Future of Finance Series, episode 7: Embracing digital regulation


Regulators need data from the firms they regulate to monitor financial markets. But producing and analysing that data is labour-intensive and costly. According to the Future of Finance Report, investing in regtech to make the best use of this data is “no longer a choice” for the Bank of England.

This is the seventh instalment in our Future of Finance Series, which looks at Huw van Steenis’ Future of Finance Report and the Bank’s response to it. All quotes in this post are from these sources.

The benefits of regtech

Finding efficiencies for firms and regulators

Financial services firms are increasingly relying on technology to help them comply with the regulations that apply to them. This technology, known as regtech, may be used for a variety of purposes such as flagging anomalous trading activity or performing more targeted anti-money laundering checks. Using regtech, firms can cut costs while also improving the quality of compliance. The FoF report argues that regulators should use technology to reap similar benefits.

The FoF report calls on the Bank to be a “technology-enabled and cost-effective regulator” which uses “advanced analytics for analysis of macroeconomic trends, financial surveillance and supervision”. The FoF report focuses on a specific use case for which regtech could benefit both firms and regulators: digitalising regulatory reporting.

A case study: digital regulatory reporting

Using data to monitor markets

Regulators collect a variety of data from regulated firms, on their products, customers and financial information, to help them supervise financial markets. But the UK financial system is constantly creating more data than ever before. Regulators are now “barraged” with an “enormous body of unstructured data”, presenting them with a real challenge for how they interrogate that data in a meaningful way to assist their supervisory activities.

The challenge of too much data

Every month, the Bank receives more than 1 billion rows of data from regulated firms. The Bank admits that the “explosion” in the volume of data it receives is more than it can handle using traditional methods.

Two thirds of supervisors’ time is spent manipulating (rather than analysing) data. As the FoF report notes, this is “a long way from real-time monitoring”.

The cost of reporting

Firms must have in place compliance processes to meet their reporting requirements, which can have serious cost implications when they rely on relatively manual solutions. At present, regulatory reporting is estimated to cost UK banks up to £4.5 billion every year.

Compounding the financial burden of reporting, there have been several significant changes to regulation since the global financial crisis. As a result, the current PRA rulebook is longer than War and Peace and compliance has become increasingly complicated. The FoF report uses the increase in regulation to argue for more efficient regulatory processes which would bring down the industry’s compliance costs.

Digitalising regulatory reporting

The FoF report suggests that a solution to this problem could be to digitalise regulatory reporting. This would involve transforming reporting requirements into machine-readable rules. These rules could then map more easily to the data in firms’ systems. See our short animation which introduces the work UK regulators have already done on digital regulatory reporting and highlights some of the important legal questions posed by the project.

Making rules machine-readable

To achieve more efficient processes, the FoF report emphasises the importance of investing in digital regulation and recommends a range of options for the Bank.

A central plank of all the proposals would be to develop a common understanding of what needs to be reported, i.e. a shared reporting taxonomy. Consistent data standards would reduce ambiguity, allow for better data analytics and enable rules to be read by a machine. Having machine-readable rules could ultimately lead to machine-executable requests for data, i.e. automated compliance.

Pooling data into shared repository

Under the most ambitious proposal, the Bank would be able to pull firms’ data from a shared repository on demand, enabling near real-time data extraction, analysis and intervention. This solution could be implemented via a blockchain network.

The Bank’s response

In its response to the FoF report, the Bank says that the “costs of redesign will not be small” but the vision of the proposals could benefit the industry for many years. The Bank says it will consult with the industry on how regulatory data should be hosted over the next decade. It also plans to make the PRA rulebook machine-readable within the next five years.

Next up in our Future of Finance Series

In the final instalment of our Future of Finance Series we will look at cyber resilience.

Stay tuned by signing up to our FintechLinks blog.


UK firms to get more time to prepare for EU security measures for online payments


Reports have suggested around 30% of UK online shopping transactions could fail if planned EU rules for strong customer authentication were enforced from September as planned. The FCA has now decided to allow extra time for the e-commerce industry to roll out the technology needed to apply strong customer authentication. Payment firms and online retailers should align their plans to the new timeframe and monitor how other EU regulators will respond.

Strong customer authentication delayed 

What is strong customer authentication?

Strong customer authentication is intended to increase the security of payments and reduce the risk of fraud. It involves the authentication of electronic payments using multiple factors. At least two out of three of the following elements are needed:

  • knowledge (something only the user knows, like a password)
  • possession (something only the user has, like credit card)
  • inherence (something the user is, like a fingerprint).

The requirements were introduced by the EU’s revised Payment Services Directive (PSD2) and are due to take effect on 14 September 2019.

What has changed?

The payments industry and e-merchants have been gearing up to the September deadline. However, in June the European body overseeing implementation of the rules acknowledged that not all e-merchants were ready for the new standards and suggested that regulators could introduce a grace period before enforcing the rules, and the UK has now taken up the mantle.

What has the FCA announced?

In a statement, the FCA says that it has agreed with the industry an 18-month delay to strong customer authentication. The strict legal deadline in September cannot be changed but the FCA says that it does not intend to enforce the rules during the extension. This gives card issuers, payments firms and online retailers the new deadline of March 2021 to implement their enhanced security processes.

In a separate update on strong customer authentication, the FCA has indicated that the impact of related changes to online banking will also be delayed from 14 September 2019 by six months.

Why is more time needed?

There had been reports that the September deadline would not be met by all participants in the payments chain. This may in part be down to firms trying to implement nascent technology. For example, applying biometrics to authenticate a customer’s identity requires building more sophisticated technology than other types of authentication, such as a password or possession of a credit card, and this may have slowed implementation efforts.

The FCA says that, while strong customer authentication measures will reduce fraud, it has agreed the “phased plan for their timely introduction” in order to avoid “material disruption to consumers”.

What happens next?

The FCA is one of the first to set an extended timetable. Other EU regulators – such as the Central Bank of Ireland and Bank of Italy – have indicated that they will extend the deadline but so far without publicly fixing new delivery dates.

The European Banking Authority said that it would set a long-stop date by which time all national grace periods must end, although it is not clear yet what that will be. At this stage it is also not clear to what extent EU regulators will harmonise their approach, leading to the potential for a piecemeal implementation of strong customer authentication across the EU, at least until the end of any long-stop deadline.


Future of Finance Series, episode 6: Protecting the financial system as the market changes


According to Huw van Steenis, the Bank of England’s job of protecting the financial system is never done. In his Future of Finance report, he calls on the Bank to anticipate changes to market structures such as those caused by fintech. He also suggests that policymakers should reflect on how effective major policy initiatives like Open Banking really are.

This is the sixth instalment in our Future of Finance Series, which looks at Huw van Steenis’ Future of Finance Report and the Bank’s response to it.
Looking ahead to market changes

Keeping pace with business models

The traditional banking model is under threat from various sources. The growth of market-based finance is reducing reliance on bank funding. Neo banks are competing for market share. Other fintech firms are providing activities like payment services that used to be the reserve of banks. And the tech giants have already begun leveraging their huge customer bases to provide financial services.

As the FoF report notes, this diversity in the market is welcome. But it can also introduce new risks (or old risks in new forms). For example:

  • If market-based finance dries up, there could be a sudden stop in the flow of finance to the economy
  • Increased competition could put further pressure on banks’ margins which could, for example, hamper their investment in IT infrastructure
  • Dividing up banking activities between different service providers could lead to narrower business models which are more vulnerable in downturns
  • This unbundling of the traditional business model may also result in some financial activities being carried out by firms outside the scope of PRA regulation which would limit the Bank’s oversight of risks.

New risks, new policy choices

The FoF report imagines what the future might look like where low interest rates continue but there is a high degree of disruption to the market. In this scenario, the banking industry could become “more modularised with services provided primarily through market place platforms and outsourced activities”. This risks the banks of today becoming “low-margin back-end utilities”. 

The report suggests that in this scenario the Bank may need to ask for its regulatory perimeter – i.e. the scope of its regulatory remit – to be redrawn to take into account the new shape of the market.

Looking back on policy initiatives

The risks of opening up banking

The UK’s Open Banking reforms have required the nine largest banks to develop a common means for sharing customer data with eligible third parties. It was one of the first countries to implement Open Banking although others, like Australia, have followed. The EU Payment Services Directive (PSD2) also requires banks to share customer data although it does not prescribe the method for sharing that data.

While noting the potential benefits of opening up account information, the FoF report refers to some of the drawbacks of Open Banking. These include:

  • Cost: according to UK Finance, the Open Banking project has cost the nine original participants £1.5bn to date
  • Resilience: the report calls on policymakers to monitor the system’s ability to withstand outages
  • Unlevel playing field: under PSD2, data sharing is not reciprocal i.e. banks must share data with third parties but those third parties are not required to share their data with the banks
  • Legal liability: under current rules, banks are expected to compensate customers for unauthorised transactions by third parties and then counter‑sue the payment firm – the report suggests that this process is not be scalable.

Learning lessons from regulatory intervention

The FoF report cites research which indicates that the design of Open Banking does not fulfil the most attractive use cases, that only 28% of UK adults were aware of Open Banking six months after it launched and that 80% were concerned about sharing financial data with companies other than their bank. In response, the report proposes a Treasury-led review of lessons learned from the first 18 months of Open Banking.

