In this regular update, we round-up FinTech-related financial services regulatory developments for the week ending 30 September 2022.


Recent updates from Herbert Smith Freehills include:



IMF: Note on CBDCs in Asia and the Pacific – results of regional survey 

The International Monetary Fund (IMF) has published a note entitled Fintech – Towards Central Bank Digital Currencies in Asia and the Pacific: Results of a Regional SurveyThe note takes stock of recent developments related to central bank digital currencies (CBDCs) and crypto assets in Asia, drawing on survey responses from 34 Asian economies and country case studies. The note finds that while most countries are engaged in research and development, with some at advanced stages of testing and pilots, very few countries are likely to issue CBDCs in the near-to-medium term. [28 Sep 2022]





BoE: Speech on innovation in post trade services

The Bank of England (BoE) has published a speech by Sir Jon Cunliffe, Deputy Governor for Financial Stability, on innovation in post trade services at the AFME Operations, Post-Trade, Technology & Innovation Conference 2022 (OPTIC) Conference in London. Sir John opened his remarks with observations on the rapid growth and increasing interconnection of crypto with the conventional financial system.  He then focused on the potential impacts of this on the post trade infrastructure, commenting on the opportunities – in particular the potential for consolidation across both trade and post-trade functions – and on the role of regulators both at the national and global level.  Sir John concluded with an assessment of the public sector’s role as settlement infrastructure provider, discussing how the role which central banks play might evolve to new approaches using atomic settlement and distributed ledger technology (DLT). [28 Sep 2022]



DRCF summary of responses received on algorithmic processing and next steps

The Digital Regulation Cooperation Forum (DRCF) has published a summary of the responses it received to its call for input on its April papers on the benefits and harms of algorithmic processing and on algorithmic auditing.

The DRCF will use the feedback to inform the next stage of the DRCF project on algorithmic processing and relevant work across the individual regulators. Over the coming work programme year (2022/23), the DRCF plans to undertake several new activities, including a stream of work looking at how to improve the procurement of artificial intelligence (AI) systems (such as content moderation or age verification technology), and another stream of work where the four regulators will share lessons learnt and best practice in how to conduct algorithmic audits. [26 Sep 2022]






EIOPA: Strategy 2023-2026, Single Programming Document, and Annual Work Programme 2023

The European Insurance and Occupational Pensions Authority (EIOPA) has published its strategy for the period 2023 – 2026. EIOPA has identified the following strategic priorities on which to focus: Sustainable finance; Digital transformation; Supervision; Policy; Financial stability; Internal governance.

EIOPA has also published its Single Programming Document, including the Annual Work Programme for 2023. The document sets out EIOPA’s key activities for 2023:

  • integrating ESG risks in the prudential frameworks on insurers and pension funds;
  • initiating one-off coordinated climate change stress test;
  • implementation of the Digital Operational Resilience Act (DORA);
  • developing a sound regime for the use of AI by the insurance sector;
  • addressing consumer detriment from cross-border activities;
  • delivering advice in relation to the review of the IORP II Directive;
  • following up on the potential materialisation of downside risk stemming from the ongoing crises in the context of high inflation and low/potentially negative growth; and
  • chairing the Network of EU Agencies. [30 Sep 2022]


ESAs: 2023 Work Programme of the Joint Committee of the European Supervisory Authorities 

The ESAs have published 2023 Work Programme of the Joint Committee of the European Supervisory AuthoritiesThe topics are as follows:

  • Consumer Protection and Financial Innovation;
  • Sustainable Finance;
  • Risk Assessment;
  • Securitisation;
  • Digital Operational Resilience;
  • Financial Conglomerates; and
  • European Forum for Innovation Facilitators (EFIF). [30 Sep 2022]
ECB: Progress update on digital euro

The European Central Bank (ECB) has published a letter from Fabio Panetta, Member of the Executive Board, to Ms Irene Tinagli, Chair of the Committee on Economic and Monetary Affairs (ECON) setting out the progress made on the digital euro. The letter highlights the publication of the ECB’s progress report on the investigation phase. The report outlines (i) the key objectives and use cases for a digital euro; (ii) the transfer mechanism, online/offline availability, privacy, and tools to control the amount of digital euro in circulation; and (iii) the next steps in the digital euro project.

