Connect with us


The regulatory mood around digital assets in 2022 and beyond



By Michael Magrath, Vice President, Global Standards and Regulations, OneSpan


Put simply, digital assets are unique digital representations of financial assets, the ownership of which is registered securely on a blockchain. This includes cryptocurrencies, stablecoins, NFTs and digital asset tokens. With global financial institutions investing in cryptoassets, consumer ownership of cryptocurrency skyrocketing, and cryptocurrency even becoming legal tender in some countries, digital assets are now playing a significant role in the global financial ecosystem.

Like with any emerging technology, regulation in this area has for many years lagged behind the pace of innovation. However, this is now changing as regulators rush to protect investors, fight crime and establish their jurisdictions as fintech hubs. With this in mind, what regulatory changes can we expect key European players – France, Germany and the UK – to make in 2022 and beyond?


Michael Magrath, Vice President, Global Standards and Regulations, OneSpan

Michael Magrath

Confronting the growing role of digital assets in global money laundering

From drug trafficking to ransomware, we cannot ignore the fact that cryptocurrency enables serious organised crime. Crypto allows bad actors to easily receive bribes and ransoms, as well as disseminating the proceeds of their crimes – all without being identified and apprehended. This pressing issue was highlighted by the European Commission’s EU Strategy to Tackle Organised Crime 2021-2025 report published earlier this year. The authors noted that: “only 1% of criminal assets are confiscated. This has been aggravated by the increasing use of financial channels with more limited oversight than the banking sector, such as virtual currencies.”

Given this startling figure, it’s no surprise that EU member states are closely examining the role of digital assets in criminal activity – so, what steps are they taking?

In April this year, the French Ministry of the Economy and Finance published a decree designed to strengthen the country’s existing mechanism for freezing criminal assets. The new decree aims to eliminate the use of anonymous digital assets in illegal activity. At its core is an expansion of the scope of customer due diligence requirements for payment and e-money institutions, and a requirement for digital asset service providers to identify customers before permitting a transaction.

In addition to member states’ individual efforts, the EU’s proposed Regulation of Markets in Crypto-Assets (MiCA) legislation proposes a detailed regulatory framework for digital asset issuers across the bloc. It’s worth noting that the legislation doesn’t apply to central bank digital currencies, issued by states and regulated by central banks, but other cryptocurrencies, including utility tokens and payment tokens do fall within its scope. In the three years since MiCA was first put forward, there remains a lack of clarity in several key areas. Currently, it’s expected that a single licensing regime for cryptoassets will be in place across all member states by 2024.

Outside the EU, the UK Treasury published a consultation on amendments to its 2017 Money Laundering, Terrorist Financing and Transfer of Funds Regulations in July 2021. The amendments seek to implement a Travel Rule for the cross-border transfer of cryptoassets. The Financial Action Task Force’s Travel Rule requires both financial institutions Virtual Asset Service Providers (VASPs) (cryptocurrency exchanges)—to collect personal data including names and account numbers for both senders and recipients in wire transactions exceeding 1,000 USD/EUR. Secondary legislation is expected to be introduced in spring 2022.


Boosting security standards for exchanges and custodians

Money laundering isn’t the only pressing concern and increased scrutiny has been placed on exchanges. Though undoubtedly the most high-profile, the recent Coinbase hack was not the first to successfully target crypto exchanges and custodians. In fact, research shows that an estimated $1.9 billion worth of cryptocurrency was stolen by hackers in 2020. This eyewatering figure demonstrates that the security standards of digital asset exchanges and custodians must be significantly improved to protect investors.

The German Federal Financial Supervisory Authority (BaFin) has established itself as a pioneer in regulating digital assets – and has already taken significant steps to boosting security standards among cryptocurrency exchanges and custodians. Germany was one of the first countries to allow financial institutions to custody cryptoassets. This was classified as a financial service back in January 2020. German law states that all entities seeking to custody cryptoassets, and those engaging in the trade of cryptocurrency, must apply for BaFin authorisation. The German Banking Act considers all crypto custodians and exchanges to be financial institutions, so they must adhere to stringent anti-money laundering rules.

In the UK, the Financial Conduct Authority (FCA) will soon require cryptoasset exchanges and custodians to submit an annual financial crime report. As part of the FCA’s Extension of Annual Financial Crime Reporting Obligation policy, the number of firms required to submit to financial crime reporting is expected to rise from 2,500 to around 7,000. The requirement will go into effect from 30 March 2022.

