FinTech Monthly Bulletin: November 2020

If you have any queries or would like to subscribe to the FinTech Monthly Bulletin, please contact Angus McLean

1. General

1.1. China has established a national FinTech certification centre in Chongqing as part of the implementation of its FinTech Development Plan (2019-2021) and other measures to improve the regulatory framework for FinTech. The centre is intended to become a professional certification authority that will serve as a "gatekeeper" for the integrity, innovation and compliance of FinTech companies and empower development of the financial sector in China (19 October 2020).

1.2. The Financial Stability Board (FSB) has published a global transition roadmap for LIBOR. The roadmap sets out a timetable that financial and non-financial sector firms should follow in order to ensure a transition from LIBOR by the end of 2021. It states that firms should have already identified their LIBOR exposure risks and states that the next step is to ensure that firms have adhered to the ISDA fallback protocol by the effective date. It also reports that by the end of 2020 firms should be in a position to offer non-LIBOR linked loans and by mid-2021 firms should have established a formalised plan to amend all legacy contracts. Join the S&S Derivatives Academy 2020 starting Tuesday 17 November 2020 to learn more about how to get your IBOR portfolio in order. (16 October 2020)

1.3. Simmons & Simmons hosted a number of FinTech training sessions in October as part of our annual Autumn Legal Update 2020 looking at virtual currencies and operational resilience. These sessions can be watched on demand here.  Other sessions covering digitalisation, ESG, Brexit and beyond and culture are available here (14-15 October 2020).

1.4. The General Board of the European Systemic Risk Board 39th regular meeting discussed the consequences of the coronavirus (COVID-19) pandemic for the European Union economy and the financial system. The General Board considered the main source of systemic risk originates from the risk of widespread defaults in the private sector. They also highlighted that the uncertain economic outlook and low interest rates posed significant challenges in relation to profitability and asset quality. The next analysis to be published will examine the impact of pockets of illiquidity within the financial markets and the impact of the pandemic on money markets and exchange-traded funds. (1 October 2020)

2. Artificial Intelligence and Automation

2.1. The European Parliament has published new recommendations on EU rules for AI, focussing on three areas: ethics, liability and intellectual property rights (IPR). In relation to ethics it states that future laws should: ensure safety, transparency and accountability; protect against bias and discrimination; address rights of redress; promote social and environmental responsibility; and respect data privacy of individuals. The liability recommendations state that rules should apply to harm caused by all AI activity that damages life, health, physical integrity, property or causes significant immaterial harm. The IPR section focusses on the requirement for an effective IPR system in relation to AI, which protects innovative inventors without harming human creators' interests nor the EU's ethical principles. (20 October 2020)

2.2. The Bank of England (BoE) and the Financial Conduct Authority (FCA) have launched the Artificial Intelligence Public Private Forum aimed at encouraging dialogue between the public and private sectors in relation to the use and impact of AI and machine learning in financial services. It builds on the work of the FCA and BoE, who published a joint report on machine learning in UK financial services in October 2019. The forum will consist of a series of quarterly meetings and workshops structured around three key topics:

• data;

• model risk management; and

• governance.

The opening speech by the Deputy Governor of BoE, Dave Ramsden, can be accessed here. (12 October 2020)

3. Cryptoassets

3.1. The Financial Crimes Enforcement Network (FinCEN) and the Federal Reserve Board have invited comment on proposed amendments to the US Bank Secrecy Act. The proposed amendments lower the applicable threshold for record keeping from $3000 to $250 and change the definition of "money" to clarify that the regulations apply to transactions involving digital assets. (23 October 2020)

3.2. The Shenzhen municipal government in the Guangdong province and China's Central Bank have jointly issued 50,000 digital currency red packets, in attempt to boost consumption and domestic demand. The issuance forms part of wider trials of digital currency in China that the People's Bank of China predict will replace some of the notes and coins in circulation in the future. (10 October 2020)

3.3. A group of seven central banks together with the BIS have published a feasibility study assessing how central bank digital currency can help banks deliver their public policy objectives. The report highlights the importance of the coexistence of cash with any other types of money and states that any system should promote innovation and efficiency whilst doing no harm to monetary financial stability. (9 October 2020)

3.4. The FCA has published a Policy Statement that will ban the sale of crypto derivatives to retail consumers. The statement is a summary of feedback to CP19/22 and sets out the FCA's final policy position and Handbook rules on the issue, which will come into force on 6 January 2021. The ban applies to derivates referencing well-known tokens such as Bitcoin, Ether and Ripple XRP. (9 October 2020)

