FinTech Global FS Regulatory Round-up - w/e 13 September 2024

ICYMI

• Hong Kong proposes new cybersecurity law to enhance protection of critical infrastructure

---

UK

FCA panel publishes report on non-traditional payment mechanisms and BBAs

The Financial Services Consumer Panel (FSCP) has published a report which summarises the key findings of a consumer survey to explore understanding and use of non-traditional payment mechanisms and basic bank accounts (BBAs).

The research finds that traditional payment mechanisms are the most widely used, with debit cards, cash and credit cards dominant. The main barriers to using non-traditional payment methods are lack of knowledge and of trust in the provider or the technology. BBAs were held by about 13% of survey respondents and were well regarded by those who have them, with most saying the account is valuable and meets their needs.

In light of this research, the FSCP calls on the FCA to take action to ensure firms improve visibility, and promote benefits, of BBAs. It also recommends that the FCA takes steps to increase consumer understanding of risks, costs and protections related to non-traditional payment mechanisms to protect consumers from harm.  [13 Sep 2024] #Payments

HMT: Joint statement with US Treasury on 10^th FRWG meeting

HM Treasury (HMT) and the US Treasury have published a joint statement on the 10th official meeting of the UK-US Financial Regulatory Working Group (FRWG) which took place on 3 September 2024.

The meeting emphasised close, ongoing UK and US cooperation in a number of areas and focused on several key themes, including digital finance and operational resilience, including approaches to AI. The FRWG will next meet in May 2025. [11 Sep 2024] #DigitalFinance #OpRes #AI

Written Statement on the Law Commission’s report on digital assets

Heidi Alexander MP, Minister of State for Justice, has set out in a written statement to the House of Commons, HMG's intention to take forward the Property (Digital Assets etc) Bill via the Law Commission’s special procedure. This recommendation was made in the Digital Assets: Final Report published by the Law Commission in June 2023. The Bill will confirm in statute the common law position that certain digital assets can constitute property.

The statement also confirms HMG's acceptance of the second recommendation by the Law Commission to set up an expert group on control of digital assets. Further, HMT is reviewing the recommendations to make statutory amendments to the Financial Collateral Arrangements Regulations and to set up a multi-disciplinary project to formulate a statutory framework for the entering into, operation and enforcement of certain crypto-token and cryptoasset collateral arrangements. HMT will provide an update on this in due course. [11 Sep 2024] #DigitalAssets

FCA charges first individual with running a network of illegal crypto ATMs

The FCA has announced that it has brought its first charge against an individual for unlawfully running multiple crypto automated teller machines (ATMs) without FCA registration. Crypto ATMs are machines that allow customers to  buy or convert money into cryptoassets. The individual is accused of running crypto ATMs, which processed £2.6m in crypto transactions across multiple locations between 29 December 2021 and 8 September 2023 without the required registration.

The charges mark the FCA's first criminal prosecution relating to unregistered cryptoasset activity under the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (MLRs). These are the first charges brought against a person accused of running a network of this type in the UK; Kent Police charged an individual for running a single crypto ATM without FCA permission in late August of this year.

The charges follow the FCA’s recent operation targeting crypto ATMs. In 2023, the FCA visited and inspected 34 locations across the UK suspected of hosting crypto ATMs. These site inspections were done in collaboration with law enforcement agencies such as the South West Regional Organised Crime Unit, Bedfordshire Police, Hertfordshire Police, and the Metropolitan Police. This resulted in the disruption of 26 machines operating unlawfully across the country. [10 Sep 2024] #Crypto

FCA: GC24/5 – Supporting new HMT legislation to tackle APP fraud

The FCA has published Guidance Consultation 24/5: Authorised Push Payment Fraud: enabling a risk-based approach to payment processing (GC24/5). GC24/5 contains proposals on changes to the FCA's 'Payment Services and Electronic Money Approach Document' to support new legislation proposed by HM Treasury (HMT) to tackle authorised push payment (APP) fraud.

