Follow us

In this regular post, we round-up FinTech-related financial services regulatory developments for the week ending 21 June 2024.

ICYMI


Global

FSB Plenary meeting in Toronto - crypto

The Financial Stability Board (FSB) has published a summary of its Plenary meeting in Toronto, which took place on 14 June 2024. The Plenary discussed follow-up work to the lessons learned from the banking sector turmoil and the outlook for global financial stability, as well as the FSB’s deliverables to the July G20 Finance Ministers and Central Bank Governors meeting. One of the key topics was the implementation of the FSB’s global regulatory framework for cryptoasset activities – members discussed recent developments in cryptoasset markets and areas that warrant further attention, such as emerging market and developing economies (EMDEs), in which cryptoassets pose particular challenges for monetary policy and capital flow management. [17 Jun 2024] #Crypto


UK

FCA: Digital engagement practices - a trading apps experiment

The FCA has published the findings of its online experiment on the effect of digital engagement practices (DEPs), including gamification, on trading behaviour. The experiment looked at the effect of four DEPs on trading frequency and investment risk: flashing prices, push notifications, trader leaderboard, and points and prize draw.

Key findings include:

  • push notifications and points and prize draw increased the number of trades made, by 11% and 12% respectively;
  • push notifications and points and prize draw increased the proportion of trades that were in risky investments by 8% and 6% respectively;
  • those with low financial literacy increased their trading by more than those with high financial literacy in the presence of flashing prices and trader leaderboards;
  • women increased their trading frequency by more than men when push notifications and points and prize draw were introduced; and
  • younger participants (18-34) increased their end-of-trading portfolio riskiness by more than older participants (35+) across all DEPs (except flashing prices). [20 Jun 2024] #DEPs #Trading

FCA: Two arrested over suspected illegal cryptoasset business 

The FCA has announced that it has conducted an operation with the Metropolitan Police Service to arrest two individuals suspected of running an illegal £1 billion cryptoasset exchange.

The FCA inspected the offices associated with the suspects and the police seized several digital devices during searches of two residential London properties. Both suspects were interviewed under caution by the FCA and released on bail. The FCA’s investigation into the case is ongoing. [20 Jun 2024] #Crypto


Europe

EBA completes publication of technical standards under MiCAR

The European Banking Authority (EBA) has published the final elements of the package of technical standards and guidelines under the Markets in Cryptoassets Regulation (MiCAR). The standards cover reporting, liquidity stress testing and supervisory colleges. The package completes the delivery of EBA technical standards under MiCAR and comprises:

EC: Newsletter on AI in finance

The European Commission (EC) has published a newsletter on artificial intelligence (AI) in finance. The newsletter examines how the uptake of AI systems impacts finance, looking at the AI Act (expected to enter into force in Summer 2024), opportunities and use cases, and challenges. The newsletter complements the EC's recently-released targeted consultation and workshops (see our previous update). [19 Jun 2024] #AI

EC: Consultation on industry use of AI in finance

The EC has issued a targeted consultation and workshop series to seek input from stakeholders on the use of artificial intelligence (AI) in finance. The consultation covers use cases, benefits, barriers, risks and stakeholder needs.

Registration for the workshops is open until 26 July 2024. Responses to the consultation are requested by 13 September 2024. [18 Jun 2024] #AI


Australia

ASIC appeals Court decision relieving fintech from liability to pay a penalty offering unlicensed crypto-related product

ASIC has lodged its appeal against a decision of the Federal Court to relieve fintech company Web3 Ventures Pty Ltd (trading as Block Earner) from liability to pay a penalty for contraventions relating to unlicensed financial services. ASIC relies on three grounds of appeal in its notice of appeal. ASIC contends, among other matters, that the primary judge (Jackman J) erred in holding that, exercising the power conferred by s 1317S of the Corporations Act, Block Earner should be relieved from liability in all the circumstances. The Full Federal Court will hear the appeal on a date to be determined.  [18 Jun 2024]  #Crypto


Hong Kong

SFC publishes 2023-24 annual report

The SFC has published its 2023-24 annual report, providing an overview of its work in 2023 and initiatives and plans for 2024 and beyond.

Among the SFC's top priorities for the coming three years are:

  • Enhancing Hong Kong's global competitiveness – This includes improving the listing regime and market liquidity, leading international standard-setting efforts, enhancing Connect schemes with the Mainland and expanding connections to new markets, reinforcing Hong Kong's position as an asset and wealth management hub, launching a new integrated platform for retail fund distribution, and building an offshore RMB and risk management hub;
  • Leading market transformations via technology and ESG – This includes increasing industry efficiency via tokenisation, continuously improving the virtual asset regulatory regime, issuing guidance on using generative artificial intelligence (AI) large language models, advancing Hong Kong's leading role in sustainable finance, adopting global sustainability disclosure standards, and supporting the voluntary code for ESG rating and data product providers; and
  • Enhancing the SFC's own resilience and efficiency – This includes prudent financial control, guarding against cyber threats, committing to carbon reduction and neutrality, driving efficiency via cross-divisional process review, establishing a new online platform to process product applications, and deploying AI and other technologies. 

