Hogan Lovells Payments Conference 2023: Our Payments Conference, Payments on the Cusp, is taking place on Wednesday 27 September 2023. The Payments Industry has seen enormous change in the past few years, but there’s much more to come. We’ll be focusing on two main themes of Transition (due, among other things, to the ever increasing impact of technology) and Beyond Competitiveness (with players either choosing or being driven by market forces to collaborate). For more information and to register, please click here.

In this Newsletter:

• Regulatory developments: Payments
• Regulatory developments: Digital Assets
• Market developments
• Surveys and reports

For previous editions of the Payments Newsletters, please visit our Financial Services practice page.

Regulatory developments: Payments

European Union: European Commission publishes legislative proposals for PSD3, a Payment Services Regulation and a financial data access framework

As part of the European Commission’s 2020 Retail Payments Strategy and following its 2022 review of PSD2 and related consultations, on 28 June 2023 it published a report on the PSD2 review together with legislative proposals to improve its functioning. The first is a proposal for a Directive containing in particular rules concerning licensing and supervision of payment institutions (PIs) (PSD3). The second is a proposal for a Regulation containing the rules for payment service providers (PSPs) (including PIs and some other categories of PSPs) providing payment and electronic money services.

The 2022 PSD2 review concluded that use of a directly applicable Regulation for payments would enhance the coherence of implementation in the Member States. The Commission points out that this approach has already been used in various areas of EU financial services legislation (eg prudential rules for banks or rules on securities markets). The Commission considers that a Directive would be appropriate for licensing and supervisory rules, given that licensing and supervision of financial institutions in general (including PIs and other categories of PSPs, such as credit institutions) remains a national competence of the Member States, and no EU-level licensing or supervision is being proposed.

Some  key points on the payments package include:

PSD3 legislative proposal

• Merger of the e-money and payment services regimes: The second Electronic Money Directive (Directive 2009/110/EC) would be repealed with effect from the date of application of PSD3 (as will PSD2) and there would be transitional provisions dealing with the move to the new licensing regime.
• Safeguarding: Here, proposals include that on calculation of own funds for PIs not offering electronic money services, an increase of up to 20% in own funds may be required by competent authorities, based on an evaluation of the PI’s risk management processes, risk loss data base and internal control mechanisms. This is similar to the additional Supervisory Review and Evaluation Process (SREP) own funds requirements for banks.
• Passporting: Specific provisions on so-called “triangular passporting” are proposed with the aim of enhancing clarity.
• Non-bank PSPs’ access to payment systems: An amendment is proposed to the Settlement Finality Directive (98/26/EC) to add PIs to the list of institutions which have the possibility to participate directly in payment systems designated by a Member State under that Directive (but not to designated securities settlement systems).

Payment Services Regulation (PSR) legislative proposal

• Authorised/unauthorised payment transactions – focus on tackling fraud: A new IBAN/name verification service is planned to be introduced. Under the proposals, the PSP of the payer is to be held liable for the full amount of the credit transfer in cases where that PSP has failed to notify the payer of a detected discrepancy between the unique identifier and the name of the payee provided by the payer. A PSP is also held to be liable where a consumer has been manipulated into authorising a payment transaction by a third party pretending to be an employee of the consumer’s PSP (impersonation fraud). An obligation for electronic communications services providers to cooperate with PSPs is introduced, with a view to preventing such fraud. Exceptions to the refund right include gross negligence by the consumer or where the consumer is part of the scam.
• Open Banking (OB): The proposals on OB contain a number of modifications compared with PSD2, and incorporate certain provisions currently contained in the SCA regulatory technical standards (RTS).
• Non-bank PSPs’ access to bank accounts: The PSD2 rules relating to access (opening and closing) by a PI to an account with a credit institution would be reinforced. Given the importance for PI licence applicants to have a bank account to obtain their licence, they are also covered, as well as PIs’ agents and distributors.

Proposed Regulation on a framework for Financial Data Access (FIDA)

As part of the same legislative package, the Commission also published a legislative proposal on a framework for financial data access, extending financial data access and use beyond payment accounts to more financial services (a financial data access (FIDA) framework). The proposal establishes the rules for access, sharing and use of certain categories of data, including the rights and obligations of data users and data holders  There would also be a new category of authorised ‘financial information service providers’.

The scope of the proposed FIDA Regulation is limited to specific (exhaustive) sets of customer data including in relation to loans and accounts (except payment accounts as defined in PSD2) and crypto-assets. The firms to which the proposed Regulation would apply, when they are acting as data holders or data users, include credit institutions, PIs (including AISPs and PIs exempted under PSD2), electronic money institutions (including those exempted under EMD2), crypto-asset service providers, and issuers of asset-referenced tokens.

