24 January 2020

Future of tech regulation: Where is it headed? 2020 transnational regulatory update

This article was written by Urszula McCormack and Evan Manolios.

To gaze into the crystal ball of future technology regulation is to peer into the busy workings of global regulatory influencers. And they have certainly been busy.

In the past few weeks alone, the Financial Stability Board (FSB), Bank of International Settlements (BIS), International Organization of Securities Commissions (IOSCO), Financial Action Task Force (FATF), G20 and numerous others, have weighed into the future of tech. Even more recently, BIS released its “Green swan” paper focussing on climate change and financial stability. This will ultimately require strong tech development for systems, data, product development, analytics and supervision.

This alert provides a summary of three key papers issued by the FSB, as well as summarising developments from other influential global policy-makers.

FSB – a focus on BigTechs,[1] cloud and stablecoins

The FSB is an international body focussed on financial stability headquartered in Switzerland. It has released three papers[2] on the disruptions and risks arising from three very topical areas:


We extrapolate some of the FSB’s key findings in relation to each below.

BigTechs in finance

Recently, BigTechs have gained much media attention by their announcements of new financial products (for example, Google’s checking account, Apple Card, and Facebook Pay). Earlier this year, the “Chinese dual”, Tencent and Alibaba, through various joint ventures obtained virtual banking licences from the Hong Kong Monetary Authority. A review of the virtual bank licensees and their shareholders reveals interesting partnerships between BigTechs, technology companies and incumbent financial service providers. The presence of BigTech in finance is hard to ignore, and it is not surprising that the FSB has released its report on Bigtech in finance.

Key messages from the report

The FSB’s key observations in its paper are as follows:  

  • BigTechs have been able to penetrate financial markets – Furthermore, in advanced economies, the FSB observed that BigTechs’ activities are more focussed (eg payments-related functions), while in emerging markets and developing economies, they generally tap into a broader market covering areas such as credit extension, asset management and insurance. 
  • BigTechs’ comparative advantages – Advantages may include established customer networks, brand recognition, and a wide range of customer data and state-of-the-art technology. In the new data economy, BigTechs are well placed – they are able to create momentum by utilising their wealth of customer data from their core businesses and can achieve more tailored products and precise pricing. 
  • kwm-future-of-tech-reg-2020-2
  • BigTechs are at the same time competing and partnering with incumbent FIs – Some BigTechs directly compete with existing FIs in certain areas (eg by setting up their own virtual banks). Others partner with FIs in various forms (eg by providing FIs with various tech-related services such as cloud, data analytics, or by interfacing with customers to facilitate distribution of bank products). In some instances, BigTechs are seeking to utilise incumbent FIs’ licences, compliance framework and controls, while they focus on the non-regulated activities. In many instances, there are upsides to both the incumbent FIs and BigTechs.
  • There are upsides and risks associated with BigTechs’ involve in financial services – On the one hand, BigTechs promote innovation, competition and financial inclusion by introducing cheaper and more diversified products with improved efficiencies. On the other hand, BigTechs’ activities could potentially pose certain risks, such as:
    • directing funds away from the banking system may reduce the profitability as well as resilience of FIs, affecting stability of FIs’ funding and reducing transparency in ownership and governance;
    • interlinkages and interdependencies between BigTechs and FIs may trigger domino effects, which seriously disrupt the market in case any BigTech fails; and
    • in relation to credit provision, new forms of credit assessment may lack rigorous testing, and BigTechs’ ability to maintain credit supply in a downturn may also be uncertain.
  • Ensuring a sufficiently diverse market is also important – BigTechs, with their vast access to customer data, are likely to become crucial market players as direct financial service providers. The FSB has recognised that currently, there is no evidence that BigTechs are hindering competition in financial markets, but nonetheless stresses the importance of future market diversity. The FSB also noted that as BigTechs become increasingly important in the financial system, their failure may cause wide disruption to the broader economy. This risk is more prominent in emerging markets and developing areas than in advanced economies.
  • How should regulators respond? The FSB emphasised the importance of cooperation among policymakers and regulators across banking and non-banking sectors, and also via international fora. Given the sizes of and risks associated with the BigTechs’ financial activities, the FSB suggested that BigTechs should be subject to financial regulations as FIs. The FSB also commented that regulators may consider imposing reciprocal data-sharing obligations on big techs to mirror open banking initiatives such as PDS2, such that there is a level playing field for competition.  In our view, this remark is consistent with the growing trend of domestic regulators to promote data sharing and open banking, for example the regulatory regimes being implemented in Australia, Hong Kong SAR* and United Kingdom.

