The post below was first published on our Fintech notes blog

In this regular update, we round-up FinTech-related financial services regulatory developments for the week ending 22 July 2022.


Recent updates from Herbert Smith Freehills include:


FCA/BoE/PRA: Operational resilience DP – measures to oversee CTPs

The Bank of England (BoE), the PRA and the FCA have published Discussion Paper 22/3 – Operational resilience: Critical third parties to the UK financial sector (FCA DP22/3, PRA DP3/22). The DP sets out potential measures to oversee and strengthen the resilience of services provided by critical third parties (CTPs) to the UK financial sector. It also outlines how the supervisory authorities could use the powers proposed under the Financial Services and Markets Bill, which include:

  • a framework for identifying potential CTPs, which would inform the supervisory authorities’ recommendations for formal designation by HMT;
  • minimum resilience standards, which would apply to the services that designated CTPs provide to firms and financial market infrastructures (FMIs); and
  • a framework for testing the resilience of material services that CTPs provide to firms and FMIs using a range of tools, including but not limited to scenario testing, participation in sector-wide exercises, cyber resilience testing, and skilled persons reviews of CTPs.

Comments are open until 23 December 2022. A consultation paper (CP) will follow in 2023, subject to the progress of the Financial Services and Markets Bill through Parliament. [21 Jul 2022]

FCA/BoE: Transforming data collection – joint transformation programme

The BoE and FCA have published an initial set of recommendations from the joint transformation programme with industry to transform data collection from the UK financial sector and their response to those recommendations.

The BoE and FCA agreed to accept all of the recommendations made by the industry committees in principle. For some recommendations, the BoE and FCA are keen to move to delivery of solutions immediately. For other recommendations, the joint transformation programme will need to explore the solutions further to understand how they might be delivered and the associated business case. If the BoE and FCA find that there is a business case, then they will add such recommendations to their future roadmap for transformation. [21 Jul 2022]

PSR response to Digital Payments Initiative report

The Payments Systems Regulator (PSR) has published its response to the PSR Panel’s Digital Payments Initiative report. The Panel’s report highlighted reasons for cash reliance, such as lack of access to digital and financial infrastructure or lack of digital and financial skills, that cannot be addressed by new types of digital payment alone. The Panel made 12 recommendations covering: open banking payments; the PSR’s Card Acquiring Market Review; improved data collection; digital identity; and fraud prevention and protection.

The PSR explains that despite being unable to tackle the causes of digital exclusion, the PSR does have a role in challenging payment systems to consider people with limited digital and financial inclusion when designing and implementing digital payment services. As such, that is where the PSR will focus its attention. In its response, the PSR has considered and addressed each of the Panel’s 12 recommendations, and also identified areas where the PSR is seeking consumer and broader stakeholder views. Actions will be incorporated into the PSR’s work programme where identified. [21 Jul 2022]

HMT consults on reforming the payment’s regulatory landscape

HMT has published The Payments Regulation and the Systemic Perimeter: Consultation and Call for Evidence. The consultation is published to meet the commitment to bring systemically important entities operating within payment chains into BoE regulation which was made by HMG in the October 2021 Payment Landscape Review. The consultation sets out:

  • the rationale for expanding the BoE’s supervision of systemic risk relating to payment beyond payment systems and associated payment service providers;
  • the principles which HMG would apply to any reforms of the BoE’s regulatory responsibilities, namely that of ‘same risk, same regulatory outcome’;
  • what an amended regulatory perimeter would involve for regulating risk end-to-end throughout the payment chain;
  • what criteria would apply to recognising new entities;
  • the role of HMT in determining the entities which would fall within the systemic regulatory regime;
  • HMG’s approach to applying the Future Regulatory Framework Review to the payments regulatory landscape;
  • potential reforms to the PSR’s regulatory framework; and
  • how the Senior Managers & Certification Regime (SMCR) may apply to the sector.

Feedback is requested by 11 October 2022; HMG will respond to the consultation in 2023. [21 Jul 2022]

SI: The Money Laundering and Terrorist Financing (Amendment) (No. 2) Regulations 2022

The Money Laundering and Terrorist Financing (Amendment) (No. 2) Regulations 2022 have been published (alongside an explanatory memorandum). This statutory instrument (SI) makes some time-sensitive updates to The Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (the MLRs), which are being made to ensure that the UK continues to meet international standards in relation to anti-money laundering and countering the financing of terrorism (AML/CFT). The Regulations enter into force on 21 July 2022. The SI is limited to a number of specific measures; a separate review of the MLRs is underway which will inform the UK’s broader direction on AML/CFT for the longer term.

