Update on Existing KRIIs
WPR 2018 witnessed significant regulatory traction, primarily in the areas of Data Privacy and Protection, Cash-Usage Reduction, Anti-Money Laundering, FinTech Regulation, Instant Payments, SWIFT’s gpi, PSD2, Open APIs, and DLT. Most of the regulatory activity is a result of the spread from the developed West to the Emerging East.
China is rapidly transitioning towards a cashless society. In 2016, mobile payments in China were worth USD5.5 trillion; about 50 times those of the U.S. (USD 120 billion). China is encouraging digital payments as part of a Green Finance Project. Further, digital payments are being used for improved access to health services in China, and for student tuition fees and meal expenses in model cities such as Tianjin.
Following the demonetization initiative in November 2016, the Reserve Bank of India (RBI) has undertaken several initiatives to encourage the growth of non-cash transactions. For example, it has reduced Merchant Discount Rates (MDR), from 1 January 2018. A differentiated MDR has been announced for QR code transactions. Further, in September 2017, the Bharat QR code was launched, which is an interoperable payments acceptance solution that supports Visa, Mastercard, RuPay, and Amex cards and BHIM–UPI for wider acceptance. The National Payments Corporation of India (NPCI) is set to launch UPI 2.0 in August 2018. This version will have extended features such as invoice view for customers, inward remittances from outside India, and overdraft facilities. In the Middle East, the Saudi Arabia Monetary Authority (SAMA) plans to roll-out QR codes.
Turkey aims to go cashless by 2023. With a growing younger population who are willing to adopt technology and shift to digital payments, the country is definitely poised for a cashless future. Further, Turkey has the highest number of registered cards, over 170 million, in Europe and mobile payments volume is expected to grow four times higher during 2015-19.
The Vietnamese Government is seeking to drastically reduce cash transactions and improve digital payments by 2020. Further, a plan seeks to reduce the number of cash transactions to less than 10% of total market transactions in the retail and shopping segment by 2020; 70% of transactions related to utility services and telcos; and 50% of total urban households.
In the U.S., in late 2017, the Office of the Comptroller of the Currency (OCC) began considering applications from FinTech companies to obtain licenses as Special Purpose National Banks (SPNB). This move was a result of a FinTech whitepaper that suggested obtaining multiple state licenses could inhibit FinTech development and that institutions with federal charters required a regulatory framework. Following this, the OCC published draft procedures for licensing and application requirements for a FinTech charter in 2017. In 2017 the Federal Deposit Insurance Corporation (FDIC) approved six de novo bank (new bank) applications, but none was granted to FinTech firms. Further, the constituent states of the U.S., realizing that licensing requirements could inhibit FinTech development, announced Vision 2020, which focuses on increased harmonization and uniformity of licensing, regulations and examinations across states.
The ECB has launched two draft guides outlining requirements and qualifications for how FinTech entities can become banks and obtain a banking license. The consultation period ran from 21 September 2017 to 2 November 2017 and the ECB is studying the feedback.
The Hong Kong Monetary Authority (HKMA) has begun a review of the guidelines to authorize virtual banks, defined as those which deliver banking services only through electronic channels. The initiative has been taken as part of the seven measures announced by HKMA in 2017 called the New Era in Smart Banking project. HKMA has received 10 enquiries from local and overseas firms for establishing a virtual bank and the Authority started issuing the licenses from early 2018. More than 50 companies from across the world, including Standard Chartered Bank, have expressed an interest in obtaining virtual bank licenses and the HKMA set 31 August 2018 as a deadline for receiving applications for the first batch of licenses.
The Basel Committee’s BCBS 239 mandates financial institutions to observe the principles set by risk data aggregation and risk reporting (RDARR). As a result, there is an increased focus by firms on their IT architecture and the use of data lakes to ensure compliance.
The Chinese Government announced the final version of a new national standard on personal information protection in January 2018. It lays out detailed regulations for user consent, as well as how personal data is collected, stored, and shared. The regulations were enforceable from May 2018. Although the impact is not yet clear, the regulatory text is expected to contain more stringent requirements for sharing of personal identity information, than those of the GDPR.
The state of California has passed a bill on privacy and protection of personal data, which is similar to EU regulations. The rules will come into effect from 1 January 2020. The law mandates that companies inform their customers of what personal data they have collected, why it was collected, and what categories of third parties have received it. Consumers will also be able to ask companies to delete their information and refrain from selling it.
