FinTech Global Regulatory Round-up – w/e 19 February 2021

The UK Government (UKG) has welcomed the European Commission's draft data adequacy decisions under the EU General Data Protection Regulation (EU GDPR) and the Law Enforcement Directive (LED). Positive data adequacy decisions would ensure the continued free flow of personal data from the EU and European Economic Area (EEA) to the UK. The draft decisions will be shared with the European Data Protection Board (EDPB) for a ‘non-binding opinion’, and will then be presented to EU member states (MS) for formal approval. [19 Feb 2021]

#GDPR

#LED

The FCA has issued the February 2021 edition of its Regulation Round-up, which covered, among other topics,

• changes to the technical standards on strong customer authentication (SCA-RTS) and the FCA's approach to regulating payments and e-money firms; and
• the Woolard Review. [18 Feb 2021]

#E-money

#WoolardReview

#BNPL

The UK Information Commissioner's Office (ICO) has announced the launch of a data analytics toolkit. The toolkit takes organisations through some of the key data protection points which they should consider when planning projects which involve data analytics and personal data. The toolkit is part of the ICO's Artificial Intelligence (AI) priority work, and builds on the ICO's earlier Guidance on Explaining Decisions Made with AI and Guidance on AI and Data Protection. [17 Feb 2021]

#AI

#DataProtection

The FCA has published an Insight article which considers the potential of digital identity. The article draws on the FCA's experience in Sandbox exercises, and highlights a number of opportunities and challenges for both consumers and financial institutions. [15 Feb 2021]

#DigitalID

The European Insurance and Occupational Pensions Authority (EIOPA) has published a report detailing its Union-wide strategic supervisory priorities, which are informed by an assessment of the key risks and vulnerabilities in the insurance and occupational pensions sectors. National Competent Authorities (NCAs) are expected to take into account these priorities when drawing up their work programmes and shall notify EIOPA accordingly. The two priorities, listed below, should be read in the context of Covid-19 and the prolonged low-yield environment:

• business model sustainability - NCAs are expected to focus their supervisory activities on monitoring the impact of Covid-19 and the prolonged low-yield environment on the business model sustainability and development of insurers and institutions for occupational retirement provision (IORPs); and
• adequate product design, including via a close monitoring of product oversight and governance (POG) - NCAs are expected to focus their supervisory activities on monitoring the impact of Covid-19 on products and ensuring that POG requirements and other relevant consumer protection and conduct of business related-requirements are adequately implemented to address the deficiencies which emerged during Covid-19.

The report also stressed the importance of properly supervising digital transformation. [19 Feb 2021]

An Australian Securities & Investments Commission (ASIC) Commissioner gave a speech to the Australian Finance Industry Association (AFIA) Risk Summit. He spoke about ASIC’s work in the Buy Now Pay Later (BNPL) sector, and AFIA’s work on developing a voluntary code of practice in the area. ASIC encourages the industry to develop a robust code that focuses on fair outcomes for consumers. He then discussed the role of design and distribution obligations (DDOs) and ASIC’s product intervention powers. He highlighted that to comply with DDOs, firms must introduce and maintain effective product governance arrangements focused on consumer outcomes. He also highlighted that as industry steps-up to manage both financial and non-financial risks, ASIC will only need to use its product intervention powers when early-warning signs of harm and misconduct require it to do so. Finally, he outlined other topics on ASIC’s agenda for 2021, including responsible lending, Royal Commission reforms, consumer remediation, cyber security and technology infrastructure.  [16 Feb 2021]

#TechInfrastructure

The Securities and Futures Commission (SFC) issued restriction notices to 13 licensed brokers, prohibiting them from dealing with or processing certain assets held in 54 trading accounts. The accounts are related to suspected market manipulation activities in the shares of a Hong Kong-listed company between September to November 2020 via a social media ramp-and-dump scam.  The SFC's investigation is ongoing.

