Key developments of interest over the last month include: UK Payment Systems Regulator announces two market reviews on card fees; Reserve Bank of India publishes Payments Vision 2025; and U.S. Department of Commerce solicits public comments on digital asset technologies framework.

For previous editions of the Global Payments Newsletter, please visit our Financial Services practice page.

On 21 June 2022, the Payment Systems Regulator (PSR) announced its plans to carry out two market reviews focusing on card fees. One of the market reviews will look at scheme and processing fees (MR22/1.1), and the other at cross-border interchange fees (MR22/2.1).

The reviews focus on Mastercard and Visa as these two card payment system operators account for 99% of debit and credit card payments in the UK.

On scheme and processing fees, the PSR is carrying out this review because its Card-Acquiring Market Review (CAMR) found that the fees paid by acquirers had increased significantly from 2014 to 2018. Further feedback from stakeholders also highlights that scheme fees have continued to increase since then. The PSR wants to understand whether the markets in connection with scheme and processing fees are working well. This market review will examine the levels, structure and types of scheme and processing fees, and builds on the PSR’s CAMR findings.

In addition, cross-border interchange fees have also increased significantly in the last year. This affects fees for certain card transactions between the UK and the EEA, where the cardholder is not present (such as payments made by phone or online). Since the UK left the EU, Visa and Mastercard have increased these fees fivefold. The PSR wants to understand the rationale behind these increases and whether they are an indication that the market is not working well.

The draft terms of reference for the market reviews are open for consultation until 2 August 2022.

On 17 June 2022, the Reserve Bank of India (RBI) published its Payments Vision 2025 which proposes a number of innovative payment systems and regulation of BigTechs, Fintechs, Buy-Now Pay-Later (BNPL) systems, and the introduction of a Central Bank Digital Currency (CBDC), among other things. Some key points include:

On 19 May 2022, the U.S. Department of Commerce (Commerce) issued a notice and request for comment on developing a framework for leveraging and enhancing U.S. competitiveness in digital asset technologies (which include cryptocurrencies, stablecoins, and central bank digital currencies, among others) as mandated by the Biden Administration’s 9 March 2022 Executive Order.

The Executive Order directs the Secretary of Commerce, in consultation with the Secretary of State, the Secretary of the Treasury, and heads of other relevant agencies to establish a framework that will complement U.S. engagement in international forums, such as the Group of 7, Group of 20, the FATF and the FSB, to elevate the importance of responsible development of digital asset technologies. The Executive Order instructs that Commerce release the framework by 5 September 2022.

The notice seeks comment from industry on matters relevant to the Commerce’s development of the framework and invites responses to seventeen specific questions, including the following examples:

Comments are due to Commerce by 5 July 2022.

For more on this development, take a look at this Engage article by members of Hogan Lovells’ Washington, D.C. office.

On 3 June 2022, the Jamaican Senate approved a Bill giving authority to the Bank of Jamaica (BOJ) to issue the Central Bank Digital Currency (CBDC) JAM-DEX as legal tender locally.

The Bill was approved following the successful pilot undertaken between August and December 2021. Full CBDC implementation is expected to significantly reduce traditional challenges associated with many Jamaicans not having a bank account. It will also allow businesses to engage in more efficient cash management.

On 20 May 2022, the FCA published a speech by Charles Randell, FCA Chair, on regulating finance for the whole of the UK. Points of interest in the speech include the following:

On 8 June 2022, HM Treasury (HMT) published a policy statement outlining a proposal to regulate third parties to financial services and financial market infrastructure firms (Firms).

The proposal aims to allow UK regulators to directly oversee services provided by critical third parties, to ensure the resilience of financial services, and reduce the risk of systemic disruption, and proposes to do this by enacting primary legislation. The proposed regime also aims to be flexible and proportionate.

Key aspects of the proposal include:

The government intends to introduce the primary legislation for this proposed regime “when parliamentary time allows”. After such legislation is introduced, the financial regulators will publish a joint discussion paper setting out how they propose to use their powers. Following Royal Assent, the regulators anticipate publishing a further consultation paper on their proposed rules, building on feedback to the joint discussion paper and based on their proposed, new statutory powers. Once the regulators' rules have been finalised, HMT expects to begin designating the first critical third parties under the new regime.

For more on the policy paper, take a look at this Engage article by members of Hogan Lovells’ London office.

On 25 May 2022, the PRA published a speech by Duncan Mackinnon, Executive Director for Supervisory Risk Specialists, on operational resilience.

In the speech, Mr Mackinnon considers the PRA's supervisory expectations of firms, including banks and insurers, in their implementation of the operational resilience framework ahead of the March 2025 deadline. Among other things, he discusses:

On 23 May 2022, HMRC published a consultation on expanding the Investment Transactions List (ITL) for the Investment Management Exemption (IME) and other fund tax regimes to consider adding transactions in cryptoassets to the ITL as transactions that benefit from the IME. HMRC considers that cryptoasset investments would not generally fall within the current ITL.

HMRC is consulting on the appropriate definition of ‘cryptoassets’ to use in the extended ITL and indicates that it may mirror the definition of cryptoassets contained in the OECD Crypto-Asset Reporting Framework subject to exclusions for transactions in land, cryptoassets that provide for the transfer of intangible assets not already included in the ITL and closed-loop cryptoassets.

