FinTech Global FS Regulatory Round-up: 16 December 2024 - 10 January 2025

Welcome to the first edition of 2025, in which we round up FinTech-related financial services regulatory developments for the period 16 December 2024 - 10 January 2025.

15 January 2025

Global

OECD paper: Tokenisation of assets – potential impediments to market development and policy implications

The Organisation for Economic Co-operation and Development (OECD) has published a paper which analyses possible reasons for the absence of a market for tokenised assets. The paper provides an update to earlier OECD work on tokenisation of assets, examines potential benefits, risks and market trends around tokenisation, discusses potential impediments to the development of a market for such assets, and puts forward policy considerations for financial supervisors and policy makers.

The opinions expressed and arguments employed in the paper do not necessarily reflect the official views of the member countries of the OECD. [9 Jan 2025] #Tokenisation

CPMI takes further steps to promote ISO 20022 harmonisation for enhanced cross-border payments

The Committee on Payments and Market Infrastructures (CPMI) has announced its intention to take further steps to promote the adoption of its harmonised ISO 20022 data requirements for more efficient processing of cross-border payments. These include:

taking steps for the medium-term governance and maintenance of the CPMI's harmonised ISO 20022 data requirements for enhancing cross-border payments;
establishing a panel of global ISO 20022 market practice group in early 2025, to support the regular maintenance of the data requirements; and
promoting and supporting industry efforts to develop global ISO 20022 market practice guidelines for fast payments based on the harmonised data requirements. [7 Jan 2025] #Payments

BIS: Paper on faster payments

The Bank for International Settlements (BIS) has published a paper entitled Faster digital payments (FPS) Global and regional perspective. The paper provides insights and lessons learned from a range of FPS. [19 Dec 2024] #Payments

UK

HoC: HMG response to Committee report on the governance of AI

The House of Commons (HoC) Science, Innovation and Technology Committee (SITC) has received and published the Government's response to its third report on the governance of AI. The Government agrees with the SITC that AI-specific legislation is required. It will shortly publish a consultation setting out legislative proposals to establish binding regulations on the companies developing the most powerful AI models. [10 Jan 2025] #AI

FCA research note: A pilot study into bias in natural language processing

The FCA has published a research note, as part of its AI research series. The note considers in a natural language context, specifically word embeddings. Word embeddings are mathematical representations of words that capture their meanings and relationships to other words or phrases. They are a valuable tool for many natural language processing (NLP) applications and continue to be widely used in industry as a cost-effective and easy-to-deploy alternative to large language models (LLMs).

Although widely used in NLP and LLM systems, the note explains that word embeddings have the potential to encode harmful biases against demographic groups, such as on the basis of gender, disability or ethnicities. These biases could cause tangible harm if word embeddings are deployed in consumer-facing applications.

The research finds that while it is possible to measure some aspects of language bias and mitigation techniques can remove some elements of gender and ethnicity bias, there are limitations to current methods.

Research notes may not necessarily represent the position of the FCA, but they are one source of evidence that the FCA may use while discharging its functions and to inform its views. [9 Jan 2025] #AI #LLMs #NLP

SI: The Financial Services and Markets Act 2000 (Collective Investment Schemes) (Amendment) Order 2025 - cryptoasset staking

The Financial Services and Markets Act 2000 (Collective Investment Schemes) (Amendment) Order 2025 has been laid before Parliament. The statutory instrument (SI) inserts a new paragraph 22 into the Schedule to the Financial Services and Markets Act 2000 (Collective Investment Schemes) Order 2001. The new paragraph clarifies that arrangements for qualifying cryptoasset staking do not amount to a collective investment scheme.

The SI will come into force on 31 January 2025 and is accompanied by an explanatory memorandum. [9 Jan 2025] #Crypto

CMA: Plans for new digital markets competition regime

The Competition and Markets Authority (CMA) has announced its initial plans for the new digital markets competition regime. The plans follow on from the entry into force of the new regime on 1 January 2025 following the Digital Markets, Competition and Consumers Act 2024 (DMCCA 2024) receiving Royal Assent in May 2024.

Under the regime, the CMA may designate firms with 'Strategic Market Status' (SMS) in relation to a particular digital activity. Once designated, the CMA can impose conduct requirements or introduce pro-competition interventions to achieve positive outcomes for UK consumers and businesses.

