In this Newsletter:
For previous editions of the Global Payments Newsletter, please visit our Financial Services practice page.
STOP PRESS: On 25 May 2022 the UK Financial Services Regulatory Initiatives Forum published the fifth edition of its Regulatory Initiatives Grid, providing detail on the timing of initiatives over a 24-month horizon. The Forum’s members are the Bank of England (including the PRA), the FCA, the Payment Systems Regulator, the Competition and Markets Authority, the Financial Reporting Council, The Pensions Regulator and the Information Commissioner’s Office. HM Treasury attends as an observer member. For more on this development, take a look at this Engage article by members of Hogan Lovells’ London office.
United Kingdom: Queen’s Speech 2022 announces forthcoming Financial Services and Markets Bill
Among the legislation announced in the Queen’s Speech on 10 May 2022 was a Financial Services and Markets Bill. According to a government press release, the Bill delivers on the ambitious vision for the financial services sector set out by the Chancellor of the Exchequer at Mansion House last year. It builds on the Financial Services Act 2021, which was the first step in amending the UK’s regulatory regime outside of the EU. The main elements of the Bill are:
- Revoking retained EU law on financial services and replacing it with an approach to regulation that is designed for the UK.
- Updating the objectives of the financial services regulators to ensure a greater focus on growth and international competitiveness.
- Reforming the rules that regulate the UK’s capital markets to promote investment.
- Ensuring that people across the UK continue to be able to access their own cash with ease.
- Introducing additional protections for those investing in or using financial products, and to make it safer and support the victims of scams (as to which, see also the item below on the related HM Treasury policy paper on how the government and the Payment Systems Regulator intend to improve authorised push payment (APP) scam reimbursement, also published on 10 May 2022).
More details will be available when the Bill is formally introduced to Parliament.
Other proposed legislation announced in the Queen’s Speech included:
- a Retained EU Law Bill (also known as the Brexit Freedoms Bill) to create new powers to strengthen the ability to amend, repeal or replace retained EU law by reducing “the need to always use primary legislation to do so”, and modernising the UK’s approach to making regulations; remove the supremacy of retained EU law over UK law and ensure that EU-derived law no longer takes priority over Acts of Parliament; and clarify the status of retained EU law in UK law;
- a Digital Markets, Competition and Consumer Bill which will, among other things, create new competition rules for digital markets and the largest digital firms and reform the consumer protection regime by tackling subscription traps and fake reviews and giving more power to the CMA to determine when there has been a breach of consumer law and to issue monetary penalties;
- a Data Reform Bill to reform the UK’s data protection regime post-Brexit, including designing a more flexible, outcomes-focused approach to data protection that helps create a culture of data protection, rather than “tick box” exercises; and
- an Economic Crime and Corporate Transparency Bill which will further strengthen powers to tackle illicit finance, reduce economic crime (including money laundering and fraud) and help businesses grow. Additionally, the Bill will enable businesses in the financial sector to share information more effectively to prevent and detect economic crime. It will also create powers to move quickly and easily seize and recover cryptoassets, which are the principal medium used for ransomware. The creation of a civil forfeiture power will mitigate the risk posed by those who cannot be criminally prosecuted but use their funds to further criminality.
The Background Briefing Notes on the proposed legislation announced in the Queen’s Speech have also been published.
European Union: European Commission consultations and calls for evidence on PSD2 review and open finance
On 10 May 2022, the European Commission launched a public consultation on PSD2 and open finance, aiming to assess the effectiveness, efficiency, costs and benefits, coherence, and EU added value of PSD2. Calls for evidence on related impact assessments for potential legislative initiatives have also been published, as well as targeted consultations on the PSD2 review and on open finance.
Consultation on PSD2 review and open finance
The public consultation, which is in questionnaire format, is specifically designed for respondents that have minimum technical knowledge about the payment industry or about data access and reuse in the context of open finance. The results will determine if the PSD2 objectives have been achieved or if changes are needed to ensure EU retail payment rules remain fit for purpose and future-proof (and if so, the type and scope of changes), with a view to the Commission’s ongoing work on the open finance framework which is part of the Data Strategy for Europe.
The deadline for comments is 2 August 2022.
Calls for evidence on impact assessments for PSD2 review and open finance
Accompanying the public consultation are:
- A call for evidence on an evaluation and an impact assessment relating to its review of PSD2, indicating that the Commission is considering publishing a report on the application and impact of PSD2 in Q4 2022 and, if considered appropriate, a legislative proposal to amend the Directive (with an accompanying impact assessment) in the first half of 2023.
- A call for evidence on an impact assessment to assess the policy options relating to an “Open finance framework – enabling data sharing and third party access in the financial sector” initiative. The Commission is considering a legislative initiative here too, with indicative timing of Q1 2023.
The deadline for comments on both of the calls for evidence is 7 June 2022.
Targeted consultation on PSD2 review
The Commission’s targeted consultation paper on the PSD2 review focuses on technical issues and the Commission is looking in particular for responses from professional stakeholders such as payment services and technical services providers. Part 1 covers general questions concerning PSD2’s main objectives and specific objectives grouped by theme, while Part 2 covers questions on whether the specific measures and procedures of PSD2 remain adequate, including questions concerning possible changes or amendments to the Directive.
The deadline for comments is 5 July 2022. If necessary, the Commission may publish another targeted consultation, eg to consider specific policy options and impacts in more detail.
Targeted consultation on open finance framework and data sharing in the financial sector
The Commission’s targeted consultation paper on an open finance framework (announced in the Capital Markets Union communication of November 2021) and data sharing in the financial sector looks to gather evidence and stakeholder views on the current status and further development of open finance in the EU and effective customer protection. Customers of financial services firms (consumers and corporate customers), financial institutions and other firms that either hold data or intend to use it are specific targets of the consultation.
The deadline for comments is 5 July 2022.
For more on the above developments, take a look at this Engage article by members of Hogan Lovells’ London office.
Australia: Prudential Risk Authority sets 2025 target for cryptocurrency regulation
On 21 April 2022, Australia’s main financial regulator, the Prudential Risk Authority, or APRA, published a letter announcing a 2025 target for implementing regulations governing cryptocurrencies.
