Global Payments Newsletter, December 2021

Key developments of interest over the last month include:

  • Brazil: Open Banking moves into its fourth stage
  • United Kingdom: FCA publishes policy statement on changes to SCA, Payment Services Approach Document and PERG
  • United States: European Commission issues call for advice on PSD2 review to EBA

In this Newsletter:

For previous editions of the Global Payments Newsletter, please visit our Financial Services practice page.

Regulatory Developments

Brazil: Open Banking moves into its fourth stage

It is expected that the implementation of the next, fourth stage of Open Banking in Brazil will begin on 15 December 2021.

The first phase of the program took effect in February 2021, opening service channels to consumers. The second phase of the program, which took effect in August 2021, involved the sharing of customers' registration and transactional data, with their prior consent. The third phase of the program started at the end of October 2021, and involved facilitating sharing payment transactions between participating institutions, and introducing a system allowing for credit transaction proposals to be shared amongst financial institutions and correspondents in Brazil.

The fourth phase will provide for the exchange of information about foreign exchange, investments, pension plans and insurance services. Additional phases are expected in the first half of 2022.

For more information on this development, take a look at this Engage article by members of Hogan Lovells' São Paulo office.

Back to the top

United Kingdom: FCA publishes policy statement on changes to SCA RTS, Payment Services Approach Document and PERG

On 29 November 2021, the FCA published a policy statement (PS21/19) on changes to its (i) on-shored Regulatory Technical Standards on strong customer authentication (SCA-RTS), (ii) Payment Services and Electronic Money Approach Document and (iii) Perimeter Guidance Manual (PERG). A revised version of the Approach Document was also published.

Many of the changes are as originally proposed in the consultation paper published in January 2021. However, the FCA has refined its views on some issues including moving away from the EBA's position on some issues.

The key changes to the SCA-RTS are that:

  • The FCA has confirmed that there will be an additional exemption from SCA for an Account Information Service Provider's (AISP) access to a customer’s account balance and 90 day transaction history as long as SCA is used for the first access. The AISP must still confirm the customer’s explicit consent every 90 days.  Unlike the proposals currently being considered in the EU, use of the exemption will be optional for Account Servicing Payment Service Providers (ASPSPs) but the FCA strongly encourages them to apply the exemption as soon as possible.
  • ASPSPs are required to provide a dedicated interface for certain payment accounts.  The range of accounts and the providers who are excluded are the same as those set out in the consultation, with ASPSPs given until 26 May 2023 to implement the changes.

The changes to the Approach Document include:

  • Amendments to reflect changes resulting from Brexit and the onshoring process, and also to explain how the regulations, rules and guidance apply to firms within the Temporary Permissions Regime (TPR) or Supervised Run-off Regime (SRO).
  • The FCA has revised its view on what can constitute inherence. The FCA has now clarified that it thinks that inherence can be defined as a characteristic attributable to a person regardless of whether it relates to a physical property of the body.  As a result, it can include a behavioural characteristic such as shopping patterns.

The majority of these changes are effective from 30 November 2021, but for some requirements there is a longer lead in time. For example, firms will have until May 2023 to implement the requirement to have dedicated interfaces for some accounts, while the new exemption for AIS access will be available from 26 March 2022.

For more information on this development, take a look at this Engage article by members of Hogan Lovells' London office.

Back to the top

European Union: European Commission issues call for advice on PSD2 review to EBA

On 18 November 2021, the EBA published a call for advice which it had received from the European Commission regarding the review of PSD2 that is currently underway. The objective of the call for advice is to gather evidence on the application and impact of PSD2, including any benefits and challenges that may have arisen in areas including the following:

  • Scope and definitions: whether there are any issues with any of the definitions in PSD2, or business models or services not in scope that should be included?
  • Licensing of payment institutions (PIs) and supervision of payment service providers under PSD2: whether the EBA sees a need to change the PSD2 prudential requirements or a need to allow for more proportionality?
  • Transparency of conditions and information requirements: whether the EBA has identified any need for clarification or amendments of specific provisions in PSD2 on the application of the requirements for transparency of conditions and information requirements?
  • Rights and obligations: whether the EBA has identified any issues with respect to payment transactions where the transaction amount is not known in advance and funds are blocked?
  • Strong customer authentication (SCA): whether the EBA has identified any need to clarify or amend specific provisions in PSD2 related to the application of SCA, or identified any security risks not currently addressed by PSD2? In addition, whether the EBA has identified any unintended consequences of the current rules?
  • Access to and use of payment accounts data in relation to payment initiation services and account information services: whether the EBA has identified impediments in terms of access to and use of payment account data?
  • Access to payment systems and access to accounts maintained with a credit institution: whether the EBA has identified any impediments to the ability of payment institutions and electronic money institutions to access payment systems, and/or payment accounts held by credit institutions, in a way that would undermine the competition enhancing objective of PSD2?
  • Enforcement of PSD2: whether the EBA has identified any shortcomings in the enforcement by the National Competent Authorities of PSD2 rules? In addition, whether the EBA has identified any specific issues in the interplay between PSD2 and other European Regulations and Directives (GDPR, WTR, AMLD, SFD) and forthcoming legal acts (DORA, MiCA)?

The EBA is requested to deliver its response to the European Commission by 30 June 2022.

Back to the top

European Union: European Commissioner for Financial Services gives payments speech

On 16 November 2021, the European Commission published a speech given by Mairead McGuinness, the European Commissioner for Financial Services, Financial Stability and Capital Markets Union. The speech took place at the European Payment Institutions Federation Annual Conference, and discusses EU developments in payments.

In the speech, the Commissioner started by identifying the key trends in payments. New technology has rendered chip-and-pin technology for cards less relevant, as consumers have become used to contactless payments, QR codes, and mobile and digital wallets. Along with this, there are many new payments players offering new services, and these new players are often not banks. This has blurred the lines that traditionally existed between different market players. For example, card service providers are now exploring open banking and instant payments, while fintechs are working with banks. The Commissioner warned that while this increase in competition is good, it does present challenges and risks, which need to be considered.

The speech also considers the following specific issues:

  • Cashless payments. While the pandemic has accelerated the shift towards cashless payments, the Commissioner highlighted the need to ensure that cash remained a viable payment option, as this is vital for financial inclusion.
  • Instant payments. The Commissioner set out the EU's ambition to be a world leader in safe, instant and frictionless payments. This is a key priority, but at the current rate of change it will take a decade to arrive at a full roll-out of instant payments and the Commission is committed to speeding this up as much as possible. Through the Commission's work to date on this, it has identified four main obstacles to making the required progress in this area:
    • Critical mass. There is a need for a critical mass of players across the whole of the EU who can make and receive instant payments. Often, there are situations where there is an available payment sender, but no available receiver (or vice versa).
    • Consumer protection. If consumers are to trust instant payments, then security must be a top priority. While measures like two-factor authentication are already in place, the EU needs to stay ahead of the evolving strategies used by fraudsters.
    • Pricing. Currently, high prices remain a disincentive for consumers. If instant payments are to become the norm, they must become cheaper.
    • Sanctions screening. It is important that international sanctions policies are complied with, but this must be done in a way that does not undermine the frictionless nature of instant payments.
  • IBAN discrimination. The Commissioner noted that IBAN discrimination (where a company or even a public body refuses to make or accept a payment from a non-domestic account) still happens, in spite of being prohibited under the Single Euro Payments Area Regulation. The Commission is committed to eliminating this form of discrimination through enforcement action.
  • Review of PSD2. The Commissioner acknowledged that there are some shortcomings with this Directive, and noted that the EU is already exploring some remedies, for example on the so-called “90-day rule” for strong customer authentication. Another key topic under consideration is whether the current rules on international transactions are good enough.
  • Settlement Finality Directive. The Commission is looking at the possibility of extending the scope of the Directive to include e-money and payment institutions.
  • CBDC and the Digital Euro. The Commissioner noted that the ECB has launched an investigation phase into a digital euro. While this would have a number of advantages, there are also challenges that need to be considered. For example, what would the impact be on banks, payment providers and financial companies? How would the privacy of citizens be safeguarded? How would the digital euro be kept secure?

