STARTS:

Background
In January 2022, we outlined Bitcoin’s unique characteristics, why they make Bitcoin fundamentally different from other digital assets, and why this is important for investors to consider. Over a year and a half later, Bitcoin continues to gain adoption and market share in the digital asset space, while other digital assets have faced separate headwinds. While we encourage those seeking a detailed understanding of Bitcoin’s unique value propositions to read the earlier overview, we aim to reiterate many of Bitcoin’s fundamental advantages below while contextualizing Bitcoin’s progress and position within today’s current digital asset market. 

Executive Summary 
Once investors have decided to invest in digital assets, the next question becomes, “Which one?” Of course, bitcoin is the most recognized, first-ever digital asset, but there are hundreds—even thousands of other digital assets in the ecosystem. 
One of the first concerns investors have regarding bitcoin is, as the first digital asset, it may be vulnerable to innovative destruction from competitors (such as the story of MySpace and Facebook). Another common consideration surrounding bitcoin is whether it offers the same potential reward or upside as some of the newer and smaller digital assets that have emerged. 

In this paper, we propose: 

1. Bitcoin is best understood as a monetary good and one of the primary investment theses for bitcoin is as the store of value asset in an increasingly digital world. 
2. Bitcoin is fundamentally different from any other digital asset. No other digital asset is likely to improve upon bitcoin as a monetary good because bitcoin is the most (relative to other digital assets) secure, decentralized, sound digital money and any “improvement” will potentially face trade-offs. 
3. There is not necessarily mutual exclusivity between the success of the Bitcoin network and all other digital asset networks. Rather, the rest of the digital asset ecosystem can fulfill different needs or solve other problems that bitcoin simply does not. 
4. Other non-bitcoin projects should be evaluated from a different perspective than bitcoin. 
5. Bitcoin should be considered an entry point for traditional allocators looking to gain exposure to digital assets. 
6. Investors should hold two distinctly separate frameworks for considering investment in this digital asset ecosystem. The first framework examines the inclusion of bitcoin as an emerging monetary good, and the second considers the addition of other digital assets that exhibit venture capital-like properties. 

ENDS

DOWNLOAD HERE

The copyright in the report [and this blog] belongs to by Chris Kuiper and Jack Neureuter and Fidelity Digital Assets.

One for #emoney firms to take note of whether authorised in the UK or Ireland, and indeed throughout the EU.

This relates to the UK FCA finding that, in order to protect consumers, three clauses in an authorised and regulated regulated #fintech company's T&Cs (in the EU referred to as the Framework Contract) fell short of the Consumer Rights Act 2015.
 
On 4 October 2023, the FCA published a Notice of Undertaking (the “Undertaking”) agreed with Wirex Limited (FRA #902025), citing the following T&Cs with:
 
1) Excluding liability as a result of account suspension. This provision excluded the firm’s liability for any losses suffered by consumers, should the firm suspend their account in accordance with the provision, irrespective of the circumstances. The FCA considered this to be unfair under the Act as it permitted the firm to deny consumers compensation to which they may otherwise be entitled due to such a suspension, even if the firm had caused the relevant loss.
 
2) Limitation of compensation available to consumers. The T&Cs purported to limit the sum of compensation a consumer was entitled to receive in the event of a loss to the sum the consumer had paid to the firm in the year prior to making the claim. The FCA considered that this term derogated from the position under national law, as it limited a consumer’s right to obtain the proper amount of compensation in the event of a contractual breach by the firm. The FCA considered that the firm could not reasonably assume a consumer would have agreed to such a term in individual negotiations, because a consumer would most likely expect that if the firm had done something wrong and caused them loss, they would be entitled to commensurate compensation regardless of what they had paid to the firm.
 
3) Exclusion of commitments that may be implied by law. The T&Cs included a term that enabled the firm to exclude any commitments that may be implied by law, to the extent that it was permitted to do so. The FCA was concerned that this provision lacked adequate transparency, as consumers were unlikely to be aware of the extent to which the firm would be able to exclude their liability under obligations implied by law.
 
Wirex Limited has:

• agreed to remove all 3 terms from its e-money contracts with consumers from 1 January 2024;
• agreed to not use these 3 terms (or similar terms with the same effect) in its future contracts with consumers;
• told the FCA that the terms have been in use since October 2021;
• told the FCA that it has not relied on the 3 terms in an unfair way in practice;
• fully cooperated with the FCA in resolving its concerns.

According the FCA's register, Wirex Limited has been an "Authorised Electronic Money Institution" since 17/08/2018.

Further reading:

• FCA published a Notice of Undertaking agreed with Wirex Limited
• Peter Oakes Linkedin Post

According to recent figures, it may take as little as 4 months to become authorised as an electronic money or payments institution in the EEA and as long as 15+ months.  Whereas in the UK the experience, towards the higher end, is 13-15 months but can be shorter.