This consultation is one of a package of measures to ensure that the UK financial services sector remains at the cutting edge of technology, and the UK a global cryptoasset technology hub, as referred to by HM Treasury in April 2022.

The consultation closes on 18 July 2022.

On 25 May 2022, the Chamber of Deputies in Paraguay approved a bill that establishes a legal framework for the mining, commercialisation, exchange, transfer, custody and administration of cryptoassets and instruments that provide control over cryptoassets.

On 8 June 2022, the New York State Department of Financial Services (NYDFS) published formal stablecoin guidance, making it the first state in the United States to do so.

The guidance sets out that stablecoins traded in the U.S. state of New York should be fully backed by certain assets, with these assets segregated from the issuers’ operational funds and attested to by an auditor regularly. According to NYDFS’s guidance, stablecoins, the value of which is intended to be pegged to the U.S. dollar or other assets, must be backed by a reserve composed of U.S. Treasury bills with no more than three months to maturity, U.S. Treasury notes, some types of U.S. Treasury bonds or reverse repurchase agreements that are collateralised by Treasury bills.

On 3 June 2022, it was reported that the Japanese Parliament passed a stablecoin bill which aims to protect investors and the financial system from risks associated with the rapid adoption of stablecoin. Key elements of the bill are reportedly as follows:

The new legal framework will reportedly take effect in 2023, with Japan’s Financial Services Agency planning to introduce regulations for stablecoin issuers in the coming months.

On 20 May 2022, following their meeting, G7 finance ministers and central bank governors published their communiqué on their future actions and priorities.

Among other things, the group reiterated their support for the Financial Stability Board (FSB) and called on it to accelerate its efforts to implement a regulatory framework for cryptoassets and their service providers. Given the recent developments and uncertainty in the cryptoasset market, the G7 are asking the FSB to coordinate with international standard-setters to rapidly develop and implement a consistent and comprehensive regulation of cryptoasset issuers and service providers. The aim is to hold cryptoassets (including stablecoins) to the same standards as the rest of the financial system. Critically, the G7 have called for the implementation of the FATF ‘travel rule’, with the implementation of stronger disclosure and regulatory reporting requirements.

The group also highlights the opportunities and challenges posed by CBDCs, and encourages jurisdictions exploring CBDC initiatives to consider, in particular, their international and cross-border dimensions.

On 18 May 2022, the Bank for International Settlements (BIS) published a working paper on the impact of cryptocurrencies on the global financial system.

The paper calls for regulatory action to address gaps in the reporting of crypto-trading data and to establish a more level playing field with regard to the regulatory treatment of traditional financial institutions and the cryptocurrency ecosystem. The paper also calls for cryptocurrencies and crypto exchanges to be subject to the same types of regulation and oversight as economically equivalent asset classes and institutions, including with regards to financial stability, consumer protection, and AML/CFT standards. Finally, the paper calls for a systematic collection and publication of cryptocurrency data in order to help authorities oversee and regulate cryptocurrencies.

On 16 May 2022, the Australian Taxation Office (ATO) set out its tax priorities for 2022 which include, among other things, the monitoring of citizens’ reporting of cryptoasset and non-fungible token (NFTs) capital gains and losses.

The statement sets out that if citizens dispose of an asset such as property, shares, or a cryptoasset (including NFTs) this financial year, they will need to calculate a capital gain or capital loss and record it in their tax return.

On 31 May 2022, the Monetary Authority of Singapore (MAS) announced the launch of Project Guardian, a collaborative initiative with the financial industry that seeks to explore the economic potential and value-adding use cases of asset tokenisation.

Project Guardian will test the feasibility of applications in asset tokenisation and Decentralised Finance (“DeFi”) while managing risks to financial stability and integrity. MAS aims to develop and pilot use cases in four main areas:

On 24 May 2022, the European Central Bank (ECB) published a report on the risks arising from cryptoassets.

The report forms part of the ECB's May 2022 Financial Stability Review, in which it assesses the current financial stability vulnerabilities facing the EU financial markets. The chapter on cryptoassets notes that, if the current crypto market trends continue (such as increasing interconnectedness with the traditional financial sector), cryptoassets will begin to pose a risk to financial stability.

The ECB therefore calls on the EU to close regulatory and data gaps in the cryptoasset ecosystem to ensure that financial stability risks are sufficiently mitigated.

In the EU, the Markets in Cryptoassets (MiCA) Regulation should be approved by the co-legislators as a matter of urgency to ensure it is applied sooner rather than later. However, MiCA is only a first step. Sectoral regulations will need to be reviewed to ensure financial stability risks posed by cryptoassets are mitigated. Any further steps that allow the traditional financial sector to increase its interconnectedness with the cryptoasset market space should be carefully weighed up, and priority should be given to avoiding financial stability risks.

On 1 June 2022, ESMA published a speech by Verena Ross, ESMA Chair, on delivering the Capital Markets Union (CMU). Topics covered included digital transformation and cryptoassets. Ms Ross explained that ESMA welcomes the Commission's proposed Markets in Cryptoassets (MiCA) Regulation and is already reflecting on how it will fulfil the mandates it may be given. She noted that it wants to play a greater role in the authorisation and supervision of significant cryptoasset services providers.

On 17 June 2022, it was announced that the Bank of Israel has partnered with the Hong Kong Monetary Authority and the Bank of International Settlements (BIS) to test the feasibility of a cyber-secure two-tier CBDC. The BIS’s Innovation Hub in Hong Kong will lead this initiative, referred to as "Project Sela”.

