Regulatory Compliance in Finance

Should regulators certify agents like pilots or doctors? Doctors and pilots can’t take a single step without a license. Yet AI agents, increasingly making medical judgments or piloting decisions in simulations, face zero checks. That contrast keeps me up at night. I’ll be honest: I use AI every single day. It makes me faster, smarter, and more productive. But here’s the thought that gnaws at me: if my AI agent makes a mistake, do I own it? Or does no one? That gap—between power and accountability—is what worries me most. Licensing is more than bureaucracy. It’s a social contract. → A pilot’s license means: “You can trust me to carry 200 lives safely.” → A doctor’s license means: “You can trust me to act in your best interest.” → But when an AI agent makes a decision, who signs that contract? Here’s the deeper challenge people overlook: AI doesn’t stand still. A doctor retrains every few years. A pilot re-certifies on new aircraft types. An AI agent changes with every update, every dataset, every fine-tune. That means a license can’t be a one-time stamp. It has to be continuous, dynamic, evolving. Otherwise, yesterday’s “safe” agent could be tomorrow’s liability. In my opinion, here’s the only way forward: ✅ Extend human licenses in high-stakes domains. A doctor can vouch for their medical AI. A pilot can vouch for their cockpit assistant. Accountability flows through them. ✅ Require continuous certification of agents—not every decade, but every update. ✅ Guarantee human override. People must always have the right to say: “I want a human.” For me, this isn’t about slowing progress. It’s about protecting trust—the one currency we can’t afford to lose in the agentic era. Do we copy old licensing systems, or invent a new, living framework for AI accountability? #AI #Leadership #AIagents #FutureOfWork #Regulation #Ethics

One of the first mistakes I made when launching my first regulated business was delegating compliance. I started with TransferTo, a mobile micro value transfer service, which wasn’t regulated. Eventually, TransferTo split into two branches (now DT One and Thunes), with the new branch handling actual money transfers that required regulatory compliance. At that time, I thought, "I'll hire a Chief Compliance Officer and let them set up the function," just as I did with marketing or tech. That was a mistake. I faced significant challenges in opening a bank account because I hadn't fully mastered my processes. I also had a hard time communicating with my compliance officer. I didn't have the words or the right codes. Regulatory compliance is ultimately the responsibility of the company and its leadership—it cannot be outsourced. As a CEO, I believe it's essential to make the effort to understand it because the risks for the company are too significant. The least severe risk is a fine. The moderate risk is a suspension of the license. The most severe risk is revocation, or even imprisonment. To effectively manage these risks, I believe it's the CEO's duty to establish the compliance framework. Get your hands dirty. Understand the mechanics. Then, the Chief Compliance Officer can execute your plan. And this is exactly what regulators expect. The CEO's ability to manage compliance is one of the key aspects they evaluate when you apply for a licence. They don't require you to know how to code, but they do expect you to fully understand your company's compliance. If I have one piece of advice for a fintech entrepreneur: invest in compliance. The stakes are too high. As a startup, it could destroy your business. As a scale-up, it could strongly hinder your growth.

😱 A U.S. VC fund with only $120M under management was just fined $216M for violating sanctions — potentially wiping out the investments of all its LPs. This is GVA Capital, and we need to talk about why this is such a big deal for both GPs and LPs. What happened: From 2018 to 2021, GVA Capital — based in San Francisco and domiciled in the Cayman Islands — knowingly handled tens of millions for sanctioned Russian oligarch Suleiman Kerimov. Even after Kerimov was blacklisted, they allegedly routed investments through his nephew as a proxy. The U.S. Treasury called this a “blatant violation of sanctions law” and hit the firm with a $216M penalty... nearly DOUBLE its AUM. This means almost certain ⚰️ for the firm. Once tied to sanctions violations, raising future funds becomes nearly impossible. What this means for LPs invested in GVA Capital: 💸 Massive Capital Erosion – A $216M fine against a $120M fund means there’s not enough money in the pot. LPs could see their capital essentially wiped. 🚫 Liquidity & Operations Risk – Paying the fine could choke off cash flow for follow-ons, operations, and distributions. 📉 Regulatory Compliance Exposure – Being an LP in a fund tied to sanctioned individuals can create your own compliance headaches — especially for institutional investors. Why this matters for GPs: 🔸 Compliance infrastructure is a non-negotiable. Basic AML/sanctions screening isn’t optional; it’s the foundation that prevents fund-destroying penalties. 🔸 Fund ops, AML, and sanctions screening should be institutional-grade from day one, regardless of fund size. 🔸 Weak operational discipline can undo years of portfolio work in a single enforcement action. Why this matters for LPs: 🔸 Limited liability doesn’t protect investment value. While your personal assets are safe, your committed capital can still be completely wiped out by GP misconduct. 🔸 Always diligence how a fund operates, not just what it invests in. 🔸 Know the back-office provider. Audit AML, sanctions screening, and regulatory compliance processes. Great deal flow means nothing if your compliance foundation is weak. One preventable mistake in the back office can end your career before Fund I is even fully deployed. Institutional-grade compliance isn’t a “nice to have.” It’s the cost of admission if you want to survive in this industry.   —   ✍️ Myrto Lalacos Follow for more on launching, running, and investing in VC firms.