The above legislative proposals have now been sent to the European Parliament and the Council of the EU who will amend the text to be able to pass it through their respective houses. After the amended text is agreed, there will be inter-institutional negotiations (trilogues), where the Commission, Council and Parliament negotiate on a compromised text. At the earliest, the proposals could be finalised by March 2024, but this is assuming an accelerated timescale and that the proposals are not rejected and sent back to the Commission.

For more information on this development, please refer to this Engage article by members of our Dublin and London offices.

Ireland: CBI speech on authorised push payment (APP) fraud

In a speech on 12 July 2023, the Central Bank of Ireland’s (CBI) Director of Consumer Protection, Colm Kincaid, focused on the issue of APP fraud. Key points include:

• The CBI welcomes recent European Commission proposals to extend the liability of payment service providers to include the case of authorised push payment fraud where an IBAN discrepancy is detected but not notified to the payer; and where the fraud involves impersonation of a bank employee (see the above item for more on these proposals).
• The question arises, should the law go further by requiring that consumers be fully reimbursed in all cases of APP fraud, and if so who should bear this cost? These important social policy questions require careful consideration, including looking at all the actors involved (including social media and other communication mechanisms through which APP fraud is carried out) and at a voluntary reimbursement arrangement such as that in the United Kingdom.
• The CBI notes the discussions the Oireachtas Committee on Finance, Public Expenditure and Reform has held with the Banking and Payments Federation Ireland on a voluntary reimbursement arrangement and would support any such initiative by industry, while recognising it must be properly calibrated. The CBI believes it would be most effective as part of a wider engagement on enhancements to prevent fraud where all relevant actors are involved, including those outside the banking and payments sector. This approach could also support the development of the proposed shared fraud database, which would be of benefit to relevant stakeholders to prevent and combat fraud across the financial system.
• As part of its ongoing review of the Consumer Protection Code, the CBI is considering what policy measures it can introduce within the scope of its specific rule-making powers to contribute to the protection of consumers in a digital environment more generally. The measures under consideration include requirements on the design of digital platforms, firms’ systems and controls and on-line security standards.
• In the meantime, the CBI reiterates its current expectations of the firms it regulates, which are to have effective systems in place to identify and prevent fraud and to support consumers who fall victim to it. This includes APP fraud, where the CBI expects firms (amongst other things) to take steps to trace and recover money lost where this is possible. It also expects firms to take responsibility to compensate consumers to any extent that a consumer’s loss has resulted from a failure of the firm’s own established systems and controls.

Hong Kong: HKMA outlines enhanced protection for payment card customers

On 20 June 2023, the Hong Kong Monetary Authority (HKMA) published a letter to banks and corresponding guidance with new guidelines on protection of payment card customers. The guidance, which was developed in response to the growing use of electronic and online transactions, addresses four primary areas:

1. Empowerment: Cardholders should have increased control over the use of their cards and their credit limits. This includes the ability to opt in or out of card-not-present transactions and to set limits for such transactions. Banks should also facilitate immediate suspension of cards through online banking platforms when suspicious transactions are identified.
2. Support, communication, and education: Banks are advised to establish specialised teams to assist customers reporting unauthorised transactions. Communication methods should also be enhanced, such as adopting a risk-based approach to notify cardholders of card-present transactions. The banking industry is encouraged to bolster customers' awareness about protecting themselves against unauthorised transactions.
3. Unauthorised transaction handling and security: The HKMA has emphasised a sensitive and pragmatic approach towards customers who report unauthorised transactions. Transparency in the investigation process is also required. From a security perspective, banks are urged to provide alternatives to SMS one-time-passwords and to bolster fraud monitoring.
4. Responsible borrowing: Banks should help customers better understand the financial implications of various card repayment practices. Proactive notifications should be provided when card spending approaches credit limits, and reminders issued to cardholders who appear to be slipping into persistent debt.

These measures are designed to give cardholders more control over their transactions and credit while strengthening protections against fraud and unauthorised transactions. Banks were expected to implement the changes that do not involve system alterations by June 2023. For changes that require system modifications, the deadline is 20 December 2023.

