This update considers the latest fintech developments in Australia and internationally. Domestically, there has been a suite of legislative and regulatory advances including Australian Securities and Investments Commission (ASIC) adopting regulatory guidance for the commencement of the crowd-sourced equity funding (CSF) regime. The Government has also released proposed reforms to address illegal phoenixing as part of broader reform of Australia’s corporate insolvency regime. Such reforms are particularly relevant to start-ups and early stage companies.
The most significant international development in this most recent period has been the range of guidance offered by regulators across multiple international jurisdictions with respect to the conduct of initial coin offerings (ICOs). In this update, we consider the various positions which have been adopted. Additionally, the Basel Committee on Banking Supervision has released a consultation document on the implications of fintech for both banks and bank supervisors.
Separately to this update, we have also recently considered:
Finally, the Treasury Laws Amendment (2017 Measures No. 6) Bill 2017 (Cth), which we discussed in an earlier update, has been passed by Parliament removing the double taxation of digital currency.
Fintech Fact: In a recent sample of 1300 financial services organisations, nearly 90% believed that parts of their business would be lost to fintech companies in the next five years.
International regulatory developments for ICOs
Following recent comments from regulators around the world (discussed here and here), regulators in other jurisdictions have offered guidance on businesses wishing to conduct an ICO. Two distinct regulatory approaches have emerged. Certain regulators have adopted a position that the existing financial services regulatory framework will apply to tokens, while other regulators have banned ICOs and prohibited residents from participating in ICOs. The latest developments are set out below:
- South Korea: South Korea’s Financial Services Commission (FSC), following a meeting with the finance ministry, Bank of Korea and National Tax Service, has prohibited domestic companies and start-ups from conducting ICOs and made margin trading of virtual currencies illegal. Calling ICOs a “violation of capital market law”, the FSC has also announced on-site inspections, the review of operations of cryptocurrency companies and analysis of cryptocurrency accounts for user data. The governor of South Korea’s central bank, Lee Ju-yeol has also stated that cryptocurrency is to be regarded as a commodity rather than a currency and indicated that the bank would be focusing more on researching digital currencies.
- Macau: The Macau Monetary Authority (MMA) has announced that banks and payment providers have been banned from engaging with cryptocurrencies directly or indirectly, including via ICO.
- Switzerland: Switzerland’s Financial Market Supervisory Authority (FINMA) has issued guidance applying existing financial services regulation to ICOs. Depending on the characteristics of the token, the ICO may be regulated under money laundering and terrorism financing laws, banking law provisions, securities trading provisions, and provisions set out in collective investment scheme legislation. FINMA announced that it is currently investigating numerous ICOs for potential breaches of regulatory law. This is particularly significant as Switzerland has long been a popular jurisdiction for ICOs for its technology neutrality and perceived cryptocurrency-friendly ‘Crypto Valley’ in Zug.
- Abu Dhabi: Abu Dhabi Global Market's Financial Services Regulatory Authority (FSRA) also released similar guidance. FRSA indicated that tokens offered via ICO would be considered on a case-by-case basis to determine whether they constitute securities and thus fall within the scope of financial services regulation.
- Lithuania: Lithuania’s central bank has released guidance in relation to ICOs, instructing financial market participants who provide financial services to refrain from participating in activities or providing services associated with virtual currencies. In relation to ICOs, the bank suggested that token offerors would need to consider securities law, crowdfunding laws, collective investment regulations, laws regulating the provision of investment services and anti-money laundering and counter-terrorism financing laws.
- Russia: In relation to ICOs, Russian authorities have indicated that securities regulation will apply and suggested the formation of a single payment space for the member states of the Eurasian Economic Union.
- European Union: In a statement to the European Parliament’s Committee on Economic and Monetary Affairs, the President of the European Central Bank (ECB), Mario Draghi, has indicated that it is not within the power of the ECB to “prohibit and regulate” bitcoin and other digital currencies.
- United States: The United States Securities and Exchanges Commission (SEC) has announced a new taskforce called the Cyber Unit that will focus on cyber-related misconduct including violations involving distributed ledger technology and ICOs. The SEC has sought to create a cybersecurity working group to coordinate information sharing, risk monitoring, and incident response efforts.
- Singapore: The managing director of the Monetary Authority of Singapore (MAS) has indicated in an interview that the MAS has no intention of regulating cryptocurrencies, however it will implement rules to apply to intermediaries (ie, exchange operators) to address money laundering and other criminal activities.
