top of page

Built by industry experts with deep experience in compliance and AML 

azakaw colored logo.png

Request a demo

Arrow 6.png

March 2026 Regulatory Update

  • Writer: azakaw
    azakaw
  • 14 minutes ago
  • 9 min read

March 2026 brought a concentrated wave of regulatory activity across the GCC and key international jurisdictions. Virtual assets dominated the agenda, with VARA issuing two significant instruments: a comprehensive AML/CFT circular for licensed VASPs and a new Exchange-Traded Derivatives framework under the Exchange Services Rulebook. The DFSA moved on multiple fronts simultaneously, publishing final legislative amendments effective 1 April 2026 alongside two consultation papers on operational resilience and miscellaneous rule changes. Across the UK, US and EU, regulators published material guidance on operational resilience, crypto asset classification and capital frameworks. For compliance teams managing multiple jurisdictions, the message from March is clear: manual processes will not keep pace. Below is azakaw's summary of the key developments.


Gulf Cooperation Council Regulatory Developments


United Arab Emirates


Dubai Financial Services Authority (DFSA)


  • DFSA Reminds Investors to Exercise Caution During Periods of Heightened Global Tensions

    • The Dubai Financial Services Authority issued a reminder to investors about the importance of exercising caution during periods of elevated geopolitical tension. The communication notes that short-term market volatility, misinformation and phishing attempts can increase in uncertain environments, and urges market participants to verify information from legitimate sources before acting or sharing it online.

Source: DFSA


  • DFSA Notice of Amendments to Legislation — March 2026

    • The DFSA issued final rulemaking instruments following Consultation Paper 169, introducing amendments to its AML module, Fees module and other areas of its regulatory framework. The amendments are subject to phased implementation dates, with key provisions effective from 1 April 2026. All DFSA-authorised firms are expected to update their AML frameworks, policies, procedures and internal controls, and to align with the revised fee structures in advance of the implementation dates.

Source: DFSA


  • DFSA Consultation Paper CP170 — Operational Resilience

    • The DFSA published Consultation Paper 170, proposing enhancements to operational resilience frameworks applicable to DFSA-authorised firms. The proposals are expected to strengthen requirements relating to business continuity, outsourcing and ICT risk management. Firms are encouraged to conduct a gap analysis against current practices and prepare for the anticipated enhancement of resilience obligations. Opportunity exists to provide feedback to the DFSA within the consultation period.

Source: DFSA


  • DFSA Consultation Paper CP171 — Miscellaneous Changes

    • The DFSA released Consultation Paper 171, proposing miscellaneous updates across its regulatory framework. Firms should review the proposals, assess their impact on internal policies and procedures and consider submitting feedback to the DFSA within the consultation period.

Source: DFSA



Virtual Assets Regulatory Authority (VARA)


  • VARA Circular — Implementation of UAE AML/CFT and Proliferation Financing Requirements for Virtual Asset Service Providers (VASPs)

    • The Virtual Assets Regulatory Authority issued a circular informing licensed and authorised VASPs of the implementation of the Executive Regulations issued under Cabinet Resolution No. (134) of 2025, pursuant to Federal Decree-Law No. (10) of 2025 on AML/CFT and Countering the Financing of Proliferation. The circular sets out VARA's supervisory expectations for how VASPs must implement the updated federal AML/CFT framework, including strengthened requirements relating to risk-based financial crime controls, sanctions compliance, suspicious transaction reporting and record-keeping. VASPs are expected to update Business Risk Assessments, CDD and EDD processes, Targeted Financial Sanctions screening controls and record-keeping frameworks, and to ensure updated staff training on AML/CFT and financial crime risk management requirements.

Source: VARA


  • VARA Exchange Services Rulebook — Introduction of ETD Services Framework

    • VARA introduced a comprehensive framework under its Exchange Services Rulebook governing the provision of Exchange-Traded Derivatives (ETD) Services by licensed VASPs. The framework establishes requirements across client suitability, margin and leverage controls, disclosures, risk management, insurance fund mechanisms and operational monitoring, with a strong emphasis on investor protection, particularly for Retail Investors, and market integrity. VASPs must obtain VARA approval prior to offering ETD Services and are required to implement enhanced client suitability assessments, strict margin and leverage frameworks including a 5:1 cap for Retail Investors, Insurance Funds and loss management mechanisms, and strengthened recordkeeping and reporting obligations.

Source: VARA



Bahrain


Central Bank of Bahrain (CBB)


  • CBB Consultation — Proposed Revision to Initial Capital Requirements

    • The Central Bank of Bahrain issued a consultation proposing revisions to initial capital requirements across selected rulebook volumes, affecting financing companies and other regulated entities. Firms should assess the impact on their capital planning and consider submitting feedback to the CBB within the consultation period.

