Following the bankruptcy of Greensill Capital and then Wirecard, banking regulators are undertaking more detailed audits as a core component of their supervisory oversight mandate, in order to protect the public.
In both of the aforementioned cases, the regulatory bodies in the UK, Australia and Germany fell under the spotlight, with market commentators highlighting the evidence trail that should have alerted them as to the risks of failure and of questionable conduct.
As a direct result of this, allied to the current sanctions regimes around the world, the supervisory bodies have been stepping up their analyses of financial institutions, with anti-money laundering, terrorist financing and KYC non-compliance having a particular focus.
On the 18th of June 2025, the Swedish banking regulatory body withdrew the banking licence of banking-as-a-service (BaaS) provider, Intergiro, with the company instructed to terminate by the 19th September 2025; effectively putting a digital bank out of business within a period of 3 months.
With the EU AI Act, PSD2, NIS2 and DORA, the degree of peril for those within the financial sector from non-compliance risks have increased at an accelerating rate in 2025, with the application of the remainder of the Act coming into force in 2026.
Understanding both the current and emerging data security and protection regulatory landscape is complex and broad. Whilst the above cases are limited in scope to the financial sector, regulations such as (EU) 2025/37 regarding managed security services under the EU Cybersecurity Act, broaden the regulatory minefield.
For assistance in managing your regulatory compliance risks, speak to our team.