Consultation Paper on Proposed Amendments to the AIFC Fees Framework

Consultation paper on Proposed Regulatory Guidance on Assessment, Competency and Trainings for Controlled and Designated Functions

Consultation paper on Policy on the Enhancement of the AIFC Digital Asset Trading Facility Framework

Please, press "PDF" button above to download a Consultation Paper.

INTRODUCTION

1. Astana International Financial Centre (AIFC) has issued this Consultation Paper to seek suggestions from the market on the proposed approach on regulation of Umbrella Sandbox regulatory regime.

2. The proposals in this Consultation Paper will be of interest to current and potential AIFC participants who are interested in exercising business activities in or from the AIFC.

3. All comments should be in writing and sent to the address or email specified below.

4. If sending your comments by email, please use “Consultation Paper AFSA–CE–2021–0001” in the subject line. You may, if relevant, identify the organisation you represent when providing your comments.

5. The AFSA reserves the right to publish, including on its website, any comments you provide, unless you expressly request otherwise. Comments supported by reasoning and evidence will be given more weight by the AFSA.

6. The deadline for providing comments on the proposals is 26 February 2020.

7. Once we receive your comments, we shall consider if any refinements are required to this proposal.

8. Comments to be addressed by

Consultation Paper No. AFSA–CE–2021–0001

AIFC FinTech Hub

55/18, Mangylyk El avenue, block C-3.3, Astana, Kazakhstan

or emailed to: r.abdirassilov@aifc.kz

BACKGROUND

1. AFSA is proposing the introduction of new FinTech Lab regulatory regime “Umbrella Sandbox”, which shall complement existing FinTech Lab regulatory regimes of Testing and Developing FinTech Lab Activities.

2. The concept of the Umbrella Sandbox regime envisages authorisation of a Principal (e.g. university, research organisation, venture capital fund or other financial institution) that would further allow PRep (e.g. university students, professors, investee or start-ups firms) to offer FinTech services under the Licence of Principal.

3. Umbrella sandbox is for small-scale testings of feasibility of early-stage business models and ideas to verify that some FinTech product/service has practical potential. Given that Umbrella sandbox regulatory regimes primarily is designed for small group of innovators with minimum viable products, compared to the existing FinTech Lab regime, Umbrella sandbox regime aims to attract different market of innovators, which are at their early stage of development of their FinTech products/services.

4. The analogous practice of Umbrella Sandbox has been also implemented in other leading jurisdictions such as United Kingdom and Singapore, whereby a firm or person may run regulated financial activities and act as an agent for a financial firm directly authorised by the UK Financial Conduct Authority .

5. Implementation of Umbrella sandbox regime jointly with another AFSA initiatives such as development of Intellectual Property regime, digital (mobile) banking, payments and e-money, venture capital frameworks is another step towards the development and enhancement of comprehensive AIFC FinTech ecosystem.

PROPOSAL

6. Conceptually the Umbrella Sandbox is a regulatory lab designed for universities, venture capital funds, financial institutions and research organisations (“Principals”) to allow its students, professors, researchers and start-ups (“Principal Representatives”) to experiment and test FinTech products/services under the licence of its Principal, whereby the authorisation and supervision will be performed by the Principal who is in turn authorised and supervised by the AFSA.

7. The Principal, “incubator”, allows its regulatory permissions to be used by the Principal Representative (hereinafter – PRep), so that the PRep can perform financial services under those regulatory permissions of the Principal whilst retaining its own identity, ownership and control. In other words, the compliance function of the PRep is outsourced to the Principal with appropriate compliance knowledge, financial and human resources, systems and controls.

8. The deployment of Umbrella Sandbox would allow:

a) Innovators or PRep: to grow and focus primarily on the testing and development of financial services under the regulatory wing of its Principal, establish close collaboration with universities, financial institutions and venture capital funds to get access to talents, capital, compliance systems and controls, knowledge and expertise of a Principal;

b) Principals: gain first-hand insights from innovators and establish collaboration with financial innovative businesses.

c) Consumers: reduce risk of consumer exposure to harm due to the outsourcing of compliance function to the Principal with appropriate financial, human and compliance resources, enable more innovative products to reach the market that may otherwise never have been tested; and

d) AFSA and AIFC: clearly signal to the market that innovation is firmly on the regulatory agenda that would help to further promote the development of FinTech within the vibrant and innovation prone AIFC FinTech ecosystem.

REGULATORY APPROACH

1.AFSA seeks to establish sound and flexible AIFC regulatory regimes of a high standard that promotes sustainable and safe environment and help firms to innovate. However, new entrants with untested business models expose consumers to new risk exposures. Therefore, AFSA sees that promotion of collaboration and outsourcing of compliance function of start-ups (PRep) to established institutions (Principals) would reduce the regulatory risks for consumers.

2.The regulatory approach in designing the proposed Umbrella Sandbox regime is primarily based on the UK legislation and current FinTech Lab practices.

Responsibility of Principal

3.The Principal must apply to FinTech Lab to obtain a Licence to offer regulated activities under the existing FinTech Lab licensing process.

4.Before a Principal appoints a Person as a PRep, the Principal must seek an approval from the AFSA on appointment of a PRep and must have:

a)appropriate FinTech Lab Licence for the regulated financial activity that the PRep is willing to conduct under the Principal’s FinTech Lab Licence; and

b)adequate controls over the PRep regulated activities for which the firm has responsibility;

c)appropriate resources to monitor and enforce compliance of the PRep with the relevant regulatory requirements;

d)complaints handling procedures, including provision of contact details of PRep, Principal and AFSA to Clients; 

e)appropriate systems and controls to enable the PRep to comply properly with any limitations or requirements of its own permission; and

f)no close links with PRep and its employees which would be likely to prevent the effective supervision of the PRep by the Principal.

The eligibility criteria to become a PRep

5.A Person to become a PRep must:

a)be fit and proper;

b)be solvent;

c)be capable of being effectively supervised by Principal and AFSA; and

d)enter into contract agreement with Principal which permits the PRep to carry on financial services under the FinTech Lab Licence of Principal.

6.The proposed FinTech Lab Activities of PRep must:

a) fall within the scope of the permission under the Principal’s Licence;

b)be in a sufficiently advanced stage of development to mount a live test with real customers; and

c)promote innovation.

7.A Principal must ensure that the PRep satisfies eligibility criteria on becoming PRep. The result of such assessment shall be presented to the AFSA. After the AFSA has been convinced that the requirements are sufficiently met, AFSA may permit a person to offer FinTech Lab Activities under the Licence of Principal in the capacity of PRep, impose additional and/or adjust/modify the individual limitations and conditions applicable to Principal and/or its PReps.

8.In reviewing the eligibility of the PRep, the AFSA, among others, shall consider the nature (including the scale and complexity) of the regulated activities of the Principal and its PReps and any associated risks that those activities pose to the AFSA’s Regulatory Objectives.

Continuing obligations of Principals with PReps

9.Principal must monitor and check the activities of its PRep on a regular basis to ensure the PRep complies with obligations imposed by AIFC or AFSA regulatory requirements. Normally the Principal is expected to submit monthly reports to AFSA on the results of such checks. 

10.The PRep may offer permitted activities under the Principal’s Licence for a period of up to two years, but which should not exceed the validity of the Principal’s Licence. Subject to AFSA approval this period may be extended or shortened, subject to extension or shortening of validity of the Principal’s Licence.

11.A Principal must not permit a PRep to hold client money unless otherwise permitted by AFSA.

Final provisions

12.To ensure greater level of responsibility of Principal for compliance of PReps, anything that a PRep has done or omitted to be done as respects the business for which the Principal has accepted responsibility will be treated as having been done or omitted to be done by the Principal.

13.The senior management of a Principal should be aware that the activities of PReps are an integral part of the business that they manage. The responsibility for the control and monitoring of the activities of PReps rests with the senior management of the Principal.

14.Principals with sufficient resources that can ensure regulatory compliance of its PReps with AIFC/AFSA requirements may appoint several PReps so that PReps could offer several types of regulated services in the AIFC under the Principal’s FinTech Lab Licence/-s.  

15.Principals should be aware that, under the existing AFSA regulatory regime, the Principal is responsible for submitting applications to the AFSA for the approval of a person who performs controlled functions of the Principal and/or PRep. 

16.If a contract with a PRep is terminated or substantially amended, a Principal must take all reasonable steps to ensure that:

a)if the contract between the PRep and Principal is terminated, contract parties and AFSA shall be notified immediately that the contract is terminated, and PRep is no longer permitted to offer regulated activities;

b)outstanding regulated activities and obligations to Clients are properly completed and fulfilled either by Principal and/or PRep;

c)where appropriate, Clients are informed of any relevant changes;

17.The implementation of Umbrella Sandbox regime implies potential amendments to AIFC General Rules and mostly would entail amendments to the AIFC Financial Technology Rules.

1 Introduction and scope of policy paper

1.1 The Astana Financial Services Authority (the AFSA), as the independent regulator of the Astana International Financial Centre (AIFC) is seeking to develop a regulatory framework for payment services and electronic money in the AIFC (the Framework or the PSEM Framework).

1.2 This policy paper outlines our proposal for the Framework, including its aims, operation, and interaction with the current regulatory environment in the AIFC. The AFSA has made key policy decisions following its consideration of the preliminary proposals contained in this policy paper, and these decisions are outlined in the summary of policy issues provided by the AFSA on 30 October 2020 contained in Schedule 1 and Schedule 2.

1.3 At a high level, the AFSA has specified that the Framework should be developed with the aims of:

1. (a)establishing an integrated and efficient payments market within the AIFC;
2. (b)facilitating the development and emergence of new, innovative, and secure e-money and payment services;
3. (c)providing companies and individuals with access to the e-money and payment services market, whilst also ensuring customers' protection; and
4. (d)encouraging effective competition within the market of the AIFC.[1]
5. 
   

1.4 Our proposal for the Framework has been developed in accordance with the governing law of the AIFC, and is based on English law. We have also considered international best practice in regulating payment services and e-money, including the approaches taken in Singapore and Australia.

1.5 Our proposal for the Framework is also compatible with the AFSA's regulatory objectives, as set out in section 7 of the AIFC Financial Services Framework Regulations (FSFR).

1.6 In summary, we propose to introduce the provision of payment services and the issuance of e-money as new Regulated Activities (which will be set out in Schedule 1 of the AIFC General Rules (GEN)). The Framework will be implemented through new AIFC Rules known as the "Payment Services and Electronic Money Rules" or "PSEM".

1.7 The Framework will:

1. (a)complement Chapter 1 of Part 3 of the FSFR (Licensing of Authorised Firms) to provide for the licensing and registration of institutions who wish to carry on the new Regulated Activities;
2. (b)provide for specific conduct of business rules that will apply to those institutions, regulating the rights and obligations of all parties involved in the relevant market; and
3. (c)complement the provisions in Part 8 of the FSFR (Supervision of Authorised Persons) and Chapter 6 of GEN (Supervision), to outline rules in relation to the supervision of both Relevant Authorised Firms and certain other specified entities providing payment services or issuing e-money.

1.8 It follows that the AFSA will be responsible for the regulation of institutions providing payment services or issuing e-money that are licensed under FSFR and GEN or registered under the Framework, and enforcement of the conduct of business rules.

1.9 We propose that the Framework sets out any specific conditions for licensing or registration, as well as the rights and obligations of parties to which the Framework applies. It will not seek to prescribe the specific approach that the AFSA will take in relation to supervision and enforcement under the Framework.

[1] Page 4, AFSA, Terms of Reference for Development of E-Money and Payment Services Framework in the Astana International Financial Centre

2 Financial regulation in the AIFC

2.1 The current regulation of financial services in the AIFC is provided for in a number of regulations and rules. The General Rules (GEN) and the FSFR are the most relevant to the Framework, however the Conduct of Business Rules (COB), Authorised Market Institution Rules, the Banking Prudential Guideline, the Banking Business Rules, the Anti-Money Laundering (AML) and Counter-terrorist financing (CTF) Rules, the Law of the Republic of Kazakhstan “On Counteracting Legalisation (Laundering) of Illegally Gained Income and Financing of Terrorism” No. 191-IV dated 28 August 2009, and the Constitutional Law of the Republic of Kazakhstan “On the Astana International Financial Centre” No. 438-V dated 7 December 2015 (the Constitutional Statute) are also relevant. We anticipate that a number of amendments will be required to the existing AIFC regulations and rules as a consequence of adopting the Framework (see section 5.1)

2.2 The existing financial services regulatory framework in the AIFC is similar to the UK's. Both jurisdictions share the legal concept of regulated activities, and a general prohibition on carrying out regulated activities without authorisation (in the UK) or a licence (in AIFC). However, we note the AIFC's concept of Market Activities[1] as distinct from the UK regulatory regime.

