ICYMI
- CrowdStrike/Microsoft outage
- The King's Speech: 40 policy bills, a gaping AI hole and a boomerang data bill
Global
BCBS: Final disclosure framework for banks' cryptoasset exposures and targeted amendments to cryptoasset standard
The Basel Committee on Banking Supervision (BCBS) has published the final disclosure framework for banks' cryptoasset exposures and targeted amendments to its cryptoasset standard, published in December 2022.
The final disclosure framework includes a set of standardised tables and templates that require banks to disclose qualitative information on their cryptoasset-related activities and quantitative information on the capital and liquidity requirements for their cryptoasset exposures. The use of common disclosure requirements aims to enhance information availability and support market discipline.
The targeted amendments to the cryptoasset prudential standard aim to further promote a consistent understanding of the standard, particularly regarding the criteria for stablecoins to receive a preferential 'Group 1b' regulatory treatment. Various other technical amendments clarify other aspects of the standard.
Both standards have an implementation date of 1 January 2026. The BCBS will continue to monitor developments in cryptoasset markets and the need to mitigate new risks. [17 Jul 2024] #Cryptoassets
FSB consults on recommendations related to data flows - cross-border payments
The Financial Stability Board (FSB) has published a consultation on recommendations to address frictions in data flows related to cross-border payments and to promote a level playing field between bank and non-bank providers of payment services. The consultation comprises two parts:
- recommendations to promote greater alignment in data frameworks related to cross-border payments; and
- recommendations to promote consistency in the regulation and supervision of bank and non-bank payment service providers.
The reports take forward priority actions under the G20 Roadmap to address legal, supervisory and regulatory frictions in cross-border payments to help achieve the quantitative targets in 2027. Responses are requested by 9 September 2024. [16 Jul 2024] #Payments
GDF and GLEIF announce partnership regarding digital asset industry standards
Global Digital Finance (GDF), the global members association and platform for open innovation in digital assets in financial services, and Global Legal Entity Identifier Foundation (GLEIF), the global not-for-profit organisation dedicated to enhancing transparency in the global marketplace by supporting the implementation and use of the LEI and verifiable LEI (vLEI) have announced a partnership in support of the development of an ecosystem of standards for the digital asset industry.
The partnership will help support data standardisation as a critical means to help build bridges and foster interoperability between the digital asset ecosystem and traditional finance, consistent with GDF’s mission of promoting and underpinning the greater adoption of market standards for the use of crypto and digital assets. [16 Jul 2024] #DigitalAssets #LEI
UK
PSR consults on guidance on supporting the identification of APP scams and civil disputes
The Payment Systems Regulator (PSR) has published a consultation on draft guidance aimed at supporting payment service providers (PSPs) in their assessment of whether an authorised push payment (APP) scam claim raised by a consumer is not reimbursable under the reimbursement requirement because it is a private civil dispute. The guidance sets out factors that PSPs should consider when carrying out such assessments.
Responses to the consultation are requested by 8 August 2024. The PSR intends to publish the final guidance in mid-September 2024. The implementation date of the reimbursement policy is 7 October 2024. [18 Jul 2024] #APPFraud #Payments
King's Speech – Briefing notes for new legislation
The Government has published the briefing notes accompanying the announcements made in the 2024 King's Speech. The notes provide further information on each of the Bills and draft Bills addressed in the speech. From a Fintech perspective, the proposed legislation which may be of interest to financial services firms is set out below.
- The Digital Information and Smart Data Bill which includes the following measures:
- establishment of a Digital Verification Service; and
- setting up Smart Data schemes – secure sharing of a customer's data upon their request with authorised third-party providers (an expansion on Open Banking).
- The Cyber Security and Resilience Bill which includes the following measures:
- expanding the remit of the regulation to protect more digital services and supply chains;
- putting regulators on a strong footing to ensure essential cyber safety measures are being implemented, including potentially cost recovery mechanisms to provide resources to regulators and providing powers to proactively investigate potential vulnerabilities; and
- mandating increased incident reporting to give Government better data on cyber attacks. [17 Jul 2024] #SmartData #Cybersecurity
FCA and PSR launch joint call for information on big tech and digital wallets
The FCA and Payments Systems Regulator (PSR) have jointly issued a Call for Information (CfI) on the benefits and risks of digital wallets. The CfI asks:
- about the range of benefits that digital wallets bring for service users;
- whether there are any features that mean payments do not work as well as they could for consumers and/or businesses;
- about the role digital wallets play in unlocking the potential of account-to-account payments and how they could impact competition between payment systems; and
- whether digital wallets could raise any significant competition, consumer protection or market integrity issues, either now or in the future.