In a related development, on 29 June 2023 the HKMA announced the launch of an Anti-Scam Consumer Protection Charter (Charter) to enhance public awareness of safeguarding credit card and personal information. Led by the HKMA and the Hong Kong Association of Banks (HKAB), all 23 card-issuing banks and 15 merchant institutions in Hong Kong (Participating Institutions) participate in the Charter. Under the Charter, Participating Institutions commit not to send instant electronic messages to customers with embedded hyperlinks to request for personal and credit card information online, and to convey the message of “Beware of scams” to the public through various channels. Participating Institutions also undertake to provide appropriate channels for customers to verify the authenticity of messages, enhance staff training and handle customer enquiries effectively.

United Kingdom: PSR consults on implementing instruments for mandatory reimbursement requirement for APP fraud

On 7 July 2023, the Payment Systems Regulator (PSR) published a consultation paper (CP23/4)  (which should be read alongside the PSR’s June 2023 policy statement – see our May/June 2023 Newsletter) seeking views on the following overall package of three legal instruments that will implement its policy on the new reimbursement requirement for authorised push payment (APP) fraud victims within Faster Payments:

1. Specific requirement for Pay.UK to amend Faster Payments rules. As originally proposed, the PSR will require Pay.UK, as the operator of Faster Payments, to add an APP scam reimbursement requirement into the scheme rules.

2. Specific direction to Pay.UK to establish a compliance monitoring regime. This will monitor whether PSPs are following the reimbursement requirement.

3. General Direction to all Faster Payments participants. Additionally, the PSR will issue a general direction to all payment service providers (PSPs), requiring them to comply with the scheme rules established by Pay.UK.

The PSR is also inviting views on the specific detail of items 1 and 2 above. The draft legal instruments are contained in Annexes 1-3 of the consultation paper. The PSR is planning a further consultation on the General Direction to all PSPs in October 2023 so that the consultation will have the benefit of Pay.UK’s draft rules  for PSPs’ obligations.

The Bank of England has also announced its intention that similar reimbursement requirements should apply to the Clearing House Automated Payment System (CHAPS). The Bank will undertake its own process to draft the relevant scheme rules, which will be as close as possible to those implemented in Faster Payments. The PSR will then give a similar direction to direct and indirect CHAPS participants requiring compliance with the relevant rules. It has not yet drafted this Direction, but plans to replicate the approach it has taken for Faster Payments as far as possible, and it is seeking initial views on both at this stage. It then intends to consult on the CHAPS direction alongside the one for Faster Payments PSPs in October 2023. The Bank intends to follow broadly the same timetable as the PSR’s work on the Faster Payments requirements.

The consultation closes at 5pm on 25 August 2023. The PSR intends to finalise and publish all three legal instruments in December 2023 to reduce the risk of any changes to the General Direction following its October consultation giving rise to incompatibilities with the specific requirement and specific direction. The PSR is proposing an implementation, or ‘go live’, date of 2 April 2024. It plans to confirm the implementation date in the autumn, alongside the consultation on the General Direction. To ensure consistency of outcome for consumers, and consistency of implementation by PSPs, the PSR will require compliance with the two directions to start on the same date as the rules.

For more on this development, take a look at this Engage article by members of Hogan Lovells’ London office.

United Kingdom: Financial Services and Markets Act 2023 receives Royal Assent

On 29 June 2023, HM Treasury announced in a press release that the Financial Services and Markets Bill 2022-23 received Royal Assent, making it the Financial Services and Markets Act 2023 (FSMA 2023). The final text of the Act was published on 7 July 2023. FSMA 2023 looks to tailor financial services regulation to UK markets as the UK adapts to its position outside of the EU. Key aspects of FSMA 2023 in relation to payments and digital assets include:

• Revocation of financial services retained EU law: FSMA 2023 establishes the legislative framework for the revocation of all EU retained law relating to financial services. The UK Government is taking a phased approach to the revocation by gradually transferring this retained EU law into regulators' rules or legislation as appropriate. Schedule 1 contains a list of the legislative acts that will be repealed under the framework. These include all level 1 onshored EU regulations (‘onshoring’ being the process of amending EU legislation and regulatory requirements so that they worked in a UK-only context and this included directly applicable EU legislation such as EU regulations), statutory instruments that reflect the implementation of EU law, provisions made under EU directives, and specified provisions in FSMA.

• Designation of critical third parties framework: Under the Act, HM Treasury is given the power to designate a person who provides services to regulated firms and financial market infrastructures as "critical". Critical third parties will typically be service providers that provide certain outsourced and third-party services to large numbers of financial institutions and whose services are very difficult to substitute. This could for example include providers of Cloud data storage and processing services.

• Reform of the financial promotion regime: Any authorised firm wishing to approve the financial promotions of unauthorised firms will first need to obtain the permission of the FCA in order to carry out this activity. The approval may also limit the types of financial promotions authorised firms can make. For more information on this aspect of FSMA 2023, please see this Engage article by our London office.

