In this regular update, we round-up FinTech-related regulatory developments for the week ending 23 April 2021.
HoC Library: Guide on financial technology
The House of Commons (HoC) Library has published a guide on financial technology (FinTech). The guide looks at the definition of FinTech; the FinTech industry in the UK; the benefits and risks of FinTech; and HM Government’s (HMG) policies to support the FinTech sector. [22 Apr 2021]
TSC report on net-zero and the future of green finance
The Treasury Committee (TSC) has published the report of its inquiry into decarbonisation and green finance. Among its recommendations on how HMG can achieve net-zero by 2050, the TSC highlights that the FCA should encourage FinTech innovation and tackle regulatory barriers. [22 Apr 2021]
BoE: Speech on FinTech and public support for private innovation
The Bank of England (BoE) has published a speech on FinTech and public support for private innovation, delivered by Dave Ramsden, Deputy Governor, Markets and Banking at UK FinTech Week. Among other things, Mr Ramsden spoke about the areas of payments; data strategy; artificial intelligence (AI); PRA regulation on outsourcing and third-party risk management; support for new and growing firms; and cross-authority and international collaboration. [21 Apr 2021]
BoE: Updated UK Money Markets Code
The BoE has published an updated version of the UK Money Markets Code which includes significant changes in the areas of: diversity and inclusion; working from home; environment; social and governance (ESG) criteria; electronic trading; and trade settlement discipline.
The updated Code has been recognised as an industry standard by the FCA. [21 Apr 2021]
FCA: CEO speech on innovation
The FCA has published a speech by its CEO, Nikhil Rathi, to FinTech Week. The speech touches upon:
FCA: Progress of transformation programme
The FCA has published a letter from its Chair, Charles Randell, to John Glen, the Economic Secretary to the Treasury, on the progress of the FCA’s Transformation Programme. The letter sets out the FCA’s progress in a number of areas, including as regards plans to migrate to a cloud environment.
FCA announces new director of Digital
The FCA has announced the formal appointment of Ian Alderton as Chief Information Officer, with responsibility for driving the FCA’s technology change programme, and of Ian Phoenix as Director of Intelligence and Digital, with responsibility for enhancing the FCA’s intelligence and surveillance capabilities and for leading digital work to disrupt harmful online activity. [19 Apr 2021]
BoE and HMT announce CBDC Taskforce
The BoE and HM Treasury (HMT) have announced the joint creation of a Central Bank Digital Currency (CBDC) Taskforce to coordinate the exploration of a potential UK CBDC. The Taskforce is intended to ensure a strategic approach to, and to promote close coordination between, the UK authorities as they explore CBDC. The HMG and the BoE have not yet made a decision on whether to introduce a CBDC in the UK, but will engage widely with stakeholders on the benefits, risks and practicalities of doing so: responses to the BoE’s March Discussion Paper on the opportunities, challenges and design of a CBDC are due by 12 June 2020.
The BoE has also announced the creation of a CBDC Engagement Forum, a CBDC Technology Forum, and a CBDC Unit within the BoE. [19 Apr 2021]
Plans to boost UK FinTech and financial services
The Chancellor of the Exchequer, Rishi Sunak, has announced new plans to help ‘FinTechs’ scale up and has confirmed that to this end, the UK will be taking forward many of the recommendations made in the recent FinTech Review led by Ron Kalifa. These notably include the FCA taking forward a “scale box”, the second phase of the FCA’s digital sandbox, the creation of an industry-led Centre for Finance, Innovation and Technology and the launch of a new BoE “omnibus” account for innovative financial market infrastructure providers.
In parallel, the Department for International Trade has announced new export support measures intended to boost trade and create jobs, which include a bespoke FinTech Export Academy and a FinTech Champions scheme to provide 1-2-1 sector-specific advice. [19 Apr 2021]
EC proposes new legal framework for AI
The European Commission (EC) has published a proposed new framework for AI. The legal framework will apply to both public and private actors inside and outside the EU as long as the AI system is placed on the Union market or its use affects people located in the EU. The proposals are subject to EU Parliament and Member States agreement; once adopted, the final regulations will be directly applicable. [22 Apr 2021]
HKMA issues circular regarding BCBS’s principles on operational resilience and sound management of operational risk
The Hong Kong Monetary Authority (HKMA) has issued a circular to inform authorised institutions (AIs) about the issue of the Principles for Operational Resilience (POR) and the Revisions to the Principles for the Sound Management of Operation Risk (Revised PSMOR) by the Basel Committee on Banking Supervision (BCBS) on 31 March 2021. Operational resilience and mitigating operational risk have become more important for AIs in light of the Covid-19 pandemic.
The POR is aimed improving the operational resilience of banks in delivering critical operations through disruptions. It provides guidance in several areas such as governance, business continuity planning (BCP) and testing, third party dependency management, and management of information and communication technology (ICT) related risks. Although many of these requirements are already covered in its existing guidance (including the Supervisory Policy Manual (SPM)), the HKMA is considering the need to provide additional guidance to implement the POR in Hong Kong.
