Global Trustee and Fiduciary Services Bite-Sized Issue 5 2026

4 QUICK LINKS AI CRYPTOASSETS CYBER EMIR FINTECH FUND LIQUIDITY MICA SUSTAINABLE FINANCE/ESG T+1 ASIA PACIFIC EUROPE IRELAND NORTH AMERICA UNITED KINGDOM Global Trustee and Fiduciary Services Bite-Sized | Issue 5 | 2026 CYBER FCA Cyber Coordination Group Insights 2025 On the 24 April 2026, the UK Financial Conduct Authority (FCA) published a summary of discussions held throughout 2025 with industry members of its Cyber Coordination Group (CCG) programme. The FCA says that CCGmembers shared cyber resilience insights on three topics: • Incident response practices and recovery at scale; • Implications for cyber security of AI, quantum computing, and other emerging technology; and • Insider risk management. The FCA explains that in publishing this summary, it is not introducing any additional regulatory expectations – the FCA says that it is making these insights available so that firms can consider them in the context of the FCA’s existing expectations, learn from others, and strengthen their cyber resilience capabilities. FCA Insights Summary: Prepare senior managers for incident response . Active and sustained involvement from senior management in incident response exercises and testing materially improves organisational decision-making, clarity of communications, and confidence during live incidents. Develop testing approach to strengthen preparedness . Robust testing – especially in live and sandbox environments – reveals operational nuances that tabletop exercises miss, strengthening preparedness for severe but plausible incident scenarios. Be clear with third parties on roles and expectations . Effective third-party engagement remains essential yet challenging. Members emphasised the need for clearer contractual obligations, stronger supply chain transparency (especially around AI), and including key suppliers in response and recovery testing. This avoids priorities misaligning during a crisis. Build emerging technologies into your risk framework . AI adoption and post-quantum cryptography migration need to be embedded within existing risk frameworks, supported by strong cryptographic hygiene and risk-based prioritisation, to manage transition challenges. Managing insider risk . Insider risk management is most effective when considered enterprise- wide, combining behavioural analytics; strong access management; and clear, trust-building communication. However, remaining conscious of privacy obligations, monitoring complexity, and differing jurisdictional rules and laws are often important considerations to navigate. Link to CCG Insights 2025 here EMIR ESMA Launches its Sixth Stress Test Exercise for Central Counterparties On 30 April 2026, the European Securities and Markets Authority (ESMA) launched its sixth stress test exercise for Central Counterparties (CCPs). The CCP stress test framework drafted by ESMA for the purpose of this exercise is supported by an adverse market scenario provided by the European Systemic Risk Board (ESRB). Mandated under the European Market Infrastructure Regulation (EMIR), the stress test aims to assess the resilience of CCPs to adverse market developments and identify any potential shortcomings. ESMA’s supervisory stress tests complement those run daily by individual CCPs by assessing the system-wide implications of potential member defaults and market shocks. Components of the test framework ESMA says that this year’s exercise further develops its framework by introducing enhanced methodologies and expanding the analytical scope. Developed in cooperation with National Competent Authorities (NCAs) and the ESRB, the framework covers: