CUBE RegNews: 1st November

A selected summary of key developments for regulated financial institutions

Greg Kilminster

Greg Kilminster

Head of Product - Content

FCA sees increase in buy-now-pay-later services

The UK’s Financial Conduct Authority has published research which suggests 27% of UK adults have used buy-now-pay-later services (BNPL), up from 17% in the previous six month period. 

The FCA does not have regulatory oversight over BNPL products but has used its powers under the Consumer Rights Act 2015 to secure changes to potentially unfair and unclear contract terms in this sector, and both PayPal and QVC have now voluntarily made their continuous payment authority terms easier to understand – and PayPal has made terms relating to what happens when a consumer cancels the purchase funded by the loan clearer and fairer. 

Click here to read the full RegInsight on CUBE’s RegPlatform

PRA issues discussion paper on capital requirements 

The UK Prudential Regulation Authority (PRA) has issued DP3/23 – Securitisation: capital requirements which raises questions regarding forthcoming draft rules the PRA will be creating to replace the firm-facing requirements of the Capital Requirements Regulation. The discussion paper notes that the relevant standards of the Basel Committee on Banking Supervision (BCBS) will be an important reference point and hence the PRA considers that broad alignment with these Basel standards would advance the PRA’s primary objective of promoting the safety and soundness of PRA-authorised firms by addressing prudential risks associated with securitisation exposures. 

The DP considers a set of issues relating to capital requirements for PRA-authorised CRR firms’ securitisation exposures. These relate to: 

  • the calibration of the Pillar 1 framework for determining capital requirements for securitisation exposures and their interaction with the Basel 3.1 output floor; 
  • the hierarchy of methods for determining capital requirements for securitisation exposures; and 
  • the specification of securitisations that qualify as simple, transparent and standardised (STS) securitisations and associated preferential prudential treatment. 

 The closing date for comments is 31 January 2024. 

Click here to read the full RegInsight on CUBE’s RegPlatform

BoE speech: compliance teams must embrace ISO 20022

Victoria Cleland, Executive Director for Payments at the Bank of England, spoke at the UK Finance Digital Innovation Summit about the importance of ISO 20022 — a global international standard developed to enable communication interoperability between financial institutions, their market infrastructures and their end-user communities. 

Cleland began her speech by stressing the importance of looking beyond the obvious and working collaboratively to harness ISO 20022’s full potential. It was likened to the process of producing a successful harvest, requiring planning, the right tools, favourable conditions, and adaptability to changing demands. Similarly, ISO 20022 facilitates innovation, competition, and adaptability in payment systems. 

Cleland proceeded to discuss the evolution of payment methods, from bartering to electronic payments, and the need for core payment systems to adapt to these changes. The Bank of England’s Real Time Gross Settlement (RTGS) service was highlighted as a key player in enhancing payments’ resilience, access, interoperability, and user functionality. 

The transition of CHAPS to ISO 20022 in June 2023 was a major milestone, with plans for the core RTGS settlement engine to become fully ISO 20022-native in 2024. Cleland noted that ISO 20022 enables richer data exchange in a structured format, making it a common language for global payments and helping boost competition in the industry. 

Cleland outlined the benefits of ISO 20022including: 

  • Interoperability: ISO 20022 adoption across various payment systems drives wider interoperability, improving resilience and payment redirection. 
  • Structured data: Enhanced structured data within payments can lead to quicker, automated reconciliation, and end-to-end payments. 
  • Fraud prevention: ISO 20022 facilitates purpose codes and Legal Entity Identifiers (LEIs), supporting fraud prevention, prioritisation, and customer insights. 
  • Competition: ISO 20022 fosters competition by enabling technology vendors to offer products across different countries and currencies. 
  • Efficiency: ISO 20022-native payment initiators can choose and add new payment providers more quickly, and the standard allows for evolving services. 

The speech acknowledged the importance of harmonising data models internationally to facilitate seamless cross-border payments. Cleland noted that the Bank for International Settlements and private sector groups have been working to establish harmonised data requirements for cross-border ISO 20022 messages. 

In addition, efforts to align data models for cross-border payments are crucial. Cleland said that collaboration with Pay.UK and the High Value Payments Plus Group (HVPS+) whose aims are to ensure cross-border payments and high-value payments standards are closely aligned with ISO 20022 is welcomed by the Bank.

The support for APIs was discussed as a means to enhance the input, extraction, and collation of payments information. Well-structured payment messages can benefit end-users by simplifying invoice matching and improving cashflow forecasting. 

Cleland concluded by urging financial professionals to consider the following action points: 

  • Understand the benefits of ISO 20022 for your organisation and incorporate it into your long-term data strategy. 
  • Collaborate with others to support harmonisation in ISO 20022 payment messaging. 
  • Recognise that ISO 20022’s benefits extend to end-users, including corporates and SMEs. 
  • Compliance and risk professionals should embrace ISO 20022 as a valuable tool to enhance data quality, support interoperability, and drive innovation in payment systems. By collaborating with industry stakeholders and staying updated on ISO 20022 developments, financial services professionals can position themselves to reap the greatest benefits of this global messaging standard. 