The APRA is developing the longer-term prudential framework for cryptoassets and related activities in Australia in consultation with other regulators internationally, to ensure consistency in approach.
APRA’s planned activities are as follows:
- Crypto-activities: consult on requirements for the prudential treatment of cryptoasset exposures in Australia. The consultation is expected to take place in 2023, and the APRA will consider the need for initial prudential guidance in the interim;
- Operational risk: progress new and revised requirements for operational risk management, covering control effectiveness, business continuity and service provider management. The draft prudential standard will be released for consultation in mid‑2022; and
- Stablecoins: consider possible approaches to the prudential regulation of payment stablecoins. Subject to the development of the broader legislative and regulatory framework, APRA envisages consulting on prudential requirements for large stored-value facilities (SVFs) in 2023.
United Kingdom: HM Treasury publishes policy paper on APP scam reimbursement
On 10 May 2022, HM Treasury published a policy paper setting out how the government and the Payment Systems Regulator (PSR) intend to improve authorised push payment (APP) scam reimbursement. In this regard, the government will:
- Clarify that the PSR may use its existing regulatory powers to require reimbursement for APP scams in designated payment systems, including Faster Payments. The government intends to introduce this legislative amendment as part of the Financial Services and Markets Bill (see the separate item on this above).
- Amend regulation 90 of the Payment Services Regulations 2017 (PSRs 2017), which concerns the liability of payment service providers (PSPs) in relation to payment orders. This will enable the PSR to establish a liability framework for APP scams using its existing powers and improve reimbursement outcomes for victims of APP scams.
- Place a duty on the PSR requiring it to take regulatory action within a prescribed timescale. The duty will require that the PSR publish for consultation a draft regulatory requirement within two months of the provisions coming into force and impose a regulatory requirement within six months of the provisions coming into force. The PSR intends to publish a consultation on its preferred approach to APP scam reimbursement in autumn 2022.
United Kingdom: LSB updates CRM Code for APP scams
On 28 April 2022, the Lending Standards Board (LSB) updated the Contingent Reimbursement Model (CRM) Code to further strengthen protection against authorised push payment (APP) scams. An accompanying press release states that the three most significant updates to the CRM Code will:
- Help improve customers’ understanding of how firms are assessing APP scam cases.
- Help prevent scams.
- Make the CRM Code accessible and relevant to a wider range of firms.
Another significant update comes via the activation of the Confirmation of Payee requirements for all signatory firms.
United Kingdom: Response to Treasury Committee report on fraud, scams and economic crime
On 28 April 2022, the Treasury Committee published responses to its report of 2 February 2022 on fraud, scams and economic crime.
The government has rejected the call for the creation of a single law enforcement agency dedicated to the challenge of combatting economic crime and has confirmed that it intends
to create a second Economic Crime Plan due for publication later this year, as well as a 10-year Fraud Strategy. The government has also confirmed that the Corporate Transparency and Register Reform Bill will be brought forward in the third session of Parliament. The Bill will include reform of Companies House, reforms to prevent abuse of limited partnerships, new statutory powers to seize and recover illicit cryptoassets and reform via a forthcoming Economic Crime Bill.
As well as updates to the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (MLRs) due later in 2022, there will be a further and broader review of the MLRs aimed at shaping the direction of the UK’s anti-money laundering regime for the future.
While not ruling it out, the government has not committed to imposing an obligation on online companies to provide compensation to the victims of online fraud.
The government has also confirmed that the barrier in the Payment Services Regulations 2017 preventing the Payment Systems Regulator from using its existing regulatory powers to introduce mandatory authorised push payment scam reimbursement for scams which occur over Faster Payments would be addressed by bringing forward the necessary legislation.
United Kingdom: DRCF response to letter on delivering the UK pro-innovation approach to digital regulation
On 29 April 2022, the Competition and Markets Authority (CMA) published a letter from the Chief Executive of the Digital Regulation Cooperation Forum (DRCF) responding to a letter from the Secretary of State, Rt Hon Nadine Dorries, in which she set out the government’s priorities for the digital regulatory landscape and cross-cutting policy areas relevant to the DRCF’s work.
The letter notes, in particular, that the DRCF:
- Shares the Secretary of State’s vision for efficient, effective and joined-up regulation of the digital landscape.
- Recognises the central importance of innovation to digital markets and has already adopted initiatives to support this.
- Is developing an active programme of engagement with a broad range of stakeholders from government, Parliament, industry, academia, international counterparts and civil society and consumer groups.
- Is keen to work with government officials on a range of issues (AI governance, online advertising and on ensuring co-operation and coherent regulatory approaches in relation to online safety, data and competition policy). It will also be happy to support the government’s ongoing implementation of the National Data Strategy and to remain joined up on ways that the DRCF can support innovation in digital markets.
United Kingdom: DRCF publishes Annual Report and 2022/23 Workplan
On 28 April 2022, the Digital Regulation Co-operation Forum (DRCF) published its annual report on its first year of operation and its workplan for 2022/23. It also published two papers on algorithms, in relation to which it issued a call for comments.
- Annual report: During 2021 to 2022, the DRCF members formed powerful links that are changing how the four member regulators are approaching digital regulation. The regulators now routinely share knowledge and skills, pool resources and work together in identifying important industry trends and innovations.
- Work plan: The DRCF’s work priorities are set out in relation to three core objectives: coherence between regimes; collaboration on projects; and capability building across regulators.
- Discussion papers on algorithmic processing: The DRCF has published discussion papers on (i) the benefits and harms of algorithms and (ii) Auditing algorithms: the existing landscape, role of regulators and future outlook, reflecting the outcome of work done by the DRCF Algorithmic Processing workstream. In the next financial year, the DRCF intends to undertake further activity in the field of algorithmic processing. It is, therefore, inviting input on the two papers by 8 June 2022.
European Union: Political agreement reached on Digital Services Act
On 22 April 2022, the Council of the EU and the European Parliament reached provisional political agreement on the Digital Services Act (DSA), which was originally introduced by the European Commission in December 2020.
The DSA imposes obligations on various online intermediary service providers such as to:
- Identify and remove illegal content.
- Not manipulate users’ choices through nudging or deceitful techniques (dark patterns).
- Verify and check traceability information provided by traders that sell via platforms to consumers.
