Search This Blog

Wednesday, 17 August 2022

FCA Consumer Duty - Final Rules and Start Dates

The FCA has published its final policy statement and rules implementing its new Consumer DutyThe FCA has also published Guidance on how the Consumer Duty should work in practiceFirms will need to apply the Duty to new and existing products and services that are open to sale (or renewal) from 31 July 2023; and to products and services held in closed books from 31 July 2024. However, the FCA says that firms must have their board's approval for an implementation plan by 31 October 2022 and take certain other steps outlined below. I summarised the general proposal for a Consumer Duty in February. This post contains my own notes of some changes to that approach and some key 'lessons' that emerged from the consultation, but is not exhaustive and does not constitute advice of any kind and must not be relied upon to make any decisions or as any guide to implementation. If you would like advice, please let me know.

Not retrospective

While the Consumer Duty applies to new and existing products/services and closed book products, the FCA says this is not retrospective. Actions taken before the Duty comes into force will be subject to the FCA rules that applied at the time. Firms don't need to consider whether any actions in the past were in breach of the Duty. 

The Duty covers only the parts of FCA rule books that apply to a firm

Where only certain aspects of a 'sourcebook' of FCA rules apply, all the components of the Consumer Duty apply (the Principle, cross‑cutting rules and the outcome rules) but only to the areas of the firm's activities that are covered by those rules (e.g. regulated buy‑to‑let mortgages are subject only to rules on financial promotion in MCOB and only relevant aspects of the Duty – in relation to communications – would apply). 

The Consumer Duty applies to non-customers!

The Duty applies to any authorised firm that can 'determine or materially influence' retail customer outcomes, including customers with whom a firm does not have a direct relationship. Therefore, it applies to firms that can influence material aspects of, or determine aspects of the product or service design and distribution chain, such as: 

  • the design or operation of retail products or services, including their price and value;
  • the distribution of retail products or services;
  • preparing and approving communications that are to be issued to retail customers; and
  • customer support for retail customers. 

Liability for breaches of the Duty in other links of the distribution chain

Each firm must notify the FCA if they become aware that another firm in the distribution chain is not complying with the Duty; and notify other firms in the distribution chain if the firm thinks they have caused, or contributed to, harm to retail customers.

However, the Duty applies only to the extent that a firm is responsible for determining or materially influencing retail customer outcomes; and proportionately, in a manner that reflects the firm’s role in the distribution chain and its ability to influence retail customer outcomes. 
Where a firm is already subject to rules on product design or the assessment of value, complying with those rules will also satisfy relevant parts of the Duty.

Firms have different responsibilities depending on whether they're classed as the manufacturer or distributor of a product or service:
  • Manufacturers: create, develop, design, issue, operate or underwrite a product or service. More than one firm may be involved and intermediaries may be co‑manufacturers where, for example, they set the parameters of a product and commission other firms to develop it. 
  • Distributors: offer, sell, recommend, advise on, propose or provide a product or service - regardless of whether other rules or regulations classify the firm as an 'adviser', 'agent', 'appointed representative' or 'distributor'.
Generally the manufacturer’s responsibility is to identify the target market. Distributors may have a specific distribution strategy to supplement the manufacturer’s strategy, but it must be consistent with the manufacturer’s intended distribution strategy and the identified target market.

This does not mean firms are responsible for the activities of other firms or must oversee the actions of others in the distribution chain. But where a firm can reasonably foresee harm to a retail customer, it should act where it can and raise any issues with other relevant parties. 

Unregulated but ancillary activities are in scope

Unregulated activities are subject to the Consumer Duty where they are 'ancillary' to a regulated activity, i.e. carried on in connection with a regulated activity; or held out as being for the purposes of a regulated activity; or necessary for the completion of a regulated activity. 

For instance, product design or customer support are not themselves regulated activities but are 'necessary activities linked to regulated activities'. But selling a separate non‑financial services product while a regulated activity is performed where completion of the regulated activity does not depend on sale of the unregulated product, would not be ancillary.

The FCA found some consumer harm in the e‑money and payment services sectors in which the Duty is expected to play a key part in raising standards. In May 2018, the FCA sent a Dear CEO letter to firms expressing concerns over explanations of how customers' funds are protected; and it has concerns that customer support standards fall where support capacity hasn't kept pace with demand, or firms don't understand their complaints handling obligations.

Territorial scope

Where the chain includes non‑UK distributors selling to non‑UK customers, manufacturers will not be able to gather the same amount of information as when only dealing with UK‑based firms. In this case, they should use any available information to support their work under the Duty but would not be expected to obtain information from firms that are not subject to the Duty.

