FinTech Monthly Bulletin: September 2019

1. General

The UK Department for International Trade has announced that six British FinTech firms have been selected for Finnosummit, the largest FinTech conference across Latin America and the Caribbean. Over 3,000 entrepreneurs, financial services innovators, financial executives and international investors will attend the conference in Mexico City from 10 to 13 September 2019. (29 August 2019)

2. AI and Automation

2.1 The UK Information Commissioner’s Office (ICO) has published various techniques that organisations can use to comply with data minimisation requirements when developing AI systems. According to the data minimisation principle set out in the EU General Data Protection Regulation, personal data must be adequate, relevant and limited to what is necessary for the purposes for which it is processed. This publication is part of a call for input on developing the ICO framework for auditing AI. (21 August 2019)

2.2 The UK Financial Conduct Authority (FCA) has published an insight article on AI in the boardroom. The article, written by FCA senior advisor Magnus Falk, explores key AI related issues for boards and senior managers including ethical decision-making, transparency and liability. (01 August 2019)

3. Cryptoassets

3.1 The European Parliament has published an update given by Valdis Dombrovskis, Vice President of the European Commission, regarding the Commission’s recent work on cryptoassets, including Facebook’s proposed digital currency, Libra. The Commission is continuing to monitor Libra’s development including in relation to risks associated with financial stability, monetary policy, data privacy, money laundering, consumer protection and cybersecurity.

Despite the limited information available about the nature of Libra, the Commission is also carrying out a preliminary assessment, in cooperation with the European Securities and Markets Authority (ESMA) and the European Banking Authority (EBA), of the legal nature of Libra and the authorisations it subsequently may have to seek under EU law.

The Commission is also working with international partners with the aim of ensuring a coordinated approach globally to manage any risks posed by Libra. (28 August 2019)

3.2 The Swiss Financial Markets Supervisory Authority (FINMA) has issued stringent guidance on how to apply anti-money laundering regulations in the field of blockchain technology. Under these rules, the transfer of cryptocurrencies to and from FINMA-supervised institutions will be restricted. FINMA has also issued the first banking and security dealer licences to two new crypto banks. On receipt of such licences, the crypto banks will be able to offer services in the area of tokenised digital securities to institutional and professional customers. (26 August 2019)

3.3 ESMA and the EBA have responded to a letter from the European Commission on cryptoassets, which the Commission published on 19 July 2019. ESMA and the EBA welcome the Commission’s work in response to issues that ESMA and the EBA highlighted in their reports in January 2019 on cryptoassets and initial coin offerings and agree that further work should progress urgently to assist the Commission in considering what, if any, actions to take. (20 August 2019)

3.4 The European Central Bank (ECB) has published its latest Economic Bulletin, which includes an article entitled ‘Understanding the crypto-asset phenomenon, its risks and measurement issues’. (08 August 2019)

3.5 The European Data Protection Supervisor has published a statement outlining the concerns shared by representatives of the global community of data protection and privacy enforcement authorities regarding the privacy risks posed by Facebook’s proposed Libra digital currency and infrastructure. (05 August 2019)

3.6 The FCA has published a Policy Statement setting out its Final Guidance, feedback and responses to the Consultation Paper (CP/3) on its regulatory perimeter for cryptoassets. The FCA is proceeding with the Guidance that was consulted on, with some drafting changes to improve clarity based on responses. This includes reframing the taxonomy of cryptoassets to help market participants better understand whether tokens are regulated, and where they fall outside the FCA’s remit. The FCA has clarified that there are two broad types of regulated tokens: security tokens and e-money tokens. Therefore, exchange tokens and utility tokens currently fall outside the FCA’s regulatory perimeter. (31 July 2019)

4. Cybersecurity

4.1 The Chinese Government has announced that it aims to lay out a primary cybersecurity system for the industrial internet by 2020. This proposal has been announced as part of a broader plan to build a sound and complete cybersecurity system by 2025 to promote the development of China’s industrial internet. (29 August 2019)

4.2 Following the entry into force of the EU Cybersecurity Regulation on 27 June 2019, the European Commission has requested that the European Agency for Cybersecurity (ENISA) prepare a candidate cybersecurity certification scheme to serve as a successor to the existing SOG-IS Mutual Recognition Agreement. The aim of the new scheme is to provide for cybersecurity certifications of ICT products and ICT services. ENISA is calling for an expression of interest for the selection of members of the ad hoc working group to support preparation of the scheme. (06 August 2019)

5. Data

5.1 ESMA is seeking candidates for its newly established Data Advisory Group. ESMA is seeking individuals with expertise on issues relating to market data regulatory reporting and record keeping of derivative contracts, amongst other skills, to form the new group. This group will provide advice to ESMA’s Data Standing Committee which undertakes ESMA’s policy work in data and reporting. Interested individuals should apply to ESMA by no later than 16 September 2019. (06 August 2019)

5.2 See also paragraph 3.5.

6. Payments and Open Banking

6.1 The FCA has published a ‘Dear CEO’ letter from Jonathan Davidson, the FCA’s Executive Director of Supervision, Retail and Authorisations, on the implementation of Strong Customer Authentication (SCA) requirements under the revised Payment Services Directive (PSD2). Among other things, Mr Davidson states that for a period the FCA will not take enforcement action against firms that do not meet the SCA requirements in card-not-present e-commerce transactions from 14 September 2019 in areas covered by the plan. See paragraph 6.3 below for a summary of the FCA’s plan. (20 August 2019)

6.2 The EBA has published clarifications to a fifth set of issues that have been raised on APIs under PSD2. The clarifications respond to issues raised on the measurement of response times of the dedicated interface, the machine-reliability of the EBA register, reliance on eIDAS certificates and varies issues related to the contingency measures. (14 August 2019)

6.3 The FCA has agreed an 18-month plan that will allow the payments and e-commerce industry to take a phased approach to implementing SCA. The SCA are new European Union rules that will affect how banks and payment service providers verify customer identities and validate payment instructions. The rules aim to act as a “stronger means of ensuring that anyone seeking to make payments is not a fraudster”. (13 August 2019)

6.4 The FCA’s Advisory Group on Open Finance met for the first time on 29 July 2019 to discuss the potential of extending open banking-like data sharing to a range of financial products. The Advisory Group will be considering how open finance will develop and investigating the practical and ethical issues related to data sharing. The Advisory Group’s work will inform the FCA’s Call for Input, which will shape the FCA’s future strategy towards open finance, to be published later in the year. (08 August 2019)

About Simmons & Simmons’ FinTech team

The FinTech Monthly Bulletin is prepared by the FinTech team of Simmons & Simmons.

Since its emergence into the mainstream, the FinTech sector has captured the interest and imagination of entrepreneurs, investors, governments and regulators, not to mention financial institutions and asset managers. We understand the opportunities and challenges that lie at the heart of the FinTech revolution and advise clients navigating the novel legal and regulatory issues that frequently arise.

Our market leading FinTech team combines specialist expertise across practices and offices with insights resulting from a focus on the TMT, Financial Institutions, and Asset Management and Investment Funds sectors.

Our clients range from early stage start-ups to some of the world’s largest financial institutions and technology providers. We also advise clients partnering with or investing in FinTech firms as well as financial institutions and asset managers developing their own FinTech solutions.

We support clients across a broad range of FinTech matters including crowdfunding, payments, cryptoassets, distributed ledger technology, InsurTech and RegTech, and we are interested in all areas of financial technology innovation.

If you would like to find out more about our FinTech team or require advice on a FinTech matter, please contact one of our lawyers at this link or your usual Simmons & Simmons contact.