In this regular update, we round-up FinTech-related regulatory developments for the week ending 14 May 2021.



Pay.UK: Advanced notice – first standards technical collateral

Pay.UK has announced that it is currently undertaking due diligence and quality assurance steps ahead of a first release which is scheduled for summer. This will include implementation guidelines and the relevant schemas in machine readable form (XSD) for a single ISO pacs.008 and pacs.002 messages for a Single Priority Payment that will be used in the New Payments Architecture (NPA). Pay.UK will be seeking feedback relating to usability, content and the types of collateral available. Industry will then be able to review and respond to this first iteration of technical material by the end of September.

BoE: Speech on need for public money

The BoE has published a speech entitled ‘Do we need ‘public money’?’, delivered by Sir Jon Cunliffe, Deputy Governor, Financial Stability. Among other things, Sir Jon spoke about:

  • the use and issue of money in the UK today;
  • future trends such as digital money;
  • the importance of access to public money;
  • financial stability implications of the absence of public money for use by the general public; and
  • other related public policy objectives.

Towards the end of his remarks, Sir Jon advised that the BoE will issue a discussion paper on digital money, including central bank digital currencies (CBDCs) and stable-coins. [13 May 2021]





Speech by Sir Geoffrey Vos – ADR, FOS, smart contracts

The speech delivered by the Right Hon. Sir Geoffrey Vos at the London International Disputes Week 2021 has been published. Among other things, Sir Geoffrey spoke about the future of alternative dispute resolution (ADR), including in the context of the financial services sector and the Financial Ombudsman Service (FOS), and about the use of smart contracts. [11 May 2021]

Queen’s Speech 2021 

HM Government (HMG) has published the Queen’s Speech 2021 which sets out the legislative agenda for the forthcoming Parliamentary session, as well as an accompanying background briefing. Among the planned legislation are:

  • the Product Security and Telecommunications Infrastructure Bill, which includes extending 5G mobile coverage and gigabit capable broadband;
  • the Draft Online Safety Bill, which will protect individuals online;
  • the Advanced Research and Invention Agency Bill; and
  • the Skills and Post-16 Education Bill, which will support a lifetime skills guarantee to enable flexible access to education and training.

The House of Commons Work and Pension Committee issued a press release setting out the Committee Chair’s comments on the Online Safety Bill.  [11 May 2021]






EDPS: Opinion on DORA

The European Data Protection Supervisor (EDPS) has published an opinion (7/2021) on the Proposal for a Regulation on digital operational resilience for the financial sector (DORA). The opinion welcomes DORA and highlights the need for financial entities to embed a strong data protection governance mechanism within their digital operational resilience framework. In addition, the opinion makes specific observations on the following topics:

  • international transfers to ICT third-party service providers;
  • information sharing arrangements;
  • the publication of administrative fines; and
  • the notification of data breaches. [12 May 2021]



ECB publication; TARGET Instant Payment Settlement

The ECB has issued a publication which explains how to join the Eurosystem’s instant payment settlement service – TARGET Instant Payment Settlement (TIPS). The ECB’s aim is to provide an overview of the main features of TIPS, including connectivity options, functioning of the platform and requirements to join. [11 May 2021]

EU Commission consultation – Retail Investment Strategy

The EU Commission has launched a public consultation on the future EU retail investment strategy which was announced in last year’s Capital Markets Union Action Plan.  The Commission is seeking views on how to improve the existing retail investor protection framework, so that it is suitably adapted to the profile and needs of consumers, helps ensure improved market outcomes, empowers retail investors and enhances their participation in the capital markets. A number of the Commission’s questions seek views on digitalisation, and Chapter 3 of the consultation specifically focuses on digital innovation, including open finance, machine readability, online marketing, and digital sales channels.

Feedback is requested by 3 August 2021. [11 May 2021]





Hong Kong

HKMA provides update on implementation plan for open API framework

The HKMA has provided an update on the implementation plan for the open application programming interface (API) framework, specifically on phase III (account information) and phase IV (transactions) of the framework. The previous update was provided in July 2019.

  • Following the implementation of phases I and II in 2019, the HKMA appointed an external consultant to analyse and recommend future steps for the implementation of phases III and IV, taking into account international practices and the local market situation.
  • The HKMA will adopt a progressive approach when implementing phases III and IV API functions that enable viable use cases involving lower implementation cost and risk. This is based on the four recommendations in the “The Next Phase of the Banking Open API Journey” study report for the facilitation of implementation of phases III and IV, namely progressive implementation, open API technical standardisation, refinements to the common baseline, and protection measures to foster customer trust.
  • The initial batch of API functions, which will cover deposit account information and online merchant payments, are expected to be implemented progressively by the 28 participating banks starting from December 2021.
  • The HKMA will also facilitate the Hong Kong Association of Banks (HKAB) in developing a set of standards covering key areas of customer experience and authentication, technical and data standards, information security, and operation standards. The HKAB will also refine the current common baseline document for the implementation of phases III and IV. The standards and the updated common baseline document are expected to be published by the end of 2021. [13 May 2021]




MAS: Response to Parliamentary Question on BNPL Schemes

MAS has published the response to a Parliamentary Question regarding Buy Now, Pay Later (BNPL) digital platforms. The response explains:

