JUNE 2021
AMEIS REGFACTS FINTECH - Related Regulatory & Compliance News
In This Issue : OSC Adopts Ban on Deferred Sale Charge for Mutual Fund Sales..1 EU Proposal for Secured, Trusted & Seamless Digital Identity Framework...........................................................................................1 Bank of England Releases Responses to CBDC Paper & Consults on Stablecoins.....................................................................................4 Basel Committee Consults on Prudential treatment of Cryptoasset Exposures............................................................................................6 Coalition of European Banks Recommends Solutions for the Compliant Use of Cloud Technology.................................................7
www.ameiscorp.com
OSC Adopts Ban on Deferred Sale Charge for Mutual Fund Sales On June 3, the Ontario Securities Commission (OSC) adopts amendments to National Instrument 81-105 Mutual Fund Sales Practices. The Amendments aims at prohibiting ‘the payment by fund organizations of upfront sales commissions to dealers, which will result in the discontinuation of all forms of the deferred sales charge option (‘DSC option'). The proposed changes were first announced by the Canadian Securities Administrators. The OSC complete ban of DSC option comes in response to industry participants’ vigorous support to the proposal. The Amendments address the conflict of interest that arises from the payment of Key takeaways the upfront sales commission by fund organizations to dealers for mutual fund sales associated with the DSC option that can be detrimental to investor interests. The Amendments are subject to the Minister of Finance approval before implementation and are scheduled to come into force on June 1, 2022.
EU Proposal for Secured, Trusted & Seamless Digital Identity Framework On June 3, the European Commission proposed a framework for a European Digital Identity which will be available to all EU citizens, residents, and businesses in the EU. Citizens will be able to prove their identity and share electronic documents from their European Digital Identity wallets with the option to use the latter on a voluntary basis. Electronic identification is defined by the draft regulation as a material and/or immaterial unit, including European Digital Identity Wallets or ID cards following Regulation 2019/1157 (i.e. European identity card), containing person identification data and which is used for authentication for an online or offline service. 1
Some of the key provisions read as follows: User should be enabled to securely obtain, store, select, combine and share identification data and electronic attestation of attributes to authenticate online and offline in order to use online public and private services. Digital Identity Wallets should provide a common interface to service providers and relying parties and for the user to allow interaction with the European Digital Identity Wallet and display an “EU Digital Identity Wallet Trust Mark’. Member States should provide validation mechanisms for the European Digital Identity Wallets to, among others, ensure that its authenticity and validity can be verified. Member states should implement a common mechanism for the authentication of relying parties. The European Digital Identity Wallets shall be free of charge to natural persons.#The user shall be in full control of the European Digital Identity Wallet. Digital Identity Wallets may be subject to the EU cybersecurity certification framework but will be subject to compulsory compliance assessment. Member state will have to publish a list of certified European Digital Identity Wallets. Security breach of the European Digital Identity Wallets will result in immediate suspension of the issuance, revocation of the validity of the European Digital Identity Wallet and communication of this change to the other Member States and the Commission accordingly. In parallel to the legislative process, the Commission stated that it will work with Member States and the private sector on technical aspects of the European Digital Identity. The Commission also planned to work with other member states to launch a common toolbox by September 2022 that would include the technical architecture, standards as well as guidelines for best practices.
