Key Regulatory Industry Initiatives
May 2021 − The Monetary Authority of Singapore (MAS) is considering stricter regulation around BNPL schemes amid concern about consumer debt. MAS and other government agencies are reviewing whether existing risk management practices and safeguards are adequate against consumers chalking up excessive debts.
Singapore introduced the Payment Services Act (PSA) to provide licensing and regulation for payment service providers and oversight of payment systems.
Nov 2, 2020, Singapore introduced a bill to amend the Payment Services Act (PS Act) that is addresses the Money Laundering/Terrorist Financing risks posed by virtual asset service providers (“VASPs”) that are not already regulated as financial institutions. The phase-in to the newly expanded PS Act is expected to commence in the remaining course of 2021.
Mar 2021 − The Australian Finance Industry Association Limited (AFIA) developed a code of practice to enable the BNPL industry to ensure high industry service standards for customers and support compliance with legal and industry norms.
Sep 1, 2020 − New federal laws to create a regulatory sandbox were broadened to include FinTechs that distribute insurance services. FinTechs and Insurtechs will be able to test their products and services for 24 months without a financial services license from the Australian Securities and Investments Commission.
Feb 2, 2021 − The UK's Financial Conduct Authority (FCA) published The Woolard Review recommending that BNPL firms be required to undertake affordability checks with consumers having the right to complain to the Financial Ombudsman Service. The regulation boosts consumer protection.
UK’s AML and CTF took effect in Jan 2020 and impose additional requirements to obtain information on the customer and its beneficial ownership and the customer’s source of funds. AML and CTF enhance the monitoring of ongoing relationships while also examining the purpose of business relationships and transactions.
The Bank of England (BoE) and the Financial Conduct Authority (FCA) will collaborate with The Monetary Authority of Singapore (MAS) to strengthen cybersecurity
May 2021 – United States: The non-profit Digital Dollar Project plans to launch at least five pilot programs over the next 12 months to test how a Federal Reserve-issued central bank digital currency may operate.
Jul 2021 − Multiple Central Bank Digital Currency Bridge (m-CBDC): The Hong Kong Monetary Authority (HKMA), Bank of Thailand (BOT), Central Bank of the UAE, and the Digital Currency Institute of the People's Bank of China collaborated to create a CBDC prototype using distributed ledger technology to construct a cross-border CBDC where participants can instantaneously transfer peer-to-peer funds.
Jan 2020 − Under Project Inthanon-LionRock phase 1, HKMA and the BOT published a joint CBDC report announcing the successful development of a DLT based proof-of-concept (POC) prototype. Subsequently, in Feb 2021, the Hong Kong Monetary Authority and the Bank of Thailand announced the Central banks of China and the United Arab Emirates are joining a project looking to use blockchain tech for regional payments- Phase 2 of Inthanon-LionRock.
Dec 2021 − India: The Reserve Bank of India announced that the central bank is expected to launch its first digital currency trial program by the end of 2021. Following the decline in cash use and growing interest in cryptocurrencies such as bitcoin, RBI has stepped up digital currency efforts.
Feb 2021 − Argentina: The Governor sent a formal proposal to create a digital peso to the country’s president. The aim of the digital peso is to mobilize Argentina’s battered economy while taking advantage of the benefits provided by blockchain technology.
Dec 2020: UAE-Saudi: Through Project Aber, the Saudi National Bank, and the Central Bank of the UAE successfully piloted use cases for a dual-issued CBDC as a unit of settlement between commercial banks across the two countries and domestically.
Sep 2021 − India: Although not yet approved, the cryptocurrency bill (if passed) will prohibit all private cryptocurrencies in India while allowing a few exceptions to promote crypto technology and its uses.
Jul 2021 − Turkey: The government designed a draft law regulating cryptocurrencies that is expected to be filed in the parliament later in 2021. The legislation will introduce taxation for crypto holdings and specific capital requirements for companies operating with digital assets. Apr 2021 − Egypt: The Central Bank of Egypt warned against dealing with cryptocurrencies, particularly bitcoins, saying that investing Egyptian capital in such a volatile pursuit could negatively affect Egypt’s economy. Sep 2020 − Europe: The European Commission proposed legislation to turn cryptocurrencies into a regulated financial instrument. The regulation on Markets in Crypto Assets (MiCA) clarifies what constitutes a crypto asset and defines token subcategories. It includes specific consumer protection rules and measures to prevent market abuse and lays down requirements by crypto-asset type. 1. Crypto-assets other than asset-referenced and e-money tokens 2. Asset-referenced tokens 3. Electronic money tokens (e-money tokens). MiCA Regulation is expected to enter into force in 2022-2023. Q4 2020 − UAE: The Securities and Commodities Authority (SCA) announced regulations to license crypto assets for anyone who wishes to offer crypto-assets within the UAE. Providers that offer crypto assets must be incorporated onshore within the UAE or within one of the UAE’s financial free zones (i.e. the Dubai International Financial Centre or the Abu Dhabi Global Market). Licensees may passport the listing of crypto assets on one or more crypto currency exchanges. The SCA must license crypto-asset providers within the UAE. Applicants must demonstrate strict compliance with UAE’s anti-money laundering and counter-terrorism financing laws, cyber security compliance standards, and data protection regulations. Nov 20, 2020 – South Africa: The Financial Sector Conduct Authority (FSCA) published a draft statement to bring crypto-assets within the ambit of the definition of financial product. If crypto assets are classified as financial products, then individuals authorized to provide advice and/or intermediary services in respect of financial products will be permitted to market, offer and/or sell crypto assets. Consequences for failure to comply with South Africa’s Financial Advisory and Intermediary Services Act (FAIS) will apply. Mar 2021 – Canada: The Canadian Securities Administrators (CSA) and the Investment Industry Regulatory Organization of Canada (IIROC) proposed a regulatory framework for a Crypto-asset Trading Platform (CTP) to include mandatory licensing for certain cryptocurrency trading platforms, particularly for those that maintain control of customer funds. Aug 2020 − Russia: A bill to regulate cryptocurrencies was signed into law. The new law gives legal status to cryptocurrency but prohibits its use as a means of payment. Jun 2021 − UK: The Bank of England announced that stablecoins used as money should face the same regulatory standards as those attached to bank deposits. May 2021 – Thailand: Thai Anti-Money Laundering Office (AMLO) imposed a new cryptocurrency requirement based on which from July 2021 the crypto exchanges will be required to verify users’ identities using a ‘dip-chip’ machine that requires a customer to be physically present. Mar 2021 – The Bank of Thailand reinforced stablecoin regulation saying it will regulate foreign currency-backed stablecoins, asset-backed stablecoins, and algorithmic stablecoins that are not illegal. Jan 2021 − United States: A new interpretive letter from the Office of the Comptroller of the Currency was released, allowing stablecoin cryptocurrencies for bank payments. May 2020 – China: Banking regulators banned financial institutions, including banks and payments companies, from providing services related to cryptocurrencies. Jun 2021 − El Salvador: The president announced that the country is in the process of adopting bitcoin as legal tender, which would make El Salvador the first country to deem bitcoin an official national currency. Sep 2021 – Ukraine passed legislation to legalize and regulate cryptocurrency and other virtual assets such as tokens. The draft law may also determine how Ukraine will regulate cryptos in the future. The country plans to open the cryptocurrency market to businesses and investors by 2022. |
Mar 2021 – Australia: The national debit card system eftpos applied to become a non-government accredited operator of a digital identity exchange in Australia. eftpos launched ConnectID in June 2021 to allow users to authenticate their identity with merchants, hotels, hospitals, insurers, and government agencies by linking to a verified digital ID.
Sep 2020 − Canada: The Digital ID & Authentication Council of Canada (DIACC) launched the Pan-Canadian Trust Framework (PCTF), a set of digital ID and authentication industry standards that will define how digital ID will roll out across Canada. Throughout 2021, alpha testing of the PCTF is being carried out by +20 Canadian public and private-sector DIACC member organizations to operationalize the framework quickly.
Q4 2021 − Canada: The Province of Ontario will launch Self-Sovereign Identity (SSI) based digital ID to be used across all industries and for government services. Key principles for the new digital ID system include adherence to the Pan-Canadian Trust Framework, open standards to encourage private-sector innovation, and alignment and interoperability with other Canadian jurisdictions.
Dec 2020 − Singapore National Digital Identity (SingPass): Singapore extended its National Digital Identity (NDI) program with a new service enabling citizens to digitally sign contracts, agreements, and other legal documents in less than two minutes. NDI also allows Singaporeans to access digital government services online using facial verification implemented by iProov and Toppan Ecquaria for the Government Technology Agency of Singapore (GovTech) under the NDI program.