The instrument measures include inserting a new Part 7A into the MLRs to expand the information sharing standard for wire/bank transfers to transfers involving crypto-assets – implementing the ‘Travel Rule’ for cryptoassets. [21 Jul 2022]

PRA speech: Operational and financial resilience

The PRA has published a speech by Nathanaël Benjamin, Executive Director, Authorisations, RegTech, and International Supervision on the risks and challenges for investment banks. In his speech, Mr Benjamin highlights key risks including climate change and new technology and notes the regulator’s expectations in relation to financial resilience and operational resilience. In speaking about operational resilience, Mr Benjamin noted investment banks’ increasing moves into the digital assets space – from providing structured products through to trading in crypto derivative markets. He remarked that ‘before entering materially into crypto assets, adopting Artificial Intelligence (AI), introducing the cloud; or entering third-party relationships, international banks active in the UK must complete their operational resilience homework’. [20 Jul 2022]

HMT: Financial Services and Markets Bill

HMT has published the Financial Services and Markets Bill (along with explanatory notes) as introduced to Parliament on 20 July 2022. The Bill seeks to tailor financial services regulation to UK markets following Brexit; to bolster the competitiveness of the UK as a global financial centre; and to deliver better outcomes for consumers and businesses. The Bill will:

  • implement the outcomes of the Future Regulatory Framework (FRF) Review;
  • maintain the UK’s position as an open and global financial hub;
  • harness the opportunities of innovative technologies in financial services;
  • bolster the competitiveness of UK markets and promote the effective use of capital; and
  • support the levelling up agenda, promote financial inclusion and consumer protection.

HMT has also published a Memorandum from Her Majesty’s Treasury to the Delegated Powers and Regulatory Reform Committee and a Memorandum on the European Convention on Human Rights. The memorandums seek to address some of the key points in relation to the Bill and to assist with its scrutiny.

We have published our initial analysis of the Bill’s contents and its implications, here. [20 Jul 2022]

HMT: Terms of reference for Digitisation Taskforce

HMT has published the terms of reference for its Digitisation Taskforce, which was a recommendation made in the report of the Secondary Capital Raising Review. The Taskforce will work with stakeholders across the financial services sector to build a broad consensus for change. In particular it will:

  • identify immediate, and longer term, means of improving on the current intermediated system of share ownership;
  • eliminate the use of paper share certificates for traded companies and mandate the use of additional options to cheques for cash remittances; and
  • consider whether the arrangements for digitisation can be extended to newly formed private companies and as an optional route for existing UK private companies.

The Taskforce will also consider the use of new processes and technologies in achieving these goals. It will develop a timetable and plan for implementation of changes and engage with HMG and other regulators on its progress. A public report on the Taskforce’s progress and initial findings is due by spring 2023, and final recommendations and an implementation plan are due by spring 2024. [20 Jul 2022]

DCMS/BEIS/Office for AI: Policy paper for consultation and AI strategy update

The Department for Digital, Culture, Media & Sport (DCMS), Department for Business, Energy & Industrial Strategy (BEIS), and Office for Artificial Intelligence (AI) have published a policy paper, Establishing a pro-innovation approach to regulating AI and a new AI Action Plan.

The policy paper outlines HMG’s intention to adopt a pro-innovation regulatory framework for AI technology in the UK. The framework will be underpinned by a set of cross-sectoral principles tailored to the specific characteristics of AI which will be context-specific, pro-innovation and risk-based, coherent, and proportionate and adaptable. Feedback on the policy paper is requested by 26 September 2022; a white paper and public consultation will follow later in 2022.

The action plan provides a summary of HMG’s progress since the publication of the National AI Strategy in September 2021. It describes actions taken in relation to the following three pillars:

  • investing in the long term needs of the AI ecosystem;
  • ensuring AI benefits all sectors and regions; and
  • governing AI effectively. [20 Jul 2022]


EIOPA: Peer Review on outsourcing

The European Insurance and Occupational Pensions Authority (EIOPA) has published the report of the peer review on outsourcing. The peer review assessed the overall maturity of the framework implemented by national supervisory authorities (NSAs) to supervise the outsourced activities of insurance and reinsurance undertakings. The objective was to identify gaps, areas of improvements and best practices to promote consistent and effective supervision. The findings show that firms are increasingly using of outsourcing, particularly for technology, although the level of outsourcing varies greatly across the European Economic Area (EEA).

