AuthorPeter Oakes is an experienced anti-financial crime, fintech and board director professional. Archives
April 2024
Categories
All
|
Back to Blog
EBA Report On Money Laundering Terrorist Financing Risks Associated With Payment Institutions16/6/2023 EBA finds that money laundering and terrorist financing risks in payments institutions are not managed effectivelyAlso interesting to read at page 16 of 28 of the EBA Report (scroll to end for a copy) released today that "The EBA found that not all supervisors are doing enough to manage ML/TF risks in the sector effectively.". If you need assistance with a payments institution (including emoney institution), a bank, MiFID or VASP/CASP authorisation/registration learn more here and reach out to Peter Oakes on LINKED and at PETER OAKES The European Banking Authority (EBA) today published its Report on money laundering and terrorist financing (ML/TF) risks associated with EU payment institutions. Its findings suggest that ML/TF risks in the sector may not be assessed and managed effectively by institutions and their supervisors. In 2022, the EBA assessed the scale and nature of ML/TF risk in the payment institutions sector. It considered how payment institutions identify and manage ML/TF risks and what supervisors do to mitigate those risks when considering an application for the authorisation of a payment institution and during the life of a payment institution. The EBA’s findings suggest that generally institutions in the sector do not manage ML/TF risk adequately. AML/CFT internal controls in payment institutions are often insufficient to prevent ML/TF. This is in spite of the high inherent ML/TF risk to which the sector is exposed. The EBA’s findings also suggest that not all competent authorities are currently doing enough to supervise the sector effectively. As a result, payment institutions with weak AML/CFT controls can operate in the EU, for example by establishing themselves in Member States where authorisation and AML/CFT supervision processes are less stringent to passport their activities cross-border afterwards. Failure to manage ML/TF risks in the payment institutions sector can impact the integrity of the EU’s financial system. The EBA’s work on access to financial services further suggests that failure to address those risks will also undermine efforts to improve access by payment institutions to payment accounts. Several of these findings relate to issues addressed in EBA Guidelines. A more robust implementation by supervisors and institutions of provisions in these guidelines will mitigate the sector’s exposure to ML/TF risks. Legal basis and background Article 9a(5) of Regulation (EU) 1095/2010 (‘EBA founding regulation’) mandates the EBA to perform risk assessments on significant ML/TF risks affecting the EU’s financial sector. The EBA drew on a number of sources to inform this risk assessment. These include the findings of the EBA peer review on authorisation of payment institutions under PSD2, data extracted from the EBA’s AML/CFT database, EuReCA (available here), questionnaire responses, bilateral interviews with selected EU supervisors, national and supervisory assessments of ML/TF risks in the sector, and any other information available to EBA through its work on ML/TF risks and supervision. Findings of this risk assessment will be feeding into the EBA’s bi-annual ML/TF risk assessment exercise under Article 6(5) of Directive (EU) 2015/849. The EBA, in line with its legal duty to lead, coordinate and monitor the AML/CFT efforts of all EU financial services providers and supervisors, remains committed to tackling ML/TF risks holistically, across all financial sectors within its remit. Findings of this risk assessment will be feeding into the EBA’s bi-annual ML/TF risk assessment exercise under Article 6(5) of Directive (EU) 2015/849. The EBA, in line with its legal duty to lead, coordinate and monitor the AML/CFT efforts of all EU financial services providers and supervisors, remains committed to tackling ML/TF risks holistically, across all financial sectors within its remit. Download the EBA Report HERE
0 Comments
Read More
Back to Blog
Contact Peter Oakes at the details here or via Linkedin if you want to know more about how I help fintech businesses get authorised in Europe and the UK and my non-executive director services to regulated fintech, MiFID and banks. Friday 2 June 2023: Bank of Lithuania has revoked the licence of the electronic money institution Transactive Systems UAB and fined it €280,000 for seriously and systematically infringed anti-money laundering and counter terrorist financing (AML/CTF) requirementsIn 2022 Transactive Systems UAB was second among Lithuanian electronic money and payment institutions in terms of annual turnover (€13.1 billion), with operating income amounting to almost €4mn. In revoking its electronic money authorisation, the Bank of Lithuania said that the following “main violations and deficiencies were identified” at the regulated #fintech firm Transactive Systems UAB:
* including that institution's immediate and retrospective monitoring of transactions was ineffective, the selected monitoring model did not correspond to the volume of processed transactions, suspicious transactions were not reviewed and properly analysed. * measures aimed at determining whether the client's funds and assets were not obtained directly or indirectly from a criminal act or by participating in such an act were of poor quality and insufficient. If these are a description of the ‘main violations and deficiencies’ identified, what else was going on? Over the past few weeks at events like ACAMS (ACAMSAssembly ACAMSEurope) Joby Carpenter Craig Timm Natasha Powell Shelley Schachter-Cahm and I discussed the situation of fintech and financial crime controls. Many others and I had great discussions about good fintech companies having their reputations impinged by a few bad fintech actors both big (yes some fintech banks who know who they are and some from China who know who they are) and small (some from the east side of the EU bloc, Israel and disturbingly some regulated fintech firms from the UK who also know who they are) whose mentality is that an authorisation is akin to a driver's licence exam. They also often say if country A doesn't jump to our demands, then we will go to country B and will whine to your ministers and FDI agencies. "How did Transactive Systems UAB get through what is supposed to be a thorough and rigorous common EU approach to regulatory authorisation by national competent authorities (NCAs) in the first place?" While it is good to see such decisive regulatory action here, the question has to be asked "How did Transactive Systems UAB get through what is supposed to be a thorough and rigorous common EU approach to regulatory authorisation by national competent authorities (NCAs) in the first place?" Particularly given the lengths that many EU authorities go to verifying the existence, performance and execution of the #financialcrime business wide risk assessments, the risk registers, the risk appetite statements, #moneylaundering policies and procedures under EBA Guideline 14 and the vetting of managers, owners and directors of #blockchain emoney and #blockchain payments. Did this company say one thing, and then do the polar opposite? Did the regular trust but not verify? Interestingly, back in January 2023, the Bank of Lithuania restricted the activities of the company by instructions:
The news cannot but help take us to:
Well run regulated fintech must be getting depressed. Banks will jump on this example as evidence that fintechs cannot be trusted to do #AML properly and some regulators might do so too, recalibrating their supervisory engagement models. Those going through authorisation will find it tougher to satisfy their future regulator compared to others who went through the process a few years ago. Well run regulated fintech must be getting depressed. Banks will jump on this example as evidence that fintechs cannot be trusted to adhere AML, sanction and financial crime laws properly and some regulators might do so too, recalibrating their supervisory engagement models. Those going through authorisation will find it tougher to satisfy their future regulator compared to others who went through the process a few years ago. Another telling issue in this case is the fact the Bank of Lithuania says that it “has received many complaints and inquiries from individuals and legal entities of various European Union countries and financial market supervisory authorities regarding possible fraud related to clients of Transactive Systems UAB or accounts opened there. Although the Bank of Lithuania has repeatedly drawn the institution's attention to the importance of money laundering and terrorist financing risk management and fraud prevention, gross and systematic violations of the legal acts regulating the prevention of money laundering and terrorist financing were identified during the inspection.” This comes across really weak. Separately, getting really tired of hearing from people who should know better saying that "I will not apply to country A for my authorisation (recommend my client not to do so) because I hear it is easier and faster at country B". While I am not saying that country B is Lithuania, it is news that one would have to share as a both a positive and negative when asked "Peter what are the best 3-5 EU member states you would suggest for a fintech authorisation and why?" It's a question I am asked every month. And you know what, the answer is ‘It depends – on your business model, access to banking services, access to talent and reputation of the regulator’ to name but a few points. Contact Peter Oakes at the details here or via Linkedin if you want to know more about how I help fintech businesses get authorised in Europe and the UK and my non-executive director services to regulated fintech, MiFID and banks.
Links to sources: 1) Bank of Lithuania Announcement of 2 June 2023 2) Previous restriction imposed on Transactive Systems UAB on 20 January 2023 3) Linkedin Post HERE
Back to Blog
Safeguarding Notice 25 May 2023
The purpose of this communication is to further clarify the nature of the specific audit of compliance with the safeguarding requirements under the Payment Services Regulations (PSR)/ Electronic Money Regulations (EMR), as communicated in the Central Bank’s letter dated 20 January 2023, addressed to all payment and electronic money institutions authorised in Ireland. Following discussions with Chartered Accountants Ireland (CAI), an acceptable format for these engagements has been agreed, as detailed below. CAI will issue guidance to their members on performing these engagements in due course. Click below to download the : Note: As previously communicated, the reports should be submitted by each firm to the Central Bank by 31 October 2023
Back to Blog
Fintech UK is looking to partner with registered / regulated (or soon to be) cryptoasset firms on building out a cryptoasset section on our website. If you are senior executive at a UK registered cryptoasset firm, please contact us here to discuss the proposed project. Also happy to hear from senior executives at businesses which support crypto firms to support the project. See our CRYPTO page for more information If you are are crypto firm seeking regulatory advice or director services, please contact CompliReg for assistance at the details appearing here and check out its VASP registration and other authorisation services here. Hope you like the Map (Version 6.0)! Welcome to the version 6.0 of Fintech UK's and CompliReg's (a leading provider of fintech consulting services to crypto asset firms) UK FCA registered Cryptoasset Firms Map.
