In the final update for 2017, we examine recent legislative and regulatory developments across the fintech landscape.  In Australia, significant developments including the Australian Government passing new laws which will bring cryptocurrency exchanges within the scope of anti-money laundering and counter-terrorism financing (AML/CTF) legislation, the Governor of the Reserve Bank of Australia (RBA) providing clarity on whether it will introduce an electronic Australian dollar and the Australian Securities and Investments Commission (ASIC) consulting on its regulatory sandbox, as well as reporting on marketplace lending and cyber resilience.  Overseas, the primary developments have been in relation to Initial Coin Offers (ICOs) with regulators in the US, Europe and across Asia taking enforcement action and releasing statements.  

Fintech Fact: According to the Reserve Bank of Australia, the use of cash payments has nearly halved since 2007 as consumers increasingly use contactless ‘tap and go’ cards.

Treasury consults on CSF regulations in relation to proprietary companies

Following the introduction of a bill earlier this year to extend access to crowd-sourced equity funding (CSF) to proprietary companies, the Treasury has opened consultation on an exposure draft of the Corporations Amendment (Crowd-sourced Funding) Regulations 2018. The draft regulations outline additional requirements for proprietary companies to access the CSF regime:

  • Only eligible proprietary companies with one or more CSF shareholders will be exempt from the takeover rules in the Corporations Act 2001 (Cth) (Act).
  • The draft regulations reduce the minimum offer period for eligible CSF companies to 14 days and allow for variations to the terms and consideration offered to increase commercial flexibility.  They also simplify the content and structure requirements of CSF offer documents for both public and proprietary companies and include the ability to present some required information in a summary format if there is overlap between sections and being able to present the offer document online.
  • For proprietary companies, the draft regulations outline additional requirements such as shareholder approval for related party transactions, financial statement audits once the CSF offer has raised over A$3 million and the provision of annual financial statements online.
  • For both public and proprietary companies, the Regulations provide that CSF intermediaries must check director and intended director identities, such checks to be conducted via authenticated electronic records.

Consultation on the draft regulations closes on 2 February 2018.

RBA Governor discusses electronic Australian dollar

At the 2017 Australian Payment Summit, the Governor of the RBA, Philip Lowe, delivered a speech addressing whether the RBA intends to issue a digital form of the Australian dollar. Terming it an eAUD, the Governor asserted that the RBA had no immediate plans to issue an eAUD, but indicated that the RBA would continue research into the area.  Notably, the Governor highlighted ongoing examination of the use of a central-bank issued digital dollar in relation to settlement arrangements. Key insights included:

  • There has been a significant shift towards electronic payments which will continue to be driven partly by the increased use of mobile payment apps.  However, banknotes will not be replaced entirely and are likely to remain the payment instrument of choice for many people. 
  • It is likely that the shift towards electronic payments will be promulgated by the banking system.  The substantial investment by Australian financial institutions in the New Payments Platform (NPP) was seen as evidence that the banking system will continue to provide the infrastructure for electronic payments.  However, this trend is not a given and requires financial institutions to offer customers low-cost solutions with expanding functionality over time.  The rise of new technology used for payments, such as cryptocurrencies, may challenge the role of traditional financial institutions. 
  • An electronic form of banknotes could exist in conjunction with the electronic payment systems operated by the banks, however the case for this has not yet been proven. If an eAUD was to become a commonly used payment method, it should be issued by the RBA and distributed by financial institutions, rather than being issued by the private sector.  With the NPP coming into effect, there would be little additional benefit from issuing electronic banknotes and there was not yet a public policy case for such a change. 
  • There was no case for the RBA to encourage the shift to electronic payments by offering every Australian an exchange settlement account.  If the RBA did go down this route, it would find itself in direct competition with the private banking sector in both deposits and payment services. 

The possibility was left open to the RBA issuing a new form of digital money through a variation on the exchange settlement account. This could be implemented on distributed ledger technology and be used within specific settlement systems. 

ASIC reports on cyber resilience of firms in Australia’s financial markets

ASIC has recently released Report 555 Cyber resilience of firms in Australia’s financial markets.  The report outlines the findings from the self-assessment survey of over 100 Australian financial firms in the past two years.  ASIC’s report identifies the trends of small-medium enterprises (SMEs) and large firms distinctively, with findings set out in the table below.  The report found that while firms are getting better at managing cyber risks, there is still some progress to be made. 

In producing the report, ASIC used certain survey terms to test the probity of cyber security policies.  These terms included ‘partial’ (when policies are non-existent or not formalised), ‘risk-informed’ (when policies are rarely updated and are not consistently followed), ‘repeatable’ (when policies are regularly updated and with compliance measures in place) and ‘adaptive’ (when policies are consistently evolving with the market). 

ASIC noted that while the report showed greater engagement by firms on cyber resilience, there was both a disparity between firms and insufficient investment in cyber resilience measures.  The report follows ASIC’s earlier Report 429: Cyber Resilience – Health Check, which outlined suggested ‘health check prompts’ for companies.

