Follow us

In this regular post, we round-up FinTech-related financial services regulatory developments for the week ending 31 May 2024.

ICYMI


Global

BIS: Bulletin on correspondent banking

The Bank for International Settlements (BIS) has published a bulletin on next generation correspondent banking. The key takeaways from the bulletin include:

  • Existing correspondent banking processes have struggled to adapt to new regulatory and supervisory requirements, posing questions on the future of the correspondent banking model.
  • The tokenisation of correspondent banking, as embodied in Project Agorá, could unlock streamlined pre-screening and atomic settlement, and pave the way for superior customer verification and AML procedures.
  • Tokenisation could substantially reduce duplication and improve coordination, thereby revitalising cross-border payments through a robust network of correspondents and corridors. [30 May 2024]

#Tokenisation #Payments


UK

FCA: Operational resilience – insights and observations for firms

The FCA has published its observations and insights on the preparations firms have made towards complying with Policy Statement 21/3: Building operational resilience (PS21/3) which sets out the final rules and guidance on operational resilience. PS21/3, issued in March 2021, provides that firms must be able to remain within their impact tolerances as soon as reasonably practicable and by no later than 31 March 2025.

Firms are asked to review their approach in light of the FCA's observations across key areas of the policy:

  • identifying and regularly reviewing their important business services;
  • setting and regularly reviewing impact tolerances for each of the important business services;
  • identifying and documenting the people, processes, technology, facilities and information necessary to deliver each of the important business services, including third parties;
  • developing and keeping up to date scenario testing plans that detail how the firm can remain within impact tolerances for each of its important business services; and
  • identifying any vulnerabilities which may cause a firm to not remain within impact tolerance for severe but plausible scenarios. [28 May 2024]

#OpRes


Europe

ESMA: Final report on conflicts of interest for CASPs under MiCAR

The European Securities and Markets Authority (ESMA) has published the final report with the draft regulatory technical Standards (RTS) specifying certain requirements in relation to conflicts of interest for cryptoasset service providers (CASPs) under the Markets in Cryptoassets Regulation (MiCAR).

The draft RTS clarify elements in relation to vertical integration of CASPs and further align with the draft European Banking Authority (EBA) rules applicable to issuers of asset-referenced tokens (ARTs).

The draft RTS also contain updates on requirements for the policies and procedures for the identification, prevention, management, and disclosure of conflicts of interest, considering the scale, the nature and the range of cryptoasset services provided, as well as details and methodology for the content of the disclosures of conflicts of interest.

The final report has been sent to the European Commission (EC) and ESMA will provide further advice and technical guidance in this area if requested by the EC. [31 May 2024]

#MiCAR #Cryptoasset

ESAs publish templates and tools to support DORA implementation

The European Supervisory Authorities (EBA, EIOPA and ESMA – the ESAs) have published templates and tools for a voluntary dry run exercise to support Digital Operational Resilience Act (DORA) implementation. The materials include:

  • templates for the registers of information with example (in Excel);
  • draft technical package for reporting, including data point model (DPM),annotated table layout and validation rules;
  • optional tool to assist with the conversion of Excel templates for their submission; and
  • frequently asked questions regarding the exercise.

Financial entities can use these materials and tools to prepare and report their registers of information of contractual arrangements on the use of information communication technology (ICT) third-party service providers in the context of the dry run exercise, and to understand supervisory expectations for the reporting of such registers from 2025 onwards. [31 May 2024]

#DORA #OpRes

ESMA issues statement with initial AI guidance

The European Securities and Markets Authority (ESMA) has issued a statement providing initial guidance to firms using artificial intelligence (AI) technologies when they provide investment services to retail clients.

When using AI, ESMA expects firms to comply with relevant Markets in Financial Instruments Directive II (MiFID II) requirements, particularly when it comes to organisational aspects, conduct of business, and their regulatory obligation to act in the best interest of the client. Potential uses of AI by investment firms which would be covered by requirements under MiFID II include customer support, fraud detection, risk management, compliance, and support to firms in the provision of investment advice and portfolio management. [30 May 2024]

#AI

Council: Basel III reforms – new EU rules to increase banks’ resilience to economic shocks

The Council of the EU has announced that it has adopted new rules aimed at making banks operating in the EU more resilient to possible economic shocks.

The new rules update the Capital Requirements Regulation (CRR) and the Capital Requirements Directive (CRD) that translate the Basel III standards into EU legislation. 

The reforms’ main feature is the introduction of an 'output floor' that limits the risk of excessive reductions in banks’ capital requirements and, makes those requirements more comparable. The output floor sets a lower limit on the capital requirements that are determined in accordance with banks’ internal models to 72.5% of the capital requirements that would apply if they used standardised measurements.

The new rules also harmonise minimum requirements applicable to the authorisation of branches of third-country banks and the supervision of their activities in the EU. Additionally, they set a transitional prudential regime for cryptoassets and introduce amendments to enhance banks' management of Environmental, Social and Governance (ESG) risks.

