In this regular post, we round-up FinTech-related financial services regulatory developments for the week ending 17 November 2023.
ICYMI
- Beyond the hype: Will new laws win trust in banks' AI tools?
- Trust and verify: Can tougher oversight help crypto launch a comeback?
- APP fraud: Prevention is surely better than paying out
- Insights on outsouring and other lessons from a data breach - the UK FCA perspective
Global
IOSCO finalises policy recommendations for CDA markets
The International Organization of Securities Commissions (IOSCO) has published a final report setting out 18 policy recommendations for the regulation of crypto and digital assets (CDA). The recommendations are designed to support greater consistency with respect to regulatory frameworks and oversight in IOSCO member jurisdictions, and to address concerns related to market integrity and investor protection arising from crypto-asset activities. They cover six key areas, consistent with the IOSCO Objectives and Principles for Securities Regulation and relevant supporting IOSCO standards, recommendations, and good practices:
- conflicts of interest arising from vertical integration of activities and functions;
- market manipulation, insider trading and fraud;
- custody and client asset protection;
- cross-border risks and regulatory cooperation;
- operational and technological risk; and
- retail distribution.
While the recommendations are not directly addressed to markets participants, crypto-asset service providers (CASPs) and all participants in crypto-asset markets are strongly encouraged to carefully consider the expectations and outcomes articulated through the recommendations and the respective supporting guidance in the conduct of their activities including registered/licensed and cross-border activities. [16 Nov 2023]
#Cryptoasset #DigitalAsset
FSI: Managing cloud risk
The Financial Stability Institute (FSI) of the Bank for International Settlements (BIS) has published a paper which considers the risks of the use of the cloud and identifies some considerations for potential oversight frameworks for critical cloud service providers (CSPs) that take into account their potential systemic importance, as well as the cross-sectoral and cross-border nature of their operations.
The paper concludes that the unique characteristics of public cloud services pose risks to financial firms, including threats to data security and privacy, system availability and continuity of operations. As such, regulatory interventions may be needed to address some of the systemic risks arising from the use of cloud services in the financial sector. This could include a direct regulatory oversight framework for critical CSPs that builds on cross-sectoral regulations, with additional sector-specific requirements where necessary and feasible, and includes cross-border cooperation arrangements. [16 Nov 2023]
#Cloud
BCBS: DP – Digital fraud and banking
The Basel Committee on Banking Supervision (BCBS) has published a Discussion Paper (DP) on the supervisory and financial stability implications of digital fraud in banking. The DP examines the increasing scale of digital fraud, including:
- its defining features, effect on banks and how should policymakers think about it;
- the supervisory and financial stability implications, the relevance of digital fraud to the BCBS and its mandate, and the availability of empirical data to assess its magnitude and prevalence; and
- actions to mitigate digital fraud risks within the banking sector at the domestic, regional, and global levels.
Responses to the DP are requested by 16 February 2024. [15 Nov 2023]
#DigitalFraud
FSB: Plenary meeting summary
The Financial Stability Board (FSB) Plenary has published a summary of its meeting in Basel. Among other things, the Plenary discussed:
- the FSB’s work programme for 2024, which was agreed;
- the outlook for financial stability, particularly pockets of remaining banking-sector vulnerabilities, property markets and operational resilience, although acknowledging that the system as a whole is resilient;
- current vulnerabilities in emerging market and developing economies (EMDEs) and issues related to progress in implementing the FSB high-level recommendations for cryptoassets and global stablecoin arrangements; and
- the importance of global and consistent implementation of the FSB’s high-level recommendations, as delivered to the G20, for the regulation, supervision and oversight of both cryptoasset markets and activities, and global stablecoin arrangements. [14 Nov 2023]
#Cryptoasset #Stablecoin
UK
PRA: CFO letters in respect of risks associated with DAs