Back to the top

United Kingdom: FCA second consultation on new consumer duty

On 7 December 2021, the FCA published a second consultation paper (CP21/36) on a new consumer duty for financial services firms, including payments and e-money firms. CP21/36 also includes feedback to the FCA's first consultation paper on a consumer duty (CP21/13), which was published in May 2021.

The FCA’s proposed new consumer duty will consist of:

  • A new consumer Principle that would replace Principles 6 (Treating Customers Fairly) and 7 (Communications with clients). The new Principle will be: "A firm must act to deliver good outcomes for retail customers".
  • Cross-cutting rules that set out how firms should act to deliver good outcomes and provide greater clarity on the FCA's expectations under the new Principle.
  • Rules relating to the four outcomes that the FCA wants to see under the consumer duty. These represent key elements of the firm-consumer relationship that are instrumental in helping to drive good outcomes for customers.

The proposed rules are set out in the draft Consumer Duty Instrument 2022, which is in Appendix 1 to CP21/36. The FCA is also consulting on draft non-handbook guidance for firms to support the consumer duty, which is in Appendix 2.

The consultation closes on 15 February 2022. The FCA intends to publish a policy statement with final rules by 31 July 2022. It proposes that firms should have until 30 April 2023 to fully implement the consumer duty.

For more on this development, take a look at this Engage article by members of Hogan Lovells’ London office.

Back to the top

United Kingdom: PSR publishes policy statement on regulatory framework for New Payments Architecture central infrastructure services

On 9 December 2021, the Payment Systems Regulator (PSR) published a policy statement (PS21/3) and annexes setting out the regulatory framework to address risks to competition and innovation arising from the behaviour of a provider of central infrastructure services (CIS) for the New Payments Architecture (NPA), following a February 2021 consultation.

Following feedback, the PSR still believes that the previously identified monopoly, horizontal competition and vertical competition risks are valid and if they materialise, competition in payment services or between payment systems would be distorted or dampened, leading to higher prices, lower quality of service and less innovation, and potentially significant harm. To mitigate these risks:

  • The PSR has decided that Pay.UK must be the primary interface and decision maker for CIS provision.
  • The new framework reduces the ability and incentive of a CIS provider to act in ways that distort competition or stifle innovation to the detriment of people and businesses. It places obligations on Pay.UK to take steps to lower the risks to competition and innovation, and places requirements on a CIS provider.

The PSR's current thoughts on the design of the NPA are set out in Annex 1 of the policy statement.

The PSR will give directions to Pay.UK and a CIS provider to implement the NPA CIS regulatory framework before the NPA goes live using its powers under the Financial Services (Banking Reform) Act 2013 (FSBRA). Illustrative directions showing how the PSR will implement the framework are included in the Annex document for information purposes. The PSR will consult on draft directions nearer the go-live date for the NPA.

In parallel to the NPA CIS procurement process, the PSR plans to engage with Pay.UK and bidders to understand how they intend to comply with the regulatory framework and to make its expectations clear.

Back to the top

India: Government to ban all private cryptocurrencies and create framework for official digital currency

On 23 November 2021, the Indian government published a bulletin, which includes information on the proposed Cryptocurrency and Regulation of Official Digital Currency Bill that will be introduced in its winter session.

If passed, the Bill will prohibit all private cryptocurrencies in India. However, it will allow for certain exceptions to promote the underlying technology of cryptocurrency and its uses.

The Bill will also seek to create a facilitative framework for creation of the official digital currency to be issued by the Reserve Bank of India.

An earlier draft of the Bill was submitted in January this year. The description of the Bill has remained the same, but the exact differences have yet to be confirmed because the latest draft is not yet publicly available.

Linked to this, on 30 November 2021 it was reported that Nirmala Sitharaman, India's finance minister, told Parliament that there were no plans for the government to recognise bitcoin as legal tender.

Back to the top

Global: CPMI publishes consultative report on extending and aligning cross-border payment systems

On 18 November 2021, the Bank for International Settlements' Committee on Payments and Market Infrastructures (CPMI) published a consultative report on extending and aligning payment system operating hours for cross-border payments. The publication follows the G20's endorsement in October 2020 of a roadmap to enhance cross-border payments. The G20 cross-border payments programme aims to address long-standing challenges in the cross-border payments market, including high costs, low speed, limited access and insufficient transparency.

The report concludes that the current operating hours of RTGS systems vary significantly across jurisdictions, providing significant scope for extension of hours. The report identifies (and considers the implications of) three potential ways that hours could be extended:

  1. Extended hours on current operating days. This end state holds current operating days as fixed and envisions an extension achieved through increased operating hours on those days. If undertaken by multiple jurisdictions, this end state would help to close daily gaps in RTGS operating hours, primarily on standard working days given that the majority of jurisdictions’ RTGS systems currently do not operate on weekends and public holidays. As such, this end state would not address frictions that arise on non-working days. As this is the most incremental of the three end states, it will likely be the easiest to implement.
  2. Expanded hours into current non-operating days (eg, weekends and public holidays). This would involve an expansion of operations into additional days on which a jurisdiction’s RTGS system is not currently operating, thereby addressing the substantial gaps in RTGS operating hours over the course of a week. If undertaken by multiple jurisdictions, this end state would help to close those gaps. For a jurisdiction that does not currently operate on weekends and holidays, an expansion could involve applying current operating hours on working days to weekends and holidays. An alternative expansion could involve weekend and holiday hours that are focused more directly on achieving a specific period of overlap on those days. This end state will likely require more substantial changes to existing operations for a larger number of jurisdictions when compared to end state 1.
  3. 24/7 operations. This would involve a jurisdiction extending its operating hours to 24/7. At present, only a small number of jurisdictions already have RTGS systems that operate 24/7 or near 24/7. Achieving 24/7 operations may require substantial operational changes and other adjustments for many jurisdictions. At the same time, this end state would, if broadly adopted across jurisdictions, largely remove frictions for cross-border payments arising from gaps in RTGS operating hours.

The CPMI invites comments from payment system operators or other interested parties on these three scenarios by 14 January 2022.

Back to the top

United Kingdom: Government to introduce legislation on mandatory reimbursement for scam victims and PSR consults on APP scams

According to a Payment Systems Regulator (PSR) press release published on 18 November 2021, in steps announced by HM Treasury legislative changes will be made by the Government to provide for mandatory reimbursement for scam victims. The PSR’s consultation paper on authorised push payment (APP) scams (CP21/10), also published on 18 November 2021, sets out further details about how that can be achieved when legislation is amended. 

The PSR published a call for views on its proposed measures in this area in February 2021, and the responses to this are considered in CP21/10. The number of reported APP scams in the UK almost doubled between 2019 and 2021, making this a particularly salient issue for the PSR.

The PSR is proposing a number of measures following the call for views responses:

  • Publishing scam data. Requiring the 12 largest payment service provider (PSP) groups in the UK and 2 largest PSPs in Northern Ireland outside those PSP groups to publish comparative data on their performance in relation to levels of APP scams and reimbursement levels for their customer that are APP scam victims. This will allow customers to understand how well their PSP is preventing APP scams and treating the victims of fraud.
  • Intelligence sharing. Supporting and requiring industry to improve intelligence sharing so as to improve detection and prevention of APP scams.
  • Wider reimbursement. Making reimbursement for scam victims mandatory. However, the PSR does note that there may be challenges in implementing this.

The PSR is asking for views on these proposals by 14 January 2022. Subject to feedback, the PSR plans to start implementing these proposals in 2022.

Back to the top

Sri Lanka: Central bank offers worker remittance incentives

On 1 December 2021, it was announced that the Central Bank of Sri Lanka would be paying an incentive of 8 Sri Lankan Rupees per US dollar for workers’ remittances, in addition to the existing incentive of 2 Sri Lankan Rupees under the “Incentive Scheme on Inward Workers’ Remittances”. The incentive payment is available where funds are remitted through Licensed Banks and other internationally accepted formal channels during December 2021.

