FinTech Global FS Regulatory Round-up - w/e 13 December 2024

ICYMI

• Cyber Monthly Wrap-up (UK, EMEA and the US) – November 2024

Global

FSB recommendations for cross-border payments – data flows, supervision and regulation

The Financial Stability Board (FSB) has issued its finalised recommendations in relation to data flows and to the regulation and supervision of cross-border payments; the recommendations are made under the G20 Roadmap to enhancing cross-border payments. 

The data flows recommendations aim to address identified frictions, while maintaining the safety and security of cross-border payments, protecting the privacy of individuals, and fostering innovation. To take forward these recommendations in a coordinated manner and to identify emerging issues that should be addressed, the FSB is establishing a Forum on Cross-Border Payments Data. The Forum will be comprised of public-sector stakeholders covering payments, anti-money laundering and countering the financing of terrorism (AML/CFT), sanctions, and data privacy and protection. The Forum will also establish a private sector advisory group.

The regulation and supervision recommendations aim to ensure quality and consistency in the legal, regulatory and supervisory regimes of banks and non-banks in their provision of cross-border payment services in a way that is proportionate to the risks associated with such activities. [12 Dec 2024]  #Payments

FSI paper: Regulating AI in the financial sector – recent developments and main challenges

The Financial Stability Institute (FSI) of the Bank for International Settlements (BIS) has published a paper which explores the potential transformative impact of artificial intelligence (AI) on the financial sector, focusing on operational efficiency, risk management and customer experience in banking and insurance.

The paper delves into the widespread adoption of AI technologies including generative AI (gen AI) and examines the associated risks and regulatory implications. It found that while AI exacerbates existing risks such as model risk and data privacy, it does not introduce fundamentally new risks apart from gen AI, which may give rise to hallucination and anthropomorphism risks.

Areas identified as requiring further regulatory attention include governance, expertise and skills, model risk management, data governance, non-traditional players in the financial sector, new business models and third-party AI service providers. [12 Dec 2024]  #AI

FSB: Peer review of cryptoasset supervision in France  

The FSB has published its Peer Review of France, examining France’s regulation and supervision of cryptoasset activities. The FSB found that the French authorities made significant progress in monitoring, regulating and supervising cryptoassets, including successfully bringing a large part of the market into the regulatory perimeter through the 2019 Action Plan for Business Growth and Transformation (PACTE Law). The FSB recommends steps to facilitate the transition to the EU MiCAR regime, strengthen enforcement and promote cross-border cooperation and information sharing. [11 Dec 2024]  #Crypto #MiCAR

UK

PSR: Market review of UK-EEA consumer cross-border interchange fees, Stage 1 remedy consultation

The Payment Systems Regulator (PSR) has published a final report on its market review into cross-border interchange fees alongside a consultation paper (CP24/14) on potential remedies to the issues identified in the report.

The report concluded that cross-border interchange fees (IFs) were increased to levels that are unduly high and therefore negatively affect merchants and, to the extent of pass-through, their customers. It also found that the additional IF-related costs do not translate into increased value reflecting those increases for the service users.

To address these issues, CP24/14 sets out a potential price cap remedy. This would see – subject to the outcome of the consultation – an initial interim cap put in place for a limited time while further analysis is carried out to establish an appropriate methodology and level for a longer lasting cap. 

Responses to CP24/14 are requested by 7 February 2025. If the PSR decides a phased approach to a cap is appropriate, it will publish a final remedies notice on the proposed initial price cap. It will also consult on a proposed methodology for developing a lasting cap at a later date. [13 Dec 2024]  #Payments

PRA: Data collection on firms’ exposures to cryptoassets

The PRA has published a data request to gather information regarding firms’ current and expected future cryptoasset exposures and firms’ application of the Basel framework for the prudential treatment of cryptoassets.

The data will inform work across the PRA and the BoE on cryptoassets by helping them calibrate their prudential treatment of cryptoasset exposures and analyse the relative costs and benefits of different policy options. The data will also provide an updated view of firms’ current and intended cryptoasset-related business activities as a base from which to monitor the financial stability implications of these assets.

