FinTech Monthly Bulletin: February 2020

If you have any queries or would like to subscribe to the FinTech Monthly Bulletin, please contact Angus Allen

1. General

1.1 The Organisation for Economic Co-operation and Development (OECD) has released a statement by the Inclusive Framework on base erosion and profit sharing (BEPS) in relation to the two pillar approach to tackling the tax challenges created by the digitalisation of the economy. The statement makes clear that the international community has renewed its commitment to reaching a consensus-based long-term solution to deal with these challenges. The statement focuses on the first pillar and includes information on, among other things, implementation of this pillar and key policy issues to be considered before a decision on the proposed “safe harbour” approach is taken. (30 January 2020)

1.2 The Board of the International Organisation of Securities Commissions (IOSCO) has published its 2020 annual work programme aimed at protecting investors, maintaining fair, efficient and transparent markets and addressing systemic risks. The work programme asks IOSCO to continue focusing on its five specific priorities for 2019, which include cryptoassets and artificial intelligence (AI) and machine learning (ML), and commence work on a new corporate debt and leveraged loan priority. (30 January 2020)

1.3 The European Economic Area (EEA) Data Protection Authorities and the European Data Protection Supervisor have met for their seventeenth plenary session. In this plenary, the European Data Protection Board (EDPB) adopted, among other things: draft guidelines on connected vehicles; the final version of the guidelines on the processing of personal data through video devices; and a letter to the Council of Europe on the Cybercrime Convention. The EDPB also adopted a letter on unfair algorithms which: evaluates the issues raised by the use of algorithms; outlines the relevant General Data Protection Regulation (GDPR) provisions and current guidelines dealing with these issues; and sets out the work already being done by supervisory authorities. (30 January 2020)

1.4 The European Commission (Commission) has published its Work Programme for 2020, which sets out its new policy initiatives, regulatory and fitness performance review and priority proposals for the year ahead. The Commission proposes several new initiatives which relate to financial regulation including, among other things:

• a European climate law to enshrine the 2050 carbon neutrality objective as part of the European Green Deal;
• developing strategies to establish a European approach to the use of AI and advanced data;
• adopting an Action Plan for FinTech, including a strategy to integrate the EU payments market;
• a legislative proposal on cryptoassets;
• a cross-sectoral legislative proposal on financial services firms’ operational and cyber resilience;
• adopting an Action Plan on anti-money laundering (AML) and carrying out a review of capital markets legislation; and
• adopting an Action Plan on the Capital Markets Union including a review of various regulatory frameworks.

(29 January 2020)

1.5 The Singapore Minister for Trade and Industry, the New Zealand Minister for Trade and Chile’s Vice Minister for Trade and Export Growth have jointly announced the substantial conclusion of negotiations for the Digital Economy Partnership Agreement (DEPA) between these jurisdictions. The DEPA sets out rules for digital trade and encourage cooperation in emerging digital areas by aligning standards and addressing challenges posed by digitalisation. (21 January 2020)

2. AI and Automation

2.1 The European Patent Office (EPO) has refused two European patent applications (EP 18 275 163 and EP 18 275 174) naming DABUS, an AI system, as their inventor. The EPO refused both applications in part due to AI not having a family name (as is required by European patent law) and asserted that a machine cannot own property or rights to an invention. (27 January 2020)

2.2 Members of the European Parliament (MEPs) have called for a strong set of rights that will ensure the fair and safe use of AI for consumers. The European Parliament’s Internal Market and Consumer Protection Committee approved a resolution dealing with various issues created by the rapid development of AI and automated decision-making (ADM) technologies. MEPs called for a risk-assessment scheme for AI and ADM and for a common EU approach to assist with the benefits of those processes and reduce the risks across the EU. The Commission is due to present its plans for a European approach to AI on 19 February 2020. (23 January 2020)

