In this regular update, we round-up FinTech-related regulatory developments for the week ending 22 January 2021.
|BIS Innovation Hub annual work programme for 2021/22
The Innovation Hub’s projects will be distributed across the three existing Hub Centres in Hong Kong, Singapore and Switzerland, and new locations in Europe and North America. [22 Jan 2021]
|Covid-19: FSB releases 2021 work programme
The document also sets out a timeline of main publications for 2021. [20 Jan 2021]
FCA Regulation Round-up: January 2021
The FCA has issued the January 2021 edition of its Regulation Round-up. This issue covers the hot topic of restricting CMC charges for financial services and products claims, as well as recent news, publications and highlights by sector. The Round-up also highlights the Digital Sandbox pilot that was launched in November 2020. The FCA will host a series of showcase sessions on 8 – 10 February 2021, where participants will present the solutions they’ve developed via livestream. Information on attending these session can be found here. [21 Jan 2021]
FCA: Half of reporting firms moved to RegData
The FCA has announced that half of reporting firms who have previously submitted their regulatory reporting on Gabriel are now using RegData, the new data collection platform. The FCA advises that firms still using Gabriel should make sure they have registered for RegData as the FCA continues to move more firms across. [20 Jan 2021]
|FCA responds to statutory panels’ annual reports
The FCA has published letters to the Financial Services Markets Panel, Financial Services Consumer Panel, FCA Practitioner Panel, and Financial Services Small Business Practitioner Panel. The letters respond to some of the key issues raised by the panels’ 2019/20 Annual Reports, including Covid-19, the future of regulation, LIBOR transition, sustainable finance, digital marketing, consumer credit and mortgage prisoners, the Senior Managers and Certification Regime (SM&CR), operational resilience, open finance, pension transfers, and competition. [19 Jan 2021]
|EU Commission: Consultation on the establishment of an ESAP for financial and non-financial information publicly disclosed by companies
The EU Commission has published a targeted consultation document on the establishment of a European Single Access Point (ESAP) for financial and non-financial information publicly disclosed by companies.
Feedback to the consultation is requested by 3 March 2021.
The EU Commission has also published its consultation strategy for the ESAP. [21 Jan 2021]
|European Commission and ECB joint statement on digital euro
The European Commission and European Central Bank (ECB) have issued a joint statement on their cooperation on a digital euro. Among other things, the statement notes that following the conclusion of the public consultation on 12 January 2021 and a period of preparatory work, the ECB will consider whether to start a digital euro project towards mid-2021. [20 Jan 2021]
|European Commission Communication on economic and financial system
The European Commission has issued a Communication setting out a new strategy intended to stimulate the openness, strength and resilience of the EU’s economic and financial system. The proposed approach is based on three pillars, namely:
The Commission will monitor the actions listed in its Communication on an ongoing basis, and will review the state of implementation results in 2023. A Questions and Answers (Q&A) webpage, a factsheet on the Capital Markets Union (CMU), a recording of the related press conference, and related remarks made by Executive Vice President Valdis Dombrovskis have also been published. [20 Jan 2021]
|HKMA report: “AML/CFT Regtech: Case Studies and Insights”
The HKMA has published a report titled “AML/CFT Regtech: Case Studies and Insights”, highlighting opportunities offered by regtech to improve the efficacy and efficiency of anti-money laundering and counter-financing of terrorism (AML/CFT) efforts by financial institutions through real-life examples. Circulars have been issued to authorised institutions and stored value facility licensees regarding the report.
The report forms part of the HKMA’s ongoing initiative to promote responsible innovation and regtech adoption in the banking industry for AML/CFT purposes.
Following the first AML/CFT RegTech Forum in November 2019, the HKMA collaborated with a consulting firm to follow up on the progress made by three breakout groups of banks. The report details case studies involving six banks which have implemented technologies, including network analytics and robotic process automation, and is designed to provide practical guidance to banks at various stages of AML/CFT regtech adoption.
The report also highlights the following thematic insights:
|MAS issues revised Technology Risk Management Guidelines
The revised Guidelines focus on addressing technology and cyber risks in an environment of growing use by financial institutions (FIs) of cloud technologies, application programming interfaces (APIs), and rapid software development. The Guidelines reinforce the importance of incorporating security controls as part of FIs’ technology development and delivery lifecycle, as well as in the deployment of emerging technologies.
The revised Guidelines set out the following enhanced risk mitigation strategies for FIs:
The revised Guidelines also provide additional guidance on the roles and responsibilities of the board of directors and senior management in the oversight of technology and cyber risks. [18 Jan 2021]
|SEC: Acting Chair Roisman Statement on UK ICO Letter on Transfers of Personal Data to SEC
The Securities and Exchange Commission (SEC) has released a statement by Acting Chair Elad L Roisman which comments on the UK Information Commissioner’s Office’s (ICO’s) letter, dated September 11, 2020, on the impact of UK data protection law on transfers of personal data from certain UK-based firms to the SEC. The letter clarifies that the ICO has concluded that the UK General Data Protection Regulation (GDPR) does not impose legal barriers to the transfer of personal data from:
to the SEC for regulatory or enforcement purposes. The ICO further clarifies that the UK GDPR permits UK firms’ transfers of personal data to the SEC directly in connection with, among other things:
The letter explains how UK firms with regulatory obligations to the SEC can rely on the “public interest” derogation of the UK GDPR when directly transferring personal data to the SEC. [19 Jan 2021]
|SEC: Commissioner Peirce Statement Regarding Recent Enforcement Action
The SEC has published a public statement by Commissioner Hester M Peirce regarding a recent settled enforcement action against a telecommunications company which offered and sold digital assets using a Simple Agreement for Future Tokens (SAFT) without the required registration or exemption from registration. While Ms Peirce supports most of the settlement, she raises a particular concern in relation to the settlement’s provision whereby the company will not distribute the tokens pursuant to the SAFTs. In Ms Peirce’s view, ‘this settlement perpetuates an approach that suggests that tokens themselves are securities and thus complicates the development of crypto networks’. [15 Jan 2021]
|OCC Notice of Proposed Rulemaking: Computer-Security Incident Notification
The OCC, Fed and FDIC have issued a notice of proposed rulemaking in relation to the computer-security incident notification. Under this proposal, a covered entity would be required to provide its primary federal regulator with prompt notification of any ‘computer-security incident’ that rises to the level of a ‘notification incident’.
Feedback on the proposed rule is requested by April 12, 2021. [14 Jan 2021]