In this regular update, we round-up FinTech-related regulatory developments for the week ending 26 November 2021.
FCA publishes responses to questions submitted to its Annual Public Meeting
The FCA has published its responses to questions which were submitted to its Annual Public Meeting on 28 September 2021, but which were not answered during the meeting. Topics covered include: cryptoassets; operational resilience; FCA’s approach to investigations during Covid; open finance and open banking; and more. [25 Nov 2021]
PRA consultation on operational resilience and operational continuity in resolution
The PRA has published a consultation paper on operational resilience and operational continuity in resolution (CP21/21). The consultation sets out the PRA’s proposals to apply the group provisions in the Operational Resilience Part of the PRA Rulebook relevant to Capital Requirements Regulation (CRR) firms to holding companies, and to make other minor formatting and clarification amendments to the Operational Resilience and Operational Continuity Parts of the PRA Rulebook.
The proposals are relevant to different types of firms as follows:
The PRA proposes that the implementation date for the changes resulting from CP21/21 would be:
Responses are requested by 14 January 2022. [25 Nov 2021]
HMT: Economic Secretary’s speech at the UK Finance Annual Dinner
HM Treasury (HMT) has published the speech delivered by John Glen, Economic Secretary, at the UK Finance Annual Dinner. Mr Glen made reference to a range of issues relevant to financial services, from the impact of Covid to tackling climate change to FinTech and innovation.
In particular, he provided an update on the Wholesale Markets Review, noting that there was broad consensus across many of the issues set out in the consultation. A full summary of the responses will be published in early 2022; this will also set out HM Government’s (HMG’s) plans for taking the work forward. However, Mr Glen used the opportunity provided to highlight some forthcoming changes, advising that HMG will:
Also during the speech, Mr Glen noted that the Financial Ombudsman Service (FOS) is due to publish the outcome of the independent review into how to improve its operational effectiveness shortly. [24 Nov 2021]
FOS highlights 30% increase in ‘authorised’ scam complaints
The FOS has published a press release reporting that it has seen a 30% increase in ‘authorised’ scam complaints. The FOS received a total of 4,488 complaints about fraud and scams from July to September 2021 and upheld over 60% in the consumers’ favour. Of this figure, 2,243 complaints were about ‘authorised’ scams compared to 1,725 in July to September 2020. The vast majority of such complaints are authorised push payments (APP) where the victim is tricked into making bank transfers to an account posing as a legitimate payee. [24 Nov 2021]
CMA: Report on terms of reference – OBIE
The Competition and Markets Authority (CMA) has published the terms of reference for a review to be carried out of the lessons that can be learned from recent issues at the Open Banking Implementation Entity (OBIE). The terms of reference for the review state that, although it will not revisit the questions considered by the independent investigation into the OBIE, it will take its findings into account.
The review will be completed within six months and its findings will be reported to the CMA Board and published. [23 Nov 2021]
BoE: Speech on enhancing cross-border payments
The BoE has published a speech by Victoria Cleland, Executive Director for Banking, Payments and Innovation, on how central banks and the private sector will work together to improve cost, speed, transparency and access to cross-border payments. Ms Cleland makes particular note of the BoE’s focus on its Real Time Gross Settlement (RTGS) Renewal Programme to upgrade its core settlement services. [22 Nov 2021]
EP: Political agreement reached on DLT pilot regime
The European Parliament (EP) has published a press release announcing that it has reached agreement with the Council of the EU on the Regulation on distributed ledger technology (DLT) based market infrastructures (DLT pilot regime). The press release states that:
The European Council (EC) has adopted its position on two proposals that are part of the digital finance package: the ‘Regulation on Markets in Crypto Assets’ (MiCA) and the ‘Digital Operational Resilience Act’ (DORA). The EC and European Parliament (EP) will now enter trilogue negotiations on the proposals. Once a provisional political agreement is found between their negotiators, both institutions will formally adopt the regulations. [24 Nov 2021]
ECB: New framework for overseeing electronic payments
The ECB’s Governing Council has approved a new oversight framework for electronic payments following a public consultation. The Eurosystem oversight framework for electronic payment instruments, schemes and arrangements (PISA framework) includes an assessment methodology and an exemption policy. It replaces the current Eurosystem oversight approach for payment instruments and complements the Eurosystem’s oversight of payment systems. The Eurosystem will use the new framework to oversee companies enabling or supporting the use of payment cards, credit transfers, direct debits, e-money transfers and digital payment tokens, including electronic wallets. The PISA framework will also cover crypto-asset-related services, such as the acceptance of crypto-assets by merchants within a card payment scheme and the option to send, receive or pay with crypto-assets via an electronic wallet.
Companies that are already subject to Eurosystem oversight are expected to adhere to the principles of the new framework by 15 November 2022. Other companies will have a grace period of one year from the moment they are notified that they will be subject to oversight under the new framework. [22 Nov 2021]
APRA: Improving cyber resilience – the role boards have to play
In response an increased threat of cyber security, APRA has created a strategy that reinforces its view that cyber resilience must be strengthened.
The strategy has undertaken two pilot initiatives: a technology resilience data collection and an independent assessment against the requirements of APRA’s Information Security Prudential Standard.
The two pilots concluded that boards need to take a more active role in:
APRA intends to continue rolling out its independent assessment to entities in the banking, superannuation and insurance industries with the intention to deliver insights that will lift practices and enhance cyber resilience. [23 Nov 2021]
Speech by ASIC Chair Joe Longo at the AFR Super & Wealth Summit – Responsibility amid change
At the Australian Financial Review Super & Wealth Summit, ASIC Chair, Joe Longo, gave a speech regarding ASIC’s responsibility amid change noting the following key points:
SFC issues restriction notices to freeze client accounts linked to suspected social media ramp-and-dump scam
The SFC has issued restriction notices to Emperor Securities Limited and Get Nice Securities Limited, prohibiting them from dealing with or processing certain assets held in 17 client trading accounts which are related to a suspected social media ramp-and-dump scam involving their clients where there was market manipulation in the shares of a Hong Kong-listed company in late October 2021. The SFC considers that the issue of the restriction notices is desirable in the interest of the investing public or in the public interest. It conducted a search operation after issuing the restriction notices.