Planned activity for the first six months includes the expected launch of SMS designation investigations in relation to two, as yet unconfirmed, areas of digital activity in January 2025. More detailed announcements on these will follow later in the month. Investigation into a third area of digital activity is expected towards the end of H1 2024. Each designation investigation must be completed within a statutory time limit of nine months. The CMA also expects to consult on an initial set of proposed conduct requirements in parallel with these investigations. [7 Jan 2025] #DigitalMarkets

FCA/PRA/BoE/PSR – 2024 review of MoU for UK payment systems

The FCA, PRA, Bank of England (BoE), and the Payment Systems Regulator (PSR) have conducted their annual review (as required by the Financial Services (Banking Reform) Act 2013) of their Memorandum of Understanding (MoU), which sets out the high-level framework for cooperation between the regulators in relation to UK payment systems.

During 2024, steps were taken to improve the sharing of expertise and data between the regulators. The 2024 review has highlighted that there is scope for further improvement in cooperation, and the regulators have committed to revise the MoU by Q2 2025 in line with the Government’s National Payments Vision (NPV). [20 Dec 2024] #Payments

FCA/PRA/BoE: 2024 CBEST thematic findings and forthcoming consultation on ICT risk management and cyber resilience risks

The FCA, PRA and BoE have published the 2024 thematic findings from the Critical National Infrastructure Banking Supervision and Evaluation Testing (CBEST). CBEST is a threat-led penetration testing assessment framework; it is intended to enable firms and Financial Market Infrastructures (FMIs) to identify, understand and remediate vulnerabilities in cyber resilience. The 2024 findings show that areas for firms and FMIs to focus on are:

cyber security risks to assets and individuals;
cyber risk management and impact-based approaches to the protection of key resources (people, process, technology, and data);
detection and response capabilities leveraging the latest threat intelligence; and
cyber incident response to eradicate threats and mitigate impacts.

Findings from the Threat Intelligence Maturity Assessment (TIMA), part of CBEST, showed that firms and FMIs displayed weaknesses in their threat intelligence operations. This was particularly around the integration of threat Intelligence with business lines and increasing the situational awareness in firms and FMIs.

To further enhance the sector’s cyber resilience capabilities, the regulators intend to start consulting in H2/2025 on expectations around the management of information and communication technology (ICT) and cyber resilience risks. This includes risks arising from IT transformations, and the sector’s ability to detect, withstand and recover from disruptions in the event of ICT and cyber incidents. [19 Dec 2024] #Cyber #ICT

CMA: MoUs on regulatory coordination under DMCCA 2024 with financial services regulators

The Competition and Markets Authority (CMA) has signed an MoU for regulatory coordination under Part 1 of the Digital Markets, Competition and Consumer Act 2024 (DMCCA 2024) with the BoE and PRA.

It has also signed a separate MoU with the FCA on working arrangements in relation to the DMCCA 2024. [19 Dec 2024] #DigitalMarkets

FCA finds two-thirds of young investors take less than 24 hours to make investment decisions

The FCA has published research showing that young investors are making important investment decisions in a matter of hours, rather than taking the time to research whether the product is right for them in the long-term. The research reveals that:

a quarter of young investors admit they make investment decisions impulsively to keep up with current trends;
£550 is average spend on hyped investment products;
66% of investors aged 18-40 spend less than 24 hours deciding on an investment, and 14% finalise their decision in under an hour; and
two in five investors regret purchasing a hyped investment product.

The FCA encourages investors to think more carefully before investing in high-risk or hyped products, by considering their long-term financial goals. [18 Dec 2024] #ConsumerResearch

BoE: Annual report on supervision of FMIs

The Bank of England (BoE) has published its annual report on the supervision of FMIs. The report sets out the work undertaken over the past year in relation to FMIs to deliver the BoE's financial stability objective and secondary innovation objective. In particular, the report highlights the BoE's work in implementing the enhanced regulatory regime following the approval of the FSMA 2023; and facilitating innovation through work on stablecoins and the Digital Securities Sandbox. [18 Dec 2024] #Stablecoins #DigitalSecuritiesSandbox

Draft SI: The Digital Markets, Competition and Consumers Act 2024 (Consequential Amendments) Regulations 2024

The draft Digital Markets, Competition and Consumers Act 2024 (Consequential Amendments) Regulations 2025 has been published. This instrument makes amendments to legislation in consequence of Part 3 (enforcement of consumer protection law), Part 4 (consumer rights and disputes) and Chapter 2 of Part 5 (provision of investigative assistance to overseas regulators) of the DMCCA 2024. [18 Dec 2024] #DigitalMarkets

FCA consults on new private stock market – PISCES platform

The FCA has published Consultation paper CP24/29: Private Intermittent Securities and Capital Exchange System (PISCES): Sandbox arrangements (CP24/29). CP24/9 sets out the FCA's proposals for the new PISCES platform which will enable intermittent trading of shares in private companies.

