FinTech Global FS Regulatory Round-up W/e 6 January 2023 – Fin Tech

To print this article, all you need is to be registered or login on

In this regular update, we round-up FinTech-related financial
services regulatory developments for the week ending 6
January 2023.


Recent updates from Herbert Smith Freehills include:


FSB: Proposed framework for international regulation of
crypto-asset activities responses

The Financial Stability Board (FSB) has published the responses it has received to its
October consultation on the proposed framework for international
regulation of crypto-asset activities. The consultation

  • recommendations to promote the consistency and
    comprehensiveness of regulatory, supervisory and oversight
    approaches to crypto-asset activities and markets and strengthen
    international cooperation, coordination and information sharing;
  • revised high-level recommendations for the regulation,
    supervision, and oversight of global stablecoin arrangements to
    address associated financial stability risks more effectively. [4
    Jan 2023]

IAIS: Consultation on operational resilience in the insurance
sector deadline extended

The International Association of Insurance Supervisors (IAIS)
has extended the feedback deadline for the
consultation on its Issues Paper on operational resilience in the
insurance sector to 13 January 2023. The paper addresses three
specific operational resilience sub-topics: cyber resilience;
third-party outsourcing; and business continuity management. [3 Jan



Lords written question & answers: FTX and forthcoming
crypto consultation

For HMT, Baroness Penn has responded to a question put by Baroness
Kennedy of Cradley regarding any assessment HM Government (HMG) has
made of the risks to investors following the collapse of the
cryptocurrency exchange FTX. Baroness Penn explains that the FCA
and Bank of England (BoE) continue to warn investors of the risks
of cryptoassets. She also highlights the forthcoming legislation
which will bring cryptoasset financial promotions within scope of
FCA supervision and confirms that it is HMG’s intention to
consult on regulating wider cryptoasset activities ‘in the
coming weeks’. [5 Jan 2023]



FCA/PRA: Bank fined for operational resilience failings

The FCA and the PRA have fined a bank a total of 48.65 million
for operational risk management and governance failures, including
the management of outsourcing risks. The issue arose in relation to
the bank’s IT migration programme, which experienced technical
failures that resulted in customers being unable to access banking
services. The FCA and PRA found that the bank failed both to
organise and control the IT migration programme adequately, and to
manage the operational risks arising from its IT outsourcing
arrangements with its critical third-party supplier.

The FCA and the PRA found that the bank breached several of
their Principles for Business and Fundamental Rules. The FCA final notice imposes a fine of 29.75
million and the PRA final notice imposes a fine of 18.9
million. The bank agreed to resolve the matter with the regulators,
and qualified for a 30% discount in the overall penalty. [20 Dec



EBA: Call for advice on DORA correspondence

The European Banking Authority (EBA) has published a letter and call for advice addressed to the European
Supervisory Authorities (ESAs) from the European Commission (EC) on
the the designation criteria and fees for the Digital Operational
Resilience Act (DORA) oversight framework. The call for advice
requests the ESAs input on the specific details to shape up the
designation criteria for critical ICT third-party service providers
(CTPPs), as well as the elements which are needed in the
specification of the amount of the fees, and the way and methods in
which such fees are to be paid.

The ESAs must deliver the advice to the EC by 30 September 2023.
[5 Jan 2023]


EBA: Call for advice from EC MiCA

The European Banking Authority (EBA) has published a letter and call for advice from John Berrigan at the
European Commission (EC) on the Regulation on markets in
crypto-assets (MiCA). The letter outlines the EC’s call for
advice, which concerns delegated acts on certain criteria for
classification of asset-referenced tokens and e-money tokens as
significant and on supervisory fees to be charged by EBA to the
issuers of significant asset-referenced tokens or e-money

EBA has been asked to deliver the advice by 30 September 2023.
[4 Jan 2023]


OJ: Regulation and Directive DORA

The following legal instruments in relation to the Digital
Operational Resilience Act (DORA) have been published in the
Official Journal of the EU (OJ):

  • Regulation (EU) 2022/2554 on digital
    operational resilience for the financial sector and amending
    Regulations (EC) No 1060/2009, (EU) No 648/2012; and
  • Directive (EU) 2022/2556 amending Directives
    2009/65/EC, 2009/138/EC, 2011/61/EU, 2013/36/EU, 2014/59/EU,
    2014/65/EU, (EU) 2015/2366 and (EU) 2016/2341 as regards digital
    operational resilience for the financial sector.

