FSB lays out global agenda on stablecoins and cross-border payments


This month the Financial Stability Board presented G20 leaders with two reports which are likely to be instrumental in shaping the future of payments. One lays out a roadmap for enhancing cross-border payments whilst the other sets out recommendations for the regulation of global stablecoins. Both contemplate a busy agenda for both public and private stakeholders over the coming years.

FSB reports to the G20 

For the October 2020 meeting of the G20 finance ministers and central bank governors, the FSB has presented two reports of high significance for the global payments industry.

  1. Roadmap for enhancing cross-border payments

    The FSB laid out a roadmap for tackling inefficiencies in cross-border payments. These inefficiencies are a key challenge for the payments industry and a perceived driver behind new private money initiatives such as stablecoins. Addressing this issue is also a key pillar of the European Commission’s Retail Payments Strategy.

    The roadmap primarily focuses on areas of improvement for the existing payments ecosystem, but it does also touch on alternative payment arrangements, such as central bank digital currencies and stablecoins.

  2. Final report on the regulation, supervision and oversight of global stablecoins

    Following its consultation earlier this year, the FSB published its final report on global stablecoins. The recommendations outlined in the report have not changed substantially from those in the consultation paper (discussed in our previous blogpost). The report now also lays out a timetable for implementation.

Alongside these, the FSB also submitted reports on BigTech in finance in emerging markets and the use of supervisory and regulatory technology, among other things.

A detailed roadmap for cross-border payments

The FSB’s roadmap (which builds on previous work) seeks to establish “ambitious but achievable goals” by setting out five themes which are broken down into 19 building blocks comprising specific action points. The complexity is indicative of the fact that there is a multitude of issues affecting cross-border payments and no silver bullet to solve them. 

The five themes are outlined at a high level below.

  1. A joint public and private sector vision 

    This is a cornerstone for the project. It involves setting common targets to be agreed by relevant stakeholders and endorsed by the G20. To that end, a public consultation is due to be launched in May 2021. The FSB and other international standard-setters will also assess areas for improvement in the implementation of existing regulatory standards and look to develop new common standards for agreements relating to cross-border payment services.

  2. Coordinating regulatory, supervisory and oversight frameworks

    This area aims to improve regulatory alignment between jurisdictions. As part of this, the FSB is looking to promote a more consistent application of standards around anti-money laundering and combating the financing of terrorism (AML/CFT) and foster digital identity frameworks, both areas of focus under the European Commission’s Digital Finance and Retail Payments Strategies. 

  3. Improving existing payment infrastructures and arrangements 

    Operational inefficiencies in existing systems are seen as another key problem area. In particular, the FSB wants to facilitate adoption of payment-versus-payment mechanisms, widen access to systems, explore reciprocal liquidity arrangements across central banks, extend and align operating hours of key payment systems, and establish better links between payment systems. 

  4. Increasing data quality and straight-through processing by enhancing data and market practices

    Standardising data formats and protocols for data exchange is expected to improve transaction efficiency. The FSB hopes to harmonise technical standards for common message formats (such as ISO 20022) and APIs (application programming interfaces) for data exchange. It also wants to assess the scope for a unique global identifier that links to the account information in payment transactions.

  5. Exploring the potential role of new payment infrastructures and arrangements

    This workstream will examine the scope for new multilateral platforms, global stablecoin arrangements and CBDCs. The action points complement the objectives under the FSB’s global stablecoin report as well as the recent joint central bank report on CBDCs.

Next steps for global stablecoin regulation

From now until December 2021, international standard-setting bodies are tasked with amending and/or providing guidance to supplement existing standards in light of the FSB’s stablecoin report. For example:

  • The Financial Action Task Force (FATF) will be reviewing the implementation of its AML/CFT standards and considering whether any further updates are necessary.
  • The Basel Committee on Banking Supervision (BCBS) will continue to assess the appropriate prudential treatment for different types of cryptoasset and consult on any specific measures.
  • CPMI-IOSCO intend to provide more guidance on which factors should determine whether a stablecoin arrangement is systemically important and thus subject to its Principles for Financial Market Infrastructures (PFMI). They also plan to look at how systemically important stablecoins may comply with the PFMI (as a number of these principles pose challenges in this context) and whether there are any risks that are not appropriately addressed by the PFMI.

Meanwhile, national authorities are tasked with implementing the FSB recommendations and international standards in relation to both cross-border cooperation arrangements and their regulatory, supervisory and oversight frameworks.

The road ahead

Improving cross border payments and regulating global stablecoins are two important challenges for which international coordination is absolutely fundamental. These reports represent key milestones in the journey to tackle them, by establishing a global agenda. There now lies a long and busy road ahead through the implementation phase.


Lofty Ways to Leave your Fiver: Big Thoughts About Central Bank Digital Currencies


Seven central banks and the BIS have released a report proposing a framework for domestic central bank digital currencies that complement existing forms of legal tender and support public policy objectives. Any decision to issue a CBDC (and on what basis) will be taken by each central bank individually, but the framework is intended to develop a common understanding in relation to design principles, from a technical and policy perspective. Meanwhile, the European Central Bank has launched a public consultation on a digital euro.

A new joint report

With the increasing popularity of non-cash payments and efforts made by private entities such as Facebook in connection with stablecoins, questions around the desirability and feasibility of central bank digital currencies (CBDC) are becoming increasingly pertinent. 

A group consisting of the Bank of Canada, European Central Bank, Bank of Japan, Sveriges Riksbank, Swiss National Bank, Bank of England, Board of Governors of the Federal Reserve and Bank for International Settlements has issued a report setting out guiding principles for and core features of CBDCs. 

The report emphasizes the role of a digital fiat as a complement to, rather than a substitute for, cash and the need for informed judgment balancing the need for innovation and efficiency in the relevant country’s payment system with broader public policy objectives, such as monetary or financial stability.

This comes just as the European Central Bank has launched a consultation on a digital euro.

Three guiding principles

A CBDC is a digital payment instrument, denominated in the national unit of account, that is a direct liability of the central bank. CBDCs may improve payments diversity, foster financial inclusion and support public privacy. At the same time, they may introduce certain risks, such as counterfeiting and cyber risk, fragmentation of payment systems and the risk of disintermediating banks or enabling destabilizing runs into central bank money.

In order to balance the potential benefits of CBDCs against their risks, the group highlighted the following as key principles:

  • Do no harm to monetary and financial stability
  • Coexistence with cash and other types of money in a flexible and innovative payment system
  • The promotion of broader innovation and efficiency.
Four core features

Based on these key principles, the group broadly agrees that any future CBDC system should be:

  • Resilient and secure to maintain operational integrity
  • Convenient and available at very low or no cost to end users
  • Underpinned by appropriate standards and a clear legal framework
  • Have an appropriate role for the private sector and promote competition and innovation.

The report also outlines more specific design features (for example, in relation to monetary controls, technical design, incentives, and trade-offs) requiring further consideration by each central bank.

No one-size-fits-all approach

The group highlighted that the design and issuance of a CBDC will need to be sovereign decisions based on an informed calculus of how certain risks, such as the potential for destabilizing runs into central bank money, may be managed through a combination of safeguards both in the design of the CBDC and general throughout the jurisdiction’s financial system policies.

The design of domestic CBDCs will need to be driven by each jurisdiction’s circumstances, such as its stage of economic development, its motivations and others, but would also have international implications requiring cooperation and coordination to prevent any negative spillovers and ensure any improvements necessary for seamless cross-border payments. 

At this stage, the focus is very much on exploring domestic use cases rather than improving cross-border payments. The Financial Stability Board is spearheading a separate initiative to consider the latter, which this group will contribute to.

The report’s guidelines are intentionally broad and the group notes that they may be incorporated in some fashion by an array of CBDC designs. While not simple, the report suggests that each jurisdiction’s design approach should take into account both the differences between jurisdictions and the need for harmonization and compatibility for cross-border transfers. 

Next steps

The group aims to continue exploring questions around CBDCs and its challenges, and continue domestic outreach to foster informed dialogue. Any decision to introduce a CBDC will be taken by each jurisdiction on its own timing.


EU proposal to tackle digital risks and build operational resilience in the financial sector


As technology firmly embeds itself into every aspect of financial services, policy makers are increasingly looking at the sector’s exposure to the risks of this digitalisation. One response from the European Commission is to beef up the EU’s rules on ICT risk via a Digital Operational Resilience Act. As well as imposing new rules on financial entities, DORA could see some technology providers subject to the scrutiny of the EU financial supervisors.

Introducing DORA

The draft Digital Operational Resilience Act is part of a suite of materials published under the European Commission’s new Digital Finance Strategy. The Strategy also includes a proposal to regulate the EU’s crypto industry and a pilot DLT sandbox.

As drafted, DORA has two distinct parts. The first applies to financial entities. The second is relevant to providers of technology services to those financial entities.

DORA explored: key points to note for financial entities

The first part of DORA applies to a very wide spectrum of EU “financial entities”, including banks, insurers, payment service providers, crypto-asset issuers and service providers, and crowdfunding service providers. Financial entities identified as “significant and cyber-mature” would be subject to the most onerous obligations.

