The result of the 2024 presidential election in the United States signalled a tectonic shift in the regulatory landscape for all industries, including financial services. Hints of a backlash against excessive regulation were apparent in the implementation delay of the stringent Basel rules and the debates raging around ESG.
The sudden vanishing of a transatlantic consensus was yet another issue for the European Union to address. Having recently emerged from elections, at the start of an implementation cycle for new sustainability and digital regulation, and faced with a complex future painted by the Draghi report, the pressure for the EU to reform and change had never been greater.
This resulted in the resurrection of a forgotten instrument – the Omnibus – which allowed the EU to quickly react and streamline rules in the name of competitiveness and administrative burden reduction. To date, 10 Omnibus packages have been proposed – in energy, digital, sustainability, and more.
It is unlikely that either the pace of change or the appetite for much-needed reform will please the most vocal critics, but there is no doubt that action is being taken. One of the next contenders for simplification is the bloc’s fragmented regulatory landscape in financial services and financial sector-adjacent rules. In EU Member States, including the Nordic and Baltic countries, EU laws are on the watch list for compliance teams because they directly translate to or are the basis for national rules. To better understand how potential changes will affect compliance in the future, we need to start with the rules’ inception.
From crisis response to stability
In the rush to adapt to new circumstances it is very easy to forget that the regulation cited as overly onerous and burdensome was adopted in response to a real crisis.
The global financial crisis in 2008 revealed a financial system that was simply not fit for purpose with deeply embedded risk management failings coupled with persistent under-capitalization and exposure to poorly understood financial instruments.
The consequences were not only direct, with over 400,000 jobs lost EU wide, but they also shook trust and confidence in the entire financial services sector. The post-crisis regulatory framework included over 90,000 pages of rules, including on capital, systemic risk, and a new supervisory architecture with a clear focus: prevent a repeat of this crisis.
By 2018, however, the centre of gravity started shifting. The EU’s role moved from repairing the financial system into redefining its purpose. With the launch of the Action Plan: Financing Sustainable Growth, the EU took global leadership in integrating environmental, social, and governance (ESG) considerations into financial services – by bringing in new rules (such as the Taxonomy Regulation) or complementing existing legislation with sustainability considerations (MiFID or CRD). The ambition was to ensure transparency and increased capital flows towards sustainable objectives.
And so, it was quite predictable that the EU response to the widespread and rapid digitalization of financial services would also involve rulemaking – including the world’s first law on AI. Open banking, fintech ecosystems, and data-driven services became central in the bloc, with strong adoption in the Nordic and Baltic countries, already known for their digital maturity. Shifting from crisis response and regulation was now fuelling transformation.
Call for simplification
By the early 2020s, compliance costs had already risen and were paired with multiple “similar but not same” reporting obligations, as well as overlapping implementation timelines. The looming COVID-19 pandemic and geopolitical crisis did not help.
The EU Institutions recognized this emerging regulatory fatigue and decided to take drastic measures: reduce the administrative burden by 25% (35% for SMEs), streamline regulatory requirements (through Omnibus proposals), and “stress-test” all EU acquis. In parallel, experts such as Enrico Letta and Mario Draghi were called in for advice. Across the ocean, a sweeping wave of deregulation was already taking place.
“Regulation is very much about regulatory culture, and the way in which the European regulatory culture addresses issues significant for economic growth, financial stability, and consumer protection is very different from that of the US,” said Peik Granlund, Chief Specialist at the Finnish Financial Supervisory Authority.
But while the need for simplification is indisputable, it is not clear what better regulation may look like. The consensus (on paper) is that simplification should keep the regulatory objectives and systemic protections in place. The EU’s own framework for better regulation, which may also be reformed, is more about refashioning and less about evaluating regulatory performance.
“Impact assessments before regulatory implementation are often insufficient – comprehensive cost-benefit analysis before and scientific evidence after implementation would give us better knowledge about regulation’s overall benefit,” concludes Peik in his blog.