• Digital settlement assets: The Act introduces a definition of “Digital Settlement Asset”. It also grants HM Treasury the authority to include digital settlement assets within the regulatory framework in the UK, when used as a means of payment.

• New FCA and PRA objective: FCA and the PRA have a new secondary objective to advance long-term UK economic growth and international competitiveness. In a recent speech, Sheldon Mills, Executive Director of consumers and competition at the FCA, discussed how this new objective will help boost innovation and regulation in financial services, resulting in economic growth.

• Access to cash and protection from APP scams: The Act introduces a framework to protect  access to cash withdrawal and deposit facilities in the UK for the first time in law and ensuring free access to cash for individuals from free-to-use cash access points. FSMA 2023 also contains provisions intended to facilitate the provision of greater support for victims of authorised push payment (APP) scams.

The Financial Services and Markets Act 2023 (Commencement No 1) Regulations 2023 (SI 2023/779) (the Commencement Regulations) were made on 10 July 2023.  Among other things, with effect from 29 August 2023 the Commencement Regulations:

• amend the Electronic Money Regulations 2011 and the Payment Services Regulations 2017 relating to critical third parties specified in Part 6 of Schedule 2 of FSMA 2023; and

• bring into force HM Treasury’s power to make regulations relating to digital settlement assets.

The Commencement Regulations also revoke Part 2, Schedules 1 and 2 of the Payment Accounts Regulations 2015 with effect from 1 January 2024 (see further ‘Payments aspects of Mansion House reforms’ below).

FSMA 2023 already provides for the entry into force of its provisions relating to cash access services, wholesale cash distribution and APP scams on 29 August 2023.

For more information on the key aspects of FSMA 2023, as well as an overview of the background, take a look at this Engage Article.

European Union: EBA finds ineffective management of EU payments firms’ money laundering/terrorist financing risks

On 16 June 2023 and following its 2022 assessment of money laundering (ML) and terrorist financing (TF) risks in the EU payment institutions (PIs) sector, the EBA published a report on its findings.

Among other things, the findings suggest that ML/TF risks in the sector may not be assessed and managed effectively by PIs and their supervisors. The EBA makes it clear that addressing the points in its report will not only be essential to protecting the EU’s single market from financial crime, but will also help to improve access by PIs to payment accounts by tackling a ‘root cause of de-risking’. Proposed areas for changes to the EU legal framework include:

• establishing a more consistent approach to assessing the AML/CFT component of the authorisation of PIs;
• reinforcing consideration of ML/TF risks in the process of passporting notifications; and
• ensuring a more coherent approach to the AML/CFT supervision of agents of PIs across Europe.

For more on the findings and implications of the report, please see this Engage article by members of our Dublin and London offices.

United Kingdom: PSR seeks views on card scheme and processing fees working paper

On 30 June 2023, the Payment Systems Regulator (PSR) released its third working paper in its ongoing review of the card scheme and processing fees market. The paper details recent adjustments to these fees and invites feedback on the PSR's developing insights regarding the fee-setting approaches of Mastercard and Visa. The feedback deadline is 11 August 2023. Following its comprehensive market assessment, the PSR plans to publish its provisional findings on its market review of card scheme and processing fees later this year.

United Kingdom: Payments aspects of Mansion House reforms

In his Mansion House speech on 10 July 2023, the Chancellor of the Exchequer Jeremy Hunt referred to further planned reforms - the ‘Mansion House reforms’ - that build on December 2022’s Edinburgh Reforms. This is all part of the post-Brexit work to deliver a Smarter Financial Services Regulatory Framework tailored to the UK. Among other things, the Chancellor announced an independent review into the future of payments to ensure the UK remains at the forefront of payments technology. The government has also laid new legislation to give regulators the powers they need to reform rules on innovative payments and fintech services, and is continuing to explore potential designs for the digital pound with the Bank of England. In addition, the government’s response to the December 2022 consultation on the customer information requirements in the Payment Accounts Regulations 2015 has been published.

Future of Payments Review 2023

The aim of the Future of Payments Review 2023 is to consider how payments are likely to be made in the future and make recommendations for government, financial services regulators and industry on the steps needed to successfully deliver world leading retail payments, in a further boost to UK fintech competitiveness. A Call for Input has been published to inform the Review, which will be chaired by Joe Garner. The scope of the Review is set out in more detail in its Terms of Reference. The Call for Input closes on 1 September 2023. The Chair will provide a report and recommendations to the government in Autumn 2023.

