FinTech Global FS Regulatory Round-up – w/e 6 January 2023

FSB: Proposed framework for international regulation of crypto-asset activities – responses

The Financial Stability Board (FSB) has published the responses it has received to its October consultation on the proposed framework for international regulation of crypto-asset activities. The consultation covered:

• recommendations to promote the consistency and comprehensiveness of regulatory, supervisory and oversight approaches to crypto-asset activities and markets and strengthen international cooperation, coordination and information sharing; and
• revised high-level recommendations for the regulation, supervision, and oversight of global stablecoin arrangements to address associated financial stability risks more effectively. [4 Jan 2023]

IAIS: Consultation on operational resilience in the insurance sector – deadline extended

The International Association of Insurance Supervisors (IAIS) has extended the feedback deadline for the consultation on its Issues Paper on operational resilience in the insurance sector to 13 January 2023. The paper addresses three specific operational resilience sub-topics: cyber resilience; third-party outsourcing; and business continuity management. [3 Jan 2023]

Lords written question & answers: FTX and forthcoming crypto consultation

For HMT, Baroness Penn has responded to a question put by Baroness Kennedy of Cradley regarding any assessment HM Government (HMG) has made of the risks to investors following the collapse of the cryptocurrency exchange FTX. Baroness Penn explains that the FCA and Bank of England (BoE) continue to warn investors of the risks of cryptoassets. She also highlights the forthcoming legislation which will bring cryptoasset financial promotions within scope of FCA supervision and confirms that it is HMG's intention to consult on regulating wider cryptoasset activities 'in the coming weeks'. [5 Jan 2023]

#Crypto

FCA/PRA: Bank fined for operational resilience failings 

The FCA and the PRA have fined a bank a total of £48.65 million for operational risk management and governance failures, including the management of outsourcing risks. The issue arose in relation to the bank’s IT migration programme, which experienced technical failures that resulted in customers being unable to access banking services. The FCA and PRA found that the bank failed both to organise and control the IT migration programme adequately, and to manage the operational risks arising from its IT outsourcing arrangements with its critical third-party supplier.

The FCA and the PRA found that the bank breached several of their Principles for Business and Fundamental Rules. The FCA final notice imposes a fine of £29.75 million and the PRA final notice imposes a fine of £18.9 million. The bank agreed to resolve the matter with the regulators, and qualified for a 30% discount in the overall penalty. [20 Dec 2022]

EBA: Call for advice on DORA - correspondence

The European Banking Authority (EBA) has published a letter and call for advice addressed to the European Supervisory Authorities (ESAs) from the European Commission (EC) on the the designation criteria and fees for the Digital Operational Resilience Act (DORA) oversight framework. The call for advice requests the ESAs input on the specific details to shape up the designation criteria for critical ICT third-party service providers (CTPPs), as well as the elements which are needed in the specification of the amount of the fees, and the way and methods in which such fees are to be paid.

The ESAs must deliver the advice to the EC by 30 September 2023. [5 Jan 2023]

EBA: Call for advice from EC – MiCA

The European Banking Authority (EBA) has published a letter and call for advice from John Berrigan at the European Commission (EC) on the Regulation on markets in crypto-assets (MiCA). The letter outlines the EC's call for advice, which concerns delegated acts on certain criteria for classification of asset-referenced tokens and e-money tokens as significant and on supervisory fees to be charged by EBA to the issuers of significant asset-referenced tokens or e-money tokens.

EBA has been asked to deliver the advice by 30 September 2023. [4 Jan 2023]

OJ: Regulation and Directive – DORA

The following legal instruments in relation to the Digital Operational Resilience Act (DORA) have been published in the Official Journal of the EU (OJ):

• Regulation (EU) 2022/2554 on digital operational resilience for the financial sector and amending Regulations (EC) No 1060/2009, (EU) No 648/2012; and
• Directive (EU) 2022/2556 amending Directives 2009/65/EC, 2009/138/EC, 2011/61/EU, 2013/36/EU, 2014/59/EU, 2014/65/EU, (EU) 2015/2366 and (EU) 2016/2341 as regards digital operational resilience for the financial sector.

