In this regular update, we round-up FinTech-related financial services regulatory developments for the week ending 13 May 2022.

Global

BCBS: Speech on cryptoassets

The Basel Committee on Banking Supervision (BCBS) has published a speech by Pablo Hernández de Cos, Chair and Governor of the Bank of Spain, on the BCBS’s work on cryptoassets. In his speech, Mr de Cos spoke about the BCBS’s work on digitalisation, including the progress it has made in relation to cryptoassets and decentralized finance (DeFi). Mr de Cos confirmed that the BCBS plans to publish a new consultation paper on the treatment of cryptoassets in the ‘coming months’. Mr de Cos confirmed in an earlier speech at CityWeek that the BCBS would aim to finalise its treatment by the end of 2022. [12 May 2022]

 
CPMI: Final Report on extending and aligning payment system operating hours for cross-border payments

The Committee on Payments and Market Infrastructures (CPMI) has published its final report on extending and aligning payment system operating hours for cross-border payments. The report: considers the operating hours of real-time gross settlement (RTGS) systems; introduces the concept of a global settlement window – the period when the largest number of RTGS systems simultaneously operate; and discusses operational, risk and policy considerations related to three possible end states. [12 May 2022]

 

UK

FCA: CryptoSprint – updated webpage

The FCA has updated its webpage on the CryptoSprint. The update states that the FCA hosted the two-day CryptoSprint event to explore how the evolving world of cryptoassets could be regulated in the UK. It also is the first of many planned industry engagements that will inform what a future regulatory regime for cryptoassets could look like. [12 May 2022]

 
Judiciary: Speech by Master of the Rolls – Blockchain and dispute resolution

The Judiciary has published a speech by Sir Geoffrey Vos, Master of the Rolls, delivered at London International Dispute Week 2022. In his speech, Sir Geoffrey explored the benefits of digital justice, explaining how the digital environment is essential for dispute resolution to maintain confidence and remain sustainable. He also discussed how blockchain will necessitate change to dispute resolution. [12 May 2022]

 
FCA reminds consumers of the risks of investing in cryptoassets

The FCA has published a statement reminding consumers of the risks of investing in cryptoassets. In the statement, the FCA highlights that it does not have regulatory oversight over direct investments in cryptoassets and non-fungible tokens (NFTs). It also highlights that there are no consumer protections for those who buy cryptoassets and NFTs, and that they are not protected under the Financial Services Compensation Scheme (FSCS). [11 May 2022]

 
HMG sets out policy priorities in Queen’s Speech 2022

HM Government (HMG) has published the Queen’s Speech 2022. The speech sets out HMG’s priorities for the year ahead. The Bills to be progressed coalesce around four themes identified by HMG: ‘growing the economy to address the cost of living’; ‘making the streets safer’; ‘funding the NHS to clear the Covid backlogs’; and ‘providing the leadership needed in challenging times’.

Among the various Bills in the lobby briefing which have some relevance to the financial services sector are:

  • Financial Services and Markets Bill which will, among other things, revoke retained EU law on financial services to replace it with a regulatory approach, update regulatory objectives to ‘ensure a greater focus on growth and international competitiveness’, and ensure continuing consumer access to cash;
  • Draft Digital Markets, Competition and Consumer Bill which will ‘promote competition, strengthen consumer rights and protect households and businesses … Measures will also be published to create new competition rules for digital markets and the largest digital firms’;
  • Draft Audit Reform Bill which will establish a new statutory regulator, the Audit, Reporting and Governance Authority;
  • UK Infrastructure Bank Bill which will establish the UK Infrastructure Bank in law with objectives to promote economic growth and to facilitate the delivery of net zero; and
  • Product Security and Telecommunications Infrastructure Bill which is intended to improve cyber resilience and digital connectivity, including by requiring smart consumer products to be more secure against cyber attacks.

In addition, HM Treasury (HMT) has published:

  • a policy paper on HMG’s approach to authorised push payment (APP) scam reimbursement; and
  • a statement on the inclusion of provisions in the Financial Services and Markets Bill to protect access to cash. [11 May 2022]
 
PSR Panel publishes Digital Payments Initiative report

The Payment Systems Regulator’s (PSR) Panel has published its Digital Payments Initiative report. The report discusses the barriers and solutions to increased take-up of digital payments. It provides both strategic and more tangible recommendations for how the PSR could help the market to ensure that everyone has access to digital payment services that meet their needs.

