FinTech Global Regulatory Round-up – w/e 26 November 2021

FCA publishes responses to questions submitted to its Annual Public Meeting

The FCA has published its responses to questions which were submitted to its Annual Public Meeting on 28 September 2021, but which were not answered during the meeting. Topics covered include: cryptoassets; operational resilience; FCA's approach to investigations during Covid; open finance and open banking; and more. [25 Nov 2021]

#OpRes

#OpenFinance

PRA consultation on operational resilience and operational continuity in resolution

The PRA has published a consultation paper on operational resilience and operational continuity in resolution (CP21/21).  The consultation sets out the PRA's proposals to apply the group provisions in the Operational Resilience Part of the PRA Rulebook relevant to Capital Requirements Regulation (CRR) firms to holding companies, and to make other minor formatting and clarification amendments to the Operational Resilience and Operational Continuity Parts of the PRA Rulebook.

The proposals are relevant to different types of firms as follows:

• Operational Resilience: UK banks, building societies, PRA-designated investment firms, financial holding companies, mixed financial holding companies, UK Solvency II firms, and the Society of Lloyd’s and its managing agents.
• Operational Continuity in Resolution: UK banks, building societies, PRA-designated UK investment firms currently in scope of, or likely to come in scope of, the Operational Continuity Part of the PRA Rulebook.

The PRA proposes that the implementation date for the changes resulting from CP21/21 would be:

• 31 March 2022 for Operational Resilience; and
• 1 January 2023 for Operational Continuity in Resolution.

Responses are requested by 14 January 2022. [25 Nov 2021]

HMT: Economic Secretary's speech at the UK Finance Annual Dinner

HM Treasury (HMT) has published the speech delivered by John Glen, Economic Secretary, at the UK Finance Annual Dinner. Mr Glen made reference to a range of issues relevant to financial services, from the impact of Covid to tackling climate change to FinTech and innovation.

In particular, he provided an update on the Wholesale Markets Review, noting that there was broad consensus across many of the issues set out in the consultation. A full summary of the responses will be published in early 2022; this will also set out HM Government's (HMG's) plans for taking the work forward. However, Mr Glen used the opportunity provided to highlight some forthcoming changes, advising that HMG will:

• revoke the share trading obligation and the double volume cap;
• recalibrate the transparency regime for fixed income and derivatives markets; and
• reduce the scope of the position limits regime for commodity derivatives and transfer the setting of position limit controls from the FCA to trading venues.

Also during the speech, Mr Glen noted that the Financial Ombudsman Service (FOS) is due to publish the outcome of the independent review into how to improve its operational effectiveness shortly. [24 Nov 2021]

#Innovation

#WholesaleMarketsReview

FOS highlights 30% increase in 'authorised' scam complaints

The FOS has published a press release reporting that it has seen a 30% increase in 'authorised' scam complaints. The FOS received a total of 4,488 complaints about fraud and scams from July to September 2021 and upheld over 60% in the consumers’ favour. Of this figure, 2,243 complaints were about 'authorised' scams compared to 1,725 in July to September 2020. The vast majority of such complaints are authorised push payments (APP) where the victim is tricked into making bank transfers to an account posing as a legitimate payee. [24 Nov 2021]

CMA: Report on terms of reference - OBIE

The Competition and Markets Authority (CMA) has published the terms of reference for a review to be carried out of the lessons that can be learned from recent issues at the Open Banking Implementation Entity (OBIE). The terms of reference for the review state that, although it will not revisit the questions considered by the independent investigation into the OBIE, it will take its findings into account.

The review will be completed within six months and its findings will be reported to the CMA Board and published. [23 Nov 2021] 

#OpenBanking 

BoE: Speech on enhancing cross-border payments

The BoE has published a speech by Victoria Cleland, Executive Director for Banking, Payments and Innovation, on how central banks and the private sector will work together to improve cost, speed, transparency and access to cross-border payments. Ms Cleland makes particular note of the BoE's focus on its Real Time Gross Settlement (RTGS) Renewal Programme to upgrade its core settlement services. [22 Nov 2021]

EP: Political agreement reached on DLT pilot regime

The European Parliament (EP) has published a press release announcing that it has reached agreement with the Council of the EU on the Regulation on distributed ledger technology (DLT) based market infrastructures (DLT pilot regime). The press release states that:

• Council of the EU and EP have agreed that financial instruments using the DLT market should be limited and subject to value thresholds; and
• safeguards, including defined liability to clients for losses due to operational failures, will be built into DLT trading and settlement systems. [25 Nov 2021]