The obligations, aimed at ensuring a safer and more open digital space for users and a level playing field for companies, increase cumulatively depending on the breadth of an intermediary’s activities.
Once the DSA’s text is finalised at a technical level, it will need to be formally adopted by both the European Parliament and the Council.
United Kingdom: BoE consults on RTGS and CHAPS tariff framework and RTGS Service Roadmap
On 29 April 2022, the Bank of England (BoE) published a consultation paper setting out proposals for a new framework for the Real-Time Gross Settlement (RTGS) and CHAPS tariffs, as well as a consultation paper on the next stage of the roadmap for the Real-Time Gross Settlement (RTGS) service beyond 2024.
The BoE has decided to review the RTGS and CHAPS tariff framework to ensure it remains fit for purpose going forward in light of the changes to the payments industry and the renewal of RTGS. It explains that the costs of delivering the new systems are not yet final, but the consultation is intended to provide the industry with an indication of future costs now to support their own planning.
Alongside this consultation, the BoE is consulting on the next stage of the roadmap for the RTGS service beyond 2024. The proposals included in that consultation are not included in the tariff framework consultation. The BoE will consider how to recover the costs for those proposals following the conclusion on the scope and priorities of the roadmap.
The BoE seeks the views of existing and potential new RTGS service users on its proposals for the features for the next stage of the RTGS roadmap. These cover: (i) new cost-effective ways to connect based on open standards and compatibility with a wide range of technologies; (ii) innovative and flexible services to address the changing needs of users; and (iii) world-class resilience.
The deadline for responses to both consultations is 30 June 2022.
United Kingdom: LSB Business Plan and Budget for 2022/23
On 3 May 2022, the Lending Standards Board (LSB) published its business plan and budget for 2022/23.
In the plan, the LSB sets out its strategic priorities and provides further detail on the activities it intends to undertake during 2022/23, together with a summary timeline. Planned activities include:
- A significant project on the identification, treatment and evolving needs of vulnerable customers, spanning the Personal and Business Standards of Lending Practice and the Contingent Reimbursement Model Code (CRM) Code. The LSB will use the project’s outputs to decide whether updates to the Standards, CRM Code or accompanying guidance documents are required.
- An internal review of the Standards of Lending Practice for personal customers against the backdrop of the regulatory roadmap, including the FCA’s proposed Consumer Duty.
- Continued implementation of the recommendations from the LSB’s 2020/21 review of the CRM Code and its 2021 call for input.
- Close co-ordination with UK Finance, the FCA and HM Treasury to progress the implementation of the recommendations from the LSB’s 2021 review of the Access to Banking Standard.
United Kingdom: New FCA authorisation webpage on early and high growth oversight initiative
On 26 April 2022, the FCA published a new webpage on its “early and high growth oversight” initiative.
The FCA recognises that firms can face challenges in meeting their regulatory obligations in the first few years after authorisation. In response to this, it has launched the initiative with a view to providing enhanced supervision for firms as they get used to their regulatory status and to support firms in understanding their obligations to ensure they can meet the standards the FCA expects as they grow.
The FCA piloted the initiative between October 2021 and March 2022 with 32 newly authorised firms across a range of sectors. Based on the FCA’s discussions with firms in the pilot, it has identified the following insights that may be helpful for other firms going through the authorisation process:
- Before and during the authorisation process, firms must ensure they read all the relevant information and guidance provided.
- Firms should register for access to the FCA’s systems early on. This will ensure they are ready to comply with and submit regulatory reporting on time.
- Once a firm is authorised, it is subject to the FCA’s rules and principles. As part of the initiative, the FCA expects firms to engage with it openly and transparently. It also expects firms to notify it if it is unlikely that they will be able to fulfil their regulatory obligations.
United Kingdom: HM Treasury policy statement on protecting UK wholesale cash infrastructure
On 26 April 2022, HM Treasury published a policy statement on protecting the UK’s wholesale cash infrastructure.
It explains that the UK needs a sustainable and resilient wholesale cash system to support continued access to cash. While the industry is expected to transition to a smaller overall network over time, if this happens in a disorderly way it could pose a potentially significant risk to the wholesale cash infrastructure’s effectiveness and sustainability, and therefore its ability to supply cash to the UK’s retail network.
Given the need to manage these risks, the government intends to provide the Bank of England (BoE) with powers to oversee the wholesale cash distribution system to ensure it remains resilient and sustainable and can continue to effectively support access to cash. It is creating a two-pronged oversight regime:
- Giving the BoE oversight over, and the ability to regulate, the market activities of the wholesale cash industry. All entities that provide wholesale cash activities or financial support relating to these activities could come under the regime. HM Treasury will also have the power to designate a critical service provider to the industry under the regime, if required.
- Giving the BoE the ability to prudentially regulate a systemic entity in the market, should one form in the future, to manage risks to financial stability and maintain confidence in the UK financial system. The government and the BoE do not currently consider that any existing market participants meet the threshold to be designated under the prudential regime but will consider on a case-by-case basis whether any future market changes or new entrants might create such an entity.
The government intends to legislate for the new regime when Parliamentary time allows and the BoE will subsequently consult on the development of its regulatory approach.
United Kingdom: PRA Business Plan for 2022/23 published
On 20 April 2022, the PRA published its Business Plan for 2022/23, which sets out its strategy and work plan for the coming year as well as an overview of the PRA’s 2022/23 budget.
The PRA’s strategic priorities for 2022/23 are:
- Retaining and building on the strength of the banking and insurance sectors delivered by the financial crisis reforms.
- Being at the forefront of identifying new and emerging risks, and developing international policy.
- Supporting competitive and dynamic markets in the sectors that it regulates.
- Running an inclusive, efficient and modern regulator within the Bank of England.
United Kingdom: Summary report of PSR Panel’s digital payments initiative
On 10 May 2022, the Payment Systems Regulator (PSR) published the summary report (dated April 2022) of the independent PSR Panel’s digital payments initiative.
The Panel identified the following four high-level areas that need to be tackled to address the drivers of cash reliance and enable greater take-up of digital payments:
- Improving consumers’, small businesses’ and other small organisations’ awareness and understanding of, and trust in, digital payment options.
- Tackling barriers to new digital payment services and service features, including enabling new functionalities and improving trust by addressing fraud risks.
