the existing framework.

Internal working arrangements

Given the maturity of the Single Rulebook, it may be timely to shift focus and resources from ex ante harmonisation towards ex post supervisory convergence. Although tools are available, they would require clearer risk-based prioritisation, a simplified process and increased support from competent authorities.

Further detail on the recommendations included in the proposal can be accessed here.

RTS on liquidity management policy and procedures for certain issuers of ARTs and EMTs published in the EU Official Journal (OJ)

On 3 October 2025, the Commission Delegated Regulation (EU) 2025/1264 containing RTS specifying the minimum content of the liquidity management policy and procedures for certain issuers of asset-referenced tokens (ARTs) and e-money tokens (EMTs) under MiCAR was published in the Official Journal of the EU.

The Commission Delegated Regulation applies to:

• issuers of significant ARTs
• electronic money institutions issuing significant EMTs
• issuers of ARTs that are not significant, where required by a competent authority under Article 35(4) of MiCAR
• electronic money institutions issuing EMTs that are not significant, where required by a competent authority under Article 58(2) of MiCAR

The Commission Delegated Regulation entered into force on 23 October 2025 and can be accessed here.

ESMA work programme for 2026

On 3 October 2025, ESMA published its Annual Work Programme 2026. ESMA’s three strategic priorities are:

• fostering effective markets and financial stability
• strengthening supervision of EU financial markets
• enhancing protection of retail investors

In 2026, ESMA will continue to build on existing priorities, supporting the forthcoming strategic developments set out by the Commission’s Saving and Investments Union (SIU) Strategy. This includes aligning supervisory practices across Member States, enhancing market data capabilities, and actively contributing to upcoming reforms designed to create a more integrated and globally competitive EU financial system. 

ESMA will continue supporting implementation of key legislative files agreed under the previous legislature, notably the European Market Infrastructure Regulation (EMIR 3) and the European Single Access Point (ESAP). Other ongoing legislative files which, depending on progress, may require ESMA’s attention in 2026 are the Retail Investment Strategy (RIS), as well as the review of the packaged retail and insurance-based investment products (PRIIPS), Sustainable Finance Disclosure Regulation (SFDR) and Securitisation Regulation. 

ESMA will focus on enhancing data capabilities and promoting innovation across the EU financial sector. Key projects for 2026 include the rollout of the ESMA Data Platform, centralisation studies, and the development of AI-powered supervisory tools. In the digital finance sector ESMA will continue to focus on the effective implementation of MiCAR as it is key to ensuring investor protection and the orderly functioning of crypto-asset markets. ESMA’s supervisory convergence efforts will remain focused notably on the authorisation and supervision of CASPs. 

The work programme can be accessed here.

Date published: 25 November 2025

This publication provides an overview of certain legal and regulatory developments that may be of interest to certain entities. It does not purport to provide analysis of law or legal advice and is strictly for information purposes only.