On October 11, 2019, the leaders of the U.S. Commodity Futures Trading Commission (CFTC), the Financial Crimes Enforcement Network (FinCEN) and the U.S. Securities and Exchange Commission (SEC) (together, the Agencies) issued a joint statement highlighting the application of anti-money laundering and countering the financing of terrorism (AML/CFT) obligations under the Bank Secrecy Act (BSA) to persons engaged in activities involving digital assets (Joint Statement). On the same day, the SEC filed an emergency action to halt a digital asset distribution, citing BSA/AML concerns.1
Under the revised Payment Services Directive (2015/2366) (PSD2), the European Banking Authority (EBA) and the European Commission were required to develop and adopt regulatory technical standards on strong customer authentication and common and secure open standards of communication. These regulatory technical standards were passed into EU law as Commission Delegated Regulation (EU) 2018/389 (the RTS), which entered into effect on September 14, 2019.
The RTS has direct effect on payment service providers (PSPs), including card issuers and acquirers, in all EU member states. However, certain EU member states, including the UK, have implemented transitional measures for a phased implementation of the rules in the context of card-based payments for e-commerce transactions.
This post discusses the requirements under the RTS for card issuers and acquirers to authenticate payment service users (PSUs), which is referred to as “strong customer authentication” (SCA).
On August 29, 2019, the Monetary Authority of Singapore (MAS) announced that it will begin accepting applications for new digital bank licenses. Interested parties have until December 31 to submit their applications. This follows the MAS’ initial announcement in June to issue up to two digital full bank (DFB) licenses and three digital wholesale bank (DWB) licenses, effectively opening up digital bank licenses to nonbank players.
On July 8, 2019, the long-awaited statement (Statement) on custody of digital asset securities was released jointly by the staffs (Staffs) of the U.S. Securities and Exchange Commission (SEC) Division of Trading and Markets and the Financial Industry Regulatory Authority (FINRA).1 The Statement is based on industry discussions with the Staffs and highlights the following:
- Certain noncustodial broker-dealer models may have a path forward for FINRA approval.
- The Staffs have concerns relating to broker-dealer custody of digital asset securities that remain unanswered, but certain good control locations (i.e., banks, issuers and transfer agents) may provide a viable custody solution under the Customer Protection Rule.2
- Market participants should consider other broker-dealer requirements, including books and records and financial reporting rules.
Data aggregators and fintech providers are now offering services that let consumers manage their finances using information from multiple accounts at multiple financial institutions. This kind of consumer data access raises serious questions about the relationship between financial institutions and consumer-designated third parties. This webinar will cover the risks that come with consumer-permissioned information sharing, current gaps and solutions in the existing legal framework to address these risks and issues that can be addressed contractually between various stakeholders.
On April 3, the U.S. Securities and Exchange Commission (SEC)’s Strategic Hub for Innovation and Financial Technology (FinHub or Staff) released its much-anticipated guidance, the Framework for “Investment Contract” Analysis of Digital Assets (Framework), regarding its views on factors to consider in applying the Howey test to digital assets. In conjunction with the Framework, the SEC’s Division of Corporation Finance published its first no-action letter in connection with the sale of digital assets, providing relief to TurnKey Jet, Inc., for its proposed token sale.
On February 8, 2019, U.S. Securities and Exchange (SEC) Commissioner Hester Peirce delivered a speech addressing the relationship between technological innovation and regulation, in particular addressing some of the pending regulatory challenges surrounding blockchain and digital assets.1 The key takeaways from Commissioner Peirce’s speech, titled “Regulation: A View From Inside the Machine,” 2 are these:
On December 20, 2018, the Office of Compliance Inspections and Examinations (OCIE) of the U.S. Securities and Exchange Commission (the SEC) released its report (the 2019 Report) setting forth its list of examination priorities for 2019 (the Exam Priorities).1 OCIE announces its exam priorities annually to provide insights into the areas it believes present potentially heightened risk to investors or the integrity of the U.S. capital markets.2 The Exam Priorities can serve as a roadmap to assist advisers in assessing their policies, procedures and compliance programs; testing for and remediating any suspected deficiencies related to the Exam Priorities; and preparing for OCIE exams. (more…)
*This article was originally published by DataGuidance in October 2018.
On 6 September 2018, the Monetary Authority of Singapore (‘MAS’) issued a consultation paper on its draft notice on cyber hygiene (‘the Notice’) which will require financial institutions operating in Singapore to implement a set of fundamental controls to raise their overall level of cyber resilience. Han Ming Ho and Yuet Ming Tham, partners at Sidley, discuss and focus on the key features of the draft Notice.