The guidance being released globally indicates that token offerors should carefully consider the economics, circumstances and purpose of their tokens and seek legal advice before their seed funding round or ICO. The regulatory guidance issued by these regulators will impact the documentation which governs ICOs. These developments also reflect that choice of jurisdiction is an increasingly important consideration in the conduct of a token sale.
It is important to note that while the bans which have been implemented by certain regulators may have an adverse impact on investor demand to participate in a token sale, the guidance released by other regulators, and compliance with that guidance by offering companies and intermediaries, will,in our view, further legitimise ICOs as an investment class. With more than USD $2 billion raised in ICOs over the course of 2017 and ICO fundraising now outpacing traditional equity fundraising for start-ups, the market for ICOs is at a critical regulatory juncture.
ASIC finalises crowd-sourced funding regulatory guidance
Earlier this year, ASIC released two consultation papers setting out its draft regulatory guidance for both public companies seeking to raise funds through CSF offers (CP 288) and intermediaries operating CSF platforms (CP 289). As a result ASIC has reported (Report 544) on the submissions made to the consultation papers and finalised regulatory guidance for companies making CSF offers (RG 261) and CSF intermediaries (RG 262).
In light of the responses received on the consultation papers, there are some material differences between the consultation papers published by ASIC and the regulatory guidance it has released. These differences are discussed below. ASIC has also made relief instruments to exempt CSF offering companies and intermediaries from certain obligations under the Corporations Act that would otherwise apply.
ASIC’s response to Consultation Paper 288
ASIC found that respondents were generally supportive of the proposed regulatory guidance, including explanations of information that should be included in a CSF offer document to meet minimum information requirements under law, additional information which offerors should consider disclosing and the disclosure of a template CSF offer document. Key changes made to RG 261 as a result of responses to CP 288 by ASIC include:
- clarifying that regulatory guidance on proposed items to be included in the CSF offer document is not prescriptive, with the content and length of a CSF offer document to vary based on a company’s circumstances;
- permitting cross-references within CSF offer documents to prevent duplication and inclusion of annexures for additional information (ie, information not prescribed by law or less important to investors) or key documents (ie, shareholder agreements or company constitutions);
- noting that the order of four key sections in CSF offer documents is prescribed, however indicating there is flexibility around the information to be included in each section, as well as around the presentation and ordering of such information;
- tailoring guidance concerning minimum information disclosures in offer documents to include common risks more applicable to start-ups and early stage companies (ie, disclosure of risks around “loss of key personnel” has been expanded to refer to a “failure to secure key personnel”);
- expanding the description of additional or useful information recommended to be included in an offer document to include information about:
- remuneration and incentives for directors and senior management, as well as their interests in the securities of the offering company;
- exit options for investors; and
- where current company information can be accessed;
- indicating that CSF offering companies are not required to disclose the full financial report (or any notes) or other documents that accompany the financial report, but that information should be included in the CSF offer document identifying where investors can access the full financial report if it is available;
- aligning RG 261 with ASIC’s existing guidance in relation to forward-looking statements and financial forecasts for early stage and start-up companies (clarifying that CSF offer documents should only include financial forecasts, targets or other forward-looking statements that are based on reasonable grounds); and
- noting that use of the template CSF offer document is optional, with ASIC encouraging CSF offering companies to present and format offer documents to enhance readability, accessibility and digital compatibility for retail investors.
Additionally, ASIC has indicated that where CSF offering companies are relying on reporting and corporate governance concessions from disclosure obligations, then companies should still consider implementing processes to facilitate ongoing communication with shareholders. This is despite those companies not being required to facilitate such communications under the Corporations Act.
ASIC’s response to Consultation Paper 289
Generally, ASIC found responses to CP 289 supported proposals explaining how to apply for Australian financial services (AFS) licence authorisations to provide a CSF service, setting out obligations and responsibilities of AFS licensees and setting out specific requirements of the CSF regime. In response to the consultation, ASIC has made certain amendments to RG 262 including:
- setting out specific examples of conflicts of interest applicable to CSF intermediaries, with ASIC nominating the key conflict under the CSF regime for intermediaries as managing compliance obligations while also deriving financial benefits from publishing CSF offers and ensuring the success of those offers;
- providing further non-exhaustive examples of experience which will meet a CSF intermediary’s organisational competence requirements, with relevant experience for responsible managers extended to include acting as a legal adviser to AFS licensees and providing compliance services to AFS licensees (although this alone will not be sufficient);
- adopting transitional arrangements, until 30 June 2020, for CSF intermediaries to meet the surplus liquid funds requirement that applies to AFS licensees who hold client money (ie, ASIC will accept three month cash flow projections, instead of 12 month cash flow projections, with a corresponding adjustment to the cash buffer calculation);
- a requirement that the website address for a CSF intermediary’s platform be included on an AFS licence. If the website address is to be changed, then a licence variation application will have to be made. This is intended to limit the capacity of an AFS licensee operating more than one platform and reduce the risk of intermediaries rebranding CSF platforms inappropriately; and
- where CSF offers are included on a website with other investment options also listed, then the investment options on the website will need to be clearly segregated and provide sufficient information to facilitate an investor making an informed investment decision.
