FinTech Global Regulatory Round-up – 21 December 2020 to 8 January 2021

BIS working paper: Firm-level R&D after periods of intense technological innovation

The Bank for International Settlements (BIS) has published a working paper which examines the role of investor sentiment in firm-level research and development (R&D) following periods of intense technological innovation. [8 Jan 2021]

#Investment

IOSCO: Report on education of retail investors regarding risks of crypto-assets

The International Organization of Securities Commissions (IOSCO) has published a report intended to help regulators inform retail investors about the risks and characteristics of crypto-assets, which includes methods that regulators can use to provide educational material to retail investors. [22 Dec 2020]

#Retail

The International Association of Insurance Supervisors (IAIS) has published a report on cyber risk underwriting, which identifies challenges and supervisory considerations for sustainable market development. The findings of the Cyber Underwriting Small Group (CUSG) are as follows:

• cyber underwriting market - current cyber underwriting practices, while serviceable, are not yet optimal, particularly due to issues surrounding the measurement of risk exposures;
• supervisory practices - supervisory intensity and specific toolbox development are generally proportionate to the relative importance of the cyber underwriting market, which is generally limited at this time.

The CUSG has recommended to the IAIS’ Executive Committee that the IAIS pursue a strategic approach focused on:

• facilitating the monitoring, understanding and assessment of cyber risk underwriting exposure and impact; and
• assisting supervisors in building relevant capacity to review cyber risk underwriting practices and exposure. [21 Dec 2020]

#Underwriting

#Insurance

HM Treasury (HMT) has published a combined consultation and call for evidence (CfE) on the Government's approach to cryptoasset regulation and stablecoins, and on investment and wholesale uses of cryptoassets and the broader use of DLT in financial markets.

Feedback is requested by 21 March 2021. [7 Jan 2021]

#Stablecoins

The FCA has updated its page on applying to the Regulatory Sandbox to highlight that the application window for cohort 7 closed on 31 December 2020 and that the window for applications for cohort 8 will open later in 2021. [6 Jan 2021]

The Law Society has published a Q&A drafted by a working group of the Company Law Committee of the Law Society; it is focused on electronic signatures in commercial law matters. [6 Jan 2021]

The FCA has published the following handbook notifications under the Electronic Money, Payment Services and Payment Systems (Amendment and Transitional Provisions) (EU Exit) Regulations 2018:

• Notification following entry into supervised run-off for EEA authorised payment institutions and EEA Registered Account Information Service Providers;
• Notification following entry into contractual run-off for EEA authorised payment institutions and EEA Registered Account Information Service Providers;
• Notification following entry into supervised run-off for EEA authorised electronic money institutions; and
• Notification following entry into contractual run-off for EEA authorised electronic money institution.

The FCA has also published a notification following entry into contractual run-off under Part 7 of the EEA Passport Rights (Amendment, etc., and Transitional Provisions) (EU Exit) Regulations 2018. [31 Dec 2020]

#Payments

#eMoney

#EUExit

The Financial Markets Law Committee (FMLC) has published a report on issues of legal uncertainty which focuses on the use of electronic signatures in authenticating global notes under European provisions, and English, Irish, German, Luxembourg, and Dutch law. The report concludes that the surveyed jurisdictions support electronic signatures subject to the specific formal requirements set out at European level. [31 Dec 2020] 

The PRA has published a statement on the prudential treatment of software assets in Article 36(1)(b) of the amended Capital Requirements Regulation (CRR2) which started to apply to PRA-regulated firms on 23 December 2020. Article 36(1)(b) CRR2 exempts software assets from the deduction requirement for intangible assets from Common Equity Tier 1 (CET1). The PRA is concerned that exempting software assets from the CET1 capital deduction requirements could undermine the safety and soundness of UK firms and it therefore intends to consult in due course to maintain the earlier position whereby all software assets continue to be fully deducted from CET1 capital. In the meantime, the PRA recommends that firms do not base their distribution or lending decisions on any capital increase from applying the requirement in Article 36(1)(b) CRR2. Firms should also take into account any significant software assets included in their regulatory capital in making capital management decisions. [30 Dec 2020]

#Prudential

The European Payments Council (EPC) has published an insight article on the proof of concept (POC) for an interbank smart payments' platform using blockchain networks connected to existing payment systems. [7 Jan 2021]

#DLT

#Payments

The European Central Bank (ECB) has published a letter from Christine Lagarde, ECB President, to certain members of the European Parliament regarding a digital euro. Ms Lagarde's letter was sent in response to a letter by Irene Tinagli, Chair of the Committee on Economic and Monetary Affairs (ECON), on 23 October 2020. Ms Lagarde stated that the Eurosystem is currently conducting conceptual analysis and practical experimentation on the technical solutions that might support the issuance of a digital euro in the future. Ms Lagarde also noted that:

• both centralised and decentralised approaches are being evaluated and explored; and
• the assessment of possible international spill-over effects of a digital euro, both within and outside the EU, is an important part of the analysis.

