ICO News

Global Payments Newsletter, September 2021 – Lexology

Key developments of interest over the last month include:

  • El Salvador: Bitcoin becomes legal tender
  • European Union: European Commission proposes Path to the Digital Decade to deliver EU’s digital transformation by 2030
  • Global: Four central banks partner with BIS to trial CBDC for cross-border payments

In this Newsletter:

For previous editions of the Global Payments Newsletter, please visit our Financial Services practice page.

Regulatory Developments

El Salvador: Bitcoin becomes legal tender

On 7 September 2021, it was reported that bitcoin had become legal tender in El Salvador. El Salvador is the first country in the world to adopt the cryptocurrency as legal tender. The initiative got off to a difficult start; El Salvador’s government was forced to buy an additional $7 million worth of bitcoin to stabilise the cryptocurrency’s price, and credit rating agency Moody’s downgraded El Salvador’s creditworthiness.

El Salvador’s President Bukele is an advocate of the policy, believing that it will save $400 million a year in commission fees, and give access to financial services to people with no bank account.

On 6 September 2021, the day before the El Salvadorian change of law, it was reported that the Republic of Panama had introduced a bill on cryptocurrency regulation. Under the proposed bill, Panama would recognise crypto payments as an alternative payment method for all transactions.

On 12 September 2021, it was reported that Ukraine is also considering making bitcoin legal tender.

European Union: European Commission proposes Path to the Digital Decade to deliver EU’s digital transformation by 2030

On 15 September 2021, Ursula von der Leyen, President of the European Commission, gave her second State of the Union speech and presented new initiatives, one of which was the adoption of a proposal for a Decision of the European Parliament and of the Council establishing the 2030 Policy Programme “Path to the Digital Decade”.

The intention is that the proposed Path to the Digital Decade will translate the EU’s digital ambitions for 2030 into a concrete delivery mechanism. It will set up a governance framework based on an annual co-operation mechanism with member states to reach the 2030 Digital Decade targets at Union level in the areas of digital skills, digital infrastructures, digitalisation of businesses and public services. It also aims to identify and implement large-scale digital projects involving the Commission and the member states.

Key points include:

  • The COVID-19 pandemic highlighted the central role that digital technology plays in building a sustainable and prosperous future.
  • The Path to the Digital Decade aims to build on the Commission’s 2030 Digital Compass Communication of March 2021.
  • Digital progress in the member states has been very uneven in the last few years, so the Path to the Digital Decade aims to enable structured co-operation to work collectively towards agreed objectives, while recognising different starting points among member states. The Commission proposes to engage in an annual co-operation mechanism with member states that will, among other things, consist of:
    • A structured, transparent and shared monitoring system based on the Digital Economy and Society Index (DESI) to measure progress towards each of the 2030 targets, including key performance indicators.
    • An annual report on the “State of the Digital Decade”, in which the Commission will evaluate progress and provide recommendations for actions.
    • Multiannual digital decade strategic roadmaps for each member state, in which they will outline adopted or planned policies and measures in support of the 2030 targets.

In parallel, the Commission is working on finalising the proposal for a joint “Declaration on Digital Principles” by the European Parliament, the Council and the Commission to ensure European values and rights are reflected in the digital space.

On 16 September 2021, an Opinion of the European Economic and Social Committee (EESC) on the 2030 Digital Compass Communication from the Commission was published in the Official Journal of the European Union. The EESC salutes the initiative and the aim to use digital technologies to improve citizens’ lives, create more jobs, facilitate progress and enhance European competitiveness.

Global: Four central banks partner with BIS to trial CBDC for cross-border payments

The Bank of International Settlements (BIS) is working with the central banks of Australia, Malaysia, Singapore and South Africa to test the use of central bank digital currencies (CBDC) in cross-border settlements. The aim of the project is stated as being “to develop prototype shared platforms for cross-border transactions using multiple CBDCs, allowing financial institutions to transact directly with each other in the digital currencies, eliminating the need for intermediaries and cutting the time and cost of transactions.”

It is not yet clear whether the relevant distributed ledgers will be public networks, or internal central bank networks.

United Kingdom: FCA issues warning on SCA

In its August 2021 Regulation round-up, the FCA has warned that it will take action against firms who fail to offer appropriate means of strong customer authentication (SCA). The update refers firms to paragraph 20.21 of its Payment Services and Electronic Money Approach Document, and the requirements of the Equality Act 2010.

In addition, the update highlights that firms must consider the needs of vulnerable customers, and those who do not have a mobile phone.

United Kingdom: FMLC to consider legal issues surrounding DLT

At a meeting on 29 July 2021, the Financial Markets Law Committee (FMLC) reported that it had been contacted by HM Treasury to arrange a meeting between HM Treasury, the FCA and the Bank of England to discuss the legal issues surrounding the adoption of distributed ledger technology (DLT).

In particular, the FMLC’s input is being sought on whether the UK’s legal and regulatory framework is sufficiently technology neutral for DLT transactions and what legal barriers exist to setting up DLT infrastructure in the UK.

European Union: ECON publishes report on proposed DLT pilot regime Regulation

On 17 August 2021, the European Parliament’s Economic and Monetary Affairs Committee (ECON) published its report on the proposed Regulation on a pilot regime for market infrastructures based on distributed ledger technology (DLT) (2020/0267(COD)). ECON voted to adopt the report, which was prepared in July 2021.

