The formal bidding process to host AMLA, the new EU central AML/CFT supervisor, opened in September 2023. At least 10 Member States, including Ireland, are expected to submit applications before the 10 November 2023 deadline. Negotiations are continuing on how the final location decision will be made, and how involved the European Parliament will be in making that decision. Trilogue negotiations on the AMLA Regulation, the related proposed AML Regulation (single rulebook) and the related proposed AML Directive took place in May, June and July 2023. Further trilogues are needed, but dates have not yet been set.


Commission Delegated Regulation (EU) 2023/2070 adding Cameroon and Vietnam to the list of third-country jurisdictions which have strategic deficiencies in their AML/CFT regimes comes into force on 18 October 2023.


The European Central Bank’s public consultation on its Guide on effective risk data aggregation and risk reporting (RDARR) closes on 6 October 2023.

The draft guide sets out the ECB’s supervisory expectations for governance and risk management and shares best industry practices, and the ECB has emphasised its expectations that banks step-up their efforts and improve their capabilities in this area. It views progress made by significant institutions as being insufficient, and notes that RDARR is not being given appropriate attention. It identifies 7 key areas as being key to robust governance and effective processes for the identification, monitoring and reporting of risks: the responsibility of a bank’s management body; the scope of application of the data governance framework; key roles and responsibilities for data governance; the implementation of a group-wide integrated data architecture; the effectiveness of data quality controls; the timeliness of internal risk reporting; and implementation programs.


The Basel Committee on Banking Supervision’s public consultation on changes to its core principles for effective banking supervision is open for feedback until 6 October 2023. The last substantive update was in 2012.

The BCBS is proposing changes to both the structure and contents of the core principles in the areas of financial risks; operational resilience; systemic risk and macroprudential aspects of supervision; new risks, including climate-related financial risks and the digitalisation of finance; non-bank financial intermediation; and risk management practices.

It has also published a comparison between the 2012 and proposed 2023 versions of the core principles.


Commission Implementing Regulation (EU) 2023/2056 amending the implementing technical standards (ITS) in Commission Implementing Regulation (EU) 945/2014 comes into force on 17 October 2023.

Commission Implementing Regulation (EU) 945/2014 contains ITS setting out relevant appropriately diversified indices for the purposes of calculating the capital requirements for equity risk according to the standardised rules. The ITS list the exchange-traded and appropriately diversified indices for which specific risk can be ignored. The new Commission Implementing Regulation will replace the Annex to Commission Implementing Regulation (EU) 945/2014, which lists the stock indices.


Commission Implementing Regulation (EU) 2023/2083 enters into force on 19 October 2023. It contains ITS specifying the templates that should be used by credit institutions for the provision of information to credit purchasers when selling or transferring non-performing loans (such as information on the counterparty, the loan and the historical collection of repayments) following transposition of the EU Credit Servicing Directive.

The European Banking Authority’s public consultation on draft guidelines on the establishment and maintenance of national lists or registers of credit servicers under the EU Credit Servicing Directive runs until 26 October 2023.

The draft guidelines set out the types of information that the national lists or registers will need to include. It is unlikely to result in significant adjustments to the format currently used by the Central Bank but depending on feedback to the consultation, minor adjustments may be needed.


The European Banking Authority has just published its annual work programme for 2024. Headline priorities include:

  • Basel III/EU banking package (CRR III and CRD VI): the EBA will prioritise “its contribution to the timely and faithful implementation of the outstanding Basel III reforms in the EU”. Alongside that, the EBA is not yet clear on the number of mandates it will have once negotiations on the CRD III / CRD VI package complete (expected in Q4 2023) but the number it is likely to be in excess of 100, with many due by the end of 2024. Once the EBA has more clarity on that, it may adjust its 2024 priorities accordingly.
  • ESG: it will develop a climate stress test (including a once-off climate sector stress test) and will continue to develop its ESG risk monitoring framework to enable it to monitor ESG risks in the banking sector and the development of the green financial market.
  • DORA: the European Supervisory Authorities are collectively responsible for 13 legal mandates under DORA, and the EBA is getting ready for its oversight work of critical ICT third-party providers.
  • Markets in Crypto Asset Regulation (MiCA): the EBA is responsible for 20 sets of technical standards and guidance under MiCA (two of which are jointly allocated to the EBA and ESMA, and one of which is allocated to all three ESAs jointly). It is also beginning work on supervisory policies and procedures, forms, templates and a supervisory handbook for its supervision of issuers of significant asset-referenced tokens (ARTs) and e-money tokens, which will start in December 2024.
  • AML/CFT: it will continue to prepare for the transfer of functions to AMLA, the new EU central AML supervisor, once it is established (later in 2024 than originally planned).
  • EU Credit Servicing Directive: it will continue work on its mandates under this Directive, which is due for transposition on 29 December 2023.