The self-sovereign identity framework (SSIF) is fast emerging as the next disruptive development around distributed ledger technology (DLT). The SSIF aims to give individuals full control of the storage, retrieval, access, and disposal of their personal data. In the wake of regulations such as GDPR and PSD2, the initiative is assuming greater importance. In the Netherlands, Accenture, APG, Brightlands, Chamber of Commerce, De Volksbank, Rabobank, and TNO are developing a SSIF under the public-private Techruption Blockchain Project. The SSIF will create, validate, and revocate SSIs that can be used in conjunction with blockchain technologies and the (disruptive) applications that are enabled by such technologies. The goal is to specify, validate, and ultimately build a trustworthy, open digital infrastructure for SSIs that is secure, decentralized, open source, and supports privacy, including GDPR requirements
Data privacy and protection initiatives have assumed greater significance globally as banking systems are opened to third parties and the number of digital payments grows. The EU GDPR was proposed in 2012 and formally approved by the European Parliament in May 2016. In force from May 2018, the Regulation mandates higher penalties for organizations that breach its rules—up to 4% of annual global turnover or €20 million for the severe data breaches or 2% of the annual global turnover or €10 million for less severe breaches. The aim of the GDPR is to unify EU regulations in ways that will place control of personal data on a customer level, and simplify the ways data is stored, shared and transacted within and without the EU.
Although GDPR holds well at a pan-European level, individual countries including Spain, the Netherlands, France, Germany, and the U.K. are driving legislative initiatives to bring their data protection laws and acts up to the GDPR standards. The U.K.’s House of Lords passed a Data Protection bill in September 2017 mandating the adoption of GDPR regulation until the U.K. leaves the EU. After this, a new Data Protection Act, similar to the GDPR, is expected to be introduced. The EU’s Electronic Privacy Regulation (ePR) sets security rules for all the electronic communication in the EU and aims to reinforce trust and security in the digital single market by updating the existing ePrivacy legislation. It includes all definitions of privacy and data that were introduced by the GDPR and acts to clarify and enhance the definitions set out in the GDPR. Originally scheduled for introduction on 25 May 2018, a number of issues have delayed introduction of the ePrivacy Regulation. These issues include the link with the GDPR, the consent requirement, the applicability to ancillary services and to machine-to-machine communications. A new text was proposed early in May 2018, which clarified that the Regulation does not lower the level of protection enjoyed under the GDPR. The intention is for the ePrivacy Regulation to be adopted by the end of 2018. Other countries such as Canada, Japan, and Israel are working towards data privacy and protection laws that are on par with GDPR standards. In July 2017, the Singapore Government sought opinions on amendments of the Personal Data Protection Act (PDPDA). Similarly, in Indonesia, the Personal Data Protection (PDP) regulation introduced a new requirement that all electronic system providers that manage personal data electronically must certify their electronic systems according to the applicable standards under the Indonesian law.
In Brazil and Mexico, regulators are working on new sets of rules for FinTechs. These regulations are designed to help new technologies gain traction and limit the risks arising from them. Further, regulatory bodies are fostering regional collaboration to harmonize rules and standards in both emerging and mature markets. Mexico’s rules will cover crowdfunding platforms and electronic payments firms. In Brazil, Banco Central do Brasil is bringing FinTechs into the regulatory sphere, requiring them to gain the necessary approvals from financial authorities.
In Japan, a draft bill was proposed in March 2017 for the establishment of a uniform banking settlement agency.
The RBI has proposed setting up a regulatory sandbox for fostering financial technology innovation.
Iran’s CBI has defined three phases of policymaking with regard to FinTechs. During the first phase, to March 2018, the CBI defined the general rules and policies applicable to FinTechs and RegTechs. The second phase, from March to August 2018, aims to define general rules and policies regarding blockchain technology and cryptocurrencies. The final phase, from August 2018 to March 2019, will define rules and policies with respect to the role of FinTechs as PSPs.
In the U.K., the Government has announced its first FinTech strategy with a new crypto assets task force, advances in RegTech, and a joint startup support program with Australia, as major initiatives. Further, the FCA is considering setting up a global sandbox to harness cross-border innovation and has signed nine bilateral agreements with regulators in other countries.