PISCES was a central pillar of the Chancellor’s Mansion House speech in November 2024. The proposed regulatory framework for PISCES will be established under an FMI sandbox created by HMT.

Responses are requested by 17 February 2025. The FCA expects to publish made rules by May 2025, following HMT's laying of its final SI. [17 Dec 2024] #PISCES

PSR: APP scams data

An explanatory memorandum accompanies the draft SI. Once made, the SI is expected to come into force on 6 April 2025 [18 Dec 2024].

The Payment Systems Regulator (PSR) has published a report, Unmasking how fraudsters target UK consumers in the digital age, which includes data on authorised push payment (APP) scams in 2023. The report highlights the use which fraudsters make of social media, technology and telecoms platforms, setting out the most common platforms and services by scam type (e.g. purchase, romance, impersonation, etc.).

The PSR says that it will publish this data annually and intends to consult in 2025 on how to improve data collation. [17 Dec 2024] #APPScams

FCA: Admissions and disclosures, market abuse regime for cryptoassets

The FCA has published Discussion paper 24/4: Regulating cryptoassets – Admissions and disclosures and market abuse regime for Cryptoassets (DP24/4). The aim of DP24/4 is to help inform the development of the FCA's rules for cryptoasset admissions and disclosures and cryptoasset market abuse. In the DP, 'cryptoassets' refers to spot cryptoassets, such as stablecoins and unbacked cryptoassets (for example, Bitcoin and Ether). It does not include those already captured under the existing list of 'specified investments' in Part III of the Regulated Activities Order (RAO), such as tokenised financial instruments, or the rights to the same, which includes security tokens.

DP24/4 reflects insights gained from a series of FCA-led crypto roundtables held with the industry earlier in 2024. It also builds on the government’s 2023 consultation. It includes, at page 7 of the DP, an overview of the future crypto regime covering pre-trade, trade and post-trade, and cross-lifecycle activities.

Responses are requested by 14 March 2025. The FCA may consult in due course if it decides to take forward the proposals in the discussion paper. [16 Dec 2024] #Crypto

BoE speech: Update on the future roadmap for the RTGS service

The BoE has published a speech by Victoria Cleland, Executive Director – Payments, delivered at FinTech Connect. Ms Cleland provided an update on the Future Roadmap for the Real Time Gross Settlement (RTGS) service, highlighting how close engagement with users is supporting innovation in a number of key areas. Among future enhancements she discussed were enhanced access, extended settlement hours and innovative synchronised payments. [16 Dec 2024] #RTGS #Payments

Europe

ESMA: Q&As – DORA, MiCAR

The European Securities and Markets Authority (ESMA) has published new or updated questions and answers (Q&As) on, among others:

Digital Operational Resilience Act (DORA)

Markets in Crypto-Assets Regulation (MiCAR)

ESMA: First annual crowdfunding report

The European Securities and Markets Authority (ESMA) has published its first annual report on the EU crowdfunding market as required under the European Crowdfunding Service Providers for Business Regulation (ECSPR), which came into effect in November 2021. The report is based on data received from National Competent Authorities (NCAs) and covers a sample of 98 crowdfunding service providers in 17 EU Member States. Key findings include that over EUR 1bn of crowdfunding took place in the EU in 2023. Loan-based crowdfunding was the most common form of funding model (65% of funding raised), followed by debt-based (17%) and equity-based (6%).

A large majority of investors were retail (87%), who tended to invest smaller amounts than more sophisticated and professional investors. Professional, scientific and technical services secured 33% of funding raised, leading the sectors accessing crowdfunding; it was followed by the construction sector with 21%. [8 Jan 2025] #Crowdfunding

EBA consults on prudential treatment of cryptoasset exposures under CRR

The European Banking Authority (EBA) has published a consultation on draft Regulatory Technical Standards (RTS) on the calculation and aggregation of crypto exposure values under Article 501d(5) of the Capital Requirements Regulation (CRR).

The draft RTS further develop the relevant capital treatment for credit risk, counterparty credit risk (CCR), market risk (MR) and credit valuation adjustment risk for asset-referenced tokens (ARTs) and other cryptoasset exposures. The draft RTS also align, to the extent possible, the capital treatment with the elements specified in the Basel standard on prudential treatment of cryptoasset exposures.

The draft RTS propose that all fair valued cryptoassets within the scope of the Markets in Cryptoassets Regulation (MiCAR) under the applicable accounting framework shall be subject to the requirements for prudent valuation under the CRR 3.