2.3 The AFSA regulates financial and non-financial services activities, and is the AIFC equivalent of a National Competent Authority for the purposes of EU law, as the Financial Conduct Authority is in the UK (FCA). The AFSA issues licences for AIFC Participants (Participants)[2] wishing to carry on Regulated Activities[3], Market Activities, or Ancillary Services[4], and is responsible for enforcing the AIFC rules and regulations.

2.4 However, the AIFC does not currently have a regulatory framework for payment services or e-money. Both of these are important in creating and supporting a transparent, fair, and modern digital ecosystem in the financial services industry.

2.5 The proposals in this policy paper are intended to be incorporated into the AIFC's existing financial services regulatory framework, and are consistent with the key concepts of having regulated activities, conduct of business rules, and licensing or registration by a supervisory body.

2.6 Regulation of Islamic Finance in the AIFC is provided for primarily in the Islamic Finance Rules and the Islamic Banking Business Prudential Rules. The AIFC provides a framework for Islamic Banking Businesses and specifies Regulated Activities relating to Islamic Finance. The proposals in this policy paper do not reference Islamic Finance directly, mirroring the UK's generally "religion-neutral" regulatory approach. At a high level, we do not consider that the proposals in this policy paper conflict with the general principles of Islamic Law.

[1] As defined in Section 18, FSFR

[2] As defined in Article 1(5) of the Constitutional Statute

[3] As defined in Section 17, FSFR

[4] As defined in Section 19, FSFR

3 Payment services

3.1 Scope and key concepts

3.1.1 Broadly speaking, there are two types of payment schemes: those made through four party schemes, and those made through three party schemes.

(a)Four party schemes involve two parties providing payment services. For example, one bank providing services to a payer, with another bank providing services to the payee. These banks may be linked by a payment scheme or a specific relationship.

(b)Three party schemes (or closed schemes) involve one party providing payment services to both the payer and the payee. The transaction travels across the books of this one provider, such as is the case for PayPal or AmEx.

3.1.2 At a high level, these are the processes that will be regulated under the Framework (although the distinction between three and four party schemes will not directly affect parties' obligations under the Framework).

3.1.3 Payment systems enable the transfer of funds, as set out at 3.1.1. We propose to regulate payment services, meaning the services offered to individuals, businesses, and other organisations. This reflects the technology neutral approach to regulation set out at Error! Reference source not found., and allows payment systems to evolve without needing to amend the regulatory framework.

3.1.4 We propose that payment services be separately regulated to Market Activities and instead included as a new Regulated Activity. This is slightly different to the UK's regulatory approach, which provides a separate regime for the regulation of payment services. Certain Authorised Persons[1] will also be permitted to provide payment services under the Framework without holding a specific payment services licence or registration. This reflects the fact that certain Authorised Persons are already supervised by the AFSA to a sufficiently high standard to allow them to participate in the payment services market.

3.1.5 The Framework will regulate Participants (being legal entities registered under the Acting Law of the AIFC and recognised by the AIFC) that provide payment services and will designate which Participants are permitted to provide payment services. Participants providing payment services as a regular occupation or business activity in the AIFC[2] will be regulated as "payment service providers" in the Framework.

3.1.6 Authorised Market Institutions[3] and Participants who hold a licence to carry out the regulated activities of Islamic Banking Business, Accepting Deposits, Providing Credit, and Providing Money Services (Relevant Authorised Firms) will be permitted to carry on payment services under the Framework. Many of these Participants will already provide payment services to some degree. It should be noted that the AIFC Framework for Mobile and Digital Banking Services (MDB Framework) policy paper[4] proposes to develop a standalone regulatory framework for digital-only banks and a phased approach to full authorisation for these banks (including a limited licence where a digital bank only provides limited Regulated Activities). Assuming the MDB Framework policy paper will be finalised before the Framework is finalised, it must be ensured that the Framework's provisions as to Relevant Authorised Firms (which could include digital-only banks) are consistent with the MDB Framework.

3.1.7 In addition, the Framework will introduce the categories of licensed Payment Institutions (PIs), registered small Payment Institutions (SPIs), licensed Electronic Money Institutions (EMIs), and registered small Electronic Money Institutions (SEMIs), (EMIs and SEMIs are discussed in full at 4) who will also be permitted to provide payment services.

3.1.8 We propose that PIs fall within the existing licensing regime under GEN, but that the Framework include a new registration regime for SPIs to ensure that they are regulated. This allows non-bank Participants to participate in the payments market, but with less onerous obligations than would be imposed on a Participant who wished to accept deposits, for example. This reflects the principle set out at Error! Reference source not found., and has the dual function of opening up the payments market to new entrants, whilst also ensuring the integrity of existing Participants. This proposed regime is set out in full at 3.2.

3.1.9 As a result, entities providing payment services must only do so in accordance with the general prohibition in the FSFR (the General Prohibition). The Framework will introduce an exemption to the General Prohibition for certain Participants providing payment services such as Relevant Authorised Firms and registered payment service providers.

3.1.10 This regime is supplemented by conduct of business rules, which are set out in full at 3.4, and which regulate:

(a)the information to be provided to payment service users before and after executing a payment transaction; and

(b)the rights and obligations of both payment service providers and payment service users in respect of a payment transaction.

3.1.11 Payment services under the Framework will encompass activities such as:

1. (a)services which enable money to be paid into and out of bank accounts;
2. (b)execution of transactions, such as payments made via payment instruments or devices, direct debits, credit transfers, and debit payments;
3. (c)execution of transactions as above, but where funds are covered by a line of credit, such as an overdraft facility;
4. (d)issuing of payment instruments and/or acquiring of payment transactions;
5. (e)money remittance;
6. (f)account information services (AIS); and
7. (g)payment initiation services (PIS).

3.1.12 A light touch registration regime will apply to payment service providers which solely provide the payment service of AIS, and these entities will be known as registered AIS providers (RAISPs). This mirrors the UK approach, which allows for entities to solely provide AIS without having to go through the onerous full licensing process that forms part of the Regulated Activity regime. Any payment service providers seeking to provide only PIS, or AIS in addition to other payment services, would still need to become fully licensed within the existing AIFC Regulated Activity regime unless they meet the requirements to register as an SPI or SEMI.

3.1.13 Transactions which are executed wholly in cash (this does not include ATMs) or based on paper documents such as cheques will not be within the scope of the Framework, and nor will transactions relating to securities settlement systems, clearing houses, etc., or transactions relating to securities asset servicing, such as dividends, share sales, unit redemptions, etc.

3.1.14 The Framework will also introduce the concepts of, and provide for:

1. (a)payment accounts, meaning accounts held in payment service users' names used for executing payment transactions;
2. (b)payment orders, meaning instructions by a payer or payee to its payment service provider requesting the execution of a payment transaction;
3. (c)payment instruments, meaning personalised devices or sets of procedures (or both), agreed between the payment service user and payment service provider, and used to initiate payment orders (such as debit cards, credit cards, credit transfers and direct debits); and
4. (d)payment service users, meaning persons making use of a payment service as a payer, payee, or both.

3.1.15 We acknowledge the potential overlap between the above concepts and the existing definitions set out in GEN and the AIFC Glossary (GLO), and confirm that this overlap will be addressed in the drafting of the Framework.

3.1.16 There are certain requirements in the payment services aspects of the Framework that will apply to Participants that are not payment service providers, specifically:

1. (a)Participants that rely on exclusions relating to limited networks, electronic communications, or ATM operations must notify the AFSA that they are doing so;
2. (b)Participants providing currency conversion services will need to provide certain information to the AFSA; and
3. (c)Participants that impose charges or reductions when using a given payment instrument will need to provide certain information to the AFSA. 

3.2 Licensing and registration regime

3.2.1 The Framework will require Participants that provide payment services to be one of the following:

1. (a)a Relevant Authorised Firm (see 3.1.6);
2. (b)a PI[5];
3. (c)an SPI;[6]
4. (d)a RAISP;
5. (e)an EMI; or
6. (f)a SEMI.

3.2.2 The SPI categorisation assists smaller Participants, who have an actual or projected average turnover in payment transactions below a prescribed threshold, to enter the payments market. In the UK, the average of the preceding 12 months' total amount of payment transactions executed by the Participant must not exceed €3 million (or an equivalent amount) per month. The AFSA has confirmed that the equivalent threshold in the AIFC will be $3,500,000 USD.

3.2.3 To apply to become a PI or an SPI, a Participant will be required to submit an application to the AFSA and pay a fee. In the UK, these fees range from £250 for re-registration, to £5,000 for a new licence as a PI. The AFSA has confirmed that the equivalent fees in the AIFC will be $1,000 USD for SPIs and $3,500 USD for PIs. The information that must be provided by an applicant Participant will vary depending on the type of registration / licence sought, but may include:

1. (a)a description of its business or business plan and of its product/s;
2. (b)policies and procedures in relation to internal governance arrangements, security, safeguarding, business continuity, customer on-boarding, anti-money laundering, incident reporting, customer grievance redressal measures, managing sensitive payment data and audit; and
3. (c)details of the organisational structure, senior managers and responsible persons and persons that control the Participant.

3.2.4 As discussed at 1.9, the Framework will not prescribe the AFSA's approach to assessing and determining these applications. In the interests of assisting Participants to seek licensing / registration, the AFSA may choose to publish guidance or information on its decision-making process and timing in a similar manner to its existing "Guidebook on Authorisation of AIFC Participants and Recognition of Non-AIFC Members".

3.3 Ongoing requirements

3.3.1 As well as requiring market participants providing payment services to be licensed or registered, the Framework will impose ongoing requirements on payment service providers, relating to:

1. (a)capital requirements, including:
2. (i)initial capital, meaning payment service providers must hold a prescribed amount at the stage of applying for licensing or registration, which can be made up of capital instruments, share premium accounts, retained earnings, or other comprehensive income or reserves; and
3. (ii)ongoing capital, meaning payment service providers must carry at all times an amount that is the greater of their initial capital or their own funds amount, (which is calculated based on a firm's fixed overheads, average monthly payment volume, or previous year's income);
4. (b)safeguarding requirements, where PIs and SPIs must safeguard sums received from a payment service user for executing transactions or received from another payment service provider for executing their payer's transaction. Safeguarding can take the form of segregating funds or insurance / comparable guarantee. One way to comply with the segregation of funds method is to invest in liquid, low-risk assets approved by the appropriate regulator. The payment service provider can also choose to deposit the relevant funds in a separate account held with a licensed bank;
5. (c)reporting and notification requirements, which will apply to payment service providers on an ongoing basis (such as annual financial returns), as well as event-driven notifications (such reporting major security incidents);
6. (d)outsourcing and use of agents requirements, where PIs, SPIs and other payment service providers must comply with obligations relating to registration, liability, and governance; and
7. (e)accounting and statutory audit obligations to the AFSA. These obligations will not apply to all payment service providers. Only PIs that carry out activities other than the provision of payment services must comply with these accounting and statutory audit obligations, reflecting the UK's regulatory approach. Under the UK framework, these obligations would not, for example, apply to SPIs, or to payment service providers that do not carry out activities other than the provision of payment services.

3.3.2 The reason for the Framework containing the ongoing requirements (rather than by amendment to GEN) is because they will apply to certain non-licensed entities such as SPIs and RAISPs.

3.3.3 These ongoing requirements are in addition to the requirements on Authorised firms in GEN which will apply to PIs. It will be necessary to consider which (if any) of the rules in GEN ought not to apply to PIs. Where the AFSA wishes for some of requirements in GEN to apply to registered payment service providers (such as SPIs and RAISPs), it will need to make specific provision for this in the Framework or GEN.

3.3.4 We note that the MDB Framework policy paper proposes a standalone set of rules applying to digital-only banks – the AIFC Digital Bank Rules (DBR). The MDB Framework policy paper also provides that Authorised Digital Banks would be limited to providing some or all of the Regulated Activities in Schedule 1 (Regulated Activities) of GEN, including Providing Money Services. It will be important to ensure that the DBR do not include provisions that conflict with the Framework. Presumably, a digital-only bank that provides payment services would be subject to the DBR, but they would also be subject to the ongoing requirements and conduct of business obligations of the Framework (summarised in this section 3.3 and the following section 3.4). It will also be necessary to ensure that the payment services activities listed in the definition of Providing Money Services either do not overlap or are consistent with those we propose to include in the Framework (including those set out in section 3.1.11).

3.3.5 The MDB Framework policy paper also sets out suggestions concerning security standards (e.g. strong customer authentication), client on-boarding, cybersecurity, business recovery, outsourcing, client terms, authorised status and consumer protection. However, the MDB Framework policy paper leaves it to the AFSA to consider whether to take a prescriptive approach in such areas, or to merely set out certain areas where Relevant Authorised Firms need to provide policies and procedures to address these to the satisfaction of the AFSA. If the MDB Framework were to contain prescriptive measures concerning these areas, it would be necessary to ensure that they do not conflict with any of the ongoing requirements and conduct of business obligations in the Framework, which would be imposed on firms carrying out payment services.