It is hoped that the incentive will attract more worker remittances into Sri Lanka through formal banking channels and therefore improve foreign currency liquidity in the Sri Lankan foreign exchange market.

Back to the top

United Kingdom: Bank of England speech on enhancing cross-border payments

On 22 November 2021, the Bank of England published a speech given by Victoria Cleland, Executive Director for Banking, Payments and Innovation, on the topic of cross-border payments. The speech was given as a keynote presentation at the Central Bank Payments Conference.

In the speech, Ms Cleland acknowledged the rise in cashless payments, and the importance of resilient and effective payment systems to the financial system and the real economy. Recent years have also seen an increase in the number of cross-border payments. In spite of this, many cross-border payments continue to suffer from long-standing challenges of high costs, low speed, limited access and insufficient transparency. Ms Cleland notes that these frictions are multi-dimensional, meaning solutions must be developed holistically across the whole payments ecosystem, including in relation to issues such as data and messaging standards.

For its part, the Bank of England is planning on enhancing cross-border payments through a programme to renew its RTGS service. This programme is divided into stages:

  • In early 2022, the Bank of England will consult on a range of proposals for enhanced functionality that will enable market participants to offer faster, cheaper and more efficient payment services.
  • In June 2022, RTGS will move to ISO 20022 messaging on a like-for-like basis, followed by enhanced ISO 20022 in February 2023. This move will culminate in full adoption of enhanced data, including mandated use of purpose codes and legal entity identifiers between financial institutions from 2024 onwards.
  • In late 2023, RTGS will migrate to the new core settlement platform.
  • The Bank of England is also exploring the potential to introduce an interface for synchronised settlement in the renewed RTGS. Synchronised settlement is already prevalent in the UK in the foreign exchange and securities markets. If the Bank of England builds a generic interface that can extend the benefits of synchronised settlement to a wide range of markets and users, RTGS could connect to a broader range of digital asset ledgers and other payment systems.

Back to the top

Egypt: Central Bank approves instant payment regulations

On 8 November 2021, it was reported that the Central Bank of Egypt has approved regulations allowing Egyptian residents to make instant electronic payments through their mobile phones. In its statement, the central bank also announced a new network that will allow bank accounts and transfers through an app.

The move follows the Central Bank's approval of contactless payments through mobile phones (see September's Global Payments Newsletter for more details).

Back to the top

United Kingdom: UK Finance publishes report on the future strategy for open banking payments

On 22 November 2021, UK Finance published a report on its future strategy for open banking payments. In the report, UK Finance identifies a number of enhancements to open banking which could improve customer experience, and makes recommendations in two specific areas:

  • Governance. The further development of open banking payments standards and functionality would benefit from industry governance and an associated technical group. This should be considered once the Competition and Markets Authority's (CMA) decision on open banking governance and the successor body to the Open Banking Implementation Entity (OBIE) has been made. This issue requires careful consideration to ensure that the governance structure chosen is representative and commands industry-wide support.
  • Multi-lateral industry framework. Further work is required to explore the development of a voluntary multi-lateral industry framework to introduce commercial application programme interfaces and functionality/performance that sits outside the CMA Order and/or PSD2.

The report also contains case studies which showcase different ways that open banking enhancements could be achieved. For example, by increasing payment execution certainty and visibility of payment status.

UK Finance plans to take forward these recommendations between now and the end of Q1 2022.

Back to the top

European Union: EPC publishes guidance on SEPA SCT and SDD rulebooks

On 22 November 2022, the European Payments Council (EPC) published a number of revised guidance documents relating to the Single Euro Payments Area (SEPA) scheme rulebooks:

Back to the top

European Union: EPC publishes revised SEPA request-to-pay rulebook

On 30 November 2021, the European Payments Council (EPC) published a second version of its SEPA request-to-pay scheme rulebook. The rulebook covers the operating rules and technical elements that allow payees to request initiation of payments from payers in online and real world use cases. This second version has been published following comments received on a public consultation on the changes.

The revisions include a number of enhanced functionalities, including the possibility to populate a URL, the currency agnosticism principle and the request for payment guarantee.

The effective date of this version of the rulebook is set to be 1 June 2022, and the EPC will publish related implementation guidelines on 24 December 2021. However, the obligation to exchange SRTP messages based on API (application programming interface) to ensure full reachability will become effective at a later date, to be determined and communicated in due course.

Back to the top

United Kingdom: PSR consults on wider implementation of confirmation of payee service

On 2 December 2021, the Payment Systems Regulator (PSR) published a consultation paper on confirmation of payee (CP21/11), which covers the wider implementation of the confirmation of payee (CoP) service.

Phase 1 of CoP allowed payment service providers (PSPs) that operate accounts with a unique sort code and account number to implement CoP. Phase 2 has now been developed, which means that there are currently two sets of rules and standards. PSPs that now join CoP will operate in the Phase 2 environment rather than using the Phase 1 rules and standards.

To avoid complications arising out of the dual running system, PSPs operating under Phase 1 will migrate to Phase 2 by 30 March 2022. To this end, the PSR plans to give a direction that:

  • Requires Pay.UK to terminate the terms and conditions for participating in Phase 1, withdraws each PSP’s CoP Phase 1 accreditation, and retires the Phase 1 rules and standards by 30 April 2022;
  • Requires Pay.UK to notify the Open Banking Implementation Entity (OBIE) of this action, so that the OBIE can close the Phase 1 technical environment, and prevents Phase 1 PSPs from using that environment after 30 April 2022;
  • Requires relevant PSPs to regularly report to Pay.UK on their progress in migrating CoP traffic to the Phase 2 Open Banking environment by 1 April 2022, and requires Pay.UK to relay that information and its own assessment of risks to migration to the PSR;
  • Requires relevant PSPs to undergo enhanced reporting to both Pay.UK and the PSR if they are at significant risk of failing to migrate by 1 April 2022, with an obligation to implement a remediation plan; and
  • Revokes SD10 (Specific Direction 10, which was a direction to the UK's six largest banking groups to fully implement CoP) on 30 April 2022.

The consultation paper asks for views on these proposals, and the deadline for comments is 17 December 2021.

Back to the top

European Union: ECB publishes Eurosystem oversight framework for electronic payment instruments

On 22 November 2021, the European Central Bank (ECB) published its Eurosystem oversight framework for electronic payment instruments, schemes and arrangements. In addition, the ECB has published an exemption policy and assessment methodology, which sets out the cases in which a scheme/arrangement may be exempt from the framework.

The framework is designed to make the current and future payments ecosystem safer and more efficient, and has been issued pursuant to the ECB’s statutory obligation to promote the smooth operation of payment systems. The framework replaces the current oversight approach. In the accompanying press release, the ECB states that the new framework will be used to oversee companies enabling or supporting the use of payment cards, credit transfers, direct debits, e-money transfers and digital payment tokens, including electronic wallets. The framework will also cover cryptoasset-related services, such as the acceptance of crypto-assets by merchants within a card payment scheme and the option to send, receive or pay with cryptoassets via an electronic wallet.

Companies subject to the pre-existing Eurosystem oversight framework are expected to comply with the new framework by 15 November 2022.

Back to the top

United Kingdom: Law Commission publishes update paper on digital assets

On 24 November 2021, the Law Commission published an interim update on digital assets. The update follows the Law Commission's call for evidence on digital assets, which closed on 30 July 2021.

The call for evidence asked respondents to provide evidence on existing practical issues arising from applying English law to digital assets, and how market practice attempts to resolve those issues. In particular, the call for evidence asked for respondents' views on the concept of possession in relation to digital assets. The interim update provides an update to the Law Commission's work and expected timeline based on the responses received from respondents and additional work completed by the Law Commission.