Responses are requested by 8 April 2025. The EBA will hold a virtual public hearing on 4 March 2025. [8 Jan 2025] #Crypto

ESMA: MiCAR transitional measures

ESMA has published a statement on the Markets in Cryptoassets Regulation (MiCAR) transitional measures. Under article 143(3) of MiCAR, Member States (MS) have individual discretion not to apply the transitional regime or to reduce its duration. The statement advises cryptoasset service providers (CASPs) providing services in more than one MS to take into account the different transitional periods.

Similarly, when processing authorisations of CASPs, national competent authorities (NCAs) should ensure they are fully aware of the activities of CASPs outside the Home MS and possible implications on the cross[1]border provision of services in Host MS. The Home NCA should engage in early and continuous dialogue with relevant Host MSs to mitigate disruptions – to the extent possible – in services that could cause harm to CASPs’ clients. [19 Dec 2024] #MiCAR #Crypto

EIOPA revokes previous guidelines to avoid duplication and overlaps with DORA

EIOPA has announced that it has revoked previous guidelines related to the use of ICT by undertakings to avoid duplication and overlaps with the Digital Operational Resilience Act (DORA). EIOPA will:

withdraw the Guidelines on ICT security and governanceissued in the context of Solvency II;
withdraw the Guidelines on outsourcing to cloud service providersissued in the context of Solvency II; and
amend the Opinion on the supervision of the management of operational risks faced by Institutions for occupational retirement provision (IORPs)issued in the context of IORP II, by removing the section on cyber risks along with all references and annexes relating to it.

The changes will take effect from 17 January 2025. [19 Dec 2024] #DORA

ECB publishes results of study on digital payments

The ECB has published the results of the latest Study on the Payment Attitudes of Consumers in the Euro area (SPACE). Despite the trend towards digital payments, the number of cash payments remained significant in 2024, especially for small-value and person-to-person payments.

In terms of number of payments, cash is used at the point of sale in 52% of transactions, down from 59% in 2022. In terms of value, cards are the most dominant payment instrument (with a share of 45%, down from 46%), followed by cash (39%, down from 42%) and mobile apps (7%, up from 4%).

The ECB plans to publish the next SPACE results in 2026. [19 Dec 2024] #Payments

EBA: Reporting requirements under MiCAR

The European Banking Authority (EBA) has published its final guidelines on reporting requirements under MiCAR. The Guidelines aim at closing the reporting data gaps identified by the EBA, enhancing supervisory convergence, facilitating a common supervisory approach across Member States as well as ensuring a level playing field in the Single Market. [18 Dec 2024] #MiCAR #Crypto

ESMA: Final package of MiCAR technical standards and guidelines

ESMA has published the last package of final reports containing regulatory technical standards (RTS) and guidelines ahead of the full entry into application of MiCAR. The package covers:

The guidelines will be translated into the official EU languages and published on the ESMA website. They will apply from three months after the publication of the translations. The final reports with the draft RTS have been submitted to the EC for adoption. [17 Dec 2024] #MiCAR #Crypto

ESAs: Key findings from 2024 Dry Run exercise – Reporting of registers of information under DORA

The ESAs have published a summary report with the key findings from the 2024 'Dry Run' exercise on reporting the registers of information under DORA.

The quality of data observed in the registers submitted by almost 1,000 financial entities across the EU was in line with expectations considering the 'best effort' nature of the exercise. Of the registers analysed, 6.5% successfully passed all data quality checks, while 50% of the remaining registers failed less than 5 out of 116 data quality checks.

The ESAs are confident that the objective of having registers of sufficient quality in 2025 that would allow for the designation of critical third-party service providers (CTPPs) is not out of reach, subject to some additional efforts from the industry.

The key findings presented in the summary report and all supporting materials provided by the ESAs should be carefully considered by all industry stakeholders, including those financial entities that did not participate in the Dry Run exercise, as they will help them to be better prepared to report the registers in 2025. [17 Dec 2024] #DORA

ECB: SREP and supervisory priorities 2025-27

The ECB has published the results of its Supervisory Review and Evaluation Process (SREP) for 2024 and its supervisory priorities for 2025-27.

