FinTech Global FS Regulatory Round-up - w/e 9 August 2024

ICYMI

• Cyber security: A month in retrospect (Australia) - July 2024

• The EU AI Act is in force

UK

Pay.UK reminds PSPs in scope of SD20 to register

Pay.UK has updated its 'Faster payments' webpage to notify payment service providers (PSPs) that, from 7 October 2024, new reimbursement requirements for authorised push payment (APP) fraud will come into effect. The requirements are covered in Specific Direction 20 (SD20) by the Payment Systems Regulator (PSR). SD20 applies to all PSPs participating in the Faster Payments Scheme that provide relevant accounts.

PSPs in scope of SD20 are reminded that they must register with Pay.UK by 20 August 2024. [9 Aug 2024] #APPFraud #Payments

FCA: Assessing firms’ compliance with ‘back end’ cryptoasset financial promotions rules

The FCA has published the findings from its recent review of several crypto firms’ compliance with financial promotion rules. The review looked at how firms are implementing personalised risk warnings, the 24-hour cooling off period, client categorisation and appropriateness assessments.

Overall, the review found some examples of firms demonstrating good practice, which the FCA has shared in its 'good and poor practice'; however, there were multiple instances where firms did not meet the required standards.

In particular, the FCA highlighted that it had seen examples of firms relying on industry comparison to benchmark promotions; given the levels of poor practice, the FCA says this is not acceptable. It reminds firms to engage directly with the FCA to drive up standards across the sector. The FCA also emphasises that all firms communicating or approving financial promotions must make sure they have strong systems and controls for compliance in place.

The FCA encourages all firms to read its 'good and poor practice', as well as Guidance Consultation 23/1: Guidance on cryptoasset financial promotions (GC23/1).  [7 Aug 2024] #Crypto #FinProms

FCA: Q2 Financial promotions data

The FCA has published its financial promotions data for Q2, 2024. The key findings in Q2 from a fintech perspective include:

• having received 5,544 reports about potential unauthorised business, the FCA issued 528 alerts on unauthorised firms and individuals, with 11% of these being clone scams; and
• many registered cryptoasset businesses that provide fiat to crypto on/off ramp services to third party firms ('partner firms') – referred to as 'widget models' – are taking steps to address the FCA's concerns, by engaging with authorised firms to have them approve the promotions of partner firms.

69% of the promotions reviewed in the quarter were as a result of the FCA's proactive monitoring. [7 Aug 2024] #FinProms #Crypto #CloneScams

FCA/BoE: DSS MoU

In a joint announcement regarding the review of their Memorandum of Understanding (MoU) on the supervision of financial market infrastructures (FMIs), the FCA and Bank of England (BoE) confirmed that they are also agreeing a separate MoU setting out how they intend to co-operate with each other in relation to the operation and supervision of the Digital Securities Sandbox (DSS). This DSS MoU will be published before supervision in the DSS commences. [7 Aug 2024] #DigitalSecuritiesSandbox

Hong Kong

HKMA publishes report on review of virtual banks and launches consultation on proposed renaming of 'virtual bank' as 'digital bank'

The HKMA has published a report on its review of virtual banks and launched a consultation on its proposal to rename 'virtual bank' as 'digital bank'.

The review was conducted earlier this year, several years after Hong Kong's 8 virtual banks commenced their business in 2020:

• The HKMA considers that the three policy objectives of introducing virtual banks to Hong Kong have been delivered so far – (i) promoting fintech and innovation, (ii) offering new customer experience, and (iii) promoting financial inclusion.  

• Virtual banking is gaining wide market acceptance in Hong Kong, with a total number of 2.2 million depositors as at the end of 2023.  The products and services offered by the 8 virtual banks have received a positive response.  

• The virtual banks had however not achieved profitability as at the end of 2023 due to the challenges in launching their business in 2020, primarily due to the outbreak of the Covid-19 pandemic.  Nonetheless, they recorded moderate business growth over the past 3 years, with aggregate operating income increasing seven-fold and net losses narrowing by 15% from the 2021 to the 2023 financial years.

In light of the recent developments of the virtual banks, such as increasing exposures to and dealings with business entities, including the digital asset-related sector and the Web3 ecosystem, the current requirement that a virtual bank should primarily deliver retail banking services will be removed. 

The HKMA considers that with the diversity of virtual banks and incumbent banks, the current number of virtual banking licenses is optimal and does not see any strong justification to introduce new virtual bank players to the market at this stage.  The current structure of the virtual bank sector should be maintained with a view to facilitating long-term development of the virtual banks as well as maintaining a healthy competitive landscape in the banking industry.

