TOPICS·FINANCE

Financial Services Regulation

Banking, securities, and financial services regulations across EU and US.

EU / USUpdated May 2026

IN A NUTSHELL

What

A broad body of EU and US regulation governing banks, insurers, investment firms, and other financial institutions.

Who

All authorised financial institutions, fintechs, payment providers, and increasingly, crypto-asset service providers.

When

Ongoing and continuously evolving. Key recent additions include MiCA (2024), DORA (2025), and PSD3 (expected 2026).

Penalty

Varies by regulation; includes license revocation, fines up to 10% of annual turnover, and personal liability for senior management.

OVERVIEW

Financial services regulation encompasses a vast and layered framework of rules governing banks, investment firms, insurers, and other financial institutions across both the European Union and the United States. In the EU, the regulatory architecture is anchored by the Capital Requirements Regulation and Directive (CRR/CRD), implementing the Basel III international standards on bank capital adequacy, stress testing, and liquidity. The Markets in Financial Instruments Directive (MiFID II) and its accompanying regulation (MiFIR) govern securities trading, investor protection, and market transparency. In the US, the Dodd-Frank Act, enacted after the 2008 financial crisis, established comprehensive reforms including the Volcker Rule, systemic risk oversight, and the Consumer Financial Protection Bureau.

These frameworks affect every entity operating in the financial sector, from global systemically important banks to regional credit institutions, asset managers, broker-dealers, insurance undertakings, and fintech companies. Compliance obligations are substantial and range from maintaining minimum capital and liquidity ratios, to conducting stress tests, implementing robust governance and risk management frameworks, and meeting detailed conduct-of-business rules that protect investors and consumers.

In the EU, the single rulebook approach aims to harmonise financial regulation across all Member States, with the European Banking Authority, European Securities and Markets Authority, and European Insurance and Occupational Pensions Authority providing technical standards and supervisory convergence. The Single Supervisory Mechanism, operated by the European Central Bank, directly supervises the largest eurozone banks. In the US, regulation is distributed among multiple agencies, including the Federal Reserve, OCC, FDIC, SEC, and CFTC, each overseeing different segments of the financial system.

Recent developments have added new layers to financial regulation. The Digital Operational Resilience Act (DORA) introduces specific ICT risk management requirements for EU financial entities. The EU Anti-Money Laundering Directive (AMLD) and the evolving AML regulation impose due diligence, transaction monitoring, and suspicious activity reporting obligations. The Payment Services Directive (PSD2), and the forthcoming PSD3, reshape the landscape for payment institutions and open banking. The Markets in Crypto-Assets Regulation (MiCA) extends financial regulation to the digital asset space.

For financial institutions, the challenge lies in managing compliance across multiple, overlapping regulatory regimes that continue to evolve. Integration of compliance functions, investment in regulatory technology, and proactive engagement with supervisory expectations are essential for maintaining licences, market access, and stakeholder confidence in an increasingly complex regulatory environment.

KEY MILESTONES

May 28, 2026

YOU ARE HERE

WHO DOES THIS AFFECT?

Select your company type for tailored compliance guidance.

KEY OBLIGATIONS

☐If providing software to financial institutions, understand DORA contractual requirements

☐Ensure RegTech solutions meet regulatory expectations for accuracy and auditability

☐Comply with outsourcing guidelines when processing financial data on behalf of regulated entities

YOUR FIRST STEP

Review your financial services client contracts for DORA and outsourcing compliance requirements that flow down to technology providers

KEY COMPLIANCE REQUIREMENTS

Licensing and authorisation

Obtain and maintain regulatory licenses for all financial activities in each jurisdiction where you operate.

Capital and prudential requirements

Maintain adequate capital buffers and liquidity ratios as prescribed by CRR/CRD and Solvency II.

Conduct of business rules

Comply with investor protection, suitability, and disclosure requirements when providing financial services.

AML/KYC obligations

Implement anti-money laundering controls, customer due diligence, and suspicious transaction reporting.

Supervisory reporting

Submit regular prudential, statistical, and resolution reports to national and EU supervisory authorities.

Governance and risk management

Establish sound governance structures with independent risk, compliance, and internal audit functions.

KEY INTERPRETATIONS & FAQ