Responses are requested by 13 September 2024. The regulators will analyse all responses received and provide an update by Q1 2025. [15 Jul 2024] #DigitalWallets #BigTech #A2A #Payments
Europe
Eurosystem sets policy on access by non-bank PSPs to central bank payment systems
The Eurosystem has published a paper setting out its policy to allow non-bank payment service providers (PSPs) to access central bank-operated payment systems including TARGET. Starting in April 2025, non-bank PSPs meeting certain requirements will be able to access TARGET, including T2 (for settling payments) and TIPS (for settling instant payments). The requirements will be set out in the TARGET guideline and will be the same as those that currently apply to credit institutions.
Non-bank PSPs include payment institutions and electronic money institutions (EMIs), as defined under the Payment Services Directive and the Electronic Money Directive respectively. The European Central Board (ECB) plans to publish a related legal act in the coming months. [19 Jul 2024] #Payments #TARGET #EMIs
ESAs announce establishment of EU-SCICF
The European Supervisory Authorities (EBA, EIOPA and ESMA – the ESAs), have announced that they will establish the EU systemic cyber incident coordination framework (EU-SCICF), in the context of the Digital Operational Resilience Act (DORA). The framework is intended to facilitate an effective financial sector response to a cyber incident that poses a risk to financial stability, by strengthening coordination both within the EU, and at the international level.
Initial work on the implementation of the framework in the coming months will include the set-up of:
- the EU-SCICF Secretariat, supporting the functioning of the framework;
- the EU-SCICF Forum, working on testing and maturing the functioning; and
- the EU-SCICF Crisis Coordination, facilitating during a crisis the coordination of actions by the participating authorities.
The ESAs will report legal and other operational hurdles encountered during the initial set up to the EC. The further development of the framework will be subject to the availability of resources and other measures taken by the EC. [17 Jul 2024] #Cyber #DORA
ESAs publish second batch of policy products under DORA
The ESAs have published the second batch of policy products under DORA. Consisting of four final draft regulatory technical standards (RTS), one set of Implementing Technical Standards (ITS) and two guidelines, the package focuses on the reporting framework for ICT-related incidents and threat-led penetration testing. It also introduces some requirements on the design of the oversight framework.
The final draft technical standards are:
- RTS and ITS on the content, format, templates and timelines for reporting major ICT-related incidents and significant cyber threats;
- RTS on the harmonisation of conditions enabling the conduct of the oversight activities;
- RTS specifying the criteria for determining the composition of the joint examination team (JET); and
- RTS on threat-led penetration testing (TLPT).
The guidelines include:
- Guidelines on the estimation of aggregated costs/losses caused by major ICT-related incidents; and
- Guidelines on oversight cooperation.
The guidelines have already been adopted by the Boards of Supervisors of the three ESAs. The final draft technical standards have been submitted to the EC, which will now start working on their review with the objective to adopt these policy products in the coming months. The remaining RTS on subcontracting will be published in due course. [17 Jul 2024] #DORA #Cyber
EBA consults on draft guidelines to assist NCAs in performing their duties under MiCAR
The EBA has published a consultation paper proposing draft guidelines on templates to assist NCAs in performing their supervisory duties regarding issuers’ compliance under Titles III and IV of the Markets in Cryptoassets Regulation (MiCAR). The intended outcome of the consultation is that NCAs have sufficient comparable information to supervise compliance of issuers with MiCAR requirements and that the EBA will have information necessary to conduct the significance assessment under MiCAR.
Responses are requested by 15 October 2024. The EBA will hold a virtual public hearing on this consultation paper on 20 September 2024. [15 Jul 2024] #MiCAR #Crypto
Australia
ASIC and OIAC sign information sharing MoU for sharing of data and privacy breach information
ASIC and the Office of the Australian Information Commissioner (OIAC) have signed a memorandum of understanding (MOU) in relation to sharing information between the agencies, and with respect to data and privacy breaches. The MoU is in response to increasing numbers of data and privacy breaches, and allows both proactive sharing and requests between the agencies. The chair of ASIC, Joe Longo, said that the MoU would allow the agencies to 'act fast and effectively', while the Australian Information Commissioner, Angelene Falk, stated that the MoU supported 'a joined-up approach by regulators' that would allow efficient and effective responses to cross-regulatory matters. [19 Jul 2024] #Data
Hong Kong
FSTB and HKMA conclude consultation on legislative proposal to regulate fiat-referenced stablecoin issuers in Hong Kong, with the aim of introducing bill into LegCo within 2024; and HKMA announces stablecoin issuer sandbox participants
The Financial Services and the Treasury Bureau (FSTB) and the HKMA have jointly published the conclusions to their consultation on the legislative proposal to implement a regulatory regime for fiat-referenced stablecoin issuers in Hong Kong. The consultation was launched in December 2023 (see our previous update).
