1 / 20

2019 IAKL Seoul Conference

2019 IAKL Seoul Conference. PROFESSIONAL RESPONSIBILITY IN THE EMERGING FINTECH WORLD. 2019.0 9. 21. Jinwon Park SHIN & KIM. Table of Contents. Overview Main Usages and Business Areas of Fintech New Risks – Prudential and Legal Conventional Legal Risks Code of Ethics

stroupe
Download Presentation

2019 IAKL Seoul Conference

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. 2019 IAKL Seoul Conference PROFESSIONAL RESPONSIBILITY IN THE EMERGING FINTECH WORLD 2019.0 9. 21. Jinwon Park SHIN & KIM

  2. Table of Contents Overview Main Usages and Business Areas of Fintech New Risks – Prudential and Legal Conventional Legal Risks Code of Ethics How should Lawyers Prepare for the New Era

  3. I. Overview • Rapid evolution of FinTech with its multiple applications and interactions within the financial services sector, ranging from front-end to back-end operations, may fundamentally change the risk profiles of financialinstitutions and the market • Creating new risks and amplifying some existing risks, prompting institutions to review their risk management frameworks • Emerging but fractured state of regulation regimes in each jurisdictions • All of above points to a new dimension to the Professional Responsibility and Ethical Codes of lawyers

  4. II. Key Fintech Uses and Business Areas 1. Business areas: • Payment: • Remittance: • Credit rating: • Crowd funding: funding a project or venture by raising small amounts of money from a large number ofpeople, typically via the Internet • Internet Banking: banks doing business through electronic medium such as internet with few or no stores

  5. II. Key Fintech Uses and Business Areas 2. Fintech Uses of Applications • Biometric authentication using fingerprint and other traits of recognition • Robo-advisors for investment advice • Big data and machine learning for credit scoring • Distributed Ledger Technology (DLT) and smart contracts for trade finance • DLT for Consumer Due Diligence (CDD) processes • Mobile wallet with the use of Near Field Communication (NFC) • Outsourcing core banking/payment system to the public cloud

  6. II. Key Fintech Uses and Business Areas 3. Trends in Fintech Uses of Applications (Source, EBA REPORT ON PRUDENTIAL RISKS AND OPPORTUNITIES ARISING FOR INSTITUTIONS FROM FINTECH, 2018)

  7. III. New types of Risks • Operational, Prudential and Legal risks are Inseparable 1. Biometric authentication using fingerprint recognition • Collection without the consent of the customer from everyday objects they touch • Customer registering other person’s fingerprint • fingerprint reader devices copy and store fingerprint data that may be compromised and stolen by hackers 2. Use of robo-advisors for investment advice • Use automated structured questionnaires: assess individual customer risk appetite and knowledge level - allocate a risk profile based on the assessment, make investment proposals in accordance with the risk profile • Robo-advisor aims large scale investors: the quality of advise given and compliance with regulations can give rise to issue of conduct risk – algorithms recommending unsuitable products or causing market manipulation intended or not.

  8. III. The new types of Risks 3. Big data and machinelearning for credit rating • Risk of retaining false or reverse causal relations that would otherwise be easily detected and removed by human intelligence • Instability of the credit model that may result from machine learning, due to continuous learning, could make it difficult to assess, validate and supervise the models or the algorithms used to calibrate them. • May lead to financial exclusion and access to financial services 4 DLT and smart contracts for trade finance • ‘Smart contracts enabled by DLT’ refers to pieces of computer code stored in a DLT, which are executed automatically on multiple distributed nodes upon fulfilment of pre-defined conditions, to enforce the terms of an agreement between parties. Therefore, agreements are automatically enforceable. • Despite the use of DLT, the risk of forged papers could arise again if not all the participants accept the use of digital documents.

  9. III. New types of Risks 5. Use of DLT to streamline CDD processes • The potential legal and regulatory uncertainties relating to digital identity could have an impact on the corresponding prudential risks, as in some jurisdictions a digital identity may have a different legal status than in others (as happens with digital signatures). • The legal status of smart contracts is also uncertain and unclear. In general, because of the distributed nature of this technology, it could be difficult to assign liability when a risk materializes

  10. III. New types of Risks 6. Mobile wallet with the use of NFC • Digital wallets for mobile payments are becoming a promising FinTech service provided mostly by non-bank institutions.   • Legal concerns could arise from a fragmented payment market and a complex operating environment in which the institution manages several providers of different parts of the payment service. • A fragmented payment market together with the proliferation of innovative products and services could bring about changes in operational processes and new challenges for the governance and control of the overall operational risk. • Reliance on outside outsources for mobile wallet service may end up with complex legal and regulatory issues in allocating liabilities

  11. III. New types of Risks 7. Outsourcing core banking/payment system to the public cloud • Wide use of cloud computing for non-core activities, such as customer relationship management: smaller institutions explore the possibility of transferring entire core services to the cloud. • Use of core banking services in the public cloud: the user is not relieved from its responsibilities with respect to confidentiality, integrity and availability of data. • Legal and compliance risk regarding the contract with a Cloud Service Provider: the contract must comply with the relevant regulatory requirements (e.g. EBA Recommendations on outsourcing to cloud service providers) to address the right to audit by both the institution and the supervisory authority.