Outsourcing 

Unless an FCA‑authorised outsource services provider can determine or has a material influence over retail customer outcomes, it would not be subject to the Duty.  The firm outsourcing the relevant process to the service provider will remain responsible for both the activities of the service provider (as per the systems and controls rules in SYSC 8) and meeting the relevant aspects of the Duty.

Products can breach the Consumer Duty as they age

Some older products no longer represent fair value for customers compared to newer products or the contemporary market. Firms must be "confident there is a reasonable relationship, on an ongoing basis, between the price the customer is paying and the benefits of the product or service". 

A product or service "is much more likely to offer fair value" if it meets all of the other elements of the Duty (designed to meet the needs of its target market, transparently sold, customers can choose to switch or exit, customers are properly supported). Firms must consider conditions that applied when products were designed and sold; and can consider the lifetime costs of the product when assessing fair value (e.g. lenders can take account of the costs of providing credit and financing the credit). 

If a firm identifies a product that is not fair value, the firm would not amend 'vested contractual rights' but would need to take appropriate action to avoid causing foreseeable harm and provide fair value, e.g. by changing non‑vested fees or charges, where doing so would not impact on any vested rights; providing additional support or information; or offering forbearance, such as a pause in payments, to help mitigate any harm.

Firms buying old 'books' of business or products

The selling firm must provide information to the buying firm to help it comply with the Consumer Duty going forward. Where the buyer has either limited regulatory permissions or which is exempt on certain conditions (e.g. securitisation SPVs holding mortgages or consumer credit, the unregulated firm would not be subject to the Duty, but would be bound by general consumer law, including the Consumer Protection from Unfair Trading Regulations 2008; and the general standards of conduct anticipated by the Consumer Duty may be relevant to determine any breach. 

The buying firm must also gather relevant information from the selling firm to be able to comply with the Consumer Duty, e.g. in relation to product and service design and value.

What if most rival firms are not acting 'prudently'?

The FCA considers the activities of a ‘prudent firm’ to be an objective standard, rather than "enabling firms to benchmark their compliance to existing low standards and poor practices". 
A prudent firm will fully embed the Duty, act in good faith to meet its requirements, comply with all other relevant law (for example the Equality Act 2010) and deliver good outcomes for consumers. This is what we will expect to see from all firms across retail markets.
A new Principle

The introduction of the Consumer Duty includes the addition of a 12th Principle for Business ("A firm must act to deliver good outcomes for retail customers"). Where the Duty applies it displaces Principle 6 (A firm must pay due regard to the interests of its customers and treat them fairly) and 7 (A firm must pay due regard to the information needs of its clients, and communicate information to them in a way which is clear, fair and not misleading).

While this overarching standard of conduct is 'clarified and amplified' through 'cross-cutting rules' and the (non-exhaustive/exclusive) 'four outcomes' it must be judged on its own, in terms of what is reasonably expected given the nature of the firm's role and the product or service it offers.

Principles 6 and 7 will continue to be applicable to firms and business activities outside the scope of the Duty, but the FCA believes the explanatory materials related to those Principles may be helpful to firms in considering their obligations where the Duty does apply (e.g. "where a piece of guidance begins with ‘in order to treat customers fairly a firm should…’"). However, Principle 12 imposes a higher and more exacting standard of conduct than Principles 6 and 7, so failure to act in accordance with existing guidance on Principles 6 and 7 is likely to breach Principle 12.  

Cross-cutting rules

The 'cross‑cutting rules' underpinning the Consumer Duty require firms to:
  • act in good faith towards retail customers;
  • avoid foreseeable harm; and
  • enable and support retail customers to pursue their financial objectives.
Firms do not have a responsibility to protect customers from all foreseeable harm or risks they understood and accepted. However, what is foreseeable is dynamic, so firms must detect and address new or emerging sources of harm, e.g. through consumer complaints, management information, press reporting, and FOS decisions and FCA communications.

This does not remove customers’ responsibility for making decisions, or prevent them from making decisions not in their interests, but firms are responsible for establishing an environment in which consumers can act in their own interests. To do so, firms must consider the limited experience, behavioural biases and the impact characteristics of vulnerability can have on customers in the target market "at all stages of the product lifecycle"; monitor their communications to ensure that customers understand them and those communications help customers to make effective decisions; and monitor and regularly review the customer outcomes to ensure that the products and services deliver good outcomes for retail customers. The firm's resulting actions would depend on what is within the firm’s control, based on their role and knowledge of the customer. An advisory service provider, for instance, should understand more about the individual objectives of the customer than a non-advisory service provider, and would need to act on that knowledge. 

