In this regular update, we round-up FinTech-related regulatory developments for the week ending 26 March 2021.



FATF: Consultation on draft guidance on risk-based approach to VAs and VASPs

The Financial Action Task Force (FATF) has published for consultation its draft updated guidance on the risk-based approach to virtual assets (VAs) and virtual asset service providers (VASPs). The changes to the guidance aim to maintain a level playing field for VASPs, based on financial services they provide in line with applicable existing standards, as well as to minimise the opportunity for regulatory arbitrage between sectors and countries.Feedback is requested by 20 April 2021. [22 Mar 2021]



Speech on the Italian G20 presidency and the cross-border payments agenda

The Committee on Payments and Market Infrastructures (CPMI) has published the remarks delivered by Piero Cipollone, Deputy Governor of the Bank of Italy, at the CPMI Conference “Pushing the frontiers of payments: toward faster, cheaper, more transparent and more inclusive cross-border payments”, which took place on 19 March 2021. Mr Cipollone spoke about the Italian G20 presidency and the cross-border payments agenda. [22 Mar 2021]




FCA: Feedback on open finance call for input

The FCA has published feedback statement (FS21/7) to its Call for Input on open finance which was published in December 2019. Open finance refers to the extension of open banking-like data sharing to a wider range of financial products, such as savings, investments, pensions and insurance.Among other things, the feedback statement sets out that open finance could potentially offer significant benefits to consumers, including increased competition, improved advice and improved access to a wider and more innovative range of financial products and services. It also summarises the industry and HM Government (HMG) initiatives which have developed since the FCA originally issued its Call for Input.The FCA says that will continue to work with the HMG to support the design of future Smart Data legislation and to support industry-led efforts to develop common standards and roadmaps to open finance. [26 Mar 2021]

FCA Handbook Notice 86

The FCA has published Handbook Notice No. 86, which provides a summary of legislative changes made on 22 and 25 March 2021, includes feedback on responses to various consultations, and sets out upcoming FCA board meetings. The Handbook Notice also includes the Fees (cryptoasset business) (periodic fees) Instrument 2021, which sets out the fees payable by cryptoasset businesses registered under the Money Laundering Regulations (MLR). [26 Mar 2021]

BoE financial policy summary and record of FPC meeting

The Bank of England (BoE) has published financial policy summary and record of its Financial Policy Committee (FPC) meeting on 11 March 2021. Among the topics covered, the FPC set out its initial thinking on the 2022 cyber stress test, which aims to explore:

  • firms’ ability to identify quickly the nature of the disruption they face; and
  • the potential financial stability impact of firms not meeting the impact tolerance in the case of some specific types of disruption where data integrity had been compromised.

The FPC has said that further information on the cyber stress tests will be published in due course. [26 Mar 2021]




FSCP response to HMT consultation – Regulatory approach to cryptoassets

The Financial Services Consumer Panel (FSCP), one of the statutory panels established under the Financial Services and Markets Act (FSMA), has published its response to HMT’s consultation on the UK regulatory approach to cryptoassets and stablecoins. [26 Mar 2021]



HC: Company unlawfully advised on investments and promoted CFD trading

The High Court (HC) has delivered a summary judgement in civil proceedings commenced by the FCA against a company and its sole director in relation to unauthorised investment advice.The HC has found that the company unlawfully provided trading signals to consumers for a fee. The trading signals were sent via WhatsApp and over social media and contained recommendations about contracts for difference (CFDs) relating to currencies and commodities. The HC found that these signals amounted to unlawful investment advice and contravened the Financial Services and Markets Act 2000 (FSMA). It was also found that the director was knowingly concerned in their company’s contraventions of FSMA.The judge ordered the director to pay restitution in excess of £530,000.The FCA has also published a statement on the case. [25 Mar 2021]




BoE written evidence – TSC inquiry on the Future of Financial Services

The Treasury Committee has published the written evidence that the Bank of England (BoE), including the PRA, has submitted to the inquiry on the Future of Financial Services. The BoE’s written evidence covers the future UK regulatory framework and how it will support innovation, competition and proportionality. The evidence refers to:

  • building a supportive environment for the FinTech sector that will allow firms to innovate; and
  • responding to the development of digital currencies and stablecoins, and considering the potential introduction of a central bank digital currency (CBDC) in the UK. [23 Mar 2021]





