FinTech Global FS Regulatory Round-up – w/e 17 June 2022

BIS: Innovation Hub announces new projects and publishes bulletin on crypto and DeFi

The Bank for International Settlements (BIS) Innovation Hub has announced a new set of projects across its various centres, updating its 2022 work programme. They include the first three projects of the upcoming Eurosystem Centre and the first comprehensive explorations in cyber security. The Innovation Hub will also expand its portfolio in the areas of green finance and supervisory and regulatory technology (regtech and suptech). The first three Eurosystem Centre projects are:

• cryptocurrency market intelligence platform;
• post-quantum cryptography: securing the privacy of payments systems; and
• increasing the transparency of climate-related disclosures.

The BIS has also published a bulletin entitled Miners as intermediaries: extractable value and market manipulation in crypto and DeFi. The bulletin takes a closer look at cryptocurrencies such as Ethereum and decentralised finance (DeFi), and the concept of miners as intermediaries. [17 Jun 2022]

#DeFi

FCA CEO speech on shaping the rules for a data-driven future

The FCA has published the speech delivered by its CEO Nikhil Rathi at the Dutch Authority for the Financial Markets (AFM) 20th anniversary seminar. Among the key points from Mr Rathi's speech which the FCA has highlighted are:

• that the value of consumer data has soared and often consumers trade privacy for expediency;
• in the next five years, the FCA expects to become as much a regulator of data as a financial one;
• while data can help institutions identify risk, it can also entrench bias and make it more difficult for consumers to access loans or products such as insurance;
• international coordination will be increasingly vital with the rise in risk associated with digitalisation and gamification; and
• investment in tech and skills is the key to staying ahead. [16 Jun 2022]

#Digitalisation

BEIS publishes report on innovation friendly regulation

The Department for Business, Energy & Industrial Strategy (BEIS) has published the report delivered by the Regulatory Horizons Council, an independent expert committee commissioned by BEIS, on closing the gap between principles and practices for innovation friendly regulation.  The Council has set out six 'focal points' to inform the approach to facilitating innovation:

• regulation should adopt a proportionate approach to benefits and risks;
• regulation and innovation should embrace ethics and public engagement;
• regulation should take account of commercial considerations and the need to attract investment;
• regulatory design and implementation should consider alternative forms of regulation;
• regulation needs to get the timing right; and
• regulators should foster a culture of openness and a growth mindset.

To prepare the report, the Council engaged with a number of regulators, including the FCA, the Financial Reporting Council (FRC), the Information Commissioner's Office (ICO), the Solicitors Regulation Authority (SRA), and more. A number of case studies are included in the report, including one on the FCA's TechSprints and one on the Digital Regulatory Cooperation Forum (which brings together the Competition and Markets Authority (CMA), the ICO, the Office of Communications (Ofcom) and the FCA). [16 Jun 2022]

Draft SI amending the MLRs – crypto-assets, information and intelligence sharing, etc

The draft of The Money Laundering and Terrorist Financing (Amendment) (No. 2) Regulations 2022 has been published. This draft statutory instrument (SI) will update the existing UK anti-money laundering (AML) legislation, making changes to The Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (MLRs). The draft SI has been limited to a number of specific measures, while the separate review underway of the MLRs is intended to shape the UK’s broader direction on AML for the coming years.

Among other matters, the draft SI covers:

• insertion of a new Part 7A into the MLRs to expand the information sharing standard for wire/bank transfers to transfers involving crypto-assets (referred to as the 'Travel Rule');
• requirements for proposed acquirers of crypto-asset firms to notify the FCA ahead of such acquisitions and provision for the FCA to undertake 'fit and proper' assessments of the acquirer;
• powers for the FCA and HM Revenue and Customs (HMRC) to publish notices of refusal of registration under the MLRs;
• extension of the FCA's current powers of direction for crypto-asset firms to Annex 1 firms;
• amendment to the MLRs to strengthen the mitigation of proliferation financing (PF) risk;
• removal of the requirements in Part 5A of the MLRs relating to the bank account portal (BAP); and
• enhancements to information and intelligence sharing arrangements for supervisors and relevant authorities.

