FinTech Global FS Regulatory Round-up - w/e 26 April 2024

In this regular post, we round-up FinTech-related financial services regulatory developments for the week ending 26 April 2024.

ICYMI

• UK SFO promises a 'strong, dynamic, confident and pragmatic organisation' in new five year strategy
• How open is open source? Averted cyber attack indicates watershed moment in open source supply chain security and poses important questions on software liability

UK

PDP: Progress update report

The Pensions Dashboards Programme (PDP) has published its ninth progress update report which covers the PDP's work to deliver the technical solution and facilitate connection to the dashboards ecosystem. It looks back at the PDP's achievements since October 2023, as well as looking ahead to its focus areas for the next six months.

The report notes that the PDP is continuing to engage with wider industry to prepare for the first connection date in April 2025. It confirmed that it is working closely with a group of 20-plus volunteer participants on their connection, which is expected to begin in August 2024. Updated drafts of data standards for dashboards have also been shared with volunteer participants and will be published soon, and drafts of other standards are being refined with industry and partners.  [26 Apr 2024]

#PensionsDashboard

FCA consults on updates to Financial Crime Guide

The FCA has published a consultation (CP24/9) on proposed updates to the Financial Crime Guide in relation to sanctions, proliferation financing and transaction monitoring. The proposal also includes adding references to cryptoassets and the Consumer Duty, along with consequential changes throughout the Guide. The Guide does not contain rules and imposes no new requirements on firms.

CP24/9 is relevant to all FCA financial crime supervised firms as well as firms that the FCA supervises under The Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (MLRs), including cryptoasset businesses.

Responses to CP24/9 are requested by 27 June 2024. The FCA intends to publish feedback, along with the final amended text of the Guide, in a policy statement in due course. It will also look to introduce further changes to the Guide through consultation, as needed. [25 Apr 2024]

#Crypto

FCA CEO discusses DRCF priorities and Big Tech opportunities

The FCA has published a speech delivered by Nikhil Rathi, CEO, at the Digital Regulation Cooperation Forum (DRCF) – the group of UK regulators which includes the FCA, the Competition and Markets Authority (CMA), the Information Commissioner's Office (ICO) and the Office of Communications (OfCom). Mr Rathi explained that BigTech was a priority for the DRCF and commented on the FCA's approach to artificial intelligence (AI).

He noted, among other things, that the FCA is examining the case for developing a commercially viable framework for data sharing in open banking and finance. Mr Rathi also commented on the FCA's current proposals to 'adopt a looser public interest test for announcement of enforcement investigations judged on a case by case basis'. He argued that the planned approach would not undermine competitiveness, and offered the FCA's warning on a crypto firm which subsequently collapsed as illustrative.

Mr Rathi's address is alongside: the launch of the DRCF's new AI and Digital Hub, which will enable innovators to seek advice from more than one regulator; the publication of the DRCF's  Workplan; the release of the FCA's response to HM Government's (HMG's) AI White Paper; and an FCA policy response on Big Tech in financial services. FCA CEO discusses DRCF priorities and Big Tech opportunities [22 Apr 2024]

#OpenBanking #BigTech #Crypto #AI #DigitalHub

FCA: AI update in response to HMG White Paper

The FCA has published an update setting out its response to HMG's AI White Paper. The update includes the FCA's role and objectives, work to date, existing approach and plans for the next 12 months.

In the update, the FCA emphasises the importance of promoting the safe and responsible use of AI in UK financial markets and leveraging AI in a way that drives beneficial innovation. It sees beneficial innovation as a vital component of effective competition.

The FCA is also focused on how firms can safely and responsibly adopt the technology as well as understanding what impact AI innovations are having on consumers and markets. This includes close scrutiny of the systems and processes firms have in place to ensure that the FCA's regulatory expectations are met. The FCA believes an evidence-based view, which balances both the benefits and risks of AI, will ensure a proportionate, effective and pro-innovation approach to the use of AI in financial services. [22 Apr 2024]

#AI

FCA: FS24/1 – potential competition impacts from the data asymmetry between Big Tech and firms in financial services

The FCA has published Feedback Statement 24/1 (FS24/1), following responses to its Call for Input (CFI), published in November 2023, on potential competition impacts from the data asymmetry between Big Tech and firms in financial services.

