Regulatory Highlights – May 2026

Written By Yuxin Sun

Overview

In May 2026, the Bank of England (BoE) issued a range of publications, setting out its approaches and expectations on several areas with heightened regulatory focus, covering banking supervision, operational resilience, cybersecurity risk and tokenised assets.

Clinical Supervision – speech by Sam Woods

What it means for you: Understand the regulator’s approach to banking supervision, expectations on banks for maintaining robust governance and risk management arrangements to identify and mitigate emerging risks, as well as potential supervisory focus in the future.

  • Why regulate banks? – Prevent material and persistent cost to the economy from financial crises, given banks being the main vector of the public interest.

  • What is supervision? – A forward-looking, judgement-based approach that not only monitors banks closely but also uses banks' own governance and systems to detect and mitigate a wider range of issues than they could through supervision alone.

  • Why does bank supervision look the way it does? – Align the incentives of the regulator and bank executives, while maintaining an independent view of a firm, to identify and mitigate issues through supervisory discretion, reducing the need to take an excessively prescriptive approach to rule-making.

  • What is the role of the supervisor? – Raise potential problems at an early stage before those problems become acute, with a focus on the key risks to firms' safety and soundness, and take action to direct others in the public interest.

  • How might the role of a supervisor evolve in the future? – Not only be technically proficient at navigating various topics of financial regulation (e.g., capital, liquidity and group consolidation) but also have a deep and holistic understanding of financial institutions and relevant risks, with greater emphasis on depth and breadth of expertise (e.g., artificial intelligence, quantum computing, the evolution of market-based finance and geopolitics).

The Importance of Choice in Payments – speech by Victoria Cleland

What it means for you: Understand the regulator’s expectations to develop a diverse payment landscape, including cash and new technologies, to support financial inclusion, strengthen system resilience, and promote competition.

  • The importance of choice – Different methods suit different situations, businesses, and people.

  • Choice underpins inclusion – Digital innovation can expand access, while barriers to full digital inclusion remain.

  • Choice strengthens resilience – A system with multiple payment methods is less vulnerable to outages and cyber incidents, while cash remains a practical alternative.

  • Choice drives competition and innovation – With access to faster and more efficient options, firms benefit from lower costs and reduced late payments, while customers gain confidence in online shopping, supporting wider economic activity and growth.

  • The role of the BoE in innovating the payments landscape – Enable new ways to settle payments via RT2 whilst extending its operation to near 24/7; incorporate the most advanced security features into banknotes, with formal oversight of the wholesale cash distribution market; launch the first consultation on the design of future retail payments infrastructure.

Operational resilience in a rapidly changing world – speech by Liz Oakes

Summary: Understand the growing importance of operational and cyber resilience in the context of advancing technology, as well as regulators’ expectations on banks to develop effective risk management frameworks as the first line of defence, with an increased rate of stress tests to probe for vulnerabilities and plan for their knock-on implications.

  • Resilience in a world of rapid technological change – AI opens up new ways to manage risks, while increasing malicious actors' capabilities to launch cyberattacks against financial institutions; cyberattacks can have system-wide implications through operational contagion, financial contagion and loss of confidence, particularly given the increasing dependencies on a small number of third-party providers.

  • Firm-level resilience – The rapid pace of change in technology highlights the need to continually test capabilities to stay at the forefront; firms are expected to establish robust frameworks to manage, monitor and mitigate risks to operational and cyber resilience, allowing staff to understand how plans actually work in practice.

  • System-wide operational resilience – Structural vulnerabilities of the financial system could amplify the impact of shocks; firms shall take responsibility and identify: (i) what critical functions they provide to the real economy; (ii) threats to that function; and (iii) how they would keep their critical functions on track in a stress.

  • The BoE’s biennial sector simulation exercise (SIMEX) and the Cyber and Operational Resilience Stress Test (CORST)

    • SIMEX considers a wide range of scenarios and risks, ranging from physical threats to prolonged infrastructure outages and cyberattacks, allowing firms and the financial authorities to systematically work through a highly realistic scenario.

    • CORST explores how a severe operational disruption might impact UK financial stability, with a focus on response and recovery, informing the FPC’s monitoring of sector operational resilience and the articulation of its tolerance for disruption to vital services to the economy.

    • This year, SIMEX and CORST testing will use the same scenario, testing the impact of a global disruption to a cloud service provider, to facilitate cross-firm learning.

    • Firms and FMIs should work with authorities to use the findings of sector-wide exercises and stress tests such as SIMEX and CORST to improve their understanding of actions they can take to mitigate impacts on financial stability.

The Bank, FCA and HM Treasury joint statement on Frontier AI models and cyber resilience

What it means for you: Understand the regulator’s expectations on banks to develop effective protective, detective, threat containment and cyber response capabilities, and take action to plan for and mitigate cybersecurity risks posed by frontier AI, with instructions across various aspects of risk management provided.