Furthermore, under RG 262 ASIC has significantly expanded the parameters for the data which it will seek from CSF intermediaries. ASIC notes that such data will not be made available to the public in a way that identifies individual CSF intermediaries or offering companies. ASIC has also provided some additional guidance in RG 262 in relation to outsourcing arrangements (including that a CSF intermediary must itself hold the trust account used for the CSF platform) and that CSF intermediaries can rely on ASIC’s registers to undertake reasonable checks on offering companies.
ASIC has also granted certain relief to public companies making CSF offers and operating CSF platforms. The relief includes:
- making amendments to ASIC Corporations (Consents to Statements) Instrument 2016/72 to reduce the compliance burden for CSF platforms associated with obtaining consent for statements in CSF offer documents as outlined in our earlier update;
- issuing ASIC Corporations (Financial Requirements for CSF Intermediaries) Instrument 2017/339, which gives effect to specific minimum financial requirements, including transitional arrangements, for CSF intermediaries discussed above; and
- making amendments to ASIC Class Order [CO 13/762], ASIC Class Order [CO 13/763] and ASIC Corporations (Nominee and Custody Services) Instrument 2016/1156 to provide that retail clients who hold CSF securities through a platform, or a nominee and custody service, have equivalent rights and protections as if they had acquired the CSF shares directly.
The finalisation of ASIC’s regulatory guidance and relief instruments completes the regulatory regime governing CSF offers. The CSF regime has been in operation since the legislation commenced on 29 September 2017.
AUSTRAC annual report discusses fintech engagement
The Australian Transaction Reports and Analysis Centre (AUSTRAC), the regulator responsible for enforcing Australia’s anti-money laundering and counter-terrorism financing (AML/CTF) laws, has released its annual report for 2016-17. The report outlines various aspects of AUSTRAC’s performance.
Relevantly, AUSTRAC outlined the success of its dedicated webpage for fintech businesses and other start-ups, which was established in November 2016. The web page provides information about the AML/CTF regime and AUSTRAC’s role, enabling businesses to have a channel to engage directly with AUSTRAC. The report detailed that AUSTRAC was building closer relationships with emerging entities and industries to provide them with insights regarding the risks and opportunities which may emerge.
The report notes that over 40 direct enquiries were received by AUSTRAC from entities developing innovative new approaches to providing “designated services”, which are regulated under the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth) (AML/CTF Act). AUSTRAC also noted that they met with representatives of start-ups throughout the year to enable those businesses to discuss proposed business models and provide guidance on how their businesses could comply with obligations under the AML/CTF Act.
These initiatives of AUSTRAC reflect its willingness to engage with fintech businesses following the launch of the AUSTRAC Innovation Hub earlier in 2017, a key feature of the Fintel Alliance. If you are a fintech business subject to the AML/CTF Act by providing a designated service (which covers a broad range of financial services activities), then the volume of enquiries AUSTRAC is responding to suggests its fintech webpage and Innovation Hub are helpful first points of contact for understanding your obligations under the AML/CTF Act.
Australian Cyber Security Centre releases 2017 threat report
The Australian Cyber Security Centre (ACSC) has released their annual threat report, finding that advanced malicious cyber activity has increased in “frequency, scale, sophistication and severity” with regard to accessing business and customer data. Cyber criminals have adapted tradecraft to target specific businesses with ransomware and credential-harvesting malware posing significant threats. Cyber criminals have also begun targeting companies that provide products or services through outsourcing arrangements by seeking secondary or tertiary access through the trusted third party.
Fintech businesses should seek to address these issues to the extent they are dealing with third parties in their own supply chains. This is a key risk both for fintechs and incumbent financial services businesses. It is a particularly pertinent warning following the results of the ASX 100 Cyber Health Check report earlier this year. That report indicated that a key shortcoming for large companies was the lack of knowledge held in relation to their dealings with third parties.
ACSC’s key recommendation for business is to invest in prevention through implementing strong cyber security mitigation and incident management strategies such as the Australian Signals Directorate’s Essential Eight. Entities subject to the Australian Privacy Principles (APP) are also reminded that the Federal Parliament enacted the Privacy Amendment (Notifiable Data Breaches) Act 2017 earlier this year (discussed here), which would require APP entities to notify the Office of the Australian Information Commissioner and any potentially affected individuals of an eligible data breach.
