UK regulator wants payment firms to bolster protection of client money in current crisis

The UK’s Financial Conduct Authority has raised concerns that some payment firms are not adequately protecting their customers’ money. These concerns are particularly acute in the current economic crisis. The FCA has thus proposed new guidance to clarify its expectations of payment firms around safeguarding client money and prudential risk management. Stakeholders are invited to comment by 5 June 2020.

Concerns that payment firms are leaving consumers at risk

The FCA has raised concerns that some payments institutions and e-money institutions have not implemented payments regulations as it expected. With growing numbers of consumers using alternative payment providers and an economic crisis in full flow, it is keen to remedy this swiftly. In particular, it wants to ensure that payment firms are effectively protecting their customers’ money and have robust risk management frameworks in place. 

Consultation on temporary guidance

To address these concerns, the FCA plans to issue some temporary guidance to clarify payment firms’ obligations in respect of safeguarding and prudential risk management. The guidance may serve as a checklist for payment firms to ensure they are operating in accordance with the FCA’s expectations. 

The FCA is inviting stakeholders to comment on its proposed guidance by 5 June 2020. Eventually, the FCA plans to incorporate the temporary guidance into its Payment Services Approach Document, which contains its main guidance for payments firms in these areas. 

The scope of the proposed guidance is outlined below.

Proposed guidance on safeguarding

Under UK payments regulations, payment firms are required to take measures to safeguard “relevant funds” (as defined in the regulations). This is to protect customers in the event of the payment firm’s insolvency. For example, e-money issuers need to safeguard the funds they receive in exchange for issuing e-money and authorised payments institutions must safeguard sums they receive for the execution of payments transactions. 

The Approach Document already contains detailed guidance as to how funds may be safeguarded. The FCA is now proposing to provide further clarifications as to its expectations, in order to strengthen firms’ practices. These include:

  • Reconciliation processes to be clearly documented. Where there is potential for discrepancies (for example, where funds are held in one currency in respect of a payment transaction in another), firms are required to make reconciliations at least daily. The FCA clarifies that it expects firms to clearly document this reconciliation process, and to provide an accompanying rationale, in order to help with the distribution of funds in the event of insolvency.
  • Notifications of non-compliance. Firms are required to notify the FCA of their failures to comply with safeguarding or reconciliation requirements. In this regard, the FCA expects to be notified of failures to keep up to date records of relevant funds and safeguarding accounts and where a firm is unable to comply due to the decision by a safeguarding credit institution to close a safeguarding account. 
  • Naming of client accounts. Safeguarded funds are required to be held in separate accounts with an authorised credit institution or authorised custodian. The FCA expects the names of such accounts to include the word “safeguarding” or “client”. Where this is not possible the FCA wants payment/e-money institutions to provide evidence confirming that the account has been appropriately designated.
  • Acknowledgement from safeguarding institution. Those providers of safeguarding accounts are not allowed to have any interest (such as a security interest) in them. The FCA wants payment firms to obtain an acknowledgement from the credit institution / custodian confirming this (and has provided a proposed form of acknowledgement letter).   
  • No other amounts to be mixed into safeguarding accounts. The FCA underlines the importance of ensuring that no other amounts are improperly mixed into a safeguarding account. It clarifies that the reason for this is that such mixing may cause delays in returning funds to customers if the firm becomes insolvent.
  • Periodic reviews of appointments of credit institutions, custodians and insurers. The FCA expects appointments of credit institutions, custodians and insurers to be reviewed whenever a firm believes that anything affecting the appointment decision has materially changed and, in any event, at least once a year.
  • Funds due to be safeguarded not available to meet commitments to card schemes or other third parties. The FCA expects that e-money issuers which issue, and allow customers to make payments with, e-money before receiving the corresponding funds from the customer should not treat amounts due which are subject to safeguarding requirements as available to meet commitments it has to card schemes or other third parties to settle the relevant payments transactions.
  • Protection of unallocated funds. Where firms are not able to identify which customer is entitled to the funds it has received, the funds will not qualify as “relevant funds” (to which safeguarding requirements apply). However, the FCA expects firms to protect these funds, for example by segregating them, and to take measures to identify the relevant customer.
  • Annual audit of compliance with safeguarding requirements. The FCA clarifies that it expects firms which are required to be audited to arrange specific annual audits of their compliance with safeguarding requirements. It also expects firms to satisfy themselves that the proposed auditor has sufficient skills, resources and expertise in auditing compliance with safeguarding requirements.
  • Small payments institutions to protect customer money too. Whilst not subject to safeguarding requirements, the FCA notes that it expects small payments institutions to keep a record of funds received from customers and the accounts into which those funds are paid. It also encourages these institutions to voluntarily opt in to meeting the safeguarding standards.
  • No misleading information on treatment of funds in insolvency. The FCA emphasises the need for firms to avoid misleading customers about how much protection they will get from safeguarding. For example, firms should not imply that customers’ claims would be paid in priority to the costs of distributing the safeguarded funds.
Proposed guidance on prudential risk management

Payments firms are required to meet certain prudential requirements in order to be authorised by the FCA. The FCA is now proposing additional guidance in the following areas:

  • Governance and controls. The FCA expects authorised payments institutions and electronic money institutions to have robust governance arrangements, effective procedures, and adequate internal control mechanisms. It also expects governance arrangements to be tailored to the business model and reviewed regularly.
  • Capital adequacy. The FCA emphasises the importance of ongoing, accurate calculations and reporting and outlines best practice around the representation of intra-group receivables.
  • Liquidity and capital stress testing. The FCA expects firms to carry out liquidity and capital stress testing and use the results to inform decisions, for example around resources, systems and controls.
  • Risk-management arrangements. The FCA highlights that firms should assess the need for committed credit lines to manage liquidity exposures and outlines best practice in respect of managing intra-group risk.
  • Wind-down plans. The FCA clarifies that firms are required to have a wind-down plan to manage their liquidity and resolution risks, and sets out what the plan should cover.

FCA and Alan Turing Institute to explore practical application of AI transparency framework

In 2019, the FCA and Alan Turing Institute embarked on a year-long project to look at the use of AI in financial services. Now, they are planning to road-test a framework for thinking about transparency needs in the context of AI in financial markets.

Transparency the key to ethical AI

As discussed in our thought leadership report, Artificial Intelligence in Financial Services: Managing machines in an evolving legal landscape, transparency is a key principle in delivering ethical AI – as well as an area of regulatory focus.

Supporting other regulatory objectives such as fairness and accountability (which, respectively, require transparency to be demonstrated and accurately allocated), transparency in the use of AI solutions is a major consideration for firms. It matters not just as an ethical ideal, but also as a means to deliver regulatory compliance and engender customer trust (and, ultimately, deliver successful products).

Enabling “beneficial innovation” through transparency

In a recent FCA blog post, the FCA and Alan Turing Institute (ATI) have also emphasised the role of transparency – simply, users having access to relevant information about an AI system – as an “enabler of beneficial innovation”. They have also described transparency as a “lens for reflecting on relevant ethical and regulatory issues and thinking about strategies to address them”. 

In particular, transparency is cited as key to:

  • demonstrating trustworthiness and encouraging widespread acceptance of AI systems;
  • enabling customers to understand and challenge the basis of certain outcomes (the FCA and AT cite the example of a sub-optimal loan decision based on an algorithmic credit assessment informed by incorrect information); and
  • allowing customers to make informed choices about their behaviour in full view of the factors that determine outcomes (for example, knowing how credit scores are affected by late / missing payments, or the criteria that influence certain insurance pricing).
A framework for AI transparency

The FCA and AT have set out a proposed high-level framework for thinking about transparency needs in respect of AI solutions. The practical application of this framework is expected to be workshopped with industry and civil stakeholders.
Firstly, when it comes to establishing what is “relevant” information about an AI system, it is suggested that it may be helpful to split such information into two categories:

  • model-related information – the inner workings of the AI model, i.e. the model code and other detail that provides visibility on model input and output relationships; and
  • process-related information – information about the process of developing and using the AI system itself (this may include information on any phase of the system’s lifecycle).
Transparency in practice: the transparency matrix

As well as looking at who should have access to what information – with distinctions made between the requirements for staff, clients, regulators and other parties (e.g. shareholders) – the FCA suggests that decision-makers develop a “transparency matrix”. 

In short, this means that firms go beyond merely asking “what information should be accessible?” (and deploying a one-size-fits-all-stakeholders approach in response). Instead, different stakeholder types are considered independently; and decisions on the information to be made accessible to them tailored based on the following factors: 

  • rationale-dependence – the reasons that drive certain stakeholders’ interest in transparency;
  • stakeholder-specificity – how decisions on the information to be provided may differ between stakeholder types; and 
  • use case-dependence – how such decisions may also hinge on the specific use case.

Using a systemic framework such as this will undoubtedly help firms identify – at a more granular level – myriad transparency needs and respond to them effectively. It may also help firms overcome the “explainability problem” – that explanations are not a natural by-product of complex AI algorithms – as discussed in our recent webinar, Managing machines: AI regulation in finance (available to our clients via the Linklaters Knowledge Portal).

The bigger picture

The FCA and AT collaboration should be viewed in the context of complementary initiatives that are delivering guidance for the ethical use of use of AI at a national and global level. Some of the other key initiatives that will be relevant to financial services-focused work in the UK are summarised below.

U.S. Government Covid-19 funding measures – what is available to Fintech-focused companies?

