ICYMI
- Cyber Monthly Wrap-up (UK, EMEA and the US) – June 2024
- Public Law Podcast Episode 16: Regulation of Artificial Intelligence
Global
FATF: Update on implementation of Standards on VAs and VASPs
The Financial Action Task Force (FATF) has published a report providing a fifth targeted review of the global implementation of FATF’s Standards on virtual assets (VA) and virtual asset service providers (VASPs), including the 'travel rule'. It also includes updates on emerging risks and market developments relating to the use of VAs for money laundering, terrorist financing and proliferation financing.
The report found that while some jurisdictions have made progress in putting anti-money laundering and counter-terrorist financing (AML/CFT) regulation in place, global implementation is still lagging. In that context, this report sets out key areas for improvement and recommendations for both public and private sectors.
The status of implementation of Recommendation 15 by FATF members and jurisdictions with materially important VASP activity will be updated and published in 2025. [10 Jul 2024] #VirtualAsset #VASP #AML/CFT
BCBS consults on principles for the sound management of third-party risk
The Basel Committee on Banking Supervision (BCBS) has published a consultation on a proposed set of principles for the sound management of third-party risk in the banking sector. The proposal consists of 12 high-level principles which provide guidance to banks and prudential supervisors on effective third-party risk management, aiming to enhance banks' ability to withstand operational disruptions and mitigate the impact of severe disruptive events.
The principles introduce the concept of a third-party life cycle and emphasise overarching concepts such as criticality and proportionality. They also delve into the topics of supply chain risk and concentration risk, and highlight the importance of supervisory coordination and dialogue across sectors and borders.
The new principles will complement and expand on the Financial Stability Board's (FSB's) 2023 report: Enhancing third-party risk management and oversight. While they are primarily directed at large internationally active banks and their prudential supervisors, they may also benefit smaller banks and authorities.
Responses to the consultation are requested by 9 October 2024. [9 Jul 2024] #OpRes
UK
PSR: PS24/3 – FPS APP scams
The Payment Systems Regulator (PSR) has published Policy Statement 24/3 FPS APP scams reimbursement compliance and monitoring (PS24/3). Following a consultation in April 2024. PS24/3 sets out the requirements that must be in place prior to the faster payments system (FPS) authorised push payment (APP) scams reimbursement policy coming into effect on 7 October 2024. PS24/3 confirms:
- the requirement for directed payment service providers (PSPs) to register with Pay.UK by 20 August 2024;
- the data under reporting standard A, which sending PSPs in-scope of the policy are required to retain and report to Pay.UK monthly;
- the reasonable limits that the PSR is placing on Pay.UK in respect of the use and disclosure of the compliance data it receives; and
- the PSR's approach to requiring PSPs to inform consumers of their rights under the policy.
These changes will be delivered through amendments to the Faster Payments APP scams legal instruments SD19 and SD20 (including the compliance data reporting standards (CDRS)) and SR1.
This package of amendments is expected to drive effective compliance monitoring from the policy start date of 7 October 2024. [12 Jul 2024] #APPFraud #Payments
FCA: Date set for 'finfluencer' trials
The FCA has announced that trial dates have been set for a number of individuals in relation to an unauthorised foreign exchange trading scheme promoted on social media. Seven of the individuals have pleaded not guilty to one count of issuing unauthorised communications of financial promotions; one individual has pleaded not guilty to providing advice on buying and selling contracts for difference (CFDs) while unauthorised to do so and one count of unauthorised communications of financial promotions; and one individual has not entered a plea.
