Welcome to the January 2026 edition of the Freshfields FS Insights newsletter, which contains a selection of thought leadership related to the financial services industry published over the past month by Freshfields lawyers from around the world. If you would like more information regarding any of these developments, please get in touch with your usual Freshfields contact.

Trump Administration

What’s past is prologue—assessing the changed legal landscape from year 1 of the second Trump Administration and looking ahead at what year 2 may bring

As 2025 drew to a close, and sitting on the precipice of a new year, it seemed like a good time for us to assess where the second Trump Administration has taken us so far and where we may be headed.  Listen to Tim Clark's interview of Jennifer Loeb, Austin Evers and David Nicolardi regarding what we got right about the second Trump administration; what surprised us; and what to expect from the administration in the coming year. This podcast covers the US legal and regulatory landscape and focuses on the questions and topics that are on the top of our clients’ minds.

2025 bank regulatory roundup and what to look for in 2026

US banking regulation underwent a material reset in 2025. With new leadership at the Federal Reserve, the OCC, and the FDIC, the second Trump Administration moved quickly to redirect regulatory policy toward an embrace of digital assets, a reimagination of the regulatory perimeter, capital reform, and a recalibrated supervisory approach focused on financial risk. The result was not incremental change, but a decisive shift in the tone and trajectory of federal policy. In this blog post, we summarize key themes and developments from 2025 and look ahead to how the 2026 bank regulatory agenda is likely to shape up.

The False Claims Act: the newest tool in DOJ’s DEI enforcement toolkit

2025 marked a watershed moment for Diversity, Equity, and Inclusion (DEI) programs, with President Trump and his administration quickly committing to use federal authority to deter “illegal DEI” policies in the private sector. The reaction across the private sector was swift; many companies scaled back disclosures and policies.

While formal federal action against the private sector has lagged, 2026 may very well be a year of increased enforcement. Indeed, it is unlikely the DEI moment has passed. Rather, companies should remain vigilant to developments, and in particular, should prepare for a related paradigm shift in the use of the False Claims Act as a tool to police compliance with antidiscrimination laws.

For more information, see our blog post.

Savings and Investments Union

Unlocking EU financial market potential: market infrastructure reforms and ESMA’s supervisory expansion

On 4 December 2025, the European Commission published the much-anticipated market integration and supervision package, one of the Commission’s flagship initiatives under the rebranded Savings and Investments Union (SIU)—formerly known as the Capital Markets Union (CMU)—aimed at fostering the development of an integrated European Union (EU) capital market. This “super-package” is comprised of three legislative proposals, each amending several legislative acts. The Commission does not only propose changes to the substance of financial markets regulation but also aims to introduce a new and more harmonised supervisory framework to streamline and enhance financial markets supervision across the EU. Front and centre of the revised supervisory framework shall be the European Securities and Markets Authority (ESMA), which would gain several new supervisory powers. For more information, see our briefing.

 ESG and sustainability

SFDR simplified: European Commission proposes a revised Sustainable Finance Disclosure Regulation

On 20 November 2025, the European Commission unveiled its proposed revisions to the Sustainable Finance Disclosure Regulation (SFDR), the EU’s disclosure framework for financial intermediaries and financial products regarding the integration of environmental, social and governance (ESG) factors into investment decisions. This proposal has been highly anticipated by the industry, given widespread views that the current regime is not fit for purpose. The new categories and proposed changes from the Commission aim to provide a simpler process for investors to understand which products match their preferences on sustainability, while seeking to mitigate greenwashing risk. For more information, see our blog post.

Omnibus nears the terminus: simplification of the EU sustainability framework

The EU’s co-legislators have adopted a set of simplification measures to the Taxonomy Regulation, the Corporate Sustainability Reporting Directive (CSRD) and the Corporate Sustainability Due Diligence Directive (CSDDD). These changes, agreed in less than a year, form part of the Omnibus I package put forward by the European Commission in February 2025 to streamline EU corporate sustainability rules.

Following the adoption of the Omnibus “Stop-the-Clock” proposal in April 2025, the EU co-legislators have now reached an agreement on substantive amendments to the EU sustainability reporting and due diligence framework. Negotiations have been complex and politically contentious, and they were resolved at an unprecedented speed. The final agreed text reflects a number of compromises between positions of the EU institutions, incorporating some of the Parliament’s more extreme changes alongside some key elements from the Council’s position.