Scoop: Piermont Bank is exiting its relationship with Banking-as-a-Service platform Unit, but is seeking to keep some fintech clients the two shared, sources with direct knowledge tell me: Piermont will be the 3rd bank partner Unit has lost, following Blue Ridge Bank and Choice Bank, though Unit had minimal activity through Choice. The news comes as US bank regulators make increasingly clear that they expect banks engaged in BaaS business models to have DIRECT visibility, oversight, and responsibility of their third-party fintech partners. The recent consent order Lineage Bank reached with the FDIC reinforces that bank executive management *and* their boards need to monitor what's happening with their BaaS and fintech partners at a fairly granular level, with the order specifically mentioning activity in "FBO" accounts and ACH transactions. It has quickly become conventional wisdom that "intermediated models," where a non-bank third party sits between banks and customer-facing fintechs and takes some level of responsibility for program management and compliance, are just not workable in the current climate. Some players in the middleware space are already moving to adapt to this reality. For example, alongside its recent significant layoffs, Treasury Prime announced a strategic re-alignment from selling BaaS services to FINTECHS and matching them with a partner bank in its network to a focus on selling software to BANKS that enables them to work directly with fintechs. Unit hasn't made any similar public announcement as of yet, but is undoubtedly aware of and working with its bank and fintech partners to respond to the shifting regulatory environment. #breakingnews #banking #fintechnews

75% of economic losses from natural catastrophes in Europe are uninsured. Last week, European Insurance and Occupational Pensions Authority (EIOPA) and the ESM - European Stability Mechanism publicly called for a European natcat insurance pool and backstop. This is much needed. The numbers that prompted this proposal are stark. European natcat costs have more than doubled in a decade, from €17.8bn to €44.5bn per year. Only 17% of European households are covered for natcat damage. In some EU countries, it’s less than 5%. When insurance retreats, the adverse effects pile up: mortgages become unavailable, reconstruction stalls, governments absorb costs they cannot sustain and the most vulnerable bear the heaviest burden. Without decisive action, climate risk might not remain insurable at all. The German Insurance Association recently warned that property insurance premiums could double within a decade due to climate‑driven claims. If coverage becomes unaffordable, or unavailable altogether, markets won't just reprice. They might shut down. The EIOPA/ESM proposal would help avoid that. Pooling risks across countries and perils would reduce the protection gap and increase resilience. The backstop would operate through loans, not grants, making it fiscally neutral by design. But there is no logic in mutualising the costs of climate disasters while continuing to finance their causes. Insurers who access such public support should maintain coverage in high-risk areas, co-invest in prevention, support build-back-better reconstruction and align their portfolios with credible transition plans. Risk-based pricing must remain the backbone, but paired with mechanisms that protect households and SMEs from unaffordable premiums during the transition. Adaptation must be rewarded. Nature-based solutions that reduce physical risk at source must be part of the equation. We should all – regulators, the insurance industry and civil society – work together to refine and implement this. It could be transformative.