3.4 Conduct of business rules

3.4.1 The conduct of business rules set out in the Framework will apply to payment services where they are provided from an establishment maintained by a payment service provider (or its agent) in the AIFC, and to transactions where one of the parties' payment service provider is in the AIFC. In certain instances, the rules will apply to a lesser extent. A "corporate opt-out" will also be available, to allow payment service providers to agree with non-retail customers to derogate from certain conduct of business rules.[7] The reason for the Framework containing the conduct of business rules (rather than by amendment to COB) is because they will apply to certain non-licensed entities such as SPIs, SEMIs and RAISPs.

3.4.2 The conduct of business rules under the Framework will be in addition to the rules in COB which will apply to PIs and EMIs. It will be necessary to consider which (if any) of the rules in COB ought not to apply to PIs and EMIs. Where the AFSA wishes for some of the rules in COB to apply to registered payment service providers (such as SPIs, RAISPs and SEMIs), it will need to make specific provision for this in the Framework or COB.

3.4.3 In relation to information requirements, the Framework will distinguish between, and apply different rules to:

1. (a)an ongoing payment agreement, meaning a contract governing the future execution of individual and successive payment transactions, such as parts of a bank's current account terms and conditions; and
2. (b)a one-off payment service, meaning a contract governing a single payment transaction not covered by an ongoing payment agreement.

3.4.4 The conduct of business rules will apply high level requirements to both forms of contract, with more granular requirements relating to each. For ongoing payment agreements, information requirements are generally engaged in relation to the formation of the contract, whilst for one-off payment services, the requirements apply to the transaction itself. The information requirements are qualitative (e.g. information to be provided in an easily accessible manner) and quantitative (e.g. details of charges, interest, and exchange rates).

3.4.5 In relation to parties' rights and obligations:

1. (a)on executing payment transactions:
2. (i)timeframes should be set out for execution, value dating, crediting funds, and displaying these as available to the payee;
3. (ii)payment service providers should distinguish between authorised and unauthorised transactions, with mechanisms for customers to give consent to execute payment transactions;
4. (iii)payment service providers should only debit payments upon receipt of a valid payment order; and
5. (iv)payers should not be able to revoke a payment order after it has been received by their payment service provider, with limited exceptions (for example, relating to direct debits and future-dated payments);
6. (b)on liability:
7. (i)this is generally apportioned on the basis of who initiated the payment transaction (such as where the payer initiates a transaction, their payment service provider is liable to them for correct execution);
8. (ii)for unauthorised payment transactions, the customer must notify its payment service provider of any unauthorised transactions, whilst the payment service provider bears the burden of proof for demonstrating that transactions are properly executed; and
9. (iii)customers' liability is capped for losses in connection with loss, theft, etc., but not fraud or breach of their obligations, and customers are liable for providing incorrect information leading to loss (such as providing an incorrect unique identifier);
10. (c)on payment instruments, these should not be misused by customers, whilst payment service providers must ensure their security; and
11. (d)on charging, payment service providers should generally not be able to charge customers, and any charges must be agreed between the parties.

3.4.6 However, regulatory frameworks do not exist in a vacuum. For example, payment service providers in the UK must comply with various pieces of legislation. In addition to the key statutes relating to payment services and e-money, provisions of other laws impose obligations relating to:

1. (a)general standards and principles of governance imposed by regulators;[8]
2. (b)accountability of senior staff;[9]
3. (c)consumer protection legislation[10], and in particular:
4. (i)dispute resolution mechanisms;
5. (ii)unfair contract terms; and
6. (iii)broader consumer rights;
7. (d)"distance marketing",[11] i.e. online sales;
8. (e)advertising and e-commerce;[12]
9. (f)interchange fees;[13]
10. (g)data protection and cyber security;[14] and
11. (h)AML and CTF.[15]

3.4.7 In relation to the UK, this is principally due to a combination of the law's incremental development and reform, and the influence of European legislation.

3.4.8 The AFSA already regulates many of the functions set out at 3.4.6 above. For example, mechanisms to ensure the accountability of senior management are provided for in parts 4 and 5 of the FSFR, and the AML and CTF framework in the AIFC closely resembles that of the UK. Where the AFSA wishes for some of these functions to apply to registered payment service providers (such as SPIs, RAISPs and SEMIs), it will need to make specific provision for this in the Framework or by amending the relevant rules. Where there are regulatory gaps, how the AFSA chooses to regulate these areas will be a matter of policy. Specifically, the AIFC's regulatory framework is less mature in relation to consumer protection and data protection. As the scope of the Framework does not include provisions relating to consumer or data protection, the AFSA may wish to seek separate advice on its existing consumer and data protection regulatory regime (potentially to bring it more in line with the UK / EU approach), appreciating that these regimes are likely to apply much more broadly than the remit of this Framework.

[1] As defined at Section 15, FSFR

[2] As defined in Section 6, FSFR

[3] As defined at Section 14, FSFR

[4] Received from AFSA on 13 July 2020

[5] Participants must apply to become a PI if they do not qualify as an SPI (i.e. their actual or projected average turnover in payment transactions is above the prescribed threshold).

[6] If a Participant has an average turnover in payment transactions not exceeding the prescribed threshold, it does not have to apply to be licensed and it can choose instead to be registered as an SPI. Registration would be cheaper and simpler than applying for a full licence.

[7] Payment service providers may agree with business customers (that is, payment service users who are not consumers, small charities or micro-enterprises) to vary the information they provide from that specified in the Framework, and, in certain cases, agree different terms in relation to rights and obligations.

[8] FCA Handbook, Principles for Business (PRIN) and other applicable provisions

[9] FCA Senior Managers & Certification Regime

[10] Consumer Credit Act 1974, Consumer Rights Act 2015, and various statutory instruments

[11] Distance Marketing Regulations 2004

[12] Electronic Commerce (EC Directive) Regulations 2002

[13] Interchange Fee Regulation (EU) 2015/751

[14] General Data Protection Regulation (EU) 2016/679

[15] The Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017

4 E-money

4.1 Scope and key concepts

4.1.1 E-money is a digital alternative to cash. It allows users to make cashless payments with money stored on a card or phone, or over the internet.

4.1.2 It is broadly defined as electronically-stored monetary value, represented by a claim on the issuer, issued on receipt of funds for the purposes of making payment transactions, and accepted as a means of payment by a person other than the issuer.

4.1.3 Payment instruments such as debit cards are not e-money because the monetary value is not stored in the device. These payment instruments only contain the data necessary to identify the holder and link the holder to a bank account. Debit cards also enable the holder to make purchases and/or withdraw cash and have those transactions directly and immediately charged to their bank account, whether held with the card issuer or not. At the other end of the scale, e-money also does not include value stored on instruments that can only be used on the issuer's premises, or a limited network of providers providing a limited range of goods and services.

4.1.4 We propose to regulate e-money within the AFSA's existing Regulated Activities regime, as provided for by section 1.1.1 of GEN. Issuing e-money will therefore become a regulated activity as set out at schedule 1 of GEN.

4.1.5 We also propose that EMIs fall within the existing licensing regime under GEN, but that the Framework include a new registration regime for SEMIs to ensure they are regulated. This allows non-bank Participants issuing e-money, but who do not wish to undertake the full range of banking operations, to be able to operate within the e-money market. Similar to the licensing and registration regime in relation to payment services, this will also allow EMIs and SEMIs to be subject to less stringent prudential requirements than banks, reflecting the limited systemic risk they pose as compared to banks. This reflects the principle set out at 3.1.3(b), and has the dual function of opening up the e-money market to new entrants, whilst also ensuring the integrity of existing Participants.

4.1.6 As a result, entities issuing e-money must only do so in accordance with the General Prohibition. The Framework will introduce an exemption to the General Prohibition for SEMIs. As with payment services, Relevant Authorised Firms will be permitted to issue e-money without needing to be specifically licensed as an EMI or registered as a SEMI. This reflects the fact that they are already adequately regulated under FSFR. However, they will require a license which permits them to carry out the Regulated Activity of issuing e-money. As set out in 3.1.6, it should be noted that the MDB Framework policy paper proposes to develop a standalone regulatory and authorisation framework for digital-only banks. It will be important to ensure that the Framework's provisions as to Relevant Authorised Firms (which could include digital-only banks) are consistent with the MDB Framework.

4.1.7 This licensing and registration regime is supplemented by conduct of business rules. These rules are partly laid down specifically in relation to e-money, but are also provided for under the payment services framework. These conduct of business rules regulate:

1. (a)the issue and redemption of e-money, as set out at 4.3 (these are specific to issuers); and
2. (b)the payment services aspects of issuers' business, as set out at 3.4. These are the same standards that apply in respect of payment services. 

4.1.8 In regulating e-money, specific concerns arise in relation to the trade-off between restricting e-money issuance to authorised institutions, and therefore protecting users, and opening up the e-money market to competition by reducing the barriers to entry where appropriate (e.g. for lower risk entities). We consider that including EMIs in the existing licensing regime but introducing a new registration regime for SEMIs in the Framework strikes a balance between these two concerns. In particular, the registration regime will provide a more proportionate approach for SEMIs which are not subject to the same requirements where their operations fall below a given threshold. For example, in relation to capital requirements, only SEMIs whose business activities generate (or are projected to generate) average outstanding e-money above a certain threshold (€500,000 in the UK) must hold an amount of initial capital at least equal to 2% of their average outstanding e-money.

4.1.9 Supervisory efforts should also consider the pool of money that EMIs and SEMIs will hold pending redemption of e-money, and how the use (i.e. investment) of this pool should be regulated, as well as safeguards against counterfeiting, money laundering, and terrorist financing.

4.2 Licensing and registration regime

4.2.1 Similar to the licensing and registration regime in relation to payment services set out at 3.2, to issue e-money, the Framework will require Participants to be one of the following:

1. (a)a Relevant Authorised Firm (see 4.1.6);
2. (b)a SEMI[1]; or
3. (c)an EMI[2].

4.2.2 Similar to the concept of a SPI in payment services, a SEMI's business must be projected to generate an average outstanding e-money below a prescribed threshold. In the UK, the total business activities of the applicant immediately before the time of registration as a SEMI must not generate average outstanding e-money that exceeds €5 million. In addition, if the Participant intends to also undertake payment services that are not connected with issuing e-money, its monthly average turnover in relation to these payment services must be less than a prescribed threshold (in the UK, €3 million). The AFSA has confirmed that the equivalent threshold in AIFC will be $5,500,000 USD.

4.2.3 To become a licensed EMI or registered SEMI, a Participant will be required to submit an application to the AFSA and pay a fee. In the UK, these fees range from £250 for re-registration, to £5,000 for a new licence as an EMI. The AFSA has confirmed that the equivalent fees in the AIFC will be $1,000 USD for a SEMI and $3,500 USD for an EMI. As with payment services, the information that must be provided by an applicant Participant will vary depending on whether it is seeking registration or licensing, but may include the information at 3.2.3.

4.2.4 As discussed at 3.2.4, the AFSA may choose to publish guidance or information to assist Participants in making an application for licensing or registration to issue e-money.

4.3 Ongoing requirements

4.3.1 In addition to the registration regime for SEMIs, the Framework will impose requirements on e-money issuers in respect of:

1. (a)capital requirements, where:
2. (i)EMIs and SEMIs must carry a prescribed amount of initial capital when applying for licensing or registration (see 3.3.1(a)(i)); and
3. (ii)EMIs must hold a prescribed amount of ongoing capital, being the greater of the initial capital amount, or 2% of their average outstanding electronic money issued. EMIs will also have to meet the capital requirements in relation to any unrelated payment services aspects of its business;
4. (b)safeguarding requirements, where all e-money issuers will need to safeguard funds received in exchange for the e-money they have issued, either by way of segregating funds or an insurance-based solution (for further detail on segregating funds see 3.3.1(b)). Where there is an insolvency event for an EMI, the claims of holders of e-money must also be paid from the asset pool of the EMI in priority to all other creditors; 
5. (c)allowed activities, where EMIs may – in addition to issuing e-money – carry on activities relating to:
6. (i)providing payment services;
7. (ii)providing operational and closely related ancillary services, such as executing payment transactions, foreign exchange services;
8. (iii)operating payment systems; and
9. (iv)business activities other than issuing electronic money;
10. (d)reporting and notification requirements, which broadly mirror those set out at 3.3.1(c);
11. (e)outsourcing and use of agents requirements, which broadly mirror those set out at 3.3.1(d), however with a distinction between distributing and redeeming e-money, which may be outsourced, and issuing e-money, which may not; and
12. (f)accounting and statutory audit requirements, which broadly mirror those set out at 3.3.1(e).

4.3.2 The reason for the Framework containing the ongoing requirements (rather than by amendment to GEN) is because they will apply to certain non-licensed entities such as SEMIs.

4.3.3 The ongoing requirements in the Framework would apply in addition to any requirements in GEN which apply to EMIs. It will be necessary to consider which (if any) of the rules in GEN ought not to apply to EMIs. Where the AFSA wishes for some of the rules in GEN to apply to SEMIs, it will need to make specific provision for this in the Framework or GEN.