The PRA has published a template version of its letter to Chief Financial Officers (CFOs) on working with deposit aggregators (DAs). The letter sets out the steps that firms should consider taking to mitigate risks relating to DAs with which they may have relationships – whether presently or in the future. These actions aim to mitigate risks in three main areas: pay-out risk in relation to the Financial Services Compensation Scheme (FSCS); liquidity risk; and third-party risk. The PRA's recommended actions for firms include, but are not limited to:
- ensuring depositor protection through measures such as verifying ‘absolute entitlement’ for underlying beneficiaries, and managing data to permit orderly failure;
- managing liquidity risks by making appropriate assumptions around the correlation and concentration of funding in the firm’s internal stress testing to ensure compliance with the PRA’s overall liquidity adequacy rule; and
- ensuring appropriate outsourcing and third party risk management by considering how the PRA's expectations relate to firms' arrangements with DAs. [15 Nov 2023]
#DepositAggregator
HMCTS: Master of the Rolls discusses the digital justice system
HM Courts and Tribunals Service (HMCTS) has published a speech delivered by Sir Geoffrey Vos, Master of the Rolls and Head of Civil Justice in England and Wales, entitled Justice in the Digital Age. In his speech, Sir Geoffrey discussed how the digitisation of the process and the creation of a digital justice system for all 'small' civil family and tribunal cases might affect the handling and disposal of the larger cases dealt with in the Business and Property Courts (B&PC). Alongside this, he considered the role that generative artificial intelligence (AI) and the Electronic Trade Documents Act 2023 are likely to have on business dispute resolution in the courts. [14 Nov 2023]
#DigitalJustice #AI
Commons: Answer to written question on privacy in relation to CBDC
For HMT, Economic Secretary Andrew Griffith has provided a written statement in response to the question posed by David Davis, MP, on what assessment the Chancellor has made of the potential impact of a UK central bank digital currency (CBDC) on the right to privacy. The response explains that:
- a digital pound would be subject to rigorous standards of privacy and data protection;
- neither HM Government (HMG) nor the BoE will have access to personal data, or be able to see how consumers use their money;
- legislation will be brought forward prior to the introduction of the digital pound; and
- HMG and the BoE have consulted on the privacy features of the potential digital pound and are currently reviewing the feedback prior to publishing a response in due course. [13 Nov 2023]
#CBDC #DigitalPound
Europe
ESMA Chair: Innovation with protection – the next steps on the MiCAR journey
The European Securities and Markets Authority (ESMA) has published a speech by its Chair, Verena Ross, at the Malta Financial Supervisors Academy (FSA) Forum on the Markets in Cryptoassets Regulation (MiCAR). Ms Ross discussed ESMA's ongoing work to supplement MiCAR with robust technical standards, focusing on the second package of draft technical standards which is currently under consultation.
She also spoke on how ESMA is preparing for the transition to the new MiCAR regime in close cooperation with colleagues in the national competent authorities (NCAs) who will ultimately be responsible for the supervision and enforcement of MiCAR. [17 Nov 2023]
#Cryptoasset #MiCAR
EC requests feedback on critical ICT third-party service providers – DORA
The European Commission (EC) has published the draft act which supports the Digital Operational Resilience Act (DORA) by specifying certain criteria and fees relating to critical ICT third-party service providers for comment.
Feedback is requested by 14 December 2023. [16 Nov 2023]
#DORA
OJ: ECB Decision concerning the terms and conditions of TARGET
A Decision of the European Central Bank (ECB) amending Decision EU/2022/911 concerning the terms and conditions of the Trans-European Automated Real-time Gross Settlement Express Transfer system (TARGET) has been published in the Official Journal of the EU (OJ).
The purpose of the amendments includes:
- clarifying certain aspects regarding the use of the trademarks relating to TARGET services;
- further specifying the requirement for the Eurosystem central banks (Eurosystem CBs) to ensure that no accounts other than TARGET accounts are opened for participants eligible to participate in TARGET for the purpose of providing services falling within the scope of that Guideline;
- introducing measures to mitigate for the event of failure of a Eurosystem CB’s connection to TARGET; and
- establishling the mandatory use of the Contingency Solution from 21 March 2025 for all real-time gross settlement dedicated cash account holders and ancillary systems participating in TARGET.