ASIC releases 2017-2020 data strategy
ASIC has released their data strategy for 2017-2020, with a purpose of describing their vision for data, objectives and approach in improving how ASIC can “capture, share and use” data. Currently, ASIC uses data for surveillance, enforcement and licensing activities, to develop effective guidance and education, and to inform policy.
As part of the “capture, share and use” data strategy, ASIC determines beforehand what their data needs are. This is aimed at ensuring better use is made of data already held, minimising impact on external stakeholders, and leading to better understanding and responses to misconduct. Key objectives of ASIC’s data strategy are to:
- develop a complete understanding of the economic environment and track its evolution;
- identify high-risk trends around regulated industries;
- detect, understand and respond to behaviour which may lead to poor outcomes for consumers and markets;
- prioritise resources towards higher-risk issues;
- make better and timely decisions through better access to, and use of, data;
- respond swiftly to concerns from government and the public;
- provide evidence to support policy change; and
- secure data to ensure ASIC meets commitments to industry and other stakeholders.
The data strategy is part of the “One ASIC” approach aimed at connecting people, process and technology and culture. Other key data initiatives include the creation of a Chief Data Office, establishing a data and information governance framework, establishing a data science lab, data governance forums and implementing data exchange frameworks with other agencies. Significantly, from a technology standpoint, the data strategy has identified the potential for ASIC to explore options using regulatory nodes and distributed ledger technology in the establishing and maintaining a register of data exchanges. Whether this is achieved in coming years remains to be seen.
Digital Economy Strategy consultation paper released
The Department of Industry, Innovation and Science has released a consultation paper as part of the Australian Government’s Digital Economy Strategy. This strategy is focused on how governments, businesses and the community can adjust to seize the benefits of digital transformation. The paper focuses on three themes:
- enabling and supporting the digital economy;
- building on Australia’s areas of competitive strength to drive productivity and raise digital business capability; and
- empowering all Australians through digital skills and inclusion.
The Consultation Paper notes that there is growing demand for digital infrastructure for data collection, storage and transmission. As part of this growing demand, Australia will have opportunities to build capability in emerging technologies such as 5G mobile phone technology, artificial intelligence and blockchain. Traditional regulatory approaches in areas of privacy and security may no longer be appropriate.
The Consultation Paper takes a position that the adoption and use of digital technologies can be a significant driver of economic growth. The paper highlights that Australian businesses are not fast adopters of technology based on international standards, ranking in the middle of OECD economies. The consultation paper also acknowledges a digital divide exists, where those with low levels of income, education and employment are excluded from the digital economy.
Responses to the consultation paper will close on 30 November 2017.
Government reforms to address phoenixing
The Government has released a consultation paper as part of their commitment to ongoing reform of Australia’s corporate insolvency regime. Phoenix activity refers to both legitimate business rescue activities and serial insolvency to avoid debts. Illegal phoenixing generally involves controlling directors of an entity denying creditors access to the entity’s assets to meet any unpaid debts by stripping and transferring assets from one company to another to avoid paying liabilities.
Given the dynamic nature of early stage fintech businesses and start-ups more generally, where corporate structures can be dynamic and responsive, persons operating within this space should be aware of the possible introduction of phoenixing reforms. As noted in the consultation paper, phoenix activities can overlap with some business rescue activities, or other more accidental activities. If the reforms are introduced, then the activities of early stage companies and those dealing with early stage companies may be impacted. Relevantly, key proposed reforms are:
- the introduction of a Director Identification Number, by which enforcement agencies will verify and track current and historical relationships between directors and their entities;
- introducing a specific offence for illegal phoenixing activity in legislation and having ASIC (or a liquidator) have the power to issue notices to the recipient where they suspect such activity;
- limiting backdating of director appointments and resignations so that where a change in director notice is lodged more than 28 days (or another period) after resignation, the director may still be liable for misconduct occurring up to the point of lodgement;
- having an external administrator disregard “related creditor” votes received in relation to resolutions about removing or replacing an external administrator, to minimise the risk of related creditors frustrating unrelated creditors;
- extending promoter penalty laws, which apply to the promotion of tax avoidance and evasion schemes, to apply to promoters of facilitators of illegal phoenix activity;
- extending the director penalty notice regime to include companies’ outstanding GST obligations, (ie, directors would also be personally liable to pay the amount of GST owing, as well as PAYG withholding and compulsory superannuation contributions);
- increasing the ATO’s powers to garnishee an amount from a third party to cover the amount of requested security;
- introducing a mechanism for identifying and targeting high risk phoenix operators, who will then be subject to early intervention and prevention laws proposed to be introduced (ie, allowing the ATO to retain a tax refund where a person is designated as a high risk phoenix operator and requiring lodgement of all outstanding notifications affecting a tax liability before a refund is issued);
- appointing liquidators on a cab rank system for high risk phoenix operators, or establishing a government liquidator for small to medium size businesses, with a private liquidator appointed on an as needs basis; and
- removing the 21 day compliance period for a director penalty notice issued by the ATO for directors identified as high risk phoenix operators (during the 21 day compliance period, directors are known to dispose of personal assets to avoid such assets being acquired by the ATO).
