Key items for your agenda in 2025
Our standout items
New UK Failure to Prevent Fraud Offence (FTPF Offence)
What’s happening?
The new FTPF Offence – coming into effect on 1 September 2025 – is intended to hold certain corporate entities criminally liable for fraud committed by their associates, unless they have ‘reasonable procedures’ in place to prevent fraud.
A key question, of course, is what will be regarded as a ‘reasonable procedure’? In early November 2024, the government published its guidance, which sets out some of the recommended procedures that organisations can put in place to seek to prevent fraud and, importantly, to be in a position to use the defence if needed.
What does this mean for me?
The government guidance makes it clear that in-scope organisations should carry out a risk assessment, implement risk-based policies and procedures, and carry out training. For much more detail on the offence and our summary of what an organisation may consider doing now, see our briefing.
It is also worth noting that the FTPF Offence does not only apply to UK businesses. It will apply wherever an associated person of a large organisation (wherever incorporated) commits a relevant fraud offence with a link to the UK.
We’ve seen this approach to holding organisations liable for ‘Failing to Prevent’ financial crime used before in the UK – for bribery and tax evasion, to mixed results. But the net has been cast wider for fraud in certain, often subtle, ways that may increase the risk for many asset management structures. Being able to identify and manage exposure in a way which is proportionate to the risk and complementary to existing processes, and delineating the approach as between the house, the fund, and the portfolio, will be key to compliance.
John Buttanshaw
Partner
New UK identity verification (IDV) regime
What’s happening?
New IDV requirements are coming into force that will apply to all new and existing UK company directors and LLP
members, all persons (whether or not in the UK) who have or exercise significant control over a UK company or an
LLP (PSCs) and anyone filing documents with the UK’s Companies House.
IDV measures are expected to be rolled out from spring 2025. By autumn 2025, IDV will be compulsory on
incorporation and for incoming company directors, LLP members and PSCs. Helpfully, there will be a 12-month
transitional period for existing directors, LLP members and PSCs to verify their identity.
So what?
It’s important that legal teams are geared up for the new requirements. Consideration should be given to carrying out
a pre-IDV regime audit to establish who in your business will need to be verified and whether they have necessary ID
documentation.
Other things to keep a close eye on
Further work on the EU’s AIFMD II
What’s happening?
AIFMD II came into force in the EU last year and most provisions will start to have effect from 16 April 2026. In the meantime, EU regulators are starting to draft the supplementary rules and guidance. So far, we have seen consultations on further requirements for liquidity management tools as well as on the requirements for open-ended Loan Originating AIFs.
So what?
Key changes under AIFMD II include new requirements for AIFs which originate loans (including leverage limits for Loan Originating AIFs), additional disclosure and reporting requirements, and new rules on liquidity management for open-ended funds. AIFMs should start to consider what changes are needed to their AIFs and other operations. This includes having regard to the additional rules and guidance that are expected from the EU authorities. AIFMs may also want to take the opportunity to contribute to the consultations on these.
Although these amended rules have not been replicated in the UK, some of the changes will be potentially relevant for UK-regulated firms marketing into the EU.
Review of the UK funds regime
What’s happening?
The consultation on UK’s version of the AIFMD, which was pencilled in for 2024, has not yet appeared, but is still expected imminently. However, in November 2024, the UK government issued a Call for Evidence on the Financial Services Growth & Competitiveness Strategy which provided some insight into its plans for the UK asset management industry.
So what?
The details of the consultation on UK AIFMD are not yet known but it is thought that the UK regulators will try and make the regime more proportionate and address some of the more onerous requirements, while potentially increasing the disclosures required to be made to regulators. While reforms are likely to be welcome, they would mean further divergence between the UK and EU AIFMD regimes.
According to its Call for Evidence, the government is keen that the UK continues to be a leading destination for private markets activity. Suggested measures include simplifying regulation, supporting innovation and new technology (such as fund tokenisation), and facilitating cross border activity. More investment into productive assets, including through the creation of pensions “megafunds” (discussed further in our Investors section below), is being targeted. See Travers Smith’s Alternative Insights: The UK government’s boost to private markets for further discussion of this.
Significant (and welcome) changes to the UK prospectus rules
What’s happening?
The FCA is proposing to change the UK prospectus regime. The proposals involve significant amendments, particularly to the rules which determine whether a prospectus is needed on a secondary capital raising, as well as making it easier for companies to make forward looking statements in prospectuses.
