Follow us

In this regular update, we round-up FinTech-related regulatory developments for the week ending 22 January 2021.


BIS Innovation Hub annual work programme for 2021/22

The Bank for International Settlements (BIS) has published the work programme for 2021/22 for its Innovation Hub, which will focus on the following six themes:

  • supervisory technology (SupTech) and regulatory technology (RegTech);
  • next-generation financial market infrastructures (FMIs);
  • central bank digital currencies (CBDCs);
  • open finance;
  • green finance; and
  • cyber security.

The Innovation Hub's projects will be distributed across the three existing Hub Centres in Hong Kong, Singapore and Switzerland, and new locations in Europe and North America. [22 Jan 2021]










Covid-19: FSB releases 2021 work programme

The Financial Stability Board (FSB) has released its work programme for 2021, which includes items such as:

  • international cooperation and coordination related to Covid-19;
  • non-bank financial intermediation (NBFI);
  • central counterparty (CCP) resilience, recovery and resolvability;
  • cross-border payments;
  • climate change and sustainable finance;
  • interest rate benchmarks; and
  • cyber and operational resilience.

The document also sets out a timeline of main publications for 2021. [20 Jan 2021]






FCA Regulation Round-up: January 2021

The FCA has issued the January 2021 edition of its Regulation Round-up. This issue covers the hot topic of restricting CMC charges for financial services and products claims, as well as recent news, publications and highlights by sector. The Round-up also highlights the Digital Sandbox pilot that was launched in November 2020. The FCA will host a series of showcase sessions on 8 - 10 February 2021, where participants will present the solutions they’ve developed via livestream. Information on attending these session can be found here. [21 Jan 2021]


FCA: Half of reporting firms moved to RegData

The FCA has announced that half of reporting firms who have previously submitted their regulatory reporting on Gabriel are now using RegData, the new data collection platform. The FCA advises that firms still using Gabriel should make sure they have registered for RegData as the FCA continues to move more firms across. [20 Jan 2021]

FCA responds to statutory panels' annual reports

The FCA has published letters to the Financial Services Markets PanelFinancial Services Consumer PanelFCA Practitioner Panel, and Financial Services Small Business Practitioner Panel. The letters respond to some of the key issues raised by the panels' 2019/20 Annual Reports, including Covid-19, the future of regulation, LIBOR transition, sustainable finance, digital marketing, consumer credit and mortgage prisoners, the Senior Managers and Certification Regime (SM&CR), operational resilience, open finance, pension transfers, and competition. [19 Jan 2021]






EU Commission: Consultation on the establishment of an ESAP for financial and non-financial information publicly disclosed by companies

The EU Commission has published targeted consultation document on the establishment of a European Single Access Point (ESAP) for financial and non-financial information publicly disclosed by companies.

Feedback to the consultation is requested by 3 March 2021.

The EU Commission has also published its consultation strategy for the ESAP. [21 Jan 2021]

European Commission and ECB joint statement on digital euro

The European Commission and European Central Bank (ECB) have issued a joint statement on their cooperation on a digital euro. Among other things, the statement notes that following the conclusion of the public consultation on 12 January 2021 and a period of preparatory work, the ECB will consider whether to start a digital euro project towards mid-2021. [20 Jan 2021]

European Commission Communication on economic and financial system

The European Commission has issued Communication setting out a new strategy intended to stimulate the openness, strength and resilience of the EU's economic and financial system. The proposed approach is based on three pillars, namely:

  • promoting a stronger international role of the euro, including supporting the work of the ECB on a digital euro;
  • developing, and improving the resilience of, EU financial market infrastructures (FMIs); and
  • promoting the uniform implementation and enforcement of EU sanctions.

The Commission will monitor the actions listed in its Communication on an ongoing basis, and will review the state of implementation results in 2023. A Questions and Answers (Q&A) webpage, a factsheet on the Capital Markets Union (CMU), a recording of the related press conference, and related remarks made by Executive Vice President Valdis Dombrovskis have also been published.  [20 Jan 2021]



Hong Kong

HKMA report: "AML/CFT Regtech: Case Studies and Insights"

The HKMA has published a report titled “AML/CFT Regtech: Case Studies and Insights”, highlighting opportunities offered by regtech to improve the efficacy and efficiency of anti-money laundering and counter-financing of terrorism (AML/CFT) efforts by financial institutions through real-life examples.  Circulars have been issued to authorised institutions and stored value facility licensees regarding the report.

The report forms part of the HKMA’s ongoing initiative to promote responsible innovation and regtech adoption in the banking industry for AML/CFT purposes.