The proposed DLT pilot regime is designed to allow for experimentation on the use of DLT in market infrastructures. The hope is that it will allow companies to identify areas where changes to existing legislation may be needed for DLT.

In the report, ECON suggests a number of amendments to the proposed Regulation. In particular:

  • Financial instruments serviced by the DLT market should be limited and subject to revised value thresholds for shares, bonds, exchange-traded funds and UCITS. DLT operators will only be permitted to admit new financial instruments until their total market value reaches EUR5 billion.
  • DLT market infrastructures and their operators should put in place sufficient safeguards to ensure that investors are protected.
  • ESMA should have a direct supervisory mandate for granting permissions and exemptions to a DLT market infrastructure. ESMA should also publish annual interim reports relating to trends, risks, and vulnerabilities.

United Kingdom: FSB publishes framework for information from FMI intermediaries

On 20 August 2021, the Financial Stability Board (FSB) published a framework for information from financial market infrastructure (FMI) intermediaries to support resolution planning that relates to the continuity of access to FMI services for firms in resolution. For the purposes of the framework, FMI intermediaries are banks or other licensed firms that provide clearing, payment, securities settlement or custody services for other firms.

The framework sets out the minimum information which FMI intermediaries should cover in their contingency planning and that they may need to obtain from, or discuss with, their intermediaries. Use of the framework is voluntary.

In particular, the framework covers information relating to the FMI services provided, suspension and termination rights, the FMI services provided by the intermediary, and the resolution phase.

Linked to this, on 21 August 2021 the FSB published a revised questionnaire on continuity of access to FMIs for firms in resolution. In particular, the questionnaire covers general information on the FMI and its legal structure, provisions regarding termination and arrangements and processes to facilitate continued access in resolution. The purpose of the questionnaire is to assist authorities and firms in their implementation of the FSB’s July 2017 guidance on continuity of access to FMIs for a firm in resolution.

United Kingdom: FCA decides not to incorporate EBA view on SCA inherence in Payment Services Approach Document

On 20 August 2021, the FCA updated its strong consumer authentication (SCA) webpage to include an update on its view on the EBA’s view on inherence for the purposes of SCA as set out in its opinion published in June 2019.

The FCA consulted (CP21/3) on whether to amend its Payment Services and Electronic Money Approach Document to reflect the EBA’s view on inherence. Having considered consultation responses, it has chosen not to incorporate the EBA’s view of inherence in the Approach Document. The FCA will publish its rationale for this decision and a summary of consultation responses in a Policy Statement later in 2021.

The FCA also reminds firms that they must ensure that any individual SCA inherence solution they use complies with regulatory requirements, including Article 8 of the FCA’s Technical Standards for Strong Customer Authentication.

United Kingdom: FCA provides information on phase two of Digital Sandbox initiative

On 10 August 2021, the FCA updated its website with further information on the second phase of its Digital Sandbox initiative. The purpose of this ‘sustainability cohort’ of the Digital Sandbox is to support the testing and development of new products and services in the area of environmental, social, and governance (ESG) data and disclosure.

Applications for the Digital Sandbox are open until 11 October 2021, and will be assessed on the following criteria:

  • Genuine innovation: The solution/product is sufficiently different from what already exists in the market.
  • In scope: The solution would benefit UK consumers or financial services firms from an ESG perspective. A company doesn’t need to be domiciled in the UK, but their solution needs to be intended for use in the UK market.
  • Need for a Digital Sandbox: The solution requires Digital Sandbox features to be developed or improved.
  • Credible testing plan: The application has proposed a well-designed testing plan, detailing success criteria and future steps.

United Kingdom: FCA launches Green FinTech Challenge 2021

On 6 September 2021, the FCA announced that the application window for the Green FinTech Challenge 2021 had opened. The Challenge builds on the success of the pilot Green FinTech Challenge in 2018. The purpose of the initiative is to support the development and testing of new products and services which will aid the transition to a net zero economy, by making a number of FCA support services available to eligible firms.

The FCA is particularly interested in firms which are developing ESG innovations, and gives as examples of this products which will:

  • Enable transparency in disclosure and reporting on sustainability by companies along the investment chain.
  • Help consumers better understand the ESG characteristics of relevant products and providers they engage with, as well as provide visibility around alternatives aligned with their needs and preferences.

The deadline for applications is 15 November 2021. Successful applicants will be notified in early 2022, and a list of successful Green FinTech Challenge firms will be published on the FCA’s website.

Also on 6 September 2021, the FCA published a webpage explaining how its Green FinTech Challenge and Digital Sandbox are different (see also the separate item on the Digital Sandbox above).

Global: BIS proposes an enhanced global real-time payments network

On 28 July 2021, the Bank for International Settlements (BIS) issued a press release in which it announced a blueprint for enhancing global payments network connectivity via multilateral linkages of countries’ national retail payment systems.

According to the press release, the blueprint was developed through consultation with central banks and financial institutions across the world, and builds on the pioneering bilateral linkage between Singapore’s PayNow and Thailand’s PromptPay, launched in April 2021. It also benefits from the experience of the National Payments Corporation of India’s (NPCI) development and operation of the Unified Payments Interface (UPI) system.

