A new publication from the UK’s financial regulator signals to firms that they should take steps to manage risks in the use of AI.

By Stuart Davis, Fiona M. Maclean, Gabriel Lakeman, and Imaan Nazir

The UK’s Financial Conduct Authority (FCA) has published its latest board minutes highlighting its increasing focus on artificial intelligence (AI), in which it “raised the question of how one could ‘foresee harm’ (under the new Consumer Duty), and also give customers appropriate disclosure, in the context of the operation of AI”. This publication indicates that AI continues to be a key area of attention within the FCA. It also demonstrates that the FCA believes its existing powers and rules already impose substantive requirements on regulated firms considering deploying AI in their services.

Consumers and service providers should take note of some of the enhanced risks upon an e-money institution’s insolvency.

By Hongbei Li

Technology is rapidly changing the way customers and businesses interact with financial systems. Fintech companies are a driving force behind the disruption of traditional banking and payment services, with regulatory innovation close behind.

In the 12 months to June 2021, electronic money institutions (EMIs) in the UK processed more than £500 billion of transactions, according to Financial Conduct Authority (FCA) data. In 2019, UK EMIs held £10 billion in customer funds, the UK government estimates. By 2025, more than seven in 10 smartphone owners will be mobile P2P payment users. As a major remittance source country, the UK has seen a 30% growth in its digital remittance market in 2021. According to Statista, this market is predicted to grow to more than $4.6 billion by 2025. These trends are fuelling the UK’s ambition to become a world leader in payments innovation.

The initiative includes a competition law sustainability “sandbox” in which market participants could team up to work on sustainable business projects.

By David Little and Pierre Bichet

The Greek Competition Authority (HCC) has announced a public consultation on how competition law rules might be adapted to promote more sustainable business practices. The HCC published a Staff Discussion Paper and held a digital conference to launch the consultation.

The HCC’s exploratory proposals outline a number of novel concepts, including: (1) the creation of a competition law sustainability “sandbox” in which market participants could team up to work on sustainable business projects with some measure of protection from competition rules; and (2) the establishment of an “Advice Unit” comprising experts from different regulatory authorities who could provide informal advice on sustainability-related initiatives. The proposals also envisage the publication of general guidelines defining the contours of legitimate cooperation between rivals on sustainability projects.

With the explosion of AI applications, private equity houses and their portfolio companies must understand where key opportunities lie.

By Tom Evans, Kem Ihenacho, David Walker, Laura Holden, Hector Sants, Claudia Sousa, Catherine Campbell, and Patricia Kelly

Click for larger image.

Artificial intelligence (AI) developments provide increasing opportunities for private equity, including deal sourcing and portfolio company analysis/enhancement, particularly in businesses that can adopt a customer subscription model or leverage big data opportunities. However, the adoption of AI technologies, and investments in new AI businesses, pose significant challenges. To ensure that time and capital are deployed productively, firms must understand the market space and usage for these tools, and the workings and accuracy of any underlying technology. How technology models and algorithms work, where underlying IP resides, and where data is stored are key. Whilst the use of AI is often discussed, it is much less often understood; we are seeing an explosion of AI applications and PE houses and their portfolio companies need to understand where the opportunities are for them to exploit.

A Tool to Secure Deal Opportunities and Drive Portfolio Company Growth 

According to a survey conducted by Intertrust, 90% of private equity firms expect AI to have a transformative impact on the industry. AI-backed data analytics are playing a growing role in analysing and identifying deals. QuantCube Technology, for example, provides in-depth data analysis, drawing on customer reviews and social media posts to develop predictive indicators of events, such as economic growth or price changes. There are now companies offering AI-driven technologies that claim to help source PE deals. While this presents a potentially compelling use of AI for investors, it remains to be seen whether these technologies will deliver results. 

The guidelines create new obligations for financial, payment, and electronic money institutions that will impact cloud outsourcing and deployment of FinTech.

By Fiona M. Maclean and Laura Holden

On 25 February 2019, the European Banking Authority (EBA) published a final report on its draft guidelines on outsourcing arrangements (Guidelines). The report followed the EBA’s publication of draft guidelines in June 2018 (Draft Guidelines) and the ensuing public consultation in September 2018 (Public Consultation).

The Guidelines replace the 2006 Committee of European Banking Supervisors (CEBS) Guidelines on Outsourcing (CEBS Guidelines) and replace and incorporate the EBA’s final recommendations on outsourcing to cloud service providers (Cloud Recommendations). Financial institutions will now only need to consult one set of guidelines for cloud and non-cloud outsourcing.