The PSR will engage with industry and relevant authorities on the barriers and solutions that the Panel have identified to enable greater and easier use of digital payments, with a workshop planned in June, and will set out its response to the Panel’s recommendations later in the summer. [10 May 2022]

 

EU

EBA publishes final technical standards on crowdfunding service providers

The European Banking Authority (EBA) has published its final draft regulatory technical standards (RTS) specifying the information that crowdfunding service providers must provide to investors on the calculation of credit scores and prices of crowdfunding offers. The final draft RTS also specify a minimum set of common standards with regards to information to be considered in credit risk assessment and loan valuation and the underlying policies and governance arrangements. [13 May 2022]

 
EC welcomes political agreement on NIS 2 Directive

The European Commission (EC) has published a statement welcoming the political agreement reached between the European Parliament (EP) and EU Member States on the Directive on measures for a high common level of cybersecurity across the Union (NIS 2 Directive), proposed by the EC in December 2020.

The NIS 2 Directive seeks to strengthen cybersecurity requirements imposed on companies, addresses the security of supply chains and supplier relationships and introduces accountability of top management for non-compliance with the cybersecurity obligations.

The political agreement reached by the EP and the Council is now subject to formal approval by the two co-legislators. Once published in the Official Journal, the Directive will enter into force 20 days after publication and Member States will then need to transpose the new elements of the Directive into national law. Member States will have 21 months to transpose the Directive into national law. [13 May 2022]

 
ECB: Occasional Paper on CBDCs and bank intermediation

The European Central Bank (ECB) has published an Occasional Paper on central bank digital currency (CBDCs) and bank intermediation. The paper considers how euro area banks’ balance sheets and activity might be affected by the adoption of a digital euro. In addition, the paper proposes a set of analytical exercises that offer insights into the possible implications for bank intermediation in the euro area. [12 May 2022]

 
EC/EP/Council: Provisional agreement on DORA

The European Parliament (EP) and Council of the EU have reached provisional agreement on the Digital Operational Resilience Act (DORA), which has been welcomed by the European Commission (EC). DORA seeks to ensure that the financial sector in Europe is able to maintain resilient operations through a severe operational disruption. It sets uniform requirements for the security of network and information systems of companies and organisations operating in the financial sector as well as critical third parties which provide ICT (Information Communication Technologies)-related services to them, such as cloud platforms or data analytics services.

The provisional agreement is subject to approval by the Council and the European Parliament before going through the formal adoption procedure. Once the DORA proposal is formally adopted, it will be passed into law by each EU member state. The relevant European Supervisory Authorities (ESAs) will then develop technical standards. [11 May 2022]

 
EC adopts proposal regarding the DMD(FS)

The EC has adopted a proposal for a Directive to repeal the existing Directive on the Distance Marketing of Consumer Financial Services Directive (DMD(FS)) and to include relevant aspects of consumer rights with regard to consumer rights in respect of financial services contracts concluded at a distance within the scope of the horizontally applicable Consumer Rights Directive. Among the changes which the EC proposes are:

  • making access to the 14-day withdrawal right from distance contracts easier, including by requiring a ‘withdrawal button’ for sales conducted electronically;
  • modernising the requirements on both the content and the presentation of pre-contractual information, including with regard to the use of pop-ups and/or layered links;
  • requiring traders to set up online systems which are fair and transparent and to provide an adequate explanation when using online tools (eg roboadvice or chat boxes) and to offer an option for the consumer to request human intervention; and
  • strengthening enforcement by introducing a maximum penalty of at least 4% of annual turnover in cases of widespread cross-border infringements.

The proposal will be submitted to the Council and the EP. [11 May 2022]

 
EC: Consultations on PSD2 and open finance

The European Commission (EC) has launched a public consultation on the review of the revised Payment Services Directive (PSD2) and on open finance. Responses to the consultation, aimed at those without in-depth knowledge of PSD2 or open finance, is requested by 2 August 2022.

