In this regular update, we round-up FinTech-related financial services regulatory developments for the week ending 17 February 2023.


Recent updates from Herbert Smith Freehills include:


FSB: Report on the financial stability risks of DeFi

The Financial Stability Board (FSB) has published a report on its assessment of the financial stability risks of decentralised finance (DeFi). The report considers DeFi vulnerabilities; interlinkages and transmission channels; the evolution of DeFi; and typical DeFi applications. Following on from the report's findings, the FSB will carry out additional work to:

  • analyse the growth and implications of the tokenisation of assets;
  • explore approaches to fill data gaps to measure and monitor interconnectedness of DeFi;
  • examine the extent to which the FSB's proposed policy recommendations for the international regulation of crypto-asset activities may need to be enhanced to acknowledge DeFi-specific risks and facilitate the application and enforcement of rules;
  • consider the regulatory perimeter across jurisdictions to determine which DeFi activities and entities fall or should fall within that perimeter; and
  • consider whether additional prudential and investor protection requirements or enforcement requirements are needed for those caught within the perimeter. [16 Feb 2023]


FCA seeks applicants for new advisory group on synthetic data

The FCA is looking for members to join its new Synthetic Data Expert Group (SDEG), a sub-group of the Innovation Advisory Group (IAG). The role of the proposed SDEG is to:

  • identify relevant use cases and clarify key issues in the theory and practice of synthetic data in UK financial markets;
  • develop best practice as relevant to UK financial services;
  • create an established and effective framework for collaboration across industry, regulators, academia, and wider civil society on issues related to synthetic data; and
  • as appropriate, act as a sounding board on specific FCA projects involving synthetic data.

The SDEG will run for approximately 18 months with the first meeting held in April 2023, with the possibility of extending for another six months. Interested parties should apply by 8 March 2023. [15 Feb 2023]



FCA: APP fraud TechSprint highlights – video

The FCA has published a video of the highlights from its authorised push payment (APP) fraud TechSprint, which it ran together with the Payment Systems Regulator (PSR). The video features an introduction from Jessica Rusu, the FCA's Chief Data, Information, & Intelligence Officer, in which she explains that APP fraud is accelerating and consumers as well as businesses remain at risk. The video also features various technology solutions developed through the TechSprint.

A transcript is also available. [15 Feb 2023]



JROC SWG: Report on the future development of open banking in the UK

The Strategic Working Group convened by the Joint Regulatory Oversight Committee (JROC) has published its final report: The Future Development of Open Banking in the UK. The report is the output of a series of strategy sprints held in 2022 with the industry and other stakeholders to input into the vision for the future of open banking. The first half of the report focuses on identifying the key gaps between the current state of open banking and a more optimal future state. It also analyses how various stakeholders perceived these gaps and examines possible drivers underpinning their perceptions. The second half of the report focuses on exploring a diverse range of potential solutions, both in the short-term and in the long-term, that could bridge those gaps, 'level up' the ecosystem and make it 'fit-for-purpose', including a discussion on the future industry structure.

The FCA, as co-chair of the JROC, has issued a press release welcoming the publication of final report. The PSR has issued a similar statement. The JROC will use information from the report to inform development of its recommendations and roadmap on open banking, which it expects to publish, alongside the design of the Future Entity, in Q1 2023. [15 Feb 2023]


UKJT issues legal statement on digital securities

The UK Jurisdiction Taskforce (UKJT) of LawtechUK has published a legal statement on the issuance and transfer of equity or debt securities using blockchain/distributed ledger technology (DLT) under English law. Research commissioned from Oxera has been published alongside the statement. [15 Feb 2023]


FCA takes action against unregistered crypto ATM operators in Leeds

In a press release, the FCA confirmed that it has used its powers to enter and inspect several sites in the Leeds area suspected of hosting illegally operated crypto ATMs – machines which allow customers to buy or convert funds into cryptoassets. The action is part of a joint operation with the West Yorkshire Police Digital Intelligence and Investigation Unit. The Unit issued warning letters to the operators to cease and desist using the machines and advising that any breach of regulations would result in an investigation under money-laundering regulations.

The regulator has previously written to crypto ATM operators and hosts to warn that crypto ATM activities require registration with the FCA; the regulator states that no crypto ATM operators currently have FCA registration.

