Greg Kilminster
Head of Product - Content
US and UK regulators announce AI development guidelines
The US Cybersecurity and Infrastructure Security Agency (CISA) and the UK National Cyber Security Centre (NCSC) have published joint guidelines which provide essential recommendations for AI system development. The guidelines are aimed primarily at providers of AI systems who are using models hosted by an organisation, or are using external application programming interfaces (APIs). The guidelines cover four areas:
- Secure design: This section outlines crucial guidelines for the design phase in the AI system development life cycle. It encompasses the identification of risks, thorough threat modeling, and considerations for system and model design, including specific topics and trade-offs.
- Secure development: Focused on the development stage, this section provides essential guidelines for the AI system development life cycle. It covers aspects such as supply chain security, documentation, and effective management of assets and technical debt.
- Secure deployment: Addressing the deployment stage, this section offers guidelines for safeguarding infrastructure and models against compromise, threats, or loss. It emphasises the development of incident management processes and responsible release practices.
- Secure operation and maintenance: Tailored for the secure operation and maintenance stage, this section provides guidelines relevant post-deployment. It includes recommendations for logging and monitoring, update management, and information sharing to ensure ongoing security and resilience.
Risk teams are urged to read these guidelines to help them make informed decisions about the design, deployment and operation of their machine learning AI systems.
Click here to read the full RegInsight on CUBE’s RegPlatform
FCA welcomes tokenisation report
The Financial Conduct Authority (FCA) has welcomed a report written by the Technology Working Group (the Group) which looks at the application of distributed ledger technology (DLT) through investment fund tokenisation. The Group was convened by senior leadership figures from the industry and the FCA and has been tasked with articulating the benefits of increased innovation in technology for investors and industry, and identifying the main opportunities presented by technologies such as DLT and generative AI.
The report recommends a staged approach to fund tokenisation, starting with a baseline model that could be used within the existing legal and regulatory framework, and progressing to more advanced stages over time. The baseline – or ‘stage one’ – model establishes the infrastructure for fund tokenisation in the UK funds market. To fully utilise this stage the report considered three items.
Regulatory certainty for UK fund tokenisation:
- Fund tokenisation models adhering to the baseline characteristics outlined in the report’s section should be designed to comply with the existing legal and regulatory framework.
Fostering DLT Innovation in the UK Investment Management Industry:
- The Investment Association (IA) will serve as a bridge between the industry, the FCA, and Her Majesty’s Treasury (HMT) to advance future stages of fund tokenisation. This involves demonstrating incremental delivery and facilitating engagement with relevant officials.
- The IA will collaborate with stakeholders to promote industry standards, encourage an open market based on interoperability, and prevent fragmentation over a period of 3 to 18 months.
Money Laundering Regulations Registration Process:
- The FCA is exploring ways to expedite the Money Laundering Regulations 2017 (MLRs) registration process for firms already authorised by the FCA to conduct regulated financial services activities.
- This acceleration is considered for cases where there is a lower risk of harm, and the FCA has evidence of strong control frameworks and non-adverse regulatory histories, with a proposed timeframe of 3 to 6 months.
The report then recommends the following.
Further stages of fund tokenisation:
- Industry to develop details over three months+.
- Collaboration with FCA for Handbook rules and with HMT for legislation impacts over 9-12 months after detailing.
Availability of digital money for transactions:
- Industry to decide on the preferred form of digital money for fund settlement over 1-2 years.
- Exploration of leveraging the Bank of England’s Synchronisation work for wider industry access to Real-Time Gross Settlement service for digital funds settlement in central bank money.
Legal considerations for investible assets:
- Industry partners to collaborate with HMT to identify legislative barriers for holding digital investible assets.
- Enable necessary legislative changes through initiatives like the Digital Securities Sandbox in 6-12 months timeframe.
Central securities depositary requirements:
- Exploration of alternatives to traditional central securities depositaries via the Treasury’s Digital Securities Sandbox.
- Firms to express interest in participating in the sandbox over 3-9 months.
Availability of digital identity:
- Government endorsement to build awareness of the digital identity legal framework.