Project Sela will study the data security implications of a two-tier retail CBDC architecture where the intermediaries will have no financial exposure, and pioneer methods of making it more resilient to cyber-attacks. The Project is expected to be completed by the end of 2022.

On 14 June 2022, it was reported that the Central Bank of Nigeria is extending the eNaira service to phones, after the launch of its CBDC pilot in October 2021.

Initially, the offering was only available to bank account holders and via smartphone apps. Now the Central Bank plans to extend the payment service to include phones by using Unstructured Supplementary Service Data (USSD) codes which operate similarly to SMS. The hope is that this will further boost financial inclusion, which currently stands at around 70%.

Typically, the USSD codes involve texting a special number, and a response is sent to the user, giving them a menu of options, such as sending a payment. Initiating the payment involves the user sending another message.

On 31 May 2022, the Federal Reserve published a staff working paper on the impact that a retail CBDC could have on the balance sheets of the Federal Reserve, commercial banks and U.S. households, and the subsequent impact on U.S. monetary policy implementation.

The working paper points out that the potential effects on monetary policy implementation from a retail CBDC are highly dependent on the initial conditions of the Federal Reserve’s balance sheet. Regardless of the initial conditions in reserve markets, the paper also shows that the adoption of a retail CBDC could be a direct substitute for bank funding sources, such as deposits, and thus could put upward pressure on prices in short-term funding markets. The amount of pressure on money market rates would also depend on the level of demand for a retail CBDC and how that interacts with banks’ demand for reserves.

The paper also sets out the tools the Federal Reserve has to manage CBDC and banks’ short term liquidity needs.

On 16 June 2022, the European Central Bank (ECB) published a speech by Executive Board member Fabio Panetta, entitled ‘Bringing European payments to the next stage: a public-private endeavour’. In his speech, Mr Panetta discusses the EU’s retail payments strategy and the introduction of a digital euro. Key points from the speech include:

On 31 May 2022, HM Treasury (HMT) published a consultation setting out the government’s proposed approach to managing the failure of systemic digital settlement asset firms, by way of the application to such firms of a modified Financial Market Infrastructure Special Administration Regime (FMI SAR).

HMT uses the broad term “digital settlement asset” (DSA) to refer to stablecoins of the type consulted on previously, together with wider forms of digital assets used for payments/settlement. HMT uses the term “systemic DSA firm” to refer to systemic DSA payment systems and/or an operator of such a system or a DSA service provider of systemic importance. In the case of stablecoins, this might include – but is not limited to – the issuer of a stablecoin, a wallet, or a third-party service provider.

In advance of any consideration of the need for a bespoke legal framework for systemic DSA firms, HMT considers an amended FMI SAR to be the most appropriate vehicle through which to address the risks posed by the possible failure of systemic DSA firms which are not banks (as banks are catered for by separate pre-established regimes).

The consultation closes on 2 August 2022. HMT will then consider respondents’ views and publish a consultation response. Separately, HMT will be consulting in the coming months on the regulatory perimeter for systemic payments firms at large.

On 2 June 2022, Regulation (EU) 2022/858 on a pilot regime for market infrastructures based on distributed ledger technology (DLT Pilot Regime Regulation) was published in the Official Journal of the EU.

The DLT Pilot Regime Regulation provides a legal framework for the trading and settlement of transactions in cryptoassets that qualify as financial instruments within the meaning of the MiFID II Directive (2014/65/EU) to allow for the trading and settlement of "tokenised" securities. Cryptoassets that are not financial instruments will fall to be regulated under the regulatory framework established under the proposed Markets in Cryptoassets (MiCA) Regulation.

The DLT Pilot Regime Regulation also makes certain amendments to the MiFID II Directive (2014/65/EU), the Markets in Financial Instruments Regulation (600/2014) (MiFIR) and the Central Securities Depositories Regulation (909/2014) (CSDR). This is necessary as pre-existing financial services legislation was not created with DLT and cryptoassets in mind and includes provisions that could potentially limit the use of blockchain technology.

The DLT Pilot Regime Regulation came into force on 22 June 2022. It will apply in EU member states from 23 March 2023, except for Articles 8(5), 9(5), 10(6) and 17, which apply from 22 June 2022, and Article 16, which will apply (retrospectively) from 4 July 2021.

On 14 June 2022, the FCA published a guidance consultation on branch and ATM closures or conversions, setting out proposed updated guidance for firms.

The FCA published finalised guidance on branch and ATM closures or conversions in September 2020. It wants to update the original guidance to ensure that its expectations under its Principles for Businesses are clear.

The FCA proposes, among other things, to:

The consultation closes to comments on 26 July 2022.

On 19 May 2022, HM Treasury (HMT) published its response to its consultation paper on access to cash.

HMT consulted on its proposed policy approach to developing legislation to protect access to cash in July 2021. In the document, it summarises the main responses received to the consultation and provides an overview of its planned approach to legislating for access to cash in the planned Financial Services and Markets Bill.

HMT plans to designate firms for the purpose of ensuring continued access to cash across the UK. As proposed in its consultation, it intends to designate the largest banks and building societies, using the criteria set out in the consultation paper. Also, in line with its proposals, HMT will have powers to introduce legislative geographic access requirements that would be set out the basis of cash access facilities being available within maximum distances of a minimum percentage of the population.

