Follow us

In this regular update, we round-up FinTech-related financial services regulatory developments for the week ending 31 March 2023.

ICYMI

Recent updates from Herbert Smith Freehills include:

Global

IOSCO: Final report on retail market conduct

The International Organization of Securities Commissions (IOSCO) has published a final report calling for greater international collaboration and cooperation to combat cross-border scams, greenwashing, misconduct, and fraud.  Chapter 2 of the report contains an overview of the evolving retail trading landscape, including digital engagement practices and technology changes. Chapter 3 focuses on digitalisation, social media and retail trading and includes coverage of cryptoasset trends and the growth of decentralised finance (DeFi).  Chapter 4 covers the evolving fraud and scams landscape, Chapter 5 discusses disclosure, product design and product intervention, and Chapter 6 addresses investor education.

In Chapter 7, the report sets out a toolkit for regulators to deploy. Among the tools discussed are monitoring of online marketing and distribution trends (including 'Finfluencer' activity), enhancing engagement with online service providers, using advanced data analytics and behaviour science, using regulatory powers to provide know-your-customer (KYC) and trade reporting databases for cryptoasset transactions, and using regulatory sandboxes. [31 Mar 2023]

#Crypto

#DeFi

#Finfluencers

#Sandbox

#DataAnalytics

CPMI: Final report on facilitating increased adoption of PvP

The Committee on Payments and Market Infrastructures (CPMI) has published its final report – issued as part of the G20 enhancing cross-border payments programme – on facilitating increased adoption of payment versus payment (PvP).  It analyses the causes of non-PvP settlement, takes stock of existing and proposed new PvP solutions and suggests roles for the private and public sectors to facilitate increased adoption of PvP.

The report explains how PvP has been successful in reducing foreign exchange (FX) settlement risk for much of the FX market, but that pockets remain exposed to risk. [27 Mar 2023]

#Payments

#PvP

#Decentralised

 

UK

HMG: Letter to the DRCF and additional materials relating to the AI White Paper

The Department for Science, Innovation and Technology (DSIT) has published the letter from the Secretary of State Michelle Donelan to the Digital Regulation Cooperation Forum (DRCF) regarding the approach to regulating Artificial Intelligence (AI). The DRCF is comprised of the Competition and Markets Authority (CMA), the FCA, the Information Commissioner’s Office (ICO) and the Office of Communications (Ofcom). The Minister sets out the expectations for the role of the DRCF in respect of the development of an AI regulatory framework.

Additional materials related to HM Government's (HMG's) AI White Paper have also been published, these include:

#AI
PSR: Annual Plan and Budget 2023/24

The Payment Systems Regulator (PSR) has published its Annual Plan and Budget for 2023/23. The plan sets out a summary of the PSR's key aims and activities for 2023/24 and its expected operating costs. It identifies the following key projects among others:

  • tackling authorised push payment (APP) scams;
  • shaping the new payments architecture (NPA);
  • monitoring card fees; and
  • monitoring developments in relation to digital currencies and cryptoassets.

With regard to cryptoassets, the PSR's plans for 2023/24 include:

  • developing its approach to regulating the Sterling Fnality Payment System (the first new high-value payment system which the Treasury has designated since the PSR came into being, and the first to use distributed ledger technology (DLT));
  • engaging on the discussion around the potential digital pound; and
  • proactively contributing to the development of approaches to cryptoassets, stablecoins and central bank digital currencies (CBDCs).

The PSR has also published a factsheet summarising its key projects, along with a short introductory video. [30 Mar 2023]

#payments

#OpenBanking

#crypto

#DLT

#CBDCs

 

HMG: Second Economic Crime Plan 2023-2026

HMG has published the second Economic Crime Plan for 2023-2026. The plan is intended to build on the first Economic Crime Plan with new actions to improve the system-wide response to through enhanced cooperation between government, law enforcement, supervisory agencies and the private sector.  The plan sets out three outcomes, around which elements of the plan are organised:

  • reducing money laundering and recovering more criminal assets;
  • combatting kleptocracy and driving down sanctions evasion; and
  • cutting fraud.