Though it’s heartening to see increased regulation in this area, custodians and exchanges need to go above and beyond the bare minimum of what is required by law. This is the only way to cultivate lasting consumer trust, which is currently at an all-time low.


Offering clarity on licensing and consumer protection for financial institutions

With the value of digital assets soaring, it’s no surprise that banks and financial institutions are keen get involved by creating exchange traded products linked to cryptocurrencies. Essentially, crypto exchange traded funds (ETFs) are securities that track the price of a cryptocurrency, like Bitcoin or Ether, but can be bought and sold on a regular stock exchange.

As interest in such products continues to grow, there are increasing calls for more to be done to clarify how banks and financial institutions are allowed to license the purchase of cryptoassets.

Both Germany and France have approved the sale of exchange traded products linked to cryptocurrencies. In fact, just last month, Europe’s first UCITs-compliant bitcoin ETF was listed on the Paris stock exchange. It’s the first product of its kind to be made available to retail and institutional investors across the EU.

It was a desire to protect retail investors from the high volatility of cryptocurrency markets that led the UK government to ban ETFs of crypto products back in 2020. Given that many countries, including Germany, France and most recently the US, have approved exchange traded products linked to cryptocurrencies, the UK’s cautious position makes it an outlier in this area. And considering that retail investors can legally trade ETFs of volatile commodities like gold and oil, many have branded the UK’s outright ban as heavy-handed and disproportionate.

Overall, it’s clear that there’s a palpable sense of urgency among regulators to create a fair and enduring legislative framework governing digital assets. In 2022, we can expect regulation to increase in both complexity and rigour. To ensure that this brings stability, protects investors, and doesn’t stifle innovation, key industry players should collaborate with regulators, rather than resisting external oversight.

To discover more about the regulation of digital assets, download OneSpan’s Global Financial Regulatory Report here.


UK Organisations turn to artificial intelligence to fight sophisticated cyberattacks




New research by cybersecurity expert Mimecast finds that email attacks are becoming more frequent and sophisticated

More and more companies in the UK are using artificial intelligence (AI) and machine learning (ML) to fend off increasingly sophisticated cyber-attacks, according to new research from cybersecurity specialist Mimecast. The research finds that 40% of UK organisations are already using AI or ML in their organisations’ cybersecurity programme, with 30% planning to do so within the next 12 months.

The use of advanced technologies such as AI and ML is in direct response to the growing sophistication of cyberattacks that UK businesses are experiencing. 53% believe that increasingly sophisticated attacks will be their biggest email security challenge in 2022, leading to 80% believing it is at least likely their organisation will suffer a negative business impact from an email-borne attack this year.


Growing threat landscape

The research shows that email remains the largest threat vector for UK businesses, with 71% of respondents reporting an increase in the volume of email threats their organisation has faced in the last 12 months. This includes phishing with malicious links or attachments (56%), impersonation fraud or Business Email Compromise (53%), and malicious insiders (43%). However, it isn’t just email attacks that are on the rise, as 90% of UK businesses experienced at least one spoofing attack that uses a lookalike web domain or a clone of their organisation’s website in the last 12 months. The average UK company has experienced 11 of these attacks.

On top of this, employees are also presenting organisations with a very real threat to their cybersecurity. The survey identifies that IT decision makers have relatively low confidence in their colleagues’ cyber awareness , believing that there is a risk of an employee making a serious security risk due to oversharing company information on social media (84%), poor password hygeine (80%), using personal email (80%), or using cloud storage and other shadow IT functionality (81%). When an employee does full victim to an attack, it frequently results in more widespread consequences. 85% of respondents say threats have spread from one infected user to other members of the organisation.


AI to the rescue

To overcome this growing threat landscape, more and more UK organisations are turning to advanced technologies to strengthen their cybersecurity position. The 40% of UK organisations that are already using AI as part of their cybersecurity strategy are already seeing a number of benefits, including increased accuracy in terms of threat detection (54%), reduced human error within cybersecurity team (51%), and reduced workload/working hours for cybersecurity team (45%).

