AuthorPeter Oakes is an experienced anti-financial crime, fintech and board director professional. Archives
April 2024
Categories
All
|
Back to Blog
Sign up to the Fintech Ireland Newsletter here.
This blog and others are joint efforts between Fintech Ireland and CompliReg. First Published Tuesday 9th April 2024
Before we dive into the detail contained in the new (issued 9 April 2024) "Central Bank Expectations for Authorisation as a Payment Institution or Electronic Money Institution, or Registration as an Account Information Service Provider", a couple of things to note:
0 Comments
Read More
Back to Blog
All these issues, in themselves, are sufficient for a finding that, at the assessment interview, there was an absence of fair notice sufficient to conclude that this part of the process fell below the standard of constitutional fairness. We are unable to conclude that the decision reached was the correct and preferable decision. There were fundamental procedural flaws which were to be found at all three stages of the process. The Tribunal is satisfied that taken cumulatively – or even individually – the various procedures adopted by the Central Bank did not comply with the requirements of Constitutional and natural justice; including the necessity for fair notice; the duty to give reasons; and the observance of the principle of audi alterem partem. [Latin for "hear the other side"] Interested in the Central Bank of Ireland's internal and often called 'opaque' fitness and probity assessment process? In which case take the time to read this decision (link below) by the Irish Financial Services Appeals Tribunal - an independent body - to which appeals lay from Central Bank decisions. The Appeal involved a finding by the Central Bank that: "in its “opinion”, the Appellant was “unfit” to hold the two positions in question.". The Appellant, identified as AB, was applying for (as it was then) PCF2 (NED) and PCF3 (Chairman). While the identity of the Appellant is not made known, we know the person is male and he held "similar roles to those which he was applying for in Redhedge and other regulated entities in the same sector." The crux of the order appears at para 325 on page 79 of the decision (here): "We are unable to conclude that the decision reached was the correct and preferable decision. There were fundamental procedural flaws which were to be found at all three stages of the process. The Tribunal is satisfied that taken cumulatively – or even individually – the various procedures adopted by the Central Bank did not comply with the requirements of Constitutional and natural justice; including the necessity for fair notice; the duty to give reasons; and the observance of the principle of audi alterem partem." [[Latin for "hear the other side"] The impugned decision was one which had serious legal consequences, where fundamental legal and constitutional principles had to be applied in the course of performing the statutory functions The Central Bank called the Appellant to what is known as an “assessment interview” and then a “specific interview”. These made adverse findings. There followed a “minded to refuse” letter to the ultimate decision-maker. She largely confirmed these adverse findings and held the Respondent [i.e. the Central Bank] entitled to refuse the applications. There is a lot here for the Central Bank to consider and take stock of. And hopefully it does. While there was the appearance of fair procedure, there was an absence of its substance Summary of certain facts In summary (all the below are direct quotes from decision**):
Costs:
** to ensure that you are aware of the context from which the above quotes are extracted, do read the decision for yourself. A copy of the decision is located here Linkedin Post here. Do check out the Linkedin page as it contains lots of additional information. The Central Bank of Ireland issued a statement on its website saying:
Back to Blog
The announcement in the media that Coinbase is selecting Ireland as its EU regulatory headquarters has sparked quite a lot of discussion in crypto regulatory circles. Myself and a few others have been thinking about similarities between the race for a MiCAR authorisation [either from a standing start or from the position of already being a Virtual Asset Services Provider registrant in the EU] and the race for UK regulated firms needing an EU home post Brexit. In particular, I recall certain member states doing road shows on why a UK regulated firm should choose its country. While in Ireland, when challenged by the representative bodies and gatekeepers about doing more, the Central Bank of Ireland responded in speeches that it was in no one's interest to get involved in a race to the bottom. Will we not see something similar when it comes to MiCAR? Just because company A has a VASP registration in EU country A, it could make sense but, it doesn't necessarily follow that it will pursue a MiCAR authorisation in EU country A. That is more so the case, arguably, when they have VASP registrations in EU countries B, C and others (because there is no passporting). Therefore, and I am already seeing it myself, there are EU countries laying out their stall for your MiCAR authorisation regardless if you are (or not) already registered there as VASP. Some EU countries argue that their current VASP registration (& remember it was only ever intended to be a mere registration) is so robust and already aligned to MiCAR that you will find its offering a fast, efficient & effective way to getting the authorisation crown. I suspect other member states might take a political or supervisor risk-based decision not to exceed their obligations when dealing with a MiCAR authorisation and - potentially adding things into the authorisation process - to unintentionally but effectively killing-off an application. And, while it is great to hear of a large digital asset player laying down the marker that Ireland will be its EU regulatory home, I have lost count of how may MiFID, emoney and payment firms that have told me that "Ireland is the only country for our company", only to find that their view changes during the course of the authorisation process for whatever reason. I've seen companies apply elsewhere while pursuing an application in Ireland and I have spoken to some of those companies 18 months latter when they discovered the grass wasn't greener in the other EU member state. Against that backdrop, very interesting to read the Chair (Verna Ross) of European Securities and Markets Authority (ESMA) letter of 17 October 2023 to Nadia Calviño President of the Economic and Financial Affairs (ECOFIN) Council of the European Union, saying a number of important things about the MiCAR authorisation infrastructure. Of the many points made by ESMA in its letter, the following ones caught our eye.
