The long and winding road of regulatory overhaul

In addition to relieving some more onerous aspects of existing standards, for example, the certification part of the UK's Senior Manager and Certification Regime (SMCR), the regulator has increasingly come under pressure to deliver more industry-friendly results across policy, supervision, and enforcement.

This is particularly the case in the context of transfer of assimilated EU law into the regulators' handbooks. The process will entail policy changes, with pressure to make rules more proportionate, efficient and better adapted for UK markets. But even here, there is a balancing act. Even helpful changes lead to operational implementation costs for the industry – so the cost/benefits analysis has to be carefully calibrated.

The FCA has frequently touted its response to these challenges by flagging its move towards 'outcomes focussed' regulation; this is perhaps encapsulated most clearly by the still relatively new Consumer Duty which imposes an obligation on firms to deliver good outcomes for retail customers. Illustrating the need to split focus between old and new, alongside the introduction of the Consumer Duty, the FCA is also looking to strip back its rules where these overlap with, duplicate or do not fit with the Consumer Duty. To a degree, removing rules reflects the flexibility arising post Brexit. While such flexibility will be useful for the regulators, it is hard to square this with the much-desired regulatory certainty which firms and investors are looking for given the constantly shifting nature of expectations in different sectors of the industry – something seen most recently in the motor finance sector. 

The UK regulators are not alone in feeling the pull (and the push) from all directions. In a recent speech, the CEO of Hong Kong's Securities and Futures Commission (SFC) highlighted that the regulator is a firm believer that innovation and regulation are not opposing forces but should go hand in hand, and that transforming financial markets through technology is one of its strategic priorities over the next three years. It is a sentiment which has been echoed by many regulators and by the global standard setting bodies over the past few years. Also like many of its peers, the SFC is technology-neutral and adopts a 'same business, same risks, same rules' principle, with investor protection as its primary focus.

Reacting to challenges

Balancing these priorities is also something that is apparent as regulators recast their regulatory approach in the face of specific developments – from crypto-assets to AI to quantum computing.

In Hong Kong, the SFC was one of the early movers in introducing an investor protection-focused regulatory response to crypto-asset-related activities, with an opt-in regime in 2018 followed by a mandatory licensing regime in 2023 for virtual asset trading platforms. More reforms are in the pipeline including the regulation of over-the-counter crypto-asset trading, a licensing regime for crypto-asset custodian service providers, and the regulation of fiat-referenced stablecoin issuers.

Similarly, the EU has introduced via the Markets in Crypto-Assets Regulation (MiCAR) a new licensing regime for crypto-asset activities, including issuance of crypto-assets and the related supply of services. Meanwhile, both the UK regulator and Australian regulator are behind the curve – both partly as a result of political upheaval. In the UK, the FCA only set out its roadmap to crypto-asset regulation in November 2024. In Australia, the current government conducted a token mapping exercise but the resultant proposed legislation framework has been shelved with ASIC reissuing a consultation on its information paper. Whether the advantage goes to the hare or to the tortoise in the crypto-asset regulation race remains to be seen.

Perhaps the biggest tangible challenges that regulators now face emanate from technology. AI, in particular as it becomes embedded in processes, will change the way that firms operate from front to back office, how they identify and seek to meet customer needs, and how they respond to developments. We address quantum computing here – the herd of elephants in the room – but given the leap forward which generative AI (GenAI) presented only recently, the increased speed which quantum computing could deliver may recast that leap as the smallest of steps. At the moment though, most regulators are focused on addressing 'current' rather than 'future' AI. In November 2024, the Hong Kong SFC set out its expectations for licensed corporations offering services or functionality provided by GenAI language models in relation to their regulated activities. The EU on the other hand is ploughing ahead with its sector-agnostic AI regulations, leading the charge with setting up AI-specific prescriptive rules, and Australia announced in late 2024 that it is adopting a similar approach to the EU. It already has voluntary standards in place but has consulted on introducing mandatory guardrails focussed on high-risk AI systems and models (eg, deep fakes and AI used in national security).