In this regular update, we round-up FinTech-related financial services regulatory developments for the week ending 10 June 2022.

UK

HMT: UK-Japan Financial Regulatory Forum 2022 – Exchange of letters and joint statement

Building on arrangements for regulatory cooperation outlined in Annex 8-A of the UK-Japan Comprehensive Economic Partnership Agreement, HM Treasury (HMT) and the Japanese Financial Services Authority (FSA) signed an  exchange of letters which formally established the UK-Japan Financial Regulatory Forum and set out how the parties would use the forum to progress on their shared priorities for financial services. HMT also  published a  joint statement from the parties confirming the importance of deference, and discussing access to UK and Japanese financial markets; asset management; the role of the insurance and reinsurance sectors; fintech and innovation; sustainable finance; anti-money laundering and combatting the financing of terrorism. [10 Jun 2022]

#FinTech

#Innovation

HMT: Policy statement on regime for critical third parties 

HM Treasury (HMT) has  published a policy statement on mitigating risks to the finance sector from increasing reliance by firms on critical third parties (CTPs) for key functions and services.

The policy statement, developed with the Bank of England (BoE), PRA and FCA (together, the regulators), proposes legislation to:

  • enable HMT, in consultation with the regulators and other bodies, to designate as 'critical' certain third parties which provide services to firms;
  • empower the regulators to:
    • make rules to set minimum resilience standards in respect of certain 'material' services that CTPs provide to firms of particular relevance to the regulators' objectives;
    • require targeted resilience testing and gather information to assess compliance with those standards;
    • direct CTPs from taking or refraining from taking specific actions; and
    • take enforcement action (including powers to publicise failings, and (as a last resort) to prohibit a CTP from providing future services, or continuing to provide services to firms.

HM Government intends to legislate for this regime when parliamentary time allows.

The regulators will publish a joint Discussion Paper shortly after legislation is introduced, to set out details of how any powers granted to them in legislation might be exercised, and explore the role of the regulators during the designation process, and in coordinating the exercise of their powers with overseas financial regulators, and UK authorities and regulators from outside the financial services sector. Following Royal Assent, the regulators expect to publish a further Consultation Paper on their proposed rules.

HMT expects to begin designating the first CTPs under this new regime after those rules are finalised. [8 Jun 2022]

#CriticalThirdParties

#OpRes 

Australia

ASIC Executive Director (Markets), Greg Yanco, says that cyber safety is a company culture matter

Greg Yanco (Executive Director, Markets, Australian Securities and Investments Commission (ASIC)) authored an  article about the responsibility of Australian companies to enhance their cyber security positions. Mr Yanco said ASIC encourages:

  • listed entities to adopt an enhanced cyber security position in line with the recent advice of the Australian Cyber Security Centre – ASIC's December 2021 resilience report indicated that improvement in Australian firms' cyber resilience had fallen far short of the 14.9 per cent improvement targeted for the period, with a 1.4 per cent increase.
  • regulated entities to re-assess their cyber risks and preparedness for cyber security incidents – ASIC does not intend to prescribe technical standards.
  • board and senior management personnel should pay close attention to cyber security, and entities should embed a comprehensive and long-term commitment to cyber security awareness and resilience within their company cultures, including training and education for staff. [10 Jun 2022]
#CyberSecurity

Guilty plea in respect of social media led 'pump and dump' campaign and market manipulation

Gabriel Govinda (known online as 'Fibonarchery')  has pleaded guilty to 23 charges of manipulation of listed stocks on the Australian Securities Exchange and 19 charges of illegal dissemination of information relating to the manipulation. Between September 2014 and July 2015, Mr Govinda used 13 different share trading accounts, held in the names of friends and relatives, to manipulate the share price of 20 different listed stocks by trading between the accounts he controlled (wash trading), and by using fake, 'prop', or 'dummy' bids to falsely increase the perceived demand, and ultimate price, for listed stocks. In online posts on HotCopper, he illegally disseminated information about his wash trades and dummy bids, seeking to increase (or pump) the share price, then selling (or dumping) the listed stocks at a higher price.  The prosecution, brought by the Commonwealth DPP after a referral from ASIC, has been adjourned part heard. [7 Jun 2022]

#SocialMedia 

Hong Kong

HKSCC announces FINI API technical workshops for participants and designated banks

The Hong Kong Securities Clearing Company Limited (HKSCC) has issued a  circular to announce that it will host two application programming interface (API) workshops to explain the API development requirements for  Fast Interface for New Issuance (FINI), an upcoming new platform that will modernise the IPO settlement process.

This follows the publication of the FINI implementation plan and technical guides in May 2022 (see our  previous update).

The respective technology teams of HKSCC participants and designated banks are invited to attend the workshops (in the form of webinars) on 23 June 2022.  There will be a Cantonese session and an English session.