As a global firm, we have been actively tracking and assessing the varied measures that governments across the world have introduced to support businesses in response to the Covid-19 pandemic. This post is the final and identifies funding measures that may be available in the U.S. specifically to Fintech companies, ranging from small and medium-sized enterprises (SMEs) to start-ups. 

Paycheck Protection Program

As part of the Senate’s US$2 trillion stimulus package, the Coronavirus Aid, Relief, and Economic Security Act (the CARES Act) (read more), approximately US$350 billion initially was allocated for small business loans of up to US$10 million each, to cover certain expenses for up to eight weeks.  Known as the Paycheck Protection Program (PPP), this program is administered by the Small Business Administration (SBA) and involves individual banks and other financial institutions extending the credit, which is backed by an SBA guarantee.

Although, due to high demand, the PPP initially exhausted its funding on April 17, 2020, on April 23, 2020, Congress adopted the Paycheck Protection Program and Health Care Enhancement Act, which was signed into law the next day.  This new law allocated to the PPP an additional  US$310 billion, permitting it to resume processing new loan applications. The PPP is expected to continue to be made available through the end of June 2020, unless its funding is exhausted sooner.

Under the PPP, loaned funds spent on payroll, rent, or utilities could be forgiven if companies retain their current payrolls and satisfy certain other criteria.

  • The PPP is available to companies organized and located in the United States with fewer than 500 employees or that the SBA otherwise considers “small business concerns.” 
  • Under the SBA’s “affiliation rules,” private equity portfolio companies or companies with significant VC investments may be required to look at the number of employees across the PE/VC firm’s whole portfolio (including other portfolio companies) rather than merely their own on a stand-alone basis, depending on the size of the fund investment and any other management rights exercised by the fund. FinTech companies should evaluate their individual circumstances to determine whether the PPP is available to them.
Federal Reserve Main Street Lending Program

In connection with its Main Street Lending Program under the CARES Act (read more), the Federal Reserve will fund a special purpose vehicle (SPV) that will acquire, at par value, either 95% or 85% participation in loans or upsized tranches of existing loans made to companies with fewer than 15,000 employees, or annual turnover of US$5 billion or less, that are organized, and have significant operations and a majority of their employees, in the United States.  In determining whether it satisfies these quantitative criteria, a potential borrower must apply the SBA “affiliation” rules referenced above, and so companies with significant PE or VC investments will need to carefully assess their eligibility for the Main Street Program.

Loans made under the Main Street Lending Program are capped at US$25 million for new loans and US$200 million for upsized loans, and are subject to certain borrower leverage limitations.  While such loans are not subject to forgiveness, they  are competitively priced.  Borrowers under the Main Street Lending Program are subject to limitations with respect to, among other things, their ability to make dividend payments and capital distributions, and conduct stock buybacks.  They are also subject to limitations on certain employee compensation (read more).

For more information, please contact a member of the Linklaters team.

Italian Government Covid-19 funding measures – what is available to Fintechs?

As a global firm we have been actively tracking and assessing the varied measures which have been made available by governments across the world to support corporates and businesses in response to the Covid-19 pandemic. Building on this work, this is the fifth in a series of posts focused on key Fintech jurisdictions: assessing what funding measures could be available specifically to Fintechs in Italy (from fully licenced digital banks, to payment providers to tech start-ups). 

Approach taken in Italy

Whilst there are no Italian Government funding measures directly addressed to fintech companies, we note that they may benefit from a range of liquidity support measures tailored to SMEs and even from those targeting larger companies, where they exceed the relevant thresholds:

Central Guarantee Fund for Small and Medium-sized Enterprises (SMEs)

The Central Guarantee Fund for SMEs (CGF), derogating from its current legislative framework, will offer loan and portfolio guarantees on more favourable terms to SMEs and mid-caps until 31 December 2020. In particular, loan guarantees are available on the following terms: 

  • the granting of the guarantee is free of charge;
  • the maximum guaranteed amount per company is increased to €5 million;
  • the guarantee coverage percentages are increased (and are equal to 100% for loans to SMEs falling due between 24 and 72 months and amounting up to €25,000 or 25% of the borrower’s income, if lower);
  • the guarantee applies also to renegotiated loans (subject to conditions);
  • in the event of suspension of payment of the loan instalments or extension of the maturity of the loan by the bank, the existing guarantees of the CGF are automatically extended;
  • the borrowers’ eligibility conditions are relaxed (also with respect to start-ups);
  • the fee for the non-completion of the transaction is removed; 
  • the share of the junior tranche of specific loan portfolios guaranteed by the CFG may be increased; and
  • priority is given to SMEs, including those in the agri-food sector, with registered office or local units located in the territories of the municipalities most affected by Covid-19 identified in Annex 1 of the Decree of the President of the Council of Ministers of 1 March 2020.

Borrowers who before 31 January 2020 had unlikely to pay, past-due or overdrawn exposures – and in any case borrowers who have bad loans – cannot benefit from the CGF measure, while borrowers admitted to certain reorganisation plans or restructuring arrangements after 31 December 2019 are eligible, provided that certain conditions are met.

Loan portfolios guarantees have also been enhanced with similar measures.

SACE guarantees

SMEs which have already made full use of their access capacity to the CGF can apply through the lender for a loan backed by SACE’s guarantee under the Counter-Guarantee Mechanism by SACE and the State, which reserves at least €30 billion (out of €200 billion) for SMEs. The measure encourages banks to provide liquidity to Italian enterprises affected by Covid-19 epidemic by enabling SACE to issue irrevocable first-demand guarantees in favour of banks and other financial institutions which grant loans to Italian companies. SACE’s obligations under the guarantee will be backed by an irrevocable first-demand State guarantee.

SMEs, as well as larger corporates, may access the guarantee scheme provided that on 31 December 2019 they did not meet the European definition of “undertakings in difficulty” and on 29 February 2020 their financial exposures were not classified as “NPEs” (“non-performing exposures”) as defined under European law.

Please note that there is a detailed set of conditions the borrower has to comply with in order to benefit from the SACE guarantee (e.g., loans backed by the SACE guarantees shall be applied to finance costs of personnel, investments and working capital needs in respect of productive plants and businesses located in Italy; the borrower, as well as any other entity of the group incorporated in Italy, shall commit not to authorise dividend distributions or the purchase of treasury shares during the calendar year 2020, etc.). 

Moratorium of loans with a partial government guarantee

Micro-enterprises and SMEs based in Italy which have suffered liquidity shortages as a consequence of Covid-19 and whose financial exposures are not classified as “NPEs” on 17 March 2020 may request a moratorium on specified loan payments and credit lines which will last until 30 September 2020.

Financial institutions which granted the loans/credit lines covered by the moratorium shall be eligible for a government fund guarantee equal to 33% of the relevant amount (which would depend on the type of financing).

Liquidity support by CDP and the Italian government

CDP (Cassa Depositi e Prestiti) will guarantee loans by banks (and other entities authorised to carry out lending activity in Italy), to facilitate market liquidity. In particular, the measure:

  • supports bank financing to companies (including companies which are not considered to be SMEs such as medium-large corporates) that have suffered a drop in turnover due to Covid-19; and
  • operates by (a) the CDP providing specific instruments such as funding and/or portfolio guarantees, including first loss guarantees to the lending banks and (b) the Italian government then granting counter-guarantees up to 80% of CDP’s exposures.

However, this measure still needs to be implemented by way of Decree of the Ministry of Economy and Finance. In the meanwhile, CDP will provide interim relief to enterprises through direct liquidity support up to €2 billion. In particular, the stop-gap support measure:

  • is intended to support temporary liquidity needs, working capital and investments envisaged in companies’ development plans;
  • applies to medium and large enterprises with a turnover above €50 million that have suffered at least a 10% reduction in turnover as a result of the impact of Covid-19, compared to the corresponding period of the previous year; and
  • may also take place in pooling with financial institutions, with a CDP share amounting between €5 million and €50 million and lasting up to 18 months.  
Measures for export credit activities and the internationalisation

SACE will issue guarantees in favour of banks, local and international financing institutions and other entities licensed to carry out lending activity in Italy, in connection with financing to Italian companies and up to an overall maximum amount of €200 billion. The guarantees are issued at market conditions and in accordance with the applicable European legislation and will have the benefit of a first demand guarantee from the State. The measure will be operational following the issuance of the implementing Ministerial Decree.

In addition to this measure, commencing from 1st January 2021, the existing framework for the operation of SACE will be modified. The commitments arising from insurance policies and guarantees for principal and interest in relation to non-market risks shall be assumed through a system of cover jointly provided by SACE and the State: in an amount equal to 10% by SACE and for the remaining 90% by the Italian State.

Read more: Navigating through Covid-19 – Public support schemes for small and medium-sized enterprises.

Singapore Government Covid-19 funding measures – what is available to Fintechs?

As a global firm we have actively tracking and assessing the varied measures which have been made available by governments across the world to support corporates and businesses in response to the Covid-19 pandemic. Building on this work we this is the third in a series of posts focusing on key Fintech jurisdictions: assessing what funding measures could be available specifically to Fintechs in Singapore (from SMEs to start-ups). 