The Law Commission notes that it remains neutral as to the advantages and disadvantages of any particular digital asset, cryptoasset, protocol or system. They note that the call for evidence used the term “digital assets” in a broad sense, but that many respondents suggested that the next phase of the Law Commission's work should distinguish between different sub-categories of digital asset. These sub-categories include cryptoassets and other digital assets such as in-game assets. In this interim update, the Law Commission says that it recognises that "digital assets" is a broad term which will require further sub-division.

The Law Commission also notes that many respondents suggested that it would be useful to resolve the ambiguity as to the legal categorisation of certain digital assets. They state that their forthcoming consultation paper will consider whether it would be most appropriate for English law to recognise that certain digital assets could fall within a new “third category” of personal property.

There is also a need to consider how other existing legal concepts will apply to digital assets. For example, how security is taken over digital assets or how legal actions or remedies can protect digital assets.

The Law Commission plans to publish its digital assets consultation paper in mid-2022.

Back to the top

United Kingdom: ASA publishes statement on crypto advertising

On 23 November 2021, the Advertising Standards Authority (ASA) published a statement on its plans to address concerns relating to cryptoasset advertising. The statement says that the ASA is currently investigating a number of crypto-related advertisements, where they have concerns about:

  • Lack of appropriate risk warnings;
  • The trivialisation of investments in cryptocurrency;
  • Advertisements taking advantage of consumers’ inexperience or incredulity; and/or
  • Irresponsible advertising (for example, creating a sense of urgency to invest).

The statement also says that the ASA hopes to provide clarity through its rulings in these cases, which it hopes to publish in mid-December.

Back to the top

China: Central bank planning supervisory actions in relation to the metaverse and NFTs

On 1 December 2021, it was reported that the People's Bank of China is considering expanding its supervisory activity in relation to cryptoassets into the metaverse and non-fungible tokens (NFTs).

The director of the People's Bank of China's AML unit, Gou Wenjun, is reported as having stated recently that there are risks associated with not regulating new crypto trends such as NFTs and the metaverse. While acknowledging that digital assets could have privacy advantages, this also means that they are susceptible to being used for illicit purposes. Mr Wenjun added that the fast-paced changes in this area would require high levels of supervision.

Mr Wenjun also suggested some potential policies in this area to alleviate these issues:

  • Improvements in the transparency of virtual assets;
  • The use of sandboxes to understand virtual assets better;
  • Strengthening of the monitoring of digital asset transactions in China. This could be done with the help of new technologies, which could use AI and machine learning to track virtual asset accounts; and
  • Global cooperation to tackle crypto-related crimes.

Back to the top

United States: Concerns raised about ambiguity in Infrastructure Act crypto provisions

On 15 November 2021, the Infrastructure Investment and Jobs Act was signed into law by US President Joe Biden. The bill contains a provision which would tax cryptocurrency trades, and there are concerns that the provisions of this section of the bill are ambiguous, which could stifle growth in this area of the US economy. There are also concerns about the information sharing requirements imposed on crypto users by the Act.

As a result, it has been reported that a bipartisan group of congressional representatives have introduced a bill which intends to address these issues.

Back to the top

United Kingdom: HMT publishes AML and CTF supervision report

On 19 November 2021, HM Treasury (HMT) published its anti-money laundering (AML) and counter-terrorist financing (CTF) supervision report for 2019 to 2020.

The report shows improvement in various areas of AML and CTF supervision. However, it also notes that the Financial Action Task Force (FATF) has assessed the UK's supervision regime to be only moderately effective. In particular, FATF found that there were significant weaknesses in the risk-based approach to supervision among all the UK AML/CTF supervisors, with the exception of the Gambling Commission.

The report also states that enforcement action has slightly decreased since 2018-19, with the total number of fines issued dropping from 376 to 320. The total sum of fines has decreased from £121.8 million in 2018-19 to £53.2 million in 2019-20.

HMT also notes that it has a legal obligation to conduct a review of the Money Laundering Regulations 2017 (MLRs) and Office for Professional Body Anti-Money Laundering Supervision (OPBAS) regulations by 26 June 2022. HMT notes that the UK's departure from the EU provides the UK with a unique opportunity to reflect on how the UK can continue to develop its domestic response to economic crime.

The final statutory instrument containing some time-sensitive updates to the MLRs, and as consulted on by HMT in July 2021, is due to be laid in Spring 2022, and the final report on the wider MLRs review is due to be published in June 2022.

Back to the top

United States: FinCEN proposes new AML rules

On 7 December 2021, the Financial Crimes Enforcement Network (FinCEN) issued a Notice of Proposed Rulemaking to implement the beneficial ownership information reporting provisions of the Corporate Transparency Act.

The proposal contains rules on who must report beneficial ownership information, when they must report it, and what information they must provide. Specifically, the proposed rules would require reporting companies to file reports with FinCEN that identify two categories of individuals: (i) the beneficial owners of the entity; and (ii) individuals who have filed an application with specified governmental or tribal authorities to form the entity or register it to do business. The rules will apply to both foreign and domestic corporations.

FinCEN welcomes comments on the proposals before 7 February 2022.

Back to the top

European Union: European Parliament and Council reach political agreement on DLT pilot regime

On 24 November 2021, the European Parliament announced that it had reached an agreement with the European Council on a proposal for a regulation on a pilot regime for market infrastructures based on distributed ledger technology (DLT). The proposal forms part of the EU's Digital Finance Strategy, which aims to ensure that the European Union’s financial services legislation is fit for the digital age.

The pilot regime follows the ‘sandbox’ approach, allowing for temporary derogations from certain requirements imposed by EU financial services legislation. It is hoped that the experience gained with the pilot regime should help identify practical proposals for new rules on trading and settlement of transactions in financial instruments based on DLT.

Commenting on the plans, MEP Johan Van Overtveldt said that: "DLT can bring a number of potential benefits in the provision of financial services, including reduced complexity, improved end-to-end processing speed, strengthened network resilience, and reduced operational and financial risks. The agreement struck on the DLT pilot regime should help to foster the development of successful DLT projects within the EU. At the same time we managed to build in sufficient safeguards to maintain financial stability, market integrity and a level playing field".

Back to the top

United Kingdom: DCMS publishes response to call for views on supply chain security

On 15 November 2021, the Department for Digital, Culture, Media & Sport (DCMS) published its response to its call for views on supply chain security. The DCMS proposes to impose certain obligations on organisations in relation to their digital supply chains and third party IT services, including:

  • Having policies to protect devices and prevent unauthorised access;
  • Ensuring data is protected at rest and in transit;
  • Keeping secure and accessible backups of data; and
  • Training staff and pursuing a positive cyber security culture.

The call for views received 214 responses, confirming to the DCMS that the key barriers to effective supply chain risk management are:

  • Limited recognition of supplier cyber security risks;
  • Limited visibility into supply chains; and
  • A lack of effective tools allowing firms to evaluate cyber risk.

In addition, the responses highlighted to the DCMS that the risks associated with systematic dependence on a small number of managed service providers need to be managed proactively.

The feedback also showed support for a number of the government's proposed policies, including minimum requirements in public procurement and having a certification system in place.

Back to the top

European Union: Council publishes mandate for negotiations with European Parliament on Digital Finance Strategy legislative proposals

On 24 November 2021, the Council of the European Union published its mandate for negotiations with the European Parliament in relation to the following legislative proposals:

  • Proposal for a Regulation of the European Parliament and of the Council on Markets in Cryptoassets, and amending Directive (EU) 2019/1937 (MiCA, available here);
  • Proposal for a Regulation of the European Parliament and of the Council on digital operational resilience for the financial sector and amending Regulations (EC) No 1060/2009, (EU) No 648/2012, (EU) No 600/2014 and (EU) No 909/2014 (DORA, available here); and
  • Proposal for a Directive of the European Parliament and of the Council amending Directives 2006/43/EC, 2009/65/EC, 2009/138/EU, 2011/61/EU, EU/2013/36, 2014/65/EU, (EU) 2015/2366 and EU/2016/2341 (available here).

