ARTICLE
20 January 2026

FinTech Global FS Regulatory Round-up - W/e 9 January 2026

KL
Herbert Smith Freehills Kramer LLP

Contributor

Herbert Smith Freehills Kramer LLP logo
Herbert Smith Freehills Kramer is a world-leading global law firm, where our ambition is to help you achieve your goals. Exceptional client service and the pursuit of excellence are at our core. We invest in and care about our client relationships, which is why so many are longstanding. We enjoy breaking new ground, as we have for over 170 years. As a fully integrated transatlantic and transpacific firm, we are where you need us to be. Our footprint is extensive and committed across the world’s largest markets, key financial centres and major growth hubs. At our best tackling complexity and navigating change, we work alongside you on demanding litigation, exacting regulatory work and complex public and private market transactions. We are recognised as leading in these areas. We are immersed in the sectors and challenges that impact you. We are recognised as standing apart in energy, infrastructure and resources. And we’re focused on areas of growth that affect every business across the world.
Explore Firm Details
Major changes to UK Cyber Legislation: Cyber Security and Resilience Bill published in UK Parliament...
Worldwide Technology
Cat Dankos,Rashid Ahmed, and Oliver Ling Kay
Your Author LinkedIn Connections
Cat Dankos’s articles from Herbert Smith Freehills Kramer LLP are most popular:
  • with Senior Company Executives, HR and Finance and Tax Executives
  • with readers working within the Banking & Credit, Business & Consumer Services and Metals & Mining industries

ICYMI

UK

FCA: A new regime for cryptoasset regulation

The FCA has published a new webpage focused on the new cryptoasset regulatory regime. In December 2025, the Government laid The Financial Services and Markets Act 2000 (Cryptoassets) Regulations 2025 before Parliament which, if approved, will bring cryptoassets within the FCA's regulatory remit. This new regime is expected to come into force on 25 October 2027.

To help cryptoasset firms prepare for the new regime, the FCA has published a number of guides covering:

FCA also highlighted its crypto roadmap that sets out the indicative, high-level timeline for the design and implementation of the new regime.

The regulator will host a webinar focused on helping firms get ready for authorisation on 29 January. [9 Jan 2026] #Crypto #DigitalAsset

Information Commissioner's response to the Cyber Security and Resilience (Network and Information Systems) Bill

The Information Commissioner's Office (ICO) has published the Commissioner's response to the Cyber Security and Resilience (Network and Information Systems) Bill which was introduced to Parliament by the Secretary of State for the Department for Science, Innovation and Technology (DSIT) in November 2025.

The Commissioner notes that the Bill addresses the challenge of keeping pace with emerging cyber threats as it allows for the creation of secondary legislation which will 'future-proof' regulations. However, he comments that there remains some uncertainty about how the different elements of the planned framework will operate; that the Government plans to consult on this is welcomed. The Commissioner also comments on the expanded role for the ICO and planned secondary legislation. In particular, the Commissioner is keen to understand both the how 'significant impact' will be assessed for incident reporting, security and resilience requirements, the criteria for assessing 'critical suppliers', the new enforcement and penalty regime, and information gathering powers. [23 Dec 2025] #CyberSecurity

Europe

EP: Draft report on establishment of digital euro

The Committee on Economic and Monetary Affairs (ECON) of the EP has published the draft report on the proposal for a regulation on the establishment of the digital euro. The draft report sets out proposed amendments to the EC's text. [7 Jan 2026] #DigitalEuro #DigitalAsset

Hong Kong

HKMA publishes Practice Guide on Cloud Adoption to enhance supervisory guidance and share good industry practices

The HKMA has issued a circular to inform authorised institutions (AIs) that it has published a new Practice Guide on Cloud Adoption, aimed at providing enhanced guidance and sharing good industry practices to assist AIs in unlocking the potential of cloud technology.

The HKMA notes that AIs are actively leveraging cloud technologies to facilitate digital transformation, as well as uplift operational resilience and efficiency. AIs' cloud models have also become more complex, expanding beyond private and public clouds to hybrid and multi-cloud environments.

The new practice guide expands the coverage from four to eight domains, addressing governance and oversight, risk assessment and due diligence, service provider contractual provisions, resilience and exit strategy, security and data protection, incident management, ongoing monitoring, and workforce strategy and empowerment. It also places greater emphasis on key risk and control areas such as third-party dependency, concentration risk, security risk, data governance, and resilience, which are increasingly recognised by international standard-setting bodies.

To improve usability, the guidance adopts a 'lifecycle' approach that includes both (i) high-level principles from relevant Supervisory Policy Manual modules and (ii) good practices that the HKMA has observed through supervisory work, providing guidance that is actionable and of implementation reference to AIs.

