In this regular update, we round-up FinTech-related financial services regulatory developments for the week ending 5 May 2023.


Recent updates from Herbert Smith Freehills include:



RBI and BIS invite cross-border payments solutions for G20 Techsprint

The Reserve Bank of India (RBI) and the Bank for International Settlements (BIS) have jointly launched the fourth edition of the G20 TechSprint Hackathon, a global technology competition to promote innovative solutions aimed at improving cross-border payments. The 2023 TechSprint will focus on the following problem statements on cross-border payments:

  • technology solutions to reduce illicit finance risk around anti-money laundering, countering the financing of terrorism and sanctions;
  • foreign exchange and liquidity technology solutions to enable settlement in emerging market and developing economy currencies; and
  • technology solutions for multilateral cross-border central bank digital currency (CBDC) platforms.

Registration opened on 4 May 2023, proposals are to be submitted by 4 June 2023, and winners will be announced on 5 September 2023. [4 May 2023]






FCA continues action against unregistered crypto ATMs across the UK 

The FCA has announced that it is continuing to take action in respect of unregistered crypto ATMs across the UK. The FCA has again used its powers to inspect sites in Exeter, Nottingham and Sheffield suspected of hosting illegally operated crypto ATMs; the inspections were part of a joint operation with the South West Regional Organised Crime Unit, Yorkshire and Humber Regional Organised Crime Unit and the Nottinghamshire Police force. There are no crypto ATM operators registered with the FCA, which they must be in order to operate legally in the UK.

The FCA will review evidence gathered during these recent visits and consider taking further action where necessary.

The FCA has previously conducted exercises in Leeds and East London. [5 May 2023]



BoE: Minutes of the CBDC Technology Forum 

The Bank of England has published the minutes of Central Bank Digital Currency (CBDC) Technology Forum from 14 March 2023. The minutes outline discussion on the digital pound Consultation Paper and Technology Working Paper and engagement in the next phase of work on the digital pound. [5 May 2023]

CMA commences initial review of AI foundation models

The Competition and Markets Authority (CMA) has announced the commencement of an initial review of competition and consumer protection considerations in the development and use of artificial intelligence (AI) foundation models – which are ‘a type of AI technology that are trained on vast amounts of data that can be adapted to a wide range of tasks and operations’.  The CMA explains that the aim of the initiative is to build understanding of the market for foundation models and how their use could evolve and of the opportunities and risks for competition and consumer protection; it will also develop principles on supporting competition and protecting consumers which will guide the ongoing development of these markets.

The review follows on from HM Government’s (HMG’s) March 2023 AI White Paper and that it fits with the CMA’s proposed medium-term priorities and areas of focus as set out in its draft Annual Plan 2023/24. The CMA also references: the March 2023 report from Sir Patrick Vallance, HMG’s Chief Scientific Adviser, on Pro-innovation Regulation of Technologies Review – Digital Technologies, which contained recommendations regarding generative AI; and the announcement of ‘a new government-industry taskforce to advance UK sovereign capability in foundation models’.

Submissions to the review are requested by 2 June 2023. Following evidence gathering and analysis, the CMA will publish a short report in early September 2023. [5 May 2023]

HMG releases new Fraud Strategy

HM Government (HMG) has announced its new Fraud Strategy. The strategy sets out a plan to stop fraud at source and pursue those responsible wherever they are in the world, reducing fraud by 10% on 2019 levels by 2025. Measures in the plan include:

  • requiring the tech sector to put in place extra protections for their customers and introducing penalties for firms in the sector who fail to do so via the Online Safety Bill;
  • requiring large tech companies operating platforms to ‘make it as simple as possible’ for consumers to report fraud; 
  • ‘[shining] a light on which platforms are the safest’; and
  • changing the law, via the Financial Services and Markets Bill, to enable the Payment Systems Regulator (PSR) to require reimbursement to victims of authorised push payment (APP) fraud from all PSR-regulated payment service providers (PSPs) [3 May 2023]





DRCF: Annual Report 2022/23 and Workplan 2023/24

The Digital Regulatory Cooperation Forum (DRCF) has published its Annual Report 2022/23 setting out its progress over the last year. This included: promoting coherence where regimes intersect; sharing best practice in areas of common interest across members; and building expertise in horizon scanning and how members approach recruitment, learning and development. The DRCF has also published its Workplan 2023/24. The Workplan builds on the foundation as set out in the Annual Report and sets out the following priorities for 2023/24.


  • ensuring online safety and data protection;
  • promoting competition and data protection; and
  • protecting against illegal online financial promotions.


  • supporting effective governance of algorithmic systems;
  • enabling innovation in regulated industries; and
  • digital assets.


  • joint horizon scanning;
  • knowledge sharing networks;
  • attracting talent and developing skills across all four regulators;
  • developing the use of technology in regulation; and
  • partnering with others. [2 May 2023]





EBA: BSG own initiative paper on DORA

The European Banking Authority (EBA) has published a paper submitted by its Banking Stakeholder Group (BSG) on the Digital Operational Resilience Act (DORA). In the paper, the BSG welcomes the DORA legislative package and sets out advice and recommendations to the EBA, and the other European Supervisory Authorities (ESAs), on the macro challenges that DORA will bring for regulators, financial institutions, ICT service providers and consumers. [5 May 2023]



EP: Answer to written question on APP fraud, PSD2 review

The European Parliament (EP) has published the response received from the European Commission (EC) to questions relating to authorised push payment (APP) fraud. The EC was responding to the following questions:

  • The current Payments Services Directive (PSD2) fails to protect people that fall victim to such fraud. Will the Commission take action when revising the PSD to shift the burden of proof away from the victim and make the payment service provider offer greater protections along the lines of those proposed in Britain, for example?
  • In the meantime, can the Commission outline if Member States are free to bring in regulations that would allow victims of authorised push payment fraud to be compensated?

