Inside FinTech blog

Businesses investing in, financing or operating data centres face a complex matrix of laws and regulatory requirements. Ensuring compliance is important for lender and investor due diligence and is crucial to avoiding fines, penalties and contractual or regulatory breaches that can significantly impact the business and any investment in, or financing of, data centres.

Even if your business only sells goods or services in the U.S., your business may be a “data broker” under the new bulk data regulations, according to an April 11, 2025 Compliance Guide issued by the U.S. Department of Justice, if consumer data is being transmitted to countries of concern.

On March 27, the Autorité des marchés financiers (AMF, Quebec’s financial markets regulator) published proposed amendments (the Amendments) in a publication titled Regulation to amend Regulation 81-102 respecting Investment Funds pertaining to crypto assets.

This month, we have added “API mapping” and “JavaScript file analysis” as core components of the NT Analyzer tool suite. This post explains what API Mapping is and how the feature provides critical insights regarding the transmission and processing of user data (a subsequent blogpost will address JavaScript file analysis).

In addition to NT Analyzer recently adding API mapping to its complement of services, we have also incorporated JavaScript file analysis targeting those JavaScript files that are downloaded to a user’s browser from third-party remote hosts while navigating a company’s website.

On 29 April 2025, HM Treasury (HMT) published a draft statutory instrument (SI), the Financial Services and Markets Act 2000 (Regulated Activities and Miscellaneous Provisions) (Cryptoassets) Order 2025, which sets out provisions to create a new regulatory regime for cryptoassets. An accompanying draft policy note has also been published.

The first two months of the second Trump administration have seen a burst of significant shifts in crypto regulation and policy.

Key Takeaways:
• SEC and Ripple agree to end enforcement suit
• NYAG and Galaxy Digital Settlement
• Tornado Cash Sanctions De-Listing

On 27 March 2025, the European Commission issued a press release stating that it was taking action against several EU Member States that have failed to notify the Commission of measures they have adopted to transpose EU Directives into their national laws.

On 24 March 2025, the European Commission adopted a draft Delegated Regulation supplementing the Regulation on digital operational resilience for the financial sector (DORA) with regard to regulatory technical standards specifying the elements that a financial entity has to determine and assess when subcontracting ICT services supporting critical or important functions.