FinTech Monthly Bulletin: November 2019

1. General

1.1 The Bank of International Settlements (BIS) has published a speech by Burkhard Baltz, Deutsche Bundesbank Executive Board Member, in relation to BigTechs, FinTechs, smartphone payments and stablecoins. In his speech, Baltz discussed how to respond to the issues arising from the digitalisation in payments generally and the increasing influence of BigTech firms. (3o October 2019)

1.2 Paul Chan, the Financial Secretary of Hong Kong, together with a Hong Kong FinTech delegation of around twenty members, has visited a FinTech accelerator and met with sector figures in London. Chan also visited: the medical technology institute in Oxford; the UK Financial Conduct Authority (FCA); and a modular integrated construction project. These visits were set up to strengthen bilateral links across finance, innovation and technology. (26-28 October 2019)

1.3 Andrew Bailey, Chief Executive of the FCA, has spoken at the Lord Mayor's City Banquet about issues affecting the FCA, FCA areas of focus and balancing risk taking with protecting investors and consumers. In his speech, Bailey briefly discussed FCA technological initiatives such as FCA Innovate, as well as the FCA's work supporting the FinTech sector. (24 October 2019)

1.4 Megan Butler, Executive Director of Supervision - Investment, Wholesale and Specialists at the FCA, has spoken about using technology to tackle financial crime. In her speech, Butler discussed the way in which machine learning (ML) and artificial intelligence (AI) could be adopted by firms in order to detect and reduce the occurrence of fraud. She also spoke about crypto scams and FCA innovative programmes, such as the Sandbox, which has been set up to assist firms and their attempts to innovate in RegTech. (23 October 2019)

1.5 The European Banking Authority (EBA) has published an Opinion addressed to the EU Commission with suggestions for ensuring EU disclosure requirements take account of the growing number of consumers using digital channels to buy financial products and services. These suggestions are aimed at improving consumer access to high-quality information setting out features and costs across the lifetime of a service, and ensuring information is provided at the appropriate time and using suitable means. (23 October 2019)

1.6 Twelve Canadian FinTech firms have participated in a 5-day trade mission across the UK led by the UK's Department for International Trade (DfIT) as they look to set-up operations in the UK market. The firms have collectively raised over half a billion dollars in venture capital and wish to expand their operations overseas. The trade mission provides firms with the opportunity to find financing, meet partners and potential investors and learn about UK requirements for setting up their businesses. (21 October 2019)

1.7 The DfIT has sent nine leading UK FinTech companies to Australia under the UK-Australia FinTech Bridge Pilot Programme. This bilateral programme aims to: increase engagement on FinTech policy and regulation; improve trade flows and access to capital opportunities; and deal with barriers to international growth. Over 24 Australian FinTech firms have set up in the UK since the pilot programme's creation, and more than 14 UK FinTech business have been set up in Australia. (14 October 2019)

1.8 The European Commission (EC) and the Financial Services Agency of Japan (FSA) have issued a joint statement following the inaugural meeting of the Joint EU-Japan financial regulatory forum in Tokyo on ii October. In this meeting, the participants discussed, among other things, the benefits and challenges posed by FinTech and issues relating to cybersecurity and stablecoins. (ii October 2019)

1.9 The Dubai Financial Services Authority (DFSA) has invited applications from local and international firms for its 2020 Regulatory Sandbox. To apply, interested technology firms should submit an explanation of the planned business model and the proposed innovative product or service through the DFSA website. Previous business models that have been accepted into this process have included Sukuk issuances using smart contracts and tokenised securities, and the use of AI in credit analysis. (9 October 2019)

1.10 Jacqueline Loh, the Deputy Managing Director of the Monetary Authority of Singapore (MAS) has spoken to members of the World Federation of Exchanges about the influence technology and innovation have on financial markets. In her speech, Loh commented on the trend towards technologies like distributed ledger technology in securities and trading and innovative initiatives introduced by MAS, such as the FinTech Regulatory Sandbox. (9 October 2019)

1.11 The Swiss National Bank (SNB) and BIS have signed an operational agreement in relation to the BIS Innovation Hub in Switzerland. The Hub will be used to: find and develop in-depth insights on key trends in technology affecting central banking; develop public goods in the technology space; and act as a network of central bank experts on innovation. Hub Centres will initially be set up in Switzerland, Hong Kong SAR and Singapore. (8 October 2019)

