In this regular update, we round-up FinTech-related financial services regulatory developments for the week ending 14 April 2023.
ICYMI
Recent updates from Herbert Smith Freehills include:
- March Data Wrap: A snapshot of key regulatory developments - this edition of our new monthly update on data-related developments covers the Data Protection and Digital Information Bill 2.0, AI regulation, the proposed EU Data Act, China international data transfers, and more.
- Online Safety Bill: Next House of Lords stage starts as Ofcom issues risk assessment guidance
- Trade mark protection in virtual worlds/the metaverse – IP offices respond with new classes for registration of virtual goods/NFTs as trade marks and the EUIPO deals with “metaverse” marks
- Failure to prevent fraud – an introduction to the proposed new offence
Global
FSB: Report on cyber incident reporting; format for incident reporting; and Cyber LexiconThe Financial Stability Board (FSB) has published a report setting out recommendations to achieve greater convergence in cyber incident reporting. The report identifies commonalities in reporting frameworks and details practical issues associated with the collection of cyber incident information from financial institutions and the onward sharing between financial authorities. It also sets out 16 recommendations to address these issues with a view to promoting best practices in cyber incident reporting. The FSB has also published a common format for incident reporting exchange (FIRE). The aim of FIRE is to collect incident information from financial institutions that authorities could use for information sharing. The report provides feedback from the consultation on FIRE and outlines the potential benefits, risks and costs, and next steps. Finally, the FSB has updated its Cyber Lexicon, which was developed to support the work of the FSB, standard-setting bodies and other international organisations to address cyber security and cyber resilience in the financial sector. The updates are also part of the FSB’s work to achieve greater convergence in cyber incident reporting. A number of new terms have been added and some existing definitions have been clarified. [13 Apr 2023] |
#Cyber
#Reporting |
BIS: Research papersThe Bank for International Settlements (BIS) has published two research papers:
|
#Stablecoins
#Tokens |
UK
ICO: Response to HMG’s AI White PaperThe Information Commissioner’s Office (ICO) has published its response to HM Government’s (HMG's) White Paper on artificial intelligence (AI). The response sets out the ICO's views on: the role of regulators; the proposed statutory duty and suggested AI principles; the format of proposed guidance; the design of the proposed sandbox; and the cost implications of the proposals. Further, the ICO:
|
#AI |
FCA to lead GFIN Greenwashing TechSprintThe FCA has announced that it will join 13 international regulators so far participating in the Global Financial Innovation Network's (GFIN's) first Greenwashing TechSprint event. The GFIN is made up of over 80 international organisations; it focuses on supporting financial innovation in the interest of consumers. The objective of the TechSprint is to develop a solution to help regulators and the market effectively tackle the risks of greenwashing in financial services. UK-based firms are able to apply to participate from 17 April 2023, with the application window remaining open for four weeks. The TechSprint will launch on 5 June 2023, culminating in a showcase day this September. [11 Apr 2023] |
#TechSprint |
FCA/PRA/BoE: Survey of third party providers - CBA for the CTP regimeThe FCA, the PRA and the Bank of England (BoE) have released a survey to help with their analysis into the costs and benefits (CBA) of a potential critical third-party (CTP) regime in the UK. The voluntary survey is targeted at service providers to the UK financial services industry; it asks respondents to provide cost estimates based on the regime as outlined in Discussion Paper 3/22 - Operational resilience: Critical third parties to the UK financial sector (DP3/22). Responses are requested by 17 May 2023. The regulators plan to consult further on the CTP regime later in 2023. [11 Apr 2023] |
#CTPs
#OpRes |
EU level
EPRS 'at a glance' briefings: MiCA and the recast transfer of funds regulationThe European Parliamentary Research Service (EPRS) has published 'at a glance' briefings on the markets in crypto-assets legislation (MiCA) and on the recasting of the transfer of funds regulation in view of the upcoming April plenary. The briefings summarise the background to, and development of, the proposed legislation, and summarise the EP's position. [13 Apr 2023] |
#MiCA |
ESMA: Overview of planned CPs 2023The European Securities and Markets Authority (ESMA) has published an overview of its planned Consultation Papers (CPs) for 2023. The topics covered by forthcoming CPs include the Digital Operational Resilience Act (DORA) and the Markets in Crypto-Assets (MiCA) legislation. [12 Apr 2023] |
#DORA
#MiCA |
EP: Debate in plenary scheduled for MiCA & regulation on Information accompanying transfers of funds and certain crypto-assetsThe European Parliament (EP) has updated its procedure file to explain that a debate in plenary on the Markets in crypto-assets (MiCA) Regulation has been scheduled for 18 April 2023. The EP has also published its amendments on the related European Commission's (EC) proposal for a regulation on information accompanying transfers of funds and certain crypto-assets which is forecast for plenary on 18 April 2023. [12 Apr 2023] |
#MiCA
#Cryptoassets |
ESRB held its 49th regular meeting and published risk dashboardThe European Systemic Risk Board (ESRB) General Board held its 49th regular meeting on 30 March 2023 to discuss risks to financial stability in the EU. Among the key takeaways from the meeting is that ESRB plans to publish a report in Q2/2023 on crypto-assets and decentralised finance (defi) and their possible systemic implications. The ESRB has also published its risk dashboard, a set of quantitative and qualitative indicators of systemic risk in the EU financial system, for the first quarter of 2023. [11 Apr 2023] |