Our blog post outlines the key provisions of the final Omnibus text and explains the implications for businesses’ compliance and reporting strategies.

The ‘E‘ of ESG: greenwashing under the spotlight

Greenwashing is attracting growing scrutiny from courts and regulatory authorities in many jurisdictions, including the EU, UK, and US. Recent legislative developments in these jurisdictions are empowering NGOs and activist groups to challenge corporate sustainability claims with increasing sophistication, moving beyond the mere truthfulness of individual statements to broader assessments of overall business impact.

In the EU, regulators and courts are actively shaping a more demanding compliance landscape for businesses. Greenwashing is also drawing increasing attention from UK regulators, who are leveraging both existing and new enforcement powers and guidance to tackle misleading environmental claims, in most cases using existing regulatory regimes. Meanwhile, in the US, green marketing claims are now subject to growing scrutiny by a range of actors, including regulators, state attorneys general, and private plaintiffs and their counsel, albeit in an increasingly patchwork manner.

For more information, see our blog posts on greenwashing developments in the EU, UK and US.

The ‘E‘ of ESG: Environmental Omnibus published

On 10 December 2025, the Commission published its Environmental Omnibus, a comprehensive package designed to simplify certain administrative and compliance requirements of environmental legislation. The package includes a Commission Communication and six legislative proposals aiming to amend provisions of 12 existing environmental laws. Broadly, the targeted legislative proposals seek to: 

• Alleviate the administrative burden stemming from industrial emission reporting obligations; 

• Accelerate permitting procedures by changing rules applicable to environmental impact assessments; 

• Reduce administrative costs by amending Extended Producer Responsibility (EPR) provisions across multiple legislative acts; and 

• Increase clarity and reduce compliance burden through specific technical amendments to individual pieces of environmental legislation. 

Our blog post outlines the package’s key proposals and discusses next steps. 

The ‘E‘ of ESG: postponement and simplification of the EU Deforestation Regulation

On 17 December 2025, the European Parliament adopted a set of targeted amendments to simplify the EU Deforestation Regulation (EUDR). The EUDR aims to minimise global deforestation and forest degradation by banning relevant commodities and products linked to deforestation or forest degradation from the EU market and imposing binding due diligence obligations on companies that import, export, or trade certain products made from high-risk commodities. Our blog post outlines the key modifications introduced and sets out next steps companies should take to ensure compliance with the EUDR. 

FCA consults on regulatory regime for ESG ratings providers

In late October, the UK Government published draft legislation to bring ESG ratings providers into the remit of regulation. Current proposals make the provision of ESG ratings a regulated activity under the Financial Services and Markets Act (FSMA), such that ESG rating providers will require Financial Conduct Authority (FCA) authorisation by 29 June 2028 (unless they fall within one of the defined exclusions or benefit from certain savings and transitional provisions). With the aim of making ESG ratings more transparent, reliable and understandable, the FCA published its expected consultation paper (CP25/34) on the proposed regulatory regime for ESG ratings providers on 1 December, inviting comments by 31 March 2026. For more information, see our blog post.

Non-financial misconduct

FCA publishes final rules on non-financial misconduct

Following a policy statement and consultation in July 2025, the FCA has published its final rules and guidance on non-financial misconduct (NFM) in financial services, setting out how firms should interpret and apply minimum standards of behaviour for employees, and how to assess fitness and propriety under the Senior Managers & Certification Regime (SM&CR).

As a reminder, the July 2025 policy statement confirmed a new rule to align the conduct rules in banks and non-banks for cases of serious NFM, aiming to drive greater consistency across financial services. That rule will come into force on 1 September 2026. The July 2025 consultation also set out amended guidance in relation to NFM for the purposes of the conduct rules and fitness and propriety (F&P) assessments. The FCA stated in its consultation that it would only take the guidance forward if there was clear support for it do so. 

In response to strong industry support—with 95 per cent of respondents requesting guidance on how serious misconduct should be treated under the FCA Code of Conduct (COCON) and Fit and Proper test (FIT)—the FCA’s guidance is now final, so firms have time to prepare for its introduction in September 2026. Only minor amendments have been made to the July 2025 guidance to reflect consultation feedback. For a summary of the key points, see our blog post.