Cloud - third-party dependencies

As financial institutions often use and increasingly depend on the cloud services provided by the same BigTechs that may start moving into their competitive territory, there is an extra layer of complexity around the interlinkage between the two, which regulators are vigilantly monitoring. This subject was considered in the FSB’s report on Third-Party dependencies in cloud services.

Key messages from the report

The FSB’s key findings demonstrated the strong benefits of cloud, but also signalled flags that merit regulatory attention:

  • Cloud usage is growing – Responses from a global survey of FIs indicated that global and regional cloud service providers are highly concentrated, and that although FIs are reportedly still at an initial stage in their deployment of cloud technology, there is a trend of moving core systems to cloud.
  • Cloud services have both cost-saving and technical benefits for the industry – Utilising third party cloud services frees up capital by avoiding the need to establish and maintain expensive IT infrastructure. Moreover, FIs may leverage the tech-knowhow and geographical locations of large cloud providers to achieve geographic diversity and risk-resilience.
  • Regulators face access difficulties – Knowledge asymmetries, contractual, cross-border and/or legal restraints mean that it may be difficult both for FIs to oversee the cloud services and for regulators to exercise access rights. It is also uncertain to which extent FIs are prepared for possible unexpected outages. Market domination by a small concentrated group of service providers amplifies the risks of systemic failure.

For businesses which engage third parties in cloud services as well as cloud service providers, it is worth monitoring global developments on the subject. For example, the Securities and Futures Commission (SFC) has had regard to a number of the abovementioned factors as part of its recent Circular regarding the “Use of external electronic data storage”, which is very much focussed on providing a framework for cloud data storage, and ensuring that the SFC retains prompt and appropriate access rights as needed. See our alert here for more information on this circular.

Regulatory issues of stablecoins

In this brief report, the FSB expressed its view that global stablecoins (GSCs) may become “a source of systemic risk”, although due to their novelty, very limited information is currently available for solid assessment. Amidst all the uncertainties and speculations, the FSB warned of financial stability risks GSCs may introduce. This is particularly because of their potential to establish a global user base, infiltrate domestic financial systems, and substitute fiat currencies. There was also the potential for GSCs to open up a pandora’s box and cause serious erosions in market competition, data protection and financial crime activities given privacy and pseudonymity related features of some virtual assets.

The FSB suggested that regulators should build a thorough understanding of the individual components of stablecoin arrangements. Based on this understanding, regulators should then identify how the current domestic legal framework applies to and addresses the risks under stablecoin arrangements. The FSB also emphasised the importance of cross-jurisdictional co-operation in ensuring that national regulations are compatible.

Recent discussions on GSCs across the international regulatory fora (as we summarise in the next section) echo with the FSB’s wariness about the potential systemic risks surrounding GSCs, and demand suitable risk-management to be undertaken by both stablecoin developers and global regulators. For example, the G7 Working Group on Stablecoins (Working Group) published a report in which it identified a range of risks and challenges associated GSCs, and expressed its belief that GSC projects should not commence operation unless the risks and challenges identified are adequately addressed.  The Working Group also stressed the importance of cross-border collaboration, and suggested that national regulators adhere to principles established by standard-setting bodies to ensure international consistency.  IOSCO and the European Central Bank (ECB) also published statements and notes expressing similar views.  

At the same time, innovation is still highly prized. On that note, the Hong Kong Monetary Authority and Bank of Thailand have just issued their report on their collaborative “Project Inthanon-LionRock” effort to explore a potential Hong Kong Dollar-Thai Baht blockchain-based cross-border payment arrangement, and several other projects are on foot internationally.”

