In this regular post, we round-up FinTech-related financial services regulatory developments for the week ending 13 October 2023.
Herbert Smith Freehills publishes Global Bank Review 2023: Trust Matters
Perhaps the most striking thing about the world of finance a decade and a half since the banking crisis is that the industry has not quite managed to regain the allure and self-confidence of earlier times, even though there have been successful years in between. Indeed, gauging the mood in banking as we near the end of 2023, ‘apprehensive’ seems as good a description as any. Financial institutions have many reasons for feeling uneasy, among them subdued capital markets, a prolonged period of fractious geopolitics, the realities of serving more polarised societies, and the challenge of being in control rather than at the mercy of technology.
Certainly, this is a time in which trust – that most precious commodity in banking – is hard to earn and retain, whether due to conflicting consumer pressures, mounting demands of regulators, or the challenges of managing reputations exposed to the whims and lightning-fast reach of social media. As we explore in this year’s Global Bank Review: Trust Matters, trust will be stress-tested on many fronts. We consider whether new laws will win trust in banks’ AI tools…, if tougher oversight might help crypto launch a come back…, who pays when customers are scammed…, and more…
FCA fines firm £11m for role in cybersecurity breaches
The FCA has fined a credit reporting agency £11,164,400 for failing to manage and monitor the security of UK consumer data it had outsourced to its parent company based in the US. The breach, which took place in 2017, allowed hackers to access the personal data of millions of people and exposed UK consumers to the risk of financial crime.
The FCA held that the cyberattack and unauthorised access to consumer data was entirely preventable. It stated that the firm did not treat its relationship with its parent company as outsourcing. As a result, it failed to provide sufficient oversight of how data it was sending was properly managed and protected.
In its press release, the FCA emphasised that regulated firms must have effective cyber security arrangements to protect the personal data they hold. Firms must keep systems and software up to date and fully patched to prevent unauthorised access and remain responsible for data they outsource. [13 Oct 2023]
FCA Chair sets out the agenda for asset management
The FCA has published the address delivered by Chair Ashley Alder at the Investment Association’s Annual Dinner. The FCA Chair opened by noting that the focus on competitiveness, following the passage of the Financial Services and Markets Act 2023, is an important step change for the regulator. Consideration of that competitiveness objective, alongside the aim for proportional regulation is driving the FCA’s thinking about investment management.
Making reference to Discussion Paper 23/2 (DP23/2) issued in February 2023, Mr Alder set out a number of priorities for asset management, including with regard to supporting technological innovation.The FCA has been working with the Technology Working Group under HM Treasury’s Asset Management Taskforce on a blueprint for fund tokenisation, which will be published later this year. Mr Alder also noted that many firms are interested in use cases for distributed ledger technology (DLT), even though direct marketing of tokens may be some time ahead in the future. [12 Oct 2023]
PSR MD discusses challenges, opportunities and future areas of focus
The Payment Systems Regulator (PSR) has published a speech by Chris Hemsley, Managing Director, delivered at the Payment Leaders’ Summit. Noting that he was speaking at the mid-point of the PSR’s five-year strategy, Mr Hemsley discussed the challenges for the UK, including the shift to digital payments, and opportunities, such as unlocking the potential of Open Banking in retail payments. In terms of the future of the PSR, Mr Hemsley noted a number of areas of focus, including: tackling authorised push payment (APP) fraud and implementing the new reimbursement mechanism; the Digital Pound; and the development of rules for Open Banking payments. [12 Oct 2023]
#DigitalPayments #OpenBanking #APPfraud #DigitalPound
FCA imposes restrictions on P2P lending platform
The regulator stated that consumers who have invested with an unregistered cryptoasset firm whose promotions were approved on the platform should still be allowed to receive communications about their existing assets that will allow them to withdraw, transfer or sell those assets. However, consumers will not be able to receive promotions from unregistered cryptoasset firms related to further investment activity.