  • BNPL schemes are typically offered by digital platforms to enable consumers to pay for their purchases in instalments. As in most jurisdictions, BNPL schemes fall outside of MAS’ regulations on credit, which apply to banks and finance companies.
  • While using BNPL schemes, like traditional instalment plans, can make purchases appear more affordable, BNPL could lead to excessive consumer borrowing, especially among youth and impulsive buyers.
  • MAS and other government agencies are hence examining if some form of regulation is necessary for BNPL schemes.
  • In the meantime, MAS has worked with the media to highlight the pitfalls of taking on excessive credit. [11 May 2021]


MAS: Response to Parliamentary Questions on Project Ubin, CBDCs, retail investor exposure to cryptoassets

MAS has published the response to a Parliamentary Question regarding Project Ubin, the MAS-led collaboration with industry to explore the use of blockchain technology and a wholesale Central Bank Digital Currency (CBDC) issued by MAS to clear and settle payments and securities more efficiently. The response explains:

  • The industry has moved to build on the success of Project Ubin, and MAS highlights a number of examples.
  • MAS continues to collaborate with the industry on potential applications of wholesale CBDCs. For example, MAS is partnering the Bank for International Settlements (BIS) Innovation Hub Centre in Singapore on Project Dunbar, which explores how different multi-currency settlement platforms could be designed to link up with one another. This aims to make cross-border payments faster and cheaper, while remaining secure.
    MAS is carefully studying the costs and benefits of a retail CBDC, and has not made a decision on this yet.

In response to a Parliamentary Question regarding retail investor exposure to cryptoassets, MAS explains:

  • MAS has repeatedly cautioned that investing in cryptocurrencies is risky and not suitable for retail investors. Those who choose to trade in cryptocurrencies should therefore understand the significant risks they are taking on, and verify the credentials of the entities involved before dealing with them. This should include checking the MAS Investor Alert List which identifies businesses that have falsely purported to be licensed and regulated by MAS.
  • MoneySense, Singapore’s national financial education programme, has launched a campaign to raise awareness of the risks of investment scams involving cryptocurrencies and online trading.
  • MAS continues to watch developments in the cryptocurrency space and will regularly review the adequacy and appropriateness of our regulations. [10 May 2021]





FINRA Shares Practices Firms Use to Protect Customers From Online Account Takeover Attempts

Financial Industry Regulatory Authority, Inc. (“FINRA”) received an increasing number of reports regarding customer account takeover (“ATO”) incidents, which involve bad actors using compromised customer information, such as login credentials (i.e., username and password), to gain unauthorized entry to customers’ online brokerage accounts. To help firms prevent, detect and respond to such attacks, FINRA recently organized roundtable discussions with representatives from 20 firms of various sizes and business models to discuss their approaches to mitigating the risks from ATO attacks.

FINRA’s Notice outlines the recent increase in ATO incidents; reiterates firms’ regulatory obligations to protect customer information; and discusses common challenges firms identified in safeguarding customer accounts against ATO attacks, as well as practices they find effective in mitigating risks from ATOs—including recent innovations—which firms may consider for their cybersecurity programs. [12 May 2021]

Federal Reserve Board Invites Public Comment On Proposed Changes to Regulation II Regarding Network Availability for Card-Not-Present Debit Card Transactions

The Federal Reserve Board invited public comment on proposed changes to Regulation II (Debit Card Interchange Fees and Routing) to clarify that debit card issuers should enable, and allow merchants to choose from, at least two unaffiliated networks for card-not-present debit card transactions, such as online purchases. The Board stated that it views these clarifications of Regulation II’s existing requirements as necessary in light of information indicating that often only one network is enabled for such transactions.

Regulation II implements section 920 of the Electronic Fund Transfer Act (“EFTA”). Among other things, the regulation requires that there be at least two unaffiliated payment card networks enabled on a debit card to process debit card transactions. At the time the Board promulgated Regulation II, the market had not developed solutions to broadly support multiple networks over which merchants could choose to route card-not-present transactions. Although technology has subsequently evolved to address these barriers, data collected by the Board and information from industry participants indicate that two unaffiliated networks are often not available to process card-not-present debit card transactions because some issuers do not enable two networks for those transactions. The absence of at least two unaffiliated networks for card-not-present transactions forecloses the ability of merchants to choose between competing networks when routing such transactions, an issue that has become increasingly pronounced because of continued growth in online transactions, particularly in the Covid-19 environment. [7 May 2021]

New York Attorney General Seeks Court Order Immediately Halting Continued Fraud by Illegal Virtual Currency Trading Platform

New York Attorney General Letitia James took legal action to immediately halt the continued illegal and fraudulent operations of a cryptocurrency trading platform. In February, Attorney General James filed a lawsuit against the cryptocurrency trading platform and its two top executives. Since that time, the cryptocurrency trading platform and its CEO have continued their fraud and the Office of the Attorney General learned of new fraudulent conduct. Attorney General James filed a motion asking the court for a temporary restraining order, a preliminary injunction, and the appointment of a receiver to immediately block the cryptocurrency trading platform and its CEO from making any further unauthorized trades and safeguarding investors’ monies. [7 May 2021]








Herbert Smith Freehills LLP is licensed to operate as a foreign law practice in Singapore. Where advice on Singapore law is required, we will refer the matter to and work with licensed Singapore law practices where necessary.