Central banks across the world support digital currency regulations to guide cryptocurrencies and launch pilot programs.

South Korea’s central bank (BOK) launched a pilot program in April 2020 to test digital won, which will run through December 2021

People’s Bank of China is piloting a Central bank digital currency (CBDC). China’s four largest state-owned commercial banks have been developing and testing a wallet application to store, send, and receive Digital Currency Electronic Payment (DCEP).

In June 2020, the Italian Banks Association (ABI) began a pilot program for digital euro. Since 2019 an ABI working group has been researching digital and crypto-assets. ABI prioritized a digital currency framework that is fully compliant with EU regulations to win public trust and said banks are critical in upholding that trust.

Sweden’s e-krona testing brings it closer to the release of a CBDC. The pilot runs through February 2021.

In March 2020, the Central Bank of France announced an experimental program to test the integration of a CBDC for interbank settlements, inviting participant applications

Across the world, regulators are backing the FinTech ecosystem as the path to payments enhancement. In April 2020, the European Commission began preparation for a digital finance strategy/FinTech action plan to outline public policy through 2025.

In April 2020, Japan’s Fair Trade Commission legislated that practices by banks that cause undue disadvantages to FinTech companies could amount to an abuse of their dominant positions in violation of the antimonopoly law.

The Saudi Arabian Monetary Authority (SAMA) launched a regulatory sandbox environment for financial institutions and FinTechs in Feb 2020 and, in Apr 2020, permitted nine more FinTechs to operate in the sandbox, raising the total to 30.

EU banks RBS and Société Générale embraced a trial of fingerprint embedded payment cards to provide customers with better payment security

In Jan 2020, the Reserve Bank of India issued new debit and credit card rules that allow only domestic card transactions at ATMs and PoS terminals in India. For international transactions, online and contactless transactions, customers must now separately set up card services. Also, cardholders now have the option to switch their card on or off and set their limit.

As part of the UK’s new Financial Conduct Authority (FCA) rules, credit card providers – including UK banks such as Barclays, Lloyds, and Royal Bank of Scotland – must identify customers in persistent debt for at least 18 months. Customers who fail to respond or cannot afford higher payments risked having their credit cards suspended.

3-D secure initiative is an anti-fraud messaging protocol that allows consumers to authenticate themselves with the issuer of their payment card at the time of non-contact transactions (CNP). It helps to prevent unauthorized transactions in e-commerce environments and, in turn, protects against fraudulent trading.

In Malaysia, the MyDebit Corporate Card initiative went into effect in Apr 2020 to reduce the use of checks and cash payments. It enables corporations and entrepreneurs to make payments at government agency offices without a check or cash.

Denmark proposed to withdraw 1000 and 500 krone notes as a first step to achieving a cashless society by 2025.

In Jul 2019, Australia proposed a cap of AUD10,000 (USD7,500) on cash payments for goods or services. Indonesia set an ambitious target to achieve USD130 billion in e-commerce transactions by 2020.

Vietnam declared its goal to cut urban household cash transactions in half by 2020. However, the existing e-wallet regulation created by the State Bank of Vietnam is crippling non-cash adoption. The regulation stipulates that digital wallet accounts must link to a bank account held by the same person. So, if a consumer doesn’t have a bank account in Vietnam, he can’t get an e-wallet.

Mexico plans to launch initiatives to bolster cashless payment systems within cash-intensive tourist zones. As part of an effort to boost financial inclusion, Banco de México is already building CoDi, a system to enable all Mexicans to make online and in-person payments with their mobile phones. Amazon is in talks with the bank to adopt the same.

In Feb 2020, The Saudi Arabia Monetary Authority (SAMA) approved Halalah and BayanPay to launch full e-wallet services, as part of the Kingdom’s attempts to reduce the use of physical cash.

South Korea and Singapore plan to reduce cash use by supporting digital payments. In China, super app WeChat derives about half its revenue from digital payments. After COVID-19, some central banks quarantined physical bills, and some went so far as to burn banknotes. The World Health Organization recommended contactless payments to reduce cash handling and the potential spread of infection.

Dubai − The government is pushing cashless transactions via a Cashless Dubai Working Group to prepare an action plan. The Working Group launched the Dubai Cashless Framework Report to promote the use of smart payment platforms for all transactions to phase out physical cash.

Sweden is on track to become the first cashless nation in the world, with an economy that goes 100 percent digital. As of Dec 2020, about 80% of Swedes used cards with 58% of payments being made by card and only 6% made in cash, according to the Swedish Central Bank. Government’s is aiming to transition Sweden into a cash-free society, partially by Mar 2023 and entirely by 2030.

Vietnam - A pilot program for mobile money a government initiative toward a cashless society and financial inclusion was launched Mar 9, 2021 The directive was passed to allow a pilot mobile money service (MMS), under which telecommunication accounts can be used to make payment for small value transactions. The pilot program will run for two years from the first enterprise being approved to pilot the MMS.

Africa − Apr 3, 2020, the West African Economic and Monetary Union (WAEMU) and the Central Bank of West African States (BCEAO) approved free nationwide transfers of electronic money between people for amounts less than or equal to 5,000 CFA francs, 50% reduction, by banks, of commissions paid by merchants on merchant payments, relaxation of the conditions for opening electronic money accounts, etc., aimed at reducing the circulation of cash.

EU – As a part of its new anti-money laundering measure, in Jul 2021, the European Commission proposed a EU-wide upper limit of EUR10,000 on large cash payments for companies and individuals. Implementation date is yet to be revealed

In the United States, the Law on Bank Charters for FinTechs was updated in Oct 2019, when a federal district court in New York ruled that the US Office of the Comptroller of the Currency (OCC) is not authorized to grant national charters to FinTech companies. In August 2018, the OCC said it would start accepting applications for the charter to enable FinTech firms to operate across the country without complying with state-by-state rules and was supposed to help FinTechs in the US get into banking.

For the time being, it looks like partnering with banks will continue to be the easiest route for FinTechs to enter the banking space. The US OCC granted San Francisco mobile-only FinTech Varo preliminary approval for a national bank charter in May 2020. The charter will allow Varo to grant loans in all 50 states and more freely view customer account data because a third party will no longer hold it. Another San Francisco FinTech, SoFi (a personal finance startup), also filed for a national bank charter with the OCC in July 2020. Already licensed in Europe, German digital bank N26 partnered with already-licensed Axos Bank (previously known as BofI Federal Bank), so it could launch in the United States.

After the European Central Bank reviewed input about granting banking licenses to FinTech firms, UK-based Revolut was granted a license. The Australia Payments Regulatory Authority (APRA) granted unrestricted licenses to FinTechs VOLT, 86400, and Judo. The startups will have to fulfill the same regulatory capital requirements as other authorized deposit-taking institutions (ADIs).

The Asia-Pacific Economic Cooperation (APEC) that consists of more than 20 member nations, including the United States, Canada, China, Japan, and Australia has developed several data protection initiatives. On Mar 9, 2020, the APEC Cross-Border Privacy Rules (CBPR) system Joint Oversight Panel approved the Philippines’ application to join the APEC CBPR system. The APEC Cross-Border Privacy Rules System (CBPR) provides standard data privacy policies that businesses can use to comply with the APEC privacy framework. The system facilitated cross-border data flows by providing a voluntary framework to ensure certainty and minimum privacy protections.

After the introduction of GDPR in Europe, mandatory data breach notification laws were introduced in several countries, including Australia, the Philippines, New Zealand, and Singapore. The current state of data protection in Latin America only refers to overall legislation in Argentina, Colombia, Chile, Mexico, Peru, and Uruguay. Other countries, such as Brazil, have enacted legislation that only covers particular protection areas. Venezuela has no specific data protection legislation but has some protections for privacy under its federal constitution interpreted to apply to data protection. Paraguay, so far, does not appear to be interested in passing GDPR compliance legislation.

India’s data protection bill, which was on the verge of passing in 2020, and Serbia’s data protection law that began in Aug 2019 seek to protect the privacy of personal data, regulate the processing of sensitive and critical personal data, and establish countrywide data protection.

The Reserve Bank of India is working on a regulatory sandbox for financial technology and setting up data science labs to keep pace with innovation in the digital lending space. It has set up an inter-regulatory working group to study regulatory issues relating to FinTech and digital banking in India.

In May 2018, the central bank of Indonesia capped foreign ownership by e-money providers at 49%, which may explain its suspension of e-wallets TokoCash and GrabPay, a mobile wallet originally used by Singapore-based Grab, since they submitted license applications in late 2018.

The Monetary Authority of Singapore will impose restrictions on FinTech firms to safeguard the funds held by mobile wallet operators in the country. To level the playing field, the ring-fencing mechanism will guarantee that funds allocated for a particular purpose cannot be spent on anything else such as lending.

Japan overhauled the Financial Services Agency (FSA) to deal more effectively with FinTech-related fields, including cryptocurrencies. Changes were made to various bureaus to make the organization more suited to address new problems and challenges in the financial sector. The Strategy Development and Management Bureau, which replaced the Inspection Bureau, will reportedly develop a financial strategy policy and handle issues addressing the digital currencies market, FinTech, and money laundering.

Cambodia is fostering FinTech collaboration. The Cambodia FinTech Association, located in the Cambodian capital’s Daun Penh district, will initially include banks, digital payment companies, and financial operators.

