In this regular update, we round-up FinTech-related regulatory developments for the week ending 5 March 2021.



FATF: Guidance for applying a risk-based approach to AML/CFT Supervision

The Financial Action Task Force (FATF) has published guidance for applying a risk-based approach to supervision with regard to anti-money laundering (AML) and countering the financing of terrorism (CFT). The guidance is intended to support supervisors in the transition from rules-based supervision to risk-based supervision. The Guidance contains:

  • high-level guidance on risk-based supervision, which explains how supervisors should assess the risks their supervised sectors face and prioritise their activities;
  • strategies to address common challenges in risk-based supervision; and
  • country examples, including strategies and examples of supervision of designated non-financial business and professions (DNFBPs) and virtual asset service providers (VASPs). [4 Mar 2021]


Covid-19: IOSCO 2021 – 2022 work programme

The International Organization of Securities Commissions (IOSCO) has published its two-year work programme for the period running from 2021 through 2022.  The work programme outlines a number of activities, including:

  • By 2022, the delivery of several Covid-19 impact related reports, including with regard to operational, cyber security and business continuity planning (BCP) risks;
  • Remaining up to date on developments with regard to initial coin offerings (ICOs);
  • Reviewing IOSCO standards against the Financial Stability Board’s (FSB’s) high level recommendations as set out in the FSB’s report on stablecoins;
  • In Q2, 2021, issuing a final report on the use of artificial intelligence (AI) and machine learning (ML) by market intermediaries and asset managers; and
  • In Q3, 2021, publishing a final report on online marketing and retail distribution. [1 Mar 2021]









CMA consultation on future oversight and governance of Open Banking remedies

The Competition and Markets Authority (CMA) has published a consultation on the future oversight and governance of its Open Banking remedies, focusing on the following three areas:

  • the successor organisation proposed by UK Finance – this body would succeed the Open Banking Implementation Entity (OBIE), take over OBIE’s functions other than compliance, and have a more broadly-based funding and governance model;
  • the compliance monitoring arrangements necessary for the CMA to put in place, particularly in respect of Articles 12 to 14 of the Retail Banking Market Investigation Order 2017; and
  • the transitional arrangements that should be adopted and when this process should begin.

This consultation follows work currently under way on the implementation phase, which is expected to be completed by the end of 2021. Feedback to the consultation is requested by 29 March 2021. [5 Mar 2021]

Singapore and UK Joint Statement on a partnership for the future

The Government has published a Joint Statement that has been agreed with Singapore, which reaffirms both countries’ commitment to free trade, climate action, and sustainability as they rebuild after the pandemic. The Joint Statement also sets out a shared approach on a number of matters, including technology where the parties commit to strengthen collaboration in areas such as cross-border data flows, AI, digital transformation, the promotion of interoperable digital systems, and cybersecurity. This latest joint statement follows on from the Free Trade Agreement signed by Singapore and the UK in December 2020. [4 Mar 2021]





Covid-19: FCA makes changes to single and cumulative transaction thresholds for contactless payments

The FCA has published a policy statement (PS21/2) setting out changes to the single and cumulative transaction thresholds for contactless payments. The single transaction contactless payment threshold will increase from £45 to £100, and the contactless threshold for multiple transactions will also increase from £130 to £300. An increase in the single transaction threshold will enable consumers to use contactless card payments for higher value transactions without needing to authenticate with strong customer authentication (SCA). The change to the cumulative transaction threshold replaces the supervisory flexibility that the FCA introduced to support the industry during Covid-19.

The changes come into force on 3 March 2021. [3 Mar 2021]



FCA written evidence – TSC inquiry on the Future of Financial Services

The Treasury Committee has published the written evidence which the FCA has submitted to the inquiry on the Future of Financial Services. The FCA’s written evidence covers opportunities for the UK’s financial services sector; development and scrutiny of financial services policy making; and the current challenges facing regulators.  The submission includes the FCA’s response to the question posed by the TSC regarding facilitation and promotion of new financial technologies and firms. [2 Mar 2021]






ESMA hearing on crowdfunding consultation to be held on 12 April 2021

The European Securities and Markets Authority (ESMA) has announced that it will hold an open hearing for its consultation on draft Regulatory Technical Standards (RTS) under the European Crowdfunding Service Providers for Business Regulation (ECSPR). The draft RTS cover: complaint handling; conflicts of interest management; business continuity planning (BCP); authorisation; client information requirement; onboarding; and regulatory reporting.