The letter was cced to:
* Mairead McGuinness, Commissioner in charge of Financial Stability, Financial Services and Capital Markets Union, European Commission; * Irene Tinagli, Chair of the Committee on Economic and Monetary Affairs, European Parliament; * John Berrigan, Director-General, DG Financial Stability, Financial Services and Capital Markets Union, European Commission; * Thérèse Blanchet, Secretary-General of the Council of the European Union Union; * Claudia Lindemann, Head of the Secretariat of the Committee on Economic and Monetary Affairs, European Parliament
Back to Blog
Australia to regulate digital asset platforms
Regulating digital asset platforms - Australia What is this about? The Australian government intends to introduce a regulatory framework to address consumer harms in the crypto ecosystem while supporting innovation. The introduction of a regulatory framework for entities providing access to digital assets and holding them for Australians and Australian businesses is an important step in the government’s approach to crypto reform in the Australian context. The proposed regulatory framework would apply to digital asset platforms that present similar risks to entities that operate in the traditional financial system. It proposes to leverage the Australian financial services framework to regulate digital asset platforms to ensure consistent oversight and safeguards for consumers. The government seeks views from interested parties on the proposed framework for regulating digital asset platforms. Specific consultation questions are outlined within the paper. Responding You can submit responses to this consultation up until 01 December 2023. Interested parties are invited to comment on this consultation. While submissions may be lodged electronically or by post, electronic lodgement is preferred. For accessibility reasons, please submit responses sent via email in a Word or RTF format. An additional PDF version may also be submitted. All information (including name and address details) contained in submissions will be made available to the public on the Treasury website unless you indicate that you would like all or part of your submission to remain in confidence. Automatically generated confidentiality statements in emails do not suffice for this purpose. Respondents who would like part of their submission to remain in confidence should provide this information marked as such in a separate attachment. Legal requirements, such as those imposed by the Freedom of Information Act 1982, may affect the confidentiality of your submission. Key Documents
How To Respond
Financial System Division Treasury Langton Cres Parkes ACT 2600 Further Reading: https://treasury.gov.au/consultation/c2023-427004
Back to Blog
Bitcoin First Revisited - Why investors need to consider bitcoin separately from other digital assets (Fidelity Digital Assets) DOWNLOAD HERE The copyright in the report [and this blog] belongs to by Chris Kuiper and Jack Neureuter and Fidelity Digital Assets. STARTS:
Background In January 2022, we outlined Bitcoin’s unique characteristics, why they make Bitcoin fundamentally different from other digital assets, and why this is important for investors to consider. Over a year and a half later, Bitcoin continues to gain adoption and market share in the digital asset space, while other digital assets have faced separate headwinds. While we encourage those seeking a detailed understanding of Bitcoin’s unique value propositions to read the earlier overview, we aim to reiterate many of Bitcoin’s fundamental advantages below while contextualizing Bitcoin’s progress and position within today’s current digital asset market. Executive Summary Once investors have decided to invest in digital assets, the next question becomes, “Which one?” Of course, bitcoin is the most recognized, first-ever digital asset, but there are hundreds—even thousands of other digital assets in the ecosystem. One of the first concerns investors have regarding bitcoin is, as the first digital asset, it may be vulnerable to innovative destruction from competitors (such as the story of MySpace and Facebook). Another common consideration surrounding bitcoin is whether it offers the same potential reward or upside as some of the newer and smaller digital assets that have emerged. In this paper, we propose:
DOWNLOAD HERE The copyright in the report [and this blog] belongs to by Chris Kuiper and Jack Neureuter and Fidelity Digital Assets.