For regional practitioners, simplification is not about weakening rules per se, but rather about better harmonization and predictability.
Key themes for the 2.0 regime
So, what could the simplified, regulatory regime 2.0 entail after all the dust has settled?
Core financial services files: The EU is set to assess the competitiveness of financial services, starting with banking. High on the priority list is the simplification of calculating capital buffers and revival of securitization. Next, there is no doubt that reporting, disclosure and other requirements for smaller institutions may be relaxed. The UCITS, AIFM and MiFID are all in the crosshairs of simplification efforts and it is likely, for example, that we may see relaxation of authorization and marketing rules.
Sustainability, simplified
The sustainability Omnibus reduced the number of companies who need to prepare a CSRD-aligned sustainability report by 90%. Companies in scope await the simplified reporting standards, while companies out of scope are encouraged to apply the voluntary standards originally designed for SMEs. If many corporates opt for voluntary standards, banks and asset managers may face inconsistent metrics and reduced data comparability. Practitioners should prepare to navigate a sustainability standards alphabet soup in a market that still has high expectations.
Centralized supervision
The 2.0 regime is not only about legislative files but is also about cultural change. Expanded mandates for existing and the creation of new EU-level authorities means increased convergence and EU-level supervision. For Nordic and Baltic financial sector players, this could mean swapping national divergence for EU-level clarity, as the new regime will discourage gold-plating and favor regulations over directives. At the same time, these developments may change the supervisory dynamic – especially if it means shifting local supervisory lines to those direct to Paris or Frankfurt.
Technology and innovation
Artificial intelligence, operational resilience, and crypto-assets are now regulated areas bringing both opportunities and risks. DORA embeds ICT risks into core financial regulation, the AI Act brings horizontal obligations, while MiCA brings crypto-asset issuance in the passporting perimeter, offering innovative ecosystems like the Baltics growth opportunities paired with strict governance and disclosure obligations. Robust anti-money-laundering and financial crime regulatory frameworks are therefore here to stay, with sharpened supervisory efforts in fraud and cybersecurity.
The road ahead
Moving from rapid regulatory response and rule-making volume, the next phase in EU regulation, if done right, is optimization – removing duplication, reducing fragmentation, relying on technology for oversight – without lowering standards. For practitioners, the challenge would be to successfully shift from an environment of 27 national flavors of regulation to an increasingly consistent, integrated and centralized way of doing business.
US: SEC and DOJ enforcement update
The US SEC has been focused on actual investor harm and targeting individual bad actors wherever possible.
At the Department of Justice (DOJ), healthcare-related enforcement activity remains high, particularly those involving False Claims Act (FCA) violations that feature misleading or otherwise deficient disclosure.
Investor harm and bad actors
The SEC is committed to targeting those cases in which actual harm has been proven, rather than on seemingly more performative cases involving books and records where actual harm to clients or others was not imputed.
The agency has favored holding individuals responsible for misconduct, rather than pursuing large corporate settlements, charging the founder and CEO of a trade finance platform and two former Archer-Daniels-Midland executives, for example.
FCA enforcement
In 2026, FCA enforcement focuses heavily on areas such as diversity, equity and inclusion (DEI) program compliance, cybersecurity, and procurement fraud.
The agency continues to closely investigate federal contractors and grant recipients who certify compliance with civil rights laws while allegedly operating discriminatory DEI programs and flout cybersecurity standards.
DOJ created a Trade Fraud Task Force, and the agency continues to investigate fraud in federal procurement processes, such as by submitting fraudulent bids on vendor contracts. Over $5.7 billion of its settlements and judgments in FY2025 related to matters that involved the healthcare industry.
Road ahead
US regulators are increasingly leveraging data analytics and cross-market surveillance tools to identify suspicious trading patterns. They expect your firm to be using sufficient monitoring tools, too.
Canada: Financial services regulation
Canada’s financial regulatory environment, long regarded as comparatively stable and coordination-driven, is entering a more assertive phase. Since late 2025, supervisory intensity has visibly increased, particularly in anti-money-laundering oversight.
