In this regular update, we round-up FinTech-related financial services regulatory developments for the week ending 25 November 2022.
ICYMI
Recent updates from Herbert Smith Freehills include:
- CMA publishes guidance on social media endorsements
- Techquake: Everything you wanted to know about the Metaverse (but were afraid to ask)
- The UK government’s approach to regulating AI – a lighter touch: article published in Privacy and Data Protection Journal
Global
IOSCO: Speech on crypto-asset regulationThe International Organization of Securities Commissions (IOSCO) has published the keynote speech by Tajinder Singh, Deputy Secretary General, on crypto-asset regulation to the September 27-29 World Federation of Exchanges (WFE) 61st General Assembly and Annual Meeting. In his speech, Mr Singh provided an update on the IOSCO's work in relation to fintech and crypto-assets, including:
|
#CryptoAssets |
IOSCO: Speech on applying and adapting principles to digital asset marketsThe International Organization of Securities Commissions (IOSCO) has published a speech by Tuang Lee, Chair of IOSCO Fintech Task Force, on applying and adapting IOSCO principles to digital asset markets. In his speech, Ms Lee spoke about:
|
#DigitalAssets |
UK
HMT/MAS: Joint statement on FinTech and strengthening financial cooperationHM Treasury (HMT) has published a Memorandum of Understanding (MoU) between the UK and Singapore's Monetary Authority Singapore (MAS) on the UK-Singapore FinTech Bridge. The FinTech Bridge is intended to remove barriers to fintech trade and boost cooperation. It should also break down barriers to trade for UK and Singaporean fintechs, boosting growth and investment opportunities. The UK and Singapore also held the 7th UK-Singapore Financial Dialogue in Singapore in which they renewed their commitment to deepening the UK-Singapore Financial Partnership that was originally agreed in 2021. [25 Nov 2022] |
#FinTechBridge |
LawtechUK: Consultation on issuance and transfer of digital securities under English private law - extended deadlineLawtechUK's UK Jurisdiction Taskforce has extended the deadline for its consultation on issuance and transfer of digital securities under English private law from 21 November to 30 November 2022. [24 Nov 2022] |
#DigitalSecurities |
FCA highlights engagement with newly-authorised firms on financial promotionsThe FCA has added a new page to the 'About us' section of its website which describes how it is focusing on 'Raising standards in new firms and financial promotions'. The FCA explains that it created an Early and High Growth Oversight function to work more closely with newly-authorised firms to help them adapt to supervision as they start up and grow. The FCA conducted a pilot exercise in 2021/22 with 32 newly-authorised firms. During the pilot, the FCA identified marketing financial products as one area where these firms did not understand the FCA's rules well; the regulator intervened to correct issues and also provided training on its rules. The FCA is now moving to phase two of its pilot, expanding the oversight of the Early and High Growth Oversight function to 300 firms. [23 Nov 2022] |
#NewlyAuthorised |
FSSC issues expanded Future Skills FrameworkThe Financial Services Skills Commission (FSSC) has published its Future Skills Framework that has been developed with leading financial services employers. The framework identifies essential skills essential skills which are business critical for firms across the sector – particularly in light of the ongoing shortage of skills in technology, cyber and digital – with the goal of helping firms to prioritise their future skills needs and to attract and retain talent. [23 Nov 2022] |
#FutureSkillsFramework
#Tech #Cyber #Digital |
FCA warns stock trading app operators of problem behaviours linked to trading app designThe FCA has warned stock trading app operators to review design features, including those with game-like elements, which risk prompting consumers to take actions against their own interest. Features include sending frequent notifications with the latest market news and providing consumers with in-app points, badges and celebratory messages for making trades. The FCA has found that consumers using apps with these kind of features were more likely to invest in products beyond their risk appetite. Alongside this warning, the FCA has published research that raises concerns that customers using such trading apps are exposed to high-risk investments, and that some appear to exhibit behaviours similar to problem-gambling. [21 Nov 2022] |
#Trading
#App |
BoE: Speech on DeFi, digital currencies and regulationThe Bank of England (BoE) has published a speech by Jon Cunliffe, Deputy Governor of Financial Stability, on decentralized finance (DeFi), digital currencies and regulation. In his speech, Mr Cunliffe discusses recent crypto market developments, and explains the work that the BoE, FCA and HM Treasury are undertaking on the regulation of crypto stablecoins and on a potential central bank digital currency. [21 Nov 2022] |
#DeFi
#DigitalCurrencies |
EU
EIOPA: DP on methodological principles of insurance stress testing - cyber componentThe European Insurance and Occupational Pensions Authority (EIOPA) has published a discussion paper (DP) on methodological principles of insurance stress testing with a focus on cyber risk. EIOPA aims to lay the groundwork for an assessment of insurers’ financial resilience under severe but plausible cyber incident scenarios. The DP elaborates on two main aspects:
Feedback is requested by 28 February 2023. [24 Nov 2022] |
#Cyber #StressTesting |