2.3 The UK Financial Conduct Authority (FCA) and the Bank of England (BoE) have announced plans to establish the Financial Services AI Public Private Forum (AIPPF). The forum aims to increase constructive dialogue with the public and private sectors and improve understanding on the use and impact of AI and ML. The AIPPF will investigate means to support the safe adoption of these technologies within financial services and whether principles, guidance, regulation and/or industry good practice could support safe adoption of AI and ML. (23 January 2020)

2.4 The Singapore Personal Data Protection Commission (PDPC) has presented the second edition of the Model AI Governance Framework, which assists in charting language and framing discussions around harnessing AI in a responsible way. The PDPC, in collaboration with the World Economic Forum’s Centre for the Fourth Industrial Forum, has also published an implementation and self-assessment guide for organisations, to act as a companion to the voluntary Model AI Governance Framework. The guide aims to help organisations assess their AI governance processes and identify and address any necessary gaps. (21 January 2020)

2.5 The US White House has announced proposals for 10 regulatory principles designed to “ensure public engagement, limit regulatory overreach and promote trustworthy technology.” These regulatory principles promote a light-touch regulatory approach with the White House keen to avoid “rules that would needlessly hamper AI innovation and growth”. (13 January 2020)

2.6 See also paragraphs 1.2, 1.4, 5.5, 5.6 and 5.9.

3. Cryptoassets

3.1 The Hong Kong Monetary Authority (HKMA) and the Bank of Thailand (BOT) have published a report on Project Inthanon-Lion Rock, a joint Central Bank Digital Currency project which completed in December 2019. The report sets out key findings from Project Inthanon-Lion Rock, covering topics such as token conversion and real-time interbank funds transfer. The two authorities will continue to produce research work in relevant areas, including exploring business cases and connections to other platforms. (22 January 2020)

3.2 The Bank of Canada, the BoE, the Bank of Japan, the European Central Bank, the Sveriges Riksbank and the Swiss National Bank, together with the Bank of International Settlements (BIS), have created a Central Bank group to share experiences as they assess the potential cases for central digital currency (CBDC) in their respective jurisdictions. The group will assess CBDC use cases, design choices and knowledge sharing on emerging technologies, and work closely with institutions and forums such as the Financial Stability Board (FSB). (21 January 2020)

3.3 The English Commercial Court has endorsed the analysis of cryptoassets as property set out in the UK Jurisdiction Taskforce’s legal statement in November 2019. One of the issues before Bryan J in AA v Persons Unknown (Re Bitcoin) [2019] EWHC 2556 was whether Bitcoins, the most widely known cryptocurrency, should be considered “property” under English Law for the purposes of obtaining a proprietary injunction. Bryan J ruled that they should. In a decision that is likely to be relevant in a variety of contexts (such as asset finance, insolvency and litigation) but may be tested in terms of its value as a precedent, the judge ruled that English Law recognises property that is neither a thing in possession nor a thing in action. For more information, please refer to our summary published here. (released for publication 17 January 2020)

3.4 The FCA has published the Fees (Cryptoasset Business) Instrument 2020, which sets out registration fees for cryptoasset businesses. The instrument, which came into force on 13 January 2020, outlines the fees payable by persons wishing to apply to the FCA to be registered as a cryptoasset business. (13 January 2020)

3.5 The FCA has announced that it has now become the AML and counter terrorist financing supervisor for businesses carrying out certain activities under the Money Laundering, Terrorist Financing and Transfer of Funds Regulations 2017. Any UK business carrying out specific cryptoasset activities will fall within the scope of the regulation and will need to comply with the FCA’s requirements. (10 January 2020)

3.6 The Financial Action Task Force (FATF) Forum has met to discuss how to supervise and regulate virtual assets and virtual asset service providers (VASPs). The Forum covered three main areas: lessons learnt so far from countries that have established VASP supervisory regimes; common issues when drafting VASP laws and regulations; and tools, skills, procedures and technology that supervisors need to supervise VASPs effectively. (9 January 2020)

3.7 The Qatar Financial Centre (QFC) Regulatory Authority has stated that cryptoassets services may not be conducted in or from the QFC. The tweet noted that there will be penalties imposed on firms that provide such services. (6 January 2020)

