Global Trustee and Fiduciary Services Bite-Sized Issue 6 2026

11 AIFMD CRYPTOASSETS FINTECH FSB IOSCO MIFID II/MIFIR MONEY MARKET FUNDS OPERATIONAL RESILIENCE SUSTAINABLE FINANCE/ESG T+1 ASIA PACIFIC EUROPE LUXEMBOURG NORTH AMERICA UNITED KINGDOM Global Trustee and Fiduciary Services Bite-Sized | Issue 6 | 2026 Quick LInks ASIC is urging entities to take the following steps now: • Reassess plans and refocus efforts on the most critical risks in today’s threat environment; • Confirm cyber risk, governance and overall risk and decision-making frameworks consider the cumulative impact of interrelated vulnerabilities and facilitate clear decision making and escalation at the pace necessary to manage risk; • Identify and protect critical assets and systems , with a clear understanding of what matters most to the business and customers; • Strengthen cyber security fundamentals by regularly reviewing and validating core controls; • Minimise attack surfaces by reducing exposure of systems and services to untrusted networks; • Regularly review user access and reassess privileges , to protect against unauthorised access. Insider threats are increasing and entities should monitor for warning signs and act to restrict access where concerns are identified; • Patch systems promptly , recognising that AI is accelerating vulnerability discovery and exploitation; • Review and strengthen patch management processes, considering challenges daily patching may present to identification, testing, and governance of critical updates; • Implement layered, defence-in-depth architectures that assume breach and restrict lateral movement; • Prepare for incident response by maintaining and exercising incident response plans and playbooks including business continuity plans and identification of highest priority services, channels and platforms; • Actively manage third-party risks , particularly where services introduce concentration or systemic exposure; and • Use AI for defensive purposes, where appropriate , including identifying vulnerabilities and securing software before release. ASIC says that entities are required to table the letter at their ultimate board and risk governance committees. ASIC says all ASIC-regulated entities should use practical guidance from trusted sources to strengthen cyber defences, including the Australian Signals Directorate (ASD). ASIC also encourages the use of the Australian Government’s free and anonymous Cyber Health Check, which provides a tailored action plan with simple, actionable steps to improve cyber security. ASIC says it will continue to work closely with other regulators, agencies and industry to monitor cyber risks and promote consistent expectations across the financial system. Link to Open Letter to Industry here SUSTAINABLE FINANCE/ESG SEC Proposes Rescission of Climate-Related Disclosure Rules On 29 May 2026, the Securities and Exchange Commission (SEC) proposed the rescission of what it describes as overly burdensome and costly rules that would require companies to provide certain climate-related information in their registration statements and annual reports. The SEC says that its proposal focuses on returning the agency to its core mandate – in line with its legal authority – and restoring a materiality-focused approach to securities regulation. In its press release, the SEC says that in March 2024 it approved amendments to its rules under the Securities Act of 1933 and Securities Exchange Act of 1934 to mandate highly specific and granular disclosure from virtually all public companies about climate-related matters such as greenhouse gas emissions, management of climate-related risks, and the financial statement effects of severe weather events.