Source: CBB


  • Bahrain's Banking and Financial Sector Confirms Operational Stability and Resilience

    • The Central Bank of Bahrain issued a public statement confirming the resilience and operational continuity of Bahrain's banking and financial sector, and noting ongoing supervisory monitoring. Firms operating in Bahrain should maintain robust business continuity frameworks and remain responsive to supervisory engagement.

Source: CBB



European Union


European Banking Authority (EBA)


  • EBA Publishes Final Guidelines on Instruments for the Capital Endowment Requirement for Third-Country Branches

    • The European Banking Authority published its final Guidelines specifying the types of financial instruments that third-country branches of non-EU credit institutions operating in the EU may use to satisfy their capital endowment requirement under the Capital Requirements Directive (CRD). The Guidelines go beyond cash and government debt to include certain instruments meeting a 0% risk weight under the credit risk standardised approach, and set operational conditions, including liquidity and availability criteria, to ensure such instruments can be deployed in stress, resolution or liquidation scenarios. The Guidelines implement the mandate in Article 48e of the CRD for harmonised capital endowment treatment across EU Member States.

Source: EBA



U.S. Securities and Exchange Commission (SEC) / ESMA


  • SEC Confirms Exemption for Directors and Officers of EEA Foreign Private Issuers

    • The U.S. Securities and Exchange Commission confirmed an exemption for directors and officers of European Economic Area (EEA) foreign private issuers from the obligation to comply with Section 16(a) reporting under the U.S. Securities Exchange Act of 1934. The exemption reflects alignment with the EU's Market Abuse Regulation (MAR), which already imposes comparable disclosure obligations on persons discharging managerial responsibilities. Firms must confirm their eligibility by demonstrating they are subject to substantially similar EU reporting rules. Non-qualifying individuals or issuers must continue to comply with Section 16(a) reporting requirements.

Source: ESMA



United Kingdom


Financial Conduct Authority (FCA)


  • OPBAS Identifies Areas Where AML Supervisors Can Improve

    • The Office for Professional Body Anti-Money Laundering Supervision published its findings on the effectiveness of professional body supervisors overseeing AML compliance in the legal and accountancy sectors. While the report acknowledges progress since 2018, it identifies significant weaknesses in enforcement practices and notes that some supervisors face conflicts of interest arising from their dual role as both membership bodies and regulators. Firms should ensure robust AML compliance frameworks are in place, as supervisory scrutiny and expectations are expected to increase. The FCA is set to assume AML/CTF supervision of these sectors, likely introducing more consistent and potentially stricter oversight.

Source: FCA


  • FCA Confirms New Incident and Third-Party Reporting Rules to Bolster Operational Resilience

    • The Financial Conduct Authority confirmed new rules to improve the clarity, consistency and effectiveness of operational incident and third-party reporting across regulated firms. The rules require firms to provide timely and accurate information on operational incidents and dependencies on third-party service providers, enabling regulators to respond more swiftly to disruptions such as cyberattacks or outages. The initiative follows a period of increasing cyber threats and growing reliance on third-party providers, with over 40% of reported incidents in 2025 involving third parties. Firms have a 12-month implementation period, with the rules effective from 18 March 2027.

Source: FCA



United States


Commodity Futures Trading Commission (CFTC)


  • CFTC Staff Issues Advisory on Prediction Markets

    • The CFTC's Division of Market Oversight issued a staff advisory on prediction markets, focusing on the listing and trading of event contracts on designated contract markets (DCMs). The advisory highlights the rapid growth of prediction markets and reminds DCMs of their obligations under the Commodity Exchange Act and CFTC regulations, including Core Principle 3 on preventing manipulation, product submission requirements and specific considerations relevant to sports-related event contracts. Affected entities should review listing practices, product governance frameworks and surveillance controls to ensure compliance with CFTC requirements.

Source: CFTC



Federal Reserve / FDIC / OCC


  • Federal Reserve, FDIC and OCC Clarify Capital Treatment of Tokenized Securities

    • The Federal Reserve, together with the FDIC and OCC, issued a joint release providing FAQs to clarify the regulatory capital treatment of tokenized securities. Tokenized securities, where ownership rights are represented using distributed ledger technology, are to receive the same capital treatment as their non-tokenized equivalents under existing capital rules. The agencies emphasised that the capital framework is technology-neutral, meaning the method of issuance or transaction does not alter regulatory capital requirements. Institutions must ensure exposures to tokenized securities are treated consistently with existing rules applicable to traditional securities.

Source: FED



Office of the Comptroller of the Currency (OCC)


  • OCC Issues Final Rules to Reduce Regulatory Burden for Community Banks

    • The OCC announced two final rules intended to reduce regulatory burden for community banks. The first rescinds the OCC's Fair Housing Home Loan Data System regulation, removing largely duplicative home-loan application data collection requirements applicable to national banks. The second simplifies licensing requirements for corporate activities and transactions involving national banks and federal savings associations with less than USD 30 billion in total assets, broadening eligibility for expedited or reduced filing procedures and introducing a new definition of covered community bank or covered community savings association.

