Sumsub Compliance Digest—November 2023
Learn about all the latest compliance updates from the past month
Every month, Sumsub’s compliance team prepares a single digest with all the latest news and updates in the world of AML and beyond. We cover everything from gambling to fintech.
If you want to get the latest news every month in one place, subscribe to our newsletter.
Gambling
Kenya 🇰🇪
Kenya introduces the Gambling Control Bill
What happened?
In November 2023, Kenya passed the Gambling Control Bill. to establish regulations for various forms of gambling, such as betting, casinos, prize competitions, public lotteries, and media promotions. In addition, the regulation establishes a Gambling Regulatory Authority and imposes tax on betting and other forms of gambling.
Who’s affected?
Gambling service providers operating in Kenya
Deadline:
In force
Read more:
Malta 🇲🇹
Malta Gaming Authority issues voluntary ESG Code of Good Practice
What happened?
On November 8, 2023, the Malta Gaming Authority (MGA) introduced the Environmental, Social and Governance (ESG) Code of Good Practice (the ‘Code’) for the remote gaming sector. The Code aims to function as a tool for self-regulation, assisting remote gaming companies in aligning with industry best practices and maintaining a position that allows them to effectively meet the changing expectations of key stakeholders. The Code identifies 19 ESG topics derived from comprehensive assessments and categorizes them into three areas: environmental, social, and governance. This provides a strategic framework for remote gaming companies to focus their reporting efforts more effectively.
The MGA will recognize companies’ efforts in two tiers of reporting: Tier 1, which represents a basic ESG standard, and Tier 2, a more ambitious level that ensures sustainability efforts are focused and impactful.
Furthermore, the Code allows for a flexible approach to certain disclosures, with core disclosures already defined and reporting entities having the flexibility to choose optional disclosures. This facilitates streamlined reporting by incorporating several ESG disclosures that are already required under existing regulations.
Who’s affected?
Gambling service providers licensed by the Malta Gaming Authority
Deadline:
Not specified
Read more:
MGA publishes voluntary ESG Code of Good Practice
AML
FATF
FATF issues High-Risk Jurisdictions subject to a Call for Action
What happened?
On October 27, 2023, it was declared that high-risk jurisdictions are profoundly lacking in their ability to combat money laundering, terrorist financing, and the financing of proliferation. The document focuses on North Korea, Iran, and Myanmar.
Who’s affected?
Stakeholders of FATF member countries
Deadline:
Not specified
Read more:
High-Risk Jurisdictions subject to a Call for Action – October 2023
Canada 🇨🇦
Canada’s FINTRAC modernizes its reporting regime
What happened?
In late October, 2023, Canadian financial regulator, FINTRAC, implemented API report submission, enabling the secure transfer of:
- Reports on large cash transactions
- Reports on large virtual currency transactions
Moreover, FINTRAC published new and updated guidance on:
- Reporting large cash transactions to Fintrac
- Reporting large virtual currency transactions to Fintrac
- Reporting transactions to Fintrac within the 24-hour rule
Who’s affected?
AML-obliged entities subject to Canadian law
Deadline:
In force
Read more:
Modernization and upcoming changes impacting reporting entities
Crypto
World 🌎
International Joint Statement on the Crypto-Asset Reporting Framework
What happened?
The Crypto-Asset Reporting Framework (CARF) serves as the latest tax transparency standard of the Organisation for Economic Co-operation and Development (OECD). In March 2023, a final agreement was reached on CARF after two years of negotiations. In November 2023, 48 countries agreed to the joint statement, aiming to to facilitate the automatic exchange of information between tax authorities regarding crypto exchanges and combat offshore tax avoidance and evasion. This statement highlights the intention of the signatory jurisdictions to implement the framework by 2027
Who’s affected?
Signatory jurisdictions
Deadline:
2027
Read more:
International Joint Statement on the Crypto-Asset Reporting Framework
UK 🇬🇧
UK updates the Future Financial Services Regulatory Regime for crypto assets
What happened?
The UK government has officially announced its final proposals for the regulation of crypto assets. These proposals include the government’s plan to bring several crypto asset activities under the regulatory framework for the first time. The crypto asset reporting framework and amendments to the common reporting standard serve as the government’s response to the consultation and call for evidence on the future regulatory regime for crypto assets, which was open from February 1, 2023 to April 30, 2023. It provides a summary of the feedback received by HM Treasury and explains how this feedback has influenced the government’s approach moving forward. The UK remains committed to fostering an innovative regulatory environment while ensuring financial stability and maintaining clear regulatory standards, allowing people to utilize new technologies reliably and safely.
Who’s affected?
Crypto stakeholders operating in the UK
Deadline:
Not specified
Read more:
- Crypto-asset reporting framework and amendments to the common reporting standard
- Future financial services regulatory regime for crypto assets
Singapore 🇸🇬
Singapore’s MAS strengthens regulatory measures for digital payment token services
What happened?
The final tranche of responses to feedback received on the proposed regulations for digital payment token service providers in Singapore was published on November 23 by the Monetary Authority of Singapore (MAS). The consulted proposals outline measures for business conduct and consumer access to mitigate potential consumer harm. Additionally, it sets out minimum technology and cyber risk management requirements for digital payment token service providers. MAS will issue guidance to help providers implement these measures, which received broad support from a wide range of respondents. These measures include identifying, mitigating, and clearly disclosing potential and actual conflicts of interest, publishing policies, procedures, and criteria for listing a digital payment token, and establishing effective policies and procedures to handle customer complaints and resolve disputes. Regarding consumer access measures, digital payment token service providers should discourage cryptocurrency speculation by retail customers.
Who’s affected?
Crypto providers operating in Singapore
Deadline:
Mid-2024
Read more:
MAS Strengthens Regulatory Measures for Digital Payment Token Services
Updates to Verification Regulations
Taiwan 🇹🇼
Taiwan issues New Digital Identity Verification Guidelines
What happened?
The guidelines apply to the financial services industry’s digital identity verification of natural persons. In particular, the guidelines explain the three-stage operation procedures of “identity login”, “token management” and “identity verification” in digital identity verification.
Who’s affected?
Financial institutions operating in Taiwan
Deadline:
In force
Read more:
Taiwan issues New Digital Identity Verification Guidelines
Cyber security
European Union 🇪🇺
EU Member states establish common position on a targeted amendment to the Cybersecurity Act
What happened?
On November 15, EU member states reached a common position on the proposed targeted amendment of the EU’s Cybersecurity Act (CSA) of 2019. In particular, the proposal contains a number of technical amendments to ensure that relevant provisions of the Cybersecurity Act also apply to managed security services.
Who’s affected?
Managed security services operating in the EU
Deadline:
Not specified
Read more:
Cybersecurity: Member states agree common position on a targeted amendment to the cybersecurity act