The obligations which DORA would impose on “financial entities” include:

  • ICT risk management: Financial entities would be required to create and maintain a sound, comprehensive and well-documented ICT risk management framework. This must include a dedicated and comprehensive business continuity policy, disaster recovery plans and a communications policy. Alongside this framework, financial entities would have to use and maintain ICT systems that meet certain requirements, identify all sources of ICT risk on a continuous basis, design and implement security and threat-prevention measures, and promptly detect anomalous activities.
  • Incident reporting: DORA would require financial entities to establish and implement a robust ICT-related incident management process and to put in place early warning indicators. Financial entities would have to classify ICT-related incidents according to prescribed criteria to be developed by a Joint Committee of the European Supervisory Authorities (ESAs) and report “major” ICT-related incidents to their national regulator.
  • Information sharing: DORA would allow financial entities to exchange cyber-threat information and intelligence, provided this exchange is, amongst other things, aimed at enhancing digital operational resilience.
  • ICT third-party risk: DORA would prescribe certain strict content requirements for contracts between financial entities and ICT third-party service providers, including the circumstances in which such contracts must be terminated.

Many aspects of the draft rules are similar to the UK’s proposals for building operational resilience in financial services.

Impact on ICT third-party service providers

DORA is not limited to regulated firms in the financial sector. The second part of DORA would impact businesses which provide ICT services to those financial entities. This is in part to respond to fears of concentration risk i.e. where many financial services firms rely on a handful of technology providers.

As drafted, DORA would allow the ESAs to designate certain service providers – including providers of cloud computing services, software, and data analytics – as being “critical” to the functioning of the financial sector.

One of the ESAs would then be appointed as Lead Overseer for every critical third-party ICT service provider. That ESA would monitor whether the ICT service provider has in place comprehensive, sound and effective rules, procedures and mechanisms to manage the ICT risks which it may pose to financial entities.

The Lead Overseer would have an unrestricted right to access all information that is necessary to carry out its duties, including all relevant business and operational documents, contracts and policies. The Lead Overseer would also be granted powers to conduct on-site inspections of any premises of critical ICT third-party service providers.

Critical ICT third-party service providers would be expected to cooperate “in good faith” with the Lead Overseer. If they fail to comply, the Lead Overseer may impose daily fines for up to six months of 1% of the average daily worldwide turnover of the critical ICT third-party service provider in the preceding business year.

The ESAs would also charge oversight fees to critical ICT third-party service providers. The amount of a fees charged will cover all administrative costs of oversight and be “proportionate” to the turnover of the critical ICT third-party service provider.

What happens next?

The proposal is now going through the EU’s ordinary legislative procedure. The aim is to have the three regulations in the Digital Finance Package in full effect by 2024. Please get in touch if you have any questions.


The EU’s proposed pilot regime for digital security infrastructure: a game-changer for security tokens?


The European Commission has proposed a pilot regime to enable regulated institutions to develop DLT-based infrastructure for the trading, custody and settlement of securities. The proposed regime allows for operators to request exemptions from certain regulatory requirements that have previously been identified as obstacles to such development. For the security token market, which has thus far failed to thrive, this could potentially be a game-changer.

Pilot regime for DLT-based market infrastructures 

As part of the European Commission’s Digital Finance Strategy, it has proposed a pilot regime for market infrastructures based on distributed ledger technology (DLT). This would pave the way for certain regulated institutions to develop and test DLT-based infrastructure for the trading, custody and settlement of securities. In this post, we discuss the rationale for, and key features of, the proposed regime.

Regulatory uncertainty as a barrier to development

The potential advantages and use cases for adopting DLT in securities markets have been expounded for several years now, including by a number of regulatory authorities. Cited benefits include a trusted common data source, enhanced resilience, improved transparency and traceability and the potential for automation (with all the efficiencies that that may bring, such as the streamlining of settlement processes). 

Yet, to date there remains very little use of DLT in the regulated financial markets and, as a result, the security token market has failed to thrive. Regulatory uncertainty is often seen as one of the key reasons behind this lack of development, as highlighted in the European Commission’s ROFIEG report

The options considered

The Commission identified three options to tackle these concerns.

  • non-binding guidance on the applicability of EU financial regulation to security tokens and DLT;
  • targeted amendments to EU financial regulation; and
  • a pilot regime for the creation and testing of DLT-based market infrastructure.

It is proposing to start with the pilot regime. The idea is that experimentation will help identify all relevant regulatory obstacles and inform more permanent amendments or guidance.

Key features of the proposed pilot regime


 Under the proposed regime:

  • authorised investment firms and market operators would be eligible to apply to operate a DLT multilateral trading facility (DLT MTF); and
  • authorised Central Securities Depositories (CSDs) would be eligible to apply for permission to operate DLT securities settlement system (DLT SSS).

Permission to participate

Applications are to be made to the relevant national authority for the applicant. The national authority is required to consult with the European Securities and Markets Authority (ESMA) as part of the decision-making process. Permission granted by that authority would allow the DLT market infrastructure to provide their services across the EU.

Requirements and relaxations for operation

The Regulation sets out the basic requirements for operation, which are similar to those for the equivalent traditional market infrastructures. However, applicants may apply for exemptions from certain requirements that may be problematic in the context of distributed systems, subject to the attached conditions. 

For example, investment firms and market operators may ask to be able to admit to trading DLT transferable securities that are not recorded in a CSD (in accordance with the Central Securities Depositories Regulation) but instead recorded on the DLT MTF’s distributed ledger. This request may be granted by the national authority subject to the DLT MTF meeting certain conditions, relating to factors such as record-keeping, custody arrangements and settlement mechanics (including settlement finality).

Similarly, under an accompanying proposal to amend MiFID II, DLT MTFs are able to request a temporary derogation from obligations to hold securities on an intermediated basis. This would allow them to offer direct access to retail investors, as many distributed networks seek to do. This is subject to conditions in relation to factors such as investor protection and AML/CTF safeguards.

The pilot regime also imposes additional requirements on operators, in order to address the novel forms of risk raised by the use of DLT – for example, in relation to disclosures, cyber-security and custody arrangements.

Eligible securities

Only transferable securities that meet the following conditions may be admitted to trading on a DLT MTF and recorded by a CSD operating a DLT SSS:

  • shares, the issuer of which has a market capitalisation or a tentative capitalisation of less than EUR200m; or
  • convertible bonds, covered bonds, corporate bonds, other public bonds and other bonds, with an issuance size of less than EUR500m.

Sovereign bonds are not permitted.

There is also a limit on the total market value of DLT transferable securities that can be recorded by a CSD or, if applicable, investment firm/ market operator, which is set at EUR2.5bn.

What happens after the pilot period?

After a five-year period (at the latest), ESMA will produce a detailed report on the pilot regime to the Commission. On the basis of this the Commission will decide:

  • whether the pilot regime should be maintained as is or amended;
  • whether the regime should be extended to new categories of financial instruments;
  • whether targeted amendments to EU legislation should be considered; and/or 
  • whether the pilot regime should be terminated.
Next steps

The proposal is now going through the EU’s ordinary legislative procedure. The aim is to have the three regulations in the Digital Finance Package in full effect by 2024. In the meantime, eligible parties may wish to consider working towards an application. Should you need any advice in this regard please do not hesitate to get in touch.


The EU’s proposal to regulate the crypto industry: what, how and when?


The European Commission has proposed a comprehensive new regime to regulate the crypto-asset industry. The proposal imposes disclosure and authorisation requirements on crypto-asset issuers and service providers which serve European markets. It also impacts other market participants as well as potential acquirers of certain institutions in the industry. Market players across the globe will need to consider if and how this could affect their business models and structures in the run-up to adoption. 

Regulation on Markets in Crypto-assets (MiCA)

Last week, the European Commission launched a bold new Digital Finance Strategy, as outlined in our previous blogpost. In this post, we explore the EC’s proposal for a regulation on markets in crypto-assets, a law which, if enacted, would have highly significant consequences for the crypto industry. 

Plugging the gap

As markets in crypto-assets have evolved, authorities across the world have been prompted to consider whether there are unintentional gaps in existing regulatory frameworks that ought to be closed. A lack of legal certainty has also been seen as a barrier to safe innovation in digital finance. EU authorities have been further concerned that differing national responses may lead to fragmentation within the single market.

MiCA is the Commission’s answer to these issues, and has been developed off the back of a public consultation. It seeks to establish a harmonised EU regime for the regulation of crypto-assets. 

The intention is for the new regime to be directly applicable in all EU member states, replacing existing national frameworks applicable to crypto-assets. This will inevitably raise questions for some national regulators in relation to the transition process and the treatment of entities approved under existing regimes. 


The draft regulation casts a wide net, defining the term “crypto-asset” very broadly as “a digital representation of value or rights which may be transferred and stored electronically, using distributed ledger technology or similar technology”. However, it seeks to avoid regulatory overlap (at an EU-level) by carving out crypto-assets that are otherwise regulated as financial instruments, e-money, deposits, structured deposits or securitisations.

In relation to in-scope crypto-assets, it covers:

  • the regulation of crypto-assets to be offered to the public or admitted to trading on a trading platform in the EU
  • the regulation of crypto-asset service providers
  • a market abuse regime for crypto-assets admitted to trading on a trading platform operated by a crypto-asset service provider
  • a mechanism for the oversight of material acquisitions in respect of issuers of asset-referenced tokens (as defined below) and crypto-asset service providers.
Crypto-asset issuances

Three new categories

MiCA establishes separate frameworks in respect of three distinct categories of crypto-assets: e-money tokens, asset-referenced tokens and other crypto-assets. Issuers of crypto-assets that meet the criteria under the applicable regime will be permitted to offer those crypto-assets to the public or admit them to trading anywhere in the EU. Conversely, anyone across the globe issuing crypto-assets that could be subscribed for in the EU may be subject to these requirements.