Since its full roll-out in January 2017, SWIFT’s global payments innovation (gpi) initiative has significantly improved the transparency, speed, and tracking of cross-border payments through its single day settlement functionality. The initiative involves more than 160 transaction banks from 200 countries. One of its key features includes the cloud-based Tracker, which collects real-time payment transaction status and also information about the fees charged by intermediary banks for processing the transaction. Several banks including BNP Paribas, National Australia Bank, and Citi have integrated SWIFT gpi Tracker with their payments flow management systems. Along with Tracker, the Observer is a quality assurance tool that monitors adherence to gpi business rules and processes. In the coming years, gpi will focus on improving digital capabilities and exploring the use of blockchain technology for real-time Nostro account reconciliation. Further, SWIFT has announced that it will introduce a real-time payment tracking feature to the GPI Tracker. Recently, SWIFT announced plans to roll-out real-time payments services in the Asia Pacific region. SWIFT is currently in discussions with Australia, China, Singapore, and Thailand to develop a cross-border, real-time payment service for the region. ANZ, Bangkok Bank, Bank of China, China Construction Bank, China Guangfa Bank, Commonwealth Bank, DBS, ICBC, Kasikornbank, NAB, Siam Commercial Bank, UOB, and Westpac are working on this with SWIFT. The project would be delivered in three phases, first focusing on banks’ settlement of payments in real-time using gpi, second integrating gpi into the banks’ existing payment systems in the region enabling banks that aren’t using gpi to achieve real-time settlement, and finally, integrating domestic real-time payment systems with SWIFT gpi.
The Clearing House (TCH) in the U.S. launched Real-time Payments (RTP) in November 2017, a system that supports the sending and receiving of credit transfers, remittances, and non-transactional advices in real time. The RTP system uses technology supplied by MasterCard-owned VocaLink. It was designed and built via the collaborative effort of TCH’s 25 owner banks and adheres to the objectives of the US Federal Reserve (Fed) Faster Payments Task Force.
Australia’s NPP went live in February 2018. Built by the RBA, participating banks charge a nominal fee per payment transaction, which is the revenue source for the system. Not all of Australia’s banks were involved in the launch, with some including Bank of Queensland, Suncorp, and Rabobank adopting a wait and see approach.
EBA CLEARING’s pan-European instant payment system, RT1, went live on 20 November 2017. In the first three months of operations it processed more than 500,000 transactions. Its launched coincided with that of the EPC’s SEPA Instant Credit Transfer (SCT Inst) Scheme. RT1 provides payment service providers in SEPA with a real-time payment processing facility operating 365X24X7. The service is open to any account-servicing payment provider (AS-PSP) adhering to the EPC SCT Inst Scheme. Further, the TARGET Instant Payment Settlement (TIPS), which is expected to go live in November 2018, will provide SCT Inst with an underlying settlement infrastructure.
Nearly 600 PSPs from countries including Austria, Estonia, Germany, Italy, Latvia, Lithuania, the Netherlands, and Spain are offering instant payment solutions on SCT Inst. The geographical scope of SCT Inst will progressively span over 34 European countries. Other countries expected to join the scheme in 2018 and 2019 include Belgium, Finland, Germany, Malta, the Netherlands, Portugal, and Sweden.
Hong Kong’s Faster Payments System (FPS) is expected to go live in September 2018. The system will leverage the enterprise messaging and gateway solution from SWIFT. Malaysia ‘s Real-Time Retail Payments Platform (RPP) is also expected to go live in the later part of 2018. PayNet is in discussion with Thailand and Singapore to link their payments network. It is proposed that Instant Credits, Request-to-Pay for e-commerce, and person-to-person (P2P) Payments with Proxy Address Resolution will be launched in 2018.
In Finland, Siirto, which was launched in March 2017, is a real-time multi-banking mobile platform developed by Tieto and participating banks with an aim to digitize the infrastructure and provide real-time payments to Finland. The platform, which is operated by Automatia, follows open payments regulations such as PSD2. Four banks, including Nordea, have launched Siirto services. Canada also has plans to go live on an instant payments system by the end of 2019.
The Liquidity Coverage Ratio and Liquidity Risk Monitoring Tools under Basel III requirements mandated that by 2015, banks must have at least 60% of highly liquid assets to cover their net outflows over a 30-day stress period. These requirements are planned to be increased in a phased manner to 100% by January 2019. In order to harmonize the European banks’ approaches to the Internal Liquidity Adequacy Assessment Process (ILAAP) and Internal Capital Adequacy Assessment Process (ICAAP), the ECB drafted initial expectations in January 2017. The consultancy period for Supervisory Review and Evaluation Process (SREP) ended in May 2017. Banks must implement the process by the end of 2018. However, the ECB expects that full compliance to SREP may be delayed until 2019.
In the U.S., small banks with less than USD250 billion have sought an extension beyond early 2018 for complying to the Basel III norms. However, larger banks were required to comply from 1 January 2018.
Indian banks must adhere to the capital adequacy and liquidity norms by March 2019, according to the RBI. However, as the banks are facing the arduous task of tackling their stressed assets, the proposed deadline seems to be difficult as it is affecting their profit margins.
