The carousel of financial sector regulations must continuously turn to keep up with an evolving space. As new technologies come along, new threats follow. In 2022, cyber attacks continued unabated, with a report showing that more than half of financial firms were hit by ransomware in 2021. Crypto assets have also changed the financial landscape adding new challenges to regulations that are more used to governing traditional currencies. From cyber-attacks to geopolitical uncertainty, the financial sector and its regulations have been put to the test. A 2022 H2 report by the Bank Of England captures the mood: almost three-quarters of respondents believe that a cyberattack is the highest risk to the financial sector, closely followed by inflation or a geopolitical incident.
Eastnets looks back at some of the regulatory guidance and compliance developments in the financial space in 2022.
Updates, advisories, and new entrants to financial regulations in 2022
The financial sector is all about risk, and de-risking transactions, in all forms, has been a core part of regulatory updates during 2022. In addition, the changing financial scene and increased cyber-threats have kept the regulators busy this year; added to this are new intelligent technology solutions, Big Tech entrance to the industry, as well as crypto assets and stablecoins to think about. All this upheaval has created a rush by regulators to upgrade or bring in new guidance or regulatory controls. Here are some new (or updated) kids on the block in the financial sector's regulatory space.
MiFID II (Markets in Financial Instruments Directive II)
MiFID II, introduced in 2018, was seen as one of the most significant overhauls in the industry for a decade. A lot has happened in only four years. Covid-19 prompted the EC to publish the 'Quick Fix' Directive in November 2021, which needed to be applied by February 28, 2022. The main remit of the 'Quick Fix' was to protect investors while removing 'red tape.' In other words, the changes provide a way to minimize the administrative burden on investment firms. MiFID II Quick Fix directive actively encourages the use of electronic communications. The directive also provides several exemptions relieving an investment firm of duties of cost disclosure under certain conditions.
The Money Laundering and Terrorist Financing (Amendment) (No.2) Regulations 2022
From September 1, 2022, updates to the existing UK anti-money laundering (AML) legislation came into force. These updates were reflected in the Money Laundering Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (the MLRs). The changes included extending the scope of meaning of a trust or company service provider (TCSP). Also included is the provision that a TCSP will be required to conduct customer due diligence (CDD) when providing services. Other updates include more stringent requirements on Suspicious Activity Reports (SARs).
FINMA Anti-Money Laundering Ordinance
FINMA, which monitors the adherence to requirements set out in the Anti-Money Laundering Act (AMLA), put out a consultation in early 2022. In November 2022, a press release announced the consultation results leading to updates to the FINMA Anti-Money Laundering Ordinance (AMLO-FINMA) in line with changes to the AMLA. The ordinance and regulations will come into force on January 1, 2023. The main thrust of the changes is that financial intermediaries must verify the identity of beneficial owners, including the control holder. Also, there is now a new obligation to periodically check and update client data.
Part 500 Cybersecurity Requirements for Financial Services Companies (23 NYCRR 500)
In November 2022, the New York Department of Financial Services (DFS) proposed amendments to its Part 500 Cybersecurity Rules (23 NYCRR 500). As with many updates to financial regulations in 2022, this update comes on the back of increasing threats to financial institutions. The proposed changes include more stringent attention to third-party service provider-related cybersecurity incidents and enhanced governance requirements, including that cybersecurity accountability moves to the CXO and board level. Also proposed amendment is the requirement for regular risk assessments and disaster recovery planning. This is one to watch as a 60-day comment period ends on January 23, 2023.
DORA (Digital Operational Resilience Act)
On September 10, 2022, the European Parliament approved DORA. DORA legislation has come about as part of the "digital finance package," created to encourage digital finance innovation and competition while mitigating financial risks from digitizing the financial sector. DORA affects EU financial services firms and any associated ICT providers. DORA is focused on ICT risk management across the financial industry and will require financial sector firms to implement measures that prevent ICT-related risks.
Australian Transaction Reports and Analysis Centre (AUSTRAC)
On October 5, 2022, Australia's financial regulator, AUSTRAC, published guidance on getting customer due diligence (CDD/KYC) right. In 2022, AUSTRAC focused on the "Source of funds and source of wealth" in a publication of the same name. The AUSTRAC corporate plan for 2022-2026 states that a "rigorous AML/CTF regime is essential to ensure the integrity of the Australian financial system." The guidance and recommendations from AUSTRAC highlight the need to do robust checks on high-risk individuals, including Politically Exposed Persons (PEPs). Again, beneficial ownership comes into play in developing effective CDD and KYC measures.
In October 2022, the European Parliament Committee on Economic and Monetary Affairs (ECON) endorsed the Markets in Crypto-assets regulation (MiCA) bill. MiCA covers crypto asset service providers (CASPs) operating in the EU. MiCA is part of the EU’s Digital Finance Package. The MiCA bill endorsement is a step towards full approval and enforcement, expected in 2024. The bill's main thrust is to create a legal framework for CASPs in the EU. The bill also sets out guidelines for stablecoins and requirements to prevent the abuse of crypto assets, bringing them in line with traditional currencies.
FBS framework for crypto-assets and stablecoins
On October 11, 2022, the Financial Stability Board (FSB) published a proposed framework and recommendations for the international regulation of crypto assets and global stablecoins. The expectation is for national authorities to follow the FSB lead and enforce similar regulatory frameworks for digital assets as are used for traditional finance. The FSB's main concerns focus on the challenges in crypto asset regulation and supervision, including the enforcement of cross-border regulatory powers. Consultations close on December 15, 2022. Watch out for final recommendations sometime in July 2023.
2022 has been a year of upheaval and change in the financial regulatory landscape but more is to come. In 2023, expect to see more changes to reflect Big Tech embracing FinTech, crypto assets, stablecoins, and the general digitization of a financial world that crosses borders.