The publication this week of the European Securities and Markets Authority’s (ESMA) 2025 Annual Report confirms several major developments that will directly impact asset managers, investment firms and financial product distributors.
For these financial institutions, several regulatory developments deserve particular attention today.
1. DORA: Compliance Is Giving Way to Supervision
Since its entry into application, DORA has progressively evolved from a regulatory project into an operational supervisory framework.
Regulators are now focusing on very practical aspects, including:
- ICT risk mapping and identification of critical service providers;
- operational resilience governance and incident management;
- business continuity planning;
- oversight of outsourcing arrangements and third-party monitoring frameworks.
The first supervisory reviews will quickly distinguish between frameworks implemented solely to meet regulatory requirements and those genuinely embedded within firms’ governance structures.
Asset managers and investment firms should therefore treat DORA as a permanent risk management discipline rather than a one-off compliance project.
2. AIFMD II: Preparing for Operational Impacts
AIFMD II is gradually entering its implementation phase.
Key developments include:
- delegation and sub-delegation arrangements;
- liquidity management tools (LMTs);
- loan-originating fund activities;
- reporting obligations and governance requirements;
- enhanced oversight expectations regarding delegates.
These developments often require a coordinated review involving risk, compliance, portfolio management and operations teams.
Firms that proactively prepare for these changes will benefit from a significant advantage during future regulatory reviews and supervisory inspections.
3. Data Quality Becomes a Strategic Issue
ESMA is increasingly placing data at the centre of its supervisory approach.
Regulatory reporting under AIFMD, UCITS, MiFIR, EMIR, DORA and ESG frameworks is no longer viewed as a mere compliance exercise. It has become a key source of information used by regulators to identify emerging risks and prioritise supervisory actions.
In this context, firms should assess:
- the quality of their data and the consistency of information reported across regulatory frameworks;
- regulatory data governance arrangements;
- oversight of third parties involved in data production and reporting processes;
- traceability of data used for regulatory submissions.
The days when regulatory reporting was considered a purely administrative requirement are clearly over.
Regulators increasingly rely on data analytics to target inspections and assess risk profiles across financial institutions.
4. MiCA: The Professionalisation of the Crypto Sector
After several years of rapid growth, the crypto-asset market is entering a phase of regulatory normalisation.
MiCA requirements are progressively aligning crypto-asset service providers with standards already applicable to traditional financial institutions, including:
- governance and internal control frameworks;
- conflict of interest management and investor protection;
- surveillance arrangements and market abuse prevention mechanisms.
Firms with direct or indirect exposure to crypto-assets must now integrate these topics into their overall risk management and compliance frameworks.
MiCA follows principles already familiar under MiFID II. Institutions distributing or recommending crypto-assets will increasingly be expected to apply investor protection standards comparable to those applicable to traditional financial instruments.
5. Investor Journey and Investor Protection: A Growing ESMA Priority
One of the most significant messages emerging from the 2025 report is ESMA’s determination to improve the retail investor journey, covering the entire process from product discovery through subscription and ongoing monitoring.
This approach directly affects investment firms engaged in:
- investment advice and reception and transmission of orders;
- discretionary portfolio management and fund distribution;
- structured product distribution;
- crypto-asset related services.
European regulators are increasingly focusing on investors’ actual outcomes and experiences rather than solely on formal compliance with regulatory requirements.
Particular attention is being paid to:
- product governance and target market identification;
- suitability and appropriateness assessments;
- costs and charges borne by investors;
- clarity of pre-contractual disclosures;
- conflicts of interest management;
- digital distribution and marketing arrangements;
- quality of information provided to clients.
Firms will increasingly need to demonstrate that their processes effectively deliver positive outcomes for investors.
This area is likely to become a major focus of future supervisory reviews by both national and European authorities.
6. ESG: From Communication to Demonstration
Recent work by both ESMA and national regulators highlights increasing scrutiny of ESG practices.
Regulators are becoming less interested in policy statements and more focused on firms’ ability to demonstrate:
- consistency between ESG strategies and underlying data;
- effectiveness of controls and monitoring processes;
- robustness of methodologies and governance frameworks.
Greenwashing remains a key supervisory concern.
Asset managers must be able to document and justify their ESG approaches in a robust manner and demonstrate consistency with commitments made to investors.
A Broader Trend: More Risk-Based Supervision
Taken together, these developments form part of a broader transformation of European financial supervision.
Regulators increasingly rely on regulatory data to direct supervisory resources towards institutions presenting the most significant risks.
This approach is also accompanied by greater attention to investor outcomes, particularly in investment advice, product distribution and crypto-asset related activities.
In this environment, compliance, risk management and internal control frameworks must evolve towards a more risk-based approach focused on data quality, governance and demonstrable effectiveness.
CerLab Finance supports asset managers and institutional investors in preparing for these regulatory developments, through tailored regulatory due diligence, internal framework reviews, and strategic sectoral monitoring.