The supervisory priorities for 2025-27 include: banks’ strengthening their ability to withstand immediate macro-financial threats and severe geopolitical shocks; banks' remedying persistent material shortcomings in an effective and timely manner; and banks' strengthening their digitalisation strategies and tackling emerging challenges stemming from the use of new technologies. [17 Dec 2024] #Digitisation

Australia

ASIC sues crypto company for consumer protection failures

ASIC has announced that it commenced legal proceedings in the Federal Court against a cryptocurrency company (and published the Statement of Claim and Originating Process) seeking penalties, declarations and adverse publicity orders. ASIC alleges that from 7 July 2021 – 21 April 2023, the company misclassified 505 Australian retail investors (83% of its Australian client base) as wholesale clients, with ASIC Deputy Chair Sarah Court stating that ASICs case alleges the company’s 'compliance systems were woefully inadequate and exposed more than 500 clients to high-risk, speculative products without the right consumer protections in place' with many clients suffering 'significant financial losses'. ASIC alleges that between July 2022 – April 2023, the company failed to:

give a Product Disclosure Statement to retail clients;
make a Target Market Determination;
have a compliant internal dispute resolution system;
do all things necessary to ensure that its financial services were provided efficiently, honestly and fairly;
comply with the conditions of its licence; and
ensure that its employees were adequately trained and competent. [18 Dec 2024] #Crypto

Hong Kong

HKMA launches supervisory incubator to foster responsible DLT adoption

At its FiNETech4 event, the HKMA announced the launch of a supervisory incubator for distributed ledger technology (DLT) to help authorised institutions (AIs) maximise the potential benefits of DLT adoption by effectively managing associated risks. The HKMA has also issued a circular on this initiative.

The incubator will augment risk management capabilities at both the individual bank and industry levels, with a particular focus on addressing those risks that may arise as banks move to productionise relevant services (such as deposits and loans) that cut across DLT-based and legacy banking infrastructures. Tokenised deposits, which have attracted significant production interest from industry, will be a core focus upon the Incubator’s inception.

AIs will have access to a dedicated team from the HKMA to obtain supervisory feedback and may opt to conduct live trials to validate and refine specific aspects of their risk management implementation. The Incubator will also promote industry awareness and understanding of best practices in DLT risk management through a range of targeted initiatives, such as supervisory guidance, industry sharing sessions, and forward-looking research projects.

These initiatives are aimed at enhancing the industry’s ability and readiness to deploy DLT-based solutions in the long run.

The HKMA will provide a certain amount of supervisory flexibility to AIs participating in the incubator, assessed on a case-by-case basis.

The HKMA is aware of certain aspects of DLT adoption that might not be fully compatible with existing regulatory and legal constructs. It will give due consideration to the need for regulatory adaptations or flexibility, taking into account the latest international standards and developments. Questions of this nature may also be discussed through the Incubator.

In the longer term, the incubator will run initiatives to enhance industry awareness and risk management capacity related to DLT, including issuing supervisory guidance, hosting industry sharing sessions, and conducting forward-looking research projects. The HKMA will announce further details in due course. [8 Jan 2025] #DLT

HKMA welcomes enhancements to Cyber Intelligence Sharing Platform by HKAB and encourages active participation by authorised institutions

The HKMA has issued a circular welcoming the package of enhancements made to the Cyber Intelligence Sharing Platform by the Hong Kong Association of Banks (HKAB). The HKMA notes that the sharing of intelligence within the banking sector and across different financial sectors is crucial in enabling a proactive defence and a collective response to cyber incidents.

The HKMA has been working closely with the HKAB and market participants to enhance the platform and its utilisation. The recent enhancements aim to further promote a collaborative environment for threat intelligence sharing by:

Establishing guidelines and best practices;
Adopting a forum for verbal intelligence sharing that complements the online platform; and
Linking up intelligence sharing platforms between the banking, insurance and capital market sectors.

The HKMA expects all authorised institutions to actively engage their intelligence monitoring functions to reap the benefits the platform and its new features. In particular, the HKMA encourages the active participation in and contribution to intelligence sharing in the platform, including both the online platform and the verbal forum. [27 Dec 2024] #Cyber

HKMA introduces new measures to protect customers from authorised payment scams, to be implemented by 30 June 2025

The HKMA has issued a circular to provide authorised institutions with guidance on measures to prevent, detect and disrupt authorised payment scams (ie, scams where customers are deceived into authorising payments from bank accounts).

In light of the significant increase in scams and fraud cases in recent years, the HKMA implemented a number of initiatives in 2023, such as security enhancements to e-banking services (see our previous update), payment card security for contactless mobile payments (see our previous update), enhanced protection of payment card customers (see our previous update), enhanced approaches for combating digital fraud (see our previous update), and the five anti-deception initiatives rolled out jointly with the Hong Kong Police Force (see our previous update).

The total number of banking complaints dropped notably in the first ten months of 2024 following the implementation of the above measures. However, the number of banking complaints relating to authorised payment scams remained high despite an overall decline.