Feedback to the Eurosystem's ongoing consultation on the digital euro is requested by 12 January 2021. [4 Jan 2021]

#CBDC

The ECB has published correspondence from Christine Lagarde to a Member of the European Parliament regarding the October 2020 incident which affected the TARGET 2 (T2) and TARGET2Securities (T2S) systems. Ms Lagarde advises that a software defect in a third party network device was the cause of the incident. The ECB has commissioned an independent review of the incident; main findings are expected to be made public in Q2 of 2021. [30 Dec 2020]

#Payments

#ThirdPartyProviders

The ECB has published an opinion in relation to the application of anti-money laundering (AML) and countering terrorist financing (CTF) requirements to virtual currency service providers. The opinion is issued in response to a request from the Spanish Ministry of Economic Affairs and Digital Transformation. [21 Dec 2020]

#AML

#CTF

The SFC has announced new licensing functions on WINGS, an online platform for SFC electronic forms and information submission services.

The new online features introduced include:

• web-based licensing forms with auto-fill and skip logic features, and pre-set validation rules to reduce errors;
• electronic signatures; and
• upgraded administration functions allowing separate accounts for licensees and their professional advisory firms.

The SFC plans to move all licensing-related processes to WINGS in around mid-2021.  This will support the SFC’s backend processing and data analytics and enable the overall licensing process to be more efficient and effective.

To allow industry participants to familiarise themselves with new features, firms are encouraged to activate their WINGS accounts during a trial period.  User guides and educational videos, including guidance on account activation, are available on the WINGS webpage. The slides for the SFC-hosted webinars explaining the new features in November and December 2020 are available on the SFC’s webpage.  [21 Dec 2020]

#eSignatures

#licensing

#SupTech

#ThirdPartyProviders

The SFC, the HKMA and the Insurance Authority have issued circulars announcing the launch of iAM Smart by the Office of the Government Chief Information Officer (OGCIO).  As one of the key infrastructure projects for smart city development announced in the 2017 Policy Address, iAM Smart provides all Hong Kong residents with a single digital identity and authentication method to conduct government and commercial transactions online.

iAM Smart offers the following key functions:

• allowing users to use biometrics in personal mobile devices for identity authentication (which would be verified against their Hong Kong Identity Cards) when logging onto online services;
• storing commonly used personal data (such as address, contact number and email) for online form filling; and
• digital signing with legal backing under the Electronic Transactions Ordinance.

Subject to the progress of adoption by government online services and readiness of the financial sector to adopt iAM Smart, iAM Smart will be rolled out to financial institutions.  The regulators encourage financial institutions to actively consider adopting iAM Smart.  Potential uses include enabling clients to use online services (such as authentication to log in to online accounts and sign documents) and enabling financial institutions to conduct remote onboarding of clients.

To enable financial institutions to conduct simulated tests of the application programming interface functions under iAM Smart, the OGCIO in collaboration with Cyberport introduced the first phase of the iAM Smart Pilot Sandbox Programme in March 2020. The second phase of the programme was launched in September 2020 for financial institutions intending to adopt iAM Smart to test their applications in an integration testing environment.  Further details on how to participate in the programme are provided in the respective circulars.  [29 Dec 2020]

#DigitalID

#ThirdPartyProviders

In response to a forum letter on the risk of individuals' financial data being exposed should the Singapore Financial Data Exchange (SGFinDex) be compromised, the Monetary Authority of Singapore (MAS) has explained that SGFinDex will not consolidate individuals' financial information in one place. There are also stringent security measures to safeguard the data as it transits through SGFinDex. [22 Dec 2020]

#FinancialData

Bank Indonesia (BI) has issued BI Regulation No. 22/20/PBI 2020 on Consumer Protection, revoking BI Regulation No. 16/1/PBI/2014 on Protection for Payment System Services Consumers (both in Indonesian language).  Improvements made in the new regulation among others, are as follows:

• broadened scope of consumer protection to encompass all financial services within the auspices of BI, which includes payment systems, money market and foreign exchanges – previously, this only covers payment systems;
• new provisions on dispute resolutions – if providers and consumers fail to reach amicable settlement, the new regulation provides for a framework to settle such disputes through an alternative dispute resolution method that can be filed with BI; and
• provisions regarding protection of consumer data and personal data in digital transactions.

BI is also authorised to undertake direct and indirect supervision, which includes the authority to request documents, data or information from service providers. BI may also impose administrative sanctions ranging from written warnings, suspension of business activities, to revocation of licences.

