Follow us

In this regular update, we round-up FinTech-related regulatory developments for the week ending 21 May 2021.



BIS Working Paper on the Digitalisation of Money

The Bank for International Settlements (BIS) has published a working paper which examines the digitalisation of money. The paper discusses the key questions and economic implications of digital currencies, including how digital currencies could unbundle the traditional roles of money, lead to digital currency areas that cover multiple countries, and move payments away from banks' credit provision towards digital platforms.

BIS Working Papers are written by members of the Monetary and Economic Department of BIS, and from time to time by other economists. The papers are on subjects of topical interest and are technical in character. The views expressed in them are those of their authors and not necessarily the views of BIS.





PRA: Business Plan 2021/22

The PRA has published its Business Plan 2021/22. The Business Plan sets out the PRA’s strategy, workplan, and budget for the period of 1 March 2021 – 28 February 2022. It also details the PRA's actions to mitigate the impact of Covid-19 on firms and the UK economy.

The PRA's strategic goals for 2021/22 relate to:

  • robust prudential standards and supervision;
  • adapting to market changes and horizon scanning;
  • financial resilience;
  • operational resilience;
  • recovery and resolution;
  • competition;
  • EU withdrawal; and
  • efficiency and effectiveness. [24 May 2021]
PSR: Call for views on second phase of Confirmation of Payee service

The Payment Systems Regulator (PSR) has published call for views on the second phase of delivering Confirmation of Payee (CoP), a name-checking service designed to prevent authorised push payment (APP) scams and misdirected payments. The second phase aims to enable further participation in the service by making it possible for all banks and building societies to offer CoP. The call for views explores the requirements to make sure the service is technically capable of operating across all bank transfers, and seeks views on whether it should direct additional banks, building societies and financial institutions to implement the service by the end of 2021.

Feedback is requested by 30 June 2021. [21 May 2021]



FCA: Deadline extension for SCA

The FCA has published a statement in which it extends the deadline for implementing Strong Customer Authentication (SCA) for e-commerce transactions to 14 March 2022. The FCA recognises the challenges facing the industry to be ready by the previous deadline and the extension seeks to ensure minimal disruption to merchants and consumers. [20 May 2021]



FCA: 'Dear CEO' letter on protection offered by e-money firms

The FCA has published a template version of its 'Dear CEO' letter on the protection offered by e-money firms to customers. The letter sets out the FCA's concerns on the lack of disclosure that e-money firms offer customers in respect of the differences between their services and traditional banking, in particular that the Financial Services Compensation Scheme (FSCS) does not apply. The letter asks e-money firms to ensure customers understand how their money is protected and sets out actions that firms should take. [18 May 2021]

FCA: Speech on the rise in scams

The FCA has published a speech by Mark Steward, Executive Director of Enforcement and Market Oversight, on the rise in scams and the corresponding threat to the financial services industry. Mr Steward spoke about the FCA's role in preventing harm to consumers from unauthorised activities and the improvements it has made to address scams as they are happening. These include:

  • increased proactive monitoring and daily updates to the FCA's Warning List;
  • tackling investment fraud within FCA perimeters; and
  • engaging with social media firms on the application of section 21 of the Financial Services and Markets Act 2000 (FSMA).

Mr Steward also noted that firms should be doing more to prevent harm and a failure to do so may result in the FCA taking action. [18 May 2021]



FCA: Update to outsourcing and operational resilience webpage regarding application of EBA outsourcing guidelines

The FCA has updated its webpage on operational resilience and outsourcing with information regarding the application of the European Banking Authority (EBA) Outsourcing Guidelines in the context of the UK authorities' recently finalised operational resilience policy package. [17 May 2021]





ECB: Speech on future of EU retail payments

The ECB has published a speech on the future of EU retail payments, delivered by Fabio Panetta, Member of the ECB Executive Board. Among other things, Mr Panetta spoke about:

  • the digitalisation of the EU retail payments landscape;
  • the need to increase choice, resilience and competitiveness by stimulating competition and developing innovative payment solutions and technologies;
  • the need for a full deployment of instant payments; and
  • the need for cheap, easy and fast access to cross-border payments. [19 May 2021]




ASIC consults regarding updates to the ePayments Code

ASIC has released a consultation paper (CP 341), seeking feedback on proposed updates to the ePayments Code. The Code provides consumer protections in respect of electronic payments, including ATM, EFTPOS, credit and debit card transactions, internet and mobile banking, and online payments.

The objective of these updates is to ensure the continued effectiveness and relevance of the Code. To that end, ASIC’s proposed updates primarily relate to compliance monitoring and data reporting, mistaken internet payments, small business protections, unauthorised transactions, and complaints handling.

The review also considers options for modernising the Code, to reflect changes in the field of electronic payments since the Code’s last review.

CP 341 is designed to assist ASIC in formulating its final positions on updates to the Code.

ASIC requests submissions by Friday 2 July 2021.  [21 May 2021]



Hong Kong

HKMA requests AIs to critically assess need for setting up secure tertiary data backup

The HKMA has published a circular to request authorised institutions (AIs) to critically assess the need for setting up secure tertiary data backup to counter the risk of destructive cyber attacks.

The HKMA considers that destructive malwares (including ransomwares) are of growing concern as they can potentially lead to permanent loss, corruption or unauthorised alternation of critical data.  It therefore invited the Hong Kong Association of Banks (HKAB) to develop guidelines appropriate for the banking landscape in Hong Kong.  On 30 April 2021, the HKAB issued the Secure Tertiary Data Backup Guideline, which provides guidance to banks on the factors they need to take into account in deciding whether to set up a secure tertiary data backup and what implementation issues they need to overcome in ensuring its effectiveness.  The guideline includes 8 high-level principles grouped under governance, design and data restoration.

The HKMA considers that secure tertiary data backup is an effective measure to enhance cyber resilience and data security and expects all AIs to critically assess the need for such backup based on the HKAB's guideline.

All retail banks and foreign bank branches with significant operations in Hong Kong are required to submit a report to the HKMA by 30 November 2021, setting out the outcome of their assessment.  The HKMA will inform AIs individually if they are required to submit such report and the information to be included in the report.  [18 May 2021]




Key contacts

Nick Pantlin photo

Nick Pantlin

Partner, Head of TMT & Digital UK & Europe, London

Nick Pantlin
Alex Kay photo

Alex Kay

Partner, London

Alex Kay