Global foreword

As we enter 2026, governments and regulators worldwide are recalibrating financial regulation and supervision in pursuit of their own objectives. This is no “big bang” liberalisation.¹ Policymakers are trying to reconcile three powerful, sometimes competing, forces: economic growth challenges, rapid innovation, and a difficult risk outlook. This outlook is increasingly characterised by hybrid risks that cut across financial, operational, technological and geopolitical domains.  

Growth and productivity remain modest in many advanced economies, with inflation lower but still sticky in places. General-purpose technologies adopted by regulated institutions, chiefly Artificial Intelligence (AI) and blockchain, promise efficiency and growth but introduce new risks and vulnerabilities. A more volatile geopolitical and trading environment complicates cross-border finance and policymaking. The result is a regulated world in motion: deregulation in some places, simplification in others, new guardrails elsewhere, and divergent speeds and approaches to policymaking.  

Boards and senior management will need to assess how these complex political, economic and regulatory forces reshape their strategies and priorities. A clear risk appetite should steer strategic choices such as investment, technology selection, and operating models in this unpredictable environment. The importance of subsidiary boards is also expected to grow, as diverging global rules, geopolitical considerations, and distinct market conditions elevate the value of decisions taken at local levels. Opportunities will undoubtedly emerge, yet identifying and capturing them may be harder than usual.  

The great regulatory recalibration - within limits 

A familiar question is back with new urgency: can regulation protect consumers and stability without hindering innovation and growth? National competitiveness is an explicit political aim across many jurisdictions and regulators themselves may often be drawn in to support it. In response, there will be targeted deregulation rather than any wholesale rollbacks. The emphasis is on simplification and “right-sizing”, although with regional variations in pace and methods.  

The UK’s Financial Services Growth & Competitiveness Strategy seeks to “rewire the financial system to boost growth”, including reforms to consumer redress and bank capital policy.^{2 3} Simplification, some of which amounts to targeted deregulation, is a core EU objective for 2026, with the Digital and Sustainability “omnibus” packages designed to streamline rulebooks. A similar dynamic is clear in the EU’s Anti-Money Laundering agenda. By establishing a EU-level supervisor and moving to a single rulebook, policymakers are seeking to simplify a fragmented system, shifting the emphasis - at least in theory - to more consistent, proportionate and effective outcomes. While some simplification initiatives may lead to regulatory relief, it will likely be slow and selective. Overall, areas such as digital assets, operational resilience, and AI will likely attract more, not less, oversight. 

In the US, the pendulum has swung more visibly, if selectively, towards focused rulemaking and supervision. Where new rules emerge (e.g., for stablecoins under the GENIUS Act), the aim is legal clarity and an accommodating posture.⁴ Some states such as New York and California continue progressing with new rules, notably on consumer protection and the intersection of innovation (including AI), even as federal authorities shift towards refining, recalibrating, or reversing existing rules.⁵ Divergence also persists across sectors - insurance specifically remains under significant supervisory pressure while new regulatory agency heads across banking and capital markets regulators are laying out their priorities and are expected to continue doing so. Whatever the policy direction, supervisory remediation will remain a central feature and, in some cases, may clear regulatory hurdles to further growth through organic expansion or acquisitions.  

Asia Pacific (AP) authorities are favouring tactical streamlining and targeted interventions to remove duplication of regulations, especially for smaller firms, while taking a measured approach to the regulation of emerging technologies to balance innovation and risks.  

For firms, the effects will vary. Some changes will ease balance sheet constraints, freeing capital and managerial bandwidth for growth initiatives. Others may cause burdens for international firms as “simplification” of and varying local approaches to regulations will likely yield diverging compliance requirements and IT changes across markets.  

Mobilising retail savings - promise and prudence 

Governments want deeper domestic capital pools to fund innovation, defence, infrastructure, and better retirement outcomes. With limited fiscal headroom, there is growing emphasis on harnessing retail savings to drive these critical investments.  

The EU is pulling multiple levers to achieve these objectives. In particular, the Savings and Investments Union (SIU), aims to channel retail investment into productive assets, including via tax-advantaged investment accounts, and harmonise capital markets across the bloc.⁶ The Retail Investment Strategy, aligned with the SIU, aims to safeguard and empower retail investors.⁷ The UK is redrawing the advice–guidance boundary to enable “Targeted Support” to launch in 2026.⁸ US policymakers are exploring broader access to private assets in retirement plans. Across AP, similar moves are underway to incentivise household investments in capital markets: Japan is expanding the Nippon Individual Savings Account, its tax-exempt retail investment programme, and Hong Kong SAR’s electronic Mandatory Provident Fund Platform is digitising pensions to cut fees and widen choice. 