Electronic Money, Payment Card Interchange Fee and Payment Services (Amendment) Regulations 2023

The Financial Services and Markets Act 2023 (FSMA 2023) repeals retained EU law (REUL) relating to financial services in order to deliver a Smarter Regulatory Framework (SRF) tailored to the UK. REUL will be replaced with rules set by the regulators, operating within a framework established by government and Parliament (ie a comprehensive FSMA model). As part of the Edinburgh Reforms announced in December 2022, HM Treasury (HMT) published the policy statement 'Building a Smarter Financial Services Framework for the UK' which set out the government’s policy approach to the SRF programme of repeal and replacement. HMT has now published a follow-up policy paper ‘Building a Smarter Financial Services Regulatory Framework for the UK: HM Treasury’s Plan for Delivery’, which describes how the government will deliver this approach in practice.

The government’s work to repeal retained EU payments law – in particular the Payment Services Regulations 2017 (PSRs 2017) and the Electronic Money Regulations 2011 (EMRs 2011) -  is on the list of financial services items in Tranche 2 of its SRF programme, as set out in the December 2022 HMT policy statement. The latest HMT policy paper includes a table showing the government’s progress on the programme so far, including that announced by the Chancellor in his 2023 Mansion House speech, as well as next steps for the legislative files in Tranches 1 and 2 of the programme. As a first step in the work relating to payments law, via the Electronic Money, Payment Card Interchange Fee and Payment Services (Amendment) Regulations 2023 (made on 11 July 2023) (the Regulations) the FCA is being given sufficient rulemaking powers and the Payment Systems Regulator (PSR) sufficient powers of direction for payment services and e-money to make replacements as REUL is repealed. As well as the PSRs 2017 and the EMRs 2011, the relevant EU legislation includes the Interchange Fee Regulation 2015 and the Payment Card Interchange Fee Regulations 2015. The Regulations are subject to phased commencement dates, with some provisions coming into force on 18 September 2023, some on 1 January 2024 and some (relating to the regulatory “have regard” to the net zero emissions target) on the day on which section 27 (Regulatory principles) of FSMA 2023 comes into force. An explanatory memorandum on the Regulations has also been published. The government will now continue work to build a new regulatory framework that will, where necessary, replace the PSRs and EMRs. According to HMT’s policy paper (see above), a first round of ‘targeted reforms’ is due before the end of 2023. Work on the remainder and the laying of a statutory instrument is due ‘in 2024 onwards’.

HMT consultation response on future of consumer information requirements for payment accounts

As part of the Edinburgh Reforms announced by the Chancellor in December 2022, HMT consulted on the need for certain customer information requirements under Part 2 and Schedules 1 and 2 the Payment Accounts Regulations 2015 (PARs), which implemented the EU Payment Accounts Directive (2014/92/EU) (PAD), for the UK market. This is another legislative file in Tranche 2 of the government’s SRF programme (see above). For more on the consultation, take a look at our article ‘UK government consults on future of consumer information requirements for payment accounts’.

HMT has now published its response to the consultation, confirming that it intends to revoke Part 2, Schedules 1 and 2 of the PARs and the related Binding Technical Standards and hand over responsibility for detailed firm-facing requirements on customer information requirements to the FCA. The Financial Services and Markets Act 2023 (Commencement No 1) Regulations 2023 (SI 2023/779) (made on 10 July 2023) include a provision dealing with the revocation of the relevant PARs provisions which will take effect on 1 January 2024. According to HMT’s policy paper (see above), a ‘consequential SI’ is also due to be laid before the end of 2023. The government understands that the FCA is not planning to make rule changes in this area but will continue to hold firms to account on the standards that it sets through its supervisory activity.

For more on this development, take a look at this Engage article by members of Hogan Lovells’ London office.

Back to the top

 Regulatory Developments: Digital Assets

Singapore: MAS proposes digital money standards

On 21 June 2023, the Monetary Authority of Singapore (MAS) published a whitepaper proposing a common protocol (Purpose Bound Money (PBM)) to specify conditions for the use of digital money such as central bank digital currencies (CBDCs), tokenised bank deposits, and stablecoins on a distributed ledger. This protocol could be used on different ledgers and with different forms of money. The whitepaper covers the technical specifications of the concept of PBM and sets out how digital money can be used to support commercial and policy objectives without modifying its properties.

The concept of PBM was first introduced as part of MAS’ Project Orchid and the whitepaper describes how it can be extended to a broader set of use cases. MAS has also published the PBM source codes and software prototypes developed under Project Orchid for public access.