Saudi Arabia’s banking regulator is designing a sandbox regulatory environment in line with its economic transformation. The move is similar to initiatives by other regulators in the Arabian Gulf and will help the Saudi Arabian Monetary Authority understand and assess the impact of new technologies on the financial services market.

More than 60 companies from 12 countries formed a Pan-Asian FinTech Cooperation Committee (FCC) to spur the adoption of FinTech in the region. The FCC aims to bring banks, FinTechs, and policymakers together to explore common ground across frontiers and promote the region’s burgeoning FinTech ecosystem.

The Federal Reserve Bank of New York set up a FinTech advisory group that first met in Apr 2019. The group will share views and perspectives on emerging FinTech issues, and the application and market impact of new technologies.

Mexico − Q4-2020: Mexico’s National Baking and Stock Commission (CNBV) introduced regulation for companies operating with the FinTech-as-a-Service business model. Accordingly, only regulated financial institutions, such as commercial banks and FinTechs that are either authorized or in the authorization process may represent themselves as financial services provider to the public. Certain experts interpret the rule to deny legal status to third-party operators that use FinTech platforms or APIs to provide financial services independently.

Australia − Sept 1, 2020: The Government introduced the enhanced regulatory sandbox (ERS). The sandbox allows natural persons and businesses to test certain innovative financial services or credit activities without first obtaining an Australian financial services (AFS) licence or Australian credit licence (credit licence). The enhanced regulatory sandbox allows testing of a broader range of financial services and credit activities for a longer duration (up to 24 months).

China - A number of the consumer loan FinTech players put up only 1% of the loan amount, whilst collecting substantial loan referral fees from the bank lenders who make most of the loan amounts available. Hence the regulatory changes for homegrown FinTechs was proposed by the China Banking and Insurance Regulatory Commission include tighter rules on loan issuing. This may result in online micro-lending companies establishing or maintaining partnerships with banks to sustain their businesses because of the capital requirements of the new regulations.

Saudi Arabia – More than 60 companies from 12 countries formed a Pan-Asian FinTech Cooperation Committee (FCC) to spur the adoption of FinTech in the region. The FCC aims to bring banks, FinTechs, and policymakers together to explore common ground across frontiers and promote the region’s burgeoning FinTech ecosystem.

UK - A new FCA ‘scale box’ and Centre for Finance, Innovation and Technology (“CFIT”) would be launched - ‘scale box’ is a permanent digital sandbox pilot which supports partnerships between incumbent financial services firms and FinTechs / RegTechs to provide support for growing regulated firms.

A new Central Bank Digital Currency (“CBDC”) taskforce would be set up and the implementation of a new sandbox and “omnibus” account - The Taskforce will have the following four functions: (1)Coordinate exploration of the objectives, use cases, opportunities and risks of a potential UK CBDC, (2) Guide evaluation of the design features a CBDC must display to achieve the Taskforce’s goals, (3) Support a rigorous, coherent and comprehensive assessment of the overall case for a UK CBDC, (4) Monitor international CBDC developments to ensure the UK Remains at the forefront of global innovation

ISO 20022 is now the global standard for payments messaging and creates a common language and model for payment data worldwide. In June 2020, Payments Canada announced the availability of ISO 20022 messages for Lynx, the country’s new high-value payments system. ISO 20022 messages for cross-border payments will start in late 2022 instead of Nov 2021 as initially planned by SWIFT.

ISO 20022 messages for cross-border payments and cash reporting businesses will start from end 2022 instead of November 2021 as originally planned by SWIFT. The migration will cover cross-border payments of correspondent banks as well as other users of these messages in securities markets. Timeline for Wave 2 implementation of ISO20022 messaging for Corporate Actions and Billing Processes deadline be Nov 2025.

China - China leads the way in adoption of ISO 20022 for payments- People’s Bank of China (PBOC) published its ISO 20022 migration plan as long ago as 2011.China’s Cross-border Interbank Payments System (CIPS) also uses ISO 20022. CIPS launched in 2015 as a worldwide interbank payment system to encourage the use of the Renminbi, reducing costs and processing times. Later cut-off times have extended CIPS’ operating hours for payments, which makes it easier for participants in Europe to execute same-day payments. Over 800 banks from about 90 countries participate in CIPS, either as direct or indirect participants.

Europe - During March 2020 meeting the Swift Board and  European Central Bank Executive endorsed a decision to shift their ISO 20022 migration date for cross-border payments from November 2021 to end 2022. Currently the move to ISO20022 is gathering pace, and although SWIFT has extended the timeline for the ISO 20022 start point by one year to November 2022, the end date to enable full ISO 20022 for cross-border payments remains as originally planned, Nov 2025.

Mar 2021 − In the United States, the Federal Reserve announced its ISO20022 message specifications for the FedNowSM Service. FedNow Service facilitates nationwide reach of instant payment services by financial institutions – regardless of size or geographic location – in near real time, around the clock, every day of the year. It is expected to become operational in 2023.

Jun 2020, Payments Canada announced the availability of ISO 20022 messages for Lynx, the country's new high-value payments system. It will be a real-time gross settlement system, including an enhanced risk model that complies with Canadian and international risk standards and will be enabled with the global ISO 20022 messaging standard. Lynx, Canada's new high-value payment system went live on Sept 2021 replacing the Large Value Transfer System (LVTS), which has served as Canada's high-value payment system for over 20 years.

Peru - Peru is working to link banks, FinTechs and mobile wallet providers into an interoperable hub for instant payments using real-time technology provided by MasterCard. With a launch set for early 2022, Peru will be the second Latin American country after Brazil to introduce an ISO 20022-based instant payments scheme.

Since the 2017 launch of SWIFT, adoption has been steady, including the world’s 60 biggest banks and several other financial institutions. By Nov 22, 2020, every eligible financial institution on SWIFT will be required to confirm all incoming MT 103 payment instructions. FIs will be measured on whether or not they confirm at least 80% of their payments within two business days (including those transferred outside of SWIFT). Institutions that fail to meet the criteria by the end of Nov 2020 may lose access to some features of the Basic Tracker.

In Sep 2019, SWIFT launched a service to deliver global instant payments by integrating global payments innovation (gpi), the cross-border payments service with real-time service levels, into domestic instant payments systems worldwide. SWIFT, together with gpi banks, will facilitate instant international payments with upfront fee and foreign exchange transparency for senders, while also ensuring the ubiquitous availability of instant cross-border payments globally.

SWIFT’s global payment initiative (gpi) for cross-border payments became mandatory on Nov 2020 based on the timeline set. The Central Bank of the UAE (CBUAE) announced that it has been working with SWIFT on an initiative to further enhance the speed and transparency of cross-border payments in May 2021

In Dec 2020, Lloyds Bank in the UK became the first bank to switch on Swift gpi Instant, a new service from the Brussels-based interbank co-operative that enables consumers and businesses to send tracked payments in seconds across borders.

TARGET2, a Real Time Gross Settlement (RTGS) funds transfer system, owned and operated by Euro system, is the second generation of TARGET. It enables real-time payments to flow safely and efficiently across Europe in Euro. TARGET2 settles payments related to the Euro system’s monetary policy operations, bank to bank, and commercial transactions without any value limit. Central banks and commercial banks can submit payment orders in euro to TARGET2, where they are processed and settled in central bank money. Deadline for migration to TARGET 2 – Nov 2021

Thanks to TIPS, individuals and firms can transfer money between each other within seconds, irrespective of the opening hours of their local bank. TIPS was developed as an extension of TARGET2 and settles payments in central bank money. TIPS currently only settles payment transfers in euro. However, if demand dictates, other currencies could also be supported.

The Netherlands rolled out instant payments in 2019, and henceforth, all business and private customers of seven Dutch banks (ABN AMRO, ING, Rabobank, de Volksbank ‒ ASN Bank, RegioBank, SNS ‒ and Knab) can quickly transfer payments via mobile and online banking.

In Jun 2019, Nets and Giro launched an instant payment platform for Hungarian banks to test services, and in Mar 2020, GIRO had commercialized a new instant payments platform based on the well-established platform – RealTime24/7. The commercial launch included all Hungarian banks, delivering a massive volume of more than a million successful transactions in the first three days.

In Feb 2019, Bankart, which is a Slovenian firm in the field of processing and modern payments instruments, went live with Nets’ RealTime24/7, enabling transactions between Slovenian banks to be cleared in less than a second.

Europe - TARGET2, a Real Time Gross Settlement (RTGS) funds transfer system, owned and operated by Euro system, is the second generation of TARGET. Deadline for migration to TARGET 2 – Nov 2021

Thanks to TIPS, individuals and firms can transfer money between each other within seconds, irrespective of the opening hours of their local bank. TIPS was developed as an extension of TARGET2 and settles payments in central bank money. TIPS currently only settles payment transfers in euro. However, if demand dictates, other currencies could also be supported.

Saudi Arabia- On April 2021, Saudi Payments, under the supervision of the Saudi Central Bank (SAMA) announced the launch of Saudi Arabia's instant payments system 'sarie' in cooperation with IBM and Mastercard. The introduction of 'sarie' is in line with Saudi Arabia's Financial Sector Development Program (FSDP) under Saudi Vision 2030, which targets achieving 70% non-cash transactions by 2030. 'sarie' allows bank customers to send and receive money in real-time using a wider range of services and transfer options. Customers of local banks can make instant transactions of up to SAR 20,000 (USD 5,300) through the system. Further, "sarie" users can benefit from the quick transfer service to send up to SAR 2,500 (USD 660) using aliases, such as mobile number, email address, ID number, or IBAN number.

