FinTech Global FS Regulatory Round-up - w/e 23 May 2025 | Herbert Smith Freehills

ICYMI

Cross Examining Cyber EP17: Google Mandiant’s Karen Kukoda
European Commission adopts revised DORA Subcontracting RTS – a partial retreat on monitoring sub-contractors?
Court lambasts citation of fake authorities in proceedings and orders wasted costs- AI

Global

FSB convenes forum on cross-border payments data

The Financial Stability Board (FSB) hasannouncedthat it has convened, for the first time, a forum on cross-border payments data, in collaboration with the Organisation for Economic Co-operation and Development (OECD) and the Financial Action Task Force (FATF).

The forum brought together experts from the private and the public sector – including data privacy and protection authorities – to discuss how to address data-related frictions in cross-border payments. Participants discussed both current and future initiatives that could take forward the FSB's 2024recommendationsto promote the harmonisation and consistent implementation of payments-related data requirements across jurisdictions. [21 May 2025]#Payments

IOSCO: Statement on combatting online harm and the role of platform providers

IOSCO haspublisheda statement on combatting online harm and the role of platform providers. Following the launch of the IOSCO International Securities and Commodities Alerts Network (I-SCAN) in March 2025, a global database of unlicensed firms providing investment services or engaging in illegal financial activities, IOSCO welcomes efforts by some platform providers to disrupt the misuse of their products and services by bad actors.

The statement also sets out a number of measures which can help disrupt online harm involving financial misconduct, including:

Due diligence on unauthorised offerings: Conducting due diligence, including by using I-SCAN, to ensure that entities seeking to advertise paid content on their platforms are legally authorised to operate in the targeted jurisdictions and are not the subject of investor warnings by regulators.
User compliance: Rigorously enforcing applicable terms of services by monitoring and swiftly removing investment scam content or advertisements that violate platform policies.
Internal processes: Developing and regularly updating appropriate internal rules, policies, processes, and tools for detecting scams.
Legal requirements: Ensuring knowledge of and compliance with all applicable local laws and regulations in the jurisdictions where the platform provider company operates.
Direct engagement with regulators: Establishing active communication channels with financial regulators and governmental authorities to enable effective information sharing, including referrals of identified fraudulent activity. Collaboration with national regulators can help produce tailored and jurisdiction-specific strategies to combat online financial misconduct.

IOSCO calls on platform providers to adopt these measures as part of the 'urgent effort to combat online harm'. [21 May 2025] #Platforms #Scams

IOSCO: Final report – Digital engagement practices

IOSCO haspublishedits final report on digital engagement practices (DEPs). The report considers the existing IOSCO work; members’ regulatory approaches to DEPs; and other international standards and guidance to identify potential issues and gaps. IOSCO recognises that there is currently no global standard on how regulators and other stakeholders should consider addressing any challenges that may stem from the increased use of DEPs by market intermediaries.

The report sets out ten recommendations when market intermediaries use DEPs for investment advice or recommendations, covering:

market intermediaries should take reasonable to ensure that DEPs do not influence retail investor behaviour to the benefit of the market intermediary and detriment of the retail investor;
the design of DEPs should not be such that DEPs increase transaction volume and fees for the market intermediary, without regard to the interests of retail investors;
market intermediaries that use DEPs should hold the relevant licence/regulatory status and comply with the rules pertaining to the provision of those investment services;
market intermediaries should have risk management systems to help ensure that the use of any DEPs does not result in the provision of any investment services without the required license;
market intermediaries should ensure that the use of DEPs is in line with the relevant jurisdictional regulatory frameworks governing suitability;
market intermediaries should ensure that DEPs are not used for products and services that are inconsistent with the retail investor profile;
market intermediaries should carry out regular monitoring to ensure DEPs do not put the interests of the market intermediary above those of the retail investor;
market intermediaries should have reasonably designed procedures in place and take appropriate steps to identify and prevent or manage any conflicts of interest between themselves and their retail investors;
market intermediaries using DEPs should provide adequate disclosures to retail investors; and
IOSCO members should consider using DEPs for investor education purposes. [19 May 2025] #DigitalEngagementPractices

IOSCO: Final report – Online imitative trading practices: copy trading, mirror trading, social trading