It also recommends that the Bank establish a dedicated “regulatory evaluation and response” unit to assess the effectiveness of major policies across their life cycles. Separately, the Financial Conduct Authority has recently embarked on public evaluations of its market interventions.

Next up in our Future of Finance Series

In the next instalment of our Future of Finance Series we will look at the digitalisation of supervision and the potential automation of regulatory compliance.

Stay tuned by signing up to our FintechLinks blog.


Future of Finance Series, episode 5: Financing the transition to a carbon-neutral economy


The Bank of England’s Future of Finance report emphasises the role finance will play in supporting the transition to a carbon-neutral economy. Encouraging sustainable finance will require recognition of the financial risks of climate change and the mobilisation of private financial resources. Here, we explore the insights on the task at hand offered by the report and the Bank of England’s response. 

This is the fifth instalment in our Future of Finance Series, which looks at Huw van Steenis’ Future of Finance Report and the Bank’s response to it.
The transition to a carbon-neutral economy

In 2015, 197 governments formed the Paris Agreement on climate change, committing to keeping global warming well below 2°C and ideally no more than 1.5°C. The FoF report emphasises the huge role finance has to play if this objective is to be achieved. By some estimates, the transition to a low-carbon economy will require investments of more than $90 trillion across the G20 by 2030. The Bank of England (“Bank”) is seeking to encourage an early and orderly transition to a carbon-neutral economy by mobilising the financial sector.

Grappling with the financial risks of climate change

A risk to financial stability

A key point made by the FoF report is that climate change must be understood as a risk to financial stability. It thus falls within the Bank’s remit and is an area where the Bank has already started to take action. 

The FoF report follows the widely used approach of breaking the risks down into two areas:

  • Physical risks, being the risk of damage to assets from climate and weather-related events, which can cause financial losses, increase insurance claims and impact borrower creditworthiness, for example.
  • Transition risks, being the risks posed from the adjustment to a lower-carbon economy  – for example, reserves of fossil fuels will become less valuable if they cannot be exploited for policy reasons or due to reduced demand and, if that risk has not been priced in, this could lead to substantial losses.

Improving awareness

The FoF report notes that financial markets currently lack understanding of climate change related risks, and this is reflected in the typical relative rates of return on “green” and “brown” assets. Climate change risks do not generally form part of overall financial risk management, and the “tragedy of the horizon” means that long-term impacts are not factored into shorter term decision making.

Stress testing

As part of its moves to safeguard financial stability, the Bank stated in its response to the FoF report that it will conduct climate stress testing for financial institutions in 2021 to help “mainstream” climate risk management. The Bank will publish a discussion paper in autumn of 2019 to facilitate scenario design. 

The role and growth of green finance

The report identifies that “green finance” is an important element of financing the transition to a low-carbon economy. It highlights that the demand for green bonds has already accelerated in recent years and that “in some specific cases” green bonds have provided lower borrowing costs than their non-green equivalents. A similar movement is beginning to take off in the loan market, with the rise of green loans and sustainability linked lending. To meet global needs, these trends will need to continue. The report highlights that this presents an opportunity for the UK’s financial sector. That opportunity has also been recognised in the UK Government’s recently published Green Finance Strategy.

Ensuring consistent standards and preventing “green washing”

Importance of adequate disclosures

The FoF report emphasises that a key part of improving awareness of climate risks, as well as mobilising private resources to invest in the transition to a low-carbon economy, is for adequate disclosures to be available. These will provide the information needed to inform investment decisions and risk management.

The Bank itself has been a keen advocate of the Task Force on Climate-related Financial Disclosures (“TCFD”) and its voluntary disclosure regime. Both the FoF Report and the Bank’s response highlight the “virtuous circle” of supply of, and demand for, TCFD disclosures leading to greater adoption and improved disclosures. The Bank in its response to the FoF report commits to continuing to encourage TCFD disclosures, and “expect by 2022 that all listed companies and large asset owners will be disclosing this information”. This is in line with the Government’s expectation in its Green Finance Strategy. 

Comparability and enforceability

A key obstacle for green investing is the plethora of different and often non-comparable methods for determining which investments are green. The FoF Report emphasises that loosely constructed and unenforceable standards and definitions can lead to “greenwashing” of “brown” investments, which in turn undermines confidence in green investing. 

The FoF Report notes that having harmonised, clear and granular standards for classifying “green” and “brown” activities would assist investors. Industry standards do exist, but are often “high-level, fragmented and voluntary”. Whilst the Bank cannot really put such a framework in place by itself, it is worth noting that the EU is legislating in this area. As part of the EU Sustainable Finance Package, a “Taxonomy” Regulation has been proposed to provide a granular, compulsory and enforceable classification system to determine which investments are sustainable. However, the Regulation is still under negotiation at an EU level as, understandably, creating such a comprehensive and granular framework is both technically difficult and politically contentious.

Next up in our Future of Finance Series and other Sustainable Finance Resources

In the next instalment of our Future of Finance Series we will look at protecting the financial system in response to market changes driven by Fintech and Open Banking. Stay tuned by signing up to our FintechLinks blog.

We recently hosted a webinar on the broader universe of incoming sustainable finance obligations for banks and sell side firms where we discussed some of the Bank’s recent measures. We also discussed how banks and sell side firms may be impacted by client demands. The recording is available here for knowledge portal subscribers.

Please contact the Key Contacts listed or your usual Linklaters contact if you have any questions about sustainable finance. 


UK FCA spells out when cryptoassets fall within the scope of regulation


Regulators around the world have grappled with how cryptoassets fit within their rules. The Financial Conduct Authority has now set out its final stance on the different types of cryptoasset and how they are regulated in the UK. Notably, “stablecoins” are not seen as a separate category and so may be regulated or unregulated depending on their structural features.

Drawing the line – final perimeter guidance

In January 2019, the FCA proposed draft guidance which was intended to clarify its view on which types of cryptoasset fall inside and outside the UK regulatory perimeter.

The regulatory perimeter is the line between financial services activities which are regulated and those which are not. Ultimately it is for Parliament and the courts to draw the line, but FCA perimeter guidance can help firms understand whether they need to seek FCA authorisation.

The FCA has now issued a policy statement which finalises its guidance as it relates to cryptoassets.

Reframing cryptoassets – changes to the FCA’s taxonomy

Previously, and in line with the October 2018 Cryptoasset Taskforce report, the FCA divided the cryptoasset market into security tokens, exchange tokens and utility tokens.

The FCA has reframed these categories as:

  • Security tokens (regulated): largely unchanged from the draft guidance, this covers tokens which qualify as investments like shares, bonds or units in a fund
  • E-money tokens (regulated): cryptoassets that meet the definition of e-money (see our previous blog) are regulated
  • Unregulated tokens: any cryptoasset that is not a security token or an e-money token is unregulated e.g. exchange tokens (aka cryptocurrencies) like Bitcoin and Litecoin or utility tokens which allow access to a service or network.

In other words, buying and selling unregulated tokens does not require FCA authorisation. However, dealing in derivatives which use cryptoassets is a regulated activity (even if the underlying cryptoassets are unregulated). And new rules may from January 2020 impose AML checks to other cryptoasset activities.

The FCA also notes that it is possible for tokens which facilitate payment services (such as money remittance) to be regulated. This depends on whether regulated payments are being provided rather than the type of cryptoasset being used.

How stablecoins fit into the regulatory framework

The FCA has updated its guidance to clarify its position on stablecoins. The term “stablecoins” generally refers to cryptoassets that have a mechanism for stabilising their value, often by being backed by fiat currency or assets. In a speech in July the FCA described Libra – the proposed digital currency intended to facilitate retail payments within the Facebook ecosystem – as a stablecoin. 

The FCA has decided not to treat stablecoins as a separate category of cryptoasset. Instead the FCA will fit them into its existing framework on a case by case basis. In other words, depending on how it is structured, a stablecoin could be any of a security token, e-money token or unregulated.

International perspective

Feedback to its draft guidance encouraged the FCA to find a harmonised international approach to cryptoassets. The treatment of cryptoassets currently depends on the approach of the local law and regulators. For example, the US SEC takes a relatively broad view on what qualifies as a security token and France has set up a way for utility tokens to receive a regulatory seal of approval.

In response, the FCA notes the difficulties with taking a global approach because of the inherent structural differences between jurisdictions’ securities markets and legal frameworks, but it proposes to encourage consistency in regulation, for example via the Global Financial Innovation Network.

What happens next?

The FCA hopes that its guidance will inform other supervisory work on cryptoassets, including its engagement with cryptoasset firms. It also indicates that it is monitoring cryptocustody and settlement which are not covered by the perimeter guidance.

According to the FCA, the Treasury will consult on whether further regulation is required in the cryptoasset market. Changing the regulatory perimeter would need new legislation.

Finally, as the supervisor for the new AML regime for cryptoassets, the FCA will consult on its proposed approach later this year.


