In this regular update, we round-up FinTech-related financial services regulatory developments for the week ending 6 January 2023.
Recent updates from Herbert Smith Freehills include:
- Global FSR Outlook 2023 – Braving the maelstrom
- Edinburgh Reforms – Webcast series
- Hong Kong virtual asset regulation – 2022 wrap-up and what to expect in the new year
- Banking Litigation Podcast Episode 37: Monthly Update November/December 2022 (Christmas Special!)
|FSB: Proposed framework for international regulation of crypto-asset activities – responses
The Financial Stability Board (FSB) has published the responses it has received to its October consultation on the proposed framework for international regulation of crypto-asset activities. The consultation covered:
|IAIS: Consultation on operational resilience in the insurance sector – deadline extended
The International Association of Insurance Supervisors (IAIS) has extended the feedback deadline for the consultation on its Issues Paper on operational resilience in the insurance sector to 13 January 2023. The paper addresses three specific operational resilience sub-topics: cyber resilience; third-party outsourcing; and business continuity management. [3 Jan 2023]
|Lords written question & answers: FTX and forthcoming crypto consultation
For HMT, Baroness Penn has responded to a question put by Baroness Kennedy of Cradley regarding any assessment HM Government (HMG) has made of the risks to investors following the collapse of the cryptocurrency exchange FTX. Baroness Penn explains that the FCA and Bank of England (BoE) continue to warn investors of the risks of cryptoassets. She also highlights the forthcoming legislation which will bring cryptoasset financial promotions within scope of FCA supervision and confirms that it is HMG’s intention to consult on regulating wider cryptoasset activities ‘in the coming weeks’. [5 Jan 2023]
|FCA/PRA: Bank fined for operational resilience failings
The FCA and the PRA have fined a bank a total of £48.65 million for operational risk management and governance failures, including the management of outsourcing risks. The issue arose in relation to the bank’s IT migration programme, which experienced technical failures that resulted in customers being unable to access banking services. The FCA and PRA found that the bank failed both to organise and control the IT migration programme adequately, and to manage the operational risks arising from its IT outsourcing arrangements with its critical third-party supplier.
The FCA and the PRA found that the bank breached several of their Principles for Business and Fundamental Rules. The FCA final notice imposes a fine of £29.75 million and the PRA final notice imposes a fine of £18.9 million. The bank agreed to resolve the matter with the regulators, and qualified for a 30% discount in the overall penalty. [20 Dec 2022]
|EBA: Call for advice on DORA – correspondence
The European Banking Authority (EBA) has published a letter and call for advice addressed to the European Supervisory Authorities (ESAs) from the European Commission (EC) on the the designation criteria and fees for the Digital Operational Resilience Act (DORA) oversight framework. The call for advice requests the ESAs input on the specific details to shape up the designation criteria for critical ICT third-party service providers (CTPPs), as well as the elements which are needed in the specification of the amount of the fees, and the way and methods in which such fees are to be paid.
The ESAs must deliver the advice to the EC by 30 September 2023. [5 Jan 2023]
|EBA: Call for advice from EC – MiCA
The European Banking Authority (EBA) has published a letter and call for advice from John Berrigan at the European Commission (EC) on the Regulation on markets in crypto-assets (MiCA). The letter outlines the EC’s call for advice, which concerns delegated acts on certain criteria for classification of asset-referenced tokens and e-money tokens as significant and on supervisory fees to be charged by EBA to the issuers of significant asset-referenced tokens or e-money tokens.
EBA has been asked to deliver the advice by 30 September 2023. [4 Jan 2023]
|OJ: Regulation and Directive – DORA
The following legal instruments in relation to the Digital Operational Resilience Act (DORA) have been published in the Official Journal of the EU (OJ):
The Regulation and Directive will enter into force on 16 January 2023. DORA will apply from 17 January 2025 and Member States are required to apply measures implementing the DORA Amending Directive from the same date. [3 Jan 2023]
|ECB: Progress report on digital euro
The European Central Bank (ECB) has published its second progress report on the digital euro. In the report, the ECB provides an update on the progress made over the past few months and examines a second set of design and distribution options for a digital euro. Specifically, the report describes the respective roles of the Eurosystem and supervised intermediaries in the digital euro ecosystem, including the settlement of digital euro transactions, and explains the scheme-based approach for the distribution model for the digital euro.
