Financial services and fintech firms are evolving rapidly, and regulators are adjusting their expectations in response. In 2025, authorisation applications are increasingly impacted by two distinct forces: the adoption of transformative technologies and the emergence of new systemic risks. Regulators must now assess not just what a firm does, but how resilient, ethical, and governable its operations and innovations are, and firms must prepare for these changes.
Key Technologies Shaping Authorisation Criteria
There are three key emerging technologies currently prompting regulators to refine how they assess firms seeking authorisation:
- AI and Machine Learning
- Blockchain and Distributed Ledger Technology
- RegTech and Compliance Automation
AI and Machine Learning
Common use cases: Artificial Intelligence (AI) and Machine Learning (ML), are increasingly used for fraud detection, algorithmic credit scoring, and portfolio diversification, enabling faster, data-driven decision-making at scale. These tools allow firms to identify patterns and risks in real-time, often beyond the capability of manual analysis.
Regulators expect: Clear explanations of how models operate, evidence of bias mitigation, and systems that support auditability and human review.
Applicants must: Demonstrate robust governance, including board oversight, internal controls, and procedures for monitoring and updating AI/ML tools responsibly.
Blockchain and distributed ledger technology
Common use cases: Blockchain introduces decentralised infrastructure to financial services and is applied in secure record keeping, tokenised payments and asset verification. This technology has the potential to reduce reliance on third-party intermediaries through transparency and immutability.
Regulators expect: Operational resilience, adherence to anti-money laundering (AML) and know-your-customer (KYC) requirements, robust custody arrangements and sound governance of digital assets and private keys.
Applicants must: Demonstrate strict security protocols, governance structures for smart contracts and comprehensive risk management frameworks suited to the unique requirements of distributed ledger technology.
RegTech and Compliance Automation
Common use cases: RegTech supports automated regulatory submissions, AML/KYC onboarding and transaction monitoring, while streamlining compliance processes and reducing manual error. Many firms are embedding these tools directly into their operational workflows to enhance efficiency and responsiveness. Regulators expect that automation must be subject to meaningful human oversight, with traceability and accountability managed at senior levels. Furthermore, applicants must provide a well-structured compliance framework that explains how automation is governed, audited and integrated across business functions.
Emerging Risk Areas for Consideration in Authorisation
Beyond technology, some key risks are emerging that influence current regulatory scrutiny and oversight:
- Cybersecurity:
Firms must show resilience of systems against cyber threats, particularly when reliant on cloud-based systems.
Regulators will assess encryption, access control and incident response capabilities
- Operational risk:
Increased potential for operational risk through outsourcing or third-party dependencies
This includes an increased focus on due diligence, performance monitoring and exit strategies to mitigate dependence risks
- ESG integration:
Governance structures are being assessed through an ESG lens
Firms are expected to demonstrate how sustainability and ethical practices are embedded into leadership and operations
- Data governance:
As data processing grows in complexity, regulators are concerned with consumer data risks, cross-border data flow
Firms are expected to comply with General Data Protection Regulation (GDPR) and related frameworks
How can Firms prepare and stay ahead in 2025 and beyond
Firms seeking authorisation in 2025 and beyond would benefit from adopting a proactive, transparent, and governance-first approach. Key priorities for firms include:
- Early Engagement with Regulators: particularly when innovating with new technologies or delivery models.
- Maintaining Clear and Complete Documentation: this is important for systems, decision-making, third-party relationships and compliance workflows.
- Building multidisciplinary teams: with a focus on bringing together legal, compliance, risk, and technical expertise
- Maintaining Legacy Systems: including backups, update logs and integration software where an older system interacts with new systems
- Developing Scalable Governance Frameworks: specifically ones that can adapt as the business evolves and the tech stack increases in complexity
- Managing Third-Party Dependencies: making sure that contingency and continuity plans are in place and reviewed regularly
The authorisation landscape in 2025 and beyond will reward firms that can demonstrate responsible and sustainable innovation. Regulatory scrutiny is increasingly forward-looking and examines not just what a firm does today, but how well they are prepared for future growth and compliance. Firms should focus on balancing governance and risk management with innovation, and this will be the key to securing regulatory approval. If you need assistance with your regulatory approval, get in touch with Novatus Global today. One of our experts will happily explain how we can streamline your regulatory approval process.