The mandate explains that the purpose of MiCA is to create a regulatory framework for the cryptoassets market that supports innovation and draws on the potential of cryptoassets in a way that preserves financial stability and protects investors. The purpose of DORA is to create a regulatory framework on digital operational resilience whereby all firms ensure they can withstand all types of ICT-related disruptions and threats, in order to prevent and mitigate cyber threats.

The Council and the European Parliament will now enter negotiations on the proposals. Once a provisional political agreement is reached, both institutions will formally adopt the regulations.

Back to the top

European Union: Council agrees position on Digital Markets Act proposal

On 25 November 2021, it was announced that the Council of the European Union had agreed its position on the proposal for a Digital Markets Act.

The proposal aims to create a level playing field in the digital sector, with clear rights and obligations for large online platforms. It is targeted at "gatekeepers" who control core platform services, including online intermediation services (such as marketplaces and app stores) and cloud services. Providers will be designated as gatekeepers if they meet certain size thresholds, which are designed to assess whether they can impact the effective functioning of the single market.

The Council has made a number of changes to the European Commission's initial proposal, including:

  • The Council’s text shortens the deadlines and changes the criteria for the designation of gatekeepers;
  • The text includes an annex that defines ‘active end users’ and ‘active business users’;
  • Changes were made in order to make the structure and the scope of obligations clearer and more future-proof;
  • The text proposes a new obligation that enhances the right of end users to unsubscribe from core platform services;
  • Provisions on regulatory dialogue were amended to ensure that the discretionary power of the European Commission to engage in this dialogue is used appropriately; and
  • To prevent fragmentation of the internal market, the text confirms the European Commission as the sole enforcer of the regulation. Member states can empower national competition authorities to start investigations into possible infringements and transmit their findings to the European Commission.

The general approach reached by the Council completes the negotiating position agreed by the Council and as a result further discussions with the European Parliament will take place in 2022.

Back to the top

European Union: European Parliament publishes texts of adopted ECON reports on proposed Regulation on digital operational resilience and proposed Directive supporting EU Digital Finance Strategy

On 7 December 2021, the European Parliament published the text of the report (A9-0341/2021) adopted by its Economic and Monetary Affairs Committee (ECON) on the proposed Regulation on digital operational resilience for the financial sector (DORA) (2020/0266(COD)). DORA is part of the EU Digital Finance Strategy. The report, which ECON voted to adopt on 1 December 2021, contains a draft Parliament legislative resolution, the text of which sets out suggested amendments to the proposed Directive. According to the Parliament's procedure file, the report has now been tabled for the Parliament to consider in plenary.

Also on 7 December 2021 and as part of the EU Digital Finance Strategy, the European Parliament published the text of the report (A9-0340/2021) adopted by ECON on the proposed Directive amending Directives 2006/43/EC, 2009/65/EC, 2009/138/EU, 2011/61/EU, 2013/36/EU, 2014/65/EU, (EU) 2015/2366 and (EU) 2016/2341 (2020/0268(COD)). The report, which ECON voted to adopt on 1 December 2021, contains a draft Parliament legislative resolution, the text of which sets out suggested amendments to the proposed Directive. According to the Parliament's procedure file, the report has now been tabled for the Parliament to consider in plenary.

Back to the top

UK and Singapore: Agreement in principle for new digital trade deal

On 9 December 2021, the UK and Singapore announced an agreement in principle for a new Digital Economy Agreement (DEA). Documents accompanying the announcements from the UK and Singapore governments set out details of the specific commitments, which include commitments:

  • To support the development of safe and secure cross-border e-payments, including by encouraging open application programming interfaces (APIs), adopting internationally accepted standards and promoting interoperability between e-payment systems.
  • On financial services, to permit the transfer of financial information and data, to promote transparency for accessing electronic payments, and to co-operate on international standards and on innovative financial services such as financial and regulatory technology. The parties also commit to revitalise the existing UK-Singapore FinTech Bridge.
  • Not to introduce unjustified data localisation requirements.
  • To promote personal data protection, ban misleading, deceptive, fraudulent and unfair commercial practices, and make it easier for consumers to opt out of unsolicited "spam" emails.
  • Not to require transfer of intellectual property, including source code and cryptographic algorithms.
  • To expand access to, and the use of, government data.

The parties will now aim to finalise the legal text before signing, ratifying and implementing the agreement.

Memoranda of understanding on cybersecurity, digital identities and the digital facilitation of trade have also been signed by the parties.

Back online

Global: IOSCO consults on recommendations related to use of innovation facilitators

On 7 December 2021, the International Organisation of Securities Commissions (IOSCO) published a consultation report on the use of innovation facilitators in growth and emerging markets (CR07/2021).

The consultation focuses on three types of "innovation facilitators", namely innovation hubs, regulatory sandboxes and regulatory accelerators. It:

  • refers to work IOSCO has been conducting relating to FinTech and the increasingly important synergy between FinTech and regulation;
  • highlights the possibility that FinTech may have a greater impact on emerging markets due to lack of legacy systems, combined with the potential to bring about greater financial inclusion; and
  • sets out recommendations for emerging market member jurisdictions to consider when setting up innovation facilitators.

Chapter 3 of the consultation includes a discussion about the FCA's regulatory sandbox and the Bank of England's regulatory accelerator.

The consultation closes on 6 February 2022.

Back to the top

Global: WTO members negotiate new agreement on trade in services

On 2 December 2021, 67 members of the World Trade Organization (WTO), including the UK and the EU, published a declaration announcing the conclusion of negotiations on the Joint Initiative on Services Domestic Regulation, a new agreement aimed at reducing regulatory barriers to trade in services. See also the WTO press release and the UK government announcement on this development. A factsheet on the new agreement has also been published.

The agreement sets out new disciplines focused on the process of authorisation to supply a service, and seeks to facilitate trade in services by ensuring that authorisation procedures do not act as barriers to trade. The disciplines apply to measures by WTO members relating to licensing requirements and procedures, qualification requirements and procedures, and technical standards affecting trade in services. Financial services are subject to specific disciplines set out in section III of the new agreement.

The disciplines will apply to specific services sectors in relation to which the participating members have agreed to be bound in their WTO services schedules. Those schedules will be amended to take account of the new agreement, and amended schedules have been submitted for certification by most but not all of the participating members, with the rest expected to be submitted in 2022.

Back to the top

United Kingdom: FCA publishes discussion paper on compensation framework review

On 6 December 2021, the FCA published a discussion paper (DP21/5) on improving aspects of the compensation framework for which it is responsible.

The Financial Services Compensation Scheme's (FSCS) operating costs and compensation payments are funded by levies on financial services firms. Increasing compensation costs seen in recent years have prompted questions about the fairness of FSCS levies and how the FSCS should be funded.

In the discussion paper, the FCA:

  • Proposes four key principles to underpin the design of the compensation framework, building on principles established as part of the previous 2016-2018 review of the framework.
  • Considers the fundamental purpose of the FSCS, how it fits into the wider regulatory framework and the benefits of having an appropriate and proportionate compensation framework.
  • Discusses the scope of FSCS protection and asks whether any changes could be justified, including whether there may be benefits in not covering non-mainstream, speculative products.
  • Looks at who should be eligible to claim compensation from the FSCS, eg whether high net worth and/or sophisticated individuals should be excluded from being able to claim in certain circumstances.
  • Considers the limits on compensation payable by the FSCS, including the potential introduction of periodic reviews of the compensation limit to ensure consumers are not disadvantaged by inflation increases.
  • Considers how the compensation framework should be funded.
  • Invites further suggestions about potential improvements to other aspects of the compensation framework.

Comments can be made on the discussion paper until 4 March 2022. The FCA will consider feedback received and publish a feedback statement during 2022 that will outline any further steps it intends to take. It also plans to engage with stakeholders directly during Q1 2022, once it has had the opportunity to hear stakeholders' initial views.

