FinTech Global FS Regulatory Round-up - w/e 18 October 2024

ICYMI

• New EU design package adopted: strengthening design protection in the digital age
• UN releases its final report on 'Governing AI for Humanity'

Global

BIS project: Enabling cross-border data portability through open finance interoperability

The Bank for International Settlements (BIS) has announced the launch of Project Aperta to explore how to reduce frictions and costs in global finance by enabling seamless cross-border data portability.

The project aims to connect the domestic open finance infrastructures of different jurisdictions. The initial use case to be explored is in trade finance for small and medium-sized enterprises (SMEs).

Project Aperta will look to provide an innovative mechanism for global interoperability, offering harmonised features, functionalities, use cases, security protocols, operating procedures and trust frameworks for open finance across jurisdictions. In its current phase, the participating jurisdictions include the UAE, the UK, Brazil and Hong Kong. [16 Oct 2024]  #OpenFinance

BIS research: Quantum computing and the financial system

BIS has published a research paper which explores the potential of quantum mechanics and its applications to the financial system, including the potential benefits as well as the main risks. It also highlights current actions within the central bank community to address these potential risks, including Project Leap, started by the BIS Innovation Hub, the Banque de France and Deutsche Bundesbank.

The views in the paper are those of the authors and not necessarily the views of BIS. [15 Oct 2024]  #Quantum

CPMI reports: Interlinking and interoperability of payment systems to enhance cross-border payments – insights and recommendations

The Committee on Payments and Market Infrastructures (CPMI) has published two reports to the G20 that offer insights and recommendations on the interlinking and interoperability of payment systems to enhance cross-border payments.

Linking fast payment systems across borders: governance and oversight - This report aims to inform owners and operators of fast payment systems (FPS) when they are developing the governance and risk management of their FPS interlinking arrangement as well as overseers when they are defining their oversight approach. It discusses the main decisions to be taken by operators in developing the governance approach for FPS interlinking arrangements, including in relation to legal setup, ownership and operational structure, governing body type and stakeholder engagement. The report also sets out recommendations that overseers should consider when developing an oversight approach for the respective component FPS or a separate entity.

Promoting the harmonisation of application programming interfaces to enhance cross-border payments: recommendations and toolkit - The report makes 10 recommendations directed at a broad array of stakeholders. They are divided into four categories: recommendations that aim at facilitating the global application programming interface (API) harmonisation processes; recommendations that focus on API design principles and the use of existing international data standards; recommendations to enhance the developer experience; and recommendations to promote pre-validation APIs and implementation. Each recommendation is accompanied by a list of potential actions that stakeholders may consider as practical and concrete implementation measures. The recommendations are further supported by a toolkit to assist various stakeholders in assessing their current related practices. [15 Oct 2024]  #Payments

UK

FCA data chief discusses ten years of innovation

The FCA has published a speech by Jessica Rusu, Chief Data, Information and Intelligence Officer, delivered at the FCA Innovation 10th Anniversary Event. Ms Rusu summarised Project Innovate and the FCA's approach to innovation over the last ten years, in particular highlighting:

• the FCA's plans to launch an artificial intelligence (AI) Lab to share emerging AI solutions that will lead to industry growth;
• the FCA's position as the first financial regulator in the world to launch a regulatory sandbox, leading the way for over 95 other regulators to introduce a sandbox model; and
• the FCA's support for almost 1,000 firms to find technology solutions to the biggest challenges in financial services, such as authorised push payment (APP) fraud and tackling money laundering.

The speech is complemented by a report marking the tenth anniversary of Project Innovate. [17 Oct 2024]  #AI #Sandbox #APPFraud

HMT: G7 Cyber Expert Group

HMT has issued a press release highlighting that the G7 Cyber Expert Group has published a statement for the finance sector on planning for quantum computing. The statement provides details on quantum computing risks and the specific actions that financial entities can start taking to build quantum resilience within the financial system, including:

• developing a better understanding of quantum computing, the risks involved; and strategies for mitigating those risk;
• assessing quantum computing risks in their areas of responsibility;
• developing a plan for mitigating quantum technology risks. [17 Oct 2024]  #Cyber #Quantum

SIs: Magistrates' Courts – crypto

The following SIs have been made and come into force on 7 November 2024:

