Regulation in motion:
Preparing for disclosure, oversight, and data-led supervision

Authors:

Aspasia Latsi
International Regulatory Analyst

Mike Marmo
VP of Product, Regulatory Reporting

Kyrstin Ritsema, IACCP®
Executive Director, Compliance Services

Lewis Davison
VP of Product, Documents & Templates Production

Introduction

October brings another round of regulatory developments that underscore how financial markets are shifting toward deeper disclosure, sharper oversight, and increased reliance on data-driven supervision. From Ireland’s attempt to challenge Luxembourg in the alternatives space to U.S. regulators pushing back deadlines on Form PF, firms face a mix of opportunities and responsibilities. Meanwhile, Europe is updating digital reporting standards, cyber risks remain firmly in the enforcement spotlight, and Asia is moving forward with its own ESG disclosure agenda.

For compliance, legal, and operations teams, the challenge is consistent: understand what’s coming, interpret the impact, and decide what to prioritize before deadlines and enforcement activity arrive.

• SEC re-evaluates Rules 10c1-a and 13f-2 after court ruling: Compliance deadlines extended as the Commission reassesses the cumulative economic impact of securities lending and short position disclosure rules.
• Ireland’s alternative fund rulebook overhaul: Competing with Luxembourg,
  Ireland proposes a major update to its framework.
• ESMA’s 2025 IFRS/ESEF taxonomy update: New requirements for digital reporting
  across Europe.
• Form PF deadline extended to 2026: SEC and CFTC grant managers more time,
  but expectations remain.
• Cyber risk reporting trends in the U.S.: Enforcement activity points to rising
  governance obligations.
• Hong Kong’s proposed green finance disclosure regime: Emerging ESG standards
  signal new regional requirements.

SEC re-evaluates Rules
10c1-a and 13f-2 after court ruling

In September 2025, SEC chairman Paul Atkins announced that the Commission will revisit two rules adopted in 2023—Rule 10c1-a (governing securities lending reporting) and Rule 13f-2 / Form SHO (short position disclosure)—following a decision by the Fifth Circuit Court of Appeals. The court determined that the SEC had not adequately evaluated the cumulative economic impact of these regulations and remanded them for further analysis. Importantly, the rules were not vacated, but their compliance deadlines have been adjusted.

The Fifth Circuit’s ruling highlights the SEC’s intention to conduct a more comprehensive cost-benefit assessment of disclosure regimes that affect large segments of the market. Chairman Atkins has tasked SEC staff with conducting the required economic review and preparing updated recommendations.

• Rule 10c1-a was designed to bring transparency to securities lending markets by mandating reporting of loan terms and activity.
• Rule 13f-2 sought to expand disclosure of short positions, complementing Form SHO reporting, to provide regulators and investors with more visibility into short-selling practices.

Both rules were introduced amid concerns about opacity in securities lending and short sales. The court’s ruling, however, signals that the economic costs of implementing such regimes must be fully weighed against the intended benefits of transparency.

• Timelines have been extended - though firms should continue monitoring developments. Firms should continue to monitor developments and prepare systems for eventual compliance, even as rules are reassessed.
• Expect further consultation - Additional public comment periods or amendments may follow as SEC staff refine the rules.
• Focus on governance and documentation - Regulators are likely to emphasize transparency and auditability of firms’ internal processes, regardless of the outcome of the rule review.
• Anticipate broader implications - The emphasis on cumulative economic analysis may influence other SEC initiatives, signaling a more measured approach under new leadership.

Confluence’s Signal Investment Monitoring solution helps firms manage short-selling and position disclosure requirements with precision. By automating data aggregation, monitoring thresholds, and generating alerts, Signal is designed to support oversight of securities lending and short positions by helping firms aggregate data, monitor thresholds, and streamline reporting workflows. As regulatory expectations around transparency evolve, Signal provides the tools to streamline reporting workflows, reduce operational strain, and maintain confidence in the accuracy of disclosures.