E-money tokens

The e-money token regime is intended to capture tokens that commercially function as electronic money but are structured in a way that they are not caught under the existing Electronic Money Directive. The drafters have sought to include equivalent requirements in order to avoid regulatory arbitrage between the two regimes. The new regime also seeks to cater for token-specific risks as well as the possibility of systemically important issuances, which are not addressed under the EMD.

The key features of the regime are summarised in the table below.

E-money tokens*
MeaningA type of crypto-asset the main purpose of which is to be used as a means of exchange and that purports to maintain a stable value by referring to the value of a fiat currency that is legal tender
Required form of issuerLegal entity established in the EU
AuthorisationIssuer must be authorised as a credit institution or electronic money institution
WhitepaperWhitepaper must meet all relevant mandatory disclosure requirements set out in MiCA and be notified to the competent authority at least 20 working days before publication
Ongoing obligationsIssuer must comply with all ongoing requirements applicable to electronic money institutions
Claim on issuer/ redemption rightsToken holders must be provided with a direct claim on the issuer and the issuer must redeem at any time and at par value the monetary value of the tokens
Prohibition on interestIssuers are prohibited from paying interest or any other benefit related to the length of time during which the token is held
Significant issuancesAdditional prudential requirements apply to tokens that are deemed “significant” by the European Banking Authority (by reference to pre-defined criteria).
*Note: these are subject to certain exemptions (e.g. for de minimis issuances and issuances to qualified investors).
Asset-referenced tokens

The asset-referenced token regime broadly applies to tokens stabilised by currencies, commodities and/or crypto-assets, with the exception of a single currency. This regime (which would likely have applied in relation to the original Libra proposal) is intended to be the most stringent of the three, given the potentially heightened risks posed by these types of instrument in relation to market integrity, financial stability and monetary policy. 

The key features of the regime are summarised in the table below.

Asset-referenced tokens*
MeaningA type of crypto-asset that purports to maintain a stable value by referring to the value of several fiat currencies that are legal tender, one or several commodities or one or several crypto-assets, or a combination of such assets
Required form of issuerLegal entity established in the EU
AuthorisationIssuer must be authorised as an asset-referenced token issuer under MiCA or as a credit institution
WhitepaperWhitepaper must meet all relevant mandatory disclosure requirements set out in MiCA and be approved by home state authority in authorisation process
Ongoing obligationsExtensive ongoing obligations including around conduct, disclosure, complaints-handling, conflicts of interests, governance, own funds, management of reserve assets and orderly wind-down.
Claim on issuer/ redemption rightsNo outright requirement for a direct claim or redemption right against the issuer or reserve. However, issuers that do not grant such rights are required to put in place mechanisms to ensure the liquidity of the tokens.
Prohibition on interestIssuers are prohibited from paying interest or any other benefit related to the length of time during which the token is held
Significant issuancesAdditional prudential requirements apply to tokens that are deemed “significant” by the European Banking Authority (by reference to pre-defined criteria).
*Note: these are subject to certain exemptions (e.g. for de minimis issuances and issuances to qualified investors).


Other crypto-assets 

This regime is intended to be a catch-all, to cover all crypto-asset issuances that are not covered by other regimes. The approach provides for a degree of regulatory oversight and control without burdening authorities with having to approve every issuer or issuance in advance.

Other crypto-assets*
MeaningCrypto-assets other than e-money tokens and asset-referenced tokens
Required form of issuerLegal entity (established anywhere)
WhitepaperWhitepaper must meet all relevant mandatory disclosure requirements set out in MiCA and be notified to the competent authority at least 20 working days before publication
Ongoing obligationsLimited ongoing obligations, including in relation to conduct, conflicts of interest and cyber-security
Claim on issuer/ redemption rightsN/A
Prohibition on interestN/A
Significant issuancesN/A
*Note: these are subject to certain exemptions (e.g. for de minimis issuances and issuances to qualified investors).
Crypto-asset service providers

New authorisation requirement

MiCA requires anyone seeking to provide crypto-asset services in the EU (for example, in relation to custody, trading, exchange, brokerage, promotion or advice) to have been authorised in an EU member state for the services it wishes to undertake. For this purpose, it needs to establish a registered office in that state. An authorisation provided by one EU member will be valid across the EU. 

Authorised service providers must comply with a list of general requirements as well as the additional specific requirements applicable to the particular services they provide.

General requirements

The general requirements relate to:

  • Conduct – e.g. obligations to act honestly, fairly and professionally and in the best interests of their clients.
  • Prudential safeguards – in the form of own funds or insurance.
  • Organisational requirements – including requirements around ownership, personnel, resilience, cyber-security, record-keeping and monitoring of market-abuse.
  • Safeguarding of both crypto-assets and funds – these requirements seek to limit the ways in which crypto-asset service providers can deploy the crypto-assets and funds they hold on behalf of their clients.
  • Complaints handling procedure – e.g. there must be effective and transparent procedures for the prompt, fair and consistent handling of complaints.
  • Management of conflicts of interest – this includes conflicts between the service provider and its shareholders, its managers and employees or its clients as well as conflicts between clients.
  • Outsourcing – e.g. authorised service providers may not outsource any of their regulatory responsibilities.

Service-specific requirements

Additional service-specific requirements apply in relation to each of the following services:

  • Custody and administration of crypto-assets on behalf of third parties
  • Operation of a trading platform for crypto-assets
  • Exchange of crypto-assets (against fiat or crypto)
  • Execution of orders for crypto-assets on behalf of third parties
  • Placing of crypto-assets
  • Reception and transmission of orders on behalf of third parties
  • Advice on crypto-assets


Crypto-asset service providers will also need to be mindful that their authorisations may be withdrawn if they fail to comply with national implementations of EU legislation in respect of money laundering or terrorist financing. 

Market abuse regime

MiCA also seeks to establish market abuse rules for crypto-asset markets. Under the proposal, crypto-assets that are admitted to trading on a crypto-asset trading platform that is operated by a crypto-asset service provider would be subject to the new rules. The rules include requirements relating to the disclosure of inside information as well as prohibitions on insider dealing, unlawful disclosures of inside information and market manipulation.

Acquisition-review mechanisms

Finally, it is worth noting that the proposed regime also includes mechanisms by which national authorities can review and control direct or indirect acquisitions of capital or voting rights in issuers of asset-referenced tokens and crypto-asset service providers. 

Potential acquisitions that meet the relevant thresholds (starting from 10% or more of capital or voting rights) must be notified to the supervising national authority, which will have around 60 working days to assess the proposal and determine whether to oppose it. This period may be extended if the authority requires further information. 

Notification of disposals of capital or voting rights may also be required in certain circumstances, namely where such disposals bring the relevant entity’s holding below the relevant thresholds.

Next steps

The proposal is now going through the EU’s ordinary legislative procedure. The aim is to have the three regulations in the Digital Finance Package in full effect by 2024. In the meantime, many market participants will want to consider the impact of the proposal on their business models and structures. 

Meanwhile, the UK government has committed to consult on the UK’s approach to cryptoasset regulation, including stablecoins, later this year. It remains to be seen to what extent the UK’s approach will follow the EU’s.

Should you need any advice on any of these matters please do not hesitate to get in touch


UK payments regulator proposes three new measures to promote competition in the SME card-acquiring market


The UK’s Payment Systems Regulator has published an interim report on its review into the supply of card-acquiring services and is consulting on its findings and proposed remedies. Notably, it has suggested three new measures to help small and medium sized merchants benefit from competitive pricing for acquiring services. These include restrictions around the contracts for card-acquiring services and point-of-sale terminals as well as measures to facilitate price comparison. The consultation closes in December.

Market review into the supply of card-acquiring services

The UK’s Payment Systems Regulator is undertaking a market review into the supply of card-acquiring services, i.e. services which merchants buy in order to accept card payments. Among other things, it considered the competitiveness of the market and the impact of the Interchange Fee Regulation on the aggregate fees charged to merchants. 

The PSR has now published its interim report, which concludes that:

  • The market works well for the largest merchants with an annual card turnover above £50m. This accounted for around 77% of the overall value of transactions in 2018.
  • It works less well for small and medium merchants. Whilst new service providers have entered the SME market, there remain certain barriers to merchants switching providers and/or negotiating better deals.

The report proposes new measures to tackle those barriers, as discussed below. 

Who are the providers of card-acquiring services?

The report distinguishes between two categories of card-acquiring service providers:

  • acquirers (which are directly licensed by the card schemes); and
  • payment facilitators (a growing group of intermediaries which access the card systems via acquirers).  

It identifies that the five largest acquirers are Barclaycard, Elavon, Global Payments, Lloyds Bank Cardnet and Worldpay and the largest payment facilitators are PayPal, Square and SumUp. 

It identifies that ISOs (Independent Sales Organisations) are also an important channel for onboarding smaller merchants. ISOs do not provide card-acquiring services themselves, but instead sell services on behalf of acquirers.

Proposed new measures

The PSR is considering the following measures to help smaller merchants benefit from competitively priced card-acquiring services.