• The Magistrates’ Courts (Conversion of Cryptoassets) Rules 2024: This statutory instrument (SI) introduces new magistrates’ courts rules to support non-conviction-based proceedings for the conversion of cryptoassets into money and for the detention, freezing and forfeiture of converted cryptoassets in proceeds of  crime cases. An explanatory memorandum accompanies the SI.
• The Magistrates’ Courts (Detention, Freezing and Forfeiture of Cryptoassets, and Miscellaneous Amendments) Rules 2024: This SI introduces new magistrates’ courts rules to support non-conviction-based proceedings for the forfeiture of cryptoassets, in proceeds of crime cases. An explanatory memorandum accompanies the SI.
• The Magistrates’ Courts (Detention, Freezing and Forfeiture of Terrorist Cryptoassets, and Miscellaneous Amendments) Rules 2024: This SI introduces new magistrates’ courts rules to underpin and support non-conviction-based proceedings for the detention, freezing and forfeiture of cryptoassets, in counter-terrorism investigations. It also provides for miscellaneous amendments to the existing Rules for terrorist cash, terrorist assets, and terrorist funds frozen in an account. An explanatory memorandum accompanies the SI.
• The Magistrates’ Courts (Conversion of Terrorist Cryptoassets) Rules 2024 has been made. This SI introduces new magistrates’ courts rules to underpin the operation of Part 4BD of Schedule 1 to the Anti-terrorism, Crime and Security Act 2001 (ATCSA) (c.24), which makes provision for the conversion and subsequent release or forfeiture of converted 'terrorist cryptoassets'. An explanatory memorandum accompanies the SI. [17 Oct 2024]  #Crypto

FSCP responds to FCA consultation on APP fraud

The Financial Services Consumer Panel (FSCP) has published its response to FCA Guidance Consultation 24/5 (GC24/5) on proposed amendments to Payment Services and Electronic Money – Our Approach to support new legislation aimed at tackling APP fraud.

The FSCP welcomes the introduction of amendments to the Payment Services Regulations (PSRs 2017) that will enable payment service providers (PSPs) to delay making a payment transaction where they have reasonable grounds to suspect fraud or dishonesty. The FSCP also supports the introduction of specific guidance explaining how PSPs should apply the legislative changes to maximise the probability of preventing fraud and minimising the impact on legitimate payments.

Overall, the FSCP supports the amendments and guidance. The response also emphasises the importance of the guidance ensuring that customers can communicate with PSPs when a delay does occur, and that consumers are not adversely affected by unnecessary delays to legitimate payments. [16 Oct 2024]  #APPFraud #Payments

HMT: UK-Switzerland Financial Dialogue 2024 joint statement

A joint statement between HMT and the State Secretariat for International Finance following the UK-Switzerland Financial Dialogue, held on 15 October 2024, has been published. The statement summarises what was discussed at the meeting and the key outcomes.

The discussions emphasised close, ongoing UK and Swiss cooperation in financial services and focused on several key themes, including: economic outlook and financial stability; the Berne Financial Services Agreement (BFSA); sustainable finance; AI and innovation; and capital markets. The next meeting is expected to be held during H2 2025. [16 Oct 2024]  #AI

BoE: Business use of AI

The BoE has published the key findings of the Autumn 2023 agency investment intentions survey which asked business contacts about their investment plans including how these related to AI.

Across all industries, almost 30% of surveyed agency business contacts had made ‘new significant or transformative AI investments in the UK’ over the previous 12 months, and over 40% planned to do so in the future (typically in two to three years’ time). But 25% said they did not know if they would make any (additional) meaningful future AI investments, and 30% said they had not invested materially in AI in the last year and had no plans to do so.

The BoE also noted that the use of AI by UK businesses is likely to be higher now than suggested by the Autumn 2023 survey. [14 Oct 2024]  #AI

Europe

ESMA: Survey on LEIs

The European Securities and Markets Authority (ESMA) has issued a survey on legal entity identifiers (LEIs). The survey aims to collect feedback on the potential impacts of adding other alternatives to the LEI in future reporting or record keeping regimes, or in the review of existing reporting requirements.

This survey is addressed to financial market participants subject to one or multiple reporting regimes, to entities such as cryptoasset service providers (CASPs) which will be subject to recordkeeping requirements under the Markets in Cryptoassets Regulation (MiCAR), as well as financial entities subject to the Digital Operational Resilience Act (DORA).

Feedback is requested by 12 November 2024. [18 Oct 2024]  #Crypto #MiCAR #DORA #OpRes

ECB Supervisory Board Member discusses supervisory expectations on cloud outsourcing

The European Central Bank (ECB) has published a speech by Elizabeth McCaul, Supervisory Board Member, delivered at the KPMG Cloud Conference 2024. The key elements of the speech included:

• the role of cloud outsourcing in rapidly transforming the banking sector, resulting in increased risk exposure for banks, which demands heightened responsibility and robust governance frameworks;
• when adopting cloud strategies, banks should retain full accountability for outsourced services, ensuring clear roles, rigorous risk management and appropriate IT security measures; and
• the ECB's supervisory expectations should not be seen as regulatory hurdles, but as strategic enablers to enhance resilience, operational continuity and data protection in banks’ cloud strategies.

