FinTech Global FS Regulatory Round-up - w/e 21 March 2025

ICYMI

• Searchlight AI

Tracking where law, regulation and policy meets machine learning – Compiled by our award-winning global Emerging Technology Group of legal and consulting experts, this regularly updated snapshot helps you keep informed and ahead of the curve on AI policy and law.

---

Global

IOSCO: Launch of new 'alerts portal' to help combat retail investment fraud

The International Organization of Securities Commissions (IOSCO) has announced the launch of its International Securities and Commodities Alerts Network (I-SCAN) portal, a dedicated platform to help combat investment fraud globally.

I-SCAN allows any investor, online platform provider, bank or institution to check whether suspicious activity has been flagged for a particular company by financial regulators worldwide.

The introduction of I-SCAN forms part of IOSCO’s Roadmap for Retail Investor Online Safety, an initiative which was launched in November 2024 and which has five waves of activity. [20 Mar 2025]  #I-SCAN

---

UK

HMT: Chancellor and Fintech representatives discuss growth and competitiveness strategy

HMT has reported that the Chancellor hosted senior representatives from the Fintech sector to discuss the Financial Services Growth and Competitiveness Strategy. The meeting follows on from the Prime Minister’s pledge to cut the administrative cost of regulation on business by a quarter and occurs alongside the release of a near final draft SI which commences the revocation of firm-facing regulation in the MiFID Org Reg in order to delegate responsibility for rulemaking to the relevant regulators. [18 Mar 2025]  #AI

HMT: Additional information and engagement on DIGIT

HMT has published a paper providing additional information and engagement questions in respect of the procurement process for the pilot Digital Gilt Instrument (DIGIT) issuance. The publication provides further information on the scope of the DIGIT pilot and seeks views from potential suppliers, including the financial services sector, to inform the development and delivery of DIGIT. Any procurement process will likely be run in accordance with the Procurement Act 2023.

The pilot aims to:

• enable HMG to explore how distributed ledger technology (DLT) can be applied across the lifecycle of the UK sovereign debt issuance process; and
• catalyse the development of UK based DLT infrastructure and the adoption of DLT in UK financial markets.

The delivery of the pilot DIGIT issuance is being managed jointly by HMT and the UK Debt Management Office (DMO). Interested parties are invited to submit responses to the engagement questions by 13 April 2025. HMT and DMO intend to publish the tender notice and issue invitation to tender in late Spring 2025. The successful supplier(s) will be selected in late Summer 2025. [18 Mar 2025]  #DLT

---

Europe

EIOPA: Speech – supervising digital transformation in the age of AI

The European Insurance and Occupational Pensions Authority (EIOPA) has published a speech by its Chair, Petra Hielkema, delivered at the Insurtech Insights Conference.

Speaking on the theme of 'Supervising digital transformation in the age of AI', Ms Hielkema highlighted the need for an effective regulatory framework given the rapid pace of change in digital transformation. She cited the Digital Operational Resilience Act (DORA) and the EU's new AI Act as key examples. Focusing on the AI Act in particular (which defines four risk levels for AI systems), Ms Hielkema noted that it introduces a risk-based approach to all AI applications across the economy, balancing innovation with trust and that 'the rules we have put in place set us on the right path to achieve responsible, consumer-centric innovation'. [21 Mar 2025]  #AI

EIOPA: Q&A on 'functions' under DORA

EIOPA has published a Q&A which responds to a query on the definition of the word 'function' under DORA and requests examples of functions that must be mapped. EIOPA explains that DORA does not define ‘function’ in order to provide flexibility for financial entities to identify their functions in accordance with their operational and organisational frameworks. EIOPA explains that functions correspond to activities, services, processes or operations (or clusters of them); they include those directly tied to the FE’s core business activities and those to be categorised as ‘support functions’ which enable the core activities to operate effectively. [21 Mar 2025]  #DORA #OpRes

ESMA: MiCAR Guidelines – conditions and criteria for the qualification of cryptoassets as financial instruments

The European Securities and Markets Authority (ESMA) has published the translations of the Guidelines on the conditions and criteria for the qualification of cryptoassets as financial instruments under the Markets in Cryptoassets Regulation (MiCAR). The Guidelines are addressed to competent authorities.