When supporting a customer to pursue a financial objective, firms are not required to go beyond what could reasonably be expected of the firm delivering their products and services or to carry out activities  they are not authorised to undertake.

The Duty (including the cross‑cutting rules) could apply at both target market level (in the product/communications design) and, where they are providing a bespoke service or tailored, advice or communication, at the individual customer level. 

Four Outcomes

The “four outcomes” relate to: 

  • the quality of firms’ products and services;
  • the price and value of products and services: 
  • consumer understanding; and
  • support for consumers.

Generally, firms must consider the needs, characteristics and objectives of customers in their target market, including those with characteristics of vulnerability (visual impairment, suffering bereavement,  low financial capability). Firms don't have to adopt an "inclusive‑design" methodology but might wish to consider doing so.  

The Duty applies in a proportionate way based on the standard that could reasonably be expected of a prudent firm. Firms must consider what is reasonable in the relevant circumstances in relation to the nature of the product, the characteristics of the customers in the target market and the firm’s role in relation to the product. Focusing on outcomes avoids a one‑size‑fits‑all approach: where risks are low,  less additional action may be required.

Price and Value Outcome

The 'price and value' rules aim to ensure "a reasonable relationship between the price a consumer pays for a product or service and the benefits they receive from it". A product or service that meets all of the other elements of the Duty (designed to meet the needs of its target market, transparently sold, consumers are properly supported) is generally much more likely to offer fair value because of the benefits received and customers have the information they need about the benefits and limitations of what they are buying to select an alternative product.

The FCA includes examples in the Guidance of good outcomes and the behaviours.

Firms do not need to quantify non‑monetary costs and benefits, but must "at least provide qualitative consideration of these factors, especially if these are a significant part of their business models".

A value assessment is not required where the product or service does not have any financial or non‑financial cost to the consumer (e.g. "debt advice funded through other sources"). But manufacturers of 'free' products or services should still consider whether their customers are 'paying' in non‑monetary terms, and whether those costs are reasonable in relation to the product’s benefits (e.g. lost interest on balances in 'free' current accounts; fees or use of their account data).

Differential pricing is not always harmful, e.g. clear and transparent upfront discounts where the firm can demonstrate that both customers with/without discounts are receiving fair value. The rules do not prevent cross‑subsidies between products or require cost‑plus pricing; and they do not prevent firms from selling similar products with different prices across various brands, as long as both are fair value. But continually increasing the prices on renewal for loyal customers ("price walking"), for example, can lead to some consumers making significant overpayments which do not provide fair value and would not satisfy the Consumer Duty. 

Firms are not required to duplicate value assessments and are responsible only for the prices they control not to challenge other firm’s value assessments.

Distributors must ensure charges accruing down the distribution chain do not cumulatively result in the product ceasing to provide fair value. To enable this:
Manufacturers should provide distributors with the results of their value assessment, but they do not have to include sensitive information such as breakdown of firms’ margins or risk‑based pricing. Information shared can be a high‑level summary of the benefits to the target market, information on overall prices or fees and confirmation that the manufacturer considers that total benefits are proportionate to the total costs.
Firms already subject to fair value rules will meet the Duty by complying with those rules, but some firms - such as payment and e‑money firms - have existing disclosure rules and requirements that do not equate to the price and value outcome, so additional compliance work would be required for e-money and payment institutions. 

While denying that elements of the Duty will necessarily raise costs and therefore prices, the FCA states:  
Firms selling innovative products at a higher price may still be providing fair value if they offer increased benefits to consumers. In our view, increased consumer trust and healthier competition would support innovation and encourage new entrants to the market, with firms competing to drive up quality for consumers.
Consumer Understanding

Firms must not only continue to meet information and disclosure requirements, but also consider the purpose of all their customer communications (conversations with advisers, online, in letters or contracts, individually and as a whole) and the outcomes they are focused on. For instance, unless a template is mandated, a firm could adopt a layered approach to explain context or key information in a simple way, signposting more detailed information.

As will the Duty generally, the scope of this outcome is determined by a firm’s role and authorisations/permissions. A firm is not authorised to provide advice must equip its customers with information to make effective decisions in a way that does not amount to advice. 

The FCA accepts that firms may not be able to directly communicate the availability of new product offerings to customers where the customer has decided to opt out, or has not consented to receive, such communications under the Data Protection Act (and UK GDPR). 

