The post below was first published on our Fintech notes blog
In this regular update, we round-up FinTech-related financial services regulatory developments for the week ending 22 July 2022.
Recent updates from Herbert Smith Freehills include:
|FCA/BoE/PRA: Operational resilience DP – measures to oversee CTPs
The Bank of England (BoE), the PRA and the FCA have published Discussion Paper 22/3 – Operational resilience: Critical third parties to the UK financial sector (FCA DP22/3, PRA DP3/22). The DP sets out potential measures to oversee and strengthen the resilience of services provided by critical third parties (CTPs) to the UK financial sector. It also outlines how the supervisory authorities could use the powers proposed under the Financial Services and Markets Bill, which include:
Comments are open until 23 December 2022. A consultation paper (CP) will follow in 2023, subject to the progress of the Financial Services and Markets Bill through Parliament. [21 Jul 2022]
|FCA/BoE: Transforming data collection – joint transformation programme
The BoE and FCA have published an initial set of recommendations from the joint transformation programme with industry to transform data collection from the UK financial sector and their response to those recommendations.
The BoE and FCA agreed to accept all of the recommendations made by the industry committees in principle. For some recommendations, the BoE and FCA are keen to move to delivery of solutions immediately. For other recommendations, the joint transformation programme will need to explore the solutions further to understand how they might be delivered and the associated business case. If the BoE and FCA find that there is a business case, then they will add such recommendations to their future roadmap for transformation. [21 Jul 2022]
|PSR response to Digital Payments Initiative report
The Payments Systems Regulator (PSR) has published its response to the PSR Panel’s Digital Payments Initiative report. The Panel’s report highlighted reasons for cash reliance, such as lack of access to digital and financial infrastructure or lack of digital and financial skills, that cannot be addressed by new types of digital payment alone. The Panel made 12 recommendations covering: open banking payments; the PSR’s Card Acquiring Market Review; improved data collection; digital identity; and fraud prevention and protection.
The PSR explains that despite being unable to tackle the causes of digital exclusion, the PSR does have a role in challenging payment systems to consider people with limited digital and financial inclusion when designing and implementing digital payment services. As such, that is where the PSR will focus its attention. In its response, the PSR has considered and addressed each of the Panel’s 12 recommendations, and also identified areas where the PSR is seeking consumer and broader stakeholder views. Actions will be incorporated into the PSR’s work programme where identified. [21 Jul 2022]
|HMT consults on reforming the payment’s regulatory landscape
HMT has published The Payments Regulation and the Systemic Perimeter: Consultation and Call for Evidence. The consultation is published to meet the commitment to bring systemically important entities operating within payment chains into BoE regulation which was made by HMG in the October 2021 Payment Landscape Review. The consultation sets out:
Feedback is requested by 11 October 2022; HMG will respond to the consultation in 2023. [21 Jul 2022]
|SI: The Money Laundering and Terrorist Financing (Amendment) (No. 2) Regulations 2022
The Money Laundering and Terrorist Financing (Amendment) (No. 2) Regulations 2022 have been published (alongside an explanatory memorandum). This statutory instrument (SI) makes some time-sensitive updates to The Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (the MLRs), which are being made to ensure that the UK continues to meet international standards in relation to anti-money laundering and countering the financing of terrorism (AML/CFT). The Regulations enter into force on 21 July 2022. The SI is limited to a number of specific measures; a separate review of the MLRs is underway which will inform the UK’s broader direction on AML/CFT for the longer term.
The instrument measures include inserting a new Part 7A into the MLRs to expand the information sharing standard for wire/bank transfers to transfers involving crypto-assets – implementing the ‘Travel Rule’ for cryptoassets. [21 Jul 2022]
|PRA speech: Operational and financial resilience
The PRA has published a speech by Nathanaël Benjamin, Executive Director, Authorisations, RegTech, and International Supervision on the risks and challenges for investment banks. In his speech, Mr Benjamin highlights key risks including climate change and new technology and notes the regulator’s expectations in relation to financial resilience and operational resilience. In speaking about operational resilience, Mr Benjamin noted investment banks’ increasing moves into the digital assets space – from providing structured products through to trading in crypto derivative markets. He remarked that ‘before entering materially into crypto assets, adopting Artificial Intelligence (AI), introducing the cloud; or entering third-party relationships, international banks active in the UK must complete their operational resilience homework’. [20 Jul 2022]
|HMT: Financial Services and Markets Bill
HMT has published the Financial Services and Markets Bill (along with explanatory notes) as introduced to Parliament on 20 July 2022. The Bill seeks to tailor financial services regulation to UK markets following Brexit; to bolster the competitiveness of the UK as a global financial centre; and to deliver better outcomes for consumers and businesses. The Bill will:
HMT has also published a Memorandum from Her Majesty’s Treasury to the Delegated Powers and Regulatory Reform Committee and a Memorandum on the European Convention on Human Rights. The memorandums seek to address some of the key points in relation to the Bill and to assist with its scrutiny.
We have published our initial analysis of the Bill’s contents and its implications, here. [20 Jul 2022]
|HMT: Terms of reference for Digitisation Taskforce
HMT has published the terms of reference for its Digitisation Taskforce, which was a recommendation made in the report of the Secondary Capital Raising Review. The Taskforce will work with stakeholders across the financial services sector to build a broad consensus for change. In particular it will:
The Taskforce will also consider the use of new processes and technologies in achieving these goals. It will develop a timetable and plan for implementation of changes and engage with HMG and other regulators on its progress. A public report on the Taskforce’s progress and initial findings is due by spring 2023, and final recommendations and an implementation plan are due by spring 2024. [20 Jul 2022]
|DCMS/BEIS/Office for AI: Policy paper for consultation and AI strategy update
The Department for Digital, Culture, Media & Sport (DCMS), Department for Business, Energy & Industrial Strategy (BEIS), and Office for Artificial Intelligence (AI) have published a policy paper, Establishing a pro-innovation approach to regulating AI and a new AI Action Plan.