The annual report also provides an overview of its work in the past year in the areas of market development, regulatory enhancements, virtual assets and tokenisation, gatekeeping and supervision, enforcement, sustainability, regulatory engagement, and communications.  [19 Jun 2024] #AI #Cyber #Cryto #Tokenisation

PCPD publishes Artificial Intelligence: Model Personal Data Protection Framework

The Office of the Privacy Commissioner for Personal Data (PCPD) has issued its 'Artificial Intelligence: Model Personal Data Protection Framework' following consultation with various experts and relevant stakeholders, including members of the Standing Committee on Technological Developments of the PCPD, public organisations, the technology industry, universities and AI suppliers.

The PCPD has also published a leaflet setting out the key recommendations extracted from the model framework.

The model framework, based on general business processes, provides a set of recommendations and best practices regarding governance of artificial intelligence (AI) for the protection of personal data privacy for organisations which procure, implement and use any type of AI systems.  The model Framework aims to assist organisations in complying with the requirements under the Personal Data Privacy Ordinance and adhering to the three Data Stewardship Values and seven Ethical Principles for AI advocated in the Guidance on the Ethical Development and Use of Artificial Intelligence published by the PCPD in 2021.

The model framework covers recommended measures to organisations in the following four areas (see Annex 1 of the PCPD press release for a summary of the recommended measures):

  • Establish AI strategy and governance – Formulate the organisation’s AI strategy and governance considerations for procuring AI solutions, establish an AI governance committee (or similar body) and provide employees with training relevant to AI.
  • Conduct risk assessment and human oversight – Conduct comprehensive risk assessments, formulate a risk management system, adopt a 'risk-based' management approach, and, depending on the levels of the risks posed by AI, adopt proportionate risk mitigating measures, including deciding on the level of human oversight.
  • Customisation of AI models and implementation and management of AI systems – Prepare and manage data, including personal data, for customisation and/or use of AI systems, test and validate AI models during the process of customising and implementing AI systems, ensure system security and data security, and manage and continuously monitor AI systems.
  • Communication and engagement with stakeholders – Communicate and engage regularly and effectively with stakeholders, in particular internal staff, AI suppliers, individual customers and regulators, in order to enhance transparency and build trust.  [11 Jun 2024]  #AI #DataProtection

Singapore

MAS: Updated Singapore ML NRA

The Monetary Authority of Singapore (MAS) has announced the publication of an updated Money Laundering (ML) National Risk Assessment (NRA), as part of Singapore’s continuing efforts to maintain the effectiveness of its anti-money laundering (AML) regime amidst the evolving risk landscape. The updated ML NRA synthesises the ML risks observed by the Singapore supervisory and law enforcement agencies, and Singapore’s Financial Intelligence Unit – the Suspicious Transaction Reporting Office (STRO), as well as feedback from private sector entities and counterpart foreign authorities. Among the highlights from the NRA are:

  • Key ML threats stem from fraud, particularly foreign and domestic cyber-enabled fraud, orchestrated by criminal syndicates typically located overseas.
  • Consistent with international typologies, the most common ML typologies include: (i) illicit funds flowing into or through Singapore via bank accounts; (ii) misuse of legal persons to channel illicit funds; and (iii) placement of illicit funds in high value assets.
  • Within the financial sectors, a higher risk sector of note would be the digital payment token (DPT) services providers (or virtual assets service providers). There has been an increase in reported cases involving DPTs and there is a range of ways in which DPTs can be exploited. [20 Jun 2024] #DPT #Crypto #Payments

MAS and NBC announce start of FTC

MAS and the National Bank of Cambodia (NBC) have announced the start of the Financial Transparency Corridor (FTC) initiative. The FTC is a consent-based digital infrastructure and network between financial institutions (FIs) in Singapore and Cambodia, which aims to catalyse increased trade and cross-border related financial services between small and medium-sized enterprises (SMEs). The first batch of FIs have been onboarded; information sharing and financing via the FTC have been initiated.  [18 Jun 2024] #FTC #DigitalInfrastructure


Thailand

SECT consults on draft revisions to IT Regulation and Guideline

The Securities and Exchange Commission Thailand (SECT) has issued a consultation on draft revisions to the 'Rules on Establishment of Information Technology Systems' (IT Regulation and Guideline) to align the requirements with the risk profiles of different groups of business operators. The draft revisions aim to accommodate changes in technology, cyber threats, and international standards. Responses are requested by 15 July 2024. [17 Jun 2024] #IT