EIOPA has identified somes areas where higher supervisory convergence could be achieved, and is considering conducting further analysis in three domains:

  • the outsourcing of delegated authority;
  • the definition of ‘material development’ and the meaning of ‘timely notification’ according to article 49(3) of Solvency II; and
  • the supervision of undertakings that make such an extensive use of outsourcing that it impacts their corporate substance (so-called ’empty shells’). [19 Jul 2022]

Hong Kong

HKMA and Cyberport co-organise second AMLab as part of “Fintech 2025” strategy

As part of its “Fintech 2025” strategy, the HKMA has co-organised its second AML Regtech Lab (AMLab) with Cyberport (supported by Deloitte). Following its first session on network analytics capacity held in November 2021 (see our previous update), the second AMLab focused on the use of “enabling technologies” such as robotic process automation, low-code/no-code platforms and visualisation tools to automate repetitive and time-intensive processes, managing large volumes of data to draw insights from data analysis to be presented in easily understood formats.

A group of five small and medium-sized banks collaborated with technical experts to:

  • target common pain points in essential but repetitive anti-money laundering (AML) operations, such as customer due diligence at onboarding and record keeping;
  • identify applicable technology solutions to address the common pain points and develop business cases for the adoption of “enabling technologies”; and
  • gain hands-on experience with relevant technologies and explore potential use cases to cope with individual circumstances.

Following this second AMLab, a new Regtech Connect session took place where technology companies in Cyberport demonstrated a range of tools and services and engaged in open and collaborative discussions with participating banks regarding the use of AML regtech.

The HKMA and Cyberport will continue to encourage innovation and arrange further AMLabs on other solutions such as regtech tools for banks’ transaction monitoring. [21 Jul 2022]

HKMA publishes seventh issue of Regtech Adoption Practice Guide on TPRM

The HKMA has published the seventh issue of its Regtech Adoption Practice Guide, focusing on regtech solutions that help banks manage third-party monitoring and risk management (TPRM). This guide series was launched by the HKMA in June 2021 as part of its regtech adoption roadmap to provide banks with detailed practical guidance on the adoption of regtech solutions (see our previous update in relation to the sixth issue).

The areas covered in the seventh issue include:

  • Key challenges faced by Hong Kong banks in relation to TPRM and key considerations when adopting TPRM regtech solutions;
  • Practical implementation guidance to banks on the adoption of TPRM regtech solutions, including on strategy and operating model, people and capabilities, governance and organisation, and technology and data;
  • Two use cases on the adoption of TPRM regtech solutions (cloud-based TPRM platform and automated residual risk assessment), discussing the challenge, solution and key success factors for each. [18 Jul 2022]


RBI regulatory sandbox: Second cohort on cross-border payments – exit

In a press release, the RBI has advised that four of the entities which were in the second cohort to enter the regulatory sandbox, which had as its theme cross-border payments, have completed the test phase. The products were evaluated based on mutually agreed test scenarios and expected outcomes. All were found viable within the boundary conditions defined during testing in the regulatory sandbox and have now exited. The products may be considered for adoption by Regulated Entities (REs) subject to compliance with applicable regulatory requirements. [19 Jul 2022]

SEBI files FIR on email cyber security incident

In a press release, the Securities and Exchange Board of India (SEBI) explained that it has filed a first information report (FIR) for a cyber security incident on its email system which was identified during the course of a system upgrade. [16 Jul 2022]



CFTC announces that a federal court orders Texas man to pay over $290,000 for manipulative and deceptive digital asset pump-and-dump scheme

The CFTC has announced that the US District Court for the Southern District of New York entered a consent order on 14 July for a permanent injunction, monetary sanctions, and disgorgement of ill-gotten proceeds against a resident of Dallas, Texas.

The consent order resolves the claims against the individual in the CFTC action filed against the defendants on 5 March 2021 that alleged they engaged in a manipulative and deceptive digital asset “pump-and-dump” scheme. The order requires one defendant to disgorge over $146,000 he received in ill-gotten gains from the scheme and also to pay an equal amount in a civil monetary penalty. The order also permanently prohibits him from engaging in further violations of the Commodity Exchange Act (CEA) and CFTC regulations as charged, and it imposes registration and trading bans. [18 Jul 2022]

CFTC extends comment period for RFI on climate-related financial risk

The CFTC has announced an extension to the deadline for the public comment period on a request for information on climate-related financial risk (RFI) to October 7.

On June 2, the CFTC announced that it was seeking public feedback on all aspects of climate-related financial risk, including as it may pertain to the derivatives markets, underlying commodities markets, registered entities, registrants, and other related market participants. The RFI also seeks responses on questions specific to data, scenario analysis and stress testing, risk management, disclosure, product innovation, voluntary carbon markets, digital assets, greenwashing, financially vulnerable communities, and public-private partnerships and engagement.

The RFI was published in the Federal Register on June 8, with a 60-day comment period; it was originally scheduled to close on August 8. [18 Jul 2022]


Ukraine-related sanctions information

Regular updates on sanctions and other developments that may impact businesses with interests or operations in Ukraine and/or Russia are available on our FSR and Corporate Crime Notes blog here.