For the eight individuals who have entered pleas, trial dates have been set for 1 February 2027 and 15 March 2027 at Southwark Crown Court. For the individual who has not entered a plea, a new plea hearing has been set for 26 September 2024. [11 Jul 2024] #SocialMedia #Finfluencers
Law Commission: Scoping paper on DAOs
The Law Commission has published a scoping paper examining the current issues around decentralised autonomous organisations (DAOs) and how these may inform any future law reform or innovations. The paper focuses on the aspects of DAOs that are significant for policy and legal purposes, such as:
- DAO arrangements, eg pure DAOs, hybrid arrangements and digital legal entities;
- the possible legal characterisation of DAOs under the law of England and Wales, including how liability might be attributed to a DAO or its participants where it does not consciously use legal entities in its structure;
- the different legal entities that might be used as part of a DAO’s structure in a 'hybrid arrangement';
- the overall attractiveness of England and Wales as a jurisdiction for DAOs;
- areas of regulation in England and Wales that may affect DAOs, including money laundering and financial services regulation and taxation; and
- areas where further work might be useful to accommodate DAOs. [11 Jul 2024] #DAO
BoE speech: Impact of legal entity identifiers on payments
The Bank of England (BoE) has published a speech by its Executive Director for Payments, Victoria Cleland, on the benefits legal entity identifiers (LEIs) could enable for payments, the role that they can play in enhancing cross-border payments, and steps that could be taken to drive their uptake and use. With respect to the latter, Ms Cleland noted that the Financial Stability Board (FSB) will publish a progress report on promoting the uptake of LEIs later this year. [9 Jul 2024] #Payments #LEI
BoE: New data and analytics strategy – three-year roadmap
The Bank of England (BoE) has announced its new data and analytics strategy and set out a three-year roadmap toward its implementation. The strategy is made up of a set of BoE-wide ‘missions’ and ‘foundations’. The missions describe the outcomes that the BoE is working towards, while the foundations identify the cross-cutting support that is required to enable them.
The BoE has also published a speech by James Benford, Executive Director for Data and Analytics Transformation and Chief Data Officer, in which he discusses the strategy, recent successes and the plan ahead, including a new cloud enterprise data platform that will be built and launched over the coming year.
The BoE has committed to reporting on the progress of the plan at least annually. [8 Jul 2024] #Data #Cloud
Europe
ESMA: Q&As – MiCAR
The European Securities and Markets Authority (ESMA) has updated Q&As relating to the Markets in Cryptoassets Regulation (MiCAR) – addressing:
- treatment of staking services;
- grandfathering and applicable ant-money laundering (AML) laws;
- the interaction between Article 60 notifications and the crytpoasset service provider (CASP) transitional phrase;
- simplified authorisation procedures;
- cryptoasset transfers as component of another cryptoasset service or as a separate cryptoasset transfer service;
- entities not authorised as CASPs by the end of the transition period; and
- entities who have not applied for, or whose application for authorisation as CASPs has been refused by the end of the transition period #MiCAR #Crypto #AML #CASP
ESAs consult on guidelines under MiCAR
The European Supervisory Authorities (EBA, EIOPA and ESMA – the ESAs) have published a consultation paper on guidelines under MiCAR. The guidelines propose a standardised test, as well as templates for explanations and legal opinions that provide descriptions of the regulatory classification of cryptoassets in the following cases:
- Asset-referenced tokens (ARTs): the white paper for the issuance of ARTs, which contains comprehensive information about the cryptoasset, must be accompanied by a legal opinion that explains the classification of the cryptoasset – in particular, the fact it is not an EMT nor a cryptoasset that could be considered excluded from the scope of MiCAR.
- Cryptoassets that are not ARTs or EMTs under MiCAR: the white paper for the crypto-asset must be accompanied by an explanation of the classification of the crypto asset – in particular, the fact it is not an EMT, ART or cryptoasset excluded from the scope of MiCAR.
Responses are requested by 12 October 2024. The ESAs will hold a virtual public hearing on the consultation paper on 23 September 2024 and invite interested stakeholders to register by 19 September 2024. [12 Jul 2024] #MiFID #Crypto #ARTs
OJ: AI Regulation
Regulation (EU) 2024/1689 laying down harmonised rules on artificial intelligence (AI) and amending several other EU (AI Act) regulations and directives, has been added to the Official Journal of the EU (OJ). The purpose of the Regulation is 'to improve the functioning of the internal market by laying down a uniform legal framework in particular for the development, the placing on the market, the putting into service and the use of' AI systems in the EU.