4.3.4 As explained at 3.3.2 above in relation to payment services, we note that the MDB Framework policy paper proposes that the standalone DBR apply to digital-only banks. It will be important to ensure that the DBR do not include provisions that conflict with the Framework in the context of e-money. Presumably, a digital-only bank that issues e-money would be subject to the DBR, but they would also be subject to these ongoing requirements and conduct of business obligations in the Framework (set out in this section 4.3 and below at 4.4).

4.3.5 The MDB Framework policy paper also sets out suggestions concerning security standards (e.g. strong customer authentication), client on-boarding, cybersecurity, business recovery, outsourcing, client terms, authorised status and consumer protection. As set out in relation to payment services at 3.3.5, if the MDB Framework were to contain prescriptive measures concerning these areas, it would be necessary to ensure that they do not conflict with any ongoing requirements or conduct of business obligations imposed on e-money issuers. 

4.4 Conduct of business rules

4.4.1 The conduct of business rules set out at 3.4 above will apply to e-money issuers in relation to the payment services aspects of their business in the AIFC. In addition, the Framework will set out rules that apply to issuing and redeeming e-money (the e-money rules). The reason for the Framework containing the conduct of business rules (rather than by amendment to COB) is because they will apply to certain non-licensed entities such as SEMIs.

4.4.2 The conduct of business rules under the Framework will be in addition to the rules in COB which will apply to EMIs. It will be necessary to consider which (if any) of the rules in COB ought not to apply to EMIs. Where the AFSA wishes for some of the rules in COB to apply to SEMIs, it will need to make specific provision for this in the Framework or COB.

4.4.3 The e-money rules will apply to issuing and redeeming e-money, where this is carried out by a Participant in the AIFC.

4.4.4 On issuing e-money, issuers must do so at par value (i.e. for the same amount as the funds received) when they receive the funds. They must also do so without delay.

4.4.5 On redeeming e-money:

1. (a)holders of e-money must have the right to redeem the monetary value at any time, and at par value;
2. (b)the issuer must ensure the contract clearly states the conditions for redemption, including any fees;
3. (c)any fees charged for redemption must be proportionate to the costs actually incurred by the issuer (for example, the costs of recording and safeguarding e-money would qualify);
4. (d)the issuer cannot award interest in respect of holding e-money, or award any other benefits that are linked to the length of time that the e-money is held; and
5. (e)the issuer must allow redemption for up to six years after the contract with the holder of the e-money ends.

4.4.6 In addition to complying with the Framework, the AFSA should consider the extent to which it will require issuers of e-money to comply with other aspects of regulation, such as those outlined in section 3.4.6 in relation to payment service providers. This will primarily be a matter of policy.

[1] If a Participant has average outstanding e-money that does not exceed the prescribed threshold, it does not have to apply to be licensed and it can choose instead to be registered as a SEMI. Registration would be cheaper and simpler than licensing.

[2] Participants must apply to become a licensed EMI if they do not qualify as a SEMI (i.e. their average outstanding e-money exceeds the prescribed threshold).

5 Implementation of the proposed framework

5 Implementation of the proposed framework

5.1 Amendments / effect on existing AIFC legislation

5.1.1 We anticipate that a number of amendments to existing AIFC legislation will be necessary in order to adopt the Framework. The precise scope of these amendments will become clear once the Framework has been drafted. At a high level, the following amendments are likely to be required:

1. (a)amending the list of Regulated Activities in Schedule 1 of GEN to include "Providing Payment Services" and "Issuing Electronic Money"; 
2. (b)amending the definition of "Providing Money Services" contained in Schedule 1 of GEN to ensure no inconsistencies with the newly Regulated Activities outlined in 6.1.1(a);
3. (c)adding the definitions introduced by the Framework to GLO;
4. (d)adding to the AIFC Fees Rules to reflect any fees that the AFSA may wish to impose upon Participants applying for a licence as a PI or EMI, or a registration as a SPI, SEMI or RAISP;
5. (e)amending the AIFC Insolvency Rules to reflect the safeguarding requirements set out at 5.3.1(b);
6. (f)amending the COB; and
7. (g)amending the provisions relating to outsourcing at GEN 5.2 to reflect the outsourcing requirements at 4.3.1(d) and 5.3.1(e), subject to the precise wording of the Framework.

5.2 Consideration of Kazakh law

5.2.1      We understand that the Framework will be characterised as an AIFC Act[1] and will form part of the Acting Law[2] of the AIFC alongside the Acting Law of the Republic of Kazakhstan, which will apply to Participants to the extent the Constitutional Statute and the AIFC Acts do not apply to certain legal subject matter. The Framework will therefore need to be drafted bearing in mind this potential interaction with existing Kazakh law. For example, certain Kazakh regulations allow for money held in a bank account:

1. (a)to be withdrawn without the client’s consent – for example, in accordance with a collection order issued by the state revenue authorities, or as expressly provided for by Kazakhstan legislative acts; or
2. (b)to be arrested based on either a court decision or a resolution of an enforcement officer sanctioned by the prosecutor general.

5.2.2      We appreciate that the AFSA is likely to have previously considered the extent to which provisions of Kazakh law such as those described above should apply to entities operating within the AIFC. Understanding the AFSA's approach in this regard will assist when it comes to drafting the Framework.

[1] As defined in Article 1(4) of the Constitutional Statute

[2] Within the meaning of Article 4(1) of the Constitutional Statute

6 Glossary

Schedule 1 – Policy issues (major)

Schedule 2 - Policy issues (non-major)

Schedule 1- Policy issues (non-major)

Introduction

1.The Astana Financial Services Authority (AFSA) has issued this Consultation Paper to invite public comments on the proposed amendments to the AIFC Insurance and Reinsurance Prudential Rules (PINS).

2.The proposals in this Consultation Paper will be of interestto current and potential AIFC participants who are interested in exercising business activities in or from the AIFC as captive insurers and insurance managers.

3.All comments should be in writing and sent to the address or email specified below. If sending your comments by email, pleaseuse “Consultation PaperAFSA- P-CE-2020-0010” in the subject line. You may,if relevant, identifythe organisation you represent when providing your comments. The AFSA reserves the right to publish, includingon its website, any commentsyou provide, unless you expressly request otherwise. Comments supported by reasoning and evidence will be given more weight by the AFSA.

4.The deadline for providing comments on the proposals is 12 December 2020. Prior to this consultation paper the AFSA published the policy paper on Enhancement of the AIFC Regulatory Framework for Captive Business, which included same proposals at policy level.

5.Once we receive your comments, we shall consider if any refinements are required to this proposal.

6.Comments to be addressed by post: Policy and Strategy Division

Astana Financial Services Authority (AFSA) 55/17 Mangilik El, building C3.2, Kazakhstan or emailed to: consultation@afsa.kz

7.The remainder of this Consultation Paper contains the following:

(a)Background to theproposal

(b)Annex 1: Proposed Amendments to the AIFC Insurance and Reinsurance Prudential Rules.

Background

1.A captive insurance is a risk management vehicle used by companies to cover risks that cannot be efficiently insured in the market or to manage risks in a more cost-effective manner. Captive insurers mainly underwrite risks related to or arising out of the businessor operations of the groupto which they belong or third- party risks arising in related businesses.

2.Captive insurance allows a company to insure its industry-specific risks which would otherwise be overpriced by commercial insurers. The cost savings would result not only from a more tailored risk assessment but also from avoidance of marketing and administration costs. In addition, captives are uniquely positioned to manage their own risks as they can make more precise forecasts based on their own historical data as opposed to commercial insurers who rely on industry averages.

3.The following summarizes the proposed amendments to the AIFC Insurance and Reinsurance Prudential Rules (PINS) that aim to provide a competitive and clear risk-based regulation for full-fledged and effective operation of captive insurers.

(1)Introduce three classes of captive insurers differentiating on the amount of third-party risk allowed to be written.

(2)Set prudential requirements for each class of captive insurers based on the level of risk the scope of their license assumes.

(3)Explicitly state that an AIFC captive insurer can be either self-managed or managed by an AIFC insured Insurance Manager

(4) Expand the functions of the AIFC Captive Insurance Managers.

As a result of introduction of these changes, AFSA aims to further develop the insurance market in the AIFC and Kazakhstan.

4.The key objectives of the proposed amendments include:

-Make the AIFC jurisdiction suitable for different types of captive insurers;

-Increase the numberof captive insurersand insurance managersin the AIFC;

-Alignment of captive insurance classification with international standards;

-Add clarification and precision to the requirements to captive insurance managers.

5.Annex 1 includes the proposed Amendments to the AIFC Insurance and Reinsurance Prudential Rules.

Annex 1

Proposed amendments to the AIFC Insurance and Reinsurance Prudential Rule

In these Rules the underlying indicates a new text and the strikethrough indicates a removed texT

14Captive Insurers

14.1 Introduction

14.1.1Definition of Captive Insurer

A Captive Insurer is an Authorised Firm with a Licence to carry on Insurance Business as a Class 1, Class 2 or Class 3 Captive Insurer only for the business or operations of the Group to which it belongs.

14.1.1-1. Classification of Captive Insurer

(1)  A class 1 Captive Insurer is an AIFC Captive Insurer that is permitted under the conditions of its authorisation to effect or carry out Contracts of Insurance only for risks related to or arising out of the business or operations of the group to which the Insurer belongs.

(2)  A class 2 Captive Insurer is an AIFC Captive Insurer that is permitted under the conditions of its authorisation to obtain no more than 20% of its gross written premium from third-party risks arising from business or operations that are closely linked to the business or operations of the group to which the Insurer belongs.

(3)A class 3 Captive Insurer is an AIFC Captive Insurer that:

(a)is permitted under the conditions of its authorisation to effect or carry out Contracts of Insurance only for risks related to or arising out of the business or operations of persons who engage in similar, related or common:

i.businesses; or

ii.activities; or

iii.trade; or

iv.services; or

v.operations; and

(b)is owned by the persons mentioned in paragraph (i) or by a body corporate of which all such persons are members such as group captives.

14.1.2Definition of Captive Insurance Business

(1) Captive Insurance Business is the business of Effecting or Carrying out Contracts of Insurance as a Class 1, Class 2 or Class 3 Captive Insurer only for the business or operations of the Group to which the Captive Insurer belongs.

(2) General Captive Insurance Business is Captive Insurance Business in relation to General Insurance Contracts

(3) Long-Term Captive Insurance Business is Captive Insurance Business in relation to Long-Term Insurance Contracts.

14.1.3 Captive Insurer to be incorporated in the AIFC

(1) Only an Authorised Firm which is incorporated under the laws of the AIFC may apply to the AFSA for a Licence to conduct Captive Insurance Business.

(2) A Captive Insurer may either be self-managed or managed by an Insurance Manager authorised by AFSA.

14.3 Application of PINS to Captive Insurers

14.3.1Application of PINS 2 (Systems and Controls)

(1) A Captive Insurer must comply with the requirements of PINS 2 (Systems and Controls) in full subject to (2).

(2) A Captive Insurer may appoint an Insurance Manager authorised by AFSA to perform the Controlled Function of Senior Executive Officer provided that such Employee is an Approved Individual and the Designated Function of Money Laundering Reporting Officer.

14.3.2 (…)

14.3.3 (…)

14.3.4 (…)

14.3.5 (…)

14.3.6 (…)

14.3.7 (…)

14.3.8 (…)

14.3.9 (…)

14.3.10 (…)

14.3.11 (…)

14.3.12 Application of PINS 13 (Prudential Returns)

(1)  A Captive Insurer must comply with PINS 13 (Prudential returns) in full.

(2)Unless required otherwise by AFSA in writing, Class 1 Captive Insurer may submit Prudential Returns semi-annually instead of quarterly as stated in Schedule 6.

14.4Capital adequacy requirements for Captive Insurers

14.4.1Minimum Capital Requirement (MCR) for a Captive Insurer

(1)For the purposes of Schedule 4 of PINS, the Capital Floor for a Captive Insurer is the highest of the following:

(a) US$150,000 for a Captive Insurer carrying on General Captive Insurance Business;

(b) US$150,000 for a Captive Insurer carrying on Long-term Captive Insurance Business; or

(c)an amount specified in writing by the AFSA. (d) the Base Capital Requirement;

(e)he Premium Risk Component;

(f)the Technical Provision Risk Component.

(2)  Base Capital Requirement (BCR) for a Captive Insurer is

(a)US$100,000 for a Class 1 Captive Insurer;

(b)US$200,000 for a Class 2 Captive Insurer;

(c)US$300,000 for a Class 3 Captive Insurer.