This regulation came into effect as of 22 December 2020. Implementing regulations to the previous regulation are still valid insofar they do not contravene the new regulation. [8 Jan 2021]

#ThirdPartyProviders

The Bank Negara Malaysia (BNM) has issued Policy Document on Licensing Framework for Digital Banks following a 6-month public consultation.

Digital banks will be required to comply with the requirements under the Financial Services Act 2013 (FSA) or Islamic Financial Services Act 2013 (IFSA), including standards on prudential, Shariah, business conduct and consumer protection, as well as on anti-money laundering and terrorism financing. During the foundational phase, licensed digital banks will be subjected to a more simplified regulatory requirement relating to capital adequacy, liquidity, stress testing, Shariah governance and public disclosure requirements.

Submission of applications to conduct digital banking business or Islamic digital banking business shall be made to the Bank no later than 30 June 2021. [31 Dec 2020]

The Reserve Bank of India (RBI) has announced the introduction of a Legal Entity Identifier (LEI) for large value transactions in centralised payment systems.

LEI has been introduced by the RBI in a phased manner for participants in the over the counter (OTC) derivative and non-derivative markets as also for large corporate borrowers. The RBI has now decided to introduce the LEI system for all payment transactions of value ₹50 crore and above undertaken by entities (non-individuals) using Reserve Bank-run Centralised Payment Systems through Real Time Gross Settlement (RTGS) and National Electronic Funds Transfer (NEFT). The change will come into effect from 1 April 2021. [5 Jan 2021]

#LEI

#ThirdPartyProviders

The RBI has announced the introduction of the RBI-Digital Payments Index (DPI), constructed to capture the extent of digitisation of payments across the country. The RBI-DPI comprises of 5 broad parameters that enable measurement of deepening and penetration of digital payments in the country over different time periods. Each of these parameters have sub-parameters which, in turn, consist of various measurable indicators. Going forward, RBI-DPI shall be published on RBI’s website on a semi-annual basis from March 2021 onwards with a lag of 4 months. [1 Jan 2021]

The Consumer Financial Protection Bureau (CFPB) Taskforce on Federal Consumer Financial Law has released a report (Volume I and Volume II) which contains approximately 100 recommendations to the CFPB, Congress, and state and federal regulators on how to improve consumer protection in the financial marketplace. Among the recommendations are a number relevant for FinTech, including, for example:

• that the CFPB be authorised to issue licenses to non-depository institutions that provide lending, money transmission, and payment services;
• that nonbank access to the payments systems be improved and expanded; and
• that consideration be given to preempting state law where conflicts can impede the provision of valuable products and services, such as the regulation of FinTechs engaged in money transmission. [5 Jan 2021]

The Office of the Comptroller of the Currency (OCC) has published an interpretive letter clarifying national banks’ and federal savings associations’ authority to participate in independent node verification networks (INVNs), and use stablecoins to conduct payment activities and other bank-permissible functions. Banks must comply with applicable law and safe, sound, and fair banking practices when deploying these technologies. [4 Jan 2021]

#Payments

#Stablecoins

#INVNs

The SEC has filed an emergency action and obtained an order imposing an asset freeze and other emergency relief against a firm and its affiliated companies in connection with an alleged securities fraud relating to the firm’s flagship cryptocurrency trading fund. The SEC’s action alleges that the fraud was directed by the owner and controller of the firm and its affiliated companies, and that the fraud has been taking place since at least 2018 through the making of material misrepresentations about the fund’s strategy, assets, and financial condition. [28 Dec 2020]

The SEC has issued a statement and request for comment on the custody of digital asset securities by broker-dealers in order to encourage innovation around the application of Securities Exchange Act Rule 15c3-3 (the Customer Protection Rule) to digital assets that meet the definition of a security under the federal securities laws. The SEC envisions broker-dealers performing the full set of broker-dealer functions with respect to such digital asset securities, including maintaining custody thereof, in a way that addresses the unique attributes of such securities and minimizes risk to investors and other market participants.

The SEC states that – for a period of five years – it will not take enforcement action against a broker-dealer operating under the circumstances set out in the statement on the basis that the broker-dealer deems itself to have obtained and maintained physical possession or control of customer fully paid and excess margin digital asset securities for the purposes of paragraph (b)(1) of Rule 15c3-3. These circumstances, among other things, include that the broker-dealer limits its business to digital asset securities, establishes and implements policies and procedures reasonably designed to mitigate the risks associated with conducting a business in digital asset securities, and provides customers with certain disclosures regarding the risks of engaging in transactions involving digital asset securities. In setting these circumstances, the SEC is aiming to balance investor protection concerns on the one hand and the potential for capital formation innovation on the other.