US SEC approves regulated token offering for the first time


On Wednesday, July 10 the SEC approved New York-based blockchain startup Blockstack to launch a $28 million token public offering. Blockstack announced it would commence the sale of its Stacks tokens on Thursday July 11. As the first offering of digital tokens to be approved by the SEC under Regulation A+, Blockstack’s offering is a potentially groundbreaking moment for the cryptocurrency markets. 

The offering 

Blockstack sponsors an open-source peer-to-peer network for decentralized applications. According to Blockstack, a total of up to 295 million “Stacks” tokens will be offered under the approved Regulation A+ offering.

First, up to 215 million Stacks will be offered at a discounted purchase price of US $0.12 to current holders of non-binding Blockstack vouchers. 

Second, at least 40 million Stacks will be sold for $0.30 to the general public. Furthermore, Blockstack has stated that it will allocate up to 40 million Stacks to developers that created the top-ranked applications within the Blockstack ecosystem. Per Regulation A+, the aggregate amount of capital raised in the offering will not exceed $50 million. 

Blockstack will be offering Stacks through its website, where potential investors can review an electronic version of the offering circular and execute a subscription agreement. Once an investor buys Stacks, they will be able to use them on Blockstack’s network. 

Regulation A+ 

What is notable about this offering is that Blockstack chose to offer its tokens in a different way than its previous token sale. In 2017, Blockstack raised approximately $47 million through a token offering which relied on Regulation D. Like Regulation A+, Regulation D is an alternative to a traditional public offering, where a company can offer and sell securities without having to register with the SEC. 

Although raising capital through an offering in reliance on Regulation D has fewer requirements than a public offering, Regulation D has certain limiting conditions such as dollar limits, issuer and investor suitability requirements, restrictions on resales and more.

In contrast, Blockstack is now relying on Regulation A+, which was adopted in 2012 as part of the “Jumpstart Our Business Startups” Act (the JOBS Act). Regulation A+ allows an offering to be open to the general public and the securities being sold are not deemed to be restricted securities. However, Regulation A+ imposes its own limits – notably that the offering is limited to US $50 million being raised in a 12-month period. 

Practical Considerations for Other Token Offerings

While this offering being approved by the SEC is a significant, there remain practical considerations for others wishing to follow the same path. The biggest of which is that the approval process is lengthy and costly. In fact, according to WSJ, Blockstack spent about ten months and $2 million on the approval process. This means that newly formed startup businesses are unlikely to be able to raise capital under Regulation A+ without first obtaining funding through more traditional routes such as friends and family and venture capital. In this case, Blockstack had already raised $5 million from venture capital before it launched its first token offering in 2017.

Regulation A+ offerings have also been less popular due to disappointing performance and fraud concerns. The WSJ recently reported that both Nasdaq Inc. and the New York Stock Exchange are moving to raise listing requirements for Regulation A+ companies. Consequently, the cost of a Reg A+ offering may continue to rise.

What’s happening next?

Overall, it is too early to tell how the Blockstack offering will impact the market. On the one hand, initial coin offerings (ICOs) have been on the decline and blockchain companies may be encouraged to use Regulation A+ as a means of raising capital because the enhanced disclosure and regulatory scrutiny requirements provide comfort to potential investors.

On the other hand, conducting a Regulation A+ offering is both time-consuming and expensive – which could offset the desirability of Regulation A+ to a startup without deep pockets and time to spend. Therefore, it remains to be seen whether the Blockstack offering is the first of many Regulation A+ offerings conducted by blockchain companies, or simply an interesting footnote in the cryptocurrency markets.


Future of Finance Series, episode 4: What the growth and liberalisation of emerging markets means for the UK’s financial sector


Emerging market economies, like China and India, are likely to look increasingly to global capital markets to meet their financing needs, the Future of Finance report predicts. This shift poses both opportunities and risks for the UK’s financial sector, as we discuss in this week’s instalment of the Future of Finance series. 

This is the fourth instalment in our Future of Finance Series, which looks at Huw van Steenis’ Future of Finance Report and the Bank’s response to it.
The growth and liberalisation of emerging market economies

Large EMEs are still relatively closed to global markets

There is no denying the historic and projected growth of China and India. The FoF report points to data showing that by 2030 these could be the world’s largest and third largest economies, respectively. But, to date, these markets have remained relatively closed to foreign investment. And, even as they have begun to open up, their policies have tended to favour foreign direct investment over portfolio investment or foreign debt. Other EMEs have taken a similar approach. 

This has had an insulating effect

As a result, these economies have remained somewhat insulated from the international capital markets. And, as a corollary, UK financial institutions have been under-exposed to the growth and opportunities in EMEs.

That is likely to change

The report predicts that this is likely to change over the next decade and that increasingly EMEs will look to foreign markets to meet their financing needs. The new Shanghai-London Stock Connect scheme is an example of that.

Opportunities all round

Opportunities for EMEs

There are obvious benefits for EMEs in tapping the global markets. As the report states: “This would support EME growth by making it easier to finance domestic investment needs, which are likely to be substantial”.

Opportunities for the UK

But, equally, there are opportunities for the UK as a global financial centre.

UK investors provide significant funding to international capital markets (US$3.4 trillion as at the end of 2017, according to the report). Directing this into faster growing markets could result in strong growth for the UK.

The UK’s record on innovation also places it well to meet evolving market needs. For example, the report highlights that cross-border debt into EMEs is still predominately USD-denominated, which leaves emerging markets vulnerable to the appreciation of the US dollar. As EMEs continue to open up, we could see an increasing demand for local currency denominated bonds. Such instruments benefit the issuing country but at the same time shift FX risks to investors. The UK’s expertise in financial innovation could be helpful in meeting these evolving needs – as well as in responding to the growing demand for other innovative products such as green finance and cyber-risk insurance.

Potential risks for global financial stability

The amplification of macroeconomic shocks

The liberalisation of emerging markets does, however, raise new financial stability risks. Whereas foreign direct investment is a relatively stable, long-term form of inbound capital flow, portfolio flows can be rapidly reversed by investors in deteriorating conditions. In the event of a macroeconomic shock to the market, instant capital flight may have an amplifying effect and could potentially lead to a currency crisis. The report notes that these effects may “spill-back” to an exposed UK.

The UK’s role in mitigating the risks

The report recommends that EMEs take a prudent approach in managing capital account liberalisation by, for example, adopting sound macroeconomic and prudential policies and deepening domestic financial markets.

But it also places responsibility on the UK: “The UK as host to a major international financial centre should be at the forefront of efforts to spot new risks, develop standards and promote close supervisory and regulatory co-operation”. For the private sector, the report’s recommendations focus particularly on post-trade standards and note that the swap and collateral markets would be a good place to start.

Among other things, the Bank of England has said:

  • it will continue to work with various international fora to identify and respond to vulnerabilities and enhance global standards;
  • it is scaling up its efforts to provide training and technical assistance to central banks in emerging markets; and
  • it will convene a “Post-Trade Technology Market Practitioner Panel” to explore how market participants can leverage technological improvements to deliver a more efficient and resilient post-trade ecosystem.
Next up in our Future of Finance Series

In the next instalment of our Future of Finance Series we will focus on green finance and its role in financing the transition to a low carbon economy. Stay tuned by signing up to our FintechLinks blog.


New Digital Bank Licences in Singapore


The Monetary Authority of Singapore (MAS) has announced that it will issue up to 5 new digital bank licences comprising 2 digital full bank licences (permitted to deal with retail clients) and 3 digital wholesale bank licences (permitted to deal with SMEs and non-retail clients). MAS is working on implementation details and expects to invite applications in August 2019.

The 5 new licences will be available to digital players who demonstrate an innovative and sustainable business model even if they have yet to establish a track record in banking – a strong move welcoming non-bank players to become digital banks in Singapore. This marks an addition to MAS’ existing regime which for more than two decades already allowed local banking groups to set up standalone digital banks under MAS’ internet-only bank framework.

In this client alert, we provide an overview of the new licensing framework, as well as commentary on similar developments in Hong Kong.


Future of Finance Series, episode 3: How the Bank of England envisages portable data and an SME finance platform creating “Open Finance”


One of the nine core themes of the Future of Finance report is “Supporting the data economy through standards and protocols”. A key recommendation for how to achieve this is for the Bank to “support better credit files for SMEs”. We examine the Bank’s response, in particular its eye-catching proposal for a national SME financing platform, and consider some of the regulatory and legal issues.

This is the third instalment in our Future of Finance Series, which looks at Huw van Steenis’ Future of Finance Report, the Bank’s response to it and Mark Carney’s supporting Mansion House speech. All quotes in this post are from these sources.
“New Finance” involves “Open Finance” for SMEs

The key thrust of the FoF report is the need for a “new finance” and a “new Bank” to enable a “new economy”. This vision of “new finance” in a digital economy is of a financial system which is “more efficient, fair and accessible”.

The FoF report develops a theme around the role of “data standards and protocols” in enabling innovation, opening-up markets to boost the efficiency and effectiveness of finance in this new economy and addressing existing challenges such as the £22 billion SME financing gap.

As pointed out by Mark Carney in his speech, this funding gap has arisen because SMEs face a number of barriers in raising finance, including borrowing against intangible assets, a lack of historic data for credit scoring and the burdensome nature of Anti-Money Laundering and Know Your Customer Checks. In the world of Big Data the solution to reducing these barriers lies in better leveraging of customer data.