EBA: Guidelines on the use of remote customer onboarding solutions under AMLDThe European Banking Authority (EBA) has published its final guidelines on the use of remote customer onboarding solutions. The guidelines set out the steps credit and financial institutions should take to ensure safe and effective remote customer onboarding practices in line with applicable anti-money laundering and countering the financing of terrorism (AML/CFT) legislation and the EU’s data protection framework. The guidelines apply to all credit and financial institutions that are within the scope of the Anti-money Laundering Directive (AMLD). They will be translated into the official EU languages and published on the EBA website. The deadline for competent authorities to report whether they intend to comply with the guidelines will be two months following the publication of the translations. [23 Nov 2022] |
#RemoteOnboarding |
Australia
ASIC sues Block Earner for unlicensed conduct over crypto-asset based productsASIC has commenced civil penalty proceedings against Block Earner, a fintech company that offered a range of fixed-yield earning products based on crypto-assets. ASIC allege the products were financial products that should have been licensed because the products were a managed investment scheme, a facility through which a person makes a financial investment, and/or a derivative.. The date for the first case management hearing is yet to be scheduled by the Federal Court. [23 Nov 2022] |
#CryptoAssets |
The ATO’s approach to the banking and finance industryEvery year, the Australian Taxation Office (ATO) shares their approach to the banking and finance sector with industry groups and advisory firms. The ATO has announced that discussions with the industry on key areas of focus and issues for the year ahead have taken place. Common themes impacting across the banking and finance sector include mergers and acquisitions, divestment activities, and continual evolution in the FinTech sector. The ATO has noted uncertainty for tax and GST obligations in the industry around transfer pricing, branch attribution for income tax, reverse charge liabilities, and crypto assets for GST. [21 Nov 2022] |
#CryptoAssets |
Hong Kong
HKMA provides additional guidance on protection against DDoS attacksThe HKMA has issued a circular to authorised institutions (AIs) to provide additional guidance on protection against distributed denial-of-service (DDoS) attacks. As stated in the HKMA’s Supervisory Policy Manual (SPM) guidance:
In view of the increased incidence and sophistication of DDoS attacks, the HKMA considers it appropriate to provide more guidance in this area. The additional guidance is developed with reference to the findings from a round of recent thematic reviews to assess the effectiveness of the anti-DDoS protective measures maintained by AIs. AIs are expected to take into account such guidance in their regular assessments of the effectiveness of their anti-DDoS protection, which covers four key areas:
|
#Cybersecurity |
HKMA and Cyberport co-organise third AMLab as part of "Fintech 2025" strategyAs part of its "Fintech 2025" strategy, the HKMA has co-organised its third AML Regtech Lab (AMLab) with Cyberport (supported by Deloitte). The third AMLab builds on the first AMLab (see our previous update), and relates to the adoption of network analytics to combat fraud risk and reduce losses from scams using mule account networks. It follows the second AMLab on the use of "enabling technologies" held in July 2022 (see our previous update). The third AMLab 3 shared good practices and provided a platform for banks as well as data and technology experts to collaborate using synthetic data to demonstrate testing of network diagrams, thus helping fast track implementation at lower costs. It was followed by Regtech Connect (an initiative introduced in July 2022), in which Cyberport technology companies demonstrated relevant regtech tools and services. The HKMA will continue to engage with banks in 2023, including hosting more AMLabs with Cyberport and publishing research and thematic review results. In the face of rising levels of online fraud and financial crime, the HKMA has transformed the way it works with banks to shape the direction of innovation in AML work, including the adoption of network analytics. About 60% of retail banks are deploying network analytics (more than twice as that three years ago). In the first nine months of 2022, retail banks have increased their identification and reporting of suspicious accounts and networks by 127% compared to a year ago, leading to a 166% increase in the amount of criminal proceeds restrained or confiscated by law enforcement agencies. [24 Nov 2022] |
#FinTech |
HKMA Research Department publishes findings on volatility spillover from crypto to traditional financial assets and the role of asset-backed stablecoinsThe HKMA Research Department has published a memorandum titled 'An assessment of the volatility spillover from crypto to traditional financial assets: The role of asset-backed stablecoins', which looks at the volatility of crypto assets and how it could spill over to the traditional financial system in light of the rapid growth of the crypto ecosystem and its increasing connection with the traditional financial system. The following are some key findings from the research:
Given that the international regulatory community is considering appropriate regimes to regulate stablecoins, the study provides two suggestions to regulators for reducing spillover risk:
An effective implementation of the above would require internationally coordinated regulation and cooperative oversight given the borderless nature of the crypto ecosystem. [21 Nov 2022] |
#Stablecoins
#Crypto |
Singapore