What are other global trend-setters saying?

Multiple regulators are looking at technology, new asset classes like virtual assets, and regulation. The following table summarises a number of key developments you should know about.

Transnational body

Key development

Further information or actions

Virtual asset and general blockchain developments

Bank for International Settlements

Consultation – Virtual asset regulation

The BIS has released a consultation paper on “Designing a prudential treatment for crypto-assets”, which:

  • summarises the features, functions, potential sources of value and additional factors that could affect the risk profile of crypto-assets;
  • outlines the general principles which inform the design of a prudential treatment for crypto-assets;
  • sets out the channels of bank exposures to crypto-assets, and risks arising from crypto-asset exposures;
  • gives an illustrative example of capital and liquidity requirements for high-risk crypto-assets; and
  • seeks opinions on the development of a prudential treatment for crypto-assets.

Feedback on how this asset class should be regulated going forward is due on 13 March 2020.

Whilst BIS thought leadership and guidance were particularly relevant to banks, all stakeholders are encouraged to respond.  Many virtual asset firms and technology players rely on banks, so it’s important to engage on this topic.


Report – Optimising design of wholesale digital tokens

The BIS issued a report exploring:

  • the concept and operational model of wholesale digital token arrangements;
  • potential advantages of wholesale token arrangements over traditional account-based settlement assets; and
  • potential design choices and questions token developers may consider to ensure the success and compliance of wholesale digital token arrangements.

Whether you are a token developer, a business which is interested in exploring alternative payment arrangements or a crypto-enthusiast, this report gives a concise overview of the concerns around wholesale digital token arrangements.


ReportBuilding regulation into blockchain finance

This BIS working paper makes the case for embedding a regulatory framework for compliance in tokenised markets through the design of the market’s distributed ledger technology. The working paper outlines the proposed advantages of using blockchain technology as a “regtech” based tool, as well describing the key principles that should govern a regulatory framework to use such technology for financial supervision.

This working paper is useful to track as compliance as a service grows with the use of blockchain technology.

G7 Working Group on Stablecoins (Working Group)

Report – Impact of stablecoins

The Working Group released a detailed report regarding stablecoins, which:

  • gives an overview of stablecoin arrangements and their potential contribution to the current payment ecosystem;
  • summarises the regulatory and policy challenges surrounding stablecoins, and in particular, GSCs;
  • discusses how the existing regulatory framework apply to stablecoins; and
  • anticipates the relevant public stakeholders to map out the way forward.

According to the Working Group, the FSB will submit a consultative report to the G20 Finance Ministers and central bank Governors in April 2020, and the final report will be released in July 2020.

International Organization of Securities Commissions (IOSCO)

Statement – IOSCO’s study of GSCs

IOSCO published a statement regarding stablecoins, commenting that:

  • stablecoins should be subject to IOSCO Principles and Standards because of their resemblance to regulated securities; and
  • regulators should take a case-by-case approach to GSC initiatives to analyse what requirements and liabilities apply to sponsors and distributors; and
  • IOSCO will continue to work with regulators and other standard setting bodies to respond to identified risks of GSCs.

Keep an eye out for the FSB report on stablecoins upon its scheduled release this coming July.

European Central Bank (ECB)

Report – Innovation and its impact on the European retail payment landscape

The ECB issued a note on the impact of innovation on the following three topics:

  • European payments strategy – the ECB acknowledged that the European payments market lacked a pan-European payment solution for point-of-sale and online payments, and encouraged market-based initiatives in this regard.
  • GSCs – while the ECB cautioned against the underlying risks of GSCs and stressed the necessity of cross-jurisdictional coordination among regulators, it also recognised the value of innovation.
  • Central bank digital currency (CBDC) – CBDC can meet the need for a pan-European payment solution and ensure the general public’s undisturbed use of central bank money as physical cash declines. The ECB expressed its determination to continue to explore a potential CBDC, while ensuring that the initiative would not stifle innovation in the private sector of retail payments.