What is “Open Finance”? 

In its response to the FoF’s recommendation to “support better credit files for SMEs”, the Bank develops the theme of data standards and protocols within the concept of “Open Finance”. This essentially envisages the extension of the existing policy of data sharing through open banking – the pro-competition focused requirement for banks to share certain customer data – to much wider data sets.

In examining how Open Finance might be delivered the Bank focuses on two key aspects:

  1. creating richer customer data sets (capturing data held at utilities companies, search, rating and social media data, and data from public sources, such as the Passport Office, DVLA, HMRC and Companies House) which can be easily shared with a broader array of potential finance providers through portable credit files, Legal Entity Identifiers and API technology; and
  2. ensuring greater access to finance for small businesses and individuals through a dedicated finance platform for SME financing.

What is the open platform? 

A priority area for action

The Bank’s most eye-catching commitment, and one of its 5 priority areas for action, is its proposal to support the development of an “open platform” to deliver better access to finance. It aims to do this by bringing together a global identify standards and safe, secure and permissioned method of sharing information; this open platform could harness novel data sources and advanced analytics to provide SMEs with more choice and better access to productive finance.

Role of the Bank

Given its role at the heart of the UK payments system the Bank sees itself as the facilitator of change – using its “levers” to promote data standards and improved digital identification. Whilst Mark Carney suggests that “It’s not for the Bank of England to build this platform but we can help lay some of the groundwork” and the Bank suggests it is a job for “Government and business”, it’s not clear who the likeliest candidates will be to construct the “Open Platform” or whether the initiative will be led by industry or government. In terms of data sharing it is also not clear exactly how the significant challenge of “linking public sources” of data could be achieved in practice.

Examples of finance platforms in action

The FoF report points to China as an example of how data and technology can be leveraged by platforms to provide access to finance and also cites specific examples of finance platforms in action, including:

  • Ant Financial using an array of data sourced from related social media and marketplace platforms to offer credit to those that have been previously underserved by finance.
  • Amazon extending trade credit to businesses selling on its marketplace. 
  • PayPal is extending credit to online customers at the point of sale.
Regulatory and legal issues

The Bank notes that the policy of open banking “is already beginning to change how the UK financial system uses data” and “has demonstrated the potential for sharing data security around the financial system in a standardised way through an API”. However, the original policy of open banking was championed by the Competition and Markets Authority and mandated by regulation, so it seems reasonable to question whether the open platform will require something similar to be successful? It is perhaps instructive that the examples provided in the FoF report relate to platforms created by single private actors rather than on a broader industry basis.

Irrespective of how the open platform is put together, drawing on our experience of working with finance platforms, we suggest that there will be a range of legal issues to navigate, from the commercial arrangements and ownership structure, to considerations around data-sharing, data-security, competition, regulatory licensing and apportioning liability.  

Next up in our Future of Finance Series

In the next instalment of our Future of Finance Series we will look at what the growth and liberalisation of emerging markets may mean for the UK.
Stay tuned by signing up to our FintechLinks blog.


US SEC and FINRA Statement on Broker-Dealer Custody of Digital Asset Securities


A recent joint statement by the SEC and FINRA highlights three main areas for broker-dealers to consider—the customer protection rule, books and records requirements, and insolvency protections—but stopped short of providing concrete guidance, instead noting “the Staffs will continue their constructive engagement with market participants . . . so that they may better respond to developments in the market.” 

The current landscape of digital asset security regulation

The joint statement serves as a stark reminder to US-regulated broker-dealers that: 

  1. certain digital assets are susceptible to characterization as securities (see our April 2019 insight)
  2. “[w]hether a security is paper or digital, the same fundamental elements of the broker-dealer financial responsibility rules apply” to custody services for securities; and
  3. these regulators are still coming to terms with exactly how those rules apply to so-called digital asset securities. 

We look at the three main areas for broker-dealers to consider in light of the joint statement.

1. The Customer Protection Rule

Safeguarding customers assets

Rule 15c3-3 under the Exchange Act of 1934 (the customer protection rule) generally requires a broker-dealer to safeguard customer assets in a way that increases the likelihood that, in the event of the broker-dealer’s failure, customers can still access their securities and cash. 

Among other requirements, broker-dealers must physically hold customers’ fully paid and excess margin securities (as such terms are defined in the rule) or maintain them free of lien at a good control location (e.g., the Depository Trust Company).

Joint statement guidance?

While acknowledging that “[t]here are many significant differences in the mechanics and risks associated with custodying traditional securities and digital asset securities”, the joint statement offers no concrete guidance for addressing these differences.

Instead, the joint statement merely highlights some of the risks attendant to custody of digital asset securities. For example, if a broker-dealer holds a “private key” for securities reflected on a distributed ledger, that broker-dealer may not be able to demonstrate the required control under the rule because it may not be able to foreclose the possibility that no other party has a copy of the private key and thereby could transfer the digital asset security without the broker-dealer’s knowledge or consent.

In what is an oft-repeated sentiment, the joint statement provides that:

 “[t]he specific circumstances where a broker-dealer could custody digital asset securities in a manner that the Staffs believe would comply with the Consumer Protection Rule remain under discussion, and the Staffs stand ready to continue to engage with entities pursuing this line of business.

2. The challenge of Books and Records requirements for digital asset securities

Maintaining auditable records

Broker-dealers generally must make and keep current ledgers of all assets and liabilities and must maintain a securities record containing a list of each customer security carried by the broker-dealer.

The nature of digital asset securities, particularly the use of distributed ledgers, could make it difficult for broker-dealers to adequately evidence the existence of digital asset securities in their books, records and financial statements.

Joint statement Guidance?

The joint statement baldly states that broker-dealers “should consider how the nature of the technology may impact their ability to comply with the broker-dealer recordkeeping and reporting rules.” Easier said than done.

3. Securities Investor Protection Act of 1970

First priority claims in insolvency

SIPA gives securities customers first priority claim to securities and cash held by an insolvent broker-dealer.  SIPA protections apply to “securities” as defined in the SIPA statute in a way that is narrower than that of the federal securities laws.

Notably, the SIPA definition does not include the concept of an “investment contract”, so it remains possible that certain digital assets will be securities for purposes of (a) SIPA but not the federal securities laws and rules thereunder (like the customer protection rule), the federal securities laws but not SIPA, or (c) both SIPA and the federal securities laws.  In case (b)—i.e., where a digital asset is not a security under SIPA—a customer would not have a first priority claim against the estate of an insolvent broker-dealer for that asset; instead, a customer would only have a general unsecured creditor claim.

Joint statement guidance?

The joint statement notes in a grand understatement that such an outcome is “likely to be inconsistent with the expectations of persons who would use a broker-dealer to custody their digital asset securities.”

What’s happening next?

It’s possible that the joint statement is a prelude to more comprehensive and constructive guidance.  It’s also possible that the joint statement is intended to release political pressure on the SEC and FINRA by publicly demonstrating that they are on the case.  Indeed, it is even possible that this verbal equivalent of a shrug emoji is an attempt to signal to Congress that the current statutory framework is lacking or that legislative direction is desired.

At a minimum, the many questions raised with few, if any, answers might have the practical effect of scaring off potential broker-dealer entrants to the field of custodying digital assets.  If such a vacuum is created, it remains to be seen whether other non-broker-dealers, such as trust company holders of New York BitLicenses, will fill it.


European supervisor identifies bigtech as a threat to the payments market


Fintech has led to new products and services, new entrants, and new regulation in the EU payments market. The European Banking Authority, which is responsible for monitoring financial innovation in the sector, has surveyed the impact of fintech on payment and e-money firms. We summarise seven key findings from their report.

The EBA has published a report on the fintech trends shaping the business models of payment institutions and e-money institutions. It follows a similar paper which focused on fintech’s impact on the banking sector.

The latest report summarises the EBA’s view on key market trends and threats. The research included a survey of 65 market participants. Notably, none the firms surveyed were UK institutions.

We have summarised below seven findings from the EBA report.

  • We are fintech: Unsurprisingly, many payment and e-money institutions see themselves as fintech firms. The most popular technologies that have been adopted are cloud computing and digital/mobile wallets, followed by big data analytics and biometrics. The interest in biometrics such as fingerprint and voice recognition may be a result of new incoming security standards.
  • The bigtech threat: Many bigtech firms offer payments services to facilitate their core business (e.g. e-commerce or advertising) but the EBA note that there is considerable diversity in how they conduct payment services. Nearly all the institutions surveyed expect bigtech firms to participate more actively in the EU payments and e-money sector. Some payment institutions suggested they would be open to partnering with bigtech firms or exploring M&A opportunities.
  • Growth in the B2B sector: The EBA found that providing payment services to businesses has seen significant growth as corporates and SMEs have turned to payment and e-money institutions as an alternative to banks for some services. This is consistent with the findings from last year’s report on the banking sector. 
  • Payment rails relatively untouched: Technological innovation has largely focused on improving customer experience rather than changing the underlying payments infrastructure. In Europe, at least, the EBA found that bigtech firms currently rely on existing payment rails.
  • A broadening of services: Firms are investing significantly in the development of APIs and digital and mobile wallets. A third of firms surveyed expect to add new services to their business models but only a few firms plan to seek a banking licence. 13% of payment and e-money institutions offer services related to cryptoassets, such as processing payments and/or opening payment accounts for crypto firms and exchanges.
  • Outsourcing is on the up: More than 80% of institutions outsource activities to third parties and many have seen an increased dependency on external providers in the last couple of years. These third parties are likely to include bigtech firms as well as smaller fintech providers. The potential for over-reliance on these service providers is an area of ongoing concern for regulators.
  • Resilience warning: The EBA warns that institutions are increasingly vulnerable to cyberattacks and that a targeted attack on a significant participant in the payment chain could pose a material risk to the economy. Firms are encouraged to focus on building strong operational resilience. Data sharing and the interaction between PSD2 and GDPR are also highlighted as challenges that may need to be addressed.