Back to the top

United Kingdom: LSB publishes report with recommendations on future of Access to Banking Standard

On 10 December 2021, the Lending Standards Board (LSB) published a report setting out its recommendations following a review of the Access to Banking Standard (consulted on in June 2021).

The review concluded that the standard's objectives are clear and that it has successfully benefitted customers by improving communications and support following bank branch closures. However, areas for improvement were identified and to ensure good future outcomes in the future, the LSB recommends that:

  • Oversight of branch closures and changes in branch service provision, currently provided for through the standard, is transitioned so that the FCA becomes the sole regulator, with firms supporting an orderly winddown of LSB oversight (currently both the LSB and the FCA have oversight).
  • UK Finance and signatory firms encourage the FCA to adopt a regulatory approach that maintains or enhances the expectations on firms, currently set out in the standard and supporting guidance.
  • Signatory firms maintain their commitment to the standard to ensure that customers continue to benefit from the protections it offers as oversight of branch closures is transitioned.
  • Firms support industry efforts to provide access to in-person banking alternatives that meet the needs of personal and SME customers and take steps to support customers to use digital and physical alternatives where they are available.

The LSB will continue to oversee the standard until a clear timeframe for next steps is agreed with firms, UK Finance and any other key stakeholders.

Back to the top

European Union: EBA consults on draft remote customer onboarding guidelines under MLD4

On 10 December 2021, the EBA published a consultation paper (EBA/CP/2021/40) on draft guidelines on the use of remote customer onboarding solutions under Article 13(1) of the Fourth Money Laundering Directive ((EU) 2015/849) (MLD4). The draft guidelines have been developed in the context of the EU Digital Finance Strategy,

The draft guidelines set out common standards for competent authorities on the steps that financial sector operators should take to ensure development and implementation of sound, risk-sensitive initial customer due diligence (CDD) processes in the remote customer onboarding context. These standards are consistent with applicable anti-money laundering and counter terrorist financing (AML/CFT) legislation and the EU's data protection framework.

The consultation closes on 10 March 2022. The EBA will hold a public meeting to discuss its proposals on 24 February 2022. Once adopted, the guidelines will apply to all financial sector operators that are within the scope of the MLD 4.

Back to the top

United Kingdom: House of Commons EU Scrutiny Committee asks HM Treasury about possible UK/EU divergence in AML and CTF

On 3 December 2021, the House of Commons European Scrutiny Committee published a letter (dated 1 December 2021) from Sir William Cash, Committee Chair, to John Glen, Economic Secretary to the Treasury, on the implications for the UK of the EU reforming its anti-money laundering (AML) and counter-terrorist financing (CTF) regime.

Sir William refers to the package of AML and CTF legislative measures the European Commission adopted in June 2021. He notes that these changes will not apply to the UK, but recognises that they may, nonetheless, impact domestic policy and legislative choices. He asks for information on a number of matters as follows:

  • One of the actions in the government's Economic Crime Plan 2019-22 is for HM Treasury to review the effectiveness and scope of the UK AML and CTF regime by June 2022. Sir William asks what progress HM Treasury has made and how supportive stakeholders are of changes.
  • Lord Frost has said that more should be done to ensure AML regulations do not place a disproportionate burden on business. Sir William asks how HM Treasury's review fits into the government's wider review of retained EU law, how the government intends to involve Parliament in these reviews and how soon it expects to make concrete recommendations for changes to retained EU law.
  • Sir William wants to know what approach the government will take to weighing the costs and benefits of divergence and whether its assessments will be made public. He also asks about the extent Article 653 of the UK-EU Trade and Co-operation Agreement (TCA) may limit the government's flexibility to deregulate in this area, given it may be perceived as weakening the current UK regime. He wonders how divergence may affect existing or future financial services equivalence decisions and the continued participation of UK firms in the Single Euro Payment Area (SEPA).
  • Sir William wonders whether this is an area in which the government would welcome closer regulatory co-operation with the EU. He asks about the progress of the UK-EU Memorandum of Understanding on Financial Services and whether the forum envisaged provides space for AML and CTF discussions.

Back to the top

European Union: Council of EU agrees negotiating mandate and ECB publishes opinion on proposed Regulation on information accompanying transfers of funds and certain cryptoassets

On 1 December 2021, the Council of the EU published a press release announcing that EU ambassadors have agreed on a mandate to negotiate with the European Parliament on the proposed Regulation on information accompanying transfers of funds and certain cryptoassets (2021/0241(COD)).

The Council explains in the press release that the modifications it has introduced to the proposed Regulation are intended to streamline and clarify the Commission's legislative proposal, in particular by:

  • Introducing requirements for cryptoasset transfers between cryptoasset service providers and un-hosted wallets.
  • Requiring that the full set of originator information travel with the crypto-asset transfer, irrespective of the transaction amount.
  • Synchronising the application of the proposal on transfer of funds and the proposed Regulation on markets in cryptoassets (MiCA), due to the urgent need to ensure traceability of cryptoasset transfers.

The Council has also published an "I" item note (14259/21) (dated 29 November 2021) containing a mandate for negotiations with the European Parliament on the proposed Regulation. In the note, it:

  • Suggests that its Permanent Representatives Committee (COREPER) agrees the negotiating mandate with regard to the proposed Regulation as set out in an attached Presidency compromise proposal.
  • Invites the Presidency to start negotiations with the Parliament, on the basis of the mandate, with a view to reaching agreement at first reading.

Also on 1 December 2021, the European Central Bank (ECB) published an opinion (CON/2021/37) on the legislative proposal. Among other things, the ECB calls for revisions to the proposed text for the Regulation relating to (i) the definition of cryptoassets; (ii) reference to official currencies; and (iii) date of application. The ECB suggests that the Regulation should apply from the same date as MiCA.

The Commission adopted the legislative proposal for the Regulation in July 2021 as part of a package of measures relating to AML and CTF. The Regulation is intended to revise and recast the revised Wire Transfer Regulation ((EU) 2015/847) (WTR).

Back to the top

European Union: EDPB publishes Guidelines 05/2021 on interplay between application of article 3 and provisions on international transfers as per Chapter V of GDPR

On 18 November 2021, the European Data Protection Board (EDPB) published its Guidelines 05/2021 on the interplay between the application of article 3 and the provisions on international transfers as per Chapter V of the GDPR.

Key points covered in the Guidelines include:

  • The Guidelines define the concept of “international data transfer”. In order to qualify as a “transfer”, a processing activity needs to meet three cumulative criteria: (1) the exporter (controller or processor) is subject to the GDPR for the given processing; (2) the exporter discloses by transmission, or otherwise makes personal data subject to this processing available to the importer (controller or processor); and (3) the importer is located in a third country or is an international organisation, irrespective of whether or not the importer is subject to the GDPR in respect of the given processing in accordance with article 3 GDPR.
  • Exporters subject to the GDPR and located outside of the EU will also have to comply with the obligations in relation to international data transfers when transferring data to a third country or to an international organisation.
  • The concept of international data transfer only applies to disclosures of personal data between two different and separate entities. As such, Example 5 makes it clear that the remote access of personal data by an employee (employed by a Polish company) from a third country does not qualify as a transfer since the employee is an integral part of the employer.

For more key points from the Guidelines, take a look at this Engage article by members of Hogan Lovells’ London office.

The public consultation on the Guidelines runs from 19 November 2021 until 31 January 2022.

Back to the top

Rwanda: New data protection law enters into force

On 13 October 2021, Rwanda's first data protection legislation, Law No. 058/2021 Relating to the Protection of Personal Data and Privacy ("Data Protection Law" or "Law") was enacted. It entered into force on 15 October 2021.