Ms McCaul referenced the ECB's consultation on a draft guide on cloud outsourcing which was released in June; she advised that the final version will be ready by the end of 2024. [18 Oct 2024]  #Cloud

ECB: Eurosystem cyber resilience strategy

The ECB has published a revised Eurosystem cyber resilience strategy, first published in 2017, to further address evolving cyber threats.

The revised strategy incorporates additional entities in addition to financial market infrastructures (FMIs). The new entities covered are those overseen under the Eurosystem oversight framework for electronic payment instruments, schemes and arrangements (PISA). These entities are encouraged to use tools developed by the Eurosystem to periodically assess and continuously enhance their cyber resilience.

A new feature of the revised strategy is the overarching component introduced to facilitate detailed monitoring and continuous improvement. This will help the ECB track progress, implement the strategy in a harmonised manner in all jurisdictions and allow for adjustments to ensure the strategy continues to be effective.

The revised strategy aligns with the Digital Operational Resilience Act (DORA). [18 Oct 2024]  #Cyber #DORA #OpRes

ESMA responds to the EC's rejection of certain MiCAR RTS

ESMA has published an opinion which responds to the EC's proposal to amend MiCAR Regulatory Technical Standards (RTS) submitted to it by ESMA in March 2024. ESMA notes the legal limitations which the EC has raised, but contends that the policy objectives of its initial proposal were important to ensuring the resilience of crypto markets in the EU and to enhancing investor protection.

In light of the EC's position, ESMA recommends that the EC considers amending MiCAR to require applicant CASPs and notifying entities to provide the results of an external cybersecurity audit and to include broader checks in the assessment of the good repute of the members of the management body of applicant CASPs. The opinion has been communicated by ESMA to the EC, the Parliament and Council. [16 Oct 2024]  #MiCAR #Crypto #Cyber

ESAs respond to the EC’s rejection of the ITS on registers of information under DORA

The European Supervisory Authorities (EBA, EIOPA and ESMA – the ESAs) have published an opinion on the European Commission’s (EC) rejection of the draft Implementing Technical Standards (ITS) on the registers of information under DORA. The draft ITS proposed by the ESAs were rejected by the EC on the grounds that the EC considers it necessary to allow financial entities the choice of identifying their ICT third-party service providers registered in the EU either by using the Legal Entity Identifier (LEI) or by using the European Unique Identifier (EUID). In the ESAs' view, this will cause unnecessary complexity and could have negative impacts on the implementation of DORA by financial entities, competent authorities and the ESAs. The ESAs call for the final decision on the use of identifiers and the swift adoption of the draft ITS by the EC. The ESAs note that this will be particularly relevant for them as they will commence designating critical third-party service providers (CTPPs) in 2025. [16 Oct 2024]  #DORA

Hong Kong

 Hong Kong Chief Executive sets out initiatives to deepen reforms and explore new growth areas in 2024 policy address

The Chief Executive of Hong Kong, Mr John Lee, has delivered his 2024 Policy Address to set out initiatives to deepen reforms and explore new growth areas, as well as the Government's vision and objectives for reforms and changes, and the related key measures and key performance indicators. 

Relevent discussions include:

• The Government will require critical infrastructure operators to undertake obligations to protect their computer systems, so as to reinforce their resilience against cybersecurity challenges.  Legislative amendments will be introduced within 2024 (see our previous update).
• The Government will facilitate members of the public in making cross‑boundary transactions and payments.  For example, the HKMA and the People’s Bank of China are pushing forward the linkage of fast payment systems in the two places to facilitate real‑time, cross‑boundary small‑value payments by residents on both sides.
• The Government will continue to promote the development of innovative financial services including Central Bank Digital Currencies (CBDCs), mobile payment, virtual banks, virtual insurance and virtual asset (VA) transactions.  The FSTB will shortly issue a statement setting out its policy stance regarding the application of artificial intelligence in the financial market.  Other measures include promoting the use of CBDC for cross-boundary payment, enhancing the regulation of VA trading (including over-the-counter trading of VA and the licensing of VA custodian service providers), promoting real-world asset tokenisation and developing a digital money ecosystem, introducing legislative proposals to regulate fiat-referenced stablecoin issuers, and launching the Digital Bond Grant Scheme to encourage more financial institutions and issuers to adopt tokenisation technology in capital market transactions.

