FinTech Global Regulatory Round-up – w/e 4 February 2022

TSC: Economic Crime - 11th Report of Session 2021-22

The Treasury Committee (TSC) has published its Economic Crime Report. The Report follows up on the two reports covering different aspects of economic crime published in 2019 by the predecessor TSC. It looks at the effectiveness of measures taken to address economic crime since 2019 and at the HM Government’s (HMG's) Economic Crime Plan.

The Report makes a number of recommendations, of which the following five have been highlighted as key by the TSC:

• for HMG to make economic crime a priority for law enforcement;
• that the Online Safety Bill be amended to include fraud offences in the list of 'relevant offences' and that fraud be treaty as 'priority illegal content';
• that the Payment Systems Regulator (PSR) be given the powers to make it mandatory for payment service providers (PSPs) to reimburse victims of authorised push payment (APP) fraud;
• that consumer protection regulation be introduced for the cryptoasset industry; and
• that Companies House reforms be introduced as soon as possible rather than waiting for full transformation of Companies House. [2 Feb 2022]

#Cryptoassets

ASIC releases its quarterly update

The Australian Securities and Investments Commission (ASIC) has released its quarterly report for 1 October 2021 to 31 December 2021.

The report outlines a number of actions ASIC took during the quarter including the following:

• acting against misconduct such as by investigating matters arising from the Financial Services Royal Commission;
• driving better corporate governance such as by urging action on whistleblower polices and deterring illegal phoenix activity;
• upholding market integrity, for example, by issuing crypto-asset guidance and imposing additional ASX Group licence conditions; and
• helping industry meet new requirements, for example, by issuing information to explain the operation of the Financial Services and Credit Panel and responding to feedback from the financial advice industry on how to improve consumer access to affordable advice. [3 Feb 2021]

APRA releases its policy and supervision priorities for 2022

The Australian Prudential Regulation Authority (APRA) has released its policy and supervision priorities for the next 12 to 18 months. APRA’s key policy priorities are detailed here and its supervision priorities include:

• rectifying sub-standard industry practices in superannuation and eradicating unacceptable product performance;
• cyber risk preparedness and responsiveness across all industries APRA regulates;
• continuing to focus on risk culture, including rolling out a risk culture survey to benchmark perceived risk behaviours and the effectiveness of risk structures within entities;
• upgrading contingency and continuity frameworks; and
• ensuring sound insurance principles are applied in the insurance industries, with a focus on availability, affordability and sustainability of insurance.  [1 Feb 2021]

SFC and HKMA issue joint circular on VA-related activities

The SFC and the HKMA have released a joint circular on intermediaries' virtual asset (VA)-related activities.  When the SFC formulated its regulatory approach for VAs in 2018 (see our previous update), it imposed an overarching “professional investors only” restriction on various types of activity, including the distribution of VA funds.  Since then, the VA landscape has evolved rapidly and begun to expand into mainstream finance.  The SFC and the HKMA have therefore set out their updated guidance in the joint circular, which will replace the SFC circular of 1 November 2018 on distribution of VA funds.

Distribution of VA-related products

• Intermediaries distributing VA-related products considered to be complex products (except those considered to be complex exchange-traded derivatives) should comply with the SFC’s requirements which govern the sale of complex products, including ensuring the suitability of VA-related products, irrespective of whether or not there has been a solicitation or recommendation.
• The SFC and the HKMA have imposed investor protection measures (in addition to the requirements under the complex product regime) to cover specific risks associated with VA-related products.  With limited exceptions, VA-related products which are considered complex products should only be offered to professional investors (PIs).  Except for institutional PIs and qualified corporate PIs, intermediaries should conduct a client VA knowledge test.
• Intermediaries should also observe the selling restrictions in Hong Kong and other jurisdictions which may be applicable to a particular VA-related product, as well as other requirements such as provision of information and warning statements to clients.

Provision of VA dealing services

• Among other things, intermediaries should only partner with SFC-licensed VA trading platforms for the provision of VA dealing services, whether by way of introducing clients to the platforms for direct trading or establishing an omnibus account with the platforms. Such services should only be provided to PIs.
• The expected conduct requirements for intermediaries’ provision of VA dealing services under an omnibus account arrangement will be imposed by the SFC (and in consultation with the HKMA, where applicable) as licensing or registration conditions.

