Global Regulator & Central Bank News Roundup (Vol. 5/2023)
February 6 - February 12 2023
Your weekly summary of key regulatory updates in an objective bite-size format, drawing on official news and press releases from 400+ financial services regulators, central banks as well as global and regional standard setters,
At a glance - Highlights by topic
The roundup offers a curated selection of regulatory updates and events. For a complete listing of all developments and events with easy filtering and search options, visit Regxelerator’s dedicated
ECB releases 2022 results of the Supervisory Review and Evaluation Process
The European Central Bank (ECB) has released the results of the Supervisory Review and Evaluation Process (SREP) for 2022. Overall, the results are consistent with those of the prior year, with the average overall SREP scores remaining broadly the same as in previous cycles and concentrated around 2 and 3 (NB: the SREP scale ranges from 1 to 4 with four reflecting the highest risk). Despite the uncertain and volatile market environment, banks were able to maintain strong capital and liquidity positions as well as benefited from improved profitability as a result of rising interest rates. To that end, the ECB has set the Pillar 2 requirement for total capital at 2.0% of risk-weighted assets, representing only a marginal increase from 1.9% in 2022, while leaving the Pillar 2 requirement for CET1 unchanged at 1.1.%. From a qualitative perspective, the exercise flagged continued concerns over deficiencies related to internal governance and risk management as well as credit risk. In relation to internal governance, this involves inter alia concerns over the effectiveness of management bodies in terms of their composition, collective suitability and oversight role, insufficient focus on the role of the compliance and internal audit functions, as well issues regarding risk appetite practices. As regards credit risk, concerns remain focused on the management of the exposure to vulnerable sectors, such as real estate markets, the management of non-performing exposures and broader shortcomings in credit risk management frameworks and controls.
Federal Reserve Board and OCC publish scenarios for 2023 stress test
The Federal Reserve Board has published the hypothetical scenarios underpinning its annual banking stress test. In this year’s scenario, banks will be tested against a severe global recession with heightened stress in both commercial and residential real estate as well as corporate debt markets. Specific assumptions include a rise in the U.S. unemployment rate by 6.5 percentage points to a peak of 10 percent, severe market volatility, a significant widening of corporate bond spreads, and a collapse in asset prices. Banks with large trading operations will furthermore be assessed against a global market shock component reflecting market distress and heightened uncertainty. Additionally for the first time this year, a subset of the largest and most complex banks will be tested against an exploratory market shock to their trading books to further inform the FRB’s understanding of the banks’ current resilience. In total, 23 banks will be tested in the 2023 exercise.
Complementary to the FRB, the Office of the Comptroller of the Currency (OCC) has also released the
The Bank for International Settlements (BIS) Innovation Hub’s Nordic Centre has announced the launch of project Aurora with focus on the development of new solutions to enhance detection of anti-money laundering. Grounded in the notion that the lion’s share of money laundering is cross-border in nature which creates several layers of complexity in the detection process, the project seeks to investigate through a proof of concept how advanced data technologies, such as privacy-enhancing technologies, machine-learning methods, network analysis and machine-readable typologies could enable better data-sharing and detection of suspicious transactions across financial institutions and borders. The current limitations in the effective detection of money laundering have over the past decade led to several adverse structural developments including a tendency of financial institutions to overreport suspicious transactions as a precaution to avoid being held liable for compliance failures and an increasing shift towards de-risking, which in some cases affects entire national systems.
2,000 stakeholders meet with ESAs to discuss the Digital Operational Resilience Act
The European Supervisory Authorities (ESAs) on February 6th organized an online event which gathered over 2,000 industry representatives including ICT third-party service providers for a technical discussion on the new Digital Operational Resilience Act. The event afforded an opportunity to offer perspectives on the new Act and inform the ESA’s forthcoming development of the supporting technical guidelines. Key policy areas addressed during the gathering included ICT risk management, incident reporting, the register of information and criticality criteria.