The FSTB and the HKMA indicated that a vast majority of respondents had agreed that with the increased prevalence and evolving development of virtual assets, a regulatory regime should be introduced for fiat-referenced stablecoin issuers, with a view to facilitating proper management of the potential monetary and financial stability risks, as well as providing transparent and suitable guardrails. The proposed regulatory requirements and implementation arrangements received general support from respondents, with some further enhancements suggested in the submissions.
The FSTB and the HKMA will take into account the views and suggestions from respondents, as well as international discussions and the latest market developments, in finalising the legislative proposal for implementing the regulatory regime, with a view to introducing a bill into the Legislative Council (LegCo) later this year.
The HKMA will in due course issue licensing and supervisory guidelines to facilitate applicants’ understanding of, and compliance with, the relevant requirements under the regulatory regime.
Separately, the HKMA has announced the first three participants of the stablecoin issuer sandbox. The participants are expected to comply with the sandbox requirements – they will not be handling the general public’s funds at the initial stage, and will not solicit funding from the public or offer any products associated with the sandbox. Members of the public are advised to stay vigilant to potential scams purporting to be related to the sandbox. The HKMA will make separate announcements in the event sandbox participants are allowed to handle the general public’s funds within a limited scope as a result of adjustments to the testing scope.
The Deputy Chief Executive of the HKMA, Mr Darryl Chan, has published an inSight article on the stablecoin reform and the sandbox. The Under Secretary for Financial Services and the Treasury, Mr Joseph Chan, also made opening remarks (in Chinese) on the reform at the meeting of the Subcommittee on Issues Relating to the Development of Web3 and Virtual Assets. [17 - 19 Jul 2024] #Stablecoins #Sandbox
Singapore
MAS commits S$100 million to FSTI 3.0 grant scheme – supporting quantum and AI capabilities
The Monetary Authority of Singapore (MAS) has announced that that it will commit an additional S$100 million under the Financial Sector Technology and Innovation (FSTI 3.0) grant scheme to support financial institutions in the building, advancement and adoption of capabilities in quantum and artificial intelligence (AI) technologies. In particular, MAS will establish a quantum track under the scheme, comprising the following grants:
- 'technology centres' grant (to support the establishment of quantum computing and security innovation functions in Singapore);
- 'technology innovation' grant (to support adoption of quantum technology solutions by financial institutions); and
- 'security grant' (to enhance cyber security readiness).
MAS will also enhance the existing AI and data grant scheme under FSTI 3.0; more details on this will be shared in the coming months. [18 Jul 2024] #AI #Quantum #Cyber
MAS Annual Report; MAS MD sets out financial sector priorities – AI, quantum, resilience
In conjunction with the release of its annual report for the financial year 2023/2024, MAS has published a speech by Mr Chia Der Jiun, Managing Director (MD), delivered at the MAS Annual Report press Conference. Among other things, the MAS MD outlined developments in Singapore's financial sector, and highlighted MAS' intention to prioritise: "safe and resilient digital financial services"; "fair dealing in financial services"; and "building new capabilities in sustainability, AI and quantum technology".
Looking ahead, MAS is planning to consult on enhancing the requirements set out in its Notice on Technology Risk Management, and on instituting a technology assurance program for financial institutions that are core to the Singapore financial system.
On GenAI, the findings of a study into how GenAI will change jobs in financial sector will be release early next year, alongside MAS' recommendations. Also on AI, MAS is putting together a set of good practices for addressing AI model, technology and cyber risks, and considering supervisory guidance for next year. An industry-led AI Governance Handbook to aid the development of good AI governance practices is also targeted to be finalised then.
