Clifford Chance

Welcome to this week's global fintech round-up, summarising fintech regulatory developments that have happened around the world along with our Clifford Chance fintech publications and upcoming events.

Details of these and previous developments can also be found on our Fintech Topic Guide on the Clifford Chance Financial Markets Toolkit.

⭐ This is our last round-up of 2024 and we will be back again on 8 January 2025. Happy holidays and best wishes for the New Year!⭐

Our fintech top 10 most read for 2024:

1. Tech Trends 2024: Five trends to watch – March 2024
2. EU AI Act: Overview of the key rules and requirements – July 2024
3. Global developments in AI regulation – July 2024
4. APAC Data Regulatory Themes and Strategies – June 2024
5. EU crypto regulation: MiCA overview for issuers and cryptoasset service providers – July 2024
6. AI: the evolving legal landscape in Asia Pacific – January 2024
7. D'Aloia v persons unknown: crypto trusts, unjust enrichment and the challenges of tracing on the blockchain – October 2024
8. Forecasting the impact of Trump's second administration on the tech sector – December 2024
9. What does MiCA mean for issuing and offering stablecoins and other cryptoassets in the EU? – July 2024
10. New rules on cryptoasset exposures of EU banks – May 2025

CLIFFORD CHANCE BRIEFINGS AND MATERIALS

• (17 Dec 2024) Clifford Chance briefing – EU tech regulation and policy orientations: What lies ahead?
• (16 Dec 2024) Clifford Chance briefing – The EU Cyber Resilience Act: Towards a safe and secure digital market in Europe
• (16 Dec 2024) Talking Tech article – The test for "personal data" in the context of data breaches under UK data protection law

GLOBAL LEGAL AND REGULATORY UPDATES, INDUSTRY GUIDANCE AND PUBLICATIONS

International

• (12 Dec 2024) The Financial Stability Board (FSB) has published two sets of final recommendations on aligning data frameworks related to cross-border payments and consistent regulation and supervision of bank and non-bank payment service providers (PSPs). | Press release
• (12 Dec 2024) Bank for International Settlements (BIS) FSI Insights paper on regulating artificial intelligence (AI) in the financial sector, focusing on operational efficiency, risk management and customer experience in banking and insurance. | Webpage

APAC

Hong Kong:

• (13 Dec 2024) The Hong Kong Government has informed the Global Forum on Transparency and Exchange of Information for Tax Purposes of the Organisation for Economic Co-operation and Development (OECD) of Hong Kong's commitment to implementing the Cryptoasset Reporting Framework (CARF) for enhancing international tax transparency and combating cross-border tax evasion. Based on the latest timetable set by the Global Forum, the Government plans to commence the first automatic exchanges with relevant jurisdictions under CARF from 2028, based on the initial plan that the necessary local legislative amendments can be put in place by 2026. | Press release

Europe

EU:

• (17 Dec 2024) European Supervisory Authorities (ESAs) report summarising the key findings from their dry-run exercise for the collection of registers of information of contractual arrangements on the use of ICT third-party service providers by financial entities under the Digital Operational Resilience Act (DORA). | Press release
• (17 Dec 2024) The European Securities and Markets Authority (ESMA) has published the last package of final reports containing regulatory technical standards (RTS) and guidelines under the Markets in Cryptoassets Regulation (MiCA). In particular, the package contains: 

- RTS on market abuse that specify systems and procedures to prevent and detect market abuse in cryptoassets, the template for reporting suspected market abuse in cryptoassets, as well as coordination procedures between competent authorities for the detection and sanctioning of cross-border market abuse situations (ESMA75-453128700-1278);

- guidelines on reverse solicitation that confirm ESMA’s previous message that the reverse solicitation exemption should be understood as very narrowly framed and should be regarded as the exception and not be used to circumvent MiCA requirements (ESMA35-1872330276-1899);

- guidelines on cryptoasset transfer services that are intended to ensure investor protection for clients transferring cryptoassets by specifying the policies and procedures that cryptoasset service providers (CASPs) should have in place and on suitability that specify how CASPs providing advice on cryptoassets or portfolio management of cryptoassets have to give suitable recommendations to their clients or make suitable investment decisions on their behalf. These rules are aligned with the MiFID2 requirements so that CASPs providing advice under both MiFID2 and MiCA would be subject to similar requirements (ESMA35-1872330276-1936);

- guidelines on qualification of cryptoassets as financial instruments that provide conditions and criteria for the qualification of cryptoassets as financial instruments. The guidelines aim to provide more clarity about the delineation between the respective scopes of application of MiCA and other sectoral regulatory frameworks such as MiFID2 (ESMA75453128700-1323); 

- guidelines on the maintenance of systems and security access protocols that apply to offerors and persons seeking admission to trading who are not subject to the same operational resilience standards under MiCA and DORA as their CASP and issuer counterparts (ESMA75-223375936-6089).