The world isn’t ready for what’s coming next in sustainability data. We’re quietly living through the creation of a financial infrastructure for sustainability—and it’s happening faster than most realize. Over 2,000 sustainability regulations have emerged globally in the past decade, with a 155% surge in ESG-related rules since 2018. This isn’t just about compliance—it’s a fundamental shift in how we define value, risk, and performance. What’s driving it? • EU: CSRD & ESRS will impact over 50,000 companies, embedding double materiality. • India: BRSR Core is mandatory for top 1,000 listed firms. • China: CSDS expands carbon reporting in high-impact sectors. • California: SB 253/261 reshape U.S. climate disclosures. • Australia: AASB S2 aligns with IFRS S2, effective in 2025. • Brazil: CVM 193 adopts IFRS-aligned sustainability standards. • And more: Japan, Canada, Singapore, Nigeria, Turkey—all aligning with global standads. We’ve entered a phase where climate, nature, and transition risks are becoming embedded in financial decision-making—from underwriting and M&A to risk pricing and insurance modeling. In the real estate sector, GRESB has made third-party verified performance data (GHG, energy, water, waste) a best practice. ESG metrics are now more embedded in due diligence for loans, equity, and new acquisitions. Yes, today’s data is often backward-looking. And yes, we still need science-based thresholds and stronger assurance. But this foundational work is what allows us to get there. Without reliable, standardized, machine-readable data, we can’t scale action, track progress, or hold anyone accountable. Just as GAAP and IFRS created trust in financial markets, IFRS S1/S2, CSRD, and the GHG Protocol are setting the stage for credible, comparable sustainability data. It will not be a “parallel system.” in the future. We are building the groundwork for full integration into the global financial system. This shift will transform: • How we price risk • How capital is allocated • How resilient companies are rewarded • How we define long-term value creation It’s messy. It’s political. It’s imperfect. But it’s also historic. If you’re in this space, you’re not just reporting data—you’re helping build a new operating system for business and capital markets. One that rewards transparency, resilience, and climate alignment. Let’s keep building—with more rigor, more ambition, and more impact.

The Financial Action Task Force (FATF) has released its Updated Recommendations (February 2025), reinforcing international standards on AML, CFT, and Combating the Financing of Proliferation (CFP). Key Highlights: ✅ Risk-Based Approach (RBA) Strengthened • Countries and financial institutions must continuously assess ML/TF risks. • Proliferation financing risks (linked to WMDs) must now be explicitly assessed and mitigated. • Greater emphasis on data-driven decision-making in risk management. ✅ Stronger Financial Crime Enforcement & Asset Recovery • Enhanced measures to identify, freeze, and confiscate illicit assets, even without conviction-based legal proceedings. • Countries must cooperate more effectively on cross-border investigations related to ML, terrorism, and sanctions evasion. • Expanded legal mandates for regulators to seize cryptocurrency-related assets used for illicit activities. ✅ Enhanced Corporate Transparency & Beneficial Ownership Regulations • Stricter disclosure requirements for companies and trusts to prevent anonymous ownership structures facilitating financial crime. • Introduction of centralized registries for beneficial ownership information, accessible by regulators and FIUs. • Bearer shares and nominee shareholder arrangements are further restricted due to their role in obfuscating ownership. ✅ New Standards for Virtual Assets & Emerging Technologies • FATF mandates stronger oversight on VASPs, aligning AML rules for crypto-assets with traditional financial institutions. • New tech-based compliance controls (including AI-driven monitoring) recommended to enhance financial crime detection. • Stricter regulations for cross-border virtual asset transactions to combat illicit financing and crypto-enabled ML. ✅ Expanded Measures Against Terrorist Financing & Sanctions Evasion • Countries must implement targeted financial sanctions to prevent terrorism and WMD proliferation financing. • NPOS are now required to assess their terrorist financing risks while ensuring legitimate operations are not disrupted. • Greater scrutiny on correspondent banking relationships to prevent facilitation of illicit transactions. ✅ Increased International Cooperation & Mutual Legal Assistance • FATF calls for faster cross-border financial intelligence sharing to prevent criminals from exploiting jurisdictional gaps. • Countries must align with UNSCRs on CTF and sanctions enforcement. Recommandations: 🔹 Implement advanced transaction monitoring using AI to detect suspicious financial activities more effectively. 🔹 Reinforce beneficial ownership compliance 🔹 Strengthen cross-border AML/CFT coordination by fostering partnerships between FIs, regulators, and law enforcement agencies. 🔹 Ensure robust oversight on virtual assets by applying FATF’s Travel Rule to cryptocurrency transactions and monitoring DeFi risks. #AML #FATF #FinancialCrime #Compliance #CryptoRegulation

