Asia Fintech and Payments regulatory update - September 2024
Hong Kong SAR
Virtual Assets
HK's landmark DAO court decision: The High Court of Hong Kong recently released the reasons for its ruling for a matter that involves decentralised autonomous organisations (DAOs). One of the interesting points of the case involved the granting of an account disclosure order in relation to a DAO project, without ruling on the merits of the case. The judge also noted the limited experience of courts, both in Hong Kong and globally, in dealing with crypto trading disputes.
Data and cyber
Conclusion of consultation of HK's proposed critical infrastructure framework: The consultation concluded on 1 August 2024 with 52 out of the 53 submissions received supporting the legislation with "constructive suggestions" from organisations like the Asia Internet Coalition, American Chamber of Commerce, and the Hong Kong General Chamber of Commerce. The government clarified some concerns regarding the extraterritoriality and scope of the proposed powers of the Commissioner’s Office (to be set up).
HKMA and DPO announced CDI-CDEG linkage: The Hong Kong Monetary Authority (HKMA) and the Digital Policy Office (DPO) have jointly announced that the integration between HKMA's Commercial Data Interchange (CDI) and the Government’s Consented Data Exchange Gateway (CDEG) is now fully operational. This established connection between the two platforms enables more government bureaux and departments to share consented data with banks, thereby facilitating the digital economy.
Fintech
HKMA’s report on the review of virtual banks: The HKMA released a report evaluating the eight virtual banks (VBs) launched in 2020 and their impact on Hong Kong's banking system. Some VBs are expanding into Web3 and digital assets and as the HKMA is supportive of these initiatives it has provided guidance on regulatory expectations and requirements in the report. The HKMA also clarifies that it will remove the requirement that VBs engage primarily in retail banking business. The HKMA is also consulting the public on the proposal to replace the term “Virtual Banks” with “Digital Banks” to better reflect their business model.
HKMA launches Project Ensemble sandbox to accelerate tokenisation adoption: The HKMA has now launched the Project Ensemble sandbox, announced earlier this year, to explore innovative financial infrastructure for interbank settlement using wholesale central bank digital currency (wCBDC). The sandbox tests technical interoperability among tokenised assets, deposits, and wCBDC, allowing for end-to-end tokenised transaction trials. Initial use cases include fixed income and investment funds, liquidity management, green finance, and trade finance. The Securities and Futures Commission (SFC) will co-lead tokenisation initiatives for the asset management industry, specifically for fixed income and investment funds, working closely with the HKMA to provide regulatory guidance and address industry concerns.
Payments
HKMA and PBOC sign MOU on cross-boundary linkage of payment systems: The People's Bank of China and the HKMA have signed a Memorandum of Understanding (MOU) to establish a cooperation framework for linking payment systems between the Mainland and Hong Kong. Officials also discussed financial cooperation and advancing fast payment system (FPS) linkage.
Artificial Intelligence
HKMA’s new GenAI circular on customer-facing applications: The HKMA has issued a circular to all authorised institutions, outlining additional principles for using GenAI in customer-facing applications. These principles fall within the same areas as the 2019 Circular on "Consumer Protection in respect of Use of Big Data Analytics and Artificial Intelligence (BDAI)": governance and accountability, fairness, transparency and disclosure, and data privacy and protection. The new circular emphasises safeguarding consumer interests when adopting GenAI.
HKMA and Cyberport launch GenAI sandbox: The HKMA and Cyberport have jointly announced the launch of a new GenAI sandbox, aimed at fostering responsible innovation in GenAI within the banking sector. This initiative will enable banks to pilot their innovative GenAI use cases within a risk-managed framework, ensuring they receive crucial technical support and targeted supervisory feedback.
Mainland China
Data and cyber
FTZs further release data lists for cross-border data transfer: Following our update in June, China’s free trade zones (FTZs) have released further local preferential policies under the Provisions on Promoting and Regulating Cross-Border Data Flows. The Beijing FTZ released its data export Negative Lists which specify the categories of data across various industries including the financial services industry that are subject to a government-led mandatory data export security assessment by China’s cybersecurity regulator before they can be transferred out of China. The Shanghai FTZ also recently disclosed that its second batch of lists of general data allowing for data exports will be issued soon. This batch of lists will cover the areas of shipping, reinsurance, and securities.