Firms do not need to tailor all communications to meet the individual needs of each customer (except on a one‑to‑one basis where appropriate), but generally only need to take into account the characteristics of customers in the target market more broadly, including characteristics of vulnerability. Firms must understand their customer base and target market for their products and services. In general terms, for instance, the FCA found that one in seven adults have literacy skills at or below those expected of a nine‑ to 11‑year‑old and 17.7 million adults (34%) have poor or low levels of numeracy involving financial concepts. So, communications for even a simple product aimed at the mass‑market must take these characteristics into account and communicate information in a way that supports understanding by such customers. Communicating about a complex product to a more sophisticated retail target market might reasonably be different.

Characteristics of vulnerability in their customer base or target market, such as as inadequate or erratic income, over‑indebtedness or low savings among potential mortgage customers may mean that the availability of support for customers in financial difficulty should be prominently signposted; or a clear way for consumers with a hearing or visual impairment to request communications in a format that meets their needs. Tailored communications may be needed where it becomes apparent to a firm in, say, a conversation with an individual customer that they require particular information or have a specific characteristic of vulnerability (not generally characteristic of the target market).

Firms should test whether consumers can identify and understand the information needed to make effective decisions and that the approach to testing delivers good outcomes. This information customers need is likely to include:
• any actions required by customers and any consequences of inaction;
• the key features, benefits, costs and risks of a product or service where customers need to evaluate or make a choice about the product or service.
• how customers can access any additional information or support they might need.
When communicating on a one‑to‑one basis, it is reasonable to ask the customer if they understand what they have been told and have any further questions.

Firms should apply the same test standards and capabilities to ensure communications are delivering good consumer outcomes as they do to communications designed to generate or maximise sales and revenue. That does not mean all communications must be tested first, but ‘where appropriate’.

Consumer Support Outcome

Firms must ensure the channels of support (e.g. telephone, email, in branch, text, written, webchat, video calls) meet the needs of customers, including those with non‑standard issues and characteristics of vulnerability.

Firms should monitor support, take relevant feedback into account, and look for signs that may indicate they are not meeting the needs of their customers and take reasonable steps to address any shortfall in their support. 

FCA guidance on the fair treatment of vulnerable customers provides examples of how different vulnerabilities can make certain channels of support unsuitable. 

A product with a digital‑only support offering could meet the needs of a specific tech‑savvy target market, so an additional non‑digital full‑service channel would not be needed, but there are still various factors for it to consider to ensure the channel delivers good customer outcomes.

Where firms outsource support or use a third‑party service provider, the usual regulatory principle applies on outsourcing and third‑party arrangements apply, and firms cannot delegate any responsibility to a third party but remain responsible for ensuring the support provided meets the Duty standard. The firm should have systems and controls in place to monitor this and provide assurance that it meets its regulatory obligations.

The consumer support outcome must extend to scenarios where a person is authorised by a customer, or by law, to assist in the conduct of the customer’s affairs. Where a person is representing a customer, such as where a power of attorney applies, firms must provide the same level of support to that assistant or representative. But this does not extend to services provided by regulated firms, such as where a mortgage intermediary is dealing with a lender. There the mortgage lender is seen as a 'manufacturer' and the mortgage intermediary a 'distributor' rather than a representative of the customer, and they must not interact in a way that has an adverse effect on the support and outcomes for the customer.

No Private Right of Action

Controversially, the FCA has not allowed retail customers a private right of action in the courts (PROA) to enforce the Consumer Duty directly against regulated firms. This is explained by suggesting that it would 'create asymmetry in our rules' in a way that reduces consumers’ access to redress for breaches of the Duty (which assumes that it becomes the only way to seek redress, rather than also allowing referrals of complaints to FOS).

Consumer advocates might wonder if a PROA might actually reveal deficiencies in how the FCA supervises the implementation of the Consumer Duty, which is bound to be fraught. 

However, the FCA also has the power to require restitution from firms in breach of its rules.