ESMA has also published its Work Programme for 2024, with an overarching focus on the green transition and digital change. Priority areas include:

  • Supervision: guidelines on internal controls to trade repositories (TRs), data reporting services providers (DRSPs) and securitisation repositories (SRs); and guidelines on periodic information and notification of material changes to be submitted to ESMA by (a) TRs, DRSPs and SRs and (b) benchmark administrators.
  • Sustainable finance: technical standards under the EU GBS and the Credit Rating Agencies Regulation (CRA Regulation); a final report to European Commission on greenwashing; a common supervisory action (CSA) on ESG disclosures in benchmarks; the annual ESA report on the extent of voluntary disclosures of principal adverse impact in the Sustainable Finance Disclosures Regulation (SFDR); possible guidance and Q&As for sustainability disclosures under the SFDR; and possible technical standards on marketing documents under SFDR.
  • Securitisation Regulation: a Joint Committee report under Article 44 on the functioning of the Securitisation Regulation (this will cover Article 5(1)(e) following the industry letter from (among others) AFME, the ICMA, AIMA and ISDA, sent to the ESAs on 9 December 2022 (here)); guidance on due diligence rules under Article 5 of the Securitisation Regulation; and ongoing reviews of the adequacy of the disclosure templates.
  • MiCA: technical standards and guidelines specifying rules on (a) the authorisation, governance and operation of crypto asset service providers (CASPs); (b) market integrity requirements applicable to crypto-asset markets; (c) the content and format of information to be published by CASPs and issuers; and (d) cooperation between ESMA, EBA and national competent authorities. Additional focus will be given to continued implementation of the market integrity regime under MiCA. ESMA will start developing a public register to provide information to investors related to (i) crypto-assets white papers, (ii) issuers of ARTs and e-money tokens, and (iii) CASPs.
  • DORA: in cooperation with the other ESAs, deliver the remaining technical standards including those on information and communications technology (ICT) risk management and a feasibility study for the establishment of a single EU hub for centralising major ICT-related incidents reporting. ESMA and the ESAs will continue to prepare for the oversight function of critical ICT third–party service providers.
  • DLT Pilot Regime: continued opinions on applications for operating DLT Market Infrastructures, including the assessment of compensatory measures; first annual report to the Commission on the practical application of the regime; and work on guidelines to promote the consistency and proportionality of exemptions granted to operators of DLT market infrastructures.
  • European Single Access Point: technical standards on the tasks, collection bodies and functionalities.
  • Retail Investor Protection: a CSA on MiFID II requirements on suitability/sustainability; and a report on the 2023 CSA and mystery shopping on marketing communications.
  • Investment Management: technical standards and guidelines based on mandates from the reviews of AIFMD and the UCITS Directive; annual update of guidelines on MMF stress testing; technical advice on the revision of the UCITS Eligible Assets Directive; and a CSA on sustainability. The Commission’s review of the PRIIPs Regulation and SFDR may give rise to additional single rulebook work within the Joint Committee.
  • Issuer Disclosure: regulatory technical standards (RTS) on ESEF for taxonomy on sustainability information; the annual amendments to the RTS on ESEF, ESEF XBRL Taxonomy files; guidelines on enforcement of sustainability reporting; and an update to the ‘acting in concert’ whitelist.
  • Central Securities Depositories Regulation: report on CSD settlement efficiency and internalised settlement; deliverables arising from CSDR Refit; and annual reports to the Commission on various aspects of CSDR implementation.
  • CRA Regulation: revised technical standards for credit rating methodologies; a report on whether ESG risks are appropriately reflected in CRA methodologies; a report on impediments to availability of credit assessments by ECAIs; and guidance on governance expectations.
  • DRSPs: revised RTS on authorisation, organisational requirements and the publication of transactions; and annual assessment of the DRSP derogation criteria.
  • Trade Repositories: revised EMIR public data requirements following EMIR 3.0; and an annual report on the quality and use of transaction data.
  • Trading: additional mandates under EMIR 3.0. It also expects mandates to develop technical standards following the MiFIR review on equity and non-equity transparency; the requirement to provide market data on a reasonable commercial basis; data reporting; and on the consolidated tape provider. ESMA may be mandated to provide input in the area of commodity derivatives and derivatives on emission allowances. It may also need to amend the clearing thresholds depending on market developments or following a possible change in the calculation framework.
  • Market integrity: technical advice, reports and/or draft technical standards following the review of the Market Abuse Regulation; an annual report on suspicious transaction order reports; guidance on the impact of social media on market surveillance and market integrity; ensuring a convergent implementation and application of the MiCA provisions from a market integrity perspective; and continued work on pre-hedging.