Keep an eye out for further developments. As we summarise below, the ECB also recently published a proof-of-concept on embedding AML/CFT measures within a CBDC. Overall, the ECB has demonstrated a “crypto-friendly” stance, and we expect interested European entities will closely follow this trend.   

Anti-money laundering and counter-terrorist financing developments

The Financial Action Taskforce (FATF)

Consultation – Digital identity systems for customer due diligence

The FATF has published a “Draft guidance on digital identity for public consultation” (Draft Guidance), which:

  • summarises the key features of digital identity systems and the FATF requirements for customer due diligence;
  • describes the benefits and risks of digital identity systems for AML/CFT compliance;
  • lays down a two-step risk-based approach to using digital identity systems for customer due diligence, including understanding the assurance levels of the digital identity system, and making a risk-based determination of whether the digital identity system is appropriately reliable; and
  • seeks opinions on various specified questions relating to the role of digital identity systems in AML/CFT.

Keep an eye out for updates and amendments scheduled to be released in February 2020.

Digital identity systems are increasingly embraced as a useful tool in customer due diligence. The Draft Guidance helpfully outlines the relevant risks and practical considerations. All interested entities which use or are thinking about shifting to digital identity systems in their customer due diligence practice should incorporate FATF’s suggestions in their RBA.


Warning – money laundering risks from “stablecoins” and other emerging assets

The FATF published a warning that:

  • countries must implement the FATF’s Guidance for a Risk-Based Approach to Virtual Assets and Virtual Asset Service Providers (Virtual Asset Guidance), and the degree of compliance will be assessed as a part of the mutual evaluations;
  • global stablecoins and their service providers could potentially cause ML/TF risks in the virtual asset ecosystems, and must be subject to AML controls; and
  • the FATF is actively monitoring emerging assets and may consider further clarifications on how its standards apply to the emerging assets.

Familiarise yourself with the Virtual Asset Guidance if you are a virtual asset service provider or are otherwise engaging in virtual asset-related activities. Previously, we’ve written about the Virtual Asset Guidance, which you may find helpful in having an overview of your obligations under it.  


Proof of concept – Balancing privacy and AML/CFT enforcement in electronic payments via central bank digital currency (CBDC)

The ECB has published a brief proof of concept for a simplified digital cash (referred to as CBDC) payment system which strives to strike a balance between privacy in low-value transactions and the enforcement of mandatory AML/CFT controls for higher-value transactions. The core of the system is a new concept of “anonymity vouchers”, which are distributed to users by the AML authority to enable anonymous transfers of CBDC to a limited extent.

Keep an eye out for further developments in the ECB’s CBDC initiative. Although the ECB emphasised that the proof of concept did not imply any plan of proceeding with CBDC, it also stated that it was open to act when such need arised in the future.

Environmental, social and corporate governance


The green swan – Central banking and financial stability in the age of climate change

This recent BIS paper identifies climate change as a key future source of financial and price instability given the ability of climate change to generate physical risks and transition risks. Despite challenges in incorporating climate-related risk into stability monitoring, BIS argues that if left unchecked, climate change could be the cause of the next systemic financial crisis through a series of “green swan” events.[3]

BIS makes the point for climate change to be considered as part of all economic and forecasting models, while at the same time arguing that many traditional backward-looking risk assessment models may be inappropriate for the future systemic risk posed by climate change.  

Climate change is increasingly become a priority area for financial regulators in multiple jurisdictions and this trend will undoubtedly continue.   

This paper is therefore a “must-read” for those involved in governance and legal/compliance, but also for those looking to build products to satisfy growing demand for ESG-compliant investments.

There will also be a need for technology innovation to support this growing area, particularly in the areas of systems, data, product development, analytics and supervision.  Scoring methodologies, impact measurement, reporting mechanisms and reliable data require particular focus.

