In this regular update, we round-up FinTech-related regulatory developments for the week ending 1 October 2021.



BIS: Reports on CBDCs

The Bank for International Settlements (BIS) has published a new set of reports in relation to central bank digital currencies (CBDCs). The reports analyse policy options and practical implementation issues on the following aspects:




CMA publishes report into OBIE and sets out next steps

The Competition and Markets Authority (CMA) has published the findings of an independent investigation into the Open Banking Implementation Entity (OBIE). It has also set out the steps being taken to improve governance in light of the report’s findings. The OBIE is an independent organisation that, following an Order by the CMA, was set up in 2017 to implement the Open Banking remedy. [1 Oct 2021]

BoE/PRA/FCA: Dear Senior Management Function letter on 2021 CBEST thematic findings

The Bank of England (BoE), the PRA and the FCA have published a template version of their ‘Dear Senior Management Function’ letter addressed to senior managers with responsibility for cyber. In the letter, the regulators set out the key findings from the 2021 CBEST thematic process. The purpose of sharing the findings is to highlight areas of concern to firms so that they can address any such weaknesses internally. [30 Sep 2021]



BoE: Dear CEO letters to FMIs regarding material outsourcing to the public cloud

The Bank of England (BoE) has published template versions of letters sent by the Financial Markets Infrastructure (FMI) Division to CEOs of FMIs regarding supervisory expectations in relation to material outsourcing to the public cloud. The letters are addressed to:

The letters communicate the BoE’s intention to consult on its proposed expectations and policies for FMIs on outsourcing in due course, with specific reference to the use of cloud. [29 Sep 2021]





ESMA: Call for evidence on retail investor protection

The European Securities and Markets Authority (ESMA) has published a call for evidence on a number of retail investor protection topics under MiFID II. These views will feed into ESMA’s technical advice to the European Commission (EC) on the development of its strategy for retail investment.

ESMA is specifically requesting information from stakeholders on three topics:

  • disclosures: any significant overlaps, gaps, redundancies and inconsistencies across investor protection legislation that might have a detrimental effect on investors;
  • digital disclosures: how regulatory disclosures and communications can work best for consumers in the digital age, and any options as to how existing rules might be adapted, such as allowing layered information; and
  • digital tools and channels: risks and opportunities with respect to retail investing stemming from both the increasing availability of digital tools and the increasing levels of direct investor participation via online trading platforms and robo advisors.

Responses to the call for evidence are requested by 2 January 2022. ESMA will consider the information received when drafting its advice to the EC which will be delivered by 30 April 2022. [1 Oct 2021]



EC: Updated consultation response deadlines – AML package, including in relation to crypto-assets

The EC has updated the consultation response deadline to 26 November 2021 for the following consultations under its anti-money laundering (AML) initiative:

EIOPA: Revised Single Programming Document and Annual Workplan 2022

EIOPA has published its Revised Single Programming Document 2022-2024 setting out its strategy and work programme for the coming year.

EIOPA’s agenda will continue to be influenced by the Covid-19 pandemic, the macroeconomic environment and the overall European agenda. Under the twin objectives of ensuring consumer protection and safeguarding financial stability, EIOPA will continue to support the recovery, built on green and digital transitions.

Specifically, EIOPA will address challenges affecting society, the insurance and pensions sectors, and supervisors, which include climate change, cyber risk and digitalisation, as well as addressing protection gaps. [30 Sep 2021]



ECB: Speech cyber risks and the integrity of digital finance

The European Central Bank (ECB) has published a speech by Fabio Panetta, Member of the Executive Board, on cyber risks and the integrity of digital finance. In his speech, Mr Panetta spoke about the evolving nature of cyber risks and the role of the Euro Cyber Resilience Board (ECRB) in addressing them. [30 Sep 2021]



ESMA: MiFID II review report on algorithmic trading

The European Securities and Markets Authority (ESMA) has published the Markets in Financial Instruments Directive and Regulation (MiFID II/MiFIR) review report on algorithmic trading. The Final Report concludes that no fundamental issues have emerged with respect to the MiFID II algorithmic trading regime which has overall delivered on its objectives. ESMA makes some recommendations to simplify the regime and make it more efficient.