Source: OCC


  • OCC Proposes Revised Regulatory Capital: Standardised Approach for Risk-Weighted Assets

    • The OCC, together with the Federal Reserve and FDIC, issued a joint notice of proposed rulemaking to revise regulatory capital requirements applicable to banking organisations subject to the U.S. Standardised Approach that are not Category I or II banking organisations. The proposed revisions are intended to improve risk-weighted asset calculations to better reflect the risks of firms' exposures and support more effective supervisory and market assessments of capital adequacy. A separate proposal for a new expanded risk-based approach for Category I and II banking organisations was issued concurrently. The comment period closes 18 June 2026.

Source: OCC


  • OCC Rescinds Recovery Planning Guidelines for Certain Large Insured National Banks

    • The OCC issued a final rule rescinding its recovery planning guidelines in 12 CFR 30, appendix E, for certain large insured national banks, federal savings associations and federal branches. The final rule also rescinds the Recovery Planning booklet of the Comptroller's Handbook and earlier recovery planning bulletins. The rule does not affect banks with less than USD 100 billion in average total consolidated assets. The OCC continues to expect all supervised institutions to maintain appropriate risk management processes and contingency planning. The rule becomes effective 30 days after publication in the Federal Register.

Source: OCC



U.S. Securities and Exchange Commission (SEC)


  • SEC Clarifies Application of Federal Securities Laws to Crypto Assets

    • The SEC issued an interpretive release clarifying how federal securities laws apply to certain crypto assets and related transactions, including airdrops, protocol mining, staking and asset wrapping. The guidance introduces a clearer taxonomy for crypto assets, including digital commodities, collectibles, tools, stablecoins and digital securities, and explains when a crypto asset may be subject to an investment contract under securities laws and when it may cease to be so. The interpretation reflects coordination with the CFTC. Firms dealing in crypto assets must reassess classification frameworks, disclosure practices and compliance obligations.

Source: SEC



Asia-Pacific Regulatory Develpments


India


  • SEBI Issues Enhanced Regulatory Reporting Requirements for Alternative Investment Funds

    • The Securities and Exchange Board of India issued a circular mandating enhanced regulatory reporting requirements for Alternative Investment Funds (AIFs), including standardised formats and submission timelines. Affected firms must update reporting systems, ensure timely submission in line with the new requirements and align internal data governance processes accordingly.

Source: SEBI



Singapore


  • MAS Sets Supervisory Expectations on Financial Institutions for Transition Planning Practices in Addressing Environmental Risk

    • The Monetary Authority of Singapore issued Guidelines on Transition Planning to help financial institutions manage risks and opportunities arising from the transition to a low-carbon economy. The guidelines set out supervisory expectations for integrating climate-related considerations into strategy, risk management and governance, including scenario analysis and transition pathways. Financial institutions must incorporate transition planning into enterprise risk management, including identifying climate transition risks relating to policy, technology and market shifts, and embedding them into risk appetite, capital planning and stress testing.

Source: MAS



Africa


South Africa


  • Prudential Authority Issues Proposed Directive BA501 — Reporting Requirements for Securitisation Vehicles

    • The Prudential Authority issued a proposed directive (BA501) introducing enhanced reporting and disclosure requirements relating to securitisation vehicles. The directive is intended to improve the PA's visibility into risks associated with securitisation structures, drawing on lessons from the global financial crisis. Banks, securitisation vehicles, originators, sponsors and other financial institutions involved in securitisation transactions should assess new reporting obligations and prepare to enhance data collection, risk reporting and governance processes.

Source: PA


  • FIC Issues Guidance on Implementation of the Travel Rule for Crypto Asset Transfers

    • The Financial Intelligence Centre issued Public Compliance Communication (PCC) 61 of 2026, providing guidance to accountable institutions, specifically Crypto Asset Service Providers (CASPs) and Financial Service Provider CASPs, on implementing the Travel Rule under Directive 9 of 2024, which came into effect on 30 April 2025. The Travel Rule, aligned with FATF Recommendation 16, requires that specified information about the originator and beneficiary accompanies crypto asset transfers. Affected institutions must ensure full implementation, including collection, verification, transmission and record-keeping of originator and beneficiary information for both domestic and cross-border crypto asset transfers. Firms should review and update their risk management and compliance programmes, systems and operational processes accordingly.

Source: FIC



At azakaw, we stay ahead of regulatory change so you can stay ahead of risk.


From digital onboarding to transaction monitoring, our tools are built to adapt — fast. If you're navigating shifting compliance expectations across VASPs, financial services, or corporate structures, our technology can help translate requirements into workflows that work.


Looking to future-proof your compliance operations?


Speak to our team today → Here

 
 
bottom of page