Phoenix activity can have systemic impacts, such as a loss of market integrity, increased costs to regulators and unfair profit and tender winning advantage over other businesses, driving the Government’s need for reform. The paper highlights that illegal phoenixing activity is becoming increasingly complex and sophisticated, through non-payment of regulatory fees and the creation of complex corporate structures to group assets in certain subsidiaries.
Given that some restructuring activity and general compliance obligations (ie, risks posed by late lodgement of forms) may be subject to the reforms, fintech businesses, start-ups generally and those dealing with such entities (ie, investors, suppliers and other stakeholders) should be aware of the possible implications of the phoenixing reforms.
Basel Committee on Bank Supervision releases fintech consultation
The Basel Committee on Banking Supervision released a consultation document on the implications of fintech, discussing how it will impact banks and bank supervisors in the near to medium term. The consultation document set out ten key observations and recommendations:
- Ensuring safety and soundness and high compliance standards without inhibiting beneficial innovation in the banking sector: The Basel Committee considers this is a balancing exercise between financial stability, soundness of banks, consumer protection and compliance, and, beneficial innovations, which may lead to greater financial inclusion.
- Key risks for banks related to fintech include strategic, operational, cyber and compliance risks: Managing key risks requires the implementation of effective governance structures and risk management processes responsive to new technologies, business models and banking system entrants. Risk management principles recommended for banks include having structures and processes to manage strategic planning in place (ie, allowing banks to adapt revenue and profitability forecasts to new technologies and market entrants) and adapting product approval and change management processes to address dynamic business processes.
- Implications for banks of the use of innovative enabling technologies: Effective IT and other risk management processes are required to address risks of new technologies and implement effective control environments.
- Implications for banks due to growing use of third parties, via outsourcing or partnerships: This requires there be appropriate processes for due diligence, risk management and ongoing monitoring of outsourced functions, with contracts to establish party’s responsibilities, agreed service levels and audit rights.
- Cross-sectoral cooperation between supervisors and other relevant authorities: The Basel Committee considered issues posed by fintech are not only prudential issues but pose other public policy issues (ie, privacy, data and IT security, consumer protection, competition and AML/CTF) and this will require cooperation between regulators with different regulatory functions.
- International cooperation between banking supervisors: This recommendation was made in light of the Basel Committee finding some fintech firms (particularly those offering payments and cross-border remittance services) already operated in multiple jurisdictions and there was a high likelihood that these firms would expand their cross-border operations in the near future (particularly in relation to wholesale payments).
- Adaptation of the supervisory skillset: The Basel Committee considered that bank supervisors will need to assess their current supervision models to adapt to fintech-related developments. This will involve assessing current staffing and training models to ensure knowledge, skills and tools of staff remain relevant.
- Potential opportunities for supervisors to use innovative technologies: As regulators in Australia have been embracing regtech, the Basel Committee recommended supervisors consider investigating and exploring fintech solutions to improve methods and processes.
- Relevance of existing regulatory frameworks for new innovative business models: The Basel Committee recommended bank supervisors review regulatory, supervisory and licensing frameworks in light of new and evolving risks posed by fintech. Bank supervisors should consider whether such frameworks are both sufficiently proportionate and adaptive.
- Key features of regulatory initiatives set up to facilitate fintech innovation: This concerned a common aim amongst bank supervisors to strike a balance between financial stability, consumer protection and innovation, with the Basel Committee noting bank supervisors had adopted significantly different models to facilitate innovation. The Basel Committee recommended bank supervisors learn from each other’s different models in this respect.
The consultation document found that a common theme, across various scenarios which were tested by the Basel Committee, was that banks will find it increasingly difficult to maintain their current operating models as a consequence of technological change and customer expectations. The consultation document is an invitation to both banks and bank supervisors to adapt their models for imminent technological and structural change.
Subscribe to the FinTech mailing list