(3)  Premium Risk Component for a Captive Insurer

(a) The Premium Risk Component for a Class 1, Class 2 or Class 3 Captive Insurers conducting general insurance business or life insurance business is the amount calculated in accordance with the following formula:

[18% ´ firm’s net written premium up to US$ 5 million]+

[16% ´ firm’s net written premium in excess of US$ 5 million]

(4)  Technical Provision Risk Component for a Captive Insurer

(a)The Technical Provision Risk Component for a Class 1, Class 2 or Class 3 Captive Insurers conducting general insurance business is the amount calculated in accordance with the following formula:

[5% ´ firm’s net claims reserve under general Contracts of Insurance]-

[15% ´ the amount of firm’s reinsurance and other recoveries expected to be received in respect of those claims]

(b)The technical provision risk component for a Class 1, Class 2 or Class 3 Captive Insurers conducting long-term insurance business is the amount calculated in accordance with the following formula:

[2.5% ´ Policyholder liabilities calculated using actuarial methods for long-term insurance]

14.4.2 (…)

14.4.3Prescribed Capital Requirement for a Protected Cell Company

(1) Class 1, Class 2 and Class 3 Captive Insurers are not required to calculate Prescribed Capital Requirement;

(2) For a Protected Cell Company each Cell of a Protected Cell Company must calculate its Prescribed Capital Requirement in accordance with PINS 5.2.3 (Obligation to calculate PCR) as if it were a stand-alone Insurer.

14.4.4 (…).

Introduction

1.The Astana Financial Services Authority (AFSA) has issued this Consultation Paper to seek suggestions from the market on the proposed approach on the application of the AIFC regulatory fees.

2.The proposals in this Consultation Paper will be of interestto current and potential AIFC participants who are interested in exercising business activities in or from the AIFC.

3.All comments should be in writingand sent to the addressor email specified below. If sending your comments by email, please use “Consultation Paper AFSA-P- CE-2020-0009” in the subject line. You may, if relevant,identify the organisation you represent when providing your comments. The AFSA reserves the right to publish, including on its website, any comments you provide, unless you expressly request otherwise. Comments supported by reasoning and evidence will be given more weight by the AFSA.

4.The deadline for providing comments on the proposals is 20 December 2020. Once we receive your comments, we shall consider if any refinements are required to this proposal.

5.Comments to be addressed by post: Policy and Strategy Division

Astana Financial Services Authority (AFSA)

55/17 Mangilik El, building C3.2, Kazakhstan or emailed to: consultation@afsa.kz

6.The remainder of this Consultation Paper contains the following:

(a)Background to theproposal;

(b)Key proposals on the application of the AIFC regulatory fees;

(c)Annex 1: Proposed supervision fees tables.

Background

1.AFSA have not been applying application fees for authorisation and recognition as well as supervision fees, stipulated by the AIFC Fees Rules (FEES). This proposal comes as AIFC is approaching the end of waiver for application fees granted in June 2018 expiring on 1 January 2021.

2.There are two types of supervision fees in FEES: initial annual supervision fee and subsequent standard annual supervision fees.

3.According to FEES, initialannual supervision fee must be paid for the initialperiod of regulation after the grant of licensed status. The initial annual supervision fee is calculated as the fee which was payable at the time of application for authorisation, pro-rated over the whole months remaining between the date of authorisation and the end of the year.

4.Subsequent annual supervision fees must be paid for any period of regulation after the period described above. The standard annual supervision fee is:

(i)the highest of the fees specified in the fees table corresponding to the activities which the relevant entity is licensed to carry on; and

(ii)an amount as may be determined by the AFSA for each Approved Individual employed by the relevant entity at 30 September in the previous year, or on the date of the grant of authorisation, whichever is the later.

5.The proposed approach on the application of the AIFC regulatory fees is discussed in the next section of this document. Annex 1 includes the proposed supervision fees tables.

Key proposals on the application of the AIFC regulatory fees

1.    With the focus on the currentdevelopment stage of the AIFC, it is proposed to remove authorisation and recognition application fees and introduce only annual supervision fees that will take effecton 2021 and will be applied after1 year from the AIFC entity’s commencement of operations. Annex 1 sets out the proposed supervision fees.

2.    This proposal does not require upfront payments for new potential participants and maintains the AIFC attractiveness. This proposal also allows the AIFC participants to operate 1 year without supervision fees further increasing the ease of setting up a business in the AIFC.

3.    For existing AIFC participants, the proposal is to apply supervision fees starting from 2021 if such participants have been operational for more than 1 year. For those companies that have not yet commenced operations, the supervision fees will be applied after 1 year from their commencement of operations. Therefore, the application of supervision fees includes the “commencement of operations” ratherthan the “date of a Licence” since the AIFC entity may obtain a Licence but do not commence its operations in the AIFC.

4.Additionally, thereare proposals to introduce the following fees starting from 2021 that were not earlier introduced:

(a)  fees at the level of 50% of the revised fees in Annex 1 for post-authorisation processes such as applications to vary the scope of a Licence;

(b)in an amount of 300 USD for withdrawal of a Licence; and

(c)in an amount of 50 USD for modification and withdrawal of Approved Individual’s registration.

5.    It is proposed to waive all fees, including authorisation and supervision fees, for FinTech Lab participants until further notice from AFSA.

6.    Proposed supervision fees in Annex1 are based on currentapplication fees set out in Schedules 1-4 of FEES by applying to them risk-based approach and reducing them noting the nature, scale and complexity of businesses. Therefore, the proposed reductions are:

(a)90% for AIFC Participants not holding Client Money/Asset and with the lowest Base Capital Requirements;

(b)50% for other AIFC Participants not holding Client Money/Asset;

(c)   20% for AIFC Participants holding Client Money/Asset;

(d)20% for Ancillary Service Providers, Authorised Market Institutions and entities for recognition regime.

Annex 1

1. Proposed supervision fees for Regulated Activities

90% reduction is proposed for the following AIFC Participants not holding Client Money/Asset and with the lowest Base Capital Requirements:

50% reduction is proposed for the following AIFC Participants not holding Client Money/Asset:

20% reduction is proposed for AIFC Participants holding Client Money/Asset:

2.Proposed supervision fees for Market Activities

20% reduction is proposed for AIFC Participants carrying on Market Activities:

3.Proposed supervision fees for Ancillary Services

20% reduction is proposed for AIFC Participants providing Ancillary Services

4. Proposed supervision fees for Recognised Non-AIFC Market Institution and Recognised Non-AIFC Member

20% reduction is proposed for Recognised Non-AIFC Market Institution and Recognised Non- AIFC Member

Introduction

1.  The Astana Financial Services Authority (AFSA) has issued this Consultation Paper to invite public comments on the proposed policy for captive insurance business.

2.  The proposals in this Consultation Paper will be of interest to current and potential AIFC participants who are interested in exercising business activities in or from the AIFC.

3.  All comments should be in writing and sent to the address or email specified below. If sending your comments by email, please use “Consultation Paper AFSA-P-CE-2020- 000X” in the subject line. You may, if relevant, identify the organisation you represent when providing your comments. The AFSA reserves the right to publish, including on its website, any comments you provide, unlessyou expressly requestotherwise. Comments supported by reasoning and evidence will be given more weight by the AFSA.

4.  The deadline for providing comments on the proposals is 25 November 2020. Once we receive your comments, we shall considerif any refinements are requiredto this proposal.

5.  Comments to be addressed by post: Policy and Strategy Division

Astana Financial Services Authority (AFSA) 55/17 Mangilik El, building C3.2, Kazakhstan or emailed to: consultation@afsa.kz

Tel: +8 7172 613781

6.The remainder of this Consultation Paper contains the following:

(a)Background to the proposal

(b)    Annex 1: Policy paper on Enhancing the Regulatory Framework on Captive Insurance Business

Background

1.A captive insurance is a risk management vehicle used by companies to cover risks that cannot be efficiently insured in the market or to manage risks in a more cost-effective manner. Captive insurersmainly underwrite risksrelated to or arising out of the business or operations of the group to which they belong or third-party risks arising in related businesses.

2.Captive insurance allows a company to insure its industry-specific risks which would otherwise be overpriced by commercial insurers. The cost savings would result not only from a more tailored risk assessment but also from avoidance of marketing and administration costs. In addition, captives are uniquely positioned to manage their own risks as they can make more precise forecasts based on their own historical data as opposed to commercial insurers who rely on industry averages.

3.The following summarizes the proposed amendments to the AIFC Insurance and Reinsurance Prudential Rules (PINS) that aim to provide a competitive and clear risk- based regulation for full-fledged and effective operation of captive insurers.

(1)Introduce three classes of captive insurersdifferentiating on the amount of third-party risk allowed to be written.

(2)Set prudential requirements for each class of captive insurers based on the level of risk the scope of their license assumes.

(3)Explicitly state that an AIFC captive insurer can be either self-managed or managed by an AIFC insured Insurance Manager

(4)Expand the functions of the AIFC Captive Insurance Managers.

(5)Provide AIFC Guidance on Captive InsuranceBusiness aimed at providing guidance to potential and licensedAIFC captive insurersand insurance managersand includes a generaloverview of captiveinsurance business, classesof captives, responsibilities and expectations to Insurance Managers or Captive Insurers (in case self-managed) for managing a captive insurance business. This Guidance will be designed to be read in conjunction with all other relevant AIFC rules.

4.As a result of introduction of these changes,AFSA aims to further developthe insurance market in the AIFC and Kazakhstan.

5.   The key objectives of the proposed amendments include:

-Make the AIFC jurisdiction suitable for different types of captive insurers;

-Increase the number of captive insurers and insurance managers in the AIFC;

-Alignment of captive insurance classification with international standards;

-Add clarification and precision to the requirements to captive insurance managers;

-Provide additional guidance document describing high level information for captive insurers and insurance managers.

6.Annex 1 includes the Policy paper on Enhancing the Regulatory Framework on Captive Insurance Business in the AIFC.

Annex 1

Introduction

1.The Astana Financial Services Authority (AFSA) has issued this Consultation Paper to invite publiccomments on the proposed amendments to the AIFC Regulatory framework for Representative Offices.

2.The proposals in this Consultation Paper will be of interestto current and potential AIFC participants who are interested in exercising business activities in or from theAIFC.

3.All comments should be in writing and sent to the address or email specified below. If sending your comments by email, please use “Consultation Paper AFSA-P-CE-2020- 0006” in the subject line. You may, if relevant, identify the organisation you represent when providing your comments. The AFSA reservesthe right to publish, including on its website, any comments you provide, unless you expressly request otherwise. Comments supportedby reasoning and evidence will be given more weightby the AFSA.

4.The deadline for providing comments on the proposals is 4 November 2020. Once we receive your comments, we shall consider if any refinements are required to this proposal.

5.Comments to be addressed by post: Policy and Strategy Division

Astana Financial Services Authority (AFSA) 55/17 Mangilik El, building C3.2, Kazakhstan or emailed to: consultation@afsa.kz

Tel: +8 7172 613781

6.The remainder of this Consultation Paper contains the following:

(a)Background to the proposal

(b)Annex 1: Draft of the proposed amendments to the AIFC Pre-IPO Listing Rules

Background

1.  The scope of Representative Office’s includes:

(a)marketing activities;

(b)activities that increase the profile, in the AIFC, of the Representative Office's head office;

(c)activities that relate to correspondence with or the provision of information from the Representative Office's head office;

(d)activities that relate to the provision of information to the Representative Office's head office relating to business trends, business opportunities and developments in the AIFC markets;

(e)any other activities that the AFSA determine may be suitable for a Representative Office to conduct.

2.The proposed amendments to existing legal framework aim to provide market expansion opportunities and streamline the existing processesof Representative Officeregistration, namely:

1)  Exempt Representative Offices from the requirement to assign Senior Executive Officer (SEO), Money Laundering ReportingOfficer (MLRO), FinanceOfficer (FO) and Compliance Officer (CO). Instead, allow these functions (except MLRO) to be conducted by Principal Representatives, persons assigned to manage Representative Offices.

2)  Exempt Representative Officesfrom the obligation to comply with the requirements of the AIFC Anti-Money Laundering, Counter-Terrorist Financing and Sanction Rules (AML) as these requirements are not proportionate to the nature of activities conducted by Representative Offices.

3)  Allow Principal Representatives, persons assigned to manage Representative Offices, to be non-residents ofKazakhstan.

3.   The key objectives of the proposed amendments include:

-streamline the registration process of Representative Offices

-create market expansion opportunities for Representative Offices

-create an opportunity for potential Authorised Firms to test the AIFC market and jurisdiction by registering first as a Representative Office.

4.Annex 1 describes the proposed amendments to the AIFC General Rules, AIFC Representative Office Rules and AIFC Anti-Money Laundering, Counter Terrorist Financing and Sanctions.

Proposed amendments to the AIFC Rules regarding Representative Offices

In these Rules the underlying indicates a new text and the strikethrough indicates a removed text

Rule: AIFC General Rules

CONTROLLED AND DESIGNATED FUNCTIONS

2.1.Mandatory appointments

2.1.1.  Appointments to be filled by Approved Individuals

(1)Subject to (2) an Authorised Person, must make the following appointments and ensure that they are held by one or more Approved Individuals at all times:

(a)Senior Executive Officer;

(b)Finance Officer; and

(c)Compliance Officer

(2)For an Authorised Person Operating a Representative Office the mandatory appointments in

(1) may be carried on by its Principal Representative.