Firms are asked to complete this information request at the highest-level of UK consolidation to the extent that it is relevant to their business, exposures or activities and submit the information by 24 March 2025. [12 Dec 2024]  #Crypto

HMT: Independent review of the Payment and Electronic Money Institution Insolvency Regulations 2021

HM Treasury (HMT) has announced the launch of a review of the Payment and Electronic Money Institution Insolvency Regulations 2021. The Regulations introduced a new Payment and Electronic Money Special Administration Regime (PESAR) in response to lengthy administration cases of payment and electronic money firms which caused delays for customers in accessing their funds. PESAR introduced new statutory objectives for administrators of these firms, including the objective to return customer funds as soon as practicable.

Adam Plainer has been appointed to lead the review which will consider how far the Regulations are achieving their intended objectives and whether they should continue to have effect. HMT has also published the review's terms of reference. [12 Dec 2024]  #Payments

FCA research note: A literature review on bias in supervised machine learning

The FCA has published a research note which provides a review of available academic and ‘grey’ literature to explore how biases may arise and may be mitigated in supervised machine learning models used to make predictions or assist in decision-making about individuals.

Key findings of the review include:

• data issues arising from past decision-making, historical practices of exclusion, and sampling issues are the main potential source of bias;
• biases can also arise due to choices made during the AI modelling process itself, such as what variables are included, what specific statistical model is used, and how humans choose to use and interpret predictive models; and
• in reviewing technical methods for identifying and mitigating such biases, literature suggests careful consideration of context and human review processes is needed while also acknowledging that technical mitigation strategies may affect model accuracy and could have unintended consequences for model bias on other groups.

This paper is the first in a series of research notes on bias in AI. It does not necessarily represent the position of the FCA. [11 Dec 2024]  #AI #MachineLearning

Europe

EBA report on tokenised deposits

The European Banking Authority (EBA) has published a report which assesses the potential benefits and challenges of tokenised deposits. The report aims to facilitate awareness of tokenised deposits and promote convergence in the classification of tokenised deposits in contrast with electronic money tokens (EMTs) issued by credit institutions under the Markets in Cryptoassets Regulation (MiCAR).  

To date, the EBA has identified very few cases of tokenised deposits, although interest from credit institutions appears to be growing. Potential benefits include programmability and automation of transfers, while potential challenges include issues relating to consumer protection, operational risk, and the application of the anti-money laundering and countering the financing of terrorism (AML/CFT) framework. [12 Dec 2024]  #Tokenisation #MiCAR #Crypto

EBA/ESMA: Interplay between MiCAR and PSD2

The EBA has published the exchange of  letters which, with ESMA, it has had with John Berrigan, Director General for Financial Stability, Financial Services and Capital Markets Union (FISMA) at the EC. Mr Berrigan wrote to the authorities regarding a certain overlap regarding e-money tokens (EMTs) between cryptoasset services provided by cryptoasset service providers (CASPs) under MiCAR and payment services regulated under the revised Payment Services Directive (PSD2); he urged them to consider providing a no-action letter to address the overlap until such time as the application of new payments legislation.

The EBA chair, in response to Mr Berrigan, said that he agrees with the concerns and has asked EBA staff to work with ESMA colleagues to assess the best options going forward. The authorities will publish their response by April 2025. [11 Dec 2024]  #MiCAR #Crypto

EBA: Q&As – DORA

The EBA has published the following questions and answers (Q&As) in relation to the Digital Operational Resilience Act (DORA):

• exemption for non-EU ICT intra-group service providers from the need to establish a subsidiary within the EU– this response explains that in accordance with Article 31(8) point (iii) of DORA, the designation as critical ICT third-party provider referred to in Article 31(1) of DORA does not apply to ICT intra-group service providers; and
• ICT-related incidents, critical services affected– this response notes that in accordance with Article 8 of the Commission Delegated Regulation, an incident shall be considered major, and therefore be reported, when it has affected critical services under Article 6 and when the additional specific conditions in Article 8 are met; the response clarifies where any of the components listed in Article 6 are impacted, this is to be considered as affecting critical services. [11 Dec 2024]  #DORA #OpRes

