Risk In:Review #76 - 03 November 2024
Anthony Hope
Risk & Compliance Executive | Fintech Founder & Innovator | Strategic Leader | Expert Speaker
Welcome to Risk In:Review, your weekly newsletter curating the best of the week’s news stories from the crossroads between risk management and technology in Asia Pacific.
Keep updated with the latest news and insights by clicking on subscribe.
Perspectives
It’s been a busy week for risk and technology. This week’s Perspectives focuses on the issue of ‘responsible’ Artificial Intelligence (AI), and Australia and Hong Kong’s recent statements about expectations for AI governance in the financial sector.
Turning first to Australia, the Australian Securities and Investments Commission (ASIC) released REP 798, titled ‘Beware the gap: Governance arrangements in the face of AI innovation’.
ASIC reviewed how 23 Australian financial service licensees and credit licensees are using and planning to use AI, how they are identifying and mitigating associated consumer risks, and their governance arrangements. A few of the key findings include:
ASIC expressed concern over licensees adopting AI at a pace that outstrips their governance frameworks, with ASIC chair, Joe Longo, warning that expanding gaps between AI use and governance structures could exacerbate risks for consumer harm.
Longo highlighted that competitive pressures might drive licensees to implement more complex, consumer-facing AI faster than they can adapt their governance, amplifying potential challenges.
He further advised against a “wait-and-see” stance, reminding licensees that existing consumer protection laws and director duties remain applicable, regardless of technological advancements.
In a similar vein, during the 2024 Hong Kong FinTech Week, Hong Kong Financial Secretary Paul Chan Mo-po released a Policy Statement on the Responsible Application of Artificial Intelligence in the Financial Market.
His statement reflected that Hong Kong intends to adopt a dual-track approach, such that it can promote development of AI adoption by the financial services industry, while at the same time addressing the potential challenges, such as cybersecurity, data privacy and protection of intellectual property rights.
The new guidelines mandate that banks, brokers, and financial institutions must establish AI governance strategies to direct the implementation and usage of AI systems. These strategies should include advisory services and training for effective deployment, and a risk-based approach towards the procurement, use and management of AI systems.
Regular readers of Risk In:Review will note that neither Hong Kong nor Australia have introduced anything materially different to the approaches of other markets towards AI.
The European Union (EU) is leading the way with the AI Act, a comprehensive legal framework proposed to regulate AI across its member states. The act categorises AI systems by risk levels (unacceptable, high, limited, and minimal) and sets strict requirements for high-risk AI applications, including transparency, data quality, and human oversight.
Similarly, China’s New Generation AI Development Plan includes strategies to become a global leader in AI by 2030, including ethical guidelines related to AI safety and societal impacts.
Without doubt we will see more on this topic over the next twelve months. The question will be the extent to which countries are able to find consistency in how they approach AI technologies and companies that will often span across borders.
This Week In:Review
Australia
China
Hong Kong
India
Singapore
Best of the Rest
Australia In:Review
The Victoria Police in Australia has executed its first successful cryptocurrency seizure following legislative amendments, amounting to AUD 142,679. The report, disclosed in the 2023–24 annual report on 31 October 2023, follows the introduction of SECT 92A in the Confiscation Act 1997, empowering officers to confiscate digital assets under a search warrant since 1 August 2023.
During an investigation into a drug trafficking case, the department's Cryptocurrency Operations team discovered crypto recovery phrases among seized documents, leading to the application of a search warrant. These recovery or seed phrases, essential for accessing crypto wallets, facilitated the seizure of six wallets containing various cryptocurrencies.
The updated law simplifies asset seizure by allowing police to access devices, manipulate storage mediums, and execute transactions to secure control of the assets. Additionally, any device aiding access to cryptocurrencies, such as hardware wallets, may be seized.
The Australian Securities and Investments Commission (ASIC) has urged financial services licensees to align their use of artificial intelligence (AI) with robust governance practices, following a review detailed in Report 798. The review assessed 23 Australian Financial Services Licensees (AFSLs) and found only 23 had adequate governance policies for AI in place.
ASIC expressed concern over licensees adopting AI at a pace that outstrips their governance frameworks. Specifically, some firms updated their governance structures concurrently with increasing AI use, and two licensees were noted for having governance that lagged behind their AI implementation.
ASIC chair, Joe Longo, warned that expanding gaps between AI use and governance structures could exacerbate risks for consumer harm. He highlighted that competitive pressures might drive licensees to implement more complex, consumer-facing AI faster than they can adapt their governance, amplifying potential challenges.