In terms of next steps, the FCA is reviewing the evidence gathered and is considering further potential enforcement action. [14 Feb 2023]


BoE announces timeline for Transition State 3, publishes responses to consultations on Future Roadmap for RTGS and RTGS CHAPS tariff framework

The Bank of England (BoE) has announced that Transition State 3, the introduction of the new Real-Time Gross Settlement (RTGS) core ledger and settlement engine, will take place in Summer 2024, rather than the previously indicated Spring 2024. This delay is made to allow sufficient time for the BoE and industry to prepare, following the introduction of Transition State 2.1 in June 2023. In light of the revised timeline for Transition State 3, the BoE will now mandate certain elements of enhanced data from end-November 2024, rather than Summer 2024. From this date, CHAPS rules will require Purpose Codes and legal entity identifiers (LEIs) to be included in domestic CHAPS payments between financial institutions. The rules will also mandate Purpose Codes for property transactions.

The BoE has also published responses to two consultations published in April 2022, which sought industry views on the Future Roadmap for RTGS and the RTGS CHAPS tariff framework.

The consultation on the Future Roadmap proposed a number of ambitious and innovative features in line with the BoE's vision to develop an RTGS service which is fit for the future, by offering new ways of connecting, more flexible services and enhanced resilience. Following feedback from industry, the BoE says it will prioritise:

  • Features providing resilient channels to connect to RTGS, which include evolving settlement contingency and introducing an alternative channel to connect to RTGS; and
  • Features supporting innovation and global initiatives, which include synchronised settlement, extended operating hours and non-payment APIs.

The consultation response on the revised RTGS CHAPS tariff framework explains that the BoE has used the feedback received to refine and set the parameters for the framework. The revised tariff framework aims to introduce better alignment tariffs with gross system usage, using a combination of volume and value-based fees. The BoE will share more detail with tariff payers in Summer 2023. [14 Feb 2023]



ECB: Working paper on CBDCs and financial stability

The European Central Bank (ECB) has published a working paper on central bank digital currencies (CBDCs) and financial stability. In particular, it looks at the development of a two-period bank-run model with remunerated CBDC. [15 Feb 2023]


ESRB report: Advancing macroprudential tools for cyber resilience

The European Systemic Risk Board (ESRB) has published a report on advancing macroprudential tools for cyber resilience. Having identified cyber incidents as a risk to financial stability, the ESRB explains that the report was prepared in the context of the current geopolitical environment presenting heightened cyber risk. In the report, the ESRB encourages authorities across the EU to further progress work on piloting system-wide cyber resilience scenario testing (CyRST), developing systemic impact tolerance objectives (SITO), and improving the effectiveness of existing financial crisis management tools in responding to a cyber incident. [14 Feb 2023]



Australian Privacy Act Review Report released

In the wake of numerous large scale cyber-attacks in Australia, the Federal Government has released for feedback its report putting forward 116 proposals for reform of the Privacy Act 1988 (Cth). A majority of the proposals align with those made in the 2021 Discussion Paper.

Some notable recommendations in the report, not included in the 2021 Discussion Paper, include:

  • Extending the application of the Privacy Act by:
    • removing the small business exemption (in the medium term)
    • extending some privacy protections to private sector employees
  • Introducing new roles of entities by:
    • incorporating aspects of the GDPR-like distinction between 'controllers' (entities that determine how and why personal information is handled) and 'processors' (those that act on the instructions of controllers)
  • Introducing new obligations on use / retention of personal information by:
    • mandating retention periods to be documented for different types of personal information
    • outlining specific requirements for 'trading' in personal information and targeting individuals
    • introducing a Children's Online Privacy Code
    • requiring privacy impact assessments for high privacy risk activities
  • Changing the regulation of data breaches by:
    • introducing a 72-hour timeframe to notify the Information Commissioner of serious data breaches
    • introducing a new mid-tier range penalty for breaches and lower-level civil penalty with infringement notice powers for administrative breaches
    • granting the Information Commissioner new powers to conduct public inquiries and reviews
    • granting impacted individuals a direct right of action to sue for breaches of the Privacy Act and tort of serious invasion of privacy

Feedback to the report is requested by 31 March 2023. [16 Feb 2023]




Hong Kong

HKMA deputy chief executive delivers presentation on Hong Kong banking sector 2022 year-end review and priorities for 2023

The HKMA's Deputy Chief Executive, Mr Arthur Yuen, has delivered a presentation on the HKMA's 2022 year-end review and priorities for 2023 for the Hong Kong banking sector.

