Regulatory Changes Affecting Financial Services in 2026

Regulatory change in 2026 is heavily focused on AI governance, digital assets and payments, operational resilience, and recalibrating the prudential burden on banks and other financial institutions. Supervisors are widening the regulatory perimeter to capture fintechs, critical third parties, and new crypto activities, even as some jurisdictions pursue targeted deregulation to support competitiveness and innovation.

Cross‑Cutting Regulatory Changes in 2026

Regulators are concentrating on four global shifts: AI governance, digital assets and payments, climate/ESG, and systemic interconnectedness between banks and non‑banks. While high‑level standards remain global, implementation is fragmenting, with the U.S., EU, UK, and Asia–Pacific taking distinct approaches to risk, growth, and innovation.

Authorities are also expanding the regulatory perimeter to cover crypto asset firms, buy‑now‑pay‑later providers, and critical third‑party tech vendors, bringing them under conduct, prudential, and resilience requirements. This shift means activities once considered “unregulated” are increasingly subject to licensing, reporting, and supervisory scrutiny.

Banking and Prudential Regulation

In the U.S., 2026 continues a trend toward targeted supervisory reform and modest prudential relief, including efforts through the Economic Growth and Regulatory Paperwork Reduction Act (EGRPRA) review to streamline outdated rules and reduce paperwork burdens. Regulators are expected to finalize a revised Basel III Endgame package that largely maintains overall capital levels but softens operational‑risk and credit‑risk elements that were seen as overly punitive, particularly for fee‑dependent banks.

Proposals include refining CAMELS ratings and supervisory processes to focus more on demonstrable safety‑and‑soundness concerns and potentially recalibrating the community bank leverage ratio and community bank definitions to ease constraints on smaller institutions. At the same time, supervisors are not stepping back from high‑risk areas like liquidity, interest‑rate risk, and concentration risk, especially given the growth of private credit and market‑based finance.

Digital Assets and Payments

U.S. digital‑asset policy is pivoting from an enforcement‑led posture to a more structured regime that aims to integrate digital assets into the regulated financial system. Banking regulators have withdrawn prior guidance that effectively discouraged banks from engaging with digital assets and have issued new guidance clarifying and expanding permissible activities in tokenization, custody, and stablecoins.

The Digital Asset Market Clarity Act (CLARITY) would create a comprehensive regime for digital‑asset brokers, dealers, and exchanges, and clarify when crypto asset transactions are treated as securities, alongside new “innovation exemption” or sandbox concepts and a potential “super app” registration category. In parallel, rulemaking is expected under the U.S. Stablecoins Act (GENIUS Act) to facilitate stablecoin implementation, new trust‑bank charters for fintechs, and even central bank account access for certain non‑depository entities, which will reshape competition in payments and settlement.

AI, Technology, and Operational Resilience

Supervisors are rapidly elevating expectations around AI governance, with 2026 guidance focusing on model explainability, bias management, human‑in‑the‑loop oversight, and alignment of AI use cases with existing risk‑management frameworks. Global and regional regulators are signaling that AI used in credit underwriting, trading, surveillance, and customer interactions must be subject to the same rigor as other high‑risk models, not treated as experimental tools.

At the same time, regulators are hardening requirements around information and communication technologies (ICT) and cyber risk, building on recent outages and attacks by imposing stricter operational‑resilience, incident‑reporting, and third‑party‑risk rules across banks, asset managers, and financial market infrastructures.

The Financial Conduct Authority, Bank of England, and Prudential Regulation Authority have jointly signed a Memorandum of Understanding (MoU) in January 2026, with the European Supervisory Authorities to strengthen cooperation and coordination in overseeing critical third parties (CTP) under the UK’s CTP regime. The MoU creates a framework for sharing information and aligning oversight activities with the EU’s Digital Operational Resilience Act (DORA) for critical ICT third-party providers (CTPPs), including collaboration during major incidents such as cyberattacks or operational disruptions.

Conduct, AML, and Consumer Protection

Authorities continue to refine anti‑money‑laundering (AML) and sanctions frameworks, with 2026 priorities including better alignment of BSA/AML expectations with risk‑based supervision and curbing “de‑banking” driven by defensive risk aversion. This includes renewed attention to supervisory transparency and examination practices, as well as broader BSA/AML reform efforts that seek both burden reduction and more effective enforcement.

Consumer‑protection and market‑conduct changes include ongoing implementation of UK Consumer Duty expectations, the European Securities and Markets Authority (ESMA) updates to client‑money, conflicts‑of‑interest, and remuneration rules for asset and private‑markets managers and strengthened safeguards in payment‑services regulation. In many jurisdictions, regulators are also refining disclosure, labeling, and data‑use requirements for ESG and sustainable‑finance products as they move from voluntary frameworks to enforceable standards.

Prepare for a Strong Future with Citrin Cooperman

As regulatory expectations move from planning to implementation, now is the time to assess your firm’s readiness. Connect with Oren Bossin or Citrin Cooperman’s Financial Services Industry Practice to explore practical strategies for strengthening governance, improving resilience, and navigating regulatory change with confidence.