A series of high-profile FINTRAC penalties, including record sanctions in the crypto sector, have underscored a shift from procedural compliance toward the need for demonstrable effectiveness. For banks and capital-markets intermediaries, regulators are now probing governance structures and the use of data analytics in transaction monitoring rather than accepting documentation alone as evidence of compliance.
Artificial intelligence is simultaneously becoming a central regulatory theme. Canada still lacks a comprehensive federal AI statute in force, as the proposed Artificial Intelligence and Data Act has stalled legislatively.
However, the federal government has moved forward with bidding policy frameworks for public-sector use, including the AI Strategy for the Federal Public Service and the Directive on Automated Decision-Making, signaling a governance-first approach. At the provincial level, new rules affecting AI deployment in employment and public-facing systems are expected to take effect from 2026. These developments reflect a broader concern with technological sovereignty and data control.
ESG considerations are also tightening around Canada’s critical-minerals strategy. Investors are expected to evaluate consultation processes and partnership structures with First Nations as core risk indicators. In resource finance, indigenous participation is recognized not only as a social metric but a determinant of legal durability and long-term project viability.
UK: 2026 and beyond
In 2026, the UK FCA’s strategy is focusing on a “prove it” phase of supervision, where the regulator will enforce the Consumer Duty and Operational Resilience standards, while officially expanding its remit to include Buy Now Pay Later (BNPL), the cryptoasset gateway and new Non-Financial Misconduct (NFM) rules.
2026 Timeline
March 19: Contactless payment limits: Technical methodology for limit-setting goes into force.
April 6: Targeted Support Regime: Halfway house between guidance and advice goes live.
April 6: Consumer Composite Investments (CCI): Optional transition starts to replace old PRIIPs-style disclosures.
May 7: E-money safeguarding: New FCA standards for protecting client funds in payment firms.
July 15: Buy Now, Pay Later (BNPL) Regulation Day: Unregulated BNPL officially moves under the FCA remit.
September 1: Non-Financial Misconduct: COCON rules expanded; harassment/bullying are formal breaches.
September 30: Cryptoasset Gateway opens: FCA opens the formal authorization window for crypto firms.
While the EU ESG Ratings regulation goes live in July 2026, the UK’s domestic regime is currently scheduled for coming into effect on June 29, 2028. However, the FCA expects UK firms to follow the Voluntary Code of Conduct throughout 2026 as a bridge to formal regulation.
From 2027 onwards, the strategy shifts towards a permanent rebalancing of risk designed to bolster the UK’s global competitiveness, underpinned by the full launch of the new cryptoasset regime in October 2027 and a commitment to streamlining the FCA Handbook to further reduce the regulatory burden on firms.
UAE: Focus and priorities
The UAE stands out for its pro-innovation approach towards AI. Ethical development, and responsible and effective deployment are some of the key features of that approach. Given the country’s massive investment in the technology, and the speed at which its evolving, regulators see it as a priority to put together a regulatory framework that ensures AI is being developed and deployed in accordance with the above principles.
The country has already established strategies and guidelines around AI (such as the Artificial intelligence Strategy, the AI Ethics Guidelines and the UAE Position on AI Policy) but still lacks an over-arching comprehensive regulatory framework to govern all aspects of the technology on a long-term basis. Filling that gap remains an important task on the regulators’ agenda.
Beyond AI, crypto and digital assets remain another key area of focus and interests in the UAE, both for investors as well as the regulators. The country takes pride in its status as a global crypto hub. This is being driven in part by the existence of a comprehensive and multi-layered regulatory framework for digital assets.
But, just like AI, the evolving nature of virtual assets means regulators are constantly updating rules. The ADGM in Abu Dhabi and the DIFC and the DFSA in Dubai have all recently reviewed their existing frameworks. That process is set to continue, with an appetite for the enhancement and at the same time further relaxation of rules.