As well as the public consultation, the EC has launched the following targeted consultations which have more detailed questions and require specific knowledge of payment services, the PSD2, and data sharing in the financial sector:

  • Targeted consultation on PSD2 – This consultation seeks views on whether PSD2 has achieved its objectives and whether amendments are needed to ensure that its rules remain relevant. Responses are requested by 5 July 2022.
  • Targeted consultation on open finance framework and data sharing in the financial sector – This consultation aims to gather evidence and stakeholder views on various aspects related to the state of play and further development of open finance in the EU. The targeted consultation also seeks stakeholder views on the use of aggregated supervisory data for research and innovation and on broader questions of data sharing among financial firms for risk monitoring or compliance purposes. Responses to the targeted consultation are requested by 5 July 2022.

The EC has also published a call for evidence for an impact assessment on the open finance framework and a call for evidence for an evaluation on payment services. Responses to the calls for evidence are requested by 7 June and 2 August 2022, respectively.

EC is expected to adopt measures in this area in Q4 2022. [10 May 2022]

 

Australia

ASIC outlines its cyber security expectations of AFS licensees

Following the Federal Court’s decision in Australian Securities and Investments Commission v RI Advice Group Pty Ltd [2022] FCA 496 (covered in an earlier update), the Australian Securities & Investments Commission (ASIC) has outlined its expectations of Australian Financial Services (AFS) licensees in relation to cyber security.

ASIC expects licensees to:

  • be aware of potential consumer harms that arise from cybersecurity shortcomings;
  • adopt good cybersecurity risk management practices to reduce potential harm to consumers;
  • act quickly in the event of a cyber incident to minimise the risk of ongoing harm; and
  • report cyber incidents to the Australian Cyber Security Centre.

ASIC says it will take enforcement action when an AFS licensee does not adequately manage cybersecurity risks as part of its licence obligations. [12 May 2022]

 

US

DoJ announces that the CEO of a cryptocurrency mining and investment platform was indicted in a $62 million cryptocurrency fraud scheme

The DoJ has announced that an indictment was unsealed charging the CEO of a purported cryptocurrency mining and investment platform for allegedly orchestrating a $62 million global investment fraud scheme. According to the indictment, the defendant, of Port St. Lucie, Florida, the CEO and founder of the platform, misled investors about the platform’s cryptocurrency mining and investment program, under which investors could invest in the platform by purchasing ‘Mining Packages’. Under this program, the defendant and his co-conspirators touted the platform’s purported international network of cryptocurrency mining machines as being able to generate substantial profits and guaranteed returns by using investors’ money to mine new cryptocurrency. The defendant also touted the platform’s own cryptocurrency as a purported decentralized autonomous organization that was stabilized by revenue from the biggest cryptocurrency mining operation in the world. As alleged in the indictment, however, the defendant operated a fraudulent investment scheme and did not use investors’ funds to mine new cryptocurrency as promised, but instead diverted the funds to cryptocurrency wallets under his control. [6 May 2022]

 
CFTC announces that a court ordered cryptocurrency derivatives trading platform co-founders to pay a total of $30 million for illegally operating a cryptocurrency derivatives trading platform and anti-money laundering violations

The CFTC has announced that the US District Court for the Southern District of New York entered consent orders against the three co-founders of a cryptocurrency derivatives trading platform. The three co-founders are required to pay a total of $30 million civil monetary penalty for their actions. The orders require each to pay a $10 million civil monetary penalty, and also enjoin them from further violations of the Commodity Exchange Act (CEA) and CFTC regulations, as charged.

The consent orders find that from at least November 2014 through to 1 October 2020, the defendants each controlled the platform and are responsible for the platform’s violations of the CEA and CFTC regulations, as they failed to implement and enforce effective controls to prevent or detect the platform’s unlawful conduct. The platform’s violations, as found in the court’s 10 August 2021 order, include the operation of a facility to trade or process swaps without having CFTC approval to operate as a designated contract market (DCM) or a swap execution facility (SEF). In addition, the platform operated as a futures commission merchant (FCM) without CFTC registration, failed to implement a customer information program (CIP) and know-your-customer (KYC) procedures, and failed to implement an adequate anti-money laundering (AML) program. [5 May 2022]