November Global Regulatory Brief: Digital finance

The Global Regulatory Brief provides monthly insights on the latest risk and regulatory developments. This brief was written by Bloomberg’s Regulatory Affairs Specialists.

As technology continues to reshape financial services, regulators and policy setters are embarking on a range of digital-finance initiatives to manage risks and set appropriate standards. The following digital finance policy developments represent a sample of wider regulatory and policy coverage available to Bloomberg Terminal customers. Run REGS <GO> to find out more or contact your Bloomberg representative to learn more:

• India: India releases AI Governance Guidelines
• Singapore: Singapore bolsters national cybersecurity posture 
• Malaysia: BNM Issues Discussion Paper on Asset Tokenisation
• Australia: Australia’s National AI Centre releases practical guidance

India releases AI Governance Guidelines

India has released its Artificial Intelligence (AI) Governance Guidelines, establishing a non-binding, principles-based framework to promote the safe, trusted and inclusive development and use of AI technologies without introducing a standalone AI Act. Developed by the Ministry of Electronics and Information Technology (MeitY) under the IndiaAI Mission, the framework adopts a “balanced, agile, flexible and pro-innovation” approach designed to enable innovation while addressing emerging risks through existing legal and institutional mechanisms.

In more detail

Summary of the guiding principles and the six pillar recommended under the guidelines include:

• Regulatory stance: No separate AI law proposed; existing frameworks under the Information Technology Act, the Digital Personal Data Protection Act, consumer protection and sectoral laws to be used, with targeted amendments as necessary.
• Guiding principles: Seven “sutras” — Trust, People-First, Innovation over Restraint, Fairness & Equity, Accountability, Understandable by Design, and Safety, Resilience & Sustainability.
• The framework rests on six key pillars:
  • Infrastructure – Expanding access to high-quality data, computing resources, and integration with India’s Digital Public Infrastructure (DPI) to support inclusive and secure AI development.
  • Capacity Building – Promoting AI literacy, education, and skills development for professionals, regulators, and students to strengthen India’s AI talent base.
  • Policy & Regulation – Reviewing existing laws on data protection, copyright, and liability to address AI-specific risks through targeted amendments rather than a new AI law.
  • Risk Mitigation – Establishing India-specific risk and incident-reporting frameworks, encouraging voluntary codes, and deploying techno-legal tools such as content authentication and privacy-preserving technologies.
  • Accountability – Introducing graded liability, transparency reporting, and accessible grievance mechanisms to ensure responsible conduct across the AI value chain.
  • Institutions – Creating an AI Governance Group (AIGG) for coordination, a Technology & Policy Expert Committee (TPEC) for technical advice, and an AI Safety Institute (AISI) for risk assessment and standard-setting.
• Implementation roadmap:
  • Short term: Set up institutions (AIGG, TPEC, AISI), develop risk frameworks, and adopt voluntary commitments.
  • Medium term: Publish common standards, amend existing laws, pilot regulatory sandboxes, and operationalise an AI incident database.
  • Long term: Review and refine governance mechanisms, introduce new laws if required, and strengthen international cooperation on AI governance.

• Industry and regulator guidance: Industry expected to comply with existing laws, adopt voluntary codes and transparency reports, and establish grievance mechanisms; regulators advised to avoid compliance-heavy regimes and focus on techno-legal and risk-proportionate measures.

The guidelines position India’s model as an iterative, evidence-based governance approach leveraging its digital public infrastructure and local datasets to promote inclusive, culturally aligned AI development.

Next steps

Government would set up institutions as suggested in the report towards operationalizing the implementation roadmap.

Singapore bolsters national cybersecurity posture

Summary

Singapore is significantly bolstering its national cybersecurity posture by initiating unprecedented classified intelligence sharing with financial institutions and critical infrastructure owners to strengthen defences against state-backed hackers. A new Cyber Resilience Centre will be established to support small and medium-sized enterprises (SMEs) with prevention and recovery. The government is also enhancing supply chain security requirements, and launching frameworks to address risks associated with emerging technologies like quantum computing, AI, and mobile apps.