The HKMA therefore considers it necessary to implement further measures to protect customers from authorised payment scams. The measures cover the following areas and have been formulated after consultation with selected authorised institutions and the Hong Kong Police Force and reference to overseas practices:

Comprehensive framework to tackle authorised payment scams;
Dynamic monitoring system in response to evolving typologies and risk indicators;
Prompt handling of customer alerts;
Effective risk mitigating measures;
Sharing of intelligence and use of technology;
Proactive participation in anti-deception initiatives; and
Publicity and education.

Authorised institutions should review their existing frameworks and implement the above measures as soon as practicable and no later than 30 June 2025. [20 Dec 2024] #APPScams

HKMA announces inaugural cohort of GenAI Sandbox and plans to announce second cohort application process by end of first quarter of 2025

The HKMA and the Hong Kong Cyberport Management Company Limited (Cyberport) have announced the first cohort of the GenAI Sandbox.

A total of 15 use cases (see examples here) from 10 banks and four technology partners have been selected from over 40 proposals received, after undergoing a rigorous prioritisation process. The prioritisation focused on the level of innovation, technical sophistication of the proposed solutions, expected contributions to the industry and adherence to fair-use principles, as set out in the HKMA's circular of 20 September 2024 (see our previous update).

The proposed use cases mainly relate to enhancing risk management, anti-fraud measures and customer experience. Notable examples include augmenting credit assessment and fraud detection by automated processing of unstructured data, and enhancing customer service to handle more personalised and complex enquiries, as an improvement over typical pre-defined chatbots.

The selected participants will be gradually onboarded to a dedicated platform of the AI Supercomputing Centre operated by Cyberport, with technical trials expected to commence in early 2025 and continue through mid-2025. The HKMA and Cyberport will provide supervisory and technical guidance to participants in an interactive and iterative manner throughout the trial process.

The HKMA plans to announce the application process for the second cohort of the GenAI Sandbox by the end of the first quarter of 2025. Initial insights and learnings from the first cohort will be shared prior to the application deadline for the second cohort. The InvestLM model, announced in November 2024 (see our previous update), will be made available in the second cohort.

The HKMA also plans to draw insights from the technical trials and share best practices with the industry in due course. [19 Dec 2024] #GenAI #Sandbox

SFC provides roadmap on VATP licensing process and details of revamped second-phase assessment

The SFC has granted licences to four virtual asset trading platform (VATP) applicants under its swift licensing process for handling deemed-to-be-licensed VATP applicants. The licences were granted after the SFC completed risk-based on-site inspections on all deemed applicants following the introduction of its inspection programme in June 2024 (see our previous update).

As a licensing condition, the licensees can operate on a restricted scope of business after completing their rectification actions in response to the SFC’s on-site inspection feedback. They are also required to perform a vulnerability assessment and a penetration test through an independent third party with satisfactory results.

In light of the effectiveness of directly engaging with the senior management and ultimate controllers of VATPs, the SFC has decided to extend this approach when the VATPs engage an external assessor to conduct their second-phase assessment. The SFC will supervise the entire assessment process through a tripartite engagement together with the VATPs and their external assessors, and will uplift the restriction on business scope after the second-phase assessment is completed to its satisfaction.

The SFC has also revamped the second-phase assessment, focussing on ensuring that the VATP’s policies, procedures, systems and controls are suitably designed and implemented (required to be performed as a direct assurance engagement).

Further details on the licensing process and second-phase assessment are set out in a circular, with a flowchart of the licensing process in the appendix to the circular.

Going forward, the SFC will:

Consolidate the on-site inspection findings and provide additional guidance in early 2025; and
Provide additional guidance on the licensing process of new corporations applying for a VATP licence in early 2025. [18 Dec 2024] #VATP #Crypto

Stablecoins Bill tabled before LegCo

The Stablecoins Bill has been tabled before the Legislative Council (LegCo), following its gazettal on 6 December 2024 (see our previous update, the LegCo brief and second reading speech by the Secretary for Financial Services and the Treasury). The Bill seeks to put in place a regulatory regime for issuers of fiat-referenced stablecoins in Hong Kong. A Bills Committee has been formed and its first meeting will take place on 21 January 2025. [18 Dec 2024] #Stablecoins

HKEX enhances data product offering with launch of HKEX Data Marketplace

The HKEX has announced the launch of the HKEX Data Marketplace, a web-based platform that offers data users a more intuitive experience in accessing the HKEX’s historical and reference data. The new platform will feature a modern user interface with multiple data delivery channels including cloud transfer, providing data directly from the HKEX to offer optimal user experience and convenience.

In its initial stage, the platform will offer shareholding data from the Central Clearing and Settlement System for commercial use, as well as historical full book data from the HKEX’s securities and derivatives markets, and securities market daily non-trading reference data.

