Risk In:Review #64 - 07 July 2024
Anthony Hope
Risk & Compliance Executive | Fintech Founder & Innovator | Strategic Leader | Expert Speaker
Welcome to Risk In:Review, your weekly newsletter curating the best of the week’s news stories from the crossroads between risk management and technology in Asia Pacific.
Keep updated with the latest news and insights by clicking on subscribe.
Perspectives
This week’s Perspectives focuses on the newly issued EU Travel Rule Guidelines for crypto-asset transfers. While these Guidelines are not focused towards Asia-Pacific, they draw out several of the challenges that governments and regulators in Asia-Pacific are facing in how to integrate cryptocurrencies into the existing financial ecosystem.
The Guidelines aim to curb financial crime by mandating comprehensive information-sharing for transfers of funds and certain crypto-assets. These guidelines extend existing EU anti-money laundering and counter-terrorist financing measures to encompass crypto-assets and provide traceability throughout the transaction chain.
Key requirements of the Guidelines include:
The devil however is always in the detail, and the challenges for cryptocurrency firms are manifold:
In addition to the above, outside of institutional investors (many of whom are now focused on Exchange Traded Funds rather than the underlying assets), cryptocurrency exchanges are likely to encounter friction in introducing additional compliance measures to a userbase that gravitates to crypto not just as an asset or store of value, but for the privacy and speed of cryptocurrency transactions.
In summary, the EU Travel Rule Guidelines are a crucial step towards enhanced financial transparency and security, but they present several implementation challenges for crypto firms that will take time, investment, and technology to address.
This Week In:Review
Australia
China
Hong Kong
Korea
Singapore
Best of the Rest
Australia In:Review
Banking leaders in Australia have criticised the Consumer Data Right (CDR) regime, deeming it ineffective and overly costly.
Despite the banking industry's investment of AUD 1.5 billion in open banking since 2018, it has not provided significant customer benefits or enhanced competition. This critique emerged from the Australian Banking Association’s (ABA) strategic review conducted by Accenture.
The ABA and the Customer Owned Banking Association (COBA) reported minimal public awareness and engagement with open banking. They also noted the disproportionate compliance costs for mid-tier and regional banks, which they argue hinder competition and deter further investment in digital technologies and scam prevention.
In contrast, the Mortgage & Finance Association of Australia (MFAA) and NextGen, a leading mortgage lending technology provider, defended the CDR. They acknowledged the high investment demands but noted a significant uptake of broker-originated lending facilitated by the CDR.
Since its introduction in July 2020 for major banks, open banking mandates that banks share critical customer and product data. ABA CEO Anna Bligh highlighted the significant efforts from the government, regulators, and the industry, but stressed that the CDR has not reached its potential.
By the end of 2023, only 0.31% of bank customers had an active data-sharing arrangement, a low adoption rate compared to other digital banking innovations like mobile wallets and PayID.
Accenture's review also pointed out the considerable ongoing costs associated with the CDR, prompting Bligh to suggest a reassessment of the current framework, stating, "It’s time to go back to the drawing board."
National Australia Bank (NAB) has reported an increase in customer scam reports but a decrease in losses for two consecutive quarters, attributed to enhanced preventative measures.
NAB's initiatives, including payment alerts introduced in March 2023, have resulted in customers abandoning more than AUD 100 million in potential scam payments. These alerts target various scams, such as invoice, investment, romance, and goods and services scams, by notifying customers of suspicious activity.
The latest ‘Red Flags’ campaign emphasises the critical moment when customers reconsider payments upon receiving alerts. NAB Executive Group Investigations Chris Sheehan highlighted the global nature of scams and the necessity of making Australia a harder target for scammers. Sheehan noted that customer scam reports increased by 10% between October 2023 and March 2024, while losses decreased by 17% during the same period.
NAB's proactive measures include removing links from SMS messages, sending over 40 million link-free texts to enhance security. Sheehan advised customers to report suspicious texts and avoid clicking on links.
The bank has also implemented blocking for high-risk cryptocurrency merchants, contributing to a 74% reduction in crypto-related scam losses from October to December 2023 compared to the previous year.
Sheehan, a former Australian Federal Police executive, underscored NAB’s commitment to improving scam detection and prevention in collaboration with the government, banking industry, and other sectors.
