April 2026 regulatory update: first evidence

Editor’s note: This monthly update covers regulatory developments across Australia, New Zealand, the UK, and Canada. Our aim: help regulators – who increasingly work with and learn from their peers across these global jurisdictions despite their distance – understand what is now live, why it matters, and what is coming. If you haven’t already, consider signing up for our monthly newsletter to stay abreast of the latest regulatory developments.

March asked whether new regimes could survive first contact with practice. April begins to answer the question:

• The Australian Transaction Reports and Analysis Centre’s (AUSTRAC) Tranche 2 enrolment portal opened on 31 March, inviting an estimated 90,000 lawyers, accountants, and real estate agents into Australia’s anti-money laundering system for the first time.
• Australia’s merger control regime activated new voting-power thresholds on 1 April, and its digital assets licensing bill cleared a Senate committee endorsement.
• In New Zealand, the Crypto-Asset Reporting Framework (CARF) went live on 1 April, and the Gull–NPD fuel merger decision – already extended once – now hangs on a fresh round of submissions.
• In the UK, the Financial Conduct Authority (FCA) confirmed one of the largest consumer redress schemes in British history.
• And in Canada, the government introduced its third attempt at a lawful access law in under a year, reprising a pattern that is becoming familiar: ambition that outruns the trust needed to land it.

The connecting thread is evidence. Each of these developments has moved beyond legislative text into operational reality. Early enrolment figures, first merger filings, first redress assessments, and first judicial scrutiny will now generate the data that regulators – and their critics – have been waiting for.

Regulatory orientation: what is now live or unavoidable

Australia

• ACCC merger regime expands from 1 April. New voting-power and cumulative-acquisition thresholds take effect, capturing a wider range of minority and incremental stake-building transactions that would previously have gone unnoticed. The Australian Competition and Consumer Commission (ACCC) has already referred two transactions to Phase 2 review – Ampol’s acquisition of EG Australia and a Coles supermarket and liquor acquisition in Kalgoorlie – providing early signals on how the regime will treat consolidation in concentrated markets. For in-house teams, the practical implication is this: serial bolt-on acquisitions can now trigger notification even where individual deals appear small.
• AUSTRAC Tranche 2 enrolment is open. The AUSTRAC portal opened on 31 March, allowing lawyers, accountants, real estate agents, conveyancers, and dealers in precious metals to begin registering ahead of obligations commencing 1 July. With an estimated 90,000 new reporting entities expected – compared to roughly 19,000 previously – this is the most significant expansion of Australia’s anti-money laundering perimeter in decades. Enrolment is not optional: the final deadline for entities providing designated services from 1 July is 29 July 2026.
• Digital assets licensing bill endorsed by Senate committee. On 16 March, the Senate Economics Legislation Committee recommended that the Corporations Amendment (Digital Assets Framework) Bill 2025 be passed. The bill would bring digital asset platforms and tokenised custody providers under the Australian Financial Services Licence regime overseen by the Australian Securities and Investments Commission (ASIC), with providers handling under A$10 million in annual transactions exempt. ASIC’s sector-wide no-action position expires 30 June 2026, giving firms a short runway to lodge licence applications or adjust operations.

New Zealand

• Crypto-Asset Reporting Framework live from 1 April. New Zealand-based reporting crypto-asset service providers must now collect detailed user identity and transaction data under the OECD’s framework, with the first report to Inland Revenue due 30 June 2027 covering the period 1 April 2026 to 31 March 2027. Inland Revenue will exchange that data with participating tax authorities internationally. This is a material step-change in the data available to both tax and financial intelligence agencies.
• Gull–NPD merger decision extended to 28 May. The Commerce Commission published a Statement of Issues on 16 March signalling potential competition concerns – particularly around whether the combined entity could profitably raise prices or reduce service quality – and extended its decision deadline from 16 March to 28 May 2026. Submissions from Astra Energy, Gull, and NPD are due 2 April, with cross-submissions due 15 April. Whatever the outcome, the decision will become a reference case for how New Zealand polices consolidation in concentrated, low-margin retail markets.
• RMA replacement bills under active scrutiny. The Planning and Natural Environment Bills, which would replace the Resource Management Act 1991 (RMA), are before the Environment Select Committee following concerns that the bills’ “regulatory relief” provisions – which could require councils to compensate landowners when environmental protections reduce land value – would make legitimate environmental regulation financially unworkable for councils. A select committee report is expected mid-2026.