The FCA will be the lead regulator for retail cash access and will have appropriate powers to ensure that designated firms continue to provide deposit and withdrawal facilities across the UK. The FCA will address cash access issues at both a national and local level. It will have responsibility and powers to monitor and enforce compliance by designated entities on any cash access requirements, and its powers will be broadly consistent with its existing regulatory toolkit for other regulated activities. The FCA will also have powers to obtain information from designated firms and other organisations involved in the provision of cash facilities.

On 17 May 2022, the FCA published a new webpage on reporting sanctions evasion or weaknesses in sanctions controls.

The FCA wants to hear about sanctions evasion issues where they relate to firms on the financial services register, other FCA registers or companies with UK-listed securities.

The FCA will review firms' reports to see if its teams need to take any further action. It notes that it will be unable to share any action it may take on a report. The webpage states that even if the information provided does not result in the FCA taking formal action against a firm or individual, it may help it build up a picture of conduct risk or inform how it develops policy and work with partners to assist the UK enforcement of sanctions.

On 8 June 2022, the Office of Financial Sanctions Implementation (OFSI) announced that it was updating its enforcement and monetary penalty guidance for breaches of financial sanctions in line with changes brought about by the Economic Crime (Transparency and Enforcement) Act 2022 (EC(TE)A).

The guidance sets out the powers that OFSI has to impose monetary penalties, how it exercises those powers and details the rights of those against whom OFSI imposes a monetary policy. Of significance among the changes is that following the entry into force of the EC(TE)A, OFSI is no longer required to prove that a person had knowledge or reasonable cause to suspect that a person was in breach of a financial sanction in order to impose a monetary penalty. Notwithstanding that change in the law, OFSI has confirmed that it will take into account the level of actual and expected knowledge of financial sanctions held by an individual or company in assessing the seriousness of any breach and the action which ought to be taken by it as a result.

The guidance also confirms that OFSI will continue to impose a level of monetary penalty that it intends to be clearly and consistently related to its view of the impact of the case and the value or estimated value of the breach. Additionally, the value of the discount is specified to range up to a maximum of 50% for voluntary disclosure in a "serious" case and 30% for voluntary disclosure in a case assessed by it to be "most serious".

The updated guidance took effect from 15 June 2022.

On 1 June 2022, the European Supervisory Authorities (ESAs) (that is, the EBA, ESMA and EIOPA) published a joint report that discusses the completeness, adequacy and uniformity of the applicable laws and practices on the withdrawal of authorisation for serious breaches of Anti-money Laundering (AML) and Counter-terrorist Financing (CTF) rules.

The report identifies areas of improvement for the framework relating to applicable sectoral legislation or where additional analysis is needed (for example, interaction between resolution and the AML and CTF regimes). It also sets out criteria for the notion of serious breach of AML/CTF rules.

The ESAs suggest introducing a specific legal ground to revoke authorisation for serious breaches of AML and CTF rules and that competent authorities ensure that adequacy of AML and CTF arrangements and processes is a condition for granting authorisation or registration.

The report highlights the need for the proposed Markets in Cryptoassets (MiCA) Regulation to appropriately integrate AML and CTF issues in the prudential supervision of entities that will be regulated under that regime.

On 14 June 2022, the EBA published a final report containing guidelines on policies and procedures in relation to compliance management and the role and responsibilities of the Anti-money Laundering and Countering the Financing of Terrorism (AML/CFT) compliance officers under Article 8 and Chapter VI of the Fourth EU Money Laundering Directive (MLD4).

The guidelines apply to all existing management body structures and are described as complementing relevant guidelines issued by the European Supervisory Authorities on wider governance arrangements and suitability checks.

The guidelines set out expectations of the role, tasks and responsibilities of the AML/CFT compliance officer and the management body. Among other things, they specify that credit or financial institutions should appoint one member of their management body who will ultimately be responsible for the implementation of AML/CFT obligations, and clarify the tasks and functions of that person. They also describe the roles and responsibilities of the AML/CFT compliance officer, when this person is appointed by the management body under proportionality criteria.

The guidelines now need to be translated and published on the EBA website. The deadline for competent authorities to report whether they intend to comply with the guidelines is six months after the publication of the translations. The guidelines will apply from 1 December 2022.

On 9 June 2022, the Economic Crime (Transparency and Enforcement) Act 2022 (Commencement No 2 and Saving Provision) Regulations 2022 (SI 2022/638) were made. On 15 June 2022, the Regulations brought into force three provisions in Chapter 1 of Part 3 of the Economic Crime (Transparency and Enforcement) Act 2022 which relate to financial sanctions.

On 15 June 2022, HM Treasury published the response to its call for evidence and consultation on possible amendments to the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (MLRs 2017) and the Oversight of Professional Body Anti-Money Laundering and Counter Terrorist Financing Supervision Regulations 2017 (OPBAS Regulations). Some key points from the response include the following:

On 17 June 2022, the UK Financial Intelligence Unit (UKFIU) of the National Crime Agency (NCA) published revised guidance on Suspicious Activity Report (SAR) glossary codes and reporting routes. The revised booklet replaces all previous publications.

The revised guidance includes new codes for SARs where the value is less than £3,000 and where you are unaware of any existing law enforcement interest at the time of reporting.