The International Organization of Securities Commissions (IOSCO) haspublishedits final report on online imitative trading practices, which covers copy trading, mirror trading and social trading. The report highlights the potential for investor harm due to the automated nature of these strategies and identifies a growing intersection between imitative trading strategies and the activity of financial influencers ('finfluencers'). In light of these concerns, the report identifies a number of good practices for market intermediaries, including:

examining whether their copy trading services fall into the provision of investment advice, individual portfolio management and/or other regulated activities or services requiring registration or licensing;
monitoring their marketing activities regarding the promotion of copy trading services and marketing activities carried out by lead traders operating on the market intermediary’s platform for compliance with jurisdictional regulatory requirements;
setting up procedures for the selection and removal of lead traders who operate on the market intermediary’s platform, taking into account, for example, qualification, level of knowledge, competence, and the number and nature of complaints;
regularly reviewing the conduct of lead traders and the outcomes of copy traders for compliance with the applicable laws and regulations of the pertinent jurisdictions, employing, if possible, technology for enhanced surveillance; and
assessing the conflicts of interests that may arise in the provision of copy trading services, including where the market intermediary’s remuneration structure of lead traders may generate conflicts of interests between lead traders and copy traders or between the market intermediary and copy traders. [19 May 2025]#SocialMedia #Finfluencers

IOSCO: Final report – Finfluencers

IOSCO haspublishedits final report on finfluencers. The report explores the evolving landscape of finfluencers, the associated potential benefits and risks, and the current regulatory responses across jurisdictions. It highlights that many finfluencers are not familiar with traditional financial regulatory frameworks and may operate outside them. The report also identifies potential gaps in regulatory coverage, as well as work being undertaken to address the problems through supervisory actions, enforcement measures, and educational initiatives. The report sets out broad areas of good practices for securities regulators, including:

providing regulatory clarity by defining the scope of finfluencer activities which fall within a regulator's jurisdiction;
requiring market intermediaries to take all appropriate steps to identify and address conflicts of interest;
considering requiring the use of standardised disclaimers and clear, concise disclosures; and
continuing to develop innovative education and awareness initiatives for both retail investors and finfluencers.

In addition to these good practices, retail investors are advised to verify credentials, be skeptical of promises of high returns, understand conflicts of interest, and conduct independent research. [19 May 2025]#SocialMedia #Finfluencers

UK

FCA Director of Market Oversight addresses ACT Annual Conference – rebalancing risk to support growth

Europe

ECB: Letter from Claudia Buch on implementation of digital euro

The European Central Bank (ECB) has published a letter from Claudia Buch, Chair of the Supervisory Board, to Auke Zijlstra, Member of the European Parliament (EP) as a response to the letters from Mr Zijlstra on the implication of the digital euro and the potential costs, financial impact and risks for banks that this may bring.

Ms Buch listed the design features of the digital euro that provide safeguards against negative implications for banks: (i) individual holding limits, (ii) non-interest-bearing holdings, (iii) no holdings for businesses, and (iv) a waterfall functionality.

Regarding the potential revenues for banks resulting from the digital euro, Ms Buch notes that the draft legislative proposal for a digital euro envisages a compensation model designed to provide financial incentives for banks. In relation to the costs for banks, payment service providers (PSPs) will need to invest initially to be able to distribute the digital euro. However, measures are in place to mitigate these costs. The Eurosystem, in the Rulebook Development Group, is working closely with PSPs and other main stakeholders to define how to create a digital euro that is as cost-efficient as possible by using existing infrastructures and standards.

Ms Buch highlighted that the implementation of the digital euro is the Eurosystem’s response to the rapid digitalisation of the financial system and its impact should be considered the in the context of a rapidly evolving financial sector landscape. [20 May 2025]#DigitalEuro #CBDC

Australia

ASIC seeks leave from High Court to appeal Block Earner decision

ASIC isseekingspecial leave from the High Court of Australia to appeal a recent Full Federal Court decision involving Block Earner, a digital asset service provider. The case centres on Block Earner’s 'Earner' product, which allowed users to earn fixed returns by lending cryptoassets. The Full Federal Court ruled that this product was nota financial product under Australian law, overturning an earlier Federal Court decision that found Block Earner had engaged in unlicensed financial services conduct.

ASIC is pursuing the appeal to clarify:

the legal definition of a 'financial product,' particularly in the context of emerging technologies and cryptoassets; and
when interest-earning products and products involving a conversion of assets from one form into another are regulated.

ASIC argues that the current definition of 'financial product' was designed to be broad and technology-neutral, and believes it is in the public interest to ensure consistent regulatory treatment of interest-earning and asset-conversion products. [16 May 2025]#Crypto

Hong Kong

HKMA partners with LR via CDI to enable banks to automate land search processes

The HKMA has announced the successful connection between its Commercial Data Interchange (CDI) and the Land Registry (LR) through the Government’s Consented Data Exchange Gateway (CDEG) (LR@CDI), enabling CDI participating banks to automate their land search processes.

By connecting to the LR via the CDI-CDEG linkage, banks can search land and ownership information via an application programming interface (API), streamlining their processes in relation to property valuation, mortgage and loan assessments for individual and corporate customers. This in turn enables the banks to enhance risk assessment, improve customer experience and reduce time costs.

CDI participating banks can also access e-Alert notifications via the API when further charge/mortgage documents related to the mortgaged properties are lodged for registration with the LR, thereby providing banks with timely updates on the risk profile of their mortgage lending.