Despite these very real benefits, there is the very real danger that many UK organisations will miss out due to a lack of budget dedicated to cybersecurity. The research highlights a clear discrepancy between the amount IT decision makers believe should be spent on cyber resilience and how much budget is actually allocated by business leaders. IT decision makers in the UK believe that 16% of their IT budget should be allocated to cyber, but at the moment they see less than 12% allocated. Missing out on new technology innovations such as AI is identified as the most likely consequence (49%) for organisations where the cybersecurity budget is not as high as respondents believe it should be.

Elaine Lee, AI expert at Mimecast, said: “There is no doubt that cyberattacks are becoming more frequent, as UK businesses adjust to the world of hybrid work. On top of this increase in frequency, we are also seeing a rise in the sophistication of attacks. This is creating a perfect storm and making it more difficult than ever for organisations to keep their businesses secure. With this in mind, it is no surprise to see so many organisations turn to advanced technologies such as AI to bolster their cybersecurity defences. AI solutions can help businesses to automate security processes, ensuring they are better able to fend off attacks, as well as providing their security experts with more time to focus on high-level analyses that require human interaction.”

Lee continued: “Organisations that have yet to invest in AI technologies as part of their cybersecurity strategy should do so. Cyberattacks are going to continue to be a major threat to UK businesses and these businesses need to respond accordingly with sufficient budget. A successful cyberattack has the potential to cause serious ramifications for a business, including both financial and reputational damage. Now is the time to take this threat seriously and get prepared.”


Continue Reading


Addressing the talent gap within cybersecurity




By Merlin Piscitelli, Chief Revenue Officer, EMEA at Datasite


Rising geopolitical tensions and increasingly sophisticated cyberwarfare tactics have meant that cybersecurity threats are now more prevalent than ever. In current times, the number of cybersecurity attacks are increasing in volume and intensity on a global scale and if a company is not properly equipped to deal with this reality, it could directly impact their survival.

Recently, some sections of businesses were compromised, taken offline, and employee accounts within key microchip and electronic powerhouses were exposed due to cyber-attacks. Most alarmingly, some of these attacks were perpetrated by the same hacking extortion group.

As digitalisation continues to increase throughout the world, and events like Russia’s invasion of Ukraine take place, it is now more important than ever to focus on combatting cyber-crime. The industry understands this, as record levels of investments have been pouring into the sector to advance our capabilities within the field.

The cybersecurity surge

Within the last 12 months, the cybersecurity sector has seen major growth with now almost 2,000 firms active within the UK providing cyber security products and services. In 2021 the UK cybersecurity industry contributed £5.3 billion to the economy, an increase of about a third from 2020, and cybersecurity firms have raised more than £1 billion external investments in 84 deals. It’s therefore fair to say that the acceleration towards digitalisation caused by the pandemic has meant businesses have had to increase their cybersecurity efforts, leading to increasing demands within the sector.

Merlin Piscitelli

As the industry finds new solutions to combat cyber-attacks, cybercriminals are continuing to explore new tactics to ensnare victims. This has resulted in higher demands for those skilled within the industry. Now, with over 2.5 million cybersecurity jobs available and the war for talent rapidly gaining momentum, it’s clear that pressure is increasing.

Cybersecurity and data protection is a strategic investment and a highly specialised endeavor. It can be more cost-effective (especially for small and medium size firms) to outsource this responsibility and partner with a vendor to design and implement solutions. Business leaders will need to ensure they are working with a reputable partner that can offer the best level of protection and technical expertise to fit organisational needs.

The talent gap

While demands are currently high, the supply isn’t there to match. In the UK, the cybersecurity talent pool has fallen short by around 10,000 people a year, and in the previous 12 months, the UK’s cyber skills shortage rose by more than a third. As a result, cybersecurity is now the most sought-after tech skill in the UK.

With more than half, 54%, of UK CEOs believing cybersecurity presents the best opportunity for TMT dealmaking over the next year, demand will rapidly outstrip supply of expertise unless there is a rapid change within the industry.

Championing the workforce

Businesses have had various strategies when looking into combatting this issue. When asked what the main drivers of recent and future cross-border technology acquisitions are, one-third of UK M&A professionals surveyed cited access to skilled/specialised talent.

Investing in your workforce is the tried and tested way of mitigating against cyber-attacks and managing risk. Having access to the necessary resources to protect your digital ecosystem and build momentum by upskilling individuals already working in the tech space, along with attracting new talent, will be crucial to tackling the current professional shortfall.

