ASIC sees little improvement in reportable situations
The Australian Securities & Investments Commission has published its second report on information lodged under the reportable situations regime. The regime, also known as breach reporting, requires financial services licensees and Australian credit licensees to self-report to ASIC a range of conduct that the law describes as ‘reportable situations’. The types of reportable situations that must be reported include:
- significant breaches or likely significant breaches of ‘core obligations’;
- investigations into whether there is a significant breach or likely breach of a ‘core obligation’ if the investigation continues for more than 30 days;
- the outcome of such an investigation if it discloses there is no significant breach or likely breach of a core obligation;
- conduct that constitutes gross negligence or serious fraud; and
- conduct of financial advisers and mortgage brokers who are representatives of other licensees in certain prescribed circumstances.
Perhaps unsurprisingly, given that it is a self-reporting regime, the latest insights from the regime show that “the proportion of the licensee population reporting remains very low, indicating that some licensees may not be complying with the regime”. ASIC reports that only 11% of firms under the regime have filed a report since October 2021, which “indicates that some licensees may not have in place the systems and processes required to detect and report breaches”.
Other findings are:
- licensees are still taking too long to identify and investigate some breaches
- a significant number of remediation activities are still taking too long to complete, and
- there remain opportunities to improve identification and reporting root causes of breaches.
In a comment, ASIC chair Joe Longo made it clear that simply relying on firms to report was no longer adequate and that “ASIC will now move to taking stronger regulatory action to drive improved compliance with the regime, including enforcement action where appropriate”.
US-UK financial innovation partnership report
The UK’s Treasury department has published a brief report on the fourth official meeting of the US-UK Financial Innovation Partnership (FIP) held in September.
The FIP was established in 2019 during the US-UK Financial Regulatory Working Group (FRWG) as a mechanism to enhance US-UK engagement on matters related to financial innovation.
The purpose of the meeting was to facilitate discussions on shared interests and strengthen ties between financial authorities in the United States and the United Kingdom concerning financial innovation.
US participants included representatives from the Board of Governors of the Federal Reserve System, Commodity Futures Trading Commission, Federal Deposit Insurance Corporation, Securities and Exchange Commission, and Office of the Comptroller of the Currency. UK participants comprised staff from the Bank of England and the Financial Conduct Authority.
The participants’ involvement varied across specific themes, allowing them to provide insights and perspectives within their respective areas of responsibility.
The meeting centered around four key areas of financial innovation:
- Cryptoassets: The meeting commenced with a discussion of updates related to legislation, regulation, and enforcement of cryptoassets. Participants shared their priorities for international cooperation on cryptoasset matters within forums such as the G20 and Financial Stability Board.
- Payment system modernization: Participants discussed their priorities aligned with the G20 Roadmap for Enhancing Cross-Border Payments. Additionally, updates were shared regarding domestic efforts to modernize payment systems, including exploration of central bank digital currencies.
- Distributed Ledger Technology (DLT): The meeting facilitated a dialog on the adoption of DLT in financial services, examining its potential risks and benefits. The UK presented details about its new digital securities sandbox, and discussions ensued on opportunities for collaboration and information sharing regarding digital assets.
- Artificial Intelligence (AI): Participants explored opportunities and potential emerging vulnerabilities associated with the use of artificial intelligence in financial services, acknowledging the evolving landscape in this domain.
Recognition and commitment:
The meeting underscored the continued significance of the partnership on financial innovation as an integral component of US-UK financial services cooperation. Participants expressed a desire to maintain engagement on these topics leading up to the next US-UK Financial Regulatory Working Group (FRWG) meeting in 2024.
PSR publishes 2022 APP fraud data
The UK’s Payment Systems regulator (PSR) has published data from 2022 which covers how 14 banking groups and nine smaller firms are dealing with authorized push payment (APP) fraud.
APP fraud (when a victim is tricked into sending a payment to an account outside of their control) accounted for 40% of fraud losses suffered in 2022.
The report concludes that:
- There are currently inconsistent outcomes for customers who report APP fraud to their payment service provider (PSP).
- Fraud data from fraudsters’ receiving accounts shows a high degree of variation and highlights weak controls that fraudsters have exploited.
- Firms have started to address gaps in controls, but more needs to be done.
Of the 14 major banking groups in the data, TSB lost the highest amount per million pound of transactions sent, at £348.00 per million pound of transactions, whilst Monzo had the highest amount of APP fraud payment sent per million pound of transaction at £141.00. Metro Bank had the highest amount APP fraud payment received into consumer accounts at £696.00 per million.
For the smaller banks not required to submit data, the figures were much worse: Clear Junction had the highest amount per million pound of transactions, at £10,355 per million pound of transactions received into customers’ accounts.