Key points on the new Law include:

  • It applies to controllers and processors located in Rwanda, but also to controllers and processors with no local presence, so long as they process the data of individuals located in the country. It goes further than the EU GDPR in that it does not limit its extraterritorial scope to processing activities related to the offering of goods or services and the monitoring of data subjects' behaviour taking place in Rwanda.
  • There are eight legal bases for processing personal data, namely consent, contractual necessity, legal obligation, protection of the data subject's vital interest, duty carried out in the public interest or in the course of an official authority, performance of the duties of a public entity, legitimate interest of the data controller or third-party recipient, and research purposes subject to authorisation by the relevant institution. Consent must be provided on an opt-in basis and for a specified purpose. With regard to children under the age of 16, consent must be obtained from the child's guardian.
  • Rwanda is one of the few Africa jurisdictions (along with Chad and the Ivory Coast) which has decided to legislate on data protection without creating a separate data protection authority. The supervisory authority is the National Cybersecurity Authority (NCSA). Rwanda also has sector-specific regulatory authorities (such as the Rwanda Utility Regulatory Authority in the ICT sector) responsible for overseeing sector-specific compliance. The competent authority may, in conjunction with the supervisory authority, put in place other sector-specific regulations governing the protection of personal data and privacy.

New controllers and processors are expected to immediately comply with the Data Protection Law, whereas those who already process personal data within the scope of Rwandan law have until 14 October 2023 to become compliant.

For more on this development, take a look at this Engage article by members of Hogan Lovells’ Paris office.

Back to the top

Global: FSB launches survey on impact of existing national and regional data frameworks on cross-border data flows

On 10 December 2021, the Financial Stability Board (FSB) published a press release launching an online survey of existing national and regional data frameworks relevant to the functioning, regulation and supervision of cross-border payment arrangements, with a view to identifying issues relating to cross-border use of those data by national authorities and the private sector.

The survey is being carried out as part of the FSB's work under "building block 6" of the roadmap for enhancing cross-border payments.

The FSB explains that the data frameworks within scope of the survey include:

  • Domestic data frameworks, including rules, regulations, guidelines and supervisory guidance, that affect the provision of, or access to, cross-border payment services in one or more jurisdictions, or the manner in which those services utilise cross-border payments data in one or more jurisdictions.
  • Implementation of international standards from the FSB and other standard-setting bodies, including the Basel Committee on Banking Supervision (BCBS), Committee on Payments and Market Infrastructures (CPMI) Financial Action Task Force (FATF), International Association of Insurance Supervisors (IAIS) and International Organization of Securities Commissions (IOSCO), if not included as part of formal domestic data frameworks.
  • Other international efforts, arrangements, or agreements that jurisdictions may implement in their domestic data frameworks or that may affect cross-border data flows.

The FSB invites feedback from banks, non-banks, financial market infrastructures, academics and industry associations. The deadline for responses to the survey is 14 January 2022.

Responses to the survey will support the FSB’s member authorities in the analysis of the constraints on cross-border data flows imposed by existing national and regional data frameworks.

Back to the top

United Kingdom: FCA announces changes to its Executive Committee

On 6 December 2021, the FCA published a press release announcing the following changes to its Executive Committee:

  • It has appointed Stephen Braviner Roman as General Counsel.
  • David Scott, who has held the role of General Counsel on an interim basis since June 2021, will continue to work at the FCA part-time during a handover period.
  • Megan Butler has decided to step down from her role as Executive Director of Transformation in spring 2022. The FCA has appointed Emily Shepperd to lead the next phase of the FCA's transformation programme alongside her role as Executive Director of Authorisations.

Back to the top

European Union: European Commission speech on plans for 2022

On 3 December 2021, the European Commission published a speech given by Mairead McGuinness, European Commissioner for Financial Services, Financial Stability and Capital Markets Union (CMU), at a structured dialogue with the European Parliament's Economic and Monetary Affairs Committee (ECON).

Among other things, Ms McGuinness talked about some of the work the Commission has planned for 2022 including digital finance. Ms McGuinness observes that the crypto markets are growing very rapidly and pose particular risks to consumers, market integrity and potentially for financial stability. The proposed Regulation on markets in cryptoassets (MiCA) is designed to address these risks. Ms McGuinness considers that time is of the essence. The markets are moving every day, and regulators around the world are taking measures. It is really important that the EU has a framework in place as soon as possible to protect the integrity of its markets.

Back to the top

United Kingdom: FOS launches action plan to change and improve service

On 2 December 2021, the Financial Ombudsman Service (FOS) published an action plan setting out the key strategic and operational changes it is undertaking to change and improve its service. This follows an independent review of the FOS, which was commissioned by its board in July 2021.

Alongside the action plan, the FOS has published a report setting out the findings and recommendations from the review, of which the FOS is fully supportive. It notes that although the review highlights its strengths, it also supports the FOS' view that, even with the changes and innovations it is currently making to clear the backlog of cases, it needs to go further and faster.

In the light of the review, the FOS is proposing changes focusing on the following five themes:

  • A new model for a new context.
  • Enhanced technology and digital capabilities, including developing a digital portal to make it easier and more efficient for customers to interact with it.
  • A renewed emphasis on communications, policy and engagement.
  • A clearer, actionable and measurable strategy.
  • A financially sustainable future.

The FOS has set up a change programme to consider and refine the recommendations. By April 2022, among other things, it aims to have published its refreshed strategy with key milestones, designed a target operating model and be moving towards it, and designed its digital portal.

Back to the top

United Kingdom: Digital Regulation Cooperation Forum launches technology horizon scanning programme

On 29 November 2021, the Digital Regulation Cooperation Forum (DRCF) announced that it has launched a technology horizon scanning programme, to provide a coherent view of new and emerging digital markets and technologies.

The DRCF comprises the Competition and Markets Authority (CMA), Ofcom, the Information Commissioner's Office (ICO) and the FCA and is intended to ensure a greater level of coordination between the different regulators of online services in order to drive a coherent approach to digital regulation.

The DRCF will provide updates on its progress and future priorities in the upcoming DRCF workplan for 2022-23.

Back to the top

United Kingdom: Law Commission publishes advice to government on smart contracts

On 25 November 2021, the Law Commission published its advice to the government on smart legal contracts, building on the previous findings of the UK Jurisdiction Taskforce.

 Overall, the Law Commission considers that current legal principles can apply to smart legal contracts in largely the same way as they do to traditional contracts and that there is no need for statutory reform, although the rules may need incremental development in some areas.

Where the Law Commission identifies possible problems, it suggests how these could be accommodated by existing rules, and also highlights particular issues to consider (and provide for) in any smart legal contract to mitigate these problem areas. 

Further work is needed to understand how the law of deeds and private international law (jurisdiction) can support the use of smart contract technology.

Back to the top

Global: FSB reports on November 2021 plenary meeting

On 18 November 2021, the Financial Stability Board (FSB) published a press release following its plenary meeting in Basel. Among other things, the plenary discussed the FSB's work programme for 2022. The main priorities include international co-operation and co-ordination in financial authorities' response to COVID-19, containing the risks from the use of crypto technology while harnessing the benefits, assessing and addressing financial risks from climate change and finalising and monitoring implementation of the post-2008 crisis reforms. The finalised 2022 work programme will be published in January 2022.

Back to the top

Payment Market Developments

Uganda: TerraPay partners with MTN Mobile Money Uganda on cross-border payments

On 15 November 2021, it was reported that TerraPay, the global payments infrastructure company, has partnered with MTN Mobile Money Uganda, a leading Ugandan telecoms company, on cross-border payments. Since April 2020 TerraPay has been facilitating inward remittances to mobile wallets in Uganda. However, it is now expanding its activities to remittances out of Uganda.

Back to the top

Philippines: PLDT taps Vesta for anti-fraud solution

On 16 November 2021, it was reported that PLDT, a Philippine telecoms company, is using Vesta's anti-fraud solution to protect online payments made by their customers. Vesta uses a real-time decisioning platform to identify and reject illegitimate transactions.

Back to the top

Portugal: Klarna launches "Pay in 3"

On 17 November 2021, it was announced that Klarna has launched its "Pay in 3" service in Portugal. The service allows consumers to shop online and pay in three interest-free payments of equal size. The feature is also available in non-Klarna retailers, via the "Shop Anywhere" service.