The regulation enters into force on the twentieth day following that of its publication in the OJ. It shall apply from 2 August 2026. However:
- Chapters I and II shall apply from 2 February 2025;
- Chapter III Section 4, Chapter V, Chapter VII and Chapter XII and Article 78 shall apply from 2 August 2025, with the exception of Article 101; and
- Article 6(1) and the corresponding obligations in this Regulation shall apply from 2 August 2027. [12 Jul 2024] #AI
ECB reports on key assessment criteria and collection of sound practices in relation to digitalisation
The European Central Bank (ECB) has published a report that defines the key assessment criteria and sound practices relating to banks' digitalisation activities. The report follows the ECB's work in gathering market intelligence, surveying significant institutions, conducting on-site inspections and performing a targeted review. The assessment criteria are based on the regulations and principles under the Capital Requirements Directive (CRD) and the relevant European Banking Authority (EBA) guidelines. In relation to sound practices, the key findings from the report include the following:
- many banks have not defined sufficiently granular key performance indicators (KPIs), including those assessing the impact of their digital strategies on profit and loss;
- banks’ supervisory board members who engage in proactive and information-based discussions are able to adequately define a digitalisation strategy and oversee its execution (although many banks have room for improvement in this area);
- conducting a holistic assessment of the digital strategy’s impact on the bank’s overall risk profile is a sound practice, which also helps to create a comprehensive picture of the risks related to digitalisation; and
- while many banks assess IT-related risks, or operational risks more broadly, they also give weight to considering outsourcing requirements and risks specifically related to critical dependencies and third-party relationships, procedures or software (including beyond their outsourcing frameworks).
In terms of next steps, the ECB will expand the focus of its supervisory work to include reviewing the use of specific technologies more broadly, including the deployment of AI and related business use cases. [11 Jul 2024] #Digitalisation #AI
EBA: European Supervisory Examination Programme 2025
The EBA has published the European Supervisory Examination Programme (ESEP) for 2025, which identifies key topics for heightened supervisory attention across the EU. The ESEP is aimed at driving supervisory convergence by providing competent authorities with a single set of priorities for implementation in 2025.
The topics identified as key for 2025 comprise:
- testing and adjusting to increasing economic and financial uncertainties;
- digital challenges, particularly ICT risk management and building operational resilience towards the digital transformation; and
- transitioning towards Basel III and the EU banking package implementation by ensuring institutions’ information systems and capital planning are able to support the revised prudential metrics and corresponding robustness.
The EBA will follow up on how these key topics are embedded in competent authorities’ priorities for 2025, and how they form part of their supervisory activities throughout the year. [8 Jul 2024] #DigitalT #OpRes
Hong Kong
Updates from FATF
The SFC has issued a circular to licensed corporations, licensed virtual asset service providers and associated entities regarding recent updates from the Financial Action Task Force (FATF):
- Statement on high-risk jurisdictions subject to a call for action – For all countries identified as high-risk, the FATF calls on all members and urges all jurisdictions to apply enhanced due diligence (Myanmar), and, in the most serious cases, apply countermeasures (Democratic People's Republic of Korea and Iran) to protect the international financial system from the money laundering, terrorist financing, and proliferation financing risks emanating from those countries.
- Updated statement on jurisdictions under increased monitoring ‒ The FATF has added Monaco and Venezuela to, and removed Jamaica and Türkiye from this list of jurisdictions. The FATF will closely monitor and continue to assess the progress made by the jurisdictions on this list in addressing the identified strategic deficiencies in their anti-money laundering and counter-financing of terrorism regimes, and encourages its members and all jurisdictions to take into account the information presented in the statement in their risk analysis.
