FinTech Monthly Bulletin: January 2020

1. General

1.1 Members of the European Parliament (MEPs) have adopted a resolution calling on the European Commission (Commission) and Member States to decide on a common approach on taxing the digital economy. The European Parliament (EP) has announced that it supports the Commission President’s proposal that if international talks on the subject fail by the end of 2020, an EU position should be reached. (18 December 2019)

1.2 The Financial Stability Board (FSB) has published its work programme for 2020. The FSB’s principal areas of work for 2020 will include, among other things: monitoring FinTech and evaluating its effect on financial stability; publishing a consultation on stablecoins and regulatory issues; and supporting the enhancement of global cross-border payments. The FSB will also continue to identify, assess and address new and emerging vulnerabilities. (17 December 2019)

1.3 The Commission has published a Final Report by its Expert Group on regulatory obstacles to financial innovation setting out 30 recommendations on regulation, innovation and finance. Each recommendation addresses one of four key objectives:

• addressing new and changed risks caused by the use of innovative technologies, such as artificial intelligence (AI) and distributed ledger technology (DLT);
• removing regulatory fragmentation and ensuring a level playing field between incumbents and new market entrants (such as start-ups and BigTech);
• reconciling the regulation of personal and non-personal data with the opportunities and risks offered by FinTech; and
• considering the potential impacts of FinTech from the perspective of financial inclusion and the ethical use of data.

For more information, please refer to our summary published here. (13 December 2019)

1.4 The FSB has published a report evaluating BigTech market developments and the potential impact they may have on financial stability. The report suggests that policymakers keep up to date with BigTech developments and its associated systemic risks and take account of three specific issues. These issues include: the provision of financial services by BigTech firms; the connection between BigTech firms and financial institutions; and the promotion of the mobility of data. (9 December 2019)

1.5 The European Council (Council) has adopted conclusions on the significance of 5G to the European economy and its associated security risks. Among other things, the conclusions stress that 5G networks will form part of important infrastructure for maintaining social and economic functions and states that security risks arising from 5G should be mitigated through a comprehensive and risk-based approach. (3 December 2019)

2. AI and Automation

2.1 The Hong Kong Monetary Authority (HKMA) has published a report on reshaping banking with AI as part of a series of papers assessing the opportunities and challenges created by applying AI technology to the banking sector. The report summarises the views of academics and banking experts and outlines the most recent development trends, potential use cases, the status of AI development and banking, the challenges and considerations associated with the technology and the market outlook. (23 December 2019)

2.2 The UK Information Commissioner’s Office (ICO) and the Alan Turing Institute have launched a consultation on their guidance relating to explaining decisions made with AI. The guidance aims to provide organisations with advice for explaining the processes, services and decisions delivered or assisted by AI, to relevant individuals. The ICO has requested feedback on the guidance by 24 January 2020.

For more information, please refer to our summary published here. (2 December 2019)

3. Cryptoassets

3.1 The UK Government has published the Money Laundering and Terrorist Financing (Amendment) Regulations 2019, along with an explanatory Memorandum. The Regulations set out the detailed implementing legislation that brings the Fifth Anti-Money Laundering Directive into force in the UK. Among other things, the Regulations: implement new provisions on risk assessments, policies, controls and procedures; amend sections relating to the duties of supervisory authorities; and create new categories of “relevant person”.

Under the Regulations, cryptoasset exchange providers and custodian wallet providers will be in scope for money laundering compliance and will need to disclose to their customers, before entering into a business relationship or transaction with them, any services provided which are not covered by either the Financial Ombudsman Service in the UK or the Financial Services Compensation Scheme. All cryptoasset businesses carrying out activities in scope for money laundering compliance and launching after 10 January 2020 will also need to register with the UK Financial Conduct Authority (FCA) before they can begin operations.

