MAY 2021
AMEIS REGFACTS FINTECH - Related Regulatory & Compliance News
In This Issue : CSA Established Regulatory Regime for Financial Benchmarks ..1 Federal Budget Included Draft Retail Payments Activities Act .....4 EC Proposal for an Artificial Intelligence Act .................................7 ECB Advisory Group Published Report on the Use of DLT in Posttrade Processes .............................................................................10 ECB Blog Post : Dispelling Misconceptions of the Digital Euro ..13 UK Fintech Week Recap ................................................................14 CA : What's on this month .............................................................15
www.ameiscorp.com
CSA Established Benchmarks
Regulatory
Regime
for
Financial
On April 29, 2021, the Canadian Securities Administrators (CSA) released the finalized version of Multinational Instrument 25-102 ‘Designated Benchmarks and Benchmarks Administrators and companion policy' (MI 25-102). Prior to MI 25-102, benchmarks, and persons or companies that administer them, contribute data that is used to determine them, and use them, were not subject to formal securities regulatory requirements or oversight in Canada. The regime goal is to prevent misconduct involving benchmarks that can have significant negative impacts on capital markets locally and internationally as was the case with the LIBOR.
Key takeaways
MI 25-102 aims at implementing a comprehensive regime for:
The designation and regulation of benchmarks (designated benchmarks), The designation and regulation of persons or companies that administer such benchmarks (designated benchmark administrators, DBA), The regulation of persons or companies, if any, that contribute certain data that will be used to determine such designated benchmarks (benchmark contributors or contributors), and The regulation of certain users of designated benchmarks who are already regulated in some capacity under Canadian securities legislation (benchmark users or users). Under MI 25-102, the Canadian Dollar Offered Rate (CDOR - used in various financial instruments) is designated as a designated critical benchmark and a designated interest rate benchmark with the Refinitiv Benchmarks Services Limited (RBSL) as its unique administrator. The CSA does not currently intend to designate the Canadian Overnight Repo Rate Average (CORRA) as a designated benchmark, as the Bank of Canada is its current benchmark administrator.
1
Some of the key provisions are described below: Definitions “Designated critical benchmark” is defined as a benchmark that is designated as a “critical benchmark” by an order or a decision of the regulator or securities regulatory authority. “Designated interest rate benchmark” is defined as a benchmark that is designated as an “interest rate benchmark” by an order or a decision of the regulator or securities regulatory authority. “Designated Benchmark contributor” is a person or company that engages or participates in the provision of information for use by a benchmark administrator for the purpose of determining a benchmark. “Designated Benchmark User” means a person or company that, in relation to a contract, derivative, investment fund, instrument or security uses a benchmark. Requirements for Benchmark Administrators As its EU equivalent, most of the requirements under MI 25-102 fall on benchmark administrators that must comply with various obligations including: Delivering audited annual financial statements, code of conduct and certain forms to Canadian securities regulators. Establishing and maintaining a sound culture of governance (e.g. Oversight committee…). Establishing and maintaining policies and procedures relating to input data, the contribution of input data as well as the benchmark methodology used. Publishing information about the administration of its designated benchmarks (e.g. methodology, benchmark statement…). Keeping specified books, records and documents for a period of 7 years. Disclosure - Registrants, registered entities and recognized entities MI 25-102 requires a person or a company (i.e. Registrant, reporting issuer, recognized exchange, recognized quotation and trade reporting system, recognized clearing agency) that uses a designated benchmark to establish and maintain a written plan setting out the actions that the person or company would take in the event that the designated benchmark significantly changes or ceases to be provided. 2
Benchmark contributors Code of conduct for benchmark contributors When using input data from benchmark contributors, the benchmark administrator of the designated benchmark must establish, document, maintain and apply a code of conduct that specifies the responsibilities of benchmark contributors with respect to the contribution of input data for the designated benchmark. Governance and control requirements for benchmark contributors A benchmark contributor to a designated benchmark is required to Establish, document, maintain and apply policies and procedures relating among other things to: conflict of interest, the accuracy and completeness of each contribution of input data to the designated benchmark administrators. Establish, document, maintain and apply policies and procedures reasonably designed to guide any use of expert judgment. Keep, for a period of 7 years from the date the record was made or received by the designated benchmark administrator (e.g. communication related to input data, description of the potential for financial loss or gain of the benchmark contributor…). Designated Critical Benchmarks MI 25-102 includes the requirement for a benchmark contributor to a designated critical benchmark to promptly notify in writing the designated benchmark administrator if it decides to cease contributing input data. Designated Interest Rate Benchmarks Where required by the oversight committee of the benchmark administrator, the benchmark contributor must engage a public accountant to provide a limited assurance report on compliance or a reasonable assurance report on compliance regarding the conduct of the benchmark contributor and its compliance with, inter alia, The benchmark administrator relevant policies and procedures. The benchmark contributor relevant policies and procedures.
