In this regular update, we round-up FinTech-related financial services regulatory developments for the week ending 10 February 2023.


Recent updates from Herbert Smith Freehills include:



BIS conference & speech from BIS General Manager Agustin Carstens: Big techs in finance

The Bank for International Settlements (BIS) has published the address delivered by General Manager Agustín Carstens, at BIS’ conference Big techs in finance – implications for public policy which was held on 8 and 9 February 2023. Mr Carstens noted the potential benefits of big techs’ entry into finance – improved customer outcomes, increased financial market efficiency and enhanced financial inclusion. As an example, he explained that BIS research found that access to innovative (QR code-based) payment methods provided by big techs helps micro firms build up credit history, and the use of big tech credit can ease access to bank credit. Moving on to challenges, Mr Carstens commented on data governance, competition, and financial stability.

Mr Carstens then examined shortcomings in current regulatory approaches, arguing that a ‘regulatory re-think’ is needed. He outlined options ranging from restricting big techs from engaging in regulated financial activities (the ‘restriction approach’) through to requiring big techs to put their financial services into a financial holding company (the ‘segregation approach’) to making big techs with significant financial activities subject to group-wide governance, conduct , operational resilience and financial soundness requirements (the ‘inclusion approach’). Mr Carstens offered that a fourth way – the ‘holistic approach’ – combining, ‘…a prudential sub-consolidation of the financial part of a big tech group (as under the segregation approach) with group-wide requirements on governance, conduct of business and operational resilience (as under the inclusion approach)’ to ‘avoid efficiency losses in the use of data that (too) tight ring-fencing measures could cause’. Concluding his remarks, Mr Carstens opined that the development of international standards is ‘the only way to share a consistent policy response’. [10 Feb 2023]




FCA: FS on synthetic data

The FCA has published Feedback statement 23/1 on the Synthetic Data Call for Input (FS23/1). FS23/1 sets out the responses that the FCA received to its March 2022 Call for Input, which was part of the FCA’s broader work programme on synthetic data and privacy enhancing technologies. The FCA states that respondents agreed that data is crucial for innovation, however there are challenges to accessing and sharing data in financial services. Although respondents indicated that data protection regulation places specific conditions on the data they can share and access, they also reiterated the importance of consumer privacy, and that data access should have privacy built in by design at every stage of the process.

In early 2023, the FCA will host a joint industry-academic roundtable in partnership with the Alan Turing Institute and the Information Commissioner’s Office (ICO) to understand the challenges of validating synthetic data. A paper outlining key findings and next steps will follow in the coming months.

The FCA is also setting up a Synthetic Data Expert Group to provide a framework for collaboration across industry, regulators, academia and wider civil society on issues related to synthetic data. Applications to join the group will open later in February, with the first session to be held in the spring. [9 Feb 2023]

BoE: Policy on outsourcing and third party risk management for FMIs 

The Bank of England (BoE) has published its policy on outsourcing and third party risk management for financial market infrastructures (FMIs). The policy aims to:

  • facilitate greater resilience and adoption of the cloud and other new technologies as set out in the BoE response to the Future of Finance (FoF) report;
  • set out the BoE requirements and expectations in relation to outsourcing and third party risk management in FMIs; and
  • complement the BoE’S Supervisory Statements (SS) on FMI operational resilience.

The BoE’s policy package includes:

FMIs will be expected to comply with the expectations in the relevant SS – and for RPSOs and SSPs, the requirements in the Code of Practice also – by 9 February 2024. Outsourcing arrangements entered into on or after 8 February 2023 should meet the expectations in the relevant SS and/or Code of Practice by 9 February 2024. FMIs should seek to review and update legacy outsourcing agreements entered into before 8 February 2023 at the first appropriate contractual renewal or revision point to meet the expectations in the relevant supervisory statement as soon as possible on or after 9 February 2023. [8 Feb 2023]




BoE and HMT consult on a digital pound

The BoE and HM Treasury (HMT) have released a consultation paper (CP), The digital pound: A new form of money for households and businesses?, which sets out their assessment of the case for a retail central bank digital currency (CBDC) – or ‘digital pound’.  The BoE and HMT state that while at this stage, they judge it likely that the digital pound will be needed in the future, it is too early to decide whether to introduce the digital pound. However, they are convinced preparatory work is justified. The digital pound would be a new form of sterling, similar to a digital banknote, issued by the BoE to be used by households and businesses for everyday payments needs. If introduced, it would exist alongside, and be easily exchangeable with, cash and bank deposits.  Feedback to the CP is requested by 7 June 2023.

