On the 20th December 2019 the National Crime Agency (NCA) issued a voluntary tasking under the Crime and Courts Act 2013 to improve enforcement authorities’ responses to fraud. The tasking – only the fourth ever issued by the NCA, is focused on “improving the intelligence picture on fraud, pursuing offenders causing the highest harm and increasing the priority of fraud across the system”.
The tasking on fraud is known as a voluntary tasking, which provides for a chief officer of a police force or a UK law enforcement agency to perform a task if requested by the NCA director-general.
The FCA has published a webpage explaining how the implementation period will affect the FCA, firms and consumers when the UK leaves the EU on 31 January under the terms of the Withdrawal Agreement.
The FCA states that, during the implementation period, EU law will continue to apply until 31 December 2020.
For regulated firms, passporting rights would continue, although they would need to consider how the end of the implementation period would affect them and their customers, and what action they would need to take to prepare for 1 January 2021.
The FCA has published an updated data strategy, setting out a long-term transformation plan which aims to enable it to harness the power of data and advanced analytics to become a more efficient and effective, data-driven regulator.
The Bank of England has also published a Discussion Paper on transforming data collection in the UK financial sector. The paper marks the launch of a review of the hosting and use of regulatory data which was announced in response to recommendations in its June 2019 ‘The future of finance’ report. The deadline for responses to questions raised in the Discussion Paper is 7th April 2020.
The Senior Managers and Certification Regime (SM&CR) replaced the Approved Persons Regime (APR) for solo-regulated firms from 9 December 2019. The regime aims to reduce harm to consumers and strengthen market integrity. It sets a new standard of personal conduct for everyone working in financial services.
The Financial Stability Board (FSB) has published two reports considering the benefits, risks and potential financial stability implications of the provision of financial services by BigTech firms and the use of third-party cloud computing and data service providers.
The report highlights that a number of BigTech firms have grown their businesses rapidly over the last decade and refers to a range of concerns including: operational risks arising from shortcomings in governance, risk and process controls, as well as the scale and complexity of linkages between financial institutions and BigTech firms. These risks raise a number of issues for policymakers. Although many of the activities of BigTechs are regulated through general financial services legislation, there is a question of whether additional, tailor-made regulation is required. That said, the report concludes that there are at present no immediate financial stability risks stemming from the use of cloud services by financial institutions.
The European Payments Council (EPC) has published its 2019 annual report outlining the current most important security threats and fraud trends in the European payments industry. The report provides an overview of threats such as: social engineering and phishing, malware, advanced persistent threats (APT), mobile device related attacks, big data and more.
The European Commission’s Expert Group on Regulatory Obstacles to Financial Innovation (ROFIEG), set up by the European Commission in June 2018, has published a report setting out 30 recommendations on how to create an accommodative framework for the technology-enabled provision of financial services and identifies obstacles in existing EU legislation which – together with inconsistent application of EU law and the gap in supervisory knowledge in various areas – are seen as hampering FinTech innovation.
The European Commission has published a public consultation on the development of a digital operational resilience framework in the area of financial services. The European Commission states that the increasing digitalisation and use of financial technology in financial services leaves the sector highly dependent on information and communications technology (ICT) infrastructure and raises challenges in terms of operational resilience.
Rather than putting forward a proposal for consideration, the paper sets out 62 questions on topics such as: ICT risk management frameworks; ICT and security incident reporting requirements; resilience testing framework; oversight of third party providers; information sharing; and risk transfer.
The Commission intends to use the responses received in respect of its consultation to inform its ongoing work on on the development of a potential EU cross-sectoral digital operational resilience framework in the area of financial services.
The EU legislative bodies have announced that a political agreement has been reached on the proposed Regulation on European Crowdfunding Service Providers for Business. The proposed ECSP Regulation aims to increase access to finance through crowdfunding for innovative companies, start-ups and SMEs.
The European Commission has published a public consultation seeking views on the EU regulatory framework for cryptoassets. The consultation seeks views on:
The consultation period closes on 19 March 2020. The Commission intends to use the responses received in respect of its consultation to inform its ongoing work on cryptoassets.
The FCA has published a call for input in order to explore the opportunities and risks arising from the utilisation of open finance in financial services.
Open finance refers to the extension of open banking-like data sharing to a wider range of financial products, providing customers and businesses with new ways in which to utilise their finances.
The call for input closes on 17 March 2019, after which the FCA intends to publish a Feedback Statement in summer 2020.