The HKMA will continue to monitor the operations and development of the 8 virtual banks and provide guidance and policy clarity as and when necessary.

Separately, the HKMA has launched a consultation on its proposal to rename 'virtual bank' as 'digital bank'.  The consultation closes on 5 September 2024.  The HKMA considers that 'digital' is a broader term that has connotations of 'internet' and 'technology', and better reflects the use of the latest financial technologies and innovations by virtual banks.  [6 Aug 2024] #VirtualBanks #DigitalBanks

PBOC and HKMA sign MOU on cross-boundary linkage of payment systems

Mr Lu Lei, Deputy Governor of the People's Bank of China (PBOC), and Mr Howard Lee, Deputy Chief Executive of the HKMA, have signed a memorandum of understanding (MOU) on behalf of their respective authorities on cross-boundary linkage of payment systems between the Mainland and Hong Kong, establishing a cooperation framework for the linkage.  Mr Lu and Mr Lee also exchanged views on a range of topics of mutual interest, including financial cooperation between the Mainland and Hong Kong.  [2 Aug 2024] #Payments

Singapore

MAS: PQ on minimising cross-border scams and fraud

The Monetary Authority of Singapore (MAS) has published a written response to a Parliamentary Question (PQ) on measures to minimise risks of cross-border scams and fraud. MAS' response highlights that Financial institutions (FIs) participating in real-time payment linkages with other countries have implemented anti-scam controls, including a default transaction notification threshold of $100 or lower and a daily transaction limit of not more than $1,000. FIs will continue to actively monitor changes in scam typologies and will adjust their measures as appropriate. [7 Aug 2024] #Payments

MAS: PQ on impact of global IT outage on FIs

MAS has published a written response to a PQ on the impact of the recent global IT outage on FIs. MAS' response underscores that:

• major FIs in Singapore reported limited or no impact to their critical systems and customer-facing operations, while a few experienced disruptions to some of their IT systems meant for internal staff;
• the Singapore Exchange Group (SGX) experienced a temporary disruption to its post trade services on the Central Depository, resulting in a limited number of trades being rolled over for settlement on the next business day. However, all other trading and clearing services continued to operate normally; and
• among the affected FIs, operations proceeded normally by the next business day.

In light of the IT outage, MAS has emphasised the importance of FIs implementing robust processes and controls to identify and manage risks, including those arising from the reliance on third parties, as well as the need for FIs to build system recovery capabilities. [6 Aug 2024] #Outage

Indonesia

New Implementing Regulation to the Information Technology-Based (Peer-to-Peer) Lending Services

On 31 January 2024, the Indonesian Financial Services Authority (OJK) issued OJK Circular Letter No. 1/SEOJK.06/2024 on the Procedures and Mechanisms for the Submission of Funding Transaction Data and Reporting of the Operator of Information Technology-Based (Peer-to-Peer) Lending Services (Circular Letter 1/2024, in Indonesian language) which is effective as of 1 July 2024 implementing Article 44(2) and Article 66(11) of OJK Regulation No. 10/POJK.05/2022 on Information Technology-Based (Peer-to-Peer) Lending Services (OJK Regulation 10/2022, in Indonesian language) governing the procedure and mechanism for the submission of funding transaction data and the reporting obligation for the operator of peer-to-peer lending.

Circular Letter 1/2024 specifies that the operator of a peer-to-peer lending service must submit:

• funding transaction data (which include the development of transaction data between the fund providers and fund recipients) to OJK’s fintech lending data center on real time basis, by integrating the electronic system of the operator of peer-to-peer lending with OJK’s fintech lending data center;   
• periodic reports (which consist of monthly reports and audited financial reports) to OJK, and    
• incidental reports (which consist of reports on fraud, internal audit, educational program implementation, legal dispute and operational disturbance) which is to be submitted within 10 business days since the incident.

Circular Letter 1/2024 provides a trial period for the submission of the funding transaction data and monthly report until 30 June 2024. The reporting obligation for funding transaction data must be fully complied with by 1 July 2024 and, for the monthly report, must be fully complied with for July 2024 reporting period. [9 Aug 2024] #P2P

India

RBI: Statement on regulations and payment systems, Governor's statement

The Reserve Bank of India (RBI) has issued the latest statement of Developmental and Regulatory Policies.