Jan 2021 − The European Commission announced a framework for a European Digital ID that will be available for all EU citizens, residents, and businesses in the EU as early as September 2022. Under the new regulations, public authorities or private entities in the EU can offer digital wallets that link their national digital identities with proof of other personal attributes (e.g., driver’s license, diplomas, bank account).
May 2021 – The UK’s Government Digital Service (GDS) is piloting a digital identity system to succeed Gov.UK.Verify as the government plans to discontinue the Verify digital ID service later this year amid protests from private-sector digital ID providers.
May 2021 − New Zealand is preparing legislation to standardize digital identification among kiwis, Australians, and other overseas partners.
Feb 2021 – The United Arab Emirates (UAE) endorsed facial biometrics for some sectors in the country to ensure efficient identification of individuals and to reduce paperwork when processing private and public-sector transactions.
Apr 2021 − DBS, J.P. Morgan, and Temasek announced plans to develop an open industry platform – Partior −to leverage blockchain technology and digitize commercial bank money to reduce friction and latency for cross-border payments, trade transactions, and Forex settlements
Q4 2020 − DirectBooks platform: A startup owned by Deutsche Bank, Bank of America, Barclays, BNP Paribas, Citi, Goldman Sachs, JPMorgan, Morgan Stanley, and Wells Fargo is building a shared infrastructure the banks use to communicate about corporate bond opportunities. The platform doesn't use blockchain or other distributed ledger technology and uses centralized solutions to accomplish some tasks done by blockchain or DLT. Trade Finance consortiums: Namely we.trade (12 major European banks that created a blockchain platform to reduce friction and ease the trading process for participating companies) and Marcopolo (a technology project led by TradeIX and a consortium of banks to build an open account trade finance platform powered by R3’s Corda blockchain framework) are helping to reduce costs for participating companies |
July 2021 − Swift launched Swift Go to boost cross-border payments by enabling a seamless, highly secure low-value service for small- and medium-sized enterprises directly from their bank accounts
In Malaysia, the MyDebit Corporate Card initiative went into effect in Apr 2020 to reduce the use of checks and cash payments. It enables corporations and entrepreneurs to make payments at government agency offices without a check or cash.
Denmark proposed to withdraw 1000 and 500 krone notes as a first step to achieving a cashless society by 2025.
In Jul 2019, Australia proposed a cap of AUD10,000 (USD7,500) on cash payments for goods or services. Indonesia set an ambitious target to achieve USD130 billion in e-commerce transactions by 2020.
Vietnam declared its goal to cut urban household cash transactions in half by 2020. However, the existing e-wallet regulation created by the State Bank of Vietnam is crippling non-cash adoption. The regulation stipulates that digital wallet accounts must link to a bank account held by the same person. So, if a consumer doesn’t have a bank account in Vietnam, he can’t get an e-wallet.
Mexico plans to launch initiatives to bolster cashless payment systems within cash-intensive tourist zones. As part of an effort to boost financial inclusion, Banco de México is already building CoDi, a system to enable all Mexicans to make online and in-person payments with their mobile phones. Amazon is in talks with the bank to adopt the same.
In Feb 2020, The Saudi Arabia Monetary Authority (SAMA) approved Halalah and BayanPay to launch full e-wallet services, as part of the Kingdom’s attempts to reduce the use of physical cash.
South Korea and Singapore plan to reduce cash use by supporting digital payments. In China, super app WeChat derives about half its revenue from digital payments. After COVID-19, some central banks quarantined physical bills, and some went so far as to burn banknotes. The World Health Organization recommended contactless payments to reduce cash handling and the potential spread of infection.
Dubai − The government is pushing cashless transactions via a Cashless Dubai Working Group to prepare an action plan. The Working Group launched the Dubai Cashless Framework Report to promote the use of smart payment platforms for all transactions to phase out physical cash.
Sweden is on track to become the first cashless nation in the world, with an economy that goes 100 percent digital. As of Dec 2020, about 80% of Swedes used cards with 58% of payments being made by card and only 6% made in cash, according to the Swedish Central Bank. Government’s is aiming to transition Sweden into a cash-free society, partially by Mar 2023 and entirely by 2030.
Vietnam - A pilot program for mobile money a government initiative toward a cashless society and financial inclusion was launched Mar 9, 2021 The directive was passed to allow a pilot mobile money service (MMS), under which telecommunication accounts can be used to make payment for small value transactions. The pilot program will run for two years from the first enterprise being approved to pilot the MMS.
Africa − Apr 3, 2020, the West African Economic and Monetary Union (WAEMU) and the Central Bank of West African States (BCEAO) approved free nationwide transfers of electronic money between people for amounts less than or equal to 5,000 CFA francs, 50% reduction, by banks, of commissions paid by merchants on merchant payments, relaxation of the conditions for opening electronic money accounts, etc., aimed at reducing the circulation of cash.
EU – As a part of its new anti-money laundering measure, in Jul 2021, the European Commission proposed a EU-wide upper limit of EUR10,000 on large cash payments for companies and individuals. Implementation date is yet to be revealed
ISO 20022 is now the global standard for payments messaging and creates a common language and model for payment data worldwide. In June 2020, Payments Canada announced the availability of ISO 20022 messages for Lynx, the country’s new high-value payments system. ISO 20022 messages for cross-border payments will start in late 2022 instead of Nov 2021 as initially planned by SWIFT.
ISO 20022 messages for cross-border payments and cash reporting businesses will start from end 2022 instead of November 2021 as originally planned by SWIFT. The migration will cover cross-border payments of correspondent banks as well as other users of these messages in securities markets. Timeline for Wave 2 implementation of ISO20022 messaging for Corporate Actions and Billing Processes deadline be Nov 2025.
China - China leads the way in adoption of ISO 20022 for payments- People’s Bank of China (PBOC) published its ISO 20022 migration plan as long ago as 2011.China’s Cross-border Interbank Payments System (CIPS) also uses ISO 20022. CIPS launched in 2015 as a worldwide interbank payment system to encourage the use of the Renminbi, reducing costs and processing times. Later cut-off times have extended CIPS’ operating hours for payments, which makes it easier for participants in Europe to execute same-day payments. Over 800 banks from about 90 countries participate in CIPS, either as direct or indirect participants.
Europe - During March 2020 meeting the Swift Board and European Central Bank Executive endorsed a decision to shift their ISO 20022 migration date for cross-border payments from November 2021 to end 2022. Currently the move to ISO20022 is gathering pace, and although SWIFT has extended the timeline for the ISO 20022 start point by one year to November 2022, the end date to enable full ISO 20022 for cross-border payments remains as originally planned, Nov 2025.
Mar 2021 − In the United States, the Federal Reserve announced its ISO20022 message specifications for the FedNowSM Service. FedNow Service facilitates nationwide reach of instant payment services by financial institutions – regardless of size or geographic location – in near real time, around the clock, every day of the year. It is expected to become operational in 2023.
Jun 2020, Payments Canada announced the availability of ISO 20022 messages for Lynx, the country's new high-value payments system. It will be a real-time gross settlement system, including an enhanced risk model that complies with Canadian and international risk standards and will be enabled with the global ISO 20022 messaging standard. Lynx, Canada's new high-value payment system went live on Sept 2021 replacing the Large Value Transfer System (LVTS), which has served as Canada's high-value payment system for over 20 years.
Peru - Peru is working to link banks, FinTechs and mobile wallet providers into an interoperable hub for instant payments using real-time technology provided by MasterCard. With a launch set for early 2022, Peru will be the second Latin American country after Brazil to introduce an ISO 20022-based instant payments scheme.
Since the 2017 launch of SWIFT, adoption has been steady, including the world’s 60 biggest banks and several other financial institutions. By Nov 22, 2020, every eligible financial institution on SWIFT will be required to confirm all incoming MT 103 payment instructions. FIs will be measured on whether or not they confirm at least 80% of their payments within two business days (including those transferred outside of SWIFT). Institutions that fail to meet the criteria by the end of Nov 2020 may lose access to some features of the Basic Tracker.
In Sep 2019, SWIFT launched a service to deliver global instant payments by integrating global payments innovation (gpi), the cross-border payments service with real-time service levels, into domestic instant payments systems worldwide. SWIFT, together with gpi banks, will facilitate instant international payments with upfront fee and foreign exchange transparency for senders, while also ensuring the ubiquitous availability of instant cross-border payments globally.
