March 2026 Regulatory Outlook:

From Frameworks to Real-World Effectiveness

Below is a summary of our most recent newsletter - the full version is available for download within this page.

The first quarter of 2026 has delivered a clear and consistent message from regulators across the UK, EU and US: compliance frameworks must work in practice—not just on paper.

Supervisors are no longer satisfied with well-documented policies or theoretical controls. Instead, they are focusing on whether firms can demonstrate effective governance, evidence outcomes, and show accountability at senior levels.

In this blog, we explore the key regulatory themes shaping the landscape—and what firms should be doing now to stay ahead.

Governance Under the Spotlight: Evidence Over Assertion

Across jurisdictions, regulators are sharpening their focus on governance. The expectation is simple but demanding: boards and senior management must understand risks, act on them, and prove that they have done so.

This is translating into increased scrutiny of:

• The quality and relevance of management information (MI)

• How client and investor outcomes are assessed

• Oversight of outsourcing, delegation and distribution

• The speed and clarity of escalation processes

A recurring issue is that firms often produce large volumes of MI—but more information does not mean better oversight. Lengthy, operationally dense board packs can obscure rather than clarify key risks.

👉 The shift for 2026 is towards:

• Concise, decision-focused reporting

• Clear ownership of actions

• Effective challenge from senior stakeholders

• Transparent tracking of issues and remediation

Consumer Duty: Can You Prove It’s Working?

The UK Consumer Duty has moved firmly into its next phase: demonstration, not design.

Regulators are no longer asking whether firms understand the Duty—they are asking:

• What outcomes are being monitored?

• What evidence supports conclusions?

• Where are the risks or poor outcomes?

• What has been done to fix them?

Common weaknesses include:

• Board reports that describe processes but lack hard outcome data

• Monitoring frameworks focused on activity, not customer outcomes

• Gaps in closing the loop—identifying issues without evidencing resolution

A useful test is whether your reporting clearly answers:

1. What are the outcome risks?

2. What evidence do we have?

3. What action has been taken?

4. What remains unresolved?

If not, refinement is likely needed.

Appointed Representatives: Tailored Oversight Is Critical

The Appointed Representatives (AR) regime remains a key regulatory concern.

The challenge for principals is no longer whether oversight exists—it is whether it is proportionate, risk-based, and demonstrably effective.

Strong oversight frameworks will:

• Apply risk-based due diligence at onboarding and ongoing stages

• Tailor monitoring based on business model and risk profile

• Ensure timely escalation and intervention

• Maintain clear governance records supporting decisions

A “one-size-fits-all” approach is increasingly difficult to justify. Oversight must reflect the reality of each AR relationship.

Financial Crime: Moving Beyond “Paper Compliance”

Financial crime controls continue to be a regulatory priority—but the focus has shifted decisively toward effectiveness.

Firms should be stress-testing:

• Sanctions screening frameworks

• Transaction monitoring systems

• Suspicious activity reporting processes

• Escalation and governance arrangements

Boards are expected to receive more than statistics. They should see:

• Trend analysis

• Residual risk assessments

• Control weaknesses

• Remediation progress

Importantly, outsourcing or using technology solutions does not transfer responsibility. Accountability remains firmly with the firm.

EU Focus:

Cross-Border Complexity and AIFMD II Readiness

For firms operating internationally, regulators are increasingly interested in how cross-border structures function in practice.

Key questions include:

• Who owns each control?

• Where are decisions made?

• How is oversight exercised across entities?

Fragmented documentation is a common issue. A centralised control and accountability map is becoming essential.

AIFMD II: From Awareness to Implementation

With AIFMD II progressing, firms must move beyond high-level awareness to structured implementation planning.

This includes:

• Reviewing delegation and substance arrangements

• Assessing reporting and disclosure changes

• Coordinating legal, compliance and operational workstreams

Firms often underestimate the scale of impact. A phased programme with clear ownership and board visibility is critical.

AML and Sanctions: Governance Must Be Visible

Across the EU, AML frameworks are under scrutiny—particularly in complex, multi-jurisdictional structures.

Regulators want to see:

• Clear risk classification processes

• Consistency across jurisdictions

• Effective escalation of suspicious activity

• Strong oversight of third-party providers

A frequent issue is diffused responsibility. Roles across group, local and functional teams must be clearly defined and understood.

Similarly, sanctions compliance is no longer viewed as purely technical. It is a core governance issue, requiring:

• Robust list management

• Calibrated screening logic

• Effective alert handling

• Regular assurance testing

US

In the US, regulators continue to focus on whether firms’ policies, disclosures and actual practices align.

Inconsistencies across:

• Marketing materials

• Fee disclosures

• Operational practices

…remain a major source of enforcement risk.

This theme is increasingly relevant globally—not just in the US.

Marketing Rule: Governance in Practice

The SEC Marketing Rule has reinforced the need for strong governance over promotional activity.

Firms should ensure:

• Claims are properly substantiated

• Disclosures are consistent across channels

• Approval workflows are robust and documented

Fast-moving marketing environments—especially digital—can quickly expose weak controls.

Digital Assets: Governance Must Keep Pace

Tokenised securities and digital assets are evolving rapidly, often outpacing governance frameworks.

Firms should ensure:

• Clear legal and regulatory classification

• Defined ownership of risk and analysis

• Robust custody and safeguarding controls

• Ongoing monitoring of regulatory developments

A key risk is innovation outpacing compliance readiness.

Final Thoughts: Execution Is the Real Challenge

Across all regions, a consistent theme emerges:

The challenge for firms is no longer identifying regulatory expectations—it is executing effectively.

The firms best positioned for 2026 will be those that:

• Simplify and strengthen governance reporting

• Clearly document ownership of risks

• Continuously test whether controls match the business model

• Enhance oversight of outsourcing and cross-border activity

Ultimately, resilient compliance frameworks combine:

• Legal clarity

• Operational ownership

• Governance visibility

Where these elements are disconnected, weaknesses are far more likely to be exposed under regulatory scrutiny.