ASIC proposes leaving regulatory sandbox unchanged

ASIC has released its recent review of its regulatory sandbox. The sandbox was established in December 2016 to encourage investment in the fintech sector by providing flexibility in the regulatory framework through a number of licensing exemptions. The consultation paper proposes to retain the fintech licensing exemption, with no changes to the sandbox’s current structure. 

ASIC’s fintech licensing exemption allows eligible fintech businesses to test certain specified services without needing to hold an Australian financial services licence or credit licence. Eligible businesses may take advantage of the exemption for up to twelve months with up to one hundred retail clients, as long as certain consumer protection conditions are met and a notification is made to ASIC of the intention to conduct business. The regulator stated that the rationale for making no changes to the exemption is to maintain a consistent framework until such time as Parliament implements its proposed legislation for an enhanced regulatory sandbox exemption. This new exemption would likely supersede the fintech licensing exemption. 

Although various members of the fintech sector have criticised the sandbox for a lack of uptake, ASIC said that four fintech businesses have accessed the licensing exemption.  One business is testing its financial services in providing advice and dealing in listed securities, two businesses are testing advisory and dealing services in deposit products, and one business is acting as an intermediary and providing credit assistance.  Over a dozen fintech businesses have contacted ASIC in relation to using the fintech licensing exemption. 

Consultation on ASIC's proposal to leave the regulatory sandbox unchanged closes 27 February 2018.

AML/CTF laws and regulation applied to cryptocurrency exchanges

The Australian Parliament has recently passed the Anti-Money Laundering and Counter-Terrorism Financing Amendment Act 2017, discussed earlier here. The amendments will bring digital currency exchange providers under the remit of the Australian Transaction Reports and Analysis Centre (AUSTRAC), which will require exchanges to register with the agency and be placed on the new Digital Currency Exchange Register.  If a person provides a registrable digital currency exchange service without registering with AUSTRAC, this will be an offence carrying a penalty of up to two years imprisonment or a fine of up to $105,000, or both. 

Registered exchanges will be required to implement Know-Your-Customer (KYC) processes in order to verify the identity of their customers.  AUSTRAC will expect exchanges to monitor and report suspicious and large transactions, as well as keep certain records relating to customer identification and transactions for seven years. 

In Parliament, the Attorney-General said, “most businesses in the digital currency exchange sector welcome the introduction of AML/CTF regulation, as they are already mindful of the risks posed by the service they provide.” These amendments will likely commence in early June 2018 unless another date is fixed.

ASIC releases second marketplace lending survey

ASIC has released its second survey on the marketplace lending industry, which indicates steady growth in both borrowing and lending activity in the market since the last report.  Marketplace lending allows investment in loans to consumers and SMEs, which can provide an alternative source of funds to traditional channels.  Marketplace lending does not have a stand-alone regulatory regime in Australia, rather the regulations depend on how the business is structured and the types of financial services and products being offered.

ASIC undertook the survey to determine emerging trends and changes in the level of risk within the industry, as new technology platforms facilitate significant growth in marketplace lending.  The report is based on survey responses from the providers of twelve marketplace lending platforms, representing a limited cross-section of the industry.  Key findings from the report are outlined below:

  • there are three new marketplace lending platforms in the industry; 
  • with $300 million in loans written to consumers and SMEs, there was a doubling of activity in relation to the number of borrowers and total amount borrowed since 2015-16; 
  • the average reported default rate across the respondents was 2.2%;
  • there are an additional 4,187 retail investors since 2016, representing $12 million of extra investment in the industry; and
  • loan origination fees remained the primary source of revenue for marketplace lending providers.

The report highlights instances of non-compliance with laws and regulations in relation to advertising and promotional material and disclosure documents for marketplace lending products. As the activity levels in marketplace lending continue to grow, ASIC intends to undertake further surveys in order to determine the stability of this industry.

ASIC broadens fintech cooperation with Canadian regulators

ASIC has announced a Cooperation Agreement with a number of Canadian regulators on fintech cooperation.  An agreement had previously been entered into with the Ontario Securities Commission (OSC), however this new agreement expands the existing information sharing framework to other provincial securities regulators.  The agreement will also allow for the referral of innovative fintech businesses to and from Canada.  

The provincial regulators that are signatories to the agreement include those in Quebec, British Columbia, Alberta, Saskatchewan, Manitoba, New Brunswick and Nova Scotia. These regulators are responsible for the regulation of securities within their respective provinces and territories. They have joined to form the Canadian Securities Administrators (CSA), a council that coordinates and harmonises regulation for the Canadian capital markets.  Notably, Quebec’s AMF has accepted a token sale into its regulatory sandbox with consideration on extending the relief after two years.  With the Canadian approach to ICOs broadly reflective of ASIC’s views, this agreement could provide ASIC with valuable insight as its own regulatory sandbox is reviewed. 

