CUBE RegNews 4th December

Posted: 2024-12-04

The RegNews team will be back on Friday 6th December.

ASIC proposes updated guidance for digital assets as financial products

The Australian Securities and Investments Commission (ASIC) has released Consultation Paper 381, proposing updates to its guidance on digital assets, particularly those considered financial products. The revisions to Information Sheet 225 aim to clarify regulatory expectations, improve oversight of digital asset services, and ensure alignment with evolving market practices. 

Some context 

Originally issued in 2017, Information Sheet 225 explains firms obligations under the Corporations Act and the ASIC Act if the business is involved with crypto-assets. It has undergone multiple updates, reflecting the rapid growth of the digital asset industry. ASIC has emphasised the need for further refinements to address emerging products, align with international regulatory developments, and provide clear guidance on when digital assets fall under the scope of the Corporations Act 2001. The updates complement proposed government reforms for digital asset platforms while maintaining clarity on existing laws. 

Key takeaways 

• Broader scope and practical examples: The guidance introduces worked examples illustrating how digital asset arrangements might qualify as financial products. Scenarios include stablecoins, tokenised securities, and derivatives. ASIC seeks feedback on additional examples, such as wrapped tokens. 
• Licensing and compliance clarity: Digital asset businesses will be expected to comply with existing licensing processes for Australian Financial Services (AFS) licences, with tailored authorisations proposed for certain derivatives and miscellaneous financial products. 
• Transitional support: ASIC proposes a conditional no-action position for businesses actively applying for licences, ensuring operational continuity while navigating compliance. 
• Strengthened custody and risk management standards: Updates highlight good practices for custodial arrangements and require adequate organisational competence and conflict-of-interest management tailored to digital asset operations. 

Next steps 

Commenting on the issuance of the consultation, ASIC Commissioner Alan Kirkland said: “We want to promote the growth of responsible financial innovation while ensuring consumer protection. A well-regulated financial system benefits everyone in the community as it supports consumer confidence, market integrity and facilitates competition and innovation”. 

ASIC invites stakeholder feedback on its proposals, with submissions due by 28 February 2025. The final guidance is expected in mid-2025, following consultation. 

Click here to read the full RegInsight on CUBE's RegPlatform.

EBA amends supervisory reporting framework

The European Banking Authority (EBA) has published amendments to its final draft Implementing Technical Standards (ITS) on the supervisory reporting and disclosures of investment firms. This update aligns the reporting framework with the recent Capital Requirements Regulation (CRR3) and brings it in line with the reporting standards for credit institutions. 

Some context 

The Investment Firms Prudential Package, which came into force in 2019, established a new regulatory framework for investment firms. This includes provisions for supervisory reporting, which are essential for effective oversight and risk management within the financial sector. 

The EBA's initial ITS on investment firm reporting aimed to establish a comprehensive framework for data collection and reporting. However, the recent amendments to the CRR3 necessitate updates to these standards to ensure consistency and harmonisation across the financial sector. 

Key takeaways 

• Alignment with CRR3: The primary objective of these amendments is to align the investment firm reporting framework with the latest requirements of the CRR3. This ensures a consistent and harmonised approach to supervisory reporting across different types of financial institutions. 
• Focus on key risk areas: The amendments specifically address reporting requirements related to counterparty credit risk, market risk (K-NPR), and credit valuation adjustment (CVA) risk. These are critical areas for risk management within the investment banking sector. 
• Streamlined reporting: The ITS allows investment firms to opt to report the same information as credit institutions, where applicable. This simplifies the reporting process and reduces the administrative burden on firms. 

Next steps 

The EBA will shortly publish a comprehensive technical package that will include data point modelling (DPM), validation rules, and taxonomy. This package will provide detailed guidance for investment firms on how to submit their supervisory reporting information to their respective supervisors. 

Click here to read the full RegInsight on CUBE's RegPlatform.

OCC updates guidance on unfair or deceptive acts or practices

The Office of the Comptroller of the Currency (OCC) has published an updated version of its Comptroller’s Handbook booklet on Unfair or Deceptive Acts or Practices and Unfair, Deceptive, or Abusive Acts or Practices (UDAP/UDAAP). This revised guidance reflects changes in regulations and best practices since the previous version was issued in June 2020. 

Key updates 

The updated booklet incorporates several key changes: 

• Enhanced risk management: It provides further clarity on sound risk management practices related to UDAP/UDAAP, emphasising the importance of robust controls and proactive risk identification. 
• Overdraft services: The booklet includes updated guidance for examiners on the supervision of overdraft services, reflecting recent regulatory developments and best practices. 
• Data protection and security: It incorporates updates from the Consumer Financial Protection Bureau (CFPB) regarding data protection and information security, emphasising the importance of safeguarding consumer data. 
• Risk Indicators: The booklet includes an updated version of Appendix B, which outlines key risk indicators for UDAP/UDAAP violations. 

Other changes 

The updated booklet also reflects various other changes, including: 

• Incorporation of OCC and interagency issuances published or rescinded since June 2020. 
• Minor updates for improved clarity and readability. 

Next Steps 

The updated guidance should assist examiners in effectively assessing and supervising bank practices related to UDAP/UDAAP. It will also help banks to enhance their compliance programs and mitigate risks associated with these consumer protection issues. 

Banks are encouraged to review the updated booklet and ensure their internal controls and compliance programs are aligned with the latest guidance. 

Click here to read the full RegInsight on CUBE's RegPlatform.

CFTC proposes rule to protect consumer data

The US Consumer Financial Protection Bureau (CFPB) has proposed a new rule aimed at curbing the sale of sensitive personal data by data brokers. The measure seeks to protect individuals from threats such as scams, stalking, and illegal foreign surveillance by tightening oversight under the Fair Credit Reporting Act (FCRA). 