- Reducing digital exclusion.
- Putting better data in place to monitor the transition to digital payments.
In each of these areas, the Panel has set out recommendations for the PSR, some of which are specific technical recommendations, to encourage (greater) use of digital payments. It expects the PSR to take these recommendations into account in its work programme and to undertake appropriate analysis and validation of the Panel’s proposals.
United Kingdom: FCA speech on how to capitalise on innovation
On 5 May 2022, the FCA published a speech given by Nikhil Rathi, FCA Chief Executive, on how to capitalise on innovation. Points of interest in the speech include the following:
- The FCA is growing its expertise in the digital field. Every module of staff training at the FCA will have an element of digital upskilling. The FCA is also boosting its capabilities with a recruitment drive for data analysts and scientists.
- A key element of the regulatory co-operation in the Digital Regulation Cooperation Forum (DRCF) will be building digital regulatory skills across all the major UK regulators.
- Technology and training are also essential in the area of ESG. Mr Rathi has heard that the “Big Four” are now running their own ESG training for staff and, in some cases, clients. The FCA wants to build that capability as well.
- Diversity and inclusion needs to be fully harnessed across financial services. The FCA is changing internally and has warned the sector that firms that fail to embrace diversity of thought will struggle to serve the needs of a diverse customer base and manage conduct risk effectively.
European Union: Digital Markets Act postponement until 2023
On 5 May 2022, the European Commission published a speech given by Executive Vice-President Vestager at the International Competition Network Annual Conference.
In the speech, Vestager announced that the entry into force of the Digital Markets Act (DMA) has been postponed from later this year (as previously anticipated) to early 2023. The delay is a result of the extended preparation process; Vestager explained new structures need to be set up in the Commission, resources need to be pooled, staff need to be hired and IT systems still need to be set up.
United Kingdom: Government response to consultation on new pro-competition regime for digital markets
On 6 May 2022, the Department of Digital, Culture, Media and Sport and the Department for Business, Energy and Industrial Strategy published the government’s response to their July 2021 consultation on a new pro-competition regime for digital markets and the establishment of the Digital Markets Unit (DMU). Regarding the role of the DMU:
- The DMU will be responsible for implementing and enforcing the new pro-competition regime.
- The DMU’s core objective will be to promote competition in digital markets within and outside the UK for the benefit of consumers.
- There will be a statutory duty on the DMU to consult with other regulators where proportionate and relevant to ensure this new regime co-ordinates effectively with other regulatory systems.
- The activities of the DMU will be funded by the Exchequer, with its costs partially recouped by a levy.
Legislation will be brought forward to implement the reforms when Parliamentary time allows.
European Union: EBA statement on financial inclusion and ECB FAQs on banking supervision
On 27 April 2022, the EBA published a statement on financial inclusion in the context of the conflict in Ukraine.
In the statement, among other things the EBA:
- Sets out what financial institutions and their supervisors can do to provide access to refugees from Ukraine to the EU’s financial system. It focuses on the rights of refugees to access and use payment accounts and discusses how banks can still comply with their anti-money laundering (AML) obligations when taking on new customers as a result of the flexibility within the AML framework.
- Sets out what financial institutions and supervisors can do to protect vulnerable persons from abuse by criminals. In particular, it states that financial institutions should be alert to any indicators suggesting that customers who are refugees are being exploited and report any suspicious activity to their local Financial Intelligence Unit without delay.
The EBA commits to continue to monitor the situation and work with competent authorities and the private sector as necessary to share best practices, set common regulatory expectations and facilitate the development of a common approach across EU member states.
Also, on 26 April 2022 the ECB published FAQs on its supervisory approach in the light of the conflict in Ukraine. Topics covered by the FAQs include banks’ exposures to Russia and Ukraine.
European Union: EBA technical advice on non-bank lending
On 4 May 2022, the EBA published a final report setting out its technical advice to the European Commission on non-bank lending, in response to a February 2021 call for advice on digital finance and related issues.
The EBA has analysed market developments and the risks and challenges posed by the increased provision of lending by non-bank entities. Although the amount of non-bank lending in the EU remains very small compared to credit provided by banks, Fintech activity has been increasing steadily over the last few years. The trends observed outside the EU also show that BigTechs and other non-traditional operators have already developed, and successfully rolled out, business models for lending. The same applies to lending in the form of cryptoassets, which has seen a rapid increase since 2020 and has contributed to the extension and reach of non-bank lending activities in alternative means other than conventional fiat funds.
In the report, the EBA identifies the specific risks related to the provision of credit by non-bank lenders and sets out proposals to address them. In particular, it highlights the importance of:
- Ensuring the consumer protection framework remains fit for purpose in light of new players entering the market.
- Strengthening the provisions on authorisation and clarifying the prudential perimeter and supervisory responsibilities for cross-border provision of services.
- Covering all non-bank lenders in a more comprehensive way in the EU anti-money laundering and counter-terrorist financing framework.
- Enhancing monitoring and reporting frameworks to avoid any sudden increase of macroprudential risks remaining unaddressed.
European Union: European Commission legislative proposal for Directive on distance financial services contracts
On 11 May 2022, the European Commission published a legislative proposal that it has adopted for a Directive concerning financial services contracts concluded at a distance which would repeal the current Distance Marketing Directive (DMD) and transfer the framework for consumer protections relating to financial services distance contracts to the Consumer Rights Directive (CRD).
The proposed Directive would aim to modernise the existing DMD framework, including requiring traders to: provide an email address in pre-contractual information and supply pre-contractual information at least a day before consumers are bound by any distance contract; allow consumers to use a withdrawal button where distance contracts are concluded by electronic means; provide adequate explanations on proposed financial services contracts (and if a trader uses online tools for this purpose consumers will have a right to request and obtain human intervention). The application of certain rules in the CRD, including on additional payments and enforcement and penalties, will also be extended to financial services distance contracts.
The legislative proposal will now be considered by the Council of the EU and the European Parliament.
United Kingdom: PRA speech on operational resilience
On 28 April 2022, the PRA published a speech by David Bailey, PRA Executive Director, UK Deposit Takers Supervision, on the next steps on the PRA’s supervisory roadmap for operational resilience.