ESMA: Speech by Chair of CCP Supervisory Committee

The European Securities and Markets Authority (ESMA) has published a speech by the Chair of the Central Counterparty (CCP) Supervisory Committee, Klaus Löber, on evolving risks and supervisory responses for CCPs. The speech considers the impact of Covid-19 on operational and cyber risk and the efforts to support a resilient framework. Such efforts include:

  • the EU Commission’s Digital Operational Resilience Act (DORA) designed to consolidate and upgrade ICT requirements across all financial entities operating in the EU;
  • the European System of Central Banks’ (ESCB) framework on the Threat Intelligence-based Ethical Red Teaming (TIBER-EU) designed to test and improve the resilience of financial infrastructures and institutions against sophisticated cyber-attacks; and
  • the CCP Supervisory Committee’s plan to review supervisory activities in respect of CCPs’ operational and cyber resilience in order to identify and promote best practices in the area of supervisory convergence. [24 Mar 2021]



EU Commission consultation on instant payments

The EU Commission has launched consultation on instant payments, which is intended to:

  • inform the EU Commission on remaining obstacles and possible enabling actions that could be taken to ensure a wide availability and use of instant payments in the EU;
  • enable it to decide whether EU coordinated action and/or policy measures are warranted in order to ensure that a critical mass of EU payment service providers (PSPs) offer instant credit transfers; and
  • identify factors relevant to fostering customer demand towards instant credit transfer.

The EU Commission has also published an accompanying consultation strategy.Feedback is requested by 2 June 2021. [24 Mar 2021]

6th meeting of the FinTech Working GroupThe FinTech Working Group of the European Parliament’s Committee on Economic and Monetary Affairs (ECON) has published the minutes of, and the slides which were presented at, its 6th meeting on 16 March 2021. The theme for the meeting was “Using distributed ledger technology (DLT) in finance: Potential benefits and challenges.” [24 Mar 2021] #DLT
ECON: Draft report on proposal for directive under digital finance package

ECON has published a draft report with its amendments to the proposed Directive to amend a number of EU financial services directives (including the UCITS Directive, Solvency II Directive, Alternative Investment Fund Managers Directive (AIFMD), Capital Requirements Directive IV (CRD IV), Markets in Financial Instruments Directive II (MiFID II) and the Payment Services Directive (PSD)) as part of the EU’s Digital Finance Strategy. [22 Mar 2021]




APRA completes first phase of its Superannuation Data Transformation

APRA has released its response paper and final reporting standards for Phase 1 of its Superannuation Data Transformation (SDT) which will be run over a number of years. The SDT aims to improve member outcomes by increasing APRA’s superannuation data collection.The first phase of the SDT addressed the most urgent gaps in data reported by superannuation trustees, including expanding data collection to include all products and investment options, and collecting improved data on insurance arrangements, expenses, member demographics and asset allocation classifications. [25 Mar 2021]



Hong Kong

HKMA publishes sixteenth issue of Complaints Watch

The HKMA has published the sixteenth issue of its Complaints Watch. The Complaints Watch is a periodic newsletter highlighting the latest complaint trends, emerging topical issues and good practices that authorised institutions (AIs) may find helpful. This latest issue provides guidance on the following matters:

  • Access to consumer credit data – The HKMA has received more complaints recently in relation to the use of digital devices and e-banking services, such as regarding the lack of customer consent for accessing the consumer credit database. AIs should, in line with the guiding principles under the Code of Banking Practice and the Treat Customers Fairly Charter, review their digital processes to ensure clear and prominent disclosure of the purpose for making enquiries with the credit reference database and to obtain consent for access from customers for completed credit applications.
  • Identity theft in making online credit card applications – The HKMA has received complaints regarding suspected identify theft or impersonation of customers in applying for credit cards online. AIs are reminded to stay alert and to consider appropriate control system enhancements. AIs should also engage in consumer education initiatives, such as providing security tips and alerts to remind customers to safeguard personal data. [26 Mar 2021]