3
The methodology of the designated interest rate benchmark. It must, within 10 days of the receipt of a report, deliver a copy to the oversight committee, the board of director of the benchmark administrator and the regulator or securities regulatory authority. MI 25-102 requires each contributing individual of the benchmark contributor and the direct managers of that contributing individual to provide a written statement to the benchmark contributor and the designated benchmark administrator that they will comply with the code of conduct. The benchmark contributor must establish, document, maintain and apply policies, procedures and controls related among other things to: internal organisation, list and locations of contributing individuals, conflict of interest management, and control of exchanges of information. The Companion Policy (CP) provides guidance on the provision of MI 25-102. MI 25-102 is substantially equivalent to the EU BMR. The instrument will come into force and the CP will come into effect on July 13, 2021. To note that on the same day was also published a separate notice of proposed amendments to MI 25-102 and the CP regarding commodity benchmarks for which comment period will end on July 28, 2021.
Federal Budget Included Draft Retail Payments Activities Act On April 30, 2021 the federal government released Bill C-30 containing, among others, a draft of the much-awaited Retail Payments Activities Act (RPAA). The RPAA seeks to implement the previously announced federal retail payments oversight framework. Scope applicability The RPAA will apply to any “retail payment activity” Performed by a payment service providers (PSPs) in Canada Performed for an end user in Canada by a PSPs outside Canada that directs retail payment activities at individuals or entities that are in Canada 4
Exemptions The RPAA will not apply to certain retail payment activities, including: Merchant – issued payment function (or by an issuer that is not a payment service provider) that allows the purchase goods or services only from the issuing merchant or any merchant in the group; A payment function that is performed in relation to an electronic funds transfer that is made for the purpose of giving effect to an eligible financial contract as defined in the Canada Deposit Insurance Corporation Act; A payment function that is performed in relation to an electronic funds transfer that is made for the purpose of a cash withdrawal at an automatic teller machine; A prescribed retail payment activity. A payment function performed by systems designated under the Payment Clearing and Settlement Act; Key A payment function performed entirely between the PSP andtakeaways an affiliated entity; Payment functions performed by, inter alia, a bank, an authorized foreign bank, a credit union, a cooperative credit society, an insurance company, a trust company, a loan company, Payments Canada, the Bank of Canada (the 'Bank') or prescribed individuals or entities; Operational Risk Management and Incident Response Payment service provider performing retail payment activities must, in accordance with the regulations, establish, implement and maintain a risk management and incident response framework that meets prescribed requirements. “Operational risk” being defined as a risk that may result in the reduction, deterioration or breakdown of retail payment activities that are performed by a PSP as a result of: A deficiency in the PSP’s information system or internal process; A human error; A management failure; or A disruption caused by an external event. Where a PSP that performs retail payment activities becomes aware of an incident that has a material impact on a user, PSP that performs retail payment activities and a clearing house any of a clearing and settlement system, it must, without delay, notify that individual or entity and the Bank of the incident. 5
Safeguarding of funds Where the PSP performs a retail payment activity that involves the holding of enduser funds until they are withdrawn by the end user or transferred to another individual or entity, the PSP must hold the end user funds in a segregated trust account, or an account that is only used for that purpose and that is insured or guaranteed. Provision of Information On an annual basis and at the prescribed time and in the prescribed form and manner, PSPs performing retail payment activities must submit an annual report to the Bank that includes prescribed information regarding its risk management and incident response framework; the segregated trust account or account that us insured or guaranteed. Prior notice should be given to the Bank where PSPs want to make a significant change in the manner in which they perform a retail payment activity or add a new retail payment activity. Registration A PSP will be required to be registered with the Bank before it performs any retail payment activities. The Act provides the list of documents and information that must be provided during the registration process, including: A description of the retail payment activities the applicant performs or plans to perform Any prescribed information in relation to end-user funds that the applicant holds or plans to hold A description of the applicant’s risk management and incident response framework or the framework that the applicant plans to establish and implement Information on the applicant’s third-party service providers A declaration as to whether the PSP is registered with FINTRAC. The Act will come into force on a date yet to be fixed by order of the Governor in Council.
