In this regular update, we round-up FinTech-related regulatory developments for the week ending 20 August 2021.
UK
FCA: Updated webpage - SCAThe FCA has updated its webpage on strong customer authentication (SCA). The update concerns the FCA's decision not to incorporate the European Banking Authority’s (EBA) view of 'inherence' in its Approach Document. This decision follows on from the FCA's Consultation Paper 21/3 (CP21/3) earlier this year. [20 Aug 2021] |
#Payments
#SCA |
FCA: Portfolio strategy letter on IBCFThe FCA has published a template version of its 'Dear CEO' letter setting out its supervisory strategy for firms in the investment-based crowdfunding (IBCF) portfolio. Having previously written to all IBCF firms in February 2020 setting out its concerns and expectations for the IBCF market, the FCA has provided an update on its view of the key risks it has seen in the IBCF market, its expectations of firms, and a summary of the work it intends to undertake. The FCA also reminds firms that it will use the Senior Managers and Certification Regime (SMCR), which applied to IBCF platforms from 9 December 2019, to engage directly with accountable individuals on areas of concern. [17 Aug 2021] |
#Crowdfunding |
Australia
Federal Court considers efficacy of publishing misconduct notices on mobile banking appsThe Federal Court of Australia has considered whether it is appropriate to publish misconduct notices on a bank’s app acknowledging its false or misleading deceptive conduct by overcharging interest on business overdraft accounts. The Court indicated that the time had come to reconsider the approach to such orders. Section 12GLB of the Australian Securities and Investments Commission Act 2001 (Cth) (ASIC Act) allows the Court to make punitive orders requiring adverse publicity. The Court ultimately determined that it was not appropriate to publish misconduct notices on the bank’s app based on the evidence and circumstances. In coming to this conclusion, the Court considered the informative function that would be satisfied by publishing the misconduct notices on the bank’s app, the punitive effects the order would have on the bank and its customers, and the extent to which it could be mitigated. In considering the non-punitive purpose of informing the public, the Court accepted that the publication of the misconduct notice would inform the relevant audience of the misconduct while recognising that there was likely to be a significant “overspill” for customers using the bank’s app to whom the misconduct notices did not relate to and who were unaware of the context. In considering the punitive purpose, the Court reluctantly made a finding of fact based on the evidence that there was not an insignificant risk that the misconduct notices were open to be misinterpreted by the users of the bank’s app with lower literacy rates. The Court also accepted based on the evidence that it may cause some customers to be confused, anxious, distressed, alarmed, suspicious, and/or uncertain, which may have further consequences on how consumers conduct their finances. Accordingly, the Court was not satisfied of the punitive purpose and consumer-protection functions of s 12GLB of the ASIC Act would be advanced. In considering mitigation, the Court found that without experimentation and research as to the potential consequences of the publication would have on the bank and its customers, it was not satisfied that the order would achieve the punitive and non-punitive purposes of s 12GLB of the ASIC Act. The Court made further observations that there was merit in rethinking the approach to how an adverse publication notice is made under s 12GLB of the ASIC Act. Although the Court was satisfied that the ordering of publications on the bank’s website and newsroom had some limited utility, the Court was not convinced that it was optimal. The Court ultimately left open, that on other evidence, it would not be inappropriate to make an order requiring misconduct notices to be published on a bank’s app. The orders made by the Court required the Bank to:
The bank was found to have breached the law on 12,119 occasions when it charged higher-than-advised interest rates on business overdraft accounts. The bank was ordered to pay a penalty of $7 million for the misconduct. [16 Aug 2021] |
#MobileBanking
#Apps |
Indonesia
OJK issued new regulation on commercial banksOJK has published on its website OJK Regulation No. 12/POJK.03/2021 on Commercial Banks (in Indonesian language). It is as a new implementing regulation to the Indonesian banking law (in Indonesian language) and aimed to, among others, align the Indonesian banking regulatory framework with the rapid development brought about by digitalisation in the banking sector and strengthen banks’ resilience. The new regulation will come into effect on 30 October 2021. Some notable changes introduced are as follows:
The new regulation will also revoke several existing regulations and provisions, including Bank Indonesia Regulation No. 11/1/PBI/2009 on Commercial Banks and OJK Regulation No. 6/POJK.03/2016 on Banks’ Business Activities and Office Network Based on Core Capital (both in Indonesian language). [20 Aug 2021] |
