Greg Kilminster
Head of Product - Content
Shoppers to be protected by new Buy-Now, Pay-Later rules
Millions of shoppers using Buy-Now, Pay-Later (BNPL) services are set to receive greater protection under new rules proposed by the UK Government. The measures aim to ensure that BNPL companies adhere to similar regulations as other credit providers, safeguarding consumers from unaffordable borrowing while encouraging sector growth and innovation.
Some context
The popularity of BNPL products has surged in recent years, with consumers opting to spread the cost of their purchases over time. However, unlike traditional credit products, BNPL has so far operated without key consumer protections. In response to this regulatory gap, the Government has launched a consultation to bring BNPL firms under the supervision of the Financial Conduct Authority (FCA) and within the scope of the Consumer Credit Act.
Key takeaways
The proposed rules would require BNPL firms to carry out affordability checks before offering loans, ensuring that consumers do not take on unmanageable debt. Companies will also be obliged to provide clear and accessible information about loan agreements, allowing shoppers to make informed decisions. To adapt the Consumer Credit Act to the digital nature of BNPL, certain disclosure requirements will be tailored for online usage.
Additionally, BNPL users will benefit from enhanced consumer rights, including the right to claim refunds through Section 75 of the Consumer Credit Act and access to the Financial Ombudsman Service for complaints. These measures are intended to align BNPL with other forms of consumer credit, offering stronger protections while maintaining flexibility for the sector.
The FCA has welcomed the proposals, stating, “We have long called for these products to be brought into our remit. BNPL can provide benefits for consumers but also carries risks.” The regulator will consult on specific rules once legislation is passed and expects to regulate the sector within 12 months.
Next steps
The consultation is open until 29 November 2024, with legislation expected to be introduced in early 2025. The FCA will then finalise its regulatory framework, with firms expected to comply by 2026. During the transition, a temporary permissions regime will allow BNPL providers to continue operating while applying for full authorisation.
Click here to read the full RegInsight on CUBE's RegPlatform
CFPB director warns against asset management concentration of power
In a speech at Harvard Law School, Consumer Financial Protection Bureau (CFPB) Director Rohit Chopra outlined growing concerns about the concentration of power within the asset management industry. His address focused on how a small group of firms, particularly in equity ownership, are exerting disproportionate influence across the US economy. He warned that this consolidation poses risks to the broader financial system and detailed a proposed rule aimed at mitigating these concerns.
Chopra highlighted the rise of "natural monopolies and oligopolies" in the asset management industry, emphasising how a small number of firms, such as BlackRock and Vanguard, have amassed enormous assets under management—$10.6 trillion and $9.9 trillion, respectively. These firms manage a significant share of public equities, giving them extensive influence over corporate America. Chopra attributed this trend to several factors, including the shift from active management to index investing and the rise of defined contribution pension plans in the US. He explained that these developments have given large asset managers a structural advantage, allowing them to grow their dominance. "In many ways, this small set of firms is a natural oligopoly," he said, adding that their market power would be "difficult to disrupt" without regulatory intervention.
Despite being labelled "passive" investors, Chopra argued that major asset managers are far from passive in their control. These firms actively engage with corporate executives through "stewardship" teams, holding private meetings, publishing white papers, and casting votes on key corporate decisions. “Those with major stakes typically can’t credibly claim that they have no influence, even as absentees,” he stated. This influence is not limited to governance issues but extends to strategic priorities, blurring the lines between passive ownership and active control.
Chopra also raised alarms about the implications of concentrated ownership in sectors like banking, where asset managers hold significant stakes. In the US, he explained, banks operate under a unique regulatory framework, enjoying public privileges such as access to Federal Reserve accounts and deposit insurance. He cautioned that allowing large asset managers to control substantial portions of the banking sector could distort competition and increase risks for the financial system. “Concentrated ownership can undermine competition in the banking sector in a way that reverberates throughout the economy, increase risk-taking on the back of publicly insured deposits, and create fundamental conflicts of interest,” he warned.