HKMA launches Global Regtech Challenge

The HKMA has announced the launch of its Global Regtech Challenge, which aims at raising the banking industry’s awareness regarding the potential of regtech adoption.  The competition is one of the key elements of the HKMA’s two-year roadmap to promote regtech adoption, as set out in a white paper published in November 2020 (see our earlier update).Regtech providers from anywhere in the world are welcomed to participate in the competition and showcase their solutions for solving common risk management and regulatory compliance challenges faced by Hong Kong banks.  The problem statements covered by the competition cover the four regtech application areas identified by the white paper, which are considered by the industry to have less mature local solutions but have significant potential for further regtech development:

  • Governance, risk and compliance – how technology can be used optimise compliance of internal and external regulatory obligations;
  • Conduct and customer protection – how technology can be used to support product due diligence and risk rating assessments;
  • Customer data privacy – how technology can be used to protect customer data and privacy and address cyber risks concerns; and
  • Risk management – how technology can be used to enhance the delivery of stress testing requirements driven by needs across different risk, compliance and business unit teams.

Interested regtech providers can register on this website, which provides further details about the competition.  Each contestant is required to submit a market-ready solution to at least one of the above problem statements.  The deadline for submission is 16 April 2021.Selected finalists will be invited to take part in a three-week contextualisation programme in May 2021, aimed at assisting the finalists understand the Hong Kong market and ensure that their solutions are relevant to such market.  The winning solutions will be announced at the HKMA’s upcoming event tentatively scheduled for June 2021. [25 Mar 2021]

HKMA Deputy Chief Executive delivers speech on use of technology in payments, data and supervision

Mr Howard Lee (Deputy Chief Executive of the HKMA) delivered a speech at the BIS Innovation Summit 2021 on 23 March 2021, providing updates on the latest developments in the use of technology in payments, data and supervision.

  • Developments in the payments landscape – Mr Lee indicated that the subject of CBDCs for wholesale or general purpose has been high on the agenda of the central banking community.  Under the auspices of the BIS Innovation Hub Hong Kong Centre, the HKMA is embarking on a multiple CBDC bridge project with central banks in Mainland China, Thailand and the UAE on wholesale CBDCs to improve the settlement and liquidity management efficiencies in cross-border payments (see our previous update).  The HKMA has yet to decide whether general purpose CBDCs should be issued.  This will be the subject of an upcoming study, Project Aurum, in which two architectural models (namely the hybrid CBDC and private CBDC-backed stablecoins) will be considered.  The HKMA is also working with the People’s Bank of China on a technical pilot testing of the use of e-CNY for cross-border retail payments in Hong Kong.
  • Use of commercial data to improve financial intermediation – The HKMA is exploring a new financial infrastructure, the Commercial Data Interchange, to enable voluntary sharing of data by data owners (such as small and medium enterprises (SMEs)) with banks through data providers more efficiently and securely.  Banks can use the data to perform more accurate credit assessments and provide more tailored services to SMEs (see our earlier update).
  • Use of innovative technology to support supervision – The HKMA is on a multi-year digitisation journey.  One element of this is the granular data reporting which commenced in 2019 with a view to collecting transactional level data from banks (instead of template based aggregate data).  This has enabled the HKMA to discover insights and trends in a timely manner and conduct advanced analyses through slicing and dicing the data collected. [23 Mar 2021]




HKMA publishes sixth issue of Regtech Watch on use of technology in risk management associated with treasury activities

The HKMA has published the sixth issue of its Regtech Watch.  This issue focuses on technology applications in risk management associated with treasury activities, including operational risk, legal risk, liquidity risk and market risk.Traditionally, treasury activities are labour-intensive and require collation and analyses of large volumes of data maintained in various systems within banks.  Given that different banks record trade information differently, back-offices of banks have to conduct reconciliation on such information.  Such manual processes can be time-consuming and prone to human errors.The HKMA notes that a number of banks have adopted regtech solutions to enhance their risk management and trade processing capabilities through, for example, the use of big data analytics tools and artificial intelligence (AI) in trade pattern recognition and analyses, applying distributed ledger technology (DLT) to capture trade information and adopting machine learning to predict customers’ behaviours.Three use cases that the HKMA has observed are:

  • Use of big data analytics and AI to detect rogue trading activities;
  • Use of DLT and smart contracts to enhance efficiency in processing trade information and eliminate operational and legal risks arising from inaccurate trade records and non-standard documentation, such as data models to synchronise the representation of derivatives trades and eliminate the need for duplicative reconciliation;
  • Use of cloud-based data management solutions to improve efficiency in liquidity risk monitoring, enabling the use of machine learning models for predicting depositors’ behaviours. [19 Mar 2021]





