Follow us

In this weekly post, we round-up FinTech-related financial services regulatory developments for the week ending 9 June 2023.


> Insights from Herbert Smith Freehills



> Global

BCBS meeting assesses crypto standard, notes areas for further work

At its 6 June meeting, the Basel Committee on Banking Supervision (BCBS) assessed certain outstanding elements of the prudential treatment of banks' exposures to cryptoassets. As noted in the publication of the standard in December 2022, this includes work related to the treatment of permissionless blockchains as well as the eligibility criteria for 'Group 1' stablecoins. Any potential revisions to the existing standard will be subject to consultation.  [7 Jun 2023]

BIS Innovation Hub: Quantum-proofing the financial system

The Bank for International Settlements (BIS) Innovation Hub has published report on Project Leap - the joint project set up by the BIS Innovation Hub Eurosystem Centre, Banque de France and Deutsche Bundesbank into developing a quantum-safe communication channel that shields financial data. Test payment messages were transmitted via this quantum-resistant VPN (Virtual Private Network) tunnel between servers located in Paris and Frankfurt, with critical financial data protected. The project presents a response to the threat that quantum computing is expected to present to today's cryptographic algorithms and, by extension, to the confidentiality of financial data.  [5 Jun 2023]




> UK

FCA: Financial promotion rules for cryptoassets

The FCA has published a Policy Statement (PS23/6) which sets out the policy position and final Handbook rules for financial promotions involving cryptoassets.  Having considered the feedback the FCA received to its earlier consultation, the regulator has proceeded with categorising cryptoassets as ‘Restricted Mass Market Investments’. This would allow cryptoassets to be mass marketed to UK consumers subject to certain restrictions, in addition to the overarching requirement that financial promotions must be fair, clear and not misleading. These restrictions include: clear risk warnings; banning incentives to invest; positive frictions; client categorisation requirements; and appropriateness assessments.

The new rules are given effect by The Financial Services and Markets Act 2000 (Financial Promotion) (Amendment) Order 2023 which was made on 7 June 2023. The FCA explains that firms which plan to continue marketing cryptoassets to UK consumers should consider which of the routes set out in the legislation they will use to lawfully communicate their promotions once the regime comes into force.

The FCA has also published a Guidance Consultation (GC23/1) which seeks feedback on how the regulator will approach and how firms comply with the requirements that cryptoasset promotions be fair, clear and not misleading.  The deadline for responses is 10 August 2023. [8 Jun 2023] 




PSR confirms new APP fraud reimbursement requirements

The Payment Systems Regulator (PSR) has published a Policy Statement 23/2 (PS23/2) which confirms new reimbursement requirements for victims of authorised push payment (APP) fraud. It also set out the timetable for further developments:

  • In July, the PSR will consult on the draft legal instruments to put reimbursement requirements in place.
  • In August, it will consult on the maximum level of reimbursement and claim excess and additional guidance on the customer standard of caution (gross negligence).
  • In October the PSR will give the final legal instruments to Pay.UK and conduct a further consultation on the legal instrument to be given to payment service providers (PSPs).
  • By the end of 2023 the PSR will publish the claim excess and maximum level of reimbursement, additional guidance on the customer standard of caution (gross negligence) and publication of all legal instruments.
  • In 2024, the new reimbursement requirement will come into force. [7 Jun 2023]


SI: Financial Services and Markets Act 2000 (Financial Promotion) (Amendment) Order 2023 – qualifying cryptoassets

The Financial Services and Markets Act 2000 (Financial Promotion) (Amendment) Order 2023 has been made. This statutory instrument (SI) proposes to expand the scope of the financial promotion restriction in section 21 of the Financial Services and Markets Act 2000 (FSMA), by amending the Financial Promotion Order (FPO), to include financial promotions in respect of certain cryptoassets. The SI, and relevant FCA rules, will provide for the regulation of in-scope cryptoasset financial promotions.

This SI will seek to amend the FPO by creating a new controlled investment (defined as a 'qualifying cryptoasset'), as well as amending relevant controlled activities to incorporate reference to qualifying cryptoassets. The SI will also apply and modify certain existing exemptions in the FPO to qualifying cryptoassets and create a temporary, limited exemption to the financial promotion restriction (imposed by section 21(1) of FSMA), for cryptoasset businesses (which are not authorised persons) on the FCA’s anti-money laundering register. The SI will provide for an implementation period of four months from the day after the SI is made before it comes into force. This period is intended to allow industry time to understand how the regime will be practically implemented, with the aim of ensuring compliance across the industry.