Alongside the CP, a working paper (WP) which outlines the BoE’s emerging thinking on CBDC technology has also been published.  It also sets out an illustrative conceptual model, outlining how different components of the conceptual model might operate and how ecosystem participants might interact with these components.  Feedback to the WP is also invited by 7 June 2023.

The papers mark the conclusion of the ‘research and exploration’ phase of work on the digital pound (Phase 1 of the digital pound roadmap), as policymakers move to develop further, in both technology and policy terms, the model for the digital pound (Phase 2). [

The BoE has also published a speech by Jon Cunliffe, Deputy Governor, Financial Stability, on the digital pound which was delivered to UK Finance on 7 February to mark the launch of the consultation exercise.  [7 Feb 2023]



FCA: Statement on new UK financial promotions regime for cryptoassets

The FCA has published a statement to remind cryptoasset firms marketing to UK consumers, including firms based overseas, that a new UK financial promotions regime for cryptoassets will soon come into force. The FCA advises firms to start preparing now for this regime, to ensure that they will be compliant.

Subject to Parliamentary approval, when the regime comes into force there will be four routes to communicating cryptoasset promotions to UK consumers:

  • The promotion is communicated by an FCA authorised person.
  • The promotion is made by an unauthorised person but approved by an FCA authorised person. Legislation is currently making its way through Parliament which, if made, would introduce a regulatory gateway that authorised firms will need to pass through in order to approve financial promotions for unauthorised persons.
  • The promotion is communicated by a cryptoasset business registered under the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (MLRs) with the FCA.
  • The promotion otherwise complies with the conditions of an exemption in the Financial Promotion Order (FPO).

The FCA states that it will take robust action against firms breaching the requirements. [6 Feb 2023]

DCMS issues call for views on software resilience

The Department for Digital, Culture, Media & Sport (DCMS) has released a call for views on software resilience and security for businesses and organisations. The call for views is ‘an important first step in understanding how to address software risks and help create a more resilient digital environment’ and organisations with an interest in software security and digital supply chains, including those who procure, use, develop, maintain or resell software, are encouraged to contribute.  DCMS sets out six risk areas: (1) software development security; (2) barriers in the open source community; (3) security and resilience in the distribution of software; (4) transparency and communication of software materials, vulnerabilities and incident management; (5) procurement, supplier assurance and supplier management; and (6) maintenance configuration and use of software by the customer. It requests views on those cyber risks associated with software; looks at the steps organisations are already taking, or could take, to better manage risks relating to software; and asks for views on possible policy interventions targeting the six risk areas.

Feedback is requested by 1 May 2023.  DCMS will publish a formal response in summer 2023. [6 Feb 2023]





ESMA: Report on trends, risks and vulnerabilities

The European Securities and Markets Authority (ESMA) has published its latest Report on trends, risks and vulnerabilities. In terms of an overall assessment, the report highlights that risks remain high, with contagion and operational risks considered very high, as are liquidity and market risks. Credit risk stays high and is expected to rise, reflecting the growing concerns over public and corporate indebtedness. Risks remain very high in securities markets and for asset management. Risks to infrastructures and to consumers both remain high, though now with a worsening outlook, while environmental risks remain elevated. ESMA also sets out specific findings regarding the market environment, equity price volatility, asset management performance and outflows, weak investor sentiment, sustainable finance, cryptoassets and financial innovation.

On cryptoassets and financial innovation, ESMA comments: ‘Crypto-asset valuations have now fallen by almost 70% year-on-year, driven by macro-economic factors and several high-level collapses in 2022. The recent failure of FTX, formerly one of the largest centralised crypto exchanges, triggered some large market corrections across crypto-assets. Contagion within the crypto sector has been substantial, reflected in further price drops of key crypto instruments and knock-on bankruptcies among service providers. Given low exposures by EU market participants, material spill-over effects of the crypto turmoil into the EU finance sector and the real economy have not been registered so far.’  [9 Feb 2023]

EBA: Speech on embedding responsible innovation

The European Banking Authority (EBA) has published a speech by its Chair, José Manuel Campa, on embedding responsible innovation. In his speech, Mr Campa spoke about the EBA’s expectation on ensuring that culture, conduct and communication remain a key part of the innovation journey. He also set out the EBA’s focus areas for the year ahead, highlighting in particular activities in relation to the Digital Operational Resilience Act (DORA) and the Market in Crypto-Assets (MiCA) Regulation. [8 Feb 2023] 



ESAs/EC: DORA presentations

The three European Supervisory Authorities (ESAs) held a joint public event about DORA on 6 February 2023. The presentations delivered by the ESAs and the European Commission (EC) at the event have been published.