3
Bank of England Releases Responses to CBDC Paper & Consults on Stablecoins On June 7, the Bank of England (BOE) published a summary of responses to its 2020 paper on Central Bank Digital Currency (CBDC) and a discussion paper on new forms of digital money. The 2020 Discussion paper on CBDC invited input on thirty five questions focused on four themes -- impact on payments, impact on monetary and financial stability, functionality and provision, and technology considerations. The summary responses highlighted different considerations including: Payment impacts
Key takeaways
CBDC's potential to provide additional resilience to the payment landscape by promoting payment diversity and competition: The extent of the benefits would depend on the design of the CBDC and the comparative openness and ease of entry of new participants. CBDC's potential to enable innovation, to support a digital economy and to promote financial inclusion. However, existing and emerging payment initiatives may already address the proposed benefits of a CBDC, challenging the additional value and net benefits of a CBDC initiative. Balancing diverse and competing principles would be difficult in practice, requiring optimisation of trade-offs. Among those discussed are speed, efficiency, stability, competitiveness, innovation, extensibility, consumer and data protection, privacy, user trust, transparency, and financial inclusion. Monetary and financial stability impacts Risks to banks' funding through disintermediation of banking system Remuneration of a CBDC CBDC's potential to influence monetary stability and policy transmission Macroeconomic benefits of CBDC's role in a more efficient payment system Overall, the opportunities and risks of a CBDC would depend on the level and nature of demand for this type of currency 4
Functionality and provision Public-private approach to delivering CBDC Multiple range of business models possible Requirements for financial and digital inclusion Safeguarding privacy while dealing with financing crime Technology approaches Centralised vs decentralised approach Token vs account based Offline payments Programmable payments Flexibility, extensibility and interoperability of the CBDC design to provide a reliable and resilient service that would factor in future technological developments including new payment services, the emergence of the 'Internet of Things', artificial intelligence and machine learning, and advances in quantum computing. The BOE will continue to assess and explore a CBDC, working with UK authorities, stakeholders across industry, academia and civil society, and technical specialists.
In the recently published discussion paper on new forms of digital money, the BOE raised different questions on five themes -- role of money in the economy, public policy objectives, illustrative scenario, implications for macroeconomic stability and the regulatory environment. The Discussion Paper focuses on new forms of digital money, including stablecoins, that have significant potential to be systemic, the term 'systemic' is yet to be defined as outlined in the paper. The paper also focuses on the implications that the adoption of private stablecoins could have on monetary policy.
They are accepting feedback from all stakeholders by 7 September 2021.
5
Basel Committee Consults on Prudential treatment of Cryptoasset Exposures On June 10, 2021, the Basel Committee on Banking Supervision (BCBS) issued a public consultation on a proposal that would apply regulatory capital requirements for banks’ exposures to cryptoassets which rapid growth are considered by the BCBS to have the potential to raise financial stability concerns. The prudential treatment of cryptoassets have been drafted with respect to the following principles: Same risk, same activity, same treatment: Cryptoasset that poses the same risks compared with a “traditional asset” should be subject to the same capital, liquidity and other requirements, by applying first and foremost the concept of “technology neutrality”. Key takeaways Simplicity: A simple and cautious treatment that may be revisited in the future depending on the evolution of cryptoassets. Minimum standards: Any Committee-specified prudential treatment of cryptoassets would constitute a minimum standard for internationally active banks. Jurisdictions would have the option to apply additional and/or more stringent measures. The consultation paper outlines: The general approach for determining minimum risk-based capital requirements, where cryptoassets are screened and classified into two categories - i.e. Group 1 cryptoassets and Group 2 cryptoassets. The capital requirements for Group 1 cryptoassets. The minimum risk-based capital requirements for Group 2 cryptoassets. Group 2 cryptoassets being those assets that do not meet any of the classification conditions. Other regulatory requirements (ie leverage ratio, large exposures, liquidity ratios) for all cryptoassets. The responsibilities of banks and supervisors for the supervisory review. The disclosure requirements for all cryptoassets. The consultation is due to close on 10 September 2021, and further consultations are expected to follow. 6
Coalition of European Banks Recommends Solutions for the Compliant Use of Cloud Technology On May 17, the European Cloud User Coalition (ECUC) published a Position Paper recommending solutions for the compliant use of cloud technology to address several challenges. The main challenges identified by coalition are as follows: Overall public cloud adoption by financial institutions (FIs) is challenging due to the specifics of cloud computing being regarded as outsourcing. Legislation such as Digital Operation Resilience Act (DORA) and rulings such as Schrems-II currently make it difficult for FIs to adopt public cloud services. FIs engaging Cloud Service Providers (CSPs) individually leads to additional administrative effort and time, as well as misdirection of priorities.