United Kingdom

• FCA motor finance redress scheme confirmed. On 30 March, the FCA confirmed an industry-wide redress scheme covering motor finance agreements made between 6 April 2007 and 1 November 2024. Approximately 12.1 million agreements are now eligible for compensation, with lenders expected to pay approximately £7.5 billion in redress and total costs including administration estimated at £9.1 billion. Lenders have until 30 June 2026 (for post-April 2014 agreements) and 31 August 2026 (for pre-2014 agreements) to prepare for the scheme.
• CMA Google conduct requirements move toward finalisation. The Competition and Markets Authority’s (CMA) consultation on four binding conduct requirements for Google’s search and search advertising services closed in late February, with requirements addressing publisher content use, fair ranking, user choice, and data portability. The CMA is now considering responses before issuing final requirements – the first binding obligations under the UK’s digital markets competition regime on any firm. The Department for Business and Trade’s (DBT) consultation on restructuring the CMA itself also closed on 31 March.

Canada

• Bill C-22 (the Lawful Access Act, 2026) introduced. Public Safety Minister Gary Anandasangaree tabled Bill C-22 on 12 March 2026 – the government’s third attempt in under a year to legislate expanded police and security-service access to telecommunications data. Part 1 narrows warrantless demands to telecoms and limits them to confirmation of account existence. Part 2 restores a deeply contested provision allowing secret ministerial orders to digital service providers, with no public registry and no parliamentary approval.
• Canada’s EU privacy adequacy is under active review. Canada’s EU General Data Protection Regulation (GDPR) adequacy decision is subject to European Commission review in 2026, with the outcome uncertain: the federal privacy bill (Bill C-27) that was meant to modernise Canada’s privacy framework remains unpassed. Canada’s C-26 cybersecurity legislation – which grants the Communications Security Establishment (CSE) access to critical infrastructure incident data – is also likely to be scrutinised. Loss of adequacy would be a significant disruption for cross-border data flows between Canada and Europe.

Four stories to watch

The FCA’s £9 billion lesson in mass redress design

The FCA’s motor finance redress scheme is, by any measure, exceptional in scale. At an estimated £9.1 billion in total costs, it covers 12.1 million agreements and spans 17 years of lending conduct. Courts found that firms broke the law by failing to disclose commission arrangements when selling car finance – a failure the FCA has now addressed through a standardised, automated redress scheme rather than individual complaint-by-complaint adjudication.

Courts have found that firms broke the law by failing to disclose important information to customers.

The design choices are instructive. By using a scheme rather than the courts or the Financial Ombudsman Service, the FCA has prioritised consistency and speed over bespoke outcomes. The eligibility criteria are deliberately narrow – agreements involving minimal commission, zero-rate loans, or manufacturer ties are excluded – to avoid over-remediation and contain costs. Around one in three cases will see compensation capped, ensuring consumers are not placed in a better position than they would have been absent the misconduct.

The FCA also launched a joint taskforce with other agencies to crack down on claims management companies charging consumers 20–30% of compensation for a service the scheme makes unnecessary. For regulators in other jurisdictions designing mass-redress frameworks, this combination – automated eligibility, capped compensation, anti-CMC coordination – will be studied closely.

The complaint window reopens 31 May 2026. Between now and then, lenders face the considerable operational task of identifying and contacting affected customers, building assessment systems, and preparing for what could be millions of simultaneous claims.

AUSTRAC Tranche 2: the enrolment test

The opening of AUSTRAC’s Tranche 2 enrolment portal is the first real gauge of whether Australia’s most ambitious AML expansion will land. An estimated 90,000 entities are now eligible to enrol – a near-fivefold increase in the regulated population – yet most have little or no prior experience of financial crime regulation. The enrolment data emerging through April will show how far awareness and preparation have reached into the professions.

AUSTRAC’s approach has been to use time and guidance as regulatory tools: starter kits for accountants and real estate agents, industry-specific guidance released in January, and a staged timeline that allows entities until 29 July 2026 to complete enrolment even though obligations begin on 1 July. But the regulator has also been unambiguous that entities providing designated services from 1 July must be enrolled and have approved AML/CTF programmes in place by that date – not after it.

The practical challenge is proportionality. Law firms, accounting practices, and real estate agencies range from sole operators to large national businesses. Designing supervision that treats them equitably – enforcing meaningfully on the high-risk end while not overwhelming the long tail – will define AUSTRAC’s credibility with a new and sceptical constituency.

Australia’s digital assets window: six weeks to get licensed

Australia’s digital asset sector now has a clearer legislative path and a hard deadline. The Senate committee endorsement of the Corporations Amendment (Digital Assets Framework) Bill 2025 on 16 March does not guarantee passage, but it materially increases the bill’s prospects and narrows the gap between the existing no-action position and a formal AFSL-based regime.

The immediate pressure is ASIC’s no-action position, which expires 30 June 2026. Firms that want to continue operating legally beyond that date must have lodged an Australian Financial Services Licence application. For larger platforms holding client assets, this is not a trivial exercise: the bill creates two new licence categories – digital asset platforms and tokenised custody platforms – each carrying custody, settlement, disclosure, and governance obligations tailored to crypto-specific risks.

