In this regular update, we round-up FinTech-related financial services regulatory developments for the week ending 7 October 2022.


Recent updates from Herbert Smith Freehills include:



TSC to scrutinise major changes to financial services legislation 

The Treasury Select Committee (TSC) has announced that it will scrutinise HM Government’s (HMG’s) draft Financial Services and Markets Bill at 4pm on Tuesday 11 October. In this session, the TSC will explore the content of the legislation, which proposes wide-ranging changes to the regulation of the financial services industry in the UK. The announcement notes that MPs are likely to examine the proposed new ‘call-in power’ that would enable HM Treasury (HMT) to change the regulators rules, and may also discuss HMG’s proposals for the regulation of cryptoassets. [7 Oct 2022]




ESMA: Article on crypto-assets and their risks for financial stability 

The European Securities and Markets Authority (ESMA) has published an article on crypto-assets and their risks for financial stability. In its article, ESMA outlines the latest understanding of crypto-assets’ risks and transmission channels to financial markets. While some sources of risk are well understood from traditional markets, others are novel and linked to the product design, technological development, or the complex infrastructures built around crypto-assets. ESMA finds that, at present, crypto-assets are still small in size and their interlinkages to traditional markets are limited. In future, this situation may change as market growth can occur suddenly and risk transmission is possible through various channels. Continuous monitoring of the crypto-asset market and its interconnectedness with the wider financial system is required to assess newly emerging threats in a timely manner, while regulations such as the EU’s proposed Regulation on Markets in Crypto-Assets (MiCA) should be implemented swiftly to mitigate already identified risks. [4 Oct 2022]





APRA publishes findings of review of outsourcing arrangements by superannuation trustees

APRA has published its findings following a review of outsourcing arrangements in the retail superannuation industry (conducted jointly with Grant Thornton between February 2019 and October 2021). Trustees have specific obligations in the management of outsourcing arrangements which are set out in APRA’s Prudential Standard SPS 231 Outsourcing (SPS 231). Earlier this year, APRA also released draft Prudential Standard CPS 230 Operational Risk Management (CPS 230) for consultation. APRA found that although there has been better oversight and monitoring of outsourcing arrangements and service providers since the Royal Commission, several key areas of improvement remain.  APRA made three key observations:

  • The benchmarking approach to costs, often adopted by trustees using related-party service providers as an alternative to the tender process, may undermine the value provided to members for those services. This can occur where benchmarking activities are scoped too narrowly, or where the benchmarking exercise is focused on justifying existing costs and service standards rather than seeking to challenge the status quo or focuses on the costs of arrangements without sufficiently considering the quality of services;
  • In line with Prudential Standard SPS 515 Strategic Planning and Member Outcomes (SPS 515), trustees can ensure proper monitoring of service providers by requiring them to provide regular, in-depth reporting against key metrics, discussing performance or material issues with providers, and formalising good monitoring practices in the trustee’s governance structure, such as in policy documents; and
  • Trustees benefit from establishing a trustee office to provide day-to-day monitoring of outsourcing arrangements, particularly where there are related-party outsourcing arrangements. The trustee office should assist in navigating any conflicts of interest, incident management and escalation and reporting under the direction of the trustee’s board. [5 Oct 2022]


Hong Kong

SFC Deputy CEO delivers speech on risks associated with increased digitalisation

Ms Julia Leung (SFC’s Deputy Chief Executive Officer and Executive Director, Intermediaries) recently delivered a keynote speech at the ASIFMA Tech & Ops Conference 2022, discussing how the advent of artificial intelligence (AI) and other technological advances have changed the way people invest and how products are distributed, as well as the risks associated with them.