There are now 41 registered Cryptoasset firms appearing on the Financial Conduct Authority's (FCA) website as at Saturday 31st December 2022. Joining Version 6.0 are three new entrants - Tullett Preborn (Europe) Ltd, MoonPay (UK) Ltd and Hidden Road Partners CIV UK Ltd. The FCA register records their registrations effective 21st November, 9th December and 20 December 2022, respectively. As we continue to Map registered Cryptoasset firms, expect to see certain logos appear more than once as several brands will be registering several Cryptoasset firms for different purposes, such as - for example - services for (1) trading and (2) custody. An example of this is in fact Zodia. While Zodia Markets (UK) Limited was registered on 27 July 2022, its affiliate Zodia Custody Limited was registered effective 15 July 2021. At the time we released Version 1, there were 218 (thereabouts) unregistered cryptoasset business listed on the UK FCA's website that appear, to the FCA, to be carrying on cryptoasset activity, that are not registered with the FCA for anti-money laundering purposes. As of today (01 April 2023), that number has decreased to 82. The firms thus far registered by the FCA include: 2020: Archax Ltd, Gemini Europe Ltd, Gemini Europe Services Ltd, Ziglu Limited, Digivault Limited, 2021: Fibermode Limited, Zodia Custody Limited, Ramp Swaps Limited, Solidi Ltd, Coinpass Limited, CoinJar UK Limited, Trustology Limited, Commercial Rapid Payment Technologies Limited, Iconomi Ltd, Skrill Limited, Paysafe Financial Services Limited, Crypto Facilities Ltd, Fidelity Digital Assets LTD, Payward Limited, Galaxy Digital UK Limited, BABB Platform Ltd, BCP Technologies Limited, Zumo Financial Services Limited, Baanx.com Ltd, Bottlepay Ltd, Genesis Custody Limited, Altalix Ltd, 2022: X Capital Group Limited, Enigma Securities Ltd, Light Technology Limited, eToro (UK) Ltd, Uphold Europe Limited, Wintermute Trading LTD, Rubicon Digital UK Limited, DRW Global Markets Ltd, Zodia Markets (UK) Limited, Foris DAX UK Ltd (aka Crypto.com), Revolut Ltd*, Tullett Preborn (Europe) Ltd, MoonPay (UK) Ltd and Hidden Road Partners CIV UK Ltd. * Revolut group still has not achieved its much talked about ambition of securing a bank authorisation in the UK. We are looking forward to seeing how many more will be registered during 2023. Thus far, there have been no registrations in 2023. The post accompanying Version 6 appears at:
Further Reading: Version 1 of the Map and the Blog of 20 December 2021 - located here Version 2 of the Map and the Blog of 18 July 2022 - located here Version 3 of the Map and the Blog of 28 July 2022 - located here Version 4 of the Map and the Blog of 20 September 2022 - located here Version 5 of the Map and the Blog of 26 September 2022 - located here List of Unregistered Cryptoasset Businesses as at today - located here
Back to Blog
Copy of UK FCA letter on consumer duty to emoney and payments firms dated 21 February 2023 here at FintechUK.com
Back to Blog
Friday 20th January 2023: Central Bank of Ireland (CBI) issued a Dear CEO letter to the fintech industries of electronic money institutions and payments institutions. The purpose is to reaffirm the CBI's supervisory expectations built on its supervisory experiences, both firm specific and sector wide, and enhance transparency around its approach to, and judgements around, regulation and supervision.
If you are looking to get authorised as an electronic money or payments institution in Ireland, contact us. We are working with a number of such applicants and we advise those already authorised on their on-going regulatory obligations, business models and strategy. See our Authorisation Page with links to useful Authorisation Guides. Busy start to the year with enquiries from UK, Asia and the US continuing to roll in about the benefits, opportunities and challenges of establishing a EEA regulated presence in Ireland, particularly for #emoney and #payments. While Ireland is in the top three of the final round, there remains stiff competition (so to speak) from two other leading jurisdictions. Thus it was good to see, , as I am sure others will agree, the Central Bank of Ireland most recent Dear CEO letter issued to emoney and payments institutions on Friday 20 January 2023 by Mary-Elizabeth McMunn, Director of Credit Institutions Supervision. It will help provide greater clarity not only to currently authorised emoney and payments firms, but also those in the authorisation pipeline and those thinking of filing in Ireland. It is a meaty document at 5,168 words across eleven (11) pages. Download a copy of the letter and additional relevant reading material here - https://complireg.com/blogs--insights/2023-dear-ceo-letter-re-supervisory-findings-and-expectations-for-payment-and-electronic-money-e-money-firms If you wish to get a quick understanding of the letter in terms of your regulatory obligations search the words 'we expect'. You will see those appear eleven (11) times too! Right now, best to mark in your calendar and work backwards, that an audit opinion on safeguarding, along with a Board response on the outcome of the audit, is to be submitted to the CBI by 31 July 2023. And it is not just a case of ringing your current external auditors and appointing them.