The project, named Project Nexus, comprises two main elements:

  • “Nexus Gateways”, to be developed and implemented by the operators of participating countries’ national payment systems. These will serve to coordinate compliance, foreign exchange conversion, message translation and the sequencing of payments among all participants. These gateways will be predicated on a common set of technical standards, functionalities and operational guidelines set out within the proposal.
  • An overarching “Nexus Scheme” that sets out the governance framework and rulebook for participating retail payment systems, banks and payment service providers to coordinate and effect cross-border payments through the network.

United Kingdom: Contactless limit to increase to £100 from 15 October 2021

On 27 August 2021, UK Finance announced that the national roll-out of the new £100 spending limit for contactless payments in the UK will start on 15 October 2021. The current limit is £45.

United Kingdom: FCA responds to Treasury Select Committee questions on approach to frozen bank accounts

On 9 August 2021, the Treasury Select Committee published a letter dated 29 July 2021 which it had received from the FCA in relation to reports about banks freezing the bank accounts of vulnerable customers.

The letter is in response to a previous letter from the Treasury Select Committee to the CEO of the FCA requesting information on its approach to frozen bank accounts (as reported in the August 2021 edition of this Newsletter).

In particular, the FCA’s letter notes that:

  • The FCA is not aware of a sector-wide problem of banks freezing accounts for no reason.
  • The FCA expects banks not to freeze accounts unnecessarily, and for banks to carry out any investigation in good time.
  • To the extent possible, banks should communicate concerns to customers.
  • Banks should communicate any decision to withdraw banking services clearly to the relevant customer, and set out reasons for this action.
  • The FCA does not expect all firms to have the same standards, but to act in a manner that is proportionate, risk-based and in line with its principles.

European Union: European Commission extends deadlines for feedback on AML/CTF legislative proposal consultations

The European Commission has extended the deadlines for feedback for the following legislative proposals relating to anti-money laundering (AML) and counter-terrorist financing (CTF):

  • Regulation on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing (COM(2021)420) (AML Regulation).
  • Regulation establishing a new EU AML and CFT authority, the AML Authority (AMLA) (COM(2021)421) (AMLA Regulation).
  • Directive on the mechanisms to be put in place by the member states for the prevention of the use of the financial system for the purposes of money laundering or terrorist financing and repealing Directive (EU) 2015/849 (COM(2021)423) (MLD6).
  • Regulation on information accompanying transfers of funds (2015/847/EU) to allow tracing of transfers of cryptoassets (COM(2021)422) (recast revised WTR).

The new deadline is 16 November 2021.

India: Cryptocurrency bill thought to be imminent

On 17 August 2021, it was reported that the Indian government is preparing to introduce a cryptocurrency bill. Under the terms of the bill, cryptocurrency will not be accepted as legal tender, but will be recognised as a tradeable asset class with its own market. The bill is also expected to shed light on the tax treatment of cryptocurrency.

China: SAMR publishes draft rules on competition and announces increased supervision of P2P

On 17 August 2021, it was reported that China’s State Administration for Market Regulation (SAMR) had issued draft regulations banning unfair competition, following increased concern from Beijing about the risk of technology firms abusing their dominant positions. In particular, the draft regulations specify that internet operators “must not implement or assist in the implementation of unfair competition on the Internet, disrupt the order of market competition, affect fair transactions in the market”.

In addition, on 30 August 2021 it was reported that SAMR plans to increase its monitoring of the country’s peer-to-peer economy.

Nigeria: Central Bank announces digital currency plans

On 30 August 2021, the Central Bank of Nigeria announced that it had engaged fintech company Bitt Inc as Technical Partner for its digital currency, eNaira, which is due to be unveiled later this year. It comes amid reports that the Central Bank of Nigeria has sent a document to Nigerian banks detailing the design of the eNaira.

Italy: New tax incentives for electronic payment instruments introduced

With the aim of fostering the adoption of electronic payment instruments, the Italian legislature has recently amended Article 22 of Law Decree No. 124/2019 to provide that suppliers of goods or services to consumers may obtain a tax credit to cover all fees accrued between 1 July 2021 and 20 June 2022 in relation to the adoption of:

  • Electronic payment instruments allowing electronic storage and telematic transmission of daily proceeds data.
  • Electronic payment instruments facilitating the storage, inalterability and security of the data.

For more information on this development, take a look at this Engage article by members of Hogan Lovells’ Rome office.

United Kingdom: DCMS announces plans to reform UK data protection regime

On 9 September 2021, the UK government’s Department for Culture, Media and Sport (DCMS) published a press release setting out government plans to reform the UK’s data protection laws. On 10 September, the DCMS opened a consultation on the changes.

The consultation paper includes a detailed and comprehensive set of suggested amendments to the UK GDPR, Data Protection Act 2018, and Privacy and Electronic Communications Regulations (PECR), with the cumulative effect resulting in a potentially major overhaul of existing standards. These proposals form part of the UK’s wider strategic plan to reform current regulations following its departure from the European Union.