The Guidelines apply to a wider range of entities (Covered Entities for the purpose of this article) than the CEBS Guidelines and the Cloud Recommendations, including payment or electronic money institutions. The Guidelines now apply to all financial institutions that are:

  • Within the scope of the EBA’s mandate, including credit institutions
  • Investment firms subject to Directive (EU) 2013/36 IV (Capital Requirements Directive)
  • Payment institutions
  • Electronic money institutions

As a result, a wider range of companies, such as FinTech companies, will now face the challenge of remaining agile and competitive in fast-moving markets, whilst managing the administrative and practical challenges of maintaining compliance with the Guidelines.

The Guidelines come into force on 30 September 2019. Any outsourcing arrangements entered into, reviewed, or amended by Covered Entities after that date must comply with the Guidelines. Covered Entities must also update all existing outsourcing arrangements in line with the Guidelines by 31 December 2021. For Covered Entities that are already subject to the Cloud Recommendations, these deadlines will not have any effect on their obligation to comply with the cloud specific requirements – these requirements will continue to apply as they did prior to publication of the Guidelines. An overview of the status of the Cloud Recommendations, per jurisdiction, can be found here.

While “critical and important functions” are subjected to stricter rules, the Guidelines generally apply to all outsourcings by Covered Entities, including intragroup outsourcings, representing a further widening of scope when compared with the CEBS Guidelines. Covered Entities will therefore face additional administrative burdens that they must balance with the need to stay ahead of the competition. Following concerns raised at the Public Consultation, the EBA clarified in the Guidelines that regulators will not consider every outsourcing to a cloud solution as critical or important; rather the same test applies as with other non-cloud service providers, taking into account “cloud specificities”.

Under the Guidelines, the definition of “outsourcing” is based on the Commission Delegated Regulation (EU) 2017/565 and defined as: “an arrangement of any form between an institution, a payment institution or an electronic money institution and a service provider by which that service provider performs a process, a service or an activity that would otherwise be undertaken by the institution, the payment institution or the electronic money institution itself”.

The Guidelines define “critical or important functions” based on the wording of MiFID II and the Commission Delegated Regulation (EU) 2017/565, which includes functions that “if a defect or failure were to occur, would materially impair the continuing compliance of the firm’s activities and obligations”.

To outsource banking and payment services to a third country (i.e., non-EU) service provider, the Guidelines require the competent authorities responsible for supervising each party to have a co-operation agreement in place. Therefore, post-Brexit, the UK’s Financial Conduct Authority will need to agree a co-operation agreement with EU regulators to ensure that cross-border outsourced arrangements can continue between the UK and the EU27.

Regulatory guidance on cryptoassets and digital currency companies may lead to a legitimisation of crypto-businesses as an investable asset class.

By Stuart Davis, Sam Maxson, David Walker, Tom Evans, and Catherine Campbell

Recent and upcoming regulatory guidance on cryptoassets and the regulation of companies engaged in digital currency, such as issuers, crypto-exchanges, crypto-custodians, crypto-brokers, and other service providers, could help facilitate private equity investment in this space. While there has been some institutional investment in crypto-businesses — such as Goldman Sachs’ investment in Circle (owners of the Poloniex crypto-currency exchange) and Tiger Global’s investment in Coinbase — this has been a relatively nascent market with most money coming in the form of early-stage and venture investing.

Click for larger image.

Drivers of Volatility in Cryptoassets Values

Regulatory uncertainty has been a key driver in dampening the market value of cryptoassets. Regulators around the globe have issued warnings that cryptoassets may be regulated financial instruments, and issuers and intermediaries may require licences. Further, the application of AML/KYC rules to cryptoassets has been unclear.

From August 2019, certain existing FCA rules and guidance will extend to payment service providers and e-money issuers in a signal that the FCA wants a consistent approach to consumer protection.

By Rob Moulton, Brett Carr, and Frida Montenius

The FCA has published a Policy Statement extending certain rules and guidance to the payment services and e-money sectors, following a Consultation Paper published in August 2018. The extensions concern the FCA’s Principles for Businesses (Principles) and the Banking Conduct of Business Sourcebook (BCOBS), along with new guidance concerning the communication and marketing of currency transfer services. The FCA has made these changes, aimed at payment institutions (PIs), electronic money institutions (EMIs), and registered account information service providers (RAISPs), with a hope to protect consumers by providing a clear and consistent set of rules that firms must abide by.

Background

The motivation behind the extensions is to standardise the current regulatory approach in order to better align customer expectations of firm behaviour and customer treatment, with the aim of protecting the interests of consumers. The FCA has noted that some firms have been guilty of bad practices, and the extension of rules is a step to foster an environment that prevents consumer harm. With consistent standards that apply equally to all firms — notably including a fast-evolving, ever-changing payments landscape — the new extensions are intended to enhance competition by allowing consumers to make more informed choices while ensuring that consumers are adequately protected by clamping down on misleading communications and other harmful practices.