Future of Finance Series, episode 2: Embracing cloud technologies – what does this mean for financial services?


One of the nine core themes of the Bank of England’s Future of Finance report is “Enabling innovation through modern financial infrastructure”. A key recommendation for how to achieve this is for the Bank of England to “embrace cloud technologies, which have matured to the point they can meet the high expectations of regulators and financial services”. Cloud technology has become increasingly important to the digital economy, and the use of cloud by financial firms will only increase.  Given the potential risks, the Bank of England has a key role in ensuring that firms use it in a safe and sustainable way. 

This is the second instalment in our Future of Finance Series, which looks at Huw van Steenis’ Future of Finance Report and the Bank’s response to it.
Cloud is becoming mainstream, even in financial services 

Cloud as an enabler

Cloud computing is no longer a “new” technology. It is increasingly used in the financial services sector as a means for firms to enable innovation, improve services and secure competitive advantage. The FoF report acknowledges, however, that adoption of the public cloud has been slower amongst financial institutions than in other sectors as a result of the costs of migration, management concerns over the use of new technologies and cautious regulators. 

That said, research suggests up to a quarter of the activities of the largest global banks may already be on the public cloud or software hosted on the cloud. The FoF report identifies that banks are using cloud for customer relationship management, HR and accounting (but not, generally, for core banking services). Looking forward, McKinsey & Company suggest up to 40%–90% of banks’ workloads globally could be hosted on public cloud or software as a service in a decade.

Impact of Fintechs

The FoF report identifies that “the next generation of financial firms will likely widely use public cloud technology”; this is already being seen in the market with new entrants like Monzo and Starling making extensive use of AWS. These new market entrants are focused on providing an excellent customer experience and have embraced cloud technology to deliver this.  They are disrupting the market and forcing established firms to change more rapidly in order to compete.

There are many benefits in using cloud

Agility, innovation and data analytics

The Bank of England’s (“the Bank”) response to the FoF report notes that since new entrants will be unencumbered by the problems faced by longer-standing firms with antiquated, patchwork IT systems they will be able to be far more agile in responding to changing consumer demands.

Using cloud also provides firms with access to the best analytical tools. Banks are sitting on mountains of data and being able to analyse this properly requires the processing power which can be offered by cloud solutions. These analytics tools should help banks in monetising the data they already have and in better using that data to service their customers.

Access to expertise

Cloud providers are experts in their chosen fields. Facilitating the use of cloud solutions therefore opens banks up to a range of products and expertise which even the most well-resourced in house IT teams would not be able to offer. These additional products can, in turn, enhance user experience and drive competition in the market.

Security and resilience

Security of cloud solutions has previously been viewed by financial services regulators as a significant risk. However, as we have been discussing with financial firms for a number of years, cloud providers can potentially offer a greater level of security than banks can themselves provide. Cloud providers trade on their security reputation; a significant outage or data breach could prove catastrophic to their viability as a business.

Given the frequency with which the financial system is coming under cyber-attack, security is only becoming more important. The FoF report acknowledges that “even the best-resourced financial firms invest less in cyber-defences that cloud providers” and that, particularly for smaller firms, a move to cloud could improve their cyber security and resilience.

This could also offer a better solution for firms with patchwork legacy systems which are either coming to the end of their supportable life or contain a number of vulnerabilities in the joins between those systems.


The reduced costs which can be achieved as a result of the economies of scale offered by cloud are a well-known benefit. Research by McKinsey & Company suggests that cloud has the potential to reduce IT infrastructure costs by between 30% and 50%. These savings could free up cash for firms to spend on enhancing their consumer offering.

But there are also risks to address…

Operational disruption 

The Bank notes that operational resilience of firms is “critically important” and becoming as important as financial resilience. The FoF report indicates that, as part of this, resilience and effective management of technology infrastructure is paramount.

Firms looking to use cloud will therefore need to ensure they have robust processes in place to ensure that failure of, or disruption to, their provider will not impact on the bank’s ability to continue its core services, for example by ensuring that there are multiple backups and a robust disaster recovery process for getting back online quickly. It will be fundamental that banks fully understand what would happen in the event of a failure or disruption, and that should an issue arise, that it is handled effectively. 

Recent high profile disruptions have shown that any such failings can have far reaching consequences for a bank with the regulators, its customers and its market reputation.  

Concentration risk

Currently the cloud services market is dominated by a handful of large providers and, as noted in the FoF report, AWS and Microsoft account for almost half of all revenue in this area.  This raises concerns about concentration risk and the impact which the failure of a single provider could have on the financial services landscape. One provider holding significant amounts of data for a number of banks may also make them a more tantalising target for hackers.

On the other hand, the FoF report also acknowledges that reducing the concentration risk poses additional questions about how best to ensure oversight of a large number of individual providers.

Loss of control

It is clear from both the FoF report and the Bank’s response that one of the key concerns from regulators has been, and still is, the loss of control associated with cloud computing. While IT was all provided on-premises, it did not matter that the technology might have been provided by IBM or Microsoft as the regulators could still walk in to the firm’s premises and have a look at what was going on.

With cloud, regulators do not have that same level of control and nor do the banks themselves. Regulators are therefore going to have to get themselves comfortable with being one step removed for any real shift to the cloud to be supported.

…and regulatory barriers preventing wider adoption 

The FoF report highlights that, according to a new Finastra survey, 43% of UK firms said complex regulatory requirements were the key barrier to adopting cloud collaboration.

There are numerous regulatory considerations associated with cloud, including relating to data protection, information security and bank secrecy. From a financial services perspective, in our experience it is often the audit and security requirements, such as those found in the February 2019 EBA Outsourcing Guidelines, which cause the most friction between firms and cloud providers. Certainly, we see Fintechs frustrated by being unable to meet banks’ stringent requirements relating to audit and security as they are unable to provide each bank with the access to premises (data centres in particular) which banks demand or to provide differing levels of IT security to comply with each bank’s own policies.

Balancing benefits against risks

As the benefits of cloud are further understood, including in relation to security, it may be that the benefits to both providers and users of financial services are starting to carry more weight than the risks and are tipping the balance in favour of the use of public cloud. However, the FoF report highlights that policies will need to respond to this emerging reality if the UK wishes to remain a leading venue for international finance and ensure that UK financial firms are competitive and are on a level playing field to new business models. 

Further, the Bank will need to build expertise and play a leading role, in collaboration with other authorities, shaping use of public cloud in the financial sector.

What’s happening next?

New regulatory guidance

The Bank has committed to publishing a supervisory statement in 2019 which will describe “the PRA’s modernised policy framework on outsourcing arrangements, including a focus on cloud technology and setting out conditions that can help give firms assurance on its use”. 

It will be interesting to see whether this incorporates a move towards removing the audit and security barriers mentioned above by, for example, including a specific proposal for use of pooled audits of cloud providers and standardised security certification, both of which are referred to in the EBA Outsourcing Guidelines. 

If standardised certification is so onerous that only the biggest cloud players will be able to achieve certification, this could have an unintended consequence of decreasing competition and increasing concentration risk.

Global conversation

Both the FoF report and the Bank’s response recognise the importance of taking an international approach to the regulation of cloud use in financial services. The FoF report recommends collaborating with international regulators for a longer-term approach to cloud oversight.   Financial services firms rarely, if ever, operate in a single jurisdiction and public cloud, by its nature, pays no attention to borders. 

The Bank has therefore committed to lead the conversation around cloud globally. Consistent regulation of cloud across jurisdictions should help smooth the adoption of cloud within global banks with competing national regulations to contend with.

A cloud storm?

Removal of existing regulatory barriers to adoption of public cloud will certainly result in greater use of public cloud in financial services, opening up opportunities for both firms and Fintechs, but it does not necessarily follow that there will be a sudden rush in traditional banks moving their entire operations to the cloud. Such projects involve significant IT transformation and therefore significant time and cost, especially where interfaces with old and often bespoke IT systems are involved. 

The requirements of the GDPR also need to be considered when moving personal data to the cloud or when making those new uses of personal data which are opened up by the ability to harness the processing capabilities of cloud computing.