In summary, some of the most significant proposals include:

  • Accountability and governance: DCMS is proposing substantial modifications to current accountability standards.
  • Data breach reporting: Due to concerns about over-reporting of personal data breaches, DCMS is contemplating changing the test for when such breaches need to be reported to the UK ICO.
  • Lawful grounds for processing: Several amendments could be made to the existing rules governing the lawful grounds for processing.
  • International data transfer mechanisms: DCMS is looking to make the existing rules governing transfers of personal data from the UK to third countries more “proportionate, flexible and interoperable”.
  • Adequacy decisions: Consistent with DCMS’ recent announcement on its plans to increase trade through global data partnerships (see the separate item on this, below), the consultation paper outlines the ambition to be “the world’s most attractive data marketplace.” This will likely be underpinned by a more risk-based and proactive approach to the granting of adequacy decisions, which will permit the free flow of data to the relevant third countries.
  • Artificial intelligence: Taking into account the growing interest in regulating artificial intelligence and other algorithmic systems, DCMS outlines a series of potential reforms that could be introduced with respect to the use of personal data in such contexts.
  • Data subject access requests: DCMS has proposed the re-introduction of a nominal fee that has to be paid by data subjects prior to making a subject access request, and organisations may be able to cap the costs they have to incur in responding to a DSAR and refuse vexatious requests made by data subjects.
  • Role of the UK ICO: DCMS intends to take a more interventionist approach to managing the role and strategic vision of the UK ICO.

The consultation closes on 19 November 2021.

For more information on the proposals, take a look at this Engage article by Hogan Lovells’ Privacy and Cybersecurity team.

United Kingdom: DCMS launches UK’s post-Brexit data plans

In a press release dated 26 August 2021, the UK government’s Department for Digital, Culture, Media and Sport (DCMS) announced that it is launching a package of measures aimed at helping the UK to “seize the opportunities of data to boost growth, trade and improve its public services”.

The announcement lists the first territories with which the UK government will seek “data adequacy” partnerships now that it has left the EU. The list includes the US, Australia, the Republic of Korea and Singapore. The new partnerships will build on the existing 42 adequacy arrangements the UK has in place with countries around the world. The UK was not able to enter into bilateral data adequacy agreements while it was a member of the EU.

The announcement also names John Edwards as the government’s preferred new Information Commissioner. The government also hopes to expand the role of Information Commissioner to go beyond the regulator’s traditional role of focusing only on protecting data rights, to include a clear mandate to take a balanced approach that promotes further innovation and economic growth. Edwards’ appointment was approved by MPs on 10 September 2021.

China: Personal Information Protection Law passed

On 20 August 2021, China passed the Personal Information Protection Law (PIPL), which will take effect on 1 November 2021. An unofficial English translation is available here.

Organisations will be expected to implement firm-wide policies and procedures that set standards for data management practices. In particular, the law provides for:

  • Extraterritorial application: Most of China’s existing laws regulating the use of data in China have a domestic focus. The PIPL tracks the EU GDPR’s extraterritorial application in cases where offshore data processing activities are (i) for the purpose of providing services or products to individuals in China, or (ii) analysing or evaluating the activities of individuals in China. The PIPL also allows for further extensions of extra-territoriality, where laws or administrative regulations stipulate that this is the case.
  • Regulation of cross-border transfers of personal data: The PIPL aims to resolve longstanding uncertainty as to the regulation of cross-border transfers of personal data from China.
  • Legal basis for processing of personal information: The PIPL takes consent as the principal basis for processing personal data, subject to limited exemptions.
  • Regulation of sensitive personal data: The PIPL sets out a number of requirements for the processing of sensitive personal data.
  • Accountability: Personal Information Processors are required to adopt a number of measures aimed at ensuring internal accountability, including formulating internal management structures, running training for employees and preparing security incident response plans.
  • Mandatory data breach notification obligation: The PIPL requires organisations to immediately take remedial measures and notify relevant competent authorities and impacted individuals of potential or actual data breaches.

It is anticipated that the authorities will supplement the PIPL with more detailed administrative measures necessary to fill in key details. For example, the Cyberspace Administration of China (CAC) is expected to issue standard contractual clauses for international data transfers.

Further information from Hogan Lovells’ China and Hong Kong offices is available in an Engage article here.

Japan: Official Guidelines issued for upcoming data privacy law amendments

On 3 August 2021, Japan’s Personal Information Protection Commission (PPC) published its Guidelines on the 2020 amendments to Japan’s Act on the Protection of Personal Information (APPI). The amendments aim to strengthen penalties, introduce mandatory reporting of certain breaches, strengthen the extraterritorial application of the APPI, and expand the scope of data that is protected under the APPI. With the exception of the amendments on strengthening penalties, these amendments are not due to come into force until 1 April 2022.

The Guidelines contain a number of clarifications in relation to:

  • Mandatory breach reporting;
  • The two new categories of information introduced by the 2020 amendments, namely “Pseudonymously Processed Information” and “Personally Referable Information”;
  • Data transfer obligations; and
  • Expanded rights of data subjects under the 2020 amendments.

Further information from Hogan Lovells’ Tokyo office is available in an Engage article here.

Global: ICO releases summary of discussions between G7 data protection authorities

On 7 and 8 September 2021, the G7 data protection and privacy authorities participated in a virtual meeting themed as “Data Free Flow with Trust”. A summary of the key points raised on the topics discussed and confirmation of the members’ commitment to work together on specific data privacy issues is set out in a communique released by the ICO after the meeting.