The ESAs’ presentation covers various regulatory technical standards (RTS), including those on ICT risk management framework. the simplified ICT risk management framework, to specify the policy on ICT services, and to specify elements when sub-contracting critical or important functions.  The EC’s presentation covers the background to DORA, the main pillars of the legislation, ICT risk management, incident reporting, testing, third party risk, and the timeline for DORA Level 1 and Level 2. [7 Feb 2023]

ECB: Opinion on a proposal for a regulation regarding instant credit transfers in euro

The European Central Bank (ECB) has published its opinion on the proposal for a regulation amending Regulations (EU) No 260/2012 and (EU) 2021/1230 as regards instant credit transfers in euro; the opinion is given in response to requests from the Council and the European Parliament (EP). The ECB states that it welcomes the initiative of the EC to promote instant payments, and makes a number of observations regarding the proposal, including with regard to defined terms being aligned to other relevant EU legislation, discrepancies between the name and payment account identifier of a payee, sanctions screening, and infringement procedures. [7 Feb 2023]




Treasury opens token mapping consultation process

The Treasury has released a ‘token mapping’ consultation paper as part of the Australian Government’s multi-staged reform agenda to develop regulation for the crypto sector. This paper explores how the current financial product regulations apply to the crypto sector, and also considers potential future reforms.

The paper poses the following questions:

  • What do you think the role of Government should be in the regulation of the crypto ecosystem?
  • What are your views on potential safeguards for consumers and investors?
  • Whether there solutions (e.g. disclosure, code auditing or other requirements) that could be applied to safeguard consumers that choose to use crypto assets against scams, and what policy or regulatory levers could be used to ensure crypto token exchanges do not offer scam tokens or more broadly, prevent consumers from being exposed to scams involving crypto assets?
  • Some intermediated crypto assets are ‘backed’ by existing items, goods, or assets (i.e. ‘wrapped’ real world assets). Are reforms necessary to ensure a wrapped real-world asset gets the same regulatory treatment as that of the asset backing it? Why? What reforms are needed? Are reforms necessary to ensure issuers of wrapped real-world assets can meet their obligations to redeem the relevant crypto tokens for the underlying good, product, or asset
  • The inclusion of specific financial products in the Corporations Act 2011 (Cth) is intended to provide guidance on the functional perimeter and add products that do not fall within the general financial functions. Are there any kinds of intermediated crypto assets that ought to be specifically defined as financial products, and are there any kinds of crypto asset services that ought to be specifically defined as financial products?
  • Some regulatory frameworks in other jurisdictions have placed restrictions on the issuance of intermediated crypto assets to specific public crypto networks. What (if any) are appropriate measures for assessing the suitability of a specific public crypto network to host wrapped real world assets?
  • Intermediated crypto assets involve crypto tokens linked to intangible property or other arrangements. Should there be limits, restrictions or frictions on the investment by consumers in relation to any arrangements not covered already by the financial services framework? Why?
  • Smart contracts are commonly developed as ‘free open-source software’. They are often published and republished by entities other than their original authors. What are the regulatory and policy levers available to encourage the development of smart contracts that comply with existing regulatory frameworks? What are the regulatory and policy levers available to ensure smart contract applications comply with existing regulatory frameworks?

The Treasury is seeking comments by 3 March 2023. [3 Feb 2023]



Hong Kong

HKMA publishes updated Guidance Paper on Transaction Monitoring, Screening and Suspicious Transaction Reporting

The HKMA has published circulars to authorised institutions (AIs) and stored value facility (SVF) licensees regarding the publication of its updated Guidance Paper on Transaction Monitoring, Screening and Suspicious Transaction Reporting, following consultation with the industry and the Joint Financial Intelligence Unit (JFIU).

The update follows the work priorities set out in the Hong Kong Money Laundering and Terrorist Financing Risk Assessment Report of July 2022 (see our previous update) to ensure that relevant requirements are in line with the latest international standards and practices.