- Various outcomes of the FATF plenary of 26-28 June 2024 ‒ They include (among others) the agreement on the publication of the report on the fifth annual update on jurisdictions’ progress on implementing the FATF standards on virtual assets and virtual asset service providers, and the agreement on having further dialogue with relevant bodies and experts in both the public and private sectors before finalising the proposed amendments to Recommendation 16 (see our previous update) given the complexity of the requirements and the potential impact.
The Insurance Authority and the HKMA (to authorised institutions and stored value facility licensees) have also issued circulars regarding the above FATF updates. [11 Jul 2024] #VirtualAsset #VASP #AML/CFT
First District Court hearings held for 18 defendants in three social media ramp-and-dump cases, following transfer from Magistrates' Court
The District Court has held the first hearings of three large scale and sophisticated ramp-and-dump cases against 18 defendants (including the suspected ringleaders) after the cases were transferred from the Magistrates’ Court (see our previous update). No plea was taken and the cases were adjourned to 12 November 2024.
The 18 defendants in the three cases will be tried separately for the charges laid against them relating to the ramp-and-dump schemes involving the shares of three Hong Kong-listed companies – Eggriculture Foods Limited, Fullwealth Construction Holdings Company Limited and KNT Holdings Limited. They had allegedly organised and executed ramp-and-dump schemes in the shares by manipulating the trading of a large volume of such shares through numerous nominee accounts and inducing investors to buy the shares via different social media platforms. Four of the defendants face charges in two of the three cases.
The criminal proceedings arose from joint investigations by the SFC and the Police into the alleged schemes for various criminal offences, including conspiracy to defraud, conspiracy to employ a scheme with intent to defraud or deceive in transactions involving the above shares, and money laundering.
The court granted each defendant bail on the conditions that they: (i) do not leave Hong Kong, (ii) surrender all travel documents, (iii) pay cash in the same amount as ordered previously, (iv) report to the police station on a regular basis, and (v) reside at the reported residential address (and inform the Police of any change of residential address). [9 Jul 2024] #SocialMedia #AML
HKMA Executive Director of Banking Supervision discusses potential of bancassurance and launch of new HKMA-IA Open API Framework Linkage
Ms Carmen Chu (Executive Director (Banking Supervision) of the HKMA) has made opening remarks at the insurtech seminar co-hosted by the HKMA and the Insurance Authority (IA) on unlocking bancassurance potential with insurtech.
- Insurtech has introduced new opportunities and benefits to the financial industry, and there remains significant untapped potential in the area of bancassurance in light of the inherent synergy between banking and insurance. Banks' extensive customer base and distribution networks combined with insurers' expertise in risk diversification and product offerings, aided by fintech, can enable the delivery of integrated and more comprehensive financial solutions that meet the diverse needs of customers.
- With customer consent, banks and insurers will be able to collect more information to come to a holistic understanding for providing customised products and services at critical life stages, powered by advanced technologies including artificial intelligence, predictive analysis, and distributed ledger technology.
- Innovative practices alongside the expanding scope of data exchange inevitably bring challenges and risks such as frauds and data breaches. A balanced approach is therefore crucial for nurturing an innovative and secure fintech ecosystem.
- The HKMA encourages financial institutions and insurtech service providers to jointly make full use of its Fintech Supervisory Sandbox to test their bancassurance initiatives before the full launch.
- Building on the above sandbox, the HKMA announces a new collaborative initiative – the HKMA-IA Open API Framework Linkage. This is aimed at streamlining the mutual adoption of Application Programming Interfaces (APIs), in applicable areas, for possible use cases across the banking and insurance sectors.
