Our Take: financial services regulatory update – March 27, 2026

March 27, 2026

Change remains a constant in financial services regulation

Read "our take" on the latest developments and what they mean.

SEC and CFTC on crypto classification

What happened? On March 23rd, the SEC and CFTC’s joint interpretation on digital asset classification and which agency has jurisdiction over which asset classes became effective.

What does the interpretation say? The interpretation identifies five categories of digital assets and provides that three – digital commodities, digital collectibles, digital tools – are commodities subject to CFTC oversight; digital securities are subject to SEC oversight; and stablecoins are subject to a more complex analysis to determine their classification:

Asset class	Agency oversight	Definition of the asset class:
Digital commodities	CFTC	Derive value from their function as part of a crypto system and supply and demand dynamics rather than the managerial efforts of others. Does not generate passive yield or convey rights to future profits. Examples include Bitcoin, Ethereum, Dogecoin, Solana and XRP.
Digital collectibles	CFTC	Designed to be collected; may convey rights to artwork, music, videos, or internet memes among other things. Does not provide the holder with any interest in a business enterprise, but it may convey a license or intellectual property rights. Examples provided include CryptoPunks, Fan Tokens and WIF.
Digital tools	CFTC	Performs a practical function such as a membership, ticket, credential, title instrument or identity badge. Resell value is tied to its functional utility rather than an expectation of profit from managerial efforts of others.
Stablecoins	Depends	“Permitted payment stablecoins” under the GENIUS Act (read Our take here for more) are not securities and are subject to oversight by their relevant Federal banking regulator or state regulator. Stablecoins identified in the SEC’s April 2025 statement – those designed to maintain a value equal to the US dollar, redeemable on a one-for-one basis with the US dollar, and backed by low-risk and liquid assets – are not “securities” and are not subject to SEC oversight. Stablecoins falling outside of the GENIUS Act or April 2025 statement scope would be subject to a case-by-case analysis.
Digital securities	SEC	Financial instruments that are formatted or represented by a crypto asset (also known as “tokenized securities”). Providing a non-financial benefit to holders similar to a digital commodity, digital collectible or digital tool does not prevent assets from being digital securities.

Our Take

More crypto clarity but uncertainty remains

The interpretation largely reflects the digital asset classification framework described in previous speeches by SEC Chair Paul Atkins and CFTC Chair Michael Selig. However, it goes into more detail by providing a specific, though non-exhaustive, list of digital commodities, collectibles and tools subject to CFTC oversight and more detail on how certain assets fall into those categorizations. As the interpretation makes clear that “the expectation of profit from managerial efforts” will steer asset classification into the “digital securities” category, issuers and exchanges should carefully review communications and marketing material to determine whether they create any such expectation – which could mean that they have been inadvertently selling unregistered securities or operating as unregistered securities exchanges.

Market participants should also be aware that the interpretation is only a reflection of the SEC and CFTC’s current views on crypto asset classification. It is not a final rule, meaning it does not have the force of law, and future Administrations could easily and promptly reverse or change this classification framework. Further, courts may ultimately decide whether certain assets are subject to federal or state securities laws, and following the Supreme Court’s 2024 Chevron decision (see Our take here for more information), courts are no longer obligated to defer to regulatory agencies – and as a result they do not need to consider the SEC and CFTC’s interpretation.

FSOC proposes revised nonbank designation guidance

What happened? On March 25^th, the Financial Stability Oversight Council (FSOC) proposed interpretive guidance revising its approach to nonbank financial company designations.

What does the guidance say? The proposal would replace the 2023 guidance and largely reinstate key elements of the 2019 framework, including prioritizing an activities-based approach to financial stability risks and limiting the use of entity-specific designations. Key elements include:

Activities-based approach, with designation as a backstop. In a return to the 2019 guidance, FSOC would again prioritize identifying and addressing risks at the activity or market level, working through primary regulators before considering firm-specific designation. This marks a clear reversal of the 2023 guidance, which removed the requirement to start with an activities-based approach and allowed more direct use of designation.
Analytical requirements for designation. The proposal reinstates several constraints from 2019 that were removed in 2023, including a higher threshold for what constitutes a threat to financial stability, a requirement to assess the likelihood of material financial distress, explicit consideration of economic growth, and a cost-benefit analysis to determine whether designation is justified.
Regulatory coordination and pre-designation engagement. The proposal would formalize a process for working with primary regulators and companies to address risks before moving toward designation, including identifying specific remediation steps.
Consolidation of framework and guidance. The proposal combines FSOC’s analytic framework and designation procedures, replacing the separate 2023 documents.

What’s next? The proposed guidance is open for comment for 45 days.

Our Take

FSOC continues to reset a framework that has yet to be tested

The latest proposal reinforces that FSOC’s approach to nonbank designation remains highly dependent on the priorities of the current regulatory leadership, rather than reflecting a settled supervisory philosophy. Despite multiple iterations of its guidance over the past decade, the Council has not moved to designate a nonbank financial company, leaving each version of the framework largely theoretical in its application. The return to a more constrained approach makes designation even less likely in practice. By reinforcing reliance on primary regulators and raising the analytical threshold for action, the proposal further distances FSOC from using its designation authority as an active supervisory tool.

