In this regular update, we round-up FinTech-related regulatory developments for the week ending 27 August 2021.



IMF paper: The impact of FinTech on central bank governance

The International Monetary Fund (IMF) has published an occasional paper in its FinTech Notes series on the impact of FinTech on central bank governance. Noting that central banks facing new and unprecedented challenges arising from technology such as distributed ledger technology (DLT), artificial intelligence (AI) and cloud computing, the paper sets out preliminary views on how, from a legal perspective, central banks might address the impact of FinTech on their governance. [25 Aug 2021]






UK Finance: Roll-out of contactless payment limit increase 

UK Finance has published a press release announcing that the roll-out of the increase in the contactless payment limit to £100 will commence from 15 October 2021. [27 Aug 2021]

FCA: Portfolio letter on loan-based P2P crowdfunding platforms

The FCA has published a template portfolio letter to boards of directors on loan-based peer-to-peer (P2P) crowdfunding platforms. The template letter sets out:

  • the key risks that P2P platforms pose to customers and markets;
  • the FCA’s expectations of P2P firms, including how firms should be mitigating key risks; and
  • the FCA’s supervisory strategy to ensure that firms are meeting expectations and remedying harms.

The FCA expects firms to ensure they deliver fair outcomes for consumers and will intervene if it sees failures in this regard. [26 Aug 2021]




OJ: ECB Opinion on DORA

The European Central Bank’s (ECB) opinion on the proposed regulation on digital operational resilience for the financial sector (DORA) has been published in the Official Journal of the EU (OJ). In its opinion, the ECB welcomes the proposed regulation, which aims to enhance the cyber security and operational resilience of the financial sector. The ECB also makes a number of general and specific observations on the proposed regulation, and sets out its recommended amendments to the European Commission’s (EC) draft. [26 Aug 2021]



EDPS: Opinion on proposal for a Directive on consumer credits

The European Data Protection Supervisor (EDPS) has published an opinion on the EC’s proposal for a Directive on consumer credits. The opinion welcomes the EC’s proposal, which aims to modernise existing consumer credit rules to address changes brought about by digitalisation and other market trends. The opinion also includes suggestions for the EC to further support harmonisation and consumer protection. [26 Aug 2021]





ASIC and APRA publish Corporate Plans for 2021–2025

ASIC and APRA have published their respective Corporate Plans for 2021–2025 outlining their priorities over the next four years to achieve a fair, strong and efficient financial system in Australia.

ASIC’s four external strategic priorities, which respond to the Government’s Statement of Intent, are:

  • promoting economic recovery including through efficient regulation and innovation;
  • reducing the risk of harm to consumers exposed to poor product governance and design, and increased investment scam activity;
  • supporting enhanced cyber resilience and cyber security among ASIC’s regulated population; and
  • driving industry readiness and compliance with standards set by law reform initiatives (including the Financial Accountability Regime, reforms in superannuation and insurance, breach reporting, and the design and distribution obligations).

ASIC Chair Joe Longo has reiterated ASIC’s critical role in promoting economic recovery and confidence in the financial system, and supporting businesses through efficient modes of regulation. Mr Longo further stated that ASIC will remain vigilant, using its regulatory tools to disrupt misconduct and drive efficient and proportionate regulatory outcomes. While ASIC will no doubt take regulatory enforcement action where it considers it necessary, the pendulum has well and truly moved away from the ‘why not litigate’ extremity.

APRA’s Corporate Plan centred around the strategic theme of ‘protected today, prepared for tomorrow’. APRA’s aims include:

  • preserving the resilience of banks, insurers and superannuation funds, with a continuing focus on cyber risks, remuneration and accountability, and implementing the Government’s Your Future, Your Super reforms;
  • continuing to invest in and embed data to better enable data-driven decision-making; and
  • increasing its understanding of the impact of new financial activities and participants, such as technological innovations and new business models.  [27 Aug 2021]




Hong Kong

BIS Innovation Hub and HKMA investigate how tokenised green bonds can improve sustainable investment

The Bank for International Settlements (BIS) Innovation Hub Hong Kong Centre and the HKMA are collaborating with the technology industry to launch Project Genesis with a view to building a prototype digital infrastructure, which enables green investments, improves transparency on use of proceeds, and thereby helps meet regional and global environmental and sustainability goals.

Project Genesis will investigate the tokenisation of green bonds enabling investment in small denominations, combined with real-time tracking of environmental outputs. The BIS Innovation Hub and the HKMA will work with six partner companies that will design the digital infrastructure.  With this project, the BIS Innovation Hub strives to show the “green art of the possible” through combining blockchain, smart contracts, internet-of-things and digital assets.