The HKEX will progressively add more data product offerings and functionality to the platform, including tools to customise data and additional options for data delivery, supporting the evolving needs of global investors. The Chinese interface of the HKEX Data Marketplace will be available in the first half of 2025. [18 Dec 2024] #DigitalPlatforms

Government aims to introduce legislative amendments by 2026 to implement OECD's crypto-asset reporting framework for combatting cross-border tax evasion

The Hong Kong Government has informed the Global Forum on Transparency and Exchange of Information for Tax Purposes (Global Forum) of the Organisation for Economic Co-operation and Development (OECD) of Hong Kong's commitment to implementing the Crypto-Asset Reporting Framework (CARF) for enhancing international tax transparency and combating cross-border tax evasion.

The OECD published the CARF in June 2023 with a view to ensuring that global tax transparency would be maintained in light of the rapid growth of the crypto-asset market. As an extension of the existing Common Reporting Standard for Automatic Exchange of Financial Account Information in Tax Matters, the CARF provides for a similar mechanism for annual automatic exchange of tax-relevant crypto-asset account and transaction information among jurisdictions where crypto-asset users or controlling persons are tax residents.

Hong Kong is committed to implementing the CARF on a reciprocal basis with appropriate partners that meet the required standards for protecting data confidentiality and security. In light of the latest timetable set by the Global Forum, the Government aims to commence the first automatic exchanges with relevant jurisdictions under the CARF from 2028, based on the initial plan that the necessary local legislative amendments can be put in place by 2026. [13 Dec 2024] #Crypto

Singapore

MAS: Written response to PQ on credit card fraud

MAS has published a written response to a PQ on: how many cases of credit card fraud have been reported over the past three years; the quantum of losses; and whether the Ministry will consider a framework similar to that of the Shared Responsibility Framework (SRF) to set out the responsibilities of banks in credit card fraud.

MAS reports that an average of 790 cases of credit card fraud were reported per year from 2021 to 2023; the average total loss per year is $2.1 million, Safeguards against credit card fraud put in place by global card schemes and card issuers have strengthened over time. MAS considers that the SRF is not suitable in the context of credit card fraud, given the existence of well-established rules protecting credit card holders and limiting their liability in the event of fraud. [7 Jan 2025] #Fraud

Indonesia

New OJK Regulation on the Trading Operation of Digital Financial Assets including Crypto

The Indonesian Financial Services Authority (OJK) issued OJK Regulation No. 27 of 2024 on the Trading Operation of Digital Financial Assets including Crypto (the 'Regulation 27', in Indonesian language), implementing the mandates given under Law No. 4 of 2023 on the Development and Strengthening of Financial Service Sector for the transfer of regulation and supervision authority of digital financial assets from the Commodity Futures Trading Regulatory Agency (Bappebti) to OJK by January 2025.

Regulation 27 will take effect on 10 January 2025. The trading operation of the digital financial assets will be conducted by OJK licensed exchange, clearing agency, custodian, traders and other parties as determined by OJK. Regulation 27 sets out the criteria for digital financial assets which may be traded in the digital financial assets market and OJK has the authority to stop the trading of digital financial assets. The exchange will determine the list of crypto assets which can be traded by the traders. Regulation 27 also allows both individual and legal entity as the customers of the cryptocurrency traders. Upon the effectiveness of Regulation 27, the licence, approval for product registration, instrument, and/or activities as well as decision and/or other determination previously issued by Bappebti will remain in effect. [10 Jan 2025] #DigitalAssets #Crypto

Thailand

SECT amends rules on establishing IT systems

The Securities and Exchange Commission Thailand (SECT) has announced amendments to the rules on the establishment of IT systems to align the requirements with the risk profiles of different groups of business operators. The rules aim to accommodate technological advancements, address cyber threats and ensure alignment with international standards. The amendments will take effect on 1 January 2025. [17 Dec 2024] #Cyber

India

RBI establishes AI framework committee

The RBI has announced the establishment of a committee to develop a framework for responsible and ethical enablement of AI (FREE-AI) in the financial sector.

The terms of reference of the committee are:

to assess the current level of adoption of AI in financial services, globally and in India;
to review regulatory and supervisory approaches on AI with focus on financial sector globally;
to identify potential risks associated with AI and recommend an evaluation, mitigation and monitoring framework and consequent compliance requirements for financial institutions;
to recommend a framework including governance aspects for responsible, ethical adoption of AI models and applications in the Indian financial sector; and
any other matter related to AI in the Indian financial sector.