SWIFT’s global payment initiative (gpi) for cross-border payments became mandatory on Nov 2020 based on the timeline set. The Central Bank of the UAE (CBUAE) announced that it has been working with SWIFT on an initiative to further enhance the speed and transparency of cross-border payments in May 2021
In Dec 2020, Lloyds Bank in the UK became the first bank to switch on Swift gpi Instant, a new service from the Brussels-based interbank co-operative that enables consumers and businesses to send tracked payments in seconds across borders.
TARGET2, a Real Time Gross Settlement (RTGS) funds transfer system, owned and operated by Euro system, is the second generation of TARGET. It enables real-time payments to flow safely and efficiently across Europe in Euro. TARGET2 settles payments related to the Euro system’s monetary policy operations, bank to bank, and commercial transactions without any value limit. Central banks and commercial banks can submit payment orders in euro to TARGET2, where they are processed and settled in central bank money. Deadline for migration to TARGET 2 – Nov 2021
Thanks to TIPS, individuals and firms can transfer money between each other within seconds, irrespective of the opening hours of their local bank. TIPS was developed as an extension of TARGET2 and settles payments in central bank money. TIPS currently only settles payment transfers in euro. However, if demand dictates, other currencies could also be supported.
The Netherlands rolled out instant payments in 2019, and henceforth, all business and private customers of seven Dutch banks (ABN AMRO, ING, Rabobank, de Volksbank ‒ ASN Bank, RegioBank, SNS ‒ and Knab) can quickly transfer payments via mobile and online banking.
In Jun 2019, Nets and Giro launched an instant payment platform for Hungarian banks to test services, and in Mar 2020, GIRO had commercialized a new instant payments platform based on the well-established platform – RealTime24/7. The commercial launch included all Hungarian banks, delivering a massive volume of more than a million successful transactions in the first three days.
In Feb 2019, Bankart, which is a Slovenian firm in the field of processing and modern payments instruments, went live with Nets’ RealTime24/7, enabling transactions between Slovenian banks to be cleared in less than a second.
Europe - TARGET2, a Real Time Gross Settlement (RTGS) funds transfer system, owned and operated by Euro system, is the second generation of TARGET. Deadline for migration to TARGET 2 – Nov 2021
Thanks to TIPS, individuals and firms can transfer money between each other within seconds, irrespective of the opening hours of their local bank. TIPS was developed as an extension of TARGET2 and settles payments in central bank money. TIPS currently only settles payment transfers in euro. However, if demand dictates, other currencies could also be supported.
Saudi Arabia- On April 2021, Saudi Payments, under the supervision of the Saudi Central Bank (SAMA) announced the launch of Saudi Arabia's instant payments system 'sarie' in cooperation with IBM and Mastercard. The introduction of 'sarie' is in line with Saudi Arabia's Financial Sector Development Program (FSDP) under Saudi Vision 2030, which targets achieving 70% non-cash transactions by 2030. 'sarie' allows bank customers to send and receive money in real-time using a wider range of services and transfer options. Customers of local banks can make instant transactions of up to SAR 20,000 (USD 5,300) through the system. Further, "sarie" users can benefit from the quick transfer service to send up to SAR 2,500 (USD 660) using aliases, such as mobile number, email address, ID number, or IBAN number.
Aug 2020 − In the US, the Board of Governors of the Fed announced details of its phased approach to implementing the FedNow Service, a real-time gross settlement (RTGS) payment system with integrated clearing. It will offer instant (24x7x365) payment processing for every bank in the United States. The initial launch target date is 2023 or 2024.The initial launch will provide baseline functionality and help banks manage the transition to a 24x7x365 service.
Mar 2021 − Payments Canada selects Interac Corp., real-time rail exchange services, to serve as the exchange solution provider for the country’s Real-Time Rail (RTR). Expected to be introduced next year, the RTR will be operated by Payments Canada and regulated by the Bank of Canada, enabling Canadians to send and receive funds in seconds, anytime and any day throughout the year.
APAC - As of Apr 2021, The Monetary Authority of Singapore (MAS) and the Bank of Thailand (BOT) initiates the linkage of Singapore’s PayNow and Thailand’s PromptPay real-time retail payment systems. The first of its kind globally, the linkage is the culmination of several years of extensive collaboration between MAS and BOT, both countries’ payment system operators, bankers’ associations, and participating banks.
Customers of participating banks in Singapore and Thailand will be able to transfer funds of up to S$1,000 or THB25,000 daily across the two countries, using just a mobile number.
The global mobile wallet market accounted for more than USD880 billion in 2017 and is expected to reach more than USD9,352 billion by 2026, for a 30% CAGR.
In India, mobile wallet operators such as PhonePe, Paytm, and Amazon Pay worked to upgrade users’ non-compliant accounts to full KYC by the Feb 2020 deadline. RBI gave them the option to convert their minimum KYC accounts to low KYC pre-paid instruments, or PPI accounts.
The low KYC PPI account will have a monthly transaction limit of Rs 10,000, and this move likely helps 200 million non-compliant KYC mobile wallet users, many of whom authenticated via Aadhaar.
In Europe, mobile wallets ‒ Bluecode, ePassi, momo pocket, Pagaqui, Pivo, Vipps ‒ joined with Alipay to offer QR code-based payments to local merchants in 10 European countries where these apps are accepted. ePassi is preparing to roll out the QR code format for users across several Nordic countries, while the Spanish payment company MOMO, Portugal’s Pagaqui, and Austria’s Bluecode intend to extend the collaboration in their home markets.
In Feb 2020, The Saudi Arabia Monetary Authority (SAMA) approved Halalah and BayanPay to launch full e-wallet services, as part of the country’s attempts to promote a cut in the use of physical cash.
Worldpay from FIS 2020 Global Payments Report predicts Digital wallets to account for 52% of global e-commerce sales by 2023.
Tokenization makes mobile wallet payments more straightforward, safer, and more secure. Tokenization supports Apple Pay, Android Pay, and Samsung Pay, as well as several payment services offered by OEMs and banks.
In India, PayTm operates 300 million wallets, making it the largest mobile payment service platform in the country. In Kenya, M-Pesa allows people to transfer cash using their phones and is used by 67% of adults to contribute to a quarter of the country’s GNP flow.
Mobile payments in China have reached over $41 trillion (277 trillion yuan) annually. More than 92% of the mobile payments are made over the two dominant platforms: Alipay (53%) and WeChat Pay (39%)
The Global Mobile Wallet Market was valued at $1,043.1 billion in 2019, and is projected to reach $7,580.1 billion by 2027, growing at a CAGR of 28.2% from 2020 to 2027. The growth of mobile wallet market is expected to grow significantly during Covid-19 pandemic as the consumers are now preferring mobile wallets such as Paytm and Google Pay for making financial transactions to avoid physical contact with individuals to prevent transmission of corona virus.
Europe - Europe is expected to witness the transaction value surging by 28.3% to $1.17 trillion. The noticeable upward trend is expected to continue in the following years, with the entire industry reaching $1.95 trillion value 2025.
India - According to Reserve Bank of India (RBI), in April 2020, transactions made using mobile wallet across the India was doubled to 87.0 million compared to Mar 2020.
Saudi Arabia - Feb 2020: The Saudi Arabia Monetary Authority (SAMA) approved Halalah and BayanPay to launch full e-wallet services, as part of the country’s attempts to promote a cut in the use of physical cash. Early 2020, SAMA issued licences to STC wallet brand STC Pay and financial technology provider Geidea.
Worldpay from FIS 2020 Global Payments Report predicts Digital wallets to account for 52% of global e-commerce sales by 2023.
B2B cross-border payments is a growing segment ripe for disruption. Visa connected with several banks in Nov 2018 to begin testing VisaB2B Connect, a platform that can help banks provide cross-border payments more efficiently. Due to the traction in the cross-border payments segment, Mastercard and Visa vied for the acquisition of Earthport, which was purchased ultimately, by Mastercard.
Although adoption is somewhat nascent, blockchain has promising potential for cross-border payments use. Also, SWIFT plans to expand its blockchain integration, and this trend may grow as banks look more closely at the capabilities of blockchain.
As part of ASEAN 2025, member states engage in the modernization and integration of their financial infrastructures to lead, ultimately, to a pan-regional real-time payment ecosystem. Malaysia’s CIMB and RippleNet have collaborated to improve consumer access to cross-border remittances, both inbound into ASEAN and outbound to other countries.