To address these concerns, Chopra has proposed a rule to the Federal Deposit Insurance Corporation (FDIC) aimed at limiting the control exerted by large asset managers over banks. This rule would revisit so-called "passivity" agreements, which allow asset managers to avoid regulatory scrutiny by pledging not to exert influence over banks in which they hold significant stakes. Chopra argued that these agreements are often "flimsy" and that more stringent controls are necessary to ensure true passivity. He also questioned a 2020 Federal Reserve policy that expanded the types of activities and investment structures deemed "passive," even allowing asset managers to serve on bank boards without being classified as controlling owners. “Many stakeholders continue to find this policy quite weird,” he remarked.
Chopra also pointed to the broader risks posed by concentrated ownership in other critical sectors of the economy. He mentioned that asset managers’ influence could lead to anticompetitive behaviour and conflicts of interest, particularly in industries where they have significant stakes across competing companies. To counter these risks, Chopra floated several potential remedies, including size limitations on asset managers, stricter rules on proxy voting, and greater transparency around how asset managers engage with corporate management.
Looking ahead, Chopra emphasised the importance of maintaining the benefits of index investing while addressing the risks associated with concentrated ownership. He urged regulators across different sectors to reconsider whether large asset managers should continue to be treated as passive investors, given the level of control they wield. “As more and more sector regulators question whether large asset managers are truly ‘passive,’ we must continue to develop policies that guard against coercive influence and conflicts of interest,” he concluded.
Click here to read the full RegInsight on CUBE's RegPlatform
HKMA outlines adjustments for Basel III implementation ahead of 2025 deadline
In a letter to authorised institutions (AIs) The Hong Kong Monetary Authority (HKMA) has announced adjustments to the calculation of regulatory capital requirements ahead of the Basel III final reforms, which are set to take effect on 1 January 2025. These adjustments focus on small and medium-sized enterprise (SME) exposures and residential mortgage lending. The HKMA's guidance aims to provide immediate clarity for AIs, especially those engaged in SME banking, while ensuring a smooth transition to the new Basel III capital standards.
Some context
The revised capital standards under Basel III are part of a global regulatory effort to strengthen bank capital and improve resilience in the financial sector. With the imminent implementation of the Banking (Capital) (Amendment) Rules 2023 (BCAR), AIs must prepare for changes in how capital requirements are calculated, particularly in key lending areas such as SMEs and residential mortgages. The HKMA has allowed for flexibility, enabling certain changes to be adopted ahead of the official start date.
In a parallel move, the HKMA has also reduced the jurisdictional Countercyclical Capital Buffer (CCyB), providing additional room for AIs to extend support to local SMEs.
Key takeaways
- SME exposures: AIs can begin applying a new 85% risk weight to SME exposures that are not classified as regulatory retail exposures, reducing the current 100% risk weight. This change aligns with the revised capital standards and will allow banks to allocate capital more efficiently. Additionally, AIs can adopt the revised definition of “small business” under BCAR for both regulatory retail and non-retail SME exposures.
- For regulatory retail exposures, the risk weight will remain at 75%, but the new definition of "small business" can be applied.
- The HKMA will take a flexible approach to supervising AIs that opt to implement these changes early, foregoing immediate supervisory reviews.
- Residential mortgage loans: For AIs using the Internal Ratings-Based (IRB) approach, the HKMA will remove the current risk-weight floor for calculating capital requirements on residential mortgage loans secured on Hong Kong properties. This reflects the broader risk-sensitive output floor being introduced under Basel III final reforms.
Next steps
The HKMA expects AIs to leverage the additional flexibility provided by these measures to support local SME financing. Institutions engaged in SME banking will continue to be monitored by the HKMA through ongoing supervisory engagements, with a particular focus on their SME lending strategies, metrics, and projections.
Authorised institutions are encouraged to consult with the HKMA regarding any questions related to the new capital requirements by contacting the authority via the provided email.
The full implementation of these changes is anticipated to occur in line with the Basel III reforms in January 2025, with AIs encouraged to take advantage of the interim period to align their capital strategies with the new standards.
Click here to read the full RegInsight on CUBE's RegPlatform
MAS CP on capital treatment of structured products
The Monetary Authority of Singapore (MAS) has launched a consultation paper proposing amendments to the capital treatment of structured products and infrastructure investments for insurers. These changes are part of an ongoing effort to refine the Risk-Based Capital 2 (RBC 2) framework. The paper outlines differentiated capital requirements for infrastructure investments and revisions to the treatment of structured products, aiming to align Singapore's approach with international standards and ensure risk-appropriate measures for insurers.