The Regulation and Directive will enter into force on 16 January 2023. DORA will apply from 17 January 2025 and Member States are required to apply measures implementing the DORA Amending Directive from the same date. [3 Jan 2023]

ECB: Progress report on digital euro

The European Central Bank (ECB) has published its second progress report on the digital euro. In the report, the ECB provides an update on the progress made over the past few months and examines a second set of design and distribution options for a digital euro. Specifically, the report describes the respective roles of the Eurosystem and supervised intermediaries in the digital euro ecosystem, including the settlement of digital euro transactions, and explains the scheme-based approach for the distribution model for the digital euro.

The ECB has also published a letter from Fabio Panetta, Member of the ECB Executive Board, to Irene Tinagli, Chair of the Committee on Economic and Monetary Affairs (ECON) at the European Parliament (EP), setting out details of the report. In the letter, Mr Panetta also notes that the ECB Governing Council is expected to decide in autumn 2023 whether to start a realisation phase to develop and test the appropriate technical solutions and necessary business arrangements for providing a digital euro. [21 Dec 2022]

ESMA: Framework to assess operational resilience of CCPs

The European Securities and Markets Authority (ESMA) has published a paper outlining a framework for assessing the operational resilience of financial entities providing time-critical services. The paper sets out the three novel tools within the framework (Reliability indicators, Scenario analysis of third-party dependencies and System-wide analysis of critical third-party providers); their methodology; and an example application of these tools in the financial sector, using insights from their use in the context of the fourth central counterparty (CCP) stress test performed by ESMA. [19 Dec 2022]

ECB: Imposition of administrative penalty on bank for failure to report cyber incident

The ECB has published a decision in which it imposes an administrative penalty on a bank for failing to report a significant cyber incident within the prescribed two-hour deadline outlined in the cyber-incident reporting framework implemented in 2017. [19 Dec 2022]

Treasury consults on ACCC's digital platforms recommendations

Treasury is seeking views on the recommendations to address consumer and competition issues contained in the 5^th interim report from the ACCC's ongoing inquiry into digital platform services (released on 11 November 2022).  The ACCC's recommendations include:

• economy-wide consumer measures, including a prohibition against unfair trading practices and unfair contract terms;
• consumer measures specific to digital platforms, including mandating internal and external dispute resolution processes and obligations on platforms to prevent and remove scams, harmful apps and fake reviews;
• a new competition framework which would subject 'designated' digital platforms to mandatory codes applying to the services they provide; and
• targeted competition obligations for designated digital platforms to be included in the proposed new framework and codes, to address harms such as anti-competitive self-preferencing.

Feedback is requested by 15 February 2023.

The ACCC has been undertaking the inquiry since 2020. Matters being considered by the inquiry include competition in markets for the supply of digital platform services, practices of suppliers of digital platform services which may result in harm and how innovation and technology change may affect the nature and degree of market power and characteristics of digital platform services. The final report is due in 2025.  [20 Dec 2022]

HKMA updates AIs on BCBS's final standard for prudential treatment of cryptoasset exposures and plans for local implementation

The HKMA has issued a circular to inform authorised institutions (AIs) that the Basel Committee on Banking Supervision (BCBS) has published its final standard "Prudential treatment of cryptoasset exposures" following consultation. The standard has been developed to provide a global baseline framework for banks’ cryptoasset exposures to promote responsible innovation while preserving financial stability.

The standard is scheduled to be implemented by member jurisdictions by 1 January 2025, and the HKMA intends to implement it in Hong Kong in accordance with this timeframe.  The HKMA will consult the industry in due course on local implementation, but in the meantime, AIs that are planning to conduct cryptoasset-related business activities are recommended to familiarise themselves with the new standard and consider its implications.

