In this regular update, we round-up FinTech-related financial services regulatory developments for the week ending 6 April 2023.


Recent updates from Herbert Smith Freehills include:


IOSCO: Work Program 2023-2024

The International Organization of Securities Commissions (IOSCO) has published the its Work Program for 2023-2024. The program covers a two-year period and identifies worksteams across five themes:

  • strengthening financial resilience;
  • supporting market effectiveness;
  • protecting investors;
  • addressing new risks in sustainability and fintech; and
  • promoting regulatory cooperation and effectiveness

With particular regard to fintech, the program focuses on the work of IOSCO’s Fintech Task Force (FTF) which has two workstreams – one on crypto and digital assets (CDA) and another on decentralised finance (DeFi). IOSCO plans to issue a consultation on the regulation of CDA in H1/2023, with final recommendations in 2023. A consultation on the regulation of DeFi will be issued in Q3/2023, with final policy by the end of 2023. [5 Apr 2023]

BIS Working paper: Crypto carry

The Bank for International Settlements (BIS) has published a working paper: Crypto carry. Noting that the cryptoassets ecosystem has matured to a point where cash and derivative instruments are now actively traded both on native crypto exchanges as well as on traditional exchanges, the paper examines the large difference between spot and future prices, the so-called futures basis which is referred to as ‘crypto carry’.

In terms of findings, the paper reports some evidence for market segmentation between crypto exchanges and the traditional financial system. It also shows that traditional determinants of carry such as interest rate differentials explain very little of the variation in crypto carry. Instead, variation in carry is driven mainly by fluctuations in convenience yields, which stem from two main forces – trend-chasing and attention by smaller investors and the second is the relative scarcity of ‘arbitrage’ capital taking the other side through a cash and carry position. The paper also finds that there is ‘excess volatility’ of crypto futures relative to spot prices. Finally, high crypto carry predicts future price crashes and a rise in carry typically goes hand in hand with a rise in the price of crash risk insurance. [5 Apr 2023]



FCA/ASA: Educating fin-fluencers about the risks involved in promoting financial products

The FCA and the Advertising Standards Authority (ASA) have announced plans to support the education of fin-fluencers on the risks involved in promoting financial products. The FCA and ASA will engage with influencers and their agents to provide clear information about what could be an illegal financial promotion. The materials include an infographic, designed for influencers, which sets out what they should check before accepting brand deals for financial products and services. Influencer agents and the Influencer Marketing Trade Body will be invited by the FCA to an open roundtable discussion on illegal financial promotions. [6 Apr 2023]

FCA: Business Plan 2023/24

The FCA has published its Business Plan for 2023/24. The Business Plan sets out the how the FCA will deliver the second year of its three-year Strategy. The FCA’s Annual Report later in the year will report on progress against the activities set out the previous year’s Business Plan and will provide the latest data against its outcomes and metrics.

The Business Plan highlights key uncertainties including: volatility around inflation and interest rates; the risk of increasing unemployment; the cost of living crisis; and market volatility as geo-political tensions continue. With regard to specific challenges, the FCA says that it will remain alert to potential problems in wholesale markets, and to the potential longer-term impacts of rising interest rates and elevated inflation.

In terms of prioritising its work, the FCA will continue to pursue three focus areas: reducing and preventing serious harm; setting and testing higher standards; and promoting competition and positive change. Where additional resources are available, the FCA says it will also focus on these four commitments: preparing financial services for the future; putting consumers’ needs first; reducing and preventing financial crime; and strengthening the position in global wholesale markets. The Business Plan also specifically mentions that in preparation for increasing regulatory oversight of cryptoassets, the FCA will be investing in additional skills to help it deliver to this new remit. On deferred payment credit (exempt buy-now-pay-later (BNPL)), the FCA will design and begin to implement its approach.

Finally, the FCA also notes that its headcount has grown from around 3,800 at the beginning of 2022 to nearly 4,500 at the end of March 2023. [5 Apr 2023]

DRCF: New Chief Executive

The Digital Regulatory Cooperation Forum (DRCF) has announced the appointment of Kate Jones as its new Chief Executive. The DRCF brings together the Information Commissioner’s Office (ICO), the Competition and Markets Authority (CMA), the Office of Communications (Ofcom) and the FCA; it provides a forum for coordination on digital policy development. Ms Jones will take up her new role on 2 May 2023. [4 Apr 2023]

FCA: EmTech Research Hub – synthetic data, DLT, Web 3, quantum, metaverse

The FCA has published information about its Emerging Technology (EmTech) Research Hub which monitors trends in technology and provides insight into how these impact on firms, the financial system, and consumers. The FCA explains that the EmTech Research Hub is collaborative, with engagement across industry, academia, other stakeholders and fellow regulators – including via the DRCF. The FCA sets out the Hub’s current focus and enumerates the key activities it has undertaken in each area. The focus areas are:

  • synthetic data and privacy enhancing technologies (PETs) – on which the FCA says it will shortly publish the findings from the March 2023 industry-academia roundtable which it co-hosted with the Alan Turing Institute;
  • distributed ledger technology (DLT), Web 3, and decentralisation;
  • quantum technology – here the FCA notes that the DRCF held a symposium on quantum in March 2023; a blog summarising the outcomes of the day will be published by the FCA shortly; and
  • metaverse and immersive technology. [4 Apr 2023]
DRCF Algorithmic Processing workstream – Key findings from industry workshops