Yet, investment rhetoric is marching alongside rigorous consumer protection. In the UK, the Consumer Duty’s fair-value tests and the motor-finance redress programme are reminders that distribution risk can quickly turn profits into significant costs.⁹ The EU’s retail package couples simpler investment journeys with tighter inducement and disclosure rules. Across AP, similar market-building and safeguarding measures are advancing in tandem, from anti-scam drives in Singapore and Hong Kong SAR to design-and-distribution obligations and trustee accountability in Australia. The US continues to leverage existing guardrails, such as fiduciary duties for pensions and investment managers, and established enforcement practices, including at the state level. 

Globally, strategies that take advantage of retail inflows must be inseparable from product-governance discipline: clear propositions, fair value evidence, granular outcomes data, and swift issue resolution. The prize is larger capital pools. The price of admission is demonstrable trust.

Private credit – booming, but casting long shadows  

As policymakers encourage savers to invest, including in private markets, the supervisory spotlight is shining more brightly on the sector. Private credit is now a global force, with global assets under management reaching ~$2.5trn in 2025.¹⁰ In the US alone, the market has grown from ~$46bn in 2000 to ~$1trn in 2023.^{11 12} In comparison, the AP market remains smaller, but has nevertheless increased more than six-fold over the last decade.¹³ Europe's private credit market has also expanded significantly, reaching €0.43trn in 2024, up from €0.15trn in 2014.¹⁴ 

This explosive growth is prompting supervisors globally to demand greater visibility – on valuation, leverage, liquidity, and interconnectedness with the wider financial system – in this largely bilateral, opaque market. Andrew Bailey, Bank of England (BoE) Governor and Financial Stability Board Chair, recently noted that US corporate collapses carry worrying echoes of the Great Financial Crisis. He highlighted the resurgence of familiar, risky practices – tranching and complex loan warehousing – while the BoE Deputy Governor for Financial Stability also raised concerns over weak underwriting standards.¹⁵ In the UK, the BoE has launched a system-wide exercise to map vulnerabilities.¹⁶ 

A focal point for regulators everywhere will be understanding the multi-faceted ties between private markets and banks, insurers, and pension funds. This includes scrutinising the reinsurance mechanisms that transfer long-dated liabilities into less transparent assets. The UK has set supervisory expectations to limit links between funded reinsurers investing in private credit and UK insurers.¹⁷ Bermuda now requires prior approval for long-term block deals and stronger liquidity guardrails. 

AP authorities are signalling a similar shift in approach. In Australia, supervisors are pressing boards of superannuation funds to strengthen valuation governance and stress-testing practices. The Australian Securities and Investments Commission’s (ASIC) 2025 review of private credit markets flagged opaque fee structures, conflicts, and confusing terminology. New guidance and a roadmap of Australia’s approach to implementing the results of this review was released by ASIC in November 2025.¹⁸  

The US regulatory stance on private credit has shifted significantly. The current administration, diverging from its predecessor's focus on enhanced data collection, largely attributes the sector's growth to regulatory constraints on traditional banking. While acknowledging that the sector warrants monitoring, new federal regulations remain improbable, absent a systemic crisis.¹⁹ This contrasts with intensifying state-level scrutiny of life insurers, where the National Association of Insurance Commissioners is actively pushing for greater transparency, disclosure, and weighing the need for enhanced regulatory capital. 

Global supervisory scrutiny of private markets, particularly private credit, will likely intensify through 2026. This will specifically target banks, insurers, and pension funds active in the sector, demanding robust evidence of their risk identification, management, and data aggregation capabilities. Yet, firm-level oversight alone risks obscuring system-wide vulnerabilities, making system-wide stress tests crucial. 

The tower of Basel?  

In our view, the fracturing global consensus is increasingly evident in the evolution of bank capital standards. The Basel framework, once the capstone of post-crisis cooperation, is firmly in the political crosshairs. The US has delayed its "Endgame" implementation, with a re-proposal expected in H1 2026 alongside separate proposals for further changes to global systemically important bank surcharges, stress tests, and enhanced supervisory leverage ratios.²⁰ The ripple effects are global.  

The EU and UK have already deferred implementing the Fundamental Review of the Trading Book (FRTB) until January 2027. The UK is now consulting on a further delay to 2028 for implementation of the FRTB’s Internal Models Approach, while the EU may adopt relief measures for FRTB which could significantly limit any increases in market risk capital requirements until January 2030.^{21 22} 

Basel implementation elsewhere also varies. Switzerland and Canada have fully adopted the standards. In contrast, the AP region remains fragmented: China (Mainland) (“China”), Japan, Hong Kong SAR, and Singapore have fully implemented, while Australia remains a partial adopter, having delayed FRTB and Credit Valuation Adjustment implementation. Elsewhere, progress in other emerging economies is slower. 