MAS is also working with the industry on a proof-of-concept sandbox on quantum key distribution (QKD) to enable secure and quantum-safe communication between MAS and participating financial institutions. The sandbox is expected to be implemented by the end of this year, and will help build QKD capabilities for broader application in the industry to strengthen quantum resilience. [18 Jul 2024] #AI #Quantum #Cyber
India
RBI extends deadline for hackathon applications
The Reserve Bank of India (RBI) has announced an extension to the deadline for submitting applications to its third global hackathon – ‘HaRBInger 2024: Innovation for Transformation’ – to July 31, 2024. [18 Jul 2024] #Hackathon
Indonesia
New Implementing Regulations to OJK Technological Innovation Regulation
Following the issuance of OJK Regulation No. 3 of 2024 on the Implementation of Technological Innovation in the Financial Sector (Regulation 3/24, in Indonesian language), the Indonesian Financial Services Authority (OJK) issued Circular Letter No. 5/SEOJK.07/2024 on the Mechanism of Room for Innovation Trial and Development (Circular Letter 5/24, in Indonesian language) and Circular Letter No. 6/SEOJK.07/2024 on the Registration of the Technological Innovation Organiser in the Financial Sector (Circular Letter 6/24, in Indonesian language), both came into effect on 3 June 2024 as the implementing regulations of Regulation 3/24.
Circular Letter 5/2024 elaborates on the mechanism for registering to be in the OJK sandbox. It covers: the purpose, scope, participation in sandbox; application forms and procedure to be a participant; suitability criteria, verification process and documents analysis to become participant; approval or rejection of the application; and innovation trial and development process, reporting, monitoring, and approval cancellation by OJK, final report, and result of sandbox process. Some of the above matters have been addressed under Regulation 3/24, but the circular provides further details for applying to be in the sandbox. While Circular Letter 6/2024 sets out the procedure for a participant, which has passed the sandbox process, to register with OJK as a technological innovation operator, before applying for a business licence.
The new circular letters issued by OJK aim to provide clarity and details on the application procedure to be in the OJK sandbox process; and, after passing the OJK sandbox process, on the application procedure to register as a technological innovation operator, which is a step before applying for a business licence as a technological innovation operator to OJK. [19 Jul 2024] #Sandbox
Malaysia
SCM updates guidance note to address finfluencers' activities
The Securities Commission Malaysia (SCM) has updated its Guidance Note on the Provision of Investment Advice to address the growing popularity of financial influencers (finfluencers) who promote capital market products and services on social media.
The update clarifies SCM's regulatory expectations. In particular, SCM explains that promotion of a capital market product on social media platforms may require a licence from SCM in certain circumstances, for example, if the individual is sharing the information has an expectation of commissions or other rewards.
SCM also warns finfluencers that engaging in unlicensed regulated activities is an offence which is punishable under the Capital Markets and Services Act 2007 (CMSA). Any person found guilty may be liable to a fine not exceeding RM10 million and/or imprisonment not exceeding ten years. [18 Jul 2024] #Finfluencers
BNM: 29th EMEAP
Bank Negara Malaysia (BNM) has published a summary of the 29th Executives' Meeting of East Asia-Pacific (EMEAP) central banks. Among other things, discussions covered initiatives and challenges associated with facilitating local currency settlement for trade and investment, including the impact of cross-border payment innovation in supporting local currency settlement and managing FX liquidity risks. [16 Jul 2024] #Payments #FX
Thailand
BOT: 29th EMEAP
The Bank of Thailand (BOT) has published a summary of the 29th Executives' Meeting of East Asia-Pacific (EMEAP) central banks. Among other things, discussions covered initiatives and challenges associated with facilitating local currency settlement for trade and investment, including the impact of cross-border payment innovation in supporting local currency settlement and managing FX liquidity risks. [16 Jul 2024] #Payments #FX
SECT consults on amendment to rules prohibiting use of digital assets as a means of payment
The Securities and Exchange Commission Thailand (SECT) has published a consultation on a proposed amendment to the rules prohibiting the use of digital assets as a means of payment for products or services to include all current types of digital asset business operators. The consultation additionally seeks views on a proposed amendment to allow digital asset business operators under the SECT’s supervision, to participate in the Programmable Payment Sandbox (PPS) created by the BOT to promote the development of digital financial innovation.