  12. IV. Conventional Legal Risks 1. Risk of non-compliance - U.S. • Challenge is to know which regulations, laws or rulings to comply with. • There may not yet be a one-for-one mapping of regulatory scheme to each identified risk. • U.S.: • No fintech-specific regulatory framework by any single state or federal regulator - subject to numerous State and Federal licensing and registration requirements. • Consumer Financial Protection Bureau: consumer lending and anti-discrimination, etc. • Licensed finance companies: subject to regulations of each licensing agencies • OCC will have jurisdiction over Fintech companies that obtain special purpose national bank charter (2018) – no application yet

  13. IV. Conventional Legal Risks 1. Risk of non-compliance - EU • EU: Ongoing regulatory initiatives to encourage innovation in fintech: Consultation launched by the European Commission in March 2017 on technology and its impact on the European financial services sector as part of its consumer financial services action plan. - A mixture of EU and national regimes of regulation • Example of robo-advice: principal legislation for advice on securities products is the Markets in Financial Instruments Directive (MiFID) and for insurance-based products is the Insurance Distribution Directive (IDD). Plus, robo-advisory services for securities products will require a license in a member state pursuant to the local implementation of MiFID. • Money laundering and terror financing: Directive (EU) 2015/849 of European Parliament and the Council 2015 • Data Protection Laws. • Single Euro Payments Area (SEPA) Regulation.

  14. IV. Conventional Legal Risks 1. Risk of Non-Compliance - Korea • Korea: • Electronic Financial Transaction Act (EFTA) is the main source of regulation for the Fintech operators: regulates by activities • EFTAapplies to financial companies and electronic financial business entities, but not - non-financial institutions that are not subject to permission/registration requirements: creates uncertainty on responsibility • Banks, securities firms, card companies, etc. as regulated by Banking Act, defined in the Banking Act, Financial Investment Services and Capital Markets Act, and the Specialized Credit Finance Business Act -regulated by the type of business license the subject organization holds

  15. IV. Conventional Legal Risks 1. Risk of non-compliance – Korea 2 • Korea (cont’d) • Provisions on payment and settlement operation and management are scattered in various laws, including the EFTA, the Specialized Credit Finance Business Act, etc.  • Responsibility for user protection for fraud: absence of statutory notice period, burden of proof or scope of liability results in unclear legal outcome • Also unclear where responsibility lies for financial errors or accidents among participating institutions

  16. IV. Conventional Legal Risks 2. Risk of infringement of a client's right to privacy • Data Analysis vs Customer Privacy • U.S. : “We recommend to the National Conference of State Legislators that states pursue standardized regulatory frameworks implementing best practices in privacy and security.” (Tank, DLA Piper-Margo H. K., David Whitaker, Rew Grant, Edward Johnsen, Jeffrey L. Hare, Kate Lucente, Victoria Lee, and David D. Luce. “Fintech Regulation in the USA | Lexology.” Accessed April 4, 2019) • Accessing and using customer data may be in violation of the customers’ right to privacy, an important right for both customers and regulators.

  17. IV. Conventional Legal Risks 2. Risk of infringement of a client's right to privacy • DATA PRIVACY in the EU • EU’s unified data protection law: General Data Protection Regulation came into force in May 2018. • Extraterritorial application • Definition of ‘personal data’ • Penalties • Consent: the rule requires companies wishing to analyze client data to first obtain client consent if the reason for data analysis differs from the one cited in order to collect data initially.

  18. V. Code of Ethics 1. Stick to Basic Values 2. Know the laws - Legal Compliance 3. Fair Competition 4. Know the Trend - Best Practice 5. Conflicts of Interest  6. Cooperation and Communication  7. Equal Working Conditions  8. Violations: Report and Consequences

  19. VI. How lawyers should prepare?

  20. Jinwon Park, Senior Advisor / 박 진 원 상임고문 T. 02 316 4403 E. jwpark@shinkim.com www.shinkim.com 23F, D-Tower (D2), 17 Jongno 3-gil, Jongno-gu, Seoul 03155, Korea THE INFORMATION PROVIDED IN THESE PRESENTATION MATERIALS AND THE ACCOMPANYING PRESENTATION IS GENERAL IN NATURE AND PROVIDED FOR DISCUSSION PURPOSES ONLY. THE PRESENTATION AND MATERIALS DO NOT CONSTITUTE LEGAL ADVICE. ANY OPINIONS EXPRESSED BY THE SPEAKERS ARE THE PERSONAL VIEWS OF THE SPEAKERS AND DO NOT REPRESENT A FORMAL OPINION OF SHIN & KIM

More Related