4. Cybersecurity

4.1. The Institution of Engineering and Technology has published a Code of Practice to help the engineering sector implement effective cyber security. The Code sets out principles aimed at improving the interaction between the institution's functional safety and cyber security teams, in order to better attend to the threat of cyber-attacks. (30 October 2020)

4.2. The British Retail Consortium has revamped its Cyber Resilience Toolkit for Retail, to provide advice and guidance to retailers about the threats of a cyber-attack. The guide is designed for non-cyber experts, such as Board members, those in senior strategic roles, and start-up businesses and reflects the increased threats presented by retailers moving online in response to the COVID-19 pandemic. (21 October 2020)

4.3. The European Union Agency for Cybersecurity (ENISA), alongside the European Commission, EU Member States and the CTI Stakeholders Group, has published the 8th annual ENISA Threat Landscape (ETL) 2020 report, identifying and evaluating the top cyber threats occurring between January 2019 and April 2020. The report mentions the top 15 cyber threats with malware being listed as number one. For further information please see the S&S Insights Article, "Cybercrime and the disruption by the COVID-19 outbreak" here. (20 October 2020)

4.4. The FSB has published a toolkit of effective practices that financial institutions should follow in relation to cyber incident response and security. The toolkit includes 49 practices that focus on governance, planning, analysis, mitigation, restoration/ recovery and coordination. (19 October 2020)

4.5. The European Insurance and Occupational Pensions Authority has released guidelines on Information and Communication Technology (ICT) Security and Governance, aimed towards increasing the digital operational resilience of insurance and reinsurance undertakings. (12 October 2020)

4.6. ENISA (alongside other regulatory agencies) has produced the first cybersecurity exercise for the ICT Advisory Committee of the EU Agencies and Institutions (ICTAC). The exercise tested participants using mock scenarios of spear phishing campaigns and ransomware. The aim of the exercise was to inform on how cooperation and information sharing can be enhanced between EU institutions during cyber-attacks.  (12 October 2020)

4.7. The UK's National Cyber Security Centre has revamped its Small Business Guide aimed at helping small businesses stay safe online. The Guide sets out five key areas that businesses should focus on in order to improve their cyber security, these are:

• Data back-up;

• Malware protection;

• Safety of smartphones (and tablets);

• Password protection; and

• Phishing avoidance strategies. (8 October 2020)

4.8. The EU Agency for Cybersecurity has hosted a virtual workshop to help Member States perform a self-assessment of their National Cybersecurity Strategy objectives at a strategic and operational level with the aim of improving existing cybersecurity capabilities. Highlights on the National Cybersecurity Strategies can be found here. (4 October 2020)

5. Data

5.1. China has announced its draft personal data protection law setting out key principles and laws in relation to the processing of personal information, cross-border data transfer and the processing of personal data by public authorities. The draft law is published on theNPC websiteand is open to public comment until the 19 November 2020. For more information please see the S&S Insights article "China unveils its personal data protection law" here. (30 October 2020)

5.2. The European Data Protection Board has finalised its Guidelines on Data Protection by Design & Default (in accordance with Art. 25 GDPR). The revised Guidelines include updated wording and further legal reasoning in order to address comments and feedback received during the public consultation process. (21 October 2020)

5.3. The European Data Protection Supervisor has held an Internet Privacy Engineering Network webinar on "Contact Tracing Apps as a large scale exercise in privacy engineering". The webinar focused on the on-going experience with COVID-19 and the possible lessons that have been learnt so far in relation to data protection by design and by default practices. (21 October 2020)

5.4. The Court of Justice of the European Union has confirmed that general retention of data is permitted only for national security concerns (C-511/18,C-512/18,C-520/18,C-623/17 La Quadrature du Net and Others). The ramifications of the ruling extend beyond national security and may affect the UK's ability to obtain an adequacy ruling from the EU after the Brexit transition period ends. (10 October 2020)

5.5. The UK Information Commissioner, Elizabeth Denham, delivered a keynote speech about data protection during the pandemic at PDP's 19th Annual Data Protection Compliance Conference 2020. The speech highlighted that the pandemic has changed the type of data collection that people find acceptable, i.e. it has now become common place for government bodies to request a list of persons contacts if they become infected. It also considers how much privacy people will be prepared to sacrifice in order to allow greater movement and freedoms in the future. The full speech can be found here. (8 October 2020)