An explanatory memorandum accompanies the SI. [7 Jun 2023]




JROC: FCA/PSR: Next steps to help UK open banking grow

The Joint Regulatory Oversight Committee (JROC), co- chaired by the FCA and Payments Systems Regulator (PSR) has published its programme to take forward recommendations for the next phase of open banking in the UK. As part of the programme, dedicated workstreams will be set up to action the six key priorities outlined in the recommendations. To support this, the JROC has launched a variable recurring payment (VRP) working group and a future entity working group.

The VRP working group will be chaired by the PSR and will help to expand the use of VRP and allow businesses and consumers to make a wider range of payments more conveniently and efficiently. The future entity working group will be chaired by the FCA and will consider the design and implementation of the future entity. Both working groups will be established by the end of June 2023.

The Open Banking Limited (OBL) will lead and coordinate workstreams on four of the other key themes: levelling up availability and performance; mitigating the risks of financial crime; developing proposals for the disputes process; and improving information flows to third party providers (TPPs) and end users. The JROC has set out instructions to the OBL in a letter. [6 Jun 2023]





> EU

OJ: Cryptoassets legislation, including MiCA and the revised regulation on information accompanying transfers of funds and certain cryptoassets

The legislative texts which comprise the EU's new cryptoassets regime have been published in the Official Journal of the EU (OJ).

The Regulation on markets in cryptoassets (MiCA) covers requirements on: (a) transparency and disclosure; (b) authorisation and supervision; (c) protection of holders of crypto-assets; (d) protection of clients of crypto-asset service providers; and (e) measures to prevent insider dealing, unlawful disclosure of inside information and market manipulation related to crypto-assets. The Regulation will enter into force on the twentieth day following that of its publication in the OJ. It shall apply from 30 December 2024, with the exception of Title III relating to asset-referenced tokens and IV relating to e-money tokens which apply from 30 June 2024.

The Regulation on the information on payers and payees accompanying transfers of funds, and on the information on originators and beneficiaries accompanying transfers of cryptoassets for the purposes of preventing, detecting and investigating money laundering and terrorist financing enters into force on the twentieth day following that of its publication in the OJ and will apply from 30 December 2024.  [9 Jun 2023]







BEUC: Report on misleading promotion of cryptoassets on social media

The European Consumer Organisation (BEUC) has published a report on misleading promotion of crypto-assets on social media platforms. BEUC and nine of its member organisations have also submitted an external alert to the European network of national consumer authorities (CPC-Network) and the European Commission about the misleading advertising of cryptoassets on social media platforms. BEUC is calling on the CPC-Network to require platforms to make their policies stricter, and on EU institutions, including the European Supervisory Authorities (ESAs), to take steps to mitigate the risk of misleading promotions.  [9 Jun 2023]




Council and EP reach provisional agreement – Financial services contracts concluded at a distance

In a press release, the EP has announced that provisional political agreement has been reached with the Council of the EU on the reform of EU rules on the marketing of financial services contracts concluded at a distance.  The new directive repeals the 2002 Directive on distance market of financial services (DMD(FS)).  The Council has also published a press release.

Once both the EP and Council formally adopt the rules, they will be published in the OJ and enter into force 20 days later. Member states will then have 24 months to transpose the directive into national law and another six months to apply it. [7 Jun 2023]



> Australia

Government releases Strategic Plan for Australia’s Payments System

The Government has released its Strategic Plan for the future of Australia’s payments system which sets out its policy objectives and priorities for building a modern and resilient payments system. Developed through a consultation process in collaboration with stakeholders in financial institutions, technology companies, industry associations, consumer groups and government agencies, the Strategic Plan is underpinned by the principles of trustworthiness, accessibility, innovation and efficiency. It outlines the Government’s vision for the payments system sector, allowing businesses to invest with certainty and innovate.

The Strategic Plan will be on an 18 month review cycle to allow the Government to report on its progress against its objectives and priorities, and ensure the Strategic Plan is responsive to advances in technology, competition and changes in consumer demand. [7 Jun 2023]

Government statement in response to the Statutory Review of the CDR 

The Government has released its statement in response to the Statutory Review of the Consumer Data Right (CDR), which outlines its commitment to continue developing the CDR framework. The CDR is an economic reform that gives consumers the ability to more safely share the data that Australian businesses hold about them for their own benefit.

The Government stated that it is committed to ensuring Australia’s CDR framework continues to develop as safe and secure infrastructure for the data economy so that consumers have trusted ways to use their transaction data. Following the introduction of the CDR in the banking sector, CDR-enabled products have emerged that allow consumers to better manage their money and save time

With CDR data-sharing in banking covering nearly 100 per cent of market share, as part of Budget 2023-24 funding, the Government is prioritising the addition of non-bank lenders to widen the availability of lending data, giving consumers a more complete view of their financial accounts. [7 Jun 2023]



Consultation opens on reforms to the Payment Systems (Regulation) Act 1998

The Government is consulting on proposed changes to the Payments Systems (Regulation) Act 1998 (PSRA). The proposed changes are intended to ensure regulators and the Government can address new risks emerging from the evolution of the payment provision landscape and associated increases in complexity.