In more detail

Singapore is boosting its cyber defences with several key actions:

• Proactive government powers: authorities will share classified threat intelligence directly with critical sectors and gain immediate investigation powers, moving beyond a traditional regulator-regulated relationship. Singapore will also partner with firms for threat-hunting and red-teaming exercises.
• SME support: A Cyber Resilience Centre, launching in 2026, will offer SMEs a one-stop hub for preventive workshops, incident response help, and recovery aid. This addresses a context where over 80% of Singaporean enterprises experienced a cyber incident last year.
• Modernised standards and supply chain: Updated Cyber Essentials and Cyber Trust marks now cover cloud, operational technology, and AI. ICT vendor security requirements and cybersecurity service provider (CSP) licensing will be tightened.
• Emerging tech governance: New frameworks and consultations address Quantum Security (Quantum-Safe Handbook, Quantum Readiness Index), Agentic AI (securing autonomous systems), and Mobile App Security (Safe App Portal pilot, App Defense Alliance MOU).
• Partnerships: Enhanced AI-driven threat intelligence sharing is being established via MOUs with TRM Labs (blockchain intelligence), Google, and AWS, focusing on areas like ransomware tracking. Singapore also renewed its UN-Singapore Cyber Programme for global capacity building.

Next steps

Cyber Resilience Centre launch: The centre is expected to begin operations in 2026.

Public consultations: Consultations are open for the Quantum-Safe Handbook, Quantum Readiness Index (QRI), and the guidelines on securing agentic AI systems until December 31, 2025.

Safe App Portal pilot: The six-month pilot of the mobile app security scanning tool is underway.

National strategy: A more comprehensive, long-term national cybersecurity strategy is expected later this year.

BNM issues discussion paper on asset tokenisation

Summary

On 30 Oct, Bank Negara Malaysia released a discussion paper outlining its proposed approach to asset tokenisation in the Malaysian financial sector. The aim is to foster a collaborative, safe and sustainable roadmap for the development of tokenised financial services in Malaysia. BNM invites industry and stakeholder feedback on the key themes, issues for clarification, and alternative proposals. Responses are due by 1 March 2026.

In more detail

The discussion paper reflects BNM’s recognition that asset tokenisation — the representation of financial or real-world assets in token form on digital platforms — offers potential benefits for the Malaysian financial ecosystem, including greater efficiency, new business models, and broader financial inclusion. At the same time, BNM emphasises the need to manage risks and ensure financial stability, integrity and consumer protection.

Key elements of the proposed approach include:

• High-level principles and use cases: The paper will set out core principles for tokenisation (such as asset backing, transparency, separation of roles, custody, etc) and identify potential use cases — for example, tokenised deposits, programmable payments, supply-chain finance, and other real-world asset tokenisation.
• Regulatory and developmental approach: BNM emphasises collaboration with industry and other regulators (such as the Securities Commission Malaysia) to co-create frameworks, pilot tokenisation projects and explore how tokenisation may integrate with existing systems (including central bank digital currency (CBDC) considerations) while preserving monetary and financial system stability.
• Feedback and industry input: The discussion paper invites feedback from stakeholders, asking them to articulate clear rationale, supporting evidence or illustrative examples, and propose areas of clarification or alternative approaches.
• Safeguards and risk considerations: While innovation is encouraged, BNM flags key risks involving operational technology (e.g., distributed-ledger-technology vulnerabilities), interoperability, anti-money-laundering / counter-terror-financing (AML/CFT), custody, investor protection and system stability.

Next steps

• Interested parties should review the discussion paper and submit their feedback via email to tokenisation@bnm.gov.my by 1 March 2026.
• The broader ecosystem (financial institutions, industry bodies, fintechs) may use this period to form pilot projects or collaborations with BNM’s innovation or sandbox facilities to test tokenisation use cases in a controlled environment.

Australia’s National AI Centre releases practical guidance

The National AI Centre (NAIC), part of the Department of Industry, Science and Resources released Guidance for AI Adoption, a practical resource to help Australian business adopt artificial intelligence safely and responsibly.

Further details

The guidance responded to feedback from industry seeking clearer, simpler and more actionable advice. It evolves the Voluntary AI Safety Standard and remains aligned with Australia’s AI Ethics Principles, as well as international standards and best practices.

The guidance is designed to meet businesses where they are on their AI adoption journey:

Foundations provides practical steps for organisations that are starting with AI, including small businesses. It focuses on aligning AI with business goals, establishing governance and managing risk across 6 practices.

Implementation Practices supports organisations that are scaling AI or managing more complex systems. It offers detailed technical information to strengthen governance, improve oversight and embed responsible AI across systems, processes and decision-making.

The guidance is the first update of the Voluntary AI Safety Standard (VAISS), which was published in September of last year. At time of release, it was communicated that NAIC would update the VAISS to extend best practices to AI developers as well as deployers. The update condensed 10 guardrails into 6 essential practices.

The 2025 Responsible AI Index, released 26 August 2025 had found that only 29% had implemented relevant responsible AI practices.