6
EC Proposal for an Artificial Intelligence Act On April 21, 2021, the European Commission (the ‘Commission’) published its first proposal on a legislative framework on Artificial Intelligence (AI) that aims at promoting the development of AI and address the potential high risks it poses to safety and fundamental rights equally. The proposal follows the numerous calls for legislative action from the European Parliament and the European Council ‘to ensure a well-functioning internal market for artificial intelligence systems (‘AI systems’) where both benefits and risks of AI are adequately addressed at Union level’. In the recital, the Commission outlined the benefits of the use of artificial intelligence technologies, in high-impact sectors, including climate change, environment and health, the public sector, finance but Key also takeaways stressed that these same technologies can bring about new risks or negative consequences for individuals and the society. With this proposal the Commission objectives are to: Ensure that AI systems placed on the European Union market and used are safe and respect existing law on fundamental rights and values; Ensure legal certainty to facilitate investment and innovation in AI; Enhance governance and effective enforcement of existing law on fundamental rights and safety requirements applicable to AI systems; Facilitate the development of a single market for lawful, safe and trustworthy AI applications and prevent market fragmentation. To achieve those objectives, the Commission indicated that the proposal includes the principle-based requirements that AI systems should comply with that does not hinder trade and innovation. It also includes a proposed single future-proof definition of AI. Some of the key provisions laid down in the proposal are as follows:
7
Scope applicability The regulation will apply, inter alia, to: Providers placing on the market or putting into service AI systems in the European Union, irrespective of whether those providers are established within the Union or in a third country; Users of AI systems located within the Union; Providers and users of AI systems that are located in a third country, where the output produced by the system is used in the Union. With ‘provider’ being defined as ‘a natural or legal person, public authority, agency or other body that develops an AI system or that has an AI system developed with a view to placing it on the market or putting it into service under its own name or trademark, whether for payment or free of charge’. ‘Users’ being defined as ‘any natural or legal person, public authority, agency or other body using an AI system under its authority, except where the AI system is used in the course of a personal non-professional activity.’ And ‘artificial intelligence system’ (AI system) being defined as a ‘software that is developed with one or more of the techniques and approaches listed in Annex I and can, for a given set of human-defined objectives, generate outputs such as content, predictions, recommendations, or decisions influencing the environments they interact with’. Prohibited AI practices Which encompasses the placing on the market, putting into service or use of an: AI system that deploys subliminal techniques beyond a person’s consciousness in order to materially distort a person’s behaviour in a manner that causes or is likely to cause that person or another person physical or psychological harm. AI system that exploits any of the vulnerabilities of a specific group of persons due to their age, physical or mental disability, in order to materially distort the behaviour of a person pertaining to that group in a manner that causes or is likely to cause that person or another person physical or psychological harm. 8
AI systems by public authorities or on their behalf for the evaluation or classification of the trustworthiness of natural persons over a certain period of time based on their social behaviour or known or predicted personal or personality characteristics. Classification of AI systems as high risk An AI system is to be considered high-risk where both of the following conditions are met: The AI system is intended to be used as a safety component of a product, or is itself a product, covered by the Union harmonisation legislation listed in Annex II of the proposal; The product whose safety component is the AI system, or the AI system itself as a product, is required to undergo a third-party conformity assessment with a view to the placing on the market or putting into service of that product pursuant to the Union harmonisation legislation listed in Annex II. Annex III of the proposal includes a list of AI systems that should also be considered high-risk such as those focused on biometric identification and categorisation of natural persons, on management and operation of critical infrastructure or education and vocational training. Requirements for high-risks AI systems AI systems should comply with the proposal requirements relating to risk management system, data & data governance, technical documentation, transparency and provision of information to users, accuracy, robustness and cybersecurity, record keeping and so forth. Obligations of providers and users of high-risk AI systems and other parties In addition to the compliance requirements applicable, the proposal comprises, among others, requirements for providers of high-risks AI systems to have in place quality management system, to keep the logs automatically generated by their highrisk AI systems where applicable.
