Skip to main content

Compliance industry news

The latest developments in compliance, AML, KYC, and RegTech — curated by WIDTH. Regulatory updates, enforcement actions, industry recognition, and notable announcements.

Regulation

UAE overhauls capital markets framework and expands oversight of virtual assets

The UAE has introduced one of its most significant financial regulatory reforms in recent years, replacing the Securities and Commodities Authority (SCA) with the new Capital Market Authority (CMA) under Federal Decree-Laws 32 and 33 of 2025.

The reforms, effective from 1 January 2026, bring virtual assets formally within the federal capital markets framework while significantly increasing regulatory enforcement powers. Administrative penalties can now reach AED 200 million, and a new recovery and resolution regime has been established for regulated entities.

The overhaul reflects the UAE’s ambition to strengthen investor protection while creating a more comprehensive framework for emerging financial products and digital assets.

Why it matters: The inclusion of virtual assets under federal capital markets regulation signals increasing regulatory convergence between traditional finance and digital asset markets.
Compliance takeaway: Financial institutions, virtual asset providers and market participants operating in the UAE should assess their licensing, governance and risk management frameworks ahead of the 1 January 2027 transition deadline.
UAE Virtual Assets Capital Markets Regulatory Reform Compliance
Crypto / KYT

HKMA grants Hong Kong’s first stablecoin issuer licences

The Hong Kong Monetary Authority (HKMA) has issued the territory’s first stablecoin issuer licences to HSBC and Anchorpoint under the new Stablecoins Ordinance.

The licences were awarded from a pool of 36 sandbox applicants and establish a formal regulatory pathway for stablecoin issuance in Hong Kong. Licensed issuers must maintain high-quality reserves on a one-to-one basis, operate through locally incorporated entities and provide robust redemption rights for users.

The decision marks a major milestone in Hong Kong’s digital asset strategy and positions the city as one of the first major financial centres to establish a dedicated stablecoin licensing framework.

Why it matters: Stablecoins are increasingly becoming part of mainstream financial infrastructure, driving demand for stronger regulatory oversight and consumer protection.
Compliance takeaway: Digital asset firms should expect increasing scrutiny around reserve management, governance, disclosures and redemption mechanisms as stablecoin regulation matures globally.
Stablecoins HKMA Digital Assets Hong Kong Crypto Regulation
Regulation

MAS moves forward with proposed electronic shareholding framework

The Monetary Authority of Singapore (MAS) has concluded consultations on a proposed dematerialisation regime that would require listed company shares to be maintained electronically through the Central Depository (CDP).

The proposal aims to modernise Singapore’s securities infrastructure by eliminating physical share certificates and creating a fully digital ownership framework. The initiative is accompanied by a proposed regulatory regime for Central Securities Depositories under the Securities and Futures Act.

The move aligns with broader efforts across global financial markets to improve efficiency, reduce operational risks and enhance transparency through digital recordkeeping.

Why it matters: Modern securities infrastructure can improve operational efficiency while reducing risks associated with manual processing and paper-based ownership records.
Compliance takeaway: Market participants should assess the operational, custody and reporting implications of a fully electronic securities ownership environment.
MAS Singapore Securities Regulation Digital Transformation Market Infrastructure
Enforcement

Hong Kong SFC fines XHK Limited for client money and capital breaches

The Hong Kong Securities and Futures Commission (SFC) has reprimanded and fined XHK Limited HK$2.5 million for multiple regulatory breaches involving client money handling and capital requirements.

According to the regulator, the firm experienced significant liquid capital shortfalls between 2020 and 2021 and transferred substantial amounts of client funds to overseas brokers without obtaining written client authorisation. The SFC also identified delays in segregating non-client funds from client accounts.

The enforcement action highlights the continued regulatory focus on safeguarding client assets and maintaining adequate financial resources among licensed firms.

Why it matters: Client asset protection remains one of the most heavily scrutinised areas of financial regulation across global markets.
Compliance takeaway: Firms should regularly review client money controls, capital monitoring processes and segregation procedures to ensure ongoing regulatory compliance.
SFC Hong Kong Client Money Regulatory Enforcement Capital Adequacy
Crypto / KYT

Thailand advances FATF-aligned Travel Rule requirements for digital assets

Thailand is moving closer to implementing formal Travel Rule requirements for licensed digital asset operators following the conclusion of a public consultation led by the Securities and Exchange Commission (SEC).

