Global Trustee and Fiduciary Services Bite-Sized Issue 3 2025

7 QUICK LINKS CRYPTOASSETS CSDR EMIR FINTECH FSB OPERATIONAL RESILIENCE SUSTAINABLE FINANCE/ESG T+1 ASIA PACIFIC EUROPE IRELAND LUXEMBOURG NORTH AMERICA UNITED KINGDOM Global Trustee and Fiduciary Services Bite-Sized | Issue 3 | 2025 Finally, the RTS emphasises the importance of information sharing between competent authorities and the Lead Overseer, particularly when risks are severe and impact financial entities across multiple Member States. This collaborative approach aims to ensure a level playing field and effective oversight of critical ICT third-party service providers in the EU financial sector. The RTS entered into force on 5 March 2025. Link to RTS here SFC Flags Cybersecurity Incidents Involving Licensed Firms and Resulting Business Disruptions in Thematic Review Report On 6 February 2025, the Securities and Futures Commission (SFC) noted material cybersecurity incidents in recent years involving cyberattacks against licensed corporations (LC) had resulted in significant business disruptions or hacking of client accounts. The SFC’s Report on the 2023/24 Thematic Cybersecurity Review of Licensed Corporations (Report) noted eight incidents of material cybersecurity breach reported to the SFC between 2021 and 2024. In some incidents, fraudsters conducted unauthorised trades in clients’ accounts after gaining control of them by infiltrating the LCs’ networks through network security loopholes. The use of end-of-life software and weak algorithm for encrypting client data are some of the common weaknesses identified in these incidents. The SFC says such vulnerabilities indicate the LCs’ insufficient senior management oversight and inadequate controls on cybersecurity measures. In addition, to address the emerging cybersecurity risks, the SFC has set out in the Report standard of conduct expected of LCs in relation to phishing detection and prevention, end-of-life software management, remote access, third-party IT service providers management and cloud security. The SFC says it, together with the Hong Kong Police Force, will host cybersecurity webinars in February to further share the findings of the thematic review and the common cybersecurity threats in Hong Kong. The SFC says it will also conduct another comprehensive review on the existing cybersecurity requirements and expected standards in 2025, to develop an industry-wide cybersecurity framework and guide LCs on better managing cybersecurity risks. Link to Report here SUSTAINABLE FINANCE/ESG European Commission Simplifies Rules on Sustainability and EU investments On 26 February 2025, the European Commission (EC) adopted a new package of proposals to simplify EU rules, boost competitiveness, and unlock additional investment capacity. The EC says that by bringing its competitiveness and climate goals together, it is creating the conditions for EU businesses to thrive, attract investment, achieve its shared goals – such as the European Green Deal objectives – and unlock the EU’s full economic potential. The EC says it has a clear target to deliver an unprecedented simplification effort, by achieving at least 25% reduction in administrative burdens, and at least 35% for SMEs until the end of this mandate. Adding that these first ‘Omnibus’ packages, bringing together proposals in a number of related legislative fields, cover a far-reaching simplification in the fields of sustainable finance reporting, sustainability due diligence, EU Taxonomy, carbon border adjustment mechanism, and European investment programmes. If adopted and implemented as set out, the EC says that the proposals are conservatively estimated to bring total savings in annual administrative costs of around €6.3 billion and tomobilise additional public and private investment capacity of €50 billion to support policy priorities.