LMA Tech Newsletter: Innovation Round-up

Share

LMA Technology Newsletter | June 2026

June 2026

Welcome to the June edition of the LMA’s Tech Newsletter, where we bring you the latest regulatory developments shaping technology in the loan markets, alongside key tech news to keep you informed and ahead.

In recent weeks, the LMA’s technology agenda has continued to gather pace, with interoperability and digital standards emerging as a central area of focus. At the May LMA Technology & Innovation Committee Meeting, members heard from external guests and held a detailed session exploring existing standards that could potentially offer a practical route to reducing fragmentation and improving data consistency in the loan market. It was great to have so many member firms participating in the debate and underlines how key this issue is for the market. 

Alongside that, AI and digital assets remain firmly in flight. Building on the strong response to the April AI seminar and the newly published AI paper, work is now moving into the next phase through the upcoming AI Assurance talk with The Alan Turing Institute, the formation of the AI working group and the LMA’s coordination of a member response to the FCA’s AI consultation. 

Meanwhile the digital assets workstream is coordinating a seminar on “Digital Assets in the Wholesale Loan Market” and broader engagement on tokenisation, smart contracts and DLT use cases, as well as coordinating responses to the European Commission’s Consultation on the MiCA Regulation and FCA/BoE “Future of Tokenisation” consultation. 

If you want more information on any of the above, please contact Amandeep.luther@lma.eu.com 

Digital assets work has also been developing at pace, particularly through discussions with firms actively exploring tokenisation and DLT in the loans context. That work feeds directly into the next LMA Innovation Series seminar, “​Digital Assets in the Wholesale Loans Markets​”, where we’ll be looking to ground some of the theory in practical examples, to get a clearer sense of applications for loan markets.

The regulatory workstream has also been busy and the Committee ​submitted a response​ to the FCA’s AI consultation, pulling together member views on how regulation should evolve in this space, while also working on two further DLT consultations for the UK and European regulators.

Alongside all this, Cory Olsen (Director, Loan Market Infrastructure) and I have been working with members and Tech vendors to launch three new initiatives.

  1. A Tech Vendor Directory to give members a much clearer view of the vendor landscape
  2. A Tech Vendor Committee to build a bridge between the vendors and members and facilitate collaboration on market infrastructure topics
  3. Vendor Spotlight Newsletter to highlight new vendors and new functionality from existing platforms

We have achieved a lot over the past six months, but there is a lot more to go. My thanks to the Committee for their determination and I look forward to even more progress in the second half of the year.

Aman Luther (Head of Technology & Innovation)

Regulation Watch (In partnership with Perkins Coie)

European supervisory authorities publish report on major ICT-related incidents under DORA

On 3 June, the European Banking Authority (EBA), European Insurance and Occupational Pensions Authority (EIOPA) and European Securities and Markets Authority (ESMA) published their first annual overview of major ICT-related incidents in the EU financial sector under DORA.

According to the report, 3,383 major ICT-related incidents were reported across the sector in 2025 (averaging at about 0.18 incidents per financial entity), with the majority occurring in the credit and payments sectors. Most were predominantly driven by system failures and external events, while almost a third were due to failures from third parties (including ICT service providers, infrastructure providers, and other financial entities). Perhaps surprisingly, only 10% of incidents were cybersecurity-related, which the authorities attribute to the effectiveness of existing safeguards and security measures (as we discuss below, in recent months existing measures have been put under pressure by the growing cybersecurity capabilities of AI).

Regardless of the primary cause of the incident, the report emphasises that ICT risks are “increasingly borderless”, with the growing interconnectedness of the financial sector amplifying risks as financial entities increasingly rely on shared infrastructure.

Claude Mythos recall

Governments and regulators continue to grapple with the defensive cybersecurity capabilities of AI. Following the limited release of Claude Mythos Preview, on 10 June Anthropic publicly released a version of the Mythos model for general use called Claude Fable 5, which contains safeguards to prevent malicious actors from exploiting cybersecurity vulnerabilities. The company launched Fable 5 alongside Mythos 5, the same underlying model with certain safeguards lifted and which would be deployed through Project Glasswing.