ASIC, the Australian financial regulator, has issued a warning to investors regarding the rebranding of NGS Crypto and related companies to Hiddup. Following ongoing investigations into NGS Crypto’s activities, the company rebranded as an inquiry into its affairs continued.
As of 01 July 2024, NGS Crypto’s website now redirects to Hiddup’s website, confirming the rebrand. ASIC has launched an investigation into NGS Crypto Pty Ltd, NGS Digital Pty Ltd, and NGS Group Limited, including their staff and representatives.
The regulator is investigating concerns of fund mismanagement and operating without an Australian Finance Services License, with the company allegedly owing investors approximately AUD 41 million.
ASIC has successfully sought court orders to withhold digital assets belonging to the firm and its directors, with the Federal Court appointing receivers for these assets.
China In:Review
Concerns are growing in China regarding hyper-realistic silicone masks, which can be used to impersonate individuals and hack facial recognition systems. Originally popular in Hollywood films, these masks are now widely available on Chinese e-commerce platforms.
Despite efforts by Chinese authorities to highlight the risks, these masks are easily purchasable online. Vendors even claim their products can deceive facial recognition scanners, offering masks ranging from a few yuan to CNY 25,000, with high-end versions taking up to a month to produce. Some sellers offer lifelike replicas of celebrities or custom masks based on provided photos or scans.
In March, a burglar in Shanghai used a silicone mask to disguise himself as an elderly man, successfully breaking into four apartments and stealing over CNY 100,000 in valuables. Another incident in Zhejiang involved a man using a silicone mask to disguise his identity while breaking into vehicles.
Investigations revealed that these masks can fool not only individuals but also facial recognition systems. Legal experts warn that using masks to impersonate others could infringe on privacy rights, and vendors could face prosecution if their products are used for illegal activities.
There are calls on Chinese social media for stricter regulation, including licensing for sellers and real-name authentication for buyers, to curb the misuse of these masks.
China's securities regulator has pledged to intensify its crackdown on financial fraud, aiming to restore confidence in the nation's struggling stock markets.
The China Securities Regulatory Commission (CSRC), alongside five other government agencies, has issued new guidelines to combat capital markets cheating, addressing a persistent issue in the world’s second-largest stock market.
The joint statement underscores a coordinated effort to target corporate fraudsters and their accomplices. This comes amid an investigation into PricewaterhouseCoopers (PwC), the auditor of China Evergrande Group, which was recently implicated in financial misconduct.
To deter misbehaviour, the CSRC is advocating for stricter laws and harsher penalties. Notable revisions include increasing fines for dishonest disclosures from CNY 600,000 to CNY 10 million.
Additionally, those who breach disclosure regulations could face up to 10 years in prison. Intermediaries responsible for false documents will also be subject to 10-year imprisonment.
Hong Kong In:Review
领英推荐
Hong Kong is reassessing its cryptocurrency regulations amid concerns that the existing framework may deter exchanges.
In a recent parliamentary session, Christopher Hui, Secretary for Financial Services and the Treasury, stated that the Hong Kong Monetary Authority (HKMA) and the Securities and Futures Commission (SFC) are reviewing digital asset regulations.
Hui responded to a lawmaker's inquiry about expediting the crypto licensing process, explaining that licensed corporations or registered institutions can distribute crypto-related products after notifying regulators, without needing to modify their licensing conditions.
As of 01 June 2024, all crypto trading platforms in Hong Kong must be licensed by the SFC or be in the application process.
Lawmaker Duncan Chiu criticised the city's licensing regulations as "excessively stringent," expressing concern that these rules are driving exchanges away. Notably, Gate.HK, OKX, and Huobi have withdrawn their applications for virtual-asset trading platform licenses (VATP), which Chiu claims has undermined confidence in Hong Kong's Web3 development efforts.
To address these challenges, Hong Kong has established a Subcommittee on Web3 and Virtual Asset Development, announced last month. Johnny Ng Kit-Chong, a member of the Hong Kong Special Administrative Region Legislative Council, emphasised the subcommittee's role in drafting cryptocurrency regulations to promote Web3 and virtual asset development.
Interestingly, Hong Kong is also shifting its focus towards decentralised finance (DeFi) and the Metaverse. Enoch Fung, CEO of the AoF and executive director of the Hong Kong Institute for Monetary and Financial Research, highlighted that these emerging technologies, closely tied to virtual assets and Web3, could offer various opportunities for the financial services industry.
