In an exciting month for fintech, this update considers the latest distributed ledger technology regulatory developments in the UK, Australia and in global forums, the impact of Australian visa changes on fintech businesses, international fintech engagement by key regulators and the release of a cyber risk health check for Australia’s top 100 companies.
In this issue you will find:
Fintech fun fact: Business Insider Intelligence forecasts that robo-advisors will manage USD8 trillion in global assets by 2020.
The Financial Conduct Authority (FCA) has released DP17/3, seeking views on potential use cases for distributed ledger technology (DLT) in the financial sector. The discussion paper put forward 17 questions seeking views on the risks and opportunities for the financial sector associated with DLT, and whether implementation of a DLT solution was compatible with existing regulation.
The FCA strives for technology neutrality, however four areas were identified where existing regulation may not be sufficient to facilitate implementation of DLT solutions. These areas were:
- Allocation of responsibility on the DLT solution: the absence of a single controlling entity means that compliance responsibilities are not always clearly identified and this can lead to governance issues. For instance, on a distributed ledger, who operates under the regulator’s remit and who carries out the regulated activity?
- Digital asset trading: the FCA is seeking to understand the scope of DLT application in securities issuance and trading by identifying potential use cases. It is also concerned with the parallels between initial coin offerings and other methods of raising capital, such as initial public offerings, private placements and crowd sales. The FCA considers these initial coin offerings may fall within its current regulatory ambit.
- Collateral management: smart contracts may be used to reduce certain prudential requirements by automating and expediting the calculation and exchange of collateral. The example of possible DLT application given by the FCA was in relation to the “margin period of risk” (time between the most recent exchange of collateral for transactions with a defaulting counterparty and when those transactions can be closed out) for non-centrally cleared OTC derivative contracts. Currently, a legislated ten day time period applies but that could be reduced.
- Data protection: the UK has legislated a right to erasure (or a “right to be forgotten”) under its data protection regime. Where a DLT solution creates immutable records which cannot be removed, it may impede enforcement of this right. The FCA did not invite comments on this topic but advised firms to consider this issue when developing a DLT solution.
The generally cautious tone of the discussion paper towards DLT responsive regulatory change is notable. The FCA noted that it had “not yet discovered a need for fundamental change to our regulatory framework” based on engagement with industry and that there were other existing technologies that could facilitate much of same functionality that DLT offers. The FCA did concede that DLT may represent an overall improvement on other currently available technology.
Comments are invited on the discussion paper until 17 July 2017.
The Australian government has implemented major changes in relation to its temporary employer sponsored skilled migration program. These changes affect the Temporary Work (Skilled) (subclass 457) visa (457 visa).
Amongst other changes, on 19 April 2017, 216 occupations were removed from the list of occupations for which 457 visas are available and access to a further 59 occupations was restricted. Relevantly for fintech businesses, the following occupations were removed from the 457 visa occupation list: web developers, multimedia designers, market research analysts, ICT support technicians and ICT support and test engineers.
Additional requirements were also imposed on certain occupations, with more than 2 years relevant work experience now required for 457 visas for the following occupations: ICT project manager, ICT support engineer and ICT systems test engineer. There have also been restrictions on access to 457 visas for certain occupations (such as corporate general manager or customer service roles) where the nominating businesses have annual turnover of less than $1 million and less than five employees.
These changes are effective immediately. If a 457 visa application was being processed on 19 April 2017 for a removed occupation, then the application cannot be approved. Current holders of 457 visas will not be impacted by the changes to the occupation list unless a further 457 visa is applied for or the holder changes occupation/employer.
Further changes will be made to 457 visas over coming months. For instance, the list of 457 visa eligible occupations will be reviewed from 1 July 2017 on advice from the Department of Employment and, by 31 December 2017, the ATO will audit 457 visa holders’ tax returns to ensure they are being paid the declared salary. The 457 visa will be abolished in March 2018 and replaced by a new Temporary Skills Shortage visa.
Fintech Australia has been critical of the changes and is seeking industry views.
Fintech businesses are reminded that it is important that employer sponsored migrants are categorised for the correct occupation when applying for 457 visas. There are also other visa classes which may be more suitable for fintech founders or employees:
- The 188 visa (Business Innovation and Investment Provisional Visa) targets people wishing to invest in, own or manage Australian businesses and includes a specific entrepreneur stream, introduced as part of the Innovation Agenda.
- The 132 visa (Business Talent Permanent Visa) has two streams, one for high-calibre business owners or part-owners who want to do business in Australia (provided the person has assets of $1.5 million and annual business turnover of $3 million) and another for people who have sourced venture capital funding from a member of the Australian Venture Capital Association Limited.
On 19 April 2017, the International Monetary Fund (IMF) held its inaugural meeting of the High Level Advisory Group on Fintech. The Group comprises senior bank executives, notable blockchain companies, regulators and academics. The meeting focused on the disruption of the nature and provision of financial services by emerging technologies in the sector and the impact on financial stability and regulation.