  • Governance and strategy – Ensure boards and senior management have sufficient understanding of frontier AI risks, with emerging threats reflected in investment and resourcing decisions.

  • Identification and risk management of vulnerabilities – Triage, prioritise, risk assess, and remediate vulnerabilities more quickly, more frequently, and at scale, to mitigate operational risks.

  • Managing risks from third parties – Develop the capacity to identify, monitor, and manage external applications, libraries, and services integrated into networks.

  • Protection – Reduce the attack surface that a frontier AI model might access; limit the likelihood and impact of such attacks via effective access management, network security, and data protection.

  • Response and recovery – Respond to and recover from disruptions quickly, considering the effective practices on cyber resilience published by the BoE, PRA and FCA in October 2025.

Modernising money and markets - speech by Sarah Breeden

What it means for you: Understand the regulator’s expectations on the responsible adoption of tokenisation to improve retail payments and wholesale financial services, as well as recent and ongoing work on the supervision of tokenised assets.

  • The BoE's vision in a more tokenised system

    • For retail payments, develop a multi-money system that promotes competition and choice among robust forms of money.

    • For wholesale financial services – deliver lower costs and greater functionality in a multi-asset and multi-currency ecosystem, with a focus on dynamic, resilient markets in tokenised real-world assets.

  • The BoE’s work on adoption of tokenisation

    • Retail payments

      • Banks are encouraged to innovate in tokenised assets. It is confirmed that banking groups can issue stablecoins from a non-deposit-taking, insolvency-remote group entity, with branding distinct from the group’s deposits. The BoE will publish draft rules on systemic stablecoins next month and finalise them by year-end.

      • The conclusions on the design phase of the digital pound will be set out later this year.

    • Financial markets – Enable live trading venues and settlement systems for the supply of tokenised assets, including for the Government’s pilot issuance of a digital gilt instrument, with the plan to publish a Call for Input setting out the full programme of work, with responses fed into a roadmap from pilots to production by year-end.

    • Trading and settlement of tokenised assets – Work with firms to ensure the Digital Securities Sandbox (DSS) supports innovation, and to ensure there is a clear pathway for firms within it to move out into permanent authorisation; consider how the wider settlement framework supports innovation.

    • Prudential treatment and collateral eligibility of tokenised assets

      • The PRA has clarified that in line with international standards, the prudential treatment of UK banks’ exposures to tokenised assets will be the same as for their non-tokenised equivalents where the legal rights are identical, and the underlying risks are comparable.

      • For collateral eligible at central counterparties, the BoE aims to support eligibility of tokenised versions of assets already accepted as collateral and plans to engage with industry on the detail through a discussion paper later this year.

      • The BoE will consider whether tokenised assets should be eligible as collateral in the Sterling Monetary Framework (SMF), which would backstop the ability to monetise them in private markets, and upgrade internal systems in 2027 to connect directly to tokenised asset ledgers.

    • Digital Gilt instrument – Support the Government’s pilot issuance of a digital gilt instrument (DIGIT) to explore how this technology can be applied to UK government debt and to catalyse the development of UK-based distributed ledger technology (DLT) infrastructure, as well as adoption across UK financial markets. The DIGIT will be issued in the DSS, with priority to assess its eligibility as collateral in the SMF.

    • Central bank money settlement – Enable tokenised wholesale transactions to settle directly in sterling central bank money via RT2, targeted for 2028, with a consultation on how to extend RTGS settlement hours towards near-24/7 operation to be launched over the coming years.

    • Private settlement assets

      • Work to expand the range of settlement assets in the DSS to include not only tokenised deposits, but also regulated stablecoins in sterling and foreign currencies, with the approach to stablecoins permitted for use in the DSS to be published soon.

      • The PRA has published guidance on banks’ issuance of tokenised deposits and stablecoins, which clarifies that UK banks can issue stablecoins for wholesale use, including in the DSS, where the risk of confusion between the protections for deposits and for stablecoins is less acute than it is for retail customers.

    • Ledger design – Currently developing detailed practical work on how distributed ledgers should be designed to support payments and settlement, with a DLT Innovation Challenge run last year with financial institutions, technology firms and academics to inform the regulatory approach.

Summary

Overall, the publications indicate a clear regulatory direction: UK authorities support innovation, but expect firms to adopt new technologies in a controlled, resilient and well-governed way. Boards and senior management should remain engaged, ensure emerging risks are properly understood, and maintain the capabilities needed to protect critical services during disruption.

Yuxin Sun
Previous

Katalysys Announces Leadership Reorganisation to Support US and UK Growth
Next

Geopolitical Risk for Non-systemic Banks