In his 2022 review, Mr Yuen indicated that the banking sector had remained resilient, and that loan demand had weakened while asset quality stayed healthy. The HKMA focused its work on credit, market and liquidity, operation and technology, fintech, anti-money laundering and financial crime risk, consumer protection, and green and sustainable banking.

Looking ahead in 2023, the HKMA's priorities include:

  • focusing on asset quality amid ongoing challenges in the credit landscape and conducting health check on exposures to non-bank financial institutions;
  • enhancing operational resilience with focus on cyber security and third-party risk management (including cloud service providers);
  • promoting Fintech adoption (including wealthtech, insurtech, artificial intelligence and blockchain);
  • detect, deter and disrupt money laundering, fraud and financial crime (including via regulatory updates, data-driven supervision, maximising public-private partnerships, bank-to-bank information sharing, mule account network analytics, and AML regtech labs);
  • enhancing consumer protection (including review of the Code of Banking Practice, enhancing investor protection on virtual assets, supervision of trust businesses, and the mandatory reference checking system, among others);
  • local implementation of Basel III Standards (by 1 January 2024) and new standard on cryptoassets (consultation targeted for second half of 2023 in preparation for implementation on 1 January 2025);
  • promoting green and sustainable banking (including stepping up supervision of climate risk management, thematic examinations on climate risk governance, a new round of climate risk stress testing, incorporating climate considerations into the supervisory review process, developing a local green classification framework, building a physical risk assessment platform, and exploring initiatives and technology solutions to support the industry in identifying, measuring and monitoring their exposures to climate risks, among others); and
  • capacity building (including launching the Enhanced Competency Framework module on green and sustainable finance, and assisting banks with enhancing their talent management capabilities, among others). [17 Feb 2023]







Hong Kong Government issues inaugural tokenised green bond, the world's first by a government

The Government has announced the successful offering of HKD 800 million of tokenised green bond under the Government Green Bond Programme. This is the world's first tokenised green bond issued by a government.

A tokenised bond is where the beneficial interests in the bond are recorded on settlement in tokenised securities accounts on a private blockchain network. The primary issuance was settled on a delivery-versus-payment basis between securities tokens representing beneficial interests in the bond and cash tokens representing a claim for HKD fiat against the HKMA, on a T+1 basis. Processes of the bond lifecycle, including coupon payment, settlement of secondary trading and maturity redemption, will also be digitalised and performed on the private blockchain network.

The on-chain records on the private blockchain network will be the legally definitive and final records of ownership of the securities tokens and cash tokens for the parties on the platform. As the first tokenised bond governed by Hong Kong law, the offering demonstrates that Hong Kong's legal and regulatory environment is flexible and conducive to innovative forms of bond issuances.

Mr Eddie Yue (Chief Executive of the HKMA) has published an insight article titled ' Tokenised Bond: Huge Potential to be Unlocked' where he explained the distributed ledger technology (DLT) behind the bond issue, the benefits of tokenisation, as well as the HKMA's plans going forward:

  • It will issue a whitepaper in due course to summarise the experience learnt from this issuance, set out the next steps and provide a blueprint for issuing tokenised bonds in Hong Kong. This includes studying the developments in overseas jurisdictions that have provided legal certainty to digital securities created natively on DLT and outside traditional central securities depositories.
    • It will continue to collaborate with the industry to experiment with other innovative features that can bring efficiency and transparency gains to the green and sustainable finance markets and the capital markets more broadly, such as real-time tracking and reporting of environmental impact, and on- and cross-platform secondary trading. [16 Feb 2023]



HKMA encourages AIs to leverage CDI to digitalise banking processes, including credit assessment and KYC procedures

Following the launch of the Commercial Data Interchange (CDI) in October 2022 (see our previous update), the HKMA has issued a circular to encourage authorised institutions (AIs) to use the CDI to digitalise and streamline their banking processes and to develop innovative products for corporate customers, especially small and medium-sized enterprise (SMEs).

Apart from linkage with alternative credit data (such as those available on e-trade declaration and e-commerce platforms), several AIs have successfully connected to the Commercial Credit Reference Agency (CCRA) via the CDI (CCRA@CDI) and gained access to machine-readable credit reference data of corporates for more automated customer onboarding, credit approval and ongoing credit review and monitoring processes.