Equity research

SEC retires Global Research Analyst Settlement: more principles-based oversight under FINRA Rule 2241 defines the new landscape

December 2025 marked the end of an era. The Securities and Exchange Commission (SEC) formally terminated the remaining undertakings of the Global Research Analyst Settlement (GRAS), closing a chapter that began in 2003 amid widespread concerns over conflicts of interest in equity research. For more than two decades, GRAS imposed rigid structural safeguards under judicial supervision—mandating hard information barriers, independent research funding, and standardized disclosures. Those measures reshaped the industry and became synonymous with research independence.

Today, the compliance architecture looks very different. The SEC’s decision reflects its confidence in the principles-based framework codified in FINRA Rule 2241, which was adopted in 2015. This rule governs research conflicts through firm-specific policies and procedures, prohibiting banking influence over coverage decisions, restricting analyst compensation tied to deal flow, imposing quiet periods, and requiring comprehensive disclosures—all under ongoing regulatory oversight rather than court mandates.

For more information, see our blog post.

Short selling

From EU legacy to UK innovation: FCA consults on short selling changes

In October 2025, the FCA published Consultation Paper CP25/29, setting out proposed rules and guidance to implement the new framework for short selling under the Short Selling Regulations 2025, which were introduced on 13 January 2025. These changes follow the Treasury’s Call for Evidence, which closed in March 2023 and was updated with the Government’s response in July 2023, which concluded that the regime needed to be modified to alleviate disproportionate burdens on firms. For an overview of the key FCA proposals and next steps, see our blog post.

Cryptoassets

Unpacking the FCA's Proposed Exemption for "Truly Decentralised" DeFi Projects

As part of its “Crypto Roadmap”, the FCA published a discussion paper (DP25/1) in May 2025 inviting comments on, among other things, how decentralised finance (DeFi) protocols might be treated under its forthcoming cryptoasset regulatory regime. The discussion paper outlined the FCA’s early thinking on excluding from regulation what it calls “truly decentralised” arrangements. The meaning of “truly decentralised” is yet to be defined, but its interpretation will have wide implications for the UK DeFi market. For more information, see our blog post.

Autumn Budget 2025: DeFining the UK rules for cryptoasset taxation

In Rachel Reeves’ Autumn Budget 2025, the government has confirmed some important changes in its approach to the taxation of the cryptoasset sector. Expanding on an approach proposed in the 2023 consultation, it has announced a more comprehensive ‘no-gain/no-loss’ tax treatment for certain categories of decentralised finance transactions. It has also confirmed a significant extension to the UK’s implementation of the Cryptoasset Reporting Framework to capture domestic users.

For investors, protocol developers and intermediaries, these announcements may represent both a welcome simplification of tax liabilities and at the same time a potentially unwelcome increase in reporting obligations.

For more information, see our blog post.

Insurance

Asset intensive reinsurance in Japan: a structuring guide for Japanese cedants navigating J-ICS

Japan is moving to an economic value based solvency regime—known as “J-ICS” or the economic solvency regulations (ESR)—aligned with the International Association of Insurance Supervisors’ Insurance Capital Standard (ICS), with first required reporting for fiscal years ending 31 March 2026. Assets and liabilities will be valued at current market rates and capital requirements set to withstand extreme stress scenarios, making solvency ratios far more sensitive to interest rates, lapses, and asset and liability management (ALM) mismatches, particularly for legacy high guarantee books.

Asset intensive reinsurance (AIR) is becoming a key tool for Japanese life insurers to manage this transition. By transferring investment and insurance risk on capital intensive blocks to reinsurers—often offshore and PE-backed—cedants can free up capital, reduce interest rate risk, and support more competitive savings products. However, the Japan Financial Services Agency (JFSA) has begun surveying life insurers on their growing use of offshore reinsurers, with particular interest in volumes, contract types, concentration in Bermuda, counterparty risk, and retrocession chains.

The message for Japanese cedants is clear: AIR must not only deliver capital and ALM benefits under J-ICS but must also demonstrate genuine risk transfer and commercial substance that proactively addresses JFSA scrutiny on counterparty risk, collateral quality, governance, and verifiable recapture readiness.

For more information, see our blog post.

Banking supervision

Malacalza vs. ECB: on the liability of the European Central Bank for the exercise of its prudential supervisory functions

For many years, the stability of the financial sector has formed a paramount public interest, being the underlying reason for far-reaching discretion and extensive powers of the competent supervisory authorities. While swift manoeuvrability is often of the essence to counter systemic risks, the call for accountability in case of wrongful supervisory actions has also formed a recurring theme. In a recent opinion to the European Court of Justice (ECJ), advocate general Campos Sánchez-Bordona has made remarkable arguments that could rekindle discussions around a non-contractual liability of the ECB. For more information, see our blog post.