Some outcomes from the meeting include:

  • Initiating a dialogue between regulatory authorities, technology providers, developers, designers and consumers to examine how technology can help deliver the twin goals of a more privacy-oriented internet and maintaining the principle of establishing an informed and meaningful prior consent online.
  • A commitment to work with their respective governments to develop a framework for the cross-border transfer of personal data and co-operation between G7 data protection authorities. This would be based on shared networks and pooling experiences of practices developed in the governance of emerging technologies. Towards this same goal, the members also agreed to collaborate on identifying opportunities for greater enforcement and regulatory co-operation among G7 data protection and privacy authorities, and redesigning remedies appropriate for the Digital Age.
  • Assuming a key role in ensuring artificial intelligence (AI) is designed and deployed in line with data protection laws, which will include exchanging intelligence and expertise on novel applications of artificial intelligence and opening discussions on the principles that should govern the responsible development of AI.

It was also agreed that the same forum will reconvene next year, to be hosted by the BfDI (the German data protection authority), when Germany assumes the G7 presidency.

Germany: Federal Cabinet adopts Strategy for Cybersecurity 2021

On 8 September 2021, the German Federal Cabinet adopted the new Strategy for Cybersecurity 2021 presented by the Federal Ministry of the Interior, Building and Community (Bundesministerium des Inneren, für Bau und Heimat, BMI).

The new Strategy for Cybersecurity replaces the 2016 Strategy for Cybersecurity and describes the fundamental orientation of the Federal Government’s cybersecurity policy for the next five years.

It is the goal of the new strategy for cybersecurity to enable citizens to continue using digital technologies securely, freely and in a self-determined manner. The aim is to strengthen the digital sovereignty of the state, the economy, science and society, in particular through a high level of cybersecurity, i.e. the “abilities and possibilities of individuals and institutions to exercise their role(s) in the digital world independently, self-determinedly and securely”.

For the first time, the new Strategy provides for concrete guidelines, measures and goals by means of which, according to the BMI, the challenges and risks of a digitalised world with technologies such as artificial intelligence and networked devices are to be mastered. The BMI declares cybersecurity to be a task for society as a whole. The addressees of the new Strategy are in equal measure the state, the economy, science and society.

For more information, take a look at this Engage article by Hogan Lovells’ Munich office.

United Kingdom: UK Finance publishes report on payment standards coordination

On 11 August 2021, UK Finance’s Payment Standards Strategy Group (PSSG) published a report containing recommendations to enable better co-ordination between payment standard providers and their respective communities.

The report highlights the need for a new approach to payment standards coordination, and to this end the PSSG proposes a series of specific short-term deliverables:

  • Creating a Payments Standards Navigation Map, outlining the standards governance landscape.
  • Creating a portal for payments standards links and engagement, hosted for the industry and widely accessible.
  • Identifying best practice for creation/development of standards.
  • Identifying where the market needs best practice and implementation guidelines and creating them with others.
  • Extending existing standards meetings to broader participants such as indirect participants, vendors and end users.
  • Documenting a strategic payments standards industry roadmap, and proactively identifying strategic common interests and outcomes.

United Kingdom: DCMS publishes research into data foundations and AI adoption

On 16 August 2021, the UK government’s Department for Digital, Culture, Media and Sport (DCMS) published research conducted by EY entitled Data foundations and AI adoption in the UK private and third sectors. “Data foundations” is defined for the purposes of the report as data which is (i) fit for purpose, (ii) recorded in standardised formats on modern, future-proof systems, and (iii) findable, accessible, interoperable and reusable (FAIR). The DCMS commissioned the research in order to inform its goal of building a world-leading digital economy in the UK.

In a summary document also published on 16 August, the DCMS set out six key findings from the report:

  • Organisations overwhelmingly recognise the importance of data to their success.
  • The adoption of data foundations appears to be relatively widespread.
  • Solid data foundations appear to be a necessary condition for AI adoption.
  • Current challenges will continue into the future.
  • A majority of organisations have either adopted AI or plan to.
  • Large private sector organisations are leading the way on AI adoption.

Of particular note is the finding that 99% of participating organisations thought that data is important to their success.

United Kingdom: CLLS responds to call for evidence and consultation on digital assets and electronic trade documents

On 18 August 2021, the City of London Law Society (CLLS) published its response to the Law Commission’s call for evidence on digital assets and its consultation on electronic trade documents.

The digital assets call for evidence asked for views on how digital assets are used, treated and dealt with by market participants and about how the law might accommodate digital assets now and in the future, and also where the law might be inhibiting particular use cases, innovation or development.

The electronic trade documents consultation asked for views on a draft Bill setting out the provisional proposals allowing for electronic trade documents to be “possessed”, provided they satisfy certain criteria. The draft Bill also contains provisions to ensure that electronic trade documents could have the same legal effects as their paper counterparts.

Looking at the two documents together, the CLLS argues that any legislative reform to the concept of possession should be approached cautiously, and notes in particular that many of these issues have been resolved in analogous contexts and markets. The CLLS is also concerned with any proposal to extend the concept of possession to digital assets, and considers that lessons could be learnt from looking at the operation of the UK money markets and the Image Clearing System.

United Kingdom: Regulatory Horizons Council publishes report on technological innovation

On 19 August 2021, the Regulatory Horizons Council (RHC) published a report entitled The Future of Technological Innovations and the role of Regulation. The RHC is an independent expert committee administered by the UK government’s Department for Business, Energy and Industrial Strategy (BEIS). Its role is to advise the government on the implications of technological innovation and the regulatory reform required to support it. The report is in two parts, with the first highlighting strategic issues raised by interviewees, and the second providing commentary and reflections from interviewees on specific technologies.