The purpose of the letter is to reaffirm the CBI's supervisory expectations built on its supervisory experiences, both firm specific and sector wide, and enhance transparency around our approach to, and judgements around, regulation and supervision. The breakdown of the letter is as follows: (1) Supervisory Approach for the Payment and E-Money Sector (provides wider and specific context to our supervisory approach). (2) Supervisory Findings (key findings from supervisory engagements over the last 12 months and actions the CBI expects firms to undertake) ➡ Safeguarding; ➡ Governance, Risk Management, Conduct and Culture; ➡ Business Model, Strategy and Financial Resilience; ➡ Operational Resilience and Outsourcing; ➡ Anti-Money Laundering and Countering the Financing of Terrorism;
(3) Conclusion and Actions Required (CBI's expectation that this letter is provided to and discussed with your Board, and any areas requiring improvement that directly relate to your firm are actioned). Next Steps: Get in contact with Peter Oakes / CompliReg. Founded by the CBI's inaugural Director of Enforcement and AML/CFT Supervision & board director of payments, emoney and MiFID companies. Peter is also a former: FSA (now FCA) enforcement lawyer; senior officer (legal) at ASIC; and adviser to the deputy director of banking at SAMA. Further Reading: 10 December 2021: Authorisation Guidance and Supervisory Expectations for Payment and Electronic Money Firms (Central Bank of Ireland) 09 December 2021: Central Bank of Ireland Dear CEO Letter on Supervisory Expectations for Payment and Electronic Money (E-Money) Firms
Back to Blog
Report on the Peer Review on Authorisation under PSD 2 Released European Banking Authority11/1/2023 Are you looking for the Report on the Peer review on Authorisation under PSD2 released today by the European Banking Authority? Click here or the image above to download it in PDF format. If you are struggling with an application for an electronic money or payments institution authorisation in Europe, contact us here and/or complete the Authorisation/Licence Enquiry Form here. If you are looking at becoming authorised in Ireland as an emoney institution or payments institution check out Fintech Ireland's and CompliReg's authorisation guides here. What does the EBA peer review say?The report sets out the findings of the EBA’s peer review on the authorisation of #Payment Institutions (PIs) and #ElectronicMoney Institutions (EMIs). In executive summary format, the report says:
Some good supervisory practices observed by the EBASome good supervisory practices observed during the analysis that might be of benefit for other CAs to adopt.
Some recommendations identified by the EBAThe report expands on the recommendations included in the EBA’s response to the European Commission on the review of the PSD2 (EBA/Op/2022/06) and recommends that, as part of its ongoing PSD2 review process, the European Commission:
What are the objectives of the EBA report?The objectives of this report are to:
This report is also a partial fulfilment of the mandate conferred by the PSD2 on the EBA to review the Guidelines “on a regular basis and in any event at least every 3 years” (Article 5(5) PSD2). Which competent authorities are in scope?The peer review was performed by a Peer Review Committee of EBA and CA staff (see Annex 1 for the composition) and covered the CAs from all EU Member States and from two EEA States, as detailed in Annex 2. One EEA CA (IS) was not reviewed because it has only recently implemented the PSD2 and did not receive any application for the authorisation of PIs and EMIs in the period analysed (2019-2021). [CompliReg - not sure if IS is a typo, and should be 'SI' for Slovenia?] The Self-Assessment model adopted by the EBAThe analysis has been conducted based on the CAs’ responses to a self-assessment questionnaire (SAQ), which covered a three-year period from 1 January 2019 to 31 December 2021. Where necessary, the PRC followed up with the CAs in writing seeking further clarifications and explanations. The PRC also conducted interviews with a subset of 10 CAs (BG, DK, ES, PL, PT, MT, NL, IT, LT and SE) to gain a better understanding of their supervisory practices. EBA Conclusion on timeliness of the authorisation processPage 51, para 171 "5. Conclusions and recommendations" sates: "With regard to the timeliness of the authorisation process, the review found that, while all CAs comply with the requirement in Article 12 PSD2 to take a decision on an application within 3 months from receiving a complete application, the average duration of the authorisation process varies significantly across MS, ranging from 4-6 months to +20 months. The main reason for this is the quality of applications and applicants’ timeliness in addressing the issues identified with the application. The PRC also identified a number of other reasons for these variations in duration across CAs, which include different timelines set out in national law and different procedural approaches adopted by CAs in the acceptance and assessment of applications." [CompliReg - no doubt, and there is merit here, many firms will struggle with the EBA's finding that "all CAs comply with the requirement in Article 12 PSD2 to take a decision on an application within 3 months from receiving a complete application".] The constitution of the 'peer review committee'?The Peer reviews were carried out by ad hoc peer review committees composed of staff from the EBA and members of competent authorities, and chaired by the EBA staff. This peer review was carried out by:
List of Competent Authorities subject to the peer review
Back to Blog
Reflections on DeFi, digital currencies and regulation - speech by Jon Cunliffe, Bank of England21/11/2022 I had intended today to talk about the work the Bank of England, is doing with the Treasury, the FCA on the regulation of crypto stablecoins and our work on a potential central bank digital currency in Sterling.