 AI

President Trump issues Executive Order to centralize AI policy and challenge state regulations

On 11 December 2025, President Trump signed an Executive Order (EO) titled “Ensuring a National Policy Framework for Artificial Intelligence.” The EO announces a plan to develop comprehensive federal AI regulation to supplant the growing patchwork of state-level AI laws and to use various federal tools to pressure states not to pass or enforce state AI laws in conflict with the Trump Administration’s policies. 

Building on the Trump Administration's AI Action Plan and related EOs released in July 2025, which promoted deregulation, the new EO articulates a vision for a new federal AI policy framework that ensures America “wins the AI race” and that is “minimally burdensome” while still ensuring “children are protected, censorship is prevented, copyrights are protected, and communities are safeguarded.” 

For more information, see our blog post.

Cyber security

UK plans major cyber security reforms: what you need to know

The Cyber Security and Resilience (Network and Information Systems) Bill was laid before Parliament on 12 November 2025. The Bill follows on from and largely aligns with the policy statement the Government published earlier in 2025, and is designed to improve the UK’s resilience to the escalating risk of cyber attacks. In order to do so, it proposes significant changes to the existing Network and Information Systems Regulations 2018 (NIS) regime. Those include: (1) a major expansion of the scope of the NIS regime to many more businesses (such as managed IT service providers, data centres and critical suppliers); (2) stricter incident reporting obligations; and (3) higher penalties for failure to comply, as explained in our blog post.

Germany implements NIS2 – What you need to know now

After a delay of more than two years, Germany adopted its NIS2 Implementation Law, transposing the requirements of the EU NIS2 Directive (NIS2) into national legislation, which entered into force on 6 December 2025. The scope of the German Implementation Law is broad, mirroring the wide-ranging requirements of NIS2, and will result in a substantial increase in the number of regulated organisations in Germany—from approximately 4,500 to 30,000 entities.

The Implementation Law is mainly amending the existing German IT Security Law (BSIG)  as well as corresponding German sector specific regulation, such as the Energy Industry Act (EnWG), or the Telecommunication Act (TKG). Sectors in scope include banking and financial market infrastructure.

In this blog post, we shed some light on the specifics of the Implementation Law as well as some action points relevant to affected companies providing services or carrying out activities in Germany.

Data protection

Adequate for now: EDPB’s opinion on the level of data protection in the UK

The European Data Protection Board (EDPB) has recently adopted its opinion on the European Commission’s draft implementing decision to extend the adequacy decision for the UK under Article 45 of the EU General Data Protection Regulation (EU GDPR) until 27 December 2031. Such adequacy decision permits transfers of personal data under the EU GDPR to recipients based in the UK without requiring additional safeguards under the EU GDPR. In its assessment, the EDPB examines whether the UK’s data protection regulations continue to ensure an essentially equivalent level of protection in light of developments since 2021, in particular the Data (Use and Access) Act 2025 (DUAA).

Overall, the EDPB “welcomes the continuing alignment” between the UK and EU data protection frameworks, while also striking a cautious tone with repeated calls for the Commission to conduct further analysis regarding several points and to commit to close, ongoing monitoring in the coming years. 

For more information, see our blog post.

Sanctions and export controls

Doing business in high-risk jurisdictions: navigating global sanctions and export controls

Companies conducting cross-border business often need to navigate a complex web of sanctions and trade-related restrictions. These considerations are especially relevant in high-risk jurisdictions—regions marked by conflict or geopolitical tension, and which typically have an elevated number of individuals, entities, and activities that can expose companies to sanctions risks.

Sanctions are an increasingly favoured and complex foreign policy tool that include a wide array of restrictions: territorial limitations, entity designations, asset freezes, financial sanctions, capital and financial restrictions, export controls, tariffs, service bans, investment bans, sectoral measures, and price caps.  To make matters more complex, the application and interpretation of global sanctions can diverge from regulator to regulator, which can lead to commercial complications for businesses operating in high-risk jurisdictions.  Now more than ever, companies investing and operating in high-risk jurisdictions should consider sanctions and trade restrictions at all stages of the business lifecycle, from the decision to enter a market through ongoing operations through a potential future exit. 

For more information, see our blog post.