Key points to watch from a European Commission perspective between now and the 2024 European elections (following the recent State of the Union Address by President von der Leyen and subsequent comments from EU Commissioner Mairéad McGuinness) are:

  • Plans for legislative proposals in October 203 to reduce the reporting obligations at EU level for corporates by 25%.
  • Plans for every new piece of EU legislation to have a competitiveness check conducted by an independent board.
  • A planned review of the Benchmarks Regulation - the Commission sees a “need to reform the rules for third country benchmarks for good” and “will reduce the number of third-country benchmarks that are included…[and] will also reduce the number of EU administrators required to get a licence”.
  • The need for political agreement on:
  • Progressing the June 2023 proposals to revise the Payment Services Directive (with the emphasis being on fraud prevention), the Financial Data Access proposal (designed to give customers greater control over how their financial data is used) and the proposed digital euro (for more information, see European Commission: Financial data access and payments package and European Commission: Digital euro package).
  • Regarding sustainable finance, the Commission’s focus is moving to implementation of the first set of sustainability reporting standards under the Corporate Sustainability Reporting Directive – the Commission has asked EFRAG to focus on developing guidance on assessing materiality and reporting on valuation change (with draft guidance expected to be the subject of a public consultation shortly).
  • EU Commissioner Mairéad McGuinness has noted that the Commission wants to see agreement on the AML package “as soon as possible – though the right deal is more important than a fast one”.

Commissioner McGuinness also flagged recently that, looking ahead to the next 5 years, the following will feature in the Commission’s list of financial services priorities:

  • Non-financial intermediation (‘shadow banking’).
  • T+1 settlement, following the shortening in the US of the settlement lifecycle to T+1 next year.


EIOPA has published its revised single programming document 2024-26, which includes its annual work programme for 2024. Its operational priorities are set out under the following headings:

  • Integrating sustainable finance considerations across all areas of work.
  • Supporting the consumers, the market and the supervisory community through digital transformation.
  • Enhancing the quality and effectiveness of prudential and conduct of business supervision.
  • Ensuring technically sound conduct of business and prudential policy.
  • Identifying, assessing, monitoring and reporting on risks to the financial stability and promoting preventative policies and mitigating actions.
  • Ensuring good governance, agile organisation, cost-effective resource management and a strong corporate culture.

It also highlighted the volume of policy work that it is expected to deliver for a number of legislative initiatives, including the Solvency II review, the proposed Insurance Recovery and Resolution Directive, and DORA, as well as possible work stemming from the retail investment strategy.


EIOPA’s consultation paper on a supervisory statement on the supervision of reinsurance concluded with third country insurance and reinsurance undertakings closes for feedback on 10 October 2023. It outlines supervisory expectations regarding (a) assessment of the business rationale for using third-country reinsurance and early supervisory dialogue; (b) assessment of the insurance undertaking's risk management system regarding the use of third-country reinsurers; (c) assessment of the reinsurance agreement; and (d) tools to mitigate any additional risks.