The emphasis on identifying and addressing risks through activities-based measures and primary regulators places greater weight on whether this framework can surface and mitigate risks early, before they become systemic. In theory, the approach is designed to catch emerging vulnerabilities at the activity level – such as leverage, liquidity mismatches, or concentration – and address them through existing supervisory channels. In practice, however, it remains untested whether this model will identify risks quickly enough, particularly where exposures are distributed across firms or evolve outside traditional regulatory boundaries. As a result, the effectiveness of the framework is likely to be shaped less by its design and more by how it performs in a future period of market stress, which may ultimately drive further recalibration of FSOC’s approach.

NAIC launches AI Systems Evaluation Tool and pilot program

What happened? In March, the National Association of Insurance Commissioners (NAIC) released its AI Systems Evaluation Tool and launched a 12-state pilot (CA, CO, CT, FL, IA, LA, MD, PA, RI, VT, VA, WI) running through September 2026.

What is the AI Systems Evaluation Tool? The Tool is a structured set of regulatory exhibits that insurers may be asked to complete during supervisory reviews. It is designed to supplement existing exam processes by helping regulators identify where AI is used, assess governance and controls, and determine whether additional analysis is needed. It is structured to move from a set of high-level information requests on where and how AI is used across the organization, to more detailed inquiries on governance frameworks, higher-risk models, and underlying data.

Before it was released, the Tool was updated to clarify that it does not create new requirements, refine how risk and impact are assessed, and incorporate additional considerations such as unfair trade practices and data elements relevant to consumer outcomes.

How will the pilot work? Participating states will apply the Tool in real supervisory settings across insurers and lines of business, with flexibility to tailor questions to jurisdictional needs while prioritizing higher-risk AI systems that could lead to significant consumer or financial impacts. States will coordinate through ongoing discussions, share findings, and use results to refine the Tool and inform future supervisory expectations.

What’s next? After the pilot ends in September, the NAIC will update the tool and consider it for adoption at the Fall National Meeting.

Our Take

AI oversight moves from theory to execution

By operationalizing the AI Systems Evaluation Tool, the NAIC is establishing a more structured and consistent approach to how regulators will evaluate AI in practice, embedding AI review directly into existing supervisory processes. The prioritization of higher-risk AI systems is likely to mean increased scrutiny of models tied to underwriting decisions, pricing segmentation, claims handling, and fraud detection – areas where model outputs can directly influence consumer outcomes or financial results. In these use cases, regulators are likely to focus more closely on data inputs, model behavior, and the effectiveness of governance and control frameworks, particularly where there is potential for adverse consumer impact or financial misstatement.

For insurers, preparation should align to how the Tool is structured. Firms should be able to produce a clear inventory of AI use across business functions, including identifying which systems have consumer or financial impact. Governance frameworks should be documented in a way that explains roles, oversight, and how AI risk is incorporated into enterprise risk management and financial reporting processes. At the model level, insurers should be prepared to describe higher-risk systems in detail, including use case, limitations, testing practices, and how compliance with existing regulatory standards is assessed. Finally, firms should understand and be able to explain the data used in AI systems, including sources, third-party dependencies, and how data-related risks are evaluated.

On our radar

House Republicans introduce proposals to reform deposit insurance framework. On March 25th, Republican members of the HFSC introduced a series of bills aimed at reforming the U.S. deposit insurance framework: 1) A bill to authorize the Treasury Secretary to direct the FDIC and NCUA to establish temporary emergency transaction account guarantee programs, 2) The Growing Deposit Insurance for the Future Act to adjust the standard maximum deposit insurance amount for inflation, 3) The Main Street Depositor Protection Act, which would require the FDIC to establish enhanced insurance coverage for noninterest-bearing transaction accounts; and 4) A bill to analyze whether deposit insurance limits should be increased for covered transaction accounts.

Bipartisan bill introduced to restrict sports-related prediction market contracts. On March 23rd, Senators Adam Schiff (D-CA) and John Curtis (R-UT) introduced the Prediction Markets Are Gambling Act, which would amend the Commodity Exchange Act to prohibit CFTC-registered entities from listing event contracts tied to sporting events or casino-style games. The legislation seeks to clarify the regulatory treatment of such contracts and preserve state authority over gambling activities.

FTC issues warning letters to major payment providers about debanking consumers. On March 26th, the FTC sent letters to several major payment providers emphasizing that denying customers access to financial services in a manner inconsistent with stated terms or reasonable expectations could constitute unfair or deceptive practices under the FTC Act and may result in investigations or enforcement action.

Basel Committee publishes Basel III monitoring report. On March 24th, the BCBS published its latest Basel III monitoring report, finding that liquidity ratios for large global banks increased modestly while risk-based capital and leverage ratios remained stable in the first half of 2025.

ECB outlines progress and next steps for potential digital euro launch. On March 24th, the ECB provided an update on preparations for a digital euro, highlighting ongoing work on accessibility, private sector collaboration, and integration with the broader payments ecosystem. The ECB also detailed plans for pilot testing beginning in 2027, with a potential launch targeted for later in the decade.