These Guidelines apply two months after the publication of the translations.  Competent authorities are required to notify the respective ESAs whether they intend to comply with these Guidelines or otherwise provide the reasons for non-compliance by 20 May 2025. [19 Mar 2025]  #MiCAR #Crypto

ESAs: DORA guidelines – estimation of aggregated annual costs and losses caused by major ICT-related incidents

The ESAs have published the translations of their Joint Guidelines on the estimation of aggregated annual costs and losses caused by major ICT-related incidents under DORA.  The Guidelines are addressed to competent authorities.

These Guidelines apply two months after the publication of the translations. Competent authorities are required to notify the respective ESAs whether they intend to comply with these Guidelines or otherwise provide the reasons for non-compliance by 19 May 2025. [18 Mar 2025]  #DORA #OpRes

EPC updates guidelines on cryptographic algorithms usage and key management

The European Payment Council (EPC) has issued its yearly update of the guidelines on cryptographic algorithms usage and key management, which provide guidance to the European payments industry in the field of cryptographic algorithms, security protocols, confidentiality and integrity protection and related key management practices. This new version provides an overall review of referred standards and algorithms, including updates related to authenticated encryption and homomorphic encryption. Specific attention has been given to updating information regarding cryptography in the context of quantum computing, with the EPC noting that organisations must already review their cryptographic strategies to ensure they remain secure in a post-quantum world. [17 Mar 2025]  #Algos #Payments

---

Australia

Developing an innovative Australian digital asset industry

The Federal Government has announced that it is working with industry, regulators and the broader community to reshape Australia's role within the global digital asset ecosystem. The focus of this approach will be to adopt international best practice in respect of digital assets to assist industry in identifying opportunities for growth and innovation whilst highlighting any potential risks to businesses, consumers and market integrity. This approach was informed by actions taken within other international jurisdictions, such as Singapore and the European Union, in addition to consultation with Australian Securities and Investments Commission (ASIC) to ensure appropriate transitional arrangements are in place. Whilst the reforms will extend financial services laws to key digital asset platforms, it is not anticipated that the legislative changes will affect the entire digital asset ecosystem.

The legislative reforms are expected to introduce both:

• a framework for Digital Asset Platforms (DAPs), which are online platforms that hold digital assets for consumers; and
• a framework for payment stablecoins, which will be treated as a type of stored-value facility (SVF) under the Government’s Payments Licensing Reforms.

It is expected that this framework will not impose any new regulatory burden on the issuers of digital assets, as the focus is on mitigating the risks associated with custody arrangements for digital assets. As such, the framework will extend only to DAPs providing common digital products (such as trading platforms) and businesses operating and dealing with DAPs. It is also expected that those providing advice on using DAPs will be included within its scope. Simultaneously, the Government is also developing a comprehensive framework for payments service providers which will revise existing licensing regime for non-cash payments to ensure it covers the wide range of payment methods now provided in Australia.

Under the new requirements, businesses which fall within their ambit are expected to comply with well-understood ‘general obligations’ imposed on all financial service providers, such as providing services honestly, fairly, and efficiently. Additionally, businesses operating DAPs or issuing tokenised SVFs will specifically be required to comply with rules for safeguarding customer assets, requirements for the redemption of stored value represented by tokens, and new obligations which are addressed specifically to the unique risks posed by DAPs and SVFs. The press release points particularly to these new obligations including tailored disclosure rules for digital assets without issuers, disclosure of information about composition of reserves and others.

Additional initiatives discussed within the press release are:

• managing the growing risk of de-banking emerging from the rise of the digital asset sector;
• the implementation of a Crypto Asset Reporting Framework to address possible tax evasion using digital assets;
• a review of the Enhanced Regulatory Sandbox in 2025 to allow businesses to test new financial products or services without needing an AFSL or credit license;
• the possible introduction of an Australian dollar central bank digital currency (CBDC);
• testing the use of tokenised money; and
• assessing the suitability of decentralised financial transactions within Australia.  [21 Mar 2025]  #Crypto

---

Hong Kong

SFC suspends financial influencer for 16 months for unlicensed provision of investment advice

The SFC has suspended a financial influencer, Mr Wong Ming Chung (also known as Franky Wong), for 16 months following his criminal conviction in June 2024 (see our previous update) for the unlicensed provision of investment advice via a subscription-based chat group on Telegram.