The EBA’s consultation on draft Guidelines on the application of the group capital test for investment firm groups, aimed at addressing diversity in how the group capital test (GCT) is applied across the EU, closes on 25 October 2023. The GCT is set out in Article 8 of the Investment Firms Regulation (IFR) and the criteria for granting its use are set out in paragraphs 8(1) and 8(4) of the IFR. The draft Guidelines set qualitative and quantitative criteria that competent authorities should consider when assessing if the criteria set out in the IFR for receiving the permission to use the GCT are met.


ESMA’s first consultation package under MiCA ran until 20 September 2023 (that package dealt with proposed rules for CASPs related to their authorisation, identification and management of conflicts of interests and also how CASPs should address complaints).

The second consultation paper is expected in October 2023. It will cover sustainability indicators; business continuity requirements; trade transparency data and order book record-keeping; record-keeping requirements for CASPs; classification and templates and format of crypto-asset white papers; and public disclosure of inside information.

The third and final consultation paper is expected in Q1 2024. It will cover the remaining mandates with an 18-month deadline rather than a 12-month deadline. That paper is expected to cover qualification of crypto-assets as financial instruments; monitoring, detecting, and notifying market abuse; investor protection; reverse solicitation; suitability of advice and portfolio management services to the client; policies and procedures for crypto-asset transfer services, including clients’ rights; and system resilience and security access protocols.

The European Commission also asked for advice from the EBA by 30 September 2023 (see cover letter and call for advice) on key points to inform the preparation of Level 2 measures under MiCA, in particular:

  • Certain criteria for classification of ARTs and e-money tokens (EMTs) as significant by the EBA, the content and format of the information to be provided by competent authorities to the EBA and central banks on the classification criteria, and the procedure and timelines for the EBA’s decision on classification of ARTs as significant.
  • The type of fees that the EBA is empowered to impose on the issuers of significant ARTs and e-money tokens under MiCA. This includes the matters for which fees are due, the amount of the fees, the way they are to be paid and the methodology to calculate the maximum amount per entity that can be charged by the EBA.

That advice has just been published by the EBA here.

The EBA is also consulting on three sets of technical standards under MiCA, with comments sought by 12 October 2023. Those consultations cover:

  • Complaints-handling procedures for issuers of ARTs – the draft RTS set out definitions of “complaints” and “complainants”, requirements related to the complaints management policy and function, provision of information to holders of ARTs, templates for making complaints and communicating outcomes, procedures for investigating complaints, requirements to record complaints, provisions for complaints handling involving third-party entities.
  • In a combined consultation paper:
  • draft RTS on information for authorisation lay down the information requirements to be included when applying for authorisation – these deal with the business model, internal governance, ICT risk management, liquidity, asset reserves, and requirements around the reputation, knowledge, skills and experience of members of the management body and of shareholders with qualifying holdings; and
  • draft ITS setting out the standard application letter, the application template and the process for assessing completeness of the application by the competent authority.

As credit institutions are only required to receive approval to publish a white paper, the draft RTS and ITS do not apply to credit institutions.


The following updated ESMA Guidelines apply from 3 October 2023:

Guidelines on certain aspects of the MiFID II suitability requirements

Guidelines on MiFID II product governance requirements

Guidelines on certain aspects of the MIFID II remuneration requirements


ESMA plans to integrate its Q&A on MiFID II and MiFIR transparency topics into its new manual on post-trade transparency during October 2023.


E-money firms and payment institutions: Latest Central Bank Dear CEO Letter requires audit of compliance with safeguarding requirements), the deadline for completion of that audit is end-October 2023 (read our insights on the audit process here: Safeguarding requirements: more detail on audit of compliance by e-money firms/payment institutions - Arthur Cox LLP).Following on from the Central Bank’s January 2023 Dear CEO letter to payment firms and e-money firms requiring them to carry out an audit of their compliance with safeguarding requirements (read our insights on that letter here