3.8 Tharman Shanmugaratnam, Senior Minister and Minister in charge of the MAS, has replied to a Parliamentary Question on the regulation of crypto derivatives on Approved Exchanges. Shanmugaratnam states that the MAS’s basic consideration is that crypto-derivative products are not suitable for most retail investors and that the MAS has taken a calibrated step to regulate crypto derivative products that are listed and traded only on Approved Exchanges. The MAS has, however, issued circulars to all financial institutions to comply with additional measures if they offer crypto products to retail investors, although these measures do not apply to entities which are not regulated by the MAS. (6 January 2020)

3.9 See also paragraph 1.4.

4. Cybersecurity

4.1 The Commission has released its latest survey on Europeans’ attitudes towards cybercrime. The results from the survey show that awareness of cybercrime is rising but Europeans are becoming less confident about their capacity to stay safe online. The survey showed that respondents were worried about misuse of their personal data, fraud and identity theft, among other things. The Commission has made keeping Europeans safe online a priority and has worked to combat cybercrime by, for example, implementing stronger rules against online payment fraud. (29 January 2020)

4.2 The Dubai Financial Service Authority (DFSA), in collaboration with the Dubai Electronic Security Center, the National Computer Emergency Response Team for the United Arab Emirates, the Computer Incident Response Center Luxembourg and the Open Source Threat Intelligence and Sharing Platform Project, has launched the first financial regulator-led Cyber Threat Platform in the region. The platform will encourage a community of information sharing for regulated and unregulated companies operating in and from the Dubai International Financial Centre. The platform will also link these companies to respected international cyber security firms, such as Palo Alto Networks and Recorded Future. (22 January 2020)

4.3 The UK National Cyber Security Centre (NCSC) has announced the alpha release of the NCSC’s secure communication principles. These principles are designed to help organisations make security decisions when selecting products and services relating to voice, video and messaging. The deadline for providing feedback on these principles is 30 April 2020. (16 January 2020)

4.4 The International Monetary Fund (IMF) has published a blog on the global response needed to deal with cybersecurity threats. The blog highlights that it is important for authorities combatting cybercrime to act fast and be globally integrated as this crime becomes increasingly cross-jurisdictional. The blog sets out four areas where the international community can come together to strengthen the work done at the national level. This includes, among other things, developing a greater understanding of the risks and ensuring that regulatory approaches achieve greater consistency. (13 January 2020)

4.5 The Cyber Security Body of Knowledge (CyBOK), a guide sponsored by NCSC that brings together knowledge from the world’s leading cyber security experts, has been launched. The 828-page resource provides a foundation for cybersecurity education, training and professional practice. The next stage of the CyBOK project will involve the guide being used by those designing university education and training courses. (9 January 2020)

4.6 The World Bank has adopted the cyber resilience oversight expectations (CROE) of the European Central Bank (ECB) under the Financial Inclusion Global Initiative (FIGI). Among other things, the CROE establishes expectations to ensure that payment systems can prevent, detect, respond to and recover from cyberattacks. The ECB will support the World Bank FIGI programme by holding workshops that will help regional authorities to understand CROE and other cyber tools and will provide technical training on cyber resilience. (6 January 2020)

5. Data

5.1 The UK Information Commissioner’s Office (ICO) has published a statement on data protection and Brexit implementation. In this statement, the ICO announced that during the UK’s Brexit transition period, running from 31 January until the end of December 2020, it will be business as usual for data protection and the GDPR will continue to apply. Companies and organisations offering goods or services to people in the EU will not need to appoint a European representative throughout this time. (29 January 2020)

5.2 The ICO has launched the third round of funding for its privacy innovation grants programme. The scheme, which started in 2017, supports proposals of privacy and data protection initiatives that have practical applications, will have a clear public benefit and meet one or more of the six goals in the ICO’s Information Rights Strategic Plan. Applications will close on 10 March 2020. (28 January 2020)