The proposed framework aligns with Financial Action Task Force (FATF) standards and would require originator and beneficiary information to accompany virtual asset transfers. Licensed operators would also be required to maintain records for at least five years.

The initiative forms part of Thailand’s broader efforts to strengthen anti-money laundering controls and improve transparency within the digital asset sector. Regulators are currently finalising the rules in collaboration with the Anti-Money Laundering Office (AMLO).

Why it matters: Travel Rule compliance is becoming a global expectation for virtual asset service providers as regulators seek greater visibility into cross-border digital asset transactions.
Compliance takeaway: Digital asset firms should prepare for enhanced customer data collection, transaction monitoring and record retention requirements as Travel Rule obligations continue to expand across Asia.
Thailand Travel Rule FATF Crypto Compliance AML
Enforcement

OFAC expands sanctions list with new Iran-UAE designations

The US Treasury’s Office of Foreign Assets Control (OFAC) has added new individuals to its Specially Designated Nationals (SDN) list as part of ongoing efforts to combat terrorism financing.

Among the latest designations is an individual operating across both Iran and the UAE who was accused of providing support to a previously sanctioned terrorism-financing network. The action reinforces the continued focus of US authorities on intermediary networks operating across multiple jurisdictions.

The update serves as another reminder that sanctions compliance remains a rapidly evolving area requiring ongoing monitoring and screening capabilities.

Why it matters: Secondary sanctions risks continue to affect businesses operating in or connected to higher-risk jurisdictions.
Compliance takeaway: Organisations should ensure sanctions screening systems are regularly updated and capable of identifying evolving ownership structures and intermediary relationships.
OFAC Sanctions Compliance UAE Iran Financial Crime
Regulation

Thailand introduces group-wide supervision framework for insurance sector

Thailand’s Office of Insurance Commission (OIC) will implement a new Group-Wide Supervision framework on 1 July 2026, introducing a Full Consolidation approach to insurance group oversight.

The framework requires regulators to assess risks across the entire insurance group rather than focusing solely on individual legal entities. Areas covered include capital adequacy, governance, intra-group transactions and risk concentration management.

The change reflects growing international regulatory expectations around enterprise-wide risk management and financial stability. Insurance groups operating across multiple entities will face increased scrutiny regarding how risks are identified, managed and reported at the group level.

Why it matters: Regulators are increasingly moving towards consolidated supervision models that provide greater visibility into interconnected risks across corporate structures.
Compliance takeaway: Insurance groups should ensure group-wide governance, risk reporting and oversight frameworks are capable of meeting consolidated supervisory requirements.
Insurance Compliance Thailand Risk Management Governance Regulatory Updates
AML

Malaysia seizes RM57.68 million in international scam crackdown

Malaysian authorities have arrested 187 suspects and seized RM57.68 million in assets following a major anti-scam operation known as Op Teguh 2.0.

The operation targeted a syndicate allegedly involved in investment scams, romance scams and online gambling schemes affecting victims across Hong Kong, China, South Korea and Japan. Authorities confiscated luxury properties, vehicles and other high-value assets linked to the operation.

The scale of the seizure highlights the increasingly international nature of organised financial crime and the growing use of cross-border networks to target victims across multiple jurisdictions.

Why it matters: Financial crime networks are becoming more sophisticated and increasingly operate across borders.
Compliance takeaway: Cross-border transaction monitoring and enhanced due diligence remain critical tools for identifying and disrupting organised criminal activity.
Malaysia Scam Prevention Financial Crime AML Cross-Border Risk
AML

Singapore Police investigate 295 individuals in major anti-scam operation

The Singapore Police Force has investigated 295 individuals suspected of involvement in more than 751 scam cases following a nationwide enforcement operation conducted between 7 and 20 May 2026.