Key takeaways
Some of key recommendations focused on the following areas: Privacy
ECUC is recommending that CSPs demonstrate that they carry on their activities in accordance with EU data privacy law and strictly comply with GDPR. Pursuant to the invalidation of the EU-US Privacy Shield by the European Court of Justice (Schrems-II), enabling financial institutions and cloud consumers to apply data restrictions to a certain country or geographic region, CSPs should provide the necessary to support the storing and processing of consumer’s data in a certain country or geographic region. Security This section includes recommendations relating to Data at Rest which refers to the storing of data for various purposes. To ensure transparent and strong security in the cloud, the coalition is recommending that CSPs provide solutions to ensure adequate security is in place through, among others the implementation of a data encryption methodology that cannot be forced to divulge the keys to decrypt customer data without approval, 7
consent or knowledge of the data owners. Data encryption methodologies should be subject to adequate policies and procedures. CSPs should have their services certified by independent third-party auditors to provide assurance to users. Users should be provided with proof of certification on request and be offered the opportunity to conduct their own audit. Governance and regulation This section includes recommendations on how to best approach the risks associated with outsourced services including requirements relating to: Control measures and solutions for outsourced services Readily available information for users Sound governance of third-party risk management Exit strategy CSP audits and oversight with a main proposal for simplifications in audit procedures focusing on a collaborative audits approach as supported by the EBA Guidelines on Outsourcing Arrangements Standard contractual clause ECUC recommends that the Standard Contractual Clauses be binding for CSPs with a focus on the following key areas: Audit rights for customers Sub-outsourcing Embedded URLs within contracts Embedded URLs in contracts and service Level Agreements CSP as controllers or processors Insurance DORA DORA forms part of the EU Digital Finance Package and was published with the goal to make Europe's financial services more digital-friendly and stimulate responsible innovation and competition among financial service providers in the EU 8
through the simplification of compliance with existing regulation on information and communication technology (ICT) risk management and security (see our full article here). ECUC encourages compliance with DORA and recommends, inter alia, the below: Alignment of EBA and ESMA Guidelines with DORA Alignment of DORA with Industry Standards Clarification of the framework related to critical ICT third-party service providers Exclusion of intra-group relationships from the scope of DORA Additional clarification for the effective assessment of sub-contracting chains The ECUC was founded in 2021 and is composed of at least 19 EU financial institutions whose objective is to develop a joint position for the use by its members of public cloud technology provided by EU and non-EU cloud service providers (CSPs). The consultation is open to feedback from CSPs, regulatory bodies and other regulated institutions. A subsequent version of the Position paper will be published in due course.
Stay up-to-date with REGFACTS, INDUSTRY NEWS & TRENDS by Ameis Regulatory Services.
9
Ameis Regulatory Services focuses on providing regulatory and compliance support for fintech companies
About us
Complex landscape & widening gaps
We help you understand the rules that govern your activites, services and products, enabling you to meet your ongoing regulatory obligations and navigate the ever-evolving, complex regulatory landscape.
Increasing regulatory requirements and the pace of change are making it harder for you to keep up with the pressures of compliance and managing cost-effective operations
Our team is composed of professionals with extensive experience serving the investment management, capital markets and asset servicing industries.
Investor demand for enhanced transparency and disclosure, data privacy, investor and consumer protection requirements, and AML/KYC concerns are some of the many challenges affecting the industry.
Current challenges
We provide practical and tailored solutions Review and analysis of regulatory texts Reporting Response preparation Compliance program development
Contact us Déborah Koualé, Founder deborah.kouale@ameiscorp.com
Change management Regulatory intelligence and training Ongoing compliance support Registrations
Carolyn Le Quéré carolyn.lequere@ameiscorp.com
www.ameiscorp.com
