For fintechs, it could be a year of opportunity – and across the ecosystem much change is afoot. Here’s a reminder of just some of the rulesets likely to shape fintech direction in the months ahead.
Time’s running out for payment providers to be SCA compliant
The Financial Conduct Authority’s (FCA) extension for firms to become Strong Customer Authentication (SCA) compliant comes to an end on March 14, 2021.
SCA – part of the European Union’s second Payments Services Directive (PSD2) - is intended to limit payment fraud and build confidence among providers and users. Relevant firms will need to use two-factor authentication that does not require the user’s mobile.
Laid out by the FCA, the rules apply when a payer:
- Initiates an electronic payment transaction
- Accesses their payment account online
- Carries out any action remotely that may imply a risk of payment fraud
Deadline looms for FCA cryptoasset registration
Cryptoasset regulations are relatively new in the scope of financial guidelines. As the UK works to re-establish itself as one of the world’s largest financial centres, more cryptoasset regulations for the UK market are expected to emerge in the coming years.
Effective January 10, 2021, existing firms undertaking cryptoasset activities must be registered with FCA. This includes firms participating in cryptocurrencies, blockchain, custodian wallet providers and Initial Coin Offerings (ICO). This is to comply with anti-money laundering and counter-terrorist financing (AML/CTF) rules under the Money Laundering, Terrorist Financing, and Transfer of Funds regulations 2017 (MLRs).
Those who are not registered with the authority will have to cease trading.
Reaching equivalence with EU regulations
The Second Markets in Financial Instruments Directive (Mifid II) is the EU’s largest and most onerous rulesets underpinning the continent’s capital markets.
While the UK may not be restricted by the same rules, it will affect how financial firms interact with EU counterparts. The UK is aiming to achieve an equivalence decision in time for the end of the transition period. This means that many of the Mifid II rules will remain the same or similar in the UK alternative. If equivalence is not met, UK member firms will be considered as third country members and need to report as such for the first time.
SMEs to stay data compliant post Brexit
The UK government hopes to achieve data adequacy from the EU after the transition period. This will mean most data protection rules will remain the same and would allow for the free flow of personal data with EU/EEA counterparts to continue.
However, SMEs may need to have Standard Contractual Clauses (SCCs) in place if a data adequacy agreement is not met. This enables businesses to comply with both UK and EU data protection regulations allowing them to legally receive data from EU/EAA businesses.
The Information Commissioner’s Office (ICO) has guidance on building SCCs.
New EU crypto regulations in the pipeline
On September 24, the European Commission published the first draft of its Markets in Crypto-assets regulation (Mica). The new regime forms part of a wider set of publications on Europe’s Digital Finance Strategy. It will clarify which digital assets will be governed by current existing financial services regimes, most likely under Mifid II, and which assets will fall under Mica’s specific regime for crypto-asset services (CAS).
While the regime will not be directly applicable to the UK, it may have a significant impact on the cryptoasset market. It is likely to increase the appeal of the European cryptoasset markets as assets regulated by the new rules are expected to be regarded as safer investments.