1.12 Andrew Jenkins, Director of mobility data and analytics company Arity, has been appointed as the latest FinTech Envoy for Northern Ireland. Jenkins will be the lead ambassador for Northern Ireland's FinTech sector, endorsing it as a place for firms to develop and expand their business. (4 October 2019)

1.13 The CityUK and the Capital Markets Development Agency of the Republic of Uzbekistan (CMDA) have signed a Memorandum of Understanding (MoU) aimed at encouraging greater access and co-operation between the UK and Uzbekistan. The MoU will attempt to increase cooperation between financial and related professional industries in these countries by, among other things, creating an International Financial Centre in Tashkent and developing FinTech. (2 October 2019)

2. AI and Automation

2.1 Simon McDougall, Executive Director for Technology at the UK Information Commissioner's Office (ICO), has discussed the key themes resulting from the first phase of the ICO's work developing an Auditing Framework for AI. These themes include: the need to set up suitable AI governance and risk management capabilities; the importance of understanding data protection risks and creating an appropriate risk appetite; and leveraging Data Protection Impact Assessments (DPIAs) in order to develop compliant and ethical approaches to AI. (28 October 2019)

2.2 The European Union Agency for Cybersecurity (ENISA) and Europol have organised their third annual Internet of Things (IoT) Security Conference. The participants discussed the development of IoT security and mechanisms for introducing suitable security measures. The participants also reached a number of conclusions and made various actionable suggestions in relation to dealing with the security challenges posed by IoT and AI. (25 October 2019)

2.3 Simon Reader, the ICO's Senior Policy Officer, has discussed key considerations for organisations conducting DPIAs for AI systems. Reader recommends that a DPIA should: include a systematic description of processing personal data; have necessity of use and proportionality between the interests of the organisation and the rights and freedoms of individuals; objectively identify risks; and document safeguards in order to mitigate and address risks. This blog is part of the ICO's ongoing call for input on developing the ICO's Auditing Framework for AI. (23 October 2019)

2.4 The World Economic Forum (WEF), in collaboration with Deloitte, has issued a paper setting out the ways in which AI will fundamentally change the financial services industry. The report addresses five key areas of concern which include, among other things, whether AI systems can fulfil the fiduciary responsibilities of advisors and how business context controls what we need to know about AI. The aim of this report is to explore how the financial system can take advantage of AI whilst also dealing with the risks it creates. (23 October 2019)

2.5 The State Council of the People's Republic of China (PRC) has announced plans to implement a national AI-development plan. This plan aims to create a $141 billion core AI industry by 2030 and is expected to increase growth in related businesses by around $1,410 billion. (22 October 2019)

2.6 The Bank of England (BoE) and the FCA have published findings from a joint survey conducted in relation to the current use of ML in UK financial services. The findings show that, among other things, there has been an increased use of ML, ML is reaching more advanced stages of deployment and although some firms call for more guidance on the application of ML regulation, regulation is not seen by firms as a barrier. (16 October 2019)

2.7 Reuben Binns, the ICO Research Fellow in AI, has discussed the issues organisations could face when employing methods for dealing with requests from data subjects in relation to their rights of access, rectification and erasure in respect of AI systems. In this post, Binns also sets out considerations for organisations to take into account when complying with such requests. This blog is part of the ICO's ongoing call for input on developing the ICO's Auditing Framework for AI. (15 October 2019)

2.8 The International Regulatory Strategy Group (IRSG), in connection with Accenture, has published a report aiming to investigate the opportunities AI provides in the UK financial and related professional services industry and contribute to discussion on UK government and regulatory body promotion of AI-driven innovation. This report emphasises that AI has the potential to, among other things, develop new products, help detect and prevent illegal activity and assist with meeting regulatory requirements. The report also acknowledges that AI presents challenges arising from, for example, lack of clear regulation and the shortage of individuals able to develop and introduce AI across financial and related professional services. (8 October 2019)

2.9 The BoE has published a staff working paper in relation to using ML to predict bank distress in the UK. This paper sets out how ML and novel data can be used to create an early warning for UK bank distress that alerts regulatory bodies of their need to intervene before bank failure occurs. (4 October 2019)

2.10 See also paragraph 1.4.

3. Cryptoassets

3.1 Chinese leadership have announced that they will be increasing their investment in blockchain after identifying the technology as an important driver of China's economic growth. Chinese regulators, senior officials and Xi Jinping, the general secretary of the Communist Party of China Central Committee, have commented on the benefits of embracing blockchain in China. (29 October 2019)