Singapore: MAS proposes framework for digital asset networks

On 26 June 2023, the Monetary Authority of Singapore (MAS) published a report outlining its framework for enabling open and interoperable networks. The report is part of Project Guardian which tests asset tokenisation across financial asset classes. The project has enlisted 11 institutions to date. The paper is split into three sections:

• The first and second sections set out the archetype of digital assets and the principles FMIs should consider when developing digital asset solutions.
• The third section sets out three case studies that are part of Project Guardian, namely the development of a global liquidity pool, trade financing of asset-backed securities and structured notes.

On the same day, the Japanese Financial Services Authority (FSA) announced that it is participating in MAS’ Project Guardian as an observer. To date, the FSA is the only other regulator that has joined the project.

European Union: European Commission publishes proposals on the establishment of the digital Euro

On 28 June 2023, the European Commission adopted a single currency package including three legislative proposals to support the use of cash and to propose a framework for a digital euro:

• Proposal for a Regulation of the European Parliament (EP) and of the Council on the legal tender of euro banknotes and coins (COM(2023) 364) (Legal Tender Proposal).

• Proposal for a Regulation of the EP and of the Council on the establishment of the digital euro (COM(2023) 369) and Annexes (Digital Euro Proposal 1).

• Proposal for a Regulation of the EP and of the Council on the provision of digital euro services by payment services providers incorporated in member states whose currency is not the euro and amending Regulation (EU) 2021/1230 (COM(2023) 368) (Digital Euro Proposal 2).

All three proposals are accompanied by an impact assessment (SWD(2023) 233) and its executive summary (SWD(2023) 234).

The Legal Tender Proposal defines the concept of ‘legal tender’ for euro cash. In doing so, it aims to safeguard the role of euro cash, ensure it is widely accepted as payment and remains easily accessible across the euro area. It will make the definition of legal tender legally binding.

Digital Euro Proposals 1 and 2 would establish a framework for a possible new digital form of the euro to complement existing euro cash. The digital euro would be available alongside existing means of digital payment. It would function like a digital wallet and be available both online and offline. If the proposal were adopted, it would ultimately be for the European Central Bank (ECB) to decide if and when to issue the digital euro.

Feedback on the proposals can be submitted here by 6 September 2023. The EP and the Council of the EU must agree on the same text before the Regulations can be formally adopted, published in the Official Journal of the European Union and enter into force.

South Korea: Act on the Protection of Virtual Asset Users passed

Following on from a previous item in our May/June Newsletter, on 30 June 2023 the Act on the Protection of Virtual Asset Users was passed by the National Assembly of South Korea. By way of reminder, the legislation is an amalgamation of 19 legislative proposals covering key aspects in relation to cryptoassets, including the Financial Services Commission’s enforcements power, rules in relation to protection of user assets, as well as new rules in relation to reporting and monitoring of transactions.

Global: BIS publishes CBDC cybersecurity and resilience framework

On 7 July 2023, BIS published a paper outlining its framework for secure and resilient central bank digital currency (CBDC) systems that it has developed to assist central banks in managing threats to the security and resilience of their CBDC systems. The framework involves seven steps:

1. Prepare: This step involves central banks assessing their readiness for the implementation and operation of a secure and resilient CBDC system. Specifically, the central bank should assess its readiness by examining its baseline capabilities and IT modernisation capabilities against objectives set out in the paper.
2. Identify: This step involves central banks identifying information assets, systems and networks that they can use for their CBDC systems, as well as any measures that need to be taken when relying on third party services.
3. Protect: This step covers objectives for the technical and non-technical controls and measures that would need to be implemented to protect the CBDC system against, and mitigate the impact of, security and resilience incidents.
4. Detect: This step involves assessing the system’s early detection capabilities and the process management of incidents detected.
5. Respond: This step involves setting aside a team to respond.
6. Recover: This step is about restoring impacted services to normal operations
7. Adapt: Executing this step should enable the CBDC system to adjust its operational parameters.

The paper also outlines the application of the framework.

European Union: ESMA and EBA consult on first sets of RTS and ITS under MICA and EBA statement on timely preparation for MiCA application date

On 12 July 2023, ESMA published a consultation paper on its first set of regulatory technical standards (RTS) and implementing technical standards (ITS) under the Regulation on markets in cryptoassets ((EU) 2023/1114) (MiCA).

MiCA mandates ESMA to develop a series of RTS, ITS and guidelines, many of them in close co-operation with the EBA. The first consultation package covers five RTS and two ITS on:

The proposed texts of the draft Delegated Regulations containing the RTS and ITS are contained in Annex II to the consultation paper.