Key takeaways

Pulling together the wealth of global regulatory developments, we give our final take on the current state of play on BigTechs and global regulatory trends:

  1. BigTechs’ engagement in financial activities is not new, but regulators are now taking a greater interest in how to best regulate BigTechs. Multiple research institutions and international bodies have published articles with similar observations as the FSB. For example, in June 2019, the BIS published its take on the BigTech phenomenon, suggesting a new regulatory compass to facilitate policy-making and cross-sector cooperation among regulators in finance, competition and data protection. The legal landscape is changing rapidly to catch up with the market trend. Some have already expressed worries that FinTech start-ups may also get drowned in this new wave of regulating BigTechs, and innovation will be stifled. The FSB’s acknowledgement that “regulation [should be] proportionate to the relative size and risk of both large BigTech and smaller FinTech firms” offers comfort and sensible view in this regard.
  1. Utilisation and monetisation of data is a tricky issue. The FSB’s seriousness in monitoring data use by BigTechs shows that data not only increases competitiveness in businesses, but also brings responsibilities and burdens in compliance. FinTech firms with less market share and less prominent presence will presumably attract less regulatory oversight than BigTechs do. Nonetheless, FinTech firms should be mindful to ensure that their use of data accords with legal requirements. Both legal challenges and exciting opportunities lay ahead.
  1. Cloud service providers continue to be under the spotlight. As more FIs use cloud services, there is an increased regulatory effort in dealing with such risks. Clear local guidance from regulators on the subject is welcome to ensure clarity for both service providers and regulated entities. However, seeing how requirements such as those recently imposed in Hong Kong play out in practice will undoubtedly influence others on issues such as data access and localisation.
  1. Global regulatory bodies consider stablecoins a systemic potential risk. As we have briefly summarised in the regulatory update table, many global standard-setting organisations have expressed their concern regarding stablecoins and the associated risks to the existing central banking framework. The future of stablecoins is still full of uncertainties, but we expect to see an uptick in their regulation to mitigate the above-mentioned risks. We recommend that anyone dealing with stablecoins stay abreast of regulatory developments, and also obtain advice about the regulatory nature of the particular stablecoins they deal in.
  1. Novel products, asset classes (like virtual assets) and distribution channels lead to new money laundering and terrorist financing typologies, which in turn results in new controls and guidance.
  1. Innovation remains a priority.


Exciting times await. Please let us know if you would like any further information on any of the abovementioned topics.

This is general information only and should not be relied on as legal advice.

[1] “BigTech” is commonly used to refer to the handful of major technology companies, such as Google, Facebook, Tencent and Amazon that dominate the technology landscape.

[2] The FSB, BigTech in Finance: Market development and potential financial stability implications, issued December 2019; Third-party dependencies in cloud services: Considerations on financial stability implications, issued December 2019; and Regulatory issues of stablecoins, issued October 2019.

[3] “The “green swan” concept is a variation on the concept of a “black swan” for the arena of climate change and is explained more fully in Box A on page 3 of the paper.

*Any reference to “Hong Kong” or “Hong Kong SAR” shall be construed as a reference to “Hong Kong Special Administrative Region of the People’s Republic of China”.

Key contacts

Data Central

Have you checked out our new Data Hub? Data Central contains a range of resources to help our clients minimise the legal, regulatory and commercial risks this data-driven environment presents and ensure that its full value is being realised.

A Guide to Doing Business in China

We explore the key issues being considered by clients looking to unlock investment opportunities in the People’s Republic of China.

Doing Business in China
Share on LinkedIn Share on Facebook Share on Twitter
    You might also be interested in

    This alert sets out the key features of Southbound Bond Connect.

    28 September 2021

    This article summaries important information about Wealth Management Connect.

    20 September 2021

    Very shortly, the U.S.-based Alternative Reference Rates Committee (ARRC) will make its much-anticipated formal recommendation of forward-looking term Secured Overnight Financing Rates (Term SOFR)...

    27 July 2021

    It’s official. On 5 March 2021 the UK Financial Conduct Authority (FCA) announced that all LIBOR settings will either cease to be published by any administrator or no longer be representative, with...

    09 March 2021

    Legal services for your business

    This site uses cookies to enhance your experience and to help us improve the site. Please see our Privacy Policy for further information. If you continue without changing your settings, we will assume that you are happy to receive these cookies. You can change your cookie settings at any time.

    For more information on which cookies we use then please refer to our Cookie Policy.