MAS statement on FTX collapseMAS made a statement addressing some questions and misconceptions that have arisen in the wake of the FTX.com (FTX) debacle. MAS stressed that local users who dealt with FTX do not have regulatory protection as FTX was not licensed by MAS and operates offshore. MAS explained that it placed Binance on its Investor Alert List (IAL) because it had solicited Singapore users without a licence; unlike FTX, Binance had actively been soliciting users in Singapore, offering listings in Singapore dollars and accepting Singapore-specific payment modes such as PayNow and PayLah. On MAS’ referral, the Commercial Affairs Department commenced investigation into Binance for possible contravention of the Payment Services Act (PS Act). MAS has confirmed that it is not possible to list and provide information on all offshore crypto exchanges. In addition to maintaining the IAL, MAS publishes a Financial Institutions Directory on its website that is an exhaustive list of all MAS-regulated entities. MAS stressed that dealing in any cryptocurrency, on any platform, is hazardous; it has consistently warned about the dangers of dealing with unregulated entities. [21 Nov 2022] |
#Crypto
#Exchange |
China
Eight PRC government authorities jointly announce a framework plan to build more pilot financial reform zones for scientific and technological innovationThe People's Bank of China (PBOC), China Securities Regulatory Commission (CSRC), CBIRC and other five top PRC government authorities announced a framework plan to build pilot financial reform zones for scientific and technological innovation in Shanghai, Nanjing, Hangzhou, Hefei and Jiaxing. The plan includes 19 measures to facilitate financial and technology reform and strengthen financial supports for innovation, including among others:
|
#Technology
#Innovation |
Malaysia
BNM consults on Exposure Draft on Licensing and Regulatory Framework for DITOsBank Negara Malaysia (BNM) is seeking written feedback on its Exposure Draft on Licensing and Regulatory Framework for Digital Insurers and Takaful Operators (DITOs). The Exposure Draft outlines the proposed framework to facilitate the entry of DITOs in Malaysia that can offer strong value propositions to realise the following outcomes: inclusion; competition and efficiency. It is envisaged that DITOs will carry on insurance or takaful business wholly (or almost wholly) through digital or electronic means. The Exposure Draft specifies licensing and application procedures, as well as specific requirements on the eligible business models and distribution channels of DITOs. DITOs will have to comply with the existing requirements under the Financial Services Act 2013 (FSA) or Islamic Financial Services Act 2013 (IFSA). Applicants will be required to submit a comprehensive five year business plan, including planned measures to effectively manage technology and cyber risks in delivering its products and services in line with the Risk Management in Technology policy. Applicants will also be expected to demonstrate their ability to protect consumer data and authenticate online transactions to mitigate fraud/cyber risks. Licensed DITOs will benefit from a Foundational Phase (between 3 and 5 years), during which period lower minimum paid-up capital requirements and proportionate regulatory flexibilities apply, commensurate with their early stage of operations. At the end of the Foundational Phase, DITOs that cannot demonstrate credible prospects for long-term viability or meet higher prudential standards consistent with that applied to all existing licensed insurers and takaful operators will be required to implement an exit plan according to the conditions set out in the Exposure Draft. BNM aims to finalise the Policy Document and invite the applications for licence in 2023. Feedback is sought by 28 April 2023. [25 Nov 2022] |
#Digital #Insurers |
Thailand
BOT: Roundtable discussion with Thai digital entrepreneursMadam Kristalina Georgieva, Managing Director of the International Monetary Fund (IMF) had a roundtable discussion with Thai digital entrepreneurs at the Devavesm Palace, Bank of Thailand (BoT). The discussion highlighted opportunities and challenges related to digitalization in Thailand, especially the productivity and welfare gains from the digital transformation. It also stressed the importance of ensuring regulatory coherence, promoting competition and small players, as well as supporting open infrastructure conducive to interoperability and data accessibility. [18 Nov 2022] |
#Digital |
India
SEBI extends deadline for responses to consultation on cloud frameworkSEBI had published a consultation paper on cloud framework and has decided to extend the timeline for submission of comments from 14 November to 28 November 2022. [22 Nov 2022] |
#CloudFramework |
CSDL: Malware incidentCSDL has detected malware in a few of its internal machines, which it immediately isolated, and disconnected itself from other constituents of the capital market. CSDL does not believe any confidential information or investor data was compromised and has reported the incident to the relevant authorities. The incident has since been resolved and settlement activities duly completed. [18 – 20 Nov 2022] |
#Malware |
Ukraine-related sanctions information
Regular updates on sanctions and other developments that may impact businesses with interests or operations in Ukraine and/or Russia are available on our FSR and Corporate Crime Notes blog here.
Key contacts
Disclaimer
Herbert Smith Freehills LLP has a Formal Law Alliance (FLA) with Singapore law firm Prolegis LLC, which provides clients with access to Singapore law advice from Prolegis. The FLA in the name of Herbert Smith Freehills Prolegis allows the two firms to deliver a complementary and seamless legal service.