The only sure fire way to reduce the amount of time that your application for authorisation takes to be successfully completed is through preparation and the right choice of advisers.

Our team is experienced in the authorisation process of EEA and UK regulators and in addition to successfully advancing emoney, payments and MiFID authorisations has also worked on the successful authorisation of an EU bank. 

​Contact us here and follow Peter Oakes and CompliReg on Linkedin.

The European Banking Authority (EBA) today published its Report on money laundering and terrorist financing (ML/TF) risks associated with EU payment institutions. Its findings suggest that ML/TF risks in the sector may not be assessed and managed effectively by institutions and their supervisors.

In 2022, the EBA assessed the scale and nature of ML/TF risk in the payment institutions sector. It considered how payment institutions identify and manage ML/TF risks and what supervisors do to mitigate those risks when considering an application for the authorisation of a payment institution and during the life of a payment institution.

The EBA’s findings suggest that generally institutions in the sector do not manage ML/TF risk adequately. AML/CFT internal controls in payment institutions are often insufficient to prevent ML/TF. This is in spite of the high inherent ML/TF risk to which the sector is exposed.
​
The EBA’s findings also suggest that not all competent authorities are currently doing enough to supervise the sector effectively. As a result, payment institutions with weak AML/CFT controls can operate in the EU, for example by establishing themselves in Member States where authorisation and AML/CFT supervision processes are less stringent to passport their activities cross-border afterwards.
Failure to manage ML/TF risks in the payment institutions sector can impact the integrity of the EU’s financial system. The EBA’s work on access to financial services further suggests that failure to address those risks will also undermine efforts to improve access by payment institutions to payment accounts.

​Several of these findings relate to issues addressed in EBA Guidelines. A more robust implementation by supervisors and institutions of provisions in these guidelines will mitigate the sector’s exposure to ML/TF risks.

Legal basis and background Article 9a(5) of Regulation (EU) 1095/2010 (‘EBA founding regulation’) mandates the EBA to perform risk assessments on significant ML/TF risks affecting the EU’s financial sector.

The EBA drew on a number of sources to inform this risk assessment. These include the findings of the EBA peer review on authorisation of payment institutions under PSD2, data extracted from the EBA’s AML/CFT database, EuReCA (available here), questionnaire responses, bilateral interviews with selected EU supervisors, national and supervisory assessments of ML/TF risks in the sector, and any other information available to EBA through its work on ML/TF risks and supervision.

Findings of this risk assessment will be feeding into the EBA’s bi-annual ML/TF risk assessment exercise under Article 6(5) of Directive (EU) 2015/849.
​
The EBA, in line with its legal duty to lead, coordinate and monitor the AML/CFT efforts of all EU financial services providers and supervisors, remains committed to tackling ML/TF risks holistically, across all financial sectors within its remit.   

​Findings of this risk assessment will be feeding into the EBA’s bi-annual ML/TF risk assessment exercise under Article 6(5) of Directive (EU) 2015/849.
​
The EBA, in line with its legal duty to lead, coordinate and monitor the AML/CFT efforts of all EU financial services providers and supervisors, remains committed to tackling ML/TF risks holistically, across all financial sectors within its remit.  

Download the EBA Report HERE

In 2022 Transactive Systems UAB was second among Lithuanian electronic money and payment institutions in terms of annual turnover (€13.1 billion), with operating income amounting to almost €4mn.

In revoking its electronic money authorisation, the Bank of Lithuania said that the following “main violations and deficiencies were identified” at the regulated #fintech firm Transactive Systems UAB:
 

• failed to properly identify clients, their representatives and beneficiaries;
• did not ensure adequate monitoring of business relations and operations*;
• in opening virtual accounts for its clients, Transactive Systems UAB enabled the opening of anonymous accounts;
• had absolutely no control measures for identifying cases of terrorist financing;
• failed to ensure proper implementation of international financial sanctions restrictive measures, and its monitoring and verification systems were ineffective;
• did not identify suspicious customer transactions and did not report them to the Financial Crimes Investigation Service;
• failed to ensure that the internal control function responsible for the organisation of money laundering and the prevention of terrorist financing was independent and a conflict of interest was avoided; and
• provided incorrect, incomplete and inaccurate information to the Bank of Lithuania.

* including that institution's immediate and retrospective monitoring of transactions was ineffective, the selected monitoring model did not correspond to the volume of processed transactions, suspicious transactions were not reviewed and properly analysed.

* measures aimed at determining whether the client's funds and assets were not obtained directly or indirectly from a criminal act or by participating in such an act were of poor quality and insufficient.
 

If these are a description of the ‘main violations and deficiencies’ identified, what else was going on?  