The Revised PSMOR includes further guidance to improve the overall clarity of existing principles, updates where needed in the areas of change management and ICT management, and changes to ensure consistency with the new operational risk framework in the 2017 Basel III final package. It covers elements such as governance, risk management environment, ICT, BCP, and the role of disclosure. The HKMA plans to provide relevant guidance through revising the SPM module OR-1 (Operational Risk Management) and will consult the industry in due course. In the meantime, AIs are strongly recommended to familiarise themselves with the Revised PSMOR and to prepare for any system changes that may be necessary. [21 Apr 2021]
SECP announces implementation eSPARC
The Securities and Exchange Commission of the Philippines (SECP) has announced that from 19 April 2021, all applications for registration of domestic corporations must be filed with and processed by SECP under the Electronic Simplified Processing of Application for Registration of Company (eSPARC).
The new company registration system shall cover one person corporations (OPC) and domestic corporations, both stock and non-stock, with at least two but not more than 15 incorporators who may either be natural persons, partnerships, associations or corporations.
Meanwhile, applications for registration of partnerships and foreign corporations will continue to be accepted and processed under the Company Registration System (CRS). Applications for registration submitted under the CRS prior to 19 April 2021 will be processed therein, unless the applicant is notified by the SECP Processing Officer to resubmit the application using the eSPARC. [16 Apr 2021]
SEC Charges New York Resident With Defrauding Investors In The Offering Of Equity And Digital Asset Securities
The Securities and Exchange Commission (SEC) has alleged that an individual obtained investments totaling over $400,000 from several investors, during the period from August 2017 to June 2018, for a purported blockchain-based Peer-to-Peer lending marketplace startup that would be developed by several companies under his control. The defendant allegedly made a false statement in offering materials that he had received a $30 million investment from a single investor and allegedly guaranteed short-term profits on the investment despite the fact that his companies had no actual operations or revenues at the time. The complaint further alleges that shortly after obtaining investors’ money, the defendant transferred the majority of proceeds to his personal bank account, misappropriating approximately $300,000 of the funds for his personal use. The SEC’s complaint charges the defendant with violations of the antifraud provisions of Section 17(a) of the Securities Act of 1933 and Section 10(b) of the Securities Exchange Act of 1934 and Rule 10b-5 thereunder. The defendant has consented to the entry of a judgment that enjoins him from violating the charged provisions and from participating, directly or indirectly, in any offering of a digital asset security, with monetary relief to be determined at a later date. The settlement is subject to court approval. [20 Apr 2021]
CFTC Orders Florida Man and His Company to Pay Over $397,000 in Connection with a Digital Assets Solicitation Scheme
The Commodity Futures Trading Commission (CFTC) has issued an order filing and settling charges against a Florida resident and a Florida limited liability company, for making misleading statements or omitting material facts in connection with soliciting more than $300,000 from over 40 individuals to invest in digital assets. The individual defendant was an employee and one of the founders of the defendant company and was its principal owner and CEO. According to the order, the defendant and his company solicited and accepted funds in the form of digital currency and fiat cash from over 40 customers to trade virtual currencies, including Bitcoin, Bitcoin Cash, Ether and other alternative coins. They recklessly made false and misleading statements of material fact or omitted to state material facts which induced individuals to invest with the defendant company, invest additional funds with the defendant company, or continue to hold their investments with the defendant. They also made misleading statements regarding the company’s growth and success as a company, its expanding clientele, and its ability to be selective in acquiring customers. Furthermore, they recklessly made materially false and misleading statements and omissions regarding the likelihood of profit and the risk of loss. The order requires the defendants to pay a $150,000 civil monetary penalty, with the amount to be paid by each capped at $75,000, and any post-judgment interest. The order also requires the defendants to pay $247,110 in restitution, with the amount to be paid by each capped at $123,555, and any post-judgment interest. In addition, the order imposes a 10-year ban on the defendants from trading on or subject to the rules of any CFTC-registered entity, and from engaging in any activities requiring registration with the CFTC. [20 Apr 2021]
DoJ: High-Level Organizer of Notorious Hacking Group Sentenced to Prison for Scheme that Compromised Tens of Millions of Debit and Credit Cards
A Ukrainian national was sentenced to 10 years in prison for his high-level role in the criminal work of a hacking group. The defendant, 35, served as a manager and systems administrator for the hacking group. In September 2019, he pleaded guilty to one count of conspiracy to commit wire fraud and one count of conspiracy to commit computer hacking. According to documents filed in the case, since at least 2015, members of the hacking group engaged in a highly sophisticated malware campaign to attack hundreds of US companies, predominantly in the restaurant, gambling, and hospitality industries. The hacking group hacked into thousands of computer systems and stole millions of customer credit and debit card numbers that were then used or sold for profit. The hacking group, through its dozens of members, launched waves of malicious cyberattacks on numerous businesses operating in the US and abroad. To execute its scheme, the hacking group carefully crafted email messages that would appear legitimate to a business’ employees, and accompanied emails with telephone calls intended to further legitimize the emails. Once a file attached to a fraudulent email was opened and activated, the hacking group would use an adapted version of the malware, in addition to an arsenal of other tools, to access and steal payment card data for the business’s customers. Since 2015, many of the stolen payment card numbers have been offered for sale through online underground marketplaces. In the US alone, the hacking group successfully breached the computer networks of businesses in all 50 states and the District of Columbia, stealing more than 20 million customer card records from over 6,500 individual point-of-sale terminals at more than 3,600 separate business locations. According to court documents, victims incurred enormous costs that, according to some estimates, totaled billions of dollars. Additional intrusions occurred abroad, including in the UK, Australia, and France. [16 Apr 2021]