Among the provisions set out in the plan are:

  • 475 new financial crime investigators focused on tackling money laundering and asset recovery;
  • deploying state-of-the-art technology;
  • creating a new Crypto Cell which will bring together law enforcement agencies and regulators to tackle the criminal abuse of cryptoassets; and
  • a new Combatting Kleptocracy Cell which will focus on corrupt elites.  [30 Mar 2023]
#cryptoassets

#AML/CFT

TSC Sub-committee on FSRs: Response from PSR indicates end May for APP Scam final policy

The Treasury Committee (TSC) Sub-committee on Financial Services Regulations (FSRs) has published the response received from Chris Helmsley, Managing Director of the Payment Systems Regulator (PSR) to its Chair Harriet Baldwin MP on the Sub-committee's February 2023 report: Scam reimbursement: pushing for a better solution. Mr Helmsley says that the PSR is unable to address all the points and questions raised in the report at this time. The PSR's final policy statement is due to be released 'in late May' and this will provide 'a comprehensive response to all the views provided to [the PSR] including the points in the Committee’s report'.

However, the letter goes on to explain that the PSR's is considering using section 55 of the Financial Services (Banking Reform) Act 2013 (FSBRA) in the context of the authorised push payments (APP) scams changes. Section 55 of FSBRA allows the PSR to require a designated payment systems operator to amend the rules for the operation of a system; the PSR notes that once it has given a formal direction under s.55 FSBRA it has a range of powers to enforce against a breach. [30 Mar 2023]

#APPscams
PRA: Thematic findings from CST22

The PRA has published a letter setting out the thematic findings from the 2022 cyber stress test (CST22). CST22 was a voluntary test based on a hypothetical data integrity scenario in retail payments. The key findings focus on the following themes.

  • Industry co-ordination - Timely and co-ordinated decision-making and action across the industry is critical in limiting the impact of an incident.
  • Communication - Consistent, effective and timely communications are important throughout an incident. Aligning communication across entities and through channels is an important tool for maintaining public confidence in times of extreme stress.
  • Contingencies - It is important to explore what contingencies are already available and consider how different contingencies could work together in an incident. It is crucial that firms test payment rerouting processes to operate safely, quickly, and at scale. Further work may be needed to develop options for responding to an incident by improving existing contingencies or developing and investing in new ones.
  • Mitigants - Suitable mitigating actions could help to maintain public confidence in the financial system and limit the risk of an incident causing financial instability.
  • Reconciliation - It is important to develop and test suitable tools and scripts to help automate data reconciliation in advance of an incident.
  • Testing capabilities - It is important to undertake appropriate planning, preparation and testing to further strengthen individual firm capabilities and the underpinning assets, including technologies and processes which support the industry's ability to respond and recover. Testing plans should be reviewed to ensure they cover a broad range of scenarios across confidentiality, data integrity and availability.

PRA-regulated firms and financial market infrastructure firms (FMIs), including those who did not participate in CST22, are expected to reflect on these thematic findings and incorporate relevant aspects in their continuing implementation of operational resilience and related policies. [29 Mar 2023]

#Cyber

#CST22

BoE: Remarks on enhancing cross-border payments 

The BoE has published the remarks delivered by Victoria Cleland, Executive Director for Banking, Payments and Innovation, at the Silk Road Cash & Payments Conference. Ms Cleland spoke about the importance of enhancing cross-border payments, making reference to the G20 roadmap, and emphasised the need for global collaboration across the public and private sectors to achieving this goal. [29 Mar 2023]

#Payments
DSIT: White paper on the approach to AI regulation

The Department for Science, Innovation and Technology (DSIT) has published, for consultation, a white paper setting out  proposals for implementing a proportionate, future-proof and pro-innovation framework for regulating AI. The paper explains that HMG will empower existing regulators to develop tailored approaches that suit the way AI is actually being used across different sectors. The white paper outlines the following five principles that regulators should consider to best facilitate the safe and innovative use of AI:

  • Safety, security and robustness - Applications of AI should function in a secure, safe and robust way where risks are carefully managed.
  • Transparency and explainability - Organisations developing and deploying AI should be able to communicate when and how it is used and explain a system’s decision-making process in an appropriate level of detail that matches the risks posed by the use of AI.
  • Fairness - AI should be used in a way which complies with the UK’s existing laws and must not discriminate against individuals or create unfair commercial outcomes.
  • Accountability and governance - Measures are needed to ensure there is appropriate oversight of the way AI is being used and clear accountability for the outcomes.
  • Contestability and redress - People need to have clear routes to dispute harmful outcomes or decisions generated by AI.