Responses are requested by 29 July 2024. [16 Jul 2024] #DigitalAssets #Payments
BOT joins Point Zero Forum seminar – Interlinking fast payment systems (Project Nexus)
The BOT has announced that the Assistant Governor, Payment System Supervision and Financial Consumer Protection Division, joined a seminar on interlinking fast payment systems alongside representatives from the central banks of the Philippines, India, Singapore and Malaysia – the first countries to join Project Nexus at the Point Zero Forum in Zurich. [15 Jul 2024] #Payments
Philippines
BSP: 29th EMEAP
The BSP has published a summary of the 29th Executives' Meeting of East Asia-Pacific (EMEAP) central banks. Among other things, discussions covered initiatives and challenges associated with facilitating local currency settlement for trade and investment, including the impact of cross-border payment innovation in supporting local currency settlement and managing FX liquidity risks. [16 Jul 2024] #Payments #FX
US
Treasury and FSCCC publish new resources on effective practices for secure cloud adoption
The Treasury and the Financial Services Sector Coordinating Council (FSSCC) have published a suite of resources for financial services institutions on effective practices for their secure cloud adoption journey. These deliverables are the result of a year-long public-private partnership of the Financial and Banking Information Infrastructure Committee (FBIIC) and the FSSCC. The documents are part of the initiative which aims to address the gaps identified in Treasury’s report on the financial sector's adoption of cloud services published in 2023.
The package of resources includes:
- The Cloud Lexicon which provides standardized language for negotiating contract terms, establishing security schema, and adhering to regulatory standards.
- The Financial Sector Cloud Outsourcing Issues and Considerations document which identifies a non-exhaustive list of key considerations for developing contractual provisions between financial institutions and CSPs to address risks, regulatory and supervisory compliance expectations when using cloud services.
- The Cloud Profile 2.0 which is intended to serve as a cloud security implementation plan for financial institutions of all sizes and functions.
- The Transparency and Monitoring for Better “Secure-by-Design” document which is comprised of two outputs for financial institutions with workloads running in CSP environments. The first is a service inter-dependency and resilience model that outlines best practices. The second proposes packaged cloud configurations that provide baseline security outcomes, enabling financial institutions to simplify the secure deployment of cloud infrastructure. [17 Jul 2024] #Cloud #Cyber #Outsourcing
Agencies Issue final rule to help ensure credibility and integrity of automated valuation models
Six federal regulatory agencies have issued a final rule, pursuant to the Dodd-Frank Act. The rule is designed to help ensure the credibility and integrity of models used in valuations for certain mortgages secured by a consumer’s principal dwelling. In particular, the rule will implement quality control standards for automated valuation models (AVMs) used by mortgage originators and secondary market issuers in valuing those homes.
Under the final rule, the agencies will require institutions that engage in certain transactions secured by a consumer’s principal dwelling to adopt policies, practices, procedures, and control systems designed to:
- ensure a high level of confidence in estimates;
- protect against data manipulation;
- seek to avoid conflicts of interest;
- require random sample testing and reviews; and
- comply with nondiscrimination laws.
The final rule will become effective on the first day of the calendar quarter following 12 months after publication in the Federal Register.
The six federal agencies are: the CFPB; the Federal Deposit Insurance Corporation (FDIC); the Federal Housing Finance Agency (FHFA); the Federal Reserve (Fed); the National Credit Union Administration (NCUA); and the Office of the Comptroller of the Currency (OCC). [17 Jul 2024] #AVM
NY DFS adopts insurance guidance to combat discrimination in AI
The New York Department of Financial Services (NY DFS) has announced the adoption of insurance guidance to combat discrimination in artificial intelligence (AI). The agency notes that the use of external consumer data and information sources (ECDIS) and AI systems (AIS) can benefit insurers and consumers by simplifying and expediting insurance underwriting and pricing processes, however, it is critical that insurers who utilize such technologies establish proper governance and risk management frameworks to mitigate the potential harm to consumers.
The new guidance outlines NY DFS’s expectations for how all insurers authorized to write insurance in New York State develop and manage the integration of ECDIS, AIS, and other predictive models.
Pursuant to DFS’s guidance, insurers are expected to:
- analyze ECDIS and AIS for unfair and unlawful discrimination, as defined in state and federal laws;
- demonstrate the actuarial validity of ECDIS and AIS;
- maintain a corporate governance framework that provides appropriate oversight of the insurer’s overall outcome of the use of ECDIS and AIS; and
- maintain appropriate transparency, risk management, and internal controls, including over third-party vendors and consumer disclosures.
DFS has finalized the guidance with careful consideration of the valuable feedback received from regulated entities and other key stakeholders, including trade associations, advisory firms, universities, and the broader public. [11 Jul 2024] #AI #Discrimination
Rashid Ahmed
FSR & CCI Professional Support Paralegal, London
Vasuki Balasubramaniam
FSR & CCI Professional Support Paralegal, London
Disclaimer
The articles published on this website, current at the dates of publication set out above, are for reference purposes only. They do not constitute legal advice and should not be relied upon as such. Specific legal advice about your specific circumstances should always be sought separately before taking any action.