Contrary to the opinion that instant or real-time payments may be a luxury for corporate treasurers, the system is slowly evolving as an efficient tool for maintaining sufficient liquidity levels. Functions such as supply chain finance will benefit from expedited invoice presentment, reconciliations, and payment. This will enable treasurers to take advantage of early payment discounts or, in the case of reverse factoring, term extension for the buyer. Instant payment systems enrich the invoicing and remittance processes in addition to offering the instant payment component. As a result, treasurers can add value by injecting liquidity into the supply chain more quickly, reducing supplier risk, and simultaneously helping working capital requirements.
Visa is planning to launch the Visa ID Intelligence platform that allows issuers, acquirers, and merchants to quickly adopt various authentication technologies and create more secure ways for consumers to shop, pay, and bank on their connected devices. In Canada, the Government is a pioneer in testing the World Economic Forum’s Known Traveller Digital Identity System. The system leverages biometrics, cryptography, and DLT to give cross-border travelers control over, and the ability to share, their information with authorities in advance of travel for expedited clearance at immigration control points.
Mastercard is committed to make tap and go cards standard over the next five years. The company is upgrading some card and terminals in Europe, Latin America, Asia Pacific, Africa, and the Middle East.
Dubai is implementing contactless and blockchain technologies. The U.A.E. city’s Blockchain Strategy is aimed to ensure all payment activities and transactions will be performed digitally by 2020, by which time it is estimated that 100% of Dubai’s public authority transactions will be based on blockchain.
In the U.K., the FCA issued a Call for Inputs on how artificial intelligence (AI) can be leveraged for regulatory reporting. The call ended on 20 June 2018.
According to Euromoney’s Trade Finance Survey 2018 on usage of digital trade finance products, Swift’s MT798 standard was rated the highest with 28% usage, while the Bank Payment Obligation (BPO) came second with 23%. BPO is witnessing an upward swing in its usage as banks realize it as a viable option as they explore new deals in multiple markets. With increasing levels of digitization in trade finance, BPO also is likely to witness higher adoption in the near future.
According to Zion Market Research, the global mobile wallet market is expected to reach about USD3,142 billion by 2022, growing at a CAGR of around 33.0% from 2017 to 2022. Due to the worldwide adoption of smartphones and technological advancements, the segment is witnessing exponential growth. Countries including India, China, and other emerging nations are spearheading the global growth of mobile wallets. Interoperability of mobile and digital wallets is an upcoming trend. Recently, Tigo in Bolivia entered into an agreement with the local banking sector to make transfers from Tigo Money to other bank accounts. Such interoperability will help to lower the cost of cash handling and eventually displace cash. In a similar move, RBI is to make digital wallets in India interoperable. Phase one of the program will cover the transfer of cash from one wallet to another, with phase two covering the transfer of cash from wallets to bank accounts. In the third phase, interoperability for wallets issued as cards will be allowed, but banks may still issue prepaid instruments in partnership with authorized card networks. The proposed interoperability will be offered on the UPI infrastructure.
The long overdue Southern African Development Community (SADC) cross-border payments initiative has gained momentum in its implementation. The SADC Integrated Regional Settlement System (SIRESS) went live in the Common Monetary Area (CMA, which comprises South Africa, Namibia, Lesotho, and Swaziland) in mid-2013, and was subsequently rolled out to other SADC members. It is now available to banks and supervised financial institutions for high-value payments. In October 2018, the USD will be introduced as a trading currency, a move aimed at improving the settlement of transactions between banks in the region. The implementation of the next phase of this initiative will take place during 2018. Low-value EFT payments will be initially introduced in the CMA, and then the broader region. The scheme makes use of interoperable ISO 20022 standards and provides a cheaper and faster method of processing cross-border credit push transactions. It provides for same day pre-funded clearing and settlement.
Under Europe’s SCT Inst scheme, individuals and corporates can transfer EUR15000 within 10 seconds, 24X7X365 across 34 SEPA countries.
As part of ASEAN 2025, the member states are engaged in the modernization and integration of their financial infrastructures, including payment systems, that will ultimately lead to a pan-regional real-time payment ecosystem. In November, 2017, Malaysia, Thailand, Vietnam, Singapore, and Indonesia have signed a Memorandum of Understanding (MoU) to connect their internal payment networks to form a regional real-time cross-border payments network. On similar lines UAE and Saudi Arabia have also decided to connect their RTGS systems. The parties have also arrived at a broader consensus to leverage 1SO 20022 messaging standards for the network.
Ripple has joined forces with MoneyGram and Santander to implement cryptocurrency cross-border payments. The initiative is in testing phase. In a joint initiative, IBM and Stellar, along with network of banks, have begun using digital currency and blockchain software to move money across borders throughout the South Pacific. The banking network includes 12 currency corridors that encompass Australia and New Zealand, as well as smaller countries including Fiji and Tonga. The network will reportedly process up to 60% of all cross-border payments in the South Pacific’s retail FX corridors by early 2019.