The proposals include:

  • updating the PSRA to ensure the Reserve Bank of Australia has the ability to regulate new and emerging payment systems, such as digital wallet providers; and
  • introducing a new ministerial designation power that would allow particular payments services or platforms that present risks of national significance to be subject to additional oversight by appropriate regulators.

Responses are requested by 7 July 2023.  [7 Jun 2023]




Consultation opens on payment functions underpinning licensing of PSPs 

The Government is consulting on a list of payment functions intended to underpin a new licensing framework for payment service providers (PSPs). The new tiered framework is intended to ensure consistent and appropriate risk‑based regulation of payment service providers based on the payment functions they provide. Further consultation on the regulatory obligations under the new licensing framework will take place later in 2023 with introduction of legislation for the new payments licensing regime in 2024.

Responses are requested by 19 July 2023. [7 Jun 2023]




ePayments Code subscribers to comply with updated Code 

The updated ePayments Code took effect from 2 June 2023. This followed a 12-month transition period to allow subscribers time to get ready for, and ensure compliance with, changes providing clarity on a number of existing protections for consumers. Subscribers to the code include most banks and credit unions in Australia, as well as a small number of other providers of electronic payment services.

ASIC Commissioner Danielle Press commented, 'The ePayments Code sets out important details about the relationship between the consumer and their bank or credit union. It forms the basis of important consumer protections related to everyday banking and payments transactions.'

Updates to the Code relate to:

  • extending the Code to payments made using the New Payments Platform;
  • compliance monitoring and data collection;
  • mistaken internet payments;
  • unauthorised transactions;
  • complaints handling; and
  • facility expiry dates. [2 Jun 2023]

> Hong Kong

HKMA and Cyberport co-organise fourth AMLab on supporting an agile, coordinated and strategic response to digital fraud and financial crime

As part of its "Fintech 2025" strategy, the HKMA has co-organised its fourth Anti-Money Laundering Regtech Lab (AMLab) with Cyberport (supported by Deloitte).  Following its third AMLab on "digital response to fraud" held in November 2022 (see our previous update), the fourth AMLab brings together retail banks, technology companies and industry experts to develop a sector-wide approach to real-time fraud monitoring, to help customers identify and take action to prevent fraud.  For the first time, major stored value facility licensees also joined the event.

The fourth AMLab explored:

  • Proactive detection of money mule accounts to increase the early identification capacity and alerts for potential victims of deception to protect against losses;
  • Promoting industry-wide adoption of AML regtech tools to increase effectiveness of real-time fraud monitoring across the board; and
  • Best practices for the use of data and a more coordinated approach across fraud and money laundering risk disciplines.

A Regtech Connect session (an initiative introduced in July 2022) was also held, where technology companies discussed relevant regtech tools and solutions with participating banks and stored value facility licensees.

The HKMA noted that around 60% of retail banks are now using network analytics (more than twice as that three years ago), while around 80% of retail banks are now incorporating non-traditional data such as digital footprints and customer behaviour into their monitoring systems.

As 'gatekeepers' of the banking system against fraud and financial crime, the HKMA and banks are committed to innovating their response, including adopting a consistent and coordinated approach to real-time fraud monitoring by all retail banks before the end of September 2023.  The outcomes will be tracked against the HKMA’s 2023 work priorities (see our previous update) and the five joint anti-deception initiatives announced recently by the HKMA and the Hong Kong Police Force (see our previous update).  [7 Jun 2023]





SFC CEO discusses strategy to bring Hong Kong to the next level as international asset management hub and private wealth centre

The SFC has made available a keynote speech delivered by its CEO, Ms Julia Leung, at the 16th Annual Conference of Hong Kong Investment Funds Association, titled "Reflect, Reset and Refocus: Game Plan for Hong Kong as an Asset Management Hub".

Ms Leung reflected on the market challenges in 2022 but noted that Hong Kong has shown resilience and seemed to have turned the corner late last year, although the investing terrain remains rough.