Bank of England publishes final policy on outsourcing and third-party risk management for FMIs
Following its consultation during 2022, the Bank of England has published its final policy governing the approach to outsourcing and third-party risk management for financial market infrastructures (FMIs). The policy comprises of three separate supervisory statements for central counterparties, central securities depositaries as well as recognized payment system operators and specified service providers. The individual supervisory statements comprehensively outline the requirements the FMIs must adhere to when entering into third-party arrangements including in relation to requirements during the pre-outsourcing phase, the substance of outsourcing agreements, governance and record-keeping as well as data security, business continuity management, sub-outsourcing and audits of third-parties. Under the policy, FMIs are among other things expected to:
Identify, assess, measure, monitor, and control the risks associated with their third parties within the board approved risk appetite and underpinned by a board-approved written third party risk management policy
Perform a criticality and risk assessment prior to entering into any arrangement, which is subsequently refreshed in periodic intervals, as well as seek a non-objection from the Bank of England when entering into or altering an arrangement
Carry out periodic concentration risk assessments with a view to assessing and managing the overall reliance on third parties and potential vendor lock-in
Put in place a written contractual agreement for every third-party arrangement that includes a minimum set of provisions
Incorporate into the agreement provisions that afford full access and unrestricted rights for audit and information and exercise these rights as part of monitoring the arrangement
In addition to the statements, the Bank also published a dedicated outsourcing and third-party risk management part to be incorporated into the Code of Practice for recognized payment system oeprators and specified service providers.
Central Bank of the UAE announces launch of financial infrastructure transformation programme
The Central Bank of the UAE (CBUAE) is launching a comprehensive financial infrastructure programme to foster the digital transformation in the financial services sector, it announced in a new statement. The programme encompasses nine key initiatives and will be implemented in multiple stages until 2026 with the first stage focusing on digital payment infrastructures and services and including the launch of a card domestic scheme, an instant payments platform and the issuance of CBDC for cross-border and domestic uses. Subsequent phases will involve the implementation of digital infrastructures including the establishment of financial cloud, eKYC and open finance platforms. As part of the programme, the CBUAE will also strengthen its internal capacity through the adoption of advanced supervisory technologies and data management solutions.
UK FCA further clarifies future approach to the communication of cryptoassets promotions
Following the policy statement issued by the HM Treasury in the prior week, the UK Financial Conduct Authority has further clarified the intended approach to the communication of cryptoassets promotions. Under the new regime, four options will be available for the communication of cryptoassets promotions as follows:
The promotion is communicated by an FCA authorised person.
The promotion is made by an unauthorised person but approved by an FCA authorised person.
The promotion is communicated by a cryptoasset business registered with the FCA under the Money Laundering Regime.
The promotion is subject to an exception under the Financial Promotion Order.
Option 3 is achieved through the HM Treasury’s newly proposed exemption, which takes into account the fact that there is currently limited appetite by FCA authorized persons to approve cryptoassets communications of unauthorized firms. Promotions that do not meet these conditions will be considered a breach and treated as a criminal offence that is punishable by up to 2 years imprisonment.
The Thailand Securities and Exchange Commission has launched a new consultation in relation to cryptocurrency trading that among other things proposes more transparent risk disclosure. The proposal would require cryptocurrency business operators to include the visible warning message “Cryptocurrencies are high risk. You may lose the entire amount invested” as part of their disclosure to clients who wish to engage in cryptocurrency trading.
The U.S. Treasury has released a comprehensive report on the financial services sector’s adoption of cloud services. The report, which was prepared in collaboration with the private and public sector, provides inter alia an overview of the state of cloud services adoption, describes the current domestic and international regulatory landscape, as well as discusses the associated challenges in the use of cloud services. To address identified issues, the Treasury as part of planned next steps will launch an interagency Cloud Services Steering Group for further coordination as well as organize tabletop exercises involving cloud service providers and the financial sector.
BIS Innovation Hub Nordic Centre launches Project Polaris
The Bank for International Settlements (BIS) Innovation Hub Nordic Centre is expanding its project portfolio with the launch of the new CBDC-focused Project Polaris. The Project will investigate in greater detail the critical CBDC foundations of trust, security and resilience with the objective of providing central banks with key considerations and a playbook to help inform their ongoing CBDC explorations including in relation to architecture, design, implementation planning and investments as well as other longer-term change and operational considerations. As a specific focus area, the project will address CBDC offline functionality. Against this backdrop, the Nordic Centre is inviting interested solution providers to participate in a technical deep dive. The deep dive, which is scheduled to take place in May, seeks to provide a forum for exchange between the Innovation Hub and solution providers on the current solution landscape while also affording an opportunity for providers to clarify open issues. Insights from the deep dive, too, are intended to provide central banks with an overview of the applicability, suitability and readiness of available solutions including their risks and trade-offs.