The EC advised that, in the context of the review of PSD2 scheduled for Q2 of 2023, it would assess the possibility of introducing some targeted amendments to liability and refund rules. As PSD2 does not contain any provision on a liability for APP fraud, Member States are free to introduce measures at a national level. [4 May 2023]






Hong Kong

HKMA hosts inaugural Data Summit for banks 

The HKMA hosted its inaugural Data Summit on 4 May 2023, which formed part of the “Fintech 2025” strategy to encourage the active use of alternative data and promote the development of a data-driven economy.  Over 260 senior representatives from more than 60 banks attended.

The discussions at the summit were centred around three primary themes, with the aim of paving the way for the provision of better financial services to small and medium-sized enterprises (SMEs) and promoting financial inclusion in Hong Kong:

  • Streamlining banking operations through digitalisation;
  • Enhancing data analytics capabilities with the use of alternative data; and
  • Developing innovative products and services.

During the summit, the HKMA noted that the Commercial Data Interchange (CDI) had facilitated more than 3,100 loan applications (amounting to about HK$2.8 billion) since its launch in October 2022.  The CDI facilitates enterprises, in particular SMEs, to share their commercial data at different data sources with banks, thereby enhancing their access to financial services.  To banks, such alternative data accessible via the CDI opens up new opportunities to streamline their operations and enhance their risk management processes (see our previous updates here and here).  The HKMA plans to diversify CDI data sources with the introduction of new data providers covering government, logistics and catering services data.  [4 May 2023]



HKMA publishes presentation materials for upcoming briefing to LegCo Panel on Financial Affairs on 8 May 2023

The HKMA has published presentation materials for its upcoming briefing to the Legislative Council (LegCo) Panel on Financial Affairs on 8 May 2023.  In relation to fintech, the updates include: 

  • continuing work on initiatives relating to (among others) the Central Bank Digital Currency, Commercial Data Interchange, and Industry Project Masters Network (slide 71);
  • the issued consultation conclusions to the discussion paper on crypto-assets and stablecoins (confirming that the HKMA will bring certain activities into the regulatory perimeter), and will conduct further consultation on further details of the proposed regime, with the aim of implementing the regime in 2023/2024 (slide 83).  [2 May 2022]



HKMA publishes 2022 annual report and sustainability report 

The HKMA has published its 2022 Annual Report, which contains an overview of the HKMA’s work in 2022 and priorities and plans for 2023 and beyond.

The priorities for 2023 and beyond include (among others):

  • Maintaining banking stability – This includes monitoring and/or providing guidance relating to credit, liquidity and market risks, operational and technology risks (such as maintaining a close dialogue with the industry and reviewing the progress being made by authorised institutions in building their operational resilience frameworks), combating money laundering and terrorist financing (such as amending the relevant guidelines and preparing specific guidance on a proportionate approach relating to the politically exposed person requirements), wealth management businesses (such as stepping up on both on-site examinations and off-site surveillance of conduct relating to wealth management and the sale of investment products), implementation of Basel standards in Hong Kong, enforcement (such as monitoring adherence to the updated statutory guideline on complaints handling and redress), and resolution (including running a multi-year programme to build an operational resolution regime for authorised institutions).
  • Building a safe and inclusive banking sector – This includes finalising the review of the Code of Banking Practice, promoting financial inclusion, and ensuing that the Deposit Protection Scheme remains efficient and effective.
  • Future-proofing the banking sector – This includes kick-starting the implementation of an end-to-end digital supervisory platform, and progressing with initiatives relating to capacity building.
  • Staying ahead of technological advancements – This includes taking forward the initiatives under the ‘Fintech 2025′ strategy, including facilitating banks’ digitalisation and adoption of regtech, strengthening the work on both wholesale and retail central bank digital currencies, and developing an agile and risk-based regulatory regime for stablecoins.

The HKMA has also issued its first standalone 2022 Sustainability Report, which sets out the its strategies and priorities with regards to climate-resilience, green finance and responsible investing.  [28 Apr 2022]





MAS: FAQs on Notice on Technology Risk Management

The Monetary Authority of Singapore (MAS) has published frequently asked questions (FAQs) relating to the Notice on Technology Risk Management. The FAQs concern various topics, including: dealing in capital markets products; product financing; providing custodial services; licensed fund management; venture capital fund management; corporate finance advisory; real estate investment trust (REIT) management; and securities crowdfunding.  [5 May 2023]




MAS and US Treasury conduct joint exercise to strengthen cross-border cyber incident coordination and crisis management

MAS has announced that, alongside the US Department of the Treasury, it carried out a cross-border cybersecurity exercise from 25 to 27 April 2023. The exercise allowed both agencies to test and strengthen existing protocols for information exchange and incident response coordination for cyber incidents involving banks operating in both jurisdictions.

Following the exercise, MAS and the US Treasury reviewed the lessons learned, discussed possible enhancements and involvement of other international partners in future exercises, and explored other opportunities to deepen cybersecurity cooperation, such as holding bilateral workshops on cybersecurity policies and protocols. [2 May 2023]






Karen Anderson
Karen Anderson
+44 20 7466 2404
Cat Dankos
Cat Dankos
Regulatory Consultant
+44 20 7466 7494
Mary O'Donnell
Mary O'Donnell
FSR and CCI Professional Support Paralegal
+44 20 7466 3493


Herbert Smith Freehills LLP has a Formal Law Alliance (FLA) with Singapore law firm Prolegis LLC, which provides clients with access to Singapore law advice from Prolegis. The FLA in the name of Herbert Smith Freehills Prolegis allows the two firms to deliver a complementary and seamless legal service.