As regulatory thinking evolves, firms must ensure that any current or planned use of AI complies with regulatory expectations.

By Fiona M. Maclean, Becky Critchley, Gabriel Lakeman, Gary Whitehead, and Charlotte Collins

As financial services firms digest FS2/23, the joint Feedback Statement on Artificial Intelligence and Machine Learning issued by the FCA, Bank of England, and PRA (the regulators), and the UK government hosts the AI Safety Summit, we take stock of the government and the regulators’ thinking on AI to date, discuss what compliance considerations firms should be taking into account now, and look at what is coming next.

The FCA recently highlighted that we are reaching a tipping point whereby the UK government and sectoral regulators need to decide how to regulate and oversee the use of AI. Financial services firms will need to track developments closely to understand the impact they may have. However, the regulators have already set out how numerous areas of existing regulation are relevant to firms’ use of AI, so firms also need to ensure that any current use of AI is compliant with the existing regulatory framework.

A consultation that will remain open until 11 April 2023 offers further clarity on the proposals to regulate buy-now-pay-later products.

By Rob Moulton, Becky Critchley, Ella McGinn, and Dianne Bell

On 14 February 2023, HM Treasury published its consultation and accompanying draft legislation on the regulation of buy-now-pay-later (BNPL) lending. The consultation follows the proposals in HM Treasury’s prior publications released in October 2021 and June 2022, since the government announced its intention to bring currently unregulated

Digital asset activities of licensed institutions must be approved and will be assessed for potential safety and soundness risks.

By Arthur S. Long, Pia Naib, and Deric Behar

On December 15, 2022, the New York State Department of Financial Services (NYDFS) issued final guidance to covered institutions engaging in (or seeking to engage in) virtual currency-related activity (the Guidance). Such covered institutions are New York “banking organizations” — New York-chartered banks, trust companies, private bankers, savings banks, safe

The report, from UK Finance, The Payments Association, and Latham & Watkins, urges fresh thinking about regulating payments in the growing digital economy.

By Stuart Davis and Brett Carr

UK Finance, The Payments Association, and Latham & Watkins have published UK Payments Regulation Review: Making sense of where to go now, a new report examining regulation of the UK’s payments industry and its impact on the financial sector, consumers, and businesses.

Amidst the rapid digitalisation of the UK economy,

Elisabeth Stheeman of the Financial Policy Committee outlined the new frameworks for building operational resilience against cyber risks and protection of payment chains.

By Brett Carr and Stuart Davis

On 9 September 2020, Elisabeth Stheeman, an External Member of the Financial Policy Committee (FPC) for the Bank of England (BoE) delivered a speech entitled, “The Financial ‘Plumbing’ Committee: from Plumbing to Policy” outlining the changes that financial services firms can expect in two priority areas — cyber and payments — in order to build operational resilience of the financial system.

HM Treasury is planning significant changes to the financial promotion regime, including expanding its scope to certain cryptoassets, and amending the approval process for promotions of unauthorised firms.

By Stuart Davis, Sam Maxson, and Anna Lewis-Martinez

On 20 July 2020, HM Treasury published two consultation papers on a regulatory framework for approval of financial promotions and cryptoasset promotions. The consultations propose to establish a regulatory “gateway” that a firm must pass through before it is able to approve the financial promotions of unauthorised firms, and to bring certain types of cryptoassets into the scope of financial promotions regulations.

UK Treasury Committee report warns that the current level and frequency of disruption and consumer harm is unacceptable.

By Carl Simon FernandesNicola Higgs, Fiona M. MacleanChristian F. McDermottRob Moulton, Andrew C. Moyle, Stuart Davis, and Charlotte Collins

On 28 October 2019, the Treasury Committee published a report on IT failures in the financial services sector. The report sets out the findings from the Treasury Committee’s inquiry, which was launched following a number of high-profile and significant IT incidents. (See Senior MP Calls for Regulatory Crackdown on Banks’ IT Systems: 3 Things You Can do to Prepare.) Rather than looking into specific failures, the inquiry looked more holistically at why such incidents are becoming more frequent, how firms should be guarding against and responding to these incidents, and the role of the regulators in preventing and mitigating the impact of these incidents through their rules.

The report looks at various different aspects of the issues surrounding IT failures, including the nature of IT incidents and their common causes, the role of the regulators, and emerging risks to operational resilience.

By Andrew C. Moyle, Grace Erskine, and Charlotte Collins

As leading global financial and FinTech centres, the UK and Singapore will benefit from strengthening their cybersecurity alliance.

On 13 June 2019, the Bank of England, the Financial Conduct Authority, and the Monetary Authority of Singapore announced that they will be working together to strengthen cybersecurity in their countries’ financial sectors.

The regulators have characterised the aims of this new collaboration as “identifying effective ways to share information and exploring potential for staff exchanges”.

All three regulators have identified cybercrime as an increasing global problem. Speaking about the new initiative, Mark Carney, Governor of the Bank of England, said, “The average cost of cybercrime for financial services companies globally has increased by more than 40% over the past three years. Cyber risk is not constrained by geographic boundaries, making international cooperation essential to address this growing threat”.

The PSR is to consider whether there is effective competition in the market and makes clear that further reviews of the payments ecosystem could be triggered by its findings.

By Brett Carr, Stuart Davis, and Christian McDermott

The Payment Systems Regulator (PSR) has issued Draft Terms of Reference for a market review into the supply of card-acquiring services.

The PSR will use its powers under the Financial Services (Banking Reform) Act 2013 to carry out the market review in line with its statutory competition, innovation and service user objectives.

Effective competition in the payments market is a focus of the PSR, and this review follows shortly after dawn raids reported by the PSR in February 2018 as part of its first action under the Competition Act 1998.