HSBC announced the completion of a pilot test for Cross-Boundary Credit Referencing (CBCR), an initiative led by the Hong Kong Monetary Authority (HKMA) and the People’s Bank of China (PBoC).
This initiative aims to improve credit assessments by banks through the cross-boundary transfer of credit data, enhancing financial cooperation between Hong Kong and mainland China. With customer consent, credit reference agencies will provide Hong Kong banks with corporate credit data from mainland China for evaluation.
During the pilot, HSBC Hong Kong accessed credit data for a digital travel agency's parent company in mainland China through Dun & Bradstreet. This allowed HSBC to gain a clearer understanding of the company’s credit status and financial performance, facilitating the renewal of its line of credit in Hong Kong.
Frank Fang, General Manager, Head of Commercial Banking, Hong Kong and Macau, HSBC, highlighted Hong Kong's role as a financial hub supporting cross-boundary business activities.
He expressed satisfaction with HSBC’s participation in the CBCR pilot, emphasising its potential to simplify creditworthiness evaluations and improve financing access. HSBC plans to continue enhancing its solutions to meet the growing demand for seamless cross-boundary financing.
HSBC is committed to providing easier financing access and has connected with the Commercial Credit Reference Agency under the Commercial Data Interchange initiative to streamline credit applications for SMEs.
Korea In:Review
South Korea's Financial Supervisory Service (FSS) announced the launch of a 24-hour surveillance system on 04 July to monitor suspicious activities in the cryptocurrency market.
Developed in partnership with local exchanges, this system will be operational from 19 July and requires exchanges to input data to flag anomalies such as unusual trading volumes, large transactions, and slow execution times.
The FSS has modeled its criteria for detecting abnormal transactions after those used by the Korea Exchange (KRX), refining them through simulations to ensure accuracy.
South Korea plays a significant role in the crypto market, with the won becoming the most-used currency for digital asset transactions earlier this year. Approximately 10% of the population is involved in cryptocurrency trading, mostly focusing on smaller, riskier coins.
From January to May, the FSS developed a standardised reporting format for transaction data submissions from local exchanges. Major exchanges, responsible for 99.9% of South Korea’s cryptocurrency trades, have already implemented the monitoring system based on the latest criteria.
Singapore In:Review
Paxos International, a blockchain and tokenisation platform, has received full regulatory approval from the Monetary Authority of Singapore (MAS).
This authorisation allows Paxos’s Singapore branch, which issues the gold-backed stablecoin Pax Gold (PAXG), to provide digital payment token services as a Major Payments Institution. This approval paves the way for Paxos to launch a stablecoin under MAS's forthcoming regulatory framework.
This development marks Paxos’ entry into its third international market, following the United States and the United Arab Emirates, where Paxos-affiliated entities are also permitted to issue stablecoins.
Walter Hessert, head of strategy at Paxos, highlighted the significance of this approval for their global stablecoin offerings, noting that adherence to MAS’s rigorous regulatory standards represents a crucial step toward democratising access to commerce and financial services.
DBS, Southeast Asia’s largest bank by assets under management, will serve as Paxos’ primary banking partner, handling cash management and custody of the stablecoin reserves. Evy Theunis, head of digital assets at DBS Bank, emphasised the importance of trust and security in stablecoin adoption.
This regulatory approval is a significant milestone in Paxos’ global expansion efforts. In June, Paxos launched an interest-bearing stablecoin called the Lift Dollar (USDL), regulated by the Abu Dhabi Global Market (ADGM), which pays overnight yield on the interest earned from its reserves.
Singapore's Terrorism Financing National Risk Assessment (TFNRA) was updated on 01 July by the Finance and Home Affairs ministries and the Monetary Authority of Singapore (MAS).
The TFNRA highlights that money remittance providers, particularly those offering cross-border online payments and unlicensed services, are at high risk of exploitation for terrorism financing.
Emerging risks include new cross-border fast payment systems and online fund-raising, driven by Singapore’s high internet penetration and the global digital economy surge post-Covid-19.
Money remittances are popular among Singapore’s foreign migrant workers due to their cost-effectiveness. However, transactions often involve regions with higher exposure to terrorism financing risks. In 2020, a Singaporean was convicted for sending SGD 450 to an ISIS-linked individual via Western Union, resulting in a jail sentence.