Brazil, Russia, India, China, and South Africa are creating a single payment system, BRICS Pay, as part of the drive to establish a common system for retail payments and transactions between the five BRICS nations. These countries plan to introduce a cloud platform to connect their national payment systems. An online wallet will be developed with access to these payment systems, as well as a mobile app similar to Apple Pay that can be installed on smartphones for purchases in any of the five BRICS countries, regardless of which currency the payment and the money in the account of the buyer are denominated in. The BRICS Pay contactless payment system will not duplicate the national payment systems; but will act as a service for linking the credit or debit cards of the citizens of the five BRICS countries to online wallets, which will offer them the ability to pay using a smartphone.
FinTech companies such as Adyen, Airwallex, with technology in hand, have built cross border financial infrastructure and applications that inspire global opportunities and help customers scale their business in every corner of the globe. These applications provide simple and fair transparent pricing ‒ No monthly fees, no card fees, just a small margin on top of our interbank FX rates.
The Danske Bank, DNB, Handelsbanken, Nordea, OP Financial Group, SEB, and Swedbank are considering domestic and cross-border payments in multiple currencies. The system builds on the smartphone payment applications that Nordic banks have already created, such as Swish in Sweden, Norway’s Vipps, and MobilePay in Denmark. It was named P27 to connect 27 million people in the Nordics.
BRICS countries are aiming a for a single payment system, BRICS Pay, that would encourage payments in local currencies and pin down sustainable investment among the five countries. The BRICS Pay contactless payment system will not duplicate the national payment systems; but will act as a service for linking the credit or debit cards of the citizens of the five BRICS countries to online wallets, which will offer them the ability to pay using a smartphone.
Russia is also suggesting on facilitate settlements through a single BRICS cryptocurrency.
The Danske Bank, DNB, Handelsbanken, Nordea, OP Financial Group, SEB and Swedbank introduced P27 payments in 2019. P27 will see the banks create a single payments platform and allow instant cross-border payments within the region, in a bid to uplift local business. It’s predicted by the company’s owners that P27 will become financially viable by 2021.
In May 2020, the Central Bank of Brazil announced open banking regulations. The implementations should take effect from Nov 2020 in four phases and be fully operational by Oct 2021. The Central Bank of Brazil reinforces that all authorized financial institutions will participate in the open banking system. In addition, the participation of the largest banks in Brazil is mandatory.
In Dec 2019, South Korea formally launched an open banking service to increase convenience and lower transaction costs for bank customers. The new system enables bank customers to access nearly all banking services offered by any bank through a single smartphone application, including withdrawals and transfers, according to the Financial Services Commission.
Australia’s Australian Competition and Consumer Commission ACC opted for a phased implementation of open banking that was to begin in Jul 2020.
Australia’s big four banks – ANZ, NAB, Westpac, and Commonwealth Bank – have taken open banking first steps. Updated timelines: Major banks began to share PRD for credit and debit cards, deposit accounts, transaction accounts, mortgage, and personal loan accounts in Feb 2020, and non-major banks started in Jul 2020.
Beginning in Jul 2020, customers of Australia's four major banks can direct their bank to disclose their banking data from a range of personal accounts to accredited data recipients. Major banks will be required to share consumer data relating to mortgage and personal loan accounts beginning in Nov 2020. Major banks will be obliged to share certain more complex data sets, including joint accounts, closed accounts, direct debits, and scheduled payments from Nov 1, 2020.
Feb 2021- Brazil: The Central Bank of Brazil initiated its phase 1 implementation from Feb 2021. The Central Bank of Brazil reinforces that all authorized financial institutions will participate in the open banking system. In addition, the participation of the largest banks in Brazil is mandatory. The Central Bank of Brazil and the National Monetary Council (CMN) postpones full implementation of open banking from Aug 2022 to Sep 2022 in order to test implementations and seek certifications.
Jul 2020 - Australia: Open banking was introduced in phases. As phase-1, consumer data relating to credit and debit cards, deposit accounts and transaction accounts was shared by non-major authorized deposit-taking institutions(ADI) in Jul 1, 2020. Consumer data relating to mortgage and personal loan data was shared by non-major ADIs on Nov 1, 2020 as phase 2. Banks other than the Big Four – CommBank, NAB, Westpac and ANZ – had until Jul 1, 2021 to provide access to open banking data. Finally, phase 3 will come into play in Feb 2022. This includes investment loans, asset finance and retirement savings accounts. Open banking is expected to be fully implemented by Nov 1, 2022.
Jan 2021 − Saudi Arabia: SAMA, the Kingdom’s Central Bank, said it would launch an open banking regulatory framework during the first half of 2022. Besides innovation and financial inclusion, open banking is set to increase competition and reduce barriers to entry for financial technology startups and encourages greater efficiency in the Saudi banking system.
Feb 2021 − Nigeria: The Central Bank of Nigeria issued the regulatory framework for open banking, establishing principles for data sharing across the banking and payment ecosystem. The framework, which addresses issues including data and API access requirements, principles for APIs, data, technical design, and information security specifications, is aimed at promoting innovation, broadening the range of financial services and products, and deepening financial inclusion.
May 2021 – Hong Kong: The Hong Kong Monetary Authority (HKMA) announced Phases III (Account information) and IV (Transactions) of its Open API Framework, following the implementation of Phases I and II of the Open API Framework in January and October 2019 respectively. The initial batch of API functions are expected to be implemented progressively by the 28 participating banks starting from December 2021.
Jan 2021 − South Korea: Announced open banking service in Dec 2019 and in Jan 2021 unveiled its plan to promote financial innovation by advancing open banking development and adoption. Based on which FSC will begin allowing savings banks and credit card companies to provide open banking services in the first half of 2021, which will be followed by financial investment businesses. Moving forward, the government said it will also work to allow more account types to be eligible to sign up for open banking and to connect open banking with other digital finance infrastructures such as government-led MyData and MyPayment. The end goal here is to allow for the development of a one-stop platform offering analysis, advise and account transfer services all from the same place.
Oct 2020 − Bahrain: The Central Bank of Bahrain launched an Open Banking Framework that includes detailed operational guidelines, security standards and guidelines, customer experience guidelines, technical open API specifications and the overall governance framework needed to protect customer data.
Jun 2020 − Mexico: The National Banking and Securities Commission published the first set of regulations regarding open banking in the country. By Jun 2021, over 2,200 financial entities in Mexico had implemented APIs to exchange open data with third parties.
Jun 2021 − European Banking Authority (EBA) identified numerous recommendations for a collective potential reduction of banks’ reporting costs by 15-24%. The EBA made 25 recommendations to reduce compliance costs with supervisory reporting requirements focusing primarily on small and non-complex institutions. Cost reduction will also enable more firms to adopt FinTech and RegTech solutions and promote better digitalization of banks’ internal documents and contracts.
Nov 2020 − the European Commission proposed a new European way of data governance, a part of a set of measures announced in the 2020 European Strategy for Data, to foster data availability by ensuring trust in data intermediaries and boosting data-sharing mechanisms across Europe through cross-sectoral standardization The regulation will also support the set-up and development of common European data spaces in strategic domains, involving both private and public players: health, environment, energy, agriculture, mobility, finance, manufacturing, public administration, and skills.
In July 2020, 16 major European banks from five countries backed by the European Central Bank (ECB) paved the way to launch the European Payments Initiative (EPI). The plan offers a unified card and digital wallet for use across Europe — to supersede the previously fragmented landscape. Through the end of 2020, European market players, banks or banking syndicates, and third-party PSPs may apply/join EPI as a founder. The European Payments Initiative is to become operational in 2022.
The aim of EPI is to create a unified, innovative Pan-European payment solution leveraging Instant Payment/SEPA Instant Credit Transfer (SCT Inst), which offers a card for consumers and merchants across Europe, a digital wallet and P2P payments.
Apart from the group of 16 major European banks from 5 countries who paved way for the launch of EPI, PKO Bank Polski (PKO BP), Poland’s largest bank, and OP Financial Group, the leading Finnish retail bank, are joining EPI as founding shareholders of the recently created company.
Furthermore, a group of 12 Spanish credit institutions banks has also formed a consortium and are joining EPI as a collective founding shareholder of the EPI Interim Company. shareholders. Third-party acquirers Worldline and Nets has also announced their accession as EPI founding shareholders
EPI is expected to enter the operational stage in 2022
Sep 24, 2020 − the European Commission adopted a Digital Finance Package aimed at enhancing the European Union’s competitiveness in the financial sector and ensuring that EU financial services regulation is “fit for the digital age. The Digital Finance Package consists of two initiatives: the EU Digital Finance Strategy and the EU Retail Payments Strategy, both of which establish a series of regulatory objectives and priorities that the Commission intends to achieve by 2024.