This is the last step of the adoption procedure. The amended CRR and CRD will now be published in the EU’s Official Journal (OJ) and enter into force 20 days later. Member States will have 18 months to transpose the amended CRD into national legislation. The amended CRR will apply from 1 January 2025. [30 May 2024]

#Cryptoasset

Council adopts package of new AML rules

The Council has announced that it has adopted a package of new anti-money-laundering (AML) rules. The package includes:

  • The set-up of the Authority for Anti-Money Laundering and Countering the Financing of Terrorism (AMLA), which will start operations in mid-2025.
  • A regulation that harmonises AML rules for the first time throughout the EU. This extends the AML rules to new obliged entities, such as most of the crypto-sector, traders of luxury goods and football clubs and agents. The regulation also sets tighter due diligence requirements, regulates beneficial ownership and sets a limit of € 10.000 to cash payments, among other things.
  • A directive that will improve the organisation of national anti-money laundering systems by setting out clear rules on how financial intelligence units (FIUs - the national bodies which collect information on suspicious or unusual financial activity in member states) and supervisors work together.

This is the final step of the adoption procedure. The texts will now be published in the EU's OJ and enter into force. Member States will have two years to transpose some parts of the AML directive and three years for others. [30 May 2024]

#Cryptoasset #AML

OJ: Delegated regulations on ICT third-party service providers in respect of DORA

The following delegated regulations, supplementing the Information and Communication Technologies (ICT) oversight regulation in respect of the Digital Operational Resilience Act (DORA), have been added to the OJ. 

These regulations enter into force on the twentieth day following publication in the OJ. [30 May 2024]

#DORA #OpRes

OJ: Delegated regulations in respect of MiCAR

The following delegated regulations, supplementing the Markets in Cryptoassets Regulation (MiCAR), have been added to the OJ:

These Regulations shall enter into force on the twentieth day following publication in the OJ. [30 May 2024]

#MiCAR #Cryptoasset #ARTs

ESMA publishes new Q&As – MiFIR, EMIR, MiCAR, UCITS

ESMA has published new questions and answers (Q&As) in relation to the following EU legislation:

  • Alternative Investment Fund Managers Directive (AIFMD) – the questions relate to performance fees;
  • European crowdfunding service providers for business (ECSPR) – the questions relate to default rate disclosure, risk management framework and prudential requirements;
  • European Market Infrastructure Regulation (EMIR) – the questions relate to the reporting of accumulator contracts and the reporting of price field at position level;
  • Markets in Crypto-Assets Regulation (MiCAR) – the question relates to the publication of information by crypto-asset service providers (CASPs) providing the service of exchange of crypto-assets for funds or other crypto-assets;
  • Markets in Financial Instruments Regulation (MiFIR) – the question relates to the reporting of accumulator contracts; and
  • Undertakings for Collective Investment in Transferable Securities Directive (UCITS) – the questions relate to performance fees. [28 May 2024]

#MiCAR #Cryptoasset #CASPs


Hong Kong

SFC reminder on end of non-contravention period for VATPs on 1 June 2024

The SFC has issued a reminder regarding the non-contravention period for virtual asset trading platforms (VATPs) operating in Hong Kong under the Anti-Money Laundering and Counter-Terrorist Financing Ordinance (AMLO) (see our previous update), which will come to an end on 1 June 2024.

All VATPs operating in Hong Kong must be either licensed by the SFC, or 'deemed-to-be-licensed' VATP applicants under the AMLO.  The SFC reminds investors:

  • That deemed-to-be-licensed VATP applicants are not formally licensed by the SFC.  While such applicants have undertaken to enhance their policies, procedures, systems and controls to comply with the SFC’s regulatory requirements, they still need to demonstrate the actual implementation and effectiveness of these measures to the SFC’s satisfaction.

The SFC also reminds the industry regarding the following:

  • Deemed-to-be-licensed VATP applicants (and their ultimate owners) must fully comply with the SFC’s regulatory requirements and licensing conditions. The SFC does not expect them to actively market their services or onboard new retail clients prior to demonstrating the actual implementation and effectiveness of their policies, procedures, systems and controls to the satisfaction of the SFC and being formally licensed.
  • While the deemed-to-be-licensed VATP applicants pursue their applications in the coming months, the SFC will conduct on-site inspections to ascertain their compliance with the regulatory requirements, with a particular focus on their safeguarding of client assets and know-your-client processes.  If the SFC observes any non-compliance with key regulatory requirements for investor protection from the inspections, it will refuse the licence applications in question and take other regulatory actions as appropriate.
  • VATPs and their ultimate owners must comply with all applicable laws and regulations, including but without limitation, preventing Mainland Chinese residents from accessing any of their VA-related services, and to take all necessary measures to procure the VATPs’ controlling entities and related parties to do the same.  [28 May 2024]

#VirtualAsset #VATPs

HKMA delegation visits Malaysia to strengthen bilateral financial collaboration

As part of the HKMA’s ongoing efforts to expand its global network, the HKMA delegation, led by Chief Executive, Mr Eddie Yue, concluded a three-day visit to Kuala Lumpur, Malaysia to strengthen financial collaboration between Hong Kong and Malaysia.