The European Council unanimously approved the new ESG ratings regulation. This was the final legal step. The regulation will now be published and then apply 18 months after publication (so in 2026). 1️⃣ ESG rating providers will be authorised and supervised by the European Securities and Markets Authority (ESMA) and must comply with transparency requirements, as a minimum disclosing "the methodology, models, and key rating assumptions." 2️⃣ Rating providers' different business activities need to be separated, but regulators leave a backdoor open: no separate legal entities need to be created if raters can show that activities are separated and no conflicts of interest exist. 3️⃣ Separate E, S, and G ratings should be provided. If a single ESG rating is provided, rating providers need to disclose the rate and weight attributed to each dimension. 4️⃣ If ESMA finds that a rater has intentionally or negligently infringed the Regulation, it should adopt a fine (max 10% of total annual net turnover). At the same time, the UK regulator has also released and updated draft legislation to regulate ESG ratings. Good to see that the market, which some described as the "Wild West", is getting some more transparency requirements... === EU Regulation (final text): https://lnkd.in/dU-PbiiG UK Regulation (draft text): https://lnkd.in/duQRJc-G #sustainability, #esg, #sustainablefinance

To all insurance brokers: As you may be aware, many insurers, particularly the PSU General Insurers, are only giving the schedule of the policy but not the full wording including clauses and endorsements. Brokers may also not be insisting for the full wordings and sending only the policy schedule to the insureds. As per Supreme Court judgement in Texco Marketing vs TATA AIG , insurers cannot rely on exclusions not disclosed to the insured to deny liability.   While it is the primary duty of the insurer to supply the policy wording, the brokers also should obtain from the insurers, the full policy wording where it is not sent by them. If a repudiation of claim on account of non disclosure of policy terms due to non supply of wordings go to the court, there can be allegation of contributory negligence on the broker's part also. Insurers can always plead that they do not deal with the insured directly in an intermediated business and therefore, the broker should have endeavored to fulfil the requirement of supplying the full policy wording to the insured, rather than doing just a post office job. There can also be a danger of allegation of breach of code of conduct on the broker's part. It would be good practice not to send just the policy schedule as obtained from the insurer, but the entire set including the wordings.  

New SFDR updates in under 90 seconds below! The EU Commission's Final Proposal is a hard reset of the Sustainable Finance Disclosure Regulation (SFDR). We put together the table below and this summary to let you know what the new articles say. If you advise clients, run funds, or sit in risk/compliance, these changes will shape your 2027–2028 strategy. Here are the new SFDR product categories: 1. Article 7 — Transition -For products backing companies/projects on a credible transition path. -70% of the portfolio must support the transition objective. -Partial Paris-Aligned Benchmark exclusions apply. -Product-level PAI disclosures required. -May use the word “impact” if criteria are met. 2. Article 8 — ESG Basics -Integrates ESG beyond risk management, but without transition or sustainability objectives. -Requires 70% alignment with the stated ESG strategy. -Limited exclusions. -No PAI requirement at product level. -Much narrower than today’s Article 8. 3. Article 9 — Sustainable Features -For products investing in already sustainable assets or pursuing a sustainability objective. -70% sustainable alignment required. -EU Taxonomy ≥15% counts as meeting the 70% test. -Full PAB exclusions, including strict fossil-fuel limits. -PAI disclosures + extra reporting for impact funds. 4. Article 9a — Mixed Products -For portfolios blending Article 7 and Article 9 approaches across asset classes. -Still must meet the 70% threshold using Article 9 criteria. -Not a new label—more a structural option for multi-asset strategies. 5. Article 6a — ESG-Uncategorised Products -Cannot use ESG wording in names. -Any sustainability statements must be minimal and secondary (<10% of strategy description). -Designed to eliminate ESG-lite positioning. What this all means: No grandfathering. No professional-investor opt-outs. The old Article 8/9 system will go away. Disclosures will be simpler, but product requirements will be sharper and more rule-based. Private markets will get clarity on ramp-up periods. The legislative process will take 12–18 months, followed by a transition period. We are helping investors navigate these new requirements and stay ahead of the curve. Get in touch for our full analysis on SFDR and to learn more! #sfdr #EU #sustainablefinance #investors