Next steps toward implementation of the Consumer Duty

The FCA expects that:
  • By 31 October 2022, firms’ boards (or equivalent management body) should have approved their plan to implement the Consumer Duty, with evidence they have scrutinised and challenged the plans to ensure they are deliverable and robust. Firms will be asked to share their plans, board papers and minutes with supervisors and be challenged by the FCA on the contents.
  • Boards (or equivalent management bodies) should maintain oversight of firm’s implementation plans to ensure they remain on track, and that the work to review and improve the firm’s products and services is sufficient to meet the Duty standards (several steps below would likely require board approval in any event). Firms should take a risk‑based approach and prioritise the implementation work that is likely to have the biggest impact on consumer outcomes (e.g. reviewing the most complex or risky products and most significant communications ahead of others). At the end of implementation period, boards (or equivalent management bodies) should assure themselves that their firm is complying with their obligations under the Duty, and ensure the firm has identified any potential gaps or weaknesses in their compliance and any action needed to remedy this.
  • Product/service manufacturers should aim to complete their reviews to meet the 'four outcome' rules for existing open products and services by the 30 April 2023, and:
• share with distributors by the end of April 2023 the information necessary for them to meet their obligations under the Duty (e.g. price and value, and products and service outcomes); 
• identify where changes need to be made to existing open products and services to meet the Duty by the end of 31 July 2023.
  • During this process, firms must prioritise action to remedy any serious issues they detect that are causing immediate consumer harm; and report to the FCA any significant breaches of any existing rules (including the Principles for Businesses), as required by SUP 15.3.11R.
  • Where actions to bring products and services up to Consumer Duty standards can be completed more quickly than the deadlines, firms should consider doing so.
  • Firms must inform the FCA if implementation of the Duty involves considering whether to withdraw or restrict access to products or services in a way that will have a significant impact on vulnerable consumers or on overall market supply.
  • Firms must alert the FCA (as required by SUP 15.3.11R) if they believe that they will not be able to complete all work necessary to be compliant with the Duty by the deadlines. 
This post notes some changes to that approach and some key 'lessons' that emerged from the consultation, but is not exhaustive and does not constitute advice of any kind and must not be relied upon to make any decisions or as any guide to implementation. If you would like my advice, please let me know.

Monday, 15 August 2022

British Red Tape To Increase Cost Of UK Financial Promotions/Products

In its new Financial Services Bill (explanatory notes here) the UK government proposes a new bottleneck 'regulatory gateway' for the approval of financial promotions that must raise the cost of affected financial products and services.

A "financial promotion" is basically any communication that contains an invitation or inducement to engage in a financial product or service. These could be ads in any media; marketing brochures; direct mail; or social media posts. 

The advertiser could be either a firm authorised by the Financial Conduct Authority or the Prudential Regulatory Authority, or a firm that is unauthorised. 

Where the intending advertiser is unauthorised, existing UK regulation requires that firm to have the financial promotion approved by any firm that is authorised by the FCA or the PRA (unless the promotion is otherwise subject to an exemption).  

There is no specific suitability test that authorised firms must meet to be able to approve promotions for unauthorised firms; and they are not required to notify the FCA when they are approving the financial promotions for unauthorised firms. But it is a criminal offence for an unauthorised firm to communicate a financial promotion that isn't either approved by an authorised firm or exempt; and any resulting contract is unenforceable against the customer. In addition, authorised firms have a responsibility to ensure that any financial promotions they approve are compliant with relevant promotional rules, so they would be foolish to approve a financial promotion in an area in which they have insufficient expertise; or without undertaking sufficient due diligence. The FCA has issued guidance on approving financial promotions and they are also advertising standards codes supervised by the Advertising Standards Authority.

Yet, the FCA claims that it often only becomes aware of a product being promoted by an unauthorised firm after it has caused harm, as happened with unlisted debt securities or 'mini-bonds', for example. 

To address this problem, the Financial Services Bill establishes a regulatory ”gateway” through which authorised firms must obtain the FCA's permission before being able to approve the financial promotions of unauthorised firms. The FCA will be able to judge each firm's suitability and limit the types of promotions firms will be able to approve. An authorised firm will only be able to approve a financial promotion within the scope of a permission granted by the FCA or within an exemption.

The notes to the Bill already state that this will reduce the number of authorised firms that are able to undertake such approvals. But it omits to point out that the process by which authorised firms must demonstrate that they meet the FCA's authorisation and suitability requirements must also raise the cost of granting approvals. Constraining both the number of available firms and raising their administrative costs must in turn raise their fees for approving financial promotions, and ultimately raise the cost of the financial product or service being advertised, unless the authorising firms simply bake this cost into their general overhead. But even if these costs are restricted to approvals for unauthorised firms, we cannot foresee what new types of products might be adversely impacted by these constraints/costs in the future; and/or the FCA may well stifle innovation, as has been alleged in relation to what it has wrongly labelled 'high risk investments'. with new rules recently announced here


What is a "Stablecoin Used as a Means of Payment"?

