In this weekly post, we round-up FinTech-related financial services regulatory developments for the week ending 15 September 2023.
- AI regulation remains EU priority, as UK Committee Report on AI raises issues but answers still pending
- Cyber Risk Report 2023 – Australian Businesses Rise to the Challenge
- Expanding SEC crypto enforcement targets NFTs: What does this mean for NFT Issuers in Australia?
IOSCO Chair addresses Eurofi on sustainability, non-bank finance, and digital finance
The International Organisation of Securities Commissions (IOSCO) has published the keynote delivered by its Chair, Jean-Paul Servais, at the Eurofi 2023 Financial Forum. In his short address, Mr Servais spoke on the IOSCO endorsement of the first set of disclosure standards published by the International Sustainability Standards Board (ISSB) and IOSCO's intention to 'put its weight behind' the development of assurance standards. He then moved on to non-bank finance and stressed IOSCO's commitment to advancing financial stability in this space, including with new work on leverage and private finance. Finally, on digital finance, Mr Servais highlighted the publication of consultations on cryptoassets and decentralised finance (DeFi). [14 Sep 2023]
BCBS Secretary-General speech on the Basel Core Principles
The Secretary General of the Basel Committee on Banking Supervision (BCBS), Neil Esho, has addressed the Eurofi Financial Forum 2023. The speech focused on the core principles for effective banking supervision, better known as the Basel Core Principles, which are the de facto minimum standards for the sound prudential regulation and supervision of all banks and banking systems.
Mr Esho discussed the proposed amendments to the principles, grouping them into six thematic topics of: financial risks and macroprudential supervision; operational resilience; climate-related financial risks; digitalisation of finance and non-bank financial intermediation (NBFI); risk management practices; and lessons learnt since the last review.
Mr Esho also encouraged stakeholders to provide feedback on the consultation on the Basel Core Principles before the 6 October 2023 closing date. [13 Sep 2023]
BISIH: Project Sela shows access to rCBDC does not compromise cyber security
The BIS Innovation Hub (BISIH) has published a report on Project Sela, a joint experiment by the BIS and the central banks of Hong Kong SAR and Israel, into creating a retail central bank digital currency (rCBDC) that is cyber secure and retains desirable features of cash.
The project leverages the Bank of Israel's cyber security expertise and ongoing work on the digital shekel and the Hong Kong Monetary Authority's (HKMA's) learnings from Projects Aurum and e-Hong Kong Dollar, as well as other Innovation Hub experiments on rCBDCs.
The report concludes that Project Sela demonstrates that an rCBDC system with a central bank-operated retail ledger promoting access, competition and innovative payment services does not necessarily come at the cost of greater cyber security risk. [12 Sep 2023]
PSR: Consultation paper on APP fraud
The Payment Systems Regulator (PSR) has issued Consultation Paper 23/8 (CP23/8) on its proposed changes to cycle 2 for its authorised push payment (APP) scams Measure 1. Measure 1 is part of a broader package of work to ensure that measures and incentives are in place across the payments industry to prevent and better support victims of fraud. CP23/8 proposes to change the collection of cycle 2 data to cover a 12-month period, rather than the previously proposed 6-month period.
Responses are requested by 22 September 2023. [15 Sep 2023]
FCA: PS on introducing gateway for firms approving financial promotions
The FCA has published a policy statement (PS23/13) which sets out the regulator's final policy position on introducing a gateway for firms that approve financial promotions. Once the gateway comes into effect, all authorised persons wanting to approve financial promotions will need to apply to the FCA for permission to do so, subject to certain exemptions. The FCA intends for firms to be able to submit applications for permission to approve financial promotions from 6 November 2023 until 6 February 2024. To help firms prepare their applications, the FCA has published guidance on applying to approve financial promotions for unauthorised persons.
The new legislation will come fully into force on 7 February 2024, at which point firms that have not applied to the gateway will no longer be able to approve financial promotions (subject to exemptions). [12 Sep 2023]
HMT: India – UK Economic and Financial Dialogue
HM Treasury (HMT) has published a Joint Statement on the 12th India – UK Economic and Financial Dialogue. Among other things, the statement confirmed India's intention to explore London for overseas securities direct listings, committed to engaging further on increasing the India-UK financial services links, and welcomed the Insurance Regulatory and Development Authority of India (IRDAI) and Pension Fund Regulatory and Development Authority's (PFRDA's) admission to the FCA-led Global Financial Innovation Network (GFIN), and ongoing collaboration with the Reserve Bank of India (RBI) and International Financial Services Centres Authority (IFSCA) as pre-existing members on regulatory approaches to emerging and innovative financial services products. [11 Sep 2023]
SFC to commence cybersecurity review of selected LCs within September 2023
The SFC has issued a circular to inform intermediaries that it will commence a cybersecurity review of selected licensed corporations (LCs) in September 2023 to assess their cybersecurity management and compliance, and the resilience of their information systems against cybersecurity threats.
- There will be a survey of selected LCs of different sizes and business types, including securities and futures brokers, leveraged foreign exchange traders, global financial institutions and firms which provide online product distribution platforms. The areas covered by the survey include (among others) cybersecurity management and incident reporting, cybersecurity controls to ensure the confidentiality, integrity and availability of systems and data, and the management of cybersecurity risks from systems outsourced to third-party technology vendors.