Back to the top

South America: TerraPay launches in 16 countries

On 19 November 2021, it was announced that TerraPay, the global payments infrastructure company, is launching in Mexico, Argentina, Bolivia, Brazil, Chile, Colombia, Costa Rica, Ecuador, El Salvador, Guatemala, Honduras, Nicaragua, Panama, Paraguay, Peru and Uruguay. Through the expansion, TerraPay hopes to enable customers in the region to conduct transactions cost effectively and seamlessly from any bank account.

Back to the top

Italy: PayPal launches BNPL service

On 24 November 2021, it was reported that PayPal has launched its Buy Now Pay Later (BNPL) service in Italy. The service allows users to make BNPL purchases of up to EUR 2,000 under a three-month instalment plan where payments are made via a confirmed bank account or a valid debit or credit card linked to the customer’s PayPal account.

Back to the top

Europe: Stripe extends Stripe Terminal to new countries

On 24 November 2021, it was reported that Stripe has extended its Terminal (a programmable point-of-sale) to Ireland, France, Germany, the UK and the Netherlands. Stripe hopes that the Terminal will extend Stripe's payment infrastructure to the physical world, as consumers in Europe return to shops. Before the introduction of the Stripe Terminal, online businesses using Stripe were required to use a different payments system for in-person payments, and it is hoped that the Terminal will reduce this complexity for merchants.

Back to the top

India: YES BANK partners with Amazon to offer instant payments

On 25 November 2021, it was announced that YES BANK is collaborating with Amazon Pay and Amazon Web Services to offer customers real-time payments via a UPI transaction facility. The integration will allow Amazon Pay to issue UPI IDs which will allow customers to make payments securely and quickly.

Back to the top

France: Carrefour launches Flash 10/10 shopping experience

On 24 November 2021, it was reported that Carrefour, the French supermarket, has opened a "Carrefour Flash" store. The Flash 10/10 format is described as featuring a shopping journey that does not require shoppers to scan any products, while also allowing customers to view their spend in real time.

Back to the top

Mexico: Jeeves partners with Mastercard to offer virtual and physical cards

On 26 November 2021, it was reported that Jeeves has partnered with Mastercard to launch a card which allows companies to pay in local currency from all countries in which Mastercard currently operates. Payments with the cards will carry no fees, and benefit from up to 4% cashback.

Back to the top

United Kingdom: Monzo launches virtual BNPL cards

On 26 November 2021, it was reported that Monzo has launched virtual cards for customers who wish to make contactless payments using its Flex service. Flex was released in September 2021, and allows customers to get a credit limit of up to £3,000 which can be used to pay for products in three equal instalments at 0% interest.

Back online

Kenya: Cellulant powers payments for ImaliPay

On 24 November 2021, it was reported that the ImaliPay financial platform had partnered with African payments company Cellulant. Cellulant will provide ImaliPay with its payment infrastructure, which will make it easier for ImaliPay clients, who are mostly gig workers, to make and receive payments.

Back to the top

United Kingdom: SumUp launches business account solution

On 17 November 2021, it was announced that SumUp had launched a new business account solution for merchants in the UK. The solution will allow UK-based merchants to combine a SumUp issued account number and sort code with other SumUp services, allowing them to streamline their business services and provide a more immediate access to funds.

Back to the top

Surveys and Reports

Europe: European banks are moving towards Open Finance

On 22 November 2021, it was reported that Salt Edge, a banking start up, had released a report on European banks and Open Banking that shows steady progress towards Open Finance.

The report found that the UK has the highest API availability in Europe, due largely to the Competition and Markets Authority's Retail Banking Market Investigation Order 2017 (which required the UK's nine largest banks to implement Open Banking). However, banks in continental Europe are catching up, with banks in France, Denmark and the Netherlands doing particularly well. Implementation in Switzerland in particular is advancing at a slower rate, in large part due to Switzerland not being an EU member state.

The report also found that out of over 2,500 APIs looked at by Salt Edge:

  • 10% were providing access to credit card transaction information.
  • 9% were providing access to information about savings accounts.
  • 5% were providing access to information about mortgage accounts.

Salt Edge identified a number of banks which were particularly advanced in their implementation of Open Banking procedures, including Commerzbank in Germany, La Banque Postale in France and Raffeisen in Austria.

The full report can be accessed here (registration required).

Back to the top

Global: Report finds fraudulent activity has increased by 61% in 2021 compared to 2020

On 8 December 2021, it was reported that a recent report published by Veriff, an Estonia-based global identity verification service company, found that fraudulent activity has increased by 61% in 2021 compared to 2020.

Veriff's 2021 Identity Fraud Report looks at the different types of fraud that it monitors and prevents across the fintech, mobility and crypto industries.

Some key points from the report include:

  • Identity fraud rates in 2021 have doubled compared to 2020, which makes identity fraud the most prevalent fraud type in the cryptocurrency and fintech industries. In addition, identity fraud is more common in the US than in Europe, comprising 60% and 52% of all fraud incidents respectively.
  • The fintech industry has seen a 50% increase in fraudulent activity in 2021 compared to 2020. This is despite significant investment in security and prevention tools. Identity fraud was most common within fintech, comprising 56% of fraud attacks with fraudsters using ID cards the most (33.91%) for illicit verifications, followed by passports (29.19%).
  • Crypto remains the most fraudulent industry compared to fintech and mobility (similarly to the 2020 findings), with a net fraud rate of 7.44%. Identity fraud (44%) is the most common type of fraud and Veriff noted the largest growth in ID document fraud, which doubled in 2021 compared to 2020.
  • Global fraud has increased in the U.S. and Europe, with Europe seeing its fraud rate double from the rate in 2020.

The full report can be accessed here (registration required).

Back to the top

Europe: EPC payment threats and fraud trends report 2021

On 6 December 2021, the European Payments Council (EPC) published its 2021 report on payment threats and fraud trends (dated 24 November 2021). The aim of this annual report is to create awareness amongst stakeholders involved in payments to allow them to decide on possible mitigating measures to prevent fraud.

The 2021 report provides an overview of the current most important threats in the payments landscape, including social engineering and phishing, malware, advanced persistent threats (APTs), (distributed) denial of service ((D)DoS), botnets and monetisation channels.

For each identified threat, the EPC provides a definition and a description, together with an analysis of the impact and context. The EPC also offers guidance on implementing controls and mitigation measures to address these payment risks. Annex I to the 2021 report contains an overview matrix listing the threats and the main suggested controls and mitigation measures.

The EPC found that:

  • The main attack focus in 2021 has been the shifting away from malware to social engineering attacks. Company executives, employees, financial institutions and payment infrastructures are increasingly preferred targets, rather than retailers and SMEs.
  • Although malware remains a major threat, ransomware has become the top cyber-threat faced by European cybercrime investigators.
  • APTs are one of the most lucrative types of payment fraud and consequently must be considered as a potential high risk for payment infrastructures and large customers, including merchants.


Authored by Virginia Montgomery and Julie Patient.

Hogan Lovells (Luxembourg) LLP is registered with the Luxembourg bar

Beata Balas-Noszczyk
James Black
Jonathan Chertkow
Jeffrey Greenbaum
Sebastien Gros
Gregory Lisa
Washington, D.C.
Andrew McGinty
Hong Kong
Mark Parsons
Hong Kong
Richard Reimer
Emily Reid
Victor de Vlaam
Roger Tym
Julie Patient
Ivan Peeters
Pierre Reuter
Office Managing Partner


This website is operated by Hogan Lovells Solutions Limited, whose registered office is at 21 Holborn Viaduct, London, United Kingdom, EC1A 2DY. Hogan Lovells Solutions Limited is a wholly-owned subsidiary of Hogan Lovells International LLP but is not itself a law firm. For further details of Hogan Lovells Solutions Limited and the international legal practice that comprises Hogan Lovells International LLP, Hogan Lovells US LLP and their affiliated businesses ("Hogan Lovells"), please see our Legal Notices page. © 2022 Hogan Lovells.

Attorney advertising. Prior results do not guarantee a similar outcome.