In particular, the report contains discussion of distributed ledger technology (DLT). Interviewees were generally optimistic about the potential uses of DLT, and noted the application of the technology in sectors including finance, data integrity, and tackling fraud. However, interviewees had varying levels of confidence and foresight regarding the ways that DLT could be used in future. In particular, cryptocurrency was cited as highlighting the challenges that DLTs can bring. On the whole, however, interviewees saw DLTs as having an important role in years to come.

Another key insight was that the COVID-19 pandemic has accelerated the transition to a cashless society, and precipitated an increased use of cryptocurrencies. This is something that the UK will need to consider too in coming years.

United Kingdom/Afghanistan: FCA warns firms of the risk of financial crime

On 31 August 2021, the FCA published a statement warning of financial crime risks linked to Afghanistan. Firms should be aware that the recent change of government may have an impact on patterns of financial activity into, and out of, Afghanistan.

United Kingdom: FCA warns of risks of token regulation

On 6 September 2021, Charles Randell, Chair of the FCA, made a speech highlighting the risks of digital token regulation, emphasising in particular the need for careful thought to create an effective regulatory regime. Mr Randell highlighted three issues in particular which legislators will need to focus on:

  • How to make it harder for digital tokens to be used for financial crime.
  • How to support useful innovation.
  • The extent to which consumers should be free to buy unregulated, purely speculative tokens and to take responsibility for their decisions to do so.

In the meantime, he also set out two areas in which regulators should take shorter term action:

  • There is a need for cryptoasset promotions to be regulated. In particular, Mr Randell highlighted the fact that a large proportion of people believe that speculative tokens are already regulated.
  • There is a risk of contagion of the regulated business of authorised firms by unregulated activities in digital tokens, and this can pose a threat to the prudential soundness of authorised firms.

Mr Randell concluded by saying that regulators need to strike the right balance between fostering innovation, providing an appropriate level of protection and allowing individuals freedom to take decisions for which they are responsible.

United Kingdom: Bank of England sets out 2021/22 RTGS and CHAPS strategy

On 6 September 2021, the Bank of England published its annual report on the Real-Time Gross Settlement (RTGS) system and the Clearing House Automated Payment System (CHAPS).

The Bank’s main focus looking ahead is on preparing for RTGS renewal and to increase resilience, widen access, encourage innovation and interoperability, and improve user function. It also has a number of more specific aims:

  • To unlock wider benefits through how data is populated and used. The Bank has published market guidance for property payments and is working on guidance for corporate payments. Testing for the ISO 20022 changes has started and the Bank believes this should pave the way for the next generation of payments infrastructure.
  • For the core ledger, the Bank plans to complete design activity around settlement, liquidity management and account structure functionality, with industry input. The Bank hopes that this will support greater competition and innovation, and notes that it is already seeing interest from some parties to join CHAPS in 2024 and beyond.
  • Before the end of the year, the Bank expects to consult on functionality for inclusion in Transition State 4 – a series of additional enhancements for the RTGS service. The renewed RTGS will be modular, with changes introduced in a more agile way. Areas under consideration include support for multiple message networks and other contingency options, additional API, extended operating hours, and synchronisation.

United Kingdom: House of Lords call for evidence on effectiveness of digital regulation

On 7 September 2021, the House of Lords Communications and Digital Committee published a call for evidence into the effectiveness of digital regulation, building on its report Regulating in a digital world which was published in March 2019. The March 2019 report found that regulators had failed to keep up with advances in digital technology, largely due to fragmentation between over a dozen regulators, each of which has some remit over the digital world. The Committee therefore recommended the establishment of a Digital Authority to coordinate between digital regulators.

The Committee plans on holding an inquiry into the work of digital regulators, and has asked for written answers from contributors to the following questions before that:

  • How well co-ordinated is digital regulation? How effective is the Digital Regulation Co-operation Forum?
  • Do regulators have the powers and capabilities, including expertise, to keep pace with developments? What is the appropriate balance between giving regulators flexibility and providing clarity in legislation?
  • How effective is digital regulators’ horizon scanning? How could this be improved?
  • How effective is parliamentary oversight of digital regulation?
  • What is your view of the Committee’s proposal in Regulating in a digital world for a ‘Digital Authority’, overseen by a joint committee of Parliament?
  • How effectively do UK regulators co-operate with international partners? How could such co-operation be improved?
  • Are there any examples of strategic approaches to digital regulation in other countries from which the UK could learn?

The deadline for answers is 22 October 2021.

United States: FRB publishes fintech due diligence guide for community banks

On 27 August 2021, the Federal Reserve Board (FRB), the Federal Deposit Insurance Corporation (FDIC) and the Office of the Comptroller of the Currency (OCC) jointly published a guide entitled Conducting Due Diligence on Financial Technology Firms: A Guide for Community Banks. The guide is intended to be a resource for community banks (defined as banks with $10 billion or less in consolidated assets) when performing due diligence on prospective relationships with fintech companies. Use of the guide is voluntary.