Furthermore, bringing diversity and inclusivity into the process will help truly overcome the war for talent, as businesses will need to acknowledge the correlation between the skills shortage and the lack of inclusivity needed to diversify the sector.

Ultimately, addressing the current skills gap within cybersecurity will require combined efforts from businesses, academia and governments. Championing students to take an active interest cybersecurity and go through the necessary training to develop the skills needed in the industry will go long way in evening out the playing field.

It is only by investing in developing cybersecurity talent that will we have enough people with the expertise required to protect organisations digital ecosystems as the threat landscape becomes more diverse.


Continue Reading



News2 days ago

How to reignite your store with streamlined operations and a distinctive customer experience

Colin Neil, MD, Adyen UK   Retailers know that prioritising customer experience is vital to success today. This, amongst the...

Business2 days ago

5 tips to ensure CSR efforts come across as genuine

By Mick Clark, Managing Director, WePack Ltd   Corporate social responsibility – or CSR – is playing an increasingly pivotal role...

Business2 days ago

How to Build Your Credit Up Safely

by Taylor McKnight, Author for Compare Credit   What Is Credit? Credit is money owed by a person that allows...

News2 days ago

PCI DSS Compliance in the Cloud – Everything you should know

Introduction PCI DSS 4.0 is the latest and updated version of PCI DSS that was introduced on March 31st, 2022....

Banking2 days ago

2022 ESG Investment Trends

Jay Mukhey, Senior Director, ESG at Finastra   Environmental, Social and Governance (ESG) themes have been front and center throughout...

Business3 days ago


Planning for the next financial year? Former Bank Manager and successful whisky investor, Roger Parfitt, tells us why cask ownership is...

Technology3 days ago

UK Organisations turn to artificial intelligence to fight sophisticated cyberattacks

New research by cybersecurity expert Mimecast finds that email attacks are becoming more frequent and sophisticated More and more companies...

Finance3 days ago

The power of diversity: The need for female role models in FinTech

By Isavella Frangou, VP of Sales and Marketing, payabl.   As our world is constantly evolving, it’s easy to believe...

Business3 days ago

Securing BNPL Platforms for Merchants

By: James Hunt, Payments SME at Feedzai   The buy now, pay later (BNPL) market has boomed because it offers...

Technology3 days ago

Addressing the talent gap within cybersecurity

By Merlin Piscitelli, Chief Revenue Officer, EMEA at Datasite   Rising geopolitical tensions and increasingly sophisticated cyberwarfare tactics have meant...

Uncategorized3 days ago

Biometric payment card FAQs with Michel Roig, Fingerprints’ President of Payments & Access

We sat down with Michel Roig to answer your frequently asked questions regarding biometric payment cards – their benefits, current...

Banking3 days ago

Opportunities for UK Challenger Banks to address AML Compliance

Author: Gabriel Hopkins, Chief Product Officer, Ripjar   UK challenger banks have revolutionised the banking sector with innovative products and...

Finance3 days ago


By Shaf Mansour, not for profit solutions specialist at The Access Group.    The topic of inflation and its impact...

Business3 days ago

How to manage transformational change successfully

Adrian Odds, Marketing and Innovation Director, CDS 2020 accelerated change in the business landscape significantly. Many were already considering –...

Finance3 days ago

Why the pandemic has put the pressure back on fintechs

Ben Walker, Partner & CTO, Airwalk Traditionally, the only genuine threats to the incumbent banking giants were macroeconomic instability and...

News3 days ago

Neobank Fi launches new feature ‘Connected Accounts’ allowing users to sync multiple bank accounts on a single app.

Neobanking app Fi launched its ‘Connected Accounts’ feature to become one of the first fintechs to build a product on...

Finance3 days ago

Accounts Payable fraud: Do you know who’s accessing your finances?

Mark Blakemore, CFO at Compleat Software   The use of social engineering and phishing attacks on accounts payable (AP) departments...

Banking4 days ago

The evolution of digital banking: What traditional banks must offer to remain competitive

Manoj Mistry, Managing Director, IBOS Association   Financial services continue to experience a massive upheaval as digital transformation is rolled...

Business5 days ago

The future of fintech and finance in the metaverse 

Berivan Demir, Product and Banking Relationship Director of Clear Junction   It will be hard for people to shake their...

Business6 days ago

ESG means business

Authored by John Bowers Actuarial Product Director, EMEA, at RNA Analytics   John Bowers takes a look at the increasingly...