#Cryptoassets
#DeFi |
France
BdF/ACPR DP on DeFiThe Banque de France (BdF)/Autorité de contrôle prudentiel et de résolution (ACPR) has published a discussion paper (DP) on possible regulatory approaches to DeFi. The DP provides an analysis of the structure and risks of disintermediated finance and its various components before formulating different regulatory framework scenarios, some of which are alternative, others complementary. The DP's executive summary explains: The main idea developed in this paper is that the regulation of disintermediated finance cannot simply replicate the systems that currently govern traditional finance. On the contrary, regulations must take into account the specific features of DeFi. Moreover, such regulation should not be conceived as a monolithic block, but rather as a combination between traditional financial regulations and regulations inspired by other economic sectors. Feedback to the BdF/ACPR DP is requested by 19 May 2023. Responses will inform the ACPR's positions on the value of, and procedures for, regulating disintermediated finance. In particular, the paper is intended to contribute to ongoing discussions European level as the MiCA Regulation provides for a report to be drawn up within 18 months of MiCA's entry into force. This forthcoming EU report under MiCA will assess, among other things, the value of and procedures attached to a European regulation on disintermediated finance. |
#DeFi
#Disintermediated |
Australia
APRA provides an update on the implementation of new operational risk standardThe Australia Prudential Regulation Authority (APRA) has released an updated timeline for the implementation of the new cross-industry Prudential Standard CPS 230 – Operational Risk Management. CPS 230 is designed to strengthen the management of operational risk in the banking, insurance and superannuation industries. In response to feedback received during the consultation period, APRA intends to:
APRA also plans to release a final version for CPS 230, together with draft supporting guidance, in mid-2023. Further information regarding APRA’s proposals in relation to Operational Risk Management for all APRA-regulated entities can be found here. [13 Apr 2023] |
#OpRes |
Hong Kong
SFC Interim Head of Intermediaries gives keynote speech on securities regulation in Web3 era, discussing SFC's stance in relation to DeFi and centralised VATPsThe SFC has made available a keynote speech delivered by its Interim Head of Intermediaries, Mr Keith Choy, at the Hong Kong Web3 Festival 2023 regarding securities regulation in the Web3 era. Mr Choy reiterated that the SFC recognises the opportunities presented by Web3 and fully supports the use of novel technologies to deliver financial services and products in Hong Kong. He discussed the SFC's regulatory stance and policy initiatives in relation to decentralised finance (DeFi) and centralised virtual asset trading platforms (VATPs). DeFi
Proposed new VATP regime
|
#Web3
#DeFi #VATPs |
Acting Secretary for Financial Services and the Treasury discusses Government's plans to further develop Hong Kong's financial marketThe Acting Secretary for Financial Services and the Treasury, Mr Joseph Chan, gave his opening remarks at the special meeting of the Legislative Council Finance Committee on the estimates of expenditure for financial services and the key areas of work. Mr Chan noted that in the coming year, the Financial Services Branch will focus on both safeguarding Hong Kong's financial stability and further developing its financial market. In relation to fintech, this will include:
Mr Chan also discussed various initiatives in relation to promoting financial inclusiveness and nurturing talent. [12 Apr 2023] |
#Fintech
#VirtualAssets |
India
RBI Master Direction on Outsourcing of IT ServicesFollowing a consultation exercise in 2022, the RBI has issued a Master Direction on the Outsourcing of IT Services. The RBI explains that the underlying principle of the Direction is to ensure that outsourcing arrangements neither diminish an RE's ability to fulfil its obligations to customers nor impede effective supervision by the RBI. The Direction comes into effect from 1 October 2023. [10 Apr 2023] |
#Outsourcing
#IT |
US
CFTC charges New York resident with fraud and misappropriation in digital assets trading schemeThe CFTC has filed a civil enforcement action in the US District Court for the Eastern District of New York against a New York resident. The CFTC’s complaint charges the individual with fraudulently soliciting retail investors to invest in a digital asset trading fund and with misappropriating at least $1 million in investor assets. In its continuing litigation, the CFTC seeks restitution, disgorgement, civil monetary penalties, permanent trading and registration bans, and a permanent injunction against further violations of the Commodity Exchange Act (CEA) and CFTC regulations, as charged. Commenting, Director of Enforcement Ian McGinley said: “As today’s action demonstrates, the CFTC is unrelenting in holding bad actors accountable and protecting retail investors from fraud in the digital asset space.” [11 Apr 2023] |
#DigitalAssets |
Ukraine-related sanctions information
Regular updates on sanctions and other developments that may impact businesses with interests or operations in Ukraine and/or Russia are available on our FSR and Corporate Crime Notes blog here.
Key contacts
Disclaimer
The articles published on this website, current at the dates of publication set out above, are for reference purposes only. They do not constitute legal advice and should not be relied upon as such. Specific legal advice about your specific circumstances should always be sought separately before taking any action.