Fintech specific measures 

The Monetary Authority of Singapore announced on 8 April a S$125 million support package intended to help position financial institutions (“FIs”) and fintech firms for stronger growth when the threat of COVID-19 recedes and economic activity normalises:

1. Support for Training and Manpower Costs

  • A new Training Allowance Grant has been introduced to encourage firms to train and deepen the capabilities of their employees during this time. 
  • The MAS has also collaborated with the Institute of Banking and Finance (IBF), to offer an increase in course fee subsidies for Singapore Citizens (SC) and Permanent Residents attending relevant IBF courses to 90% (from the current range of 50% to 70%) and extension of the subsidies to include employees of fintech firms.
  • Doubled salary support for FIs to hire SC fresh graduates or workers from other sectors and place them in talent management programs under the Finance Associate Management Scheme. 

2. Support for Operational Costs

Digital Acceleration Grant (DAG)

The DAG scheme supports Singapore-based FIs and fintech firms in their adoption of digital solutions to improve productivity, strengthen operational resilience, manage risks better, and serve customers better. The scheme is open to firms with not more than 200 employees, and is split into two ‘tracks’: 

 DAG – Institution Project track

 DAG – Industry Pilot track


Support for adoption of digital solutions such as cloud services, compliance and KYC tools, and data-related services. 

Support for joint projects by at least three FIs to customise an existing solution with a solutions provider. 

Funding support

Up to 80% of support, capped at S$120,000 per entity, is available for 1 year in respect of the below qualifying expenses:

  • Hardware and software, including licences, maintenance and subscription costs; and

  • Professional services (e.g. consultancy, cybersecurity testing, IT audit).

Entities can claim for expenses incurred from 1 February 2020. 

Up to 80% of support, capped at S$100,000 per participating entity, is available for 2 years from implementation.

Qualifying expenses may include hardware and software, professional services, and manpower costs. 

3. Support for Access to Business Opportunities

APIX free access

Singapore-based fintech firms are granted 6 months’ free access to API Exchange (APIX), an online global marketplace and sandbox for collaboration and sales. 

Fintech Self-Assessment Tool

The MAS will also work with the Singapore Fintech Association (SFA) to set up a new digital self-assessment framework for MAS’ Outsourcing and TRM Guidelines, hosted on APIX. Completing the self-assessment will help fintech firms provide a first-level assurance to FIs about the quality of their solutions. More information on this is expected to be released soon.

Broader measures

Government grants

The following government grants are also available to fintech firms.

  Enterprise Development Grant (EDG) Productivity Solutions Grant (PSG)

Supporting projects that help Singapore companies upgrade their business, innovate, or venture overseas, under three pillars:

  • Core capabilities – helping businesses prepare for growth and transformation by strengthening their business foundations
  • Innovation and Productivity – supporting companies exploring new areas of growth or looking for ways to enhance efficiency (e.g. reviewing and redesigning workflow and processes)
  • Market Access – supporting companies that are willing and ready to venture overseas by defraying some of the costs of expanding into overseas markets.
Supporting Singapore companies in the adoption of pre-scoped IT solutions and equipment to enhance business processes. 
Funding support

80% funding support from April to December 2020. 90% support is available on a case-by-case basis for enterprises most severely impacted by COVID-19. 

Support covers qualifying project costs such as third-party consultancy fees, software and equipment, and internal manpower costs. 

80% funding support from April to December 2020.

The scope of solutions will also be expanded to include COVID-19 business continuity measures such as: 

  • Online collaboration tools
  • Virtual meeting and telephony tools
  • Queue management systems 
  • Temperature screening solutions

Firms must fulfil the following criteria:

  • Be registered and operating in Singapore
  • Have a minimum of 30% local shareholding
  • Be in a financially viable position to start and complete the project. 

Firms must fulfil the following criteria:

  • Be registered and operating in Singapore
  • Purchase / lease / subscription of the IT solutions or equipment must be used in Singapore
  • Have a minimum of 30% local shareholding (for selected solutions only).

German Government Covid-19 funding measures – what is available to Fintechs?

As a global firm we have actively tracking and assessing the varied measures which have been made available by governments across the world to support corporates and businesses in response to the Covid-19 pandemic. Building on this work this is the second in a series of posts focusing on key Fintech jurisdictions: assessing what funding measures could be available specifically to Fintechs in Germany (from SMES to start-ups). 

Public support funding measures

The German Government has issued a series of public support funding measures in the course of the Covid-19 crisis, including emergency aid for small businesses, numerous loan schemes of the state development bank “KfW”, guarantees by the federal government and the Federal States, immediate grants offered by the Federal States, the set-up of the Economic Stability Fund (ESF) and most recently its planned support programme for start-ups (read more). 

Some instruments such as the ESF explicitly are limited to companies of the “real economy” which could exclude Fintechs (depending on the level of regulation). However, the KfW loan schemes are not limited to the real economy and should also be available to Fintechs. Nevertheless, Fintechs may not be able to benefit from some of these schemes since, in addition to eligibility criteria to be met with regard to the size of the company, they might not meet criteria relating to the financial liquidity (proof of profit) required before the Covid-19 crisis affected the economy.

Measures for Fintechs

In our view, in particular the following support measures could be interesting for Fintechs:

Emergency aid for small businesses:

To ensure the liquidity of small companies, the German Government offers a one-off payment for up to EUR 9,000 for companies with up to 5 employees and EUR 15,000 for companies up to 10 employees. The exact amount depends on the liquidity needs of the company in question. These funds do not have to be repaid. 

KfW Start-up loan – universal:

The loan schemes of KfW provide access to liquidity for sound and healthy companies, which might, however, be in financial difficulties due to the Covid-19 crisis. Under the KfW start-up loan, KfW will assume a portion of the risk from client facing banks through back-to-back loans.

The criteria for eligibility of the KfW Start-up loan are:

  • The loan scheme is only available to companies that have been on the market for less than 5 years and which have temporary financing difficulties due to the COVID-19 crisis.
  • The companies must not have met the EU definition of “undertakings in difficulty” on 31 December 2019.
  • The loan may be used for investments that promise sustainable economic success, such as operating resources, warehouse, or acquisition of assets from other companies, including takeovers and active participations. The loans may not be used to refinance existing exposures, for follow-up financing or prolongations or to repay drawings on existing credit lines.
  • Companies in which banks have a stake of more than 25% are not eligible. However, companies in which private equity investors have an interest (regardless of the size) are eligible.
  • German companies which would like to benefit from this scheme will be asked to suspend profit and dividend payments for the term of the loan in order to qualify. However, standard remuneration for business owners remain possible.

For SMEs, KfW assumes 90% of the credit default risk, provided that the company has been active for three years. The size of the scheme is generally unlimited, however, the size of the loan is limited to a certain percentage of the companies’ annual revenues / wage costs and to EUR 1bn per group. The specific interest rate depends on the term of the loan, the loan amount, the provided collateral and the specific investment purpose. Enterprises which have been on the market for more than five years could apply for the KfW Entrepreneurial loan, which has similar eligibility criteria. 

KfW Immediate loan scheme:

Further, the German Ministry of Finance has announced the KfW “immediate loan” scheme. Under this scheme, the risk assumption by KfW will be extended to 100%. It applies to companies with more than 10 employees who have been active in the market since 1 January 2019. The eligibility criteria are similar to the ones for the KfW start-up loan. In addition, the immediate loan scheme requires that the company has reported a profit on average over the last three years (or a shorter period if it has not yet been on the market for three years).

Under the immediate loan scheme, the bank receives a 100% risk assumption from the KfW, secured by a guarantee from the Federal Government. The loan is approved without further credit risk assessment by the bank or KfW and can therefore be approved quickly. The amount of each loan is limited to up to 3 months’ turnover in 2019 (max. EUR 500,000/800,000, depending on the size of the company).

Specific support programme for start-ups2:

The Federal Government has decided to invest around €2 billion in a joint fund by way of co-financing (the Corona Matching Facility), to expand venture capital financing so that financing rounds for promising innovative start-ups from Germany can continue to take place. The programme was officially launched on 30 April 2020. According to the Ministry of Finance, the following measures or ‘pillars’ will be implemented under this scheme:

  • Strengthening venture capital investors at fund level:

    – The first pillar aims to strengthen venture capital investors at fund level (through the umbrella funds KfW Capital and the European Investment Fund) to provide additional capital to portfolio companies facing liquidity problems.

    – VC funds may ‘match’ the public resources in a ratio of up to 70% to 30% of the aggregate funding,1 provided that other private investors who do not benefit from the CMF also participate in the respective financing round.

    – A start-up can receive a maximum of 50% of its funding from the CMF, per financing round. The VC funds (and not the start-ups) can apply for the CMF. The successful completion of a due diligence process is a prerequisite for making use of the CMF. 

  • Additional support for other start-ups/SMEs:

    – The second pillar aims at supporting young start-ups and SMEs without access to the CMF, through collaboration with the Federal States.

    – It is intended to provide venture capital through associations of the federal states or through state development institutes so that they can then pass on the funds to start-ups and small SMEs via their network.

    – The risk will be shared between the federal government or the federal states and private investors. Further details on risk-sharing are yet to be provided.

The full eligibility criteria and conditions for these measures have not been published yet. We will provide an update to this post when they are available.

Economic Stability Fund:

The guarantees and recapitalisation measures which can be granted under the ESF are generally limited to large companies which exceed the criteria of SMEs. That said, the recapitalisation measures (including debt and equity instruments) can, at the discretion of the committee of the ESF, be extended to start-ups, provided that these have been valued with at least EUR 50 million in at least one funding round by private capital investors since 2017.