Under the standard, cryptoassets will be categorised into Group 1 (qualifying tokenised assets and stablecoins which will generally be subject to the risk-based capital requirements of the existing Basel capital framework) and Group 2 (cryptoassets that do not meet the Group 1 classification conditions and will be subject to a more conservative capital treatment).

Key features of the standard include:

• Infrastructure risk add-on for Group 1 cryptoassets;
• Redemption risk test and a supervision/regulation requirement to ensure that only stablecoins issued by supervised and regulated entities that have robust redemption rights and proper governance are eligible for a Group 1 qualification;
• Group 2 exposure limit to serve as an additional guardrail;
• Other elements to (i) prescribe the supervisory review process and disclosure requirements and (ii) specify how the operational risk, liquidity, leverage ratio and large exposures requirements have to be applied in the context of banks’ cryptoasset exposures.

The HKMA notes that some areas, such as permissionless blockchains and additional statistical tests to identify low risk stablecoins, will remain subject to monitoring and further review by the BCBS.  [20 Dec 2022]

HKMA shares key observations and sound practices from its review on consumer protection in respect of digital platforms for application of unsecured loan and credit card products

The HKMA has issued a circular to share with the industry key observations and sound practices identified in its supervisory work conducted on consumer protection in respect of digital platforms for the application of unsecured loan and credit card products.

• Latest landscape of digital banking services – Based on a survey conducted by the HKMA on 28 authorised institutions (AIs), there has been significant digitalisation in the application process of unsecured loan and credit card products.  For example, 70% of credit card applications, 62% of loan-on-card applications and 68% of personal instalment loan applications were made via digital platforms in the first half of 2022.
• Consumer protection in the digital environment – With reference to its circular of 4 September 2020 regarding enhanced measures in respect of digital platforms for the application of unsecured loan and credit card products (see our previous update), the HKMA conducted a thematic review in respect of such digital platforms from consumer protection perspectives and noted some room for improvement in a few areas.  These include display of key facts statement and terms and conditions, key details on specific products on digital platforms, enhanced disclosure measure in the form of a "double reminder" to customers, and the digital disclosure approach adopted by AIs.  The HKMA has also observed some sound practices which may be helpful for the industry.

Details of the key observations and sound practices are attached to the circular.  AIs are expected to review and make any necessary improvements to ensure that their digital platforms are designed in a way which can enable customers to make informed borrowing decisions.  [20 Dec 2022]

FSTB launches consultation on enhancing crowdfunding activities

The Financial Services and the Treasury Bureau (FSTB) has launched a consultation on proposals to enhance crowdfunding activities.  Feedback on the proposals is required by 20 March 2023.

The consultation paper sets out various recommendations on enhancing the transparency and accountability of crowdfunding activities, which include requiring in-principle future crowdfunding activities to obtain permission before commencement, and ensuring sufficient transparency to the public during and after conducting crowdfunding activities.

The following are the major features of the proposed regulatory regime (among others):

• All online and offline fundraising activities that raise funds publicly from individuals or entities of Hong Kong, or individuals or entities located in Hong Kong, are required to apply in advance to the newly proposed Crowdfunding Affairs Office (CAO), regardless of their purpose or location;
• When processing applications, the CAO will consider factors including the honesty, reputation and reliability of the applicant, proportionality of the purpose of the crowdfunding activity to its scale, and risks brought about by the activity to public interests, public safety and national security;
• The CAO will co-ordinate with relevant government departments with a view to streamlining procedures for fundraising activities which are subject to existing regulation, such as donation activities held physically in public places, or lottery sales;
• The new regulatory regime will not apply to commercial fundraising activities in the market which are already well regulated by financial regulators under existing legislation;
• Exemptions and facilitation measures are proposed to facilitate smooth operation and timely commencement of crowdfunding activities which are widely recognised by the society and charitable crowdfunding projects which address sudden and urgent needs;
• Fundraisers are required to disclose objectives and arrangements of their crowdfunding activities, use local bank accounts and keep proper records of fund movements;
• A registration system for online crowdfunding platforms is to be considered; and
• Law enforcement agencies are to be empowered to cease unlawful crowdfunding activities and prosecute offenders.  [19 Dec 2022]