The report notes the PSR’s future initiatives to try to reduce APP fraud. These include:
- Monitoring and collaboration: The PSR will monitor firms’ performance using collected data and work with the FCA to address poor performance through action plans, with a focus on reducing APP fraud.
- Reimbursement requirement: Starting in 2024, a new reimbursement requirement will be introduced, incentivizing payment firms to invest in fraud prevention by bearing the cost of reimbursement, ultimately enhancing customer protection.
- Information sharing: The industry is expected to improve intelligence-sharing among PSPs to enhance real-time scam prevention, with a target implementation date of Q1 2024.
- Confirmation of Payee (CoP): CoP, a name checking service, has been implemented by banking groups and additional firms. By October 2024, almost all consumer payments will be covered by CoP to combat certain types of APP scams.
- Protection of payment systems: The PSR aims to ensure that the independent payment system operator, Pay.UK, safeguards customers and prevents fraud from entering the Faster Payments system. Pay.UK will have a stronger role in developing payment system user protections.
- Data collection on APP scams: Efforts will be made to collect data to identify the sources of APP fraud, raising awareness about platforms at risk of being targeted by fraudsters, such as social media and telecoms firms.
FINRA confirms it is ending INSITE data collection
The Financial Industry Regulatory Authority (FINRA) has confirmed that it is discontinuing collection of data under Rule 4540. Rule 4540 requires clearing and self-clearing firms to send FINRA electronic data about themselves and the broker-dealers they clear for. FINRA uses this data in the INSITE program to find new risk patterns at member firms.
FINRA no longer needs to collect data under Rule 4540 because it has other ways of getting the information it needs. This should save clearing and self-clearing firms money on reporting costs.
FINRA will continue to work with its members to identify the data it needs and to modify reporting requirements as necessary. If FINRA needs to start collecting data under Rule 4540 again, it will provide advance notice but meanwhile, the current practice of collecting data under Rule 4540 will end on 30 November 2023.
SFC supports development of voluntary code of conduct for ESG ratings and data product providers
The Securities and Futures Commission (SFC) of Hong Kong has announced that it has decided to support and sponsor the industry to develop a Voluntary Code of Conduct (VCoC) for environmental, social and governance (ESG) ratings and data products providers. The VCoC will be developed by an industry-led working group, the Hong Kong ESG Ratings and Data Products Providers VCoC Working Group (VCWG).
The SFC also confirmed that the International Capital Market Association (ICMA) will act as the Secretariat of the VCWG. The Secretariat will convene and lead the VCWG, which will comprise representatives from local, Mainland and other international ESG ratings and data products providers and key users from the local financial industry.
The proposed VCoC will set out baseline best practices governing the conduct of ESG service providers based on the IOSCO recommendations, which cover the four key elements of transparency, governance, systems and controls and management of conflicts of interest
The initiative is the culmination of the SFC’s fact-finding exercise and industry research conducted since mid-2022 to understand matters related to the ESG ratings and data products providers, which are not regulated by the SFC. The research found that surveyed asset managers highlighted common concerns about data quality, transparency, and conflicts of interest management of the providers, and that the IOSCO recommendations should be encouraged for adoption by ESG ratings and data product providers.
The proposed VCoC, which will be voluntary for ESG ratings and data products providers, is expected to provide a streamlined and consistent basis for asset managers to conduct due diligence or on-going assessment on ESG service providers.
Project Guardian set up to aid digital asset innovation
The Monetary Authority of Singapore (MAS) has announced that it is partnering with the Financial Services Agency of Japan (FSA), the Swiss Financial Market Supervisory Authority (FINMA) and the United Kingdom’s Financial Conduct Authority (FCA), to advance digital asset pilots in fixed income, foreign exchange and asset management products.
Project Guardian will involve cross-border collaboration between the regulators and 15 financial institutions, including Citi, HSBC, JP Morgan and Standard Chartered, to carry out industry pilots on asset tokenisation in fixed income, foreign exchange, and asset management products.
Specifically, the regulatory group aims to facilitate discussions on the legal, policy, and accounting treatment of digital assets. Additionally, efforts are being made to identify potential risks and address any gaps in existing policies and legislation pertaining to tokenised solutions. To promote uniformity and best practices, there is an exploration of common standards for designing digital asset networks and market practices across different jurisdictions. Interoperability, crucial for cross-border digital asset development, is being encouraged with an emphasis on high standards. Industry pilots for digital assets are being facilitated through regulatory sandboxes where applicable Finally, knowledge sharing between regulatory bodies and the industry is promoted, enhancing cooperation and understanding.
A selected summary of key developments for regulated financial institutions
Access all of our daily regulatory content by using the login button below.
To find out more about how CUBE can help your business click here.