Global Trustee and Fiduciary Services Bite-Sized Issue 11 2025

8 QUICK LINKS AIFMD CBDC CRYPTOASSETS DIGITAL ASSETS FINTECH FSB MIFID/MIFIR (UK) IFR/IFD OPERATIONAL RESILIENCE OUTSOURCING SUSTAINABLE FINANCE/ESG T+1 TOKENISATION ASIA PACIFIC EUROPE NETHERLANDS NORTH AMERICA UNITED KINGDOM Global Trustee and Fiduciary Services Bite-Sized | Issue 11 | 2025 • Whether the firm is testing cyber disruption scenarios that are appropriately severe; • Whether the firm has calibrated its impact tolerance appropriately to mitigate potential impacts to the regulators’ objectives; • To what extent the firm’s stakeholder communication strategy is resilient and fit for purpose during severely disruptive events; and • Whether the firmhas a clear plan for restoring critical data fromback-ups following a cyber-attack, including whether it can rebuild critical applications and core infrastructure, or how it will fail over to a separate environment. The BoE/PRA/FCA conclude by stating that while firms have made good progress, there is still more to be done as the threat landscape continues to rapidly evolve and they encourage firms to consider their investments in resilience capability within the context of the end-to-end response and recovery process. Link to Effective Practices Document here OUTSOURCING ASIC Flags Risks in Offshore Outsourcing After Review Identifies Governance Gaps On 10 October 2025, the Australian Securities and Investments Commission (ASIC) published a media release, calling on financial services entities to strengthen governance and risk management after a review found weaknesses in the use of offshore service providers (OSPs) exposing consumers and investors to potential harm. ASIC says that the review into the use of OSPs by financial advice licensees and responsible entities of registered managed investment schemes found that the quality of risk management arrangements relating to their use varied significantly, with some entities failing to have a framework in place. Australian financial services (AFS) licensees are ultimately responsible for the operation of their businesses, even when they outsource to offshore service providers directly or through an intermediary. AFS licensees should also have sufficient skills to independently identify material risks and to assess an OSP’s performance and ongoing suitability. ASIC says that it will continue to monitor the governance and risk management frameworks of financial services entities, and where necessary, hold them to account for failing to have the right processes in place to protect consumers and investors’ interests. Link to ASIC Article on Review of offshore outsourcing – Financial services advice licensees here Link to ASIC Article on Review of offshore outsourcing – Responsible entities here SUSTAINABLE FINANCE/ESG CFRF: Developing an Approach to Nature Risk in Financial Services On 23 October 2025, the Climate Financial Risk Forum (CFRF) issued publications from its Nature- related Risk Working Group – ‘Developing an Approach to Nature Risk in Financial Services’. In 2024, the CFRF published its first nature paper, which it said was positioned as an introductory guide for banks, insurers, asset managers or asset owners who are embarking on their nature journey. The CFRF explains that this latest publication on nature risk builds on the first nature paper, focusing in particular on the ‘climate-nature’ nexus, which was introduced in the first set of publications. In addition to defining the nexus, the CFRF says that the paper provides: • Examples of reinforcing and dampening climate-nature interactions, demonstrating the materiality of climate to nature and vice versa;