The substance of what will emerge in the US is as uncertain as its timing. If US rules are re-scaled, how far might they diverge from the agreed Basel standards? Should the US ultimately decline to implement FRTB, jurisdictions yet to implement will likely pause, while those that have implemented will face difficult decisions about how to proceed. For bank boards, this complicates capital planning and strategic capital allocation. The practical answer is scenario-based capital planning across multiple regulatory paths, plus strategic optionality based on business mix, footprint, and market participation.  

More fundamentally, delayed and inconsistent implementation places the original purpose of the Basel framework (i.e. strengthening global financial stability through robust, risk-sensitive capital requirements) under strain. Fragmentation also risks introducing new systemic vulnerabilities and creating openings for regulatory arbitrage. 

It also raises broader questions about how governments, central banks, and regulators might react to future global shocks, from private credit stress to major operational incidents. While a globally coordinated response, as seen during the Global Financial Crisis, remains the central case, it should not be taken for granted. Firms in their scenario testing may increasingly need to consider the implication of a shock resulting in disjointed, potentially conflicting, national interventions. Regulators may be contemplating similar scenarios and, consequently, may press local or regional entities to operate more autonomously, thereby creating redundancies across areas such as funding, liquidity, and IT systems. 

Digital assets – from edges to mainstream  

Digital assets and blockchain technologies are transforming both the investment and payments landscape. On the asset side, we see continued efforts to harness these innovations to streamline securities issuance, trading, and settlement, enabling fractional investment and thereby improving access for retail investors. Yet this year, we expect the main step change to be on the payment side, with stablecoins and tokenised deposits emerging as industry priorities, driven by the promise of faster, cheaper, and programmable payments. Stablecoin issuance has surged and real-world use, though nascent, is growing. Strategic focus and legislative clarity in the US are catalysing a USD-dominated global market. The UK is accelerating in response, while Japan, Korea, Hong Kong SAR, Singapore and EU regimes are already live, with local currency coins emerging across AP and Europe. 

Tokenised deposits are advancing in parallel within existing banking rules, poised to coexist with stablecoins. Anchored on bank balance sheets, they offer lower counterparty and reputational risks - suited to corporates moving cash across subsidiaries or settling wholesale tokenised-asset transactions. Stablecoins, leveraging public blockchains, suit cross-border retail and business-to-business flows. The strategic prize is interoperability: seamless transition between the two could amplify adoption. 

Two obstacles remain: domestic stablecoin regimes lack full clarity on their treatment of foreign-issued stablecoins or cross-border flows, and tokenised deposits mostly run on institution-specific rails, limiting scalability. Bank strategies could diverge. Universal banks may need capabilities in both instruments; corporate banks may favour tokenised deposits; retail and global payments players may prioritise stablecoins.  

Retail central bank digital currencies, however, show more measured and mixed momentum, though progress in key jurisdictions (e.g., China and India) could shift regional or global dynamics. Monitoring and analysing their interplay with stablecoins and tokenised deposits is crucial to inform strategic responses. 

Artificial Intelligence - you can go fast, if you have the right guardrails 

AI adoption shows no sign of slowing, although scaling and demonstrating clear returns remain key challenges. Policymakers, keen to foster innovation and growth, are expanding sandboxes and industry collaborations to support safe AI use. However, as adoption grows, 2026 will likely bring firmer supervisory scrutiny. As AI becomes more deeply embedded in core business processes and decision-making, supervisors will look for rigorous testing, comprehensive documentation, measurable outcomes, and board-level accountability. The AI agenda connects directly to operational resilience and the growing reliance on third-party providers, themes explored further below. 

The EU AI Act will likely see its compliance deadline for high-risk systems extended by up to 16 months from its original August 2026 date.^{23 24} This delay, necessary to finalise technical standards and provide regulatory clarity, offers firms breathing space, but no room for complacency. Financial supervisors in the EU and UK are also tightening scrutiny under existing and technology-neutral prudential, operational resilience, conduct, and accountability frameworks. A critical gap remains: systemic and concentration risks stemming from foundation AI model providers are not yet fully captured by existing regimes. For now, firms should calibrate AI adoption strategies, set a clear risk appetite for exposure to these risks, and build governance that supports responsible experimentation and scaling within their risk tolerances.  