Aug 2020 − In the US, the Board of Governors of the Fed announced details of its phased approach to implementing the FedNow Service, a real-time gross settlement (RTGS) payment system with integrated clearing. It will offer instant (24x7x365) payment processing for every bank in the United States. The initial launch target date is 2023 or 2024.The initial launch will provide baseline functionality and help banks manage the transition to a 24x7x365 service.

Mar 2021 − Payments Canada selects Interac Corp., real-time rail exchange services, to serve as the exchange solution provider for the country’s Real-Time Rail (RTR). Expected to be introduced next year, the RTR will be operated by Payments Canada and regulated by the Bank of Canada, enabling Canadians to send and receive funds in seconds, anytime and any day throughout the year.

APAC - As of Apr 2021, The Monetary Authority of Singapore (MAS) and the Bank of Thailand (BOT) initiates the linkage of Singapore’s PayNow and Thailand’s PromptPay real-time retail payment systems. The first of its kind globally, the linkage is the culmination of several years of extensive collaboration between MAS and BOT, both countries’ payment system operators, bankers’ associations, and participating banks.

Customers of participating banks in Singapore and Thailand will be able to transfer funds of up to S$1,000 or THB25,000 daily across the two countries, using just a mobile number.

The European Central Bank (ECB) has updated its approach to regulation, and intraday is now firmly part of its liquidity regime. The new Internal Liquidity Adequacy Assessment Processes (ILAAP) procedure, which was implemented in Jan 2019, has been released by the ECB in Nov 2018.

The regulation aims to ensure banks can meet their payment obligations and determine at regular intervals their liquidity position.

As part of the same, banks and FIs that have to abide by the stipulated liquidity norms should conduct a Statutory Review and Evaluation Process(SREP) and submit the findings of their respective ILAAP assessment to the ECB.

The Reserve Bank of India has eased liquidity norms for shadow banks that act as non-banking financial companies. Banks are now permitted to reckon government securities held by them up to an amount equal to their incremental outstanding credit to NBFCs and Housing Finance Companies (HFCs).

The US Federal Reserve Board announced temporary action in April 2020 to increase intraday credit on both a collateralized and uncollateralized basis to support households and businesses during COVID-19.

The global mobile wallet market accounted for more than USD880 billion in 2017 and is expected to reach more than USD9,352 billion by 2026, for a 30% CAGR.

In India, mobile wallet operators such as PhonePe, Paytm, and Amazon Pay worked to upgrade users’ non-compliant accounts to full KYC by the Feb 2020 deadline. RBI gave them the option to convert their minimum KYC accounts to low KYC pre-paid instruments, or PPI accounts.

The low KYC PPI account will have a monthly transaction limit of Rs 10,000, and this move likely helps 200 million non-compliant KYC mobile wallet users, many of whom authenticated via Aadhaar.

In Europe, mobile wallets ‒ Bluecode, ePassi, momo pocket, Pagaqui, Pivo, Vipps ‒ joined with Alipay to offer QR code-based payments to local merchants in 10 European countries where these apps are accepted. ePassi is preparing to roll out the QR code format for users across several Nordic countries, while the Spanish payment company MOMO, Portugal’s Pagaqui, and Austria’s Bluecode intend to extend the collaboration in their home markets.

In Feb 2020, The Saudi Arabia Monetary Authority (SAMA) approved Halalah and BayanPay to launch full e-wallet services, as part of the country’s attempts to promote a cut in the use of physical cash.

Worldpay from FIS 2020 Global Payments Report predicts Digital wallets to account for 52% of global e-commerce sales by 2023.

Tokenization makes mobile wallet payments more straightforward, safer, and more secure. Tokenization supports Apple Pay, Android Pay, and Samsung Pay, as well as several payment services offered by OEMs and banks.

In India, PayTm operates 300 million wallets, making it the largest mobile payment service platform in the country. In Kenya, M-Pesa allows people to transfer cash using their phones and is used by 67% of adults to contribute to a quarter of the country’s GNP flow.

Mobile payments in China have reached over $41 trillion (277 trillion yuan) annually. More than 92% of the mobile payments are made over the two dominant platforms: Alipay (53%) and WeChat Pay (39%)

The Global Mobile Wallet Market was valued at $1,043.1 billion in 2019, and is projected to reach $7,580.1 billion by 2027, growing at a CAGR of 28.2% from 2020 to 2027. The growth of mobile wallet market is expected to grow significantly during Covid-19 pandemic as the consumers are now preferring mobile wallets such as Paytm and Google Pay for making financial transactions to avoid physical contact with individuals to prevent transmission of corona virus.

Europe - Europe is expected to witness the transaction value surging by 28.3% to $1.17 trillion. The noticeable upward trend is expected to continue in the following years, with the entire industry reaching $1.95 trillion value 2025.

India - According to Reserve Bank of India (RBI), in April 2020, transactions made using mobile wallet across the India was doubled to 87.0 million compared to Mar 2020.

Saudi Arabia - Feb 2020: The Saudi Arabia Monetary Authority (SAMA) approved Halalah and BayanPay to launch full e-wallet services, as part of the country’s attempts to promote a cut in the use of physical cash. Early 2020, SAMA issued licences to STC wallet brand STC Pay and financial technology provider Geidea.

Worldpay from FIS 2020 Global Payments Report predicts Digital wallets to account for 52% of global e-commerce sales by 2023.

Visa is aggressively promoting contactless cards across the globe, specifically in the United States and India. In India, Visa has issued nearly 20 million contactless cards with about 1 million terminals that can accept such cards. Visa contactless payment cards have an embedded antenna and microchip, enabling contactless communication with a card reader at checkout. Cardholders can simply tap or wave the card over a secure reader. Then, the transaction is processed through Visa’s global, secure network, VisaNet, which processes all Visa transactions. In the United States, the shift to contactless cards has started to gather pace with JP Morgan, the biggest credit card issuer, is driving the roll-out of contactless technology on its payments cards to further accelerate the transition. It is estimated that the switch to contactless could boost annual card payment volume by USD78.4 billion by 2021.

The use of biometrics in payments is on the rise because of the desire for convenience, frictionless authentication while paying in all channels, and security. It is estimated that there will be over 2.6 billion biometric payment users by 2023. Slower rates of adoption are expected for local mobile biometric payments in North America, Europe, Africa, ME, and LATAM with the highest rates of adoption expected in China, India, and the rest of APAC. Mastercard, in association with Bank Intesa Sanpaolo, has launched Gemalto’s fingerprint-based authentication cards in late 2018. The rise of new architectures such as system-on-chip (SOC) is expected to give further impetus to the adoption of biometrics.

Tokenization solutions rather than the use of individual tokens are being embraced for enhanced security. Implementation of cloud-deployed tokenization solutions is on the rise. The tokenization market size is expected to grow from USD983 million in 2018 to USD2670 million by 2023, at a CAGR of more than 22%.

It is estimated that by 2021 there will be 27.7 million mPOS devices in circulation. The convenience of making payments anywhere and anytime is the biggest driver for the growth of mPOS volumes. The adoption of AI in payments is increasing due to multiple uses in security, authentication, process efficiency, and transaction processing.

In Oct 2019, American Express, Discover, MasterCard, and Visa launched faster, more secure online checkout based on the new Secure Remote Commerce (SRC) industry standard, to establish a simplified way for card payments to be made across web and mobile sites, mobile apps and connected devices.

In Jul 2020, American Express, Discover, Mastercard, and Visa announced they were each preparing for global expansion of the Click to Pay online checkout – based on the industry-standard EMV Secure Remote Commerce. Geographies are to include Australia, Brazil, Canada, Hong Kong, Ireland, Kuwait, Malaysia, Mexico, New Zealand, Qatar, Saudi Arabia, Singapore, United Arab Emirates, and the United Kingdom, with others to follow.

Following an inter-ministerial panel’s proposal on an independent payment systems regulator, the Reserve Bank of India has submitted a dissent note citing that there is no case for having a separate payments regulator outside the central bank. The proposal for an independent Payments Regulatory Board (PRB) to foster competition, consumer protection, systemic stability, and resilience in the payments sector, according to the draft Payment and Settlement System Bill, 2018.

The New Payment System Operator (NPSO) released initial details of the new procurement process for the clearing and settlement layer part of the New Payments Architecture (NPA). The NPA is a conceptual model for payments in the UK, to cover the processing of £6.7 trillion of Bankers' Automated Clearing System (Bacs), faster payments, and to potentially check payments every year, from 2021. It aims to simplify rules, standards, and processes that banks and others follow to use the systems.

Singapore’s New Payment Services Act was passed into law by the Monetary Authority of Singapore (MAS) in early 2019. The Payment Services Bill that proposes to consolidate and replace The Money-Changing and Remittance Business Act and the Payments Systems (Oversight) Act. The bill will expand the scope of regulated activities beyond stored value facilities (SVF), remittance, and money changing services to include payment account issuance, domestic money transfer, and merchant acquisition services

B2B cross-border payments is a growing segment ripe for disruption. Visa connected with several banks in Nov 2018 to begin testing VisaB2B Connect, a platform that can help banks provide cross-border payments more efficiently. Due to the traction in the cross-border payments segment, Mastercard and Visa vied for the acquisition of Earthport, which was purchased ultimately, by Mastercard.