Over the past few weeks at events like ACAMS (ACAMSAssembly ACAMSEurope) Joby Carpenter Craig Timm Natasha Powell Shelley Schachter-Cahm and I discussed the situation of fintech and financial crime controls.
 
Many others and I had great discussions about good fintech companies having their reputations impinged by a few bad fintech actors both big (yes some fintech banks who know who they are and some from China who know who they are) and small (some from the east side of the EU bloc, Israel and disturbingly some regulated fintech firms from the UK who also know who they are) whose mentality is that an authorisation is akin to a driver's licence exam. They also often say if country A doesn't jump to our demands, then we will go to country B and will whine to your ministers and FDI agencies.

While it is good to see such decisive regulatory action here, the question has to be asked "How did Transactive Systems UAB get through what is supposed to be a thorough and rigorous common EU approach to regulatory authorisation by national competent authorities (NCAs) in the first place?"

​Particularly given the lengths that many EU authorities go to verifying the existence, performance and execution of the #financialcrime business wide risk assessments, the  risk registers, the risk appetite statements, #moneylaundering policies and procedures under EBA Guideline 14 and the vetting of managers, owners and directors of #blockchain emoney and #blockchain payments. Did this company say one thing, and then do the polar opposite? Did the regular trust but not verify?

Interestingly, back in January 2023, the Bank of Lithuania restricted the activities of the company by instructions:
 

• not to establish business relations with new clients and not to provide services to existing clients who provide financial services (including brokerage, investment ( Forex , CDF), money transfers, issuance of electronic money), as well as for customers whose activities are related to virtual currencies (including operators of virtual currency exchanges, operators of depository virtual currency wallets, exchange of virtual assets, loans with virtual assets).
• not to provide a payment account service when the conditions are created for the use of such a payment account by third parties whose identity has not been determined in accordance with the Law on the Prevention of Money Laundering and Terrorist Financing.
• not to provide a payment account service when the conditions are created for the use of such a payment account by third parties whose identity has not been determined in accordance with the Law on the Prevention of Money Laundering and Terrorist Financing

The news cannot but help take us to:
 

1. discussions of regulatory arbitrage between EU NCAs and consistency in approach by the European Banking Authority’s to ensure a level playing field for NCAs.
2. if the Lithuanian regulator is identifying and responding in a hard manner (the revocation, not the fine), are other regulators in the EU doing their bit too across ALL INDUSTRIES whether a bank, emoney, insurer etc.
3. would further examples like this lead to direct rule by ESAs if there is regulatory arbitrage and indeed greater powers for AMLA?
4. should penalties be higher and should there be higher Fitness & Probity standards harmonised across the EU?

​Well run regulated fintech must be getting depressed. Banks will jump on this example as evidence that fintechs cannot be trusted to adhere AML, sanction and financial crime laws properly and some regulators might do so too, recalibrating their supervisory engagement models. Those going through authorisation will find it tougher to satisfy their future regulator compared to others who went through the process a few years ago.
 
Another telling issue in this case is the fact the Bank of Lithuania says that it “has received many complaints and inquiries from individuals and legal entities of various European Union countries and financial market supervisory authorities regarding possible fraud related to clients of Transactive Systems UAB or accounts opened there. Although the Bank of Lithuania has repeatedly drawn the institution's attention to the importance of money laundering and terrorist financing risk management and fraud prevention, gross and systematic violations of the legal acts regulating the prevention of money laundering and terrorist financing were identified during the inspection.”  This comes across really weak.

​Separately, getting really tired of hearing from people who should know better saying that "I will not apply to country A for my authorisation (recommend my client not to do so) because I hear it is easier and faster at country B".  While I am not saying that country B is Lithuania, it is news that one would have to share as a both a positive and negative when asked "Peter what are the best 3-5 EU member states you would suggest for a fintech authorisation and why?" It's a question I am asked every month.  And you know what, the answer is ‘It depends – on your business model, access to banking services, access to talent and reputation of the regulator’ to name but a few points. 

​Contact Peter Oakes at the details here or via Linkedin if you want to know more about how I help fintech businesses get authorised in Europe and the UK and my non-executive director services to regulated fintech, MiFID and banks.

Links to sources:
1) Bank of Lithuania Announcement of 2 June 2023
2) Previous restriction imposed on Transactive Systems UAB on 20 January 2023
​3) Linkedin Post HERE

Safeguarding Notice 25 May 2023
The purpose of this communication is to further clarify the nature of the specific audit of compliance with the safeguarding requirements under the Payment Services Regulations (PSR)/ Electronic Money Regulations (EMR), as communicated in the Central Bank’s letter dated 20 January 2023, addressed to all payment and electronic money institutions authorised in Ireland.