However, the measures will only be granted to companies of the “real economy”. Whilst this term explicitly excludes credit institutions, it is not entirely clear-cut whether partly regulated entities such as Fintechs will also be excluded. In any event, the recapitalisation measures will be granted at the discretion of the committee of the ESF.

1. This proportion of co-funding will be: up to 70% provided by the government through the CMF, and 30% contributed by the private investors.
2. Further details regarding eligibility criteria for SMEs under this pillar of the scheme are yet to be provided.

UK Government Covid-19 funding measures – what is available to Fintechs?

As a global firm we have actively tracking and assessing the varied measures which have been made available by governments across the world to support corporates and businesses in response to the Covid-19 pandemic. Building on this work this is the first in a series of posts focusing on key Fintech jurisdictions: assessing what funding measures could be available specifically to Fintechs in the UK (from fully licensed digital banks, to payment and e-money providers and SMEs to start-ups).

Public support funding measures

The government has issued a series of public support funding measures since the start of the Covid-19 crisis in the UK, including the Covid-10 Corporate Financing Facility (CCFF) (read more), the Coronavirus Business Interruption Loan Scheme for SMEs (read more) (and a Large Business variation (read more)) and most recently its innovative start-up measures.

As a general matter, the financing facilities and loan schemes are designed to help the real economy – so non-financial corporates – and a number of criteria apply, varying from scheme to scheme which exclude many Fintechs. Firstly any Fintech which holds a banking licence or is an insurer will be generally excluded from all the government debt financing measures. Secondly those Fintechs which are regulated entities (for example as e-money institutions) other than banks and insurers are also clearly excluded from the CCFF (under which the government purchases commercial paper issued by investment grade, non-financial corporates) which excludes broadly any regulated entity or entity in a regulated group.

In practice, in respect of the CBILs and CBLILs even those Fintechs who are regulated as e-money issuers or payment services providers (so non-banks) or wholly unregulated (and are not thus excluded) will also likely not meet the eligibility criteria as borrowers if they are loss making, as is often the case with the fintech business model.

Measures for licensed banks

Although Fintechs with a banking licence are not eligible borrowers/ issuers under the public support schemes for corporates, the government and regulators have taken a separate set of measures to alleviate pressure from Covid-19 on banks:

  1. First, they can post collateral and get cash under the BoE’s liquidity facilities (the contingent term repo facility for short term funding and the term funding scheme for SMEs for long term funding).
  2. Secondly, the PRA and FCA have taken several regulatory measures to reduce the regulatory burden on banks in these stressful circumstances (e.g. postponing regulatory reporting and onsite inspections and regulatory change) and are taking a flexible approach to capital and liquidity buffers and the capital treatment of loans under payment moratoria and covenant breaches.
Innovative start-up funding measures

Otherwise the more recent innovative start-up measures may be of more interest as these are intended to plug the funding gap for genuine start-ups that are pre-profit and would generally be equity funded. These were announced on 20 April in the form of the “Future Fund”, a new scheme in partnership with the British Business Bank under which the government will issue “bridge funding” in the form of convertible loans between £125,000 to £5 million to innovative, high growth VC-funded companies which are facing financing difficulties due to the coronavirus outbreak (read more).

Key aspects of the Future Fund scheme

The purpose of the Future Fund is to support businesses that have been unable to access other government business support programmes, such as CBILS, because they are either pre-revenue or pre-profit and typically rely on equity investment. Fintechs looking to take advantage of the Future Fund scheme should note the following:

  • The scheme is open to UK registered, unlisted firms which have a substantive presence in the UK. 
  • Borrowers need to demonstrate they have raised at least £250,000 in private funding over the last 5 years and have co-investors which can at least match the state-backed loans with private investment.
  • The funding takes the form of a convertible loan with a maturity of 3 years. Structuring as a convertible loan avoids having to assess the start-ups valuation during the crisis. 
  • On maturity the loan shall either: 

    (i) be repaid by the company with a redemption premium (equal to 100% of the principal of the bridge funding) or 

    (ii) automatically convert into the most senior class of equity share at a 20 per cent discount to the valuation set in the borrower’s next funding round (assuming the borrower manages to secure funding at least equal to the amount of the bridge loan). 

  • The 20% discount on conversion would clearly be significantly dilutive for the existing shareholders and accordingly encourages repayment. 
  • Repayment terms are however onerous: the loans will attract interest at eight percent interest rate, payable together with repayment of 200% of the principal at the maturity date of 3 years. 
Accessibility of the Future Fund to Fintechs 

Given the relatively small amount of funding that is being made available through the Future Fund, the initiative seems to be aimed at the smaller end of the market. It may be relevant to angel/VC funded start-ups, including Fintechs, which would not be eligible borrowers under the other loan schemes.

The conversion and repayment terms attaching to the loans may make them unattractive to start-ups that have business models sufficiently robust to seek funding from alternative sources (e.g. their existing shareholders). 

As the full eligibility criteria have not yet been published it is unclear whether there will be any exclusions for banks or other financial sector entities similar to the CBILS/CLBILS. At this stage, there are no such exclusions and it appears that the apparent purpose of this scheme is to boost innovation. 

The Future Fund will launch for applications in May 2020 and will initially be open until the end of September 2020.

Smaller businesses focused on research and development can also apply grants and loans from Innovate UK, the national innovation agency for a new pot of £750m in grants and loans. The majority will be available to its 2,500 existing customers and the first payments being promised by mid-May.

We will update you as more details become available.

Government Covid-19 funding measures – support for Fintechs in key jurisdictions

As a global firm we have been actively tracking and assessing the varied measures which have been made available by governments across the world to support corporates and businesses in response to the Covid-19 pandemic. Building on this work we now introduce a series of blog posts assessing what funding measures could be available specifically to Fintechs (from fully licensed digital banks to e-money/ payment providers and from SMEs to start-ups). 

These funding measures are unique to each jurisdiction and governments have taken many different approaches creating a complex picture for Fintechs to understand. There are also varying eligibility criteria and exclusions which we can advise on, on a case-by-case basis.

Aye, robot? Robo advice at a crossroads in the UK

Robo advice sprung up as a potential panacea to the “advice gap” – situations in which consumers are unable to get the advice and guidance they need – which was highlighted in 2016’s Financial Advice and Markets Review. Four years on, the UK FCA is reviewing the extent to which robo advice delivers on the success outcomes of FAMR, i.e. to make available affordable, high-quality advice and harness tech innovation in the interests of consumers.

Growing pains

Robo advice uses an automated platform (powered by algorithms) to guide consumers’ investment decisions. In the UK, the Financial Conduct Authority – which has been receptive to robo solutions as a scalable way to deliver accessible advice – remains cautiously optimistic about robo services, despite its previous criticisms of suitability failings and unclear charges.

HM Treasury and FCA released the Financial Advice and Markets Review in 2016. The FCA is now reviewing FAMR and is expected to publish its findings (which are likely to touch on the success, or otherwise, of robo advice) in the autumn. In the meantime, it is continuing to provide feedback to firms via its dedicated Advice Unit which was set up to support automated advice solutions.

Recent research by FCA economists has provided useful insight into the receptiveness of robo advice. This research, carried out with a representative sample of 1,800 people, suggests that there is “substantial resistance” to robo advice among consumers.

Reaching out to robo refusers

Among the findings, robo advice offered was rejected in 57% of decisions. Worryingly for proponents of robo advice, it seems that differences in the quality of the hypothetical advice make little difference to whether advice is accepted or rejected: 56% rejected high-quality advice that closely matched their investment aim / risk appetite, while only 58% rejected poor, mismatched advice.

There were also less surprising findings, e.g. that young people (and, particularly, women) are much more likely to accept robo advice. There was found to be general resistance to robots from a “hard-core of robo-refusers” (30% of respondents) who consistently rejected the advice they were offered.

Human after all?

The research suggests that “robo-refusers” tend to be older and less financially literate. This is a particular concern because such people are often at critical financial junctures and looking at options such as accessing pension benefits. At-retirement robo advisers make up a large number of firms signed up to the FCA’s Advice Unit.

These are high-stakes decisions and accessible advice is key. The silver lining in the research – that, of those who refused robo advice, 72% recommended seeing a human adviser as an alternative – is of little comfort if such advice is unaffordable to begin with.

To some extent, the research echoes what is happening in the market. Several robo advisers have closed their virtual doors in the last twelve months and some innovators are turning to “hybrid” models that draw on robot and human interventions to deliver advice and guidance. 

What next for robo advice?

There remains, however, plenty of enthusiasm for robo advice across the industry and within the regulator. The FCA has received over 80 applications to its Advice Unit since June 2017 and, according to its website, is continuing to provide feedback to 40 firms which have been accepted for regulatory feedback.

The FAMR review is likely to provide further insight into the FCA’s work in the autumn. However, the latest research from its own economists suggests that creative and adept solutions such as hybrid advice may be needed to convince the robo-refusers, build trust in technology and realise the robots’ true potential.

The FSB outlines recommendations for regulating global stablecoins as Libra issues revised whitepaper

The Financial Stability Board has presented its recommendations for addressing the risks posed by global stablecoin (GSC) arrangements to the G20, with a new consultation paper. This comes as the Libra Association released a revised whitepaper for its proposed GSC. In this post, we look at what the FSB paper tells us about: (1) GSC design requirements; (2) regulatory gaps; and (3) how GSCs will be supervised across borders.