5.3 The European Data Protection Supervisor (EDPS) has issued a quick-guide to necessity and proportionality under EU law. The eight steps set out in the quick-guide aim to help readers assess the compatibility of measures affecting the fundamental rights to privacy and the protection of personal data with the EU Charter of Fundamental Rights. (28 January 2020)

5.4 Vice-President Jourová and Commissioner Reynders of the Commission have made a joint statement ahead of Data Protection Day. The statement outlines that due to the development of 5G, AI and Internet of Things technologies, personal data will be abundant and will present new opportunities and clear risks for individuals and democracies requiring robust rules. The statement also highlights the importance of the GDPR, which will be used as a foundation and inspiration for the success of key initiatives in, among other things, AI, health and mobility. (27 January 2020)

5.5 The ICO has published a statement responding to the Metropolitan Police Service’s announcement on the use of live facial recognition technology (LFR). In the statement, the ICO reiterates its call for the UK Government to establish a statutory and binding code for LFR as a priority in order to, among other things, create consistency in how police officers use the technology. The ICO will publish more about the use of facial recognition by the private sector later in 2020. (24 January 2020)

5.6 The Payment & Clearing Association of China (PCAC) has published a set of guidelines for facial recognition payments. The guidelines set out various principles for payment process using facial recognition, including user consent and the collection, storage and use of facial data. The guidelines emphasise that facial image information should be encrypted and stored separately from details such as bank numbers and other personal information. According to the guidelines, depending on risk levels, multi-factor verification should be used. (21 January 2020)

5.7 The ICO has published its final Age Appropriate Design Code aimed at protecting children’s privacy online. The Code outlines 15 standards expected of entities responsible for designing, developing or providing online services such as apps, social media platforms or online games. The Code will require digital services to automatically offer a built-in minimum of data protection to children when they download a new app, game or visit a website. (21 January 2020)

5.8 The ICO has published a blog on the reform of adtech real time bidding (RTB). The blog highlights the risks created by the lack of transparency of the RTB supply chain and the role of the many different actors and service providers. The blog calls for organisations to address the issues raised in the ICO’s June 2019 report and to work together to reform RTB. (17 January 2020)

5.9 The European Banking Authority (EBA) has published a report on the use, development and implementation of big data and advanced analytics in the banking sector. The report concludes, amongst other things, that the current trend in technological innovation may soon necessitate the development of regulatory frameworks and policies on the development and use of AI and ML within financial institutions. (13 January 2020)

5.10 The FCA has published a refreshed data strategy taking account of the significant development of technology and advanced analytic techniques in recent years. The data strategy outlines a transformation plan to allow the FCA to become a highly data-driven regulator. The BoE has also published a discussion paper on transforming data collection from the UK financial sector aimed at increasing the speed and effectiveness of data collection from firms across the financial sector. The FCA, together with the BoE and seven regulated firms, has also published a viability assessment report on phase two of the digital regulatory reporting pilot. (7 January 2020)

5.11 The ICO has published a blog on the benefits of sharing personal data and lessons that can be learnt from open banking. The blog post draws on findings by the ICO’s Regulators’ Business Innovation Privacy Hub and provides guidance to individuals or businesses who are interested in participating in the open banking initiative. In particular, the blog suggests that interested parties should: make sure they comply with GDPR; design a system that is built with the user in mind; and work together with other organisations in their sector. (6 January 2020)

5.12 The EDPS has published a preliminary opinion on data protection and scientific research. In this opinion, the EDPS discusses scientific research where data concerning people in the EU is processed and the GDPR is engaged. The EDPS recommends that data protection authorities and ethical review boards should increase their dialogue so as to, among other things, reach a common understanding on which activities constitute genuine research and encourage closer alignment between EU research framework programmes and data protection standards. (6 January 2020)