Some context 

The proposed rule reflects growing concerns over the data broker industry's role in selling detailed personal and financial information. Currently, data brokers can collect and sell data without explicit consumer consent, raising risks such as identity theft, espionage, and personal safety threats. The CFPB’s action follows extensive monitoring of the market, which revealed widespread non-compliance with federal privacy protections. 

Key takeaways 

• Expanded FCRA scope: The rule would categorise data brokers that sell financial and personal identifiers, such as Social Security Numbers or income details, as consumer reporting agencies. This designation would require compliance with accuracy standards, safeguards, and consumer access rights under the FCRA. 
• National security risks: Countries like China and Russia could exploit data broker practices to acquire personal information about Americans, including military personnel and government employees, for surveillance or blackmail. 
• Consumer safety: Vulnerable individuals, including domestic violence survivors and law enforcement officers, are at heightened risk when personal contact details are readily available for purchase. Recent incidents, including a violent attack on a judge’s family, underscore the dangers. 
• Stronger consent requirements: Companies would need explicit consumer consent before sharing sensitive information, reducing the likelihood of misuse hidden in complex agreements. 
• Preserving legal access: Government agencies would retain access to data for legitimate purposes, such as law enforcement and counterterrorism, under existing FCRA pathways. 

Commenting on the proposal, CFPB Director Rohit Chopra said: “The dangers of unfettered data brokering have become painfully clear in recent months... The scale of this problem is staggering...Today 's proposal would crack down on a range of misuses of our data. The proposed rule would curtail widespread evasion of longstanding law... Second, the rule would ban misuse of our sensitive personal identifiers... Third, the proposal would preserve legally established pathways for law enforcement, counterterrorism, and counterintelligence purposes”. 

Next steps 

The CFPB’s proposal is open for public consultation and aligns with broader government efforts to protect sensitive data. Recent actions by the Department of Justice and Executive Orders targeting foreign data threats reinforce this initiative. If implemented, the rule could significantly limit data brokers’ activities and bolster protections against modern privacy risks. 

Click here to read the full RegInsight on CUBE's RegPlatform.

MAS tool kits revised

The Monetary Authority of Singapore (MAS) has updated the compliance toolkits for insurance brokers compliance toolkit for venture capital fund managers.

The changes to this toolkit follow revisions made to the insurance brokers compliance toolkit and financial advisers compliance toolkit, both of which were published in November. 

Some context   

The insurance broker toolkit includes common applications, notifications, or other submissions required under the Insurance Act, its subsidiary legislation, and applicable notices and guidelines. It also outlines minimum standards and continuing professional development requirements for insurance brokers and their broking staff, as well as reporting requirements for misconduct of broking staff by insurance brokers. Standard corporate registration conditions are also imposed on registered insurance brokers. The toolkit does not cover approvals, notifications, or other submissions that may be imposed by MAS bilaterally on IBs due to their specific circumstances. 

The toolkits offers guidance and support for all regulated firms to ensure compliance with MAS approval, reporting requirements, and deadlines. 

Click here to read the full RegInsight on CUBE's RegPlatform.

OCC releases November CRA performance evaluation results

The Office of the Comptroller of the Currency (OCC) has published its Community Reinvestment Act (CRA) performance evaluation covering the period from 1 November 2024 to 30 November 2024.   

The assessment is part of the federal banking agencies' obligations under the CRA to review an institution’s credit provision to its entire community, including low-to moderate-income (LMI) neighbourhoods while ensuring the institution’s overall safety and soundness.   

Of the 19 evaluations made public this month, 16 are rated satisfactory and three are rated outstanding. 

Click here to read the full RegInsight on CUBE's RegPlatform.

HKMA sets out new measures to empower customers in fraud protection

The Hong Kong Monetary Authority (HKMA) has introduced new measures aimed at enhancing customer protection against fraud and scams. In a circular to authorised institutions, the HKMA outlined the implementation of a “Money Safe” (MS) mechanism and the option for customers to disable Internet banking platforms. These initiatives seek to reduce financial losses from fraudulent activities. 

Some context 

In recent years, Hong Kong has experienced a surge in fraud cases involving unauthorised payments from bank accounts. The HKMA, in collaboration with the banking industry, has devised measures to empower customers to take proactive steps in safeguarding their funds. The MS mechanism adds a layer of security by allowing customers to protect a portion of their deposits, while the Internet banking disablement option addresses scams involving manipulated account setups. 

Key takeaways 

• “Money Safe” mechanism: Customers can designate funds in their bank accounts for MS protection, preventing unauthorised outflows. These funds can only be accessed after verification by the bank. Initially targeting retail banking customers, the measure may also be extended to private banking clients based on demand. 
• Internet banking disablement: To counter scams involving account manipulation, customers will have the option to disable Internet banking platforms for their accounts. Changes to this setting will require stringent verification, ensuring robust customer control over online banking access. 
• Additional measures under consideration: The HKMA is working with the industry on further safeguards, including options to deactivate third-party payee registrations and limit increases on online fund transfers. 

Next steps 

Retail banks are expected to introduce MS protection by 30 September 2025, with full implementation required by the end of the year. The Internet banking disablement option should be available by 30 June 2025, with allowances for delays subject to HKMA approval. 

Banks are urged to begin phased rollouts of MS protection and related measures immediately, prioritising customer education and support during implementation. The HKMA will continue engaging with the industry to refine these protections, reinforcing Hong Kong’s resilience against financial fraud. 

Click here to read the full RegInsight on CUBE's RegPlatform.