• (17 Dec 2024) The EU Commission has adopted RTS under MiCA specifying the content, methodologies and presentation of information in respect of sustainability indicators in relation to adverse impacts on the climate and other environment‐related adverse impacts.
• (16 Dec 2024) The EU Commission has adopted RTS specifying the criteria for determining the composition of joint examination teams, and their designation, tasks and working arrangements under DORA.
• (16 Dec 2024) The EU Commission has adopted three sets of RTS under MiCA. The first set of RTS relates to the register of cryptoasset white papers, issuers of asset-referenced tokens (ARTs) and e-money tokens (EMTs), and CASPs, and specifies the data elements for the classification of cryptoasset white papers. The second set specifies the minimum content of the governance arrangements on the remuneration policy of issuers of significant ARTs and EMTs. The third set specifies the procedure and timeframe for an issuer of ARTs or of EMTs to adjust the amount of its own funds.
• (13 Dec 2024) The EU Commission has adopted RTS specifying the adjustment of own funds requirements and minimum features of stress testing programmes of issuers of ARTs or of EMTs under MiCA. The RTS relate to the higher own funds requirements on issuers where there is a higher degree of a risk.
• (13 Dec 2024) ESMA warning on cryptoassets, which states that while cryptoassets are "on the rise" they remain "very risky".
• (12 Dec 2024) European Banking Authority (EBA) report on tokenised deposits and their potential benefits and challenges. | Press release
• (6 Dec 2024) Letter from the EU Commission to the EBA on the overlap of provisions relating to EMTs under MiCA and the Payment Services Directive (PSD2) and asking the EBA to work in coordination with ESMA to assess whether to issue a no action letter with regard to the enforcement of authorisation requirements under PSD2 as regards EMT services provided by CASPs. The intention is to avoid the burden of CASPs requiring dual authorisation and being subject to requirements under both MiCA and PSD2 in relation to certain EMT services, such as where EMTs are used for investment or trading purposes. The Commission has also invited the EBA and ESMA to explore whether the authorisation process under PSD2 could be streamlined where dual authorisation would be required, and to recommend potential legislative changes that could be taken into account in the ongoing negotiations for a new Payment Services Directive (PSD3) and Payment Services Regulation (PSR). | EBA response

UK:

• (16 Dec 2024) Financial Conduct Authority (FCA) discussion paper (DP24/4) on the development of its rules for cryptoasset admissions and disclosures (A&D) and cryptoasset market abuse (MARC). Deadline for comments: 14 March 2025. | Webpage
• (13 Dec 2024) The Bank of England (BoE), Prudential Regulation Authority (PRA) and FCA have launched parallel consultations on operational incident and third party reporting intended to support the operational resilience of the UK financial sector. Comments on all the consultation papers are due by 13 March 2025. The FCA intends to publish final rules in H2 2025, and the BoE and PRA propose an implementation date of no earlier than H2 2026. | BoE consultation | PRA consultation CP17/24 | FCA consultation CP24/28
• (13 Dec 2024) FCA portfolio letter for data reporting services providers (DRSPs), which outlines the FCA's latest supervisory priorities for DRSPs, including the key risks of harm it has identified in the portfolio. The letter also highlights what the FCA expects from DRSPs to mitigate these risks of harm. 
• (13 Dec 2024) BoE staff working paper on the role of central bank digital currency in an increasingly digital economy. | Webpage
• (12 Dec 2024) PRA data request to gather information on firms’ current and expected future cryptoasset exposures and firms’ application of the Basel framework for the prudential treatment of cryptoassets. Deadline for responses: 24 March 2025.
• (12 Dec 2024) HM Treasury (HMT) has launched an independent review of the Payment and Electronic Money Institution Insolvency Regulations 2021. The Payment and Electronic Money Institution Insolvency Regulations 2021 introduced a new Payment and Electronic Money Special Administration Regime (PESAR). | Terms of reference | Letter of appointment
• (11 Dec 2024) FCA research note providing a literature review on bias in supervised machine learning. | Webpage