Some context
Infrastructure assets, known for their long-term stability and inflation-adjusted returns, are increasingly seen as suitable investments for insurers, particularly those managing life insurance portfolios with long-term liabilities. However, under the current RBC 2 framework, there is no specific capital treatment for such investments. This gap contrasts with international developments, where regulatory bodies, such as the International Association of Insurance Supervisors (IAIS), have advanced guidance on the capital treatment of infrastructure assets. With the IAIS set to formally adopt these standards by the end of 2024, MAS is now taking steps to implement similar measures in Singapore.
At the same time, structured products, which can include infrastructure-related investments like securitised assets, have a wide range of risk profiles. MAS has recognised the need for a more granular approach to the capital treatment of these products, particularly in light of changes under the Basel III framework for securitised assets. This review seeks to provide insurers with clarity on how such investments will be treated under the RBC 2 framework moving forward.
Key takeaways
The consultation paper proposes two key changes. First, MAS is considering introducing differentiated capital treatment for infrastructure investments. These assets, which may include debt or equity investments, are typically characterised by their ability to generate stable, inflation-adjusted cash flows. Given these attributes, MAS suggests that infrastructure investments may deserve more favourable capital treatment. The proposed changes aim to account for the specific risks associated with these assets while also recognising their potential to diversify insurers’ portfolios.
MAS also acknowledges that certain infrastructure projects, particularly in Asia, may not meet all the qualifying criteria under these proposed rules. To address this, a pilot programme will be launched, allowing life insurers to invest in sustainable infrastructure projects with adjusted capital charges. This initiative is expected to help insurers gain experience and develop expertise in sustainable infrastructure investments while ensuring risk-appropriate safeguards, such as investment caps, are in place.
Second, MAS proposes a revised capital treatment for structured products, including infrastructure-related securitised assets such as collateralised loan obligations. The diverse risk profiles of these products necessitate a more nuanced approach, which MAS aims to address by introducing specific risk charges. These changes align with the Basel III framework, which has already set precedents in the treatment of securitised assets. The revised approach will better reflect the risks associated with different types of structured products, particularly those tied to infrastructure investments.
Next steps
MAS is inviting feedback from insurers and other stakeholders on the proposed changes. Submissions can be made until 22 November 2024, and the consultation represents an important step towards aligning Singapore’s insurance capital framework with global regulatory standards. The final amendments will be incorporated into MAS Notice 133 on Valuation and Capital Framework for Insurers.
Click here to read the full RegInsight on CUBE's RegPlatform
EU adopts new cyber security rules
The European Commission has adopted new cybersecurity rules for critical digital entities and networks under the NIS2 Directive. The implementing regulation is designed to strengthen the resilience of digital infrastructure across the EU. These new measures outline specific risk management protocols for entities providing essential digital services, such as cloud computing and online marketplaces, and establish clearer guidelines for incident reporting. The move marks a significant step in fortifying Europe’s defences against cyber threats.
Some context
The NIS2 Directive, which entered into force in January 2023, builds on the EU's original cybersecurity law, the NIS Directive of 2016. The updated directive addresses emerging cyber risks by broadening its scope to cover additional sectors that are deemed critical to the economy and society such as health, energy, transport, and digital services. One of its key objectives is to harmonise cybersecurity requirements across the Union, enabling more consistent standards and enforcement in Member States.
A central feature of the NIS2 Directive is its emphasis on the security of supply chains and digital ecosystems. It imposes more stringent requirements on companies operating in critical sectors, ensuring that they implement robust cybersecurity measures and report significant incidents in a timely manner.
Key takeaways
- Implementing regulation now in place: The newly adopted regulation details the cybersecurity risk management measures that must be followed by critical digital service providers, such as cloud computing companies, data centres, and online platforms. It specifies the circumstances in which a cybersecurity incident is considered significant, triggering the obligation to report it to national authorities.
- Incident reporting requirements clarified: Companies offering digital infrastructure and services will need to adhere to the new guidelines on reporting cybersecurity incidents. This aims to enhance the EU’s ability to respond to cyber threats by ensuring rapid information sharing and coordinated responses.