However, only two days later on 12 June, Anthropic announced that it had suspended access to both models to all customers worldwide in response to a US government export control directive citing national security concerns. According to Anthropic, the US government has become aware of a method of “jailbreaking” Fable 5, but the company disagrees that this should constitute a valid ground for recalling the models.

It remains to be seen whether the harnessing of AI to strengthen cybersecurity has become a self-defeating solution.

EU AI Act – Consultation on draft guidelines on high-risk AI systems

The European Commission has published its draft guidelines for the classification of high-risk AI systems and is holding a consultation on these draft guidelines until 23 July 2026. The final guidelines are scheduled to be adopted by the end of 2026, providing companies with time to prepare ahead of the application of the high‑risk AI rules in December 2027 (for standalone AI systems) and August 2028 (for AI embedded in products).

EU AI Act – Code of Practice on Transparency of AI-Generated Content

On 10 June 2026, the European Commission published its Code of Practice on Transparency of AI-Generated Content (the “Code”), which provides detailed guidance on how providers and deployers of AI systems may demonstrate compliance with the transparency obligations under Article 50 of the EU AI Act. These obligations take effect from 2 August 2026. The Code is divided into two sections: the first addresses the obligations of providers of generative AI systems, and the second addresses those of deployers. Each category carries distinct and significant compliance requirements.

Among other things, providers must ensure that all synthetic audio, image, video, or text outputs are marked in a machine-readable format and are detectable as having been artificially generated or manipulated. Given that no single marking technique currently satisfies all four statutory requirements of effectiveness, interoperability, robustness, and reliability, the Code requires providers to adopt a multi-layered marking approach as the default.

The Code also introduces a standardised EU “AI” icon, available in “AI + GENERATED” and “AI + MODIFIED” variants, which serves as the default disclosure mechanism for deployers of generative AI systems to use to label AI-generated content. Deployers may use an equivalent icon or label, provided it meets the design specifications set out in the Code.

From an organisational standpoint, deployers must establish and maintain appropriate internal compliance processes that document how they implement their labelling obligations. Where an organisation regularly creates deepfakes or AI-generated published text, it must put processes in place to verify that disclosure is applied correctly.

As generative AI becomes increasingly embedded in lending, syndication, and advisory workflows, companies should consider whether they fall within the scope of the Code as deployers, or whether the AI tools they procure are subject to provider obligations. In particular, companies that publish AI-generated research, portfolio updates, or market commentary without human editorial oversight may find that the deployer disclosure obligations apply to them directly. Companies should also review their existing vendor arrangements to ensure that third-party AI providers are meeting the marking and detection requirements under the Code.

UK stablecoin regime

UK stablecoin regime On 22 June 2026, the Bank of England (BOE) published its policy statement and draft Code of Practice for Sterling-denominated systemic stablecoins. The proposed rules aim to

create a regulatory framework for stablecoins that can support retail payment use while maintaining financial stability.

Following last year’s consultation the BoE has made revisions to its original proposal, including removing individual holding limits and replacing them with a single issuance ceiling initially set at £40 billion per systemic stablecoin, and increasing the proportion of reserve assets that may be held in short-term UK government debt to 70% up from the previously proposed 60% (with the remainder backed by unremunerated BoE deposits).

The BoE is open to feedback on the draft Code of Practice before 22 September. The BoE aims to finalise the Code of Practice by the end of the year, with the aim of allowing regulated stablecoins to operate in the UK from 2027.

Key Contacts

Aman

​Amandeep Luther​

Head of Technology and Innovation at LMA​Amandeep.luther@lma.eu.com​

Stacy Young

​Stacy Young​

Tech & Data Lawyer at Perkins Coie​Stacyyoung@perkinscoie.com​

Photo of Aman Luther
Aman Luther
  • Head of Technology and Innovation, LMA
  • amandeep.luther@lma.eu.com

Aman Luther is Head of Technology & Innovation at the LMA, where he leads on technology adoption, regulatory engagement and market infrastructure transformation across the loan market. He works closely with members, regulators, governments and technology providers to support the practical and responsible use of emerging technologies.

Related