Recent developments

Over the last year, global authorities have raised serious concerns around the risks posed by GSCs, including the potential impact on global financial stability. These were in part prompted by Libra’s original whitepaper, which officially revealed Facebook’s plans to launch a digital currency. This month we have seen two high profile responses to those concerns:

Recommendations from the FSB

The Financial Stability Board (an international standard-setting agency) has released a consultative document outlining ten high-level recommendations to address the regulatory, supervisory and oversight challenges raised by GSC arrangements. 

This builds on the work of the G7 working group on stablecoins and the International Organization of Securities Commissions (IOSCO), among others. It was presented at a virtual meeting of the G20 Finance Ministers and Central Bank Governors this month. We discuss three key takeaways from this paper below.

Libra 2.0

Meanwhile, the Libra Association has released a revised whitepaper, intended to address the issues previously raised by regulators.

In particular, in response to concerns that Libra could challenge the sovereignty of national currencies, it has introduced a number of single currency stablecoins and proposed that the Libra currency would be a digital composite of some of those coins, rather than a separate digital asset. 

It has also incorporated additional consumer protections. For example, it now envisages that “Designated Dealers” will commit to making markets in its stablecoins and that there will be a built-in mechanism for redemption in case those markets do not materialise.  

Three takeaways from the FSB consultation paper

1. GSC design requirements

A number of the FSB’s recommendations seek to ensure that any GSC arrangement has certain prudential features. Although the report is aimed at regulators, it sends a clear message to developers as to what will be expected.

The paper also reiterates the message that GSC arrangements will need to meet all necessary regulatory requirements before commencing operation. 

The requirements include:

  • A comprehensive governance framework with a clear allocation of accountability. In particular, the report stresses the importance of governance bodies that can shoulder regulatory responsibility and notes that fully permissionless ledgers “may not be suitable” if concerns cannot be addressed. Interestingly, Libra 2.0 is “forgoing the future transition to a permissionless system” according to its new whitepaper.
  • Effective risk management frameworks. This includes requirements around reserve management (including stabilisation mechanisms), operational resiliency, cyber security safeguards and AML/CTF. Libra has clearly focused on these issues too. As well as measures outlined above, it is seeking to build in liquidity and capital protections to strengthen its reserve and to adopt a “robust compliance framework”.
  • Robust data management systems. As well as ensuring the integrity and security of data, GSC arrangements are expected to be built in a manner that affords regulators with appropriate access.
  • Appropriate recovery and resolutions plans. GSCs will need to have appropriate arrangements to support an orderly wind-down in the event of distress, including to ensure critical functions can continue.
  • Transparency on how the arrangement works. GSC arrangements are expected to provide transparency on the governance structure, stabilisation mechanism, investment mandate, custody arrangements, segregation measures and dispute resolution mechanisms, among other things.
  • Legal clarity on the nature and enforceability of any redemption rights and the process for redemption. In particular, users should be clear on what claims they have – against the reserve assets, the issuer or any guarantors – and on how those claims would be treated in the event of insolvency.
  • Systems that can adapt to new regulatory requirements as necessary. As international standards evolve, GSC arrangements will need to be able to adjust their operations as needed to maintain compliance.

2. Regulatory gaps

One of the primary purposes of the FSB’s work was to help national authorities identify any regulatory gaps which stablecoins may fall into. Given the cross-border nature of GSCs and the risks of regulatory arbitrage, the FSB is particularly concerned that national authorities address any such gaps in order to reach common international standards.

The report sets out a helpful framework (in Annex 2) to assist national authorities in conducting their own gaps analysis. However, it highlights the following common gaps in particular, based on survey responses:

  • Incomplete implementation of the AML/CTF recommendations of the Financial Action Taskforce (e.g. for peer-to peer transfers).
  • Inability to supervise an arrangement that falls outside existing frameworks (e.g. as e-money or a security). 
  • Incomplete regulation of exchanges, trading platforms, wallet providers and other market participants engaged in activities that are economically similar to those that currently fall within the regulatory perimeter.
  • No specific capital or liquidity requirements for issuing stablecoins or managing reserve assets.
  • Incomplete measures to address cyber security or operational risks in relation to the technology used for operating the infrastructure, validating transactions or storing keys in wallets.

As we know, the European Commission has been seeking views on a number of these issues in its ongoing consultation on crypto-assets.

3. How GSCs will be supervised across borders

Typically, cross-border supervision of financial institutions and financial market infrastructures is based on the concepts of “home” and “host” jurisdictions. The supervisor in the “home” jurisdiction takes primary responsibility for consolidated supervision and cooperates with authorities in relevant “host” jurisdictions as needed.

The FSB report identifies that these concepts may not sit well with GSC arrangements, which are often operated through loose networks of entities and control structures. As such, it flags that new forms of cooperation may be needed.

It stresses the importance of supervisory collaboration and information sharing in this regard, and points to various international standards and examples of bespoke arrangements to guide authorities through these new waters.

Next steps

The FSB has invited stakeholders to comment on its consultation report by 15 July 2020. It aims to publish a final report in October 2020.

Our global Fintech team welcomes any questions that you may have concerning the FSB consultation paper, stablecoins or any other digital assets or matters.

US SEC issues new guidance on Cybersecurity and Resiliency: Is your firm prepared?

While the SEC acknowledged that there is no “one-size fits all” approach, a recent discussion by its Office of Compliance Inspections and Examinations is a useful guide as to the industry practices and measures that OCIE may consider when assessing an organization’s cybersecurity preparedness and potential deficiencies. As in recent years, cybersecurity will continue to be a key element of OCIE’s examination program in 2020 and will likely remain an examination priority for years to come.

The Office of Compliance Inspections and Examinations of the U.S. Securities and Exchange Commission (recently published its Cybersecurity and Resiliency Observations to guide market participants in enhancing their cybersecurity preparedness and operational resiliency.

Based on its recent examinations of broker-dealers, investment advisers and other SEC registrants, OCIE identified certain measures and industry practices that, when implemented, OCIE believes can effectively combat cybersecurity risk.

Does your firm have a documented, tailored approach to governance and risk management?

Risk assessments

Firms should conduct risk assessments to identify cybersecurity risks specific to their organizations (e.g., remote or traveling employees, insider threats, international operations and geopolitical risks). 

Written policies

Firms should also adopt and implement comprehensive written polices to address such risks and establish and conduct regular and frequent testing and monitoring of their cybersecurity policies and programs. If testing uncovers vulnerabilities, firms should respond promptly to address any gaps and weaknesses in their policies.

Senior leadership engagement

Finally, OCIE noted that active engagement from a firm’s senior leadership is a hallmark of an effective cybersecurity program. A firm’s senior leaders and board should therefore devote appropriate attention to understanding, prioritizing, communicating and mitigating cybersecurity risks.

How does your firm limit access rights and what internal controls are in place?

Firms should implement and actively monitor access controls that limit access to sensitive systems and data to those with a legitimate and authorized business need. Access should, among other things:

  1. be monitored, adjusted and terminated, as appropriate, during personnel onboarding, transfers and terminations
  2. be periodically recertified, particularly for users with elevated privileges
  3. require the use of strong and periodically changed passwords
  4. utilize multi-factor authentication, including through applications or key fobs that generate an additional verification code. 

Firms should also monitor for failed login requests, account lockouts and requests for username and password changes.

How well do you know and trust your vendor’s data security practices to keep your firm’s data safe?

Firms should implement vendor management programs to engage and monitor vendors that meet requisite security requirements, including by leveraging questionnaires based on industry standards and arranging for independent audits.

Firms should also understand all vendor contract terms, including how responsibilities and expectations are allocated between the firm and the vendor, and to ensure that the firm has procedures in place to terminate or replace vendors as necessary.

Each vendor relationship should be re-evaluated on an ongoing basis to ensure that vendors are adapting to new cyber-threats and a firm’s evolving business.

Does your firm have a working incident response plan in the event of a breach, and when was it last tested?

Incident response plans

Firms should develop a risk-assessed incident response plan to address various cybersecurity breaches and other incidents (including, among other scenarios, denial of services attacks, malicious disinformation, ransomware and key employee succession).

Firms should implement, maintain and regularly test policies and procedures that address, among other things:

  • timely notification and response if an event occurs
  • a process to escalate incidents to the appropriate levels of management, including legal and compliance
  • communication with key stakeholders, including notifying customers, clients and employees that their data is compromised.

Communication plans and training

Firms should have a plan in place to communicate with the appropriate regulatory authorities and to comply with any applicable reporting requirements. In addition, firms should designate and train employees for specific roles and responsibilities in the event of a cyber incident.

Backup plans

Finally, firms should assess vulnerabilities specific to their business operations and should consider implementing safeguards (e.g., back-up systems, geographic separation of back-up data, cyber insurance, etc.) to ensure the resiliency of core business operations and systems in the event of a cyber incident.

Are employees trained on and aware of the firm’s cybersecurity program?

OCIE identified employee training as a key component of an effective cybersecurity program. Firms should train staff on the implementation of the firm’s cybersecurity program, including by providing specific cybersecurity and resiliency training (e.g., phishing exercises and exercises to help employees identify and respond to indicators of suspicious behavior and breaches).

Firms should also monitor to ensure employees attend trainings and should re-evaluate and update trainings to account for new cyber threats.

Has your firm adopted adequate mobile device security policies, especially for BYODs?

Firms are encouraged to implement a mobile device management application or similar technology, including for email, calendar, data storage and other activities. Firms that utilize a “bring your own device” policy should ensure that their mobile device management solutions work with all mobile phone/device operating systems.