  • Requiring contracts for card-acquiring services to have an end date. This is designed to encourage merchants to shop around more regularly. It would not apply to contracts with large merchants with an annual card turnover above £50 million.
  • Measures to prevent POS (point of sale) terminal contracts from acting as a barrier to switching service providers. This may include term limits on POS terminal contracts, restrictions on auto-renewals for successive fixed terms, and measures to link the contracts for card-acquiring services and POS terminals where they are sold together as a package. 
  • Measures to make it easier for merchants to research and compare prices. For example, requiring acquirers and ISOs to provide pricing information in an easily comparable format.
The view from the EU

The European Commission has also been monitoring this market and recently published its report on the application of the Interchange Fee Regulation. It concluded that “major positive results” had been achieved through the IFR including reduced merchants’ charges, but also flagged that further data-gathering and monitoring would be required in some areas. See our previous blogpost for more.

What happens next?

The interim report is open for public consultation until 8 December 2020 and is due to be finalised in 2021. Once final, the PSR expects to carry out more detailed work to determine the most effective way to design and implement any new measures.


EU looks to the future with new crypto-asset and operational resilience regimes


The European Commission has published a suite of materials which will set the EU’s fintech agenda for years to come. This includes draft legislation for crypto-assets and operational resilience which will now be taken forward by the EU.

What you need to know
  1. A “MiFID for crypto-assets”: The draft Markets in Crypto-Assets Regulation would set an ambitious EU-wide framework for the regulation of hitherto unregulated crypto-assets and stablecoins, distinguishing between e-money tokens and asset-referenced tokens and introducing a passport for introducing a passport for providing crypto-asset services.
  2. BigTech to be supervised: The draft Digital Operational Resilience Act would impose prescriptive requirements on the management of IT risks for all EU financial entities. Also, IT service providers that are “critical” for EU financial entities – including cloud service providers – would be subject to EU regulatory oversight, in many cases for the first time.
  3. Pilot DLT sandbox: The draft pilot for Market Infrastructure based on Distributed Ledger Technology would create, for the first time, an EU-wide sandbox. It would be focused on testing ways to trade and settle transactions in financial instruments using crypto-assets.
A new approach to fintech

The legislative proposals highlighted above are part of the Commission’s new Digital Finance Strategy. It has also published a separate Retail Payments Strategy for the EU. Together these papers set the priorities for the digital transformation of the EU financial sector and the retail payments landscape, effectively replacing the previous 2018 fintech action plan.

We have tracked the development of these proposals in previous blogposts, including:

Next steps

The Digital Finance and Retail Payments Strategies have been finalised and will be implemented over the next few years.

The legislative proposals will be taken forward by the legislative branches of the EU, i.e. the Council and Parliament. These bodies will try to find a political agreement on the form of the texts before they are then formally adopted and made law.

We will update you with more detail on the important aspects of the latest proposals in future blogposts.


Decentralised Finance: navigating the rugged regulatory landscape


The rapid growth of Decentralised Finance – or DeFi – has been hitting headlines in recent months, often compared to the ICO boom of 2017. Broadly speaking, DeFi involves the provision of quasi financial services through a decentralised platform. Many players in the space have been operating on the assumption they are unregulated, often without fully understanding the complexity of the regulatory landscape. Our new publication highlights some of the subtleties in this area and the importance of precise legal structuring.

What is DeFi?

DeFi is a collective term for applications that deliver services through a decentralised platform which closely resemble regulated financial services. It encompasses a wide range of activities including stablecoin networks, decentralised exchanges, crypto-lending, collateral management platforms and “yield farming” services (which help crypto holders earn returns on their capital). 

Over the last year, the total economic value of cryptoassets locked in DeFi applications has grown exponentially – reportedly from around $0.5bn in September 2019 to almost $10bn in September 2020.

Our new publication

There is a perception that DeFi activities fall outside the regulatory perimeter by virtue of the use of unregulated cryptoassets as collateral and exchange of value tools and the lack of a central operator. However, in our experience the regulatory analysis in relation to these business models can be highly complex and often sophisticated multi-jurisdictional legal advice is needed to understand and respond to it.

Our new publication highlights some of the subtleties in this area and the importance of precise legal structuring.


Germany’s Draft Electronic Securities Act paves the way for DLT-based securities


The German government has recently published a draft Electronic Securities Act. Among other things, the draft law allows for the issuance of bearer bonds using distributed ledger technology (DLT), introduces a new licence requirement for maintaining the DLT and addresses the most important civil law issues around tokenised securities. Meanwhile, there remain uncertainties at a European level as to the application of financial regulation to security tokens. The European Commission has been considering some of these issues in the context of its cryptoasset consultation. It will be interesting to see how the draft German law interacts with these uncertainties and the conclusions of the Commission in response to its consultation.

Draft Electronic Securities Act

Germany’s draft Electronic Securities Act is a product of its blockchain strategy, announced in September 2019. Among other things, it removes the requirement for a physical document to certify any bond issuance, which has been seen as a particular impediment to the digitalisation of the German capital markets. The new regime builds on the previous introduction of a definition of cryptoassets introduced in respect of a new licence requirement for crypto custody businesses.

We have created an English translation of the draft law which covers not only the draft provisions but also the legislative reasoning behind them.

Key aspects of the new regime
  1. The draft law only addresses bearer bonds (Inhaberschuldverschreibungen) where there is a significant practical need for modernisation of these instruments to allow for digitalisation. The regulation of electronic shares as well as electronic investment fund units will take place at a later stage.
  2. Two new forms of issuing bearer bonds electronically: (1) by way of an electronic register which is to be maintained by a central securities depositary (CSD), and (2) via a decentralised crypto securities register (Kryptowertpapierregister). The registrar maintaining such crypto securities register will require a new financial services licence under the German Banking Act (KWG).
  3. Bearer bond issuers will have a choice between using the existing paper form or to switch to one of two electronic forms.
  4. Further changes to the German civil law will also be introduced, ensuring the treatment of electronic securities as a “moveable” (Sache) and allowing for a good faith acquisition which is crucial for safe and secure capital markets.
  5. The draft law requires a description of the security’s underlying technology in the so-called Wertpapierinformationsblatt (a German key information document required for issuances from EUR 100,000 to EUR 1 Million for financial products where no “European” PRIIPs-KID is legally necessary).
  6. The draft law gives the German Federal Ministry of Finance – in cooperation with the Federal Ministry of Justice and Consumer Protection – wide reaching power to issue decrees to specify technological requirements for the underlying technology.
  7. As the legal nature of a security is not to be changed, the custody of an electronic security might still require a custody licence. Custody of the private key for DLT- based electronic securities will trigger a crypto asset custody licence requirement.
Legal and market impact in Germany

In our recent Insight on the topic, we discuss the impact of the draft Electronic Securities Act from a German law perspective. In particular, we explore the opportunities and requirements around maintaining a decentralised security register and the classification of electronic securities as a “moveable” under the German Civil Code.

Broader European context

The European Commission has recently led a consultation in relation to the development of a European framework for markets in cryptoassets. Its consultation, which closed in March, is intended to inform changes or clarifications to EU financial regulation, including to facilitate the use of security tokens. The consultation document stressed the need for a harmonised approach across the EU, a principle which is ostensibly supported in the German consultation document.

The European consultation document highlights that there remain various regulatory uncertainties in relation to the issuance and transfer of tokenised securities at an EU level. For example, European regulation requires that where a transaction in transferable securities takes place on a trading venue, the relevant securities are required to be recorded in book-entry form in a CSD. It is not always clear what types of tokenised security meet these criteria. This requirement may limit the impact of Germany’s draft law, by preventing certain securities recorded on a decentralised securities register from being traded on a trading venue (unless the register is maintained by a CSD).

French approach

Other jurisdictions, like France, have already implemented regimes to enable the use of DLT in the representation and transfer of securities. The French regime does not apply to tokens listed on a trading venue and thus avoids the regulatory obstacle discussed above. French authorities have proposed creating a European ‘digital laboratory’ to consider the disapplication of European requirements that are incompatible with distributed networks, subject to certain protections.

Market impact

Some expect that the new law, once implemented, will provide a boost for the use of DLT in the German capital markets. The new regime would also allow new business models to be introduced (e.g. a crypto securities register).

It remains to be seen how the regime will interact with the uncertainties under European law and any action taken by the European Commission in response to its consultation.

Next steps

The draft law is expected to be adopted by the German parliament after the consultation period and, subject to any possible amendments, by the end of the year 2020 – without any transition periods.

Our team is available to discuss any aspect of the proposed new electronic security regimes and the opportunities it presents.


UK cryptoasset businesses receive guidance on their anti-money laundering obligations


Around the world, the introduction of anti-money laundering (AML) rules has often been the vanguard of the regulation of cryptoassets. In the UK, recently updated sectoral guidance clarifies the scope of the UK AML regime for cryptoassets firms and highlights specific money laundering risk factors for those firms. It is also a reminder for UK cryptoassets firms to apply to register with the FCA for AML supervision as soon as possible.

JMLSG sectoral guidance for cryptoasset businesses

The UK’s Joint Money Laundering Steering Group (JMLSG) is an authoritative source for the industry when interpreting AML rules. It has recently updated its sectoral guidance for cryptoasset businesses that are in the scope of the UK’s Money Laundering Regulations 2017 (MLRs). The updated guidance is currently with HM Treasury for approval. Once approved, the FCA is required to consider the guidance in determining whether a firm has breached the MLRs.