The PSR will not review the fees and rules set by Visa and Mastercard, but will look at the practice of bundling, and will examine effects on innovation in card-acquiring services.

By Brett Carr, Stuart Davis, and Christian McDermott

Following the publication of its Draft Terms of Reference in July 2018, the PSR has now listened to market feedback and has issued its Final Terms of Reference, marking the launch of its review into whether competition in the supply of card-acquiring services is working well for merchants and consumers.

Card-acquiring services allow merchants to accept payment for goods and services via debit, credit, charge, and prepaid cards. In order to benefit from card-acquiring services, merchants must enter contracts with so-called “merchant acquirers”. Card-acquiring services are often bundled with other services, referred to by the PSR as “card acceptance products” — these include physical card readers (also known as point-of-sale (POS) terminals) and payment gateways (the e-commerce equivalent of POS terminals).

The Final Terms of Reference follow a consultation period on the Draft Terms of Reference, the details of which are covered in Latham’s previous blog post.

By Nicola Higgs, Fiona MacLean, Brett Carr, and Catherine Campbell

Technology outsourcing by financial institutions (FIs) has increased in recent years as FIs look to the latest innovations to improve their day-to-day business processes and to reduce costs. FIs outsource key functions to a host of regulated and unregulated third-party service providers, and the sector is poised for continued growth. According to research conducted by business outsourcing provider Arvato and analyst firm NelsonHall, outsourcing agreements worth £6.74 billion were agreed in the UK last year across all industries (a 9% increase on the prior year), and financial services firms signed £3.26 billion of them. With this continued growth, the outsourcing sector is increasingly likely to be a hotbed of PE deal activity; and, as regulators place a greater focus on outsource providers, deal teams should monitor regulatory engagement and policy developments.

Outsourcing Companies Evolve

IT and business process outsourcing are converging, meaning outsourcing deals are now different to the traditional, bespoke, dedicated service arrangements firms have entered into in the past. Modern-day outsource providers who have grown exclusively as tech companies are looking to meet the demand for processing and administration solutions for financial products and services in a heavily regulated environment. Notably, the Financial Conduct Authority’s (FCA’s) recent Investment Platforms Market Study identified that most investment platforms purchase their technology from third-party providers, and more than half of the platforms the study considered are in the process of re-platforming to a new provider. Less than a third of firms in the study rely on proprietary technology. Areas such as cybersecurity and data analytics have also become increasingly important for the sector, driving demand for specialist third-party providers with robust processes.

The EBA’s draft guidelines on outsourcing will impact cloud outsourcing and institutions’ deployment of FinTech.

By Fiona MacleanCharlotte Collins, and Terese Saplys

On 4 September 2018, a wide audience of interested individuals gathered at Canary Wharf for a public hearing (Public Consultation) to listen to what the European Banking Authority (EBA) had to say in relation to its long-awaited Draft Guidelines on Outsourcing (Draft Guidelines). The Draft Guidelines, which review the existing CEBS Guidelines on Outsourcing published in 2006 (CEBS Guidelines), are the EBA’s opportunity to refresh its recommendations on outsourcing to align more closely with the technical, political, and operational landscape banks face today. The attendees at the Public Consultation raised a number of questions which have, no doubt, given the EBA considerable food for thought. This blog post identifies and explores the key themes of the day. Beyond the key themes identified below, the Public Consultation included discussions of the issues of internal audit, reporting and registration, and supervisory oversight.

Scope

The extension of scope of the Draft Guidelines, as compared to the scope of the CEBS Guidelines, was a particular area of focus during the Public Consultation.

The Draft Guidelines describe their subject matter as “specify[ing] the internal governance arrangements that institutions … should implement when they outsource functions and in particular with regard to the outsourcing of critical and important functions” (paragraph 5 of the Draft Guidelines). The term “critical and important functions” is consistent with the wording used in MiFID II and includes functions which, if a defect or failure were to occur, would materially impair the continuing compliance of the firm’s activities and obligations. In this regard, the Draft Guidelines align with the CEBS Guidelines which described the requirements for “material outsourcing,” a term defined in a similar manner. However, while the CEBS Guidelines noted that “there should be no restrictions on the outsourcing of non-material activities of an outsourcing institution” (Guideline 5), the Draft Guidelines extend to all outsourcing, unless expressly stated otherwise. Many attendees at the Public Consultation noted that this scope was unduly onerous and would become administratively burdensome for firms to manage.

Notably, the broadening of the addressees of the Draft Guidelines (In-scope Entities), to include payment institutions (subject to the revised Payment Services Directive (PSD2)) and electronic money institutions (subject to the e-money Directive), was not discussed in detail at the Public Consultation. However, an attendee raised a question as to the applicability of the Draft Guidelines to industry utilities. The EBA confirmed they had not yet considered this point and advised that they would reflect and clarify the position in the final guidelines.