The FCA can impose requirements on a firm in circumstances where it concludes that it is necessary to do so to advance one or more of the FCA’s operational objectives, including securing an appropriate degree of consumer protection. The FCA’s statement notes that the firm has the right to refer the matter to the Upper Tribunal. [11 Oct 2023]
PSR MD sets out position on ‘consumer standard of care’, moral hazard, and claims excess – APP scams reimbursement
The PSR has published the letter from its Managing Director, Chris Hemsley to Which?, Age UK, Victim Support and National Trading Standards about the PSR’s work on APP scams. Mr Hemsley particularly addresses questions concerning ‘the consumer standard of care’, explaining that: ‘The overriding standard that firms will need to apply is whether a customer acted with gross negligence. This is a very high bar, and we expect that the vast majority of cases will be reimbursed on this basis. It is a higher bar than exists in the CRM code today.’ He also expands on the PSR’s expectation that firms provide ‘effective warnings’ to consumers prior to the completion of a transaction, and discusses moral hazard and the claims excess. [11 Oct 2023]
Commons Committee: Report on the risks of NFTs in sport and culture
The House of Commons Culture, Media and Sport Committee (CMSC) has published its report NFTs and the Blockchain: the risks to sport and culture on the risks posed by non-fungible tokens (NFTs) and cryptoassets to the world of art and sports. The report concludes by making a number of recommendations in relation to art and culture, professional sport and advertising. [11 Oct 2023]
#NFT #Blockchain #Cryptoasset
BoE: Systemic risk survey results
The BoE has published its systemic risk survey results for H2 2023. The survey is conducted on a biannual basis and assesses market participants’ views of risks to, and their confidence in, the stability of the UK financial system. The findings from the survey include the following key points:
- cyber attack and geopolitical risks remain the most frequently cited risks among participants – the number of participants citing risks associated with a UK economic downturn has continued to increase sharply;
- the risk of cyber attack, geopolitical risk and inflation risk are still considered the most challenging for firms to manage by a significant margin; and
- a number of respondents flagged artificial intelligence (AI) as posing new risks to financial stability. [10 Oct 2023]
ASA: FCA takes over regulation of qualifying cryptoasset adverts
The Advertising Standards Authority (ASA) has confirmed that, following the coming into force of the FCA’s new cryptoasset promotion regime on 8 October 2023, the FCA will be responsible for regulating adverts for ‘qualifying cryptoassets’ – cryptoassets that are transferable and fungible, including cryptocurrencies and utility (fan) tokens.
As a result, the ASA will no longer regulate adverts for qualifying cryptoassets in non-broadcast media, where the advertising issue relates to technical aspects of these products. Complaints arising from non-broadcast adverts on these technical aspects of qualifying cryptoassets will also be referred to the FCA.
Relatedly, the FCA announced that it issued 146 alerts about cryptoasset promotions on the first day of the new regime. The regulator advised that following its risk-based approach, firms of potential concern will be added to the FCA’s Warning List which will be continually updated as the FCA identifies firms which may be illegally communicating cryptoasset promotions and are failing to engage with the regulator constructively. [9 Oct 2023]
EIOPA: Digital Strategy to support consumers, markets and the supervisory community through digital transformation
The European Insurance and Occupational Pensions Authority (EIOPA) has published its Digital Strategy. The strategy guides EIOPA’s priorities and defines the focus areas over the next three years. EIOPA identifies three key long-term priorities:
- ensuring innovation is aligned with the best interests of citizens;
- strengthening the business model sustainability and resilience of all insurance market players; and
- enhancing the supervisory capabilities of EIOPA and NCAs. [12 Oct 2023]
ESMA publishes reports on DeFi
The European Securites and Markets Authority (ESMA) has published the following articles on decentralised finance (DeFi):
- Developments and risks in the EU market – ESMA explains that DeFi presents risks to investor protection, because of the speculative nature of many DeFi arrangements and operational and security vulnerabilities. However, ESMA comments that risks to financial stability are not meaningful owning to the small size of extant DeFi arrangements.