The European Council (EC) has adopted its position on two proposals that are part of the digital finance package: the ‘Regulation on Markets in Crypto Assets' (MiCA) and the ‘Digital Operational Resilience Act' (DORA). The EC and European Parliament (EP) will now enter trilogue negotiations on the proposals. Once a provisional political agreement is found between their negotiators, both institutions will formally adopt the regulations. [24 Nov 2021]

#MiCA

#DORA 

ECB: New framework for overseeing electronic payments

The ECB’s Governing Council has approved a new oversight framework for electronic payments following a public consultation. The Eurosystem oversight framework for electronic payment instruments, schemes and arrangements (PISA framework) includes an assessment methodology and an exemption policy. It replaces the current Eurosystem oversight approach for payment instruments and complements the Eurosystem’s oversight of payment systems. The Eurosystem will use the new framework to oversee companies enabling or supporting the use of payment cards, credit transfers, direct debits, e-money transfers and digital payment tokens, including electronic wallets. The PISA framework will also cover crypto-asset-related services, such as the acceptance of crypto-assets by merchants within a card payment scheme and the option to send, receive or pay with crypto-assets via an electronic wallet.

Companies that are already subject to Eurosystem oversight are expected to adhere to the principles of the new framework by 15 November 2022. Other companies will have a grace period of one year from the moment they are notified that they will be subject to oversight under the new framework. [22 Nov 2021]

#DigitalPaymentTokens

#Cryptoassets 

APRA: Improving cyber resilience - the role boards have to play

In response an increased threat of cyber security, APRA has created a strategy that reinforces its view that cyber resilience must be strengthened.

The strategy has undertaken two pilot initiatives: a technology resilience data collection and an independent assessment against the requirements of APRA’s Information Security Prudential Standard.

The two pilots concluded that boards need to take a more active role in:

• reviewing and challenging information reported by management on cyber resilience;
• ensuring their entities can recover from high-impact cyber-attacks; and
• ensuring information security controls are effective across supply chains.

APRA intends to continue rolling out its independent assessment to entities in the banking, superannuation and insurance industries with the intention to deliver insights that will lift practices and enhance cyber resilience. [23 Nov 2021]

#CyberAttacks

Speech by ASIC Chair Joe Longo at the AFR Super & Wealth Summit - Responsibility amid change

At the Australian Financial Review Super & Wealth Summit, ASIC Chair, Joe Longo, gave a speech regarding ASIC’s responsibility amid change noting the following key points:

• ASIC’s intention is to regulate in a way that supports legitimate business activity and allows for the independent discharge of ASIC’s key regulatory and enforcement responsibilities;
• ASIC’s role has expanded to enable it to regulate superannuation trustee conduct, and
• ASIC is working with Treasury to assist with cryptocurrency and digital asset regulation, decentralised autonomous organisations, and tax and anti-money laundering and counter-terrorism regimes in the digital world.  [22 Nov 2021]

SFC issues restriction notices to freeze client accounts linked to suspected social media ramp-and-dump scam

The SFC has issued restriction notices to Emperor Securities Limited and Get Nice Securities Limited, prohibiting them from dealing with or processing certain assets held in 17 client trading accounts which are related to a suspected social media ramp-and-dump scam involving their clients where there was market manipulation in the shares of a Hong Kong-listed company in late October 2021.  The SFC considers that the issue of the restriction notices is desirable in the interest of the investing public or in the public interest.  It conducted a search operation after issuing the restriction notices.

The restriction notices prohibit the two brokerage firms, without the SFC's prior written consent, from disposing of or dealing with (or assisting, counselling or procuring another person to dispose of or deal with) any assets in any way in the trading accounts, including:

• entering into transactions in respect of any securities;
• processing any withdrawals or transfers of securities and/or cash on the instructions of any authorised person of the accounts or by any person acting on their behalf;
• disposing of or dealing with any securities and/or cash on the instructions of any authorised person of the accounts or by any person acting on their behalf; and/or
• assisting another person to dispose of any relevant property or deal with any relevant property in a specified manner.

The brokers are also required to notify the SFC if they receive any of the above instructions.

The SFC's investigation is continuing.  [26 Nov 2021]

HKMA publishes fourth issue of Regtech Adoption Practice Guide on regulatory reporting and stress testing

The HKMA has published the fourth issue of the Regtech Adoption Practice Guide, focusing on regtech solutions designed for regulatory reporting and stress testing.  The guide series was launched by the HKMA in June 2021 as part of its regtech adoption roadmap to provide banks with detailed practical guidance on the adoption of regtech solutions (see our previous update).