The UK government is doing a lot of strange things with existing financial regulation, while trying to absorb new concepts, such as those relating to cryptoassets. Buried amidst the pile of economy-shrinking, post-Brexit deckchair rearrangement in the new Financial Services Bill (explanatory notes here) is an attempt to regulate 'stablecoins used as a means of payment'. This post tries to make sense of that. 

Existing UK regulatory view of stablecoins

In a previous policy statement, the Financial Conduct Authority explained its view that 'stablecoins’ (a.k.a. ‘stable tokens’) are cryptoassets that are structured in order to (try to) stabilise their value, e.g. by ‘pegging’ them to a fiat currency or different types of assets (including other cryptoassets (‘crypto-collateralised’)) or specified financial investments (regulated securities) or commodities (‘asset-backed’)).  

That interpretation means that stablecoins may currently fall within existing e-money/payments regulation and/or securities regulation (as a derivative, a unit in a collective investment scheme/fund, a debt security, or another type of specified investment) provided they meet all the applicable critieria, regardless of the fact they are issued using 'distributed ledger technology' or on a 'blockchain'. Those regulatory criteria vary depending on the nature of the underlying assets, the rights granted by such tokens and other relevant 'arrangements' or other activities, like whether advice is given. 

The FCA has said that 'algorithmically stabilised tokens' or stablecoins which attempt stabilisation through algorithms that control the supply of the tokens to influence price, for example, should only be regulated to the same extent as other (financially) 'unregulated' tokens are. Examples of unregulated cryptoassets or tokens include 'bitcoin' (classified as an 'exchange token' rather than as a means of payment) or 'utility tokens' that merely grant access to a game or system, for example.

Aside from stablecoins and other cryptoassets that trigger existing regulation, the FCA explained that it needs new statutory powers to regulate cryptoassets.

The new approach to Stablecoins - DSAs

The new Financial Services Bill itself makes no reference at all to 'cryptoassets' or even 'stablecoins', but the explanatory notes do. 

Of course, this instantly expands the lawyers' playground of unintended consequences, so I'm not really complaining professionally. 

The explanatory notes essentially recite the earlier FCA consultation [although the notes ominously refer to Bitcoin as an example of "cryptoassets used primarily as a means of investment" rather than 'exchange', perhaps signalling a shift in the government's approach to the regulation of cryptoassets and related activities more widely, due to be announced later in 2022.]

In relation to stablecoins, the explanatory notes say that the Bill empowers the Treasury to: 

  • establish an FCA authorisation and supervision regime, drawing broadly on existing electronic money and payments regulation, to mitigate conduct, prudential and market integrity risks for issuers of, and payment service providers using, stablecoins; 
  • regulate (via the Bank of England) any systemically significant stablecoin-based payment system, in a similar way that Visa, Mastercard and a range of other designated "payment systems" are controlled by the Payment Systems Regulator (PSR);
  • empower the PSR to regulate payment systems using stablecoins, following designation by the Treasury, to address issues relating to competition innovation, user interests and access; 
  • apply the Financial Markets Infrastructure Special Administration Regime (FMI SAR), which is a bespoke administration regime for recognised payment and settlement systems and recognised service providers, to stablecoin firms that have been recognised by HM Treasury, with appropriate modifications. This will ensure appropriate tools are in place to mitigate the risks to financial stability associated with a systemic stablecoin firm’s failure; 
  • Amend or disapply existing financial regulators' rules to avoid systemic stablecoin firms being subject to conflicting requirements in areas relating to financial stability. 

For these purposes, however, the Bill uses the term "digital settlement asset" instead of 'stablecoin':

""digital settlement asset" [or "DSA"] means a digital representation of value or rights, whether or not cryptographically secured, that— 

(a) can be used for the settlement of payment obligations, 

(b) can be transferred, stored or traded electronically, and 

(c) uses technology supporting the recording or storage of data (which may include distributed ledger technology)."

For most purposes a DSA "includes a right to, or interest in, a [DSA]." This reflects the definition of "cryptoasset" in the Money Laundering Regs.

The Bill gives the Treasury power to regulate DSAs by applying e-money/payments and payment systems regulation to them, including the power to change the statutory definition itself! 