The committee will submit its report within six months from the date of its first meeting. [26 Dec 2024] #AI

Philippines

BSP details penalties for violations of peso RTGS rules

The BSP has published details of penalties for offences in relation to the use of the peso real-time gross settlement (RTGS) payment system. The BSP may impose monetary penalties, sanctions, or both, depending on the gravity of the offence committed by RTGS participants, which include banks, non-banks with quasi-banking functions, non-bank electronic money issuers, financial market infrastructures (FMIs), and clearing switch operators. [23 Dec 2024] #RTGS #Payments

Taiwan

FSC: Taiwan and Lithuania sign MoU to cooperate in financial innovation

The Financial Supervisory Commission (FSC) has reported that a memorandum of understanding (MoU) on cooperation in the field of innovation in financial services has been signed by Taiwan and Lithuania. The MoU includes provisions for the exchange of information on emerging market trends and development, as well as on regulatory issues regarding financial innovation, and the promotion of cooperation among industry representatives. [31 Dec 2024] #MoU

FSC: 2025 financial examination focuses

The Financial Examination Bureau of the FSC has announced its 2025 financial examination focuses to help financial institutions develop an early understanding of the FSC's key focal points in its supervisory work and financial examinations.

In 2025, the FSC will focus on: anti-fraud measures; risk management of real estate lending business; financial consumer protection; corporate governance; and information security. The FSC will also expand its supervision scope to include the financial and operational status of specialised electronic payment institutions, using the same supervisory approach adopted with other financial institutions. [19 Dec 2024] #Payments

US

CFPB sues banks over fraud on P2P network

The Consumer Financial Protection Bureau (CFPB) has announced that it has filed suit against the operator of a peer-to-peer payment network and three banks for failing to protect consumers from widespread fraud on that network. The CFPB reports that customers have lost more than $870m over the network’s seven-year existence. The CFPB’s lawsuit describes how consumers filed fraud complaints and were largely denied assistance, with some being told to contact the fraudsters directly to recover their money. The CFPB also alleges failures to properly investigate complaints or provide consumers with legally required reimbursement for fraud and errors. The CFPB is seeking to stop the alleged unlawful practices, secure redress and penalties, and obtain other relief. [20 Dec 2024] #Payments #Fraud #P2P

SEC: Company to pay $123 million for negligently misleading investors about stability of stablecoin

The SEC has charged a company with misleading investors about the stability of a purported “algorithmic stablecoin” issued by a crypto company when the stablecoin dropped from its purportedly fixed exchange rate of 1 stablecoin to $1, known as a peg. The SEC further charged the company with offering and selling securities in unregistered transactions by acting as a statutory underwriter with respect to certain of its offers and sales of a crypto asset issued by the same crypto company and offered and sold as a security.

The SEC’s order finds that, when the stablecoin devalued from its $1 peg in May 2021, the charged company and the crypto company entered into an agreement that incentivized the charged company to purchase the stablecoin in exchange for the crypto company “vesting” the charged company’s existing option to purchase the crypto company’s crypto asset at a discount to its then-prevailing market price. On that day and subsequent days, the charged company tried to restore the stablecoin toward its $1 peg, including by purchasing more than $20m in the stablecoin. In light of prior statements by the crypto company that its algorithmic mechanism would maintain the stablecoin’s $1 peg, the charged company acted negligently by trading the stablecoin in a manner that deceived the market into believing that the crypto company’s algorithmic mechanism was working to stabilize the stablecoin, when in reality the price was being stabilized, at least in part, by the charged company’s large purchases of the stablecoin, which were incentivized by the crypto company. The SEC’s Order also finds that, from at least January 2021 to May 2022, the charged company acted as a statutory underwriter with respect to a crypto asset offered and sold as a security. The charged company acquired the crypto assets from the crypto company with a view toward distribution after it offered and resold the crypto assets as securities into the market on U.S.-based crypto asset trading platforms shortly after acquiring it from the crypto company.

As part of the settlement, the charged company agreed to pay over $73m in disgorgement, nearly $13m prejudgment interest, and a nearly $37m civil penalty. Without admitting or denying the SEC’s findings, the company agreed to cease and desist from violations of the registration and fraud provisions. [20 Dec 2024] #Stablecoins

Article tags

Cyber Crypto APPScams LLMs DLTs Stablecoins AI RTGS Payments Data Tokenisation

Related categories

FinTech Round-Up Asia AI Fintech payments Europe UK Cyber security, data protection and IT operational resilience

Key contacts

Cat Dankos

Regulatory Consultant, London

Rashid Ahmed

FSR & CCI Professional Support Paralegal, London

Vasuki Balasubramaniam