The SFC, the Insurance Authority, and the Accounting and Financial Reporting Council welcome the initiatives in the Policy Address.  [16 Oct 2024]  #Cyber #Payments #CBDC #Tokenisation

HKMA publishes consultation conclusions on proposed renaming of 'virtual bank' as 'digital bank'

The HKMA has published the conclusions to its consultation (see our previous update) on the proposal to rename 'virtual bank' as 'digital bank'.  The conclusions paper sets out the key comments received in 26 submissions from respondents, and the HKMA’s comments and conclusions on the proposed renaming. 

The respondents (including industry/professional associations, virtual banks and members of the public) were broadly supportive of the proposal, and the majority of them agreed with the proposed new name 'digital bank', as 'virtual bank' no longer reflects the evolving nature of the use of financial technologies and banking practices.

The HKMA considers that it is appropriate to rename 'digital bank', as 'virtual bank' to put more emphasis on the business models and financial technologies adopted by the virtual banks rather than their form of presence.  It also considers that the Chinese name "數字銀行" aligns with industry trends and the current digitalisation terminology used by the Government in policy development, while providing distinction with the existing digital banking services of the incumbent banks.

The HKMA will shortly embark on the amendments to the Guideline on Authorisation of Virtual Banks to effect the new name.  [14 Oct 2024]  #Digital

Singapore

MAS: Response to Parliamentary question on funds collected by PSPs and e-commerce platforms

MAS has published the response to a Parliamentary question on whether current legislation restricts the settlement period to vendors and customers with regard to funds collected by payment service providers (PSPs) and e-commerce platforms, and whether customer funds must be managed separately in the case of platforms with stored values.

The response confirms that licensed PSPs must send monies from its customers to the intended beneficiaries within: three business days for domestic money transfers; seven business days for cross-border money transfers; and in the case of customers who are merchants, any other period as may be agreed in writing between the PSP and its customers. Additionally, PSPs licensed as major payment institutions are also required to safeguard monies received.  [15 Oct 2024]  #Payments

MAS: Response to Parliamentary question on updates to Shared Responsibility Framework

MAS has published the response to a Parliamentary question on when the Shared Responsibility Framework (SRF) for certain types of phishing scams will come into operation and on a compensatory framework for other types of scams.

MAS confirmed that the Government intends to implement the SRF in 2024. A response to consultation feedback on the issue will be published in due course. In terms of other scams like those perpetrated by malware fraud, MAS noted that banks have in place goodwill frameworks to support victims of different scam typologies.  [15 Oct 2024]  #Cyber #Malware #Scams

MAS/ABS: Business continuity exercise to bolster financial sector’s operational resilience

MAS and the Association of Banks in Singapore (ABS) have jointly conducted a business continuity exercise with FIs aimed at strengthening the financial sector’s crisis management and operational resilience.

Participants were put through simulated exercise scenarios ranging from IT outages, cyber-attacks and operational disruptions. The aim was to test the ability to effectively respond to and recover from operational and business disruptions, as well as their crisis communication plans.  [15 Oct 2024]   #Cyber #OpRes

India

RBI Governor discusses central banking

The Reserve Bank of India (RBI) has published the keynote by its Governor Shaktikanta Das at the High Level Conference on Central Banking at a Crossroads. The Governor spoke on the journey of central banking so far, focusing on three areas where central banking is likely to be redefined in the future: monetary policy; financial stability; and new technologies.  [14 Oct 2024]  #Fintech

RBI: Accessibility to digital payment systems for persons with disabilities

The RBI has published a circular advising payment system providers (PSPs) to review their payment systems and devices in terms of accessibility to persons with disabilities, and carry out modifications where required. PSPs must submit to the RBI, within one month of the date of issue of this circular, details of their systems and/or devices that need to be modified, along with a plan of action to effect the modifications.  [11 Oct 2024]  #Payments

US

 NY DFS:  New guidance to address cybersecurity risks arising from AI

The New York State Department of Financial Services (NY DFS) has issued new guidance for regulated entities on combating cybersecurity risks arising from artificial intelligence (AI). The guidance builds on existing cybersecurity regulation (23 NYCRR Part 500) and follows on from recently adopted NY DFS guidance to combat discrimination by insurers using AI. The guidance takes a risk-based approach to assist the financial services sector to better understand, assess, and mitigate their AI-specific cybersecurity risks, including social engineering, enhanced cyber-attacks, theft of nonpublic information, and increased vulnerabilities due to supply chain dependencies.

The guidance does not impose new requirements; it is intended to help institutions meet their existing obligations.  [16 Oct 2024]  #Cyber #AI