A draft explanatory memorandum accompanies the draft SI. [16 Jun 2022]

EIOPA: Consultation papers - cyber underwriting and insurance products related to risks arising from systemic events

The European Insurance and Occupational Pensions Authority (EIOPA) has published two consultation papers (CPs) on:

• the supervisory statement on management of non-affirmative cyber underwriting exposures; and
• the supervisory statement on exclusions in insurance products related to risks arising from systemic events.

Feedback to both CPs is due by 18 July 2022. [17 Jun 2022]

#Insurance

ESAs publish annual reports for 2021

The European Supervisory Authorities (ESAs) have published their annual reports for 2021. The reports set out each authority's key achievements in 2021 which, in relation to fintech, include the following:

• for the European Securities and Markets Authority (ESMA), the preparation for the supervision of data reporting service providers (DRSPs) and its work arising from the digitalisation of markets, especially for retail investors;
• for the European Banking Authority (EBA), the creation of new Units to reflect the growing importance of topics such as digital finance; and
• for EIOPA, the transition to a green and digital economy. [15 & 14 Jun 2022]

#DRSPs

#RetailInvestors

EIOPA: FS on open insurance - accessing and sharing insurance-related data 

EIOPA has published a feedback statement (FS) to its discussion paper on open insurance. The document provides a high-level summary of the responses received from stakeholders as well as EIOPA’s reactions to them.

In terms of next steps, EIOPA will continue monitoring legislative developments that may have a bearing on open insurance and will provide insurance and supervisory input where necessary. [15 Jun 2022]

ASIC Chair delivers reflections on challenges and focus areas 

The Chair of the Australian Securities and Investments Commission (ASIC), Joseph Longo, delivered a speech at the Law Council of Australia Business Law Section Corporations Workshop. Changes in technology appeared as a key theme throughout Mr Longo’s address, particularly the challenges this presents for ASIC’s role in protecting end users of financial products and services. Key areas noted by Mr Longo include:

• critical infrastructure and cyber security – noting ASIC has been engaging, with Treasury and other regulators, on how to implement the range of recommendations for payment system reforms, and has been working to support reform of financial market infrastructure. He also noted that infrastructure systems of national significance will soon be subject to new and additional risk management and cyber security obligations. Finally, he referenced the recent decision in ASIC v RI Advice Group Pty Ltd which we have previously reported; and
• regulation of digital assets – noting that many consumers do not understand the risks in these products, or that they are not regulated, with ASIC’s focus being on consumer protection.  [17 Jun 2022]

#DigitalAssets

ASIC Chair delivers remarks on priorities and challenges

The ASIC Chair, Joseph Longo, delivered a speech at the Corporate Counsel Association’s Executive Committee webinar. In his speech, Mr Longo identified the following areas that ASIC would be focusing on:

• reducing the risk of harm caused by poor product design, distribution, and marketing, especially by driving compliance with new requirements;
• supporting market integrity through proactive supervision and enforcing governance, transparency, and disclosure standards;
• protecting consumers, especially as they plan for retirement, with a focus on superannuation, managed investments, and financial advice; and
• focusing on the impacts of technology, driving good cyber risk and operational resilience practices, and acting to address digitally enabled misconduct. [16 Jun 2022]

#CyberRisk

HKMA launches Project Sela with Bank of Israel and BISIH Hong Kong Centre to research on cybersecurity issues related to retail CBDC 

The HKMA has announced a joint research project on retail Central Bank Digital Currency (CBDC) with the Bank of Israel and the Bank for International Settlements Innovation Hub (BISIH) Hong Kong Centre, named Project Sela.