The ECB has also published a letter from Fabio Panetta, Member of the ECB Executive Board, to Irene Tinagli, Chair of the Committee on Economic and Monetary Affairs (ECON) at the European Parliament (EP), setting out details of the report. In the letter, Mr Panetta also notes that the ECB Governing Council is expected to decide in autumn 2023 whether to start a realisation phase to develop and test the appropriate technical solutions and necessary business arrangements for providing a digital euro. [21 Dec 2022]
|ESMA: Framework to assess operational resilience of CCPs
The European Securities and Markets Authority (ESMA) has published a paper outlining a framework for assessing the operational resilience of financial entities providing time-critical services. The paper sets out the three novel tools within the framework (Reliability indicators, Scenario analysis of third-party dependencies and System-wide analysis of critical third-party providers); their methodology; and an example application of these tools in the financial sector, using insights from their use in the context of the fourth central counterparty (CCP) stress test performed by ESMA. [19 Dec 2022]
|ECB: Imposition of administrative penalty on bank for failure to report cyber incident
The ECB has published a decision in which it imposes an administrative penalty on a bank for failing to report a significant cyber incident within the prescribed two-hour deadline outlined in the cyber-incident reporting framework implemented in 2017. [19 Dec 2022]
|Treasury consults on ACCC’s digital platforms recommendations
Treasury is seeking views on the recommendations to address consumer and competition issues contained in the 5th interim report from the ACCC’s ongoing inquiry into digital platform services (released on 11 November 2022). The ACCC’s recommendations include:
Feedback is requested by 15 February 2023.
The ACCC has been undertaking the inquiry since 2020. Matters being considered by the inquiry include competition in markets for the supply of digital platform services, practices of suppliers of digital platform services which may result in harm and how innovation and technology change may affect the nature and degree of market power and characteristics of digital platform services. The final report is due in 2025. [20 Dec 2022]
|HKMA updates AIs on BCBS’s final standard for prudential treatment of cryptoasset exposures and plans for local implementation
The HKMA has issued a circular to inform authorised institutions (AIs) that the Basel Committee on Banking Supervision (BCBS) has published its final standard “Prudential treatment of cryptoasset exposures” following consultation. The standard has been developed to provide a global baseline framework for banks’ cryptoasset exposures to promote responsible innovation while preserving financial stability.
The standard is scheduled to be implemented by member jurisdictions by 1 January 2025, and the HKMA intends to implement it in Hong Kong in accordance with this timeframe. The HKMA will consult the industry in due course on local implementation, but in the meantime, AIs that are planning to conduct cryptoasset-related business activities are recommended to familiarise themselves with the new standard and consider its implications.
Under the standard, cryptoassets will be categorised into Group 1 (qualifying tokenised assets and stablecoins which will generally be subject to the risk-based capital requirements of the existing Basel capital framework) and Group 2 (cryptoassets that do not meet the Group 1 classification conditions and will be subject to a more conservative capital treatment).
Key features of the standard include:
The HKMA notes that some areas, such as permissionless blockchains and additional statistical tests to identify low risk stablecoins, will remain subject to monitoring and further review by the BCBS. [20 Dec 2022]
|HKMA shares key observations and sound practices from its review on consumer protection in respect of digital platforms for application of unsecured loan and credit card products
The HKMA has issued a circular to share with the industry key observations and sound practices identified in its supervisory work conducted on consumer protection in respect of digital platforms for the application of unsecured loan and credit card products.
Details of the key observations and sound practices are attached to the circular. AIs are expected to review and make any necessary improvements to ensure that their digital platforms are designed in a way which can enable customers to make informed borrowing decisions. [20 Dec 2022]
|FSTB launches consultation on enhancing crowdfunding activities
The Financial Services and the Treasury Bureau (FSTB) has launched a consultation on proposals to enhance crowdfunding activities. Feedback on the proposals is required by 20 March 2023.