- Categorisation of smart contracts – This article introduces a methodology for the categorisation of smart contracts which leverages on the latter’s source code and on topic modelling. It explores the rate of deployment of smart contracts belonging to the identified categories over time, contributing to an enhanced and nuanced understanding of DeFi, and also to identifying related significant risks.
ESMA will hold a public webinar on these topics on 25 October 2023. [11 Oct 2023]
ESMA Chair comments on financial education and crypto
ESMA has published the welcome speech delivered by its Chair, Verena Ross, at the Joint ESAs Consumer Protection Day 2023 in Madrid. Ms Ross reiterated that consumer protection is a key priority for each of the European Supervisory Authorities (EBA, EIOPA and ESMA – ESAs), individually and collectively, and confirmed that the ESAs have joined forces on the important consumer protection topic of financial education.
Ms Ross also touched on the three topics of panel discussion at the Consumer Protection Day: cryptoassets, cross-selling and greenwashing. In relation to cryptoassets, Ms Ross confirmed that given the Markets in Cryptoassets Regulation (MiCAR) will apply from June 2024, the ESAs have started their work on 40+ policy mandates and that the EBA will also prepare for the supervision of issuers of ‘significant’ asset-referenced and e-money tokens (ARTs and EMTs). [9 Oct 2023]
ASIC Deputy Chair Karen Chester – Speech ‘The Princess and the Pea’: Getting the basics right in insurance
The Australian Securities and Investment Commission (ASIC) has published a speech by its Deputy Chair, Karen Chester, about the structural pressure on reinsurance costs, pricing failures, product design and distribution obligations, and the handling of a customer’s claim on their insurance policy. Among the points Ms Chester made was that getting the basics right first is an important prerequisite for insurers to have the latitude to explore innovative technologies and product design, artificial intelligence (AI), and intelligent automation – which in turn will help them to address structural challenges facing the industry. [12 Oct 2023]
Reforms to the Payment Systems (Regulation) Act 1998 – Exposure draft legislation
The Treasury is updating the Payment Systems (Regulation) Act 1998 to ensure regulators and government can address new risks related to payments as the provision of payments evolves and increases in complexity.
The update includes:
- expanding the definitions of ‘payment system’ and ‘participant’ to ensure the Reserve Bank of Australia has the ability to regulate new and emerging payment systems, such as digital wallet providers and Buy Now Pay Later (BNPL) service providers; and
- introducing a new ministerial designation power that will allow particular payment services or platforms that present risks of national significance to be subject to additional oversight by appropriate regulators.
HKMA issues circular to retail banks on enhanced approaches to combat digital fraud
The HKMA has issued a circular to retail banks to provide an update on the enhancements being made to combat digital fraud.
In the first nine months of 2023, the HKMA received 954 fraud-related banking complaints, exceeding the total of 555 cases for the whole of 2022. The HKMA has therefore worked with the industry to provide regulatory support, improve collaboration and promote innovation. The measures, including the five initiatives announced by the HKMA and the Hong Kong Police Force (HKPF) in April 2023 (see our previous update), will enhance anti-fraud efforts in the areas of information sharing, transaction monitoring and customer alerts.
Information sharing via the Fraud and Money Laundering Intelligence Taskforce (FMLIT) and the Financial Intelligence Evaluation Sharing tool (FINEST)
- Participation in the FMLIT has been expanded to include 28 retail banks, and 6 stored value facility (SVF) licensees will join later this year. The HKMA will continue to monitor how authorised institutions (AIs) use FMLIT data and apply analytics and other regtech capabilities to contribute to FMLIT intelligence and analysis. AIs are expected to allocate adequate resources to support this effort.
- FINEST will be expanded to cover more banks and a wider scope of financial crimes and accounts. The HKMA will soon consult the industry and the public on legal provisions to facilitate personal account information sharing for preventing and detecting crime.
- The 28 retails banks have all implemented real-time fraud monitoring and detection capabilities in line with HKMA requirements. AIs should further explore the inclusion of more data and the application of network analytics in real-time fraud monitoring systems to strengthen their ability to identify high-risk accounts and networks and alert customers of high-risk transactions.