2.1.2.Appointments to be filled by Approved Individuals or Designated Individuals

(1)An Authorised Person, except for an Authorised Person Operating a Representative Office, must make the following appointments and ensure that they are held by either an Approved Individual or a Designated Individual at alltimes:

(a)Money Laundering Reporting Officer; and

(b)such other role or function as the AFSA may direct from time to time.

(2) …

Rule: AIFC Representative Office Rules

3.4. Principal Representative

(1)A Representative Office must at all times have a Principal Representative who (a) is resident in Kazakhstan; and

(b) has satisfied the AFSA as to his/her fitness and propriety. The AFSA may give a Representative Officewritten notice that a PrincipalRepresentative is not fit and proper if the AFSA makes such a determination.

(2)If:

(a)the Principal Representative ceases to be an employee of the Representative Office; or

(b)the Representative Office receivesthe notice describedin REP 3.4(1)(b), the Representative Office must designate a replacement PrincipalRepresentative as soon as possibleafter, and in any event within 28 days of, either the Principal Representative's departure in REP 3.4(2)(a) or the Representative Office'sreceipt of the notice mentionedin REP 3.4(1)(b). The

AFSA may revoke a Representative Office's Licence if they fail to follow the procedure outlined in REP 3.4(2).

Rule: AIFC Anti-Money Laundering, Counter-Terrorist Financing and Sanctions Rules

2.APPLICATION

2.1.Application

(a)The AML Rules apply to:

(i)every Relevant Person in respect of all its AFSA regulated or supervised activities except an Authorised Firm licenced to operate a Representative Office; and

(ii)the persons specified in AML 2.2 as being responsible for a Relevant Person's compliance with these Rules.

(b)For the purposes of these Rules, a Relevant Person means:

(i)an Authorised Firm;

(ii)an Authorised Market Institution;

(iii)a DNFBP; or

(iv)a Registered Auditor.

Introduction

1.The Astana Financial Services Authority (AFSA) has issued this Consultation Paper to invite public comments on the proposed amendments to the AIFC Pre- IPO Listings Rules.

2.The proposals in thisConsultation Paper will be of interest to current and potential AIFC participants who are interested in exercising business activities in or from the AIFC.

3.All comments should be in writingand sent to the addressor email specified below. If sending your comments by email, please use “Consultation Paper AFSA-P- CE-2020-0005” in the subject line. You may, if relevant, identify the organisation you represent when providing your comments. The AFSA reserves the right to publish, including on its website, any comments you provide, unless you expressly request otherwise. Comments supported by reasoning and evidence will be given more weight by the AFSA.

4.The deadline for providing comments on the proposals is 16 October 2020. Once we receive your comments, we shall consider if any refinements are required to this proposal.

5.Comments to be addressed by post: Policy and Strategy Division

Astana Financial Services Authority (AFSA)

55/17 Mangilik El, building C3.2, Kazakhstan or emailed to: consultation@afsa.kz

Tel: +8 7172 613781

6.The remainder of this Consultation Paper contains the following:

(a)Background to theproposal

(b)Annex 1: Draft of the proposed amendments to the AIFC Pre-IPO Listing Rules

Background

1.According to the AIFC Strategy 2025, developing a securities market in the Republic of Kazakhstan and integrating it with international capital markets are the key objectives of the AIFC. AIFC shall become the country’s core platform for attracting portfolio investments, conducting IPO/SPO of large national and private companies. While furtherissuance and placement of corporate and public sectors financial instruments will be continued, raisingdemand from frontierand emerging markets in willingness to invest, shall also be fulfilled by provision of appropriate financial instruments.

2.The AIFC Pre-IPO Listings Rules were developed in 2018 with the aim to allow the admission of the Shares of an Issuer to an Official List maintained by an Authorised Investment Exchange, without the Issuer immediately carrying out an initial public offering of Shares and seeking their admission to trading on the Authorised Investment Exchange.

3.According to the AIFC Glossary, the Shares and Certificate over Shares are equity securities. A Share is a share or stock in the share capital of any Body Corporate or any unincorporated body (excluding a Unit). A Certificate over Shares is an instrument which confers on the holder contractual or property rights to or in respect of a Share held by a Person and the transferof which may be effectedby the holder without the consent of that other Person.

4.The common ways for issuers to raise equity capital is to offer shares and/or certificates representing shares. While shares in most of the cases can only be traded in local currency and on local exchanges, certificates allow issuers to list their securities in foreign currencies and on foreign exchanges and reach out to wider investor base. The certificates help to increase global trade, which in turn can help increase not only volumes on local and foreign markets but also the exchange of information as well as market transparency.

5.In order to apply the AIFC Pre-IPOrules in its entirety to Certificates over Shares, it is proposed to introduce an amendment in the AIFC Pre-IPO Listings Rules by adding “(or Certificates over Shares”)” after“Shares”.

6.The key objectives of the proposed amendments to the AIFC Pre-IPO Rules are as follows:

-clarification of the AIFC regulatory framework;

-attraction of new issuers and market participants to the AIX Market;

-greater exposure to the global marketfor issuers, extension of international shareholder base;

-diversification ofinvestments.

7.Annex 1 describesthe proposed amendments to the AIFC Pre-IPO ListingsRules.

Annex 1

Proposed amendments to the AIFC Pre-IPO Listings Rules

In these Rules the underlying indicates a new text

Guidance: Purpose and application of these Rules

The purpose of these Rules is to compliment AMI in relation to Pre-IPO Listings in the AIFC.

1. Application and Scope

(1)These Rules apply within the jurisdiction of the AIFC.

(2)The following do not apply in the case of a Pre-IPO Listing:

(a)Sections 66(3), 82(1) and 83(1) of the Framework Regulations; and

(b)Sections 86(a) through (c) of the Framework Regulations, provided that the Issuer complies with the requirements of the Listing Rules of the Authorised Investment Exchange as prescribed by Sections 4 and 5 of these Rules;

(c)MAR, in its entirety; and

(d)any Takeover Rules prescribed by the AFSA under Section88 of the Framework Regulations outside of MAR, unless such Rules specifically state that they apply in the case of a Pre-IPO Listing.

2. Interpretation

(1) For purpose of these Rules, a “Pre-IPO Listing” means the admission of the Shares (or Certificates over Shares) of an Issuer to an Official List maintained by an Authorised Investment Exchange, without the Issuer immediately carrying out an initial public offering of Shares (or Certificates over Shares) and seeking their admission to trading on the Authorised Investment Exchange.

3. Rules applicable to Authorised Investment Exchange

(1)Subject to the requirements of this section 3, an Authorised Investment Exchange may include Pre-IPO Listings under a subheading of its Official List.

(2)Without limitation of any other applicable requirements of AMI 3.6, an Authorised Investment Exchange that wishes to permit Pre-IPO Listings must include the following requirements in its Listing Rules:

(a)procedures for admission of Shares (or Certificates over Shares) to its Official List as a Pre-IPO Listing, including:

i.requirements to be met before Shares (or Certificates over Shares) may be granted admission to an Official List as a Pre-IPO Listing; and

ii.agreements in connection with admitting Shares (or Certificates over Shares) to an Official List as a Pre-IPO Listing;

(b)procedures for suspension and delisting of Shares (or Certificates over Shares) from an Official List as a Pre-IPO Listing; and

(c)requirements for disclosure to the markets of such information as the

Authorised Investment Exchange, in consultation with the AFSA, deems appropriate in lieu of the disclosure requirements of section 83(1) of the Framework Regulations and MAR.

(3)For purposes of 3(2)(c), the Listing Rules must prescribe the type of information and the circumstances and manner in which such information must be disclosed including:

(a)financial information; and

(b)any other information or material changewhich occurs in relation to the Issuer.

(4)A prominent warning, approved by the Authorised Investment Exchange, shall accompany each release of the information disclosed, regarding the nature and purpose of such information, including without limitation that

(a)certain regulatory requirements and protections applicable to Shares (or Certificates over Shares) admitted to trading on an Authorised Investment Exchange do not apply to a Pre-IPO Listing, including sections 82(1) (corporate governance), 83(1) (market disclosure) and 86(a) through (c) (insider information) of the AIFC Financial Services Framework Regulations, and the AIFC Market Rules in their entirety; and

(b) the information being disclosed (i) is provided solely for purposes of a Pre-IPO Listing; (ii) does not include key information customarily used for making investment decisions; (iii) is not a substitute for investment research,due diligence or advice;and (iv) is used by an investorfor investment decision-making purposes solely at the investor’s own risk.

Introduction

1.The Astana Financial Services Authority (AFSA) has issued this Consultation Paper to seek suggestions from the market on ways to enhance AIFC Market Institutions framework.

2.The proposals in this Consultation Paper will be of interest to current and potential issuers on AIFC Authorised Investment Exchange, AIFC participants who are interested in exercising business activities in or from the AIFC, Recognised Non-AIFC Members as well as investors and other interested parties.

3.We invite comments from interested stakeholders on the following proposed amendments to the AIFC Authorised Market Institutions Rules (AMI):

(a)clarification on securities settlement finality provisions;

(b)alignment of the outsourcing requirement in AMI with the requirement in AIFC General Rules;

(c)clarification on the requirement for Direct Electronic Access Rules;

(d)guidance on the definition of service of process and the role of an agent for service of process;

(e)alignment of the notification requirement to admit Securities or Units to the Official List with the existing AFSA Waiver and Modification Notice and alignment of submitting audit financial reports requirement in AMI with the requirement in AIFC General Rules.

4.All comments should be in writingand sent to the addressor email specified below. If sending your comments by email, please use “Consultation Paper AFSA-P- CE-2020-0008” in the subject line. You may, if relevant, identify the organisation you represent when providing your comments. The AFSA reserves the right to publish, including on its website, any comments you provide, unless you expressly request otherwise. Comments supported by reasoning and evidence will be given more weight by the AFSA.

5.The deadline for providing comments on the proposals is 19 December 2020. Once we receive your comments, we shall consider if any refinements are required to this proposal.

6.Comments to be addressed by post: Policy and Strategy Division

Astana Financial Services Authority (AFSA)

55/17 Mangilik El, building C3.2, Kazakhstan

or emailed to: consultation@afsa.kz Tel: +8 7172 613741

7.The remainder of this Consultation Paper contains the following:

(a)Background to theproposal;

(b)Annex 1: Proposed Amendments to the AIFC Authorised Market Institutions Rules.

Background

1.According to Article 2 of the Constitutional Statute of the Republic of Kazakhstan On the Astana International Financial Centre (the “Constitutional Statute”), the purpose of the AIFC is to establish a leading international centre for financial services. The objectives of the AIFC are as follows:

(1)attracting investment into the economy of the Republic of Kazakhstan by creating an attractive environment for investment in the financial services sphere;

(2)developing a securities market in the Republic of Kazakhstan and integrating it with international capital markets;

(3) developing insurance markets, banking services, and Islamic financing, in the Republic of Kazakhstan;

(4)developing financial and professional services based on international best practice;

(5) achieving international recognition as a financial centre.

2.Further development of the AIFC requires the enhancement of regulatory framework for market institutions to best meet the region specificities and the market needs.

3.Enhancing AIFC Market Institutions Framework envisages the following:

1)Enhancing the securities settlement finality framework in the AIFC;

2)Introducing miscellaneous enhancements in AMI with regards to:

•Outsourcing arrangement;

•Direct Electronic Access Rules;

•Agent for service of process;

•Reporting and notification requirements.

4.On settlement finality framework in the AIFC, the amendments are needed for establishing international interoperable links and attracting foreign investment by the Authorised Investment Exchange in the AIFC. The amendments on securities settlement finality provisions have been developed based on the best practices deployed in the European Union, United Kingdom, Australia, New Zealand and Dubai International Financial Centre.

5.Other miscellaneous amendments are aimed at alignment of requirements and providing additional clarification and guidance. Thus, the amendments will reflect practical experience of the Authorised Investment Exchange in the AIFC in implementing AMI and the evolving external environment (e.g., unavailability of Direct Electronic Access; period for notification of AFSA in respect of Public Listings and Exempt Offer Listings), clarify certain requirements (e.g., process agent appointment and submission of annual financials by AMI to AFSA). The

introduction of changes to AMI will result in clearer and more explicit statement of rules that are already in effect.

6.Annex 1 includes the proposed amendments to the AIFC Authorised Market Institutions Rules.

Annex 1

Proposed amendments to the AIFC Authorised Market Institutions RulesIn these Rules the underlying indicates a new text and the strikethrough indicates a removed text

1. INTRODUCTION (…)

1.1.2. Outsourcing

An Authorised Market Institution may satisfy the requirements applying to it under these Rules by making arrangements for functions to be performed on its behalf by any other Person. In such circumstances:

(a)   An Authorised Market Institution must, before entering into any material outsourcing arrangements with a service provider, obtain the AFSA’s prior approval to do so notify AFSA of such an arrangement.