Although adoption is somewhat nascent, blockchain has promising potential for cross-border payments use. Also, SWIFT plans to expand its blockchain integration, and this trend may grow as banks look more closely at the capabilities of blockchain.

As part of ASEAN 2025, member states engage in the modernization and integration of their financial infrastructures to lead, ultimately, to a pan-regional real-time payment ecosystem. Malaysia’s CIMB and RippleNet have collaborated to improve consumer access to cross-border remittances, both inbound into ASEAN and outbound to other countries.

Brazil, Russia, India, China, and South Africa are creating a single payment system, BRICS Pay, as part of the drive to establish a common system for retail payments and transactions between the five BRICS nations. These countries plan to introduce a cloud platform to connect their national payment systems. An online wallet will be developed with access to these payment systems, as well as a mobile app similar to Apple Pay that can be installed on smartphones for purchases in any of the five BRICS countries, regardless of which currency the payment and the money in the account of the buyer are denominated in. The BRICS Pay contactless payment system will not duplicate the national payment systems; but will act as a service for linking the credit or debit cards of the citizens of the five BRICS countries to online wallets, which will offer them the ability to pay using a smartphone.

FinTech companies such as Adyen, Airwallex, with technology in hand, have built cross border financial infrastructure and applications that inspire global opportunities and help customers scale their business in every corner of the globe. These applications provide simple and fair transparent pricing ‒ No monthly fees, no card fees, just a small margin on top of our interbank FX rates.

The Danske Bank, DNB, Handelsbanken, Nordea, OP Financial Group, SEB, and Swedbank are considering domestic and cross-border payments in multiple currencies. The system builds on the smartphone payment applications that Nordic banks have already created, such as Swish in Sweden, Norway’s Vipps, and MobilePay in Denmark. It was named P27 to connect 27 million people in the Nordics.

BRICS countries are aiming a for a single payment system, BRICS Pay, that would encourage payments in local currencies and pin down sustainable investment among the five countries. The BRICS Pay contactless payment system will not duplicate the national payment systems; but will act as a service for linking the credit or debit cards of the citizens of the five BRICS countries to online wallets, which will offer them the ability to pay using a smartphone.

Russia is also suggesting on facilitate settlements through a single BRICS cryptocurrency.

The Danske Bank, DNB, Handelsbanken, Nordea, OP Financial Group, SEB and Swedbank introduced P27 payments in 2019. P27 will see the banks create a single payments platform and allow instant cross-border payments within the region, in a bid to uplift local business. It’s predicted by the company’s owners that P27 will become financially viable by 2021.

In May 2020, the Central Bank of Brazil announced open banking regulations. The implementations should take effect from Nov 2020 in four phases and be fully operational by Oct 2021. The Central Bank of Brazil reinforces that all authorized financial institutions will participate in the open banking system. In addition, the participation of the largest banks in Brazil is mandatory.

In Dec 2019, South Korea formally launched an open banking service to increase convenience and lower transaction costs for bank customers. The new system enables bank customers to access nearly all banking services offered by any bank through a single smartphone application, including withdrawals and transfers, according to the Financial Services Commission.

Australia’s Australian Competition and Consumer Commission ACC opted for a phased implementation of open banking that was to begin in Jul 2020.

Australia’s big four banks – ANZ, NAB, Westpac, and Commonwealth Bank – have taken open banking first steps. Updated timelines: Major banks began to share PRD for credit and debit cards, deposit accounts, transaction accounts, mortgage, and personal loan accounts in Feb 2020, and non-major banks started in Jul 2020.

Beginning in Jul 2020, customers of Australia's four major banks can direct their bank to disclose their banking data from a range of personal accounts to accredited data recipients. Major banks will be required to share consumer data relating to mortgage and personal loan accounts beginning in Nov 2020. Major banks will be obliged to share certain more complex data sets, including joint accounts, closed accounts, direct debits, and scheduled payments from Nov 1, 2020.

Feb 2021- Brazil: The Central Bank of Brazil initiated its phase 1 implementation from Feb 2021. The Central Bank of Brazil reinforces that all authorized financial institutions will participate in the open banking system. In addition, the participation of the largest banks in Brazil is mandatory. The Central Bank of Brazil and the National Monetary Council (CMN) postpones full implementation of open banking from Aug 2022 to Sep 2022 in order to test implementations and seek certifications.

Jul 2020 - Australia: Open banking was introduced in phases. As phase-1, consumer data relating to credit and debit cards, deposit accounts and transaction accounts was shared by non-major authorized deposit-taking institutions(ADI) in Jul 1, 2020. Consumer data relating to mortgage and personal loan data was shared by non-major ADIs on Nov 1, 2020 as phase 2. Banks other than the Big Four – CommBank, NAB, Westpac and ANZ – had until Jul 1, 2021 to provide access to open banking data.  Finally, phase 3 will come into play in Feb 2022. This includes investment loans, asset finance and retirement savings accounts. Open banking is expected to be fully implemented by Nov 1, 2022.

Jan 2021 − Saudi Arabia: SAMA, the Kingdom’s Central Bank, said it would launch an open banking regulatory framework during the first half of 2022. Besides innovation and financial inclusion, open banking is set to increase competition and reduce barriers to entry for financial technology startups and encourages greater efficiency in the Saudi banking system.

Feb 2021 − Nigeria: The Central Bank of Nigeria issued the regulatory framework for open banking, establishing principles for data sharing across the banking and payment ecosystem. The framework, which addresses issues including data and API access requirements, principles for APIs, data, technical design, and information security specifications, is aimed at promoting innovation, broadening the range of financial services and products, and deepening financial inclusion.

May 2021 – Hong Kong: The Hong Kong Monetary Authority (HKMA) announced Phases III (Account information) and IV (Transactions) of its Open API Framework, following the implementation of Phases I and II of the Open API Framework in January and October 2019 respectively. The initial batch of API functions are expected to be implemented progressively by the 28 participating banks starting from December 2021.

Jan 2021 − South Korea: Announced open banking service in Dec 2019 and in Jan 2021 unveiled its plan to promote financial innovation by advancing open banking development and adoption. Based on which FSC will begin allowing savings banks and credit card companies to provide open banking services in the first half of 2021, which will be followed by financial investment businesses. Moving forward, the government said it will also work to allow more account types to be eligible to sign up for open banking and to connect open banking with other digital finance infrastructures such as government-led MyData and MyPayment. The end goal here is to allow for the development of a one-stop platform offering analysis, advise and account transfer services all from the same place.

Oct 2020 − Bahrain: The Central Bank of Bahrain launched an Open Banking Framework that includes detailed operational guidelines, security standards and guidelines, customer experience guidelines, technical open API specifications and the overall governance framework needed to protect customer data.

Jun 2020 − Mexico: The National Banking and Securities Commission published the first set of regulations regarding open banking in the country. By Jun 2021, over 2,200 financial entities in Mexico had implemented APIs to exchange open data with third parties.

In Jul 2018, Malta became a Distributed Ledger Technology regulation pioneer by dismissing the ambiguity that blockchain companies had been coping with previously.

France, Italy, Portugal, Spain, Greece, and Cyprus signed a joint declaration of the cooperation in Dec 2018, saying DLT is a valuable emerging technology ‒ along with 5G and AI ‒ that could transform the countries’ economies. Signees also said governments should promote emerging technologies.

With DLT’s capability to achieve transparency and decentralization, it is applied in clearing and settlements, supply chain financing, digital identity, KYC, etc. to ensure unified payment process effectiveness.

In Nov 2019, Cyprus issued a procurement announcement requesting interest from the private sector to participate in the possible implementation of potential use cases on DLT and more blockchain-related services in public and private sectors.

Estonia is planning to introduce a cryptocurrency with the working name estcoin, according to a blog post by the head of the country’s advanced e-residency digital initiative. However, estcoin would not become the official national digital currency, since Estonia is part of the EU and uses the euro as its currency. Instead, the country is considering several variants of estcoin, which might be used to verify identity in blockchain-based transactions, or as a payment method that is exchangeable with euros.
In 2018, Malta became the first country to enact crypto regulations. The regulation does not consider cryptos as a legal tender and recognized by the government only as a medium of exchange, a unit of account, or a store of value.
In Dec 2019, Ukraine passed a money laundering law with a crypto policy based on Financial Action Task Force (FATF) guidelines. A final version of the Ukraine law covers virtual assets and virtual asset service providers.
In Jun 2019, the FATF adopted new rules on crypto assets and published an updated Guidance on Virtual Assets and Virtual Asset Service. Under these new measures, crypto service providers will be required to implement the same requirements as traditional financial institutions. If a country fails to abide by the financial regulation or falls short, it could be added to a FATF blacklist that restricts access to the global financial system.

As of 2018, the global P2P lending market was worth an estimated $15 billion and is expected to grow nearly 3x by 2024, jumping to $44 billion as more countries, such as Thailand, introduce legislation that regulates and promotes the funding model. In 2019, Thailand introduced an updated framework for debt crowd-based funding. Singapore’s MAS has managed to provide a healthy regulatory framework for the P2P lending industry. Vietnam has a growing P2P lending market in similar lines to that of China and thus needs regulation.

The EU has formulated a draft crowdfunding regulation in 2018 that provides an opt-in framework for operators to choose between compliance with national law or an EU authorization label conferred and supervised by the European Securities and Markets Authority (ESMA).