The fifth Anti-Money Laundering Directive came into effect in January 2020. It emphasizes transparency and disclosure of an entity’s actual owners. Additionally, based on its Sept 2020 deadline, member states are now required to set up centralized, automated mechanisms to identify the holders of bank accounts and safe deposit boxes. Throughout the EU, Member State notifications are fragmented, reflecting the complexity of identifying and classifying legal arrangements. Member States that fail to transpose the directives correctly may face enforcement actions and penalties.
A new European Electronic Communications Code is due to take effect in all EU Member States by Dec 21, 2020 to improve the security of electronic communications services. In anticipation of the transition, ENISA began preemptive collaboration with national telecom regulators from across Europe.
The European Commission adopted the RTS (Regulatory Technical Standards) to prevent fraud and secure customer data. Under RTS, the banks set up a communication channel for TPP’s, thereby allowing banks to identify the TPP’s when accessing the customer data and for secure messaging to communicate with each other.
Since the introduction of PSD2, there has been overlap between SecuRePay and PSD2 regarding payee (KYC) identification, linking the payment instrument with KYC, and linking KYC and the payment instrument with 2FA, which should include a dynamic element or biometrics
Beginning in Jan 2020, as part of the implementation of the fifth Anti-Money Laundering Directive (AMLD5), the German Parliament required providers of technical infrastructures, such as Apple regarding the Near Field Communication (NFC) antenna contained in iPhones, to grant access to those technical infrastructures to payment service providers (PSPs).
European Union unveiled strategy for Indo-Pacific cooperation on Apr 16, 2021 to develop partnerships in security and defense, including addressing maritime security, malicious cyber activities, disinformation, emerging technologies, terrorism, and organized crime.
A new European Electronic Communications Code was adapted by all EU member states on Dec 21, 2020 to improve the security of electronic communications services. Anticipating this transition, to make the most out of the new rules, ENISA started collaborating with national telecom regulators across Europe.
After the introduction of PSD2, there is a certain level of overlap between SecuRePay and PSD2 regarding the identification of the payee (KYC), linking the payment instrument with KYC, linking KYC and payment instrument with 2FA, which should be comprised of one dynamic element or biometrics.
Internet Payment Security – Strong Customer Authentication:
The European Banking Authority (EBA) extended the deadline for migration to Strong Customer Authentication (SCA) to Dec 31, 2020, a 15-month extension from the original Sep 14, 2019 implementation date.
Many European countries were able to enforce the new regulations by Dec 31, 2020. In these countries, two-factor authentication had been mandatory for all online purchases, and one time passwords by SMS were no longer considered a safe authentication factor.
However, a few EU/EEA countries needed the extension to carry over into 2021:
France: The French Banque de France has chosen an SCA enforcement that can be done in phases based on transaction value. All transactions had to be SCA compliant by Mar 31, 2021.
Germany: All transactions had to be SCA compliant by Mar 15, 2021.
Italy: All Italian transactions had to be SCA compliant by Apr 1, 2021.
Spain: All transactions were subject to SCA compliance on Mar 1 2021.
Belgium: The deadline for SCA compliance was May 18, 2021 at the National Bank of Belgium (NBB).
Ireland: The Central Bank of Ireland began fully enforcing SCA in Ireland on Jul 1, 2021.
Denmark: Nearly making the 2020 cut-off, the Danish Finanstilsynet decided to give their payment industry a few extra days to get their SCA processes in order, and didn’t start full enforcement of SCA until Jan 11, 2021.
Austria: The final deadline for issuers to become fully SCA compliant was Mar 15, 2021.
Switzerland: Switzerland was the last country (together with the UK) to fully enforce SCA. Swiss issuers had until Sep 15, 2021 to comply.
In Apr 2019, the European Commission launched the European Forum for Innovation Facilitators (EFIF) to foster collaboration and experience-sharing among European financial supervisors about their engagement with FinTech firms through sandboxes and innovation hubs. Also, the European Supervisory Authorities (ESAs) and EU Member States’ National Competent Authorities (NCAs) will be joined by third-country authorities to exchange best practices, identify regulatory obstacles and share FinTech growth information.
The European Commission issued a public consultation in preparation for a digital finance strategy/FinTech action plan that was to be proposed in Q3 2020. The strategy defines priorities for the next five years and policy measures to be implemented.
The EC supports a regulatory sandbox, a controlled and structured environment in which a regulatory framework is set by the financial sector regulator, to allow enough space for innovation development. It aligns compliance and regulation with the rapid growth in FinTech companies without compromising customer security.
Twenty-one EU Member States and three European Economic Area (EEA) countries currently have innovation hubs, while only five Member States have fully operational regulatory sandboxes. The EC is working with market players on risk assessment related to innovations and determine whether EU-level regulatory action is required.
Spain plans to launch a regulatory sandbox under the supervision of three authorities: Banco de España (the country’s central bank); the Comisión Nacional del Mercado de Valores (the National Securities Market Commission, the agency responsible for financial regulation of securities markets); and the Dirección General de Seguros y Fondos de Pensiones (the Directorate-General for insurance and pension funds).
The European Banking Authority (EBA) extended the deadline for migration for Strong Customer Authentication (SCA) to Dec 31, 2020, from the initial Sep 14, 2019. And, as COVID-19 constrained FI resources, The European Payment Institutions Federation wrote to the EBA (European Banking Authority) in March 2020 asking for a six-month extension of the Dec 31, 2020 SCA deadline. Under SCA, the consumer goes through two-factor authentication that includes providing two or more of these: 1. Knowledge: Pin/Password that only customer knows, 2. Possession of a hardware token, 3. Inherence: Biometric factors such as facial or fingerprint recognition to improve security.
SCA came under force from end of 2020, especially as so many European countries were able to properly enforce the new regulations as of December 31st 2020. In these countries, two-factor authentication has been mandatory for all online purchases, and one time passwords by SMS is no longer considered as a safe authentication factor.
· However, a few EU/EEA countries needed the extension carried over into 2021 such as the UK, France, Germany, Italy, Spain, Belgium, Ireland, Denmark, Austria and Switzerland.
· Considering SCA’s frictional payment method, its mainly used for high value and high risk transactions in card payments.
SCA introduced one-in-five policy in contactless payments to combat fraud where the card get blocked in every one in five contactless payment and also when a series of payments adds to more than 100Euro even if it’s not a fifth contactless payment. Either way customers are required to enter their PIN to unblock. Limits fraudulent activity.
AI: In Feb 2020, the European Commission (EC) presented its long-awaited proposal for comprehensive AI regulation at the European Union level. The draft legislation, which is part of a more significant effort to increase public and private investment in AI to more than €20 billion per year over the next decade, is expected to be available by the end of 2020.
Contactless: Contactless payment adoption in Europe is well ahead of the rest of the world and is becoming a new normal with the pandemic scenario. 89% of people agree that contactless payments have been easy to adopt, and nearly half (42%) of people across Europe admit their use of cash has decreased during COVID-19. It is expected that all point-of-sale terminals in Europe will be contactless-enabled by the end of 2020.[1]
AI: In Feb 2020, the European Commission (EC) presented its long-awaited proposal for comprehensive AI regulation at the European Union level. The draft legislation, which is part of a more significant effort to increase public and private investment in AI to more than €20 billion per year over the next decade, is expected to be available by the end of 2020.
Contactless: Contactless payment adoption in Europe is well ahead of the rest of the world and is becoming a new normal with the pandemic scenario. 89% of people agree that contactless payments have been easy to adopt, and nearly half (42%) of people across Europe admit their use of cash has decreased during COVID-19.
Biometrics: Use of biometrics in payments is on an accelerated uptake due to multiple factors including the desire for convenience, frictionless authentication while paying in all channels, and security. Its estimated that the biometric payment cards are expected to see a significant growth in Europe by 2021 and Europe finger print recognition to have a growth worth 11.5Bn USD by 2023.
Credit card companies and banks across Europe namely RBS and Societe Generale has embraced trial of finger print embedded payment cards to provide customers with better payment security
[1] Mastercard,”Contactless Continent,”May 28, 2020
The EU’s Electronic Identification and Trust Services Regulation (eIDAS) has been in effect throughout the European Union since Sep 2018.