HM Treasury and Bank of England drive forward digital pound development with two new papers
HM Treasury and the Bank of England have jointly released a comprehensive consultation paper for a potential digital pound. While the decision over the issuance of a digital pound remains open, the paper cements the joint view that “it is likely a digital pound will be needed in the future” and offers a first proposal for the potential model for a retail digital pound. Under the envisaged model, the digital pound would be realized through a public-private partnership with the Bank of England Bank providing the central infrastructure including the core ledger for the digital pound while private sector firms, including both banks and non-banks, would be able to integrate into the infrastructure and provide the interface, i.e. wallets, through which end users would interact with the digital pound. In the spirit of strong privacy and data protection, the digital pound would offer at a minimum the same level of privacy as current forms of digital money, with access to the identity of users being limited to payment interface providers while the Government and the Bank would only
have only access to anonymized personal data. The model further foresees that the digital pound would be primarily designed as a payment instrument and as such would pay no interest. During the initial introduction period, it would furthermore be subject to holding restrictions to avoid unintended consequences for monetary or financial stability. Concurrently with the release of the consultation paper, the Bank of England also published a technology working paper that further specifies its emerging technology-design considerations. In line with the roadmap set out in the consultation paper, it is expected that by the end of 2025 a decision will be made on whether to move forward with the issuance of a digital pound.
UK Payment System Regulator outlines plans for financial institutions’ reporting on authorized push payment scams
The UK Payment System Regulator (PSR) has launched a new consultation regarding the regulatory reporting on authorized push payment (APP) scams data by financial institutions. Under the proposal, which is intended to create greater transparency on the treatment of customers in the face of scam incidents, in-scope institutions would be expected to report key APP statistics in six-month intervals. Initially, this would include data on the proportion of APP scammed customers who are left out of pocket as well as the scam rates of sending and receiving payment service providers, respectively. The reporting requirement is planned to come into force in March, with the first data submission due in May and the first report by the PSR scheduled for release in October 2023.
BIS’ Agustín Carstens reflects on options for Bigtech regulation in keynote address at the BIS Conference on Bigtechs in Finance
In his opening address at the Bank for International Settlements (BIS) conference on Bigtechs in Finance, Agustín Carstens has summarized the BIS’ house view on the possible regulatory approaches for Bigtech oversight. Consistent with the position established in recent papers by the BIS Financial Stability Institute, he argues in favor of entity-based regulation of Bigtech firms that combines a so-called inclusion approach with possible segregation. The inclusion approach would involve subjecting Bigtech firms with significant financial activities to group-wide requirements on governance, conduct of business, operational resilience while the segregation approach would require a Bigtech’s financial services to be grouped together under the umbrella of a financial holding company.
Both the European Insurance and Occupational Pensions Authority (EIOPA) and the European Securities and Markets Authority (ESMA) have published their latest risk dashboards.
Consistent with the prior quarter, under EIOPA’s latest assessment based on Q3 2022 data macro and market risks continue to rank as highest, driven among other things by a further decrease in the forecasted global GDP growth to -0.06%, continued high inflation levels as well as elevated volatility in bond and equity markets. All other risk categories continue to remain at a medium level, with a subset expected to further rise over the 12-month horizon. As regards ESG related risks, insurers relative exposure into green bonds stayed constant while the ratio of investments into green bonds over the total green bonds outstanding slightly decreasing. While exposure to flood risk has been subject to a decrease, the cumulative catastrophe loss ratio slightly increased during Q3 2022.
The downward trend for digitalization and cyber risk that was observed in past quarter reversed, driven among other things by the frequency of cyber incidents having increased relative to Q3 2021 as well as an overall negative cyber sentiment.
Equally, ESMA’s risk evaluation remains high across the board for all risk categories with the exception of credit risks and environmental risks as well as for securities markets and asset management, driven by the continued challenging macroeconomic environment and high levels of uncertainty, fragile market liquidity and tightening financing conditions. As for securities markets, equity prices remained subject to rapid movements and high volatile throughout 2H22, yet somewhat recovered towards the end of the year. As for asset management, the EU fund sector experienced low levels of performance and assets under management were subject to the sharpest decline since the Global Financial Crisis, ESMA’s assessment notes.
The U.S. Securities and Exchange Commission (SEC) has outlined its 2023 examination priorities. Key areas in focus for this year include ESG, information security and operational resiliency practices as well as emerging technologies and cryptoassets. As part of the ESG-related work, the Commission will review whether funds with an ESG nexus are operating consistent with their disclosures as well as whether ESG products labels and recommendations to retail investors are appropriate. In relation to emerging technologies and cryptoassets, emphasis of examinations will be on broker-dealers and registered investment advisors that engage in emerging technologies as well as on registrants and the appropriateness of their approach to the offer, sale and recommendation/advice regarding trading in crypto or crypto-related assets. In addition to these three themes, the Commission will also place focus on reviewing compliance with its new Investment Advisor and Investment Company rules including the new Marketing, Derivatives and Fair Valuation Rules.
The Japan Financial Services Agency and the European Insurance and Occupational Pensions Authority have entered into a cooperation framework to advance cooperation in the area of insurance supervision including information exchange and mutual technical assistance.