Following discussions with Chartered Accountants Ireland (CAI), an acceptable format for these engagements has been agreed, as detailed below. CAI will issue guidance to their members on performing these engagements in due course. 

Click below to download the :

1. 25 May 2023 Safeguarding Notice;
2. 20 January 2023 CBI Dear CEO Letter.

Note: As previously communicated, the reports should be submitted by each firm to the Central Bank by 31 October 2023

Copy of UK FCA letter on consumer duty to emoney and payments firms dated 21 February 2023 here at FintechUK.com

Friday 20th January 2023: Central Bank of Ireland (CBI) issued a Dear CEO letter to the fintech industries of electronic money institutions and payments institutions.  The purpose is to reaffirm the CBI's supervisory expectations built on its supervisory experiences, both firm specific and sector wide, and enhance transparency around its approach to, and judgements around, regulation and supervision.

If you are looking to get authorised as an electronic money or payments institution in Ireland, contact us.  We are working with a number of such applicants and we advise those already authorised on their on-going regulatory obligations, business models and strategy.  See our Authorisation Page with links to useful Authorisation Guides. 

Busy start to the year with enquiries from UK, Asia and the US continuing to roll in about the benefits, opportunities and challenges of establishing a EEA regulated presence in Ireland, particularly for #emoney and #payments. While Ireland is in the top three of the final round, there remains stiff competition (so to speak) from two other leading jurisdictions.
​
Thus it was good to see, , as I am sure others will agree, the Central Bank of Ireland most recent Dear CEO letter issued to emoney and payments institutions on Friday 20 January 2023 by Mary-Elizabeth McMunn, Director of Credit Institutions Supervision. It will help provide greater clarity not only to currently authorised emoney and payments firms, but also those in the authorisation pipeline and those thinking of filing in Ireland.

It is a meaty document at 5,168 words across eleven (11) pages. Download a copy of the letter and additional relevant reading material here - https://complireg.com/blogs--insights/2023-dear-ceo-letter-re-supervisory-findings-and-expectations-for-payment-and-electronic-money-e-money-firms
​
If you wish to get a quick understanding of the letter in terms of your regulatory obligations search the words 'we expect'. You will see those appear eleven (11) times too!

Right now, best to mark in your calendar and work backwards, that an audit opinion on safeguarding, along with a Board response on the outcome of the audit, is to be submitted to the CBI by 31 July 2023. And it is not just a case of ringing your current external auditors and appointing them.  

• Emoney and payments firms will need to demonstrate that they exercised due skill, care and diligence in selecting and appointing auditors for this purpose; including satisfying themselves that the proposed auditor has, or has access to, appropriate specialist skill in auditing compliance with the safeguarding requirements under the PSR/EMR taking into account the nature, scale and complexity of the firm's business.  Let the beauty parades begin.  And so it should be the case!
• The auditor is to provide an opinion confirming:
  "whether the firm has maintained adequate organisational arrangements to enable it to meet the safeguarding provisions of the PSR/EMR on an ongoing basis, with the specific areas, at a minimum, that should be subject to review and assurance by the auditor outlined in Appendix 2 of the Dear CEO Letter.

The purpose of the letter is to reaffirm the CBI's supervisory expectations built on its supervisory experiences, both firm specific and sector wide, and enhance transparency around our approach to, and judgements around, regulation and supervision.


The breakdown of the letter is as follows:

(1)      Supervisory Approach for the Payment and E-Money Sector (provides wider and specific context to our supervisory approach).

(2)      Supervisory Findings (key findings from supervisory engagements over the last 12 months and actions the CBI expects firms to undertake)
➡ Safeguarding;
➡ Governance, Risk Management, Conduct and Culture;
➡ Business Model, Strategy and Financial Resilience;
➡ Operational Resilience and Outsourcing; 
➡ Anti-Money Laundering and Countering the Financing of Terrorism;

• ♻ Risk-Based Approach,
• ♻ Distribution Channels, 
• ♻ Electronic Money Derogation and Simplified Due Diligence

(3) Conclusion and Actions Required (CBI's expectation that this letter is provided to and discussed with your Board, and any areas requiring improvement that directly relate to your firm are actioned).

Next Steps:

Get in contact with Peter Oakes / CompliReg. Founded by the CBI's inaugural Director of Enforcement and AML/CFT Supervision & board director of payments, emoney and MiFID companies. Peter is also a former: FSA (now FCA) enforcement lawyer; senior officer (legal) at ASIC; and adviser to the deputy director of banking at SAMA.


Further Reading:

10 December 2021: Authorisation Guidance and Supervisory Expectations for Payment and Electronic Money Firms (Central Bank of Ireland)
09 December 2021: Central Bank of Ireland Dear CEO Letter on Supervisory Expectations for Payment and Electronic Money (E-Money) Firms