The new legislation proposed by HMT comprises amendments to the Payment Services Regulations 2017 (PSRs 2017) to enable payment service providers (PSPs) to delay making a payment transaction where they have reasonable grounds to suspect fraud or dishonesty. The aim is to increase firms’ ability to tackle APP fraud while minimising the impact on legitimate payments.

The FCA is consulting on changes which will explain how the regulator expects PSPs to apply the legislative changes to minimise the impact on legitimate payments and to address suspicious inbound payments while continuing to process payments quickly and efficiently.

Feedback is requested by 4 October 2024. The FCA plans to publish the revised Approach Document by the end of 2024. [9 Sep 2024] #APPFraud #Payments

Written Statement on timeline for enforcement of DMCCA provisions

Justin Madders, MP, Minister for Employment Rights, Competition and Markets, has set out in a written statement to the House of Commons, the timeline for provisions of the Digital Markets, Competition and Consumers Act (DMCCA), which received Royal Assent on 24 May 2024.

HM Government (HMG) aims to commence Parts 1, 2 and 5 of the DMCCA in December 2024 or January 2025; to this end, secondary legislation will be laid before Parliament in Autumn 2024. Commencing Part 1 will bring the digital markets regime into effect, and the Competition and Markets Authority (CMA) is expected to launch the first Strategic Market Status investigations shortly thereafter. [9 Sep 2024] #DigitalMarkets

---

Europe

ESAs: Joint Committee Report on risks and vulnerabilities in the EU financial system

The European Supervisory Authorities (EBA, EIOPA and ESMA – the ESAs) have published their Autumn 2024 Joint Committee report on risks and vulnerabilities in the EU financial system. The report warns national supervisors of the financial stability risks stemming from ongoing economic and geopolitical uncertainties and calls for continued vigilance from all financial market participants. For the first time, the report also includes a cross-sectoral deep dive into credit risks in the financial sector.

Against the backdrop of these risks and vulnerabilities, the ESAs advise National Competent Authorities (NCAs), financial institutions (FIs) and market participants to take various policy actions. This includes asking FIs and supervisors to remain vigilant to operational and financial stability risks that could arise from cyber-risks. [10 Sep 2024] #Cybersecurity #OpRes

EC welcomes Draghi report on European competitiveness

The European Commission (EC) has welcomed the report commissioned from former European Central Bank (ECB) President Mario Draghi on the future of European competitiveness.  The report looks at the challenges faced by the industry and companies in the Single Market; Mr Draghi's findings will contribute to the EC's development of a new plan for Europe’s sustainable prosperity and competitiveness.

The report is published in two parts – a main report and an accompanying in-depth analysis and recommendations.  Chapter 5 of the main report addresses the EU's financing needs. It highlights as a root cause of low investment financing in Europe, shortcomings in the delivery of the Capital Markets Union (CMU) and argues that the EU must build a 'genuine' CMU with the European Securities and Markets Authority (ESMA) morphing into a single common regulator for all EU securities markets with, ultimately, a single central counterparty (CCP) platform and a single central securities depository (CSD).  Additionally, the report calls on the EU to revive securitisation and to complete the Banking Union.

The in-depth analysis and recommendations presents sectoral policies, including digitalisation and advanced technologies (including AI) at Part 3 of Section 1, and horizontal policies, including accelerating innovation, addressing the skills gap, and sustaining investment. [9 Sep 2024] #AI

---

Australia

Treasury: Scams Prevention Framework – exposure draft legislation

The Australian Treasury has released for consultation an exposure draft of legislation to  implement the Scams Prevention Framework. The framework takes a 'whole-of ecosystem' approach to reduce gaps that scammers can exploit; it includes tough penalties for non‑compliance and dispute resolution pathways for consumers to seek redress.

The Minister for Financial Services can designate sectors under the framework, requiring participants to have measures to prevent, detect, report, disrupt, and respond to scams. Initially, the framework will apply to banks, telecommunications, and digital platform service providers, including social media, paid search engine advertising, and direct messaging services.