The cases involved a range of scam typologies, including investment scams, e-commerce fraud, impersonation scams, rental scams and job scams. Reported losses exceeded S$5 million, with investigations covering offences related to cheating, money laundering and unlicensed payment services.

The operation demonstrates Singapore’s continued focus on disrupting scam networks and reducing financial crime across the country.

Why it matters: Scam activity remains one of the fastest-growing financial crime threats facing consumers and financial institutions.
Compliance takeaway: Financial institutions should continue strengthening transaction monitoring and mule account detection capabilities (see fraud detection) to identify suspicious activity linked to scam operations.
Singapore Scams Money Laundering Fraud Prevention Financial Crime
Enforcement

Thai authorities pursue suspects in US$30 million cross-border investment fraud case

Thailand’s Central Investigation Bureau has obtained arrest warrants for two individuals linked to a long-running cross-border investment fraud and money laundering investigation.

The case involves allegations dating back to 2016, with reported losses exceeding US$30 million. Authorities allege that high-net-worth individuals were targeted through fraudulent investment schemes operating across multiple jurisdictions.

The investigation highlights the persistent risks associated with cross-border investment fraud and the challenges authorities face in tracing illicit funds and prosecuting international financial crime cases.

Why it matters: High-value investment fraud remains a significant financial crime risk, particularly where multiple jurisdictions are involved.
Compliance takeaway: Financial institutions should maintain strong customer due diligence and transaction monitoring controls to identify unusual investment-related fund flows and potential laundering activities.
Thailand Investment Fraud Money Laundering Financial Crime AML Enforcement
AI Governance

Hong Kong regulators expand GenA.I. Sandbox++ for financial services

Hong Kong’s four financial regulators have jointly launched the expanded GenA.I. Sandbox++, creating a broader testing environment for financial institutions exploring Generative AI applications.

The initiative — led by the Securities and Futures Commission (SFC), Hong Kong Monetary Authority (HKMA), Insurance Authority (IA) and Mandatory Provident Fund Schemes Authority (MPFA) — allows firms across banking, securities, insurance and retirement services to trial AI-driven use cases under regulatory oversight until 30 June 2026.

The move highlights Hong Kong’s growing commitment to responsible AI innovation while maintaining regulatory safeguards. Financial institutions are increasingly looking at AI to improve compliance operations, customer onboarding, risk assessments and operational efficiency. For compliance teams, the announcement signals that regulators are becoming more receptive to AI adoption — but governance, explainability and accountability remain key regulatory expectations.

Why it matters: Regulatory-backed AI testing programmes provide firms with a safer path to evaluate new technologies without compromising compliance obligations.
Compliance takeaway: Organisations exploring AI should establish strong governance frameworks, audit trails and oversight mechanisms before deploying AI-powered solutions into production environments.
AI Governance RegTech Hong Kong Compliance Technology Financial Services
Regulation

HKMA operational resilience deadline takes effect

Hong Kong banks are now expected to fully comply with the Hong Kong Monetary Authority’s Operational Resilience Framework following the end-May 2026 implementation deadline.

The framework requires financial institutions to identify critical operations, define disruption tolerance levels, conduct severe-but-plausible scenario testing and map dependencies across third-party providers and critical services.

Operational resilience has become a major focus for regulators worldwide as financial institutions face increasing cyber threats, technology outages and supply chain risks. Regulators are placing greater emphasis on an organisation’s ability to maintain essential services during periods of disruption. The implementation deadline marks a significant milestone for Hong Kong’s banking sector and signals continued regulatory scrutiny of resilience capabilities.

Why it matters: Operational resilience is rapidly becoming a board-level responsibility rather than solely an IT or operational concern.
Compliance takeaway: Financial institutions should continuously test resilience frameworks and ensure governance structures support rapid response and recovery during disruption events.
Operational Resilience HKMA Risk Management Banking Compliance Third-Party Risk
AI Governance

SFC issues new guidance on AI-enabled cybersecurity threats

The Hong Kong Securities and Futures Commission (SFC) has issued new cybersecurity guidance requiring licensed corporations and virtual asset service providers to strengthen defences against AI-enabled cyberattacks.