The deadline for comments is 20 September 2023. ESMA expects to publish a final report and submit the draft RTS and ITS to the European Commission for endorsement by 30 June 2024 at the latest. ESMA also plans to publish two further sets of RTS and ITS in October 2023 and in Q1 2024.

Also on 12 July 2023, the EBA published the following consultation papers on its first set of RTS and ITS under MiCA:

• Draft RTS on information to be contained in an application for authorisation to offer to the public and to seek admission to trading of asset-referenced tokens and draft ITS on standard forms, templates and procedures for the information to be included in the application (Article 18(6) and (7) of MiCA);
• Draft RTS to specify the requirements, templates and procedures for handling complaints (Article 31 of MiCA); and
• Draft RTS on the detailed content of information necessary to carry out the assessment of a proposed acquisition of qualifying holdings in issuers of asset-referenced tokens (Article 42(4) of MiCA).

The deadline for comments on the drafts is 12 October 2023. The EBA will submit the draft RTS and ITS to the European Commission for endorsement, after which the RTS will be subject to European Parliament and Council of the EU scrutiny before being published in the Official Journal of the European Union.

On the same day, the EBA published a statement in which it encourages timely preparatory steps towards the application of MiCA to asset-referenced tokens (ARTs) and e-money tokens (EMTs). The Regulation will take effect from 30 June 2024 (the application date). The statement includes non-binding guiding principles to which the EBA encourages institutions to have regard until the application date. The EBA has also published a template that institutions intending to carry out, or carrying out, ART/EMT activities can use to communicate information about the token, on a timely basis, to the relevant competent authority.

United Kingdom: Law Commission publishes final report on digital assets

On 28 June 2023, the Law Commission of England and Wales published its final report on digital assets, together with a summary of the final report.

The report concludes that the common law of England and Wales is, in general, sufficiently flexible to accommodate digital assets and therefore that any law reform should be through further common law development where possible. However, the report makes two recommendations for targeted statutory law reform:

• A recommendation for a bespoke statutory legal framework for crypto token and cryptoasset collateral arrangements including amendments to the Financial Collateral Arrangements (No. 2) Regulations 2023 given that the common law cannot give market participants sufficient certainty in this area.
• A recommendation for legislation to support the existing common law position that some digital assets are neither things in possessions nor things in action but fall within the proposed third category of “data objects”. 

The report also recommends that a panel of industry experts  is set up to provide guidance on technical and legal issues relating to digital assets to support the development of common law and statute.

Global: FSB finalises global regulatory framework for cryptoasset activities

On 17 July 2023, the Financial Stability Board (FSB) released its final recommendations for a global regulatory framework for cryptoassets based on feedback received during its public consultation process in October 2022.

The framework consists of two sets of recommendations:

• a high-level recommendation for the regulation, supervision and oversight of cryptoasset activities and markets; and
• a revised high-level recommendations for the regulation, supervision and oversight of “global stablecoin” arrangements. 

Given events over the past year, the FSB has strengthened both sets of high-level recommendations in three areas relating to ensuring adequate safeguarding of client assets, addressing risks associated with conflicts of interest and strengthening cross-border cooperation.

The framework includes a shared workplan that the FSB and international standard-setting bodies have developed for 2023 and beyond, which is set out in an annex to a note accompanying the final framework.

Italy: Italian banks launch wholesale CBDC pilot project

On 23 June 2023, it was reported that the Italian Banking Association (ABI) has launched a wholesale central bank digital currency (CBDC) trial with the Bank of Italy, referred to as Project Leonidas.

The 18 Italian commercial banks participating in the trial will use a shared ledger for interbank payments, aiming to streamline the process. The pilot is one of 14 projects that the central bank selected for distributed ledger technology (DLT) experiments.

Back to the top

 Market Developments

United Kingdom : Mastercard announces tokenised bank deposits trial

On 28 June 2023, Mastercard announced that it will pilot tokenised bank deposits in a Multi Token Network (MTN). The beta version of the MTN will be made available in the UK in the third quarter of 2023 and it will act as a testbed for developing live pilot applications and use cases with financial institutions, fintechs and central banks. Over time, Mastercard plans to make MTN available in additional markets around the world.

United States : Square launches credit card for sellers

On 29 June 2023, the payment processing provider Square announced that it is launching a credit card for its U.S. sellers, running on the American Express network. In its press release, Square stated that there will be no late fees or annual fees, and that the credit limit will be determined by the sales that a seller processes through Square.  

Square also announced that it is broadening Square Loans by offering loans that can be repaid on a fixed monthly schedule instead of requiring daily repayments. In addition, Square plans to launch four additional debit card products later this year.