Feedback is requested by 4 October 2024. [13 Sep 2024] #Scams #DigitalPlatforms #SocialMedia

---

Hong Kong

HKMA issues circular on benefits of using AI for monitoring suspicious activities and how it can help authorised institutions accelerate such use

The HKMA has issued a circular to explain how the use of artificial intelligence (AI) can help improve the effectiveness and efficiency of monitoring money laundering and terrorist financing (ML/TF) risks.  It also sets out the actions that the HKMA is taking to further support and accelerate the use of AI in authorised institutions’ ongoing monitoring processes.

The HKMA shared a list of high-level principles on AI in 2019 (see our previous update).  Since then, some authorised institutions have adopted AI to enhance their monitoring systems and controls, which have proved to be more effective and efficient than conventional rules-based transaction monitoring systems.  Further details regarding the benefits of using AI to enhance suspicious activity monitoring are set out in the annex to the circular.

The HKMA has planned the following initiatives:

• Organising an experience sharing forum in November 2024 with speakers from the industry and technology firms on how AI is being deployed to enhance the effectiveness and efficiency of suspicious activity monitoring;

• Establishing a dedicated team, supported by an external consultant, to provide supervisory feedback and technical guidance to assist authorised institutions in applying AI in enhancing their monitoring processes, through the existing Fintech Supervisory Sandbox and Chatroom; and

• Continuing to gauge the interest of authorised institutions in applying AI to the monitoring of suspicious activity and providing suitable guidance to the industry where appropriate.

The HKMA encourages authorised institutions with significant operations in Hong Kong to give due consideration to adopting AI in their ML/TF monitoring systems.

• Authorised institutions should undertake a feasibility study based on its current ML/TF risk profile and possible future evolvement.  Based on the outcome of the study, they should formulate an implementation plan, taking into account dependencies, including those related to data requirements outlined in the HKMA’s recent guidance.

• The feasibility study and implementation plan should be signed off at board level and submitted to the HKMA by the end of March 2025.  The HKMA will communicate with authorised institutions on an individual basis regarding the exact timing for the feasibility study and implementation plan and the format in which they should be provided.  [9 Sep 2024] #AI #AML #CFT

HKMA executive director discusses risk trends and its work to reduce ML/TF risks in keynote speech

The HKMA's executive director of enforcement and anti-money laundering, Raymond Chan, has delivered a keynote speech at the 2024 INCLUSION · Conference on the Bund in Shanghai.  His speech centred on the HKMA’s work to safeguard the integrity of the banking system in Hong Kong and to prevent it from being abused by criminals for illicit purposes.

Mr Chan noted that Hong Kong has been a member of the Financial Action Task Force since 1991, and has implemented a framework of measures to combat money laundering and terrorist financing (ML/TF).  Hong Kong has undertaken two rounds of jurisdictional risk assessments and is making preparations for the third one in 2025.  Mr Chan notes that four major risk trends stand out:

• The rapid advancement of technology and the digitalisation of banking services coupled with the global shift towards online commerce have created fertile ground for fraudsters to exploit vulnerabilities and deceive unsuspecting individuals and businesses.

• The growing prevalence of fraud and the increasing sophistication of the techniques used by fraudsters poses a threat to a broad spectrum of the society.  Tackling all types of fraud must therefore remain one of the most important global and regional priorities.

•  The activity of non-bank financial intermediaries in new and emerging sectors – including crypto – has introduced new ML/TF risks into the ecosystem via direct and indirect links.

• In light of rising geopolitical tensions and increasing use of economic sanctions, the ability to remain vigilant and adaptable to complex and far-reaching sanctions regimes depends on the right mix of human skills augmented by technology.  