Mr Bailey identified the following key themes from the PRA’s review of the board-approved lists of important business services (IBS) and impact tolerances that it has received:
- IBS identification. The PRA’s view is that firms have generally made positive progress against its expectations for identifying these services.
- Guidelines for identifying IBS. The PRA expects divergence in this area to narrow over time. As it continues its supervisory work, it will be asking firms to clarify how they have incorporated certain key points of the policy relating to identifying IBS.
- Impact tolerances. Although progress has been made, the PRA notes that firms have found setting impact tolerances more challenging than identifying IBS. In light of this, it will be pushing firms to justify their judgements and undertake more detailed comparisons across peer groups.
- Mapping and testing. The PRA does not expect mapping and testing frameworks to be fully developed as yet. However, its findings indicate that significant further work is required in the next three years for firms to embed fully coherent mapping and testing frameworks.
European Union: Political agreement reached on proposed Regulation on digital operational resilience (DORA)
On 10 May 2022, the Council of the EU and the European Parliament reached a provisional political agreement on the proposed Regulation on digital operational resilience for the financial sector (DORA).
The Council’s related press release highlights key aspects of the agreement, which include:
- The new rules will constitute a very robust framework that boosts the IT security of the financial sector, with the efforts required from financial entities being proportional to the potential risks.
- Almost all financial entities will be subject to the new rules, but the inclusion of auditors will be part of a future review of DORA.
- To allow for proper oversight of critical third-country ICT service providers to financial entities in the EU, such service providers will be required to establish an EU subsidiary.
- Given the cross-sectoral nature of digital operational resilience, an additional joint oversight network will strengthen the co-ordination between the European Supervisory Authorities.
- Penetration tests will be carried out in functioning mode and it will be possible to include several member states’ authorities in the test procedures. The use of internal auditors will be possible only in strictly limited circumstances, subject to safeguard conditions.
The European Parliament also published a separate press release on the agreement.
The provisional agreement is subject to approval by the Council and the European Parliament before going through the formal adoption procedure. The agreed revised text of the legislative proposal has not yet been published.
The new rules will apply 24 months after they enter into force.
United States: Federal Reserve pilots its real time payment service FedNow
On 2 May 2022, the Federal Reserve announced it had begun the testing phase for the FedNow Service pilot, including the onboarding of participating organisations, in preparation for the launch of its FedNow instant payments program in 2023.
More than 120 organisations are participating in the pilot. Participants in the testing phase satisfied criteria surrounding instant payments readiness and expressed a desire to participate in early testing, the Federal Reserve said.
The Federal Reserve announced the FedNow pilot, which includes three phases (advisory, testing and closed-loop production), in October 2020.
Participating organisations in the test phase will continue onboarding in the coming months and establish connectivity and perform technical and operational tasks that will lay the groundwork for full-scale, end-to-end testing later this year.
Global: IMF report on global financial stability
On 19 April 2022, the International Monetary Fund (IMF) published a report on global financial stability.
The report notes that the accelerated “cryptoization” (i.e. the expansion of the crypto‑ecosystem) in emerging market economies is a key area of concern. The IMF notes this expansion is partly due to a structural shift towards cryptoassets as a means of payment and/or store of value, and partly due to more temporary drivers, such as speculative interest during the pandemic.
The IMF also states that regulation is not keeping pace with innovative technologies such as decentralised finance (DeFi), and recommends that regulators concentrate on related aspects of the crypto-ecosystem such as stablecoin issuers and centralised exchanges.
European Union: ECB calls for input on a future digital euro payments system
On 28 April 2022, the ECB launched a call for expressions of interest for payment service providers, banks and other relevant companies to join an exercise to develop prototype user interfaces for a future digital euro payments system.
Participants will be asked to collaborate with the ECB on the development of prototypes that address specific use cases for the payment process.
Responses were due by 20 May 2022.
Central African Republic: Bitcoin becomes official currency
On 27 April 2022, it was reported that the Central African Republic had voted unanimously to adopt Bitcoin as legal tender, becoming the first country in Africa and only the second in the world to do so. A government statement explained that a Bill governing the use of cryptocurrency had been adopted unanimously by Parliament.
Hong Kong: HKMA publishes discussion paper inviting views on its own CBDC
On 27 April 2022, the Hong Kong Monetary Authority (HKMA) published a discussion paper titled “e-HKD: A policy and design perspective”, inviting views from the public and the industry on key policy and design issues for introducing a retail central bank digital currency (CBDC).
The HKMA is inviting views on the potential benefits and challenges of a CBDC, design considerations such as the issuance mechanism, interoperability with other payment systems, privacy and data protection and legal considerations, as well as use cases.
While Hong Kong has still not made a final decision on an e-HKD, it has agreed to a pilot programme for China’s digital yuan.
Responses to the discussion paper were due by 27 May 2022.
The Bahamas: Government publishes white paper on the future of digital assets
On 21 April 2022, the Bahamian government published a white paper on the future of digital assets in The Bahamas, setting out the government’s vision and framework for the development of the Bahamian digital asset policy from 2022 to 2026.
The main objectives of the white paper include:
- exploring new opportunities in the digital asset landscape;
- improving the attractiveness of the country as a well-regulated financial jurisdiction;
- (where necessary) clarifying and expanding the scope of the legislative framework;
- encouraging innovation in the Fintech space and identifying emerging technologies that would help maintain the country’s competitive edge; and
- building capacity and expanding the resources of the Securities Commission of The Bahamas in order to support and enhance its role as the pre-eminent digital asset regulator.
Key initiatives include permitting citizens to pay their taxes using digital assets and the promotion of the country’s CBDC, the sand dollar.
Brazil: New Bill introduces framework for virtual assets and their service providers
On 26 April 2022, a new Bill was approved by the Brazilian Senate which, if enacted, would introduce a regulatory framework for virtual assets and their service providers. It will now need to be approved by the Chamber of Deputies before it can be signed into law by the Brazilian President.
Among other things, the Bill would appoint a regulatory body to supervise virtual asset service providers, as well as amend the penal code to introduce penalties for fraud using virtual assets.
The Philippines: Central bank pilots wholesale CBDC for large value transactions
On 26 April 2022, the Bangko Sentral ng Pilipinas (BSP) announced it is launching a pilot project, Project CBDCPh, which will test the use of a wholesale CBDC for large-value financial transactions.