“Changing the boundaries of financial services regulation”

While the FoF report recommends that the Bank embraces cloud technologies, it also emphasises the need for the Bank to be vigilant to the emerging vulnerabilities.  It sends a warning shot to the larger cloud providers that if the removal of barriers to cloud adoption results in significant concentration of core banking functions with one or more provider, then the Bank may view those providers as “systemically important” and look to “include aspects of cloud service providers’ operations in the Bank’s direct oversight”.

Financial services regulation of tech companies is clearly something which is currently on the Bank’s and other regulators’ minds. For example, both Mark Carney and Mu Changchun of the People’s Bank of China have commented on the requirements for regulatory oversight of Facebook’s foray into the payments space with its cryptocurrency, Libra.

Next up in our Future of Finance Series

In the next instalment of our Future of Finance Series we will look at the Bank’s messages relating to the theme of “supporting the data economy through standards and protocols. Stay tuned by signing up to our FintechLinks blog.


UK regulator proposes ban on crypto-derivatives for retail consumers


Derivative contracts can allow individuals to benefit from changes in the value of cryptoassets like Bitcoin without having to buy them directly. The UK Financial Conduct Authority now plans to block these crypto-derivatives from being sold to retail consumers. Firms offering crypto-derivatives as retail products will likely have to stop doing so next year.

What has the FCA proposed?

In a consultation paper, the FCA has suggested banning the sale, marketing and distribution to retail consumers of crypto-derivatives. These are derivatives and exchange traded notes that reference unregulated transferable cryptoassets. The ban would apply to firms acting in, or from, the UK.

Why has the FCA done this?

In the UK Cryptoasset Taskforce report last year, the FCA promised that it would consult on prohibiting the sale of certain cryptoasset derivatives to retail consumers.

In its latest paper, the FCA explains that crypto-derivatives are “ill-suited” to retail investors who cannot reliably assess the value and risks of derivatives or ETNs that reference cryptoassets.

In the FCA’s view, consumers need protection because cryptoassets have “no reliable basis for valuation”, their value is extremely volatile, and retail consumers lack adequate understanding of the investment. Other risks highlighted in the FCA paper are financial crime, market abuse, and opaque costs and charges.

What types of cryptoasset are caught?

The FCA has previously talked about three types of cryptoasset: security tokens, exchange tokens and utility tokens. The retail ban is targeted at derivatives referencing exchange tokens.

These tokens – like Bitcoin and Litecoin – are not issued or backed by any central authority and are used as a means of exchange or for investment purposes. Generally buying and selling this type of cryptoasset is not a regulated activity in the UK.

However, as the FCA has said for some time, creating products deriving from cryptoassets is likely to be a regulated activity. The FCA has seen a small derivatives market develop as the UK cryptoasset market has grown.

Some new definitions

In the draft rules, instead of referring to exchange tokens, the FCA has used the term “unregulated transferable cryptoassets”.

For something to be caught by this definition, it must:

  • be a digital representation of value or contractual rights, 
  • be cryptographically secured,
  • use distributed ledger technology,
  • be tradeable on cryptoasset platforms, and
  • not be e-money or another regulated investment like a security.

“Cryptoasset derivatives” are then defined to include derivatives where the underlying includes an unregulated transferable cryptoasset or an index relating to such a cryptoasset. Derivatives referencing, for example, security tokens would not be caught by the ban (but they would be regulated as securities).

What is a derivative?

Derivatives are contracts which derive their value from something else. They include:

  • futures (where you agree to buy/sell an asset at a set price at a point in the future), 
  • options (where you have the right to buy/sell an asset at a set price at a point in the future), and
  • contracts for difference (where you agree to exchange the difference in price of an underlying between set dates).

According to the FCA, CFDs are the most common type of crypto-derivative seen on the market today. The FCA has already restricted the sale of CFDs to retail consumers, including setting a 2:1 leverage limit on contracts that reference cryptocurrencies. This limit would no longer be needed if the ban takes effect.

What is an exchange traded note?

ETNs are financial products that are structured to provide returns in line with the performance of a specific asset or index. The FCA has only identified a limited number of ETNs available today that track cryptoassets.

What happens next?

The FCA seeks feedback on its proposals until 3 October 2019 and then expects to publish its final rules in early 2020.

The FCA says there will be an “appropriate implementation period” to help firms transition away from providing crypto-derivatives to retail clients. Existing contracts would be allowed to run off so that firms are not expected to close clients’ positions immediately.

Later this summer the FCA will also finalise its broader guidance on how cryptoassets are regulated.


Future of Finance Series, episode 1: Paving the road for a diversity of payment options


The Bank of England’s Future of Finance report paints a picture of a future that offers a diversity of payment options that are “efficient, fast, secure, low-cost and cross-border”. It also indicates that all new payment providers will need appropriate regulatory oversight. Here, we explore some key insights the Bank has revealed as to its path to facilitating that outcome. 

This is the first instalment in our Future of Finance Series, which looks at Huw van Steenis’ Future of Finance Report and the Bank’s response to it.
New market entrants

The FoF report identifies that business models are changing – and increasingly fintechs and big-techs are joining banks in the payments space. The Bank of England (the “Bank”) is welcoming the innovation and competition in this market, and believes that a range of payment options can also contribute to financial stability. However, it has made very clear that allowing for new entrants and payment methods, and an unbundling of the value chain, must not leave any gaps in regulatory oversight.

Wider access to the Bank’s balance sheet

A new commitment to consult on broadening access

Given the shifting market, the FoF report recommends that the Bank consider how alternative payment providers such as fin-techs and big techs might access the Bank’s infrastructure, including its balance sheet and payment systems. In response, the Bank has announced its plans to consult on the appropriate level of access in 2020.

New opportunities for alternative payment providers

This is good news for new entrants. Holding an interest-bearing account with the Bank is a privilege that has historically been reserved for “key links in the economy”, which currently extends to banks, certain broker-dealers and CCPs. Access to such an account would allow a payment provider to benefit from the full Bank rate on overnight deposits and avoid the credit risk involved in depositing money with an ordinary bank. Moreover, it would allow it to compete on a more level playing field with these incumbent banks.

The Bank already opened up its Real-time Gross Settlement (RTGS) system to non-bank payment service providers last year – and six non-banks have so far gained membership. Holding an RTGS settlement account with the Bank is a prerequisite to becoming a direct member of any payment system in the UK. Direct membership allows these institutions to settle transactions directly in central bank money rather than having to go via a bank. Again, this allows new businesses to compete directly with the incumbents. 

With great power comes great responsibility

As will all good things, access to the Bank’s infrastructure will inevitably come at a cost. The FoF report acknowledges that “an appropriate package of obligations” would need to accompany these new rights. These obligations may include new capital and reporting requirements, for example. And in his Mansion House speech, Mark Carney made clear that the Bank is looking at strengthening supervision for those applying for settlement accounts – not just overnight accounts. 

Regulatory supervision of this nature is unlikely to suit the model or culture of every tech company, and prospective applicants would need to consider carefully whether they would be willing and able to meet the necessary requirements in exchange for this enhanced access to the Bank’s infrastructure. 

Ongoing focus on improving cross-border payments

Room for improvement

The FoF report identifies that cross border payments are an area where “frictions and inefficiencies continue to exist” and points to research showing payments made cross border are, on average, ten times more costly than domestic ones. It attributes this to the need to interact with multiple different infrastructures through the correspondent banking system in order to process such payments, and to the time spent on manual reconciliation exercises.

An ongoing area of focus

The Bank is already focusing on improving the efficiency of cross border payments. It has been reconfiguring RTGS to lower the costs of cross-border payments, harmonising data standards and promoting KYC utilities, for example. It plans to step up its efforts though. And it has committed to help empower private innovations in cross-border finance by partnering with other central banks to explore how high-value payments systems could be used to deliver instant settlement in different currencies. 

A measured approach to crypto

Some cryptocurrencies “simply won’t cut the mustard”

The report offers some cautionary words around cryptocurrencies, commenting that “cryptoassets that are not backed by currency are an unreliable store of value, inefficient medium of exchange and simply won’t cut the mustard”. And, in relation to digital coins that are backed by fiat currency or a basket of assets, it notes that “so far, the stability of such coins is unproven, and subject to considerable scrutiny”. It also adds that it does not see a compelling case for a central bank digital currency at this time, given numerous uncertainties. 

It does however point to potential benefits of digital currencies and encourage the Bank to remain at the forefront of research on these topics. And we already know the Bank is upgrading RTGS in a way that is interoperable with private payment systems that use distributed ledger technology. 

“An open mind but not an open door” for Libra

The recently unveiled plans for Libra (a digital currency that is intended to facilitate retail payments within the Facebook ecosystem) have caught the attention of the financial markets and policy makers. In his speech, the Governor acknowledged that Libra could “substantially improve financial inclusion and dramatically lower the costs of domestic and cross border payments”. But again, he emphasised that to do so it would have to meet the highest standards of prudential regulation and consumer protection in advance of any launch. 

The benefits of central bank backed coins for wholesale markets

The Governor also spoke to the efficiencies that central bank backed coins, like the Utility Settlement Coin, can bring for wholesale markets – “unlocking billions of pounds in capital and liquidity that can be put to more productive uses” – and their potential to overhaul how those existing markets operate. 

