FinTech Global FS Regulatory Round-up - w/e 23 August 2024

ICYMI

• Malaysia introduces a new Cyber Security Act

---

Global

BIS Innovation Hub: Project Keystone – data analytics for ISO 20022

The Bank for International Settlements (BIS) Innovation Hub has announced Project Keystone, an initiative in cooperation with the Bank of England (BoE) that will explore how technology can enhance the analytical use of ISO 20022 data.

Two modules will be developed as part of the project. The first will address the complexities of handling the ISO 20022 data structure and the associated data storage requirements, and the second will provide analysis based on the data. Keystone is intended to become an off-the-shelf component that payment system operators can integrate into their own systems. [20 Aug 2024]  #Payments 

---

Australia

ASIC successful in design and distribution obligations proceeding against cryptocurrency exchange operator

The Australian Securities and Investments Commission (ASIC) has announced that the Federal Court of Australia found that Bit Trade Pty Ltd (Bit Trade), operator of the Kraken cryptocurrency exchange in Australia, failed to meet design and distribution obligations (DDO) in offering its margin trading product without a target market determination. DDOs require firms to design financial products that meet consumer needs, and to distribute such products in a targeted manner, including through the development of a target market determination (TMD).

ASIC alleged that such a TMD had not been developed for Bit Trade’s 'margin extension' product, which allowed for margin extensions to be made and repaid in either digital assets or national currencies. In his judgment, Justice Nicholas found that the product was a credit facility by reason of its national currency limb, and that a contravention of DDO obligations had occurred. In a statement, ASIC emphasised the importance of regulatory compliance for cryptocurrency products. A spokesperson for Kraken expressed disappointment but said the exchange was prepared and willing to comply with the decision. The court will determine penalty on a date to be set.  [23 Aug 2024]  #Crypto

Online investment trading scams top ASIC’s website takedown action

ASIC has marked its first year of investment scam disruption by announcing the takedown of over 7,300 scam websites, including fake investment platforms, phishing scams, and cryptocurrency investment scams. Takedowns included 5,530 fake investment platform scams, 1,065 phishing scam hyperlinks, and 615 cryptocurrency investment scams.

Investment scams remain the leading type of scam in Australia, and caused $1.3 billion in losses in 2023. ASIC said that the scams landscape is 'rapidly evolving' and that it is working closely with the National Anti-Scam Centre to share data, conduct surveillance, and implement disruption actions.  [19 Aug 2024]  #Crypto #Phishing #Scams

---

Hong Kong

SFC publishes quarterly report for April to June 2024

The SFC has published its quarterly report summarising its work and key developments from April to June 2024. The highlights covered by the report include (among others):

Maintaining market resilience and mitigating harm

• The SFC alerted investors on suspicious virtual asset (VA) related activities and suspicious investment products.  It also promoted anti-scam messages via educational campaigns and the Anti-Scam Consumer Protection Charter 2.0.

• In addition to 65 on-site inspections, the SFC disciplined five individuals and secured the conviction of three individuals involved in a highly sophisticated market manipulation scheme following a landmark High Court jury trial.

• The SFC continued its on-site inspection of the project management and operation controls of the HKEX Connect schemes.

Transforming markets via technology and ESG

• The SFC authorised Asia's first batch of VA spot exchange-traded funds (ETFs) comprising three pairs of Bitcoin and Ether spot ETFs.

• The SFC refined its VA regulatory regime by enabling retail investors to access VA dealing and advisory services provided by SFC-regulated intermediaries.  It set out requirements for intermediaries involved in distributing investment products with exposure to VAs, and provided guidance prior to the end of the non-contravention period (1 June 2024) for VA trading platforms operating in Hong Kong under the new licensing regime.

• The SFC also approved HKEX's new requirements relating to sustainability disclosure standards taking effect (in phases) from January 2025, and welcomed the publication of a draft voluntary code of conduct for ESG data providers.

Enhancing SFC's resilience and efficiency

• The SFC expanded the digital submission capability on the WINGS platform for VA trading platform operators' filing requirements and prepared for the July 2024 launch of e-IP, a one-stop online application and submission platform for investment products.  [22 Aug 2024]  #VirtualAsset #Bitcoin

SFC warns public of suspected virtual asset-related fraud and impersonation

The SFC has warned the public of a suspicious access link through which investors can gain access to a mobile application under the name of 'ICE Global Professional Station'.

'ICE Global Professional Station' purports to be a digital asset trading platform, and appears to impersonate Intercontinental Exchange, Inc., a multinational financial services corporation, by using a similar name and logo.  An investor has reported difficulty in withdrawing funds after making deposits for investments in cryptocurrency products and ICE Global Professional Station is suspected to be involved in virtual asset-related fraud.

The SFC has posted the suspicious access link on the SFC’s Suspicious Virtual Asset Trading Platforms Alert List.  [21 Aug 2024]  #VirtualAsset #Crypto

HKMA issues guiding principles on consumer protection in respect of use of GenAI

The HKMA has issued a circular to authorised institutions (AIs) to provide guiding principles on the use of generative artificial intelligence (GenAI) in customer-facing applications, from a consumer protection perspective. 