Mr Chan emphasised that a key response to these risks must be innovation in the anti-money laundering sphere, including through the use of artificial intelligence (AI), data analytics and cloud computing.  In this connection, the HKMA will soon be rolling out a programme to uplift the capability of banks in monitoring and detecting criminal activities.  Banks will be asked to critically evaluate the feasibility of applying AI in their monitoring of illicit activities (see 'HKMA issues circular on benefits of using AI for monitoring suspicious activities and how it can help authorised institutions accelerate such use' above).

In relation to non-bank financial institutions, the HKMA is preparing legislation to bring stablecoin issuers within its supervisory net in order to capture the right opportunities associated with digital assets while keeping the risks well managed.  [9 Sep 2024] #Crypto #AML #CFT

---

Singapore

MAS: Written response to PQ on Worldcoin accounts

MAS has published a written response to a PQ on Worldcoin. MAS explains that, while Worldcoin does not perform a payment service under the Payment Services Act 2019 (PS Act), persons who buy or sell Worldcoin accounts and tokens as a business may be providing a payment service.

A police investigation into seven subjects for their suspected involvement in offering the services of buying or selling of Worldcoin accounts and tokens, which constitute offences under the PS Act is underway. Members of the public are advised against giving away or selling their Worldcoin accounts, which may then be misused for criminal activities such as money laundering and terrorism financing.

On data privacy concerns, the Personal Data Protection Commission (PDPC), under the Personal Data Protection Act (PDPA), governs the collection, use, disclosure and care of personal data by organisations in Singapore. Organisations that handle such data, including biometric data, must ensure they put in place the necessary data protection and security arrangements to address the risks involved, when designing and operating their systems and processes. [10 Sep 2024] #Worldcoin #Tokens #Payments #Data

---

Thailand

SECT consults on amendments to IT Regulations and Guidelines

The Securities and Exchange Commission Thailand (SECT) has published a consultation on draft amendments to the Rules on Establishment of Information Technology System (IT Regulations and Guidelines) to align them with the risk profiles of different groups of business operators. The draft amendments aim to accommodate evolving developments of technology, cyber threats and international standards, without causing unnecessary burdens for business operators.

Feedback is requested by 15 October 2024. [12 Sep 2024] #Cyber

---

US

SEC: Trading platform settles charges in connection with cryptoasset securities

The Securities and Exchange Commission (SEC) has announced that, without admitting or denying the SEC's findings, a trading platform firm has agreed to pay $1.5m to settle charges that it operated an unregistered broker and unregistered clearing agency in connection with its crypto trading platform that facilitated buying and selling certain cryptoassets as securities. The firm also agreed to cease and desist from violating the applicable federal securities laws and will make only a limited set of crypto assets available for trading.

It must also, within 187 days of the order, liquidate any cryptoassets being offered and sold as securities that it is unable to transfer to its customers, and return the proceeds to the respective customers. The firm has publicly announced that, going forward and subject to the provisions of the SEC’s order in this matter, the only cryptoassets that U.S. customers can trade on its platform will be Bitcoin, Bitcoin Cash, and Ether. The firm will provide its customers with functionality to sell all other cryptoassets for only 180 days after the issuance of the SEC’s order.  [12 Sep 2024] #Crypto

CFTC partners with federal and private groups to distribute cryptocurrency relationship scam information

The CFTC's Office of Customer Outreach and Education (OCEO) has announced two partnerships to give customers targeted information about cryptocurrency relationship investment scams.

OCEO is partnering with the American Bankers Association Foundation along with other federal agencies and a private regulator to distribute an infographic to help consumers recognise and avoid so-called "pig butchering" fraud. The infographic illustrates the scam’s phases, from how victims are targeted and groomed to how the scam ends, and provides warning signs and steps to take if a person has been victimised.

Additionally, OCEO has also partnered with the SEC's Office of Investor Education and Advocacy, the Financial Industry Regulatory Authority (FINRA) and the North American Securities Administrators (NASAA) Association to develop and distribute an investor alert about how  scammers operate.  [11 Sep 2024] #Crypto #Scams