In this regular update, we round-up FinTech-related regulatory developments for the week ending 8 April 2022.



FCA: Business Plan for 2022/23 and Strategy 2022 to 2025

The FCA has published its Business Plan for 2022/23 and Strategy 2022 to 2025.

The Business Plan details the work the FCA will do over the next 12 months to help deliver the commitments in its three-year strategy and how it will measure its progress.

The strategy builds on the FCA CEO’s July 2021 commitment that the FCA will become ‘more innovative, assertive and adaptive,… and data-led’. It sets out the regulator’s expectations for financial services over the next three years and explains how the FCA will measure its own performance. The FCA intends to focus on three overarching commitments:

  • reducing and preventing serious harm;
  • setting and testing higher standards; and
  • promoting competition and positive change.

For firms, the FCA sets out four ‘topline outcomes’ it expects from financial services across all the markets and sectors it regulates, with additional details provided on how these ‘topline outcomes’ apply for consumers:

  • ‘fair value’: consumers receive fair value and quality;
  • ‘suitability and treatment’: consumer are sold suitable products and services and receive good treatment;
  • ‘confidence’: consumers have strong confidence and levels of participation in markets, in particular through minimised harm when firms fail and minimised financial crime; and
  • ‘access’: diverse consumer needs and met through high operational resilience and low exclusion.

Alongside the Business Plan and Strategy, the FCA has published its Outcomes and Metrics which clarifies how it will measure and be accountable for progress against the commitments set out in those documents. [7 Apr 2022]




FCA: Speech on building a digital regulator

The FCA has published a speech by Jessica Rusu, Chief Data, Information and Intelligence Officer on building a digital regulator. In her speech, Ms Rusu spoke about:

  • the role of innovation at the FCA;
  • how the FCA is fostering innovation; and
  • future CryptoSprint and APP Fraud TechSprints.

The FCA has also issued a press release detailing that it will host a two-day CryptoSprint on 10 and 11 May 2022, exploring how cryptoassets could be regulated within the UK. [4 Apr 2022]



HMT: Response to CP and CfE on regulatory approach to cryptoassets, stablecoins and DLT

HM Treasury (HMT) has published its response to its consultation paper (CP) on the UK regulatory approach to cryptoassets and stablecoins and call for evidence (CfE) on distributed ledger technology (DLT) in financial markets. The response confirms HMT’s intention to take the necessary legislative steps to bring activities that issue or facilitate the use of stablecoins used as a means of payment into the UK regulatory perimeter. HMT intends to consult later on in 2022 on regulating a wider set of cryptoasset activities.

In response to the CfE on DLT, the government intends to support industry in ensuring that regulations can accommodate tokenisation and DLT in financial market infrastructures (FMIs). The government is developing an FMI Sandbox (to be up and running in 2023) to support firms that wish to innovate, including by using DLT to provide FMI services.

HMT has also published the keynote speech by John Glen, Economic Secretary, at the Innovate Finance Global Summit. In his speech, Mr Glen spoke about exploring the benefits of DLT in UK financial markets. Mr Glen also announced the establishment of a high-level industry group, the Cryptoasset Engagement Group. The Group will be chaired at ministerial level, with senior representatives from the FCA, the BoE as well as from business; it will meet up to eight times a year and have a full and proactive agenda. [4 Apr 2022]




HMT: Terms of Reference for CFIT SteerCo

HMT has published a policy paper setting out terms of reference for the Centre for Finance, Innovation and Technology (CFIT) Steering Committee (SteerCo). The establishment of CFIT was proposed as part of the Kalifa Review, with the aim of driving forward financial innovation, and identifying and addressing barriers and opportunities for UK FinTech. SteerCo is to be chaired by Ron Kalifa OBE and its membership will comprise a range of industry experts, including representatives from HMT, the FCA and the City of London Corporation. SteerCo will meet monthly over the spring and summer of 2022 to develop a comprehensive proposition. [4 Apr 2022]





EC launches EU Digital Finance Platform

The EC has launched the EU Digital Finance Platform. The EC explains that the Platform is a new website designed to build better dialogue between innovative financial firms and supervisors. Its aims to overcome fragmentation and support the scaling up of digital financial services. The Platform consists of:

  • an observatory that offers interactive features such as a FinTech map, events, and a section where users will be able to share relevant research material;and
  • a gateway that acts as a single access point to supervisors, with information about national innovation hubs, regulatory sandboxes, licensing requirements, and updates on the work of the European Forum for Innovation Facilitators (EFIF). It also hosts functionalities linked to cross-border testing.