(b)    For the avoidance of doubt, the requirement in sub-paragraph (a) applies to any outsourcing arrangements which were not in existence at the time the Authorised Market Institution was granted a Licence.

(c)   Outsourcing arrangements made by an Authorised MarketInstitution do not affect the responsibility of the Authorised Market Institution to satisfy the requirements applying to it, but there is in addition a requirement applying to the Authorised Market Institution that the Personwho performs (or is to perform) the functions is a fit and properPerson who is able to perform them.

(d)  An Authorised Market Institution that outsources any functions must comply with the outsourcing requirements in GEN.

2. RULES APPLICABLE TO ALL AUTHORISED MARKET INSTITUTIONS (…)

2.5. Business Rules

2.5.1.Requirement to prepare Business Rules

Save where the AFSA otherwise directs, an Authorised Market Institution must establish and maintain Business Rules governing relations between itself and the participants in the market, including but not limited to:

(a) Membership Rules,prepared in accordance with AMI 2.6, governing the admission of Members and any other Persons to whom access to its facilities is provided;

(b) Direct Electronic Access Rules, preparedin accordance with AMI 2.7, in case a Direct Electronic Access is available at the Authorised Market Institution, setting out the rules and conditions pursuant to which its Members may provide their clients with Direct Electronic Access to the Authorised Market Institution’s trading systems;

(…)

2.6.4. Undertaking to comply with AFSA rules

An Authorised Market Institution may not admit a Recognised Non-AIFC Member as a Member unless it:

(…)

(d)   where the Recognised Non-AIFC Member is incorporated outside the Republic of Kazakhstan, appoints and maintains at all times, an agent for service of process in the Republic of Kazakhstan AIFC.

Guidance

(1)Service of process is the procedure by which a party to a lawsuit (Claimant) gives an appropriate notice of initial legal action (Claim Form) to another party (Defendant), in an effort to exercise jurisdiction over that Person so as to enable that Person to respond to the proceeding before the court. Notice is furnished by delivering a set of court documents (called "process") to the Person to be served. Service of a Claim Form is defined in clause 4.9 of the AIFC Court Rules. Acknowledgement of process and consequences of not filing an acknowledgment of service are defined in clause 7.4 of the AIFC Court Rules. Methods of service are defined in Part 5 of the AIFC Court Rules.

(2)An agent for service of process is a serviceprovider having legal and real presence in the AIFC.

(3)The main role of agent for serviceof process is to receiveservice of processin the AIFC on behalf of a Person, acknowledge the service of process, and forward the process to such Person once it is received.

3. RULES APPLICABLE TO AUTHORISED INVESTMENT EXCHANGES

3.2.3. Undertaking to comply with AFSA rules

An Authorised Investment Exchange may not admit Securities or Units in a Listed Fund to trading unless the Person who seeks to have such Investments admitted to trading:

(…)

(d) appoints and maintains at all times, an agent for service of process in the AIFC and requires such agent to accept its appointment for service of process.

Guidance

See Guidance to AMI 2.6.4

(….)

3.6.5.Application for admission of Securities or Units in a Listed Fund to an Official List (…)

(4)Subject to (5), at least 5 business days prior to an admission of Securities (other than (i) Exempt Securities or (ii) EquitySecurities in connection with Pre-IPO Listings) or Units

in a Listed Fund to its Official List, an Authorised Investment Exchange must provide the AFSA with notice of the decision and include the following information in the notification:

(a) a copy of the listing application;

(b)    a copy of the assessment of the listing application carried out by the Exchange; and

(c)   any information requested by the AFSA.

(4-1) Subject to (5), at least 2 business days prior to an admission of Exempt Securities to its Official List or Equity Securities to its Official List under the sub-heading “Pre-IPO

 Listings”, an Authorised Investment Exchange must provide the AFSA with notice of the decision and include the information specified in (4) above.

(5)An Authorised Investment Exchange must immediately notify the AFSA of any decision to suspend,restore from suspension or de-list any Securities or Units in a Listed Fund from its Official List and the reasons for the decision.

3.6.6.Undertaking to comply with AFSA rules

An Authorised Investment Exchange may not admit Securities or Units in a Listed Fund to an Official List unless the issuer of such Investments:

(…)

(d) appoints and maintains at all times, an agent for service of process in the AIFC and requires such agent to accept its appointment for service of process.

Guidance

See Guidance to AMI 2.6.4

4. RULES APPLICABLE TO AUTHORISED CLEARING HOUSES (…)

4.4.Settlement

4.4.1.Settlement finality

(1)An Authorised Clearing House must have rules and procedures which clearly define:

(a)  the point at which settlement is final according to the relevant governing law; and

(b)  the point after which unsettled payments, transfer instructions, or other obligations may not be cancelled by a participant.

(2)An Authorised Clearing House must complete final settlement no later than the end of the valuedate.

(3)Notwithstanding (1) above,a settlement by an Authorised Clearing House is final,

irrevocable and binding and may not under any circumstances be reversed or avoided after:

(a)an amount of money is credited to or debited from a depository account; or

(b)  an Investment approved for admission to the depository is credited to or debited from a depository account.

(4)Notwithstanding (1) above, transfer instructions and settlement are legally enforceable and, even in the event of insolvency proceedings against a participant, shall be binding on third parties, provided that transfer instructions were entered into a system before the moment of opening of such insolvency proceedings. Where, exceptionally, transfer instructions are entered into a system after the moment of opening of insolvency proceedings and are carried out on the day of opening of such proceedings, they shall be legally enforceable and binding on third parties only if, after the time of settlement, the Authorised ClearingHouse can prove that it was not aware, nor should have been aware, of the opening of such proceedings.

(5)For the purpose of (4), the moment of opening of insolvency proceedings shall be the moment when the relevant judicial or administrative authority handed down its decision.

5. SUPERVISION (…)

5.3.Financial and otherinformation

5.3.1.Annual reports and accounts financial statements

Authorised Market Institution must give the AFSA:

(a) a copy of its audited annual report and accounts financial statements; and

(b)  a copy of any audited consolidated annual report and accounts financial statements of any group of which the Authorised Market Institution is a member;

no later than when the first of the following events occurs:

(c) three four months after the end of the financial year to which the document relates;

(d)  the time when the documents are sent to Persons granted access to the facilities or shareholders of the Authorised Market Institution; or

(e)  the time when the document is sent to a holding company of the Authorised Market Institution.

Introduction

1.This paper summarises the approach taken to drafting the Special Rule. The Annex sets out the proposed draft of Special Rule, which may be subject to change depending on the scope of the regulatory framework requested by the AIFC.

2.The proposals in this Consultation Paper will be of interest to current and potential AIFC Participants who are interested in doing business in the AIFC.

3.All comments should be in writing and sent to the address or email specified below. If sending your comments by email, please use “Consultation Paper AFSA-L-CE-2020- 0001” in the subject line. You may, if relevant, identify the organisation you represent when providing your comments. The AFSA reserves the right to publish, including on its website, any comments you provide, unlessyou expressly requestotherwise. Comments supported by reasoning and evidence will be given more weightby the AFSA.

4.The deadline for providing commentson the proposals is 24 July 2020. Once we receive your comments, we shall consider if any refinements are required to this proposal.

5.Comments to be addressed by post: Policy and Strategy Division

Astana Financial Services Authority (AFSA) 55/17 Mangilik El, building C3.2, Kazakhstan or emailed to: consultation@afsa.kz

Tel: +8 7172 613781

6.The remainder of this Consultation Paper contains the following:

(a)    Background

(b)    The Rules

(c)     Annex 1

Background

1.In2017-2019 the AFSA worked on the development of the body of the AIFC legislation. As of 2020, the key legislative acts based on the best international practices and international standards were developed and approved. Given that, at the beginning the AIFC participants from Kazakhstan and the whole region could experience some difficulties in meeting the highestregulatory requirements, the AFSA would like to enhance its approach for granting waivers, modifications and other types of reliefs.

2. Currently, AFSA can only waive and modify FSFR and provisions of the Rules made pursuant to FSFR, which significantly limits the powers of the AFSA on providing waivers or modifications direction. At this stage of development such approach does not allow AFSA to provide timely and efficient responses to business needs of AIFCparticipants.

3.This necessitates the changeof the approach by grantingAFSA’s Board of Directors power to enact other types of Regulations outside the scope of FSFR and AFSA’s CEO the broader power to waive,modify and provideother types of reliefs in order to avoid constant need to amend legislation.

4.To implement the abovementioned amendments to the section 9 of the FSFR (AFSA Power to modify or waive Rules) has been made, that provides AFSA with executivepower to waive and modify a provision of FSFR and other Regulations, the Rules..

5.Amended Section 9 of FSFR gives the AFSA power to waive and modify the application to a Person of certain “relevant provisions” in and under the FSFR. Also, gives the AFSA power to waive and modify not only Rules pursuant to FSFR, but Regulations as well in order to make the regulations much more flexible and for AFSA to be more pro-active, when it is needed for businesses, and the regulations much more flexible.

6.For these purposes, “relevant provision” means any provision (a) of FSFR, the Rules or any other legislation administered by the AFSA, and (b) of any other Regulations and Rules which (i) relate to the functions of the AFSA and (ii) are declared by Rules adopted by the Board of Directors of the AFSA to be a provision to which Section 9 of FSFR applies.

7.Considering that the language of Section 9 is enabling in that it permits provisions of the

(i)AIFC Trust Regulations, (ii) AIFC Personal Property Regulations, (iii) AIFC Payment System Settlement Finality Regulations, (iv) AIFC NettingRegulations to be made subject to the AFSA’s waivercapacity under Section9 through the issuance of Rules, includingfor present purposes such rules as may be issued by the Board of Directors of the AFSA.

8.It is proposed that the Special Rule be issued as a special stand-alone Rule. The Rule could be made to, by its own terms.

The Rules

1.In summary, the contents of the draft Special Rule are as follows:

2.    Part 1: (General): which include:

1.1. Name

1.2. Commencement

1.3. Legislative Authorit

1.4. Application of these Rules

1.5. Definitions, etc.

3.    Part 2: (AIFC REGULATIONS AND RULES SUBJECT TO SECTION 9 OF THE AIFC FINANCIAL SERVICES FRAMEWORK REGULATIONS): which include:

2.1. The provisions of AIFC Regulations and Rules and AIFC Regulations and Rules specified in Schedule 1 are hereby subject to Section 9 (AFSA power to modify, waive or grant a relief) of the AIFC Financial Services Framework Regulations.

2.2.Where a waiver, modification or no-action letteris granted pursuantto Section 9 of the AIFC Financial Services Framework Regulations, any other provisions referencing such relevant provision shall be read with the necessary changes being made in order to give effect to such waiver, modification or no-action letter.

2.2.1. Includes an example of applicability of the Special Rule.

4.    Schedule 1: Provides the list of Regulations which are subject to Section 9 (AFSA power to modify, waive or grant a relief) of FSFR. Which include:

1. AIFC Trust Regulations

2. AIFC Personal Property Regulations

3. AIFC Payment System Settlement Finality Regulations

4. AIFC Netting Regulations

Annex 1 to Consultation Paper: AIFC Special Rules Declaring Provisions of AIFC Regulations and Rules to be Subject to Section 9 of the AIFC Financial Services Framework Regulations (“Special Rule”)

AIFC SPECIAL RULES DECLARING PROVISIONS OF AIFC REGULATIONS AND RULES TO BE SUBJECT TO SECTION 9 OF THE AIFC FINANCIAL SERVICES FRAMEWORK REGULATIONS

PART 1: GENERAL

1.1 Name

These Rules are the Special Rules DeclaringProvisions of AIFC Regulations and Rules to be Subject to Section 9 of the AIFC Financial Services Framework Regulations.

1.2Commencement

These Rules commence on                 .

1.3 Legislative Authority

These Rules are adopted by the Board of Directors of the Astana Financial Services Authority under Section 5(23) of the Charter of the Board of Directors of the Astana Financial Services Authority.

1.4 Application of these Rules

These Rules apply within the jurisdiction of the AIFC.

1.5 Definitions, etc.

Terms used in this Rule have the same meanings as they have, from time to time, in the AIFC Regulations and AIFC Rules, or the relevant provisions of those Regulations and Rules, unless the contrary is stated.

PART 2: AIFC REGULATIONS AND RULES SUBJECT TO SECTION 9 OF THE AIFC FINANCIAL SERVICES FRAMEWORK REGULATIONS

2.1The provisions of AIFC Regulations and Rules and AIFC Regulations and Rules specified in Schedule 1 are hereby subject to Section 9 (AFSA power to modify, waive or grant a relief) of the AIFC Financial Services Framework Regulations.

2.2Where a waiver, modification or no-action letter is granted pursuant to Section 9 of the AIFC Financial Services Framework Regulations, any other provisions referencing such relevant provision shall be read with the necessary changes being made in order to give effect to such waiver, modification or no-action letter.

2.2.1.Example: if a modifications is granted from the requirement of Section 56(9) of the AIFC Trust Regulations that the Trustees may make payment on fines imposed by the AFSA within 60 days not 30 days, shall be read as permitting such Trustee to make fine payment within 60 days.