The use of glossary codes is considered good practice. They are crucial for enabling the UKFIU and wider law enforcement to conduct analysis to identify money-laundering trends, high risk cases for development and take immediate action where necessary. They also enable the production of feedback to reporters on trends and patterns identified in SARs.

The guidance also highlights, among other things, that the SARs regime is not a route to report crime or matters relating to immediate risks to others. The SARs regime is for reporting knowledge or suspicions of money-laundering, or belief or suspicions relating to terrorist-financing. As such, in addition to a SAR, the matter may have to be reported via other routes to ensure the right information gets to the right organisation.

On 25 May 2022, the long-awaited decree of the Ministry of Economy and Finance regarding the establishment and regulation of the beneficial owner (UBO) register in Italy was published in the Official Gazette (the Decree).

The Decree implements Legislative Decree 231/2007 on the prevention of the use of the financial system for the purposes of money laundering and terrorist financing (AML Law).

Under the Decree, Italian based companies having legal personality, private legal persons, trusts and institutions similar to trusts will be required to report information on their UBO to the Companies Register for registration purposes.

The information to be reported must include, among other things, the identification data of the relevant UBO and, in the case of companies, the criterion pursuant to which the relevant natural person(s) has/have been identified as UBO(s). Further information is to be reported depending on the nature of the relevant reporting entity.

For more on this development, take a look at this Engage article by members of Hogan Lovells’ Rome office.

On 8 June 2022, the Ministry of Justice published a memorandum providing an updated post-legislative assessment of the Fraud Act 2006 for submission to the House of Lords Select Committee on the Fraud Act 2006 and digital fraud.

The responses obtained in the review supported the view that the Fraud Act 2006 continues to deliver on its objectives and is still regarded as an incredibly useful piece of legislation. The offences are considered wide enough to cover most fraudulent offending, including those which are digitally enabled, and flexible enough to adapt to developing technology.

Suggestions for change included that it was felt that the maximum sentence for Fraud Act offences did not align with other offences such as money laundering.

On 17 June 2022, FATF published a document setting out the outcomes from its plenary meeting which took place from 14 to 17 June 2022.

At the meeting, among other things FATF:

On 17 June 2022, the Department for Culture, Media and Sport (DCMS) published the response to its consultation "Data: a new direction", setting out the government's plans to reform the UK's data protection regime.

The reforms are part of the government's National Data Strategy and the consultation presented proposals that build upon the UK's current regime.

Some proposals being taken forward include:

The upcoming Data Reform Bill, which was announced in the Queen's Speech on 10 May 2022, will draw on the results of the consultation.

For more on the DCMS’ consultation response, take a look at this Engage article by members of Hogan Lovells’ London office.

On 16 May 2022, the Council of the European Union formally adopted the Regulation on European data governance and amending Regulation (EU) 2018/1724 (Data Governance Act, DGA) (2020/0340 (COD)). On 3 June 2022, the Regulation was published in the Official Journal of the European Union.

The DGA, which was first proposed in November 2020, aims to increase trust in data sharing, create new rules on the neutrality of data marketplaces and facilitate the use of public sector data.

The DGA entered into force on 23 June 2022 and the new rules will apply from 24 September 2023.

On 25 May 2022, the European Commission released long-awaited guidance for the Standard Contractual Clauses (SCC) adopted in June 2021. The Commission has developed Questions and Answers (Q&A) as a dynamic source of practical guidance on the use of SCCs. The Q&As respond to industry feedback on key practical aspects of the SCCs.

Some of the most notable takeaways from the Q&As are as follows:

For more on the Q&As, take a look at this Engage article by members of Hogan Lovells’ London and Hamburg offices.

On 31 May 2022, the European Data Protection Board (EDPB) announced in a news release that it had published documents adopted at its May 2022 plenary sessions.

At its 4 May plenary it adopted an EDPB-EDPS Joint Opinion on the proposed EU Data Act.

At its 12 May plenary, it adopted the following documents:

At its 66th Plenary session on 14 June 2022, the European Data Protection Board (EDPB) adopted guidelines on certification as a tool for transfers.

Certifications can be used as a tool for transferring personal data to third countries under Article 46(2)(f) of the EU GDPR where there is no adequacy agreement and are an alternative to standard contractual clauses.

The guidelines provide further clarification on the practical use of this transfer tool including purpose, scope, accreditation requirements for certification bodies, criteria for demonstrating the existence of appropriate safeguards for transfers and the binding and enforceable commitments to be implemented. They complement guidelines 1/2018 on certification, which provide more general guidance.

The guidelines will be subject to public consultation until the end of September 2022.

On 26 May 2022, the UK government launched a call for views on measures to enhance the security of data centres and cloud services as part of its National Data Strategy to ensure the security and resilience of the infrastructure on which data relies.

Contributions are invited from data centre operators, cloud platform providers, data centre customers, security and equipment suppliers and cyber security experts to understand the risks data storage and processing services face. The call for views will also ask companies which run, purchase or rent any element of a data centre to provide details of the types of customers they serve.

The government wishes to understand what digital security tools are currently used in other regulated sectors to address security and resilience vulnerabilities.

Based on the evidence, the Department for Digital, Culture, Media and Sport (DCMS) will decide whether any additional government support or management is needed to minimise the risks that data storage and processing infrastructure face.