The SEC is also requesting comment on evolving standards and best practices with respect to custody of digital asset securities. The SEC’s statement and request for comment will become effective 60 days after publication in the Federal Register. [23 Dec 2020]

#DigitalAssets

#Crypto

#ThirdPartyProviders

The Fed has published a paper entitled ‘Tokens and accounts in the context of digital currencies’, which aims to provide guidance that can help prevent potential confusion or miscommunication in the use of the terms ‘token’ and ‘account. [23 Dec 2020]

#Tokens

#Crypto

The President’s Working Group on Financial Markets (PWG) has published a statement providing an initial assessment of key regulatory and supervisory considerations for participants in significant stablecoin arrangements with a US nexus that are primarily used for retail payments.

Acting Comptroller of the Currency, Brian P Brooks, has welcomed the statement. [23 Dec 2020]

The SEC has filed an action against a company and two of its executives, alleging that they raised over $1.3 billion through an unregistered, ongoing securities offering of digital assets known as XRP to investors in the US and worldwide. The failure to register the offering deprived potential investors of adequate disclosures and other protections.  The company also allegedly distributed billions of XRP in exchange for non-cash consideration (e.g., labor and market making services) and the individuals also effected personal unregistered sales of around $600m XRP. [22 Dec 2020]

#Crypto

The Conference of State Bank Supervisors (CSBS) has filed a complaint in the US District Court for the District of Columbia, opposing the OCC’s creation of a new national bank charter for nonbank companies and its acceptance and impending approval of a charter application from a technology company. The CSBS’s complaint represents a continuation of legal action initiated in 2017 which asserts that in creating the charter, the OCC has exceeded its authority under the National Bank Act and other federal banking laws.

The New York Department of Financial Services (NYDFS) has previously challenged the OCC’s so-called FinTech charter in federal court. [22 Dec 2020]

The FDIC has announced the release of two bank data tools intended to make it simpler for the public to connect with the FDIC, namely the Application Programming Interface (API) for financial data and a modernized version of BankFind. [21 Dec 2020]

#BankFind

The federal financial regulatory agencies – the Fed, FDIC and OCC – have announced a proposal that would require supervised banking organizations to promptly notify their primary federal regulator in the event of a computer security incident that rises to the level of a ‘notification incident’. Notification would be required as soon as possible and no later than 36 hours after a banking organization believes in good faith that an incident has occurred. Alerts would be required for incidents that:

• could result in a banking organization's inability to deliver services to a material portion of its customer base;
• jeopardize the viability of key operations of a banking organization; or
• impact the stability of the financial sector.

Service providers would be required to notify at least two individuals at affected banking organizations immediately after the providers experience computer security incidents that they believe in good faith could materially disrupt, degrade, or impair certain services they provide for four or more hours.

Feedback is requested within 90 days of publication of the notice of proposed rulemaking in the Federal Register. [18 Dec 2020]

#Cyber

The Financial Crimes Enforcement Network (FinCEN) has issued a request for comment on proposed requirements for certain transactions involving convertible virtual currency (CVC) or digital assets with legal tender status (LTDA). Banks and money services businesses (MSBs) would be required to submit reports, keep records, and verify the identity of customers in relation to transactions above certain thresholds involving CVC/LTDA wallets not hosted by a financial institution (also known as ‘unhosted wallets’) or CVC/LTDA wallets hosted by a financial institution in certain jurisdictions identified by FinCEN.

Feedback is requested within 15 days of publication of the notice in the Federal Register. [18 Dec 2020]

#CVC

#LTDA

The CFTC has released a Digital Assets Primer, which is a part of a series issued by the CFTC’s innovation office, LabCFTC, to provide updated information about emerging concepts in digital assets. [17 Dec 2020]

#Crypto

The OCC has issued a request for comment on a notice of proposed rulemaking to modify the requirements for national banks and federal savings associations to file suspicious activity reports (SARs). Under the proposal, the OCC would be able to issue exemptions from the requirements of the SAR regulations, making it possible for the OCC to grant relief to national banks or federal savings associations that develop innovative solutions intended to meet Bank Secrecy Act (BSA) requirements more efficiently and effectively.

For exemption requests from the OCC’s SAR regulation that would also require an exemption from FinCEN’s SAR regulation, a national bank and federal savings association would need to seek an exemption from both the OCC and FinCEN.

Feedback is requested within 30 days following publication of the notice in the Federal Register. [17 Dec 2020]

#Innovation

State financial regulators and the US Secret Service (USSS) have released a self-assessment resource for nonbank financial institutions in an effort to mitigate the rise of ransomware attacks.

A similar self-assessment tool was issued for banks in October 2020. [16 Dec 2020]

#Ransomware

The FDIC has released the 2020 Community Banking Study, a large-scale study on the state of community banks in the US. With regard to technology, the FDIC found that several factors drove community banks' adoption of technology, ranging from bank characteristics to the attitudes of bank leadership. Larger community banks and community banks with higher loan-to-asset ratios tended to be greater technology adopters. Chapter 6 of the study covers technology in community banks. [16 Dec 2020]

#OnlineLending

#Payments