- National compliance required: The timing of the implementing regulation coincides with the deadline for Member States to transpose the NIS2 Directive into national law. From 18 October 2024, all EU countries must apply these cybersecurity rules and establish supervisory and enforcement mechanisms to ensure compliance.
- Expanded scope: The NIS2 Directive significantly broadens the sectors and entities covered, addressing not only digital services but also other critical infrastructure sectors such as energy, transport, and healthcare. This reflects the increasingly interconnected nature of these industries and their growing reliance on digital networks.
- Harmonisation of sanctions: One of the key aspects of the directive is its focus on harmonising sanctions regimes across the EU. This ensures that entities failing to comply with the cybersecurity measures face consistent consequences regardless of the Member State they operate in, further promoting a unified approach to cyber resilience.
Next steps
The implementing regulation will be published in the EU’s Official Journal in the coming weeks and will take effect 20 days after publication. Member States are now responsible for ensuring that their national laws reflect the new cybersecurity measures and that companies operating within their jurisdictions comply with the updated rules.
Click here to read the full RegInsight on CUBE's RegPlatform
EIOPA consults on macroprudential criteria for insurers
The European Insurance and Occupational Pensions Authority (EIOPA) has launched a consultation on new criteria that will guide national supervisors in selecting insurers and insurance groups to undertake macroprudential analysis. This development is part of ongoing efforts to strengthen the resilience of the European insurance sector through enhanced risk management and regulatory oversight.
The consultation focuses on how macroprudential elements should be incorporated into firms' Own Risk and Solvency Assessments (ORSA) and the application of the Prudent Person Principle (PPP). These assessments are critical tools for insurers in identifying and managing potential systemic risks within their operations.
Some context
The initiative stems from the European Commission’s amendments to the Solvency II Directive, introduced in 2021, which called for stronger macroprudential safeguards in the insurance sector. Solvency II, a key regulatory framework for insurers and reinsurers across the EU, aims to protect policyholders while ensuring financial stability within the sector. The Commission’s review of Solvency II sought to update the framework to better withstand future crises and address emerging risks.
EIOPA’s consultation paper outlines quantitative and qualitative criteria that will be used to determine which insurers are required to integrate macroprudential considerations into their risk assessments. A key quantitative threshold of €12 billion in total assets has been proposed, aligning with existing standards used for financial stability reporting. This is intended to capture larger firms that may pose greater systemic risk.
In addition to the asset-based threshold, qualitative criteria will allow supervisors to exercise discretion, ensuring that smaller firms with significant risk exposures are not overlooked. These criteria will provide flexibility for supervisors to add or remove insurers from the list of those required to conduct macroprudential analyses.
Key takeaways
The key objective of the consultation is to ensure a proportionate regulatory approach that balances the need for robust supervision with the operational realities of insurers. The combination of asset-based thresholds and qualitative risk factors is designed to ensure that only those firms that pose a potential systemic risk are subject to enhanced scrutiny.
The proposed criteria aim to provide clarity and consistency across national supervisors in how they apply macroprudential regulations, thereby preventing arbitrary or overly burdensome requirements on insurers. For insurers meeting the criteria, the integration of macroprudential elements into ORSA and PPP will involve considering broader financial stability concerns, including systemic risks, in their risk management frameworks.
The consultation also reflects a growing focus on the role of supervisors in actively monitoring macroprudential risks within the insurance sector. Under the proposed framework, supervisory authorities will analyse the macroprudential elements in insurers' ORSA reports, aggregate the findings, and provide feedback to firms. This will help insurers to better align their risk management practices with broader financial stability objectives.
Next steps
Stakeholders have until 9 January 2025 to provide feedback on the proposed criteria. Responses will help shape the final Regulatory Technical Standards (RTS) that EIOPA is tasked with developing under the Solvency II Directive. These standards will provide detailed guidance to national supervisors on how to implement the macroprudential requirements consistently across the EU.
Once the consultation period closes, EIOPA will review the feedback and incorporate relevant insights into its final proposals. These proposals are expected to play a critical role in ensuring that the European insurance sector remains resilient to systemic risks, while avoiding unnecessary regulatory burdens on firms.