Back to Blog
CompliReg helps UK and EU fintech become authorised and works with them on regulatory, governance and compliance issues. Led by Peter Oakes, please get in touch HERE One for #emoney firms to take note of whether authorised in the UK or Ireland, and indeed throughout the EU.
This relates to the UK FCA finding that, in order to protect consumers, three clauses in an authorised and regulated regulated #fintech company's T&Cs (in the EU referred to as the Framework Contract) fell short of the Consumer Rights Act 2015. On 4 October 2023, the FCA published a Notice of Undertaking (the “Undertaking”) agreed with Wirex Limited (FRA #902025), citing the following T&Cs with: 1) Excluding liability as a result of account suspension. This provision excluded the firm’s liability for any losses suffered by consumers, should the firm suspend their account in accordance with the provision, irrespective of the circumstances. The FCA considered this to be unfair under the Act as it permitted the firm to deny consumers compensation to which they may otherwise be entitled due to such a suspension, even if the firm had caused the relevant loss. 2) Limitation of compensation available to consumers. The T&Cs purported to limit the sum of compensation a consumer was entitled to receive in the event of a loss to the sum the consumer had paid to the firm in the year prior to making the claim. The FCA considered that this term derogated from the position under national law, as it limited a consumer’s right to obtain the proper amount of compensation in the event of a contractual breach by the firm. The FCA considered that the firm could not reasonably assume a consumer would have agreed to such a term in individual negotiations, because a consumer would most likely expect that if the firm had done something wrong and caused them loss, they would be entitled to commensurate compensation regardless of what they had paid to the firm. 3) Exclusion of commitments that may be implied by law. The T&Cs included a term that enabled the firm to exclude any commitments that may be implied by law, to the extent that it was permitted to do so. The FCA was concerned that this provision lacked adequate transparency, as consumers were unlikely to be aware of the extent to which the firm would be able to exclude their liability under obligations implied by law. Wirex Limited has:
According the FCA's register, Wirex Limited has been an "Authorised Electronic Money Institution" since 17/08/2018. Further reading:
Back to Blog
If you are struggling with an application for an electronic money or payments institution authorisation in Europe, contact us here and/or complete the Authorisation/Licence Enquiry Form here. If you are looking at becoming authorised in Ireland as an emoney institution or payments institution check out Fintech Ireland's and CompliReg's authorisation guides here. According to recent figures, it may take as little as 4 months to become authorised as an electronic money or payments institution in the EEA and as long as 15+ months. Whereas in the UK the experience, towards the higher end, is 13-15 months but can be shorter.
The only sure fire way to reduce the amount of time that your application for authorisation takes to be successfully completed is through preparation and the right choice of advisers. Our team is experienced in the authorisation process of EEA and UK regulators and in addition to successfully advancing emoney, payments and MiFID authorisations has also worked on the successful authorisation of an EU bank. Contact us here and follow Peter Oakes and CompliReg on Linkedin.
Back to Blog
Barclays wins UK Supreme Court case over push payment fraud - but it's not over, yet!Wednesday 12th July 2023 - Barclays wins UK Supreme Court case over push payment fraud - but it is not over until the fat lady sings! Definitely important for Irish banks, #fintech &consumers alike when it comes to #paymentfraud. This is especially so because Ireland doesn't have the exact equivalent of the new UK's FCA 'consumer duty', which to my mind is not detrimentally impacted by the decision. While English court decisions are not binding in Ireland, Irish courts may be persuaded by English (and other jurisdiction's courts) decisions. English decisions are very often cited in Irish courts. Thus this decision by the UK Supreme Court is very important. Details:
Upshot: The UK Supreme Court stated that the order of the judge in previous proceedings granting Barclay's summary judgment stands. Mrs Phiilipp's is done but not out in her attempts to recover the £700,000: Mrs Philipp is permitted to maintain an alternative claim based on the Bank's alleged failure to act promptly to try to recall the payments after the fraud was discovered. In the Court's view, the questions (i) whether the Bank owed such a duty and (ii) whether there was any realistic chance that the money would have been recovered if attempts had been made to recall the payments sooner cannot be decided without a fuller investigation of the facts. This alternative claim should therefore not have been summarily dismissed. Mrs Philipp has an alternative claim that the Bank was in breach of duty in not acting promptly to try to recall the payments made to the UAE after being notified of the fraud. In the Court's view, the questions (i) whether the Bank owed such a duty and (ii) whether there was any realistic chance that the money would have been recovered if attempts had been made to recall the payments sooner cannot be decided without a fuller investigation of the facts. This alternative claim should therefore not have been summarily dismissed. New UK FCA Consumer Duty: By the way, under the UK Consumer Duty, firms must take proactive & reactive steps to avoid causing harm to customers through their conduct, products or services where it is in a firm’s control to do so. The FCA has specifically stated that an example of 'causing harm' is where consumers become victims of scams relating to their financial products for example, due to a firm’s inadequate systems to detect/prevent scams or inadequate processes to design, test, tailor and monitor the effectiveness of scam warning messages presented to customers. In fact on page 99 of its final guidance, the FCA provides a 'good example' of circumstances of how a payments firm should consider how it can best design its processes to help identify suspicious payments and mitigate the risk of poor customer outcomes.