Although Mr Wong was an SFC-licensed representative at the material time, he could only act for the licensed corporation to which he was accredited in carrying on business in regulated activities.  However, he operated the Telegram chat group in his personal capacity between 2 January 2018 and 21 May 2019.

As a result of his criminal conviction, the SFC considers that Mr Wong is not a fit and proper person to remain licensed to carry on regulated activities.  [20 Mar 2025]  #FinFluencer

HKMA publishes research paper on use of DLT in financial sector, setting out use cases and recommendations for mitigating potential risks

The HKMA has published a research paper titled 'Distributed Ledger Technology in the Financial Sector: A Study on the Opportunities and Challenges', which discusses the potential of distributed ledger technology (DLT) to transform the financial landscape as well as to enable greater efficiency, transparency and innovation.

The research paper:

• Explores the transformative role of DLT, as well as its benefits, challenges and potential use cases for the financial industry;
• Features 10 real-world adoption cases covering diverse use cases, such as programmable payments, trade settlement, and digital identity management, showcasing the technology’s potential to enhance the existing financial market operations; and
• Analyses the potential risks associated with the adoption of DLT and offers recommendations on how to mitigate them.

The HKMA encourages authorised institutions to review the paper and leverage the insights to explore the innovation of DLT.  It also encourages participation in the recently launched Supervisory Incubator for DLT (see our previous update) to consider how DLT solutions could be productionised.  [19 Mar 2025]  #DLT

---

India

SEBI adopts DigiLocker to reduce unclaimed assets

SEBI has announced its decision to adopt DigiLocker, a Government digital document wallet that facilitates the obtaining and storing of various documents by citizens, with a view towards reducing unidentified unclaimed assets in the Indian securities market. Asset management firms and recognised depositories are directed to register with DigiLocker as issuers so as to enable users and investors to access a number of documents. The circular will come into effect from 1 April 2025.  [19 Mar 2025]  #DigitalWallet

IFSCA extends consultation on regulatory approach to tokenisation of real-world assets

The International Financial Services Centres Authority (IFSCA) has announced an extension to the deadline for responding to its consultation paper titled 'Regulatory Approach towards Tokenization of Real-World Assets'. Comments on the paper can now be submitted until 30 April 2025.  [19 Mar 2025]  #Tokenisation

---

US

SEC announces agenda and panelists for AI roundtable

The Securities and Exchange Commission (SEC) has announced the agenda and panelists for the March 27 roundtable on AI in the financial industry. The agenda is as follows:

• The Benefits, Costs, and Uses of AI in the Financial Industry
• Fraud, Authentication, and Cybersecurity
• AI Governance and Risk Management
• What’s Next/Future Trends

The roundtable, announced in February, will be held at the SEC's headquarters at 100 F Street, N.E., Washington, D.C. from 9:00 a.m. – 4:15 p.m. The event will be open to the public and webcast live on the SEC’s website.   [20 Mar 2025]  #AI

CFTC’s Office of Customer Education and Outreach releases new advisory on fraud using generative AI

The CFTC's Office of Customer Education and Outreach has issued a customer advisory which explains how generative AI is making it easier for fraudsters to create convincing scams. Fraudsters are using AI to create fake images, voices, videos, live-streaming video chats, social media profiles, and malicious websites designed to look like legitimate financial trading platforms.

The advisory sets out specific actions people should take to protect themselves, including strengthening social media account privacy settings and keeping personal or sensitive information private, especially from people they only know online or callers using unfamiliar phone numbers. [19 Mar 2025]  #GenAI #Deepfakes

OCC: Digitalization – resources for community banks

The OCC has established a new digitalization page on its website with resources to help community banks meet their digitalization objectives.  [19 Mar 2025]  #Digitalization #Cloud