3.2 The FCA has announced that it will be the anti-money laundering and counter terrorist financing supervisor of UK cryptoasset businesses from 10 January 2020. From this date, specified cryptoasset providers (such as cryptoasset exchange providers, custodian wallet providers and peer to peer providers) will also have to comply with the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations. The FCA has published its fee proposals in respect of its role as anti-money laundering and counter terrorist financing supervisor of UK cryptoasset businesses in a consultation paper. (28 October 2019)

3.3 The Financial Stability Board (FSB) has published an issues note identifying the regulatory issues relating to stablecoins. This note sets out the FSB's intention to: take account of supervisory and regulatory approaches in relation to stablecoins; consider the adequacy and effectiveness of current approaches based on findings; and advise on potential multilateral responses. The FSB will submit a consultative report to G20 Finance Ministers and Central Bank Governors in April 2020, and a final report in July 2020. (18 October 2019)

3.4 The Financial Action Task Force (FATF) has announced that it will assess countries' implementation of global standards in relation to money laundering and the terrorist financing risks of virtual assets. The FATF will work to ensure these standards remain relevant and will report to G20 Finance Ministers and Central Bank Governors in 2020 on the risks from global stablecoins and other emerging assets. (18 October 2019)

3.5 BIS has published a report exploring the impact of global stablecoins. The report finds that stablecoins affect, among other things, anti-money laundering efforts, data protection and tax compliance. The report also sets out initial recommendations for private sector stablecoin developers and public sector authorities to deal with the challenges and risks arising from global stablecoins. (18 October 2019)

3.6 The Chinese State Information Centre, China Mobile, China UnionPay and other institutions have jointly launched a nationwide blockchain based service network (BSN), intended to improve the layout of the blockchain network and assist with developing smart cities and the digital economy. The BSN will be designed to contain controllable security, independent innovation, openness and inclusiveness in order to reduce the barriers to using blockchain. All related content, applications and resources relating to the BSN will be available before March 2020. (16 October 2019)

3.7 The Securities and Commodities Authority of the United Arab Emirates (SCAUAE) has published draft regulations in relation to cryptoassets. The final regulations will set out standards and requirements on all aspects of the cryptoassets industry in the UAE, from token issuance requirements to trading and safekeeping practices. The SCAUAE called for all relevant parties to provide comments and input on the draft, by preferably no later than 29 October 2019. (15 October 2019)

3.8 The FSB Chair has written to G20 Finance Ministers and Central Bank Governors to report on the FSB's progress implementing G20 reforms. This letter emphasises three areas of the FSB's work, which includes assessing the impact global stablecoins have on financial stability. (13 October 2019)

3.9 The Hong Kong Securities and Futures Commission (SFC) has published proforma terms and conditions for licensed corporations that manage portfolios investing in virtual assets. These terms and conditions will be imposed on licensed corporations which manage or plan to manage portfolios with a stated objective to: invest in virtual assets; or have an intention to invest io% or more of the gross asset value of the portfolio in virtual assets. (4 October 2019)

3.10 The FSB has published remarks from Randal Quarles, the Vice Chair for Supervision at the FSB, in relation to the FSB's experiences over the past decade and its intended future work. This report discusses, among other things, the regulatory challenges arising from stablecoins due to their potential scalability. The FSB are leading the G7 preliminary assessment of stablecoins and have been working to analyse which existing regulations could apply to stablecoins. (3 October 2019)

3.11 The Financial Markets Law Committee (FMLC) has published a paper on the legal uncertainty arising from exchange tokens. In this paper, the FMLC investigates how regulators and legislators have dealt with the existing virtual currencies. The paper discusses, among other things, the possible characterisation of exchange tokens as property, money or e-money; the approach the EU has taken to virtual currencies in its anti-money laundering regime; and mitigations to the uncertainties created by exchange tokens. (October 2019)

4. Cybersecurity

4.1 Loo Siew Yee, Assistant Managing Director (Policy, Payments & Financial Crime) of MAS, has spoken at the International Compliance Association Annual APAC Conference about using technology to tackle financial crime. In her speech, Yee noted that over the past two years financial institutions have increasingly used automation, data analytics and AI to improve the effectiveness and efficiency of their AML / CFT processes. Yee also commented on Singapore's Payment Services Act, which will make entities performing digital payment tokens (DPT) services licenced and subject to MAS's AML / CFT supervision. (i6 October 2019)