The call for views is open until 24 July 2022, and responses will be used to evolve existing government support and develop new policy solutions.

On 27 May 2022, the California Privacy Protection Agency (CPPA) – the new state privacy agency established under the California Privacy Rights Act (CPRA) – published Draft Proposed Regulations (Draft Regulations) ahead of its 8 June 2022 Board meeting.

The Draft Regulations would make a significant number of changes to the CPPA regulations, including:

For more on the Draft Regulations, take a look at this Engage article by members of Hogan Lovells' Washington, D.C., Denver and Miami offices.

On 29 April 2022, the National Information Security Standardisation Technical Committee issued the Draft Guidance on Network Security Standardised Practice – Technical Specification for Certification of Personal Information Cross-Border Processing Activities (Draft Specification), shedding some light on the certification mechanism set out in the Personal Information Protection Law (PIPL) that took effect from 1 November 2021.

The Draft Specification elaborates detailed requirements for the certification. Some key takeaways include:

For more on the Draft Specification, take a look at this Engage article by members of Hogan Lovells’ Hong Kong and Beijing offices.

On 13 June 2022, the UK government published a beta version of its digital identity trust framework following testing and feedback. The framework is designed to set standards and rules that will foster trust in digital identity products, and will now be the subject of further testing.

The first version of the framework was published in February 2021, and this was replaced by an updated alpha version in August 2021. The beta version differs from the alpha version in the following key ways:

A data protection impact assessment of the trust framework will be published in due course, and future legislation will provide for a certification trust mark relating to the framework.

On 13 June 2022, the UK government's Department for Digital, Culture, Media and Sport (DCMS) published a policy paper on developing an outcomes monitoring framework for the Plan for Digital Regulation (the Plan), published in July 2021.

The policy paper sets out the objectives and outcomes of regulating digital technologies in relation to promoting innovation and competition, keeping the UK safe and secure online, and promoting a flourishing democratic society. In particular, the paper sets out the following objectives on innovation and competition:

The paper sets out an initial set of indicators and planned next steps to strengthen the evidence base. However, it includes a call for evidence to seek views by 5 September 2022 on what indicators could feed into this work and address evidence gaps.

On 2 June 2022, the Monetary Authority of Singapore (MAS) and the Association of Banks in Singapore (ABS) announced additional measures to further safeguard customers from digital banking scams. These measures complement other measures announced on 19 January 2022.

In consultation with MAS and the Singapore Police Force (SPF), banks are progressively implementing the following additional measures, which will be in full effect by 31 October 2022:

To ensure sustained investment in the industry’s anti-scam initiatives, an ABS Standing Committee on Fraud, comprising the seven domestic systemically important banks, will take forward the work of the Anti-Scam Taskforce established in 2020. The Committee will report directly to the ABS Council and will drive the industry’s anti-scam efforts, implement robust measures to safeguard customers, and reinforce public confidence in the security of digital banking.

On 27 May 2022, the CMA published the final report of an independent review of the "lessons learned" review of the implementation of the Open Banking remedies, implemented following the CMA's Retail Banking Market Investigation. The review makes seven recommendations to the CMA, which has committed to implementing the recommendations in full. It will publish a further update next year on its progress in implementing a work programme on remedies, which will be shaped by the outcome of the review.

On 7 June 2022, HM Treasury published its response following its consultation proposing a Senior Managers and Certification Regime (SM&CR) for financial market infrastructures (FMIs).

Having reviewed the responses, HM Treasury intends to design and implement an SM&CR for central counterparties (CCPs) and central securities depositories (CSDs). The government will legislate to create a new SM&CR ‘gateway’, when parliamentary time allows, which will enable HM Treasury to lay statutory instruments to apply the SM&CR to CCPs, CSDs, and, in the future, potentially to credit rating agencies and recognised investment exchanges.

HM Treasury also intends to legislate to implement an SM&CR for payment systems recognised under the Banking Act 2009 (recognised payment systems) and specified service providers to those recognised payment systems. However, this will be taken forward separately in the light of a forthcoming review of the regulatory perimeter for systemic firms in payments chains by the Bank of England.

HM Treasury does not currently plan to launch any further consultations on the underlying framework for the SM&CR. It will set out further details of its plans to implement the SM&CR for CCPs and CSDs in due course.

On 24 May 2022, the Payment Systems Regulator (PSR) published a consultation paper (CP22/2) on requirements for further participation in the Confirmation of Payee (CoP) service.

In CP22/2, the PSR outlines its proposal to give a specific direction requiring approximately 400 payment service providers (PSPs) to implement a system to offer CoP to their customers (both as payers and payees).

The PSR is keen to see more firms providing CoP protection. It is concerned that PSPs have been slow to implement CoP while there are still many consumers who are not protected from authorised push payment (APP) fraud and misdirected payments.

Because of the volume of PSPs involved, the PSR proposes giving a direction that splits the requirements for PSPs to implement a system to provide CoP into two groups:

Comments can be made on the proposals until 8 July, 2022. If the PSR decides to proceed with the proposed direction, it plans to do so around 8-10 weeks after the July deadline.

On 25 May 2022, the European Payments Council (EPC) published revised versions of the following Single Euro Payments Area (SEPA) rulebooks:

The EPC has also published guidance on the migration to the 2019 version of the ISO 20022-based XML messaging standard (EPC087-22) and guidance to improve transparency for retail payment end-users (EPC088-22).

