FinTech Global FS Regulatory Round-up - w/e 22 November 2024

ICYMI

• 'Regulating for growth': Chancellor delivers first Mansion House speech (UK)
• Financial institutions and telcos required to share responsibility for phishing scams in Singapore from 16 December 2024

---

Global

IOSCO unveils new roadmap to enhance retail investor online safety

IOSCO has announced the launch of a new roadmap to address the rise in retail investor fraud and manage the risks posed by technological advancements.

The roadmap seeks to address these risks by focusing on enhancing  investor education and promoting robust regulatory frameworks. IOSCO has five waves of targeted actions planned for the next 12 months. The first wave, published alongside the roadmap, includes three consultations:

• a consultation on 'finfluencers' sets out good practices for regulators, market players, and finfluencers to foster a safer, more transparent environment for retail investors;
• a consultation on online imitative trading platforms sets out good practices to guide regulators' oversight of imitative trading platforms which facilitate copy trading, mirror trading and social trading; and
• a consultation on Digital Engagement Practices (DEPs), such as gamification, calls for a balanced approach, setting out good practices to ensure DEPs promote informed and safe trading behaviour.

Feedback on all three consultations is requested by 20 January 2025. [19 Nov 2024] #Finfluencers #Platforms #Gamification

FSB: 2024 Annual Report & Chair's letter to G20 leaders

The FSB has published its 2024 Annual Report. The report provides an overview of the FSB’s policy work to foster global financial stability in response to new and emerging risks, and to enhance the functioning of G20 reforms introduced since the 2008 global financial crisis.

Key priorities include addressing lessons from the March 2023 banking turmoil; enhancing the resilience of non-bank financial intermediaries (NBFIs); addressing financial risks from climate change; improving cross-border payments; responding to technological innovation; and enhancing the resolvability of central counterparties (CCPs). The report includes an outline of work to be undertaken in 2025.

The FSB has also published the letter from its Chair, Klaas Knot, submitted to G20 Leaders ahead of their meeting in Rio on 18 November 2024, which accompanied the 2024 Annual Report. The letter highlights that agreed financial reforms have not yet been fully implemented and calls for a redoubling of 'efforts to ensure a stable global financial system that can finance the economy without recourse to extraordinary support'. The letter comments on the need to address existing vulnerabilities in the financial system, and to manage the risks, and harness the benefits, of structural change in the financial system. It outlines work on the programme to enhance resilience in non-bank financial intermediation, as well as to address risks stemming from digitalisation and climate change. [18 Nov 2024] #Payments #DLT #AI #Crypto

IAIS consults on draft AP on supervision of AI

The IAIS has published a consultation on its draft application paper (AP) on the supervision of AI. It covers four broad sections:

• governance and accountability: this section includes the need to integrate AI into risk management systems, provide human oversight of AI risks and considerations around the use of third parties;
• robustness, safety and security: this section considers issues related to the robustness, safety and security of AI systems;
• transparency and explainability: this section sets out the need for AI outcomes to be explainable and tailored to the need of different stakeholders; and fairness,
• ethics and redress: this section includes the need for fairness by design, monitoring of outcomes and adequate redress mechanisms and also highlights the need for supervisors and insurers to consider the broad societal impacts of granular risk pricing on the principle of risk pooling.

Feedback is requested by 17 February 2025. A background webinar will be held on 13 December 2024 to answer stakeholder questions. [18 Nov 2024] #AI

---

UK

FCA: FG24/6 – Guidance for firms that enables a risk-based approach to payments

The FCA has published Finalised Guidance 24/6: Guidance for firms that enables a risk-based approach to payments (FG24/6). FG24/6 contains guidance in relation to the Payment Services (Amendment) Regulations 2024, which came into force on 30 October 2024. This made changes to the Payment Services Regulations 2017 to extend the amount of time that a Payment Service Provider (PSP) has to process an outbound payment when there are reasonable grounds to suspect authorised push payment (APP) fraud or dishonesty.

The guidance has now been added to Chapter 8 of the FCA's Approach Document for payment services and e-money. It sets out:

• the requirements for delaying outbound payments and determining whether the threshold for ‘reasonable grounds to suspect’ has been met;
• how PSPs should use the payment delay window;
• obligations on PSPs if they delay an outbound transaction; and
• the treatment of suspicious inbound payments. [22 Nov 2024] #Payments #APPFraud

PSR: Impact of APP fraud on UK customers

To mark International Fraud Awareness Week, the Payment Systems Regulator (PSR) has published research showing the emotional and financial toll of Authorised Push Payment (APP) fraud on UK consumers. Key findings of the research include:  

• Trust in social media platforms has been shaken: Fraud’s impact goes beyond the payments sector – 41% of victims reported a loss of trust in social media companies, four times as many as those who lost trust in traditional banks. The PSR concludes that this reinforces the need for online marketplaces and social media platforms to take greater responsibility in preventing fraud. 
• Victims’ top priority is getting their money back: 67% of APP fraud victims reported that getting reimbursed for their losses is their top priority. Other key priorities include removing fraudulent content (19%) and investigating the fraud (7%). The PSR concludes that reimbursement protects many aspects of social wellbeing and trust – for example, victims that are reimbursed are commonly less likely to have long-term emotional impacts. The research also challenges assumptions that reimbursement leads to complacency with reimbursed victims reporting they felt more vigilant about fraud risks, not less.  