Click here to read the full RegInsight on CUBE's RegPlatform
Speech: ten years of FCA innovation
In a speech at the Financial Conduct Authority’s (FCA) 10th anniversary event for Project Innovate, Jessica Rusu, the FCA’s Chief Data, Information, and Intelligence Officer, reflected on the progress of the UK’s FinTech landscape and laid out the regulator’s forward-looking vision for innovation in financial services.
Rusu began with a look back at the FinTech industry’s early days, noting that ten years ago, the UK’s FinTech market was valued at a modest £5-6 billion. Since then, it has expanded rapidly, with the sector now worth around £30 billion and comprising over 3,000 firms. Rusu attributed this success, in part, to the FCA’s efforts.
Innovation in regulatory support
Project Innovate, launched in 2014 with just two employees, has since grown into a robust division within the FCA’s Data, Technology, and Innovation (DTI) unit, which now houses 30 professionals. Rusu highlighted the project’s impact on the sector, emphasising that “Innovation is now a core part of our approach,” with initiatives like the world’s first Regulatory Sandbox helping nearly 1,000 firms to navigate the complex regulatory landscape.
The sandbox has become a model replicated by more than 95 regulators worldwide, providing firms with a secure space to trial innovative solutions. Rusu pointed to the success stories of firms like Zilch, a buy-now-pay-later service, which leveraged the sandbox to refine its offerings and went on to become one of the UK’s unicorns.
In addition to the sandbox, Rusu discussed the broader role of the Innovation Pathways service, which helps firms navigate regulatory challenges. She noted that even unsuccessful applicants to the sandbox rated the FCA’s guidance as beneficial, with 50% of them acknowledging that the advice received helped their business development.
Adapting to a global landscape
Rusu spoke to the global nature of FinTech innovation, recognising that “emerging technologies know no borders.” She pointed to the FCA’s role in founding the Global Financial Innovation Network (GFIN), a coalition of 90 regulators, aimed at fostering international collaboration on financial innovation. “Global markets mean that global events have an impact on the UK financial market,” she explained, adding that the FCA is committed to helping firms navigate these complexities while keeping a focus on the stability and resilience of UK financial services.
The growing influence of AI
Looking to the future, Rusu emphasised the transformative potential of artificial intelligence (AI) in financial services, describing it as “one of the most transformative technologies on the horizon.” She recognised the benefits of AI in driving financial inclusion, combating fraud, and enhancing customer experience, but she also underscored the associated risks. “As a regulator, we must play a critical role in ensuring AI is deployed in a way that is safe, fair, and in the best interests of consumers and the market,” she stated.
The FCA’s AI initiatives include the newly established AI Lab, which aims to provide firms with a collaborative environment to explore AI’s applications and challenges. The lab will consist of four components: the AI Spotlight, AI Sprint, AI Input Zone, and an enhanced Sandbox. The AI Spotlight will feature case studies of successful AI applications, while the AI Sprint will bring together experts from various fields to discuss best practices for AI integration in finance.
Partnership and the path ahead
Rusu praised the FCA’s partnerships with industry stakeholders, saying that “our role is not just as gatekeepers or enforcers, but as facilitators.” She stressed that the FCA’s mission is to foster sustainable growth and competition while ensuring the sector’s resilience. “We’re not barriers to progress. We aren’t a wall; we’re a bridge,” she asserted.
Rusu also highlighted the FCA’s new secondary objective: promoting international competitiveness and growth. She noted that the FCA’s innovation services, which have helped firms like Zilch and others grow, will play a vital role in achieving this objective. “Our commitment to innovation isn’t just rhetoric,” she added. “We’ve witnessed, and supported, huge growth in the financial sector.”
In concluding Rusu emphasised the FCA’s readiness to embrace emerging technologies, from AI to quantum computing, while adapting regulatory frameworks to support safe and responsible innovation. She invited stakeholders from across the industry to collaborate on the FCA’s AI initiatives, emphasising that the regulator remains “proactive and committed to enhancing AI use without sacrificing the trust and security that underpin financial services.”
Click here to read the full RegInsight on CUBE's RegPlatform