BPO is an irrevocable document given from a buyer’s bank to a supplier or seller’s bank, in which an agreement is made to pay a specified amount of money on an agreed future date under the condition of electronic matching of data. More banks have started to embrace BPO as the payment method can enhance trade finance technology. Uniform Rules for Bank Payment Obligation (URBPO) are undergoing updates and changes by the ICC Banking Commission to accommodate developments such as DLT

Open Banking Europe (OBE) published the JSON Web Signature Profile to addresses standardization and security in open banking APIs and to align European APIs into one security model. OBE and the European Telecommunications Standards Institute (ETSI) have brought together experts from different PSD2 API Communities. The deliverable of this joint effort is available for industry review and feedback and further consultation with relevant standardization agencies.

The latest regulations cover cross-border payments and currency conversion transparency charges within the European Union.

Charges on cross border payments: Charges levied by PSPs on a PSU in euro (€) shall be the same as charges levied by that PSP for corresponding national payments of the same value in the national currency of the member state.

Charges levied by a PSP on a PSU in the national currency of the member state that notified its decision to extend the application of this regulation to its national currency shall be the same as the charges levied by that PSP on PSU for corresponding national payments of the same value and in the same currency.

Currency conversion charges related to card-based payments: PSPs and currency conversion service parties at ATM or PoS shall disclose the payer before the payment initiation process on the total currency conversion charges as a percentage mark-up over the latest available euro Forex reference rates issued by the European Central Bank (ECB).

Currency conversion charges related to Credit transfers: When credit transfer is initiated online, directly using website or mobile banking service of a PSP, the PSP shall communicate to the payer on the estimated total amount of the credit transfer in the currency of the payer’s account, including any transaction fee and any currency conversion charges.

The PSP shall also communicate the estimated amount to be transferred to the payee in the currency used by the payee.

In Dec 2019, The European Council adopted a Cross-Border Payments Regulation (CBPR2) regulation that requires all cross-border payments in euro in the non-Eurozone EEA countries - Bulgaria, Croatia, Czech, Denmark, Hungary, Iceland, Liechtenstein, Norway, Poland, Romania, Sweden, United Kingdom - to be priced the same as domestic payments. This regulation (the extension of the Cross-Border Payments Regulation, CBPR2) means cross-border euro payments will incur very low, or even zero, fees.

In July 2020, 16 major European banks from five countries backed by the European Central Bank (ECB) paved the way to launch the European Payments Initiative (EPI). The plan offers a unified card and digital wallet for use across Europe — to supersede the previously fragmented landscape. Through the end of 2020, European market players, banks or banking syndicates, and third-party PSPs may apply/join EPI as a founder. The European Payments Initiative is to become operational in 2022.

The aim of EPI is to create a unified, innovative Pan-European payment solution leveraging Instant Payment/SEPA Instant Credit Transfer (SCT Inst), which offers a card for consumers and merchants across Europe, a digital wallet and P2P payments.

Apart from the group of 16 major European banks from 5 countries who paved way for the launch of EPI, PKO Bank Polski (PKO BP), Poland’s largest bank, and OP Financial Group, the leading Finnish retail bank, are joining EPI as founding shareholders of the recently created company.

Furthermore, a group of 12 Spanish credit institutions banks has also formed a consortium and are joining EPI as a collective founding shareholder of the EPI Interim Company. shareholders. Third-party acquirers Worldline and Nets has also announced their accession as EPI founding shareholders

EPI is expected to enter the operational stage in 2022

The European Banking Authority (EBA) extended the deadline for migration for Strong Customer Authentication (SCA) to Dec 31, 2020, from the initial Sep 14, 2019. And, as COVID-19 constrained FI resources, The European Payment Institutions Federation wrote to the EBA (European Banking Authority) in March 2020 asking for a six-month extension of the Dec 31, 2020 SCA deadline. Under SCA, the consumer goes through two-factor authentication that includes providing two or more of these: 1. Knowledge: Pin/Password that only customer knows, 2. Possession of a hardware token, 3. Inherence: Biometric factors such as facial or fingerprint recognition to improve security.

SCA came under force from end of 2020, especially as so many European countries were able to properly enforce the new regulations as of December 31st 2020. In these countries, two-factor authentication has been mandatory for all online purchases, and one time passwords by SMS is no longer considered as a safe authentication factor.

·       However, a few EU/EEA countries needed the extension carried over into 2021 such as the UK, France, Germany, Italy, Spain, Belgium, Ireland, Denmark, Austria and Switzerland.

·       Considering SCA’s frictional payment method, its mainly used for high value and high risk transactions in card payments.

SCA introduced one-in-five policy in contactless payments to combat fraud where the card get blocked in every one in five contactless payment and also when a series of payments adds to more than 100Euro even if it’s not a fifth contactless payment. Either way customers are required to enter their PIN to unblock. Limits fraudulent activity.

The fifth Anti-Money Laundering Directive came into effect in January 2020. It emphasizes transparency and disclosure of an entity’s actual owners. Additionally, based on its Sept 2020 deadline, member states are now required to set up centralized, automated mechanisms to identify the holders of bank accounts and safe deposit boxes. Throughout the EU, Member State notifications are fragmented, reflecting the complexity of identifying and classifying legal arrangements. Member States that fail to transpose the directives correctly may face enforcement actions and penalties.

A new European Electronic Communications Code is due to take effect in all EU Member States by Dec 21, 2020 to improve the security of electronic communications services. In anticipation of the transition, ENISA began preemptive collaboration with national telecom regulators from across Europe.

The European Commission adopted the RTS (Regulatory Technical Standards) to prevent fraud and secure customer data. Under RTS, the banks set up a communication channel for TPP’s, thereby allowing banks to identify the TPP’s when accessing the customer data and for secure messaging to communicate with each other.

Since the introduction of PSD2, there has been overlap between SecuRePay and PSD2 regarding payee (KYC) identification, linking the payment instrument with KYC, and linking KYC and the payment instrument with 2FA, which should include a dynamic element or biometrics

Beginning in Jan 2020, as part of the implementation of the fifth Anti-Money Laundering Directive (AMLD5), the German Parliament required providers of technical infrastructures, such as Apple regarding the Near Field Communication (NFC) antenna contained in iPhones, to grant access to those technical infrastructures to payment service providers (PSPs).

European Union unveiled strategy for Indo-Pacific cooperation on Apr 16, 2021 to develop partnerships in security and defense, including addressing maritime security, malicious cyber activities, disinformation, emerging technologies, terrorism, and organized crime.

A new European Electronic Communications Code was adapted by all EU member states on Dec 21, 2020 to improve the security of electronic communications services. Anticipating this transition, to make the most out of the new rules, ENISA started collaborating with national telecom regulators across Europe.

After the introduction of PSD2, there is a certain level of overlap between SecuRePay and PSD2 regarding the identification of the payee (KYC), linking the payment instrument with KYC, linking KYC and payment instrument with 2FA, which should be comprised of one dynamic element or biometrics.

Internet Payment Security – Strong Customer Authentication:

The European Banking Authority (EBA) extended the deadline for migration to Strong Customer Authentication (SCA) to Dec 31, 2020, a 15-month extension from the original Sep 14, 2019 implementation date.

Many European countries were able to enforce the new regulations by Dec 31, 2020. In these countries, two-factor authentication had been mandatory for all online purchases, and one time passwords by SMS were no longer considered a safe authentication factor.

However, a few EU/EEA countries needed the extension to carry over into 2021:

France: The French Banque de France has chosen an SCA enforcement that can be done in phases based on transaction value. All transactions had to be SCA compliant by Mar 31, 2021.

Germany: All transactions had to be SCA compliant by Mar 15, 2021.

Italy: All Italian transactions had to be SCA compliant by Apr 1, 2021.

Spain: All transactions were subject to SCA compliance on Mar 1 2021.

Belgium: The deadline for SCA compliance was May 18, 2021 at the National Bank of Belgium (NBB).

Ireland: The Central Bank of Ireland began fully enforcing SCA in Ireland on Jul 1, 2021.

Denmark: Nearly making the 2020 cut-off, the Danish Finanstilsynet decided to give their payment industry a few extra days to get their SCA processes in order, and didn’t start full enforcement of SCA until Jan 11, 2021.

Austria: The final deadline for issuers to become fully SCA compliant was Mar 15, 2021.

Switzerland: Switzerland was the last country (together with the UK) to fully enforce SCA. Swiss issuers had until Sep 15, 2021 to comply.

In Apr 2019, the European Commission launched the European Forum for Innovation Facilitators (EFIF) to foster collaboration and experience-sharing among European financial supervisors about their engagement with FinTech firms through sandboxes and innovation hubs. Also, the European Supervisory Authorities (ESAs) and EU Member States’ National Competent Authorities (NCAs) will be joined by third-country authorities to exchange best practices, identify regulatory obstacles and share FinTech growth information.

The European Commission issued a public consultation in preparation for a digital finance strategy/FinTech action plan that was to be proposed in Q3 2020. The strategy defines priorities for the next five years and policy measures to be implemented.

The EC supports a regulatory sandbox, a controlled and structured environment in which a regulatory framework is set by the financial sector regulator, to allow enough space for innovation development. It aligns compliance and regulation with the rapid growth in FinTech companies without compromising customer security.

Twenty-one EU Member States and three European Economic Area (EEA) countries currently have innovation hubs, while only five Member States have fully operational regulatory sandboxes. The EC is working with market players on risk assessment related to innovations and determine whether EU-level regulatory action is required.