How the MLRs apply to UK cryptoassets businesses

The MLRs have applied to “Cryptoasset exchange providers” (CEPs) and “custodian wallet providers” (CWPs) carrying on business in the UK since 10 January 2020. The key obligation imposed by the UK’s AML regime is the requirement to conduct know your customer checks and customer due diligence. The MLRs impose various further obligations, such as requiring firms to have policies to mitigate the money laundering/terrorist financing risks that they face, to conduct enhanced diligence in higher risk situations (e.g. by verifying the customer’s source of funds and source of wealth), and to monitor and keep records of customer transactions.

The need to register for AML supervision – key dates 

A key point to note is that since 10 January 2020 CEPs and CWPs are required to register with the FCA specifically for AML supervision before undertaking the relevant cryptoasset business, even if they are already FCA-authorised.

As a transitional measure, CEP/CWPs which carried on business in the UK before 10 January 2020 have until 10 January 2021 to be registered. The FCA requested that CEPs/CWPs operating pre-10 January 2020 should submit applications to register by 30 June 2020 to ensure time for processing (by default, the FCA has up to 3 months to determine an application for registration). Although that deadline has now passed, affected firms should nevertheless submit their applications as soon as possible.

Key insights from the JMLSG’s Guidance
  • What is a CEP? The definition of a CEP broadly captures services which exchange, or arrange the exchange of, cryptoassets for money or other cryptoassets, including cryptoasset ATMs. The guidance clarifies that, for example, the issuance of cryptoassets in return for goods, services, rights or actions is unlikely to amount to a CEP business (e.g. where cryptoassets are issued in return for click-throughs or product reviews). By contrast, a cryptoasset escrow service is likely to be a CEP when the firm has custody over the relevant cryptoassets. Whether cryptoasset miners are caught will depend on their business model.
  • Non-custodial wallets: The guidance indicates that the CWP definition is unlikely to capture firms which hold and store cryptographic keys but are not involved in their transfer. Hardware wallet manufacturers and cloud storing service providers are therefore likely to fall out of scope.
  • Presence in the UK: In most cases, firms will be brought within the territorial scope of the MLRs through a physical presence in the UK through which CEP/CWP business is carried on (including an ATM located in the UK).
  • Reporting obligations: While customer-related AML obligations only apply to the CEP/CWP parts of an in-scope business, firms are also reminded that the obligation to report suspicions of money laundering under the Proceeds of Crime Act 2002 are broader.
  • Who is the customer? For CEPs, generally the customer is the person requesting the exchange of cryptoassets. For CWPs, it is generally the person for whom they hold, store and transfer a cryptoasset. Other firms dealing with cryptoasset businesses should conduct customer due diligence (CDD) on a risk-sensitive basis and may need to apply additional measures where the relationship is akin to a correspondent banking relationship.
  • Scope of obligations: The guidance provides an overview of obligations for CEP/CWPs to undertake CDD, evidence a customer’s source of funds and wealth, and monitor transactions on an ongoing basis. It also indicates that blockchain analysis can form part of a CEP/CWP’s KYC measures in addition to (but not in place of) the measures required by the MLRs. In terms of record-keeping, the guidance says that relying solely on a blockchain record is not sufficient.
Specific AML risks arising in the cryptoassets sector

The guidance also summarises the JMLSG’s views on risks arising in the cryptoassets sector, as well as factors which may increase risk depending on individual business models. These include (among other things):

  • darknet and blacklisted addresses;
  • links to multiple jurisdictions;
  • dealing with funds originating from decentralised systems; and
  • the use of outsourced service providers or agents.

It also flags factors which cryptoassets firms could consider implementing to mitigate money laundering/terrorist financing risks, such as applying account/transaction limits and prohibiting transfers to third parties.

Next steps 

We can help firms with cryptoasset businesses determine whether they are in scope of the MLRs and to apply for AML registration with the FCA if necessary. Please get in touch if you would like to discuss the scope of the MLRs, the associated AML obligations, or the process for registration with the FCA.

With thanks to Priya Chand for her contribution to this post.


EU retains interchange fee cap on card payments for now


The ongoing Covid-19 crisis has underscored the importance of card payments. Regulators have responded by, for example, raising contactless payment limits and delaying the implementation of some regulatory policy. The EU has recently assessed the effectiveness of a major piece of legislation on card payments – the Interchange Fee Regulation – and concluded that it has been broadly successful and should not be amended until more data can be gathered.

What the IFR does

Interchange fees are charged by card issuers to payment acquirers on card transactions. Acquirers, in turn, charge fees to merchants, who may pass these costs on to consumers.

With a view to fostering the EU internal market and competition in EU card payments, the IFR was introduced to harmonise and regulate those fees charged by EU card issuers. The main aim was to lower interchange fees and, ultimately, reduce transaction costs for consumers. Most notably, the IFR caps interchange fees at 0.2% of the value of a transaction for debit cards and 0.3% for credit cards. 

Five years since the IFR was introduced, the Commission has produced a report on its successes and the areas which require further work.

If the cap fits: IFR successes

Areas where the Commission believes that the IFR has had “major positive results” so far include:

  • Increased volume of card payments: According to the Commission, lower interchange fees have meant increased card acceptance by merchants, resulting in greater numbers and value of domestic and cross-border card payments.
  • Lower costs for merchants and consumers: The report notes that the reduction in interchange fees has redistributed revenues from card issuers to acquirers and merchants, each respectively gaining and saving €1.2 billion per year. Merchant service charges (MSCs) for consumer cards should continue to lower as long-term acquirer contracts gradually adjust.
  • More transparency for merchants: 60% of merchants have taken the default option of seeing a breakdown of their MSCs (e.g. into interchange fees, scheme fees and the acquirer’s margin). The Commission hopes that price transparency will empower merchants to decide which cards to accept and so enhance competition.
Put on one’s thinking cap: More analysis needed

Areas where the Commission wants to focus future work include: 

  • Whether there is circumvention of fee caps: While no circumvention has been identified so far, the Commission says that it needs to continuously collect data on alternative flows (such as any remuneration which has the same effect as interchange fees). 
  • Whether small retailers have benefited from better price transparency: Smaller retailers may have limited administrative capacity to process a large number of fees or analyse complex fee structures and may therefore be tempted not to opt for a breakdown of their MSCs. The Commission notes that merchant surveys have so far elicited limited responses from small retailers.
  • Increased use of co-badging: The IFR gives consumers the right to integrate two or more payment brands into their payment cards. This may allow consumers to switch between card schemes or between debit and credit payments on a single card. The Commission believes that co-badging will become more important with the rise of e-wallets and so this requires further monitoring.
  • Separation of scheme and processing entities: Technical standards requiring the separation of payment card schemes and processing entities started to apply in February 2018. The Commission felt it did not have enough information to judge the success of these standards due to their relatively recent implementation and the long-term nature of processing services contracts. As such, the Commission will “enhance its monitoring” of how the separation rules are applied.
To cap it off: What happens next

The report concludes that more data is needed over a longer period before any changes are made to the IFR, including any adjustment to the maximum cap for interchange fees.

In the meantime, the Commission emphasises the need for continuous monitoring and robust enforcement, and the need to improve competition in the EU card payments market. As firms increasingly explore integrating payment services with smart devices, they can expect regulatory scrutiny on co-badging and the extent of consumer choice at point of sale. 

The Commission also hopes that new, innovative means of payment – such as the recently launched European Payments Initiative to be developed for SEPA Instant Credit Transfers – will facilitate market entry for new competition.

With thanks to Jason Wong for writing this post.


UK plans to regulate cryptoasset promotions and launches a review into how to boost the fintech industry


In recent months, the UK has clarified when cryptoassets may fall within the regulatory net and has started applying EU and FATF anti-money laundering standards to cryptoasset exchanges. Now HM Treasury is seeking feedback on a new proposal to bring unregulated cryptoassets into the scope of the financial promotions regime. Separately, an independent Fintech Strategic Review has been tasked with recommending how the Government can support the fintech sector.

Consultation on cryptoasset promotions

As previously promised in the budget, HM Treasury has released a consultation paper on bringing certain otherwise unregulated cryptoassets within the scope of financial promotions regulation.

This means that cryptoasset exchanges which deal in unregulated cryptoassets – and so do not need to be authorised by the FCA – will not be able market some of their services unless they operate under an exemption from the financial promotions restriction or have their adverts approved by an authorised person (see below).

Current reach of financial promotions regulation

Financial promotions regulation in the UK limits how certain types of investment may be marketed. For example, the restriction on financial promotions under section 21 of FSMA limits who can market certain types of investment.

Currently, only cryptoassets that are regulated are caught by UK financial promotions regulation. As set out by the FCA last year, “regulated cryptoassets” are security tokens (that provide rights and obligations akin to regulated investments) or e-money tokens (that fulfil the definition of e-money under the Electronic Money Regulations).

All other cryptoassets are “unregulated cryptoassets” and so are currently not subject to financial promotions regulation.

Rationale for intervention

The UK Cryptoassets Taskforce – comprising the Financial Conduct Authority, Bank of England and HM Treasury – identified misleading advertising and a lack of suitable information as a key consumer protection issue in cryptoasset markets. The Taskforce found that cryptoasset adverts, which are often targeted at retail investors, are not typically fair or clear and can be misleading, and noted that “[a]dverts often overstate benefits and rarely warn of volatility risks”.

The consultation also points to recent consumer research commissioned by the FCA, which has shown a significant increase in the number of consumers holding cryptoassets and that customers who were influenced by advertising were more likely to subsequently regret the purchase.