The Regulations come into force on 10 January 2020 (except for regulations 5(5)(c) on anonymous prepaid cards, which comes into force on 10 July 2020, and regulations 6 and 12(b), which come into force on 10 September 2020). (20 December 2019)

3.2 The Commission has published a consultation document requesting views on the suitability of the current regulatory framework for cryptoassets. The consultation forms part of the Commission’s work on a new EU Digital Finance Strategy which aims to make the EU financial services regulatory framework more open to innovation. The Commission invites comments on the consultation by 12 March 2020. The Commission has also published for consultation an inception impact assessment (roadmap) on a proposal for a Directive or Regulation creating a European framework for markets in cryptoassets, which the Commission intends to implement in Q3 2020. (19 December 2019)

3.3 The ECB has published a paper on exploring anonymity in central bank digital currencies. The paper considers the challenges digitalisation of the economy has on payments and acknowledges that a balance needs to be made between privacy and compliance with anti-money laundering and counter-terrorist financing regulations. The paper also discusses “central bank digital currency”, the proof of concept for anonymity in digital cash which the European System of Central Banks has established under the ECB’s coordination. (18 December 2019)

3.4 The Basel Committee on Banking Supervision (Committee) has published a discussion paper on the design of a prudential treatment for cryptoassets. The Committee believes that if banks are authorised and opt to acquire cryptoassets or provide related services, they should apply a conservative prudential treatment to their exposures. For this reason, the Committee is seeking comments from stakeholders on issues relating to the prudential regulatory treatment of cryptoassets, which must be submitted by 13 March 2020. (12 December 2019)

3.5 The Committee on Payments and Market Infrastructures (CPMI) has published a report on wholesale digital tokens. The report sets out conditions for developers and market participants to take into account when designing digital tokens to be used in wholesale transactions. It also describes possible innovations and contains a list of design questions relating to digital tokens that could be used to settle wholesale payments. The report concludes, among other things, that in specified circumstances wholesale digital tokens can provide a suitable alternative to settlement in traditional commercial bank money. (12 December 2019)

3.6 The Council and the Commission have adopted a joint statement on stablecoins. The statement outlines, among other things, that: stablecoins can present opportunities for cheap and fast payments; there is a need to establish legal clarity on the status of stablecoin arrangements; and dealing with the challenges created by global stablecoins requires a coordinated international response. The Council and the Commission state that no global stablecoin arrangement should begin operation in the EU until the legal, regulatory and oversight challenges and risks have been adequately identified and addressed (5 December 2019)

3.7 See also paragraph 1.2.

4. Cybersecurity

4.1 The Dubai Financial Services Authority (DFSA) has announced that it is launching a Cyber Threat Intelligence Platform (Platform). The objective of the Platform is to assist firms in the Dubai International Financial Centre (DIFC) to introduce appropriate cyber defences for combatting cyber risks. By providing cyber threat intelligence to the whole DIFC, the Platform is also designed to establish a cyber-intelligence community for information sharing. The Platform is programmed to go live in a launch event hosted by the DFSA in January 2020. (29 December 2019)

4.2 The Commission has published a consultation document on how an enhanced framework for digital operational resilience of the EU financial sector could be established. It has also published for consultation a roadmap on a proposal for a Regulation on digital operational resilience for the EU financial sectors. The initiative, covered in the consultation document and roadmap, aims to build on the FinTech Action Plan adopted by the Commission in 2018 to strengthen the digital operational resilience of the EU financial sector entities, particularly in areas related to Information and Communication Technology (ICT) and security risk. The Commission plans to adopt a proposal for a Regulation in Q3 2020. (19 December 2019)

4.3 The European Union Agency for Cybersecurity (ENISA) has announced a call for expression of interest for the selection of a 20-member ad hoc working group aimed at preparing a candidate cybersecurity certification scheme for cloud services. This call has been made in response to a request by the Commission and is intended to provide cybersecurity certification of a broad range of cloud services. The deadline for this call is 20 January 2020. (19 December 2019)

4.4 The European Insurance and Occupational Pensions Authority (EIOPA) has published a consultation paper on the proposal for Guidelines on ICT security and governance. While recognising that cybersecurity should be considered in creating sound information security measures, the Guidelines note that cyber attacks each have particular characteristics to be considered. Among other things, the Guidelines intend to provide clarification and transparency to market participants on the minimum expected information and cyber security capabilities. The deadline for submitting feedback is 13 March 2020. (12 December 2019)

4.5 The European Payments Council (EPC) has published its 2019 report on payment threats and fraud trends. The report outlines the most important threats in payments (including social engineering and phishing, malware, threats related cloud services, big data and cryptoassets) and suggests methods for managing and mitigating these threats. (9 December 2019)

4.6 The FSB has published a report on the financial stability implications of third-party dependencies in cloud services. Although the report concludes that there do not seem to be immediate financial stability risks arising from the use of cloud services by financial institutions, it suggests that it may be useful for authorities to engage in more discussion in specified areas. (9 December 2019)