PBoC has announced the second phase of its Cross-Border Interbank Payment System (CIPS) to promote the global use of Chinese currency.
In the U.K., the Open Banking Working Group (OBWG) that was constituted in September 2015 has developed a new framework for underpinning an open banking standard. The open banking reforms were enforced in the U.K. from 13 January 2018. The reforms will give customers complete control and rights over their financial data and the ability to change the service providers online within minutes. The changes are mandated by the CMA, but six lenders—HSBC, Barclays, RBS, Santander, Nationwide, and Bank of Ireland—all missed the 13 January 2018 deadline. Lloyds, Allied Irish Bank, and Danske were among those ready on time. A small number of transfers have since taken place under the new rules as lenders continue to test the system.
The Australian Open Banking Review team released its final report in February 2018. The report cites the U.K.’s Open Banking standards as a starting point for the Australian banking industry.
The HKMA published a consultation document in January 2018, which sets out the Authority’s approach to open APIs. It is a part of the Authority’s aim to develop the city’s competitiveness and customer experience in the banking industry.
MAS launched the API Playbook in late 2016. As at 15 November 2017, 270 APIs have been made available to the Singapore financial industry.
Open API regulations are at various stages of consultation in the U.S. and Latin America. The lack of an open banking standard is the challenge seen in the U.S. with the bigger banks seemingly hesitant to share their data. In Latin America, open banking is seen as way of promoting financial inclusion.
The Canadian Government plans to conduct a review to introduce open banking along the lines of the U.K. and the EU. Further, the Government plans to introduce legislative amendments to implement a new framework for the oversight of retail payments.
In April 2018, the EU confirmed that exchanges between virtual and fiat currencies and virtual-to-virtual currency exchanges fall inside the scope of the 5AMLD. Several states in the U.S. including Delaware, Nevada, Arizona, and Vermont have defined their respective statutes for blockchain and DLT, allowing the technology to be used for storing official records. In April 2018, the Governor of Tennessee signed a bill to recognize blockchain data as legally binding and give smart contracts legal power. Gibraltar enforced DLT regulations from 1 January 2018.
In the U.S., the Uniform Law Commission (ULC) has drafted the Uniform Regulation of Virtual Currencies Business Act as an attempt to establish a statutory law across many jurisdictions and states. The Commission believes that in the absence of an overarching Federal regulation, it is important to create standardized State legislation on the regulation of virtual currencies. The Act will require businesses and individuals to apply for licenses if their services fall under categories including exchange of virtual currencies for cash, bank deposits, or transfer of virtual currencies from one person to another.
As an aftermath of the USD530 million hack of the Tokyo-based exchange Coincheck in January 2018, a self-regulatory entity was launched on 24 April 2018. The Japan Virtual Currency Exchange Association (JVCEA) unifies the Japan Blockchain Association and the Japan Cryptocurrency Business Association. The former is led by bitFlyer, Japan’s largest cryptocurrency exchange. The JVCEA aims to quickly enforce self-imposed rules governing the protection of exchange users’ assets and to improve internal controls of cryptocurrency exchanges. Penalties for breaches will also be considered. Sixteen virtual currency exchange trading firms have signed up to the JVCEA, including Money Partners, QUOINE, Bit Flyer, Bit Bank, SBI Virtual Currency, GMO Coin, Bit Trade, BTC Box, and BitPoint Japan.
The South Korean Government is planning to introduce an approval system for cryptocurrency exchanges based on the Bitlicense model, developed by the NYDFS. Bank of Korea has stated that while it is difficult to use cryptocurrency as money, it is likely it will be used as a means of payment in limited scenarios such as overseas remittances. Further the central bank plans to ease rules on crypto-based assets in line with policies initiated by G20 nations to establish unified global transnational crypto regulations, which were agreed In March 2018.
Kenya’s financial regulatory bodies met at the start of 2018 to discuss cryptocurrency regulations. India’s Government is also mulling new regulations for the oversight of virtual currencies. In the Philippines, rules governing initial coin offerings ICOs that will include guidelines on cybersecurity of cryptocurrency markets, eligibility of issuers, including the officials and technology utilized, and financial literacy of investors are being considered. The BoE is researching the implications of central bank-issued digital currency and has issued a set of questions for input from the financial industry and academia. In Iran, the Government is planning a new infrastructure for cryptocurrencies in an effort to develop an alternative currency for combating economic sanctions imposed by the U.S. Cambodia has recently announced that it will launch a national cryptocurrency, Entapay. Turkey is also planning a national cryptocurrency. The Financial Services Regulatory Authority (FSRA) of Abu Dhabi is contemplating a framework for regulating virtual currencies. Malaysia and Thailand are also developing regulatory frameworks for digital currencies.