On 25 May 2022, the European Payments Council (EPC) launched a public consultation on possible modifications to the SEPA Request-to-Pay (SRTP) scheme rulebook. The aim of the consultation is to ensure the SRTP scheme is able to develop with an evolving payments market. The consultation document can be found here. It includes:

The consultation closes on 26 August 2022.

On 13 May 2022, the FCA published a consultation paper (CP22/9) on expanding the dormant assets scheme (Scheme).

The Scheme allows banks and building societies to pay dormant monies to an authorised reclaim fund which then puts this money towards funding good causes. The FCA has been working with HM Treasury and Reclaim Fund Ltd (RFL) to expand the Scheme. In the light of this work, the FCA is proposing amendments to its rules and guidance to enable insurance, pension and securities firms to contribute dormant assets to an expanded Scheme.

The FCA will continue to work with HM Treasury, RFL and the industry to facilitate expansion of the Scheme for investment assets and client money. It has agreed to a staggered approach to expanding the Scheme to reflect differences between the different asset classes and their resolution processes.

Comments could be made on CP22/9 until 17 June 2022. The FCA hopes to finalise its proposals in July 2022.

On 27 May 2022, the Dormant Assets Act 2022 (Commencement) Regulations 2022 were published. The Regulations, which were made on 24 May 2022, bring into force on 6 June 2022 those provisions of the Dormant Assets Act 2022 that were not already in force, including the provisions relating to securities assets (sections 14 to 17) which, briefly, provide for the inclusion within the scope of the Scheme of the proceeds and distributions from dormant shares in public limited companies traded on a UK-regulated market or UK multilateral trading facility and unclaimed proceeds from corporate actions.

On 19 May 2022, the FCA updated its webpage on its Linked Services List under the Payment Accounts Regulations 2015 (PARs). It announced in April 2022 that, following a review, it would not update the list.

The FCA has now provided more information on stakeholder feedback to its review and next steps for firms. Among other things, while stakeholders felt that the list was generally appropriate, some suggested the FCA could consider adding further services and some suggested that services like cancelling a cheque have become an outdated payment method and should be removed from the list.

The FCA confirms that it will review the list again within four years, so by April 2026.

On 10 June 2022, HM Treasury and the Financial Services Agency of Japan (JFSA) published a joint statement on the first meeting of the UK-Japan Financial Regulatory Forum, which was held on 9 June 2022.

The Forum is responsible for steering financial regulatory co-operation between the UK and Japan. Annex 8-A to the UK-Japan Comprehensive Economic Partnership Agreement (CEPA), which was signed in October 2020, contains provisions on the establishment of the Forum.

HM Treasury and the JFSA have also published an exchange of letters (also dated 9 June 2022) setting out a framework for regulatory co-operation, as envisaged in Annex 8-A.

HM Treasury and the JFSA have operationalised the provisions in Annex 8-A that provide for the establishment of working groups to bring experts together to examine specific issues of mutual interest. They have agreed to establish a number of working groups, including one on innovation. This group will share expertise on payments, cryptoassets and financial innovation. It will consider how to support more innovative firms to establish and grow and how licensing and authorisation processes could be improved.

On 17 May 2022, the World Bank published a paper on Fintech and the Future of Finance.

The report explores the digital transformation underway in financial services and the implications of fintech on market outcomes, as well as regulation and supervision. It looks at the range of new market providers, business models, and products which have amplified the need for updated legal, regulatory and supervisory frameworks.

The report aims to be a useful guide for policymakers around the world as they seek to manage long-standing risks, and maximise the economic and social benefits of financial innovation.

On 16 June 2022, the House of Commons Treasury Committee published a report on the future of financial services regulation.

The committee's conclusions and recommendations relate to issues including:

On 14 June 2022, the House of Commons European Scrutiny Committee announced the launch of its new inquiry into regulating after Brexit and invited interested parties to submit written evidence by 22 July 2022.

The Committee observed that the UK government has made post-Brexit regulatory reform a priority. Alongside the Retained EU Law Bill, the Queen's Speech 2022 announced forthcoming legislation in the areas of agriculture, financial services and data, and the Committee considers it likely that other important sectors of the economy will be affected by the government's plans. The inquiry seeks to understand the views of affected stakeholders on questions such as:

On 14 June 2022, the Financial Ombudsman Service (FOS) published a discussion paper on creating a funding model for the future, which sets out possible changes to how the FOS is funded. The FOS is committed to considering revisions to its funding model, including those that might incentivise constructive behaviour by the industry, to resolve cases more quickly, and to ensure the financial sustainability of the FOS.

Options for a future funding structure include introducing a differentiated case fee model to reflect the range of case complexity. The paper also sets out a plan for charging different case fees according to the stage the case has reached before it is resolved.

The paper contains potential ideas on long-term funding issues that focus on charging professional representatives (i.e. claims management companies) a fee to bring complaints, offering a discount for cases resolved in batches and introducing supplementary fees for uncooperative firms.

The consultation closes to comments on 5 August 2022.

On 16 June 2022, the Council of the EU published a statement made by the Eurogroup (the finance ministers of EU member states in the eurozone) on the future of the Banking Union.