The hearing will take place on 12 April 2021. Feedback to the consultation is requested by 28 May 2021. The majority of the technical standards will be submitted to the EU Commission for adoption before 10 November 2021, although some will be delivered by 20 May 2022. [5 Mar 2021]

EBA opinion on ML/TF risks affecting EU financial sector

The European Banking Authority (EBA) has published its biennial Opinion and accompanying report on the money laundering and terrorist financing (ML/TF) risks affecting the EU’s financial sector. In terms of cross-sectoral risks, the opinion highlights risks regarding:

  • virtual currencies;
  • financial technology (FinTech);
  • countering the financing of terrorism (CFT) systems and controls;
  • de-risking;
  • supervisory divergence;
  • crowdfunding platforms;
  • divergent approaches to tackling tax-related crimes; and
  • Covid-19.

The EBA also discussed the ML/TF risks in specific financial sectors, for example in relation to credit institutions, payment institutions, and life insurance undertakings. The opinion sets out steps that national competent authorities (NCAs) can take to address the risks identified in the opinion. The recommendations do not change or specify policies, but instead set out good practices and reiterate existing supervisory duties.

The EBA has also published an interactive tool on the risks covered in the opinion. [3 Mar 2021]




Council of the EU: EESC opinion on DORA

The Council of the EU’s European Economic and Social Committee (EESC) has published an opinion on the proposed Digital Operational Resilience Act (DORA) issued by the European Commission. The opinion sets out a number of recommendations on the DORA proposal with the intention of enhancing its effectiveness, including:

  • ensuring consistency in definition and scope between DORA and the requirements set out in existing guidelines issued by the European Supervisory Authorities (ESAs);
  • consolidating the requirements on outsourcing into a single rulebook, in order to enforce legal certainty for all market participants and reliably comply with supervisory expectations; and
  • including proportionality in the penalty regime to avoid disincentives for ICT providers to serve EU financial entities and moving away from the current reference to worldwide turnover. [3 Mar 2021]





Quarterly Statement by the Council of Financial Regulators

The Council of Financial Regulators (CFR) announced that it held its quarterly meeting on Friday, 26 February. CFR members discussed a variety of issues including:

  • the commencement of Australia’ Covid-19 vaccine program and the positive effect this would have on confidence and economic activity;
  • winding down of temporary support programs;
  • credit conditions;
  • recent trends in ending to businesses;
  • changes to corporate insolvency laws;
  • the recent business interruptions test case decision in the Federal Court and the continued uncertainty pending a possible appeal;
  • competition in the financial sector, including the ongoing implementation of the Consumer Data Right;
  • operational risk, including cyber risk;
  • two reviews of the Australian payments systems currently underway; and
  • developments in relation to central bank digital currencies, stablecoins, crypto-assets and decentralised finance. [3 Mar 2021]




Hong Kong

Update on FATF statements

The SFC has published a circular to licensed corporations and associated entities regarding recent updates from the Financial Action Task Force (FATF):

  • Statement identifying high-risk jurisdictions that are subject to a call for action – In response to the Covid-19 crisis, the FATF has paused the review process for countries in the list of high-risk jurisdictions since February 2020. The FATF advises its members to refer to the list adopted in February 2020 in relation to Democratic People’s Republic of Korea and Iran.
  • Updated statement on jurisdictions under increased monitoring – The FATF has added four new jurisdictions (namely Burkina Faso, the Cayman Islands, Morocco, and Senegal) to this list of jurisdictions.
  • Various outcomes of the FATF plenary held on 22, 24 and 25 February 2021 – This includes the approval of the public consultation on a new guidance on proliferation financing risk assessment and mitigation, and an update to the FATF guidance for virtual assets and virtual asset service providers (the two guidance papers will be published for public consultation in March 2021 and are expected to be finalised for the plenary’s approval in June 2021). [5 Mar 2021]




MAS: Controls and Disclosures to be Implemented by Licensed SCF Operators

The Monetary Authority of Singapore (MAS) has published a circular setting out the measures Securities-Based Crowdfunding (SCF) operators should put in place to assess issuers, manage defaults or cessations, and disclose interest and default rates. [5 Mar 2021]

Covid-19: MAS and ABS – Risk Management and Operational Resilience in a Remote Working Environment