The consultation paper sets out various recommendations on enhancing the transparency and accountability of crowdfunding activities, which include requiring in-principle future crowdfunding activities to obtain permission before commencement, and ensuring sufficient transparency to the public during and after conducting crowdfunding activities.
The following are the major features of the proposed regulatory regime (among others):
|BNM Policy Document on Electronic Money (E-Money)
Bank Negara Malaysia (BNM) has published a Policy Document setting out regulatory requirements and guidance for electronic money issuers (EMI) approved pursuant to section 11 of the Financial Services Act 2013 (FSA) or the Islamic Financial Services Act 2013 (IFSA). BNM has issued a Feedback Statement to address the key feedback and proposals received during the consultation period and Frequently Asked Questions (FAQs) to enhance public understanding of the requirements and clarify interpretation issues in implementing the requirements of the E-Money policy document. This policy document comes into effect on 30 December 2022, except for paragraphs 15, 16.2 to 16.4, 18, 19.6 to 19.15, 27, 28, 29, 30 and 31 which come into effect on 30 December 2023. [30 Dec 2022]
|SECT consults on proposed revision to supervision of digital asset custodial wallet providers
The SECT is seeking public comments on a proposed revision to the principles for supervising digital asset (DA) custodial wallet providers. This would involve an exemption from the definition as DA Custodial Wallet Provider for DA issuers who provide custodial service on self-issued DA for their clients. The proposed revision would also require investment token issuers who provide custody and deposit service on self-issued DA to establish a system segregating their clients’ DA from their own assets, and would prohibit them from seeking benefits from the clients’ DA under their custody. The consultation ends on 26 Jan 2023. [27 Dec 2022]
|RBI announces fourth cohort for regulatory sandbox
The RBI has announced the fourth cohort for the regulatory sandbox with the theme ‘Prevention and Mitigation of Financial Frauds’. The RBI received nine applications of which six have been selected for the test phase due to commence in February 2023. [5 Jan 2023]
|BSP Partners with BAP and BMAP to Promote Cyber Hygiene
The BSP has partnered with the Bankers Association of the Philippines (BAP) and the Bank Marketing Association of the Philippines (BMAP) in rolling out the “Check-Protect-Report” (CPR) information drive to foster cyber hygiene among Filipinos. The communication campaign aims to equip Filipino financial consumers with the information needed to protect themselves against online scams.[1 Jan 2023]
|BSP Issues rules for RTGS PS Participants
The BSP has issued rules for the participants in the Peso Real Time Gross Settlement Payment System (RTGS PS), an infrastructure that provides real-time settlement of payments, funds transfer instructions, or other obligations individually on a transaction-by-transaction basis, in order to ensure the smooth flow of funds in the financial system. The rules issued under BSP Memorandum No. M-2022-0049 dated 22 November 2022 require all RTGS PS participants to comply with all laws and regulations on payment systems and provide for penalties and sanctions. RTGS PS participants include the BSP and financial institutions maintaining settlement accounts with the BSP, entities that are sponsored into settlement, as well as FMIs, clearing switch operators, and critical service providers within the RTGS ecosystem. The BSP has streamlined the qualification requirements for prospective members of the real-time payment system. Non-bank e-money issuers and other entities may now settle their retail transactions through the RTGS PS without the need for sponsorship by existing participants. The BSP designated the RTGS PS as a payment system that pose or have the potential to pose systemic risk to the stability of the national payment system (SIP). [21 Dec 2022]
|Agencies issue joint statement on crypto-asset risks to banking organizations
Federal bank regulatory agencies have issued a statement highlighting key risks for banking organizations associated with crypto-assets and the crypto-asset sector and describing the agencies’ approaches to supervision in this area. In particular, the statement describes several key risks associated with crypto-assets and the crypto-asset sector, as demonstrated by the significant volatility and vulnerabilities over the past year. Given these risks, the agencies continue to take a careful and cautious approach related to current and proposed crypto-asset-related activities and exposures at banking organizations. The agencies continue to assess whether or how current and proposed crypto-asset-related activities by banking organizations can be conducted in a manner that is safe and sound, legally permissible, and in compliance with applicable laws and regulations, including those designed to protect consumers. [3 Jan 2023]