5.6. The Information Commissioner's Office (ICO) has launched a public consultation on its draft Statutory guidance, which details how it will regulate and enforce data protection legislation in the UK under the Data Protection Act 2018. One of the aims of the consultation is to explain how the ICO will use its powers in the future and how data breach fines will be calculated. For more information please see the S&S Insights Article "New guidance from the ICO - finally some clarity on GDPR fines?" here (1 October 2020)

6. Payments and Open Banking

6.1. The FSB has published a roadmap - that has been endorsed by the G20 - setting out a number of reforms, practical steps and milestones that will be taken to create a cross-border payment system. The aim is that this new payment system will increase the stability of the international monetary system, improve financial inclusion and make trading on the financial markets more efficient. In response to the roadmap, the International Monetary Fund (IMF) has published a staff report on the macro-financial implications of a cross-border digital money system. If implemented, these papers have the potential to transform the cross-border money system and make payments cheaper, faster and more transparent. The G7 Finance Ministers and Central Bank Governors also released a Statement on Digital Payments emphasising the importance of the G20 agenda to enhance the efficiency of cross-border payments, but reiterating that no global stablecoin project should be operational until the relevant legal and regulatory issues have been addressed. (13 October 2020, 19 October 2020)

6.2. The Open Banking Implementation Entity (OBIE) has published version 3.1.7 of the Third Party Provider (TPP) Management Information Specification, which is a new addition to the Open Banking Standard. This will enable TPPs that participate in the OBIE ecosystem to report management information data in relation to the usage of OBIE's API specifications. The intention is that this reporting data can be used to, amongst other things, better understand the success and take-up of open banking. (13 October 2020)

6.3. The European Central Bank is exploring how TARGET Instant Payment Settlement (TIPS) could support cross-currency instant payments. TIPS settles transactions in real time in central bank money. The initiative is intended to reinforce the connections between European banks. (6 October 2020)

7. RegTech

7.1. The FSB is running a workshop on FinTech issues on 4 November 2020 with the objective of presenting on FSB's work on SupTech and RegTech by authorities and regulated institutions. (28 October 2020).

7.2. The Dubai Financial Services Authority is hosting a virtual event on 10 and 11 of November 2020 on RegTech called "Driving Compliance through innovation". The event will include discussions around how risk management can be made more efficient through automation, the impact of COVID-19 on regulatory compliance and the impact of digital transformation in the UAE. (21 October 2020)

7.3. The FCA has opened applications for their 'Regulatory Sandbox - cohort 7'. Cohort 7 of the regulatory sandbox is open to authorised and unauthorised firms and technology businesses that are looking to test their ideas on consumers. The applications are open until 31 December 2020. (5 October 2020)

8. Other

8.1. The European Systemic Risk Board has published the EU Non-bank Financial Intermediation Risk Monitor 2020. This examines the key structural risks and vulnerabilities that affect EU Non-bank financial intermediators, which account for 40% of the EU financial system. The cyclical risks identified include a sharp contraction of economic activity in Europe, rising indebtedness, increased share of negative yielding assets and subdued liquidity coupled with increased volatility in certain markets. The key structural risks highlighted were increased risk-taking, higher levels of interconnectedness between institutions and greater use of derivatives and securities to finance transactions. (21 October 2020)

About Simmons & Simmons’ FinTech team

The FinTech Monthly Bulletin is prepared by the FinTech team of Simmons & Simmons.

Since its emergence into the mainstream, the FinTech sector has captured the interest and imagination of entrepreneurs, investors, governments and regulators, not to mention financial institutions and asset managers. We understand the opportunities and challenges that lie at the heart of the FinTech revolution and advise clients navigating the novel legal and regulatory issues that frequently arise.

Our market leading FinTech team combines specialist expertise across practices and offices with insights resulting from a focus on the TMT, Financial Institutions, and Asset Management and Investment Funds sectors.

Our clients range from early stage start-ups to some of the world’s largest financial institutions and technology providers. We also advise clients partnering with or investing in FinTech firms as well as financial institutions and asset managers developing their own FinTech solutions.

We support clients across a broad range of FinTech matters including crowdfunding, payments, cryptoassets, distributed ledger technology, InsurTech and RegTech, and we are interested in all areas of financial technology innovation.

If you would like to find out more about our FinTech team or require advice on a FinTech matter, please contact one of our lawyers at this link or your usual Simmons & Simmons contact.