Recapping Regulation: A big week for fintech

It is a good time to check in on the financial regulation lawyer in your life, following a deluge of regulatory updates as the UK sails towards its post-Brexit framework. Here, we recap the updates from the past week that matter to those in the fintech space.

New Critical Third Parties regime: one step closer 

The Financial Services and Markets Act 2023 (Commencement No. 1) Regulations 2023 were published last week, bringing into force certain provisions of FSMA 2023 on 29 August 2023. This includes sections 18 and 19 FSMA 2023, which concern (among other things):

• HM Treasury's ability to designate those that provide services to regulated firms as 'critical third parties'; and 
• the Bank of England, PRA and FCA's powers to make rules imposing duties on critical third parties in connection with the provision of those services. 

This new regime is intended to help manage the systemic risks that may arise where financial services (FS) firms and financial market infrastructure firms collectively rely upon a small number of third party service providers, in the same area (such as cloud and other ICT service providers).

We now expect the Bank of England, PRA and FCA to propose new rules and guidance on this critical third party regime in fairly short order (the last major update we had from them was a discussion paper in July 2022). 

Impacts of Big Tech on the financial services industry – FCA feedback statement 

The FCA has published a feedback statement (FS23/4) on its October 2022 discussion paper (DP22/5) on the potential competition impacts of Big Tech entry and expansion into retail financial services.

The statement anticipates a future where Big Tech firms could move away from a partnership-based model and come to compete more directly with existing firms (i.e. by offering financial services directly to customers, rather than partnering with financial service firms). While noting the potential benefits Big Tech firms might offer to consumers in this space, concerns have been raised as to whether Big Tech firms might create and exploit entrenched market power to harm healthy competition and worsen consumer outcomes.

Points of interests from respondents include:

• Various respondents said that the FCA should consider data access and data sharing in greater detail, as Big Tech firms have access to unique datasets (e.g. browsing data, social media data and biometrics) which other financial services providers do not.
• The FCA may need to consider how it addresses challenges where Big Tech firms operate at the boundary or outside the regulatory perimeter, which may include entering into partnerships. For example, where Big Tech firms provide technology to enable digital payment services or digital credit solutions, respondents said that they should be regulated appropriately to ensure that consumers are protected, competition benefits are harnessed and harms are mitigated.

In light of the feedback statement, the FCA will be (among other things) reviewing its supervisory approach for Big Tech firms to improve how it monitors Big Tech activities within and outside its regulatory perimeter. The FCA will also launch, by the end of 2023, a Call for Input on Big Tech firms as ‘gatekeepers’ and key drivers [sic], including the role of data sharing asymmetry between Big Tech firms and financial services.

Inklings on what might be happening with AI: FCA speech

We last heard from the FS regulators on AI in October 2022 which, importantly, predated the launch of ChatGPT and the ensuing political pressure to ‘deal with’ the risks posed by generative AI.

Nikhil Rathi’s (Chief Executive of the FCA) comments on AI at a speech delivered last week are, therefore, interesting. They can be broken down into a few buckets

• Robust approach to risk: Mr Rathi outlines the many risks posed by AI (a landscape of amplified intraday volatility, deep fakes of Martin Lewis and cyber fraud and attacks) and states that “This means that as AI is further adopted, the investment in fraud prevention and operational and cyber resilience will have to accelerate at the same time. We will take a robust line on this – full support for beneficial innovation alongside proportionate protections.”
• Explainability of AI models: while not explicit, the speech could be read as the FCA beginning to move away from a focus on the explainability of AI. It is questioned whether to make a great cup of tea, you need to understand the intricacies of Brownian motion and energy transfer. It is further asked whether we can “really conclude that a human decision-maker is always more transparent and less biased than an AI model? Both need controls and checks.”
• Accountability: the FCA states that “we still have questions to answer about where accountability should sit – with users, with the firms or with the AI developers? And we must have a debate about societal risk appetite’. Whether the Senior Managers and Certification Regime provides a solution to this question of accountability remains live: “There have recently been suggestions in Parliament that there should be a bespoke SMCR-type regime for the most senior individuals managing AI systems, individuals who may not typically have performed roles subject to regulatory scrutiny but who will now be increasingly central to firms’ decision-making and the safety of markets. This will be an important part of the future regulatory debate."

And don't forget...

• HM Treasury launched a Call for Input to inform the Future of Payments review, chaired by Joe Garner, which will report on how payments are likely to be made in future and the steps needed to successfully deliver world leading retail payments. This closes on 1 September 2023.
• HM Treasury published a consultation paper setting out proposals for a Digital Securities Sandbox (DSS), which will facilitate the testing and adoption of digital securities across financial markets. Responses are invited until 22 August 2023.
• The EBA published consultation papers on its first set of technical standards under the Regulation on markets in cryptoassets ((EU) 2023/1114) (MiCA). The deadline for comments is 12 October 2023.

All in all, a big week for fintechs, and an exciting autumn to come.