Banks are often challenged by the need to extract data from multiple systems, which were often designed and implemented before the latest regulatory reporting or stress testing requirements became effective.  This practice guide issue provides practical guidance to help banks plan the implementation of regtech solutions that could alleviate some of the pain points encountered in regulatory reporting and stress testing.  It offers advice on how banks can establish a sustainable and robust governance framework powered by technology to fulfil evolving reporting and stress testing requirements.  [26 Nov 2021]

Government provides overview and materials on Hong Kong Fintech Week 2021 which concluded on 5 November 2021

The government has issued a press release to provide an overview of the Hong Kong Fintech Week 2021 which concluded on 5 November 2021. The event championed "Scaling Fintech Future Together", a celebration of Hong Kong as an attractive hub for start-ups and scale-ups in the region, and a showcase of fintech collaboration.  It was the first Hong Kong Fintech Week held in a hybrid format (both in person and online).

The press release summed up the new policy measures and proposals announced by the government and the regulators as well as industry initiatives and insights discussed at the event, providing hyperlinks to the video recordings of the key sessions.  The video recordings can also be accessed via the event YouTube channel.

Highlights of the key proposals and initiatives announced at the event are included in our previous update.  [22 Nov 2021]

MAS speech: Chongqing Connectivity in Digitalisation and Sustainability

The Monetary Authority of Singapore (MAS) has released the transcript of the keynote speech given by Ravi Menon, the Managing Director of MAS, at the Singapore-China (Chongqing) Financial Summit.

Mr Menon observed that financial connectivity between Singapore and Western China has strengthened with cross-border financing volumes growing substantively over the years.  He spoke about increasing the competitiveness of China-Singapore (Chongqing) Connectivity Initiative – International Land Sea Trade Corridor (CCI-ILSTC) through trade digitalisation and how Singapore and Chongqing could work together to mobilise green financing and investments in a safe, sound and orderly manner.  [23 Nov 2021]

SECT consults on draft regulations on banning services relating to privacy coins

The Securities and Exchange Commission, Thailand (SECT) is seeking comments on its proposed regulations for prohibiting digital asset business operators from providing services relating to privacy coins. The purpose behind the regulations is to prevent the misuse of digital assets as a tool for committing a crime.

Comments are requested by 21 December 2021.  [22 Nov 2021]

Federal Bank Regulatory Agencies Issue Joint Statement on Crypto-Asset Policy Initiative and Next Steps

The Board of Governors of the Federal Reserve System (Fed), the Federal Deposit Insurance Corporation (FDIC), and the Office of the Comptroller of the Currency (OCC) issued a statement summarizing their interagency "policy sprints" focused on crypto-assets and providing a roadmap of future work related to crypto-assets. In particular, the statement describes the focus of the preliminary work conducted through the sprints undertaken by the agencies. It summarizes the agencies' plan to provide greater clarity throughout 2022 on whether certain crypto-related activities conducted by banking organizations are legally permissible, and related expectations for safety and soundness, consumer protection, and compliance with existing law and regulations.  [23 Nov 2021]

OCC Clarifies Bank Authority to Engage in Certain Cryptocurrency Activities and Authority of OCC to Charter National Trust Banks

The OCC published a letter confirming that national banks and federal savings associations must demonstrate that they have adequate controls in place before they can engage in certain cryptocurrency, distributed ledger, and stablecoin activities.

Shortly after taking office, Acting Comptroller Michael J. Hsu announced a review of OCC Interpretive Letters 1170, 1172, and 1174, issued in 2020 and 2021. The letter clarifies that the activities addressed in the previous interpretive letters may be conducted after a bank notifies its supervisory office of its intent to engage in the activities, and after a bank receives written notification of the supervisory office's non-objection. The bank should not engage in the activity until it receives a non-objection from its supervisory office.  [23 Nov 2021]

Federal Bank Regulatory Agencies Approve Final Rule Requiring Computer-Security Incident Notification

The OCC, the Fed, and the FDIC published a final rule to establish computer-security incident notification requirements for banking organizations and their bank service providers.

The final rule requires a banking organization to notify its primary federal regulator of any significant computer-security incident as soon as possible and no later than 36 hours after the banking organization determines that a cyber incident has occurred. Notification is required for incidents that have materially affected—or are reasonably likely to materially affect—the viability of a banking organization’s operations, its ability to deliver banking products and services, or the stability of the financial sector.

In addition, the final rule requires a bank service provider to notify affected banking organization customers as soon as possible when the provider determines that it has experienced a computer-security incident that has materially affected or is reasonably likely to materially affect banking organization customers for four or more hours. Compliance with the final rule is required by May 1, 2022.  [18 Nov 2021]

#IncidentReporting