The financial services sector is poised for significant regulatory changes, with a series of important deadlines set to take effect in 2025. Finextra has provided a comprehensive overview of these forthcoming regulations, which are expected to reshape operational practices across the industry.
Kicking off the year, the EU's Digital Operational Resilience Act (DORA) will become enforceable on 17 January 2025. DORA is aimed at ensuring that financial institutions maintain resilience in the face of potential operational disruptions. This legislation covers five critical areas: governance, third-party risk mitigation, resilience testing, incident reporting, and information sharing. It officially came into force in January 2023, marking a preparatory period for compliance by early 2025.
Following that, from 2 February 2025, provisions under the EU AI Act regarding prohibited AI systems will also come into effect. This legislation specifically addresses the marketing and usage of AI systems that are deemed to pose an unacceptable risk, thereby establishing a regulatory framework for artificial intelligence within the EU market.
The transition period for PS21/3 will conclude on 31 March 2025. This policy, introduced by the Bank of England, Financial Conduct Authority (FCA), and Prudential Regulatory Authority (PRA), aims to bolster operational resilience within the UK financial sector, ensuring that there are robust systems in place to handle challenges.
In July 2025, multiple regulatory requirements will take effect. Notably, the Australian Prudential Regulation Authority (APRA) will enforce CPS 230 from 1 July, which focuses on enhancing operational risk management across the banking, insurance, and superannuation sectors. Concurrently, the UK will initiate the Basel 3.1 framework on the same date. This internationally recognised regulatory accord, formulated in response to the 2007-2009 global financial crisis, is designed to strengthen banking supervision, regulation, and risk management.
Additionally, a critical deadline in the US will arise on 18 July 2025, with Section 1071 of the Dodd-Frank Act coming into effect for Tier 1 banks. This section mandates that lenders collect and report information related to lending practices towards women-owned, minority-owned, and small businesses, thereby enhancing transparency in fair lending laws.
As August approaches, the next phase of the EU AI Act provisions will become applicable on 2 August 2025. These stipulations will expand the act's regulatory framework, covering notified bodies and governance among other crucial areas.
Moving into September, the deadline for amendments to MiFID II is deadlines set for 29 September 2025, following an 18-month transition period after the review of MiFID II/MiFIR regulations initiates in March.
The timeline continues into October, when all financial institutions will be mandated to facilitate instant payments to Euro area member states by 9 October 2025. This requirement is part of a broader initiative for the seamless execution of payments across member states.
Another significant regulatory change is set for November 2025 when the coexistence period for Swift’s MT/ISO 20022 CBPR+ will conclude. By this point, all cross-border payment instructions must adhere to the new ISO 20022 standard, which is intended to enhance the consistency and efficiency of data transmission in payments.
Lastly, on 31 December 2025, the third country provisions of the Benchmarks Regulation (BMR) will come into effect. These provisions were established in the wake of the 2012 LIBOR scandal to regulate financial benchmarks, marking a significant move towards improved stability and trustworthiness in financial systems across the globe.
As these regulatory frameworks are set to come into force, companies within the financial services sector are expected to align their practices to comply with evolving standards, driving a wave of operational enhancements and strategic adjustments throughout 2025.
Source: Noah Wire Services