The LR@CDI connection marks another major achievement in meeting banks’ demand for Government data, following the connection of the Companies Registry (CR) to CDI through the CDEG (CR@CDI) (see our previous update). The CR@CDI has been well received by banks, with average monthly data transfers amounting to approximately 1.5 million. Eight banks are actively utilising the CR@CDI connection to enhance their operational efficiency and risk management capabilities in different business scenarios such as automating online account opening process and conducting customer due diligence. [22 May 2025] #Automation #Data

Stablecoins Bill passed by LegCo, with new licensing regime expected to come into effect within 2025 following consultation on and finalisation of detailed regulatory requirements

The Government haswelcomedthe passage of the Stablecoins Bill by the Legislative Council (LegCo) on 21 May 2025 to establish a licensing regime for fiat-referenced stablecoins (FRS) issuers in Hong Kong. The Bill was tabled before the LegCo in December 2024(see ourprevious update).

Upon implementation of the Stablecoins Ordinance (yet to be published as of 5pm Hong Kong time on 23 May 2025), any person who, in the course of business, issues an FRS in Hong Kong, or issues an FRS that purports to maintain a stable value with reference to HKD in or outside Hong Kong, will need to obtain a licence from the HKMA.

The relevant persons must:

Satisfy the requirements in areas such as reserve asset management and redemption, including proper segregation of client assets, maintaining a robust stabilisation mechanism, and processing stablecoin holders’ requests for redemption at par value with reasonable conditions;
Comply with a range of requirements, including those on anti-money laundering and counter-terrorist financing, risk management, disclosure and auditing, and fitness and propriety.

Only specified licensed institutions may offer an FRS in Hong Kong, and only an FRS issued by a licensed issuer may be offered to a retail investor. To prevent fraud and scams, only advertisements of licensed FRS issuances are allowed.

The HKMA will conduct further consultations on the detailed regulatory requirements of the regime in due course. The Stablecoins Ordinance is expected to come into effect within 2025, to allow sufficient time for the industry to understand the requirements under the licensing regime. The regime also provides for a transitional arrangement to facilitate the industry in applying for a licence and making suitable business arrangements.

Following the implementation of the virtual asset trading platform and stablecoins issuers regulatory regimes, the Government will soon launch consultations on virtual asset over-the-counter and custodian services, and promulgate the second policy statement on the development of virtual assets. [21 May 2025]#Stablecoin #Crypto

SFC reminds LCs of expected standards relevant to phishing detection and prevention as well as notification requirements

The SFC has issued acircularto remind licensed corporations (LCs) of the expected standards relevant to phishing detection and prevention and the requirements for notification under its main code of conduct. The SFC has alsowarned the publicof recent phishing incidents.

Several LCs have reported to the SFC that their clients received phishing SMS messages with embedded hyperlinks purportedly sent by the LCs. After clicking the embedded hyperlinks, the clients were lured into entering their account login details. Unauthorised transactions were subsequently conducted over the accounts of the clients, potentially involving market manipulation, resulting in financial losses for the clients.

The SFC takes the opportunity to remind LCs of its 6 February 2025 circular, where it highlighted key observations from its cybersecurity review and set out expected standards (see ourprevious update). LCs are reminded:

Not to send electronic messages (such as emails or SMS messages) with embedded hyperlinks directing clients to their websites or mobile applications to undertake transactions;
Not to ask clients to provide sensitive personal information (including login credentials and one-time passwords) via hyperlinks;
To send clients regular cybersecurity alerts and reminders, including security reminders against phishing attacks; and
To implement an effective monitoring and surveillance mechanism to detect unauthorised access to clients’ internet trading accounts.

LCs should:

Inform clients that it will not ask clients to provide sensitive personal information via hyperlinks;
Remind clients not to disclose their account login information to any unverified websites, even if they look genuine;
Remind clients affected by phishing to report the incidents to the Police where applicable, and alert other clients of the incidents as soon as practicable.

The SFC also reminds LCs that under paragraph 2.1 of Schedule 7 of its main code of conduct, LCs which offer internet trading should put in place proper risk management and supervisory controls, including automated pre-trade controls as well as post-trade monitoring. In addition, LCs should comply with the notification requirements under paragraph 12.5 of the main code of conduct. [21 May 2025]#Phishing

India

SEBI issues circular on digital KYC for persons with disabilities

The Securities and Exchange Board of India (SEBI) has issued a circular about the accessibility and inclusiveness of digital know-your-customer (KYC). The circular references the Supreme Court's April 30, 2025 judgement which emphasised the need for equal and accessible financial inclusion of persons with disabilities and directed that the process of digital KYC be accessible to persons with disabilities. SEBI explains that the FAQ on account opening by persons with disabilities has been revised, and directs intermediaries to this guidance. [23 May 2025] #Biometrics