The results of the tests and prototypes will be published in the fourth quarter of 2021.  [24 Aug 2021]






MAS and US Treasury finalise MoU on cybersecurity cooperation

The Monetary Authority of Singapore (MAS) and the US Treasury have finalised a Memorandum of Understanding (MoU) in relation to cybersecurity cooperation.

While the US Treasury and MAS have had ongoing exchange of cyber threat information since 2018, the MoU formalises and strengthens the partnership.

Specifically, the MOU enhances cooperation in the following areas:

  • information sharing relating to the financial sector including cybersecurity regulations and guidance, cybersecurity incidents, and cybersecurity threat intelligence;
  • staff training and study visits to promote cooperation in the area of cybersecurity; and
  • competency-building activities such as the conduct of cross-border cybersecurity exercises. [23 Aug 2021]



Bank Indonesia to introduce national standards for payment open application programming interface (payment open API)

Bank Indonesia has published on its website Regulation of Board of Governor No. 23/15/PADG/2021 on Implementation of National Standard for Payment Open Application Programming Interface (in Indonesian language). Under these regulations, Bank Indonesia stipulates national standards for payment open API (standar nasional open API pembayaran or “SNAP”).  This regulation is an implementing regulation to Regulation of Bank Indonesia No. 23/11/PBI/2021 on National Standards for Payment System (in Indonesian language – see above).

SNAP will set out technical and operational standards for interconnectivity and interoperability, information system safety, governance and risk management for payment open APIs in Indonesia and will be issued by Bank Indonesia through a Bank Indonesia decree. Afterwards, the standards will be published through a prescribed webpage. Once published, all payment system operators who intend to develop a payment open API or enter into a cooperation with a payment open API administrator are required to obtain an approval from Bank Indonesia and implement SNAP.

The regulation came into effect on 16 August 2021. [27 Aug 2021]




SECT consults on further regulation of digital asset businesses’ custody of clients assets

The Securities and Exchange Commission, Thailand (SECT) is seeking comments on additional amendments to the regulations on the custody of clients’ assets in digital asset businesses, which includes keeping custody of fiat money and seeking benefits from the clients’ assets for the clients’ interest. The proposed amendments aim to enhance protection for digital asset investors.

The SECT is proposing that digital asset business operators undertake the following actions:

  • custody of fiat money: withdrawal and transfer of fiat money from the accounts opened for the benefit of clients shall comply with the principles for decentralised approval authority, multi-sign approval authority, and check and balance, in the similar manner as custody of digital assets;
  • custody of fiat money and digital assets: the use of a client’s assets for the benefit of another client or other persons shall be prohibited and clients’ assets shall be reconciled every business day; and
  • seeking benefits from clients’ assets: seeking benefits from clients’ fiat money shall be prohibited except in the form of deposit with commercial banks. In this regard, digital asset business operators and clients may agree on an interest rate not exceeding the actual rate the business operators receive from the commercial banks. In the case of digital assets, seeking benefits for clients shall be prohibited, including in the form of digital asset lending to other persons.

Comments on the proposals are requested by 22 September 2021. [25 Aug 2021]




SECP sets out approach to FinTech regulation beyond Covid-19

The SECP has issued a press release covering the SECP’s contribution at the 15th Regional Leadership Program for Securities Regulators organised by the Monetary Authority of Singapore (MAS) in partnership with the non-profit organisation, the Toronto Centre.  At the event, the SECP underscored the importance of striking a balance between promoting innovation in FinTech and ensuring investor protection and market stability beyond Covid-19.

In regulating FinTech in the Philippines, the SECP intends to adhere to the principle that no one size fits all; adopt an activity-based approach rather than an entity-based approach; implement principles-based regulations rather than specific rules; and remain technology neutral. [25 Aug 2021]




SEC Obtains Judgments Against Individuals for Involvement in Open-source Cryptocurrency

The SEC has obtained judgments against two defendants and a relief defendant for their involvement with an open-source cryptocurrency and the promotion of its ‘lending program’. Pursuant to the judgments, the defendants and relief defendant have been ordered to collectively pay more than $3.5 million and 190 Bitcoin in disgorgement and prejudgment interest. According to the SEC’s complaint, from approximately June 2017 to January 2018, the defendants promoted the cryptocurrency and marketed and sold securities in its lending program. The SEC’s complaint alleges that the defendants offered and sold the securities without registering the securities offering with the SEC, and without being registered as a broker-dealer with the SEC, as required by the federal securities laws. The defendants have been charged with violating federal securities laws and ordered to pay disgorgement and civil penalties. [19 Aug 2021]






Herbert Smith Freehills LLP is licensed to operate as a foreign law practice in Singapore. Where advice on Singapore law is required, we will refer the matter to and work with licensed Singapore law practices where necessary.