2023 Regulatory Map


2023 Regulatory Map

Start your journey with a clear outlook on approaching regulatory changes in the EU & Luxembourg

Our 2023 Deloitte regulatory poster will help you transform obligation into opportunity with an essential snapshot of the latest regulatory trends and associated challenges for market participants, ranging from banking, insurance, investment management, private equity and real estate.

Anticipating and tackling these regulatory changes in a timely manner is essential not only for business reasons but also to avoid fines. According to a 2022 CSSF Report, in Luxembourg alone fines reached EUR4.3 million last year.

But the right guide can turn regulatory change into a differentiator that drives you forward.

Our 2023 Regulatory Map offers a clear timeline for announced legislation and highlights five key themes that will shape the regulatory landscape in the coming year. Use the map to chart your priorities and avoid pitfalls on your journey.

Sustainability disclosures

After the Sustainable Finance Disclosure Regulation (SFDR) Level I entered into force on 10 March 2021, certain product and entity level disclosures by Financial Market Participants (FMPs) were introduced. SFDR Level II, effective since 1 January 2023, has completed the framework by increasing the granularity of disclosures with the goal of improving the management of MiFID II sustainability preferences.

On 5 January 2023, the Corporate Sustainability Reporting Directive (CSRD) entered into force. This extension of the Non-Financial Reporting Directive (NFRD) accounting directive will impose an annual report that complements financial institutions’ SFDR information with a non-financial (environmental) report.

The CSRD report details sustainability matters including environmental, social, human rights and governance factors and will be phased along a timeline starting in 2024 (figures of 2024). It will apply to companies that are listed and/or meet two of the following:

  • 250+ employees;
  • €40 million net revenue; and
  • ≥ €20 million on the balance sheet.

CSRD will also apply to any global, non-EU firms with a net turnover of €150 million and at least one significant subsidiary or branch in the EU. Accordingly, financial firms— large and small— will have to comply to support the EU’s net-zero strategy.

Cyber and digital resilience

The Digital Operational Resilience Act (DORA) will introduce new obligations for nearly all financial firms in the EU in the field of cyber organization and resilience, meaning it should already be a priority for all financial firms.

DORA aims primarily at:

  • Harmonizing ICT risk management and cyber resilience rules across EU financial services sectors, thus setting EU-wide standards for digital operational resilience framework for organization, procedures, and Threat-Led Penetration Testing (TLPT).
  • Harmonizing ICT incident classification and reporting, with the opening of a single EU hub for major ICT-related incident reporting by financial institutions.
  • Bringing “critical ICT third party providers” including cloud service providers into the supervisory perimeter. These would be supervised by one of the European Supervisory Authorities (ESAs), who would have full supervisory powers (request information, conduct off-site and on-site inspections, issue recommendations or requests, and impose fines).

In addition to DORA, the digital regulations framework will also encompass the Distributed Ledger Technology (DLT) pilot regime that will allow for the issuance, trade and transfer of fully digital blockchain financial instruments from March 2023. The Markets in Crypto-Assets (MiCA) regulation for other digital or tokenized assets (currencies and non-financial) should become live beginning of 2025 and, with the later Artificial Intelligence (AI) Act and Data Governance Act, will complete the digital regulatory framework.

With these, the EU will have one of the most comprehensive and harmonized regimes for digital financial services and products, reaching more than 500 million consumers and countless corporates or SMEs.

Capital markets and investment funds

The Alternative Investment Fund Managers Directive (AIFMD) II reviews address 3 challenges: loan funds, delegation and governance or risk framework. Discussions have progressed quietly in 2022 with a text already agreed by the European Council and to be agreed in early 2023 by the European Parliament before trilogues. Accordingly, a potential final agreement should be reached in spring 2023 with later publication and enforcement 24 months thereafter.

For European Long-Term Investment Funds (ELTIF) II, discussions concluded at the end of 2022 with a live date expected beginning 2024. The review promises to make ELTIF II much more successful, resolving the two major stumbling blocks: management and distribution to retail. With the live date planned, ELTIF II could successfully support the EU economy in aligning ESG demands with a dedicated and passportable vehicle. Thus 2023 should be dedicated to feasibility business cases.

Financial crime

In July 2021, the European Commission unveiled its new EU AML/CFT package composed of legislative updates, including the creation of the new EU Anti-money-laundering authority (AMLA). AMLA’s core activities will focus on:

  • Supervising a direct lead on “selected obliged entities” and cooperating with national authorities through an increasingly convergent approach. The AMLA will also indirectly supervise the non-financial sector.
  • Harmonizing the AML/CFT single rule book that will be better enforced throughout the EU.
  • Enhancing cooperation among Financial Intelligence Units (FIUs), via AML, to simplify and accelerate information sharing.

These updates are currently being finalized at European level. Even if implementation is delayed until 2026/2027, the potential impact on the financial sector suggests firms should already implement compliance and risk assessment measures.

Additionally, after the launch of the Markets in Financial Instruments Directive II (MiFID II) review in 2021, the European Commission only tackled some of the MiFID’s market requirements (consolidated tape, double cap and systematic internalizer status). In 2023, the European Commission should issue its proposal to review retail financial services regulation and streamline sector-specific legislative instruments in a single piece of regulation covering digitalization, new products, services or ways to share information or interact with clients.

Financial firms should consider factors such as the increased digital nature of service provision, which impacts communication with clients. From the “end user” perspective, proposed solutions are potentially simpler than the current disclosures regime (in PRIIPS, MiFID, IDD, etc.). A concept of “value for money” might support this simplification, along which full details should be available (costs, fees, ESG impacts, etc.) so that clients better understand how their money is used. Supervisory authorities will also use this information to assess how firms care for client interests.

The forthcoming proposal, expected in Q1 of 2023, will pass through the interinstitutional process, with publication and grandfathering, before its live date. The current anticipated target date is around 2026, but businesses should already begin to evolve their business strategy.

Derivatives markets

On the European Market Infrastructure Regulation (EMIR) front, recent market dynamics, high volatility and regulatory updates should encourage market participants to examine mandatory clearing and margining thresholds with increased scrutiny over the next 18 months.

Furthermore, a massive EMIR reporting overhaul is coming on 29 April 2024. Not only will the format of the report to trade repositories change, but it will be accompanied with a sharp increase in the number of reported fields as well as a change in definition for most of them. In addition, regulators will be expecting a higher level of data quality to better mitigate systemic risks.

As a result, counterparties will face changes at the system, operations, and data-management levels, and this will likely hold true at the product or service level as well. Without question, the next 18 months should be wisely planned to meet these new demanding expectations.

Discover our Luxembourg Regulatory Center

The right guide can make regulatory change a differentiator that drives you forward.

Insert CSS fragment. Do not delete! This box/component contains code needed on this page. This message will not be visible when page is activated.

Did you find this useful?