Singapore
Payments
MAS launches public consultation on measures relating to cross-border money transfer services to PRC: On 1 January 2024, the Monetary Authority of Singapore (MAS) suspended the use of non-specified channels by remittance companies for transfers by individuals to persons in PRC due to an increase in reports of frozen beneficiary accounts or forfeited moneys due to suspected illicit activities. While the suspension was initially planned to end on 31 March, and later extended to 30 September 2024, the MAS is proposing to continue the suspension until further notice and expand the scope of the restriction to all customers sending monies to the PRC, including non-individuals. The MAS is seeking feedback on these proposals, with the consultation period ending on 6 September 2024.
Data and cyber
MAS Collaborates with Banks and Technology Partners on Quantum Security: The MAS, DBS, HSBC, OCBC, UOB, SPTel and SpeQtral have signed a Memorandum of Understanding (MoU) to embark on quantum security collaboration and study the application of Quantum Key Distribution in financial services. Quantum computing technology has been developing rapidly and has demonstrated potential to break commonly used cryptography and encryption algorithms. The MoU provides a collaborative framework for trialling the application of Quantum Key Distribution, which can help financial institutions protect the exchange of cryptographic keys to address the cybersecurity threats posed by quantum computing.
Singapore updates Operational Technology Cybersecurity Masterplan: The government has released an updated Operational Technology Cybersecurity Masterplan to enhance cybersecurity measures to bolster the defences of both critical and non-critical information infrastructure. Key strategies include strengthening the cybersecurity workforce, improving threat intelligence sharing, and integrating secure-by-design principles into the lifecycle of operational technology systems. The updated Masterplan extends the focus to include non-critical infrastructure and highlights the importance in addressing evolving threats and ensuring cyber resilience across all sectors.
Singapore launches public consultation on Securing AI systems: The Cyber Security Agency of Singapore (CSA) has launched a public consultation on a set of Guidelines on Securing AI Systems and a Companion Guide for Securing AI Systems. The Guidelines seek to provide evergreen principles to raise awareness of adversarial attacks and other threats that may compromise AI behaviour and system security and aim to guide system owners on implementation of security controls and best practices to protect AI systems against supply chain attacks and novel risks such as adversarial machine learning. The Companion Guide will complement the Guidelines in providing practical measures and best practices sourced from experts in the industry. Public consultation is open for feedback to refine these resources and maintain their relevance in safeguarding AI adoption.
Singapore Computer Society (SCS) launches an updated AI Ethics and Governance Body of Knowledge: The SCS has launched an updated AI Ethics and Governance Body of Knowledge based on IMDA’s Model AI Governance Framework. The guide is an industry-led effort to provide a reference document for business leaders, ICT professionals and PMETs on the ethical aspects related to the development and deployment of AI technologies. Amongst other things, the guide compiles use cases and best practices to advance safe, responsible and human-centric AI development, deployment and governance in Singapore.
Singapore sets up task force to look into impact of CrowdStrike incident: Minister for Digital Development and Information, Josephine Teo, has announced in Parliament the formation of a task force to probe the CrowdStrike IT outage to understand if further measures are needed to improve Singapore's digital resilience. The task force, established by the Ministry of Digital Development and Information, aims to understand the cause of the disruption and recommend measures to bolster future resiliency. The global outage, caused by a software update from CrowdStrike, triggered a global tech outage causing disruptions to businesses with Microsoft Windows-based computers.
CSA issues advisory following the CrowdStrike incident: Following the CrowdStrike IT outage in July, the CSA has issued an advisory exploring risk-based strategies for organisations to enhance digital resilience and business continuity. In its advisory, the CSA announced it is critical for businesses to bolster their digital resilience and minimise disruptions.
Indonesia
Financial regulation landscape
OJK plans to issue new regulation on bullion business activities (including non-physical gold trading): The Indonesian Financial Services Authority (OJK) is planning to issue a new regulation on bullion services activities, as an implementing regulation to Indonesia’s Financial Omnibus Law issued in 2022. The bullion services activities would include gold savings, gold financing, gold trading, gold deposit, as well as other gold-related activities undertaken by financial institutions. The new regulation may also regulate the trading of gold in non-physical form which could be interpreted to include gold token on blockchain platform, although at this stage, there is no clear indication as to when this new regulation will be issued.