That remains the bulk of what I will talk about today. But between beginning to draft these remarks and delivering them today, we have seen what is probably the largest – and certainly the most spectacular – failure to date in the crypto ecosystem, by which of course I mean the collapse of the crypto trading platform FTX and most of its associated businesses. So I thought it might be worthwhile to start with a brief look at the FTX implosion to frame some of the points I intend to make on regulation of the use of crypto-related technologies to provide financial services and on why, as a central bank, we are actively exploring the issuance of a digitally native Pound sterling. Untangling exactly what happened at FTX will no doubt take a great deal of time, effort and investigation by the relevant authorities. For anyone interested in the scale of the challenge, I can only recommend a quick read of last week’s bankruptcy filing. But while we will not know in full how it happened for some time, there do appear to be some general themes that are very familiar to those who regulate and supervise conventional financial firms and financial instruments. The first are fundamental issues around how financial institutions should be organised, by which I mean their corporate structure, governance, internal controls and record keeping. Regardless of the financial service activity – be it banking, insurance, exchanges, clearing houses – regulation in the conventional financial sector imposes stringent/substantive requirements. Supervision aims to ensure that these are implemented. These requirements reflect the risks inherent in financial services – risks to the users, risks to other financial firms and risks more broadly to the financial system. Technology in and of itself does not change the need for transparency in corporate structures, governance, audit and systems and controls – for example to protect customers’ funds. In a similar vein, and to prevent conflicts of interest, regulation imposes requirements and constraints on the connections between a financial firm and its affiliates, while also requiring controllers to be fit and proper. In this respect, transparency in corporate structures and the relationships between them is the key foundation. The connections between activities carried out within the firm matter also. Lending, brokering, providing an exchange platform, clearing and settlement perform different economic functions that carry different risks. For financial market infrastructure firms, such as a central counterparty or an exchange or custody of assets (both/all of which activities FTX sought to undertake, the regulatory system and international standards in place aim to stop these important pieces of financial market infrastructure from taking on credit / liquidity / market risk beyond what is absolutely necessary to discharge their core functions. Where they happen within one group, regulation requires separate, independent governance, to ensure the risks inherent in each is properly managed.footnote[1] FTX, along with a number of other centralised crypto trading platforms, appear to operate as conglomerates, bundling products and functions within one firm. In conventional finance these functions are either separated into different entities or managed with tight controls and ring-fences. It is worth noting that this bundling appears to have been primarily organisational rather than technological – that is to say, the functions were offered by different parts of the FTX group but were not bundled in the sense of being run as one single piece of code performing multiple functions. I will return to the question of integration of functions in smart contracts later on. I have mentioned some familiar regulation issues around the organisation and governance of conventional financial firms. There appear, in the FTX case, also to be familiar issues around the financial instruments involved. Collateral performs a variety of vital function in financial services. It protects lending counterparties from credit risk. It can also serve as margin in clearing processes. The higher the credit quality and lower the volatility of assets used as collateral, the better suited it is to serving as assurance against risk. For this reason, there are stringent, material conditions on collateral that can accepted, for example, in central counterparty clearing. Unbacked cryptoassets are highly volatile, given that they have no intrinsic value. They are subject to runs and their value can change very quickly as we have seen in recent months. Moreover, a firm accepting its own unbacked crypto asset as collateral for loans and margin payments, as there are indications may have happened with FTX, creates extreme ‘wrong way’ risk – i.e. when the exposure to a counterparty increases together with the risk of the counterparty’s defaultfootnote[2]. Indeed, in the FTX case, there are indications that it could have been a run on its crypto coin, FTT, which triggered the collapse. Moreover protection of client funds is crucial. In many of these platforms the platform takes possession of the cryptographic keys and manages transactions on the ledger for a pool of assets. It is far from clear whether these practices deliver the assurance of either custody of assets in the conventional finance world or of a claim on the balance sheet in the way that occurs with accounts at a bank. ‘Crypto’ was born in unregulated space: indeed, part of the objectives of its early developers was to create a financial system outside regulation. While not yet of systemic scale, the crypto ecosystem has grown very rapidly in recent years and broadened to encompass a range of financial services. The experience of the past year has demonstrated