The policy paper outlines HMG’s intention to adopt a pro-innovation regulatory framework for AI technology in the UK. The framework will be underpinned by a set of cross-sectoral principles tailored to the specific characteristics of AI which will be context-specific, pro-innovation and risk-based, coherent, and proportionate and adaptable. Feedback on the policy paper is requested by 26 September 2022; a white paper and public consultation will follow later in 2022.
The action plan provides a summary of HMG’s progress since the publication of the National AI Strategy in September 2021. It describes actions taken in relation to the following three pillars:
|EIOPA: Peer Review on outsourcing
The European Insurance and Occupational Pensions Authority (EIOPA) has published the report of the peer review on outsourcing. The peer review assessed the overall maturity of the framework implemented by national supervisory authorities (NSAs) to supervise the outsourced activities of insurance and reinsurance undertakings. The objective was to identify gaps, areas of improvements and best practices to promote consistent and effective supervision. The findings show that firms are increasingly using of outsourcing, particularly for technology, although the level of outsourcing varies greatly across the European Economic Area (EEA).
EIOPA has identified somes areas where higher supervisory convergence could be achieved, and is considering conducting further analysis in three domains:
|HKMA and Cyberport co-organise second AMLab as part of “Fintech 2025” strategy
As part of its “Fintech 2025” strategy, the HKMA has co-organised its second AML Regtech Lab (AMLab) with Cyberport (supported by Deloitte). Following its first session on network analytics capacity held in November 2021 (see our previous update), the second AMLab focused on the use of “enabling technologies” such as robotic process automation, low-code/no-code platforms and visualisation tools to automate repetitive and time-intensive processes, managing large volumes of data to draw insights from data analysis to be presented in easily understood formats.
A group of five small and medium-sized banks collaborated with technical experts to:
Following this second AMLab, a new Regtech Connect session took place where technology companies in Cyberport demonstrated a range of tools and services and engaged in open and collaborative discussions with participating banks regarding the use of AML regtech.
The HKMA and Cyberport will continue to encourage innovation and arrange further AMLabs on other solutions such as regtech tools for banks’ transaction monitoring. [21 Jul 2022]
|HKMA publishes seventh issue of Regtech Adoption Practice Guide on TPRM
The HKMA has published the seventh issue of its Regtech Adoption Practice Guide, focusing on regtech solutions that help banks manage third-party monitoring and risk management (TPRM). This guide series was launched by the HKMA in June 2021 as part of its regtech adoption roadmap to provide banks with detailed practical guidance on the adoption of regtech solutions (see our previous update in relation to the sixth issue).
The areas covered in the seventh issue include:
|RBI regulatory sandbox: Second cohort on cross-border payments – exit
In a press release, the RBI has advised that four of the entities which were in the second cohort to enter the regulatory sandbox, which had as its theme cross-border payments, have completed the test phase. The products were evaluated based on mutually agreed test scenarios and expected outcomes. All were found viable within the boundary conditions defined during testing in the regulatory sandbox and have now exited. The products may be considered for adoption by Regulated Entities (REs) subject to compliance with applicable regulatory requirements. [19 Jul 2022]
|SEBI files FIR on email cyber security incident
In a press release, the Securities and Exchange Board of India (SEBI) explained that it has filed a first information report (FIR) for a cyber security incident on its email system which was identified during the course of a system upgrade. [16 Jul 2022]
|CFTC announces that a federal court orders Texas man to pay over $290,000 for manipulative and deceptive digital asset pump-and-dump scheme
The CFTC has announced that the US District Court for the Southern District of New York entered a consent order on 14 July for a permanent injunction, monetary sanctions, and disgorgement of ill-gotten proceeds against a resident of Dallas, Texas.
The consent order resolves the claims against the individual in the CFTC action filed against the defendants on 5 March 2021 that alleged they engaged in a manipulative and deceptive digital asset “pump-and-dump” scheme. The order requires one defendant to disgorge over $146,000 he received in ill-gotten gains from the scheme and also to pay an equal amount in a civil monetary penalty. The order also permanently prohibits him from engaging in further violations of the Commodity Exchange Act (CEA) and CFTC regulations as charged, and it imposes registration and trading bans. [18 Jul 2022]
|CFTC extends comment period for RFI on climate-related financial risk
On June 2, the CFTC announced that it was seeking public feedback on all aspects of climate-related financial risk, including as it may pertain to the derivatives markets, underlying commodities markets, registered entities, registrants, and other related market participants. The RFI also seeks responses on questions specific to data, scenario analysis and stress testing, risk management, disclosure, product innovation, voluntary carbon markets, digital assets, greenwashing, financially vulnerable communities, and public-private partnerships and engagement.
The RFI was published in the Federal Register on June 8, with a 60-day comment period; it was originally scheduled to close on August 8. [18 Jul 2022]
Ukraine-related sanctions information
Regular updates on sanctions and other developments that may impact businesses with interests or operations in Ukraine and/or Russia are available on our FSR and Corporate Crime Notes blog here.