Firms should also implement additional security measures (e.g., multi-factor authentication, preventing the transmission of sensitive information to personally-owned computers, tablets and smartphones, and ensuring the firm’s ability to remotely clear data from lost devices or devices belonging to former employees). Firms should also ensure that personnel and employees are trained on mobile device policies and best practices.

What data security measures has your firm implemented to prevent data loss and breaches?

Firms should implement policies and procedures to ensure that sensitive information is not lost, misused or accessed by unauthorized users. Such policies and procedures include, among others:

  • conducting routine scans of software code, web applications, servers, databases, workstations and endpoints within the firm and third-party providers
  • implementing firewalls, intrusion detection systems, email security capabilities and web proxy systems
  • monitoring access to personal email, cloud-based file sharing services, social media sites and removable media
  • implementing capabilities that detect threats on endpoints, including products that can identify incoming fraudulent communications to prevent unauthorized software or malware from running
  • establishing a patch management program covering all firm software and hardware, including anti-virus and anti-malware installation
  • maintaining an inventory of all of the firm’s hardware and software
  • utilizing encryption to secure data and systems
  • implementing programs to identify and block the transmission of sensitive data (e.g., account numbers, social security numbers, trade information and source code)
  • establishing procedures to ensure legacy hardware and software is decommissioned safely, including by removing sensitive information prior to disposal.
Is your firm’s cybersecurity program in line with industry practice?

Market participants must always consider their businesses’ resources and operational needs when developing and implementing an effective cybersecurity program. Nevertheless, the measures discussed in OCIE’s most recent guidance provide useful insight into the industry practices and measures OCIE is likely to consider and evaluate in future examinations.

While these measures are neither mandatory nor exhaustive, they are instructive and warrant particular attention. We recommend that U.S. firms review their cybersecurity programs with these core data security elements in mind and consider improvements before their next examination.

Hong Kong regulator imposes new terms and conditions on virtual asset fund managers

The Securities and Futures Commission (SFC) in Hong Kong has published pro forma terms and conditions which will be imposed on SFC-licensed virtual asset fund managers as a condition of their licence. All virtual asset fund managers will now be subject to the pro forma set of terms and conditions, subject to minor variations depending on individual business models and circumstances.


The SFC announced back in November 2018 a regulatory framework which would apply to SFC licensed firms which managed, or planned to manage, funds which included virtual assets. As part of this framework, the SFC is imposing terms and conditions on such “virtual asset fund managers” as a condition of their licence. It has now released the pro forma set of terms and conditions on its website.

The SFC intends for all virtual asset fund managers to meet the same standards, subject only to minor variations depending on individual business models and circumstances. This is regardless of whether the assets invested in amount to securities or futures. The aim is to ensure a consistent and high level of investor protection.

The introduction of the regulatory framework last year is not an attempt to bring all virtual assets into the SFC’s regulatory perimeter, but rather to create an enhanced set of rules for SFC licensed firms who are dealing with unregulated instruments, such as virtual assets, in addition to their activities involving regulated instruments.

What constitutes a “virtual asset fund manager”?

To fall within this definition, a firm must:

  • be licensed by the SFC;
  • manage a fund, or portion of a fund, that invests in virtual assets; and
  • either (a) have a stated fund investment objective to invest in virtual assets or (b) intend for a fund to invest 10% or more of its gross asset value in virtual assets.

The SFC has a wide definition for “virtual assets”, which covers “digital representations of value which may be in the form of digital tokens (such as digital currencies, utility tokens or security or asset-backed tokens), any other virtual commodities, crypto assets or other assets of essentially the same nature, irrespective of whether they amount to “securities” or “futures contracts” as defined under the [Securities and Futures Ordinance (SFO)]”.

What is covered by the terms and conditions?

Many of the terms and conditions set out standards and requirements that firms which are licensed by the SFC will recognise and adhere to already, albeit that the focus is on virtual asset funds and virtual asset fund managers. The areas covered include:

  • General principles: these are similar to those in the SFC’s Code of Conduct for Licensed Persons and include, for example, principles on honesty, conflicts of interest, disclosure and senior management responsibility.
  • Organisation and structure: these include requirements to maintain effective compliance, organisation and resources, AML/CTF safeguards, risk management and audit.
  • Fund management: these include requirements around liquidity, operating the fund and managing transactions for the fund and custody (which includes a requirement for the fund managers to assess the most appropriate custodial arrangement for holding the fund’s virtual assets, e.g. independent custodian or self-custody, host locations, use of hot or cold wallets).
  • Dealing with the fund and fund investors: these relate to marketing (for example, only professional investors may invest in virtual asset funds), provision of information to clients and fees, commissions and rebates.
  • Reporting to the SFC: any actual or suspected material non-compliance with the terms and conditions should be reported to the SFC as soon as possible.
What happens if a firm fails to comply?

A failure to comply will be treated as misconduct under the SFO, which will reflect adversely on the fund manager’s fitness and properness, and could result in disciplinary action by the SFC. However, the SFC has said that it will take a pragmatic approach, taking into account all relevant circumstances, including the size of the virtual asset fund manager, and any compensatory measures implemented by its senior management.

What now?

The terms and conditions are already in use by the SFC. Firms are required to inform the SFC if they plan to manage portfolios that involve virtual assets. The SFC will review the plan and if it believes the firm can meet the regulatory expectations, it will impose the terms and conditions on the firm (with any necessary variations). If the firm does not accept those terms and conditions, it will not be permitted to manage portfolios that involve virtual assets.

Tokenised securities: a new roadmap for market participants and regulators in Asia

ASIFMA, the financial industry’s leading trade association in Asia, has released a new roadmap to tokenised securities for market participants and regulators. The paper was developed in collaboration with its members, including Linklaters. As well as highlighting key issues for issuers and financial institutions, it sets out what is needed from a regulatory and technology perspective to build a strong enabling environment.

A new roadmap to tokenised securities

The Asia Securities Industry and Financial Markets Association (ASIFMA) has released a new paper entitled “Tokenised Securities: A Roadmap for Market Participants and Regulators”.

The paper aims:

  • to act as a roadmap for incumbent financial institutions that wish to understand how a tokenised offering can be executed;
  • to inform issuers about the key issues that will be relevant to their stakeholders; and
  • to articulate what is needed from a regulatory and technology perspective to build a strong and enabling environment.

It does so by examining key aspects of the tokenised security lifecycle, including structuring, issuance, distribution, primary listing, secondary trading, custody, portfolio management, advisory and market making.

The paper has been developed in collaboration with ASIFMA members, including Linklaters, with input from several exchanges and technology platforms.

Tokenised securities vs security tokens

The paper distinguishes between “tokenised securities” (which represent securities that exist outside of a blockchain) and “security tokens” (which are “blockchain native” and do not exist in any other form). It is more focused on the former. However, it acknowledges that the differentiation between the two types might blur over time, and that much of the paper can apply to both.

ASIFMA’s outlook

Whilst acknowledging that the extent and timing of adoption remains uncertain, ASIFMA lays out its belief that “tokenised securities will impact traditional finance and act as a bridge between legacy finance and the new digital world”. It also notes that it can “contemplate a future scenario where security tokens (blockchain-native securities) are the norm”.

Click here to read the full report.

UK confirms legal status of cryptoassets and smart contracts
The UK Jurisdiction Taskforce (UKJT) – part of the LawTech Delivery Panel – has issued a legal statement on the status of cryptoassets and smart contracts under the law of England and Wales, providing legal certainty for the first time

The consultation process

The UKJT conducted a consultation process prior to the issue of the statement to address issues of perceived legal uncertainties with respect to these new technologies. Linklaters led on the drafting of that consultation paper and this summer assisted in running a public event seeking input from market participants.

The legal statement

Linklaters also provided input on the legal statement itself which has resolved the uncertainties around how cryptoassets and smart contracts might be treated under English law. Providing legal certainty on the status of cryptoassets and smart contracts for the first time, the landmark statement recognises the asset class as property and smart contracts as enforceable under English and Welsh law. The influential statement is a critical step in the future application of private law to transactions involving cryptoassets.  

FAQs on the legal statement

Below, we consider at a very high level the key takeaways from the legal statement, and we will follow up in due course with our more detailed analysis.

1. What were the main conclusions of the legal statement?

The legal statement provides confirmation that, under English law:

  • cryptoassets are capable of being owned; and
  • smart contracts can be, or be part of, binding legal contracts.

The legal statement demonstrates the flexibility and adaptability of English law, in particular in relation to new developments, technologies and structures of modern commerce.

2. If a cryptoasset can be owned, what exactly is the asset?

The asset is the set of arrangements that gives rise to the ability to update or spend (i.e. render inert or retire) certain data, to the exclusion of another party.

The legal statement notes that the asset is not any of the public or private keys, or the distributed ledger data itself. None of those constitute property but rather they are mere information. Instead, the asset is something that arises from their combination with the relevant system rules (including the embedded cryptography): the exclusive ability to update or spend transaction data.

3. Does control of a private key confer ownership of a cryptoasset?

Sometimes, but not always.

The legal statement describes the owner of a cryptoasset as “a person who has acquired control of a private key by some lawful means” (paragraph 43). It also confirms, however, that it is possible (although in certain circumstances perhaps unwise) for the original owner of a cryptoasset to transfer ownership of that cryptoasset “off-chain” (for example, through a symbolic transfer of the private key to a third party).