During 2017, significant developments in the area of gold- and oil-based cryptocurrencies were made. Venezuela launched a digital cryptocurrency backed by oil, named Petro. Designed to bypass U.S. financial sanctions, the Petro will be backed by the country’s oil, gas, gold, and diamond reserves. The Venezuelan currency, the Bolivar, has significantly eroded due to the U.S.-imposed sanctions. Further, the country has officially requested OPEC member countries support the digital currency, via an oil-backed joint cryptocurrency mechanism. The Petro will be pre-mined, meaning that, unlike bitcoin, new tokens cannot be created. Currently Petros cannot be exchanged for oil, but they can be used to pay taxes and fees.
Gold-backed cryptocurrencies on platforms such as blockchain and Ethereum are a continuation of the ‘e-gold’ trend of the 1990s, which arose with the advent of the internet. The U.K. and Australia are developing cryptocurrencies backed by gold. The Royal Mint in the U.K. has developed RMG, which it describes as an alternative way to invest in and trade physical gold. Australia’s Perth Mint is developing a cryptocurrency backed by precious metals that will be based on blockchain technology.
Gold-backed cryptocurrencies are also gaining traction in Europe and the U.S. Examples include: Aurus (Netherlands), Anthem Gold (U.S.), BullionCoin (Isle of Man), DinarDirham (HongKong), and IC3 Cubes (Canada).
It is expected that the number of gold-related blockchain products will soar during 2018 as the big gold players enter the segment. Hence, a potentially significant jump in demand for physical gold may be witnessed as these entities acquire physical metal to back their offerings.
Banks are also looking to leverage cryptocurrencies for interbank settlements. Bank of Korea is researching a bank-issued cryptocurrency for interbank settlement. SAMA is also exploring a cryptocurrency for interbank settlements.
The U.S. financial institutions that are subject to the Financial Crimes Enforcement Network’s (FinCEN’s) new customer due diligence (CDD) Rule were required to comply with revised risk-based procedures and beneficial ownership obligations from 11 May 2018. Similarly, by 15 April 2018, New York State-licensed financial institutions were required to file their first annual certifications attesting to the sufficiency of their transaction monitoring and filtering systems as required by the New York Department of Financial Services’ (NYDFS) regulation.
Federal regulators published guidance on the application of customer identification program (CIP) requirements to holders of prepaid cards and other types of prepaid -instruments. Five federal agencies—the Federal Reserve, FDIC, OCC, National Credit Union Administration (NCUA), and FinCEN—issued the guidance to clarify when a bank should apply its CIP procedures for prepaid cardholders. The guidance also covers how the CIP rules apply to payroll, government benefit, and health benefit cards. The NYDFS finalized AML regulations effective from 1 January 2017, in a risk-based act that requires institutions to monitor transactions for Bank Secrecy Act (BSA) and AML violations, and prevent transactions with sanctioned bodies. A number of international banks, such as Habib Bank, have been sanctioned for non-compliance, with fines totaling $225 million. The second new step in compliance is that a bank’s chief compliance officer, board of directors or other senior-ranking executives must provide the NYDFS an annual certification of compliance with the new rules starting from April 2018. Further, the Commodity Futures Trading Commission’s (CFTC’s) Division of Enforcement has recently created a Virtual Currency Task Force.
The British Government has set up an AML watchdog, the Office for Professional Body Anti-Money Laundering Supervision (OPBAS). The OPBAS Regulations 2018 came into effect on 18 January 2018 and give OPBAS duties and powers to ensure AML supervisors at professional bodies meet the standards required by the Money Laundering Regulations 2017.
Following the recommendations by the U.K.’s Payment System Operator Delivery Group (PSODG), announced in May 2017, a New Payment Systems Operator (NPSO) has been formed to consolidate BACS Payment Schemes Limited, Faster Payments Scheme Limited (FPSL), and the Image Clearing System (ICS, which will replace the paper processing system for cheques currently managed by the Cheque & Credit Clearing Company, (C&CCC). These retail payment systems process more than GBP6.4 trillion of payments every year between them. The NPSO is coordinating implementation of the recommendations. It is made up of six workstreams: change management, communications, corporate governance, finance, people, and risk frameworks. Each workstream has a clear purpose and terms of reference which clearly define its remit. Further, the PSR has set up a steering group composed of representatives from banks and consumer groups to develop an industry code for reimbursing victims of authorized push payment (APP) scams. A new forum has been created that has established the New Payments Architecture (NPA) Design Hub, that will involve system architecture related changes for U.K. financial institutions.
n Europe, the Fourth Anti-Money Laundering Directive came into force on 27 June 2017. While the industry is still assessing the implications of the Directive, the European Parliament adopted the Fifth AML Directive (5AMLD) on 19 April 2018. This Directive is awaiting approval by the European Council, after which member states will have 18 months to pass implementing legislation. The European Commission plans to bring virtual currency exchange platforms under the scope of the Fifth AML Directive. In addition, the Commission will examine the possibility of applying the licensing and supervision rules of the PSD to virtual currency exchange platforms, prepaid cards, and virtual wallet providers.
