UK Finance’s latest must–read blogs
UK Finance
The collective voice for the banking and finance industry, representing around 300 firms.
RLN Innovator Workshop Recap: Driving collaboration in financial services?
On 16 May, UK Finance, in partnership with EY, hosted the RLN Innovator Workshop.?
This event, hosted at EY office, brought more than 90 innovator and fintech firms together with UK RLN participants including Barclays, Citi, HSBC, Lloyds Banking Group, Mastercard, Nationwide, NatWest, Santander, Standard Chartered, Virgin Money, Visa, and partners from EY, Linklaters, R3, Quant, Coadjute and DXC Technology.?
The workshop’s primary goal was to foster collaboration, share information, learn from innovators and spark discussions about the transformative potential of innovation that RLN might enable. It attracted more than 120 attendees – 60 in person and 60 virtually – from a range of FinTechs, BigTechs, and other innovative companies. The day was filled with enriching discussions and promising ideas for innovation.?
Background:?
The UK RLN is envisioned as a common ‘platform for innovation’ across multiple forms of money, including existing commercial bank deposits and a shared ledger for tokenised commercial bank deposits and in due course, potentially all forms of regulated money.?
Through a collaboration of several stakeholders within the financial services industry, the UK RLN explores the options for users to make payments, transact and settle liabilities in the increasingly digital marketplaces of the future.?
Key discussions and insights from the workshop:?
The workshop included a series of panel discussions, breakout sessions, and interactive focus groups where innovators could share their views.??
Read the full blog post for key insights from the day by Marius Bischoff, Manager, Payments, Innovation and Resilience, UK Finance.?
?
How the Future Entity can support the prosperity of open banking?
What is the “Future Entity”??
As part of the Retail Banking Market Investigation Order 2017 (the CMA Order), the nine largest UK banks and building societies (known as the “CMA9”) were required to set up and fund a central standard setting body for open banking. This body is known as the “Implementation Entity” and was established as Open Banking Limited (OBL).??
However, as we progress to the next phase of open banking, this current structure is set to be replaced by the “Future Entity” i.e. the body that will govern open banking in the future. In April 2024 the Joint Regulatory Oversight Committee (JROC) released a consultation paper which set out their proposals for the design of this Future Entity.??
Why is the Future Entity important??
The Future Entity will be at the heart of the open banking ecosystem. It will have a number of responsibilities including improving existing and developing new API standards and guidelines, monitoring standards, gathering data, providing critical services (e.g. directory and help desk) and ensuring there are mechanism in place to protect consumers and businesses. Getting the structure of the Future Entity right, in particular its functions and governance, will be key to open banking achieving its potential in the future.?
What is the industry position on the Future Entity??
UK Finance responded to the JROC consultation. Our key messages include:?
Read the full blog post from Robert Driver, Principal, Payments, Innovation and Resilience, UK Finance.?
?
Key Takeaways from the 2023 Fraud Data?
From increased pressure to protect customers to more focused reimbursement requirements to publicly reporting scam data to the rise of technologies like GenAI, UK banks faced a storm of change in 2023. ?
Despite these headwinds, the headline is that banks made good progress, with total fraud losses down by 4 per cent in 2023. However, we should not lose sight of the fact that fraudsters have still successfully stolen £1.168 billion. This figure’s sheer size is a constant reminder that more can always be done.?? ?
Authorised?Fraud: Scammers Shift Focus?
Unauthorised?Fraud: Cross-Channel Fraud Increases?
As we reflect on 2023, it's evident that UK banks continue to make positive strides against fraudsters. Yet the persistence of high fraud figures, despite a general decline, highlights the necessity for continuous innovation. We know that fraudsters will continue to adapt and innovate, therefore, banks and their partners must too.?
Moving forward into 2024, enhancing mule detection strategies, leveraging payment networks for broader data visibility, and deepening industry collaboration will emerge as key industry focuses.?
Read the full blog post from Daniel Holmes, Fraud Prevention SME, Feedzai ?
?
Shaping Cybersecurity Strategies Amid Evolving Financial Regulations?
In my 20+ years as a cybersecurity practitioner, I've witnessed first-hand how the waves of regulatory changes can unsettle even the most seasoned professionals.?