This practice guide supersedes the previous Guidance on Cloud Computing issued in 2022 (see our previous update). The HKMA expects AIs to apply the high-level principles proportionately to their cloud-related risk profiles and adopt the good practices where appropriate. The HKMA will continue to monitor developments and engage with the industry to promote responsible cloud adoption. [8 Jan 2026] #CloudComputing

SFC reprimands and fines licensed corporation HK$4 million for regulatory breaches over distribution of VA-related products

The SFC has reprimanded and fined Saxo Capital Markets HK Limited (SCMHK) HK$4 million for failures in distributing virtual asset (VA) funds not authorised by the SFC and VA-related products (collectively, VA Products) on the firm's online trading platform between 1 November 2018 and 25 November 2022.

The SFC found that SCMHK had failed to comply with various requirements under the SFC's main code of conduct, Guidelines on Online Distribution and Advisory Platforms, the SFC's circular dated 1 November 2018 on distribution of VA funds (see our previous update), and the SFC-HKMA joint circular dated 28 January 2022 on intermediaries' VA-related activities (see our previous update). Among other things, SCMHK had:

  • Allowed retail clients (ie, individuals who did not qualify as professional investors (PIs)) to trade certain VA Products which should only be offered to PIs on the online platform without (i) assessing whether the clients had knowledge of investing in VA Products, (ii) providing clients with sufficient information and warning statements specific to VAs, and (iii) conducting adequate product due diligence;
  • Failed to effectively manage and adequately supervise the operation of the online platform to ensure that it meets the relevant regulatory requirements and expected standards and practices in distributing VA Products;
  • Failed to ensure that transactions in complex VA Products effected via the online platform were suitable for the clients in all the circumstances, and ensure that sufficient information on such products and appropriate warning statements were provided on the online platform to enable clients to understand the nature and risks of the products before making investment decisions; and
  • Failed to properly assess clients' knowledge of the VA Products that were derivative products, and characterise them based on such knowledge.

SCMHK had self-reported its misconduct to the SFC and has since taken remedial actions, including voluntarily compensating clients for losses incurred from trading the VA Products during the relevant period. [6 Jan 2026] #VirtualAsset

Protection of critical infrastructures regime commences with establishment of commissioner's office and publication of code of practice

The regime under the Protection of Critical Infrastructures (Computer Systems) Ordinance commenced on 1 January 2026 with the establishment of the Office of the Commissioner of Critical Infrastructure (Computer-system Security) under the Security Bureau and the appointment of Mr Francis Chan Wing-on as the Commissioner of Critical Infrastructure (Computer-system Security). Mr Chan has been appointed for a three-year term from 1 January 2026. Members of the appeal panel have also been appointed for a term of two years.

The Ordinance provides a comprehensive legal framework to safeguard the security of computer systems of critical infrastructures in Hong Kong, regulate operators of critical infrastructures and investigate and respond to relevant computer-system security threats and incidents (see our previous update). A Code of Practice has been published to provide practical guidance on how a critical infrastructure operator can comply its obligations under the Ordinance. [1 Jan 2026] #CyberSecurity

Retail banks complete launch of Money Safe

The HKMA and the Hong Kong Association of Banks have announced that all retail banks (including digital banks) would have fully launched the Money Safe service for individual customers by 31 December 2025, and would embark on a series of publicity campaigns. The Money Safe initiative was introduced by the HKMA in December 2024 (see our previous update).

Through Money Safe, bank customers can specify the amount of deposits to be protected, analogous to setting up a safe within a bank account. When customers need to use the protected deposits, banks will conduct a face-to-face anti-scam verification with them, thereby offering them a chance to detect a scam.

Money Safe serves as an additional layer of protection for deposits. Customers may consider putting deposits that they do not need to use in the short term under Money Safe protection. [30 Dec 2025] #DigitalBank

FSTB and SFC conclude consultations on VA dealing and custodian services regimes and launch further consultation on VA advisory and management services regimes

The Financial Services and the Treasury Bureau (FSTB) and the SFC have jointly published consultation conclusions on legislative proposals for establishing licensing regimes for virtual asset (VA) dealers and custodian service providers (see our previous update regarding the launch of the consultations). They have also launched a further consultation on new regimes for VA advisory and management service providers. Comments are required to be submitted by 23 January 2026.

Conclusions on licensing regimes for VA dealers and custodian service providers

In view of the market support, the FSTB and the SFC will proceed with the legislative proposals.

  • The VA dealer regime will be closely aligned with that for Type 1 regulated activity (dealing in securities) under the Securities and Futures Ordinance, with similar exemptions under consideration.
  • The VA custodian service provider regime will focus on managing risks related to safekeeping private keys of client VAs in Hong Kong, to secure client assets and protect investors.
  • No deeming arrangements will be granted to existing VA dealing or custodian service providers. Industry stakeholders already engaged in or interested in providing VA dealing or custodian services are encouraged to reach out to the SFC or the HKMA (as applicable) as soon as possible to initiate the pre-application process.