In the statement, the Eurogroup states that work on the Banking Union should focus on strengthening the EU bank Crisis Management And Deposit Insurance (CMDI) framework. The Eurogroup has agreed on the broad elements that it considers should underpin a strengthened CMDI framework, including further harmonisation of the use of national Deposit Guarantee Schemes (DGSs) in crisis management, while ensuring appropriate flexibility for facilitating the market exit of failing banks in a manner that preserves the value of the bank's assets. There should be a harmonised least-cost test, administered by national authorities, to govern the use of DGS funds outside payout to covered depositors.

The Eurogroup states that, following the focus on revisions to the CMDI, it will identify "in a consensual manner" possible further measures with regard to the other outstanding elements to strengthen and complete the Banking Union.

The European Commission has indicated that it intends to adopt legislative proposals to revise the CMDI framework later in 2022.

On 20 June 2022, Stripe announced it is expanding its bank transfer offering, which was only previously available to businesses in Japan, to businesses in the UK, the EU and Mexico. The bank transfer launch aims to take the friction out of bank transfers, saving time and resources for users.

On 10 June 2022, MoneyGram announced its partnership with the Stellar Development Foundation, which will enable users in the U.S., Canada, Kenya and the Philippines to buy cryptocurrency using cash, as well as withdraw crypto holdings in cash. Digital wallet users will be able to move cash to cryptocurrency without requiring a bank account or credit card.

On 13 June 2022, Visa announced the launch of its first crypto card in Latin America. This new offering will allow customers to make purchases in local fiat anywhere that Visa is accepted, purchase cryptoassets with existing credentials, and receive cashback in Bitcoin or other digital currencies.

On 6 June 2022, Marqeta and Western Union announced their European partnership, which will enable Western Union’s entire remittance service to be offered online, with funds to be disbursed to a physical or virtual Visa card.

On 7 June 2022, Paypal announced its users will be able to transfer, send and receive cryptocurrencies between PayPal and other wallets and exchanges. This will allow users to send crypto to family and friends on PayPal in seconds, with no fees or network charges.

On 7 June 2022, Checkout.com announced its partnership with FireBlocks, which will offer merchants the flexibility of 24/7 stablecoin settlement. This will give merchants around-the-clock access to liquidity.

On 2 June 2022, MoneyGram announced their partnership with Mobily Pay, to launch MoneyGram’s international transfer capabilities on Mobily Pay. This will enable millions of consumers in Saudi Arabia to use the Mobily Pay mobile wallet to send money around the world in near real-time.

On 17 May 2022, Mastercard launched its new Biometric Checkout Program globally. Once consumers are enrolled in the programme, they can pay for products using facial recognition technology, allowing them to pay with a smile or a wave.

On 12 May 2022, it was reported that TrustPay has launched Single European Payments Area (SEPA) instant payments. This will enable TrustPay clients to make instant transactions with the immediate settlement of funds.

On 15 June 2022, it was reported that Revolut is launching a streamlined version of its app in 5 new countries – Sri Lanka, Chile, Ecuador, Azerbaijan and Oman - allowing customers to transfer money to over 50 countries using more than 30 currencies.

On 15 June 2022, the Bank of Ghana announced the launch of GhanaPay, a mobile wallet open to the country’s financial services sector. The launch accelerates Ghana’s migration to electronic payments.

On 30 May 2022, Juniper Research published a new study which found the value of biometrically authenticated remote mobile payments will reach $1.2 trillion globally by 2027, rising from $332 billion in 2022.

These transactions will use biometrics, typically facial and fingerprint recognition, to authenticate remote mobile payments. This growth of 365% will be driven by recent regulatory changes, with the introduction of Strong Customer Authentication (SCA) pushing greater adoption.

The SCA requirement under PSD2 has pushed financial institutions to implement biometric authentication. To meet this requirement, financial institutions have capitalised on smartphone biometric authentication capabilities which has accelerated the technology’s adoption.

The research found that the volume of biometrically authenticated remote mobile payments will grow by 383% over the next five years, reaching 39.5 billion globally by 2027.

On 26 May 2022, Marqeta published their 2022 State of Consumer Money Movement Report, providing an in-depth look into consumer preferences in terms of how they bank, pay and shop two years into the pandemic.

The report surveyed 4,000 consumers in the U.S., UK and Australia.

The survey shows the increasing prevalence of mobile wallets, on-demand delivery and cryptocurrency purchase preferences:

On 16 May 2022, it was reported that TMT Analysis has published research revealing that the UK’s crypto market is missing out on 13 million new customers due to its perceived lack of security.

The research showed that a quarter of UK adults declared they would be willing to invest, or invest more, in crypto if they could be reassured about their security concerns around the market. There remains considerable scepticism amongst potential investors which is holding back market growth. Over half (54%) of UK adults distrust cryptocurrencies as they do not believe the security processes in place are robust enough to protect investors. Similarly, almost two-thirds (63%) of UK adults aged over 55 are concerned over the security measures of crypto exchanges, compared to under half (42%) of 18-34 year olds.

The report concludes that without enhancing security measures, crypto businesses are at risk of failing to fulfil their potential.

Hogan Lovells (Luxembourg) LLP is registered with the Luxembourg bar.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Hogan Lovells | Attorney Advertising

This website uses cookies to improve user experience, track anonymous site usage, store authorization tokens and permit sharing on social media networks. By continuing to browse this website you accept the use of cookies. Click here to read more about how we use cookies.

Copyright © JD Supra, LLC