When the EU’s landmark Markets in Crypto-Assets Regulation (MiCA) took effect at the end of 2024, it was meant to bring order and credibility to a sector long defined by volatility and uneven rules. Less than a year later, three of Europe’s top financial watchdogs are warning that the job is far from finished.
Australia and New Zealand Banking Group Limited (ANZ) has admitted to years of widespread misconduct, including unconscionable conduct in dealings with the Australian Government, mishandling customer hardship cases, misleading interest rate promises, and charging fees to deceased customers. The bank now faces proposed penalties of $156 million (AUD 240 million), subject to approval by the Federal Court.
The European Union’s competition commissioner Teresa Ribera has made clear that Brussels won’t be softening its stance on antitrust enforcement, even as it tests a new balance between headline-grabbing fines and quieter negotiations with multinational companies.
The European Data Protection Board (EDPB) has adopted its first set of guidelines clarifying how the EU’s General Data Protection Regulation (GDPR) aligns with obligations under the Digital Services Act (DSA). The move marks a significant step in creating a coherent digital rulebook across the European Union.
At FINSIA’s The Regulators event in Sydney on 12 September, Australian Securities and Investments Commission (ASIC) Commissioner Simone Constant discussed the importance of simplicity in compliance during uncertain times.
Corporate attention to risk has never been higher, but preparedness has not kept pace. EY’s 2025 Global Risk Transformation Study reveals that while earnings calls are increasingly filled with references to today’s unpredictable climate, 73% of organizations admit they lack preparations to manage it.
Privacy regulators in California, Colorado, and Connecticut are tightening the screws on companies that still aren’t getting the message. The California Privacy Protection Agency (CPPA) joined with the Attorney Generals of California, Conneticut, and Colorado states in announcing a joint sweep of businesses suspected of ignoring Global Privacy Control (GPC) signals, the simple browser setting that tells companies to stop selling or sharing a consumer’s personal information.