FinTech Global Regulatory Round-up – w/e 18 December 2020

The Bank for International Settlements (BIS) has published a speech delivered by Denis Beau, First Deputy Governor of the Bank of France, entitled 'Innovations in the financial sector and central banks' contributions'. Mr Beau emphasised that promoting sustainable innovation is a part of central banks' mandates and outlined the steps the Bank of France is taking in relation to this. [14 Dec 2020]

#CentralBanks

The FCA has published a statement regarding an ongoing cyber incident affecting the SolarWinds Orion suite of IT management tools, in which it highlights the guidance issued by the National Cyber Security Centre (NCSC). This guidance is intended to help firms identify whether they have been affected, and includes a list of immediate actions to take if firms are using these tools.

The FCA recommends that all firms using SolarWinds tools review the NCSC guidance to ensure the safety of their firm’s systems. Any operational impacts associated with this issue should be escalated via normal supervisory reporting processes.

The NCSC's guidance will be updated as more information becomes available. [18 Dec 2020]

#OpRes

The BoE has published, as part of its quarterly bulletin for Q4 2020, an article on the impact of Covid-19 on machine learning (ML) and data science (DS) in UK banking. The article finds that the use of ML and DS by banks has remained broadly stable since the start of Covid-19, with the number of applications remaining the same or increasing. Half of surveyed banks expected an increase in the importance of ML and DS for future operations as a result of Covid-19. However, only a third of banks said there was an increase in the number of planned or existing ML or DS projects. [18 Dec 2020]

#MachineLearning

#DataScience

FSCS - Coverage of cryptocurrencies

The Financial Services Compensation Scheme (FSCS) has published an article which provides information on scheme coverage of cryptocurrencies, including security tokens, exchange tokens, utility tokens, and initial coin offerings. [18 Dec 2020]

HM Treasury (HMT) has published a supplementary annex to its consultation on insolvency changes for payment institutions (PIs) and electronic money institutions (EMIs), in which it proposes to introduce a bespoke Special Administration Regime for PIs and EMIs. The annex includes a summary of the proposed draft rules that will accompany the regulations that will introduce the Regime.

Feedback to the consultation is requested by 14 January 2021. [18 Dec 2020]

#PIs

#EMIs

The Payment Systems Regulator (PSR) has confirmed that its consultation on its interim report regarding its market review into the supply of card-acquiring services will close on 9 February 2021. The PSR will run the merchant survey confidentiality ring for three weeks starting on 20 January 2021. [17 Dec 2020]

#MarketReview

The FCA has established a Temporary Registration Regime to allow existing cryptoasset firms, who have applied to be registered with the FCA before 16 December 2020 and whose applications are still being processed, to continue trading after 9 January 2021 until 9 July 2021, pending the FCA's determination of their application. The FCA will contact businesses eligible for such registration directly. Eligible firms do not need to apply for registration; rather, they will receive it automatically.

The FCA is advising customers of cryptoasset firms which should have applied to the FCA, but have not done so, to withdraw their cryptoassets or money before 10 January 2021. Firms that did not submit an application by 15 December 2020 will not be eligible for the Regime. Such firms will need to return cryptoassets to customers and stop trading by 10 January 2021. Firms that do not stop trading by that date are at risk of being subject to the FCA’s criminal and civil enforcement powers.

A list of cryptoasset firms with temporary registration is available here. [16 Dec 2020]

The Pensions Dashboards Programme (PDP), set up by the Money and Pensions Service (MaPS), has published a data standards guide which will underpin the initial technology and allow individuals to view their pensions via their chosen dashboard. The PDP has also published a video introduction to data standards. [15 Dec 2020]

#DataStandards

The High Court has found in favour of a claimant investor in a dispute arising from the termination of her Bitcoin trading account with an online trading platform and concurrent cancellation of open trades (as a result of an alleged money laundering risk): Ang v Reliantco Investments Ltd [2020] EWHC 3242 (Comm). Although the claim relates to an account used to trade Bitcoin futures, the decision will be of broader interest to financial institutions, given the potential application to other types of trading accounts and accounts more generally.