Removing barriers to direct-to-bank payments

Potential for growth in the UK

The FoF report identifies that some countries (such as the Netherlands, Sweden and Denmark) have seen considerable success from models that facilitate payments directly between bank accounts. These payments avoid the card rails and thus card fees. The UK market, on the other hand, has not yet experienced significant growth in this area and is still dominated by cards.

Ongoing efforts to remove barriers

The implementation of PSD2 in the UK has already gone some way to facilitating this type of business model, by allowing payment initiation service providers direct access to consumers’ bank accounts. But there are weaknesses in our payments infrastructure than continue to act as a barrier (for example, the lack of reliable point of sale infrastructure). The Bank has said it will continue to reform its hard and soft infrastructure with the aim of removing barriers to direct-to-bank payments.

Prioritising protection of cash

The FoF report underlines that a key priority for the Bank is ensuring that the decline in cash usage leaves no-one behind. Policy makers “need to ensure that cash distribution across the country is maintained even if cash is used far less to ensure the inclusion of those who rely on cash”. The Bank is already working with stakeholders and the Government to help safeguard cash for those who need it, and has committed to do more.

A need for next generation payments regulation

A move towards a more diverse and complex system requires appropriate regulation – not least to reflect the appropriate prudential standards for new providers referred to above. The FoF report calls for “next generation payments regulation” to reflect the shifting risks. It recommends that the Bank prompt the Treasury to evaluate:

  • the appropriateness of the regulatory framework for the risks posed by different payment activities, including tiering of firms;
  • how to ensure effective supervision of the overall payments value chain;
  • the role of data-sharing between platforms and payment companies; and
  • ways to reduce fragmentation and complex regulation in the UK.

The Bank has said it will help drive this review forward and will also support the Payments Strategy Review just launched by the Treasury.

Next up in our Future of Finance Series

In the next instalment of our Future of Finance Series we will look at the Bank’s message on cloud technologies and what this means for financial services. Stay tuned by signing up to our FintechLinks blog.


UK regulator’s concerns about the resilience of neobanks


Some banks are so large that regulators worry about the impact their failure could have on the financial system. Most banks are not that big. But some, typically newer digital banks, are growing fast and so attract increasing scrutiny of how they manage risk. A recent review by the UK prudential regulator highlights the risk controls that it thinks all banks should have in place.

What has happened?

The Prudential Regulatory Authority has reviewed 20 neobanks to test their financial resilience and has set out its findings in a letter to CEOs.

The review looked at these banks’ ICAAP stress testing, asset quality reviews, and funding and lending analysis.

What did the PRA find?

The PRA was reassured about the resilience of this fast-growing part of the banking sector. But its review did find several issues for neobanks to work through. The PRA stresses that firms’ governance and risk management functions should be tailored to their business model and risk appetite.

Stress testing

  • According to the PRA, some firms have been too optimistic about the impact of a stressed scenario on their business. They were not able to demonstrate a proper understanding of the underlying issues or the practical actions that they would take in the event of a stressed scenario.
  • The PRA expects senior management and boards to engage with, and challenge, stress testing exercises.
  • The review found that neobanks tend to have concentrated exposures to higher-risk market segments. This should be considered when provisioning and stress testing.
  • Firms should closely consider management actions proposed in their ICAAP stress tests. The PRA will be sceptical, for example, of firms which expect to raise new capital during a market-wide stress scenario.

Asset quality reviews

  • The review found that some neobanks take commercial lending decisions too quickly.
  • The PRA encourages firms to have sufficient data and management information available in relation to their loan portfolios.
  • The letter reminds firms that risk management functions should be adequately resourced and provide appropriate challenge to, and oversight of, the business.

Funding and lending analysis

  • The review found that many firms are too reliant on funding from short-term, fixed rate deposits.
  • The PRA calls on firms to consider, for both baseline and stressed scenarios, how they will price their borrowing and their lending, having regard to the spread between these and how that compares to the broader market.
What happens next?

The PRA plans to provide further feedback in July. Neobanks can also expect engagement from their supervisory contacts on the findings of the review.


European supervisor offers some flexibility on deadline for strong customer authentication


New EU standards for securing electronic payments apply from 14 September. In response, payment firms have been developing strong customer authentication procedures, but some may not be ready in time. So the European Banking Authority has suggested that regulators could give some firms extra time to apply SCA.

Background to strong customer authentication

What is SCA?

SCA involves authenticating a payment based on two out of the following three elements: 

  • knowledge (something only the user knows, like a password)
  • possession (something only the user has, like credit card)
  • inherence (something the user is, like a fingerprint).

The elements must be independent so that the breach of one does not compromise the reliability of the others. The authentication process must also keep the payer’s security credentials confidential.

What do the rules mean?

From 14 September 2019, EU firms providing payment services must apply these new authentication standards in certain scenarios e.g. when a payer accesses her account online or tries to make an electronic payment.

For many payment service providers, this means developing SCA-compliant processes and investing in hardware systems and/or new communication interfaces.

EBA opinion

What has the EBA said?

The EBA has published an opinion on SCA in which it acknowledges that implementing the new standards in time might be difficult for some. The EBA says that it cannot postpone the deadline for compliance but that national regulators may on “an exceptional basis” give additional time to allow firms to prepare.

What are the conditions?

The EBA says that the additional time must be limited. Payment service providers must have agreed a plan with their regulator for meeting the new rules. This plan must also be executed “in an expedited manner”. Even so, where this regulatory flexibility is applied, firms should have some breathing space to finish building their SCA processes and systems and communicate the changes with customers.

Examples of SCA

What could be used to comply with SCA?

The opinion also suggests whether some authentication approaches which are already used in the market may comply with SCA.

For example, according to the EBA:

  • knowledge may include passcodes, PINs and memorised swiping paths (but not email addresses or user names)
  • possession of a card can be evidenced by a card reader or a QR code (but an app installed on a phone would not be sufficient)
  • inherence covers iris scanning, voice recognition and keystroke dynamics (but not memorised swiping paths).
What happens next?

For firms which agree an alternative plan with their regulator, the EBA says it will specify later in the year the date by which these plans need to be completed. Otherwise, the legal deadline for implementing SCA has not changed. The EBA also says it does not plan to publish any more guidance on SCA other than via its Q&As.


The Future of Finance: introducing our new mini-series


The Bank of England has boldly announced the need to overhaul existing financial markets infrastructure to ready the UK for the fourth industrial revolution. With this, it has published the findings of a review on the future of finance over the next decade and laid out its response to them.

The course set by the Bank could have a profound impact on the landscape of the UK’s financial system in the coming years. For example, it has now committed to consult on what level of access to its payments infrastructure and balance sheet may be appropriate for fintechs and innovative business models, and the appropriate package of obligations that would come with those new rights.

The series will begin with a number of bitesize posts exploring the Bank’s stated direction across the following themes:

  • Shaping tomorrow’s payment system
  • Enabling innovation through modern financial infrastructure
  • Supporting the data economy through standards and protocols
  • Championing global standards for finance
  • Promoting the smooth transition to a low-carbon economy
  • Adapting to the needs of a changing demographic
  • Safeguarding the financial system from evolving risks
  • Enhancing protection against cyber-risks
  • Embracing digital finance

Stay tuned to our FintechLinks blog for more.


US SEC Sues Social Media Company Kik for “illegal” Initial Coin Offering of Kin tokens


The SEC recently filed a complaint against Kik Interactive Inc., a Canada-based social media company, for conducting an “illegal” offer and sale of $100 million worth of blockchain-based digital assets known as “Kin tokens” from May to September 2017. 

Regardless of the outcome, this lawsuit could be the perfect opportunity to end the continuing confusion over the regulation of cryptocurrency in the United States. In particular:

(1) As the first case in which the SEC has pursued an initial coin offering (ICO) issuer in federal court, it may help to resolve critical issues in the regulation of cryptocurrencies, including whether, and under what circumstances, U.S. securities laws apply to ICOs and related promotional activities by issuers.

(2) It will also allow the court to explore whether the offer and sale of a digital asset like Kin tokens, which were issued and sold before a network was developed to allow them to be spend, would be considered an offering of securities that is required to be registered with the SEC.

The case

Kik’s pivot from social media messaging to digital tokens

According to the SEC’s complaint, before 2017, Kik enjoyed its heyday as a social-media messaging company; however, once the social media business began to decline, Kik decided to “pivot” to digital tokens as a way of raising new capital.

Through the sale of 1 trillion Kin tokens to approximately 10,000 investors, Kik was able to raise nearly $100 million in total. Instead of registering the offering, Kik filed a Form D and sought the exemption by only accepting funds from ‘accredited investors’.

Violation of registration requirements

In the complaint, the SEC charges Kik with violating the registration requirements of Section 5 of the Securities Act of 1933 and states that Kik did not qualify for the securities registration exemption. “Kik deprived investors of information to which they were legally entitled, and prevented investors from making informed investment decisions,” said Steven Peikin, co-director of the SEC’s division of enforcement, in a statement.

The SEC seeks to prohibit Kik from violating US securities law registration requirements, to disgorge funds raised through its ICO and to pay a fine. The agency has requested a jury trial for this matter.