that it is not a stable ecosystem. Part of this is because, its foundation is completely unbacked instruments of extreme volatility that can swing wildly in value. But part is also because the crypto institutions at the centre of the much of the system exist in largely unregulated space and are very prone to the risks that regulation in the conventional financial sector is designed to avoid. It is in part for this reason that, since September, the FCA has warned publically on FTX that “this firm may be providing financial services or products in the UK without our authorisation… you are unlikely to get your money back if things go wrong”footnote[3]. Some, of course, would argue that the answer is not proper regulation of the risks in centralised crypto platforms, like FTX, but rather the development of decentralised finance in which functions like lending, trading, clearing etc. take place through software protocols built on the permission-less blockchain. In such a world, it is effectively the ‘code’ that manages the risks rather than intermediaries. And indeed, there is some tentative and limited evidence that the failure of FTX has stimulated some transfer of activity to decentralised platforms. From the standpoint of a financial stability authority and a financial regulator, I have yet to be convinced that the risks inherent in finance can be effectively managed in this way. That scepticism is greater if the activity in question is the trading, lending, etc. of super volatile assets without intrinsic value. The robustness and resilience of the permission -less block chain has not been demonstrated at scale and over time. And some of the protocols themselves may carry risks – for example automatic liquidation of volatile collateral, no matter how rapid, does not remove the need for liquidity providers to avoid the amplification of fire sale dynamics. Moreover, it is not clear the extent to which these platforms are truly decentralised. Behind these protocols typically sit firms and stakeholders who derive revenue from their operations. Moreover it is often unclear who, in practice, controls the governance of the protocols. More generally, as with driverless cars, they are only as good as the rules, programmes and sensors which organise their operations. We would certainly need a great deal of assurance before such systems could be deployed at scale in finance. Against that background, the question – more pointed now, following the collapse of FTX - is whether we should bring the financial service activities and the entities that now populate the crypto world within the regulatory framework. And, if so, how? My answer to the first question is that we should continue to bring these activities and entities within regulation, for three reasons. First, and most obviously, the need to protect consumers/investors. Whether or not one thinks it is sensible to invest or trade in the highly speculative assets that make up most of the activity in the crypto world, investors should be able to do so in transparent, fair and robust marketplaces, with the protections that they would get in conventional finance. There will probably always be some who prefer – for a variety of reasons – to invest and trade in an unregulated, opaque world. But we should not push the majority who do not want those risks into that world because there is no regulated alternative. My second reason is the need to protect financial stability. While the crypto world, as was demonstrated during last year’s crypto winter and last week’s FTX implosion is not at present large enough or interconnected enough with mainstream finance to threaten the stability of the financial system, its links with mainstream finance have been developing rapidly. We should not wait until it is large and connected to develop the regulatory frameworks necessary to prevent a crypto shock that could have a much greater destabilising impact. The experience in other areas of digitalisation has demonstrated the difficulty of retrofitting regulation on new technologies and new business models after they have reached systemic scale. It is, of course, possible that neither of these two reasons - investor protection and protection against financial stability risk - will be relevant because the very instability and riskiness of the world of unregulated crypto finance, most recently demonstrated by FTX, will in the end ensure that the sector cannot grow. Indeed, some have argued for regulators grappling with the crypto world to keep it outside the regulatory framework to ensure that users’ ‘caveat emptor’ concerns prevents both growth and connection with mainstream financefootnote[4]. And that leads to my third reason. Forecasting the direction and pace of technological innovation is an even more uncertain game than economic forecasting. Promising technologies fall by the wayside; unexpected ones flourish. And technologies combine in ways that cannot be anticipated. But the technologies that have been pioneered and refined in the crypto world, such as tokenisation, encryption, distribution, atomic settlement and smart contracts, not only seem unlikely to go away as our everyday lives become more ‘digital’, but may well have the potential to improve efficiency, functionality and reduce risk in the financial system. A potential example of this is the integration of functions in ‘smart contracts’ that I mentioned earlier. A possible use case for such integration, which has been pioneered in the defi world is the combining the functions of trading, clearing and settlement of tokenised financial assets into a single, instantaneous contract, rather than being carried out in sequence by three separate institutions over a number of day. This, if applied to ‘real world’ assets, like equities, could offer a substantial improvement in the efficiency of financial market infrastructure and reduce risks by enabling instant settlement – T plus nowfootnote[5]. There are of course risks in such integration as I mentioned earlier, whether it happens organisationally or technologically. The Bank of England is working with the FCA and the Treasury to set up a regulatory ‘sand box’ for developers to explore whether and how those risks can be managed to the level of assurance we expect from the current systemfootnote[6] So my third reason for bringing the activities of the crypto world within the relevant regulatory frameworks is to foster innovation. This may appear counter intuitive to those who see regulation as opposed to innovation. But, as I have said before, ‘people do not fly in unsafe aeroplanes’. Innovation may start in unregulated spaces. But it will only be developed and adopted at scale within a framework that manages risks to existing standards. And by holding innovative approaches, using technological advance, to the same standards as existing approaches we can ensure that the benefits of new technology and new business models actually flow form innovation rather than from regulatory arbitrage. This in turn, determines the answer to the second question of ‘how’ regulation should be extended to these areas. The guiding principle should be ‘same risk, same regulatory outcome’. The starting point should be our existing regulatory frameworks – for investment products, for exchanges, for payments systems and other financial functions – and the level of assurance we require that the relevant risks have been managed. Technological change and different business models may mean we have to find new ways to deliver that assurance. We should be under no illusions that this will always be an easy process. For example, as I have said, it remains for me a very uncertain question whether use of the permission-less blockchain could deliver the necessary level of assurance for activities that are integral to the stability of the financial system. Our approach as regulators should be open – by which I mean we should be prepared to explore whether and if so how the necessary level of assurance – equal to that in conventional finance - could be attained. But we should also be firm that where it cannot, we are not prepared to see innovation at the cost of higher risk. This is very much the approach we are looking to take in the UK for the extension of the regulatory framework to the use of crypto technologies and business models in finance. The Financial Services and Markets Bill, currently in Parliament addresses the regulation of payment systems using “digital settlement assets” defined as “digital representations of value” – in other words digital tokens representing money. The objective is to extend the current Bank of England and FCA regulatory regimes for e-money and payment systems to cover the use ‘stablecoins’ for paymentsfootnote[7]. The powers in the Bill will extend not only to the systems for transferring such coins between parties to make payments, but to the issuance and storing of the coins. The Bank will have responsibility for such payment systems which are systemic or likely to become systemic. This will apply whether such systems exist to make payments for real things or for crypto assets should the latter activity become systemic in scale. We intend early next year to consult in detail the regulatory framework that will apply to such systemic payment systems and the services, like wallets, that accompany them. In doing so, we will be guided by the principle of ‘same risk, same regulatory outcome’ set out above. In the case of stablecoins used as money to make payments, the regulatory outcome has been expressed by the Financial Policy Committee of the Bank as an expectation that stablecoins used in systemic payment chains should meet standards equivalent to those expected of commercial bank money. And that's in terms of stability of value, robustness of legal claim and the ability to redeem at par in fiatfootnote[8]. Some of the likely foundational features of the regulatory regime on which we will consult are already clear. The FPC made clear last year that to deliver that regulatory outcome “regulatory safeguards will be needed for a non-bank systemic stablecoin to ensure that the coin issuance is fully backed with high quality and liquid assets, alongside loss absorbing capital as necessary, to compensate coinholders in the event that the stablecoin fails”footnote[9]. It also made clear that in the absence of deposit protection for coinholders, other elements of the regime would need to be strengthened to deliver the necessary level of assurance. The consultation will set out in more detail how the coinholders’ claims on the stablecoin issuer and wallets should be structured to deliver redemption at par in line with commercial bank money, how the backing assets should need to be managed to ensure they are always available to meet redemptions and, more generally the requirements for corporate structure, governance, accountability and transparency necessary to meet the standards we expect in other parts of the financial system that carry out the same functions. The FTX example underlines how important these aspects are. The legislation covers the use of crypto technologies for the payments function. The Treasury intends to consult in the near future on extending the investor protection, market integrity and other regulatory frameworks that cover the promotion and trading of financial products to activities and entities involving crypto assets. At present, in the UK, it is, to a large extent, only the anti-monetary laundering regulatory framework which