India

IFSCA issues RFP for new SupTech system

The International Financial Services Centre Authority (IFSCA) has issued a request for proposal (RFP) in respect of a new state-of-the-art Supervisory Technology (SupTech) system, envisaged to cover administrative, compliance, supervision, and enforcement framework for its regulated entities. IFSCA intends to select an IT Solution Provider (SP) to design, develop, implement, operate, and maintain the system. Proposals must be submitted by 18 July 2024. [19 Jun 2024] #SupTech

RBI: Regulatory Sandbox – fourth cohort on prevention and mitigation of financial frauds

The RBI has announced that, in the fourth cohort of the regulatory sandbox themed ‘Prevention and Mitigation of Financial Frauds’, six entities tested products. Three products were found viable within the boundary conditions defined in the sandbox and may be considered for adoption by regulated entities, subject to compliance with applicable regulatory requirements.  [18 Jun 2024] #Sandbox


Philippines

BSP: Tech forum for rural banks

The Bangko Sentral ng Pilipinas (BSP) has summarised its Rural Bank Strengthening Program (RBSP) technology and innovation forum, held at the BSP Head Office on 31 May 2024. The aim of the forum was to understand the opportunities and challenges as rural banks embrace technology and innovation. Two panel sessions discussed the potential of satellite technology and cloud computing in boosting rural banks’ operations and growth. Additionally, the BSP announced that it would continue to roll out programs such as the RBSP Technical Assistance program and various prudential reliefs, as well as instituting key regulatory initiatives geared towards driving digital transformation in the financial industry, while managing associated risk. [20 Jun 2024] #TechForum #Cloud #Satellit


Vietnam

SBV Deputy Governor discusses safety and security of non-cash payment transactions

The State Bank of Vietnam (SBV) has published comments by Deputy Governor Pham Tien Dzung, delivered at a conference on enhancing the security and safety for non-cash payment transactions, an event that took place alongside Vietnam's 'Cashless Day 2024'. The Deputy Governor emphasised that a crucial principle for banks is not disturbing customers’ experience, while still ensuring the legitimate rights and interests of service users. Summarising the key presentations at the conference, the Deputy Governor also noted the importance of the prompt detection of risks, sharing of information on fraud with relevant parties, applying credit ratings to prevent fraud, and the requirement for authentication by biometrics for transactions valued at over VND 10 million, in compliance with Decision 2345.  [18 Jun 2024] #Payments


US

OCC approves final rule on automated valuation models

The OCC has approved a final rule to implement quality control standards for automated valuation models used by mortgage originators and secondary market issuers in valuing residential real estate collateral securing mortgage loans.  [20 Jun 2024] #Automation

SEC charges service provider with cybersecurity-related controls violations

The Securities and Exchange Commission (SEC) has announced that a global provider of business communication and marketing services has agreed to pay over $2.1m to settle disclosure and internal control failure charges relating to cybersecurity incidents and alerts in late 2021.

According to the SEC’s order, data integrity and confidentiality were critically important to the service provider’s business. However, the service provider failed to design effective disclosure controls and procedures to report relevant cybersecurity information to management with the responsibility for making disclosure decisions, and failed to carefully assess and respond to alerts of unusual activity in a timely manner. The SEC further found that the service provider had failed to devise and maintain a system of cybersecurity-related internal accounting controls sufficient to provide reasonable assurances that access to its assets – its information technology systems and networks – was permitted only with management’s authorization.

The SEC’s order found that the service provider violated Section 13(b)(2)(B) of the Securities Exchange Act of 1934 and Exchange Act Rule 13a-15a. Without admitting or denying the SEC’s findings, the service provider agreed to cease and desist from committing violations of these provisions and to pay a $2,125,000 civil penalty. [18 Jun 2024] #Cybersecurity

OCC issues semiannual risk perspectives report

The OCC has published its report: Semiannual Risk Perspective for Spring 2024. The OCC found that the overall condition of the federal banking system remains sound, but the maturing economic cycle may cause consumer headwinds.  The OCC highlighted credit, market, operational, and compliance risks as the key risk themes in the report. Among the key observations was the operational risk is elevated in an increasingly complex operating environment. Cyber threats continue as malicious actors target the financial services industry and their key service providers with ransomware and other attacks. #Cyber

Key contacts

Cat Dankos photo

Cat Dankos

Regulatory Consultant, London

Cat Dankos
Rashid Ahmed photo

Rashid Ahmed

FSR & CCI Professional Support Paralegal, London

Vasuki Balasubramaniam photo

Vasuki Balasubramaniam

FSR & CCI Professional Support Paralegal, London

Cat Dankos