In the US, AI regulations are decentralised with authorities at both the state and federal level issuing rules and frameworks for the technology. Federal initiatives, such as the proposed Unleashing AI Innovation in Financial Services Act, aim to spur adoption, but must contend with growing supervisory demands for governance and oversight.²⁵ States are moving too: Colorado's law for high-risk AI systems takes effect in 2026, while New York's Department of Financial Services has already issued guidance on third-party contractual controls, with further banking-specific directives anticipated.²⁶ Ultimately regulators across the financial sectors at the federal and state levels will continue to diverge in the short-term.  

AP is equally diverse. Some jurisdictions are legislating, others are adapting privacy and cybersecurity frameworks or issuing AI guidance, reflecting different national security and innovation priorities. South Korea, for instance, is moving towards mandatory requirements for transparency, oversight, and risk-based obligations. Hong Kong SAR and Singapore favour voluntary guidance. Singapore's Monetary Authority is promoting good practices and consolidating AI use cases, while simultaneously signalling a move towards stricter supervisory expectations.

Despite regional differences, regulators globally share a common goal: to foster innovation without diluting risk-based oversight. The core principle is that new capabilities, including Generative or agentic AI, must not override sound risk management. Firms can adopt AI quickly, provided they invest in essential capabilities and safeguards: a clear risk appetite, strong internal controls, robust risk management, and, crucially, accountability for outcomes. 

Operational resilience – efficiency meets reality 

Operational resilience, including cybersecurity, is a board-level imperative globally. The rapid adoption of innovative technologies – such as AI, and looking further ahead, quantum computing - is amplifying the urgency. One particular concern for regulators worldwide is the growing concentration risks in critical digital infrastructure. These concerns also link to geopolitical shifts, prompting some countries to reduce reliance on cross-border AI, data, and technology stacks. This aims to strengthen supply chain resilience and lessen reliance on others. However, these efforts could also complicate global firms’ efforts to build and maintain integrated resilience plans and scale and deploy AI systems across markets.

UK, EU, and Australian regimes were fully embedded in 2025, with stricter supervision looming. Hong Kong SAR banks face a May 2026 deadline. In the US, federal banking agencies have long supervised third-party service providers, including technology providers, and US state authorities (e.g., New York) are also intensifying third-party risk scrutiny. Oversight of critical third parties in the UK (subject to their designation) and EU also commences in 2026. 

Despite varying specificity from prescriptive EU rules to principles-led but exacting UK/Australian demands, frameworks converge on core capabilities: mapping services and dependencies, scenario testing, incident management and third-party governance. For cross-border groups, various regulatory demands often require replicating evidence, reporting, and operational playbooks, even where underlying capabilities are shared. Coupled with an ever-evolving threat landscape, operational resilience becomes a continuous endeavour.  

Boards face a dilemma in vendor selection: major players offer superior tooling and economies of scale but concentrate risk. Diversification enhances failovers but raises complexity and costs. The key is to weigh disruption costs – financial, reputational, regulatory fines – against mitigation investments, treating resilience as a strategic capability.  

Firms should ensure impact tolerances genuinely reflect customer expectations, validated through operational exercises to ensure issues are resolved or backed by remediation plans. Effective contingencies are essential, including the ability to access data when needed (e.g. through secure copies of information in other locations) and handle demand spikes. Multi-cloud strategies should provide genuine portability and failover capabilities. Crucially, aligning with supervisory expectations and engaging authorities early can help minimise potential costly setbacks later.  

Final considerations 

The regulatory landscape is undergoing a complex recalibration as authorities pursue growth and innovation amidst a challenging risk and geopolitical outlook. This profound shift involves deregulation in some areas and streamlined regulation in others. The result is a more fragmented regulatory and supervisory environment as authorities pursue their own objectives and global coordination recedes. 

In parallel, novel risks are emerging or intensifying, from Generative and agentic AI and digital assets to operational resilience and geopolitical challenges. While new regulations aim to address some areas, others will likely see increased supervisory focus. This confluence of global regulatory divergence, rapidly evolving risks, and shifting supervisory expectations will make the landscape more complex for firms to navigate. 

Still, boards and senior management should also consider the opportunities these shifts create, capitalising on the growth and innovation governments aim to stimulate. As firms respond, the growing importance of subsidiary boards will require governance frameworks that ensure local decisions align with group-wide aims, even as local regulatory and market conditions vary. 

Against this backdrop, risk appetite takes an ever more important guiding role. Firms need to have a full appreciation of the scale, complexity, and trajectory of future risks, and clarity on the boundaries within which they intend to compete, innovate, and invest. Proactively defined risk boundaries and tolerances should guide key decisions, including on investment, pricing, technology, partnerships, product design, and market entry or exit, rather than merely controlling outcomes retrospectively.