The Regulation and Directive will enter into force on 16 January
2023. DORA will apply from 17 January 2025 and Member States are
required to apply measures implementing the DORA Amending Directive
from the same date. [3 Jan 2023]


ECB: Progress report on digital euro

The European Central Bank (ECB) has published its second progress report on the
digital euro. In the report, the ECB provides an update on the
progress made over the past few months and examines a second set of
design and distribution options for a digital euro. Specifically,
the report describes the respective roles of the Eurosystem and
supervised intermediaries in the digital euro ecosystem, including
the settlement of digital euro transactions, and explains the
scheme-based approach for the distribution model for the digital

The ECB has also published a letter from Fabio Panetta, Member
of the ECB Executive Board, to Irene Tinagli, Chair of the
Committee on Economic and Monetary Affairs (ECON) at the European
Parliament (EP), setting out details of the report. In the letter,
Mr Panetta also notes that the ECB Governing Council is expected to
decide in autumn 2023 whether to start a realisation phase to
develop and test the appropriate technical solutions and necessary
business arrangements for providing a digital euro. [21 Dec


ESMA: Framework to assess operational resilience of CCPs

The European Securities and Markets Authority (ESMA) has published a paper outlining a framework for
assessing the operational resilience of financial entities
providing time-critical services. The paper sets out the three
novel tools within the framework (Reliability indicators, Scenario
analysis of third-party dependencies and System-wide analysis of
critical third-party providers); their methodology; and an example
application of these tools in the financial sector, using insights
from their use in the context of the fourth central counterparty
(CCP) stress test performed by ESMA. [19 Dec 2022]


ECB: Imposition of administrative penalty on bank for failure
to report cyber incident

The ECB has published a decision in which it imposes an administrative
penalty on a bank for failing to report a significant cyber
incident within the prescribed two-hour deadline outlined in the
cyber-incident reporting framework implemented in 2017. [19 Dec



Treasury consults on ACCC’s digital platforms

Treasury is seeking views on the recommendations to address consumer and
competition issues contained in the 5th interim report
from the ACCC’s ongoing inquiry into digital platform services
(released on 11 November 2022). The ACCC’s recommendations

  • economy-wide consumer measures, including a prohibition against
    unfair trading practices and unfair contract terms;
  • consumer measures specific to digital platforms, including
    mandating internal and external dispute resolution processes and
    obligations on platforms to prevent and remove scams, harmful apps
    and fake reviews;
  • a new competition framework which would subject
    ‘designated’ digital platforms to mandatory codes applying
    to the services they provide; and
  • targeted competition obligations for designated digital
    platforms to be included in the proposed new framework and codes,
    to address harms such as anti-competitive self-preferencing.

Feedback is requested by 15 February 2023.

The ACCC has been undertaking the inquiry since 2020. Matters
being considered by the inquiry include competition in markets for
the supply of digital platform services, practices of suppliers of
digital platform services which may result in harm and how
innovation and technology change may affect the nature and degree
of market power and characteristics of digital platform services.
The final report is due in 2025. [20 Dec 2022]


Hong Kong

HKMA updates AIs on BCBS’s final standard for prudential
treatment of cryptoasset exposures and plans for local

The HKMA has issued a circular to inform authorised institutions
(AIs) that the Basel Committee on Banking Supervision (BCBS) has
published its final standard “Prudential treatment of
cryptoasset exposures”
following consultation. The
standard has been developed to provide a global baseline framework
for banks’ cryptoasset exposures to promote responsible
innovation while preserving financial stability.

The standard is scheduled to be implemented by member
jurisdictions by 1 January 2025, and the HKMA intends to implement
it in Hong Kong in accordance with this timeframe. The HKMA will
consult the industry in due course on local implementation, but in
the meantime, AIs that are planning to conduct cryptoasset-related
business activities are recommended to familiarise themselves with
the new standard and consider its implications.

Under the standard, cryptoassets will be categorised into Group
1 (qualifying tokenised assets and stablecoins which will generally
be subject to the risk-based capital requirements of the existing
Basel capital framework) and Group 2 (cryptoassets that do not meet
the Group 1 classification conditions and will be subject to a more
conservative capital treatment).

