First of two parts
IN BRIEF:
• The past years highlighted several critical issues for financial institutions and regulators, ranging from geopolitical and macroeconomic issues to growing challenges in balancing support for technology innovation with protecting consumer and markets from the attendant risks.
• While international coordination among regulators will continue, the EY 2025 Global Financial Services Regulatory Outlook cites further fragmentation of regulatory regimes as policymakers are expected to prioritize country-specific approaches to issues such as financial stability, artificial intelligence (AI) and data governance.
• Operational and financial resilience will continue to be scrutinized, with regulators and supervisors focusing on contagion risks from dependencies on critical third parties, including technology providers, especially as AI adoption accelerates.
The financial landscape is constantly evolving, and 2025 is set to be a particularly challenging year for banks and financial services firms. The past years highlighted several critical issues for financial institutions and regulators, ranging from geopolitical and macroeconomic issues to growing challenges in balancing support for technology innovation with protecting consumer and markets from the attendant risks. Regulatory fragmentation is expected to continue as policymakers prioritize country-specific approaches to matters such as financial stability, financial inclusion, sustainability, artificial intelligence (AI), resilience, and governance.
The EY 2025 Global Financial Services Regulatory Outlook identifies four critical themes that will shape the regulatory landscape over the coming year: increased fragmentation, building resilience to external threats, delivering positive consumer outcomes, and managing risk in a changing environment.
The first half of this article explores the following key regulatory priorities for financial institutions in 2025 and offers strategies for navigating these challenges effectively: navigating the fragmented regulatory landscape driven by national interests and emphasizing operational and financial resilience.
FRAGMENTED REGULATORY LANDSCAPE
While international coordination among regulators will continue, the outlook cites further fragmentation of regulatory regimes as policymakers are expected to prioritize country-specific approaches to issues such as financial stability, artificial intelligence (AI) and data governance. Globally, the impact of Basel 3.1 banking and capital reforms is already clear, and rules are being drafted or implemented in varying degrees and pacing around the world, though certain jurisdictions may face increased pressure for deregulation amid concerns on international competitiveness.
On innovation and technology, countries are expected to adopt different standards, whether in relation to AI regulation or in digital policies. Financial institutions can benefit from continuing to develop and building operating models that would allow the addressing of local rules and risks when operating across borders, without significantly impacting cost.
There is currently no uniform global strategy for AI regulation, but regulatory efforts often take into account the specific context of AI usage and its possible effects. Lawmakers are adopting varying strategies regarding the extent to which regulations are enforced across the AI value chain. For example, in a “risk-based” approach to AI regulation, the purpose for which AI is employed dictates the compliance standards that the technology must fulfill.
The EU AI Act is now in force, with other jurisdictions either proposing or undergoing consultation for similar laws. There are also guiding principles and ethical frameworks being implemented, with some jurisdictions like Hong Kong and Singapore providing financial sector-specific guidance and initiatives.
Whether there are enabling laws or circulars, financial institutions are advised to consider actions such as: building and maintaining an inventory of AI systems and use cases, ensuring that their risk profiles are understood in the current legal and regulatory context; implementing governance and control frameworks based on standards such as the National Institute of Standards and Technology (NIST) AI Risk Management Framework; safeguarding the confidentiality of financial institution and client data against exposure through public AI solutions trained on sensitive queries and feedback; and focusing on a risk-based approach toward critical AI infrastructures and on the outcomes of AI applications.
To navigate this fragmented landscape, firms should invest in political and regulatory monitoring to anticipate changes and develop strategies to protect their businesses. Scenario planning can help explore the implications of different outcomes, allowing firms to prepare for various regulatory scenarios. Additionally, identifying local divergences in regulation and addressing the resulting risks, while combining insights at the global level, can provide a comprehensive view of the market and help firms manage the complexities of operating internationally.
RESILIENCE TO THIRD-PARTY, NON-BANK RISK EXPOSURE
Operational and financial resilience will continue to be scrutinized, with regulators and supervisors focusing on contagion risks from dependencies on critical third parties, including technology providers, especially as AI adoption accelerates. Contagion risks from non-bank financial institutions will also remain a focus area.
Both regulators and the industry are concerned about the financial sector’s resilience against vulnerabilities and external threats, which are often linked to technology dependency that is in turn creating more potential points of failure given relationships with unregulated third parties. How financial institutions can withstand major disruptions — whether from IT outages, natural events, or conflicts — would require action such as revisiting business continuity arrangements to prepare for renewed supervisory focus and regulatory scrutiny, incorporating tech disruption scenarios in stress testing exercises, and identifying the risks in an institution’s end-to-end processes to deliver services, including exposures from third-party providers, and putting in place measures to mitigate the risk of disruption.
Organizations can expect heightened scrutiny of third-party and non-bank risks. The BSP has issued a circular on Operational Resilience that provides an integrative approach to emerging and existing nonfinancial risks and programs like recovery planning, cyber and digital resilience, financial crimes and sanctions, operational risk management, and business continuity management. Operational resilience will be much more than this, however — the manner by which Philippine financial institutions will be evaluated and informed by developments in other jurisdictions.
For instance, the Digital Operational Resilience Act (DORA) regulations put into much sharper focus the technology dependencies that many firms have on the same small group of providers. This adds weight to the Basel Committee’s call for a rigorous approach to “critical third parties,” with some regulators preparing to extend their oversight to technology providers and requiring tech disruption scenarios in stress testing exercises. This “regulatory perimeter” principle is now observed locally as systemic risk management, with an expansive yet connected view that disruption could and would arise from a broader ecosystem and affect the financial system and the broader economy.
Firms should map their exposures to third-party technology providers and revisit risk mitigation measures to ensure they are adequately protected. Preparing for greater supervisory scrutiny of risk management and exposures to less transparent markets, such as private finance, is also crucial. This includes addressing counterparty, concentration, and liquidity risks. Furthermore, firms must ensure that financial crime initiatives have an appropriate level of oversight, with clearly defined roles and responsibilities to mitigate risks effectively.
THE EVOLVING REGULATORY LANDSCAPE
A convergence of risk factors, including geopolitical change, economic pressures, and technological advancements, is creating an uncertain outlook for financial institutions and regulators. Geopolitical change is leading to a fragmented regulatory landscape, increasing costs and complexity for international firms. In this regard, resilience and risk management have never been more vital.
The second half of this article will continue exploring the remaining key regulatory priorities from the EY Regulatory Outlook: focusing on securing positive outcomes for consumers and managing risk in an evolving environment.
This article is for general information only and is not a substitute for professional advice where the facts and circumstances warrant. The views and opinions expressed above are those of the author and do not necessarily represent the views of SGV & Co.
Christian G. Lauron is the Financial Services Organization (FSO) leader of SGV & Co.