- Aspasia Latsi, International Regulatory Analyst

Ireland's alternative fund rulebook overhaul

Ireland’s Central Bank has issued a consultation (CP162) aimed at overhauling its Alternative Investment Fund (AIF) Rulebook, a move widely interpreted as a direct challenge to Luxembourg’s dominance in the alternative funds space. Luxembourg’s Reserved Alternative Investment Fund (RAIF) structure has long been seen as the market leader, particularly in private credit and private equity. Ireland’s proposals could help it capture a greater share of cross-border fund launches.

• Greater flexibility for Loan Originating QIAIFs (L-QIAIFs): Simplification of rules to streamline fund launches.
• Non-EU AIFM access: Easier conditions for funds managed by non-EU managers.
• Subsidiary and share class rules: Simplified governance requirements.
• Operational efficiency: Consolidation of chapters to avoid duplication and overlap.

If implemented, these reforms may lower administrative burdens and potentially accelerate fund launches. That said, operational teams should prepare for transitional adjustments and potential re-alignment of compliance workflows.

Luxembourg has a head start in brand recognition, but Ireland is leveraging its reputation for regulatory credibility and robust fund servicing infrastructure. Managers will need to weigh costs, investor preferences, and long-term operating models when choosing between domiciles.

Confluence supports managers navigating complex fund structures through regulatory interpretation, disclosure alignment, and compliance services. Our teams work with clients to assess operational impacts and prepare documentation updates in line with evolving AIFMD and local rulebooks. Talk to us about our Alternative Funds Platform.

- Mike Marmo, VP of Product, Regulatory Reporting

ESMA's: 2025 IFRS/ESEF taxonomy update

The European Single Electronic Format (ESEF) requires listed issuers to prepare annual financial reports in a digital format aligned to the IFRS taxonomy. This initiative aims to improve comparability, transparency, and usability of corporate financial information.

ESMA’s updated taxonomy introduces:

• New tags to reflect IFRS updates (e.g., IFRS 18 Presentation and Disclosure
  of Financial Statements).
• Adjusted validation rules for block tagging of narrative disclosures.
• Expanded mandatory fields to reduce ambiguity.

• Technical readiness: Updating software and internal processes.
• Cross-functional coordination: Aligning finance, compliance, and IT.
• Audit implications: Ensuring tagging accuracy under audit review.
• Comparative disclosures: Managing prior year restatements for consistency.

Issuers should conduct pilot runs, engage audit firms early, and train staff on new tagging protocols. Early adoption may help firms manage reporting risks when the rules take effect.

At Confluence, we closely track regulatory developments that impact financial reporting across global markets. Our teams bring together regulatory expertise and operational insight to help clients interpret evolving requirements and consider their implications for disclosure and governance practices. By sharing timely updates and perspectives, we aim to support firms in making informed decisions about how best to prepare and respond.

- Aspasia Latsi, International Regulatory Analyst

SEC & CFTC delay Form PF deadline to 2026

On September 18, 2025, the SEC and CFTC announced that the compliance deadline for the amended Form PF has been extended to October 1, 2026. This marks the second delay this year, reflecting a shift under new SEC leadership toward measured implementation of private fund disclosure reforms.

Private fund managers will now have additional time to adapt reporting workflows, but regulators continue to stress the importance of preparedness. The delay provides additional time for preparation, which firms may use to strengthen processes ahead of the new deadline.

• Data integrity: Clean, centralized datasets for fund exposures.
• Governance: Boards should be briefed on pending requirements.
• Scenario planning: Preparing multiple compliance pathways depending
  on final rule contours.
• Investor communication: Managing expectations around transparency.

Firms may use the time to strengthen data processes, improve documentation, and pilot enhanced reporting without the pressure of immediate enforcement.

Confluence’s Omnia solution, combined with our managed services offering, supports managers in assessing existing Form PF processes, identifying data gaps, and preparing governance frameworks. Our readiness webinar and operational assessments allow firms to use the delay productively, positioning them to move quickly when the rules take effect.