The PSR also sets out the actions that it has taken in respect of APP fraud, including: mandatory reimbursement, which came into force on 7 October 2024; plans to publish new data on the online, social media and tech firms most commonly reported by victims as facilitating their contact with fraudsters; and action to ensure the widespread rollout of anti-fraud tools such as confirmation of payee requirements. [21 Nov 2024] #Payments #APPFraud

BoE: Survey report on AI in UK financial services in 2024

The Bank of England (BoE) has published a report entitled Artificial intelligence in UK financial services – 2024. The report presents the findings of a third survey, jointly conducted by the FCA and BoE, on AI and machine learning (ML) in UK financial services. The key findings, presented under eight key themes, include:

Use and adoption

•  75% of firms are already using artificial intelligence (AI), with a further 10% planning to use AI over the next three years; and
•  foundation models form 17% of all AI use cases.

Third-party exposure

• a third of all AI use cases are third-party implementations; and
• the top three third-party providers account for 73%, 44%, and 33% of all reported cloud, model, and data providers respectively.

Automated decision-making

• respondents reported that 55% of all AI use cases have some degree of automated decision-making; and
• only 2% of use cases have fully autonomous decision-making.

Materiality

• 62% of all AI use cases are rated low materiality by the firms that use them.

Understanding of AI systems

• 46% of respondent firms reported having only ‘partial understanding’ of the AI technologies they use versus 34% of firms that said they have ‘complete understanding’.

Benefits and risks of AI

• the highest perceived current benefits are in data and analytical insights, anti-money laundering (AML) and combating fraud, and cybersecurity;
• of the top five perceived current risks, four are related to data;
• the risks that are expected to increase the most over the next three years are third-party dependencies, model complexity, and embedded or ‘hidden’ models; and
• Cybersecurity is rated as the highest perceived systemic risk both currently and in three years.

Constraints

• the largest perceived regulatory constraint to the use of AI is data protection and privacy, followed by resilience, cybersecurity and third-party rules, and the FCA’s Consumer Duty; and
• the largest perceived non-regulatory constraint is safety, security and robustness of AI models.

Governance and accountability

• 84% of firms reported having an accountable person for their AI framework; and
• 72% of firms said that their executive leadership were accountable for AI use cases. [21 Nov 2024] #AI #MachineLearning

Lords: CfE on Property (Digital Assets etc) Bill

The Special Public Bill Committee in the House of Lords has launched a Call for Evidence (CfE) in relation to the Property (Digital Assets etc) Bill. The Bill seeks to give effect to the recommendation of the Law Commission of England and Wales that there should be:

'…statutory confirmation that a thing will not be deprived of legal status as an object of personal property rights merely by reason of the fact that it is neither a thing in possession nor a thing in action. This recommendation responds to the development of new types of assets such as crypto-tokens which challenge the traditional categories'.

The committee seeks written evidence in answer to the following questions:

• Please could you summarise your view on the Bill in fewer than 300 words?
• Do you think that the Bill, in its current form, is necessary and effective?
• Would the Bill have any negative or unexpected consequences?
• How could the Bill be improved? How should it be amended to achieve this?
• Should the Bill have retroactive effect?
• What implications could the Bill have for the development of this area of common law, both in England and Wales and in other legal jurisdictions?

Feedback is requested by 20 December 2024. [20 Nov 2024] #Crypto

UK Finance report: Information Sharing Pilot (ICO Sandbox)

UK Finance has published a report on the Information Commissioner's Office (ICO) Sandbox, in which a group of UK banks participated in a private-to-private information sharing proof of concept (the pilot), sponsored by UK Finance and the Home Office with support from Deloitte. The pilot sought to test whether financial crime exit data, made up of elements of personal data, could be shared between participating banks through a central database in accordance with the UK General Data Protection Regulation (GDPR) and the Data Protection Act 2018 (DPA 2018), for the purposes of enabling the more effective management of financial crime risk within banks.