Following the first AML/CFT RegTech Forum in November 2019, the HKMA collaborated with a consulting firm to follow up on the progress made by three breakout groups of banks.  The report details case studies involving six banks which have implemented technologies, including network analytics and robotic process automation, and is designed to provide practical guidance to banks at various stages of AML/CFT regtech adoption.

The report also highlights the following thematic insights:

  • Getting started – Common initial questions, possible starting points and good practices for early adopters of regtech such as stakeholder buy-in and executive support;
  • Data and process readiness – Key preparatory steps concerning data, processes and the use of network analytics;
  • Third party vendor relationships – Criteria for financial institutions to identify and evaluate potential regtech providers such as compatibility, scale and sustainability;
  • People, talent and culture – Necessary knowledge, skills and experience in implementation teams and data scientists’ roles; and
  • Performance metrics and indicators – Holistic indicators and metrics for measuring successful performance.  [21 Jan 2021]




MAS issues revised Technology Risk Management Guidelines

The Monetary Authority of Singapore (MAS) has issued revised Technology Risk Management Guidelines.

The revised Guidelines focus on addressing technology and cyber risks in an environment of growing use by financial institutions (FIs) of cloud technologies, application programming interfaces (APIs), and rapid software development. The Guidelines reinforce the importance of incorporating security controls as part of FIs’ technology development and delivery lifecycle, as well as in the deployment of emerging technologies.

The revised Guidelines set out the following enhanced risk mitigation strategies for FIs:

  • to establish a robust process for the timely analysis and sharing of cyber threat intelligence within the financial ecosystem; and
  • to conduct cyber exercises to allow FIs to stress test their cyber defences by simulating the attack tactics, techniques, and procedures used by real-world attackers.

The revised Guidelines also provide additional guidance on the roles and responsibilities of the board of directors and senior management in the oversight of technology and cyber risks. [18 Jan 2021]




SEC: Acting Chair Roisman Statement on UK ICO Letter on Transfers of Personal Data to SEC

The Securities and Exchange Commission (SEC) has released a statement by Acting Chair Elad L Roisman which comments on the UK Information Commissioner’s Office’s (ICO’s) letter, dated September 11, 2020, on the impact of UK data protection law on transfers of personal data from certain UK-based firms to the SEC. The letter clarifies that the ICO has concluded that the UK General Data Protection Regulation (GDPR) does not impose legal barriers to the transfer of personal data from:

  • UK-based firms or branches that are registered, required to be registered, or otherwise regulated by the SEC (including investment advisers and securities-based swap dealers); and/or
  • UK issuers that have equity securities or depositary receipts registered with the SEC and listed on a US exchange or market

to the SEC for regulatory or enforcement purposes. The ICO further clarifies that the UK GDPR permits UK firms’ transfers of personal data to the SEC directly in connection with, among other things:

  • the SEC’s evaluation of the firms’ compliance with legal obligations in the US, including during an examination; and
  • the SEC’s efforts to prevent and enforce against potential unlawful behavior.

The letter explains how UK firms with regulatory obligations to the SEC can rely on the “public interest” derogation of the UK GDPR when directly transferring personal data to the SEC. [19 Jan 2021]





SEC: Commissioner Peirce Statement Regarding Recent Enforcement Action

The SEC has published a public statement by Commissioner Hester M Peirce regarding a recent settled enforcement action against a telecommunications company which offered and sold digital assets using a Simple Agreement for Future Tokens (SAFT) without the required registration or exemption from registration. While Ms Peirce supports most of the settlement, she raises a particular concern in relation to the settlement’s provision whereby the company will not distribute the tokens pursuant to the SAFTs. In Ms Peirce’s view, ‘this settlement perpetuates an approach that suggests that tokens themselves are securities and thus complicates the development of crypto networks’. [15 Jan 2021]




OCC Notice of Proposed Rulemaking: Computer-Security Incident Notification

The OCC, Fed and FDIC have issued a notice of proposed rulemaking in relation to the computer-security incident notification. Under this proposal, a covered entity would be required to provide its primary federal regulator with prompt notification of any ‘computer-security incident’ that rises to the level of a ‘notification incident’.

Feedback on the proposed rule is requested by April 12, 2021. [14 Jan 2021]


Key contacts

Nick Pantlin photo

Nick Pantlin

Partner, Head of TMT & Digital UK & Europe, London

Nick Pantlin
Alex Kay photo

Alex Kay

Partner, London

Alex Kay