9
Extensive obligations will also be applicable to manufacturers, importers, distributors and users of AI systems. The proposal still needs to through the legislative process before being adopted. If it becomes law, it will have major impacts on all targeted market players in the AI field.
ECB Advisory Group Published Report on the Use of DLT in Post-trade Processes On April 30, 2021, The European Central Bank (ECB) released a report by the Advisory Group on Market Infrastructures for Securities and Collateral (AMI-SeCo), that provides a thorough review of the current use of distributed ledger technology (DLT) by European market participants in securities post-trade processes in accordance with the regulation. The report is divided into 3 chapters which are briefly summarised below. The Regulatory, governance and interoperability considerations in a DLT environment This chapter includes: 1/Key considerations on digital assets and the related regulatory framework relating to use of DLT in the post-trade environment including: Regarding the taxonomy related to issuance and tokenisation of assets, the AMI-SeCo encourages a harmonised approach to the issuance of digital assets and to tokenisation. The report suggests to clarify the function of holding private keys in safekeeping that would allow stakeholders to have a common understanding of the implications of using private keys in the context of DLT-enabled custody services (i.e., clarification on whether they are a mean of safekeeping or proof of ownership, or whether they provide for the validation of a transaction).Clarification is also needed on whether custody of tokens representing securities is limited to the safekeeping of private keys, which would impact the current service model and related responsibilities.
10
2/Governance of DLT-based systems The report outlines the necessity to implement a new model of communication to support the transition from a traditional system to a DLT environment that may require additional functions to be identified (functions that may be subject to regulatory licences or authorisation). The report recommends that issuers of digital assets adopt new technological structures and develop advanced competencies to fulfil their roles and functions as both issuers of digital assets and nodes of the DLT network with the possibility to outsource this function to a third-party provider. The report also outlines that existing tools for custody may require the deployment of new technical solutions to address the risk of misappropriation of digital assets. 3/Interoperability of DLT-based systems The report puts an emphasis on the current lack of interoperability across DLTKey takeaways based solutions developed in the post-trade environment and stresses the importance of interoperability between DLT systems to prevent market fragmentation. Interoperability should be achieved between: (i) DLT networks and existing infrastructures, and (ii) between different DLT-based systems. Identification of practices and key implications relating to the issuance or recording and post-trade handling of securities in a DLT environment This chapter presents 2 models, namely: 1/Model 1 – Securities issued as native digital assets In this model ‘securities do not have any other representation outside the DLT network (and the ledger where the native digital assets are recorded constitutes by itself the relevant – and only – bookkeeping system’. This model is used mainly for the purpose of bespoke over-the-counter (OTC) transactions or private placements. 2/ Model 2 – Securities issued in the conventional systems and enabled in the DLT environment In this case, securities are initially issued within the traditional system, while the recording and post-trade handling of the securities is subsequently enabled in a DLT environment.
11
Key features of using DLT for issuance, custody and settlement 1/Issuance, recording and redemption of securities in the DLT environment This section outlines the positive aspects of issuance via distributed ledger and clarifies how certain functions (e.g. accountability, legal validity) are performed in legacy systems and systems relying on DLT. 2/Custody and Safekeeping in a DLT environment Presents the various of custody and safekeeping arrangements that exists in the different models and compares the latter with those in conventional systems. It also outlines the different aspects related to account structure and asset servicing and their functioning in DLT and provide a description of the key implications relating to the custody and safekeeping of securities in DLT-based systems for market stakeholders and financial market infrastructures. 3/Settlement in a DLT environment This section provides a description of related business and operational processes applicable to the different models as well as the technical, business, regulatory and governance implications related to clearing and settlement in a DLT environment. The report provides a solid insight on the use of DLT in the current regulatory landscape. It outlines the related challenges caused by the lack of interoperability and provides recommendation on how market participants should ensure interoperability if the technology is to succeed.