For ASIC, the transition from no-action to active supervision will be the first genuine test of whether its existing examination and enforcement tools can handle the complexity and pace of digital asset markets – a sector its own Key Issues Outlook flagged as one of the ten highest-priority risk areas for 2026.

Canada’s lawful access problem: the third time

Bill C-22 is the Carney government’s third attempt to pass lawful access legislation in under a year. Its predecessors were withdrawn or shelved after sustained civil liberties opposition. The government has made genuine concessions: warrantless demands in Part 1 are now limited to telecom companies and can only confirm whether an account exists, rather than yield content or subscriber data.

But Part 2 remains largely unchanged from what critics called the most dangerous element of its predecessors: secret ministerial orders that can compel any digital service to build surveillance capabilities, with no public registry, no parliamentary approval, and no right of notification for affected users. The bill could also open a pathway for US law enforcement to access data about people in Canada.

The pattern that has emerged across three attempts is revealing: successive governments have treated lawful access as a negotiation between operational need and civil liberties principle, without resolving the underlying question of whether the surveillance architecture being built can be overseen effectively once in place. The EU’s adequacy review of Canadian privacy law may force that resolution from outside, with significant consequences for data-reliant businesses and regulators alike.

April – June 2026 watch list

Immediate (April 2026)

Australia

• 1 April – ACCC new voting-power and cumulative-acquisition thresholds commence; in-house legal and M&A teams need to recalibrate notification analysis for minority stake-building.
• From 31 March – AUSTRAC Tranche 2 enrolment open; first uptake data expected through April will reveal where outreach gaps are largest and which professional sectors are least prepared.

New Zealand

• 1 April – CARF live; crypto service providers begin collecting user and transaction data for first report due June 2027.
• 2 April – Submissions due from Astra Energy, Gull, and NPD on the Commerce Commission’s Statement of Issues; 15 April for cross-submissions.

United Kingdom

• April – Lenders begin building motor finance redress assessment systems ahead of 30 June implementation deadline for post-2014 agreements.
• April – CMA analyses responses to Google conduct requirement consultation and moves toward issuing final requirements.

Canada

• April – Bill C-22 enters parliamentary consideration; committee hearings will test whether Part 2 provisions can survive civil liberties scrutiny.

Near term (May – June 2026)

New Zealand

• 28 May – Commerce Commission Gull–NPD decision due. The reasoning will set the standard for how New Zealand approaches consolidation in concentrated low-cost retail markets.

Canada

• 31 May – Annual modern slavery and forced labour reporting deadline under the Fighting Against Forced Labour and Child Labour in Supply Chains Act. The volume and quality of reports will reveal how seriously modern slavery risk has been integrated into mainstream compliance beyond CSR teams.

United Kingdom

• 31 May – FCA motor finance complaint window reopens; firms must be operationally ready to begin receiving and assessing claims.
• By 30 June – Digital asset and stablecoin licensing regime expected fully in force.

Australia

• 30 June – ASIC no-action position on digital assets expires; firms without an AFSL application lodged face enforcement exposure.
• 1 July – AUSTRAC Tranche 2 obligations commence; lawyers, accountants, and real estate agents must be enrolled and compliant.

Final word

“We are going ahead with a scheme to compensate motor finance customers who were treated unfairly. Courts have found that firms broke the law by failing to disclose important information to customers.”

– Financial Conduct Authority, statement confirming
the motor finance redress scheme, 30 March 2026.

The FCA’s statement is spare and declarative, but its implications are not. A £9.1 billion scheme – covering 17 years of conduct, 12 million agreements, and an entire sector’s selling practices – is not a footnote. It is the outcome of a regulatory process that required the FCA to hold its nerve through Supreme Court proceedings, political pressure, and the sustained lobbying of an industry confronting existential liability. The result is a scheme that prioritises consistent outcomes over perfect ones.

The same discipline – holding a credible line under pressure, accepting imperfect design in exchange for workable delivery – is visible across April’s other major developments. AUSTRAC is opening its doors to 90,000 new entities without pretending it can supervise all of them immediately. New Zealand’s Commerce Commission is taking the time it needs on the Gull–NPD merger, even as applicants push for speed. Australia’s ASIC is drawing a clear line at 30 June on digital assets, while giving firms a workable runway to reach it.

What distinguishes these examples from Canada’s Bill C-22 is not ambition – the lawful access objective is legitimate – but design. Regulators that can explain not just what they are doing but how the constraints on their power are built in tend to generate the institutional trust that makes ambitious frameworks sustainable. Canada’s third attempt at lawful access will be tested on precisely that question.

The Modern Regulator delivers independent regulatory news, insight, and analysis for regulators and the professionals who work alongside them. Sign up for our monthly newsletter.