  • Increasing use of technology – There has been a significant increase in recent years of online financial services, including online brokerage services, distribution of investment products, and advisory services (including robo-advice ultilising AI).  The SFC is a principles-based regulator and adopts a technology-neutral regulatory approach. To facilitate the use of technology while maintaining resilience, the SFC strives to ensure that its rules also apply in digital environments.
  • Regtech – Process automation and digital transformation can enhance the efficacy of the processes intermediaries use to comply with regulatory requirements, such as those for client onboarding and anti-money laundering (AML).  This includes, for example, the use of facial recognition technology as part of client due diligence, and robotic process automation for screening of politically exposed persons and sanctions. The SFC encourages firms to strengthen their AML capabilities by adopting regtech, so that resources could be more efficiently deployed to high-risk, high-priority areas.
  • Suptech – In investigations of company misconduct and enquiries into the fitness and properness of individuals, the SFC’s supervisory and enforcement teams use network analytics extensively to identify relationships among target individuals and listed companies. The SFC Intermediaries Division will soon establish a suptech team comprising professionals in data analytics and cybersecurity.
  • Managing the risks of digitalisation – SFC places great emphasis on the measures firms are adopting to ensure operational resilience – including reliability of their information technology systems, adequacy of their capacity and security, as well as their contingency and recovery plans. Cybersecurity and third-party vendor risks are important areas to pay attention to.  [6 Oct 2022]



BNM instructs payment gateway services provider to further strengthen cyber security controls

Bank Negara Malaysia (BNM) has confirmed that, further to its statement on 12 August 2022 in respect of a data breach incident suffered by a provider of payment gateway services to banks and merchants, the provider had taken the necessary containment and rectification measures to address the gaps identified. In addition, BNM has instructed the provider to undertake additional measures to further strengthen its cyber security controls and IT infrastructure. BNM has also directed banks and card issuers to maintain heightened vigilance over activities of cards that may be at risk. Customers will be contacted if any suspicious activity is detected through the monitoring activities of their banks or card issuers. [7 Oct 2022]




RBI issues Concept Note on Central Bank Digital Currency

The Reserve Bank of India (RBI) has released a Concept Note on Central Bank Digital Currency (CBDC) for India. The purpose behind the issue of this Concept Note is to create awareness about CBDCs in general and the planned features of the Digital Rupee (e₹), in particular. It explains the objectives, choices, benefits, and risks of issuing a CBDC in India, and the RBI’s approach towards introduction of the CBDC. The Concept Note also covers key considerations such as technology and design choices, possible uses of Digital Rupee, issuance mechanisms, etc, and consider the implications of introduction of CBDC on the banking system, monetary policy, financial stability, and analyses privacy issues.  The RBI intends to commence pilot launches of e₹ for specific use cases soon. [7 Oct 2022]




SECP showcases digital transformation

The Securities and Exchange Commission of the Philippines (SECP) has published a press release following the 2022 Corporate Registers Forum Annual Conference at the end of September.  The SECP showcased the digital transformation of its company registration processes, highlighting that the launch of the Electronic Simplified Processing of Application for Registration of Company (eSPARC) led to a sharp jump in the number of newly registered domestic corporations and partnerships in 2021, rising by 50.5% and 33.4%, respectively, despite the pandemic.  [3 Oct 2022]




FSOC publishes Digital Assets Report 2022

The Financial Stability Oversight Council (FSOC) has published its Digital Assets Report 2022: Stability Risks and Regulation. The Report notes the risks that crypto-asset activities could pose to U.S. financial stability if their interconnections with the traditional financial system or their overall scale were to grow without adherence to or being paired with appropriate regulation, including enforcement of the existing regulatory structure.  It identifies a number of material gaps in current regulation, and makes recommendations to address these.

In his remarks at the FSOC meeting, Consumer Financial Protection Bureau Director Rahit Chopra noted that “the top five stablecoins alone constitute over $140 billion and only months ago the third largest stablecoin in the industry crashed—destroying nearly $20 billion in market capitalization in less than one week.” He also indicated that in line with the President’s Working Group on Financial Markets’ recommendation, and in the absence of other legislation, the FSOC may designate activities conducted within stablecoin arrangements as systemically important payment, clearing, and settlement activities under Title VIII of the Dodd-Frank Act. [3 Oct 2022]




Ukraine-related sanctions information

Regular updates on sanctions and other developments that may impact businesses with interests or operations in Ukraine and/or Russia are available on our FSR and Corporate Crime Notes blog here.




Karen Anderson
Karen Anderson
+44 20 7466 2404
Cat Dankos
Cat Dankos
Regulatory Consultant
+44 20 7466 7494
Mary O'Donnell
Mary O'Donnell
FSR and CCI Professional Support Paralegal
+44 20 7466 3493