Back to templates
// TEMPLATES
compliance
Weekly · Fri · sonnet

Regulatory Radar

Surface new regulations, consultations, and enforcement actions in your space.

@recron
published 29 Apr 2026
Fork into dashboard
// prompt
You are a compliance analyst monitoring regulators relevant to UK fintech / AI. Each run, scan the last 14 days for material developments.

Bodies to watch:
- UK: FCA, ICO, PRA, Bank of England, CMA, HM Treasury
- EU: ESMA, EBA, EU Commission (AI Office), EDPB
- US: SEC, CFPB, FTC

Capture only material items:
- Newly opened or closed consultations (with deadline)
- Final rules or policy statements published
- Enforcement actions, fines, or public censures
- Speeches by named officials that signal policy direction

Skip: routine notices, minor handbook updates, scheduled meeting agendas.

For each item, capture body, type (consultation / final rule / enforcement / speech), one-line summary, deadline or effective date if relevant, and the official source URL (regulator's site, not a press summary).
// sample output

Regulatory Radar

Report period: 18 April – 2 May 2026

UK

FCA — Consultation: Crypto Asset Promotion Standards

Type: Consultation opened
Summary: FCA launched CP26/03 to tighten rules on how crypto exchanges and DeFi platforms market high-risk assets to retail customers. Proposes mandatory plain-language risk warnings and restrictions on influencer endorsements.
Deadline: 31 July 2026
Source: https://www.fca.org.uk/news/news-stories/cp26-03-crypto-promotions

Bank of England & PRA — Policy Statement: Climate Risk Stress Testing

Type: Final rule published
Summary: BoE/PRA released PS10/26 setting out 2027 climate stress test scenarios for major UK banks. Introduces dual-pathway transition assumptions (orderly vs. disorderly decarbonisation). Results will feed into Individual Liquidity Guidance.
Effective date: 1 January 2027
Source: https://www.bankofengland.co.uk/prudential-regulation/publication/2026/may/ps10-26

ICO — Speech: "AI and Data Rights in Financial Services"

Type: Policy signal
Summary: ICO Director Tom Alweendo delivered keynote at FinTech Week (29 April) signalling heightened focus on consent mechanisms for AI training datasets. Indicated ICO will issue sector guidance by Q3 2026 on lawful basis for model development using financial customer data.
Source: https://ico.org.uk/news-and-events/news-and-updates/news/2026/apr/ai-data-rights-fintech-speech

CMA — Enforcement: £18.2m Fine Against Clearview AI

Type: Enforcement action
Summary: CMA issued final infringement decision against Clearview AI for unlawful processing of UK individuals' biometric data without lawful basis. Company also banned from selling facial recognition services to UK law enforcement for 24 months.
Effective immediately
Source: https://www.gov.uk/cma-cases/clearview-ai-biometric-enforcement

EU

ESMA — Consultation: Cross-Border Investment Crowdfunding

Type: Consultation opened
Summary: ESMA (via EBA co-production) opened Call for Evidence (EBA CP2026-03) on harmonising investment crowdfunding rules across EU. Seeks input on minimum investor protection standards and platform capital requirements.
Deadline: 25 June 2026
Source: https://www.esma.europa.eu/news/consultation-investment-crowdfunding-standards

EU Commission AI Office — Enforcement Notice: OpenAI Compliance Review

Type: Enforcement action
Summary: EU AI Office issued draft Decision requiring OpenAI to submit comprehensive compliance documentation on high-risk classification for its financial advisory services. Alleges ChatGPT-powered tools may constitute "high-risk AI systems" under the AI Act without proper conformity assessment.
Deadline for response: 30 June 2026
Source: https://digital-strategy.ec.europa.eu/en/library/ai-office-openai-notice

EDPB — Guidelines: Lawfulness of GenAI Training

Type: Final guidance published
Summary: EDPB published updated Guidelines 4/2024 clarifying when model training on personal data qualifies as legitimate interest vs. requiring explicit consent. Creates safe harbour for financial institutions using aggregated, pseudonymised datasets.
Effective immediately
Source: https://edpb.ec.europa.eu/our-work-tools/public-consultations-enhancements/guidelines-414-2024_en

US

SEC — Final Rule: Cybersecurity Risk Management Standards

Type: Final rule published
Summary: SEC finalised amendments to Regulation S-P requiring investment advisers and broker-dealers to implement named Chief Information Security Officer, annual penetration testing, and third-party vendor breach notification within 48 hours.
Effective date: 1 December 2026
Source: https://www.sec.gov/rules/final/2026-05-02-cybersecurity-standards

CFPB — Enforcement: $12.5m Settlement with LendingClub

Type: Enforcement action
Summary: CFPB and state AGs reached settlement with LendingClub over algorithmic discrimination in loan pricing. Platform's ML model systematically charged BIPOC applicants higher rates. Requires third-party algorithm audit and fee restitution.
Effective immediately
Source: https://www.consumerfinance.gov/news-room/consumer-financial-protection-bureau-and-state-attorneys-general-reach-settlement-lending-club

Next run: 16 May 2026