IFSCA Circular on participation of IBUs in international payment systems

The International Financial Services Centres Authority (IFSCA) haspublisheda circular in relation to participation of IFSC Banking Units (IBUs) in international payment systems. The circular sets out various polices, including:

IBUs may participate as/be members of international payment systems for making or receiving payments to/from banks/financial institutions outside the IFSC without prior approval.
An international payment system that permits IBUs to make or receive payments among themselves, thereby affecting domestic (i.e. IFSC) transactions, would require authorisation from the Authority under sub-section 1 of section 7 of the Payment and Settlement Systems (PSS) Act, 2007; and
IBUs may participate as/be members of international payment systems formaking or receiving payments with other IBUs, without prior approval, after being satisfied that such international payment system complies with the condition mentioned in the second point above. [22 May 2025]#Payments

SEBI issues warning on stock market scams through social media

SEBI hasissueda warning to consumers regarding stock market scams on social media platforms. SEBI has observed that perpetrators create fake profiles that portray them as experts in the securities market, or that impersonate SEBI registered intermediaries, well known public figures, celebrities, or CEOs of established organisations. They exploit investors by showcasing fake testimonials about achieving large profits.

SEBI advises consumers to deal only with SEBI-registered intermediaries and only through authentic trading apps. Consumers should also verify registration using the SEBI website. [21 May 2025]#SocialMedia

US

CFTC releases interpretative letter regarding certain cross-border definitions

The Market Participants Division and Division of Market Oversight of the Commodity Futures Trading Commission (CFTC) have issued an interpretative letter confirming the application of certain cross-border definitions to a proprietary trading firm organized in a foreign jurisdiction.

The interpretation was issued in response to a request from a digital assets proprietary trading firm organized outside the U.S. which is licensed as a digital assets business by its local authority. [21 May 2025] #Crypto

SEC Chair testifies before the House Appropriations Subcommittee on Financial Services and General Government

The SEC has published the testimony delivered by its Chair, Paul S. Atkins, before the House Appropriations Subcommittee on Financial Services and General Government. The SEC Chair expressed his determination to return the SEC to its core mission as set out in the Exchange Act – protecting investors, facilitating capital formation and maintaining fair, orderly and efficient markets. Chair Atkins also outlined his plans to develop, through consultation, a 'rational regulatory framework' for crypto which will provide 'clear rules of the road' for issuers, custodians and trading activity.

Chair Atkins also testified about the SEC Commissioners' roles, staff numbers, reorganization plans, the review of the SEC's technology infrastructure, the SEC's Regional Offices, and funding. [20 May 2025] #Crypto

SEC announces charges against crypto company and its top executives

The Securities and Exchange Commission (SEC) hasannouncedthat it has charged a New York City-based crypto company and three of its top executives for false and misleading statements in an offering of certificates that purportedly conveyed rights to receive cryptoassets and an offering of the company’s common stock.

The SEC alleges that the company broadly marketed rights certificates to the public through extensive promotional efforts, including advertisements in major airports, on New York City taxis, on television and on social media. Among other things, the SEC alleges that the company and its executives made false and misleading statements that portrayed the investments in safe, stable, and profitable “next generation” cryptoassets.According to the SEC’s complaint, the company and its CEO also violated the federal securities laws by engaging in unregistered offers and sales of rights certificates. The CEO offered and sold over 37.9 million of his rights certificates to offer better pricing and target investors the company had prohibited from participating in the offering to avoid jeopardizing its exemption to registration requirements, as alleged.

The SEC is seeking permanent injunctive relief, disgorgement with prejudgment interest, civil penalties and officer-and-director bars.

The complaint also charges the company's general counsel with violating the antifraud provisions of the federal securities laws by negligently making similar misstatements in private placement memoranda used to offer and sell rights certificates and common stock. Without admitting or denying the SEC’s allegations, he has consented to the entry of a final judgment providing permanent injunctive relief and ordering him to pay a $37,500 civil penalty. [20 May 2025]#Crypto

Upcoming SEC events

The SEC has listed the following upcoming events:

On June 5, the Division of Investment Management will host the2025 Conference on Emerging Trends in Asset Managementin Washington, D.C. Panel topics include: digital assets and tokenization; product proliferation and innovation in registered funds; and retail access to private markets. This event is open to the public both in-persona and via live webcast.
On June 9, the Crypto Task Force will host the next in its ongoing series of roundtables –DeFi and the American Spirit. Registration is required for in-person attendance. The event will also be webcast.[20 May 2025] #Crypto #DeFI #Tokenisation

FinTech Global FS Regulatory Round-up - w/e 23 May 2025 | Herbert Smith Freehills | Global law firm (2025)

Global

UK

Europe

Australia

Hong Kong

India

US

References