The Decision will enter into force on 20 November 2023. [16 Nov 2023]
#TARGET #payments
EBA: Chair discusses operational resilience in EU financial services
The European Banking Authority (EBA) has published a speech delivered by its Chair, José Manuel Campa, on operational resilience in EU financial services. Mr Campa discussed the importance of operational resilience and shared recent regulatory and supervisory developments. Among the key takeaways from the speech are:
- the EBA has heard that around half of EU banks report that 75% to 100% of their customers primarily use digital channels for regular banking;
- over 70% of banks are using artifical intelligence (AI) in at least some areas;
- 65% of EU banks have reported that they have established partnerships with BigTech firms and this could create additional complexity in existing infrastructures as interconnectedness and dependencies deepen between technology providers and the banking sector;
- use of RegTech has increased quickly;
- there are around 15,000 technology companies directly serving EU financial services firms, despite this number, the market is also 'highly concentrated'; and
- for the framework set out in the Digital Operational Resilience Act (DORA) to work well, the European Supervisory Authorities (ESAs) and EU financial supervisors will need to cooperate and coordinate – this will be facilitated by new structures being set up by the ESAs. [15 Nov 2023]
#AI #RegTech #DORA
ECB: Chair of the Supervisory Board discusses the regulation of crypto finance
The European Central Bank (ECB) has published a speech delivered by Andrea Enria, Chair of the Supervisory Board, at the Markets in Cryptoassets Regulation (MiCAR) conference hosted by the University of Venice. The speech focused on the regulation of crypto finance under the MiCAR, which entered into force at the end of June 2023 and will be applicable in its entirety by the end of 2024. Among other things, Mr Enria discussed:
- how the turbulence experienced in crypto markets necessitates a tougher regulatory approach than initially envisaged;
- the scope of MiCAR and its limitations; and
- the interactions and interconnectivity between crypto finance and the banking sector. [14 Nov 2023]
#Cryptoasset #MiCAR
Australia
ASIC releases results of inaugural cyber pulse survey
ASIC has released the results of a self-reported survey of Australian companies’ cyber capabilities. The survey gave a weighted average of 1.66 (on a scale of 0 to 4) on the average cyber maturity score, with larger organisations consistently scoring higher than smaller. The survey indicates that:
- 44% of participants do not manage third-party or supply chain risk;
- 58% of participants have limited or no capability to protect confidential information adequately;
- 33% of participants do not have a cyber incident response plan; and
- 20% of participants have not adopted a cyber security standard. [13 Nov 2023]
#Cybersecurity
Hong Kong
HKMA issues revised version of SPM Module CR-S-4 'New Share Subscription and share Margin Financing' for implementation on 22 November 2023
The HKMA has published an updated version of its Supervisory Policy Manual (SPM) module CR-S-4 'New Share Subscription and Share Margin Financing' as a statutory guideline under section 7(3) of the Banking Ordinance. This supersedes the previous version dated 26 January 2007 and will take effect on 22 November 2023.
SPM module CR-S-4 sets out the minimum standards expected of authorised institutions which are engaged in initial public offering (IPO) activities, including:
- financing their clients’ subscription for IPO shares;
- performing the role of a designated bank / receiving bank in an IPO; or
- providing share margin financing to their clients.
The revised module has incorporated changes consequential to the IPO settlement reform by the HKEX through the launch of Fast Interface for New Issuance, which will be launched on 22 November 2023 (see our previous update). The HKMA has also taken the opportunity to provide further guidance on a holistic approach to risk management of share margin financing, taking into account the latest incidents in the market. [17 Nov 2023]
#FINI
SFC updates AML/CFT Self-Assessment Checklist
The SFC has issued a circular to inform licensed corporations (LCs), licensed virtual asset service providers (VASPs) and associate entities (AEs) that it has updated the AML/CFT Self-Assessment Checklist to reflect the recently amended Guideline on Anti-Money Laundering and Counter-Financing of Terrorism (For Licensed Corporations and SFC-licensed Virtual Asset Service Providers) (see our previous update).
The checklist aims to provide a structured and comprehensive framework for LCs, SFC-licensed VASPs and AEs to assess their compliance with the key anti-money laundering and counter-financing of terrorism (AML/CFT) requirements. They are advised to use this checklist as part of their regular reviews to monitor compliance.