In collaboration with the IMF’s Interdepartmental Working Group on Finance, the High Level Advisory Group on Fintech has been studying the economic and regulatory implications of blockchain technology, examining the potential opportunities and risks of embracing such innovation. Panellists asserted that blockchain is likely to increase inclusion and transparency, thereby improving financial stability but cautioned new challenges would arise from the free flow of money across the globe.
As part of their biannual Financial Stability Review, the Reserve Bank of Australia (RBA) has revealed that they have launched an internal working group to consider the implications of DLT.
The RBA revealed their participation in cross-institutional working groups on DLT with the Committee on Payments and Market Infrastructures as well as the Council of Financial Regulators (CFR). The former group published an analytical framework for authorities wishing to review and analyse the use of DLT for payments, clearing and settlement earlier this year. The CFR has been considering the use of DLT in Australia’s existing regulatory framework.
Globally, the RBA is also currently contributing to a Financial Stability Board report to the G20 in collaboration with the Australian Treasury and Australian Securities and Investments Commission (ASIC) on the regulatory and supervisory issues raised by fintech.
Following a targeted survey at the end of 2016, the Australian Securities Exchange (ASX) has launched its first Cyber Health Check Report, assessing the awareness of and preparation of the ASX Top 100 to confront cyber risks. From the responses, cyber risk issues are a significant strategic business risk for boards, with the majority of companies engaging in regular vulnerability assessments, cyber strategy development and incident reporting.
Importantly, for fintech businesses engaging with large corporates, a key shortcoming for large companies was the lack of knowledge held in relation to their dealings with third parties, including that:
- 30% of respondents haven’t yet evaluated the cyber resilience of suppliers, customers and other key external parties that connect to them; and
- 32% had only a limited understanding at board level of the extent of information shared with third parties.
Ensuring that third parties are also cyber resilient will likely be a key concern of large corporates in the future. The report identified other areas for improvement for the top 100 companies, with the key opportunities for service providers broadly covering improving quality of cyber risk reporting, creating a set of standard cyber security metrics, understanding key controls in a company’s cyber resilience framework and implementing a plan to notify affected individuals if there is a privacy breach of their personal information likely to result in serious harm.
On 21 April 2017, ASIC signed a Cooperation Agreement with Indonesia’s Otoritas Jasa Keuangan establishing a framework for information sharing on emerging market trends and regulatory issues in the expanding space of innovation in financial services. Acknowledging the vital role of fintech in shaping the current global financial services landscape, this agreement is another step forward for ASIC following prior agreements with other international regulators including the Monetary Authority of Singapore, the Ontario Securities Commission, Capital Markets Authority in Kenya and the FCA.
ASIC chairman Greg Medcraft, Minister Assisting the Prime Minister for Cyber Security Dan Tehan, and ASX deputy CEO Peter Hion also led an Australian fintech delegation to London in mid-April. Aimed at improving opportunities for tech collaboration between Australia and Britain, the delegation’s trip comes off the back of a reciprocal visit from ten UK fintech startups to Sydney and Melbourne in March.
In a speech delivered to the Perth Fintech Meetup, ASIC Commissioner John Price discussed some of the initial results of ASIC’s Innovation Hub, the establishment of the Regulatory Sandbox and the increasing focus of ASIC on regtech.
The Innovation Hub was established in 2015 to provide informal assistance to fintech startups. The Commissioner provided the following statistics on engagement by startups with the Innovation Hub:
- the Innovation Hub has worked with 165 entities, with 125 of those entities receiving informal assistance;
- ASIC has granted 33 new Australian financial services licences and Australian credit licences to entities which had applied for Innovation Hub assistance; and
- Innovation Hub engagement, on average, results in a material reduction in licensing time.
Commissioner Price discussed how the Regulatory Sandbox was set up in December 2016 for three key reasons: to improve implementing products to market by creating an environment for fintechs to test without a licence, creating greater flexibility around organisational competency requirements and improving access to capital. The Regulatory Sandbox includes a class waiver allowing eligible, unlicensed fintech businesses to test products.
Finally, the Commissioner discussed ASIC’s increasing focus on regtech, emphasising that regtech had the capacity to support ASIC in the way it engaged with industry. It was noted that since mid-2016, when ASIC updated the Innovation Hub to include regtech, ASIC has had over 30 meetings with regtech stakeholders and service providers and a recent ASIC regtech roundtable gathered more than 100 industry attendees.
ASIC is developing its own in-house regtech capabilities to efficiently regulate Australian financial markets, assisted by the Australian Taxation Office, Data 61 and the Advanced Analytics Institute. The Commissioner discussed regtech applications which ASIC was already implementing, providing the following examples:
- a cognitive tool to analyse webpages of accountants that offer self-managed superannuation funds services;
- machine learning applications assessing document sets to identify useful evidence;
- a social media monitoring tool; and
- markets and graph analytic tools to support identification of connections between entities.
The Commissioner stated that ASIC was enthusiastic about hearing from businesses offering regtech solutions and those seeking assistance in establishing regtech businesses.
A one-stop shop for the most frequently asked legal questions by in-house counsel, providing expert tips, example clauses and usage guides.