- The SFC will meet with selected LCs to better understand their cybersecurity governance and controls.
- The SFC will perform on-site inspections of some of the selected LCs for a deep dive review of their information technology and related management controls and an assessment of their compliance with the expected standards.
Cybersecurity is a major focus of the SFC's supervision of LCs. The SFC notes that LCs have implemented some security controls to protect clients' internet trading accounts, but that some firms have not been vigilant about cyber risks and may not have sufficient control measures in place to defend their information systems and data. The cybersecurity incidents reported to the SFC in recent years and the SFC's inspection findings show a number of security loopholes and deficiencies. In addition, cyber risks may arise from advances in technology, including via third-party technology vendors and storage of data in the cloud environment.
The findings of the cybersecurity review will form the basis for the SFC to issue further guidance to the industry. The SFC will share the observations and findings of the review with the industry where appropriate. [15 Sep 2023]
SFC issues warning statement on unregulated VATP
The SFC has issued a warning statement regarding an unregulated virtual asset trading platform (VATP) known as 'JPEX', stating that such VATP has been actively promoting its products and services to the Hong Kong public through social media influencers and key opinion leaders as well as over-the-counter virtual asset money changers. This follows the SFC's warning statement in August 2023 regarding improper practices by unlicensed VATPs (see our previous update).
JPEX is a VATP operating at the website jp-ex.io, which has been on the SFC's alert list since 8 July 2022. No entity in the JPEX group is licensed by the SFC or has applied to the SFC for a licence to operate a VATP in Hong Kong.
The SFC has observed a number of suspicious features about the practices of JPEX and those actively promoting it to the Hong Kong public. Among other things:
- JPEX falsely states on its website that it is 'a licensed and recognised platform to facilitate the trading of digital asset and virtual currency';
- JPEX offers very high returns for some of its products;
- The SFC has received complaints from, and notes media reports of, retail investors who were unable to withdraw virtual assets from their accounts maintained with JPEX, or had found a reduction or alteration of their account balances.
There are a number of offences under the Anti-Money Laundering and Counter-Terrorist Financing Ordinance (AMLO) in relation to fraud, deception, and fraudulent or reckless misrepresentation. The SFC is empowered to take action against any persons who are knowingly or unknowingly involved in contravention-related conduct under the AMLO. The SFC will not hesitate to take enforcement action against individuals and entities who fail to abide by the VATP regime administered by the SFC, including those who are involved in such violations.
Separately, the SFC reminds investors to be wary of the risks of trading virtual assets on unregulated VATPs. Investors are advised to check the SFC's list of licensed VATPs when in doubt about the licensing status of any VATP. [13 Sep 2023]
HKMA, Bank of Israel and BISIH Hong Kong Centre publish joint report, 'Project Sela – An accessible and secure retail CBDC ecosystem'
The HKMA has published a joint report on Project Sela, a research project on retail central bank digital currency (CBDC), with the Bank of Israel and the Bank for International Settlements Innovation Hub (BISIH) Hong Kong Centre (see our previous update on the launch of Project Sela).
Project Sela is the first collaborative project between the two central banks in the area of fintech. It demonstrates the technical feasibility of a retail CBDC architecture that can promote competition and innovation in digital payments as it allows non-bank payment intermediaries to connect directly to the CBDC ledger of the central bank. Leveraging distributed ledger technology, a proof-of-concept prototype was developed to showcase how the technical implementation of a novel CBDC architecture can incorporate strict cybersecurity, legal and policy requirements.
At the report launch conference in Tel Aviv, the HKMA's Deputy Chief Executive, Mr Howard Lee, commented that although the HKMA has not yet made a decision on whether and when to introduce a retail CBDC in Hong Kong, the findings from Project Sela will inform its on-going exploration. Mr Lee also noted that the HKMA has been extensively involved in CBDC research at both the wholesale and the retail level, including its involvement in Project mBridge and Project e-HKD (see our previous updates on Project mBridge and Project e-HKD). [12 Sep 2023]
SCM Chair opening address at the SIDC BFF 2023
The Securities Commission Malaysia (SCM) has published the opening address delivered by its Chair, Awang Adek Hussin, at the Securities Industry Development Corporation (SIDC) Business Foresight Forum (BFF) 2023 conference. Mr Hussin touched on: global economic challenges; the role of innovative technology in furthering growth and competitiveness; sustainability; the Islamic capital market; and developing talent. [13 Sep 2023]
BoT: Key takeaways from BoT Digital Finance Conference 2023
The Bank of Thailand (BoT) has published the key takeaways from the forum discussion on 14 September 2023 at the BoT Digital Finance Conference 2023.
In his keynote, BoT Governor Setthaputti Sutthiwataruputti put forward the three open principles (open competition, open infrastructure and open data) as the cornerstone of ecosystem development that promotes responsible innovation. He also touched on BoT's three main areas of focus: (i) common utility; (ii) open digital payment ecosystem; and (iii) collaborative approach to new technology.
Other highlights of the day include panel discussions on the PromptBiz Project as well as the application of innovation in the financial sector. [15 Sep 2023]
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.