领英推荐
In the UK, where financial services are integral to the national economy, adhering to cybersecurity regulations isn't just about compliance—it’s about securing trust and ensuring resilience.?
The financial services industry has always been heavily regulated. Organisations in this sector face a complex landscape of regulations such as the GDPR, NIS2 Directive, and specific Financial Conduct Authority (FCA) mandates, which result in increased expectations around cybersecurity from customers and regulators—as well as increased liability for financial services firms in the event of a data breach. Ultimately, executives and Boards around the globe are responsible and accountable for cybersecurity performance management in just the same way that they are accountable for managing other critical parts of the business.?
Understanding What the Regulators are Looking For?
Regulators are keen to see how a firm’s security performance management strategy affects its business strategy and how existing controls and monitoring processes are being adjusted accordingly to address it.?
Three Actionable Steps To Maintain Regulatory Compliance?
1. Manage security performance across your financial services ecosystem?
2. Expose and mitigate third-party cyber risk from financial partners?
3. Quantify cyber risk in financial terms?
Read the full blog post from Tim Grieveson, Senior Vice President, Global Cyber Risk Advisor, Bitsight ?
?
Recent Developments in Sanctions Case Law (England and Wales)?
Over the first half of 2024, a number of significant cases involving sanctions have come before the English courts.?
Some of these have given useful insights into the operation of the UK’s sanctions regime, while others have addressed broader principles.??
We note that a few key cases remain outstanding – particularly, the appeal in?UniCredit Bank GmbH, London Branch v Celestial Aviation Services and another?and the Supreme Court’s detailed judgment in?RusChemAlliance LLC v UniCredit Bank GmbH.?
Case Law – Operation of Sanctions Regime?
An interesting case assisting with the interpretation of the UK asset freeze regime is the interim decision in?Vneshprombank v Bedzhamov?
Case Law - Anti-Suit Injunctions and Litigation in Russia?
Cross-border disputes involving sanctions give rise to unique issues of public policy and fairness, as demonstrated by the English courts' handling of anti-suit injunctions and litigation in Russia. These cases underscored the complex interplay between arbitration agreements, international jurisdiction and economic sanctions.?
Case Law - Force Majeure?
In?RTI Ltd v MUR Shipping BV?the Supreme Court confirmed that “reasonable endeavours” provisions in force majeure clauses will not (absent clear wording) require a party to accept non-contractual performance.?
Read the full blog post by Satindar Dogra, Litigation, Arbitration and Investigations Partner, James Bowen, Managing Associate, Litigation, Arbitration and Investigations,?and?Casey Kwok, Multilingual Paralegal, Linklaters.?
?
DORA in the UK: What You Need to Know?
As the deadline for compliance with the EU’s Digital Operational Resilience Act (DORA) draws near, financial firms and their ICT suppliers across the EU are gearing up to meet the January deadline. ?
In the wake of the UK’s exit from the EU, many UK firms—especially smaller third-party ICT suppliers —may be under the impression they’re in the clear, not subject to these new requirements for?cyber risk management and operational resilience.??
That assumption is likely wrong. In addition to?DORA?applying to UK-based entities that undertake any of the broad range of financial market activities captured by the Act within the EU, so-called “Critical ICT Third Party Providers” (CTTPS) to Europe’s financial firms will be subject to DORA’s requirements too. Even providers not deemed CTTPS under the criteria set out in recently-adopted delegate regulations will likely see requirements pushed down the supply chain and built into their contractual relationships with financial firms.??
It’s likely DORA will impact thousands of UK entities, many subject to these kinds of standards for the first time. ?
There is some good news for in-scope UK firms: they may already be compliant with (or working toward) similar regulations, guidelines and standards, such as?SS2/21, ISO27001, that align closely with DORA. That means much of the work for UK organisations may already be done. The Bank of England, Prudential Regulation Authority, and Financial Conduct Authority have also been working on new operational resilience frameworks that are likely to share guidance with DORA. ?
But while there are some similarities, there are key aspects of DORA that UK companies need to know about. ?
Read the full blog post from Wayne Scott, Regulatory Compliance Solutions Lead, Escode, Part of NCC Group. ?
?
?