Kik’s defence

On the other hand, Kik’s primary defense is that its digital tokens, Kin, should not be considered securities. Rather, Kik argues that Kin is more similar to digital currencies such as Bitcoin and Ether, which the SEC does not regulate as securities. 

Importance of the pending trial

Evolving legal landscape

The legal landscape concerning cryptocurrencies is still evolving, and it is important to have clarity as to the scope of the SEC’s ability to regulate digital assets.

If the ruling favors Kik, it could set a precedent for other blockchain startups to take a similar approach and raise funds in an ICO. According to MarketWatch, Kik is not the only startup that pursued the ICO route. In 2018 alone, there were nearly 300 ICO-related offerings raising about $8.7 billion. A favorable ruling could pave the way for further ICOs, while a negative decision would likely further accelerate the pullback from the ICO market for US investors.

Related SEC action

This case also shows that the SEC is not shying away from taking actions against ICO issuers that have failed to register their offering. Since its recently released guidance on what it expects of an ICO in April 2019, the SEC has already charged three companies for failing to comply with regulations and settled with those companies.

Kik looking to fight back

This time, though, Kik has stated that it intends to fight the SEC. Ted Livingston, Kik’s CEO, said in a statement: “This is the first time that we’re finally on a path to getting the clarity we so desperately need as an industry to be able to continue to innovate and build.” 

How we can help

To find out more on the recent U.S. regulatory developments, read our Token Resistance – Recent US Regulatory Developments. Moreover, if you have any questions, please contact any of the people listed on the right, or your usual Linklaters contacts.


Global regulators need to coordinate, think outside the box and broaden the dialogue on decentralised financial technologies and cryptoassets


In the run up to this year’s G20 Summit, three new reports have come out from international bodies around decentralised financial technologies, cryptoassets and cryptoasset trading platforms. We look at some of the underlying messages for national regulators, which may be broadly indicative of the global direction of travel.

Three new reports

The following reports (among others) were presented to, and welcomed by, the G20 Finance Ministers and Central Bank Governors at their ministerial meeting ahead of the 2019 G20 Summit:

Three key messages for regulators

The reports cover an array of interesting market analysis and guidance for regulators. Emerging from them are three underlying messages for regulators that may give us a sense of the broad trajectory of global crypto and DLT regulation.

1. Coordinate globally

One clear theme is the recognition that further coordination among national regulators is essential to managing effectively the risks posed by cryptoassets and decentralised financial technologies.

In particular, the novel characteristics of cryptoassets, together with the differing policy objectives of governments, have resulted in a range of regulatory approaches to token issuances and secondary trading. Given the nature of these markets – e.g. that they are often designed to cross borders and circumvent regulatory control – there is real potential for gaps, overlaps and/or conflicts between different regimes.

Against that backdrop: 

  • In relation to cryptoassets generally, FSB members have agreed to be more forward-looking in their risk assessments – e.g. to identify trends that may lead to global financial stability and to assess their potential significance early on. The FSB acknowledges that: “authorities will need to balance the case for multilateral action to facilitate a coherent response on the one hand, with an acknowledgement of differences among jurisdictions’ legal frameworks and the fast-moving state of this technology on the other”. 
  • In relation to cryptoasset trading platforms, IOSCO members have agreed to cooperate in developing internationally recognised and consistent standards of regulation, oversight and enforcement, and to enhance information exchange.

2. Think outside the box

Another consistent theme is the message that regulators may need to challenge a technology-neutral approach to regulation and consider more tailored and creative solutions for these new markets.

For example: 

  • Services that use decentralised financial technologies, and which are difficult to link to specific entities and/or jurisdictions, may necessitate a shift away from an entity-based approach to regulation, in favour of an activity-based approach. 
  • Whilst cryptoasset trading platforms are in some ways similar to traditional trading venues, and can be regulated as such, they often have unique structural features that warrant a novel regulatory approach. The IOSCO report provides a detailed analysis of these features, which include things like direct access to retail customers, provision of custody services and performance of activities that cause new types of conflicts of interest (such as market making and proprietary trading against users). 
  • The pervasive use of technology in these markets may enable some jurisdictions to consider new ways of administering or enforcing regulation – for example by embedding restrictions in computer code. Analysis of new sources of data may also provide supervisors with greater and timelier insights into potential systemic risks.

3. Broaden the dialogue with all stakeholders

The FSB also encouraged regulators to broaden the dialogue with all stakeholders in decentralised financial technologies – and this message was specifically endorsed by the G20 leaders.

The FSB noted that engaging with software developers, the engineering community, businesses, academia, investors, consumers and users, among others, may help regulators better assess the risks and opportunities presented by decentralised financial technologies.

Next steps

The reports provide plenty of food for thought for national regulators.

The IOSCO report on cryptoasset trading platforms takes the form of a consultation, and is open for public comment on the issues identified and guidance offered until 29 July 2019.

The G20 leaders have asked the FSB and standard setting bodies to continue to monitor risks and consider work on additional multilateral responses as needed.

The leaders also affirmed their commitment to applying the recently amended anti-money laundering and counter terrorism standards of the Financial Action Taskforce to virtual assets and related providers. The UK has already been consulting on the implementation of these standards.


Managing machines: the governance of artificial intelligence in financial services


A leading UK regulator has directly addressed the governance implications of adopting artificial intelligence and machine learning technologies within the financial services sector. Referring to the initial results of a major Bank of England and FCA survey of firms’ adoption of the technologies, the statement highlights (1) data usage, (2) the role (and responsibilities) of people and (3) transition risks as three areas of key regulatory focus and matters deserving board attention.

FCA conference on governance in banking

James Proudman – a leading UK regulator – spoke at the FCA conference on the governance of artificial intelligence in the financial services sector. The speech is the most revealing statement yet from a UK regulator on the risks arising from the deployment of artificial intelligence (AI) and machine learning (ML) technologies.

The speech reveals that the Bank of England and the FCA have conducted a survey of leading UK financial services firms to assess their current and future plans to deploy the technologies.  Mr Proudman concludes by making three observations around the challenges for boards and management before suggesting three principles for governance.

Adoption of AI in financial services 

In his speech Mr Proudman commented that AI & ML technologies could deliver various benefits, including:

  • enhanced AML/KYC: where, according to the IMF, two-thirds of banks and insurers are using or experimenting with AI; and
  • more accurate credit assessments: particularly for high-volume lending.
Survey of significant financial services firms

Mr Proudman revealed that the Bank of England and FCA are looking into regulated firms’ adoption of AI and will be publishing the full results of a survey of nearly 200 firms in Q3 2019.

Some indicative results are:

  • the mood around the adoption of AI implementation is strategic but cautious;
  • many firms are currently in the process of building the infrastructure for large scale AI deployment;
  • 80% of responding firms reported using the technologies in some form;
  • the typical firm expects to make close to 20 applications within the next 4 years; and
  • barriers to adoption were mostly seen as internal rather than stemming from regulation.
3 Key Challenges & 3 Key Principles:

With the industry looking to rapidly scale its application of AI and ML technologies, the speech identifies three challenges for boards and management and three principles for governance in responding to them. 

1. Data & Controls
  • Challenge: Data hygiene is key.  Data that is incomplete, inaccurate or mislabelled (or which embeds bias) is likely to generate problematic outputs (for example poor or biased credit decisions).  There are also ethical, legal and conduct issues associated with the use of personal data.  Similar issues arise in relation to data processing and analysis.
  • Human in the loop? The regulators expect oversight and testing both at the design and the deployment stages. A system which has been heavily tested prior to deployment shouldn’t be left to run and make judgements without continued supervision and testing. The speech also refers to a human or other override being required in certain cases but doesn’t provide further guidance. Firms will need to exercise their judgement carefully.
  • Principle: Since AI poses challenges to the proper use of data  Boards should attach real priority to the governance of data – what data should be used; how should it be modelled and tested; and whether the outcomes derived from the data are correct.
2. The role of humans

“Firms will need to consider how to allocate individual responsibilities, including under the Senior Managers Regime.”

  • Challenge: AI or ML technologies will not reduce the existing accountability burden on humans.  They will challenge the existing approach to allocating accountability – particularly under the Senior Managers Regime – and firms should consider the implications.
  • Responsibility shift: The regulators question whether responsibility will be shifted both towards the board but potentially also to more junior, technical staff, which in the long run may mean less responsibility for front-office middle management. 
  • Principle: Boards should continue to focus on the oversight of human incentives and accountabilities within AI and ML centric-systems.  
3. Execution risk at board level
  • Challenge: As the rate of adoption of AI in financial services accelerates, the execution risk that the boards have to deal with will also increase. So far, firms have embraced either a piecemeal approach or a more general firm-wide approach to adoption. Regulators acknowledge the costs of aligning internal processes, systems and controls and underline the need for firms to make sure that there are senior managers with the appropriate skillset to deal with these new technological and legal challenges. 
  • Principle: Boards should reflect on the skills and controls that are necessary to oversee the transition.  Many of the challenges raised by this transition can only be brought together at, or near, the top of the organisation. 
What’s happening next?

This is a fast-evolving space. Refer to our AI toolkit or contact one of our specialists for guidance on how to conduct an artificial intelligence or machine learning project ethically, safely and lawfully.