The report also highlights concerns about foreign online fund-raising campaigns. A Bangladeshi construction worker was sentenced to over two years in 2022 for donating nearly SGD 900 to Syrian terrorist organisations online.
Additional high-risk industries identified include precious stone and metal dealers and digital payment token (DPT) service providers, which have been used to support terrorist activities.
To mitigate these risks, MAS and the Ministry of Home Affairs have increased awareness efforts among the payment and banking sectors. The national strategy includes enhancing legal frameworks, regulatory regimes, and law enforcement actions.
Since 2016, 13 individuals in Singapore have been convicted of terrorism financing offences, primarily supporters of ISIS.
Best of the Rest In:Review
The European Banking Authority (EBA) is tasked with issuing guidelines to Payment Service Providers (PSPs), Intermediary Payment Service Providers (IPSPs), Crypto-Asset Service Providers (CASPs), and Intermediary CASPs (ICASPs).
The Travel Rule Guidelines, issued under Regulation (EU) 2023/1113, aim to enhance the traceability of transfers of funds and certain crypto-assets to combat money laundering and terrorist financing (ML/TF).
Published on 9 June 2023, this regulation updates and expands upon Regulation (EU) 2015/847, specifically incorporating crypto-asset transfers within its scope. Its primary objective is to hinder the misuse of funds and crypto-assets for illicit activities by ensuring that relevant authorities can trace these transfers when necessary.
These guidelines detail the steps these entities must take to detect missing or incomplete information accompanying transfers and outline the procedures to manage such transfers. This includes detection procedures, admissable characters and input checks, handling missed information, taking risk based decisions on incomplete data, and maintaining records.
The guidelines promote a risk-based approach, providing clear regulatory and supervisory expectations while allowing flexibility for PSPs, IPSPs, CASPs, and ICASPs to tailor their compliance strategies according to their business nature and size, and the ML/TF risk exposure.
The EBA has repealed the 2017 Joint European Supervisory Authorities Guidelines to introduce these more comprehensive measures. This update ensures consistency in the application of the travel rule across the EU.
The State Bank of Vietnam has mandated facial recognition for online and card-based transactions aims to enhance security.
However, it has sparked significant privacy and security concerns among internet users, who fear extensive biometric data collection and potential cyber threats. Vietnam's web domain, .vn, ranked as the fifth most vulnerable globally to cyber-attacks and data theft in 2023, according to cybersecurity firm Kaspersky.
Vietnam’s adoption of facial recognition is part of a global trend where biometric technologies are increasingly used in financial systems. Countries like China and India have implemented similar measures for identity verification and securing digital transactions, often facing criticism for potential privacy violations and data breach risks.
As Vietnam advances its digital transformation, balancing security enhancements with individual privacy protection remains contentious. Financial institutions must adapt to new regulations, which may involve significant technological upgrades and increased compliance costs.
The number of crypto ATMs is rapidly increasing worldwide, according to new data from Coin ATM Radar, despite rising concerns about their misuse for criminal activities.
Bitcoin kiosks are prime targets for criminals due to the anonymity they offer, making them useful for money laundering, drug trafficking, and various forms of fraud. The FBI has reported an uptick in scammers directing victims to use cryptocurrency ATMs and digital QR codes.
In the past six months, over 2,500 crypto ATMs have been installed globally. These ATMs are commonly found in retail locations, such as Walmart and Circle K in the United States. Bitcoin remains the predominant cryptocurrency used in these machines, followed by Bitcoin Cash and Ether.
This surge has prompted legislative actions in some US states. Minnesota and Vermont have both enacted regulations for crypto ATMs this year. Vermont requires ATM operators to register with regulators, limits transactions to USD 1,000 per day, and has placed a moratorium on new installations until next summer.
Minnesota's law restricts daily transactions for new customers to USD 2,000, mandates warnings about fraud risks, and allows refunds for fraudulent transactions. Rhode Island is considering similar legislation.
The United States hosts over 80% of the world's crypto ATMs, but there is significant growth in Canada, Spain, El Salvador, Germany, and Hong Kong, where cryptocurrency adoption is on the rise.
Globally, there has been an 18% increase in crypto ATM installations, with more than 38,000 machines added in the past year. However, over 2,800 crypto ATMs were decommissioned last year, partly due to their association with criminal activities.
I hope you find Risk In:Review informative and helpful.