The European Parliament passed a regulation to secure ID cards to strengthen identity card security and residence documents throughout the European Union. Moreover, the security features of ID cards will align with those of passports. Both types of travel documents will contain a highly secure contactless chip with the holder’s photo and fingerprints.
5AMLD, together with eIDAS regulation, supports the EU’s Digital Single Market concept that allows immediate homogenous electronic identification in Europe and remotely as 5AMLD emphasizes the transparency of an entity’s real owner.
Electronic ID (eID) provisions and related trust services created by the regulation will dramatically increase the level of security for cross-border transactions for businesses and offer many other benefits.
The eID scheme is active in several member states, while the same is in development in Bulgaria, Cyprus, France, Greece, the Netherlands, Poland, and Romania. Denmark, Ireland, and the UK are exceptions because of a lack of political and social support.
The European Commission is currently evaluating eIDAS regulatory framework and ran an open consultation from Jul 24 to 2 Oct 2, 2020.
The aim of the consultation was to collect feedback on drivers and barriers to the development and uptake of trust services and eID in Europe and on the impacts of the options for delivering an EU digital identity. The Commission will assess to what extent the eIDAS framework remains fit for purpose and will also consider whether it is appropriate to modify the scope of the regulation or its specific provisions.
Sep 25, 2020 - Switzerland: The Swiss Parliament adopted certain amendments to Swiss legislation pursuant to which the Swiss legal framework will adapt to be compatible with such new financial instruments (DLT, blockchain). the new legislative framework may enter in force as early as mid-2021.
Aug 2020 – As part of India’s New Umbrella Entity (NUE), the Reserve Bank of India (RBI) released a framework for retail payments to reduce the dominance of the National Payments Corporation of India (NPCI) and invigorate innovation and market competition. RBI does not seek to supervise NUEs due to the high cost of setting up a new bank division. The new entity will operate payment systems such as ATMs, white-label PoS, Aadhaar-based payments, and remittance services.
2019 − Sahamati is the result of a collaboration between four major financial regulators: Reserve Bank of India (RBI), Securities and Exchanges Board of India (SEBI), Insurance Regulatory and Development Agency (IRDA), and Provident Fund Regulatory and Development Agency (PFRDA), that came together to allow regulated entities under their control to share data with user consent, including the right to revoke their consent for use at any time.
May 2021 − To help ease the uncertainties faced due to the pandemic, the RBI has proposed a few changes to the existing KYC norms. According to the Digital Fifth, these include extension of Video-Based Customer Identification Process (VCIP) for new categories of customers such as proprietorship firms, authorized signatories, and beneficial owners of Legal Entities and for periodic updating of KYC.
This will have an impact on current account opening as well as MSME Lending, that will go completely digital. Also, digital SME banks would be launched by banks as well as neobanks in coming months.
May 2021 − RBI mandated mobile wallet interoperability that requires all licensed prepaid instruments or mobile wallets (Paytm, PhonePe, MobiKwik, etc.) to be interoperable beginning in fiscal 2023. Any prepaid card or digital wallet where the customer has completed KYC procedures can be used interoperable with other prepaid instruments. Additionally, mobile wallets such as Paytm, PhonePe, and Mobikwik can now be used for cash withdrawals up to Rs 2,000. The wallet limit was also increased to Rs 2 lakh from Rs 1 lakh.
Reserve Bank of India (RBI) introduced operational guidelines on the interoperability of prepaid payment instruments (PPIs).
India rolled out One-Nation-One-Card in March 2019 to enable passengers in India to commute anywhere through any mode of transport. All new credit and debit cards issued by most banks have the National Common Mobility Card feature to make payments for their travel. Delhi Metro will begin to implement an automatic fare collection counters (AFCs) pilot in Dec 2020 to read these cards for a seamless exit at stations.
RBI announced steps in late 2019 to encourage digital payments, including removing charges related to the National Electronic Funds Transfer (NEFT) and introducing an interoperable system so drivers can rely on FASTags to pay parking fees, fuel, and other activity. And beginning in Jan 2020, banks no longer charged savings account holders for online NEFT transactions.
In Dec 2019, RBI introduced a new type of prepaid payment instrument (PPI) with a limit of up to Rs10,000 to be used only to purchase goods and services. The loading /reloading of such PPI will be only from a bank account and used for making only digital payments such as bill payments, merchant payments, etc.
National Common Mobility Card (NCMC)– “One Nation One card” – Early 2019, Indian Prime Minister launched the indigenously-developed National Common Mobility Card (NCMC) that runs on RuPay card to enable people to pay multiple kinds of transport charges, including metro services and toll tax, across the country.
RuPay card launched internationally: UAE, Singapore and Bhutan. Aug 2019 − Memorandum of Understanding between the National Payments Corporation of India (NPCI) and UAE’s Mercury Payments Services established a technology interface between the payment platforms in India and UAE. The NPCI in association with the Mercury Payments Services, has made RuPay cards acceptable at 1,75,000 merchant locations and 5,000 ATM and cash access locations within the UAE. RuPay has partnered with international players Discover, Japan Credit Bureau and China Union Pay to enhance international acceptance.
Regulatory guidelines from the Reserve Bank of India (RBI) went into effect in Apr 2020 for payment aggregators and payment gateways on directions for opening and operation of accounts and settlement of payments for electronic payment transactions involving intermediaries.
Mar 17 2020 − Reserve Bank of India (RBI) rolled out regulatory guidelines on payment aggregators and payment gateways on directions for opening and operation of accounts and settlement of payments for electronic payment transactions involving intermediaries.
Neither the authorized Payment Aggregators (PAs) nor the merchants onboarded by them can store customer card credentials within their database or server. Based on the representations received from the industry seeking additional time for implementing the above instructions, it has been decided, as a one-time measure, to extend the timeline for non-bank PAs by six months, i.e., until Dec 31, 2021.
The 2019 Personal Data Protection (PDP) bill protects Indian users from global breaches and prioritizes the storage and processing of critical information related to individuals in India.
The draft National Cyber Security Strategy 2020 (for2020-25), seeks to secure India cyberspace and is on track for finalization in late 2020.
Government data reveals that India experienced 394,00 instances of cybersecurity incidents in 2019. CERT-In data shows that 336 websites belonging to central ministries, departments, and state governments were hacked from 2017 and 2019.
RBI limits customer liability in fraudulent PPI transactions. Under new customer liability norms, the regulator announced that fraud caused by a third-party breach is not the fault of the customer or the PPI issuer, and the customer is not liable if the incident is reported within three days. If the fraud is reported between three and seven days, customer liability will amount to the transaction value or ₹10,000 (about USD136), whichever is lower.
Apr 2021 − The Reserve Bank of India (RBI) top official has said that RBI will soon issue cybersecurity norms for payment service providers (PSPs), following a series of data breaches faced by operators including Mobikwik and payment aggregator JusPay.
Debit and Credit card recurring payment: Early 2021, RBI rolled out a new rule that additional authentication will be required by the customer from Apr2021 for auto-payments from debit and credit cards or via wallets. It acts as an additional security wall against cyber security issues since pandemic has increased the pressure on the banking industry to combat cyber fraud.
The 2019 Personal Data Protection (PDP) bill protects Indian users from global breaches and prioritizes the storage and processing of critical information related to individuals in India.
The National Cyber Security Strategy 2020 (for 2020-25) aims to improve cyber awareness and cybersecurity through more stringent audits
RBI limits customer liability in fraudulent PPI transactions. Under new customer liability norms, the regulator announced that fraud caused by a third-party breach is not the fault of the customer or the PPI issuer, and the customer is not liable if the incident is reported within three days. If the fraud is reported between three and seven days, customer liability will amount to the transaction value or ₹10,000 (about USD136), whichever is lower.
Dec 11, 2019 − Indian government introduced the Personal Data Protection Bill(PDP), 2019, in parliament, which would create the first cross-sectoral legal framework for data protection in India. However there is an expected delay for the PDP Bill to get enacted, given the substantial delays in progress and recent reports on the scope of the PDP Bill being reopened and broadened.
Jan 2021 − China’s State Administration for Market Regulation (SAMR) released draft rules designed to regulate non-bank payments. Supported by the People’s Bank of China (PBOC), the SAMR rules say that any non-bank payments processor with more than one-third of the non-bank payments market − or two companies with a combined half of the market − could be subject to regulatory warnings.
China’s national standard Information Security Technology – Personal Information Security Specification is in the process of revision, and its formal revision is likely to be issued by 2020.