Spain plans to launch a regulatory sandbox under the supervision of three authorities: Banco de España (the country’s central bank); the Comisión Nacional del Mercado de Valores (the National Securities Market Commission, the agency responsible for financial regulation of securities markets); and the Dirección General de Seguros y Fondos de Pensiones (the Directorate-General for insurance and pension funds).

AI: In Feb 2020, the European Commission (EC) presented its long-awaited proposal for comprehensive AI regulation at the European Union level. The draft legislation, which is part of a more significant effort to increase public and private investment in AI to more than €20 billion per year over the next decade, is expected to be available by the end of 2020.

Contactless: Contactless payment adoption in Europe is well ahead of the rest of the world and is becoming a new normal with the pandemic scenario. 89% of people agree that contactless payments have been easy to adopt, and nearly half (42%) of people across Europe admit their use of cash has decreased during COVID-19. It is expected that all point-of-sale terminals in Europe will be contactless-enabled by the end of 2020.[1]

AI: In Feb 2020, the European Commission (EC) presented its long-awaited proposal for comprehensive AI regulation at the European Union level. The draft legislation, which is part of a more significant effort to increase public and private investment in AI to more than €20 billion per year over the next decade, is expected to be available by the end of 2020.

Contactless: Contactless payment adoption in Europe is well ahead of the rest of the world and is becoming a new normal with the pandemic scenario. 89% of people agree that contactless payments have been easy to adopt, and nearly half (42%) of people across Europe admit their use of cash has decreased during COVID-19.

Biometrics: Use of biometrics in payments is on an accelerated uptake due to multiple factors including the desire for convenience, frictionless authentication while paying in all channels, and security. Its estimated that the biometric payment cards are expected to see a significant growth in Europe by 2021 and Europe finger print recognition to have a growth worth 11.5Bn USD by 2023.

Credit card companies and banks across Europe namely RBS and Societe Generale has embraced trial of finger print embedded payment cards to provide customers with better payment security

[1] Mastercard,”Contactless Continent,”May 28, 2020

The EU’s Electronic Identification and Trust Services Regulation (eIDAS) has been in effect throughout the European Union since Sep 2018.

The European Parliament passed a regulation to secure ID cards to strengthen identity card security and residence documents throughout the European Union. Moreover, the security features of ID cards will align with those of passports. Both types of travel documents will contain a highly secure contactless chip with the holder’s photo and fingerprints.

5AMLD, together with eIDAS regulation, supports the EU’s Digital Single Market concept that allows immediate homogenous electronic identification in Europe and remotely as 5AMLD emphasizes the transparency of an entity’s real owner.

Electronic ID (eID) provisions and related trust services created by the regulation will dramatically increase the level of security for cross-border transactions for businesses and offer many other benefits.

The eID scheme is active in several member states, while the same is in development in Bulgaria, Cyprus, France, Greece, the Netherlands, Poland, and Romania. Denmark, Ireland, and the UK are exceptions because of a lack of political and social support.

The European Commission is currently evaluating eIDAS regulatory framework and ran an open consultation from Jul 24 to 2 Oct 2, 2020.

The aim of the consultation was to collect feedback on drivers and barriers to the development and uptake of trust services and eID in Europe and on the impacts of the options for delivering an EU digital identity. The Commission will assess to what extent the eIDAS framework remains fit for purpose and will also consider whether it is appropriate to modify the scope of the regulation or its specific provisions.

After PSD2 implementation, European retail organizations asked authorities to expand the scope of interchange fee controls to tackle stupendous charges imposed by card schemes after rules that banned merchants from recovering costs from consumers were implemented.

Card issuers, acquirers, and merchants are preparing for a Dec 7, 2020 public hearing organized by the European Commission to take stock of the EEA Interchange Fee Regulation. This follows the recent publication of a Commission report on the impact of the IFR (Interchange Fee Regulation) that notably stated that a revision of the IFR would not be proposed at this stage.

The Commission's report was submitted to the European Parliament and EU Council on Jun29, 2020, more than a year past its deadline. IFR does not apply to credit transfers, only to card-based payments, and therefore does not impose caps on a possible interchange fee on credit transfers.

Overall, 85% of TARGET2-Securities (T2S) markets comply with T2S harmonization standards. This figure has not changed since the publication of the harmonization progress report in Jan 2018. However, advancement was made in some T2S markets in compliance with T2S corporate actions, although this is still the area with the most non-compliance cases. The pre-migration assessment of ID2S (the new French CSD), joined T2S in October 2018 and indicated strong compliance with T2S harmonization standards. The AMI-SeCo continues to pay close attention to existing non-compliance cases and resolution plans. Significant updates are underway to define T2S standards in withholding tax, conflicts of laws, and settlement discipline.

Italy’s SIA will build Canada’s new core clearing and settlement system. SIA will work jointly with Payments Canada and industry stakeholders on the next version of their Real-Time Gross Settlement (RTGS) application solution.

The Euro system is consolidating TARGET2 and T2S, in terms of both technical and functional aspects. SWIFT has managed to win the contract. The objective is to meet changing market demands by replacing TARGET2 with a new real-time gross settlement (RTGS) system and optimizing liquidity management across all TARGET Services. The new RTGS system will offer the market enhanced and modernized services. The new consolidated platform will launch in Nov 2021.

Eurozone banks are beginning to implement the European Payments Initiative (EPI). In Jul 2020, 16 major European banks from Belgium, France, Germany, the Netherlands, and Spain paved the way to EPI to offer a digital payment solution that can be used anywhere in Europe and supersede the current fragmented landscape.

In 2020, The Swiss Federal Council published a draft on the amendment of the Anti-Money Laundering Act (AMLA) that is expected to go into force in early 2021. The AMLA amendment was proposed as a result of the fourth FATF (Financial Action Task Force / Groupe d’action financière) country report of Switzerland. The FATF has, among other things, criticized the Swiss money laundering reporting system, which has so far been based on a dualistic approach (right to report / duty to report). The consultation draft is supposed to address this criticism and suggests abolishing the right to report.

Mar 19, 2021 − the Swiss Federal Council voted in favor of a reform of the anti-money laundering legislation. The amendment of the AMLA has been proposed against the background of the fourth FATF (Financial Action Task Force / Groupe d’action financière) country report of Switzerland. The FATF has, among other things, criticized the Swiss money laundering reporting system, which has so far been based on a dualistic approach (right to report / duty to report). The consultation draft is supposed to address this criticism and suggests abolishing the right to report.

UK’s AML and CTF took effect in Jan 2020 and impose additional requirements to obtain information on the customer and its beneficial ownership and the customer’s source of funds. AML and CTF enhance the monitoring of ongoing relationships while also examining the purpose of business relationships and transactions.

The Bank of England (BoE) and the Financial Conduct Authority (FCA) will collaborate with The Monetary Authority of Singapore (MAS) to strengthen cybersecurity

Bank of England to consider adopting cryptocurrency by weighing potential benefits amid the decline of cash and the emergence of Facebook’s Libra. Bank officials will meet with the Bank of Japan, the European Central Bank (ECB), the Sveriges Riksbank, the Bank of Canada, the Swiss National Bank, and the Bank for International Settlements (BIS) to pool research and experiences of the potential for a central bank digital currency (CBDC).

In Mar 2019, The Payment Accounts (Amendment) (EU Exit) Regulations 2019 (SI 2019/661) were published on legislation.gov.uk. The purpose of the regulations is to ensure that UK legislation implementing the Payment Accounts Directive (2014/92/EU) (PAD) operates effectively after Brexit. The regulations apply to every Payment Service Provider (PSP), except credit unions, National Savings and Investments (NS&I), and the Bank of England. This instrument makes amendments to PAR to remove deficiencies arising from the UK’s exit from the EU.

Feb 2, 2021 − The UK's Financial Conduct Authority (FCA) published The Woolard Review recommending that BNPL firms be required to undertake affordability checks with consumers having the right to complain to the Financial Ombudsman Service. The regulation boosts consumer protection.

New Zealand implemented the second phase of its AML and Countering Financing of Terrorism (AML/CFT) Amendment Act 2017. The law has been implemented in different phases for different sectors. Since Jan 2019, real estate agents, businesses trading in high-value goods, and sports and race betting industries have had to comply with the new rules.

A cybersecurity strategy was published in Jul 2019 to prioritize (2019 – 2023): cybersecurity aware and active citizens, a strong and capable cybersecurity workforce and ecosystem, an internationally active, resilient and responsive New Zealand, and a proactive approach to tackling cybercrime.

Singapore introduced the Payment Services Act (PSA) in January 2020 to provide licensing and regulation for payment service providers and oversight of payment systems. PSA encourages better digital payment capabilities across the country, fosters greater trust in e-payment systems, and safeguards financial activities in the digital landscape.

May 2021 − The Monetary Authority of Singapore (MAS) is considering stricter regulation around BNPL schemes amid concern about consumer debt. MAS and other government agencies are reviewing whether existing risk management practices and safeguards are adequate against consumers chalking up excessive debts.

Japan’s Financial Service Agency released guidelines in Apr 2019 for AML and combating financial terrorism. The guidelines require actions and expected actions for each financial institution and explain how the FSA will conduct future monitoring.