AIs with material SME business are expected to complete their technical connection to the CDI and the CCRA@CDI before the end of 2023, and are required to share their plans for doing so with the HKMA's Fintech Facilitation Office (FFO) before 30 April 2023. They are strongly encouraged to join the workshops that will be arranged throughout the year to provide an overview of the connection, the integration approach, and examples of successful pilot results. Registration details will be provided separately.

The FFO will continue to work closely with the industry to broaden the spectrum of data and explore various use cases of the CDI, including the upcoming connection with the Company Registry, which is targeted to go live by the end of 2023. The connection with the Companies Registry will provide AIs with automated access to key data needed for know-your-customer (KYC) processes. The CDI will also deepen its collaboration with other CDI ecosystem players, including analytics service providers, to enable AIs to further digitalise and streamline their KYC processes.

Given the CDI's enormous potential, the HKMA strongly encourages AIs to take steps to prepare for its many functionalities, including digitalising their credit assessment and KYC processes. [15 Feb 2023]



MAS: GFIT launches third consultation on green and transition taxonomy

The Monetary Authority of Singapore (MAS) convened Green Finance Industry Taskforce (GFIT) has launched its final public consultation on a green and transition taxonomy for Singapore-based financial institutions. The consultation seeks views on the detailed thresholds and criteria for the classification of green and transition activities in five sectors, one of which is information and communications technology (ICT). ICT is covered in Chapter 4 of the consultation; the GFIT has selected data centres as the most important activities within the ICT sector for emission reductions within the Singapore Taxonomy

Feedback is requested by 15 March 2023. [15 Feb 2023]



RBI launched second global hackathon

The RBI has its second global hackathon: HaRBInger 2023 – Innovation for Transformation. The hackathon takes the theme 'inclusive digital services'. Participants are invited to develop solutions for the following problem statements:

  • innovative, easy-to-use, digital banking services for differently abled (Divyaang);
  • RegTech solutions to facilitate more efficient compliance by Regulated Entities (REs);
  • exploring use cases/solutions for CBDC-Retail transactions, including transactions in offline mode; and
  • increasing Transactions Per Second (TPS)/ throughput and scalability of blockchains.

Registration for the hackathon starts from 22 February 2023. [14 Feb 2023]




IFSCA FAQs – IFSCA (FinTech Incentive) Scheme, 2022

IFSCA has published frequently asked questions (FAQs) covering milestones and illustrative permissible expenses for reimbursement under IFSCA (FinTech Incentive) Scheme, 2022. The document is divided into two parts: Part A contains the details about respective milestones, for each grant category, to be achieved by an applicant; and Part B contains the details about illustrative list of permissible expenses for the purpose of re-imbursement under the Scheme. [14 Feb 2023]


RBI Financial Literacy Week 2023

The RBI conducted Financial Literacy Week from 13 to 17 February 2023. The theme selected for 2023 was 'Good Financial Behaviour – Your Saviour' which aligns with the overall strategic objectives of the National Strategy for Financial Education: 2020-2025. Focus was on creating awareness about savings, planning and budgeting, and prudent use of digital financial services. [13 Feb 2023]



FSC: Financial Cyber Security Action Plan 2.0>

The Financial Supervisory Commission (FSC) has released the Financial Cyber Security Action Plan 2.0. The plan aims to: ensure uninterrupted operation of the financial system; provide the public a trading environment that inspires confidence; and strengthen the cyber defense capabilities of financial services firms. [14 Feb 2023]



SEC proposes enhanced safeguarding rule for registered investment advisers; extension of custody rule to all assets, including crypto assets

The Securities and Exchange Commission (SEC) has proposed rule changes to enhance protections of customer assets managed by registered investment advisers. The proposed rules would exercise Commission authority under section 411 of the Dodd-Frank Act by broadening the application of the current investment adviser custody rule beyond client funds and securities to include any client assets in an investment adviser's possession or when an investment adviser has authority to obtain possession of client assets, including crypto assets. Like the current rule, the proposed rule would entrust safekeeping of client assets to qualified custodians, including, for example, certain banks or broker-dealers.

If adopted, the changes would amend and redesignate rule 206(4)-2, the Commission's custody rule, under the Investment Advisers Act of 1940 and amend certain related recordkeeping and reporting obligations.

The comment period on the proposal will remain open for 60 days. [15 Feb 2023]

Ukraine-related sanctions information

Regular updates on sanctions and other developments that may impact businesses with interests or operations in Ukraine and/or Russia are available on our FSR and Corporate Crime Notes blog here.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.