ASIC emphasised the importance of balancing the race for AI benefits with robust safeguards. It supports the Australian Government’s Voluntary AI Safety Standard and its plans for mandatory regulations focusing on testing, transparency, and accountability.
Longo advised against a “wait-and-see” stance, reminding licensees that existing consumer protection laws and director duties remain applicable, regardless of technological advancements.
China In:Review
The Biden administration has issued finalised regulations restricting US investments in Chinese technology sectors, including semiconductors, quantum systems, and artificial intelligence (AI).
This move follows a 2023 Executive Order aimed at curbing outbound investments that may support the military and intelligence advancements of countries deemed as threats, specifically China, Hong Kong, and Macau.
The Department of Treasury's new rules apply to various investment forms, including equity acquisitions, debt financing, and joint ventures. Notably, US persons must notify the Treasury of transactions involving AI systems designed for specialised applications or trained with high computational power.
Exemptions to the rule include investments in publicly traded securities and scenarios involving national security interests. While investments in quantum computing are entirely prohibited, investments in AI must meet specific computational thresholds to require notification or prohibition.
Assistant Secretary Paul Rosen stated that the regulation aims to prevent US capital from inadvertently advancing critical technologies that could bolster military and intelligence capabilities of nations posing security threats. The rule is intended to safeguard national security while maintaining the openness of US investment practices.
Hong Kong In:Review
Hong Kong has introduced its first guidelines for the responsible use of artificial intelligence (AI) while also advocating for blockchain integration, as part of efforts to manage the rapid advancements in financial technology.
During the 2024 Hong Kong FinTech Week opening on 28 October 2024, Financial Secretary Paul Chan Mo-po highlighted the importance of AI and blockchain as pivotal innovations in fintech.
He noted that Hong Kong’s financial sector remains open but vigilant in applying AI, committing to monitor developments and learn from both local and international practices due to the technology’s ever-evolving nature.
The new guidelines mandate that banks, brokers, and financial institutions must establish AI governance strategies to direct the implementation and usage of these systems. These strategies should include advisory services and training for effective deployment.
The announcement aligns with a global trend of increased regulation, akin to the European Union’s AI Act and Singapore’s AI guidelines, as noted by Kenneth Hui from the international law firm Simmons & Simmons.
A Hong Kong court has ruled in favour of two investors in a landmark civil lawsuit involving the JPEX cryptocurrency exchange, ordering the recovery of HKD 1.85 million.
Plaintiffs Herbert Lee Sung-him and Chan Wing-yan successfully argued that JPEX had breached its duty by transferring assets - more than USDT 240,000 - without authorisation to unknown wallets after Chan’s deposits in July and August 2023.
Judge Grace Chow Chiu-man concluded that the plaintiffs had a strong case for proprietary relief, acknowledging the need for declarations to ensure justice for Chan, who otherwise would remain an unsecured judgment creditor.
领英推荐
The defendants included JPEX and Web3 Technical Support, both of which failed to attend the hearing. The court also mandated USD 15,400 in legal costs to be covered by Web3 Technical Support.
The JPEX case has significant implications for Hong Kong’s regulatory framework concerning cryptocurrency. Originating in September 2023, it followed warnings from the Securities and Futures Commission that JPEX operated without a license and prompted over 2,200 complaints and multiple arrests.
This ruling marks a step forward for investors in reclaiming assets amidst allegations that JPEX employed strategies, such as exorbitant withdrawal fees and a shift to a decentralised autonomous organisation (DAO), to restrict withdrawals.
Hong Kong FinTech Week 2024, co-organised by the Hong Kong Monetary Authority (HKMA) and InvestHK, highlighted key fintech advancements and partnerships. In his keynote, HKMA Chief Executive Eddie Yue emphasised the importance of digital transformation for continued financial innovation.
The HKMA introduced Project Ensemble, aimed at accelerating asset tokenisation. The initiative includes the Ensemble Sandbox, fostering central bank digital currency (CBDC) use and tokenised deposits.
New cross-border collaborations with the Central Bank of Brazil and the Bank of Thailand will explore international tokenisation use cases. The Digital Bond Grant Scheme, offering up to HKD 2.5 million per issuance, and EvergreenHub, a digital bond knowledge base, were also unveiled to boost tokenisation.