On 9 July 2023, it was reported that Kindgeek and Salt Edge have partnered to support enterprises in building and launching trustworthy, open banking-enabled fintech products. Salt Edge provides open banking solutions whilst Kindgeek specialises in website and mobile software development.

United Kingdom: Mastercard announces launch of AI fraud detection tool

On 6 July 2023, Mastercard announced the launch of its 'Consumer Fraud Risk' technology in the UK, using large-scale payments data to help identify scams before funds leave a victim’s account. Lloyds, Halifax, Bank of Scotland, NatWest, Monzo and TSB are among the nine lenders partnering with Mastercard in relation to this technology. According to the press release, TSB’s initial results with the Consumer Fraud Risk tool suggest that the amount of scam payments prevented over a year would be equivalent to almost £100m saved across the UK if its performance were mirrored by all banks.

Colombia: Ripple partners with the Colombian Central Bank to pilot CBDC

On 18 June 2023, it was reported that Ripple has partnered with the Colombian central bank (Banco de la República) and the Ministry for Information and Communications Technologies (MinTIC), the aim will be to enhance Colombia’s high-value payment system using Ripple’s CBDC Platform powered by the XRP Ledger (XRPL), an energy-efficient and open-source blockchain.

On 22 June 2023, it was reported that OCBC Bank, a major Singapore lender, has launched a fully digital account opening service for consumers in its key markets who are relocating to Singapore. The service will be available for individuals relocating from Malaysia, Indonesia, mainland China and Hong Kong. They will be able to open Singapore dollar and multi-currency accounts on the OCBC digital app remotely.

United States: Cheqly launches SME-focused digital banking

On 3 July 2023, it was reported that Cheqly has launched an SME-focused digital banking product offering using the Mbanq BaaS platform. The new product is meant to enable SMEs to carry out all of their banking in one place. The offering includes payment processing, business analytics using AI and additional customer services.

Italy: Mia-FinTech and Futurae partner to boost authentication and authorisation services

On 29 June 2023, it was reported that the authentication provider Futurae is partnering with fintech startup Mia-FinTech. The aim of the partnership is to develop authentication solutions to be offered on the Mia-FinTech platform. The Mia-FinTech platform is a cloud-based service that enables financial institutions to develop and create new digital services and to evolve towards Open Finance.

India: Safexpay launches one-click checkout solution

On 29 June 2023, it was reported that India-based payment and banking solutions provider Safexpay has launched a one-click checkout product. The product is supposed to help prevent cart abandonment in e-commerce and is therefore marketed to direct-to-consumer brands. Earlier this year another Indian-based company, Nimbbl, received funding to further develop its one-click solution.

Back to the top

 Surveys and reports

Global: BIS central bank survey on digital currency and cryptoassets

On 10 July 2023, the Bank for International Settlements (BIS) published the results of its 2022 survey on central bank digital currencies (CBDCs) and cryptoassets. The responses from 86 central banks show that:

• The proportion of central banks engaged in CBDC projects has risen to 93%.
• Almost a quarter of central banks are piloting a retail CBDC, which is twice the share of central banks building or running a wholesale CBDC trial.
• More than 70% of jurisdictions covered in the survey have a Faster Payments System (FPS) and 18% plan to launch one. More than 80% of central banks think that, in principle, there may be value in having both an FPS and a CBDC. This is mainly because they believe that a CBDC has specific properties and may offer additional features such as allowing access to a wider set of financial institutions.
• 16% of central banks consider it likely that they will have a wholesale CBDC within the next three years (up from 8% of central banks in the last survey a year ago).
• 58% of central banks consider it likely or possible that they will issue a wholesale CBDC in the medium term (up from 54% last year).

Global: The Paypers report on global overview of payments providers 2023

On 16 June 2023, The Paypers published a report entitled ‘The Global Overview of Payments Providers 2023 – Key Actors and Trends Shaping the B2B and B2C Ecommerce Payments Industry’, providing market analysis of key payment providers in the B2B and B2C commerce payments ecosystem.

Among other things, the report includes:

• an exploration of the current key trends in payments M&A and a forecast for the rest of 2023;
• an overview of the most significant partnerships and product innovations in Q4 2022 and Q1 2023;
• an infographic showing relevant startups to watch in 2023;
• insight into core aspects for payment strategy in 2023, which includes new regulations, governance and risk management and economic forecasts.

Back to the top

Authored by Roger Tym and Virginia Montgomery.

Hogan Lovells (Luxembourg) LLP is registered with the Luxembourg bar.