Several regulations were drafted in accordance with the Cybersecurity Law and published for public comment. The legislature is likely to issue final versions by the end of 2020 that may include data security management measures, security assessment of cross-border transfer of personal information, regulations on security protection of critical information infrastructure, and cybersecurity grade protection regulations. Various industry authorities may also formulate and issue regulations or drafts for comments on cybersecurity, data security protection, and personal information protection applicable to their industries in accordance with the Cybersecurity Law.
Dec 2020 − Indonesia revised POJK 77 regulations for online lenders and formalized by Q1 2021. The revised regulation demands a higher degree of transparency from FinTech lending providers, in order to apply for a FinTech license, new platforms will need at least IDR 15 billion (USD 1 million) in core capital, P2P lending platforms must show their statistics on their websites, etc. The OJK also encouraged FinTechs to double up loans in the production sector and also wants a wider distribution of loans all across Indonesia, including rural areas.
Indonesian regulatory bodies and FinTechs are trying to strike a balance that will encourage innovation in the industry while also maintaining a regulation that ensures customers’ security. Bank Indonesia (BI) is also preparing other initiatives based on its 2025 payment system road map, including creating a data hub and real-time payment system called BI-Fast to boost the FinTech industry in particular and the economy in general
In May 2019, Bank Indonesia (BI) launched its Quick Response Indonesia Standard (QRIS) code system to universalize cashless payment in the country. QRIS, which physically manifests as a more complex QR pattern, allows users from one payment service to transfer funds to any rival service within BI’s ecosystem.
Nov 2020 − The National Automated Clearing House Association (Nacha) announced the launch of Phixius to provide interoperability between various participants connecting to the platform, enabling better security during the exchange of payment information versus storing it in a central repository like the cloud.
May 2021 − The US Office of Management and Budget expanded its Do Not Pay databases by 12 to help agencies detect and prevent improper payments through a variety of data matching and data analytics services
Aug 14, 2020 − The California Attorney General’s office officially approved and put into effect the California Consumer Privacy Law. The regulations do not allow companies to comply with opt-out requirements by setting up a “do not sell my information” link, but do allow companies to use the fuller “do not sell my personal information” link.
Nov 25, 2019, The Central Bank of the United Arab Emirates established a FinTech office in an effort to attract international investors.
Following a new AML law in late 2018, the UAE issued a resolution in early 2019 with provisions to implement the AML Law. The AML Resolution introduced several significant provisions, including the introduction of a risk-based approach to AML regulation. International wire transfers higher than AED3,500 (USD 953) require the provision of certain information to trace such transfers.
The National Anti Money Laundering and Combatting Financing of Terrorism and Financing of Illegal Organisations Committee (NAMLCFTC) adopted guidelines for financial institutions, designated non-financial businesses and professions in Apr2021. The committee also approved six risk assessment reports related to terrorist financing, trade-based money laundering, misuse of legal persons, non-profit organizations, lawyers and the gold sector to enhance the understanding of the different type of risks and strengthen cooperation among regulatory authorities.
A new rule took effect Jul 1, 2021 to classify cryptocurrency exchanges and other platforms that operate security token offerings as institutions governed by the Money Laundering Control Act (MLCA), according to Taiwan’s Financial Supervisory Commission (FSC).
In Jun 2020, Zimbabwe announced the immediate suspension of all mobile payments over suspected malpractice as an AML initiative, a flipside to mobile payments despite its convenience. Malpractice, criminality, and economic sabotage perpetrated by individuals fueling parallel market rates spurred the action.
In 2020, The Swiss Federal Council published a draft on the amendment of the Anti-Money Laundering Act (AMLA) that is expected to go into force in early 2021. The AMLA amendment was proposed as a result of the fourth FATF (Financial Action Task Force / Groupe d’action financière) country report of Switzerland. The FATF has, among other things, criticized the Swiss money laundering reporting system, which has so far been based on a dualistic approach (right to report / duty to report). The consultation draft is supposed to address this criticism and suggests abolishing the right to report.
Mar 19, 2021 − the Swiss Federal Council voted in favor of a reform of the anti-money laundering legislation. The amendment of the AMLA has been proposed against the background of the fourth FATF (Financial Action Task Force / Groupe d’action financière) country report of Switzerland. The FATF has, among other things, criticized the Swiss money laundering reporting system, which has so far been based on a dualistic approach (right to report / duty to report). The consultation draft is supposed to address this criticism and suggests abolishing the right to report.
New Zealand implemented the second phase of its AML and Countering Financing of Terrorism (AML/CFT) Amendment Act 2017. The law has been implemented in different phases for different sectors. Since Jan 2019, real estate agents, businesses trading in high-value goods, and sports and race betting industries have had to comply with the new rules.
A cybersecurity strategy was published in Jul 2019 to prioritize (2019 – 2023): cybersecurity aware and active citizens, a strong and capable cybersecurity workforce and ecosystem, an internationally active, resilient and responsive New Zealand, and a proactive approach to tackling cybercrime.
Japan’s Financial Service Agency released guidelines in Apr 2019 for AML and combating financial terrorism. The guidelines require actions and expected actions for each financial institution and explain how the FSA will conduct future monitoring.
Japan’s Financial Services Agency (FSA) is urging the country’s financial institutions to make more rigorous Customer Due Diligence (CDD) and KYC efforts. The FSA wants the nation and its banks to achieve more robust AML Compliance in advance of next year’s assessment by the Financial Action Task Force (FATF). FATF previously warned Japan about inadequacies in its AML compliance regulations and enforcement, and the FSA wants to prove that Japan has made progress.
Saudi Arabia’s NCA (National Cybersecurity Authority) has issued guidelines to help organizations in the Kingdom improve their information security practices based on ISO 27001 guidelines.
The Telecommunications Regulatory Authority (TRA) launched the UAE National Cybersecurity Strategy at a press conference held at TRA offices in Abu Dhabi and Dubai on Jun 2019. The new strategy aims to create safe and community member’s cyberinfrastructure in the UAE that enables citizens and residents to fulfill their aspirations and empowers businesses to thrive.
In Dec 2019, the Nigeria Information Technology Development Agency (NITDA) issued non-compliance notices to nearly 100 companies and organizations that had failed to comply with the Nigeria Data Protection Regulation (NDPR), which had extended its deadline until Oct 2019.
In Dec 2019, The Nigeria Information Technology Development Agency (NITDA) issued non-compliance notices to nearly 100 companies and organizations that failed to comply with the Nigeria Data Protection Regulation (NDPR), 2019.
Saudi Arabia’s NCA (National Cybersecurity Authority) issued guidelines to help organizations in the Kingdom improve their information security practices based on ISO 27001 guidelines.
The Telecommunications Regulatory Authority (TRA) launched the UAE National Cybersecurity Strategy in Jun 2019. The strategy aims to create safety within UAE community members’ cyberinfrastructure so citizens and residents can fulfill their aspirations and businesses can thrive.
A TRA director said a data protection law would be drafted for the UAE to support the TRA’s new national cybersecurity strategy for 2020-25.
In 2017, the New York State Department of Financial Services (NYDFS) launched GDPR-like cybersecurity regulations for its massive financial industry. Unusual at the state level, the regulations include strict requirements for breach reporting and limiting data retention. Like the GDPR, the New York regulation has rules for basic principles of data security, risk assessments, documentation of security policies, and designating a chief information security officer (CISO) to be responsible for the program.
The state of California’s SB-327 IoT bill was enacted into law in Jan 2020. It requires IoT product manufacturers to enforce security standards for internet-connected devices, including making them come with unique passwords or requiring users to create them during the setup process.
In late Mar 2020, Washington state became the first state to pass legislation allowing facial recognition to be used by state and local government agencies, with certain limitations. The law is designed to strike a balance between the civil rights issues associated with the use of facial recognition software and the perceived advancements in public safety that the technology could provide. The bill aims to regulate state and municipal government agencies’ use of facial recognition services by Jul 2021.
The California Consumer Privacy Act (CCPA) was approved in Jun 2019 and was enacted in Jan 2020. In Jul 2020, CCPA became enforceable by the California Attorney General. Under the statute, businesses have 30 days after being notified of non-compliance to address alleged violations. Businesses that fails to remedy the violation may be subject to an injunction and liable for a civil penalty of up to USD2,500 for each non-compliance error or USD7,500 for each intentional violation.
Over the past year, 17% of cybersecurity-related issues were the result of third-party system breaches, according to an Apr 2020 survey by the UK’s Financial Conduct Authority, which underscores the need for fool-proof counterparty risk mitigation policies.
