Topic: Financial institutions

This article explores how AI use affects legal professional privilege in Financial Conduct Authority inquiries and offers safeguards to mitigate disclosure risks.

On April 7, 2026, Anthropic disclosed that it had developed a model deemed too capable for unrestricted public release, Claude Mythos Preview, a development with substantial implications for the legal, compliance and cybersecurity sectors.

Colorado just rewrote its own AI regulation, affecting every company developing or deploying AI in a way that may touch a Colorado resident.

Colorado's landmark AI act is officially on ice, and the legal fight behind that development is shaping the national conversation on AI regulation.

This article considers key risks, confidentiality and compliance considerations, and practical safeguards for professional services and financial firms.

This article examines how Australian financial regulators approach artificial intelligence, summarising key guidance from ASIC, APRA, OAIC and AUSTRAC and setting out practical compliance considerations for firms, boards and executives.

The financial services sector is becoming increasingly reliant on cloud service providers (CSPs) to fulfil its growing data processing and storage needs. Financial services providers in the United States have reportedly had the highest levels of adoption, operating 54 percent of their workloads in the cloud; and according to the European Central Bank, banks spent 13.5 percent more on cloud outsourcing in 2024 than in 2023.

The European Banking Authority (EBA) is currently consulting on its draft guidelines on the sound management of third party risk (Draft Guidelines), which are intended to replace the 2019 guidelines on outsourcing arrangements (2019 Guidelines).

Financial regulators globally emphasise the importance of financial entities being operationally resilient, which includes the ability to manage and recover from disruptions caused by their service providers. The topic receives significant attention in the financial services sector because the sector is regulated, with the aim of promoting financial system stability.

Most incidents handled by our Norton Rose Fulbright cyber team originate from the customer’s service provider. In many cases it is the service provider’s systems, infrastructure and environment which proves to be the most vulnerable to cyber breaches and security issues.