- There are currently over 250 bancassurance-related APIs on the Open API directory hosted by the Hong Kong Science and Technology Park. Banks can make use of open APIs to streamline insurance application processes, while insurance companies are also making use of banks’ open APIs to automate real-time premium payment and even allow for the use of credit card reward points to settle premium. [5 Jul 2024] #Insurtech #Fintech #DLT #Sandbox
Singapore
MAS/ABS: Banks to phase out OTPs to tackle phishing
The Monetary Authority of Singapore (MAS) and the Association of Banks in Singapore (ABS) have announced that major retail banks in Singapore will progressively phase out, over the next three months, the use of one-time passwords (OTPs) for bank account login by customers who are digital token users. This is aimed at protecting customers against phishing scams.
Customers who have activated their digital token on their mobile device will have to use their digital tokens for bank account logins via the browser or the mobile banking app. The digital token will authenticate customers’ login without the need for an OTP that scammers can steal, or trick customers into disclosing. Customers who have not activated their digital tokens are strongly encouraged to do so, to lower the risk of having their credentials phished. [9 Jul 2024] #Phishing #DigitalToken
MAS: Singapore FinTech Festival returns in November 2024
MAS has announced that the ninth edition of the Singapore FinTech Festival (SFF) 2024 will be held from 6 to 8 November. SFF 2024 will examine the transformative potential of artificial intelligence (AI) and quantum computing in revolutionising financial services and to deliver sustainable and inclusive economic growth. [8 Jul 2024] #Fintech #AI #QuantumComputing
Malaysia
BNM speech: Impact of AI – the next steps for regulators and industry
Bank Negara Malaysia (BNM) has published a speech by its Deputy Governor, Adnan Zaylani Ahmad Zahid, on the potential benefits and risks of artificial intelligence (AI) to financial services and the way forward for financial regulators and the industry. [11 Jul 2024] #AI
BNM: Policy document on licensing and regulatory framework for digital insurers and takaful operators
BNM has published a policy document on licensing and regulatory framework for digital insurers and takaful operators (DITOs) which sets out requirements to facilitate the entry of DITOs that can deliver strong and meaningful value propositions of inclusion, competition and efficiency.
DITOs will observe a foundational phase over a period between three to seven years to demonstrate their viability and operational soundness. DITOs will also be accorded a lower minimum paid-up capital during the foundational phase to be more proportionate to their business operations at the initial stages.
BNM invites firms to submit formal applications between 2 January 2025 and 31 December 2026. [9 Jul 2024] #DigitalInsurance
US
CFTC and DoJ Fraud Disruption Conference focuses on combatting crypto schemes
The Commodity Futures Trading Commission (CFTC) and the Department of Justice (DoJ) Computer Crime and Intellectual Property Section’s National Cryptocurrency Enforcement Team (NCET) have reported on their first Fraud Disruption Conference to work on efforts to combat a type of crypto-confidence fraud commonly known as “pig butchering.” The agencies estimated that Americans are scammed out of billions per year, making this a top law enforcement priority.
This is the first of a series of Fraud Disruption conferences the CFTC will be hosting with the DoJ and other partners to discuss various financial frauds and explore approaches to combat or disrupt scams. The conference was joined by over 300 federal regulators and law enforcement officials from more than 15 regulatory agencies.
The working group addressed strategies to prevent victimization; using technology to disrupt the fraud; and collaboration on enforcement efforts. Several agencies also collaborated on an anti-victimization messaging campaign to warn Americans to remain vigilant against emerging fraud threats.
In addition to speakers from law enforcement and regulatory agencies, participants heard remarks from CFTC Chair Rostin Behnam and DoJ NCET Director Claudia Quiroz. [11 Jul 2024] #Crypto #Fraud
Rashid Ahmed
FSR & CCI Professional Support Paralegal, London
Vasuki Balasubramaniam
FSR & CCI Professional Support Paralegal, London
Disclaimer
The articles published on this website, current at the dates of publication set out above, are for reference purposes only. They do not constitute legal advice and should not be relied upon as such. Specific legal advice about your specific circumstances should always be sought separately before taking any action.