#Digitalisation
#DigitalBanks |
Thailand
BOT retail CBDC pilotBased on findings from a study it has undertaken and feedback received through a public consultation exercise, the Bank of Thailand (BOT) has established guidelines for the development and testing of a retail central bank digital currency (CBDC) in a real-life environment (Pilot Test) under two tracks:
|
#CBDCs |
BOT announces launch of Indonesia and Thailand cross-border QR payment linkageThe BOT has announced the launch of the Indonesian and Thai cross-border QR payment linkage. The launch is the project’s pilot phase, in preparation for full commercial launch in 2022. At this stage, users from Indonesia are now able to use their mobile payment applications to scan Thai QR Codes to make payments to merchants across Thailand. Likewise, users from Thailand are now able to use their mobile payment applications to scan QRIS (Quick Response Code Indonesian Standard) to pay for goods and services at merchants in Indonesia and also use this service for their cross-border e-commerce transactions. [17 Aug 2021] |
#Payments
#QRCodes #Innovation |
India
SEBI circular on ‘security and covenant monitoring’ using DLTSEBI has released a circular on ‘security and covenant monitoring’ using distributed ledger technology (DLT). SEBI has previously outlined the process for independent ‘due diligence’ by debenture trustee(s) on assets of an issuer company for the purpose of creation of security and ‘periodical monitoring’ of security created and enhanced disclosures on the website by debenture trustee(s) on a continuous basis. SEBI established a working group to consider ways to strengthen the process of security creation, monitoring of security creation, monitoring of asset cover and covenants of the non-convertible securities. The working group recommended the development of a platform, the ‘Security and Covenant Monitoring System’, to be hosted by depositories which will use DLT. The circular describes the roles and responsibilities of various stakeholders in the new system. The system is due to come into effect from 1 April 2022; testing will commence from 1 January 2022. [13 Aug 2021] |
#DLT |
US
DoJ Announces that Ohio Resident Pleads Guilty to Operating Darknet-Based Bitcoin 'Mixer' That Laundered Over $300 MillionThe Department of Justice (DoJ) has announced that an Ohio man pleaded guilty to a money laundering conspiracy arising from his operation of a Darknet-based cryptocurrency laundering service. According to court documents, the defendant admitted that he operated the cryptocurrency laundering service from 2014 to 2017. It functioned as a bitcoin 'mixer' or 'tumbler', allowing customers, for a fee, to send bitcoin to designated recipients in a manner that was designed to conceal the source or owner of the bitcoin. The cryptocurrency laundering service was linked to and associated with a Darknet search engine also run by the defendant. The defendant advertised the cryptocurrency laundering service to customers on the Darknet to conceal transactions from law enforcement. [18 Aug 2021] |
#Cryptocurrency
#Bitcoin #AML #DarkNet |
FINRA Reminds Firms of their Supervisory Obligations Related to Outsourcing to Third-Party VendorsThe Financial Industry Regulatory Authority (FINRA) has published a Notice stating that member firms are increasingly using third-party vendors to perform a wide range of core business and regulatory oversight functions. FINRA's Notice aims to remind member firms of their obligation to establish and maintain a supervisory system, including written supervisory procedures (WSPs), for any activities or functions performed by third-party vendors, including any sub-vendors (collectively, vendors), that is reasonably designed and compliant with applicable securities laws and regulations and FINRA rules. The Notice reiterated applicable regulatory obligations; summarized recent trends in examination findings, observations and disciplinary actions; and provided questions member firms may consider when evaluating their systems, procedures and controls relating to Vendor management. [13 Aug 2021] |
#Outsourcing |
FFIEC Issues Guidance on Authentication and Access to Financial Institution Services and SystemsThe Federal Financial Institutions Examination Council (FFIEC) has issued guidance that provides financial institutions with examples of effective authentication and access risk management principles and practices for customers, employees, and third parties accessing digital banking services and information systems. The guidance:
|
#RiskManagement
#DigitalBanking #CyberSecurity |
Key contacts
Disclaimer
The articles published on this website, current at the dates of publication set out above, are for reference purposes only. They do not constitute legal advice and should not be relied upon as such. Specific legal advice about your specific circumstances should always be sought separately before taking any action.