The regulator highlighted emerging risks including automated phishing campaigns, adversarial AI attacks, credential theft and sensitive data leakage. Firms are expected to enhance testing programmes, improve monitoring capabilities and implement stronger controls around AI systems and data access.

The guidance reflects a wider trend across global financial regulators as cyber threats become increasingly sophisticated through the use of artificial intelligence. Compliance and security teams are now expected to work more closely together to address evolving technology risks. The update serves as a reminder that adopting AI technologies must be matched with appropriate risk management and security controls.

Why it matters: Regulators increasingly view cybersecurity as a core component of compliance and operational resilience.
Compliance takeaway: Firms should review AI-related security controls, conduct regular adversarial testing and strengthen data governance policies to reduce exposure to emerging threats.
Cybersecurity AI Governance SFC Hong Kong Operational Risk
Crypto / KYT

Dubai introduces new regulatory framework for crypto derivatives

Dubai’s Virtual Assets Regulatory Authority (VARA) has published Part V of its Rulebook, introducing a comprehensive framework governing crypto exchange-traded derivatives.

The new rules formally regulate products including futures, perpetual contracts, options and contracts for difference (CFDs). Key requirements include a retail leverage cap of 5:1, mandatory insurance funds, 24-hour settlement requirements and explicit regulatory authorisation before firms can offer these products.

The framework represents another step in Dubai’s effort to establish itself as a globally recognised digital asset hub while strengthening investor protection and market integrity. As regulators continue to expand oversight of digital assets, compliance obligations surrounding product governance, suitability assessments and risk disclosures are becoming increasingly important.

Why it matters: Crypto markets are moving towards greater regulatory maturity, creating new compliance obligations for digital asset firms.
Compliance takeaway: Firms operating in virtual assets should assess whether their governance, risk management and reporting processes are aligned with evolving regulatory standards.
Crypto Compliance VARA Dubai Digital Assets Regulatory Updates
Regulation

MAS advances new third-party risk management framework

The Monetary Authority of Singapore (MAS) has completed consultations on its updated Operational Risk Management Guidelines and proposed Third-Party Risk Management Guidelines.

The new framework is expected to replace existing outsourcing guidance and significantly broaden regulatory expectations. Rather than focusing solely on outsourced services, the proposed rules extend oversight requirements across a wider range of third-party relationships.

The consultation reflects growing regulatory concerns surrounding concentration risk, vendor dependencies and the increasing reliance on external technology providers throughout the financial sector. As organisations continue to adopt cloud services, AI platforms and specialist vendors, regulators are placing greater emphasis on visibility and accountability across the third-party ecosystem.

Why it matters: Third-party risk management is becoming a critical pillar of operational resilience and regulatory compliance.
Compliance takeaway: Firms should strengthen vendor due diligence processes, improve ongoing monitoring and establish clear oversight frameworks for all third-party relationships.
MAS Third-Party Risk Management Operational Risk Singapore Compliance Regulatory Technology
Industry

FinTech Global names WIDTH to FinCrimeTech50 2026

FinTech Global selects WIDTH from over 500 nominated firms among the 50 most innovative companies tackling financial crime and fraud. The list spans AI-led transaction monitoring and automated compliance platforms.

Read the announcement →
Industry

WIDTH launches all-in-one AI-native compliance platform

KYC, KYB, AML monitoring, fraud detection, and case management unified on a single audit trail — built on a decade of Cynopsis Solutions compliance engineering, following Vernal Capital’s October 2025 acquisition.

Read more →
Industry

Cynopsis wins Regulatory Leader at SFF FinTech Excellence Awards

Cynopsis Solutions receives the Regulatory Leader title at the Singapore FinTech Festival FinTech Excellence Awards, recognising sustained impact across APAC’s RegTech landscape.

Industry

Vernal Capital acquires Cynopsis Solutions

Vernal Capital’s acquisition of Cynopsis Solutions sets the stage for the launch of WIDTH — same leadership team, same customer relationships, expanded product scope, and a rebuilt AI-native architecture.

Press & media enquiries

For interviews, quotes, or media assets, contact our communications team. Resources, logos, and brand guidelines are available in the media kit.

marketing@width.com → Media Kit