ESAs: Guidelines to facilitate consistency in the regulatory classification of cryptoassets – MiCAR

The European Supervisory Authorities (EBA, EIOPA and ESMA – the ESAs) have published joint guidelines intended to facilitate consistency in the regulatory classification of crypto-assets by industry and supervisors under MiCAR. The guidelines include a standardised test to promote a common approach to classification as well as templates market participants should use when communicating to supervisors the regulatory classification of a cryptoasset.

The guidelines will be translated into the official EU languages and published on the ESAs’ websites. They will apply from three months after the publication of the translations. [10 Dec 2024]  #MiCAR #Crypto

Australia

ASIC: Crypto exchange operator to pay $8m following enforcement action

ASIC has announced that the Australian operator of the Kraken crypto exchange has been ordered to pay $8m, following the legal proceedings brought by ASIC against it for unlawfully issuing a credit facility to more than 1,100 Australian customers. Bit Trade Pty Ltd, which operated the crypto exchange, offered its customers a ‘margin extension’ product without a target market determination (TMD). The product provided for margin extensions to be made and repaid in either digital assets or national currencies.

The Federal Court of Australia held that the product was a credit facility and required a TMD, as the product offered margin extensions in national currencies. Therefore, the company had breached its design and distribution obligations (DDO) each time it offered a margin extension option without a TMD.

This was ASIC’s first penalty against an entity for failing to have a TMD, and comes shortly after ASIC commenced industry consultation with the digital assets sector. [12 Dec 2024]  #Crypto

Hong Kong

SFC publishes quarterly report for July to September 2024

The SFC has published its quarterly report, summarising its work and key developments from July to September 2024. The highlights covered by the report include (among others):

Transforming markets via technology and ESG

• The SFC assisted in launching the Project Ensemble Sandbox in August 2024, co-leading tokenisation initiatives with the HKMA for the asset management industry to build and scale the tokenisation market in Hong Kong.
• The SFC is reviewing the licence applications of 15 virtual asset trading platform (VATP) applicants under the new licensing regime, 11 of which are deemed-to-be[1]licensed VATP applicants.  It conducted on-site inspections of a number of deemed-to-be-licensed VATP applicants, with a focus on their safeguarding of client assets, know-your-client processes and cybersecurity requirements.

Enhancing SFC's resilience and efficiency

• The SFC launched the new e-IP one-stop online application and submission system for investment products.  It also introduced a generative artificial intelligence solution designed to expedite everyday tasks, and provided staff with usage guidelines and controls.  [12 Dec 2024]  #AI #Cyber #Virtual Asset

Insurance Authority issues circular and FAQs on revised GL20 Guideline on Cybersecurity taking effect on 1 January 2025

The Insurance Authority has issued a circular to inform authorised insurers that it has published a revised Guideline on Cybersecurity (GL20).  The revised GL20 was gazetted on 6 December 2024 (see our previous update) and introduces the Cyber Resilience Assessment Framework, which provides prescriptive guidelines on risk assessment and control principles to assist authorised insurers in implementing their cybersecurity frameworks effectively. 

The revised GL20 will take effect on 1 January 2025. 

The Insurance Authority has published a set of six frequently asked questions (FAQs) to provide further guidance on the revised GL20.  [11 Dec 2024]  #Cyber

US

CFTC: Staff advisory on use of AI by CFTC-registered entities and registrants

The CFTC's Divisions of Clearing and Risk, Data, Market Oversight, and Market Participants have issued a staff advisory on the use of AI in CFTC-regulated markets by registered entities and registrants. The advisory reminds CFTC-regulated entities of their obligations under the Commodity Exchange Act and the CFTC’s regulations as these entities begin to implement AI.  [5 Dec 2024]  #AI