The EC has also published a speech by Mairead McGuinness, European Commissioner for Financial Services, Financial Stability and Capital Markets Union (CMU), welcoming the Platform. The European Securities and Markets Authority (ESMA) has similarly published a speech by Verena Ross, ESMA Chair, providing an update on the work of the EFIF and setting out some details about the cross-border testing framework. [8 Apr 2022]



EBA: Draft RTS amending PSD2 – new SCA exemption

The European Banking Authority (EBA) has published its final report on amendments to the Regulatory Technical Standards (RTS) on strong customer authentication and secure communication (SCA & CSC) under the Payment Services Directive II (PSD2). The amendments will introduce a new mandatory exemption to SCA that will require account providers not to apply SCA when customers use an account information service provider (AISP) to access their payment account information, provided certain conditions are met.

The amendments are intended to apply 7 months after publication of the amending RTS in the Office Journal of the EU (OJ). [5 Apr 2022]




EC consultation and call for evidence – Digital euro

The EC has released both a targeted consultation and a call for evidence for an impact assessment on a digital euro.

Using the targeted consultation, the EC is seeking views on users’ needs and expectations for the digital euro and how to make it available for retail trade while preserving the legal tender status of euro cash. The consultation also seeks views on the role of a digital euro for retail payments and the EU digital economy, its impact on the financial sector and financial stability, as well as aspects related to anti-money laundering (AML) rules and data protection.

For both the consultation and call for evidence, feedback is requested by 14 June 2022. The EC indicates Q1/2023 for adoption of any subsequent regulation. [5 Apr 2022]





ASIC: Cryptocurrency lender charged for false Australian credit licence claims

The Australian Securities and Investments Commission (ASIC) has reported that a Melbourne-based cryptocurrency lender has been charged with falsely claiming that it held an Australian credit licence (ACL) when it did not. The lender offered cryptocurrency-backed loans to consumers, using the digital currency as security over the loan.

ASIC alleges:

  • The lender falsely represented on its website that it held ACL 391330.
  • The lender published or allowed to be published on its website a news article that claimed it held ACL 391330.
  • The lender was neither an ACL holder nor a representative of an ACL holder.

This matter is being prosecuted by the Commonwealth Director of Public Prosecutions. It is next listed for mention on 7 July 2022 in the Melbourne Magistrate’s Court.  [8 Apr 2022]



APRA Chair Wayne Byres – Speech to the American Chamber of Commerce in Australia

APRA Chair Wayne Byres presented a speech to the American Chamber of Commerce.

Mr Byres discussed regulating the technological revolution in finance, central bank digital currencies, and government regulation in these areas.

Mr Byres noted the following points on preparing for tomorrow:

  • regulators should not charge ahead, pretending they have the answers but rather be sufficiently up with the pace;
  • regulators should ensure that regulatory agenda is focused on consumer benefits as much as it is on harm prevention; and
  • regulators should try to work with key principles for good regulatory design including ensuring regulation is technology-neutral, utilising principles-based regulation and working with a whole-of-system perspective.  [7 Apr 2022]


Hong Kong

HKMA shares sound industry practices for customer data protection following thematic examinations

The HKMA has issued a circular to authorised institutions (AIs) to share the sound practices for customer data protection observed from its recent round of thematic examinations.  The examinations were undertaken in light of the increasingly challenging cyber landscape and elevated risk of data breaches.

AIs are expected to have effective measures to prevent and detect the loss or leakage of customer data throughout the data lifecycle, including classification, access, storage and transmission.  The HKMA’s thematic examinations revealed that AIs generally had in place effective customer data control measures.  Where there were areas that required improvement, the AIs in question had subsequently taken appropriate remedial actions.