The BSP is exploring the potential use of wholesale CBDCs in areas where these can yield the greatest value-adding benefits to the payment system. Findings from the pilot will feed into constructing the BSP’s medium to long-term roadmap for more advanced wholesale CBDC projects that will further strengthen the Philippine payment system.
United Kingdom: FCA speech on critical issues in financial regulation
On 26 April 2022, the FCA published a speech given by Nikhil Rathi, FCA Chief Executive, on the FCA’s view of critical issues in financial regulation.
Mr Rathi sets out the challenges and opportunities confronting the FCA and how it plans to meet them by focussing on the problems in front of it rather than addressing issues by asset class or sector.
Among the other points of interest in the speech are Mr Rathi’s comments on cryptoassets. The FCA has so far registered 33 cryptoasset firms under the anti-money laundering (AML) and counter-terrorist financing (CTF) regime for certain cryptoasset businesses. Mr Rathi explains that the regulator worked with many firms to help improve their capabilities instead of just rejecting or approving applications with no feedback or advice, and its rejection of those that did not meet the standards should not be interpreted as anti-innovation. Mr Rathi also explains that a key issue that needs wider consideration by policymakers is the risk that cryptoasset businesses whose applications for registration are rejected can still service UK customers from offshore. He says that it is encouraging that partner agencies in other jurisdictions follow the FCA’s lead when it rejects firms’ registrations, but it is not enough to rely on the FCA’s global influence to achieve this.
Global: Speech from chair of the Basel Committee on Banking Supervision on decentralised finance and cryptoassets
On 12 May 2022, Pablo Hernández de Cos, chair of the Basel Committee on Banking Supervision (BCBS) and governor of the Bank of Spain, delivered a speech in which he warned that fast-paced developments in decentralised finance (DeFi) and cryptoassets necessitate a proactive and forward-looking regulatory and supervisory approach. Additionally, as cryptoassets and DeFi still represent less than 1% of total global financial assets and banks’ exposures are relatively limited, an appropriate response is to bring these areas within the relevant regulatory perimeter.
Hernández de Cos flagged the cross-border nature of cryptoassets and how effective collaboration across global standard-setting bodies will be required to answer some policy questions regarding taxation, anti-money laundering, compliance and data privacy.
Mexico: New rules on the electronic transfer system SPEI published
On 23 March 2022, changes to the rules on the Mexican electronic transfer system known as SPEI were published. The amendments are aimed at:
- regulating entities that do not have a direct connection to the system but that are connected through other larger institutions and banks like fintech companies;
- setting thresholds for these indirect participants to become direct participants and if they fail to connect directly, to disconnect their indirect connection;
- regulating and setting minimum provisions that agreements between indirect and direct participants need to have;
- requiring direct participants who offer their clients an indirect connection to the SPEI to become clearing houses; and
- requiring all participants, direct and indirect, to issue and accept CODI (a standard QR form) payments between clients.
The timing for these provisions to enter into effect is complex but financial institutions, fintech companies and other entities connected to the SPEI will be required to implement changes and become compliant shortly.
See this Engage article by Hogan Lovells’ Mexico team for more on this development.
United Kingdom: FCA review finds weaknesses in challenger banks’ financial crime controls
On 22 April 2022, the FCA published its multi-firm review of financial crime controls at challenger banks. The FCA focused its review on challenger banks that are relatively new to the market and offer a quick and easy application process. The sample selection included six challenger retail banks and covered over eight million customers.
Although the FCA found some evidence of good practice, it found more needs to be done by the challenger banks sector. The FCA specifically notes:
- Financial crime control resources, processes and technology need to be commensurate with a bank’s expansion. Challenger banks should apply a risk-based approach to anti-money laundering (AML) controls and also continuously make sure their financial crime controls remain fit for purpose as their business develops.
- There are weaknesses in customer due diligence (CDD) such as not obtaining details about customer income and occupation. Some challenger banks did not consistently apply enhanced due diligence (EDD) and did not document it as a formal procedure to apply in higher risk circumstances, for example when managing politically exposed persons (PEPs). In some instances, challenger banks did not have financial crime risk assessments in place for their customers.
- The UK Financial Intelligence Unit (UKFIU) within the National Crime Agency (NCA) noted a substantial increase in the volume of suspicious activity reports (SARs) reported by challenger banks as banks exit customer relationships for financial crime reasons. The FCA had concerns about the quality of SARs reported to the NCA.
For more on this development, take a look at this Engage article by members of Hogan Lovells’ London office.
Global: Wolfsberg Group publishes FAQs for financial institutions on negative news screening
On 11 May 2022, the Wolfsberg Group published a document containing frequently asked questions (FAQs) on how negative news screening (NNS) can enhance financial institutions’ awareness of potential financial crime risk posed by both existing and prospective customers.
The Group recognises that there is no universally agreed and accepted definition of negative news. For the purposes of the FAQs, the term has been broadly defined as “information available in the public domain that financial institutions would consider relevant to the management of financial crime risk”.
The FAQs seek to identify relevant factors that financial institutions may find useful in setting out NNS standards, including:
- Applying NNS as part of a risk-based approach to anti-money laundering (AML) and counter terrorist financing (CTF).
- Documenting a risk-based approach to NNS, taking into account the legal and regulatory requirements in the jurisdiction(s) in which the financial institution operates.
- Ensuring that NNS processes are both effective and efficient.
They also provide guidance on assessing the reliability of NNS sources and the materiality of NNS results, as well as the configuration of screening systems, alert management and associated governance.
See this Engage article by members of Hogan Lovells’ London office for more on this development.
Global: FATF report on effectiveness of anti-money laundering and counter terrorist financing standards
On 19 April 2022, the Financial Action Task Force (FATF) published a report on the state of the effectiveness of its anti-money laundering and counter terrorist financing (AML/CTF) standards.
Overall, the report finds that countries have made huge progress in improving technical compliance by establishing and enacting a broad range of laws and regulations to better
tackle money laundering, terrorist and proliferation financing. This has created a firm legislative basis for national authorities to “follow the money” that fuels crime and terrorism. In terms of laws and regulations, the report notes 76% of countries have now satisfactorily implemented the FATF’s 40 Recommendations.