To address these concerns, the government has proposed that the scope of the financial promotion restriction be extended to certain unregulated cryptoassets. 

The consultation acknowledges that applying the financial promotions regime too broadly could stifle innovation without a proportionate benefit to consumer protection. The proposal is therefore limited to unregulated cryptoassets that are both fungible and transferable. The government’s view is that consumers buying tokens with these characteristics are liable to buy them with similar expectations to those that consumers tend to have when purchasing regulated financial services (e.g. an expectation that they will hold a stable value, or rise in value, and that markets will be sufficiently deep and liquid to allow them to sell their holdings easily and quickly).

The proposal also includes an additional exemption to the financial promotion restriction that would apply to any communication which merely states that a person is willing to accept or to offer cryptoassets in consideration for the supply of goods or services.

Approval of financial promotions by authorised persons

The effect of the financial promotion restriction is that an unauthorised person must have its financial promotions approved by an authorised person before they are communicated (unless an exemption applies). As many cryptoasset businesses are unauthorised, implementation of the proposal would result in the creation of new demand for authorised persons to approve financial promotions of cryptoassets (and a new market for this service).

In a separate, but related, consultation paper released on the same day, HM Treasury puts forward changes which would require authorised firms to obtain specific permission from the FCA before undertaking approvals of financial promotions (the current position is that any authorised firm is able to approve any financial promotion of any unauthorised firm). This permission would be designed in such a way as to ensure that only authorised firms with the relevant expertise are able to approve the promotion of a particular product type.

This proposal has been prompted by, amongst other things, authorised firms approving promotions without sufficient understanding of the product or service and/or without conducting sufficient due diligence (e.g. accepting the information provided to them by unauthorised persons at face value without forming their own views). In practice, it may prove difficult in the short term for cryptoasset businesses to find authorised firms with the relevant expertise to approve financial promotions of cryptoassets.

Ongoing focus on fintech related regulation

These consultations were released on the same day as the launch of an independent Fintech Strategic Review, which aims to identify priority areas for industry, policy makers and regulators to support growth in the fintech sector. 

The terms of reference of the Fintech Strategic Review identify “a forward leaning approach to regulation” as a key source of the success of the UK fintech ecosystem to date. They also identify recommendations for “promoting the UK as a key market to establish and grow a fintech company” as key outcomes of the review. This suggests that there will be a continued focus on developing regulation to further support the growth of fintech in the UK. 

What happens next?

Both financial promotions consultations close on 25 October 2020. Meanwhile the Fintech Strategic Review aims to report its recommendations to the Government at the start of 2021.


UK Finance sets out strong customer authentication implementation plan for e-commerce payments


In April, the UK’s Financial Conduct Authority extended again the deadline for the implementation of strong customer authentication in respect of e-commerce payments. UK Finance, which is leading the migration to SCA in the UK, has now published an implementation plan to ensure the market is ready this time. Whilst the FCA’s deadline is set for September 2021, the plan contemplates that all participants will be compliant and ready for testing by next May.

SCA requirements for the e-commerce industry

EU payments regulations require payment service providers to ensure strong customer authentication is carried out for certain types of payment transactions. For remote electronic payments, as well as requiring at least two independent types of authentication data from the payer, SCA requires the transaction to be “dynamically linked” to a specific amount and a specific payee. 

Implementing these requirements in the e-commerce industry has proved time-consuming and challenging, not least because it requires all participants in the payment chain – including e-merchants, gateways, acquirers and issuers – to have the relevant systems in place. Disruption caused by the pandemic has also not helped matters. 

Extensions of deadlines

Last October, the European Banking Authority extended the SCA deadline for e-commerce payments to December 2020. However, it has refused to respond to industry requests to go further.

The FCA, on the other hand, announced in April that it was pushing the deadline back to September 2021 as a result of the Covid-19 crisis, having already previously extended it to March 2021. It stressed, however, the need for the industry to have in place a detailed implementation plan for meeting this new deadline.

UK Finance implementation plan

UK Finance has been coordinating the development of such a plan, which it has now published. The plan provides for a phased implementation, with the intention of minimising disruption to consumers:

  • Phase 1 – Development (2020): The aim during this phase is to ensure all parties, and in particular e-merchants, have adopted certain security protocols, such as 3DSecure (a protocol designed for online card-based payments).
  • Phase 2 – Market Readiness (1 Jan – 31 May 2021): E-merchants and issuers are expected to complete implementation during this phase. 
  • Phase 3 – Full Ramp-up (1 Jun – 13 Sep 2021): This will be a period of testing and transition during which issuers will start checking randomly if e-commerce transactions are SCA compliant and “soft declining” those that are not. 

The FCA has said that after 14 September 2021 firms that fail to comply will be subject to “full FCA supervisory and enforcement action”.

Relaxations in relation to contactless payments and online banking

Aside from e-commerce, firms are already obliged to be fully compliant with SCA requirements. However, the FCA has indicated that it is currently taking a more relaxed approach to enforcement in respect of contactless payments and online banking, in light of current circumstances.


European Payments Initiative promises new cashless payment solution to rival global card schemes and stablecoins


16 European Banks have officially launched the ‘European Payments Initiative’ to create a pan-European card and digital wallet for in-store, online and peer-to-peer payments. The initiative has been strongly supported by the European Commission and the European Central Bank and will be built on the Eurosystem’s recently rolled-out instant payment settlement infrastructure. Other payment service providers are invited to join as founding members by the end of this year.

Official launch of the European Payments Initiative

An initiative to create a pan-European retail payment solution has now been officially launched by a consortium of European banks. The project, previously referred to in the market as the Pan-European Payment System Initiative (or “PEPSI”), aims to create a card and digital wallet for in-store, online and peer-to-peer payments, as well as for cash withdrawals. Importantly, it will be designed for use across Europe, having a key objective to reduce fragmentation and promote the European single market.

The bank consortium comprises: BBVA, BNP Paribas, Groupe BPCE, CaixaBank, Commerzbank, Crédit Agricole, Crédit Mutuel, Deutsche Bank, Deutscher Sparkassen- und Giroverband, DZ BANK Group, ING, KBC Group, La Banque Postale, Banco Santander, Société Générale and UniCredit. 

Privately led, publicly backed

The initiative has received strong support from the European Central Bank as well as the European Commission, which rolled out a new Retail Payments Strategy last November. 

Both authorities have been looking to promote solutions that could limit EU dependency on foreign players (including international card schemes and Big Techs), support the role of the Euro on the global stage and reduce fragmentation across Europe. The ECB flags, for example, that ten European countries currently have national card schemes that do not accept cards from other EU member states.

In a speech last November, ECB Executive Board member Benoît Cœuré called on European stakeholders to “to step up their collaboration and act together to provide payment solutions that both reflect the demands of consumers and strengthen the Single Market”.

Cue the European Payments Initiative. 

Leveraging European instant settlement infrastructure 

The EPI will be based on the SEPA (Single European Payments Area) Instant Credit Transfer scheme. As such, it will utilise the Eurosystem’s TARGET Instant Payment Settlement (TIPS) system, which enables the instant and irrevocable settlement of Euro payment transactions 24/7 and across the EU. TIPS was launched in 2018 in response to growing consumer demand for instant payments and the emergence of national solutions posing fragmentation risks.

Next steps

The EPI expects to commence implementation in the coming weeks, beginning with the establishment of an interim company and a technical and operational roadmap, before finalising its corporate structure. It has invited other payment service providers to join the initiative as founding members before the end of 2020 and is aiming to become operational in 2022.   

Meanwhile, in the UK

UK authorities have also been focused on addressing evolving consumer needs in retail payments. Last month the Bank of England closed its consultation on a “platform model” central bank digital currency for retail use. Work also continues on developing the New Payments Architecture to replace the UK’s retail interbank clearing and settlement systems.


Now Effective: The U.S. CFTC’s guidance on “actual delivery” of virtual currency


The Commodity Futures Trading Commission (“CFTC”) has issued interpretive guidance on what constitutes “actual delivery” of a virtual currency. This now-effective guidance clarifies when these products are within the CFTC’s regulatory reach.

Under the Commodity Exchange Act (“CEA”), the CFTC has long had jurisdiction over a contact for future delivery of a “commodity” (including, as described below, certain virtual currencies). Since 2010, the CFTC also has jurisdiction over any “retail” commodity transaction involving leverage or margin except where the transaction ‘‘results in actual delivery [of the commodity] within 28 days or such other longer period” as the CFTC may determine. . . . This exception has required the CFTC to grapple with the nigh metaphysical and oxymoronic interpretation of actual delivery of virtual currencies. After first soliciting public input in 2017 regarding this concept, the CFTC issued final guidance on May 24, 2020 (the “2020 Guidance”) that became effective June 24, 2020.

Virtual currency as a commodity

The 2020 Guidance restates the CFTC’s view that a virtual currency:

  • is an asset that encompasses any digital representation of value or unit of account that is or can be used as a form of currency (i.e., transferred from one party to another as a medium of exchange);
  • may be manifested through units, tokens, or coins, among other things; and
  • may be distributed by way of digital ‘‘smart contracts,’’ among other structures.

The CFTC considers a virtual currency, as described above, to be a commodity as defined in CEA section 1a(9). This is more or less consistent with the broad application of the CEA by the CFTC to many other intangible commodities (e.g., renewable energy credits and emission allowances, certain indices).