Key features of the standard include:

  • Infrastructure risk add-on for Group 1 cryptoassets;
  • Redemption risk test and a supervision/regulation requirement
    to ensure that only stablecoins issued by supervised and regulated
    entities that have robust redemption rights and proper governance
    are eligible for a Group 1 qualification;
  • Group 2 exposure limit to serve as an additional
  • Other elements to (i) prescribe the supervisory review process
    and disclosure requirements and (ii) specify how the operational
    risk, liquidity, leverage ratio and large exposures requirements
    have to be applied in the context of banks’ cryptoasset

The HKMA notes that some areas, such as permissionless
blockchains and additional statistical tests to identify low risk
stablecoins, will remain subject to monitoring and further review
by the BCBS. [20 Dec 2022]


HKMA shares key observations and sound practices from its
review on consumer protection in respect of digital platforms for
application of unsecured loan and credit card products

The HKMA has issued a circular to share with the industry key observations and sound practices
identified in its supervisory work conducted on consumer protection
in respect of digital platforms for the application of unsecured
loan and credit card products.

  • Latest landscape of digital banking services Based on a
    survey conducted by the HKMA on 28 authorised institutions (AIs),
    there has been significant digitalisation in the application
    process of unsecured loan and credit card products. For example,
    70% of credit card applications, 62% of loan-on-card applications
    and 68% of personal instalment loan applications were made via
    digital platforms in the first half of 2022.
  • Consumer protection in the digital environment With
    reference to its circular of 4 September 2020 regarding enhanced
    measures in respect of digital platforms for the application of
    unsecured loan and credit card products (see our previous update), the HKMA conducted a
    thematic review in respect of such digital platforms from consumer
    protection perspectives and noted some room for improvement in a
    few areas. These include display of key facts statement and terms
    and conditions, key details on specific products on digital
    platforms, enhanced disclosure measure in the form of a
    “double reminder” to customers, and the digital
    disclosure approach adopted by AIs. The HKMA has also observed some
    sound practices which may be helpful for the industry.

Details of the key observations and sound practices are
attached to the circular. AIs are expected to review and make any
necessary improvements to ensure that their digital platforms are
designed in a way which can enable customers to make informed
borrowing decisions. [20 Dec 2022]


FSTB launches consultation on enhancing crowdfunding

The Financial Services and the Treasury Bureau (FSTB) has launched a consultation on proposals to enhance
crowdfunding activities. Feedback on the proposals is required by
20 March 2023.

The consultation paper sets out various recommendations on
enhancing the transparency and accountability of crowdfunding
activities, which include requiring in-principle future
crowdfunding activities to obtain permission before commencement,
and ensuring sufficient transparency to the public during and after
conducting crowdfunding activities.

The following are the major features of the proposed regulatory
regime (among others):

  • All online and offline fundraising activities that raise funds
    publicly from individuals or entities of Hong Kong, or individuals
    or entities located in Hong Kong, are required to apply in advance
    to the newly proposed Crowdfunding Affairs Office (CAO), regardless
    of their purpose or location;
  • When processing applications, the CAO will consider factors
    including the honesty, reputation and reliability of the applicant,
    proportionality of the purpose of the crowdfunding activity to its
    scale, and risks brought about by the activity to public interests,
    public safety and national security;
  • The CAO will co-ordinate with relevant government departments
    with a view to streamlining procedures for fundraising activities
    which are subject to existing regulation, such as donation
    activities held physically in public places, or lottery sales;
  • The new regulatory regime will not apply to commercial
    fundraising activities in the market which are already well
    regulated by financial regulators under existing legislation;
  • Exemptions and facilitation measures are proposed to facilitate
    smooth operation and timely commencement of crowdfunding activities
    which are widely recognised by the society and charitable
    crowdfunding projects which address sudden and urgent needs;
  • Fundraisers are required to disclose objectives and
    arrangements of their crowdfunding activities, use local bank
    accounts and keep proper records of fund movements;
  • A registration system for online crowdfunding platforms is to
    be considered; and
  • Law enforcement agencies are to be empowered to cease unlawful
    crowdfunding activities and prosecute offenders. [19 Dec 2022]


BNM Policy Document on Electronic Money (E-Money)