The Bill creates the concept of "DSA service providers" which includes anyone directly involved in: 

  • issuance/creation of DSAs, 
  • safeguarding or safeguarding and administration (custody) of the DSAs including the private cryptographic keys (or means of access) [not clear whether this service must include the keys/means of access, or would be satisfied if the provider only safeguarded the keys/means of access];
  • exchange or arranging the exchange of DSAs for money and/or other DSAs or vice versa ("digital settlement asset exchange providers" is defined pretty much like cryptoasset exchange providers under the Money Laundering Regs), 
  • rule/standards-setting; and 
  • any service that facilitates, or supports, a transfer of money or digital settlement assets to be made using the payment system, including any infrastructure provider in relation to the system.

Unintended consequences?

Right now your brain should be fizzing with other things that could be DSAs; and even whether any existing components of payment systems or services could qualify as DSAs or DSA services and therefore require a currently unregulated/unauthorised service provider to become authorised as a "DSA service provider".

It is also worth watching the evolution of "data objects" as a new class of personal property with distinct rights and remedies.


Thursday, 4 August 2022

UK Govt Takes 'Do Nothing' Approach To Regulating Artificial Intelligence

The UK government has triumphantly announced that it's, er, taking a 'wait and see' approach to whether 'artificial intelligence' technologies require direct regulation. You might've detected a certain level of cynicism when it comes to my evaluation of this UK government's regulatory plans, and you'd be forgiven for thinking that my view is simply that they can't do anything right, or in a way that inspires any trust. So it is with their approach to regulating AI. While I'm sympathetic to allowing 'good' innovation and businesses to flourish before tying it up in red tape, I'm also aware that nobody can pick what wins in practice and there's a middle ground. Besides, there are many significant challenges with AI, a key one being that nobody really knows when AI is being used, let along whether that use is to their disadvantage. To leave this technological development to a patchwork of non-binding regulatory guidance seems careless until you look at what else this government has been up to, at which point you assume malicious intent.

The existing regulatory landscape

The government's paper is well, paper thin, so it's no surprise that this section amounts to the usual Brexiteer 'boosterism' and a desire to avoid references to the EU. Britain is for the British, so we'll have none of your comparative jurisprudence here, thank you very much. 

Needless to say this doesn't play to any firm with pan-European, much less global, ambitions.

Strangely, for a paper that recommends doing nothing, the government admits that "the proliferation of activity; voluntary, regulatory and quasi-regulatory, introduces new challenges that we must take action to address" including "lack of clarity", "overlaps", "inconsistency" and "gaps in our approach"... 

These issues across the regulatory landscape risk undermining consumer trust, harming business confidence and ultimately limiting growth and innovation across the AI ecosystem, including in the public sector. By taking action to improve clarity and coherence, we have an opportunity to establish an internationally competitive regulatory approach that drives innovation and cements the UK's position as an AI leader.

No 'definition' of AI

Here the government is obliged to dismiss the fact that the EU has stolen a march on the regulatory front to address exactly the challenges that the paper just outlined. The European Commission proposed a regulation in April 2021; and, Hell, they even have their own twitter feed and web page

But we can't talk about that EU stuff... except that the government accuses the EU of having a 'relatively fixed definition' of AI, while the UK plan is: 

"to set out the core characteristics of AI to inform the scope of the AI regulatory framework but allow regulators to set out and evolve more detailed definitions of AI according to their specific domains or sectors". 

In other words, the government wishes to perpetuate the very "challenges we must take action to address"...

While these 'core characteristics' that will inform the UK's non-regulatory scope are not actually specified with any clarity, it seems possible to distill them as follows: 

  • the logic or intent behind the output of systems can often be extremely hard to explain; 
  • errors and undesirable issues within the training data may be replicated;
  • AI often demonstrates a high degree of autonomy, operating in dynamic and fast-moving environments by automating complex cognitive tasks; 
  • decisions can be made without express intent or the ongoing control of a human.

Look away now if you don't want to see the EU definition (still being debated, to be fair):

‘artificial intelligence system’ (AI system) means software that is developed with one or more of the techniques and approaches listed in Annex I and can, for a given set of human-defined objectives, generate outputs such as content, predictions, recommendations, or decisions influencing the environments they interact with; 

ANNEX I 

(a) Machine learning approaches, including supervised, unsupervised and reinforcement learning, using a wide variety of methods including deep learning; 

(b) Logic- and knowledge-based approaches, including knowledge representation, inductive (logic) programming, knowledge bases, inference and deductive engines, (symbolic) reasoning and expert systems; 

(c) Statistical approaches, Bayesian estimation, search and optimization methods.

Cross-sectoral Principles

Citing the OECD's AI Principles, the UK government hopes regulators will somehow ensure that: 

  • AI is used safely; 
  • AI is technically secure and functions as designed; 
  • AI is appropriately transparent and explainable; 
  • 'considerations of fairness' are embedded into AI; 
  • legal persons' responsibility for AI governance will be defined;
  • there are routes to redress or contestability.

