In this weekly post, we round-up FinTech-related financial services regulatory developments for the week ending 23 June 2023.
- UK Online Safety Bill: Ofcom clarifies expected implementation timeline
- Emerging Tech Academy
- TechQuake: At the gates – how to survive in the era of cyber insecurity
FSB consults on third-party risk management and oversight toolkit
The Financial Stability Board (FSB) has published a consultation paper on a toolkit for financial authorities and financial institutions for their third-party risk management and oversight. The toolkit was developed against a backdrop of digitalisation of the financial services sector and growing reliance of financial institutions on third-party service providers for a range of services. The primary emphasis of the toolkit is on critical services given the potential impact of their disruption on financial institutions’ critical operations and financial stability.
Responses to the consultation are requested by 22 August 2023. [22 Jun 2023]
IOSCO Chair comments on retail investor protection and cryptoasset regulation
The Chair of the International Organisation of Securities Commissions (IOSCO) and Chair of the Belgian financial regulator, Jean-Paul Servais, has addressed the Better Finance: International Conference on the EU Retail Investment Strategy. Mr Servais observed that regulators need to address the root cause of retail investor harm, and to do this they should employ and master the technologies used by market actors. He also highlighted the importance of enforcement cooperation to address cross-border misconduct. On cryptoassets specifically, Mr Servais noted that the IOSCO proposals which are currently out for consultation will address investor risks, ensure market integrity and limit the opportunity for regulatory arbitrage. [21 Jun 2023]
PSR: Response to consultation on digital pound
The Payment Systems Regulator (PSR) has published its response to the joint consultation from HM Treasury (HMT) and the Bank of England (BoE) on the digital pound. The PSR expressed its support for the ongoing work the BoE and HMT are doing to explore the digital pound and the opportunities it presents, and confirmed that it is committed to supporting the project.
The PSR also stated that it is working on a series of reforms to enable greater use of open data, better ways to initiate account-to-account payments, greater consumer protection and improved anti-fraud protection. It confirmed it would continue discussions with HMT and the BoE on these topics in order to build on such benefits. The response further highlighted the importance of providing clarity on emerging projects and their desired outcomes to allow industry to plan accordingly while ensuring commercial sustainability.
Additionally, the PSR analysed five key areas for ensuring delivery of good outcomes for users of a digital payment system and provided recommendations in respect of each area. [22 Jun 2023]
#Payments #CBDC #Digital£ #BritCoin
FCA issues statement on MOVEit vulnerability
The FCA has published a statement on a vulnerability to the file transfer application MOVEit that has been impacting organisations and exposing personal data. It confirmed that the National Cyber Security Centre is working with affected businesses to understand and respond to the incident.
The FCA has encouraged firms to check if they or any companies in their supply chain have used MOVEit, and to review the Indicators of Compromise and follow the risk remediation advice and patches on the Progress website. Firms are also reminded of their duty to report incidents to the FCA via normal supervisory reporting processes. [19 Jun 2023]
BoE migrates CHAPS to ISO 20022
The BoE has announced that it has successfully migrated the Clearing House Automated Payment System (CHAPS) to ISO 20022, the latest global financial messaging standard. This is a key milestone in the global transition of payments to ISO 20022, an open international standard which allows more data to be sent with payments in a more structured format.
While consumers and businesses are unlikely to need to change the way they send CHAPS or cross-border payments for now, they might start to see options to add further information or specific references with CHAPS payments towards the end of this year. [19 Jun 2023]
EPRS publishes briefing on Retail Investor Package
The European Parliament Research Service (EPRS) has published a briefing on the Retail Investor Package which was put forward by the EC in May. The package involves two proposals to amend existing directives and a regulation. It is mostly concerned with clarity in communication and the prevention of misleading marketing, and also intends to mitigate potential conflicts of interest for advisers and increase retail investments’ value for money. Proposed modification to existing legislation include measures aimed at simplifying disclosures for retail investors and at clarifying expectations on disclosure of information in electronic format. [22 Jun 2023]
ESAs: CPs on first batch of DORA policy products
The European Supervisory Authorities (EBA, EIOPA and ESMA – ESAs) have issued consultations on the first batch of policy products under the Digital Operational Resilience Act (DORA). DORA has mandated the ESAs to develop 13 policy instruments in two batches. The first batch includes four draft RTS and one set of ITS. The consultation papers (CPs) cover:
- draft RTS to further harmonise ICT risk management tools, methods, processes and policies;
- draft RTS on specifying the criteria for the classification of ICT related incidents, materiality thresholds for major incidents and significant cyber threats;
- draft ITS to establish the templates composing the register of information in relation to all contractual arrangements on the use of ICT services provided by ICT third-party service providers; and
- draft RTS to specify the detailed content of the policy in relation to the contractual arrangements on the use of ICT services supporting critical or important functions provided by ICT third-party service providers.