However, many countries still face substantial challenges in taking effective action commensurate to the risks they face. This includes difficulties in investigating and prosecuting high-profile cross-border cases and preventing anonymous shell companies and trusts being used for illicit purposes.
European Union: Comparison table in trialogue negotiating positions on proposed Regulation on information accompanying transfers of funds and certain cryptoassets
On 21 April 2022, the Council of the EU published a note (8293/22) from the General Secretariat to the Delegations with a three-column table to commence trialogues, comparing the negotiating positions taken by the European Commission, the Council and the European Parliament on the proposed Regulation on information accompanying transfers of funds and certain cryptoassets (2021/0241(COD)).
The Council agreed its negotiating mandate in December 2021 and the European Parliament agreed its negotiating mandate in April 2022. The Commission adopted the proposed Regulation, which is intended to revise and recast the revised Wire Transfer Regulation ((EU) 2015/847), in July 2021 as part of a package of measures to reform the EU anti-money laundering and counter-terrorist financing regime.
Global: CPMI publishes final report on extending and aligning payment system operating hours for cross-border payments
On 12 May 2022, the Bank for International Settlements’ (BIS) Committee on Payments and Market Infrastructures (CPMI) published a final report on extending and aligning payment system operating hours for cross-border payments, focusing on the operating hours of real-time gross settlement (RTGS) systems, which are considered key to enhancing cross-border payments. This is part of the G20’s cross-border payments programme.
In November 2021, the CPMI consulted on three potential scenarios (or “end states”) for extending RTGS system operating hours and associated operational, risk and policy considerations, namely:
- an incremental increase in operating hours on current operating days (that is, standard working days);
- an increase to include current non-operating days (that is, weekends and holidays); and
- an extension to full 24-hour and seven-day-a-week operations (that is, 24/7).
The analysis presented in the report is based on a survey of 82 jurisdictions conducted by the CPMI. This identified 62 RTGS systems and provided information about their current operating hours. The analysis has also been informed by consultation responses and discussions with several central banks that have expanded their RTGS operating hours to 24/7 or near 24/7. The CPMI:
- Suggests that central banks could consider the three potential end states as they assess their current operating hours and plan for the future; and
- Proposes the “global settlement window” as a key consideration for central banks assessing potential end states for RTGS operating hours. This is a new concept reflecting the time period during which the largest number of RTGS systems are simultaneously operating. Currently, the global settlement window is best characterised as the time period from 06:00 to 11:00 Greenwich Mean Time (GMT) on working days.
European Union: ECB repeals Guideline ECB/2012/27 and Decision ECB/2007/7 relating to TARGET2
On 20 April 2022, the ECB published a Guideline on a new generation trans-European automated real-time gross settlement express transfer system (TARGET) and repealing Guideline ECB/2012/27. It also published a Decision ECB/2022/22 concerning the terms and conditions of TARGET-ECB and repealing Decision ECB/2007/7.
From 21 November 2022, the new generation TARGET will replace the current trans‑European automated real-time gross settlement express transfer system (TARGET2) under measures to consolidate TARGET2 and TARGET2-Securities (T2S) (the T2 and T2S consolidation project). Guideline ECB/2012/27, which governs TARGET2, is therefore repealed and replaced by Guideline ECB/2022/8. The national central banks of the member states whose currency is the euro must take the necessary measures to comply with the new Guideline and apply it from 21 November 2022. The Eurosystem central banks must comply with the Guideline from 21 November 2022.
In Decision ECB/2022/22, the ECB explains that for reasons of legal certainty, it needed to adopt a new decision to implement changes to the terms and conditions of TARGET2‑ECB that were brought about by repealing Guideline ECB/2012/27. The Decision will enter into force on the fifth day following that of its publication in the Official Journal of the European Union and will apply from 21 November 2022.
United Kingdom: FCA concludes review of PARs linked services list
On 29 April 2022, the FCA published a new webpage to announce that, following a review, it does not intend to update its list of the most representative services linked to payment accounts and that are subject to a fee in the UK. It believes that the list continues to meet the statutory requirements, contains the most representative services and that its purpose, which is helping consumers make an informed choice when choosing payment accounts, is still being fulfilled.
The Payment Accounts Regulations 2015 (SI 2015/2038) require the FCA to maintain and publish the list, which includes standard terms and definitions to describe linked services that payment service providers (PSPs) must use where applicable. The FCA first published the list in April 2018.
Hong Kong: Privacy Commissioner for Personal Data publishes Model Contractual Clauses for Cross-border data transfers
On 12 May 2022, Hong Kong’s Privacy Commissioner for Personal Data (PCPD) published its “Guidance on Recommended Model Contractual Clauses for Cross-border Transfer of Personal Data” (the Guidance).
The introductory sections of the Guidance explain that the PCPD is concerned that the globalization of business and increasing use of mobile and cloud technologies make it more important for organizations to take concrete steps to ensure that the Personal Data (Privacy) Ordinance (Cap. 468) (the PDPO) is complied with in respect of personal data leaving Hong Kong.
The Guidance relates to cross-border transfer controls set out in the PDPO which are not yet in effect, meaning that, in the main, the Guidance serves as best practice recommendations. However, most of the specific compliance measures set out in the Recommended Model Contractual Clauses (the RMCs) included in the Guidance draw from specific obligations under the PDPO that apply irrespective of the PDPO’s cross-border transfer controls, meaning that implementing a number of the components found in the RMCs (or equivalent measures meeting PDPO requirements) is mandatory from a PDPO compliance perspective.
Take a look at this Engage article by members of Hogan Lovells’ Hong Kong office for more on this development.
United Kingdom: PRA consults on definition of simpler-regime firm under new framework for non-systemic banks
On 29 April 2022, the PRA published a consultation paper (CP5/22) on the definition of a simpler-regime firm under the envisaged new, simpler prudential framework for non-systemic banks and building societies. The framework would consist of layered prudential regimes, over which requirements would expand and become more sophisticated as the size or complexity of firms increases.
In CP5/22, the PRA sets out proposals for the “simpler regime”, the prudential layer that will apply to the smallest firms. The PRA also considers the application of the scope criteria in the context of banking groups. It will consult further on the consequences of a firm ceasing to meet the definition of a simpler-regime firm.
