Global Trustee and Fiduciary Services Bite-Sized Issue 9 2025

3 QUICK LINKS CRYPTOASSETS CYBERSECURITY EMIR (UK) FINTECH MIFID/MIFIR (UK) SUSTAINABLE FINANCE/ESG T+1 ASIA PACIFIC AUSTRALIA EUROPE LUXEMBOURG NORTH AMERICA UNITED KINGDOM Global Trustee and Fiduciary Services Bite-Sized | Issue 9 | 2025 CYBERSECURITY FCA Cyber Coordination Group Insights 2024 On 14 August 2025, the Financial Conduct Authority (FCA) published its FCA Cyber Coordination Group Insights 2024, which summarises discussions held throughout 2024 with industry members of the FCA’s Cyber Coordination Group (CCG) programme. The FCA says that it is sharing the cyber resilience insights members raised, which focused on three key topics: • The reconnection framework and third-party management; • Threat and vulnerability management and threat-led penetration testing; and • AI and other emerging technologies, including quantum computing. The FCA explains that this publication does not introduce any additional regulatory expectations and that it is making these insights widely available so that firms can consider them, within the context of the FCA’s existing expectations, to learn from other firms and to help strengthen their cyber resilience capabilities. By way of summary, the FCA says that the following are likely to be of particular interest to firms: 1. Threat-led penetration testing is an extremely effective tool for identifying previously-unknown cyber vulnerabilities; 2. The threat from combined non-critical vulnerabilities can potentially cause as much, or more, harm than a single critical vulnerability; 3. Legacy technologies, especially end-of-life systems, should have effective security risk management, as with any other system; 4. Cross-industry information sharing forums, such as the Cross Market Operational Resilience Group or the Financial Services Information Sharing and Analysis Centre, can be highly effective in enabling collective communication with third-party suppliers during significant outages; and 5. Implementing AI into cyber domains without taking steps to fully understand all potential impacts can lead to increased exposure to new or unidentified risks. Link to FCA Cyber Coordination Group Insights 2024 here EMIR (UK) Derivative Reporting Requirements Under UK EMIR: Additional Draft Q&As On 8 August 2025, the Financial Conduct Authority (FCA), alongside the Bank of England (BoE), published a request for feedback on additional draft guidance for counterparties reporting under the revised UK European Market Infrastructure Regulation (UK EMIR) Article 9 reporting requirements. The FCA states that derivatives data reported under Article 9 of UK EMIR provides transparency to it (and the BoE) of the UK derivatives market for systemic risk and financial stability monitoring purposes. It is important the data to which the FCA has access is complete, accurate, reported consistently and on time to ensure the FCA can fulfil its financial stability objectives and to promote the safety and soundness of regulated firms. To support firms’ reporting, the FCA and the BoE have shared guidance in the form of Q&As and are now seeking feedback on two additional draft Q&As. These are: • 4.1.4: When is it acceptable to report with a technical ISIN? • 11.7: How should a ‘FX swap’ be reported?