Efforts to enhance cross-boundary payments include collaboration with the People's Bank of China for linking Hong Kong’s Faster Payment System (FPS) with the Mainland’s IBPS, targeting mid-2025 for a pilot launch.
The HKMA also promoted data integration through Commercial Data Interchange (CDI), linking with the Land Registry and partnering with the Airport Authority Hong Kong to streamline SME lending. Participation in Project Aperta aims to support open finance and reduce global trade finance costs.
Lastly, the launch of Fintech Connect aims to connect financial institutions with fintech solutions. A new programme leveraging AI for complex case monitoring was introduced, underscoring the HKMA’s commitment to fostering sustainable growth through innovation.
India In:Review
The Insurance Regulatory and Development Authority of India (IRDAI) has issued draft guidelines for a new Insurance Fraud Monitoring Framework aimed at bolstering fraud prevention and management across the insurance industry.
This update builds on the 2013 Insurance Fraud Monitoring Framework and reflects changes in the scale and complexity of fraud over the past decade. The 2024 guidelines incorporate insights from both domestic and international best practices and propose advanced strategies for fraud detection, management, and prevention.
A key feature of the draft is the emphasis on data analytics. Insurers will be required to use a robust Fraud Monitoring Technological Framework provided by the Insurance Information Bureau (IIB). This platform will serve as a common database for industry-wide information on suspected and reported fraud, promoting effective sharing of threat intelligence.
The draft mandates all insurers to participate in this fraud monitoring mechanism as both data providers and beneficiaries, enhancing collaboration and safeguarding policyholders. Additionally, the IIB will maintain a caution repository listing blacklisted agents, distribution channels, and other entities to prevent their involvement in fraudulent activities.
The IRDAI is inviting feedback from stakeholders and the public on the proposed guidelines, with the deadline for submissions set for 13 November 2024.
At the G30 39th Annual International Banking Seminar in Washington DC, Reserve Bank of India (RBI) Governor Shaktikanta Das expressed strong reservations about stablecoins and cryptocurrencies, highlighting concerns over the dominance of “private money” in payment systems.
Das argued that reliance on private currencies could undermine local governments’ monetary sovereignty and allow multinational corporations to control payment ecosystems.
Das contrasted private stablecoins with Central Bank Digital Currencies (CBDCs), which he praised as the future of fiat currencies. He pointed out that CBDCs, unlike stablecoins, carry no settlement risk as they are backed by the government and central bank, providing secure, final transactions without collateral.
Das questioned the advantages of stablecoins, perceiving them as risky and favouring a payment ecosystem dominated by large, potentially country-specific companies.
India’s CBDC pilot projects have received positive feedback, reinforcing Das’ view on their potential. He highlighted India’s robust United Payment Interface (UPI) system, facilitating 500 million transactions daily, as a foundation for exploring CBDC interoperability.
Despite the promising trials, Das stated that India would cautiously proceed with any nationwide CBDC rollout to ensure full security, robust design, and effective features.
These comments come amidst ongoing deliberations by the Indian government on a discussion paper regarding crypto regulations, with reports suggesting a potential ban to promote CBDC adoption.
Singapore In:Review
The Monetary Authority of Singapore (MAS) is set to launch the Global Finance & Technology Network (GFTN), replacing its non-profit FinTech initiative, Elevandi, to bolster Singapore’s position as a global FinTech hub. This move signals a shift from national connectivity efforts towards a more expansive, global collaboration in financial technology.
MAS's previous FinTech strategy emphasised building regulatory infrastructure, including the regulatory sandbox, cross-border payment systems, digital asset ventures, and AI initiatives. The Singapore FinTech Festival (SFF), now a premier global event, emerged during this phase, underpinning the country's FinTech growth.
The GFTN will strengthen industry connections and support innovation, focusing on key topics such as payment technologies, digital asset tokenisation, and the integration of AI and quantum computing. The initiative aims to broaden the reach of the SFF and solidify Singapore’s reputation in global finance and technology innovation.
Ravi Menon, former MAS managing director and climate action ambassador, will chair GFTN’s board. Sopnendu Mohanty, stepping down as MAS’s chief FinTech officer, will lead as GFTN's CEO from 1 February 2025. Kenneth Gay, with over 20 years at MAS, will succeed Mohanty as chief FinTech officer, transitioning into the role starting 6 November 2024.
MAS managing director Chia Der Jiun praised Mohanty’s leadership since 2015 and noted the establishment of GFTN as a milestone in scaling up Singapore’s FinTech strategy.