Details of the sound practices observed during the examinations are set out in the annex to the circular, and are grouped into four areas.  The HKMA expects AIs to regularly assess the adequacy of their data security controls in light of the rapidly changing cyber landscape:

  • Data governance – Sound practices included establishing a management committee (comprising representatives from business, risk management and compliance functions) to oversee matters relating to customer data protection, and ensuring that the roles and responsibilities of data owners and the three lines of defence are clearly defined.
  • Customer data inventory management – Sound practices included maintaining comprehensive customer data inventory covering all relevant systems and parties (including third parties) that process or store customer data, and assigning a dedicated officer to coordinate the annual customer data inventory review.
  • Controls over transmission and storage of customer data – Sound practices included having in place data loss prevention policies and measures (that are approved by senior management and regularly updated) for protecting customer data, and deploying encryption and restrictions on portable storage media.
  • Physical and logical security controls – Sound practices included implementing physical security controls and multi-factor authentication for premises and systems where massive customer data are processed or stored.  [4 Apr 2022]



MAS response to Parliamentary Questions – mortgages, payments, equity research, crypto and DeFi in relation to sanctions, BNPL, suspicious transaction reporting

The Monetary Authority of Singapore (MAS) has published responses to a number of Parliamentary Questions, including with regard to:




MAS publishes second reading speech – Financial Services and Markets Bill

MAS has published the Second Reading Speech for the Financial Services and Markets Bill, delivered by Mr Alvin Tan, Minister of State, Ministry of Culture, Community and Youth & Ministry of Trade and Industry, and MAS’ Board Member. The Minister highlighted the main amendments in the Bill and how the Bill will enable and empower MAS to respond more effectively to the opportunities and challenges posed by a dynamic and rapidly evolving financial sector. In particular, the Minister spoke on:

  • harmonised and expanded power to issue prohibition orders (POs);
  • enhanced regulation of digital token (DT) service providers for money laundering and terrorist financing (ML/TF) risks;
  • harmonised power to impose requirements in technology risk management (TRM); and
  • statutory protection from liability for mediators, adjudicators, and employees of the operator of the approved dispute resolution scheme. [4 Apr 2022]




RBI statement on developmental and regulatory policies

The Reserve Bank of India (RBI) has issued a statement which sets out various developmental and regulatory policy measures relating to: liquidity measures; regulation and supervision; and payment and settlement systems. Among other matters, the statement highlights:

  • forthcoming directions for payment system operators (PSOs) covering robust governance mechanisms for identification, assessment, monitoring and management of cybersecurity risks (including information security risks and vulnerabilities) and specifying baseline security measures for ensuring safe and secure digital payment transactions; and
  • plans to encourage card-less cash withdrawal by enabling customer authorisation through use of Unified Payment Interface (UPI) (instructions will be issued shortly). [8 Apr 2022]




RBI: Guidelines on digital banking

The RBI has issued guidelines on the establishment of Digital Banking Units (DBUs). Development of the guidelines has been informed by input from an RBI-convened working group of banks and the Indian Banks’ Association (IBA). Among the matters covered in the guidelines are: general permission for the opening of a DBU; infrastructure and resources; cyber security; the minimum products and services which DBUs must offer; digital bank customer education; and reporting requirements. The guidelines come into effect on the date of issue of the circular.




Florida-based companies and their owner settle mid-trial for $1.8 million for fraudulent forex and digital asset scheme

The Commodity Futures Trading Commission (CFTC) has announced that a federal district court in Florida entered an order for permanent injunction, monetary sanctions, and equitable relief against a resident of Florida and his Florida-based companies for fraudulently soliciting customers to purchase a digital asset they falsely promised would allow customers to gain access to a proprietary foreign currency (forex) trading algorithm.

According to the order, which adopted the parties’ agreed findings of fact and conclusions of law, from approximately 2016 through to 2018, the defendant and his companies fraudulently solicited customers and prospective customers to purchase a digital asset. The defendants falsely promised, among other things, that the digital asset would allow customers to gain access to what they described as Fintech’s proprietary forex algorithmic trading program known as ART. As reflected in the order, although the defendants touted the successful performance of ART, they knew that its performance, which was referenced in solicitations, was based largely or entirely on hypothetical performance results and not real trading.

The order requires the defendants to pay restitution and a civil monetary penalty. In addition, the order imposes a permanent ban on the defendant’s companies from soliciting or trading in commodity interests or registering with the CFTC in any capacity. The jury trial commenced on 31 January 2022. Without admitting or denying the allegations in the complaint, the defendants consented to settle on all claims during the CFTC’s presentation of its case, on the fourth day of trial. [7 Apr 2022]





Ukraine-related sanctions measures 

Regular updates on sanctions and other developments that may impact businesses with interests or operations in Ukraine and/or Russia are available on our FSR and Corporate Crime Notes blog here.


Herbert Smith Freehills LLP is licensed to operate as a foreign law practice in Singapore. Where advice on Singapore law is required, we will refer the matter to and work with licensed Singapore law practices where necessary.