This report will be submitted to the European Commission (EC) and is expected to be taken into consideration for further legislative proposals on the MiFID II regime. Regarding Level 2 provisions, the amendment of existing technical standards discussed in the report will be subject to specific consultations to be published shortly. [29 Sep 2021]

ESMA: Annual Work Programme 2022

The European Securities and Markets Authority (ESMA) has published its Annual Work Programme 2022 setting out its priority work areas for the next 12 months. The key work streams that ESMA will focus on include:

  • cross-cutting themes in relation to the capital markets union, sustainable finance, innovation and digitalisation;
  • supervisory convergence;
  • risk assessment;
  • the single rulebook; and
  • direct supervision. [28 Sep 2021]




Quarterly Statement by the CFR – September 2021

The Council of Financial Regulators (CFR) held its quarterly meeting on 24 September 2021. The Australian Treasurer and Australian Competition and Consumer Council (ACCC) representatives attended for parts of the meeting. A number of regulatory reviews and developments regarding payment systems, digital currencies and crypto-assets, including central bank digital currencies (CBDCs) were discussed. The CFR will refocus some working group activities in order to prioritise work considering regulatory arrangements across the spectrum of crypto-assets, including stablecoins. The CFR also considered coordination and regulatory arrangements for cyber security and resilience, including the development of a cyber-attack communication and coordination protocol.  [29 Sep 2021]





Hong Kong

HKMA publishes joint research on multiple CBDC showing potential for speeding up cross-border payments and reducing costs

The HKMA has announced the publication of a report titled “Inthanon-LionRock to mBridge: Building a multi CBDC platform for international payments” to deliver the interim findings of the Multiple Central Bank Digital Currency Bridge (mBridge) project.

The report is jointly published by the HKMA, the Hong Kong Centre of the Bank for International Settlements Innovation Hub, the Bank of Thailand, the Digital Currency Institute of the People’s Bank of China and the Central Bank of the United Arab Emirates.

The mBridge project is an initiative under the HKMA’s “Fintech 2025” strategy (see our previous update), which aims to strengthen research work on the central bank digital currency (CBDC) with the view to future-proofing Hong Kong in terms of CBDC readiness.

Through the mBridge project, the cross-border network prototype built in phase 1 was further developed in phase 2 to support more currencies and interface with new or conventional domestic payment systems.  The report sets out the takeaways of phase 2 and introduces the scope of phase 3.  According to the report:

  • The enhanced prototype has the potential to offer various benefits to the participating central banks, including the ability to manage the liquidity of their CBDC, enhance the level of privacy of the transactions, and automate certain compliance functions.
  • Compared to the existing correspondent banking model, the prototype can substantially speed up cross-border transfers and reduce costs.  [28 Sep 2021]
HKMA publishes third issue of Regtech Adoption Practice Guide on GRC solutions

The HKMA has published the third issue of its Regtech Adoption Practice Guide, focusing on regtech solutions in the area of governance, risk and compliance (GRC). The guide series was launched by the HKMA in June 2021 as part of its regtech adoption roadmap to provide banks with detailed practical guidance on the adoption of regtech solutions (see our previous update).

GRC is a framework of people, processes and technologies to gather and aggregate risk information across an organisation to enable timely management attention and action. This issue of the guide introduces a modular approach to building a GRC regtech platform and outlines some key implementation components based on observations of what others have successfully done.

The topics covered include:

  • key challenges faced by Hong Kong-based banks in relation to GRC, including the benefits and key considerations when adopting GRC solutions;
  • practical implementation guidance to banks on the adoption of GRC regtech solutions; and
  • use cases on adopting regtech solutions to manage GRC, including key learnings from successful GRC regtech implementation from the perspectives of both the bank and the regtech provider.  [27 Sep 2021]



MAS announces new digital platform to combat ML/TF/PF and opens consultation on legislative framework and platform features

The Monetary Authority of Singapore (MAS) has announced that it will introduce a digital platform and enabling regulatory framework for financial institutions (FIs) to share with one another relevant information on customers and transactions to prevent money laundering (ML), terrorism financing (TF) and proliferation financing (PF) .

The new digital platform, named COSMIC, for ‘Collaborative Sharing of ML/TF Information & Cases’ has been created in collaboration with industry. MAS plans to launch the COSMIC platform in the first half of 2023. COSMIC will initially focus on three key financial crime risks in commercial banking: abuse of shell companies; misuse of trade finance for illicit purposes; and PF. MAS plans to progressively extend COSMIC’s coverage to more FIs and focus areas and make some aspects of sharing mandatory.

MAS is seeking feedback on the proposed legislative framework for COSMIC, as well as the platform’s features by 1 November 2021. [1 Oct 2021]




Herbert Smith Freehills LLP has a Formal Law Alliance (FLA) with Singapore law firm Prolegis LLC, which provides clients with access to Singapore law advice from Prolegis. The FLA in the name of Herbert Smith Freehills Prolegis allows the two firms to deliver a complementary and seamless legal service.