Click here to read the full RegInsight on CUBE’s RegPlatform

Bank employee on money laundering charge

An employee of an international financial institution based in the US has been arrested for his alleged involvement in facilitating money laundering activities, accepting bribes in exchange for his services. 

Oscar Marcelo Nunez-Flores faces charges of one count of money laundering conspiracy and one count of accepting bribes as an employee of a financial institution. The arrest followed an investigation revealing his involvement in aiding the laundering of millions of dollars in drug money, primarily destined for Colombia. 

The accused, who works at a branch of the international financial institution located in Scotch Plains, New Jersey, is said to have begun his illicit activities in early 2022. Exploiting his position within the bank, Nunez-Flores allegedly used his insider access to open bank accounts under the names of shell companies with nominee owners. These accounts served as conduits for laundering drugs proceeds, with a significant portion of the illicit funds finding their way to Colombia. 

Nunez-Flores allegedly went the extra mile by providing those who bribed him with online access to the accounts and multiple debit cards linked to the accounts. These cards were then used to withdraw cash from ATMs in Colombia. In exchange for his services, the accused reportedly received substantial bribes, with thousands of dollars provided for each account he facilitated. The investigation suggests that this operation has led to the laundering of millions of dollars to Colombia since early 2022. 

Click here to read the full RegInsight on CUBE’s RegPlatform

HKMA orders electronic banking compliance enhancements

In the face of an increase of 47% in “technology crime cases” compared to the same six month period in 2022, the Hong Kong Monetary Authority has written to CEOs of all authorised institutions (AIs) to require new compliance enhancements to strengthen the security of electronic banking (e-banking) services. 

The additional measures have been formulated in collaboration with the Hong Kong Association of Banks (HKAB) and the Hong Kong Police Force. AIs are requested to attend to the following. 

Enhanced measures to counter fraud: 

  • Dynamic fraud monitoring: Implement dynamic fraud monitoring rules using the latest threat intelligence and customer transaction history, considering factors like login locations, time intervals, and transaction values. Utilise scam intelligence sources and network analytics tools for quick detection of suspicious transactions. 
  • Ambush authentication: Deploy ambush authentication when suspicious e-banking activities are detected, making it more challenging for fraudsters to conduct unauthorised transactions. Employ follow-up actions like account lock-out and customer notifications in case of authentication failures. 
  • Additional confirmation for high-risk transactions: For high-risk e-banking transactions deemed suspicious, request additional confirmation from customers, such as in-App confirmation or callbacks, before executing the transaction. 
  • Multiple authentication methods: Maintain the capability to implement multiple authentication methods to counter evolving fraud tactics, such as facial recognition and soft tokens for diverse risks. 

 Empowering customers to safeguard accounts: 

  • Review e-banking activities: Provide customers with tools to review and monitor account activities, offering detailed information about transaction history, login details, and device information for prompt identification of suspicious access. 
  • Notification of unusual activities: Conduct risk assessments and broaden notifications to include unusual e-banking activities, helping customers detect suspicious behaviour. 
  • Lower default cross-border transfer limits: Permit customers to set lower default cross-border transfer limits to prevent fraudsters from transferring funds out of Hong Kong. 
  • Restrict concurrent logins: Implement session management controls to disallow concurrent logins, logging key data for auditing and threat analysis. 

 Containing damage in case of breaches: 

  • Suspension of bank accounts: Enable customers to promptly suspend their e-banking accounts in case of compromise, ensuring stringent customer authentication before reactivation. 
  • 24/7 customer reporting channel: Maintain a 24/7 customer reporting channel for customers to report suspicious activities or potential fraud, ensuring accessibility through mobile banking applications or other means. 

 The letter concludes that “AIs should implement the aforementioned e-banking enhancements as soon as practicable, and in any case no later than 31 March 2024.” 

Click here to read the full RegInsight on CUBE’s RegPlatform

FATF publishes crowdfunding for terrorism report

The Financial Action Task Force has published a new report on crowdfunding terrorism. The report claims to be the first comprehensive international study on terrorist financing (TF) linked to crowdfunding and its stated objective is “ to build deeper knowledge of the methods and techniques used by individual terrorists, terrorist organisations and violent extremists, through crowdfunding, to finance all types of terrorist activity”. 

The report notes four main ways in which crowdfunding platforms can be abused for TF purposes:

  • Abuse of humanitarian, charitable or non-profit causes 
  • Use of dedicated crowdfunding platforms or websites 
  • Use of social media platforms and messaging apps 
  • Interaction of crowdfunding with virtual assets 

The report highlights the challenges that government authorities and stakeholders in the crowdfunding ecosystem encounter in detecting and deterring TF and recommends that jurisdictions and all stakeholders involved in the crowdfunding industry identify and understand TF risks associated with this activity and have proportionate risk-based measures in place to mitigate potential abuses. 

The report also includes a list of risk indicators to help public and private sector entities, and the general public identify suspicious activities related to crowdfunding. 

Click here to read the full RegInsight on CUBE’s RegPlatform