BAPPEBTI set a new deadline for securing Physical Traders of Crypto Assets (PFAK) Licence: The Futures Commodity Trading Supervisory Agency (BAPPEBTI) has recently issued Regulation No. 8/2024, which amends its existing regulation on trading of crypto assets. Under this amendment, BAPPEBTI has set a new statutory deadline of 16 October 2024, for all Crypto Asset Physical Trader candidates to secure the PFAK Licence. Previously, Crypto Asset Physical Trader candidates were required to obtain the licence by 17 August 2024 (being one year and one month after the establishment of the futures exchange and clearing house for crypto asset trading). BAPPEBTI remarked that the new deadline aims to foster a more sustainable crypto trading ecosystem. Based on publicly available information, currently only two crypto exchanges have obtained the PFAK Licence (i.e. Pintu and Pluang), and there are 13 exchanges in the process of obtaining the PFAK Licence.
Thailand
Digital assets
New notifications to regulate offering of ready-to-use utility tokens: The Securities and Exchange Commission of Thailand (SEC) has issued various notifications in relation to digital assets businesses (effective as of 13 August 2024), to classify and regulate the issuance of ready-to-use utility tokens which are neither primarily for consumption, nor serve as a certificate or substitute for any title document, and where the issuer of the digital tokens has provisions for them to be traded on a digital asset exchange. These impose certain obligations on the issuance of this type of ready-to-use token, including that the token issuer must (1) provide clear stipulations regarding the rights of digital token holders to acquire goods, services, or any other rights, methods, and conditions for amending such rights stipulations and (2) not allow the token holders to use such tokens as a medium for paying for goods or services or for depositing digital assets to earn returns.
New notification to amend the rules, conditions and procedures for undertaking digital asset business: The SEC has issued a notification to introduce a new requirement for digital asset business operators to implement a board governance where (1) it holds customer assets amounting to 500 million baht or more for a continuous period of 15 days, or (2) has at least 10,000 customers approved to open an account, or to use the service. It also includes new requirements governing the listing and delisting of digital assets, as well as trading, clearing, settlement, and market making.
Consultation on amending the requirements on the qualifications of digital assets custodial wallet providers: The SEC has concluded a two week public consultation on proposed amendments to provide an exemption for digital asset custodial wallet providers that are subsidiaries of the Stock Exchange of Thailand, to be able to provide custody services to certain prohibited digital asset business operators. These amendments aim to allow such providers to offer custody services to digital asset business operators that have common shareholders holding at least 10% of their issued shares, subject to certain qualifications (e.g. that the digital asset custodial wallet provider has at least two independent directors comprising at least one-third of the total number of directors). The SEC may publish the result of this public consultation on its website.
Payments
Consultation on the effectiveness of the Payment System Act B.E. 2561: The Bank of Thailand has concluded a four week public consultation on effectiveness of the Payment System Act B.E. 2561 (the Act) to obtain general comments in order to improve the effectiveness of the Act including the necessity of the Act, the relevance of the Act with regards to current situation of payment services, development of technology and livelihood of individuals and whether the Act obstructs competitiveness, or economic development and benefits of Thailand. The Bank of Thailand will publish the result of this public consultation, which may include actions to be taken to improve the effectiveness of the Act.
UAE
Fintech
The FSRA in the ADGM launches a public consultation on Fiat-Referenced Tokens regulatory framework: The Financial Services Regulatory Authority (FSRA) of the Abu Dhabi Global Market (ADGM) is seeking feedback on its proposed regulatory framework for the issuance of fiat-referenced tokens (FRTs). The consultation paper aims to introduce a proportionate, risk-appropriate regulatory framework enabling ADGM based issuers of fiat-referenced stablecoins to issue and redeem the tokens they issue in a safe and sound manner. Under the new framework, the issuance of FRTs would constitute a new Regulated Activity, distinct from the issuance of Stored Value within the Financial Services and Markets Regulations 2015 (FSMR), with commensurate conduct of business and prudential requirements. FSRA emphasises that the consultation does not propose new rules for commodity and asset-backed tokens. The deadline for responding to the consultation paper is 3 October 2024.