The updated guidance paper is part of the HKMA’s ongoing efforts to support the changes AIs and SVF licensees are making to improve the effectiveness and efficiency of transaction monitoring, screening and suspicious transaction reporting. It provides clarifications, additional guidance and practical examples for the design, setting and oversight of transaction monitoring and screening systems and processes, including alert handling.

A key objective is to support the greater use of technology to generate targeted alerts.  There is also an increased emphasis on both data accuracy and integration of external information, such as data from the Commercial Data Interchange.

A number of updates have also been made after consulting the JFIU to optimise fraud and suspicious transaction reporting.  Industry developments and capabilities (including the expectation for reporting networks of suspicious accounts where identified and data points relating to cyber-enabled frauds) have been incorporated.

The key changes made to the guidance paper are summarised in an annex to the circulars.  AIs and SVF licensees should review the changes and implement necessary policy, operational and technical changes to align their practices with those set out in the updated guidance paper as soon as practicable.  [9 Feb 2023]



Acting Secretary for Financial Services and Treasury provides updates to LegCo on inaugural tokenised green bond issuance

In its policy statement on the development of virtual assets in Hong Kong (see our previous update), the Government indicated that it was exploring various pilot projects to test the technological benefits brought by virtual assets, including tokenising Government green bond issuance for subscription by institutional investors.

In response to Legislative Council questions regarding the upcoming bond issuance, the Acting Secretary for Financial Services and the Treasury, Mr Joseph Chan, provided the following updates:

  • The pilot issuance will test out the compatibility of Hong Kong’s existing legal and regulatory framework, financial infrastructure, market operational practice (among others) with tokenised issuances, and explore feasible solutions to hurdles identified at different stages of such issuances.
  • The issuance will be launched under the Government Green Bond Programme for subscription by institutional investors and is expected to be of a smaller scale compared to previous issuances.  Detailed arrangements will be announced in due course.
  • Bond tokenisation is still a nascent field but has the potential to enhance the efficiency and reduce the cost of bond issuance and settlement.  Trials will be required to test out various aspects of the process, including issuance, settlement, coupon payment and redemption.
  • After issuance of the planned bond, the HKMA will publish a report on the project to provide guidance to other issuers interested in issuing tokenised bonds in Hong Kong, consolidate the experience gained, and set out the next steps.
  • Under the Government Green Bond Programme, the Government publishes the Green Bond Report annually which provides information on allocation of proceeds and expected environmental impact of the green projects concerned.  In the long run, the Government will explore with stakeholders the feasibility of applying blockchain technology to track the performance of green investments in suitable projects.  [8 Feb 2023]




RBI statement on developmental and regulatory policies

The Reserve Bank of India (RBI) has released a statement which sets out various developmental and regulatory policy measures relating to (i) financial markets; (ii) regulation; (iii) payment and settlement systems and (iv) currency management.  The statement includes an outline of regulatory initiative on climate risk and sustainable finance; the RBI will shortly release the following guidelines for regulated entities: broad framework for acceptance of green deposits; disclosure framework on climate-related financial risks; and guidance on climate scenario analysis and stress testing.

Other matters in the statement are the recover penal charges on loans, expanding the scope of the Trade Receivables Discounting System (TReDS), extending Unified Payments Interface (UPI) for inbound travellers to India, and a pilot project on QR code based coin vending machine (QCVM) in collaboration with a few leading banks. Matters in the statement are also referred to by the Governor in the latest monetary policy statement.  [8 Feb 2023]





BSP amends Guidelines on E-Money and Operations of EMIs

Bangko Sentral ng Pilipinas (BSP) has announced amendments to the Guidelines on Electronic Money (E-money) and the Operations of Electronic Money Issuers (EMI) in the Philippines. The revised guidelines set out higher liquidity and capital requirements for EMIs with significant outstanding E-money balance and large scale operations, respectively. EMIs with monthly outstanding E-money balance of at least P100 million are required to maintain liquid assets in trust accounts equivalent to at least 50 percent (50%) of their outstanding E-money balance and to cover the remaining balance with placements in bank deposits, government securities, or other liquid assets acceptable to the BSP.  EMIs with outstanding E-money balance below P100 million may continue to comply with the liquidity requirements by holding eligible liquid assets.