Project Sela builds on the foundation laid by Project Aurum, conducted by the HKMA and the BISIH Hong Kong Centre, which studied the benefits and challenges of tiered architectures for the distribution of retail CBDC through commercial banks and payment service providers.

Project Sela will take a deep dive into cybersecurity issues in the context of retail CBDC.  In particular, it will study the data security implications of a two-tier retail CBDC architecture where the intermediaries have no financial exposure, and will pioneer methods of rendering it more resilient to cyber attacks. The project is expected to be completed by the end of 2022. [17 Jun 2022]

#CyberSecurity

HKMA announces publication of report "Covid-19 and the Operational Resilience of Hong Kong’s Financial Services Industry: Preliminary considerations from the 2020-2021 experience" by HKIMR

The HKMA has announced the issue of a new research report, "COVID-19 and the Operational Resilience of Hong Kong’s Financial Services Industry: Preliminary considerations from the 2020-2021 experience", by the Hong Kong Institute for Monetary and Financial Research (HKIMR), the research arm of the Hong Kong Academy of Finance. It is hoped that this study can provide some helpful preliminary insights to financial institutions regarding their operational resilience in the post-Covid-19 future.

The report considers how the financial services industry in Hong Kong has maintained operational resilience during different phases of the pandemic, prepared after gathering the views of local financial institutions through a survey and interviews commissioned by the HKIMR in July 2021. Some of the findings and observations include:

• Measures were implemented across sectors of the financial services industry to mitigate the impact of the pandemic. For example, 85% of the survey respondents stated that they had incorporated pandemic scenarios in their business continuity plans before the pandemic.
• Various staff deployment strategies, such as hybrid work models, have also been adopted by financial institutions to reduce the risk of infection spread. In mid-2020, more than 50% of the staff of the surveyed financial institutions were working from home, albeit with some technological and managerial challenges.  Financial institutions have also increased their investment in cybersecurity controls and IT systems, revised internal controls and operating procedures, and made efforts to maintain staff cohesion and corporate culture.
• Policy support, financial and data infrastructure and the accelerated adoption of financial innovations are important external enhancers of financial institutions’ operational resilience.
• The report also provides some preliminary considerations on how financial institutions can maintain and enhance their operational resilience, should similar disruptive events occur in the future.  For example, they should prepare for both expected and unexpected disruptions by reviewing their business continuity plans regularly and developing the capacity of crisis management. [15 Jun 2022]

MAS and French authorities undertake joint crisis management exercise

The Monetary Authority of Singapore (MAS), the Banque de France (BdF) and the Autorité de contrôle prudentiel et de résolution (ACPR) have carried out a joint crisis management exercise focused on cybersecurity threats. The exercise follows from the Memorandum of Understanding (MoU) on Cooperation in Cybersecurity signed between MAS, BdF and ACPR in November 2019.

The joint exercise tested the effectiveness of cyber crisis coordination and response by the three financial authorities when managing scenarios such as ransomware, zero-day vulnerabilities and IT supply chain attacks.  [17 Jun 2022]

BNM exposure draft – Cloud technology risk assessment

Bank Negara Malaysia (BNM) has published an exposure draft setting out proposed guidance to assess common key risks and considerations of control measures when financial institutions adopt cloud services. The proposed guideline complements the Risk Management in Technology (RMiT) policy document to strengthen financial institutions’ cloud risk management capabilities.

Feedback is requested by 15 July 2022.  [10 Jun 2022]

SECT consults on digital asset advertising

The Securities and Exchange Commission, Thailand (SECT) has launched a public hearing on draft regulations on advertising digital assets. The SECT's proposed rules include: establishing clear rules around preparation, approval and supervision of advertisements; restricting cryptocurrency advertising to the business operators official channels, while allowing advertising of services to be carried out as usual; and restricting suspending introducing broker agent (IBA) for digital asset operator only in the area of digital tokens.

Feedback is requested by 29 June 2022. [15 Jun 2022]