The revised PSD (PSD2) came into effect on 12 January 2016. However, for most of the provisions, EU member states had until 13 January 2018 to comply. In countries including the Netherlands and Spain, full implementation is expected by the first half of 2018, while Luxembourg is awaiting legislative approval to implement the draft regulation. Two crucial aspects of PSD2 are SCA and opening up of payment related services to TPPs. The Berlin Group, in collaboration with account service PSPs, has developed an access to accounts framework along with data models and messaging formats in line with the EBA’s Regulatory Technical Standards (RTS). The provisions on SCA were applicable from 1 August 2015. The PSD2 security measures related to TPP access will enter into force 18 months after formal adoption by the European Commission, Parliament, and Council of Ministers. In consideration of tight deadlines, a detailed version 1.0 of the Next Gen PSD2 Access to Accounts Framework with operational rules and implementation guidelines was published on 8 February 2018. The Framework is a compilation of modern, open, harmonized, and interoperable APIs, designed to reduce the complexity and costs of enabling access to accounts (XS2A), address the problem of multiple competing standards in Europe and, align with the goals of the Euro Retail Payments Board. The Framework is an outcome of the views and requirements expressed in the public market consultation of October and November 2017, in which around 1,000 market comments from 59 organizations were received. The Framework also integrates applicable legislations and regulations as it is based on EBA’s RTS, which is expected to be available in H1 2019. The Framework comprises operational rules and implementation guidelines, supports the PSD2 required account information (AIS), payment issuer instrument (PIIS) and payment initiation (PIS) services. It is, among others, built on RESTful and JSON standards, relying on ISO 20022 standards for the data elements to be exchanged. The Version 1.0 Framework documents were completed in early March 2018 with OpenAPI files, a detailed FAQ document and a resolved market consultation feedback issues document.
PSD2 mandates EU banks to provide access to customer accounts to TPPs via APIs. There is no provision for fees to be applied for interchange or access to the bank’s accounts, thus PSD2 payment costs would be much lower compared to cards or other payment methods.
Corporate treasurers at companies that operate and trade across the globe face costly bank services for trade financing, FX and other bank services. The hidden fees and costs of such transactions effectively erode corporate profits, which is further magnified by the negative interest-rate environment. In such a scenario, PSD2 offers value-added financial services to corporations via highly customized and sophisticated tools to manage cash and liquidity requirements, control risks and losses when converting currencies, and invest or transfer money across the globe.
Associated PSD2 payment institutions can make it easier and faster for corporate treasurers to integrate newly acquired subsidiaries in new countries. They could also help corporate treasuries to structure and maintain effective worldwide control over bank account management, by achieving visibility over global cash flows and reducing the high risk of internal and external fraud when processing invoices and approving payments.
A corporate treasury may seek direct PSD2 access to their EU bank’s core system to establish efficient and cost-effective account information services, cash management, international payments, and supply chain finance. By reducing the number of subsidiary bank accounts, corporate treasurers can achieve better economies of scale through centralizing cash management and payments. They could also realize substantial savings on interchange fees and FX spreads, rationalize liquidity management for cross-border payments, and intercompany lending and netting.
Launched in Brussels by the EC in October 2014, the Electronic Identification (eIDAS) regulation aims to strengthen national digital identities, modernize digital transactions, and increase trustworthiness in digital transactions. The implementation of the regulation was phased in from 2014-2019. The first phase of the regulation became enforceable on 1 July 2016. While the focus in 2015 and 2016 was on exploring the scope and detail of the regulation, work in 2017 and 2018 is geared towards operational implementation. Currently, member states have the option to accept the eID of other member states, however, in September 2018 they will be required to accept eID from all other EU members.
Target2Securities (T2S) markets reached 85% compliance in terms of harmonization as on September 2017. A new Eurosystem Central Liquidity Management (CLM) layer and new type of main account will sit on top of the revamped single settlement engine, RTGS and the TIPS platform. Target Systems is likely to be the new name of the triangle of collateral, enhanced securities, and cash management services from the Eurosystem.