Publication of the guide comes amid growing understanding of the benefits to banks of outsourcing to, or partnering with, fintech companies in a number of areas. However, such partnerships also carry risks, and the guide focuses on six key due diligence topics which community banks should consider before entering these partnerships:

  • Business experience and qualifications: The guide explains that evaluating a fintech company’s business experience, strategic goals, and overall qualifications allows a community bank to consider a fintech company’s experience in conducting the activity and its ability to meet the bank’s needs.
  • Financial condition: It is important to look at a fintech’s financial sustainability.
  • Legal and regulatory compliance: It is important to look at a fintech’s legal and regulatory compliance and its experience working within a legal and regulatory framework.
  • Risk management and controls: A community bank should look at a fintech’s risk processes and policies, compare these to the bank’s risk appetite and ensure that they are compliant with any regulatory requirements.
  • Information security: It is particularly important for a community bank to assess a fintech’s information security processes, as the fintech may be handling the bank’s customer data.
  • Operational resilience: The exact nature of these checks will depend on the nature of the community bank’s partnership with the fintech, but it is important that a fintech is able to continue operations through disruptions.

Mauritius: New fintech regulations introduced

On 5 August 2021, The Finance (Miscellaneous Provisions) Act 2021 was gazetted in Mauritius. It is hoped that the Act will help to establish Mauritius as a fintech hub.

In particular, the Act:

  • Introduces regulatory sandbox authorisations; and
  • Establishes a fresh innovation hub and digital lab, aimed at supporting the further development of Mauritius’s fintech sector.

European Union: EBA publishes final report on revised guidelines on stress tests of deposit guarantee schemes

On 15 September 2021, the EBA published a final report (EBA/GL/2021/10) containing revised guidelines on stress tests conducted by national deposit guarantee schemes (DGSs) under the Deposit Guarantee Schemes Directive (2014/49/EU) (DGSD), together with the template for reporting results at Annex 1 to the final report.

Among other things, the revised guidelines:

  • strengthen the current DGS stress-testing framework by requiring DGSs to stress test their ability to perform all of the interventions they are legally mandated to perform. (the original guidelines only requested stress testing DGSs’ ability to reimburse depositors);
  • require DGSs to stress test their ability to access all of their funding sources, including extraordinary ex post contributions and alternative funding arrangements (irrespective of the amount of available ex ante funds collected by the DGSs);
  • encourage DGSs to choose stress-testing scenarios with additional business continuity challenges or circumstances that create extra stress, such as a pandemic, ICT failures or other similar events.

The deadline for DGSs to submit their next reporting template is 16 June 2024.

The revised guidelines apply from 15 September 2021, at which time the original guidelines are repealed.

United Kingdom: BoE publishes its approach to monitoring third country systems designated under UK Settlement Finality Regulations

On 14 September 2021, the Bank of England (BoE) published its approach to monitoring third country systems designated under the UK’s Settlement Finality Regulations 1999 (SI 1999/2979) (UK SFR).

Once a system, not subject to UK law, has been designated under the UK SFR, the BoE will monitor that the system continues to meet the requirements for designation which include the following:

  • A system must have at least three institutions participating in the system, unless otherwise determined by the BoE, and be a system through which transfer orders are effected.
  • A system must have adequate arrangements for the effective monitoring and enforcement of compliance with its rules.
  • A system operator must have financial resources sufficient for the proper performance of its functions.
  • A system operator must be able and willing to co-operate with the relevant UK supervisory and administrative authorities.
  • A system must have default arrangements, which are appropriate for that system in all the circumstances.

The BoE has also set out its requirements relating to the notification of certain changes and information gathering.

In the light of the UK’s withdrawal from the EU, the UK amended its legislation to enable third country central counterparties, central securities depositories and payment systems, which are not subject to UK law, to receive settlement finality designation within the UK. Any system previously covered by the EU’s Settlement Finality Directive (98/26/EC), that submitted an application for permanent designation by 30 June 2021, continues to benefit from the UK’s settlement finality protection under the temporary designation regime, which ends on 31 December 2023.

Payment Market Developments

China/Global: UnionPay International partners with Stripe

On 31 August 2021, it was announced that UnionPay International and Stripe are partnering in order to widen global access to the Chinese consumer market. The partnership will allow businesses in over 30 countries and across the European Union to accept payments from UnionPay cardholders globally.

United Kingdom: LayBuy launches buy-now-pay-later app

On 1 September 2021, it was reported that LayBuy has launched an app which will allow UK shoppers to pay in instalments at over 5,000 online stores, including Amazon, eBay, Asos and Nike. The app allows users to pay in six instalments, interest free.

United Kingdom: PayPal launches the ability to buy, hold and sell cryptocurrency in the UK

On 23 August 2021, PayPal announced the launch of a new service in the UK, which enables UK customers to buy, hold and sell cryptocurrency through PayPal. The service allows customers to use four types of cryptocurrency: Bitcoin, Ethereum, Litecoin and Bitcoin Cash. It also offers educational content on understanding cryptocurrency.

Global: Mastercard discontinues magnetic strips

On 17 August 2021, it was reported that Mastercard is starting the process of removing magnetic strips from its credit and debit cards. In some regions, strip-less cards will be issued as early as 2024, and by 2033 none of Mastercard’s debit or credit cards will have a strip.

United States: Fiserv to allow deposits into Venmo and PayPal accounts

On 18 August 2021, it was announced that Fiserv is expanding the digital pay-out options available to businesses via Carat, its omnichannel commerce ecosystem, to include payments to PayPal and Venmo. The aim of Carat is to enable clients to easily access pre-integrated solutions such as digital pay-outs through simple API access.