BNM Policy Document on Electronic Money (E-Money)

Bank Negara Malaysia (BNM) has published a Policy Document setting out regulatory requirements and guidance for electronic money issuers (EMI) approved pursuant to section 11 of the Financial Services Act 2013 (FSA) or the Islamic Financial Services Act 2013 (IFSA). BNM has issued a Feedback Statement to address the key feedback and proposals received during the consultation period and Frequently Asked Questions (FAQs) to enhance public understanding of the requirements and clarify interpretation issues in implementing the requirements of the E-Money policy document. This policy document comes into effect on 30 December 2022, except for paragraphs 15, 16.2 to 16.4, 18, 19.6 to 19.15, 27, 28, 29, 30 and 31 which come into effect on 30 December 2023. [30 Dec 2022]

SECT consults on proposed revision to supervision of digital asset custodial wallet providers

The SECT is seeking public comments on a proposed revision to the principles for supervising digital asset (DA) custodial wallet providers. This would involve an exemption from the definition as DA Custodial Wallet Provider for DA issuers who provide custodial service on self-issued DA for their clients. The proposed revision would also require investment token issuers who provide custody and deposit service on self-issued DA to establish a system segregating their clients’ DA from their own assets, and would prohibit them from seeking benefits from the clients’ DA under their custody. The consultation ends on 26 Jan 2023. [27 Dec 2022]

RBI announces fourth cohort for regulatory sandbox

The RBI has announced the fourth cohort for the regulatory sandbox with the theme 'Prevention and Mitigation of Financial Frauds'. The RBI received nine applications of which six have been selected for the test phase due to commence in February 2023.  [5 Jan 2023]

BSP Partners with BAP and BMAP to Promote Cyber Hygiene

​The BSP has partnered with the Bankers Association of the Philippines (BAP) and the Bank Marketing Association of the Philippines (BMAP) in rolling out the “Check-Protect-Report” (CPR) information drive to foster cyber hygiene among Filipinos. The communication campaign aims to equip Filipino financial consumers with the information needed to protect themselves against online scams.[1 Jan 2023]

BSP Issues rules for RTGS PS Participants

The BSP has issued rules for the participants in the Peso Real Time Gross Settlement Payment System (RTGS PS), an infrastructure that provides real-time settlement of payments, funds transfer instructions, or other obligations individually on a transaction-by-transaction basis, in order to ensure the smooth flow of funds in the financial system.  The rules issued under BSP Memorandum No. M-2022-0049 dated 22 November 2022 require all RTGS PS participants to comply with all laws and regulations on payment systems and provide for penalties and sanctions. RTGS PS participants include the BSP and financial institutions maintaining settlement accounts with the BSP, entities that are sponsored into settlement, as well as FMIs, clearing switch operators, and critical service providers within the RTGS ecosystem. The BSP has streamlined the qualification requirements for prospective members of the real-time payment system. Non-bank e-money issuers and other entities may now settle their retail transactions through the RTGS PS without the need for sponsorship by existing participants.  The BSP designated the RTGS PS as a payment system that pose or have the potential to pose systemic risk to the stability of the national payment system (SIP). [21 Dec 2022]

Agencies issue joint statement on crypto-asset risks to banking organizations

Federal bank regulatory agencies have issued a statement highlighting key risks for banking organizations associated with crypto-assets and the crypto-asset sector and describing the agencies’ approaches to supervision in this area. In particular, the statement describes several key risks associated with crypto-assets and the crypto-asset sector, as demonstrated by the significant volatility and vulnerabilities over the past year. Given these risks, the agencies continue to take a careful and cautious approach related to current and proposed crypto-asset-related activities and exposures at banking organizations. The agencies continue to assess whether or how current and proposed crypto-asset-related activities by banking organizations can be conducted in a manner that is safe and sound, legally permissible, and in compliance with applicable laws and regulations, including those designed to protect consumers. [3 Jan 2023]