The ECB has also published a speech by Mr Panetta in which he discusses the role of the public and private sectors in the digital euro ecosystem. [29 Sep 2022] 

ESMA: Report on the DLT Pilot Regime

The European Securities and Markets Authority (ESMA) has published a Report on the DLT Pilot Regime. In the report, ESMA provides guidance on certain technical elements and makes recommendations on compensatory measures on supervisory data to ensure a consistent application by DLT market infrastructures from the start of the regime. [27 Sep 2022]



Hong Kong

HKMA sets out supervisory expectations on payment card security in light of increase in data breach incidents

The HKMA has issued a circular to inform authorised institutions (AIs) of its supervisory expectations on payment card security.

In light of the growing number of data breaches involving payment cards, the HKMA has provided additional guidance to the system operators and settlement institutions of retail payment systems designated under the Payment Systems and Stored Value Facilities Ordinance (card scheme operators – CSOs).  Under the guidance, relevant CSOs are required to implement a robust data security framework covering their participants and third-party service agents, to minimise the risk of data breaches and reduce the resulting damage when such breaches occur.

CSOs are expected to incorporate the requirements of the additional guidance into their rules and procedures.  The updated rules and procedures should require the scheme participants (including AIs operating as card issuers or merchant acquirers) to:

  • apply specified baseline technical and operational standards designed to protect payment data and payment card credentials within their operations;
  • subject the third party service agents used by them to specified data security standards as promulgated by the CSOs, and periodically monitor and validate their compliance with the specified standards; and
  • report actual or suspected data breaches and cyberattacks in a timely manner to CSOs, the HKMA and other relevant regulators.

The HKMA expects AIs that are participants in payment card networks to take active steps to comply with the updated rules and standards of the CSOs.  The key areas deserving management attention include conducing proper due diligence on service agents before engagement, undertaking ongoing monitoring and reporting incidents promptly and supporting card scheme operators in performing their roles.

The HKMA will consider undertaking a round of thematic examinations to ensure compliance with the supervisory expectations by AIs, and will continue to work with the banking sector and CSOs to explore ways to further strengthen payment card security, such as tokenisation of payment card data.  [23 Sep 2022]





BSP issues prudential requirements applicable to digital banks

The Bangko Sentral ng Pilipinas (BSP) has issued the second set of guidelines for digital banks following the release of the digital bank framework in December 2020. The approved guidelines set out the BSP’s supervisory expectations with regard to corporate and risk governance of digital banks as well as the applicable prudential regulations on capital, leverage, and liquidity. The guidelines also prescribe the prudential limits on equity investments in allied undertakings, required reserves against deposit and deposit substitute liabilities, and reporting requirements of digital banks.

The new rules provide that the BSP may require existing thrift, rural and cooperative banks to maintain a minimum capital of P1.0 billion if said banks primarily offer financial products and services that are processed end-to-end through a digital platform and/or electronic channels similar to digital banks. This is to ensure that banks maintain sufficient capital to cover the risks that they assume. It also provides a level playing field among banks that leverage on digital platforms in delivering their financial products and services. Banks concerned shall be given ample time to build up capital and meet the new minimum capital requirement.  [27 Sep 2022]



BSP supports digitalisation of microfinance

The BSP has issued a press release underscoring its support for microfinance digitalisation and highlighting BSP Governor Felipe M Medalla’s comments during the 2022 annual conference of the Microfinance Council of the Philippines, Inc. (MCPI). The Governor said: ‘It’s hard to think of financial inclusion without looking at microfinance… I’m glad to hear that you consider the BSP as your number one ally. From our point of view, you are also a very important ally of the BSP.’  [27 Sep 2022]




Ukraine-related sanctions information

Regular updates on sanctions and other developments that may impact businesses with interests or operations in Ukraine and/or Russia are available on our FSR and Corporate Crime Notes blog here.




Karen Anderson
Karen Anderson
+44 20 7466 2404
Cat Dankos
Cat Dankos
Regulatory Consultant
+44 20 7466 7494
Mary O'Donnell
Mary O'Donnell
FSR and CCI Professional Support Paralegal
+44 20 7466 3493