Risk In:Review #4 - 19 Feb 2023
Anthony Hope
Risk & Compliance Executive | Fintech Founder & Innovator | Strategic Leader | Expert Speaker
Welcome to Risk In:Review, your weekly newsletter curating the best of the week’s news stories from the crossroads between risk management and technology in Asia Pacific.
Keep updated with the latest news and insights by clicking on?subscribe.
This Week In:Review
Australia
China
Hong Kong
India
Singapore
Best of the Rest
Australia In:Review
Australia's privacy laws are set to be strengthened with the release of a 320-page report on 24 February. The report proposes 116 recommendations for change, including a new requirement that data use must be "fair and reasonable," preventing firms from deceptively collecting and using personal information. The review proposes a new personal right to sue for breaches of privacy and the creation of a statutory tort for serious breaches, bringing Australia into line with other OECD countries. The report recommends Australia embrace European privacy rules that give people much stronger control over their own data, including rights for personal information to be erased, to object to information being collected, to request corrections and to remove sensitive, inaccurate, out-of-date, incomplete, irrelevant or misleading information from search results. The review also proposes a right to request meaningful information about how substantially automated decisions with legal or similarly significant effect are made, amid rising policy concerns around the impact of artificial intelligence. The report makes recommendations for direct marketing and targeting, including individuals having an unqualified right to opt-out of their personal information being used for direct marketing purposes.
Australian cryptocurrency exchange Digital Surge is set to resume trading next week after stakeholders signed a recovery plan one day before the exchange was set to go into liquidation. The Brisbane-based exchange had been hit hard by the collapse of FTX, as it held AUD33m on the defunct platform founded by Sam Bankman-Fried. This is the first successful restructuring of an Australian cryptocurrency exchange, according to Michael Bacina, digital asset specialist and partner at Piper Alderman. According to a deed of company arrangement, customers with under AUD250 will be repaid in full, and others will receive at least 45% of their balance immediately and the remaining 55% over five years from the profits of the company.
Binance, the largest cryptocurrency exchange in the world, held a crypto educational workshop for representatives from the Australian Federal Police, as part of its global initiative to collaborate and help law enforcement agencies fight crypto-related crimes and protect users in the industry. In September 2022 the police department created a cryptocurrency unit to curb potential crypto theft and in December 2022 Australia announced a new crypto and tokenisation framework that will be used to regulate crypto service providers in the country. Binance has been at the forefront of spreading knowledge and information about crypto, with its Global Law Enforcement Training Program designed to expose law enforcement agencies around the world to the principles of crypto and how to manage criminal activities linked to crypto. Binance Academy has educated 26 million users on crypto and plans to launch career-oriented courses tailored to the needs of future Web3 in 2023.
Abnormal Security has identified two groups using executive impersonation to execute Business Email Compromise (BEC) attacks on companies worldwide. Midnight Hedgehog engages in payment fraud, while Mandarin Capybara executes payroll diversion attacks. Both groups have launched BEC campaigns in at least 13 different languages, including Danish, Dutch, Estonian, French, German, Hungarian, Italian, Norwegian, Polish, Portuguese, Spanish, and Swedish. These attacks were previously perpetrated by sophisticated organisations with bigger budgets, but technology becoming more accessible has lowered the entry barrier for threat actors to carry out BEC attacks. The scammers behind the attacks use the same commercial online services that sales and marketing teams rely on to identify prospects and personalize communications. BEC attacks accounted for more than one-third of all financial losses from cyberattacks in 2021, totaling nearly USD2.4 billion, and between July and December 2022 there was an 81% increase in BEC attacks.
China In:Review
China has no plans to relax its tough regulations on gaming aimed at protecting minors from addiction, despite a previously announced victory in reducing video game addiction. At the annual conference of the China Audio-Video and Digital Publishing Association, the industry was urged to put more effort into protecting kids from gaming addiction. The secretary general of the association, Ao Ran, called for the industry to "further improve the level of protection and bolster these measures" and to "resolutely implement the requirements of the regulators" and explore technical means such as facial recognition. Despite the regulatory climate, the National Press and Publication Administration has started licensing more video games in China in recent months, approving a first batch of foreign titles in December and licensing 175 new games in the first two months of 2023.