Read our briefing here. [27 Nov 2020]

ESMA has published the final report on its guidelines on outsourcing to cloud service providers (CSPs). The guidelines take into account related guidelines by the European Banking Authority (EBA) and European Insurance and Occupational Pensions Authority (EIOPA), and the proposal for a Digital Operational Resilience regulation (DORA). The guidelines cover:

• risk assessment and due diligence;
• the governance, organisational and control frameworks for monitoring the performance of CSPs;
• exit arrangements;
• the contractual elements that should be included in agreements; and
• information to be notified to NCAs.

The guidelines apply from 31 July 2021 to all cloud outsourcing arrangements entered into, renewed or amended on or after this date. Firms should review and amend existing cloud outsourcing arrangements with a view to ensuring that they take these guidelines into account by 31 December 2022. Where the review of cloud outsourcing arrangements of critical or important functions is not finalised by 31 December 2022, firms should inform the relevant NCA, including the measures planned to complete the review or the possible exit strategy. [18 Dec 2020]

#CloudServiceProviders

#CSPs

ESMA has published a consultation on the Markets in Financial Instruments Directive II (MiFID II) and Markets in Financial Instruments Regulation (MiFIR) review report on algorithmic trading. ESMA is seeking feedback on the impact of requirements regarding algorithmic trading, including high-frequency algorithmic trading. The consultation addresses crisis-related issues and contemporary issues closely linked to algorithmic trading, and covers the following areas:

• the authorisation regime;
• provisions for algorithmic and high-frequency traders; and
• provisions applicable to trading venues allowing or enabling these market participants.

Feedback is requested by 12 March 2021, after which ESMA will prepare the final review report for submission to the European Commission by July 2021. [18 Dec 2020]

#HighFrequencyTrading

ESMA has issued a reminder, in line with its statement of 10 November 2020, regarding the IT operations scheduled to take place on its databases and systems at the end of the Brexit transition period. ESMA will also carry out manual updates of databases and registers published directly on the ESMA website.

Further information on the planned operations and instructions can be found here. [16 Dec 2020]

#IT

#Operational

The ECB has published a speech entitled “Keeping cyber risk at bay: our individual and joint responsibility”, delivered by Fabio Panetta, Member of the Executive Board, at the fifth meeting of the Euro Cyber Resilience Board for pan-European Financial Infrastructures. Amongst other things, Mr Panetta spoke about digitalisation and the resilience of the financial sector in light of Covid-19, safeguarding the cyber resilience of financial services through regulation, cyber resilience testing, and intelligence sharing. [16 Dec 2020]

#OpRes

The European Commission and the High Representative of the Union for Foreign Affairs and Security Policy have published a joint communication to the EU Parliament and Council on “The EU’s Cybersecurity Strategy for the Digital Decade” (and accompanying questions and answers (Q&A) document). The proposed new EU cybersecurity strategy aims to bolster Europe’s collective resilience against cyber threats and help ensure that EU citizens and businesses can benefit from trustworthy and reliable services and digital tools.

The Commission has also published proposals for directives on the resilience of critical entities, and measures for a high common level of cybersecurity across the Union (and accompanying annexes), repealing the Directive on security of network and information systems (NIS Directive). [16 Dec 2020]

#Cyber

#CyberStrategy

The SFC has announced the grant of its first license to a virtual asset trading platform in Hong Kong.  The platform is licensed for Type 1 (dealing in securities) and Type 7 (providing automated trading services) and will only serve professional investors as defined under the Securities and Futures (Professional Investor) Rules.  It will be under the SFC’s close supervision and be subject to tailor-made requirements similar to those applicable to securities brokers and automated trading venues.

The SFC states that it is one of the first major jurisdictions to introduce a comprehensive framework regulating virtual asset trading platforms (see our previous update) and its approach is consistent with the recommendations of international standard-setting bodies.  Other regulators in major markets have also announced plans to regulate virtual asset trading to address anti-money laundering and consumer protection concerns.