We continue to support our clients by providing key updates and support when it's needed most. If you would like to discuss your readiness or have any questions, please get in touch with us.

- Mike Marmo, VP of Product, Regulatory Reporting

Cyber risk reporting trends in the U.S.

October is Cybersecurity Awareness Month in the U.S. and with the compliance date looming for updated Regulation S-P (December 3, 2025 for “Larger Entities”, and June 2, 2026 for entities that do not qualify as “Larger”), it is even more so on the minds of covered entities. Cyber, Crypto Assets, and Emerging Technology, along with their associated risks has again hit the SEC Enforcement Topics & Initiatives for 2025. The updates to Regulation S-P have clearly obligated covered institutions to notify affected individuals of any breach, including cyber breaches, that unauthorized access has occurred, or is reasonably likely to have occurred promptly, but no later than 30-days from discovery.

Several investment advisers have faced penalties in 2025 for late reporting of breaches or for failing to disclose vulnerabilities that were known internally. These actions reflect the SEC’s expectation that boards and compliance teams actively oversee cyber preparedness.

• Incident response planning: Clearly documented escalation processes including notification decision tree and documentation.
• Document, document, document: Evidence of informed oversight and Board disclosure. Board reporting and regular reporting from Cyber control teams and vendors.
• Disclosure integrity: Breach details should be disclosed clearly and in line with Regulation S-P requirements.
• Ongoing testing: Cyber drills and audits as evidence of preparedness.

Cyber risk is increasingly recognized as both a compliance and governance challenge.

Confluence supports firms by assisting in Regulation S-P change management, reviewing governance frameworks, assisting in documentation or creation of incident response plans, and conducting mock audits to help demonstrate preparedness. Our compliance services bring together regulatory interpretation and operational expertise to strengthen cyber reporting practices and Regulation S-P change management.

- Kyrstin Ritsema, Executive Director, Compliance Services

Hong Kong’s proposed green finance disclosure regime

Hong Kong’s Securities and Futures Commission (SFC) and HKEX are consulting on a new ESG disclosure regime designed to align with international frameworks like ISSB and the EU’s SFDR. The proposals reflect Asia’s growing role in shaping sustainability reporting standards.

• Enhanced product-level sustainability disclosures.
• Standardized metrics for climate risk and ESG performance.
• Regular updates to align with global standards.
• Stronger obligations on fund distributors to provide consistent information.

Global managers distributing in Asia may need to adjust product documentation, align data processes, and harmonize ESG narratives across multiple jurisdictions. Operational complexity is likely to rise where EU, U.S., and Asia standards intersect.

For global firms, the challenge will be avoiding duplication while still meeting regional requirements. Investors are likely to seek comparability, while regulators are expected to focus on auditability.

Confluence supports clients in aligning sustainability disclosures with evolving regulatory expectations. Our expertise in document production and compliance services helps firms adapt templates, streamline data integration, and document ESG claims with transparency and control.

We continue to keep our network informed of global regulatory developments. If you would like to discuss a concern or need support in developing an improved workflow process, please get in touch with us.

- Lewis Davison, VP of Product, Documents & Templates Production

Disclaimer

The content provided by Confluence Technologies, Inc. is for general informational purposes only and does not constitute legal, regulatory, financial, investment, or other professional advice. It should not be relied upon as a substitute for specific advice tailored to particular circumstances. Recipients should seek guidance from appropriately qualified professionals before making any decisions based on this content.

Unless otherwise stated, Confluence Technologies, Inc. (or the relevant group entity) owns the copyright and all related intellectual property rights in this material, including but not limited to database rights, trademarks, registered trademarks, service marks, and logos.

No part of this content may be adapted, modified, reproduced, republished, uploaded, posted, broadcast, or transmitted to third parties for commercial purposes without prior written consent.

About Confluence