Overall, the FCA has not identified significant current effects from the data asymmetry between Big Tech firms and financial services firms. However, it has highlighted three key issues that could adversely affect how competition evolves in retail financial markets:

• there is a risk of data asymmetry increasing barriers to entry and expansion in financial markets over time contributing to Big Tech firms gaining market power;
• there is a risk of Big Tech firms’ platforms becoming the primary access channel (gatekeeper) for retail financial services in the future; and
• there is a risk of financial services firms’ upstream partnerships with Big Tech firms being concentrated and limiting bargaining power of financial services firms.

The FCA's planned next steps are as follows:

• continued monitoring (and working with regulatory partners) of Big Tech firms’ financial services activities to assess whether policy changes are needed;
• working with Big Tech firms to examine whether data from their core digital activities would be valuable in certain retail financial markets;
• depending on these results, developing proposals in the context of open finance, and for the CMA to consider; and
• examining how firms’ incentives can be aligned to share data where this is valuable to achieve good outcomes for consumers.

Alongside these initiatives, the FCA and the Payment Systems Regulator (PSR) will work closely together to understand the risks and opportunities related to digital wallets. [22 Apr 2024]

#BigTech #DigitalWallets 

DRCF: Three-year Workplan

Alongside the launch of the new AI and Digital Hub, the DRCF has published its new Workplan, setting out its three-year vision which incorporates protecting and empowering people online, and unlocking digital innovation and economic growth. In addition to the Hub launch, key areas of focus for 2024/25 include online safety and data protection, a continued focus on AI governance, as well as a deep dive on emerging technologies, including digital ID and deepfakes. The DRCF has also published a response to the key themes raised in its November 2023 CFI on the Workplan. [22 Apr 2024]

#AI #Deepfakes #DigitalID

BoE/PRA: Response to AI White Paper and approach to AI

The Bank of England (BoE) and PRA have published the response to the AI White Paper and the request for an update on the strategic approach to AI.  The letter sets out how AI is considered in the context of the the BoE's and PRA's statutory objectives and approach to regulation.  It also explains that work is underway on four potential areas where further clarification on the regulatory framework as regards AI could be beneficial: data management; model risk management; governance; and operational resilience and third-party risks. An annex to the letter sets out greater detail. [22 Apr 2024]

#AI

PSR MD discusses open banking and payments

The PSR has published a speech delivered by Chris Hemsley, Managing Director (MD) at the Payments Leaders' Summit. The speech largely focused on open banking and payments, exploring the key themes of trust, building a network, infrastructure, and moving towards a long-term, sustainable model. [22 Apr 2024]

#OpenBanking #Infrastructure

FMSB: SoGP for the application of a model risk management framework to electronic trading algorithms

The Financial Markets Standards Board (FMSB) has published its final Statement of Good Practice (SoGP) for the application of a model risk management framework to electronic trading algorithms. The SoGP focuses on areas where market practitioners, including 'first line' risk owners and 'second line' risk managers, have identified that the nature of model use in algos merits a differentiated approach compared with other model types.

This industry-developed good practice supplements existing broader supervisory guidance, but does not impose legal or regulatory obligations on Member Firms or take the place of regulation. [22 Apr 2024]

#Algos

Europe

EP adopts AML package

The European Parliament (EP) has adopted a package of laws aimed at strengthening the EU’s toolkit to fight money-laundering and terrorist financing (ML/TF).

The new rules seek to ensure that people with a legitimate interest, including journalists, media professionals, civil society organisations, competent authorities, and supervisory bodies, will have immediate, unfiltered, direct and free access to beneficial ownership information held in national registries and interconnected at EU level. In addition to current information, the registries will also include data going back at least five years.