Feedback to the consultation is requested by 21 June 2023. [29 Mar 2023]

#AI
Commons written question & answer: Royal Mint NFT

For HMT, the Economic Secretary Andrew Griffith has responded to a question posed by Harriet Baldwin MP, Chair of the Treasury Committee (TSC), regarding the intention of the Royal Mint to issue a non fungible token (NFT). The Economic Secretary explains that, following consultation within HMT, the Royal Mint is not proceeding with the launch of an NFT at this time but will keep the proposal under review. [28 Mar 2023]

#NFTs
DRCF Algorithmic Processing workstream - Key findings from industry workshops

The DRCF has published the findings from the two workshops which were held by its Algorithmic Processing workstream. 22 industry stakeholders joined the workshops to explore how the procurement of algorithmic systems takes place, barriers that inhibit effective information sharing between parties, and potential solutions that could help to address these challenges. Three finding are highlighted: 

  • there is not a one-size-fits-all approach to achieving transparency in the procurement of algorithmic systems (it is noted that procurement goes beyond acquiring off-the-shelf systems and extends to, for example, acquiring data sets which can be used to train systems);
  • buyers can lack the technical expertise to effectively scrutinise the algorithmic systems they are procuring, whilst vendors may limit the information they share with buyers (for example, the paper observes that there is concern among some vendors that competitors may be selective with performance metrics); and
  • there are some opportunities for achieving greater transparency across algorithmic procurement emerging, including the potential for certification, standards and guidelines to play a role.

The workshops follow on from two papers published by the workstream on the benefits and harms of algorithmic systems and on auditing algorithms.  [28 Mar 2023]

#AlgorithmicSystems
BoE: Minutes of the CBDC Engagement Forum - March 2023

The BoE has published the minutes of the central bank digital currency (CBDC) Engagement Forum for March 2023. The BoE and HM Treasury delivered a presentation on the Consultation Paper (CP) and the accompanying Technology Working Paper on the digital pound, published on 7 February 2023. Among other things, members were interested in understanding how the digital pound would sit alongside other payments initiatives, including the New Payments Architecture and the current Real-Time Gross Settlement (RTGS) system.

The Forum also discussed ongoing stakeholder engagement as HM Treasury and the BoE move into the design phase of work on the digital pound, which would see the authorities' work becoming more detailed with a strong focus on operational and technical challenges. Attendees said that the Forum was useful, with some commenting that intensifying and widening engagement would be useful. [27 Mar 2023]

#CBDCs

 

EU

ESMA: Updated Q&As on DLTR

The European Securities and Markets Authority (ESMA) has updated its questions and answers (Q&As) on the Distributed Ledger Technology Pilot Regulation (DLTR) with a new Q&A on DLT shares valuation. [31 Mar 2023]

#DLTR
EDPS: Privacy and data protection considerations for CBDCs

The European Data Protection Supervisor (EDPS) has published an article on central bank digital currencies (CBDCs). Initially explaining what CBDCs are, the article then goes on to discuss the potential privacy and data protection issues covering a range of topics from how design choices can exacerbate issues to whether the identified social need and/or policy objectives set of for a CBDC balance any privacy concerns through to the need for post-quantum cryptography to be factored in during design stages. [30 Mar 2023]

#CBDCs
EBA: Consultation on amendments to guidelines on risk-based AML/CFT supervision to include CASPs

The European Banking Authority (EBA) has published a consultation on amendments to its guidelines on risk-based anti-money laundering and countering the financing of terrorism (AML/CFT) supervision. The proposed amendments extend the scope of the guidelines to AML/CFT supervisors of crypto-asset service providers (CASPs). The amendments also include guidance on the sources of information which competent authorities should consider when assessing ML/TF risks associated with CASPs.

Feedback is requested by 29 June 2023. [29 Mar 2023]

#Crypto

#CASPs

#AML

 

Hong Kong

HKMA and BIS co-host international financial regulatory conference following BCBS meeting in Hong Kong 

The HKMA and the Bank for International Settlements (BIS) jointly organised an international financial regulatory conference in Hong Kong on 24 March 2023 with the theme “Future-proof Supervision for an Innovative Banking World".  This follows a two-day meeting of the Basel Committee on Banking Supervision (BCBS) in Hong Kong on 22 and 23 March 2023, the first physical meeting of the BCBS outside of Basel since the outbreak of the pandemic in 2020.

Over 100 senior officials of central banks and regulatory authorities, as well as top executives of financial institutions from more than 25 economies attended the HKMA-BIS conference.

  • In a keynote speech, Mr Pablo Hernández de Cos (Governor of the Bank of Spain and the Chair of the BCBS) discussed how macro-prudential tools can complement micro-prudential supervision to strengthen financial stability in an ever-changing financial world.
  • Other speakers shared their insights on how to enhance the resilience of the banking system, and better prepare for the future in light of the opportunities and challenges brought about by crypto assets, from the perspectives of both financial regulators and market players.  [24 Mar 2023]
 #crypto

#innovation

HKMA Chief Executive discusses latest developments and areas to watch out for in HKMA-BIS international financial regulatory conference 

The HKMA's Chief Executive, Mr Eddie Yue, delivered welcome remarks at the HKMA-BIS international financial regulatory conference referred to in the summary above.  He discussed the latest developments as well as areas to watch out for in relation to risks in the financial system.