4.2 The UK's National Cyber Security Centre (NCSC) and the Cyber Security Agency of Singapore (CSAoS) have signed a joint statement aimed at driving improvements in the security of Internet of Things (IoT) devices in both countries. This statement sets out recommendations that manufacturers of smart consumer products adopt industry practices, which include discontinuing the most evident security shortcomings, facilitating the disclosure of security vulnerabilities and encouraging the development and deployment of software security updates. (3 October 2019)

4.3 The Institute of International Finance (IIF) and Deloitte have jointly published a white paper on the global framework for fighting financial crime. This white paper comments on, among other things, the effect cyber incidents have on the stability of financial institutions and recommends that Public-Private Partnerships develop an operating model that unifies cyber, fraud and money laundering capabilities of its members in order to better combat illicit activity. (October 2019)

4.4 MAS's Cyber Security Advisory Panel (CSAP) has discussed the most recent cybersecurity challenges and strategies relating to Singapore's financial industry. In these discussions, CSAP members emphasised the need to: improve the attitude to cybersecurity risk in financial institutions; strengthen cyber monitoring and surveillance; and more effectively manage cybersecurity risks in IT supply chains. (30 September 2019)

4.5 Mr Vincent Loy, Assistant Managing Director (Technology) of MAS has spoken about enhancing cyber resilience in Singapore's financial industry. In his speech, Loy discusses the heightened risk and threat posed by cyber attacks and the need for the financial sector to collaborate to manage these risks, strengthen cyber resilience and ensure financial services are well delivered. Loy also comments on the work MAS has done to create collective cyber resilience across the financial sector and with other regulators. (30 September 2019)

4.6 See also paragraphs 2.2 and 2.3.

5. Data

5.i The SFC has issued a circular providing guidance to licensed companies in Hong Kong on the use of external electronic data storage providers (EDSP). The circular stipulates the conditions that must be followed when regulatory records are kept exclusively with an EDSP and sets out the SFC's expectations for reducing cyber and operational risks when electronic data is outsourced to an EDSP. The circular also highlights that authenticity, integrity, reliability and accessibility of regulatory records is important if the records are requested to be produced in legal proceedings commenced by the SFC or the Department of Justice. (31 October 2019)

5.2 The EC has published its report on the third annual review of the working of the EU-US Privacy Shield. The EU-US Privacy Shield protects the rights of anyone in the EU whose personal data is transferred to companies in the US for commercial purposes and sets out a legal framework for businesses that rely on transatlantic data transfers. The report states that an adequate level of protection for personal data is being provided by the US under the Privacy Shield and sets out recommendations to improve the functioning of the Privacy Shield in practice. (23 October 2019)

5.3 The International Conference of Data Protection & Privacy Commissioners (ICDPPC) have passed a resolution to address the role of human error in personal data breaches. Under this resolution, ICDPPC members should classify and report on causes of personal data breaches; consider recommendations from relevant expert bodies; and promote suitable security safeguards to reduce the likelihood of human error. The ICDPPC have also passed a resolution to support and enable regulatory collaboration across data protection, consumer protection and competition authorities in order to realise clear and consistently high standards of data protection in the digital economy. (22 October 2019)

5.4 The ICO has published a blog by Elizabeth Denham, the UK Information Commissioner, on the importance of global collaboration in data protection and privacy. In this blog, Denham discusses the ICDPPC and its focus on creating coherent and convergent laws, standards and regulations across member countries in order to keep data safe. (21 October 2019)

5.5 The California Attorney General has released proposed regulations implementing the California Consumer Privacy Act (CCPA). These regulations include, among other things: guidance on how businesses should provide notice of the consumer's right to opt-out of sale of personal information; guidance on the information to be included in the CCPA-mandated privacy policy; and strategies for businesses to handle consumer requests. The CCPA is set to come into force on 1 January 2020. (lo October 2019)

5.6 See also paragraphs 2.1, 2.3 and 2.7.

6. Distributed Ledger Technology, Blockchain and Smart Contracts

6.1 See paragraphs 3.1 and 3.6

7. InsurTech

The Insurance Authority of Hong Kong (IA) has announced that it has authorised the first non-life insurer, which owns and operates only through digital distribution channels, under its Fast Track system. The Fast Track scheme was introduced by the IA in September 2017 to promote InsurTech by granting licences to virtual insurers. The first non-life insurer to be granted a licence is a Hong Kong company, which focuses on innovative and customer-centric products, such as health and travel insurance. (8 October 2019)