In relation to regulations, the statement covers:

• public repository of digital lending apps (DLAs) – the RBI is creating a public repository of DLAs to aid customers in verifying the association of DLAs with regulated entities; and
• frequency of reporting of credit information to credit information companies (CICs) – this will be increased from a monthly to a fortnightly basis to provide a more up-to-date picture of a borrower’s indebtedness.

In relation to payment systems, the statement covers:

• enhancing transaction limits for tax payments through the unified payment interface (UPI) from ₹1 lakh to ₹5 lakh per transaction;
• the introduction of delegated payments through UPI to expand the user base; and
• continuous clearing of cheques under the cheque truncation system (CTS) – the current approach of batch processing will be transitioned to continuous clearing with 'on-realisation-settlement'. [8 Aug 2024]

These measures are also discussed in the recently-published Governor's Statement, which additionally includes comments on financial stability. [8 Aug 2024] #DigitalLending #UPI

Philippines

BSP lifts moratorium on licenses for digital banks

The Bangko Sentral Ng Pilipinas (BSP) has announced that its Monetary Board has approved the lifting of the moratorium on the granting of new digital banking licenses starting on 1 January 2025 and has allowed a maximum of ten digital banks to operate in the country. The grant of new digital bank licenses may include the conversion of an existing bank’s license to digital bank license.

New digital bank applicants will be subjected to a rigorous licensing process covering value proposition, business models, and resourcing capabilities. They will also need to demonstrate their compliance with standard licensing requirements, which includes an assessment of ownership and control structure transparency, suitability of shareholders, fitness and propriety of directors and senior management, adequacy of capital, and corporate governance and risk management. Only digital bank applicants that have demonstrated capacity to meet the minimum criteria, and offer a unique value proposition, will be granted a license. [8 Aug 2024] #DigitalBanks 

BSP launches 2024-29 FSCRP

The BSP has announced the launch of its 2024-2029 Financial Services Cyber Resilience Plan (FSCRP). The FSCRP serves as a comprehensive roadmap and primary framework aimed at enhancing the resilience of the financial services sector against cyber threats. It also outlines high-level goals and strategies essential for maintaining the integrity and security of the country’s financial ecosystem. The strategies outlined in the FSCRP will be implemented in phases from 2024 to 2029. The phased approach allows for continuous improvement and responsiveness to the dynamic cyber-threat landscape. The FSCRP complements and aligns with the National Cybersecurity Plan (NCP) 2028. [5 Aug 2024] #Cyber

US

CFTC awards over $1m to whistleblower who aided a digital assets-related investigation

The CFTC has announced a whistleblower award of over $1m to a whistleblower who provided significant information and assistance that led the CFTC to bring an enforcement action connected to digital asset markets.

CFTC Director of Enforcement Ian McGinley commented: “Identifying unlawful conduct in the digital asset marketplace is a major priority for the CFTC, especially as everyday Americans are increasingly victimized by digital asset scams. During the last fiscal year, digital asset cases accounted for almost 50% of the CFTC’s docket, and the majority of whistleblower tips that year were related to digital assets.”  [8 Aug 2024] #DigitalAssets 

CFTC obtains $12.bn judgment against centralized crypto exchange and crypto trading firm

The CFTC has announced that the U.S. District Court for the Southern District of New York has entered a consent order of permanent injunction and other equitable relief against a crypto exchange and ordered them to pay $12.7 billion in monetary relief to its customers and victims of its fraud. The order requires the crypto exchange to pay $8.7 billion in restitution and $4 billion in disgorgement, which will be used to further compensate victims for losses suffered from a fraudulent scheme orchestrated by the group of companies and a core group of its insiders. The order also requires the crypto exchange and the crypto trading firm to cooperate with the CFTC in its ongoing litigation

In a related settlement agreement approved by the Bankruptcy Court for the District of Delaware, the CFTC agreed not to seek a civil monetary penalty against the exchange and to subordinate its monetary claims to those of victims of the fraud scheme. As described by the exchange in its proposed reorganization plan filed in the bankruptcy proceeding, payments by the exchange towards its CFTC disgorgement obligation will be used to further compensate victims through a supplemental remission fund. The plan remains subject to approval in the bankruptcy proceeding. [8 Aug 2024] #Crypto

Fed issues annual Cyber Security and Financial System Resilience Report

The Fed has published its annual Cyber Security and Financial System Resilience Report. The report describes measures taken to strengthen cybersecurity in the financial services sector. It covers: the Fed’s policies and procedures related to cybersecurity risk management; activities to address cybersecurity risks; and current and emerging cybersecurity threats, including forms of malware and supply chain risks. [2 Aug 2024] #Cyber