4.7 The National Cyber Security Centre (NCSC) has released bite-sized videos containing advice for small businesses on the steps they should take to prepare their response to and plan their recovery after a cyber attack. (7 December 2019)

4.8 The State Council of the People’s Republic of China (State Council) has reported that the China Securities Regulatory Commission will apply more sci-tech means in financial supervision. This will include, among other things, using big data technologies to reduce illegal internet financial activities. (5 December 2019)

4.9 The ENISA has published a new report on pseudonymisation techniques and best practices. In particular, the report discusses the factors (such as data protection, utility, scalability and recovery) that may influence which pseudonymisation technique is selected in practice. The report concludes, among other things, that there is no individual easy solution to pseudonymisation that can be used for all approaches and scenarios. (3 December 2019)

5. Data

5.1 The Cyberspace Administration of China, the Ministry of Industry and Information Technology, the Ministry of Public Security and the State Administration for Market Regulation have jointly issued a document that provides guidance on the six types of activities by apps which have been declared illegal in China. The Guidance provides regulators, app operators and app users with a reference for determining the activities which constitute illegal collection and use of personal information in China. (30 December 2019)

5.2 The European Data Protection Supervisor (EDPS) has published new guidelines on assessing proportionality, which are designed to make it easier for policymakers to create privacy-friendly policies. The guidelines contain practical ways to evaluate the compliance of proposed EU measures that would affect the fundamental rights to privacy and the protection of personal data. (19 December 2019)

5.3 The EDPS has announced that a new supervisory framework for the processing of personal data at the EU Agency for Criminal Justice Cooperation (Eurojust) has come into force. The EDPS will be fully responsible for monitoring Eurojust’s compliance with the relevant EU rules on data protection under the new framework. (12 December 2019)

5.4 The ICO has opened a consultation on its draft guidance on rights of access under the General Data Protection Regulation (GDPR), rights which enable individuals to find out what personal data is held about them and to obtain a copy of such data. This builds on previous guidance and, among other things, sets out more detail on the rights individuals have to access their data and the obligations on controllers. The consultation on the draft guidance closes on 12 February 2020. (4 December 2019)

5.5 The EDPS has published a report outlining the activities carried out by the EDPS between 2015-2019. In particular, the report discusses how the EDPS has worked to implement the objectives set out in its 2015-2019 strategy which related to data protection going digital, forming global partnerships and the modernisation of data protection. (3 December 2019)

5.6 Five US Federal financial regulatory agencies have issued a joint statement on the use of alternative data in underwriting by banks, credit unions and non-bank financial firms. Alternative data includes information not usually found in consumers’ credit reports or typically given by consumers when applying for credit. The joint statement recognises the benefits that using alternative data can provide to consumers and explains that a well-designed compliance management programme requires a detailed analysis of relevant consumer protections laws and regulations. (3 December 2019)

5.7 See also paragraphs 1.4, 2.2 and 4.9.

6. Initiatives

6.1 Bank Negara Malaysia has issued an exposure draft on a proposed licensing framework for digital banks. A maximum of five licences may be offered to qualified applicants to carry out either conventional or Islamic banking in Malaysia. Successful applicants are expected to provide meaningful access to and promote the responsible usage of appropriate financial solutions to financial consumers. Bank Negara Malaysia has invited written feedback on the exposure draft by 28 February 2020. (27 December 2019)

6.2 The US Federal Reserve Board (Federal Reserve Board) has announced that it will organise a series of “fintech innovation office hours” across the US to meet with banks and companies involved in FinTech. The office hours will allow banks and FinTech firms to meet one-on-one with Federal Reserve staff to discuss FinTech developments and raise any queries. The Federal Reserve Board has also launched a new section on its website dedicated to FinTech innovation. (17 December 2019)

6.3 The People’s Bank of China (PBoC) has launched a pilot project for building a system of basic rules of FinTech regulation, and exploring flexible management approaches in information disclosure, product announcement and public supervision. The project aims to assist with the implementation of the PBoC’s three year FinTech Development Plan (2019-2021) by creating appropriate regulatory tools for FinTech innovation and improving the professionalism, unification and force of financial regulation. (9 December 2019)

