The CBI's RSO is a direct statement of supervisory intent. This briefing covers all five focus areas, Finvisor's independent assessment, and the questions your Board, CEO, and Head of Compliance should be asking now.
The CBI's first dedicated CASP chapter signals a regulator in active supervisory build-out. Six focus areas, key messages mapped to MiCAR obligations, and questions for Board, CEO, and Head of Compliance.
DORA has been applicable since January 2025. Supervisors are moving from implementation guidance to active assessment. Key gaps we are identifying across client portfolios: incomplete Registers of Information, weak ICT incident classification, and insufficient third-party concentration analysis.
The CBI's introduction of a Pre-Approval Controlled Function for the Head of Safeguarding is one of the most significant governance changes in the 2026 RSO. Firms must assess whether their current safeguarding oversight meets the PCF standard before they are contacted.
Regulatory risk is consistently underweighted in financial services M&A. We have seen transactions derailed by undisclosed regulatory conditions, poor compliance infrastructure, and licence perimeter mismatches. What to look for, and how to price it, before you sign.
Regulators globally are intensifying AML supervision for payment firms. The firms succeeding are not those with the longest policies. They have the most accurately calibrated risk assessments, the sharpest transaction monitoring tuning, and the strongest escalation culture.
MiCAR is now fully applicable across the EU. But for firms operating globally, the regulatory picture is more complex. US state and federal frameworks, APAC licensing routes, and multiple EU gateway strategies each carry different implications for business model design and regulatory risk.
Enter your details and we'll send this briefing directly to you.