The restriction notices prohibit the brokers from disposing of or dealing with (or assisting, counselling or procuring another person to dispose of or deal with) any assets in any way in the trading accounts up to a certain amount, unless with the SFC’s prior written consent, including:

• entering into transactions in respect of any securities;
• processing any withdrawals or transfers of securities and/or cash;
• disposing of or dealing with any securities and/or cash; and
• assisting another person to dispose of or deal with any relevant property in a specified manner.

The brokers are also required to notify the SFC if they receive any of the above instructions. The SFC considers the restriction notices to be in the interest of the investing public or in the public interest.  [18 Feb 2021]

#SocialMedia

The Monetary Authority of Singapore (MAS) has published a series of replies to Parliamentary Questions. The replies are as follows:

• written reply on trading fuelled by online discussions and social media chat: MAS discusses the size of the increase in securities trading fuelled by online discussions, the protections against such activities destabilising the operation of the securities market, and whether MAS is considering safeguards;
• oral reply on unauthorised banking transactions: MAS identifies the number of reports made annually by consumers regarding unauthorised bank transactions, and the passwords/authentications in place in each case, and the available recourse for consumers who suspect that they are victims of cybercrime or mobile device hacking
• written reply on take-up relief packages offered by financial institutions: MAS addresses the number of borrowers who have applied for such relief and the number of borrowers expected to have problems transitioning back to full loan repayment. [16 Feb 2021]

#Cyber

As announced in the Statement on Developmental and Regulatory Policies, the Reserve Bank of India (RBI) has released the Master Direction on Digital Payment Security Controls.

The Master Direction provides necessary guidelines for Regulated Entities (Scheduled Commercial Banks, Small Finance Banks, Payment Banks and Credit Card issuing NBFCs) to set up governance structures and implement common minimum standards of security controls for digital payment products and services. The guidelines are technology and platform agnostic and aim to create an enhanced and enabling environment for customers to use digital payment products in a more safe and secure manner.

The Master Direction consolidates control aspects of governance and management of Security Risks, Generic Security Controls, Application Security Life Cycle (ASLC), Authentication Framework, Fraud Risk Management, Reconciliation Mechanism, Customer Protection, Awareness and Grievance Redressal Mechanism. It additionally considers specific controls related to internet banking, mobile payments application security controls and card payments security. [18 Feb 2021]

The Federal Reserve (Fed) has published the record for the February 2021 meeting between its Federal Advisory Council (FAC) and Board. The meeting covered topics including current market conditions; agriculture; forbearance; current economic conditions; the outlook for banking in 2021; financial technologies (FinTech) and access to the Fed system; climate change; and Fed policy. [16 Feb 2021]

The New York Department of Financial Services (NYDFS) has issued a cybersecurity fraud alert to regulated entities, highlighting a widespread cybercrime campaign to steal consumers’ nonpublic information (NPI) from public-facing websites that transmit or display redacted NPI, for example websites that provide instant insurance rate quotes. The purpose of the fraud appears to be to use the stolen NPI to fraudulently apply for Covid-19-related and/or unemployment benefits. The alert summarizes techniques used by cybercriminals and outlines cybersecurity measures firms can take to better protect consumer data. [16 Feb 2021]

#Fraud

#DataProtection

The US House Committee on Financial Services held a virtual hearing on February 18, 2021, titled “Game Stopped? Who Wins and Loses When Short Sellers, Social Media, and Retail Investors Collide”. Notably, testimony was given by several Chief Executive Officers (CEOs) whose firms have been associated with recent market volatility, particularly in respect of the trading in GameStop stock. [12 Feb 2021]

#SocialMedia

The US Treasury hosted its inaugural US Financial Sector Innovation Policy Roundtable on February 9 and 10, 2021. The Roundtable brought together policymakers and regulators with experts from the private sector to exchange views for collaborating on policy issues and innovative technologies that support global financial integrity, while fostering economic recovery, competitiveness, and financial inclusion. The Treasury’s press release also includes opening remarks delivered by Secretary Janet L Yellen. [10 Feb 2021]