OJK issued a centralised regulation on non-bank financial institutions’ information technology risk management

The Indonesian Financial Services Authority (OJK) has published on its website OJK Regulation No. 4/POJK.05/2021 on the Implementation of Risk Management on the Use of Information Technology by Non-Bank Financial Institutions (NBFI) (in Indonesian language). This regulation is aimed to expand and centralise provisions regarding NBFI’s use of information technology. It is applicable to all Indonesian NBFIs, including, among others, insurance companies, P2P lending companies, multi-finance companies, pension funds, and venture capital companies. The regulation came into effect on 17 March 2021. [26 Mar 2021]




BoT – Stablecoins regulation policy

The Bank of Thailand (BoT) has released guidelines  for the regulation of financial services involving stablecoins.For Baht-backed stablecoins which are cryptocurrencies designed to minimise price volatility by pegging its value to the Baht and are intended to be used as a means of payment, such stablecoins may be classified as electronic money (e-Money) under the Payment Systems Act, 2017. The BoT oversees risks associated with e-Money, such as settlement, money laundering cybersecurity and consumer protection risks. Those wishing to provide services involving Baht-backed stablecoins are required to consult with the BoT before beginning any operations.For other forms of stablecoins including foreign currency-backed stablecoins, asset-backed stablecoins, and algorithmic stablecoins that are not illegal, the BoT is open to receive comments and feedback before considering regulatory guidelines as appropriate. [19 Mar 2021]





CFTC: Digital Asset Exchange Operator Ordered to Pay $6.5 Million for False, Misleading, or Inaccurate Reporting and Wash Trading

The Commodity Futures Trading Commission (CFTC) issued an order filing and settling charges against a digital asset exchange operator for reckless false, misleading, or inaccurate reporting as well as wash trading by a former employee on the defendant company’s trading platform. According to the order, the defendant company recklessly delivered false, misleading, or inaccurate reports concerning transactions in digital assets on the electronic trading platform it operated. Between January 2015 and September 2018, the defendant company operated two automated trading programs, which generated orders that at times matched with one another. Trading Rules specifically disclosed that the company was trading on a trading platform, but failed to disclose that the company was operating more than one trading program and trading through multiple accounts, resulting in trades between accounts owned by the company based on a perceived volume and level of liquidity of digital assets that was false, misleading, or inaccurate. The CFTC order requires the company to pay a civil monetary penalty of $6.5 million and to cease and desist from any further violations of the Commodity Exchange Act or CFTC regulations, as charged. [19 Mar 2021]

DOJ: Foreign Nationals Sentenced for Roles in Transnational Cybercrime Enterprise

Two foreign nationals—one Russian, the other Macedonian—were sentenced for their role in a transnational cybercrime enterprise that engaged in the mass acquisition and sale of fraud-related goods and services, including stolen identities, compromised credit card data, computer malware, and other contraband. The defendants pleaded guilty to one count of racketeering conspiracy for operating an “escrow” service to facilitate illegal transactions by knowingly catering to websites offering illegal goods and services, ignoring any abuse reports from internet users. Defendants hosted a number of websites in this fashion, providing the infrastructure that allowed co-conspirators to profit off of their criminal activities. [19 Mar 2021]

SEC: California-Based Fraudster Charged With Selling “Insider Tips” on the Dark Web

The SEC charged a California resident with violating the antifraud provisions of the federal securities laws for perpetrating a fraudulent scheme to sell “insider tips” on the dark web. The dark web allows users to access the internet anonymously and, as such, has often been used to host websites and marketplaces that support or promote illegal activity. The SEC’s complaint alleges that, in late 2016 and 2017, the defendant accessed various dark web marketplaces, including a website claiming to be an insider trading forum, in search of material, nonpublic information to use for personal securities trading. According to the complaint, in order to gain access to the insider trading forum, the defendant lied about possessing material, nonpublic information. By doing so, the defendant allegedly gained access to the insider trading forum for a short period, but was unsuccessful in obtaining valuable material, nonpublic information. The complaint further alleges that the defendant subsequently devised a scheme to sell purported insider tips to others on the dark web. This is the SEC’s first enforcement action involving alleged securities violations on the dark web. [18 Mar 2021]