The restriction notices prohibit the two brokerage firms, without the SFC’s prior written consent, from disposing of or dealing with (or assisting, counselling or procuring another person to dispose of or deal with) any assets in any way in the trading accounts, including:
The brokers are also required to notify the SFC if they receive any of the above instructions.
The SFC’s investigation is continuing. [26 Nov 2021]
HKMA publishes fourth issue of Regtech Adoption Practice Guide on regulatory reporting and stress testing
The HKMA has published the fourth issue of the Regtech Adoption Practice Guide, focusing on regtech solutions designed for regulatory reporting and stress testing. The guide series was launched by the HKMA in June 2021 as part of its regtech adoption roadmap to provide banks with detailed practical guidance on the adoption of regtech solutions (see our previous update).
Banks are often challenged by the need to extract data from multiple systems, which were often designed and implemented before the latest regulatory reporting or stress testing requirements became effective. This practice guide issue provides practical guidance to help banks plan the implementation of regtech solutions that could alleviate some of the pain points encountered in regulatory reporting and stress testing. It offers advice on how banks can establish a sustainable and robust governance framework powered by technology to fulfil evolving reporting and stress testing requirements. [26 Nov 2021]
Government provides overview and materials on Hong Kong Fintech Week 2021 which concluded on 5 November 2021
The government has issued a press release to provide an overview of the Hong Kong Fintech Week 2021 which concluded on 5 November 2021. The event championed “Scaling Fintech Future Together”, a celebration of Hong Kong as an attractive hub for start-ups and scale-ups in the region, and a showcase of fintech collaboration. It was the first Hong Kong Fintech Week held in a hybrid format (both in person and online).
The press release summed up the new policy measures and proposals announced by the government and the regulators as well as industry initiatives and insights discussed at the event, providing hyperlinks to the video recordings of the key sessions. The video recordings can also be accessed via the event YouTube channel.
Highlights of the key proposals and initiatives announced at the event are included in our previous update. [22 Nov 2021]
MAS speech: Chongqing Connectivity in Digitalisation and Sustainability
The Monetary Authority of Singapore (MAS) has released the transcript of the keynote speech given by Ravi Menon, the Managing Director of MAS, at the Singapore-China (Chongqing) Financial Summit.
Mr Menon observed that financial connectivity between Singapore and Western China has strengthened with cross-border financing volumes growing substantively over the years. He spoke about increasing the competitiveness of China-Singapore (Chongqing) Connectivity Initiative – International Land Sea Trade Corridor (CCI-ILSTC) through trade digitalisation and how Singapore and Chongqing could work together to mobilise green financing and investments in a safe, sound and orderly manner. [23 Nov 2021]
SECT consults on draft regulations on banning services relating to privacy coins
The Securities and Exchange Commission, Thailand (SECT) is seeking comments on its proposed regulations for prohibiting digital asset business operators from providing services relating to privacy coins. The purpose behind the regulations is to prevent the misuse of digital assets as a tool for committing a crime.
Comments are requested by 21 December 2021. [22 Nov 2021]
Federal Bank Regulatory Agencies Issue Joint Statement on Crypto-Asset Policy Initiative and Next Steps
The Board of Governors of the Federal Reserve System (Fed), the Federal Deposit Insurance Corporation (FDIC), and the Office of the Comptroller of the Currency (OCC) issued a statement summarizing their interagency “policy sprints” focused on crypto-assets and providing a roadmap of future work related to crypto-assets. In particular, the statement describes the focus of the preliminary work conducted through the sprints undertaken by the agencies. It summarizes the agencies’ plan to provide greater clarity throughout 2022 on whether certain crypto-related activities conducted by banking organizations are legally permissible, and related expectations for safety and soundness, consumer protection, and compliance with existing law and regulations. [23 Nov 2021]
OCC Clarifies Bank Authority to Engage in Certain Cryptocurrency Activities and Authority of OCC to Charter National Trust Banks
The OCC published a letter confirming that national banks and federal savings associations must demonstrate that they have adequate controls in place before they can engage in certain cryptocurrency, distributed ledger, and stablecoin activities.
Shortly after taking office, Acting Comptroller Michael J. Hsu announced a review of OCC Interpretive Letters 1170, 1172, and 1174, issued in 2020 and 2021. The letter clarifies that the activities addressed in the previous interpretive letters may be conducted after a bank notifies its supervisory office of its intent to engage in the activities, and after a bank receives written notification of the supervisory office’s non-objection. The bank should not engage in the activity until it receives a non-objection from its supervisory office. [23 Nov 2021]
Federal Bank Regulatory Agencies Approve Final Rule Requiring Computer-Security Incident Notification
The final rule requires a banking organization to notify its primary federal regulator of any significant computer-security incident as soon as possible and no later than 36 hours after the banking organization determines that a cyber incident has occurred. Notification is required for incidents that have materially affected—or are reasonably likely to materially affect—the viability of a banking organization’s operations, its ability to deliver banking products and services, or the stability of the financial sector.
In addition, the final rule requires a bank service provider to notify affected banking organization customers as soon as possible when the provider determines that it has experienced a computer-security incident that has materially affected or is reasonably likely to materially affect banking organization customers for four or more hours. Compliance with the final rule is required by May 1, 2022. [18 Nov 2021]