Singapore has intensified its measures against financial crime with the publication of its National Anti-Money Laundering (AML) Strategy on 30 October 2024. The new AML strategy focuses on prevention, detection, and enforcement.
The Ministry of Home Affairs (MHA) highlighted cyber-enabled fraud as a growing source of money laundering (ML) cases, alongside threats from foreign-organised crime and illegal online gambling. Additionally, Singapore’s role as a global financial and trading hub increases its exposure to proliferation financing (PF) risks related to weapons of mass destruction.
The Association of Banks in Singapore (ABS) recently published a “best practice” paper emphasising the importance of data analytics for identifying high-risk clients, reinforcing financial institutions' defences.
Casinos, through amendments to the Casino Control Act, now have lowered thresholds for customer due diligence checks and are allowed to share patron data to detect criminal activity more efficiently.
The BIS Innovation Hub in Singapore has completed the Project Mandala proof of concept (PoC), aiming to enhance compliance efficiency in anti-money laundering (AML), sanctions, and capital flow management (CFM).
This initiative offers a technical solution enabling banks to rely on compliance checks performed by other institutions while maintaining data privacy through advanced cryptography.
Key drivers for the project include the rapid increase in compliance regulations - growing 15% annually over the past decade - which have quadrupled in number. This surge in regulatory demands has increased costs and reduced the willingness of banks to participate in certain payment corridors, leading to more expensive and delayed cross-border payments.
Project Mandala seeks to mitigate these issues, enhancing trust in the banking system by reducing unnecessary compliance hold-ups that affect legitimate transactions.
The PoC demonstrated use cases such as cross-border lending and capital project financing, employing a peer-to-peer encrypted messaging system, a Rules Engine for standardising regulations, and a proof engine using Zero Knowledge Proofs (ZKP) for privacy-preserving compliance verification. Homomorphic encryption was also explored to securely share client data for sanction checks.
The project incorporated wCBDC (wholesale central bank digital currency) with Purpose Bound Money, wrapping digital currency in a policy-driven smart contract for controlled usage. This approach ensures that compliance checks are verified off-chain before transactions proceed.
The BIS Innovation Hub envisions Mandala as a model for improving cross-border payments, setting the stage for efficient and secure regulatory compliance without compromising data privacy or transaction integrity.
Best of the Rest In:Review
JPMorgan Chase is taking legal action against individuals involved in a viral banking fraud scheme dubbed the “infinite money glitch.” This scam, which spread across social media platforms like TikTok and Instagram, enticed users to deposit fraudulent checks and withdraw funds before banks detected the fraud.
This modern twist on check fraud saw users exploiting delays in banking verification, particularly during weekends or holidays, to cash out substantial sums.
The scam gained traction in August 2023, leading to JPMorgan filing lawsuits in Texas, Florida, and California to recover losses. One notable case involved a Houston man who deposited a USD 335,000 fake check, withdrew substantial funds, and now owes USD 290,939.47.
JPMorgan emphasised its commitment to anti-fraud measures, utilising technologies like machine learning and real-time transaction monitoring to safeguard assets. The bank warned that fraud compromises trust in the financial system and vowed to hold perpetrators accountable.
This wave of lawsuits aims to deter similar schemes and reinforce the message that financial fraud is a serious crime with long-lasting repercussions, including potential civil penalties, criminal charges, and damage to credit histories.
Thai immigration officials have dismantled a cross-border cryptocurrency scam involving a Cambodian, Myanmar, and Thai network that defrauded a local woman of over USD 620,000.
The scam, operational since late 2023, used a public Facebook group, “Investor Chat Room,” to lure victims with high-yield investment promises. The primary victim, identified as Ms Mallika, was persuaded to continue discussions on the LINE messaging app, where scammers convinced her to invest in purported cryptocurrency and stock portfolios.
To build credibility, the fraudsters sent small returns initially, creating a facade of legitimacy. Over time, Ms Mallika transferred approximately USD 621,000 across various linked accounts.
The scam's proceeds were laundered through a Burmese businessman operating a front company in Thailand and distributed across Cambodia, Myanmar, and Thailand. These funds were then used to purchase a luxury condominium in Bangkok's Rama 9 district, aimed at quick resale.
The Thai Immigration Department obtained warrants from the South Bangkok Criminal Court, leading to the arrests of key suspects, who now face charges including fraud and identity theft.
I hope you find Risk In:Review informative and helpful.