The deadline for responses is 22 July 2022. The PRA intends to publish a policy statement on the definition later in 2022 or 2023.
Payment Market Developments
Europe: Citi launches SEPA payments across Europe
On 4 May 2022, Citi announced it was launching SEPA instant payments across Europe, allowing clients to pay and receive from 36 SEPA countries instantly. The offering allows SEPA Credit Transfers to be made within seconds, 24/7 and funds are available to recipients immediately.
United States: Gucci announces it will start accepting 12 cryptocurrencies in select stores
On 4 May 2022, Gucci announced it would accept 12 cryptocurrencies in select US stores and that it plans to extend the pilot to all of its stores in North America. In-store crypto payments will be made with a link sent via email to the customer which contains a QR code that allows payment from their crypto wallet.
Global: Telegram partners with Ton Foundation to add crypto payments to its app
On 28 April 2022, messaging app Telegram announced its partnership with Ton Foundation, which will enable users to send and receive toncoin within the app. It will also allow users to buy bitcoin through the app.
Canada: Klarna partners with Global-e to expand Buy Now Pay Later options in Canada
On 27 April 2022, Klarna announced it was expanding its partnership with cross-border e‑commerce provider Global-e, enabling merchants in Canada to offer Buy Now Pay Later options. This will offer consumers Klarna’s flexible payment options from a number of brands.
United States: Gemini launches a new credit card offering instant crypto rewards
On 14 April 2022, Gemini announced the launch of the Gemini Credit Card across the United States, making it the first credit card to offer instant crypto rewards. It allows you to earn bitcoin through everyday purchases.
United Kingdom: Monneo enables online merchants to make and receive online payments in cryptocurrency
On 20 April 2022, Monneo announced it is enabling online merchants to accept cryptocurrency payments through their websites. Its latest solution converts the customer’s crypto payment into the equivalent value in fiat currency, before Monneo settles it with the international bank account number (IBAN) of the merchant.
United States: Twitter enables content creators to be paid in $USDC stablecoin via Stripe
On 22 April 2022, Twitter announced its partnership with Stripe to enable Twitter content creators to be paid in $USDC stablecoin. This will make it possible for creators who opt in to having their earnings paid out to a cryptocurrency wallet.
Pakistan: Paymob, an Egypt based Fintech, plans to start operations in Pakistan
On 12 April 2022 Paymob, an Egypt based digital payments provider, announced plans to start operations in Pakistan after rapid growth in Egypt, Jordan and Kenya. Paymob will be aiming to offer Pakistani merchants online, POS and “Tap on Phone” payment solutions.
Global: Santander launches the Santander eLockBox for businesses
On 13 April 2022, Santander announced the launch of the Santander eLockBox, an electronic lockbox that works to consolidate incoming digital payments and simplify electronic receivables management for businesses. The enhanced product offering allows customers to automate their revenue cycle, saving them time, reducing costs, and optimising more resources to help support the core needs of their organisations.
Malaysia: Razer Merchant Services enters partnership with Discover Global Network
On 12 May 2022, Malaysia-based Razer Merchant Services (RMS), the business-to-business arm of Razer Fintech, announced that it has become an acquirer for Discover Global Network to enable card acceptance at online merchants in Malaysia. According to RMS, by 2023 it aims to enable 2,000 e-commerce merchants in Malaysia to accept Diners Club International, Discover and affiliate network cards for online transactions.
Surveys and Reports
Global: QR Code payments to reach $3 trillion globally by 2025
On 9 May 2022, Juniper Research published a study predicting that the global spend using QR code payments will reach over $3 trillion by 2025, rising from $2.4 trillion in 2022. This growth of 25% will be driven by the increasing focus on improving the level of financial inclusion in developing regions and providing alternatives to established payment methods in developed regions.
The new research identified combined loyalty and payment services via a single QR code as a key strategy for increasing adoption. It predicts that loyalty schemes will encourage repeat use and foster consumer trust in QR codes for payments.
The report found that the prospects for adoption and growth are stronger in markets with national schemes in place, due to incentives that promote ease of use for consumers; with increased interoperability being a major enabling factor. In particular, the research found that in India, the transaction value of QR code payments will increase from $62 billion in 2022, to $125 billion in 2026, driven by its national QR code standard and reduced cash usage. Accordingly, it recommends that vendors looking to expand internationally focus on markets with established national schemes.
Global: 80% of central banks are considering the launch of Central Bank Digital Currency
On 4 April 2022, PWC published its Global Central Bank Digital Currency (CBDC) Index and Stablecoin Overview 2022.
- The study estimated that more than 80% of central banks are considering launching a CBDC or have already done so. There are at least 68 central banks that have communicated publicly about their CBDC work, with three live retail CBDCs and at least 28 pilot projects.
- Overall, retail CBDC projects (digital currencies designed for public use) have reached greater maturity levels than wholesale projects (digital currencies used by financial institutions that have accounts with central banks), but the past year has seen progress on a number of successful wholesale pilots.
On stablecoins, the overview noted that currently no stablecoin arrangement is fully regulated. The study referred to recent developments, such as the UK Treasury announcement in March 2022 that it will recognise stablecoins as a valid form of payment in the UK. In Europe, the EU Markets in Cryptoassets Regulation (MiCA) is set to create a harmonised framework for cryptoassets and related services that is due to come into force in 2023 and will apply to all EU member states.
Global: Merchants are losing millions annually due to unoptimised payment strategies
On 25 April 2022, eMerchantPay published research which concluded merchants are losing millions annually due to unoptimised payment strategies. Findings included:
- 91% of organisations admit to losing significant revenue because of shortcomings with their payment gateway.
- 1 in 3 respondents said that lack of quality data is a barrier to investing more in payments performance.
- 40% of payment leaders said that they need to make improvements to their payment strategy to avoid losing revenue by the end of 2022.
Key detriments to optimal payments performance for merchants across countries involve changing regulations and compliance (38%), as well as a shortage of in-house resources and skills (34%).
However, the research found that robust payment infrastructure paired with an experienced payment service provider can allow merchants to deliver maximum value to their organisation and overcome these obstacles.
Include Notice: Hogan Lovells (Luxembourg) LLP is registered with the Luxembourg bar.