On 5 November 2019, the HKMA issued guiding principles in respect of the use of big data analytics and artificial intelligence (AI) by AIs (see our previous update), focusing on four key aspects: (1) governance and accountability, (2) fairness, (3) transparency and disclosure, and (4) data privacy and protection (see summary of the principles in Annex 1 to the present circular).  The use of big data analytics and AI has continued to increase, as seen by a recent survey conducted by the HKMA (see summary of the survey results in Annex 2 to the present circular).

The HKMA has noted an increasing interest by the banking sector in adopting GenAI in their operations.  Although the adoption is still at an early stage (with most of the current applications focusing on improving banks’ operational efficiency, such as internal chatbots and coding), the ability of GenAI in content-creation means that it could be more extensively adopted in customer-facing activities.  The HKMA expects AIs to apply and extend the 2019 guiding principles to the use of GenAI and continue to adopt a risk-based approach commensurate with the risks involved.  However, given that GenAI uses complex models, potential risks such as lack of explainability and hallucination could cause even more significant impact on customers.  The HKMA has therefore set out additional principles under each of the four aspects to ensure that appropriate safeguards for consumer protection are in place when GenAI is adopted for customer-facing applications:

• Governance and accountability – The board and senior management of AIs should remain accountable for all GenAI-driven decisions and processes, and have thoroughly considered the potential impact of GenAI applications on customers through an appropriate committee.

• Fairness – AIs should ensure that GenAI models produce objective, consistent, ethical and fair outcomes to customers.

• Transparency and disclosure – AIs should provide an appropriate level of transparency to customers regarding their GenAI applications through proper, accurate and understandable disclosure.

• Data privacy and protection – AIs should implement effective protection measures to safeguard customer data.

The HKMA encourages AIs to explore the use of big data and AI (particularly GenAI) in enhancing consumer protection.  [19 Aug 2024] #GenAI #AI

---

Indonesia

Bappebti Regulation No. 8 of 2024: Amendment to guidelines for the implementation of crypto asset physical/spot market in futures exchanges

The Indonesian Futures Commodity Trading Supervisory Agency (Bappebti) has issued the second amendment to Bappebti Regulation No. 8 of 2021 on Guidelines for the Implementation of Crypto Asset Physical/Spot Market in Futures Exchanges (Bappebti Regulation 8/2021, in Indonesian language) following the first amendment under Bappebti Regulation No. 13 of 2022. The newly issued Bappebti Regulation No. 8 of 2024 requires existing prospective crypto assets physical/spot traders which already obtain registration evidence as prospective crypto assets physical/spot traders to: (i) submit applications for approval as crypto assets physical/spot traders to Bappebti within 1 month since the futures exchange and futures clearing institution obtains approval from Bappebti; and (ii) fulfil the requirements and obtain approval as crypto assets physical/spot traders from Bappebti by no later than 16 October 2024.

Failure to comply with the requirement within the required timeline, will make the registration evidence of such prospective crypto assets physical/spot traders invalid. This amendment is effective from 15 August 2024.  [24 Aug 2024]  #Crypto

---

Malaysia

BNM and partners launch National Fraud Portal to tackle scams

Bank Negara Malaysia (BNM), Payments Network Malaysia Sdn. Bhd. and financial institutions (FIs) have launched the National Fraud Portal (NFP) as an integrated platform to strengthen the operational capabilities of the National Scam Response Centre (NSRC).

The NFP automates the end-to-end process of handling scam reports and tracing of stolen funds by the NSRC. The integrated platform allows:

• automated fund tracing and recovery – FIs can swiftly track stolen funds across the entire financial system through automated tracing, preventing further transfers and increasing the prospect of fund recovery;
• effective industry-wide information sharing and collaboration; and
• data-driven mule assessments – NFP is supported by credible data on mule accounts that will facilitate better identification, assessment and monitoring of mules.  [20 Aug 2024]  #Scams

SCM: Guidelines on Technology Risk Management come into force

The Securities Commission Malaysia (SCM) has issued a statement that its revised Guidelines on Technology Risk Management come into effect from 19 August 2024. The Guidelines supersede the Guidelines on Management of Cyber Risk.

The revised Guidelines emphasise the significance of strengthening operational reliability, security and resilience against technology disruptions. The Guidelines also set out the SCM’s expectations on risk management practices to be adopted by industry. [19 Aug 2024]  #CyberRisk #OpRes

---

India

SEBI: Cybersecurity and cyber resilience framework for SEBI REs

SEBI has issued the cybersecurity and cyber resilience framework for its regulated entities (REs). The framework aims to provide standards and guidelines for strengthening cyber resilience and maintaining robust cybersecurity of REs. It will supersede existing SEBI cybersecurity circulars and guidelines.

The new standards and controls will apply from:

• 1 January 2025 for six categories of REs where a cybersecurity and cyber resilience circular already exists; and
• 1 April 2025 for other REs where a cybersecurity and cyber resilience framework is being issued for the first time.  [20 Aug 2024]  #Cybersecurity