- Encourage industry adoption over 9-24 months.
Availability of banking services:
- HMT to consider if further action is needed for access to business accounts in 1-2 years.
Click here to read the full RegInsight on CUBE’s RegPlatform
FCA announces upcoming consultation for DC pensions
The Financial Conduct Authority (FCA) has announced that it will launch a consultation in spring 2024 on detailed rules for a new Value for Money (VFM) framework for defined contribution workplace pensions.
The VFM framework aims to shift the focus from cost to longer-term value and ensure transparency and delivery of VFM in the market. The consultation will allow the industry and stakeholders to express their views.
Click here to read the full RegInsight on CUBE’s RegPlatform
FCA issues call for input on impact of data asymmetry between big tech firms and firms in financial services
The Financial Conduct Authority (FCA) has launched a Call for Input (CFI) to gather feedback on the potential competition impacts that may arise from the data asymmetry between Big Tech firms and financial services firms. This CFI is a result of the responses to the feedback statement 23/4, which highlighted the adverse implications that data asymmetry could have on how competition develops in financial services in the future.
The aim of the CFI is to:
- Explore the feedback on data asymmetry in greater detail;
- Gather evidence to assess the risk of the market developing in a way that gives Big Tech firms entrenched market power; and
- Gather evidence on other significant factors that could lead Big Tech firms to gain market power and become ‘gatekeepers’ in financial services.
The FCA plans to report back on the CFI in Q2 2024, setting out its analysis of the evidence received and any subsequent actions it may take. The deadline for response is 22 January 2024.
Click here to read the full RegInsight on CUBE’s RegPlatform
SFC fines Lion Futures Limited $2.8 million
Lion Futures Limited (LFL) has been fined HK$2.8 million by the Securities and Futures Commission (SFC) for not complying with anti-money laundering and counter-terrorist financing (AML/CFT) regulations, as well as other regulatory requirements. The breaches occurred between May 2017 and July 2019 due to inadequate and ineffective systems and controls.
During the investigation, the SFC discovered that:
- LFL did not conduct due diligence on the customer-supplied systems (CSSs) used by five clients for placing orders. As a result, LFL was unable to properly assess and manage the risks associated with the use of CSSs for money laundering, terrorist financing, and other illegal activities.
- LFL failed to establish an effective ongoing monitoring system to detect suspicious trading patterns in client accounts, resulting in its inability to detect 1,098 self-matched trades in five client accounts.
The SFC considers LFL’s failures serious, as they could harm the market’s integrity and undermine public confidence. Therefore, the fine serves as a strong deterrent to the market as such failures are unacceptable.
Click here to read the full RegInsight on CUBE’s RegPlatform
EBA issues consultation on guidelines on preventing the abuse of funds and certain crypto-assets transfers.
The European Banking Authority (EBA) has published a consultation on new guidelines to assist Payment Service Providers (PSPs), Intermediary PSPs (IPSPs), Crypto-Asset Service Providers (CASPs), and Intermediary CASPs (ICASPs) in complying with Regulation (EU) 2023/1113 on information accompanying transfers of funds and certain crypto-assets.
This regulation seeks to prevent individuals from exploiting funds and crypto-asset transfers for terrorist financing and other financial crimes.
Under the proposed guidelines, the EBA objective is to:
- Promote a shared understanding of the rules among PSPs, IPSPs, CASPs, ICASPs, and competent authorities across the EU.
- Establish effective procedures for identifying and managing the transfer of funds and crypto assets that do not contain the necessary information on the payer/originator and the payee/beneficiary.
The consultation runs until 26 February 2024.
Click here to read the full RegInsight on CUBE’s RegPlatform
FDIC October enforcement summaries
The Federal Deposit Insurance Corporation (FDIC) has published a summary of all of the enforcements actions it undertook during October.
Eight actions in all occurred including an $85,000 fine against Paramount Bank and consent orders against Royal Business Bank for alleged violation of the Bank Secrecy Act and its anti-money laundering/countering the financing of terrorism regulations.
Click here to read the full RegInsight on CUBE’s RegPlatform