Senior management of LCs, SFC-licensed VASPs and AEs should ensure that any compliance deficiencies identified during the regular reviews are rectified in a timely manner. As part of the SFC's supervision, they may be required to provide documentary evidence of the performance of such reviews (and the results). [14 Nov 2023]
#VirtualAsset #AML #CFT
Singapore
Singapore FinTech Festival focuses on AI
The eighth edition of the Singapore FinTech Festival was held 14 to 17 November 2023. With a central theme of 'AI for good. AI for good?', the festival brought together leaders and experts from around the world in finance, technology and public policy. Besides focusing on AI, the festival facilitated dialogues on re-architecting the financial system, preparing for future risks in technology and climate, and powering entrepreneurs and the future tech workforce. [17 Nov 2023]
#AI
MAS: Launch of cross-border payment systems connectivity with Malaysia and with Indonesia
The Monetary Authority of Singapore (MAS) and Bank Negara Malaysia (BNM) have jointly launched the real-time payment systems linkage between Singapore’s PayNow and Malaysia’s DuitNow. The initiative follows the QR payment linkage announced on 31 March 2023 which enabled cross-border QR payments to merchants. MAS Managing Director Mr Ravi Menon and BNM Governor Mr Abdul Rasheed Ghaffour marked the launch by executing live cross-border fund transfers to each other at the Singapore FinTech Festival.
Additionally, Bank Indonesia (BI) and MAS launched the cross-border quick response (QR) payment linkage between Indonesia and Singapore. This linkage enables customers of participating financial institutions to make seamless cross-border retail payments using their existing mobile banking applications to scan QRIS (Quick Response Code Indonesian Standard) or NETS QR codes displayed by merchants in Indonesia and Singapore respectively. BI Governor, Perry Warjiyo, and Ravi Menon, jointly launched the linkage by making live cross-border QR payments at the Singapore FinTech Festival. [17 Nov 2023]
#Payments
MAS and SFA announce award winners at Singapore FinTech Festival 2023
MAS and the Singapore FinTech Association (SFA) have announced the winners of the Global FinTech Hackcelerator and the SFF Global FinTech Awards at the Singapore FinTech Festival. The winners, comprising financial institutions, FinTechs and solution providers, were recognised for their ground-breaking solutions that address challenges faced by the financial services industry. [17 Nov 2023]
#Hackcelerator #FinTech
MAS launches initiatives to ensure the safe and innovative use of digital money
MAS has unveiled three initiatives to ensure the safe and innovative use of digital money in Singapore:
- the Orchid Blueprint, which sets out the infrastructure required for a digital Singapore dollar;
- four new digital money trials which will be undertaken with industry players to examine relevant infrastructure components and commercial models; and
- a plan to issue a 'live' wholesale central bank digital currency (CBDC) for interbank settlement in 2024. [16 Nov 2023]
#CBDC #DigitalMoney
MAS: Launch of Gprnt for digital ESG data collection and access
MAS has announced the launch of Gprnt (pronounced 'Greenprint'), an integrated digital platform that harnesses technology to simplify how the financial sector and real economy collect, access and act upon environmental, social and governance (ESG) data to support their sustainability initiatives.
Gprnt is the culmination of MAS’ Project Greenprint and offers an enhanced digital reporting solution for both large businesses and small and medium enterprises (SMEs) to seamlessly report their ESG information. It is currently undergoing live testing with selected banks and SMEs, and will be progressively rolled out from Q1 2024 onwards. [16 Nov 2023]
#GreenTech
MAS: Conclusion of phase one of Project MindForge – a risk framework for GenAI
MAS has announced the successful conclusion of phase one of Project MindForge which seeks to develop a risk framework for the use of Generative Artificial Intelligence (GenAI) for the financial sector. Phase one saw the identification of seven risk dimensions in the areas of: (a) Accountability and Governance, (b) Monitoring and Stability, (c) Transparency and Explainability, (d) Fairness and Bias, (e) Legal and Regulatory, (f) Ethics and Impact, and (g) Cyber and Data Security. It is intended that this framework will enable financial institutions to use GenAI in a responsible manner. A platform-agnostic GenAI reference architecture was also developed, providing a list of the building blocks and components that organisations can use to create robust enterprise-level GenAI technology capabilities.