Provision of VA advisory services

• Intermediaries are expected to comply with all regulatory requirements imposed by the SFC and the HKMA when providing advisory services (irrespective of the nature of the VAs), as well as the expected conduct requirements under prescribed terms and conditions.

Appendices 1-6 supplement the guidance in the joint circular.  There will be a six-month transition period for intermediaries when serving existing clients of its VA-related activities before the full implementation of the expected requirements.  Intermediaries are reminded to notify the SFC (and the HKMA, where applicable) in advance if they intend to engage in VA-related activities, which include the distribution of VA-related products and the provision of VA dealing services.  [28 Jan 2022]

HKMA issues circular on regulatory approaches to AIs' interface with VAs and VASPs

The HKMA has issued a circular to provide authorised institutions (AIs) with regulatory guidance on what they should pay attention to when dealing with matters relating to virtual assets (VAs) and virtual asset service providers (VASPs).

AIs’ businesses may interface with VAs and VASPs through proprietary investment or provision of banking and investment services to customers, which may present a range of risks.  The HKMA adopts a risk-based approach to supervising AIs’ VA activities in line with applicable international standards and based on the principle of “same risk, same regulation”.  When launching new products or services, AIs should undertake risk assessments to identify and understand the associated risks before engaging in any VA activities.

The circular focuses on three areas:

• Prudential supervision – The HKMA does not currently intend to prohibit AIs from incurring financial exposures to VAs, such as through investment in VAs, lending against VAs as collateral, or allowing their customers to use credit cards or other payment services to acquire VAs.  This is on the premise that AIs have put in place adequate risk-management controls, with sufficient oversight by their senior management over such activities.  Specifically, AIs should conduct proper due diligence of the VAs to which they will incur exposures.
• Anti-money laundering and counter-terrorist financing risk – AIs should establish and implement effective policies, procedures and controls to manage and mitigate money laundering and terrorist financing risks, taking into account any relevant local and international guidance.  This includes where customers engage in VA-related activities through their bank accounts, and where AIs establish and maintain business relationships with VASPs.
• Investor protection – VA-related products are very likely to be considered as complex products.  AIs should take note of the SFC-HKMA joint circular on intermediaries' VA-related activities (see update above).

AIs intending to engage in VA activities should discuss with the HKMA (and other regulators where appropriate) and obtain the HKMA’s feedback on the adequacy of the institution’s risk-management controls before launching relevant products or services.

The HKMA will continue to collaborate with local and international regulators, keeping in view the evolving regulatory landscape and developments in VA-related products, services and activities, and will provide further guidance to AIs as appropriate and in line with international standards.  [28 Jan 2022]

#VASPs

Insurance Authority issues circular on regulatory approaches in relation to VAs and VASPs

The Insurance Authority has issued a circular to provide guidance to authorised insurers in relation to activities related to virtual assets (VAs) and virtual asset service providers (VASPs).

• Enterprise risks – In evaluating and addressing risks associated with VA-related activities, authorised insurers should ensure that they comply with the Guideline on Enterprise Risk Management (GL21), which requires an authorised insurer to have in place robust governance and processes to proactively identify and assess its risk exposures and to develop techniques to monitor, manage and mitigate its risks, taking into account all applicable legal and regulatory requirements.
• Investment risks - Authorised insurers should take account the factors outlined in section 7.6 of GL21 to control and mitigate investment risks associated with VA-related activities, including market, credit, liquidity and default risks.
• Cyber risks – VA-related activities or interaction with VASPs may expose authorised insurers to cyber risk.  As such, authorised insurers should comply with applicable requirements under GL21 (section 7.11) and the requirements under the Guideline on Cybersecurity (GL20).
• Conduct risks – Where VA-related activities form part of the process in arranging contracts of insurance (through premium payment) or carrying out obligations under contracts of insurance (coverage provided in relation to VAs or benefits linked to VAs), authorised insurers should have in place processes, controls and training to ensure that customers are treated fairly and are in a position to make informed decisions.  Authorised insurers should take note of section 10 of the Guidelines on Corporate Governance of Authorised Insurers (GL10) and section 7.10.3 of GL21.
• Anti-money laundering and counter-financing of terrorism risks (AML/CFT) – Authorised insurers carrying on long-term business should evaluate the VA-related activities or interactions with VASPs in the context of their obligations under the Anti-Money Laundering and Counter-Terrorist Financing Ordinance and the Guideline on AML/CFT (GL3).
• Compliance with laws outside Hong Kong – Authorised insurers should be aware that approaches to regulation, supervision and enforcement governing VA activities and VASPs vary across different jurisdictions.  When authorised insurers seek to provide service to policyholders located outside Hong Kong, attention should be placed on all applicable laws (locally and abroad).