Back to Blog
EBA Report On Money Laundering Terrorist Financing Risks Associated With Payment Institutions16/6/2023 EBA finds that money laundering and terrorist financing risks in payments institutions are not managed effectivelyAlso interesting to read at page 16 of 28 of the EBA Report (scroll to end for a copy) released today that "The EBA found that not all supervisors are doing enough to manage ML/TF risks in the sector effectively.". If you need assistance with a payments institution (including emoney institution), a bank, MiFID or VASP/CASP authorisation/registration learn more here and reach out to Peter Oakes on LINKED and at PETER OAKES The European Banking Authority (EBA) today published its Report on money laundering and terrorist financing (ML/TF) risks associated with EU payment institutions. Its findings suggest that ML/TF risks in the sector may not be assessed and managed effectively by institutions and their supervisors. In 2022, the EBA assessed the scale and nature of ML/TF risk in the payment institutions sector. It considered how payment institutions identify and manage ML/TF risks and what supervisors do to mitigate those risks when considering an application for the authorisation of a payment institution and during the life of a payment institution. The EBA’s findings suggest that generally institutions in the sector do not manage ML/TF risk adequately. AML/CFT internal controls in payment institutions are often insufficient to prevent ML/TF. This is in spite of the high inherent ML/TF risk to which the sector is exposed. The EBA’s findings also suggest that not all competent authorities are currently doing enough to supervise the sector effectively. As a result, payment institutions with weak AML/CFT controls can operate in the EU, for example by establishing themselves in Member States where authorisation and AML/CFT supervision processes are less stringent to passport their activities cross-border afterwards. Failure to manage ML/TF risks in the payment institutions sector can impact the integrity of the EU’s financial system. The EBA’s work on access to financial services further suggests that failure to address those risks will also undermine efforts to improve access by payment institutions to payment accounts. Several of these findings relate to issues addressed in EBA Guidelines. A more robust implementation by supervisors and institutions of provisions in these guidelines will mitigate the sector’s exposure to ML/TF risks. Legal basis and background Article 9a(5) of Regulation (EU) 1095/2010 (‘EBA founding regulation’) mandates the EBA to perform risk assessments on significant ML/TF risks affecting the EU’s financial sector. The EBA drew on a number of sources to inform this risk assessment. These include the findings of the EBA peer review on authorisation of payment institutions under PSD2, data extracted from the EBA’s AML/CFT database, EuReCA (available here), questionnaire responses, bilateral interviews with selected EU supervisors, national and supervisory assessments of ML/TF risks in the sector, and any other information available to EBA through its work on ML/TF risks and supervision. Findings of this risk assessment will be feeding into the EBA’s bi-annual ML/TF risk assessment exercise under Article 6(5) of Directive (EU) 2015/849. The EBA, in line with its legal duty to lead, coordinate and monitor the AML/CFT efforts of all EU financial services providers and supervisors, remains committed to tackling ML/TF risks holistically, across all financial sectors within its remit. Findings of this risk assessment will be feeding into the EBA’s bi-annual ML/TF risk assessment exercise under Article 6(5) of Directive (EU) 2015/849. The EBA, in line with its legal duty to lead, coordinate and monitor the AML/CFT efforts of all EU financial services providers and supervisors, remains committed to tackling ML/TF risks holistically, across all financial sectors within its remit. Download the EBA Report HERE
Back to Blog
Contact Peter Oakes at the details here or via Linkedin if you want to know more about how I help fintech businesses get authorised in Europe and the UK and my non-executive director services to regulated fintech, MiFID and banks. Friday 2 June 2023: Bank of Lithuania has revoked the licence of the electronic money institution Transactive Systems UAB and fined it €280,000 for seriously and systematically infringed anti-money laundering and counter terrorist financing (AML/CTF) requirementsIn 2022 Transactive Systems UAB was second among Lithuanian electronic money and payment institutions in terms of annual turnover (€13.1 billion), with operating income amounting to almost €4mn. In revoking its electronic money authorisation, the Bank of Lithuania said that the following “main violations and deficiencies were identified” at the regulated #fintech firm Transactive Systems UAB:
* including that institution's immediate and retrospective monitoring of transactions was ineffective, the selected monitoring model did not correspond to the volume of processed transactions, suspicious transactions were not reviewed and properly analysed. * measures aimed at determining whether the client's funds and assets were not obtained directly or indirectly from a criminal act or by participating in such an act were of poor quality and insufficient. If these are a description of the ‘main violations and deficiencies’ identified, what else was going on? Over the past few weeks at events like ACAMS (ACAMSAssembly ACAMSEurope) Joby Carpenter Craig Timm Natasha Powell Shelley Schachter-Cahm and I discussed the situation of fintech and financial crime controls. Many others and I had great discussions about good fintech companies having their reputations impinged by a few bad fintech actors both big (yes some fintech banks who know who they are and some from China who know who they are) and small (some from the east side of the EU bloc, Israel and disturbingly some regulated fintech firms from the UK who also know who they are) whose mentality is that an authorisation is akin to a driver's licence exam. They also often say if country A doesn't jump to our demands, then we will go to country B and will whine to your ministers and FDI agencies. "How did Transactive Systems UAB get through what is supposed to be a thorough and rigorous common EU approach to regulatory authorisation by national competent authorities (NCAs) in the first place?" While it is good to see such decisive regulatory action here, the question has to be asked "How did Transactive Systems UAB get through what is supposed to be a thorough and rigorous common EU approach to regulatory authorisation by national competent authorities (NCAs) in the first place?" Particularly given the lengths that many EU authorities go to verifying the existence, performance and execution of the #financialcrime business wide risk assessments, the risk registers, the risk appetite statements, #moneylaundering policies and procedures under EBA Guideline 14 and the vetting of managers, owners and directors of #blockchain emoney and #blockchain payments. Did this company say one thing, and then do the polar opposite? Did the regular trust but not verify? Interestingly, back in January 2023, the Bank of Lithuania restricted the activities of the company by instructions:
The news cannot but help take us to:
Well run regulated fintech must be getting depressed. Banks will jump on this example as evidence that fintechs cannot be trusted to do #AML properly and some regulators might do so too, recalibrating their supervisory engagement models. Those going through authorisation will find it tougher to satisfy their future regulator compared to others who went through the process a few years ago. Well run regulated fintech must be getting depressed. Banks will jump on this example as evidence that fintechs cannot be trusted to adhere AML, sanction and financial crime laws properly and some regulators might do so too, recalibrating their supervisory engagement models. Those going through authorisation will find it tougher to satisfy their future regulator compared to others who went through the process a few years ago. Another telling issue in this case is the fact the Bank of Lithuania says that it “has received many complaints and inquiries from individuals and legal entities of various European Union countries and financial market supervisory authorities regarding possible fraud related to clients of Transactive Systems UAB or accounts opened there. Although the Bank of Lithuania has repeatedly drawn the institution's attention to the importance of money laundering and terrorist financing risk management and fraud prevention, gross and systematic violations of the legal acts regulating the prevention of money laundering and terrorist financing were identified during the inspection.” This comes across really weak. Separately, getting really tired of hearing from people who should know better saying that "I will not apply to country A for my authorisation (recommend my client not to do so) because I hear it is easier and faster at country B". While I am not saying that country B is Lithuania, it is news that one would have to share as a both a positive and negative when asked "Peter what are the best 3-5 EU member states you would suggest for a fintech authorisation and why?" It's a question I am asked every month. And you know what, the answer is ‘It depends – on your business model, access to banking services, access to talent and reputation of the regulator’ to name but a few points. Contact Peter Oakes at the details here or via Linkedin if you want to know more about how I help fintech businesses get authorised in Europe and the UK and my non-executive director services to regulated fintech, MiFID and banks.
Links to sources: 1) Bank of Lithuania Announcement of 2 June 2023 2) Previous restriction imposed on Transactive Systems UAB on 20 January 2023 3) Linkedin Post HERE |