The executive summary of a whitepaper detailing the risk framework has been published; the whitepaper itself will follow in January 2024. [15 Nov 2023]
#AI #GenAI #Cybersecurity
MAS announces partnership with financial industry to expand asset tokenisation initiatives
MAS has announced that it is working with the financial industry to expand asset tokenisation initiatives and develop foundational capabilities to scale tokenised markets. These developments under Project Guardian aim at catalysing the institutional adoption of digital assets, in order to free up liquidity, unlock investment opportunities, and increase the efficiency of financial markets. [15 Nov 2023]
#Tokenisation #DigitalAsset
MAS announces partnership with IFC and WEF to advance digital inclusion
MAS, the International Finance Corporation (IFC) and the World Economic Forum (WEF) have signed a Memorandum of Understanding (MoU) to collaborate on initiatives to advance digital inclusion through financial services, with the aim of reducing inequalities for people and smaller businesses in emerging and developing economies.
The partnership will focus on finding ways to better mobilise financing to make digital services more affordable and accessible for underserved individuals and communities, and micro, small and medium-sized enterprises (MSMEs), with the support of financial institutions and FinTech companies. This will include creating guidelines for digital financial inclusion financing instruments as well as efforts to promote the guidelines in the Asian market. [14 Nov 2023]
#DigitalInclusion #FinTech
MAS: AI-powered system to support sustainable finance in real estate sector
MAS has announced that it has developed a Minimum Viable Product (MVP) that can assist banks to tap into AI when issuing Sustainability-Linked Loans (SLLs) in the real estate sector. The MVP was developed by the Project NovA! consortium which has concluded the first phase of its work. In his opening speech at the Project NovA! Launch Event, Mr Tan Kiat How, Senior Minister of State, Ministry of Communications and Information & Ministry of National Development, discussed, among other things, how the MVP has built in core features to address problems in the SLL market such as:
- a lack of sustainability-related data in the SLL market, making it difficult for financial institutions to set well-defined sustainability performance targets (SPTs) and make informed lending decisions;
- greenwashing concerns, where the sustainability-related declarations may not reflect the actual sustainability profile of the business, resulting in funds potentially being invested in projects that do not advance sustainability; and
- manual efforts by banks to read and interpret various types of disclosures from lenders when setting and monitoring SPTs, which is not only time-consuming but also error prone, and can have downstream impacts in terms of ensuring compliance. [14 Nov 2023]
#AI
Malaysia
BNM: Launch of cross-border real-time payment systems connectivity with Singapore
Bank Negara Malaysia (BNM) and the Monetary Authority of Singapore (MAS) have jointly launched the real-time payment systems linkage between Malaysia’s DuitNow and Singapore’s PayNow. The initiative follows the QR payment linkage announced on 31 March 2023 which enabled cross-border QR payments to merchants. BNM Governor Datuk Abdul Rasheed Ghaffour and MAS Managing Director Mr Ravi Menon marked the launch by executing live cross-border fund transfers to each other at the Singapore FinTech Festival. [17 Nov 2023]
#FinTech #Payments
US
NYDFS issues new regulatory guidance on listing and delisting virtual currencies
The New York State Department of Financial Services (NYDFS) has issued guidance which adopts enhanced requirements for coin-listing and delisting policies of NYDFS-regulated virtual currency entities, updating the prior framework issued in 2020. The guidance bolsters risk assessment standards for coin-listing policies and tailors enhanced requirements for retail consumer-facing businesses. It also requires licensees to develop and submit to NYDFS for approval a coin-delisting policy that is compliant with this guidance to ensure that, in the event a coin must be delisted, it can be done in an orderly way that protects consumers and minimizes market disruption. [16 Nov 2023]
#VirtualCurrency
OCC symposium on the tokenization of real-world assets and liabilities
The OCC will hold a symposium on the tokenization of real-world assets and liabilities on February 8, 2024, at its headquarters in Washington, D.C. The symposium will include panel discussions among thought leaders, academics, community groups, and the banking industry on tokenization and is open to the public for in-person or virtual attendance. Registration is required for in-person attendance and this is open until January 22, 2024, or until full, whichever occurs first. A livestream will be available on the OCC website. [13 Nov 2023]
#Tokenisation
Disclaimer
Herbert Smith Freehills LLP has a Formal Law Alliance (FLA) with Singapore law firm Prolegis LLC, which provides clients with access to Singapore law advice from Prolegis. The FLA in the name of Herbert Smith Freehills Prolegis allows the two firms to deliver a complementary and seamless legal service.