To supervise the new rules on combatting money laundering, a new authority – the Authority for Anti-Money Laundering and Countering the Financing of Terrorism (AMLA) – will be established in Frankfurt.

The new laws need to be formally adopted by the Council of the EU before publication in the Official Journal of the European Union (OJ). [25 Apr 2024]

#Data #AML

ECB: G7 Cyber Expert Group conducts cross-border coordination exercise in the financial sector

The European Central Bank (ECB) has announced that the G7 Cyber Expert Group conducted a cross-border coordination exercise on 17 April 2024. The exercise assumed a large-scale cyber-attack on financial market infrastructures (FMIs) and entities in all G7 jurisdictions. The primary objective of the exercise was to strengthen the ability of G7 financial authorities in effectively communicating and coordinating their respective responses to facilitate crisis management in the event of a significant cross-border cyber incident affecting the financial sector. [23 Apr 2024]

#Cyber

EP: MEPs adopt proposals to enhance fraud protection and access to cash in payment services

The EP has announced that MEPs have adopted proposals to enhance fraud protection and access to cash in payment services. The proposals cover security of transfers and data, transparency in fees, better access to cash, and new types of payment services.

The EP has now closed the first reading on these pieces of legislation. Work will be followed up by the new Parliament after the 6 - 9 June European elections. [23 Apr 2024]

#Payments

Hong Kong

SFC warns public of suspected virtual asset-related fraud

The SFC has warned the public of entities operating under the names of 'CBEX Group' and 'Bitget Pro' for suspected virtual asset-related fraudulent activities.

The SFC suspects that both entities may have deceived investors with fake withdrawal records, as their investors have reported difficulties with virtual asset withdrawals or unauthorised withdrawals.

At the SFC’s request, the Hong Kong Police Force has taken steps to block access to relevant websites. Nonetheless, the public should beware that scammers may continue to create websites with similar domain names.

Both entities and their respective websites were posted on the SFC's Suspicious Virtual Asset Trading Platforms Alert List on 23 April 2024.  [23 Apr 2024]

#VirtualAsset #VATP #Fraud

HKMA consults on proposed revisions to SPM Module TM-E-1 'Risk Management of E-banking' and associated set of FAQs

The HKMA has issued a letter to consult the banking industry on proposed revisions to its Supervisory Policy Manual (SPM) Module TM-E-1, 'Risk Management of E-banking', and an associated set of frequently asked questions (FAQs).  The consultation closes on 24 May 2024.

The revised module SPM TM-E-1 is expanded to cover the controls over payment card transactions (such as management of card-not-present (CNP) transactions, and notification for card-present transactions) mentioned in the HKMA circular on major enhancements on protection of payment card customers dated 20 June 2023 (see our previous update).  The revised module also incorporates various measures in the HKMA circular on enhancements to security of electronic banking services dated 31 Oct 2023 (see our previous update), and the circular on binding payment cards for contactless mobile payments dated 25 April 2023 (see our previous update), among others.

The revised FAQs for SPM TM-E-1 aims to incorporate guidance relating to malware scams and phishing attacks involving unauthorised device binding and fund transfers.  The revised FAQ on SMS OTP for CNP Payment Card Transaction is expanded to cover payment card transactions.  [19 Apr 2024]

#EBanking 

Malaysia

SCM: VHACK 2024

SCM has announced that, in collaboration with the Computer Science Society of Universiti Sains Malaysia (USM), it held the Varsity Hackathon (VHACK 2024) on 20 April 2024. The VHACK provided a platform for cultivating the next generation of fintech talents. Focusing on solving curated Sustainable Development Goals (SDG) related real-life issues, the winners and participants showcased the ability to assimilate technical knowledge into real-life applications, with proposed solutions ranging from interactive educational platform, to investment and debt management apps to improve financial literacy, to tech-powered crops management solutions. [22 Apr 2024]

#VHACK2024