Digital Law Regulatory highlights in the financial services sector – December 2023

The Digital Law Regulatory Update is structured into two sections – one for the Swiss, and international and European updates – and the other section provides a deep dive into three topics that are currently shaping the digital law space: the Markets in Crypto-Assets Regulation (MiCAR), the Transfer of Funds Regulation (TFR) and the Digital Operational Resilience Act (DORA). Each of these topics have been chosen in such a way that an interested reader will acquire a comprehensive outlook on the set of laws and regulations that, in principle, would apply to financial services.

2023 is influenced by important developments in the financial sector. National as well as international regulations continue to evolve, and new changes reshape the financial services business:

• TFR has entered into force on 29 June 2023, extending the scope of the Financial Action Task Force’s Recommendation 16, also known as the “travel rule”, to include Crypto Asset Service Providers (CASPs). Although the TFR only starts applying on 30 December 2024, the legislator has mandated the European Banking Authority to provide several guidelines, amongst others, to support CASPs and other obliged entities that perform crypto-asset services to comply with obligations on customer due diligence and money laundering and terrorism financing’s risk assessment and mitigation.
• MiCAR is a pioneering regulatory framework introduced by the European Union to govern the burgeoning crypto-assets market. This legislation, hailed as one of the most advanced of its kind globally, establishes uniform rules across the EU for the issuance and provision of services in the crypto sector. MiCAR's impact is significant as it provides a harmonized regulatory environment, ensuring consumer protection, market integrity, and financial stability in the rapidly evolving world of digital finance. This comprehensive framework addresses previously unregulated crypto-assets, marking a crucial step in integrating digital finance into the mainstream financial system while maintaining robust oversight.
• DORA has set up new operational resilience standards that must also follow rules for the protection, detection, containment, recovery and repair capabilities against ICT-related incidents. It refers explicitly to ICT risk and sets rules on ICT risk-management, incident reporting, operational resilience testing and ICT third-party risk monitoring. The Regulation will start applying from the 16 January 2025 to give time for the relevant consultations to take place.

The Swiss regulatory changes are focusing on the development of a robust cybersecurity framework to allow a confident progress in the digitalization of the Swiss financial market.

From the European and international perspective, digitalization and data privacy remain on the top priorities list.

The publication provides an overview of the relevant Swiss regulations that have recently – May to November 2023 – come into force and offers the reader an outlook on the most important European and international developments.

Thanks to our deep understanding of these topics, EY can help financial services organizations to keep pace and maintain excellence in an increasingly digital, complex and interconnected world.