How is “actual delivery” of virtual currency achieved?

Paraphrasing the 2020 Guidance, actual delivery occurs when: 

  1. a purchasing party secures (a) possession and control of the virtual currency and (b) the ability to freely use the entire quantity of the virtual currency (i.e., away from any particular execution venue) no later than 28 days from the date of the transaction and at all times thereafter; and 
  2. the offeror (e.g., those with control of a particular blockchain protocol) and the counterparty seller do not retain any interest, legal right, or control over the commodity at the expiration of the 28 days from the date of the transaction.

For example, “actual delivery” will have occurred:

  • if the virtual currency’s public distributed ledger evidences record of the transfer within 28 days of entering into the transaction; or 
  • where seller has delivered the entire quantity, the purchaser has secured full control and the virtual currency is not subject to any legal rights of seller 28 days after the transaction.

In contrast, “actual delivery” will not have occurred where:  

  • a full purchased amount is not transferred away from a digital account or ledger system;
  • a transaction is merely evidenced by the seller’s book entry; or
  • a purchase is rolled, offset against, netted out or settled in cash or virtual currency.


Five emerging competition trends in the European payments sector


The rapidly evolving payments sector is raising a number of new competition-related issues, attracting interest from both competition and financial sector authorities. In a new publication, we look at five emerging trends in this area: (i) increased scrutiny of Big Tech under abuse of dominance rules; (ii) the use of “soft enforcement” tools; (iii) competition objectives driving the regulatory agenda; (iv) enhanced scrutiny of digital / payment mergers; and (v) competition issues around global stablecoins and alternative payment systems.

Emerging trends in a fast-paced sector

The digitalisation of payments markets and entry of new players, including Big Tech, are raising a number of competition-related concerns, drawing attention from market participants, financial sector authorities and competition authorities alike. Against this backdrop, we have released a new publication exploring five emerging trends in the area. The key takeaways are outlined below. 

1. Big Tech and concerns over abuse of dominance 

Big Tech’s entry into the payment space is a source of many competition-related concerns. In particular, based on experience in digital markets, authorities worry that Big Tech players could potentially abuse their dominant positions, for example to preference their own services or restrict interoperability with their products.

European authorities seem to be keeping an increasingly watchful eye out for this type of behaviour. Notably, this month the European Commission announced that it has opened a formal antitrust investigation to assess whether Apple’s conduct in connection with Apple Pay violates EU competition rules.

This is not the first scrutiny of Apple Pay, with concerns previously having been investigated in Switzerland in response to a complaint by Swiss fintech company, TWINT. The Swiss Competition Commission ultimately closed its investigation after Apple committed to provide a “technical solution” to address the concerns of the complainant.

2. Use of “soft enforcement” tools

Another recent trend has been the broad use of market studies and inquiries to examine competition issues in the payments sector. For example:

  • In the UK, the Financial Conduct Authority and Payment Systems Regulator have used these tools as their primary means of examining competition issues in financial services. This includes, for example, the PSR’s ongoing market review into the supply of card-acquiring services
  • In the Netherlands, the Authority for Consumers and Markets has launched a market study into the activities of major tech firms in the Dutch payments market. It is looking at the existing and potential activities of both US and Chinese players.
  • Similarly, in France, the Autorité de la concurrence has launched a public consultation into the fintech sector, with a focus on the development of the role of large digital platforms in payment services.  
  • In Greece, the Hellenic Competition Commission is also carrying out a sector inquiry into fintech. 

These tools can be used as a means of “soft enforcement”, helping competition authorities and sector regulators to identify and address systemic issues affecting competition. They can also serve as an important information gathering tool. However, they have in the past attracted criticism as ineffectual and an inefficient use of vast amounts of time and resource.

3. Competition objectives driving the regulatory agenda

Competition objectives – in particular, concerns around maintaining a level playing field – were driving the last wave of European payments regulation and are likely to drive the next. 

For example, a key aim of the EU’s revised Payment Services Directive (PSD2) was to “open up payments markets to new entrants leading to more competition, greater choice and better prices for consumers”. Notably, its focus in this regard was on tackling the incumbency advantage of traditional banks

There are now concerns that the playing field could tilt too far in favour of Big Tech and the Commission’s expert group on regulatory obstacles to financial innovation (ROFIEG) has made a number of recommendations to address this. For example, it recommends legislative action to broaden and even out the use of user-driven data sharing, which may require Big Tech to share access to more of the valuable customer data they hold. It also recommended new rules to prevent large, vertically integrated platforms from unfairly discriminating against downstream services that compete against their own downstream services. 

The Commission has since launched a consultation on a Retail Payments Strategy for the EU. Notably, the consultation paper discusses the potential opportunities for pan-European payments solutions to thrive and to “reduce EU dependency on global players, such as international card schemes, issuers of global “stablecoins” and other big techs”.

4. Merger control: enhanced scrutiny of digital payments deals

2019 saw intense global debate about whether merger control rules remain fit for purpose in the digital era. There is a perception that potentially problematic deals have been slipping through the net, either because they are not being notified in the first place (having not triggered relevant thresholds) or because they are not sufficiently scrutinised during merger control review. 

In a commonly quoted statistic, over the last decade, Amazon, Apple, Facebook, Google and Microsoft have together made over 400 acquisitions, but only a handful were reviewed by competition authorities and none blocked.

This has led to a host of studies across the globe, which are likely to result in enhanced scrutiny of deals going forward. The emerging themes include:

  • Use of deal value thresholds, proposed as a way to catch “killer acquisitions” (designed to eliminate sources of potential future competition) which may not otherwise be notifiable due to low target turnover. While deal value thresholds have been introduced in Austria and Germany they appear to have been ruled out in the UK and at an EU level.
  • The need to look at counterfactuals in considering whether a target constitutes “potential competition” to the acquirer. For example, in the absence of the merger, could the target have become a realistic challenger to the acquirer in question?
  • Conglomerate effects – i.e. the notion that a merging party will be able to leverage a strong position in one market into a related market and use its strengthened position to foreclose competitors through tying and bundling strategies. 

The European Commission may explore at least some of these themes in its review of Mastercard’s proposed acquisition of Nets’ account-to-account payment business, for example. The Commission has accepted a referral request from a number of national competition authorities to review the transaction, concluding it is best placed to examine potential cross-border effects. In accepting the referral, the Commission noted that the transaction threatens to significantly affect competition in a Nordic or EEA / UK-wide market for the provision of real-time account-to-account central infrastructure services.

5. Global stablecoins and state-backed alternatives

Global stablecoin proposals, like Facebook’s Libra, offer the promise of healthy new competition for retail payments markets. This could help drive benefits for consumers, particularly in the areas of financial inclusion and cross-border payments.

At the same time, new payments infrastructure that involves wide industry collaboration and the likelihood of rapid global scaling may pose a threat to fair competition (as well as raising other policy risks, for example around monetary policy and financial stability). 

In particular, the involvement of Big Tech has raised concerns in some corners around the risk of markets tipping in their favour due to, for example, network effects and the exponential benefits of access to data. As a result, in addition to action from financial sector authorities, the European Commission has already started an antitrust probe into Libra (i.e. well before any launch).

Concerns around the risks posed by global stablecoins have led to a number of policymakers considering state-sponsored alternatives. 

Various central banks have accelerated research and/or development work around central bank digital currencies (CBDCs). For example, the Bank of England, which has not previously been an active proponent of CBDCs, published a discussion paper on a “platform model” CBDC for retail use earlier this year. 

CBDCs, however, raise their own issues. For example, depending on how it is designed, a CBDC may benefit from certain structural advantages over competing commercial initiatives. This could potentially risk displacing certain elements of the commercial market, to the detriment of the diversity and resilience of the overall payments landscape.  

As well as exploring CBDCs, the European Central Bank has welcomed a strategic initiative by a consortium of European banks to create a new alternative retail payment system. This type of industry-led/ state-backed solution may also raise competition concerns – for example, as a result of competitor collaboration and/or any structural advantages such an initiative would involve.

Contact us

Should you have any questions around competition-related issues in the payments sector, or the payments sector more generally, please don’t hesitate to get in touch.


International AI standards proposed for securities market intermediaries and asset managers


Numerous regulators have noted that the use of artificial intelligence in financial services has the potential to create new risks or amplify existing risks. In response to those concerns, the International Organization of Securities Commissions has drafted guidance for how AI and machine learning should be overseen. The guidance provides an insight into the approach national regulators are likely to take as AI becomes more commonplace in securities markets.

IOSCO consultation paper on AI

IOSCO, the global standard setter for the securities sector, is consulting on new draft guidance to its members on the use of artificial intelligence and machine learning by market intermediaries and asset managers. Once finalised, the guidance would be non-binding but IOSCO would encourage its members to take it into account when overseeing the use of AI by regulated firms.

IOSCO’s membership comprises securities regulators from around the world. It aims to promote consistent standards of regulation for securities markets.

Six measures to address AI risks

The draft guidance puts forward six fairly detailed measures for regulators to impose on the firms they supervise to reflect expected standards of conduct. In short, these cover:

  1. having designated and appropriately skilled senior management responsible for the oversight of AI and a documented internal governance framework with clear lines of accountability,
  2. adequate testing and monitoring of AI algorithms throughout their lifecycles,
  3. ensuring staff have adequate skills, expertise and experience to develop and oversee AI controls,
  4. managing firms’ relationships with third party providers, including having a clear service level agreement with clear performance indicators sanctions for poor performance,
  5. what level of disclosure firms should provide to customers and regulators about their use of AI, and
  6. how to ensure that the data that the AI relies on is of sufficient quality to prevent biases.