In Jun 2020, Japan’s three biggest banks - Mizuho Bank, MUFG Bank, and Sumitomo Mitsui Banking Corporation are investigating the creation of a digital currency settlement infrastructure. Other countries studying the possibility of a national digital currency are Australia, Canada, Israel, Russia, Sweden, and Ukraine.

Regulatory guidelines from the Reserve Bank of India (RBI) went into effect in Apr 2020 for payment aggregators and payment gateways on directions for opening and operation of accounts and settlement of payments for electronic payment transactions involving intermediaries.

Mar 17 2020 − Reserve Bank of India (RBI) rolled out regulatory guidelines on payment aggregators and payment gateways on directions for opening and operation of accounts and settlement of payments for electronic payment transactions involving intermediaries.

Neither the authorized Payment Aggregators (PAs) nor the merchants onboarded by them can store customer card credentials within their database or server. Based on the representations received from the industry seeking additional time for implementing the above instructions, it has been decided, as a one-time measure, to extend the timeline for non-bank PAs by six months, i.e., until Dec 31, 2021.

Reserve Bank of India (RBI) introduced operational guidelines on the interoperability of prepaid payment instruments (PPIs).

India rolled out One-Nation-One-Card in March 2019 to enable passengers in India to commute anywhere through any mode of transport. All new credit and debit cards issued by most banks have the National Common Mobility Card feature to make payments for their travel. Delhi Metro will begin to implement an automatic fare collection counters (AFCs) pilot in Dec 2020 to read these cards for a seamless exit at stations.

RBI announced steps in late 2019 to encourage digital payments, including removing charges related to the National Electronic Funds Transfer (NEFT) and introducing an interoperable system so drivers can rely on FASTags to pay parking fees, fuel, and other activity. And beginning in Jan 2020, banks no longer charged savings account holders for online NEFT transactions.

In Dec 2019, RBI introduced a new type of prepaid payment instrument (PPI) with a limit of up to Rs10,000 to be used only to purchase goods and services. The loading /reloading of such PPI will be only from a bank account and used for making only digital payments such as bill payments, merchant payments, etc.

National Common Mobility Card (NCMC)– “One Nation One card” – Early 2019, Indian Prime Minister launched the indigenously-developed National Common Mobility Card (NCMC) that runs on RuPay card to enable people to pay multiple kinds of transport charges, including metro services and toll tax, across the country.

RuPay card launched internationally: UAE, Singapore and Bhutan. Aug 2019 − Memorandum of Understanding between the National Payments Corporation of India (NPCI) and UAE’s Mercury Payments Services established a technology interface between the payment platforms in India and UAE. The NPCI in association with the Mercury Payments Services, has made RuPay cards acceptable at 1,75,000 merchant locations and 5,000 ATM and cash access locations within the UAE. RuPay has partnered with international players Discover, Japan Credit Bureau and China Union Pay to enhance international acceptance.

The 2019 Personal Data Protection (PDP) bill protects Indian users from global breaches and prioritizes the storage and processing of critical information related to individuals in India.

The draft National Cyber Security Strategy 2020 (for2020-25), seeks to secure India cyberspace and is on track for finalization in late 2020.

Government data reveals that India experienced 394,00 instances of cybersecurity incidents in 2019. CERT-In data shows that 336 websites belonging to central ministries, departments, and state governments were hacked from 2017 and 2019.

RBI limits customer liability in fraudulent PPI transactions. Under new customer liability norms, the regulator announced that fraud caused by a third-party breach is not the fault of the customer or the PPI issuer, and the customer is not liable if the incident is reported within three days. If the fraud is reported between three and seven days, customer liability will amount to the transaction value or ₹10,000 (about USD136), whichever is lower.

Apr 2021 − The Reserve Bank of India (RBI) top official has said that RBI will soon issue cybersecurity norms for payment service providers (PSPs), following a series of data breaches faced by operators including Mobikwik and payment aggregator JusPay.

Debit and Credit card recurring payment: Early 2021, RBI rolled out a new rule that additional authentication will be required by the customer from Apr2021 for auto-payments from debit and credit cards or via wallets. It acts as an additional security wall against cyber security issues since pandemic has increased the pressure on the banking industry to combat cyber fraud.

The 2019 Personal Data Protection (PDP) bill protects Indian users from global breaches and prioritizes the storage and processing of critical information related to individuals in India.

The National Cyber Security Strategy 2020 (for 2020-25) aims to improve cyber awareness and cybersecurity through more stringent audits

RBI limits customer liability in fraudulent PPI transactions. Under new customer liability norms, the regulator announced that fraud caused by a third-party breach is not the fault of the customer or the PPI issuer, and the customer is not liable if the incident is reported within three days. If the fraud is reported between three and seven days, customer liability will amount to the transaction value or ₹10,000 (about USD136), whichever is lower.

Reserve Bank of India plans to launch a cryptocurrency. The governor of RBI said issuing cryptocurrency is a governmental issue and should not be handled privately. RBI is considering the development of a sovereign digital currency.

In March 2020, India’s Supreme Court overruled RBI’s move to ban business activities that local banks can do with crypto-related companies citing the right of Indian citizens to practice the profession of their choice. As a result, Indian crypto enterprises were encouraged to reopen as the government works to figure out how to curb anti-money laundering and combat terrorism financing. Within a month after the ban was reversed, WazirX (Indian cryptocurrency exchange) grew 470% in daily trading volume, according to its CEO.

Cambodian and Thai regulators launched an interoperable payment QR code in Mar 2020. Cambodian tourists who visit Thailand may now use their mobile banking app to pay in Cambodian riel when shopping at stores that display a Thai QR Payment sign. The same functionality will be extended to Thai tourists in Cambodia by the end of 2020.

In Nov 2019, Siam Commercial bank announced its partnership with Liquid Group to enable cross-border QR payments between Singapore and Thailand. In Dec 2019, Asia United Bank (AUB) announced a partnership with Liquid Group to enable cross-border QR payments between Singapore and the Philippines. And in Jun 2019, CIMB Niaga partnered with Liquid Group to support Bank Indonesia’s QR-code standardization trial (QRIS) for cross-border transactions.

Over the past year, 17% of cybersecurity-related issues were the result of third-party system breaches, according to an Apr 2020 survey by the UK’s Financial Conduct Authority, which underscores the need for fool-proof counterparty risk mitigation policies.

Thailand’s cybersecurity act, published in May 2019 stipulated that any import, dissemination, or forwarding of data through a computer that may cause damage to the public shall be considered an offense.

In May 2019, Bank Indonesia (BI) launched its Quick Response Indonesia Standard (QRIS) code system to universalize cashless payment in the country. QRIS, which physically manifests as a more complex QR pattern, allows users from one payment service to transfer funds to any rival service within BI’s ecosystem.

Mexico’s Federal Law on Protection of Personal Data was introduced in Feb 2020 to amend the Federal Law on Protection of Personal Data held by Private Parties. The bill seeks to oblige data controllers to immediately notify the government (INAI institute) of any security or privacy breaches involving personal data.

Mar 29, 2020 − Mexican data protection authority launched a COVID-19 microsite dedicated specifically to provide useful information and guidelines to protect personal data and provide transparency during the pandemic.  This microsite has been a useful tool for both data subjects and data controllers to handle personal data processed as a result of the COVID-19 pandemic.

Apr 2, 2020 − the INAI released a statement calling for the adoption of extreme precautions with regard to personal data of COVID-19 patients. Medical personnel handling such data must use strict administrative, physical and technical safeguards to avoid any loss, destruction of improper use

In May 2020, the Central Bank of Brazil announced a new open banking regulation and a partnership with TecBan and Ozone. Brazil is planning to make open banking APIs fully operational by Oct 2021. The newly issued regulation on open banking enables secure sharing of registration and transactional data from individuals or legal entities at the customers’ discretion when data and services identify the customer.

Following a new AML law in late 2018, the UAE issued a resolution in early 2019 with provisions to implement the AML Law. The AML Resolution introduced several significant provisions, including the introduction of a risk-based approach to AML regulation. International wire transfers higher than AED3,500 (USD 953) require the provision of certain information to trace such transfers.

The National Anti Money Laundering and Combatting Financing of Terrorism and Financing of Illegal Organisations Committee (NAMLCFTC) adopted guidelines for financial institutions, designated non-financial businesses and professions in Apr2021. The committee also approved six risk assessment reports related to terrorist financing, trade-based money laundering, misuse of legal persons, non-profit organizations, lawyers and the gold sector to enhance the understanding of the different type of risks and strengthen cooperation among regulatory authorities.

In Jun 2020, Zimbabwe announced the immediate suspension of all mobile payments over suspected malpractice as an AML initiative, a flipside to mobile payments despite its convenience. Malpractice, criminality, and economic sabotage perpetrated by individuals fueling parallel market rates spurred the action.

In 2017, the New York State Department of Financial Services (NYDFS) launched GDPR-like cybersecurity regulations for its massive financial industry. Unusual at the state level, the regulations include strict requirements for breach reporting and limiting data retention. Like the GDPR, the New York regulation has rules for basic principles of data security, risk assessments, documentation of security policies, and designating a chief information security officer (CISO) to be responsible for the program.

The state of California’s SB-327 IoT bill was enacted into law in Jan 2020. It requires IoT product manufacturers to enforce security standards for internet-connected devices, including making them come with unique passwords or requiring users to create them during the setup process.