Bank Negara Malaysia (BNM) has published a Policy Document setting out regulatory
requirements and guidance for electronic money issuers (EMI)
approved pursuant to section 11 of the Financial Services Act 2013
(FSA) or the Islamic Financial Services Act 2013 (IFSA). BNM has
issued a Feedback Statement to address the key feedback
and proposals received during the consultation period and Frequently Asked Questions (FAQs) to enhance
public understanding of the requirements and clarify interpretation
issues in implementing the requirements of the E-Money policy
document. This policy document comes into effect on 30 December
2022, except for paragraphs 15, 16.2 to 16.4, 18, 19.6 to 19.15,
27, 28, 29, 30 and 31 which come into effect on 30 December 2023.
[30 Dec 2022]



SECT consults on proposed revision to supervision of digital
asset custodial wallet providers

The SECT is seeking public comments on a proposed revision to the principles for
supervising digital asset (DA) custodial wallet providers. This
would involve an exemption from the definition as DA Custodial
Wallet Provider for DA issuers who provide custodial service on
self-issued DA for their clients. The proposed revision would also
require investment token issuers who provide custody and deposit
service on self-issued DA to establish a system segregating their
clients’ DA from their own assets, and would prohibit them from
seeking benefits from the clients’ DA under their custody. The
consultation ends on 26 Jan 2023. [27 Dec 2022]



RBI announces fourth cohort for regulatory sandbox

The RBI has announced the fourth cohort for the regulatory
sandbox with the theme ‘Prevention and Mitigation of Financial
Frauds’. The RBI received nine applications of which six have
been selected for the test phase due to commence in February 2023.
[5 Jan 2023]



BSP Partners with BAP and BMAP to Promote Cyber Hygiene

The BSP has partnered with the Bankers Association of
the Philippines (BAP) and the Bank Marketing Association of the
Philippines (BMAP) in rolling out the
“Check-Protect-Report” (CPR) information drive to foster
cyber hygiene among Filipinos. The communication campaign aims to
equip Filipino financial consumers with the information needed to
protect themselves against online scams.[1 Jan 2023]


BSP Issues rules for RTGS PS Participants

The BSP has issued rules for the participants in the
Peso Real Time Gross Settlement Payment System (RTGS PS), an
infrastructure that provides real-time settlement of payments,
funds transfer instructions, or other obligations individually on a
transaction-by-transaction basis, in order to ensure the smooth
flow of funds in the financial system. The rules issued under BSP Memorandum No. M-2022-0049 dated 22
November 2022 require all RTGS PS participants to comply with all
laws and regulations on payment systems and provide for penalties
and sanctions. RTGS PS participants include the BSP and financial
institutions maintaining settlement accounts with the BSP, entities
that are sponsored into settlement, as well as FMIs, clearing
switch operators, and critical service providers within the RTGS
ecosystem. The BSP has streamlined the qualification requirements
for prospective members of the real-time payment system. Non-bank
e-money issuers and other entities may now settle their retail
transactions through the RTGS PS without the need for sponsorship
by existing participants. The BSP designated the RTGS PS as a
payment system that pose or have the potential to pose systemic
risk to the stability of the national payment system (SIP). [21 Dec



Agencies issue joint statement on crypto-asset risks to banking

Federal bank regulatory agencies have issued a statement highlighting key risks for banking
organizations associated with crypto-assets and the crypto-asset
sector and describing the agencies’ approaches to supervision
in this area. In particular, the statement describes several key
risks associated with crypto-assets and the crypto-asset sector, as
demonstrated by the significant volatility and vulnerabilities over
the past year. Given these risks, the agencies continue to take a
careful and cautious approach related to current and proposed
crypto-asset-related activities and exposures at banking
organizations. The agencies continue to assess whether or how
current and proposed crypto-asset-related activities by banking
organizations can be conducted in a manner that is safe and sound,
legally permissible, and in compliance with applicable laws and
regulations, including those designed to protect consumers. [3 Jan


The content of this article is intended to provide a general
guide to the subject matter. Specialist advice should be sought
about your specific circumstances.

POPULAR ARTICLES ON: Technology from Worldwide

Mitigating Liability From A Cyber Breach

McLane Middleton, Professional Association

All businesses in all industries and of all sizes are now targets for cyber criminals. Therefore, implementing reasonable measures to reduce the risk of cyber breach is the best technique…