- The HKMA is now working with AIs, SVF licensees, the HKPF and the Hong Kong Interbank Clearing Limited to introduce a pre-transaction alert mechanism for Faster Payment System (FPS) transactions, based on information from Scameter (an anti-fraud search engine launched in September 2022). This mechanism will alert customers where the FPS proxy ID of the payee is listed as ‘High Risk’ on Scameter, giving them an opportunity to further verify, and where necessary, stop the payment. In order to effectively implement the mechanism across all FPS participating AIs and SVF licensees in the coming two months, AIs are required to make appropriate system enhancements and communicate these changes to customers in good time.
AIs are expected to establish adequate systems and controls with senior management oversight to enable effective implementation of the measures and initiatives. The objectives and requirements should be clearly communicated to staff and key performance indicators should be developed to track performance. The HKMA will collect related data from AIs and review the effectiveness at implementation and as part of ongoing supervision. [12 Oct 2023]
MAS announces finalists for AI in Finance Global Challenge
MAS has announced the 19 finalists for the ‘Artificial Intelligence (AI) in Finance Global Challenge’ under the 2023 Global FinTech Hackcelerator.
The finalists submitted solutions such as the use of cognitive AI technology to process financial documents at scale, large language models to generate ESG sentiment analysis for financial institutions (FIs) and investors, and generative AI to identify and evaluate financial risks.
The finalists will undergo a 10-week programme during which they will collaborate and network with corporates, investors, and industry professionals to further refine their solutions. [10 Oct 2023]
SCM hosts 2023 OECD-Asia roundtable on corporate governance
The Securities Commission Malaysia (SCM) and the Organisation for Economic Co-operation and Development (OECD) held the 2023 OECD-Asia roundtable on corporate governance, a regional forum to promote policy dialogue on corporate governance and corporate finance between Asian economies and the OECD.
The event included the Asia launch of the revised G20/OECD Principles of Corporate Governance, a global benchmark for legal, regulatory and institutional frameworks for corporate governance. The revised principles aim to address the emerging changes and challenges faced by corporations globally, such as those surrounding climate change and digitalisation, leading to new uncertainties and vulnerabilities. [11 Oct 2023]
SECT consults on amendment to regulations regarding digital asset business operator’s advertisement
The Securities and Exchange Commission Thailand (SECT) is inviting comments on a proposed amendment to regulations which currently require digital asset business operators (DA operators) to submit each advertisement piece for SECT approval 10 days prior to publication. In response to feedback, SECT is now revising such requirement in order to reduce DA operators’ workload and waiting time while enhancing the role of DA operators’ Board of Directors and the Compliance Unit as reviewers for any advertisement that DA operators carry out.
Comments are requested by 7 November 2023. [9 Oct 2023]
SECT and TDO exchange views on developing Thai digital asset market
SECT has held a joint meeting with the Thai Digital Asset Operators Trade Association (TDO) to exchange ideas on the current regulatory framework for digital assets and strategies for promoting future digital asset businesses.
The key takeaway from the meeting was that SECT and the TDO will work together to support various initiatives aimed at developing the Thai digital asset market. This includes coordinating with relevant authorities on tax matters and amending legislations related to digital assets and oversight regulations in the areas such as customer-asset custody and know your customer (KYC) / customer due diligence (CDD) criteria, etc. [9 Oct 2023]
CFTC charges former CEO of digital asset platform with fraud
The CFTC has announced that it has filed a complaint in the U.S. District Court for the Southern District of New York against the former CEO of now-bankrupt entities. The complaint charges individual with fraud and registration failures in connection with a digital asset platform and the operation of an unregistered commodity pool.
In its continuing litigation, the CFTC seeks restitution, disgorgement, civil monetary penalties, permanent trading and registration bans, and a permanent injunction against further violations of the Commodity Exchange Act (CEA) and CFTC regulations, as charged. [12 Oct 2023]