The SFC says it will continue to provide a clear, well-defined regulatory environment for the development of the fintech industry.  In a consultation launched in November 2020 (see our previous update), the government proposed a new legislative framework where the SFC would be able to regulate all centralised virtual asset exchanges, including those that only trade virtual assets currently falling outside of the SFC’s jurisdiction.  [16 Dec 2020]

#TradingPlatform

The Bank Negara Malaysia (BNM) and the Securities Commission Malaysia (SCM) have released a joint response to a letter published in The Star and Malaysiakini on 7 and 9 December 2020 respectively. The response explains how BNM and SCM are working together to develop policies and regulation in relation to cryptocurrencies and digital assets. [19 Dec 2020]

#DigitalAssets

The RBI has announced the opening of the second cohort for the Regulatory Sandbox; the cohort will take cross border payments as its theme. To encourage innovation and broad base the eligibility criteria, the enabling framework has been modified by reducing net worth requirement from the existing ₹25 lakh to ₹10 lakh, as also including partnership firms and Limited Liability Partnership (LLPs) to participate in the RS.

Applications for the cohort are open until 15 February 2021. [16 Dec 2020]

#RegulatorySandbox

#CrossBorderPayments

The Securities and Exchange Commission Philippines (SECP) has issued a Notice requesting feedback on its proposed ‘Guidance for Regulated Entities on Establishing and Maintaining a Cybersecurity Framework’. The Guidance covers:

• cybersecurity governance;
• information security management;
• data protection, including data privacy and disclosure of non-public personal information;
• the regular review of cybersecurity frameworks; and
• accountability measures.

Comments are requested by 31 January 2021. [16 Dec 2020]

#Cyber

#OpRes

Secretary of the Commonwealth of Massachusetts William Galvin has filed an administrative complaint against a trading platform provider. The complaint alleges that the firm violated Massachusetts' law by "aggressively marketing itself to Massachusetts investors without regard for the best interests of its customers" and that it failed to maintain sufficient infrastructure and procedures to meet the demands of a rapidly growing customer base. [16 Dec 2020]

#OnlineTradingPlatform

The FDIC has published a statement made by Chair Jelena McWilliams on the notice of proposed rulemaking on computer-security incident notification at a recent FDIC Board Meeting. The proposed 36-hour limit for notification in the proposed rulemaking aims to address the gap in timely regulatory awareness of the most significant computer-security incidents affecting banking organizations. [15 Dec 2020]

The FDIC has approved a final rule to establish a new framework for analyzing whether deposits made through deposit arrangements qualify as brokered deposits, including those between insured depository institutions (IDIs) and third parties, such as financial technology companies (FinTechs). It establishes a new framework for analyzing certain provisions of the ‘deposit broker’ definition, including ‘placing deposits’, ‘facilitating the placement of deposits’, and ‘primary purpose’.

The final rule also amends the methodology for calculating the interest rate restrictions that apply to less than well capitalized IDIs. The methodology has been amended for calculating the national rate, the national rate cap, and the local market rate cap. The rule also explains when non-maturity deposits are accepted and when non-maturity deposits are solicited for purposes of applying the brokered deposits and interest rate restrictions.

The FDIC has published related statements by Chair Jelena McWilliams and Board Member Martin J Gruenberg. The Office of the Comptroller of the Currency (OCC) has also published a statement by Acting Comptroller of the Currency Brian P Brooks. Mr Brooks states that the new rule ‘helps modernize the concept of brokered deposits in ways that give consumers more choices and control over their financial decisions and promote innovation between commercial banks and the financial technology industry’. [15 Dec 2020]

The FDIC has announced that its Board has approved a 2021 Operating Budget of $2.279 billion, which provides funding for the continuation of FDIC information technology modernization, supports numerous projects to foster innovation at US banks, and helps expand initiatives to support diversity and inclusion.

The FDIC has also published related statements by Chair Jelena McWilliams and Board Member Martin J Gruenberg. [15 Dec 2020]

The CFTC’s Technology Advisory Committee (TAC) held a virtual public meeting on December 14, 2020. The Committee heard presentations from the Virtual Currencies Subcommittee on the growth of regulatory challenges of decentralized finance, and voted on a recommendation from the Cybersecurity Subcommittee for the TAC that the CFTC provide clear, concise and up-to-date guidance on how the CFTC reviews highly-sensitive cybersecurity artefacts and sensitive intellectual property (IP). [14 Dec 2020]

#Tech

#Cyber