View of illuminated skyscrapers above the clouds in Dubai

Four regulatory priorities to drive financial institutions' focus in 2025

A fragmenting global landscape and intensifying scrutiny of firms’ plans for managing disruptive events are among the key issues for firms.


In brief

  • Geopolitical changes are leading to a fragmented regulatory landscape, increasing costs and complexity for international firms.
  • Regulators are concerned about firms’ resilience, third-party IT dependencies, and exposure to risks from non-bank financial institutions.
  • Firms will face pressure to ensure good consumer outcomes, remediate weaknesses quickly, and demonstrate strong governance and risk management.

The ground beneath the feet of banks and financial services firms is always shifting. However, the past year has seen a convergence of risk factors that together make the outlook for 2025 particularly uncertain.

Globally, elections – culminating in the US election on November 5 – have provided a key vector for change, pushing policy in new directions that directly impact the role of the finance industry. Increased trade and geostrategic friction between the US and China appear baked in for 2025, alongside much greater use of tariffs. Risks in the Middle East and Ukraine remain elevated, while continuing concerns in many economies over weak growth and lingering inflation are likely to see financial firms drawn deeper into governments’ growth and foreign policy agendas.

For firms facing such a broad array of pressures, especially those operating globally, resilience and risk management have never been more vital.

Global Financial Services Regulatory Outlook

Use the insights and predictions from our Global Regulatory Network to prepare your firm’s regulatory strategy for 2025. 

Key issues for 2025

Against this background, there are a few key issues at the forefront of regulators’ agendas. Our 2025 Global Financial Services Regulatory Outlook identifies four key themes that will play out over the coming year.

1. Regulation that prioritizes national interests will drive greater fragmentation.

Domestic political agendas rather than international coordination efforts will increasingly shape regulation. Although efforts to coordinate internationally will continue, we expect policymakers to prioritize country-specific approaches to issues including financial stability, digital assets, artificial intelligence (AI) and data governance. In important areas, such as the Basel 3.1 banking reforms, the effects are already becoming clear, with rules being implemented in different forms and at different speeds around the world. In some jurisdictions, we may see increased pressure for deregulation and concerns about international competitiveness. That may drive local advantage and arbitrage scenarios, but for firms operating globally, it may also increase fragmentation and cost.

We may also see countries adopt different standards on innovation or technology, for example in relation to AI regulation or if the US takes a more open stance on crypto tokens. 

AU

CAN

CN

EU

HK

JP

SG

KR

GBR

US

Law

EU AI Act or similar

Principles

Guiding Principles/Ethics Framework/Code of Conduct

Digital policies

AI-related risks considered in digital policies (i.e., data cyber, operational resilience)

FS specific initiatives

FS specific guidance/initiatives

Key:  Present    Not present   Proposed under consultation

Recommended actions for firms

  • Invest more in political and regulatory monitoring to anticipate changes and develop strategies to protect their businesses.
  • Use scenario planning to explore the implications of different outcomes.
  • Identify local divergences in regulation and address the resulting risks, while combining insights at the global level to gain a whole-market view.

2. Resilience remains a priority. In particular, expect increased scrutiny of third-party and non-bank risk exposures. 

Among the external threats facing financial firms, regulators will focus on two areas in 2025: third-party and non-financial risk. The CrowdStrike outage in 2024, a major cybersecurity incident involving one of the leading providers of endpoint security solutions, brought the operational risks that firms face because of their technology dependencies into much sharper focus. This is especially the case where many firms depend on the same small group of providers. The Basel Committee is calling for a more rigorous approach to “critical third parties” and financial regulators in some jurisdictions are preparing to extend their oversight to technology suppliers.

There will also be increasing focus on non-bank financial institutions (NBFIs), which now account for almost half the assets in the global financial system. Regulators are concerned that concentrations of risk in these firms, some of which offer “bank-like” products and services, could spill over into the regulated sector and destabilize systemically important institutions. The lack of data transparency in the private credit market is a particular concern.

Beyond these issues, regulators will also concentrate on resilience to climate risks and measures to strengthen their anti-money laundering and combating the financing of terrorism (AML and CTF) regimes.

Recommended actions for firms

  • Map exposures to third-party technology providers and revisit risk mitigation measures.
  • Prepare for greater supervisory scrutiny of risk management and exposures to less transparent markets such as private finance, where regulators will be concerned about counterparty, concentration and liquidity risks.
  • Ensure financial crime initiatives have an appropriate level of oversight, with clearly defined roles and responsibilities.

3. Securing good outcomes for consumers will continue to play a prominent role.

With consumers still adapting to recent sharp rises in the cost of living, regulators’ focus on ensuring financial resilience and good consumer outcomes will increase. The UK’s adoption of the Consumer Duty in 2023 – effectively a duty of care toward retail customers – has attracted attention around the world, with several national regulators preparing to ramp up their consumer protections.
 

Firms in many jurisdictions should also expect increasing pressure to promote greater financial inclusion and enhance fraud prevention. Regulators are likely to require firms to ensure their products and services meet the needs of low-income households and to prioritize measures that help consumers with limited credit histories access loans and other products. With fraud and retail scams becoming increasingly sophisticated, there is likely to be increasing pressure to inform consumers of the risks and introduce extra prevention measures. 

Recommended actions for firms

  • Understand how regulators may view the principle of fairness and be prepared to demonstrate how they are delivering in customers’ interests.
  • Demonstrate how their products and services cater to the needs of specific customer groups, including vulnerable customers.
  • Help customers understand common fraud and scams, and use technology to monitor transactions, enhance security and verify customer identity.

4. Accountability and timely remediation of weaknesses to top regulators’ risk management agendas

The banking crisis of early 2023, a significant financial turmoil that saw the collapse of several major banks and financial institutions, highlighted two related issues that contributed to firm failures: long-standing risk management weaknesses that had gone unaddressed and failures to strengthen risk management and governance in line with the firms’ changing strategy and ambitions. Although not new, this episode continues to influence regulatory agendas.

In 2025, supervisors will likely double their focus on timely remediation of known weaknesses and put greater pressure on boards to make sure they have effective oversight of firms’ risk management frameworks. Regulators are becoming more specific about the issues they want to see addressed and are demanding that firms show they can monitor and respond to a fast-changing operating environment.

Recommended actions for firms

  • Conduct regular testing to allow them to anticipate emerging issues.
  • Explore how advanced technologies such as data analytics and AI can help them predict future issues.
  • Ensure governance arrangements give board members sufficient oversight of the firm’s risk environment.

Governments see the finance sector as key to delivering economic and social objectives, so firms must engage with their agenda to contribute insights and understand the issues driving policymakers’ and regulators’ thinking. They must also be prepared to demonstrate that their risk management is flexible and responsive to a changing environment, and that they have the data and tools to deliver against regulators’ priorities. In 2025, these will include critical dependencies, contagion risks and consumer outcomes. 

Summary

Going into 2025, regulators will expect firms to be prepared for market disruption and volatility, while delivering good outcomes for customers. The onus is on firms to prove their risk management and governance arrangements are agile and robust enough to meet these concerns.

2025 global regulatory outlook webcast

Join EY Global Regulatory Network panelists as they share insights from the Outlook and discuss what to expect and prepare for in the year ahead.


About this article

Authors