Global Trustee and Fiduciary Services Bite-Sized Issue 4 2026

10 QUICK LINKS CMU CONDUCT CRYPTO ASSETS EMIR FINTECH FUND LIQUIDITY IOSCO OPERATIONAL RESILIENCE SUSTAINABLE FINANCE/ESG T+1 ASIA EUROPE LUXEMBOURG NORTH AMERICA UNITED KINGDOM Global Trustee and Fiduciary Services Bite-Sized | Issue 4 | 2026 Building on IOSCO’s Targeted Implementation Review on Principles for the Regulation and Supervision of Commodity Derivatives Markets, and informed by engagement with exchanges, market participants and trade associations, the report proposes a set of good practices. Comments may be submitted on or before 19 June 2026 . Link to Consultation Report here OPERATIONAL RESILIENCE Operational Resilience: Insights and Observations One Year On On 27 March 2026, the UK Financial Conduct Authority (FCA) published a webpage detailing good and poor practices it had observed from firms’ self-assessments, with the intention of helping firms review and evolve their approach to operational resilience. The FCA says that, overall, firms had done a significant amount of work to strengthen their operational resilience and gain assurance that in the event of a severe but plausible disruption, they could recover important business services within impact tolerances. The FCA says it has seen strong engagement and good progress across all areas of the operational resilience requirements. The areas covered by the good and poor practices observed include: • Important business services and impact tolerances; • Mapping resources; • Scenario testing; • Vulnerability management; • Communications policy; and • Governance. Link toWebpage here FCA Confirms New Incident and Third-party Rules to Bolster Resilience On 18 March 2026, the FCA confirmed new rules to make existing incident and third-party reporting clearer, more consistent, and easier for firms to follow. These new rules are intended to help the FCA respond quickly to disruption such as a cyber attack or power outage, give firms greater certainty on what to report and when and strengthen firm resilience to better protect consumers and markets. For both the incident and third party reporting final rules, the FCA said it had: • Created a simple, streamlined reporting regime with the Prudential Regulation Authority and Bank of England including a single reporting portal; • Removed duplicative incident reporting for payment service providers and credit rating agencies; • Refined the overall information required, allowing most of the firms it solo regulates to complete a short form to tell it about their incident; and • Added clearer guidance on thresholds, definitions and responsibilities. The FCA said that, over time, it will use this data to share insights and trends to help firms bolster their operational resilience and share relevant information with industry, where appropriate during widespread disruption, particularly in stressed market conditions. Also, where disruption occurs at a third party, the data will help the see through firms’ supply chains to identify which services are the most exposed and help it identify potential critical third parties to the UK financial system.