The key change for investment companies with securities already admitted to trading on the Main Market is that a prospectus will only be required when further securities are issued over a 12-month period that amount to at least 75% of the company’s issued share capital. This is a significant increase to the threshold, which is currently set at 20%.
The FCA is aiming to finalise the rules by the end of June 2025. There will be a further (as yet unspecified) period before the new rules come into force.
What does this mean for me?
The significant increase in the triggering threshold will offer companies much more flexibility when fundraising. Notably, the FCA goes much further than the revised EU listing rules, where it is proposed the limit will be raised to 30%.
An issuer will still have the option to produce a voluntary prospectus, approved by the FCA, for any share issues below this level. In such cases, an issuer’s brokers and financial advisers are likely to insist that the prospectus contains the same information as would have been required in a mandatory prospectus.
EU Artificial Intelligence Act (AI Act)
What’s happening?
The EU AI Act came into force in August 2024 but has a staged application – the first wave of obligations applies from February 2025, including the “AI literacy” requirement. See our briefing for more information on which obligations apply and when.
So what?
To meet the literacy requirement firms will need to put in place appropriate policies and staff training on AI risks and the use of AI tools by EU staff.
If firms plan to use AI as part of their employment processes in the EU (for example, in recruitment), they are likely to need to gear up to comply with “high-risk” system requirements from 2 August 2026 in respect of those new HR systems (and existing systems that are significantly changed after that date). They will also need to address transparency requirements for “chatbots” from 2 August 2026.
The UK’s National Security and Investment Act
What’s happening?
We expect to find out more about the new government’s approach to scrutinising transactions on the grounds of national security during the course of 2025.
The fate of various measures championed by the previous administration is currently unclear. A consultation expected over the summer on updating the scope of mandatory sectors caught by the National Security and Investment Act (NSIA) has not (yet) materialised and expected new targeted exemptions have not been progressed. These steps appear to have been overtaken by the new Government’s industrial strategy aimed at establishing long-term economic growth across the UK.
So what?
Falling within the NSIA can have a significant impact on transactions: at least, it will affect the deal timetable, but it also has the potential to kill the deal completely if it poses a risk to the UK’s national security. Deal prohibitions are, however, rare and the new government has, so far, continued to demonstrate an appetite to work with remedies even in politically challenging cases.
In October 2024, the government launched its consultation on the UK’s Industrial Strategy, “Invest 2035”, covering several areas of the economy that are also core to the NSIA regime. The outcome of this consultation is expected in spring 2025 and may provide clarity on how (if at all) NSIA policy will shift as part of the government’s wider strategy. We can, however, expect closer alignment between the government’s use of the NSIA and its industrial strategy goals.
The wide pool of merger control and foreign direct investment regimes continues to grow every year. This increasingly interventionist approach to M&A from governments and regulators means asset managers need to be alive to potential mandatory filings on transactions of all sizes, particularly as they grow internationally. Having to seek merger control and foreign direct investment approval is fast becoming part and parcel of M&A processes for all asset managers.
Victoria Bramall
Partner
EU Digital Operational Resilience Act (DORA)
What’s happening?
17 January 2025 marked the compliance deadline for DORA, an EU regulation, which applies operational resilience requirements to EU-regulated financial services firms, including full-scope AIFMs and MiFID investment firms (which includes portfolio managers), in their use of information and communication technology (ICT) services. These include governance, incident reporting, testing and third-party risk management requirements, as well as mandatory content for ICT contracts.
So what?
There is no transition period. While shortly before the deadline, the ESAs reiterated that affected firms must fully comply with DORA and related rules by 17 January, that was a struggle for some. Many firms have been prioritising the key and most conspicuous areas of compliance – completing registers of information, board minutes, uplifting incident response plans, and completing DORA-compliant contractual amendments, prioritising key suppliers. While enforcement will undoubtedly be uneven at the outset, regulators such as the CSSF in Luxembourg are primed for early enforcement.
Publicising UK enforcement investigations
What’s happening?
The FCA proposed in February 2024 that it would publicly announce that it has opened an enforcement investigation if it considers that it is in the public interest to do so. This would include naming the subject of the investigation (although individuals would generally not be named) and a summary of the suspected breach or misconduct.
So what?
The proposals raised significant concerns and many had hoped that the FCA would abandon the proposals altogether. However, the FCA seems determined to proceed and has now issued a second consultation which introduces some changes in response to the concerns expressed. For example, there would be greater consideration of the negative impact of any announcement and more advance notice for firms (which would allow them more time to make representations).
The latest consultation closes on 17 February 2025 and the FCA is expected to take a final decision on how to proceed in Q1 2025.