United Kingdom: Kroo receives UK banking licence

On 17 August 2021, it was reported that UK social banking start-up Kroo has received a restricted banking licence from the PRA and the FCA. The banking licence restricts the value of deposits that Kroo can hold to a total of £50,000, but it is expected that a full banking licence will be granted shortly.

United Kingdom: Moneyhub launches ‘Rent Recognition’ feature

On 1 September 2021, payments platform Moneyhub launched a ‘Rent Recognition’ feature on its app. The new feature makes it easy for Moneyhub to send anonymised details of rent payments to credit reference agencies, and so helps users to build up their credit score.

Global: Bitfinex launches U2F authentication

On 3 September 2021, Bitfinex, the crypto exchange company, announced that Universal 2nd Factor (U2F) authentication is being added to Bitfinex Pay as an authentication method for digital token payments. Users can now choose between using a U2F security key or Google Authenticator 2FA to verify payment invoices.

Singapore: Standard Chartered announces digital-only bank

On 6 September 2021, Standard Chartered announced a digital banking joint venture with NTUC Enterprise. Standard Chartered will have a 60% stake in the new bank, and NTUC will hold the remaining 40%. The move follows the launch of Standard Chartered’s digital bank in Hong Kong last year. The new joint venture will “focus on providing digital banking services, in line with Singapore’s efforts to digitalise its economy”.

Russia: Cryptex adds USD to bitcoin exchange to its service

On 8 September 2021, it was reported that Cryptex, the anonymous crypto exchange platform, is launching a USD to bitcoin exchange service. The service is free, and available through an app.

United States: UATP partners with BitPay to offer crypto payments

On 8 September 2021, Universal Air Travel Plan (UATP) announced that it is partnering with BitPay, the world’s largest provider of crypto payments, to allow UATP to accept payments using Bitcoin, Dogecoin, Ethereum, Litecoin and six other popular cryptocurrencies for travel.

United States: MVB partners with NYDIG to integrate bitcoin

On 8 September 2021, it was reported that MVB Bank and NYDIG are partnering to integrate bitcoin into MVB’s service. The partnership will allow MVB to offer clients bitcoin-related products powered by NYDIG’s full-stack platform.

Global: Euronet integrates PayPal QR code into point-of-sale solution

On 3 September 2021, it was reported that Euronet is expanding its use of PayPal QR codes in its point-of-sale solution. The functionality is already available in Germany. Customers using the system can pay by opening a QR code in their PayPal app and presenting it for scanning. The payment receiver scans the code and the amount to be paid is shown directly in the app. Then the customer selects their preferred payment method stored in their PayPal account, and confirms the payment on their smartphone. Both the customer and the payment receiver then immediately receive a confirmation of the transaction.

India: Google Pay to offer fixed deposits on its Indian platform

On 26 August 2021, it was reported that Google Pay is working on offering fixed deposits on its Indian platform, with help from Setu, an Indian start-up.

Surveys and Reports

European Union: Many EU citizens want more national-level financial services regulations

On 1 September 2021, Euronews published the results of a poll on the preferences of European citizens over who regulates their financial sector.

On the question of whether the EU and the ECB intervenes too much in national affairs:

  • A significant proportion of citizens in Greece (61%), Germany (34%) and Latvia (31%) believed the EU and ECB intervened “too much” in their country’s economy.
  • Respondents in Lithuania (41%), Spain (39%), Portugal (36%) and Estonia (36%) said the ECB intervened “the right amount”.

When asked where they thought that financial regulations should be determined, a majority of respondents in all 12 EU countries polled thought that they should be determined nationally, not at EU level.

The poll also asked respondents whether they would favour the adoption of a national cryptocurrency for the specific purpose of asserting monetary independence from the EU:

  • Italy (41%), Greece (40%), Estonia (39%) and Spain (37%) registered the highest support for the initiative.
  • The Netherlands was the only country where there were more opposed than in favour, and there was an even split in Germany.

United Kingdom: Study identifies widespread confusion about Open Banking in the UK

On 6 September 2021, it was reported that Ecommpay had released new data on public understanding of Open Banking in the UK. In particular, the data indicates that:

  • Almost half of consumers surveyed have some level of confusion about Open Banking.
  • Only 14% of UK consumers “completely understand” Open Banking.
  • 10% of business leaders don’t understand how Open Banking could help their business.
  • 36% of business leaders had not adopted Open Banking before 2021.

The data also indicates an age disparity in consumer understanding of what Open Banking is, with 40% of over-55s having “no idea” what Open Banking is.

Global: Cryptocurrency market will more than triple by 2030

On 24 August 2021, Allied Market Research published a report on the forecasted growth of cryptocurrency. The key findings from the report are that:

  • The compound annual growth of the global cryptocurrency market will be 12.8% between 2021 and 2030.
  • In monetary terms, this means that the value of the global market can be expected to hit $5bn in 2030, up from $1.5bn in 2020.
  • The main driver of this growth, according to the report, will be attributable to the increase in demand for international remittances and more transparency in global payment systems.

The report predicts growth to be highest in the Asia-Pacific region.


Leave a Reply

This website uses cookies. By continuing to use this site, you accept our use of cookies.