  • The monetary environment has changed significantly over the past year, as major central banks global have been simultaneously raising interest rates at an unprecedented pace to curb inflation.  Such an abrupt tightening of monetary conditions will be a real test of the resilience of the global financial markets and banking system.
  • Non-bank financial intermediation is playing an increasing role in providing funding to the real economy.  The market incidents in recent years indicate that the build-up of leverage and liquidity imbalances in non-bank entities could amplify volatilities in the wider financial system.  It is therefore important to strengthen the resilience of non-bank financial institutions and reduce their procyclicality in times of system-wide stress.
  • Technological advancement has been a game changer for the financial world.  Recent events in relation to crypto assets serve as a wake-up call that the linkages between the financial system and the crypto space are already very intertwined, and that such interconnectedness may grow even further in future.
  • It is crucial for central banks and regulators globally to work collectively on coordinated policy responses for implementation in individual jurisdictions, ensuring that a full set of tools is available, including micro-prudential instruments focusing on individual institutions and macro-prudential tools for the stability of the financial system as a whole.
  • The HKMA will build on its experience and continue to participate actively in the work of international fora to contribute to global financial stability.  [24 Mar 2023]
#crypto

#innovation

 

 

Singapore

MAS and BNM announce launch of cross-border QR code payments connectivity

The Monetary Authority of Singapore (MAS) and Bank Negara Malaysia (BNM) have launched a cross-border QR code payment linkage between Singapore and Malaysia. The payment linkage will allow customers of participating financial institutions to make retail payments by scanning NETS QR and DuitNow QR codes . It will support in-person payments through the scanning of physical QR codes displayed by merchants, and online cross-border e-commerce transactions.

In the next phase, MAS and BNM plan to expand the payment linkage to enable cross-border account-to-account fund transfers and remittances. This will allow users to make real-time fund transfers between Singapore and Malaysia using just the recipient’s mobile phone number via PayNow and DuitNow. This service is expected to go live by end-2023.  [31 Mar 2023] 

#Payments

#QRcodes

MAS: Statement on disruption of bank's digital banking services

MAS has published a statement in relation to the disruption of a bank's digital banking services. The statement explains that the bank notified MAS that its customers were experiencing difficulties logging in to its digital banking services at the time of the disruption, and that normal digital banking services have now resumed.

MAS has instructed the bank to conduct an investigation to establish the root cause of the disruption. [29 Mar 2023]

#DigitalBanking

 

Malaysia

BNM: Annual Report 2022

The BNM has published its Annual Report 2022 setting out its key initiatives in 2022 and providing an account of its operations and resources. The key highlights of 2022 include:

  • building a robust ecosystem that fosters innovation, competition, and dynamism in the financial sector;
  • continuing to work closely with industry partners to reduce barriers to e-payment adoption and promote the responsible and safe use of e-payments, including through e-Duit campaign;
  • pioneering the world’s first transaction-based Islamic benchmark rate developed in accordance with the International Principles for Financial Benchmarks;
  • collaborating with the Government and the financial industry to heighten efforts to combat online financial scams, increase the public’s awareness on scam prevention, and ensure that emerging cyber threats are effectively managed; and
  • making significant progress throughout the year to address climate-related risks.

Alongside side this, the BNM has published its Economic and Monetary Review 2022 and Financial Stability Review for H2 2022. [29 Mar 2023]

#payments
BNM: Financial technology regulatory sandbox framework - exposure draft

BNM has published an exposure draft setting out its proposal to issue a new financial technology regulatory sandbox framework policy document, which contains amendments to the policy document of the same name issued on 18 October 2016 [BNM/RH/PD 030-1]. The amendments are focused on ensuring proportionate regulatory facilitation and improving operational efficiency of the existing sandbox procedures through:

  • simplifying the sandbox’s Stage 1 (eligibility) assessment; and
  • introducing an Innovation Green Lane, which aims to provide a risk-proportionate and accelerated pathway for innovative solutions by financial institutions with strong risk management capabilities.