China's new rules designed to protect personal information have resulted in fintech and big data providers rushing to feed consumer data into the country's two licensed personal credit reporting firms. Businesses that sold personal credit information directly to lenders had until November 2022 to replace their sales contracts with the two licensed firms. The two licensed firms, Baihang Credit and Pudao Credit, are tasked with ensuring compliance with new rules regarding data collection, storage, and processing for assessing creditworthiness. However, the fact that there are only two firms licensed to handle personal credit reporting could create bottlenecks in sharing information with lenders. In addition, regulators require big data companies to reveal their models, which are protected by intellectual property rights, when selling information to the two companies. The side effects of the new rules could result in big data companies scrambling to find new business, and could make it harder for small banks to manage their risks, potentially leading to more bad loans.
Bao Fan, chairman and CEO of China Renaissance Holdings, a boutique investment bank that specialises in technology transactions, has gone missing. Following the announcement, shares of China Renaissance plunged as much as 50% in early Hong Kong trading on Friday. According to Bloomberg, Bao was assisting authorities in an investigation involving former China Renaissance President Cong Lin. Bao is a well-known dealmaker in China and China Renaissance's controlling shareholder, with the company advising some of China's biggest tech IPOs including JD.com and Didi's listing in New York in 2021. The development comes amid China's anti-corruption probe targeting the nation’s USD60 trillion financial sector, with the investment banking community also affected. Despite this, the country has recently eased its stance towards the private sector, with Ant Group lauded for following the Communist Party’s leadership and Didi resuming ride-hailing services in app stores.
Shenzhen in China has launched a retail-focused “cross-border” digital yuan pilot with Hong Kong, as part of a promotional event that involves a token giveaway of almost USD1.5m. The giveaway is being sponsored by the central People’s Bank of China (PBoC) and the Luohu District local government, and is aimed at promoting the adoption of digital yuan. The token recipients will be able to spend their digital yuan holdings in restaurants, hotels, supermarkets, jewelry, and home appliances in Luohu, a district located close to Hong Kong’s New Territories. The PBoC has also planned similar pilots for the territory of Macau. The PBoC had previously stated that the digital yuan was intended as an “M0” cash and bank card alternative and not as a tool of international trade, but this narrative seems to have changed in recent months.
Hong Kong In:Review
Hong Kong announced that it has successfully tokenized HKD800m under its Green Bond Program, marking the world's first tokenized green bond issued by a government. The bond was underwritten by four banks and was priced at a yield of 4.05%, with two of the four banks acting as investor custodians. Settlement for the bond will take place on the Hong Kong Monetary Authority Central Units (HKMA CMU) platform, which is powered by Goldman Sachs’ tokenization platform. Tokenising a bond means recording the beneficial interests in a bond using distributed ledger technology rather than in traditional computerised book entries. Hong Kong believes this development demonstrates the flexibility and convenience of Hong Kong's legal and regulatory environment for innovative bond issuance forms, and is exploring the use of distributed ledger technology in other areas of finance.
Hong Kong-based brokerage firms have suspended clients' accounts from mainland China to comply with the country's ban on international brokers offering services without a local license. Bright Smart Securities and the Hong Kong unit of Guotai Junan Securities have both suspended mainland clients' accounts until further regulatory clarification. The China Securities Regulatory Commission (CSRC) issued a warning to ban the services of two online brokerage operators, Futu Holding and UP Fintech Holding, following allegations of unlawful securities business. International online brokerages operate in a grey area when onboarding clients from mainland China as these platforms do not require a local Chinese operating license. The move by the Chinese regulator aims at curbing the outflow of cash evading strict capital controls, as international online brokers allow clients to breach the annual foreign currency quota. Meanwhile, local Chinese brokers are raising significant capital from the market to comply with rules around minimum core net capital, quality liquid assets, and capital base.
DBS, a Singaporean bank, is planning to apply for a license to offer cryptocurrency trading services in Hong Kong. The bank is waiting for the implementation of regulations governing the industry in Hong Kong, which officials say will be implemented later this year. Sebastian Paredes, CEO of DBS in Hong Kong, said that the bank will be "very sensitive" to the risks associated with digital assets. DBS Bank is set to become one of the first banks to offer cryptocurrency services in Hong Kong after launching crypto trading services in Singapore last year.
India In:Review
The Serious Fraud Investigation Office (SFIO) in India has discovered a major Chinese-led betting racket. SFIO has identified at least 289 websites that are believed to be operating illegal betting services in the country, with most of their domains being based in India while their companies operate from tax havens. The investigation found that the layers were structured in a way that made it almost impossible to identify the ultimate beneficiary of the racket. The SFIO has identified Le Anming, a Chinese man, as the ultimate beneficiary, and Bhupesh Arora, an Indian national in Dubai, as his counterpart. The SFIO has shared all the information with the Enforcement Directorate.