Key findings from the report include:

• overall, the participating banks identified benefits that could be achieved by the operationalisation of information sharing financial crime exit data;
• Cifas analysis found that 1,932 individuals or entities within the dataset had been exited by multiple participating banks for financial crime concerns without any of them being aware of the concerns of the other(s);
• participating banks met the relevant thresholds and implemented appropriate safeguards to lawfully share data for the prevention of financial crime under UK GDPR and DPA 2018; and
• the Home Office used live learnings from the pilot to inform new legislation under the Economic Crime and Corporate Transparency Act 2023 (ECCTA 2023) s188 and s189, providing firms with a clearer gateway and greater protection for sharing this type of data for the purpose of addressing financial crime risk. [18 Nov 2024] #Data

---

Europe

ECB: Building a solid cyber defence for the new geopolitical season

The ECB has published a speech by Piero Cipollone, Member of the Executive Board of the ECB, at the tenth meeting of the Euro Cyber Resilience Board for pan-European Financial Infrastructure. Mr. Cipollone focused on cyber threats in the new geopolitical and technological environment. He shared his thoughts on how policy and oversight can support operators in firming up cyber defences. He also stated that investing sufficiently to achieve a high level of cyber resilience is necessary for long-term success. Concluding, Mr. Cipollone highlighted that collaboration is a key to strengthen cyber defences both at the individual and the collective level. [21 Nov 2024] #Cyber

---

Hong Kong

HKMA shares sound practices of banks in promoting use of mobile POS terminals by merchants

The HKMA has issued a circular to share sound practices observed in relation to promoting the usage of mobile point-of-sale (POS) terminals by merchants.

The HKMA encourages the use of mobile POS terminals or similar devices which allow customers to effect payments by swiping or tapping their cards in person.  In respect of the related measure (number 7) on mobile POS terminals in its circular issued on 20 June 2023 ('Major Enhancements on Protection of Payment Card Customers') (see our previous update), the HKMA has gathered information from authorised institutions that are merchant acquiring banks on the use of mobile POS terminals, and identified the following sound practices for promoting usage of mobile POS terminals by merchants:

• Some banks proactively provide or deploy mobile POS terminals to newly acquired merchants; 
• Some banks actively replace conventional POS terminals with mobile POS terminals upon merchants’ service requests;
• Some banks have introduced financial and/or non-financial incentives to their merchants (such as free demonstrations or trials); and
• Some banks provide technical support to merchants which are not receptive to the use of POS terminals for reasons such as network stability and reluctance to change existing operations.

The HKMA encourages merchant acquiring banks to make reference to the above practices and other measures deemed appropriate to promote mobile POS terminals to their merchants.  Where merchants have hesitation about using mobile POS terminals, banks are encouraged to proactively understand their concerns, help address practical difficulties of the merchants, and explore different mobile POS solutions to offer diversified choices for merchants with different needs.

The HKMA plans to engage the merchant acquiring banks on surveys to collect relevant statistics.  [15 Nov 2024] #POSTerminals

 

---

 

Malaysia

BNM to host in-person session ahead of applications for digital insurer or takaful operator licenses

Bank Negara Malaysia (BNM) has announced that, following the issuance of the Policy Document on Licensing and Regulatory Framework for Digital Insurers and Takaful Operators (DITO PD) in July 2024, it will be hosting an in-person session on 2 December 2024. The purpose of the session is for BNM to communicate its expectations and to address any queries that potential applicants may have, ahead of the submission of the applications for digital insurer or takaful operator license(s), starting from 2 January 2025.

Firms that are interested in participating are asked to register their interest by 25 November 2024. [18 Nov 2024] #DITO

---

US

SEC charges crypto mining company with FCPA violations in connection with scheme to influence members of Japan's Parliament

The Securities and Exchange Commission (SEC) has announced that a cryptocurrency mining company has agreed to pay a $4m civil penalty to resolve charges that it violated the Foreign Corrupt Practices Act (FCPA) from 2017 to 2019 by engaging in a widespread bribery scheme to influence numerous foreign officials, including members of Japan’s Parliament, in efforts to establish an integrated resort casino in Japan.

The SEC’s order finds that the bribery scheme involved illicit payments of approximately $2.5m in the form of cash bribes, entertainment, and trips. It further finds that the bribes were authorized by a senior executive and that, after the scheme came to light, the company never entered the market.

The company consented to the SEC’s order finding that it violated the anti-bribery, recordkeeping, and internal accounting controls provisions of the FCPA. It has agreed to cease and desist from committing or causing any violations and any future violations of these provisions and to pay the civil penalty. [18 Nov 2024] #Crypto

FDIC announces extension of comment period for deposit insurance recordkeeping rule for banks’ third-party accounts

The Federal Deposit Insurance Corporation (FDIC) has announced an extension to the public comment period for its proposed rule on recordkeeping for custodial accounts. The proposal seeks to address risks related to certain third-party arrangements, protect depositors, and promote public confidence in insured deposits.  Comments are now requested by January 16, 2025.

Under the proposed rule, FDIC-insured banks holding certain custodial accounts, as defined in the proposal, would be required to take certain steps to ensure accurate account records are maintained in order to determine the individual owner of the funds, including a requirement to reconcile the account for each individual owner on a daily basis. These requirements, as well as others, apply if the bank uses a third party to maintain records. The proposal’s provisions also provide for oversight by the banks’ primary federal supervisor to review for compliance with this rule and enforcement authority to compel compliance if the bank fails to meet these requirements.  [18 Nov 2024] #BaaS