Authorised insurers contemplating involvement in VA-related activities are strongly advised to inform and obtain advice from the Insurance Authority on the adequacy of their risk-management controls before launching any new products or services (including forming any type of relationship with VASPs).  [28 Jan 2022]

#VASPs

HKMA publishes materials for upcoming briefing to LegCo Panel on Financial Affairs on 7 February 2022

The HKMA has published presentation materials for its upcoming briefing to the Legislative Council (LegCo) Panel on Financial Affairs on 7 February 2022.  Updates are provided in various areas, including in relation to financial infrastructure:

• "Fintech 2025" strategy – Considerable progress has been made on various initiatives, including research relating to retail and wholesale central bank digital currencies (slide 70). [28 Jan 2022]

MAS-led industry group publishes assessment methodologies for responsible use of AI

The Monetary Authority of Singapore (MAS) has announced the release of five white papers detailing assessment methodologies for the Fairness, Ethics, Accountability and Transparency (FEAT) principles, to guide the responsible use of AI by financial institutions (FIs).

The white papers were published by a MAS-led industry group, the Veritas Consortium. The Consortium has also released an open-source toolkit to help FIs adopt the Fairness Assessment Methodology.

The white papers provide:

• a comprehensive FEAT checklist for FIs to adopt during their AI and Data Analytics (AIDA) software development lifecycles;
• an enhanced Fairness Assessment Methodology to enable FIs to define their AIDA system’s fairness objectives, identify personal attributes of individuals and any unintentional bias;
• a new Ethics and Accountability Assessment Methodology, which provides a framework for FIs to carry out quantifiable measurement of ethical practices, in addition to the qualitative practices currently adopted; and
• a new Transparency Assessment Methodology which helps FIs determine whether and how much internal/external transparency is needed to explain and interpret the predictions of machine learning models.

In the next phase, the group will develop additional use cases and run pilots with selected FI members to integrate the methodologies with members’ existing governance framework. MAS is also collaborating with the Infocomm Media Development Authority and the Personal Data Protection Commission (PDPC) to include the Toolkit in the PDPC’s Trustworthy AI testing framework.  [4 Feb 2022]

#Data

OJK publishes new draft regulation on capital participation by banks

The Indonesian Financial Services Authority (OJK) has published a draft regulation (in Bahasa Indonesia) on capital participation by banks and invited members of the public to provide feedback. The draft regulation is intended to replace the prevailing OJK Regulation No. 36 of 2017 on the Prudential Principles for Capital Participation Activities (OJK Regulation 36/2017).

The changes that the draft regulation seek to introduce include relaxation on certain requirements in OJK Regulation 36/2017. For example, the draft regulation allows banks to invest not only in financial services institutions but also companies which utilise technology to provide financial products, such as e-money and e-wallet operators. The closed list of the types of companies that a bank’s subsidiary can invest in that is provided in OJK Regulation 36/2017 is also not found in the draft regulation, suggesting that banks’ subsidiaries may be allowed to invest in more types of companies in the future.

Feedback on the draft regulation may be provided by 4 February 2022. There is no information yet on when this draft regulation is expected to be enacted.  [4 Feb 2022]

#E-money

#E-walletOperators

BoT consults on repositioning the financial sector for a sustainable digital economy

The Bank of Thailand (BoT) has launched a consultation, 'Repositioning Thailand’s Financial Sector for a Sustainable Digital Economy’, which sets out the BoT’s underlying principles and policy directions in the new financial landscape.

With regards to that landscape, the BoT explains that it expects the financial sector to:

• leverage on technological advancement to drive innovation and provide inclusive financial services and consumer protection in a level playing field and competitive environment;
• facilitate the transition of businesses and households in adapting to a digital economy as well as in effectively managing environmental risks; and
• be resilient to significant and emerging risks, without transmitting them to the system or consumers at large, while the BOT proposes a more flexible regulatory framework that bares minimum regulatory burdens to the financial service providers.

Feedback is requested by 28 February 2022.  [1 Feb 2022]