7. InsurTech

Jonathan Dixon, Secretary General of the International Association of Insurance Supervisors (IAIS), has spoken about IAIS’s 2019 milestones and its views on FinTech developments. In his speech, Dixon discussed the various issues, challenges and opportunities presented by FinTech in the insurance industry. Dixon spoke about the initiatives and platforms the IAIS has created or supported to deal with the risks and benefits of FinTech, such as establishing a virtual FinTech forum and organising digitally themed events. (10 December 2019)

8. Payments and Open Banking

8.1 The Open Banking Implementation Entity (OBIE) has published the latest version of the Open Banking Standard. The latest Standard is a minor update to the version which OBIE released in September 2019, providing clarifications on previous Standards and information and guidelines on enhanced functionality in open banking. (20 December 2019)

8.2 MEPs have supported measures aimed at combatting e-commerce VAT evasion. The measures, which are covered in two pieces of EU legislation, require payment service providers to gather records of cross-border e-commerce payments and establish a new central electronic storage system. The measures also bolster administrative cooperation between Member States’ tax authorities and payment service providers. As a result of MEP support for the measures, Member State ministers should adopt the two pieces of legislation. (17 December 2019)

8.3 The FCA has launched a Call for Input on the risks and opportunities created by open finance, and what part the FCA should play. Open finance seeks to extend the principles of open banking by facilitating the way in which consumers and businesses compare price and product features and switch product or provider. The FCA has requested input by 17 March 2020 and will publish a feedback statement in summer 2020. (17 December 2019)

8.4 The European Banking Authority (EBA) has published a factsheet aimed at European consumers setting out key steps they should take into account when selecting online or mobile banking services. The factsheet includes tips for consumers on: reading and understanding terms and conditions; paying attention to fees and charges; thinking about security; and filing a complaint when they think their rights have been denied. (3 December 2019)

8.5 The Saudi Arabian Monetary Authority (SAMA) has announced the launch of a draft payment system and services in Saudi Arabia. The project aims to develop a regulatory framework for payment infrastructure that will, among other things, keep up to date with developments in the payments sector and encourage innovation in financial services in accordance with international standards. These objectives are in line with the Saudi Vision 2030 (which sets out Saudi Arabia’s long-term goals and expectations for creating a vibrant society, a thriving economy and an ambitious nation). (1 December 2019)

8.6 The Federal Reserve Board has published its latest Consumer Compliance Supervision Bulletin designed for senior executives in banking organisations. In this Bulletin, the Federal Reserve Board discusses its views on consumer compliance issues relating to FinTech. This edition of the Bulletin includes information on promoting effective FinTech risk management; online and mobile banking; and managing the fair lending risks of targeted internet-based marketing. (December 2019)

8.7 See also paragraphs 1.2, 3.3 and 4.5.

9. Peer to peer lending and Crowdfunding

The EP negotiating team has reached political agreement with the Council on EU rules to help crowdfunding services to operate smoothly and encourage cross-border business funding. Among other things, the rules will require that: investors be provided with a key investment information sheet for every crowdfunding offer; crowdfunding service providers give clients clear information about the financial risks and charges involved; and prospective European crowdfunding service providers seek authorisation from the national competent authority of the member states where they are established. (19 December 2019)

If you would like to subscribe to the FinTech Monthly Bulletin or have any queries, please contact Angus Allen.

About Simmons & Simmons’ FinTech team

The FinTech Monthly Bulletin is prepared by the FinTech team of Simmons & Simmons.

Since its emergence into the mainstream, the FinTech sector has captured the interest and imagination of entrepreneurs, investors, governments and regulators, not to mention financial institutions and asset managers. We understand the opportunities and challenges that lie at the heart of the FinTech revolution and advise clients navigating the novel legal and regulatory issues that frequently arise.

Our market leading FinTech team combines specialist expertise across practices and offices with insights resulting from a focus on the TMT, Financial Institutions, and Asset Management and Investment Funds sectors.

Our clients range from early stage start-ups to some of the world’s largest financial institutions and technology providers. We also advise clients partnering with or investing in FinTech firms as well as financial institutions and asset managers developing their own FinTech solutions.

We support clients across a broad range of FinTech matters including crowdfunding, payments, cryptoassets, distributed ledger technology, InsurTech and RegTech, and we are interested in all areas of financial technology innovation.

If you would like to find out more about our FinTech team or require advice on a FinTech matter, please contact one of our lawyers at this link or your usual Simmons & Simmons contact.