Responses to the CPs are requested by 11 September 2023. Additionally, the ESAs will hold an online public hearing on 13 July 2023 to present the consultation papers and their rationale, and to provide clarification to questions raised by the stakeholders. Based on the feedback received to the public consultation, the legal instruments will be finalised and will be submitted to the EC by 17 January 2024. [20 Jun 2023]
#DORA #OpRes #ICT #ThirdPartyProviders
HKMA, HKAB and Police announce launch of pilot phase of bank-to-bank information sharing platform, FINEST
The HKMA, the Hong Kong Association of Banks (HKAB) and the Hong Kong Police Force (Police) have announced the launch of the Financial Intelligence Evaluation Sharing Tool (FINEST), a bank-to-bank information sharing platform. The tool is developed by the HKAB, with guidance from the HKMA and support from the Police for a cyber-secured platform to speed up the bank-to-bank sharing.
FINEST is intended to help increase banks’ ability to share information for more effective detection ad disruption of fraud and mule account networks, in order to provide greater protection to the public against fraud and financial crimes. It is part of the HKMA’s 2023 work priorities (see our previous update) and one of the joint anti-deception initiatives recently announced by the HKMA and the Police (see our previous update).
FINEST will be rolled out in phases, commencing with a pilot phase involving five domestic systemically important authorised institutions and focusing on the sharing of information related to corporates suspected to be involved in fraud-related money laundering activities. Based on the experience gained from the pilot phase and any new issues addressed, the platform will be expanded in phases going forward, to include more participating banks and cover personal accounts and other financial crime-related information such as trade-based money laundering. [20 Jun 2023]
MAS, UNDP and GLEIF embark on Project Savannah to digitise basic ESG Credentials for MSMEs
The Monetary Authority of Singapore (MAS) has announced that with the United Nations Development Programme (UNDP) and Global Legal Entity Identifier Foundation (GLEIF), it has signed a Statement of Intent to embark on a collaborative initiative to develop digital Environmental, Social and Governance (ESG) credentials for micro, small and medium-sized enterprises (MSMEs) worldwide. Known as Project Savannah, this initiative aims to help simplify the ESG reporting process for MSMEs by leveraging on digital initiatives such as MAS’ Project Greenprint, to generate ESG data credentials that can be housed in MSMEs’ Legal Entity Identifier (LEI) records . MSMEs will thus be able to transmit verified entity information and key ESG data to their business partners, strengthening their ability to gain access to global financing and supply chain opportunities. [22 Jun 2023]
MAS: Remarks from MAS MD at Leaders’ Session at Inclusive FinTech Forum
MAS has published the opening remarks made by MAS Managing Director Ravi Menon at the inaugural Inclusive FinTech Forum held in Rwanda. Mr Menon drew on Singapore’s journey with fintech to provide insights on two critical enablers for harnessing fintech: (i) foundational digital infrastructure and (ii) connectivity and collaboration. He also touched on the principles that guide Singapore’s use of fintech. [22 Jun 2023]
MAS proposes standards for digital money
MAS has published a whitepaper proposing a common protocol to specify conditions for the use of digital money on a distributed ledger. The paper provides a technical overview of the concept of Purpose Bound Money (PBM), which enables senders to specify conditions when making transfers in digital money across different systems.
Developed in collaboration with the International Monetary Fund (IMF), central banks, financial institutions and fintech firms, the whitepaper covers:
- technical specifications that outline the PBM lifecycle from issuance to redemption, and the protocol to interface with digital currencies backing it; and
The whitepaper was supported by the release of software prototypes that demonstrate the concept of PBM. Additionally, financial institutions and fintech firms are launching trials to test the usage of PBM under different scenarios. [21 Jun 2023]
BoT publishes revised CP on virtual bank licensing
The Bank of Thailand (BoT) has released a revised consultation paper (CP) on the virtual bank licensing framework which takes into account the feedback received from the first public consultation. The revised paper provides further clarifications on important issues to ensure that all applicants have sufficient and equal information to make informed decisions. The text in blue shows the changes from the first CP.
Responses to the consultation are requested by 4 July 2023. The BoT expects to propose the licensing regulations to the Ministry of Finance for consideration by July 2023. [19 Jun 2023]
SBV Deputy Governor addresses conference on cashless payments
State Bank of Vietnam (SBV) Deputy Governor Pham Tien Dzung addressed a conference themed ‘Data connection, smart payment to promote social development’ which was organized on June 16, 2023 in Ho Chi Minh City by the SBV Payment Department and the SBV Communication Department, in coordination with the Tuoi Tre (Youth) Newspaper. In the context of ‘Non-Cash Day 2023’, the Deputy Governor discussed data and data analysis, noting that use and connection are the key factors for the success in cashless payment promotion and the digital transformation of the banking sector. [20 Jun 2023]
CFTC Commissioner Goldsmith Romero addresses FIA International Derivatives Expo Conference on cyber resilience
Commodity Futures Trading Commission (CFTC) Commissioner Christy Goldsmith Romero delivered remarks to the FIA International Derivatives Expo Conference on how to “advance from a mentality of incident response to one of cyber resilience”. Commissioner Goldsmith Romero outlined the CFTC’s work on cyber resilience, and highlighted five pillars of cyber resilience:
- a proportionate and approach;
- following generally accepted standards and best practice;
- elevating responsibility through governance;
- building resilience to third party risk; and
- avoiding reinventing the wheel by leveraging work already done in the cyber resilience space (for example, by prudential regulators). [20 Jun 2023]