These measures are intended to tackle the perceived problems of AI around resilience, ethics, accountability and transparency, which we explore in our report on Artificial Intelligence in Financial Services: Managing machines in an evolving legal landscape.

IOSCO’s guidance is subject to the principle of proportionality. Notably, it emphasises that the size of firm is not the only relevant factor in this regard and that regulators should also consider the activity that is being undertaken, how complex and risky it is, and the impact that the technology could have on clients and markets.

AI not yet receiving special treatment?

As well as setting out its guidance, the report also indicates some of its findings from industry discussions. Many of these findings suggest that, despite broadening and increasingly sophisticated use of AI, firms have not generally made special arrangements for its governance. For example, according to IOSCO, many firms:

  • do not employ specific compliance personnel with the appropriate programming background to appropriately challenge and oversee the development of machine learning algorithms
  • use the same development and testing frameworks that they use for traditional algorithms and standard system development management processes
  • say that they do not have the human resources or the right expertise at all levels to always fully understand AI and ML algorithms.

One reason for this could be that AI is generally not yet subject to special regulatory treatment. The IOSCO paper makes the point that many jurisdictions have overarching requirements for firms’ overall systems and controls but only a few have regulatory requirements that specifically apply to AI- and ML-based algorithms.

How firms are using AI today

According to IOSCO, market intermediaries are already using AI in their advisory and support services, risk management, client identification and monitoring, selection of trading algorithms, and asset / portfolio management. By contrast, asset managers’ use of AI is in its “nascent” stages and is “mainly used to support human decision-making”. This is consistent with the findings of the Bank of England and FCA from a 2019 survey of UK financial institutions.

What happens next?

The consultation on the draft guidance closes on 26 October 2020.

In the UK, the FCA is currently working with the Alan Turing Institute to look at the implications of the financial services industry deploying AI. Meanwhile, the European Commission has released its own guidelines for trustworthy AI and is expected to propose legislation in this area later in 2020.


UK response to Wirecard insolvency highlights the importance of operational resilience


The Financial Conduct Authority’s decision to temporarily curtail Wirecard’s UK business had a knock-on effect for the fintech firms which rely on its services. As those firms sought to resume services as quickly as possible, there are lessons to be learned for the fintech sector and its approach to operational resilience.

The FCA’s immediate response to Wirecard

The news of German payments provider Wirecard entering into insolvency proceedings in the wake of a €1.9bn alleged accounting fraud has shaken the European fintech industry.

In the UK the FCA temporarily imposed restrictions on Wirecard’s UK subsidiary, a regulated payment institution which issues e-money onto prepaid cards. These restrictions meant that Wirecard Card Solutions Limited (Wirecard UK):

  • must not dispose of any assets or funds
  • must not carry on any regulated activities
  • must set out a statement on its website and communicate to customers that it is no longer permitted to conduct any regulated activities.

In a statement, the FCA said that its primary objective is to “protect the interests and money of consumers who use Wirecard”. This action has come soon after the FCA consulted on new guidance for payments firms on safeguarding customer money.

Certain of the requirements imposed have since been lifted, subject to close monitoring, allowing Wirecard UK to resume regulated activity, issuing e-money and providing payment services.

Impact on wider fintech industry

Several UK fintech firms rely on Wirecard UK’s services for operational support, as they use Wirecard UK’s technology to issue prepaid cards and process payments. For the period that Wirecard UK was unable to perform regulated payment activities, these fintechs were unable to access those Wirecard services. As a result, they were having to restrict the services they provided to their customers.

Some fintechs had to tell their customers that their accounts were temporarily inaccessible. Others were able to find workarounds and/or switch to alternative providers. The Department for Work and Pensions set up a dedicated team to assist individuals who could no longer receive their benefits payments through apps or cards associated with Wirecard.

Regulatory focus on operational resilience

The Wirecard incident has shone another light on the sorts of events which require appropriate operational resilience planning and procedures. Business disruption, like that caused by the failure of a third party provider, is inevitable. This is a view shared by the UK regulators who are currently consulting on new rules aimed at improving the resilience of firms across financial services. The FCA’s statement on Wirecard UK specifically mentions this consultation, as well as the EBA Guidelines on Outsourcing Arrangements which apply to e-money and payment firms.

Not all fintech firms would be subject to the FCA’s proposed operational resilience rules, but those caught would (among other things) need to:

  • identify their important business services and the people, processes, technology, facilities and information that support them
  • set impact tolerances for each important business service
  • test their ability to remain within those impact tolerances through a range of severe but plausible disruption scenarios.

As increasingly critical players in the financial services ecosystem, fintechs need to be mindful of this regulatory focus on outsourcing and operational resilience. Mapping the various elements on which their businesses rely is an important aspect. But, as recent days have shown, swift and effective communications plans can be equally important to mitigate harm at times of operational disruption.

What happens next?

In the short term, the FCA continues to monitor Wirecard UK’s activities and to work with them to progress matters relating to the remaining requirements. Affected firms are continuing to address the disruption to their customers and can expect to receive follow-up communications from the FCA.

In the longer term, fintech firms can expect to face increased scrutiny in relation to both their operational and financial affairs. Firms may look to learn from this incident and re-evaluate their responses to the FCA’s proposed operational resilience rules as a result.

It remains to be seen whether there will be a wider impact on industry confidence and future investment in the sector.


Launching our Tech Legal Outlook 2020: Mid-Year Update


Given the seismic events of the year to date, we have produced a Mid-Year Update to our original Tech Legal Outlook 2020. In this Update we explore seven of the key global trends likely to shape the technology sector in the second half of 2020 and beyond, and consider the legal implications for businesses – including Fintechs.

Catalyst for change

The rapid outbreak of Covid-19 and the accompanying lockdown measures, have dramatically changed life as we know it and transformed the business outlook for 2020 and beyond. The crisis has provided a catalyst for change, with technology and data more critical than ever.

The role of technology

A striking feature of lockdown has been the need for a sudden shift to living and working online, and our continuing dependency on digital services for everything from healthcare to groceries, education to entertainment. The crisis has forced a change in behaviour and in some cases, required a change in law to facilitate new arrangements, protect national interests at a time of crisis, or to support those suffering financially.

The new normal

The “new normal” presents an evolving landscape with opportunities and challenges for the tech sector. Countries are emerging from lockdown measures, employees are returning to work and there continues to be the prospect of future outbreaks. By 8 June 2020 U.S. stocks, led by tech companies, had recouped losses from the lows of March. In the following week, global stocks began to fall after a rise in new Covid-19 cases in the U.S. and China. Big U.S. and Chinese tech companies have out-performed the market. However, growth across the wider tech sector has faltered and many organisations have experienced disruption and difficulties. Economic recovery is unequal and unpredictable.

Challenges ahead

Organisations will continue to grapple with the new normal for an extended period of time: overcoming new challenges where they seek to raise funds or make investments; protecting their innovation and intellectual property; adapting to a changing legal and regulatory environment; navigating an employment minefield; responding to significant changes to supply and demand; and addressing increased risks such as cyber threats. This presents a number of risks and legal issues for organisations to navigate.

Seven key trends

In our Mid-Year Update, we have focused on seven of the key trends likely to shape the technology sector in the second half of the year. Many of the trends originated before the pandemic: digital technologies have been transforming sectors, cyber-risk has been increasing, governments have been increasingly protectionist in their approach to foreign investment and increasingly seeking to regulate the digital economy. What is different is the pace of change.

Visit our Tech Legal Outlook 2020: Mid-Year Update page for a summary of the seven trends and to download your copy of the update.


Knotty by Nature: You Down with the OCC?


The US regulator of national banks and federal savings associations (the OCC) has published an Advance Notice of Proposed Rulemaking, seeking public comment on the digital activities of those banking entities. Among other things, it is asking whether the current regulations are fit for purpose. The findings are likely to influence the direction of rule-making efforts in this area. Interested parties are invited to comment by August 3, 2020.

OCC Notice

The US regulator of national banks and federal savings associations, the Office of the Comptroller of the Currency (OCC), has published an Advance Notice of Proposed Rulemaking (ANPR) seeking public comment on the digital activities of those banking entities. An ANPR is typically a precursor to a formal proposal of one or more rules. That is, issuing an ANPR is a tacit acknowledgment that the OCC is seeking a broader steer on policy before turning toward specific rule-making efforts.

Issues open for comment

The OCC generally seeks input on Title 12, Part 7, Subpart E and Part 155 of the Code of Federal Regulations, both of which regulate the electronic operations and activities of OCC-regulated banks. In particular, the OCC asks, among other questions:

  • Do the current regulations work?
  • Are they flexible and clear?
  • Do they hinder innovation and technological advancements in the banking industry?
  • Are they incomplete?
  • What types of cryptocurrency or other digital asset activities are being engaged in and what barriers are present that currently hinder their development?
  • How are distributed ledger technology and artificial intelligence being used?
  • What new payment technologies and innovation tools for compliance have been developed?
Next steps

The best way to predict the future is to create it. Interested parties should view this as the best and earliest opportunity to influence the OCC’s thinking on these matters. Comments are due by August 3, 2020.