The DRCF has published the findings from the two workshops which were held by its Algorithmic Processing workstream. 22 industry stakeholders joined the workshops to explore how the procurement of algorithmic systems takes place, barriers that inhibit effective information sharing between parties, and potential solutions that could help to address these challenges. Three finding are highlighted:

  • there is not a one-size-fits-all approach to achieving transparency in the procurement of algorithmic systems (the paper explains that procurement goes beyond acquiring off-the-shelf systems and extends to, for example, acquiring data sets which can be used to train systems);
  • buyers can lack the technical expertise to effectively scrutinise the algorithmic systems they are procuring, whilst vendors may limit the information they share with buyers (for example, the paper notes that there is concern among some vendors that competitors may be selective with performance metrics); and
  • there are some opportunities for achieving greater transparency across algorithmic procurement emerging, including the potential for certification, standards and guidelines to play a role.The workshops follow on from two papers published by the workstream on the benefits and harms of algorithmic systems and on auditing algorithms.

The workshops follow on from two papers published by the workstream on the benefits and harms of algorithmic systems and on auditing algorithms. [3 Apr 2023]



ECB: Oversight of crypto activities

The European Central Bank (ECB) has published a blog post on the oversight of crypto activities. The blog post considers lessons learnt from recent events and highlights various gaps in the regulatory framework. It also highlights the Basel Committee on Banking Supervision (BCBS) standards for the prudential treatment of cryptoasset exposures, explaining that the ECB expects banks wanting to engage in cryptoasset activities to comply with these standards. [5 Apr 2023]

EBA issues quarterly risk dashboard

The European Banking Authority (EBA) has published its quarterly risk dashboard (RDB) together with the first edition of the RDB on minimum requirement for own funds and eligible liabilities (MREL). The EBA reports that volatility in EU/EEA banks’ equity and debt has been strongly affected by Silicon Valley Bank (SVB) and Credit Suisse related events, although direct exposures of EU/EEA banks towards these banks were limited according to indications from supervisory reporting as of Q4 2022. The EBA comments that banks’ capital and liquidity ratios remain strong and profitability continues to increase. [4 Apr 2023]



ACCC flags tougher enforcement on ‘open banking’

The Australian Competition and Consumer Commission (ACCC) released a report calling on banks to improve the quality of customer data being fed into the consumer data right (CDR). The CDR, also known as ‘open banking’, improves consumer choice, control, and convenience by enabling access to data organisations hold about consumers and products, according to the ACCC.

The report notes that for the CDR to be effective it is critical that CDR data is good quality, and finds that there are shortcomings in the quality of data banks are providing. The ACCC suggests it will pursue a combination of solutions to improve data quality in the CDR, including: clear regulatory obligations; effective guidance; constructive stakeholder engagement; strong regulatory action; and an improved culture of compliance among participants. [5 Apr 2023]



MAS establishes Financial Sector Cloud Resilience Forum

MAS has hosted the inaugural Financial Sector Cloud Resilience Forum for Asia Pacific financial regulators and cloud service providers (CSPs) to exchange views on appropriate public cloud risk management practices for the financial sector. The key takeaways from the Forum include:

  • the trend of increasing adoption of public cloud services by financial institutions (FIs) – the Forum noted that along with increasing adoption, some critical systems and workloads of FIs are already being hosted in the public cloud;
  • CSPs will need to assist their FIs clients to maintain high standard of operational resilience – the Forum stressed the importance for financial regulators, FIs and CSPs to co-create IT resilience and security best practices, to meet stringent financial sector resilience standards; and
  • information sharing between CSPs and financial regulators will be critical – participants called for greater information sharing between financial regulators and CSPs on cloud technology, cyber security risk management practices, to build collective competencies to address these risks that may be unique to public cloud deployment. [5 Apr 2023]


SBV: CBDC training with the IMF

The State Bank of Vietnam (SBV) has issued a press release following its March training course on the Central Bank Digital Currency (CBDC) organised with the International Monetary Fund (IMF). The training course was designed for officers of the SBV and relevant agencies of Vietnam. [3 Apr 2023]



DoJ announces take down of criminal marketplace in international cyber operation

The Department of Justice (DoJ) has announced a coordinated international operation taking down a criminal online marketplace that advertised and sold packages of account access credentials – such as usernames and passwords for email, bank accounts, and social media – that had been stolen from malware-infected computers around the world. The marketplace offered access to data stolen from over 1.5 million compromised computers worldwide and was a key enabler of ransomware. [5 Apr 2023]

DoJ seizes over $112m in funds linked to cryptocurreny investment schemes

The DoJ has announced that it has seized virtual currency worth an estimated $112 million linked to cryptocurrency investment scams.

Seizure warrants for six virtual currency accounts were authorized by judges in the District of Arizona, the Central District of California, and the District of Idaho. According to court documents, the virtual currency accounts were allegedly used to launder proceeds of various cryptocurrency confidence scams. In these schemes, fraudsters cultivate long-term relationships with victims met online, eventually enticing them to make investments in fraudulent cryptocurrency trading platforms. In reality, however, the funds sent by victims for these purported investments were instead funnelled to cryptocurrency addresses and accounts controlled by scammers and their co-conspirators.

In 2022, investment fraud caused the highest losses of any scam reported by the public to the FBI’s Internet Crimes Complaint Center, totaling $3.31 billion. Frauds involving cryptocurrency represented the majority of these scams, increasing 183% from 2021 to $2.57 billion in reported losses last year. [3 Apr 2023]


Ukraine-related sanctions information

Regular updates on sanctions and other developments that may impact businesses with interests or operations in Ukraine and/or Russia are available on our FSR and Corporate Crime Notes blog here.