Conclusion

Apparently this framework will enable "AI-first" start-ups to:

"...understand the rules more easily and spend more time and resource on product development or fundamental AI research, and less on legal costs." 
Never mind the continuing "lack of clarity", "overlaps", "inconsistency" and "gaps in our approach".

It's hardly an investors' charter, is it?


Wednesday, 3 August 2022

Changes to UK Anti-Money Laundering Regime

The UK's anti-money laundering regulations suffer from an enormously long name, so I will shorten them to the "MLRs" for the purpose of explaining some changes that take effect on 1 September 2022 (except where noted). Perhaps the highlight is that account information service providers (AISPs) will no longer need to comply with the MLRs. This note is a summary for information purposes only, not advice. It does not include changes to the authorities' obligations or offences. If you need advice on any of the changes, please let me know.

  • The meaning of a trust or company service provider covers the formation of all forms of business arrangement or "firm", not just companies and other legal persons, including limited partnerships registered in England and Wales or Northern Ireland. TCSPs must conduct customer due diligence when they are providing certain services (outlined in regulation 12(2)(a), (b) or (d) of the MLRs). 
  • Cryptoasset transfers will be covered by a new Part 7A from 1 September 2023. The provisions apply to a cryptoasset exchange provider or a custodian wallet provider (referred to as a "cryptoasset business"), whether acting for the transferor ('originator'), the transferee ('beneficiary') or just as an intermediary. Cryptoasset businesses acting for originators of transfers (as well as intermediaries involved in the transfer) must include certain information about the originator and beneficiary of the transfer. Where the information is missing, the cryptoasset business acting for the beneficiary of a transfer (as well as intermediaries involved in the transfer) must request it and consider not making the cryptoasset available (subject to a risk assessment). Similar rules apply in relation to transfers from/to 'unhosted wallets'  (private or self-custody wallets). Cryptoasset businesses must inform the Financial Conduct Authority (“FCA”) of any "repeated" non-compliance. 
  • The definition of art market participant in the MLRs will not apply to artists who sell their own works of art over the EUR 10,000 threshold.
  • From 1 April 2023, firms covered by the MLRs will have to report to the registrar of companies any material discrepancies between information they hold on the beneficial ownership of a customer and information on the companies register. The registrar has clear powers to deal with such discrepancies. 
  • Any change in control of a registered cryptoasset business must now be pre-approved by the FCA (a particularly slow and painful process!), which of course may object and publish a notice of the objection. The FCA and HMRC can now also publish notices of refusals to register applicants. 
  • Supervisory authorities can now request suspicious activity reports (SARs) from their members, to assist in meeting their supervisory functions. 
  • At long last, account information service providers (or AISPs) will no longer need to comply with the MLRs.

Again, this note is a summary of some changes for information purposes only, not advice. If you need advice on any of the changes, please let me know.

Tuesday, 2 August 2022

Data Objects: A New Class Of Personal Property in English Law?

The UK Law Commission is recommending changes to English law to better recognise and protect digital assets, especially crypto-tokens. The Commission uses the term 'cryptoasset' to mean "a composite of a crypto-token and any associated or linked property or other legal rights that are recognised in law as existing as a consequence of having legal rights in relation to that crypto-token." Consultation responses are invited by 4 November 2022. If you have queries concerning the consultation, please get in touch.

The key recommendation is the recognition of "data objects" as an additional form of personal property to "things in possession" and "things in action". The criteria for a digital asset to qualify as a data object would be: 

  1. it comprises data represented in an electronic medium, including computer code, electronic, digital or analogue signals; 
  2. its existence is independent of any person and the legal system; 
  3. it is 'rivalrous' (consumption by one person prevents simultaneous consumption by another). 

Among digital assets such as files, records, email accounts, in-game digital assets, domain names, carbon credits, the Commission considers that only crypto-tokens (as distinct from the broader concept of a cryptoasset) would qualify as "data objects". 

The Commission stops short of recommending possessory rights in data objects, but recommends developing the concept of "control" through the courts, since a person in "control" of a data object can exclude others from it, use it, transfer it and identify themselves as the person able to do these things. 

The paper includes an extensive discussion of the consequences of expanding the law of personal property in this way; and how existing law would apply to data objects.  

Update: 

Interesting to consider in this context the government's Bill to include "digital settlement assets" and related service providers within the scope of existing financial services regulation.