12
ECB - Dispelling Misconceptions of a Digital Euro On March 25, 2021, Fabio Panetta and Ulrich Bindseil of the European Central Bank (ECB) published a blog with the goal of dispelling misconceptions of a digital euro. First and foremost, Panetta and Bindseil affirm that the ECB remains at the stage of "exploring the possibility and considering it conceptually" as a matter of being prepared for an eventual decision. In their blog, Panetta and Bindseil refute three persistent misunderstandings : ECB intends to abolish cash and impose lower interest rates on a digital euro False, a digital euro would be a "means of payment that would complement cash, not replace it". Cash is legal tender. Moreover, the possible choice of using a digital euro is "not about monetary policy" but rather convenience of payment. The ECB's intention is to examine an "alternative, modern and secure Key takeaways means of payment, backed by the commitment of an independent central bank", not one that is subject to the interests of a private company. A digital euro would displace banking intermediation - False, the digital euro will not challenge the role of banks as it relates customer deposits. Panetta and Bindseil continue to state that greater focus of the digital euro discussion should be on stability risks. Given today's geopolitical context, the driving concern is "foreign tech giants potentially offering artificial currencies in the future". A digital euro would not be based on a viable business model - False, building a digital euro will rely on extensive input from industry representatives, academics and the broader public to develop a viable model. Different actors in the market have a multitude of concerns that range from design to implementation and social impacts of a digital euro. What is clear, is that the ECB has an important task to evaluate the diversity of perspectives and potential outcomes.
13
UK - FinTech Week Recap The UK FinTech week kicked off on Monday April 19 and the packed agenda covered a broad range of topics from fundraising and investment, to digital transformation, innovation and crypto. In the regulatory space, a number of discussions had taken place including session of particular interest for AMEIS and focusing on: Balancing trust and innovation. Some highlights include the three pillars of consumer trust mentioned by Alex Roy of the FCA - good governance, good product design and treating customers well. Mark Adams from ASIC further added the importance of simplicity, understanding where risks lies, having plans for where things can go wrong and focusing on compliance by design. The discussions delved further into the various perspectives of different Key takeaways regulatory frameworks. The future of open banking. The panelists shared their excitement about the transformative opportunities that open banking can provide and shared perspectives on the evolving trends, including the importance of customer trust. Discussions on CBDCs and cryptocurrencies, in general, outlining product developments as well as views on regulatory certainty and meaningful compliance. Digital NFT assets and DeFi were also on the agenda. Discussions on operational and cyber resilience, a critical topic we continue to follow with an emphasis on the understanding of the underlying infrastructure. Copies of the discussions remain available online for viewing. We would be happy to discuss your thoughts.
14
Market news - what's on this month Later this month, Payments Canada opens its week long summit. The agenda covers a range of topics and trends including : Open banking AML and CTF compliance Fraud Cyber attacks Digital identity Digital currencies Machine learning and AI Keep watching AMEIS' news for updates on these topics in Canada and on the global stage. Key takeaways
Stay up-to-date with REGFACTS, INDUSTRY NEWS & TRENDS by Ameis Regulatory Services.
15
Ameis Regulatory Services focuses on providing regulatory and compliance support for fintech companies
About us
Complex landscape & widening gaps
We help you understand the rules that govern your activites, services and products, enabling you to meet your ongoing regulatory obligations and navigate the ever-evolving, complex regulatory landscape.
Increasing regulatory requirements and the pace of change are making it harder for you to keep up with the pressures of compliance and managing cost-effective operations
Our team is composed of professionals with extensive experience serving the investment management, capital markets and asset servicing industries.
Investor demand for enhanced transparency and disclosure, data privacy, investor and consumer protection requirements, and AML/KYC concerns are some of the many challenges affecting the industry.
Current challenges
We provide practical and tailored solutions Review and analysis of regulatory texts Reporting Response preparation Compliance program development
Contact us Déborah Koualé, Founder deborah.kouale@ameiscorp.com
Change management Regulatory intelligence and training Ongoing compliance support Registrations
Carolyn Le Quéré carolyn.lequere@ameiscorp.com
www.ameiscorp.com