The European Cards Stakeholders Group (ECSG), the industry association in charge of cards standardization in SEPA, released the latest version of its standards Volume (version 8.0) in March 2017. The industry body is formed by representatives of five sectors of the card payments value chain: retailers and wholesalers, vendors (of IT, card and payment devices), processors of card transactions, card schemes, and PSPs. The EPC is also an active member. Stakeholders were invited to meet its requirements by March 2020 with the exception of those requirements related to the IFR, which applied immediately. Amended rule books for SCT, SCT Inst, SEPA direct debit (SDD), and SDD B2B were released in September 2017, and were required to be fully implemented by November 2017.
In India, RBI issued various notifications through 2017 which mandated the need for revised know your customer (KYC), AML, and Combating Financing of Terrorism (CFT) norms for various services such as mobile wallets. In China, PBoC has implemented regulatory changes in online payments processes. From 1 July 2016 all third-party online payments service providers have had to ensure that all the accounts bear the real name of the account holder and that the accounts are segmented based on security requirements capped with maximum annual payments. This regulation aims to prevent large deposits into third party payments accounts which are unprotected from bank deposit insurance. Taiwan recently created a new government agency, the Anti-Money Laundering Office. New Zealand is considering legislation for a second phase of its 2013 AML/CFT Act.
Argentina’s Financial Information Unit (FIU) issued new mandatory minimum guidelines for risk management around AML and counter-terrorism financing (CTF), which came into effect on 15 September 2017. The guidelines introduce a risk-based approach as recommended in 2012 by the Financial Action Task Force (FATF).
The Central Bank of the Islamic Republic of Iran (CBI) amended the executive directive for regulations overseeing foreign exchange, banking instruments, and bonds that are carried by travelling individuals to improve scrutiny and strictly adhere to international regulations on AML and CTF. The measures were announced days after the FATF urged Iran to fully implement the action plan by 31 January 2018.
In Kenya, the Proceeds of Crime and Anti-Money Laundering (Amendment) Act 2017 has been signed into law, imposing stiff penalties on those guilty of economic crimes. In South Africa, the Financial Intelligence Centre Amendment (FICA) bill has was signed by the president in April 2017. The FICA bill aims to strengthen existing legislation that combats money laundering and the financing of terrorism. The bill bolsters the fight against global financial crime by making it easier to identify the ultimate owners of companies and accounts including those of “domestic prominent influential persons”.
Since the introduction of the European Union’s Interchange Fee Regulation (IFR) in 2016, credit card issuers have suffered the most from the reduction to 0.3%. The average EU interchange fee fell by over 50%, creating significant revenue losses for issuers. This in turn forced credit card issuers to reduce loyalty and cash-back programs and introduce card fees. Issuers in the U.K., which is the largest EU card market, suffered the most. Debit card issuers were less affected by the Regulation.
On 1 July 2017, Australia’s RBA capped interchange fees on credit cards at 0.6%, which were previously set at 1.5%-1.7%. Banks compensated for the subsequent losses by reducing the value of rewards programs.
The Australian Payments Council released a draft national payments strategy with a ten-year vision in December 2015. As part of the strategy, the Council planned several initiatives under three overarching themes: security and trust, managing Australia’s payments mix, and enabling the future. The NPP, which facilitates real-time payments, falls into the category of managing the payments mix. The Platform can be leveraged in two ways: sending or receiving payments using an existing/supported NPP message or creating a new product or service, including a modified message set and end-user characteristics (overlay service), and offering that product or service to NPP participants and their customers. Thirteen financial institutions participate in the scheme: ANZ, Commonwealth Bank of Australia, Citi Group, National Australia Bank, RBA, Westpac, Cuscal, ING Australia, HSBC Bank Australia, Australian Settlements, Indue, Macquarie Bank, and Bendigo and Adelaide Bank. Other initiatives under way in the payments plan include a strategy for addressing card not present (CNP) fraud, an Australia Financial Crimes Exchange, Issuers and Acquirers Community, and digital wallet technical security standards.
An interbank mobile payments system, PromptPay, was launched in Thailand in January 2017. PromptPay is one of several initiatives undertaken by the Thai Government as part of its National E-Payments Initiative. PromptPay enables registered customers to transfer funds using a mobile phone with only the mobile number or citizen ID number of the recipient. It can also be used to receive government payments such as social security benefits, pensions, and tax refunds. The National E-Payments platform will be based on the AnyID system, which enables people without a bank account to transfer money and make payments using a mobile phone and ID. Other modules include expansion of electronic data capture (EDC) machines to service e-payments and an e-tax system. All companies in Thailand are obliged to enter into the National E-payments Initiative by 2019 to stem tax evasion and increase Government revenue. Singapore’s authorities are in discussion with those in Thailand to connect its PayNow digital payment system with PromptPay, to forge a regional alliance aimed at curbing the use of cash.