Digital asset activities of licensed institutions must be approved and will be assessed for potential safety and soundness risks.

By Arthur S. Long, Pia Naib, and Deric Behar

On December 15, 2022, the New York State Department of Financial Services (NYDFS) issued final guidance to covered institutions engaging in (or seeking to engage in) virtual currency-related activity (the Guidance). Such covered institutions are New York “banking organizations” — New York-chartered banks, trust companies, private bankers, savings banks, safe

The FinTech sandbox would aim to foster innovation in the financial, credit, and insurance sectors.

By Antonio Coletti and Isabella Porchia

The Italian Ministry of Economy and Finance has launched a public consultation on a draft ministerial decree (Draft Decree) implementing the mandate received by the Italian legislature (Decreto Crescita) to set up a regulatory sandbox to test FinTech activities in the financial, credit, and insurance sectors and establish a FinTech Committee.

FinTech Sandbox

The Draft Decree proposes that activities eligible for the sandbox include regulated or non-regulated activities that (i) use technologies contributing to the innovation of banking, financial, and insurance products and services, (ii) require an exemption from the regulatory provisions or guidelines adopted by the supervisory authorities or a joint testing and assessment from the supervisory authorities, and (iii) bring added value at least in terms of (a) benefits for final users enhancing the quality of the services, competition, access conditions, availability, protection, and costs, (b) general efficiency of the financial system and market participants, or (c) less burdensome and more efficient compliance with the financial regulations.

Before submitting an application to the sandbox, entities may present and discuss informally the project with the FinTech Committee. The proposed testing period for any admitted project has a maximum duration of 18 months, which may be extended upon request of the applicant entity.

US lawmakers urge FSOC to designate cloud-based storage systems used by major banks as systemically important financial market utilities.

By Alan W. Avery, Victoria McGrath, and Pia Naib

In an August 22, 2019, letter addressed to Treasury Secretary Steven Mnuchin, in his capacity as chair of the Financial Stability Oversight Council (FSOC), Congresswoman Katie Porter and Congresswoman Nydia Velazquez urged Secretary Mnuchin to designate the three leading cloud-based storage systems used by major banks — Amazon Web Services, Microsoft Azure, and Google Cloud — as systemically important financial market utilities (SIFMUs). This designation would subject such cloud-based storage systems to supervision and regulation by the Board of Governors of the Federal Reserve System (Federal Reserve). Citing Title VIII of the Dodd-Frank Act, which was enacted to promote stability in the financial system, the Congresswomen highlighted the dependence on cloud services by banks and financial institutions for their data needs and the subsequent risks such services pose to the safety and stability of the financial system.

While the payments industry scrambles to meet new standards for APIs, the FCA grants an extension for SCA compliance.

By Christian F. McDermott, Jagveen Tyndall, and Amy Smyth

In an effort to evaluate the readiness of banks to comply with the revised EU Payment Services Directive (PSD2), Tink, a banking platform and data provider, has reported that it tested 84 application programme interfaces (APIs) spanning 2,500 banks and 12 European markets. According to Tink the results showed that none of these APIs were sufficiently robust to meet the new regulatory standards. Separately, the UK’s Financial Conduct Authority (FCA) has delayed the implementation of the strong customer authentication (SCA) requirements introduced by PSD2 to enhance the security of all electronic payment services.

The Federal Reserve is finally stepping into the real-time payments arena.

By Todd Beauchamp, Loyal T. Horsley, and Deric Behar

On August 5, 2019, the Board of Governors of the US Federal Reserve System (the Fed) announced that it plans to roll out a real-time payment and settlement service by 2023 or 2024. The service, named FedNow, is being developed with the stated goal of modernizing the national payment system. Facing political and societal pressure to upgrade the national payment system, the Fed sought comment on the development of a faster payment service in late 2018. After receiving more than 350 comments, the Fed is now moving forward and seeking additional comment on the best way to design the system so that it maximizes inclusivity and utility for all stakeholders. The Fed envisions that FedNow will capitalize on its nationwide infrastructure to provide consumers, businesses, and banks the ability to safely make and receive immediate and fully settled payments 24 hours a day, seven days a week.

Latest FCA and PRA fines against a retail bank show little tolerance for poor outsourcing systems and controls.

By Fiona M. Maclean, Christian F. McDermott, Laura Holden, and Charlotte Collins

On 29 May 2019, the FCA and PRA announced that they had fined an independent UK bank for failing to manage its outsourcing arrangements properly between April 2014 and December 2016. The bank received separate fines of £775,100 from the FCA and £1,112,152 from the PRA (resulting in a combined fine of £1,887,252) for breaches of the regulators’ high-level principles for authorised firms, as well as their more detailed rules on outsourcing. Each fine includes a 30% early settlement discount.

The bank was fined by both regulators as the failings resulted in breaches of both regulators’ rules, and went to both regulators’ statutory objectives (specifically, the FCA’s consumer protection objective and the PRA’s objective to promote firms’ safety and soundness). Although both regulators applied the same five-step penalty framework to calculate their penalties, the way in which they applied the framework led to different figures. In particular, because the PRA had previously fined the same bank for outsourcing failures in November 2015, the repeat failure was a significant aggravating factor that led to an uplift in the PRA’s penalty.

The new code aims to avoid customers being penalised for fraudsters’ actions.

By Andrea Monks and Nell Perks

Estimates indicate that fraudsters stole £1.2 billion from UK bank accounts in 2018 — a 16% increase on the previous year. UK Finance has described fraud as a “major threat to the UK”, and has confirmed that the finance industry is committed to tackling the issue. However, developments in banking that have led to quick and easy payment methods, combined with increasingly sophisticated cyber scams, mean that fraudsters continue to flourish.

There has been a particularly significant increase in authorised push payment (APP) fraud, in which a customer is tricked into making a payment to another account that is controlled by a criminal. Historically, victims of this sort of fraud have struggled to retrieve their money — only 23% of losses were returned last year.

The HKMA has issued three virtual banking licenses as part of its broader initiatives to develop the local banking industry.

By Simon Hawkins and Kenneth Hui

The Hong Kong Monetary Authority (HKMA) recently announced the issuance of the first virtual banking licenses to three entities.

Virtual banks in Hong Kong are banks that primarily deliver retail banking services through the internet or other electronic channels, instead of through physical branches.

The HKMA previously issued a press release on 7 December 2018 announcing that there had been around 30 virtual banking applications as of the end of August 2018, and the HKMA had shortlisted a third of the applications for the next stage of assessment.

Driven by payments innovation and new regulation, 2018 is cited as the year for some of the most significant changes retail banking has seen.

By Stuart Davis and Brett Carr

At the Westminster Business Forum for Digital Payments, Adoption, Innovation and Policy Priorities, Graeme McLean (Head of Banking, Lending & Distribution at the FCA) appraised a panel and audience including legislators, innovators, and market infrastructure providers on the regulatory state of play heading into 2018.

With the revised Payment Services Directive (PSD2) set to apply from 13 January 2018 (see Latham’s Client Alert Understanding PSD2: Key Points to Know About the Upcoming Regime), the industry finds itself, according to McLean, just weeks away from an impending “diversification the retail banking sector has never seen before”.