5.13 See also paragraphs 1.3 and 1.4.

6. Distributed Ledger Technology, Blockchain and Smart Contracts

Financial regulators in China have moved to manage digitalised products to prevent systemic risks, particularly in new technology such as blockchain. The People’s Bank of China (PBOC) FinTech committee has announced that PBOC is preparing a set of regulations governing blockchain and is increasing supervision of FinTech. In Beijing, PBOC has established the country’s first pilot programme to regulate FinTech innovation. The PBOC has also announced that all financial services applications should register on the regulators’ administrative system this year. (8 January 2020)

7. Initiatives

7.1 The Shanghai Municipal Financial Regulatory Bureau has announced a plan to make Shanghai an international FinTech hub over the next five years. The plan covers 25 major tasks over five key areas, which include, among other things, promoting research and development, improving the level of FinTech applications and attracting FinTech talent. (16 January 2020)

7.2 The Global Financial Innovation Network (GFIN) has published a report that outlines the lessons learned from its 2019 cross-border testing pilot and sets out solutions for dealing with the issues identified in the pilot. The pilot was introduced to provide real-time information within the global sandbox on how new innovative products or services may work in the market. The GFIN will develop the framework for future cohorts and launch various initiatives to ensure firms are ready for testing. The GFIN has also launched a new website. (16 January 2020)

7.3 The Monetary Authority of Singapore (MAS) has announced that it has received 21 applications for the five new digital bank licences it plans to issue. The digital licences will allow the selected non-bank players to offer banking services. Applicants include e-commerce firms, technology and telecommunications companies, FinTechs and financial institutions. The successful applicants will be announced in June 2020 and are expected to commence business in mid-2021. (7 January 2020)

7.4 The Asian Financial Forum (AFF) has launched the FinTechHK Start-up Salon, which features more than 60 FinTech start-ups. The Start-up Salon aims to promote the development of FinTech by supporting FinTech start-ups in connecting and sharing ideas with investors, and showcase their latest innovative solutions to the conference participants. (January 2020)

8. Payments and Open Banking

8.1 The Monetary Authority of Singapore (MAS) has announced the commencement of the Payment Services Act. The new legislation will strengthen the regulatory framework for payment services in Singapore, increase consumer protection and encourage confidence in the use of e-payments. Under the Act, MAS will have supervisory powers over new types of payment services, such as digital payment token services. (28 January 2020)

8.2 Christina Segal-Knowles, the Executive Director of the Financial Market Infrastructure Directorate, has spoken about responding to developments in payments, including innovation in electronic payments and the rise of stablecoin arrangements. In her speech, Segal-Knowles concludes that it is important for regulation to keep up to speed with innovation in payments. She notes that steps have already been taken by the HM Treasury, the cross-authority Cryptoassets Taskforce and the BoE’s Financial Policy Committee to ensure regulation can cope with the changes in the payments landscape. (22 January 2020)

8.3 See also paragraphs 4.6, 5.6 and 5.11.

About Simmons & Simmons’ FinTech team

The FinTech Monthly Bulletin is prepared by the FinTech team of Simmons & Simmons.

Since its emergence into the mainstream, the FinTech sector has captured the interest and imagination of entrepreneurs, investors, governments and regulators, not to mention financial institutions and asset managers. We understand the opportunities and challenges that lie at the heart of the FinTech revolution and advise clients navigating the novel legal and regulatory issues that frequently arise.

Our market leading FinTech team combines specialist expertise across practices and offices with insights resulting from a focus on the TMT, Financial Institutions, and Asset Management and Investment Funds sectors.

Our clients range from early stage start-ups to some of the world’s largest financial institutions and technology providers. We also advise clients partnering with or investing in FinTech firms as well as financial institutions and asset managers developing their own FinTech solutions.

We support clients across a broad range of FinTech matters including crowdfunding, payments, cryptoassets, distributed ledger technology, InsurTech and RegTech, and we are interested in all areas of financial technology innovation.

If you would like to find out more about our FinTech team or require advice on a FinTech matter, please contact one of our lawyers at this link or your usual Simmons & Simmons contact.