The Enforcement Directorate (ED) froze 29.5 crore fond in bank accounts from various companies involved in the HPZ Token fraud, a cryptocurrency scam. ED carried out search operations in Delhi, Gurgaon, Mumbai, Bengaluru, and Salem. HPZ was an app-based token which promised high returns against investment in mining machines for Bitcoin and other cryptocurrencies. The ED's investigation revealed that two entities - Lillian Technocab Private Limited and Shigoo Technology Private Limited - were involved in operating and collecting money from investors under the HPZ Token.
Singapore In:Review
Ripple is pursuing numerous Central Bank Digital Currency (CBDC) initiatives around the world, including the digital pound through the Digital Pound Foundation. In addition to this, Ripple has established a large CBDC practice with four people in Singapore. Ripple Senior Vice President and Managing Director, Brook Entwistle, highlighted the significance of CBDCs as a new suite of products for Ripple and the company's dedication to providing holistic solutions to smaller governments and central banks. Entwistle also said Ripple's technology could play a significant role in the interoperability of CBDCs around the world. The revelation of Ripple's active presence in Singapore has fuelled speculation that a Singaporean CBDC may already be in the works, following the Monetary Authority of Singapore's (MAS) announcement in November 2022 that they were exploring the Ubin+ wholesale CBDC project for cross-border payments.
Best of the Rest In:Review
The US Securities and Exchange Commission (SEC) has charged Do Kwon, the co-founder of Terraform Labs, and his company, for a multi-billion dollar crypto asset securities fraud, alleging that they “repeatedly misled and deceived investors”. Terraform Labs collapsed in May 2022, causing around USD40bn in losses for investors and shaking global cryptocurrency markets. The SEC claims that from 2018 to 2022, Kwon and Terraform raised billions of dollars from investors through offering and selling interconnected crypto asset securities, many of which were in unregistered transactions. This included TerraUSD, which maintained its peg to the US dollar by being interchangeable for another of Terraform's crypto asset securities, Luna. The SEC also stated that Kwon’s Terra/Luna system was neither decentralised nor finance, and was simply a fraud propped up by an algorithmic stablecoin. The collapse of Terra/Luna resulted in both tokens' prices plummeting to near zero, having a knock-on effect on the wider crypto market.
Chinese gangs running cryptocurrency scams in Southeast Asia are targeting Filipinos due to their English language and computer skills, according to a Philippine foreign ministry official. Filipino recruits are typically asked to pretend to be women and to develop online relationships with Western targets to convince them to invest in cryptocurrencies. They receive a wage and a share of the profits, but are subjected to “corporal punishment” if they do not scam enough people. Eduardo de Vega, acting undersecretary for migrant workers’ affairs at the Department of Foreign Affairs, said that around 50 to 70 Filipinos are believed to still be working for Chinese scammers operating in Myanmar. There were another 50 Filipinos working for cryptocurrency scams in Cambodia and 50 in Laos. Efforts to repatriate Filipinos who have been involved in scam activities are ongoing, with more than 100 brought home since 2022.
The South Korean Financial Services Commission has published new guidance to clarify the definition of security tokens, defining them as tokens that have been digitized using distributed ledger technology. The regulation is in line with guidance from other Asian jurisdictions, such as Hong Kong and Singapore, and should provide some encouragement to South Korean companies looking to offer security tokens. Traditional securities firms already holding securities licenses are exploring the token market, with Shinhan Investment and Securities, one of the country's largest securities firms, inviting other companies to form an alliance to set standards for issuing and trading token securities. The next step will be to reshape key laws to cover security tokens, with regulators proposing amendments to the Capital Markets Act and the Electronic Securities Act to be put forward to the National Assembly in the first half of this year. Regulators will likely assess each determination of what is a security on a case-by-case basis.
Blockchain analysis firm Chainalysis has flagged up Sinbad.io, a Bitcoin mixer service, as a primary money-laundering tool for North Korean cybercriminals, receiving USD25m in stolen cryptocurrency from North Korean hackers in just December and January. According to Erin Plante, vice president of investigations at Chainalysis, North Korean hackers started funneling stolen cryptocurrency through the mixer shortly after its launch in October. However, Sinbad’s founder, Mehdi, has rejected the accusations, stating that he is against “complete surveillance, control over internet users, autocracies, and dictatorships”. Chainalysis reports that Western law enforcement has recently clamped down on mixing services, which has resulted in fewer opportunities for hackers to launder money.
I hope you find Risk In:Review informative and helpful.?