Consultation on licensing regimes for VA advisory and management service providers

  • In response to the feedback received, the FSTB and the SFC has launched a further consultation on establishing separate licensing regimes for VA advisory and management service providers, instead of covering the relevant VA activities under the licensing regime for VA dealing service providers as originally proposed. This revised regulatory approach will model itself on the regulatory framework applicable to the conventional securities market, and will provide better clarity as regards the scope of activities regulated under different VA licensing regimes.

The FSTB and the SFC aims to finalise the legislative proposals for establishing the licensing regimes for VA dealing, advisory, management, and custodian service providers under the Anti-Money Laundering and Counter-Terrorist Financing Ordinance, with a view to introducing a bill into the Legislative Council in 2026. [24 Dec 2025] #VirtualAsset

HKMA, CEDB and IPD launch IP Financing Sandbox

The HKMA, in collaboration with the Commerce and Economic Development Bureau (CEDB) and the Intellectual Property Department (IPD), has launched the Intellectual Property (IP) Financing Sandbox. Three major banks have joined the sandbox as inaugural participants, and have solicited interest from clients from the biotechnology, electronics and technology sectors to conduct pilot trials of IP financing through the sandbox.

The sandbox aims to assist pilot sectors in leveraging IP assets for financing, providing a risk-controlled environment for authorised institutions (AIs) to conduct pilot trials of financing arrangements based on IP assets (such as patents, trademarks and copyrights), supported by professional service providers such as IP valuation firms and legal practitioners participating in the sandbox.

AIs will be able to test the full lifecycle of an IP financing transaction, and may seek feedback from the HKMA and receive support from other participating stakeholders in developing and refining their IP financing arrangements. The HKMA, the CEDB and the IPD have jointly prepared operating principles for the sandbox.

Based on the practical insights gained from the sandbox, the HKMA will share good practices and consider the need for developing further supervisory guidance on the credit risk management aspect of IP financing. The Government, through the CEDB and the IPD, will also assess the need for developing a set of local IP valuation guidelines incorporating standards that are acceptable to all stakeholders. [22 Dec 2025] #IPFinancingSandbox

Thailand

SECT initiative supports testing of financial service innovations

SECT has announced an initiative for testing financial service innovations related to capital market businesses and digital asset businesses. This initiative is undertaken in collaboration with BOT, through its Programmable Payment tested under the Enhanced Regulatory Sandbox, to enable a fully electronic, end-to-end process that supports the digital capital market ecosystem.

Applications for participation opened on 24 December 2025. [24 Dec 2025] #DigitalAsset #RegulatorySandbox

Philippines

BSP: Circular to harmonize retail payment systems with international ISO 20022 standard

BSP has issued a circular that requires all retail payment systems in the country to adopt the global ISO 20022 standard. The new regulation, contained in BSP Circular No. 1223, follows the specifications set by the Committee on Payments and Market Infrastructures (CPMI).

Circular No. 1223 provides a two-year phased implementation period to allow the industry to transition to full compliance. To support the rollout, the circular establishes an ISO 20022 Harmonization Industry Project Team that will lead industry-wide coordination throughout the transition period. [22 Dec 2025] #Payments

US

SEC files charges against purported crypto trading platforms and investment clubs

The SEC has announced that charges have been filed against three purported crypto asset trading platforms and four investment clubs. The SEC alleges that they defrauded retail investors out of more than $14m using social media. According to the SEC's press release, the clubs had used investment tips which were said to be AI-generated to gain investors' confidence.

The complaint has been filed in the United States District Court for the District of Colorado. The defendants are charged with violating the anti-fraud provisions of the Securities Act of 1933 and the Securities Exchange Act of 1934. The SEC is seeking permanent injunctions and civil penalties against all of the defendants, and disgorgement with prejudgment interest against the purported platforms. [22 Dec 2025] #Crypto #DigitalAsset #AI

NY Governor signs AI legislation; NY DFS to house new AI oversight office

New York Governor Kathy Hochul has signed legislation to require AI frameworks for AI frontier models. This will require large AI developers to create and publish information about their safety protocols, and report incidents to the State within 72 hours of determining that an incident occurred. It also creates an oversight office within the NY Department of Financial Services (NY DFS). The office will issue reports annually. [22 Dec 2025] #AI

FRB release biennial report on debit card transactions

The FRB has published its biennial report on debit card transactions, summarizing information collected from large debit card issuers and payment card networks. The report provides data on interchange fees, issuer costs, and fraud losses related to debit card transactions performed in 2023. [19 Dec 2025] #Payments

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

[View Source]
Authors
Photo of Cat Dankos
Cat Dankos
Photo of Rashid Ahmed
Rashid Ahmed
Photo of Oliver Ling Kay
Oliver Ling Kay
Your Author LinkedIn Connections
See More Popular Content From

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More