International regulatory developments in ICOs

There have been significant developments across Asia and in the United States in relation to ICOs.  In particular, the latest developments reinforce that token offerors must not only consider the application of securities laws but also other requirements including consumer protection obligations and anti-money laundering and counter-terrorism financing regimes. In the US, various class actions have focused on both securities law analysis and misrepresentations to investors suggesting that the application of consumer protection must be a significant consideration for token offerors during an ICO. 

  • United States:  The Securities and Exchange Commission (SEC) has imposed a cease-and-desist order preventing California-based Munchee’s ICO.  Munchee sought to raise US$15 million for its blockchain-based food review service, proposing to use the ICO proceeds to create an ecosystem that rewarded users for writing food reviews.  The SEC’s contention was that Munchee communicated that investors could expect that the efforts by the company would lead to an increase in the value of the tokens.  Munchee also stated an intention to create and support a secondary market for the tokens.  The SEC was of the view that, based on these statements, investors would have had a reasonable belief that their investment in the tokens could generate a return and considered that it was a security under the Howey test.  The SEC noted that determining whether a transaction involves a security does not turn on labelling but involves an assessment of the relevant facts and circumstances.
  • The SEC’s recently created Cyber Unit also announced that it has obtained its first ever emergency asset freeze to stop the continuation of an ICO by PlexCorps. PlexCorps has been accused of fraudulently marketing and selling up to US$15 million PlexCoin since August 2017. Although PlexCoin was marketed as having similar characteristics to a cryptocurrency, the SEC found them to be securities under federal securities law.  The enforcement focusses on the allegation that PlexCorps promised to PlexCoin purchasers an unrealistically large 1,354% profit return in less than 29 days.  Additionally, PlexCorps advertised a non-existent team and obscured the previous financial crimes of its founder, Dominic Lacroix. 
  • Following class actions being launched against Tezos (with four separate actions now commenced), a class action has been filed against Centra Tech Inc. (Centra) for alleged violation of securities law during its ICO.  Centra proposed creating a cryptocurrency debit card however the class action accuses Centra of selling unregistered securities, misleading investors about partnerships and listing false team profiles.
  • United Kingdom: In the feedback statement on its discussion paper on DLT, the Financial Conduct Authority (FCA) indicated that it would further examine developments in the ICO sector to determine whether further regulatory guidance is needed.  Previously, the FCA published a consumer warning stating that an ICO could fall within its regulatory boundaries depending on the ICO’s structure.
  • Denmark: Denmark’s central bank, Danmarks Nationalbank, has published its conclusion not to issue a central bank digital currency.  The rationale for making such a decision is two-fold, firstly, the advantages of issuing a digital currency would not provide greater efficiency as Denmark’s payment structure already provides for immediate payment settlements, and, second, issuing a digital currency would make the central bank a direct competitor to the commercial banks. 
  • South Korea: The South Korean government has published a statement on a possible policy implementation to combat digital currency speculation and criminal acts using digital currencies.  The release indicated that four major digital currency exchanges were currently having their terms reviewed and that the Government intends to periodically review digital currency exchanges for any potential data breaches.
  • Malaysia: Malaysia’s central bank, Bank Negara Malaysia, has issued for public consultation a proposal to bring digital currency exchange businesses under the Anti-Money Laundering, Anti-Terrorism Financing and Proceeds of Unlawful Activities Act 2001 (AMLA). Broadly, digital currency exchange businesses will be considered ‘reporting institutions’ under the Act and must comply with transparency obligations. Notably, Bank Negara Malaysia re-asserted that digital currencies are not considered legal tender in Malaysia and are therefore “not covered by prudential and market conduct standards or arrangements that are applicable to financial institutions regulated by the Bank”. Consultation closes on 14 January 2018.
  • Hong Kong: The Securities and Futures Commission (SFC) has issued a circular emphasising that Bitcoin futures and cryptocurrency investment products are only to be issued by licensed firms.  Noting that Bitcoin futures had been accepted in the US, the SFC stated that business services relating to Bitcoin futures constitute regulated activities under the Securities and Futures Ordinance and that this is irrespective of whether the business is located in Hong Kong so long as the Hong Kong public are targeted.

Beyond this, engagement with DLT continues to grow. As well as the ASX adopting DLT in Australia, the House of Lords in the UK has issued a report highlighting the opportunities offered by DLT and calling on the UK Government to lead “practical application and testing” of DLT.  In particular, the House of Lords identified sectors ripe for DLT implementation as being trade and immigration, national security and public safety, taxation, healthcare, food traceability and accountability, cybersecurity and counter-fraud, and payments and asset traceability.

As well as this, British overseas territory Gibraltar has passed a bill extending investor protection to businesses “carrying on controlled activities which are not investment services”. The bill is in line with Gibraltar’s proposed regulatory framework for DLT businesses, which is planned to take effect in January next year. Under the framework, businesses providing DLT services will be required to apply for a licence from the Gibraltar Financial Services Commission.