Meanwhile, the new rules set out higher minimum capital requirements for EMIs with large-scale operations recognizing the higher risk exposures of said entities.  The issuance defines large-scale EMIs as those with (12) month average value of aggregated inflow and outflow transactions equal to or greater than P25.0 billion.  Under the guidelines, large-scale EMIs are required to maintain minimum capital of P200 million while the minimum capital requirement for small-scale EMIs is P100 million.

Consistent with the application of the risk-based principle, the BSP lifted the P100 thousand monthly aggregate load limit and now allows EMIs to set pre-defined limit and threshold per client category based on the results of their institutional risk assessment and customer due diligence process.

The amendments also simplified the classification of EMIs into two categories: (a) EMI-Banks; and (b) EMI Non-Bank Financial Institutions (EMI-NBFI), wherein the latter may include cooperatives. EMIs previously classified as EMI-Others will be grouped under EMI-NBFI. The guidelines likewise expanded the definition of E-money to include those that may be transferred to other accounts as compared with earlier regulations limiting it to only those withdrawable in cash or cash equivalent.  In addition, the new rules broadened the acceptability of E-money to include merchants and issuers using the same mobile application.

EMIs shall be given one year from the effectivity of the revised regulations to comply.




Treasury Under Secretary for International Affairs on digital asset, payments, cyber and operational resilience

Under Secretary for International Affairs Jay Shambaugh addressed Afore Consulting’s 7th Annual FinTech and Regulation Conference on the Treasury’s work on three areas: digital assets, payments systems, and cybersecurity and operational resilience.  On digital assets, Shambaugh noted recent events in crypto markets, and advised that in response the Financial Stability Oversight Council (FSOC) has called on US regulatory agencies to enforce their existing authorities and work together to address regulatory arbitrage and has called on Congress to pass legislation giving the federal financial regulators additional powers to regulate digital asset markets where there are gaps, including via a comprehensive federal prudential framework for stablecoin issuers.  The US is also working, via the Financial Stability Board (FSB), to finalize a global baseline for comprehensive regulation of digital assets, which will serve as a guide as jurisdictions work to implement new digital asset rules.

With regard to the future of payments, Shambaugh discussed the work underway looking into a potential US central bank digital currency (CBDC), though noted that no decision has been made on whether to issue one. All on payments, he stated that the US is ‘ committed to moving full speed ahead on our core priorities under the [G20] Roadmap for Enhancing Cross-Border Payments’.

Finally, on cyber security and operational resilience, Shambaugh particularly focused on cloud computing, noting both benefits and challenges, and commenting that, ‘because cloud is a global technology, we should avoid international regulatory fragmentation that could make cloud services less secure and resilient’.  [8 Feb 2023]





Treasury report on the opportunities and challenges of financial sector use of cloud-based technology

The Treasury has released a report on the potential benefits and challenges associated with the increasing trend of financial sector firms adopting cloud services technology. The Treasury comments that while cloud services can increase access and reliability for local communities as well as empower community banks to compete with financial technology firms, financial service firms ramping up their reliance on cloud-based technologies need more visibility, staff support, and cybersecurity incident response engagement from cloud service providers (CSPs). The report also recommends further evaluation from Treasury and the broader financial regulatory community to continue to determine the financial risks associated with a limited number of providers offering cloud services.

The report includes a number of observations about the challenges facing firms which could detract from the benefits of adopting cloud-based technologies. Among these are:

  • concerns that there is insufficent transparency to support financial institutions’ due diligence and monitoring of arrangements;
  • exposure to operational incidents including cyber incidents;
  • the potenital impact of market concentration on financial sector resilience and contracting; and
  • the international patchwork of supervisory and regulatory approaches to cloud .

To address these challenges, the Treasury is working with the US financial regulators, financial firms and CSPs; it is also launching an interagency Cloud Services Steering Group which will help to deliver closer domestic cooperation among US regulators, tabletop exercises with the private sector and best practices for cloud adoption frameworks and cloud contracts. [8 Feb 2023]




Ukraine-related sanctions information

Regular updates on sanctions and other developments that may impact businesses with interests or operations in Ukraine and/or Russia are available on our FSR and Corporate Crime Notes blog here.


Karen Anderson
Karen Anderson
+44 20 7466 2404
Cat Dankos
Cat Dankos
Regulatory Consultant
+44 20 7466 7494
Mary O'Donnell
Mary O'Donnell
FSR and CCI Professional Support Paralegal
+44 20 7466 3493