4. How can a cryptoasset be transferred?

By way of an “on-chain” or an “off-chain” transfer:

  • an “on-chain” transfer is what is typically understood by a “transfer” of a cryptoasset, resulting in the relevant records on the ledger being updated;
  • an “off-chain” transfer relates to any other transfer. The legal statement notes that an off-chain transfer is vulnerable to a supervening on-chain transfer (paragraph 48).

5. What exactly is transferred in an on-chain transfer?

The legal statement makes clear that an “on-chain” transfer is not strictly a transfer: the asset “spent” by the transferor is a different asset to that received by the transferee. This is because the property of the transferor is consumed or destroyed (the spent cryptoasset cannot be spent again) and an entirely new cryptoasset is created that can in turn be spent by the transferee (see paragraph 45).

6. Who owns a cryptoasset in the event of unlawful spending (for example, following a hack)?

The legal statement does not address this question directly.

A person may have created or acquired control of a private key quite lawfully whilst unlawfully causing the cryptoasset to be spent in someone’s favour (such as a hacker) on-chain. Given the legal statement confirms (paragraph 45) an “on-chain” transfer creates a new asset, such a person would, in our view, likely be regarded in law as the owner of the new asset. That person’s ownership interest would, however, remain subject to certain remedies available to the victim of the unlawful spending.

7. What are the implications for permissioned DLT applications?

That depends on the specific features of the permissioned system: subject to those features, the conclusions in the legal statement may or may not apply (as is recognised in the legal statement in paragraph 33).

That said, the legal statement is helpful in that it provides guidance for those permissioned DLT systems that do intend to establish a native digital asset capable of being owned as to the features that system must have in order to achieve that end.

8. The legal statement concludes that cryptoassets are not negotiable. Isn’t this a significant drawback?

No: although the legal statement concludes cryptoassets are not negotiable in the strict legal sense, the legal nature of on-chain transfers is such as to render cryptoassets equivalent to negotiable instruments (paragraph 124).

9. Can a trust or bailment be created over a cryptoasset?

The legal statement concludes that it is possible to declare a trust over an ownership interest in a cryptoasset (paragraph 133).

However, as the legal statement concludes that as a cryptoasset is not a physical thing, it cannot be subject to a possessory relationship, such as a bailment, a lien or a pledge.

10. How can security be taken over a cryptoasset?

By way of charge or mortgage, but not pledge or lien.

11. What are the implications for non-native cryptoassets?

The legal statement notes that cryptoassets may represent or be linked to rights, assets, services or other things (paragraph 68) (non-native cryptoassets). Such linkages will need to be examined to determine if they create separate legal or property rights. We expect any such rights to attach to (and be distinct from) ownership of the cryptoasset.

More details

Read our press release for more details and for access to the full publication and the consultation paper.

G7 outlines key risks to be addressed by stablecoin developers and regulators

Stablecoins – particularly global stablecoins, like Facebook’s Libra – pose new and serious risks for the world economy, according to the G7. Its stablecoin working group has released a report on the risks and challenges stablecoin developers and regulators should address. For example, establishing a sound legal basis in all relevant jurisdictions is an “absolute prerequisite”. The FSB is building on this work and will report next year on the adequacy of existing regulatory approaches.

Assessing and addressing regulatory gaps is a G7 priority

At their meeting earlier this year, the G7 Finance Ministers and Central Bank Governors agreed that stablecoins pose serious regulatory risks and require prudent supervision. It is not always clear how stablecoins fit in to existing regulatory frameworks or indeed whether those frameworks are sufficient. And so the G7 prioritised its assessment of possible regulatory gaps for stablecoins and the G7 Working Group on Stablecoins has now released its final report setting out its recommendations.

The failings of existing payment systems

The working group found that current payment systems still have two major failings:

  • Lack of universal access: 1.7bn adults still do not have a transaction account, and this can impede their access to further financial services such as credit, savings and insurance.
  • Inefficiencies in cross-border retail payments: Cross-border payments “remain slow, expensive and opaque, especially for retail payments such as remittances”. 

There is room, therefore, for innovation to improve current arrangements. 

Cryptoassets vs stablecoins vs global stablecoins

Various types of digital payment coin have been emerging in the private sector which seek to address these challenges. The report distinguishes between the following categories:

  • The first wave of cryptoassets (such as Bitcoin) which are not backed by any claims, rights or interests in the real world. These, it finds, have so far proved too volatile and complex to serve as a reliable store of value or means of payment.
  • Stablecoins share certain features of cryptoassets but also represent a claim, either on a specific issuer or on underlying assets or funds, or some other right or interest. It considers stablecoins to have greater potential to improve the efficiency of payments, if designed appropriately.
  • Global stablecoins (GSCs) are those sponsored by large tech or financial firms which have the potential to scale rapidly to achieve a global or other substantial footprint. GSCs pose additional systemic risks on top of those generally applicable to stablecoins and so attract closer scrutiny.
Risks and challenges relevant to all stablecoins

The report identifies a list of legal, regulatory, oversight and public policy issues that developers of all stablecoins, regardless of scale, would need to address, as summarised below. 

  • Legal certainty: “A well founded, clear and transparent legal basis in all relevant jurisdictions is a prerequisite for any stablecoin arrangement”. Relevant issues include legal characterisation (for example, whether it is considered a money equivalent and whether it gives property rights), conflicts of laws and the legal underpinning of the payment system (including, for example, the basis for settlement finality).
  • Sound governance: “Sound governance must be clearly established prior to live operations”. Relevant issues include oversight of third-party providers, establishing appropriate lines of responsibility and accountability in distributed systems, and segregation of reserve assets.
  • Financial integrity (AML/ CTF): “Public authorities will apply the highest international standards relating to virtual assets and their providers with regard to AML/CTF.” The Financial Action Task Force (FATF) has also released a statement on how it will assess implementation of its new standards for virtual assets
  • Safety, efficiency and integrity of payment systems: “Regulatory and policy frameworks are expected to remain technology-neutral and not hinder innovation, while ensuring that it is safe and robust”. Inadequately designed payment systems pose various systemic risks. The CPMI-IOSCO principles are one useful source of guidance for addressing these types of risk.
  • Cyber and other operational risk considerations: “Public authorities will require that operational and cyber risks from stablecoins be mitigated through the use of appropriate systems, policies, procedures and controls”. One issue is that the complexities of distributed systems could be a limitation when it comes to operational scalability, for example in ensuring transactions are processed on a real time basis.
  • Market integrity: “A stablecoin arrangement must ensure fair and transparent pricing in both primary and secondary markets”. Under some designs, market makers could have significant market power, leaving room for market abuse. Where stablecoins are linked to a portfolio of assets, knowledge or speculation about rebalancing could also allow for market manipulation. Certain business structures also raise concerns around conflicts of interest.
  • Data protection: “Authorities will apply appropriate data privacy and protection rules to stablecoin operators, including how data will be used by the participants in the ecosystem and shared between the participants and/or with third parties”. Issues can arise in cross-border arrangements where regulatory approaches to data protection differ. 
  • Consumer / investor protection: “As with any nascent technology, additional work may be required to ensure that consumers and investors are informed of all material risks as well as their individual obligations.” If a stablecoin is considered to be a security or financial instrument, the issuer may need to provide a prospectus and those engaged in clearing and settlement may be subject to rules for custodians and clearing agencies, for example.
  • Tax compliance: “Stablecoin operators and users and other relevant parties are expected to comply with applicable tax laws and mitigate potential avoidance of tax obligations”. There remains uncertainty around the legal status, and thus the tax treatment, of stablecoins. For example, if treated akin to payments, transactions in stablecoins could attract sales tax. If treated as a security, on the other hand, tax liabilities may arise when the underlying value of the stablecoin fluctuates relative to fiat currency.
Global stablecoins pose additional public policy challenges

According to the report, the issues above are amplified for GSCs. In addition, it concludes that GSCs pose challenges in the following areas: 

  • Monetary policy: For example, if a GSC is widely used as a store of value, it could (depending on the design) weaken the effect of monetary policy on domestic interest rates. Also, if a GSC, in facilitating cross-border payments, makes it easier to substitute domestic assets for foreign ones, this could further undermine domestic monetary control. The inability to hold sovereign-to-sovereign discussions on monetary policy implications is another challenge.
  • Financial stability: GSCs pose various threats to financial stability. Some threats relate to, and could be addressed by, the ecosystem of the GSC itself. For example, the mechanism used to stabilise the value of a GSC would need to incorporate high standards of financial risk management to address market risk as well as credit and liquidity risk (arising, for example, as a result of exposures under the reserve assets). However, the use of GSCs could also have an impact on the broader financial system and the real economy. For example, if consumers increasingly store their wealth in GSCs, bank deposits may decline. For banks, that could mean a need to switch to more costly and volatile sources of funding. For consumers, that could mean greater exposure to a riskier asset class and the risk of losing substantial portions of their wealth.
  • Fair competition: GSC arrangements could achieve market dominance from, for example, network effects and exponential benefits of access to data. These issues are being considered among competition authorities on a global level.
What’s next?

The report recommends that national authorities align their regulations to international standards (such as the CPMI-IOSCO principles and FATF standards referred to above) and apply these standards to stablecoin arrangements.

The Financial Stability Board has announced that it will build on the work of the G7 working group to take stock of existing regulatory approaches and consider whether they are adequate and effective in addressing financial stability and systemic risk concerns. It will report on possible multilateral responses to the G20 Finance Ministers and Central Bank Governors in April 2020.