In late Mar 2020, Washington state became the first state to pass legislation allowing facial recognition to be used by state and local government agencies, with certain limitations. The law is designed to strike a balance between the civil rights issues associated with the use of facial recognition software and the perceived advancements in public safety that the technology could provide. The bill aims to regulate state and municipal government agencies’ use of facial recognition services by Jul 2021.

The California Consumer Privacy Act (CCPA) was approved in Jun 2019 and was enacted in Jan 2020. In Jul 2020, CCPA became enforceable by the California Attorney General. Under the statute, businesses have 30 days after being notified of non-compliance to address alleged violations. Businesses that fails to remedy the violation may be subject to an injunction and liable for a civil penalty of up to USD2,500 for each non-compliance error or USD7,500 for each intentional violation.

Saudi Arabia’s NCA (National Cybersecurity Authority) issued guidelines to help organizations in the Kingdom improve their information security practices based on ISO 27001 guidelines.

The Telecommunications Regulatory Authority (TRA) launched the UAE National Cybersecurity Strategy in Jun 2019. The strategy aims to create safety within UAE community members’ cyberinfrastructure so citizens and residents can fulfill their aspirations and businesses can thrive.

A TRA director said a data protection law would be drafted for the UAE to support the TRA’s new national cybersecurity strategy for 2020-25.

The Saudi Arabian Monetary Authority and the UAE Central Bank announced a pilot project for a shared digital currency, Aber. In Nov 2019, Saudi and UAE leaders confirmed the joint digital currency effort. Aber remains in the experimental phase. Its main objective is to enable Saudi and UAE to deal directly with each other digitally and to conduct financial remittances through the use of blockchains and DLT.

In Dec 2019, the Nigeria Information Technology Development Agency (NITDA) issued non-compliance notices to nearly 100 companies and organizations that had failed to comply with the Nigeria Data Protection Regulation (NDPR), which had extended its deadline until Oct 2019.

In Dec 2019, The Nigeria Information Technology Development Agency (NITDA) issued non-compliance notices to nearly 100 companies and organizations that failed to comply with the Nigeria Data Protection Regulation (NDPR), 2019.

China’s national standard Information Security Technology – Personal Information Security Specification is in the process of revision, and its formal revision is likely to be issued by 2020.

Several regulations were drafted in accordance with the Cybersecurity Law and published for public comment. The legislature is likely to issue final versions by the end of 2020 that may include data security management measures, security assessment of cross-border transfer of personal information, regulations on security protection of critical information infrastructure, and cybersecurity grade protection regulations. Various industry authorities may also formulate and issue regulations or drafts for comments on cybersecurity, data security protection, and personal information protection applicable to their industries in accordance with the Cybersecurity Law.

People’s Bank of China is piloting a CBDC. China’s four largest state-owned commercial banks have been developing and testing a wallet application to store, send, and receive Digital Currency Electronic Payment (DCEP).

Under data protection law, Russian Federal Assembly penalties for violation of data localization rules have dramatically increased. The original penalty for handling Russian personal data was blocking a data operator’s website. However, since Dec 2019, administrative penalties for non-compliance by a data operator were boosted to fines from USD31,500 to USD94,200 for an initial violation, to about USD280,000 for repeat violations.

Also, sanctions for executives who violate companies’ data rules were introduced with penalties of USD1,560 to USD3,125 for an initial violation and between USD7,800 to USD12,500 for repeat violations.

In Aug 2020, Russia approved a bill to regulate cryptocurrencies. The bill gives legal status to cryptocurrency but prohibits its use as a means of payment.

Kenya is stepping up digital security for citizens. A new law outlines restrictions on data handling and sharing by the government and corporations. An independent office will investigate infringements of the new law with violators facing two-year prison sentences or fines of up to USD29,000

Adopted in Nov 2018, Serbia’s Personal Data Protection Law went into effect in Aug 2019 and was formulated to sync with GDPR as part of a wider process to harmonize Serbia with EU law.

Indonesia National Standard QR code payment: Bank Indonesia (BI) launched its Quick Response Indonesia Standard (QRIS) code system in May 2019 to universalize cashless payments nationwide. QRIS, which physically manifests as a more complex QR pattern, allows users from one payment service to transfer funds to any rival service within BI’s ecosystem.

Thailand Cross border QR code payment: In Mar 2020, Cambodian and Thai regulators announced an interoperable payment QR code for use between Cambodia and Thailand. Cambodian tourists who visit Thailand may now use their mobile banking app to pay in Cambodian riel when shopping at stores that display a Thai QR Payment sign. The same functionality was expected to be extended to Thai tourists in Cambodia by Q3 2020.

In Nov 2019, Siam Commercial bank announced its partnership with Liquid Group to enable cross-border QR payments between Singapore and Thailand.

QR code initiatives by firms such as PayPal and Paytm: In Jan 2020, Paytm launched its latest all-in-one QR payment method, allowing merchants to make and accept payments through its wallet, UPI-based payment apps, and RuPay cards.

Similar to Paytm, PhonePe, Mobikwik, Razorpay, and Freecharge, others are encouraging QR-code based payments to capture transactions made by small and informal merchants, such as Kirana stores.

In May 2020, PayPal rolled out QR code payments in the UK, which brought the global total to nearly 30 markets that offered a touch-free way for businesses to receive payments and for consumers to make purchases during COVID-19.

In Mar 2020, HPS by Saudi Payments introduces a unified QR code platform to enable banks, wallet providers, and FinTechs to interact seamlessly within an interoperable platform.

In Feb 2020, RaPay launched its QR code-based merchant payment system, a new platform designed to reduce merchant settlement times associated with taking debit card payments.

In recent years, QR codes are being adopted by a growing number of players due to need for cashless payments stimulated by the pandemic. A new study from Juniper Research has found that the total number of QR code payment users will exceed 2.2 billion in 2025, equating to 29% of all mobile phone users across the world in 2025.

China - China is the major contributor in QR payments. Its relatively inexpensive form factor and ease of use has helped make QR codes popular in other parts of the world. Today, prominent QR code merchant payments deployments are evident around the globe.

South Africa − Apr2021: South Africa's Nedbank teamed up with Mastercard and local FinTech player Ukheshe to let customers pay small businesses via WhatsApp. Once registered, small and microbusinesses can use the service, called Money Message, to send a WhatsApp request-to-pay message to customers with a valid South African identity document and bank account.

Germany - May 2021: Munich airport introduced PayPal QR Code for contactless payment. Passengers can now pay touch-free in all Eurotrade stores and businesses at Munich Airport through the use of a contactless PayPal QR Code.

Thailand Cross border QR code payment: Mar 2020: Cambodian and Thai regulators announced the launch of an interoperable payment QR code for use between Cambodia and Thailand. Cambodian tourists who visit Thailand may now use their mobile banking app to pay in Cambodian riel when shopping at stores that display a Thai QR Payment sign. The same functionality is expected to be extended to Thai tourists in Cambodia by Q3 2020.

QR code initiatives by firms such as PayPal and Paytm: Jan 2020: Paytm launched its latest all-in-one QR payment method, which allows merchants to make and accept payments through its wallet, UPI-based payment apps, and RuPay cards.

Similar to Paytm, PhonePe, Mobikwik, Razorpay, and Freecharge, others are encouraging QR-code based payments to capture transactions made by small and informal merchants.

March 2020 − The Central Bank of Brazil launched national standard QR code to universalize cashless payments in the country. The new standard became mandatory in Sep 2020. The new rule is aimed to increase transparency for end-users, both payers and recipients, by improving access to information and, thus, creating a competitive environment in the Brazilian Payment System.

Thailand and Vietnam − The Bank of Thailand (BOT) and State Bank of Vietnam (SBV)has rolled out a cross-border interoperable QR code payment linkage between the two countries as per report published on Apr 2021. The first phase of the project will see Thai tourists able to make QR code payments with their mobile phones to pay for goods or services in Vietnam, and vice versa. Other banks want to join the project, including Vietcombank, along with Thailand-based Bank of Ayudhya, CIMB Thai Bank, Kasikornbank, Krung Thai Bank, and Siam Commercial Bank.

Oct 2020 − The Reserve Bank of India (RBI), announced that the Payment System Operators (PSOs) that use proprietary QR codes have to shift to one or more interoperable QR codes by March 31, 2022 and any new QR code introduced should be interoperable from the start.

Singapore − Singapore launched what it claims to be the world's first unified payments QR code, which will be adopted by 27 payment schemes on the island. PayNow, Nets, GrabPay, Liquid Pay and Singtel Dash are among the payment schemes onboard for the project, which will see merchants replace their existing QR codes replaced with SGQR labels. Shoppers can quickly check if their preferred QR option is on the label and then pick it, scan the code and make the payment.

Argentina −launched Transferencias 3.0 in late 2020 to allow any domestic business to charge for services and receive payment via QR code on a mobile phone.

In Jun 2020, Italian Banks Association (ABI) announced that its banks are willing to pilot a digital euro. ABI prioritized the need for a digital currency framework to be fully compliant with EU regulations to win the public’s trust and said banks would play a critical role in upholding that trust

Sweden is testing e-krona, bringing it that much closer to the proper release of a central bank digital currency (CBDC). The pilot program will be in operation for one year, until Feb 2021.

In Mar 2020, the Central Bank of France announced an experimental program to test the integration of a CBDC for interbank settlements, inviting participant applications

Mar 2021 − The Australian Finance Industry Association Limited (AFIA) developed a code of practice to enable the BNPL industry to ensure high industry service standards for customers and support compliance with legal and industry norms.