The SFC's strategy to bring Hong Kong to the next level as an international asset management hub and private wealth centre consists of the following four prongs:

  • Onshoring strategy – fund domicile structures – Hong Kong's two new fund structures (open-ended fund companies (OFCs) and limited partnership funds) introduced in 2018 and 2020 respectively as alternatives to the trust form are bearing fruit.  The SFC is working with the Government to optimise the OFC regime in several areas, including winding-up procedures and anti-money laundering.  Progress is also underway to introduce the new Type 13 regulated activity covering fund depositary services, which will take effect in October 2024 after completing the legislative process.
  • Platforms: Connect schemes with Mainland China –Mutual market access between the Mainland and Hong Kong is the SFC's vision and commitment for the long term.  The SFC's strategy is to expand the sales footprint for Hong Kong-domiciled funds by building numerous conduits to reach Mainland investors.  These include the Mutual Recognition of Funds scheme, the Wealth Management Connect and the ETF Connect, launched in 2015, 2021 and 2022 respectively.  The SFC sees a need to scale them up, widen the scope of products and relax restrictions to create more headroom for fund flows.
  • Products – The SFC aims to enable growth in respect of climate-resilient ESG investment products, virtual asset products, and RMB-denominated products.  An immediate priority is to provide guidance to the asset management industry on how they engage ESG service providers.  In the long term, the SFC would like to see the development of carbon credit trading, more sustainability-related innovation, and more affordable decarbonisation driven by technology.  The SFC recently authorised the first batch of virtual asset futures ETFs, and released guidelines for licensed virtual asset platform operators.  The Stock Exchange of Hong Kong will launch the HKD-RMB Dual Counter Model for stock trading on 19 June 2023.  In addition, the SFC is working with the China Securities Regulatory Commission to include the RMB counter in southbound Stock Connect.
  • Technology and services – The SFC believes that generative AI can be used responsibly to augment (rather than replace) asset managers in decision making.  However, licensed corporations are expected to thoroughly test AI to address any potential issues before deployment and keep a close watch on the quality of data used by the AI.  They should also have qualified staff to manage their AI tools, proper senior management oversight and a robust governance framework for AI applications.  [5 Jun 2023]




> India

RBI: G20 International Conference – Cyber security

The Reserve Bank of India (RBI) has published a summary report of the international conference on 'Cyber Security Exercise for Banking Sector' under India’s G20 Presidency which was jointly conducted by the RBI and the Indian Computer Emergency Response Team (CERT-In), Ministry of Electronics and Information Technology (MeitY), Government of India (GOI) in Mumbai on June 5, 2023.

The conference was addressed by Shri M K Jain, Deputy Governor, RBI, and  Dr. Sanjay Bahl, Director General, CERT-In. Officials from the International Monetary Fund (IMF) and the Bank for International Settlements (BIS) also addressed the more than 200 participants from the RBI, MeitY, IMF, BIS, Central Banks and Computer Emergency Response Teams of G20 Member Countries and the banking industry.  [6 Jun 2023]

RBI consults on draft Master Directions on Cyber Resilience and Digital Payment Security Controls for PSOs

The RBI has published the draft Master Directions on Cyber Resilience and Digital Payment Security Controls for Payment System Operators (PSOs) for feedback.  The draft Directions cover the governance mechanism for identification, assessment, monitoring and management of cybersecurity risks including information security risks and vulnerabilities, and specify baseline security measures for ensuring safe and secure digital payment transactions.

Comments are requested by 30 June 2023.  [2 Jun 2023]





SEC files charges against crypto exchange

The Securities and Exchange Commission (SEC) has announced that it has filed charges against a crypto exchange operator, a U.S.-based affiliate, and the exchange's founder in relation to alleged violations of securities laws.  [9 Jun 2023]

SEC charges company for operating as an unregistered securities exchange, broker, and clearing agency

The SEC has announced that it has charged a company, alleging that it operates its crypto asset trading platform as an unregistered national securities exchange, broker, and clearing agency. The SEC has also charged the company for failing to register the offer and sale of its crypto asset staking-as-a-service program.  [6 Jun 2023]

Federal bank regulatory agencies issue final guidance on third-party risk management

The federal bank regulatory agencies – the Federal Reserve (Fed), Federal Deposit Insurance Corporation (FDIC), and Office of the Comptroller of the Currency (OCC) – have issued final joint guidance designed to help banking organizations manage risks associated with third-party relationships, including relationships with financial technology companies.

The final guidance describes principles and considerations for banking organizations' risk management of third-party relationships. It covers risk management practices for the stages in the life cycle of third-party relationships: planning, due diligence and third-party selection; contract negotiation; ongoing monitoring; and termination.

The final guidance replaces each agency's existing general third-party guidance and promotes consistency in the agencies' supervisory approaches toward third-party risk management.  [6 Jun 2023]






Karen Anderson photo

Karen Anderson

Consultant, London

Karen Anderson
Cat Dankos photo

Cat Dankos

Regulatory Consultant, London

Cat Dankos

Key contacts

Karen Anderson photo

Karen Anderson

Consultant, London

Karen Anderson
Cat Dankos photo

Cat Dankos

Regulatory Consultant, London

Cat Dankos
Karen Anderson Cat Dankos