MAS and the ABS have jointly issued a paper  on managing new risks that could emerge from extensive remote working arrangements adopted by financial institutions (FIs) in response to Covid-19. The paper looks at possible risks to FIs in the areas of operations, technology and information security, fraud and staff misconduct, and legal and regulatory risks. It also examines the impact on people and culture that may be brought about by remote working. Drawing from the experiences of ABS member banks, the paper suggests key risk management actions needed to address these areas of concern. The risks and risk mitigation measures set out in the paper are also applicable to non-bank FIs. [2 Mar 2021]

MAS: Response to Parliamentary Questions – Trust, e-Payments, Sustainable Development

MAS has published the responses made by Mr Ong Ye Kung, Minister for Transport, on behalf of Mr Tharman Shanmugaratnam, Senior Minister and Minister In Charge of MAS, at Committee of Supply 2021. The Minister commenced his reply by addressing the issue of public trust in financial services before proceeding to discuss two medium term developments for the financial sector – e-payments and promoting greater social good, such as sustainable development.

On sustainable development, the Minister noted that MAS and SGX RegCo are carefully studying international initiatives on harmonising sustainability disclosure standards. SGX RegCo will be consulting in 2021 on enhancements to its sustainability reporting requirements. [26 Feb 2021]




BNM releases ORION Policy Document

The Bank Negara Malaysia (BNM) has issued the revised Operational Risk Integrated Online Network (ORION) Policy Document, together with the following supporting documents:

The Policy Document provides comprehensive guidance on reporting governance, reporting procedures, mandatory data items, reporting taxonomies of Operational Risk submission in regards to Loss Event, Key Risk Indicators and Scenario Analysis. The recent revision provides clarity on the reporting of Shariah Non-compliance event in ORION; realigns cyber-risk related definitions and terminologies with the Financial Stability Board (FSB) cyber lexicons; and enhances the granularity of ORION reporting requirement to improve the accuracy of operational risk reporting. The policy is effective from 1 March 2021. [26 Feb 2021]




SECP launches Payment Portal

The Securities and Exchange Commission, Philippines (SECP) has announced the launch of a new Payment Portal, a web-based system that allows for the payment of registration and other transaction fees, as well as penalties, online. The portal has commenced operation accepting a range of payment options, with more to be added shortly. The SECP will continue to accept and process payments across its main, extension and satellite offices. [1 Mar 2021]




SEC Division of Examinations: 2021 Priorities

The SEC Division of Examinations has announced its 2021 examination priorities, including a greater focus on climate-related risks. Among the focus areas highlighted for scrutiny are information security, operational resilience, FinTech and innovation (including digital assets). The Division also sets out specific areas on which it will focus for investment advisers and investment companies; broker-dealers and municipal advisors; and market infrastructures (including clearing agencies and exchanges). [3 Mar 2021]



SEC Commissioner Peirce Speech on FinTech and Legacy Financial Institutions

The SEC has published the opening remarks delivered by Commissioner Hester M Peirce on the financial technology (FinTech) panel at the Institute of International Bankers 2021 Annual Washington Conference. In her speech, Ms Peirce highlighted the various factors that could keep traditional financial institutions walled off from technological innovation. Ms Peirce then went on to outline how legacy firms and regulators can seize the opportunities that innovative FinTech promises. [1 Mar 2021]

Office of NY AG Issues Two Alerts to Retail Investors and Industry on Virtual Currencies

The Office of the New York Attorney General (NY AG) has issued two alerts regarding the potential risk posed by virtual currencies. The first alert – directed at investors – urges caution when investing in virtual currencies, and includes, among other things, five common warning signs of investment fraud. The second alert – directed at industry members such as brokers, dealers, salespersons, and investment advisors – states that people and entities dealing in virtual currencies that are commodities or securities in the state of New York, and who do not qualify for an exemption, must register with the Office of the NY AG. Failure to do this may expose them to civil and criminal liability. These alerts follow recent enforcement actions taken by the NY AG in the virtual currency space.  [1 Mar 2021]

CSBS: State Regulators Release Updated Cybersecurity Examination Tool

The CSBS has announced that state regulators have issued an updated cybersecurity examination tool for non-bank financial companies, specifically less complex and lower risk institutions. The tool is designed for state regulator use in examinations, and companies are encouraged to use it to assess their cybersecurity health between examinations. An additional tool for more complex institutions is under development and due to be released in Q2 2021. [24 Feb 2021]



Herbert Smith Freehills LLP is licensed to operate as a foreign law practice in Singapore. Where advice on Singapore law is required, we will refer the matter to and work with licensed Singapore law practices where necessary.