There is no one answer to this question as regulations vary by country and industry. However, in general, multi-factor authentication (MFA) is typically required when accessing sensitive information or systems. This could include things like online banking, email accounts, and company networks.
In the United States, the Federal Financial Institutions Examination Council (FFIEC) requires MFA for certain online banking transactions. Similarly, the Health Insurance Portability and Accountability Act (HIPAA) requires MFA for accessing protected health information.
There are many other examples of industries and countries that have regulations requiring MFA. As mentioned, it really varies depending on the specific situation. However, in general, MFA is typically required when handling sensitive information.