Feedback is requested by 30 May 2023. [28 Mar 2023]

#Sandbox

 

India

SEBI circular: Cyber security and cyber resilience for portfolio managers

SEBI has published a circular regarding cyber security and cyber resilience for portfolio managers. The circular explains that all portfolio managers with assets under management (AUM) of INR 3000 crore are required to comply with SEBI's provisions on cyber security and resilience as set out in an annex to the circular. The guidelines annexed with the circular are effective from 1 October 2023.  [29 Mar 2023]

#CyberResilience
IFSCA: MoU with IIMK LIVE

The International Financial Services Centers Authority (IFSCA) and IIMK LIVE, an innovation hub, have signed a memorandum of understanding (MoU). The MoU provides a framework for cooperation and understanding between IFSCA and IIMK LIVE that will enable them to collaborate in supporting and facilitating FinTech and TechFin entities. [27 Mar 2023]

#FinTech 

 

US

DoJ, FTC and EC hold third US-EU Joint Technology Competition Policy Dialogue

The Department of Justice (DoJ) has announced that it held the third US-EU Joint Technology Competition Policy Dialogue (TCPD) along with the Federal Trade Commission (FTC) and the European Commission (EC).

The discussions centered around critical themes the agencies are facing, including the reasons mergers between digital players may lead to competition concerns. Participants also shared policy reflections in the area of abuse of dominance and monopolization in the digital sector, and presented recent policy initiatives in this field. They also exchanged views on the evolving business strategies of big tech companies as well as on their implications for enforcement.

Participants also announced planned liaisons of experts from the Antitrust Division and the FTC in Brussels, with each sending an official to assist with implementation of the European Union's Digital Markets Act. [30 Mar 2023]

#Technology

#DigitalMarkets

SEC charges crypto trading platform and its executives for operating an unregistered exchange, broker, and clearing agency

The SEC has charged a crypto asset trading platform and its executives for failing to register as a national securities exchange, broker, and clearing agency. The SEC also charged the founder of the platform, and a company he controlled, with raising $8 million in an unregistered offering of the tokens and alleged that the defendant misappropriated at least $900,000 for personal use, including gambling. Finally, the SEC charged market makers operating on the platform as unregistered dealers. [29 Mar 2023]

#Crypto
CFTC: Civil action against cryptocurrency exchange

The CFTC has announced that it has filed a civil enforcement action in the US District Court for the Northern District of Illinois charging a CEO and chief compliance officer (CCO) of a cryptocurrency exchange and the three entities that operate as part of the cryptocurrency exchange platform with violations of the CEA and CFTC regulations.

The complaint alleges that the exchange's compliance program was ineffective and that the CEO instructed employees and customers to circumvent compliance controls.

In its continuing litigation against the defendants, the CFTC seeks disgorgement, civil monetary penalties, permanent trading and registration bans, and a permanent injunction against further violations of the CEA and CFTC regulations, as charged. [27 Mar 2023]

#CryptocurrencyExchange
DoJ: Foreign national sentenced for victimizing US persons through cyber-enabled fraud schemes  

The DoJ has announced that a Nigerian national was sentenced to four years and one month in prison for his role in a cybercriminal group operating out of Nigeria and Malaysia, among other places, that executed complex financial fraud scams using the internet.

According to court documents, between December 2011 and January 2017, the individual and his co-conspirators devised and executed business email compromise (BEC), work-from-home, check-cashing, romance, and credit card scams that targeted unsuspecting individuals, banks, and businesses in the US and elsewhere, and were intended to cause more than a million dollars in losses to US victims. [27 Mar 2023]

#Cyber

#Fraud

DoJ: CEO of company sentenced for cryptocurrency fraud scheme

The DoJ has announced that the CEO and founder of a company was sentenced to four years and three months in prison for his role in a cryptocurrency fraud scheme involving the company’s initial coin offering (ICO) that raised approximately $21 million from investors in the US and overseas.

According to court documents, the CEO touted the company – a purported cryptocurrency investment platform – as a cryptocurrency investment opportunity, luring investors to purchase the cryptocurrency token or coin offered in the ICO through a series of false and misleading statements. Although he was required to do so, the defendant did not register the ICO with the SEC, nor did he have a valid exemption from the SEC’s registration requirements. [24 Mar 2023]

#Crypto

#Fraud

 

 

Ukraine-related sanctions information

Regular updates on sanctions and other developments that may impact businesses with interests or operations in Ukraine and/or Russia are available on our FSR and Corporate Crime Notes blog here.

 

 

Karen Anderson photo

Karen Anderson

Consultant, London

Karen Anderson
Cat Dankos photo

Cat Dankos

Regulatory Consultant, London

Cat Dankos

Key contacts

Karen Anderson photo

Karen Anderson

Consultant, London

Karen Anderson
Cat Dankos photo

Cat Dankos

Regulatory Consultant, London

Cat Dankos
Karen Anderson Cat Dankos