Regulatory Insights on Basel, Credit, Cyber Vulnerabilities & IMF
Welcome to Carver's regulatory updates podcast for the week of March 02, 2026.
Starting with global financial regulation, the Swiss Financial Market Supervisory Authority, FINMA, has withdrawn the license of MBaer Merchant Bank AG due to serious, systematic shortcomings in anti-money laundering compliance and risk management. The bank is now in liquidation after withdrawing its appeal. The United States Financial Crimes Enforcement Network, FinCEN, has also designated MBaer Merchant Bank AG as a primary money laundering concern. This case underscores the critical importance of maintaining adequate AML structures, due diligence, and robust organizational risk management to meet supervisory standards.
In the European Union, the European Securities and Markets Authority, ESMA, has published the IFRS 18 package, introducing new presentation and disclosure requirements effective January 1, 2027. This replaces IAS 1 and includes amendments to four existing Q&As related to Alternative Performance Measure guidelines. Issuers must apply IFRS 18 retrospectively and disclose any material expected impacts before the effective date to ensure consistency between financial statements and public communications.
Malta’s Financial Services Authority, MFSA, has released its supervisory priorities for 2026, emphasizing enhanced focus on financial crime compliance, consumer protection, and cross-border supervision. Key areas include anti-money laundering and counter-terrorist financing, sanctions compliance, proliferation financing controls, digital finance including artificial intelligence oversight, and strengthening governance arrangements for money laundering reporting officers. The MFSA aims to align with the European Union’s AML legislative package to reduce regulatory and reputational risks.
Turning to cybersecurity, France has disclosed an actively exploited vulnerability, CVE-2026-20127, in Cisco Catalyst SD-WAN products. The vulnerability allows attackers to bypass security policies and gain unauthorized privileged access. Organizations are advised to migrate to supported patched versions, perform detailed compromise investigations, and monitor for indicators such as rogue peer connections and unauthorized SSH keys. Meanwhile, the Netherlands has reported two critical vulnerabilities, CVE-2026-1281 and CVE-2026-1340, in Ivanti Endpoint Manager Mobile, with evidence of exploitation since August 2025. Immediate patching and forensic investigations are strongly recommended.
In the United Kingdom, the Financial Conduct Authority has selected four firms to participate in its Regulatory Sandbox starting in the first quarter of 2026 to test stablecoin innovations. These trials will focus on stablecoin issuance and use cases including payments, wholesale settlement, and crypto trading. The FCA will use the results to inform final stablecoin regulations expected later this year. Participating firms must prepare for authorization under the new cryptoasset regime effective October 2027 and manage risks related to deposit-taking institutions and regulated stablecoins.
In the Middle East, the Capital Markets Authority of Kuwait has granted preliminary approval to Al Mowazi Capital Company to practice securities activities for six months starting February 23, 2026. The approval is renewable, with conditions for license issuance and a validity period of three years. The company must meet specified criteria and pay prescribed fees to convert this preliminary approval into a full license.
In Egypt, the International Monetary Fund’s Executive Board completed the fifth and sixth reviews under the Extended Fund Facility and the first review under the Resilience and Sustainability Facility. This approval enables disbursement of funds and highlights Egypt’s progress in macroeconomic stabilization and structural reforms. The IMF calls for maintaining tight monetary and fiscal policies with exchange rate flexibility, accelerating reforms to reduce the state’s economic footprint, and strengthening domestic revenue mobilization and debt management.
Turning to the United States, Attorney General Rob Bonta is co-leading a multistate lawsuit challenging the Centers for Disease Control and Prevention’s January 5, 2026 decision memo. The memo demoted seven childhood vaccines from universally recommended status and replaced the Advisory Committee on Immunization Practices with members lacking scientific qualifications. The lawsuit argues these changes violate federal laws and threaten public health by reducing vaccine uptake and increasing disease risk. The plaintiffs seek reversal of the memo and restoration of prior vaccine recommendations.
Additionally, Attorney General Bonta has rejected the Trump administration’s tax policy changes under IRS Notice 2025-42, which narrow the definition of ‘beginning of construction’ for wind and solar projects to qualify for tax credits. The new rules remove previous safe harbor provisions and limit eligibility for projects starting after July 4, 2026. This policy risks reducing clean energy supply, increasing electricity costs, and disrupting state energy planning. Stakeholders are urged to monitor legal developments closely.
The Small Business Administration continues to offer disaster relief loans to small businesses and private nonprofits affected by natural disasters. In Oregon, Economic Injury Disaster Loans remain available for those impacted by March 2025 storms, with an application deadline of March 24, 2026. Loans can reach up to $2 million with interest rates as low as 4 percent for small businesses and 3.625 percent for private nonprofits, with payments deferred for 12 months. Similarly, in Nebraska and Kansas, SBA disaster loans are available for entities affected by the May 2025 drought, with a loan application deadline of March 16, 2026, and a 60-day grace period thereafter.
In Canada, the Ontario Securities Commission has issued an order in enforcement proceedings against Brunet under file number 2026-9. This update signals ongoing regulatory enforcement activity in Ontario’s securities sector.
In Italy, the Ministry of Economy and Finance published reference interest rates for subsidized credit operations for March 2026. These include the weighted average yield of BOT for February 2026 and the monthly average gross yield of taxable public securities for January 2026. These rates are essential for determining interest rates on subsidized loans.
In the European Union, two medicinal product updates have been announced. Entyvio, or vedolizumab, has updated its authorisation status, therapeutic indications, dosing, safety profile, and risk management measures. Healthcare professionals are reminded to initiate treatment under specialist supervision and monitor patients carefully. Ranluspec, a biosimilar to Lucentis or ranibizumab, has been authorised for treatment of wet age-related macular degeneration and other retinal conditions. It must be administered by qualified eye doctors with ongoing safety monitoring.
Finally, in New York City, Attorney General Letitia James filed an amicus brief supporting the city’s motion to dismiss the Department of Justice’s lawsuit challenging sanctuary laws. The brief affirms that New York City’s sanctuary policies comply with state and federal law and emphasize their role in enhancing public safety by fostering trust between immigrant communities and local law enforcement.
That wraps up today's regulatory updates. Visit carveragents.ai for more information.