The G7 report also encourages ongoing work in the public sector to improve current payment systems. It invites central banks, finance ministries and standard-setting bodies to develop road maps for improving efficiencies in payments. Central banks will also continue to assess the relevance of issuing central bank digital currencies.

European supervisor sets new deadline for strong customer authentication

Rules for payment service providers requiring strong customer authentication for some electronic payments have, strictly speaking, applied since 14 September 2019. But, earlier in the year, the European Banking Authority suggested that firms could be given extra time to implement SCA. It has now set a long-stop date for completing the move to SCA, but it is a shorter timeframe than that proposed by most of the industry and some regulators, including the UK’s FCA.

SCA migration to be completed by the end of 2020

The EBA has published an opinion calling for payment service providers’ migration to SCA to be completed by 31 December 2020. This is three months shorter than the 18-month extension period which, based on an EBA survey, was requested by most of the industry.

In the UK, following industry discussions, the Financial Conduct Authority had announced it would delay enforcing SCA for e-commerce card transactions until March 2021. The Banque de France had also had indicated that more time would be needed for full SCA compliance. It is unclear how the FCA and Banque de France will respond to the latest EBA announcement. Most other national regulators were waiting for the EBA to announce an EU-wide deadline.

Before SCA took effect in September, the EBA had suggested that some payment service providers may be given additional time to prepare for SCA in relation to e-commerce card transactions. That additional time does not cover SCA for accessing online banking (although, separately, the FCA has allowed a six-month grace period for this in the UK).

Why did the EBA not provide a longer extension?

The EBA opinion acknowledges the calls from industry for an 18-month extension but notes that:

  • the request for a longer extension was based, in part, on the time it would take for specific technology (the 3DS V2.2 communication protocol) to be developed which is not, in the EBA’s view, the only way to achieve SCA compliance;
  • that technology would factor in the full range of exemptions available for SCA but, in the EBA’s view, this was not reason enough to delay the general application of the rules; and
  • the relevant technical standards have been public for long enough for the industry, in the EBA’s view, to have implemented the necessary IT changes.

For these reasons, the EBA concluded that providing “supervisory flexibility” until the end of next year should allow enough time for payment service providers, and merchants, to complete the move to SCA.

What is SCA?

Strong customer authentication aims to increase the security of payments and reduce the risk of fraud. It was introduced under PSD2 and involves authenticating electronic payments using at least two out of three of the following:

  • knowledge (something only the user knows, like a password)
  • possession (something only the user has, like credit card)
  • inherence (something the user is, like a fingerprint).
Milestones laid down for achieving SCA migration

As well as setting a long-stop date for compliance, the EBA opinion sets out a timeline with various objectives for national regulators to meet at specific milestones during the SCA extension period. 

For example, by the end of this year regulators must require payment service providers to:

  • identify the authentication approaches that they currently use,
  • divide them into those that are SCA compliant and those that are not, and
  • provide plans for “expedited migration” of non-compliant approaches.
What happens next?

The EBA recommends that regulators:

  1. Stick to the new deadline;
  2. Require payment service providers to meet the milestones in the timeline;
  3. Emphasise that regulatory forbearance for not complying with the law is subject to the payment service providers respecting the milestones; and
  4. Remind payment service providers that the PSD2 liability regime applies and that therefore payment service providers have a self-interest in complying with SCA as soon as possible.

The FCA has not yet made a statement in response to the EBA opinion and so it remains to be seen whether it will bring forward its March 2021 deadline.

The Future of Finance: introducing our new mini-series

How the Bank of England envisages portable data and an SME finance platform creating “Open Finance”

The third instalment of our Future of Finance Series looks at the Bank of England’s vision of “Open Finance” and how richer data analysis and sharing together with an open finance platform, could improve access to SME finance.

MAS invites applications for digital bank licences in Singapore

The Monetary Authority of Singapore (the “MAS”) announced on 29 August 2019 that it has opened applications for digital bank licences in Singapore. This marks a new chapter in Singapore’s banking liberalisation journey, and ensures the continued resilience, vibrancy and competitiveness of its banking sector.

Under the framework, the MAS will issue up to 2 digital full bank licences and up to 3 digital wholesale bank licences to non-bank players in Singapore.

In this post, we set out key points of interest on the licence application process and assessment criteria.

Application process


Assessment criteria

The MAS will assess licence applications under the following criteria:

1. Value proposition

Applicants should demonstrate their ability to cater to unmet financial needs or underserved segments of the market through an innovative and sustainable digital banking business model. Digital banks should therefore operate more nimbly using new technology stacks, with a lower cost structure than traditional banks.

2. Ability to manage a prudent and sustainable banking business

  • Applicants must demonstrate their understanding of key risks in a banking business through their business plans and financials, including their customer acquisition plan and path towards profitability.
  • Digital banks should be profitable on a standalone basis, and reliance on unfairly favourable transaction terms with related parties to generate short-term profits will generally be considered unsustainable.
  • Although the MAS has not specified a definitive time period by which a proposed bank must breakeven, it may consider an applicant whose financial projection shows an earlier break-even year favourably.

3. Growth prospects and other contributions to Singapore’s financial centre

 Applicants should demonstrate their prospects for growth and contribution to Singapore’s financial centre. They may do so in the following (non-exhaustive) ways:

  • Introduction of new innovative business models, financial products, services or technologies to Singapore;
  • Contribution to Singapore’s financial sector growth strategies in areas such as SME financing, trade financing, wealth management, sustainable financing and insurance;
  • Commitment to building up specialised talent locally in areas such as cyber security, cloud computing, full stack development, data analytics, artificial intelligence/machine learning, APIs and microservices, as well as user experience design; and/or
  • Plans to anchor and grow their operations in Singapore, or to use Singapore as a base for regional or global operations.
Going forward
  • Additional licences: The MAS will continue to monitor market developments and review the need for additional digital bank licences to be issued in the future. They have stressed the necessity of managing the number of players in the banking sector in order to prevent market fragmentation and inefficiency.
  • Additional supervisory requirements: The MAS has cautioned that it will monitor market dynamics for value-destructive behavior after digital banks go live, and impose additional supervisory requirements or restrictions where necessary to ensure a level playing field.

For further details on digital banks’ eligibility and business conduct requirements, please see our July 2019 client alert.

Please reach out to any of your Linklaters contacts for further information on the application process.

Bank of England sets out its stall for assessing payments innovation

Payment systems have an important, although sometimes overlooked, role in the broader UK financial system. Facebook’s proposal to launch a digital currency for retail payments within its network has prompted regulators to consider their approach to innovation in the payments sector more generally. At a recent meeting of its Financial Policy Committee, the Bank of England suggests how these innovations should be assessed.

Three principles for ensuring payment systems support financial stability

In the record of its latest quarterly meeting, the FPC welcomes the exploration of alternative ways to improve cross-border and domestic payments. However, ensuring new solutions support financial stability is a key concern. And so, the FPC has agreed the following three principles for assessing how regulation should respond to fast-moving developments in the payments sector.

  • Principle 1 – financial stability risk is more important than legal form Firstly, according to the FPC, regulation should reflect the financial stability risk, rather than the legal form, of payments activities. In other words, the same level of risk should attract the same level of regulation.

    The FPC’s concern is that use of innovative forms of payment (such as digital assets) could become widespread but not necessarily subject to the same level of regulatory oversight as prevailing payment methods (such as debit cards). The FPC reiterated the point that innovative structures are making it increasingly important to apply regulation based on functions undertaken rather than merely the type of entity involved. See also our blogpost on Protecting the financial system as the market changes.

  • Principle 2 – every link in the payment chain should be resilient Secondly, the FPC calls for end-to-end operational and financial resilience across payment chains. Payment chains typically connect payers and payees via multiple payment services firms, payment systems and other financial market infrastructure. Their length and complexity have been increased by new technology and new market participants.

    The FPC is concerned that, when it comes to resilience, these chains are only as strong as their weakest link. For example, it notes that: “The resilience of the proposed Libra system would rely on the stability of not just the core elements of the Libra Association and Libra Reserve but also the associated critical activities conducted by other firms in the Libra ecosystem such as validators, exchanges or wallet providers”.

    Operational resilience is a regulatory priority and the UK regulators, including the Bank of England, are going to propose new rules and guidance for financial institutions shortly. Read our publication on Building the UK financial sector’s operational resilience for more.

  • Principle 3 – data should be made available so that risks can be monitored and addressed Finally, according to the FPC, sufficient information about payments activities should be made available. Their concern is that supervisors may be blindsided to risks that could emerge from innovative payment systems. With more data, there is more chance of identifying risks to financial stability and addressing them appropriately.
The potential systemic importance of Libra

In the FPC’s view, Libra has the potential to become a systemically important payment system. This means it would need to meet the highest standards of resilience and be subject to appropriate supervisory oversight.

The FPC stressed that the terms of engagement for innovations such as Libra must be adopted in advance of any launch. This echoes comments previously made by Mark Carney on Libra – see also our blogpost on Paving the road for a diversity of payment options.

What is the Financial Policy Committee?

The Bank of England’s Financial Policy Committee looks out for risks in the financial system. As well as payments, its latest meeting considered Brexit, the UK-China trade war, the liquidity of some investment funds and LIBOR transition.

Next steps

The Treasury is leading a review of the payments landscape which includes looking at its resilience and how regulation can keep pace with innovation. The FPC suggests that its principles could inform any assessment of current payments regulation in that review.