8. Investments in FinTech

Charles Randell, Chair of the FCA, has spoken about maintaining the UK investment industry's world-leading position by concentrating on customer outcomes. As part of this speech, Randell discussed the way in which innovation can be used to improve the UK's position as an investment management location. He stated that the Investment Association is already innovating through FinTech projects which reduce costs and engage investors. Randell also highlighted FCA innovative initiatives, such as Project Innovate and the Sandbox. (10 October 2019)

9. Payments and Open Banking

9.1 The EBA has published a report in relation to the potential barriers to the cross-border provision of banking and payment services. In this report, the EBA identifies the key challenges to the cross-border provision of services and sets out issues including, among other things, authorisations and licensing, conduct of business and anti-money laundering. The EBA states that if these issues persist without being solved, they could prevent financial institutions and other FinTech firms from providing cross-border banking and payment services within the EU. (29 October 2019)

9.2 The Committee on Payments and Market Infrastructures (CPMI) has published a toolkit for central banks to operate its strategy to reduce the risk of wholesale payments fraud related to endpoint security. This toolkit includes: background materials describing the strategy and guidance for operating it; information on intended outcomes and latest practices; and a monitoring template to track progress. (22 October 2019)

9.3 The EBA has published an Opinion on the deadline and process for migrating to strong customer authentication (SCA) for e-commerce card-based payment transactions. In this Opinion, the EBA has set the deadline to 31 December 2020 and proposes the actions to be taken during the SCA migration period. Among other things, the Opinion sets out recommendations on the approach national competent authorities (NCAs) should take during the migration and the communication NCAs should have with payment service providers to represent that that there has not been a delay in the SCA requirement application date. (16 October 2019)

9.4 Victoria Cleland, Executive Director for Banking, Payments and Innovation at the BoE, has spoken about the Bank of England's electronic payment systems. In her speech, Cleland discussed the important role London and the UK have as FinTech and payments innovation hubs and the BoE's engagement with innovation and developments in payments. Cleland also sets out the BoE's work enhancing the resilience in payments, for example through their operation of the UK's Real-Time Gross Settlement Service and CHAPS. (8 October 2019)

9.5 See also paragraph 1.1.

10. Peer to Peer Lending and Crowdfunding

10.1 The Central Bank of UAE (CBUAE) has published a draft regulation for loan-based crowdfunding platforms (CFP) operating in the UAE. This regulation aims to improve the regulatory framework of the UAE financial sector and support the development of FinTech. The CBUAE has requested comments and insights to enhance the regulation by 10 October 2019, particularly from those who wish to operate a CFP in the UAE, existing licensed financial institutions and other stakeholders. (23 October 2019)

10.2 The Council of the European Union (CoEU) has published a proposal setting out the opening positions of the EC, the European Council and European Parliament in respect of: amending provisions relating to crowdfunding in a directive on markets in financial instruments; and introducing a regulation on European Crowdfunding Service Providers (ECSP) for Business. (i5 October 2019)

About Simmons & Simmons’ FinTech team

The FinTech Monthly Bulletin is prepared by the FinTech team of Simmons & Simmons.

Since its emergence into the mainstream, the FinTech sector has captured the interest and imagination of entrepreneurs, investors, governments and regulators, not to mention financial institutions and asset managers. We understand the opportunities and challenges that lie at the heart of the FinTech revolution and advise clients navigating the novel legal and regulatory issues that frequently arise.

Our market leading FinTech team combines specialist expertise across practices and offices with insights resulting from a focus on the TMT, Financial Institutions, and Asset Management and Investment Funds sectors.

Our clients range from early stage start-ups to some of the world’s largest financial institutions and technology providers. We also advise clients partnering with or investing in FinTech firms as well as financial institutions and asset managers developing their own FinTech solutions.

We support clients across a broad range of FinTech matters including crowdfunding, payments, cryptoassets, distributed ledger technology, InsurTech and RegTech, and we are interested in all areas of financial technology innovation.

If you would like to find out more about our FinTech team or require advice on a FinTech matter, please contact one of our lawyers or your usual Simmons & Simmons contact.