Thailand’s cybersecurity act, published in May 2019 stipulated that any import, dissemination, or forwarding of data through a computer that may cause damage to the public shall be considered an offense.
Cambodian and Thai regulators launched an interoperable payment QR code in Mar 2020. Cambodian tourists who visit Thailand may now use their mobile banking app to pay in Cambodian riel when shopping at stores that display a Thai QR Payment sign. The same functionality will be extended to Thai tourists in Cambodia by the end of 2020.
In Nov 2019, Siam Commercial bank announced its partnership with Liquid Group to enable cross-border QR payments between Singapore and Thailand. In Dec 2019, Asia United Bank (AUB) announced a partnership with Liquid Group to enable cross-border QR payments between Singapore and the Philippines. And in Jun 2019, CIMB Niaga partnered with Liquid Group to support Bank Indonesia’s QR-code standardization trial (QRIS) for cross-border transactions.
Aug 16, 2020, Brazil's data protection law (Lei Geral de Proteção de Dados Pessoais, or "LGPD") became retroactively effective. Penalties did not begin until Aug 1, 2021. In addition, Brazil's president created a new data protection authority, the Autoridade Nacional de Proteção de Dados (ANPD).
Nov 2020, Canada introduced new federal privacy legislation bill that, if adopted, will create one of the strictest data protection regimes in the world, accompanied by some of the most severe financial penalties, rivalling the standards in Europe and California. As of Apr 2021, the bill is still in the public consultation phase and the implementation date is yet to be revealed.
South Africa’s Protection of Personal Information Act (POPIA) took effect on July 1, 2020 with a grace period of 12 months, denoting that enforcement will begin July 1, 2021. POPIA applies to any company or organization processing personal information in South Africa, who is domiciled in the country, or not domiciled but making use of automated or non-automated means of processing in the country. Fines for non-compliance with POPIA can range up to 10 million ZAR.
Adopted in Nov 2018, Serbia’s Personal Data Protection Law went into effect in Aug 2019 and was formulated to sync with GDPR as part of a wider process to harmonize Serbia with EU law.
Kenya is stepping up digital security for citizens. A new law outlines restrictions on data handling and sharing by the government and corporations. An independent office will investigate infringements of the new law with violators facing two-year prison sentences or fines of up to USD29,000
Under data protection law, Russian Federal Assembly penalties for violation of data localization rules have dramatically increased. The original penalty for handling Russian personal data was blocking a data operator’s website. However, since Dec 2019, administrative penalties for non-compliance by a data operator were boosted to fines from USD31,500 to USD94,200 for an initial violation, to about USD280,000 for repeat violations.
Also, sanctions for executives who violate companies’ data rules were introduced with penalties of USD1,560 to USD3,125 for an initial violation and between USD7,800 to USD12,500 for repeat violations.
Mexico’s Federal Law on Protection of Personal Data was introduced in Feb 2020 to amend the Federal Law on Protection of Personal Data held by Private Parties. The bill seeks to oblige data controllers to immediately notify the government (INAI institute) of any security or privacy breaches involving personal data.
Mar 29, 2020 − Mexican data protection authority launched a COVID-19 microsite dedicated specifically to provide useful information and guidelines to protect personal data and provide transparency during the pandemic. This microsite has been a useful tool for both data subjects and data controllers to handle personal data processed as a result of the COVID-19 pandemic.
Apr 2, 2020 − the INAI released a statement calling for the adoption of extreme precautions with regard to personal data of COVID-19 patients. Medical personnel handling such data must use strict administrative, physical and technical safeguards to avoid any loss, destruction of improper use
Indonesia National Standard QR code payment: Bank Indonesia (BI) launched its Quick Response Indonesia Standard (QRIS) code system in May 2019 to universalize cashless payments nationwide. QRIS, which physically manifests as a more complex QR pattern, allows users from one payment service to transfer funds to any rival service within BI’s ecosystem.
Thailand Cross border QR code payment: In Mar 2020, Cambodian and Thai regulators announced an interoperable payment QR code for use between Cambodia and Thailand. Cambodian tourists who visit Thailand may now use their mobile banking app to pay in Cambodian riel when shopping at stores that display a Thai QR Payment sign. The same functionality was expected to be extended to Thai tourists in Cambodia by Q3 2020.
In Nov 2019, Siam Commercial bank announced its partnership with Liquid Group to enable cross-border QR payments between Singapore and Thailand.
QR code initiatives by firms such as PayPal and Paytm: In Jan 2020, Paytm launched its latest all-in-one QR payment method, allowing merchants to make and accept payments through its wallet, UPI-based payment apps, and RuPay cards.
Similar to Paytm, PhonePe, Mobikwik, Razorpay, and Freecharge, others are encouraging QR-code based payments to capture transactions made by small and informal merchants, such as Kirana stores.
In May 2020, PayPal rolled out QR code payments in the UK, which brought the global total to nearly 30 markets that offered a touch-free way for businesses to receive payments and for consumers to make purchases during COVID-19.
In Mar 2020, HPS by Saudi Payments introduces a unified QR code platform to enable banks, wallet providers, and FinTechs to interact seamlessly within an interoperable platform.
In Feb 2020, RaPay launched its QR code-based merchant payment system, a new platform designed to reduce merchant settlement times associated with taking debit card payments.
In recent years, QR codes are being adopted by a growing number of players due to need for cashless payments stimulated by the pandemic. A new study from Juniper Research has found that the total number of QR code payment users will exceed 2.2 billion in 2025, equating to 29% of all mobile phone users across the world in 2025.
China - China is the major contributor in QR payments. Its relatively inexpensive form factor and ease of use has helped make QR codes popular in other parts of the world. Today, prominent QR code merchant payments deployments are evident around the globe.
South Africa − Apr2021: South Africa's Nedbank teamed up with Mastercard and local FinTech player Ukheshe to let customers pay small businesses via WhatsApp. Once registered, small and microbusinesses can use the service, called Money Message, to send a WhatsApp request-to-pay message to customers with a valid South African identity document and bank account.
Germany - May 2021: Munich airport introduced PayPal QR Code for contactless payment. Passengers can now pay touch-free in all Eurotrade stores and businesses at Munich Airport through the use of a contactless PayPal QR Code.
Thailand Cross border QR code payment: Mar 2020: Cambodian and Thai regulators announced the launch of an interoperable payment QR code for use between Cambodia and Thailand. Cambodian tourists who visit Thailand may now use their mobile banking app to pay in Cambodian riel when shopping at stores that display a Thai QR Payment sign. The same functionality is expected to be extended to Thai tourists in Cambodia by Q3 2020.
QR code initiatives by firms such as PayPal and Paytm: Jan 2020: Paytm launched its latest all-in-one QR payment method, which allows merchants to make and accept payments through its wallet, UPI-based payment apps, and RuPay cards.
Similar to Paytm, PhonePe, Mobikwik, Razorpay, and Freecharge, others are encouraging QR-code based payments to capture transactions made by small and informal merchants.
March 2020 − The Central Bank of Brazil launched national standard QR code to universalize cashless payments in the country. The new standard became mandatory in Sep 2020. The new rule is aimed to increase transparency for end-users, both payers and recipients, by improving access to information and, thus, creating a competitive environment in the Brazilian Payment System.
Thailand and Vietnam − The Bank of Thailand (BOT) and State Bank of Vietnam (SBV)has rolled out a cross-border interoperable QR code payment linkage between the two countries as per report published on Apr 2021. The first phase of the project will see Thai tourists able to make QR code payments with their mobile phones to pay for goods or services in Vietnam, and vice versa. Other banks want to join the project, including Vietcombank, along with Thailand-based Bank of Ayudhya, CIMB Thai Bank, Kasikornbank, Krung Thai Bank, and Siam Commercial Bank.
Oct 2020 − The Reserve Bank of India (RBI), announced that the Payment System Operators (PSOs) that use proprietary QR codes have to shift to one or more interoperable QR codes by March 31, 2022 and any new QR code introduced should be interoperable from the start.
Singapore − Singapore launched what it claims to be the world's first unified payments QR code, which will be adopted by 27 payment schemes on the island. PayNow, Nets, GrabPay, Liquid Pay and Singtel Dash are among the payment schemes onboard for the project, which will see merchants replace their existing QR codes replaced with SGQR labels. Shoppers can quickly check if their preferred QR option is on the label and then pick it, scan the code and make the payment.
Argentina −launched Transferencias 3.0 in late 2020 to allow any domestic business to charge for services and receive payment via QR code on a mobile phone.