On 27 November 2017 the European Commission adopted Regulatory Technical Standards (‘RTS’) on strong customer authentication (‘SCA’) and common and secure communication (‘CSC’), supplementing Article 98(1) of the revised Payment Services Directive (‘PSD2’). The RTS were based on draft standards produced by the European Banking Authority (‘EBA’). The Commission made what it termed “limited substantive amendments” to the EBA’s version of these important RTS, and the Commission’s adopted version has gone forward to the Council of the EU and the European Parliament. The Commission’s amendments have led to some concerns from the EBA, which were expressed by Andrea Enría, Chairman of the EBA, in a letter published on 26 January 2018. Tim Wright, Partner at Pillsbury LLP, explains the process taken in creating the RTS and the EBA’s concerns about the amendments. / read more

In 2017, the US Securities and Exchange Commission (‘SEC’) formally asserted its regulatory enforcement power over the purchase and sale of cryptographic tokens, with action taken in this area including a report involving the initial coin offering (‘ICO’) of DAO tokens by ‘The DAO,’ and at the end of the year enforcement action against a number of organisations involved in ICOs. Jennifer Achilles, Kari Larsen and Michael Selig of Reed Smith discuss in detail how the SEC’s approach to ICOs has evolved during 2017, and the lessons therein for cryptographic token issuers. / read more

Presidential Decree No. 8 was signed in Belarus on 21 December 2017 (‘Decree No. 8’ or the ‘Decree’), which among other things establishes a legal framework for cryptocurrencies, the use of smart contracts and other aspects of blockchain technology. Decree No. 8 is one of the most eagerly awaited documents for the Belarusian IT community and enters into force on 28 March 2018. Tatiana Emelianova and Aleksei Filonov of VMP Vlasova, Mikhel and Partners Law Office, discuss the background to the Decree and the exemptions provided. / read more

The UK’s Financial Conduct Authority published in December 2017 its Policy Statement ‘Information about current account services,’ which contains rules in regards to the information account providers will need to give to customers. Jacqui Hatfield of Orrick outlines these rules and the FCA’s aims. / read more

On 1 December 2017, the consultation period closed on HM Treasury’s latest step towards transforming the way in which cheques are cleared¹. In its bid to ensure UK payment systems remain effective, efficient, innovative and aligned to the needs of end users, HM Treasury has supported the industry led initiative to introduce a new image clearing system (‘ICS’) for cheques. In this article, Andrew Barber, Partner at Womble Bond Dickinson, focuses on the two legislative proposals consulted upon in late 2017. / read more

On 12 December 2017, the European Banking Authority (‘EBA’) published the Final Report on the Guidelines on the security measures for operational and security risks of payment services under Directive (EU) 2015/2366 (‘PSD2’) (EBA/GL/2017/17) (‘Guidelines’). The Guidelines introduce new regulatory requirements which do not only concern risk management but also IT and cyber security. Here, Dr Nils Rauer and Andreas Doser of Hogan Lovells International LLP detail the components of the Guidelines and the requirements therein for payment service providers (‘PSPs’), before examining issues around the practical implementation of the Guidelines for firms. / read more

The UK’s Payment Systems Regulator (‘PSR’) published its report and consultation on 7 November 2017 in response to the super-complaint concerning authorised push payment (‘APP’) scams and the safeguards for consumers who fall victim to such fraud. Richard Hayllar, Warren Clark and Alanna Tregear, of TLT LLP, analyse the PSR’s report and the proposal to develop a ‘contingent reimbursement model’ to deal with liability, and assess the progress made in tackling payment fraud. / read more

The European Banking Authority (‘EBA’) issued on 20 December 2017 its final report on ‘Recommendations on outsourcing to cloud service providers’ (‘Recommendations’), guidance which looks to provide financial institutions (‘FIs’) with further clarity on supervisory expectations across Europe for firms adopting cloud computing. The Recommendations follow a consultation on the subject published in May 2017, and also build on the 2006 outsourcing guidance from the Committee of European Banking Supervisors, which will in time be updated and should be read in concert with the Recommendations. UK firms will be aware that guidance on outsourcing to the cloud was issued by the Financial Conduct Authority (‘FCA’) in July 2016. / read more

The transposition of PSD2 into French law has now been finalised with the adoption of two decrees dated 31 August 2017 and five ministerial orders dated 2 September, which supplement a number of other legislative instruments, predominately implementing ordinance 2017-1252 of 9 August 2017. Mathieu Françon of Bredin Prat details here the French transposition of PSD2. / read more

The UK’s Financial Conduct Authority (‘FCA’) published in October 2017 a summary of the first year of operation of its regulatory sandbox, highlighting the concerns it has had as well as the sandbox’s successes, as Sue McLean and Nina Moffatt of Baker McKenzie discuss. / read more