The key topics to be covered in the workshops include:

  • Structure of FINI's RESTful APIs;
  • How to set up FINI agent and machine user profiles;
  • How to implement end-to-end encryption; and
  • How to submit API requests to the FINI API gateway.

HKSCC participants and designated banks should register for the sessions via  Client Connect by 21 June 2022.  A confirmation email with the webinar login information will be sent to successful registrants.  [10 June 2022]

#API

SFC reminds investors of risks associated with NFTs  

The SFC has issued a  press release to remind investors of the risks associated with investing in non-fungible tokens (NFTs), which have increased in popularity in recent years.

NFTs, like other virtual assets, are exposed to heightened risks including illiquid secondary markets, volatility, opaque pricing, hacking and fraud.  Investors should be mindful of these risks and should not invest in NFTs if they cannot fully understand the risks or bear the potential losses.

The SFC notes that the majority of NFTs which it has seen are intended to represent a unique copy of an underlying asset such as a digital image, artwork, music or video.  Where they are genuine digital representations of collectibles, they do not fall within the SFC's regulatory remit.  However, the SFC has recently noted NFTs which cross the boundary between a collectible and a financial asset, such as fractionalised or fungible NFTs structured in a form similar to "securities" or interests in a "collective investment scheme" (CIS) as defined under the Securities and Futures Ordinance (SFO).

  • Where an NFT constitutes an interest in a CIS, marketing or distributing it may constitute a "regulated activity" under the SFO.  Parties carrying on a regulated activity (whether in Hong Kong or targeting Hong Kong investors) require to be licensed by the SFC unless an exemption applies.
  • Where an arrangement involves an offer to the Hong Kong public to participate in a CIS, authorisation requirements under the SFO may also be triggered.  [6 Jun 2022]
#NFTs

Singapore

MAS strengthens financial institutions' Business Continuity to address evolving threats

MAS has  published  revised Guidelines on Business Continuity Management (BCM) for financial institutions (FIs), to help FIs strengthen their resilience against service disruptions arising from IT outages, pandemic outbreaks, cyber-attacks and physical threats. The revisions take into account learnings from the handling of the Covid-19 pandemic and increased digitalisation in the financial sector. Under the revised Guidelines, FIs should:

  • adopt a service-centric approach through timely recovery of critical business services facing customers;
  • identify end-to-end dependencies that support critical business services, and address any gaps that could hinder the effective recovery of such services; and
  • enhance threat monitoring and environmental scanning, and conduct regular audits, tests, and industry exercises. [6 Jun 2022]
#BusinessContinuity

India

SEBI cautions Investors against dealing with unregulated platforms offering Algorithmic Trading

The Securities and Exchange Board of India (SEBI) has  noted that many unregulated platforms are offering investors Algorithmic Trading services/facilities to automate their trades. Strategies are being marketed with "claims" of huge return on investment  along  with  "ratings"  assigned  to  the  strategies  and  claims  that  similar returns would be earned in the future. These platforms are unregulated  and  no  investor  grievance  redressal  mechanism  covers their activities. Investors are therefore cautioned against dealing with such unregulated platforms and cautioned against sharing any sensitive personal details with such platforms. [10 Jun 2022]

#AlgoTrading

Philippines

FSCC Launches Systemic Risk Crisis Management Framework

The Financial Stability Coordination Council (FSCC) has released the  Systemic Risk Crisis Management (SRCM) Framework which identifies key actions required to assess, categorize, manage, and communicate systemic risks. The framework covers continuous surveillance of risk-related trends, review of infrastructures, conduct of systemic stress tests, and arrangements for communication, both under normal and stressed conditions. It also has a particular focus on climate-related and cyber security risks. The FSCC is an inter-agency council composed of the Bangko Sentral ng Pilipinas, Department of Finance, Insurance Commission, Philippine Deposit Insurance Corporation, and Securities and Exchange Commission. [7 Jun 2022]

#CyberSecurity

US

CFPB terminates No-Action letter in respect of underwriting algorithm

On request, the Consumer Financial Protection Bureau (CFPB)  has issued an order to terminate Upstart Network from its list of approved "no-action letters". The CFPB had granted special regulatory treatment to Upstart by immunizing the lender from being charged with fair lending law violations with respect to its underwriting algorithm, while the "no-action letter" remained in force. Upstart had notified the CFPB that it intended to add a significant number of new variables to its underwriting and pricing model. The CFPB needed sufficient time to review and rigorously evaluate the implications of the changes to Upstart's model. In response, Upstart requested termination of the "no-action letter," effectively ending the company's special regulatory status, and allowing it to be able to make changes to its model without need for CFPB review and approval. [8 Jun 2022]

#Algorithm

Ukraine-related sanctions information

Regular updates on sanctions and other developments that may impact businesses with interests or operations in Ukraine and/or Russia are available on our FSR and Corporate Crime Notes blog here.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.