applies to these activities and entities. Finally, let me turn to our work with the Treasury on central bank digital currency, or, to put it more plainly on the issuance by the Bank of England of a digitally native pound sterling. Our plan remains to issue a consultative report around the end of year setting out the next steps that we propose. Over the past few days, I have had a few comments both to the effect that the collapse of FTX shows that we need to get on and issue a digitally native pound – and to the effect that FTX shows that we do not need do so. My initial reaction to both points of view was that there really was no connection between FTX and our work on a digitally native, general purpose form of Bank of England money, for use by households and businesses in making payments. But on reflection, I think I understand the comments better. FTX in particular and the crypto ecosystem in general are emblematic of these new technologies and the possibility that they might revolutionise financial services and the forms that money takes in our economy. For some perhaps the lesson is that tokenisation and digitalisation of finance should not take place in unregulated space and, moreover, needs to be underpinned by a robust and reliable of digital settlement asset. For others, the message is perhaps that the crypto world and its technologies are a very long way from influencing, let alone changing, the way financial services, including payments, are delivered at scale in the real world. It is, as I said earlier, very difficult to predict which technologies will be successful and when and how they might begin to change the way we do things. The bursting of the dot.com bubble in the early years of this century did not herald the end of the development of internet commerce though it took longer than its original enthusiasts imagined and emerged in a very different form, dominated by big tech platforms. Our work on a digitally native pound is driven by the trends we now see both specifically in payments, including the reducing role of cash, and more generally in the increasing digitalisation of daily life. It is motivated by two primary concerns. First, that in a world in which new, tokenised forms of money emerge, enabled by new technology, we remain able to ensure that all forms of money that circulate in the UK are robust, interchangeable without loss of value and denominated our unit of account – the pound sterling. Physical cash plays a role in ensuring that, at present, all forms of commercial bank money in the UK have to be redeemable in cash - Bank of England money - on demand in cash and without loss of value. Given the trends away from physical cash, which cannot be used in an increasingly digital economy, and, potentially, towards new forms of tokenised money, a digital pound may be needed in future to fulfil the same function. Second, to ensure that there can be competition and innovation in the development of new functionalities using tokenised money. Given the network externalities around money and the likely cost of developing robust and risk managed tokenised money like stablecoins, it is possible that the development of digital settlement assets will converge on a few large players who will dominate and perhaps control innovation in payment services. We have seen a similar dynamic in the emergence of large internet platforms and marketplaces. A digital pound would provide a digital settlement asset available to a wide variety of private sector innovators and developers of payment services. The first concern is primarily for central banks, charged with ensuring the stability of money in the economy. The second is more of a concern for government. And of course there are other motivations, such as financial inclusion and resilience. I do not have the time to go into those in detail today, and, in any event, I do not wish to pre-empt the report on the next steps for this work that we and the Treasury intend to issue soon. But I do want to emphasise that this work, and any future decision to introduce a digitally native pound should not be seen in the context of the status quo but rather in the context how current trends in money, payments and technology might evolve. And above all, in this, as in the work on regulation that I discussed earlier, our aim is to ensure that innovation can take place but within a framework in which risks are properly managed and which safeguards the sustainability of such innovation. The events of last week provide a compelling demonstration of why that matters. Thank you. The views expressed here are not necessarily those of the Bank of England, the Monetary Policy Committee or the Financial Policy Committee. I would like to thank Amy Lee, Teresa Cascino, Emma Butterworth, Katie Fortune, Bernat Gual-Ricart, Jenny Khosla, Grellan McGrath, Marilyne Tolle, Andrew Walters, Daniel Wright and Cormac Sullivan for their help in preparing the text.
Back to Blog
FTX Trading Ltd US Bankruptcy Court for the District of Delaware: Declaration by John J Ray III18/11/2022 Further to my post on Linkedin, here is access to a better quality image of the group structure of FTX. The image above should be of high quality. Otherwise see page 30 in the DECLARATION OF JOHN J. RAY III in support of Chapter 11 Petitions and First Day Pleadings.
The Guardian leads with "New FTX boss, who worked on Enron bankruptcy, condemns ‘unprecedented failure’"
Posted by: Peter Oakes, Founder of CompliReg a leading specialist governance, regulatory and compliance strategy firm. Peter established and led the Enforcement and AML/Supervision Directorate of the Central Bank of Ireland as its inaugural Assistant-Director General, then later Director of Enforcement and AML/CFT Supervision. |