  • The delegation held a bilateral meeting with the Bank Negara Malaysia (BNM), focusing on strategic areas including digital finance and fintech, green and sustainable finance, payment systems, use of local currencies for cross-border trade, and Islamic finance.
  • Representatives from the HKMA and the BNM joined the Malaysia Business Forum, organised by the Hong Kong Association of Banks, to discuss and exchange views on financial cooperation and topics of mutual interest between Malaysia and Hong Kong.
  • The delegation also met with key business and financial leaders in Malaysia to discuss new opportunities arising from the strengthening economic and financial ties between Malaysia and Hong Kong.

The HKMA plans to continue its engagement with the Middle East and other Association of Southeast Asian Nations (ASEAN) countries to maintain and further strengthen Hong Kong’s status as an international financial centre.  [27 May 2024]

#Fintech #DigitalFinance


Singapore

MAS sets out expectations on data governance and management practices

MAS has published an information paper which sets out MAS' supervisory expectations in relation to firms' data governance and management practices. The paper also includes good practices that banks and finance companies are encouraged to work towards.  [30 May 2024]

#DataGovernance


India

RBI finalises framework for fintech sector self-regulation

The Reserve Bank of India (RBI) has announced that it has finalised its framework for recognising self-regulatory organisations for the fintech sector. The RBI intends to initiate the process of recognising self-regulatory organisations. Accordingly, entities meeting or intending to meet the eligibility conditions and requirements of the framework may submit an application.  [30 May 2024]

#Fintech

RBI launches three initiatives

The RBI has announced the launch of three new initiatives:

  • the PRAVAAH (Platform for Regulatory Application, VAlidation and AutHorisation) portal to facilitate online applications by an individual or entity for various regulatory approvals;
  • the Retail Direct Mobile App which will provide retail investors access to the retail direct platform and provide ease of transacting in government securities; and
  • the Fintech Repository which will contain information on the Indian fintech sector for a better understanding of the sector from a regulatory perspective and facilitate in designing appropriate policy approaches.  [28 May 2024]

#Fintech


US

NY DFS issues new guidance regarding virtual currency customer service requirements

The New York State Department of Financial Services (DFS) has issued guidance requiring DFS-regulated virtual currency entities (VCEs) to maintain and implement effective policies and procedures to promptly address customer service requests and complaints. The guidance requires VCEs to collect relevant data so that the DFS can assess whether they are resolving customer service requests and complaints in a timely and fair manner.  [30 May 2024]

#VirtualCurrency

Treasury releases first ever NFT illicit finance risk assessment

The Treasury has published its first Non-fungible Token (NFT) Illicit Finance Risk Assessment. The risk assessment explored how illicit actors might exploit vulnerabilities associated with NFTs and NFT platforms for money laundering, terrorist financing, and proliferation financing.

The assessment found that NFTs are highly susceptible to use in fraud and scams, and are also subject to theft. It determined that illicit actors could use NFTs to launder proceeds from predicate crimes, often in combination with other methods to obscure an illicit source. There was little evidence found of misuse of NFTs by terrorists or proliferators, in contrast to fraudsters, to date.

The assessment further observed that inadequate cybersecurity protections, challenges related to copyright and trademark protections, and the hype and fluctuating pricing of NFTs can enable criminals to perpetrate fraud and theft related to NFTs and NFT platforms.  Moreover, some NFT firms and platforms lack appropriate controls to mitigate risks to market integrity and to combat money laundering and terrorist financing, and sanctions evasion.

The assessment recommends U.S. government actions including:

  • raising awareness within industry of existing obligations;
  • continuing to enforce existing laws and regulations related to NFTs and NFT platforms; and
  • considering further application of regulations to NFTs and NFT platforms.  [29 May 2024]

#NFTs #AML/CFT

CFTC Enforcement Director highlights trends in crypto enforcement

The CFTC has published the remarks of Enforcement Director Ian McGinley at the City Bar White Collar Institute on trends in the CFTC’s crypto-related enforcement actions.  Mr McGinley set out  three topics relating to digital assets beyond fraud and manipulation cases which, in his perspective, have been a focus in recent cases. These areas are: evasion; third-party intermediaries; and compliance with the full range of regulatory requirements.  [23 May 2024]

#DigitalAsset #Crypto

Key contacts

Cat Dankos photo

Cat Dankos

Regulatory Consultant, London

Cat Dankos
Rashid Ahmed photo

Rashid Ahmed

FSR & CCI Professional Support Paralegal, London

Vasuki Balasubramaniam photo

Vasuki Balasubramaniam

FSR & CCI Professional Support Paralegal, London

Cat Dankos