SCHEDULE 1

1.    AIFC Trust Regulations, AIFC Regulations No. 31 of 2019

2.    In relationto matters relatedto the regulation conducted by the AFSA, modifying or waiving the application of provisions of the AIFC Personal Property Regulations in relation to the holding of Investments or interests or entitlements in Investments, pursuantto Section (43) of the AIFC Personal Property Regulations, AIFC Regulations No.15 of 2017

3.    AIFC Payment System Settlement Finality Regulations, AIFC Regulations No.9 of 2017

4.    AIFC Netting Regulations, AIFC Regulations No.8 of 2017

Introduction

1. The Astana Financial Services Authority (AFSA) has issued this Consultation Paper to invite public comments on the proposed amendments to the AIFC Non-profit Incorporated Organisations Regulations and AIFC Non-profit Incorporated Organisations Rules related to addressing certain limitations related to Founding Members of Non-Profit Incorporated Organisations.

2. The proposals in this Consultation Paper will be of interest to current and potential AIFC Participants who are interested in doing business in the AIFC.

3. All comments should be in writing and sent to the address or email specified below. If sending your comments by email, please use “Consultation Paper AFSA-O-CE-2019-0001” in the subject line. You may, if relevant, identify the organisation you represent when providing your comments. The AFSA reserves the right to publish, including onits website, any comments you provide, unless you expressly request otherwise. Comments supported by reasoning and evidence will be given more weight by the AFSA.

4. The deadline for providing comments on the proposals is 19 December 2019. Once we receive your comments, we shall consider if any refinements are required to the proposals.

5. Comments to be addressed by: post: Policy and Strategy Division

Astana Financial Services Authority (AFSA)

55/17 Mangilik El avenue, block C3.2, Nur-Sultan, Kazakhstan or emailed to: consultation@afsa.kz

Tel: +7 7172 647375

6. The remainder of this Consultation Paper contains the following:

(a) background to the proposals;

(b) the key element of the proposed amendments;

(c) Annex 1: Draft of proposed amendments.

Background

The Astana Financial Services Authority ("AFSA") proposes to make amendments to the AIFC Non-Profit Incorporated Organisations Regulations and Rules to remove limitations in the current framework to permit legal entities to serve as Founding Members of the AIFC Non-profit Incorporated Organisations. The proposed amendments also aim to remove the requirement on the number of Founding Members that may apply for the incorporation of a Non-profit Incorporated Organisation.

KEY ELEMENT OF THE PROPOSED AMENDMENTS

Currently, Section 12(1) of the AIFC Non-profit Incorporated Organisations Regulations states that “Three or more individuals may apply for the incorporation of an Incorporated Organisation by signing, and filing with the Registrar of Companies, an application for incorporation in the accordance with the Rules”. The definition of Founding Member similarly uses the word “individuals”.

The proposed amendments remove limitations in the current framework to permit legal entities to serve as Founding Members of the AIFC Non-profit Incorporated Organisation, as well as remove the requirement on the number of Founding Members that may apply for the incorporation of a Non-profit Incorporated Organisation.

Additionally, the proposed amendments are related to simplification of the Standard Charter for Non-profit Incorporated Organisations.

Question

Do you have any concerns related to the proposed amendments to AIFC Non-profit Incorporated Organisations Regulations and AIFC Non-profit Incorporated Organisations Regulations Rules? If so, what are they, and how should they be addressed?

Annex 1: Draft of proposed amendments

In this Annex, a blue font and underlining indicates new text and strikethrough indicates deleted text.

AIFC NON-PROFIT INCORPORATED ORGANISATIONS REGULATIONS

PART 3: FORMATION AND REGISTRATION

12. Method of formation

(1) Three One or more individuals Founding Members may apply for the incorporation of an Incorporated Organisation by signing, and filing with the Registrar of Companies, an application for incorporation in the accordance with the Rules.

(2) The application must state the following:

(a) the proposed name of the Incorporated Organisation;

(b) the proposed address of the Incorporated Organisation’s registered office;

(c) the Authorised Activities proposed to be conducted by the Incorporated Organisation;

(d) the full name, nationality, residency and address of each of the applicants, if the applicant is a natural person;

(e) the other particulars (if any) required by the Registrar of Companies or the Rules;

(f) the full name, date and place of incorporation or registration of each of the applicants, if the applicant is a Body Corporate.

(3) The application must include, or be accompanied by, the following:

(a) a declaration signed by each of the applicants that the Incorporated Organisation will only conduct Authorised Activities;

(b) the proposed Charter of Organisation of the Incorporated Organisation.

PART 4: FINANCIAL RESOURCES, ACCOUNTS AND AUDIT

22. Accounts

(1) The Founding Members of an Incorporated Organisation must ensure that accounts are prepared in relation to each financial year of the Incorporated Organisation within 6 months after the end of the financial year and that the accounts comply with the requirements of this section.

(2) The accounts must:

(a) be prepared in accordance with accounting principles or standards prescribed by the Rules or otherwise approved by the Registrar of Companies; and

(b) show a true and fair view of the financial position of the Incorporated Organisation; and

(c) comply with any other requirements of these Regulations and the Rules.

(3) The Founding Members must approve the Incorporated Organisation’s accounts and must ensure that they are signed on their behalf by at least 2 1 of them.

(4) The accounts must be examined and reported on by an Auditor.

(5) An Incorporated Organisation must file its audited accounts for a financial year with the Registrar of Companies within 7 days after the day the accounts are approved by the Founding Members and reported on by an Auditor.

(6) Contravention of this section is punishable by a fine.

PART 5: FOUNDING MEMBERS AND ORDINARY MEMBERS

23. Founding Members and Ordinary Members

(1) An Incorporated Organisation must have Founding Members and may have Ordinary Members.

(2) The Charter of Organisation of an Incorporated Organisation must define who may become a Founding Member or an Ordinary Member of the Incorporated Organisation.

(3) The initial Founding Members are the Persons who applied for the incorporation of the Incorporated Organisation.

(4) After the incorporation of the Incorporated Organisation, Founding Members are appointed by Special Resolution of the Founding Members

(5) The Founding Members of an Incorporated Organisation must, in Exercising their Functions, act honestly, in good faith and in the best interest of the Incorporated Organisation and must exercise the care, diligence and skill that a reasonably prudent pPerson would exercise in comparable circumstances.

(6) A pPerson may not be a Founding Member and an Ordinary Member at the same time in the same Incorporated Organisation.

26. Meetings of Founding Members

(1) The Founding Members are to meet at the times and places that they decide.

(2) However, a Founding Member may at any time call a meeting of the Founding Members by giving the other Founding Members at least 21 7 days Written notice of the meeting.

27. Board of Incorporated Organisation

(1) An Incorporated Organisation must be managed by a Board.

(2) An Incorporated Organisation must ensure that its Board consists solely of Founding Members and that Ordinary Members are not involved in the management of the Incorporated Organisation. [intentionally omitted]

(3) An Incorporated Organisation must ensure that its Charter of Organisation makes provision about the membership of its Board and the Board’s Functions and operations.

(4) The Board may appoint a resident of the Republic of Kazakhstan to be the Incorporated Organisation’s agent.

(5) Subject to the Charter of Organisation, the Board may delegate any of its Functions to any Person it considers appropriate.

(6) Contravention of this section is punishable by a fine.

PART 6: REPORTING

28. Notice of certain changes

(1) If any of the following changes happen in relation to an Incorporated Organisation, the Incorporated Organisation must file notice of the change with the Registrar of Companies, in accordance with the Rules, within 30 days after the day the change happens:

(a) any change relating to its registered office or contact details (including, for example, a change in the address of its registered office, a change in a telephone or fax number or a change of email address);

(b) any change to its Founding Members;

(c) any change to its name;

(d) any change in its Authorised Activities.

(2) Changes in the Registered Details notice must be accompanied by the prescribed fee set out in the Rules from time to time.

SCHEDULE 1: INTERPRETATION

Chapter 1 General

1.1 Introduction

The purpose of this Banking Business Rules (BBR) is to establish the prudential framework for Authorised Firms carrying out Banking Business. These rules are based on the Basel Accords and on the Basel Core Principles for Effective Banking Supervision, issued by the Basel Committee on Banking Supervision.

1.2 Commencement

These rules commence on 1 2018.

1.3 Effect of definitions, notes and examples

(1) A definition in the glossary to these rules also applies to any instructions or document made under these rules.

(2) A note in or to these rules is explanatory and is not part of these rules. However, examples and guidance are part of these rules.

(3) An example is not exhaustive, and may extend, but does not limit, the meaning of these rules or the particular provision of these rules to which it relates.

(4) Unless the contrary intention appears, a reference in these rules to an accord, principle, standard or other similar instrument is a reference to that instrument as amended from time to time.

1.4 Banking Business firms

(1) Banking Business comprises the Regulated Activities of Accepting deposits and Dealing in Investments as Principal. An Authorised Firm that has an authorization to conduct any of those activities is a Banking Business firm.

(2) However, an Authorised Firm that is an Islamic bank or an Islamic Broker dealer or an Islamic Financing Company (within the respective meanings of the AIFC Islamic Banking Business Prudential Rules No. FR0014 of 2017) is not a Banking Business firm for the purposes of these Rules.

(3) A Banking Business firm may be a Bank or a Broker Dealer.

Guidance

A firm that conducts any of the activities that make up Banking Business, or a combination of those activities, will need to consider the extent to which its business model is subject to the prudential requirements set out in these rules. These rules are designed to address the different prudential risks that could arise from the broad range of business models, risk appetites and risk profiles of banking business firms.

For example, a firm that solely conducts the activity of Dealing in Investments as Principal (that is, a Broker Dealer) will need to consider the extent to which its activities in buying, selling, subscribing to or underwriting

investments attract prudential risks that are subject to the requirements of these rules. In contrast, a firm that is a Bank and that also deals in Investments as Principal would be subject to a broader range of prudential requirements. In both examples, these rules apply in accordance with the nature, scale and complexity of the firm’s business.

1.5 Bank

(1) An Authorised Firm is a Bank if it is authorised to conduct the Regulated Activity of Accepting Deposits.

(2) An Authorised Firm is a Bank even if it is also authorised to conduct any other Regulated Activity or activity. The authorisation for Accepting Deposits qualifies an Authorised Firm as a Bank.

1.6 Broker Dealer

(1) An Authorised Firm is a Broker dealer if it is authorised to conduct the regulated activity of dealing in investments as Principal and it is not a Bank.

(2) A Broker Dealer may raise funds from capital markets or money markets using debt instruments of any type but must not accept deposits.

(3) A firm is a Broker Dealer even if it is also authorised to conduct any other regulated activity (except accepting deposits). The authorisation for dealing in investments as a Principal and the absence of an authorisation for accepting Deposits qualifies an Authorised Firm as a Broker Dealer.

(4) An Authorised Firm licensed to conduct the Regulated Activity of Dealing in Investments as Principal on a matched principal basis does not fall under the category of Broker Dealer. Such firms are subject to the rules in PRU (INVT) and are not subject to the BBR rules.

1.7 Legal form that firms must take

(1) A Bank must be:

(a) a limited liability company incorporated under the AIFC Companies Regulations or

(b) a branch of a Foreign Company, registered as a Recognised Company in the AIFC with the Registrar in accordance with the AIFC Companies Rules.

(2) A Broker Dealer must be:

(a) a limited liability company incorporated under the AIFC Companies Regulations;

(b) a branch of a Foreign Company, registered as a Recognised Company in the AIFC with the Registrar in accordance with the AIFC Companies Rules; or

(c) a Limited Partnership incorporated under the AIFC Limited Partnership

Regulations.

1.8 Application of these rules—general

(1) Except as stated otherwise, these rules apply to a Person that has, or is applying for, an authorisation to conduct Banking Business, as defined in Rule 1.4(a).

(2) Except as stated otherwise, all references to a Bank in the rest of this BBR Rules must be read as referring also to Broker Dealers, defined in Rule 1.6. Consequently, all the regulatory requirements imposed by these BBR Rules apply to all entities licensed to carry out Banking Business as defined in Rule 1.4 (a), except for specific sections or rules wherein their applicability is defined in a particular manner. For sake of clarity, all the regulatory requirements imposed by the BBR Rules apply to Banks and Broker Dealers as defined in Rules 1.5 and 1.6, unless specified otherwise in specific sections or rules of the BBR.

Guidance

It is possible for an Authorised Firm to be authorised both as a Bank under these rules and to hold authorisations for carrying out other Regulated Activities defined in Schedule 1 of the AIFC GEN Rules. Both these rules and the relevant rules for those activities could apply to such an Authorised Firm in relation to the activities they are involved in. In relation to such an Authorised Firm, however, the Capital requirements in these rules apply. If that Authorised Firm complies with the Capital requirements in these rules, it is taken to comply with the prudential rule requirements specified in PRU Rules of the AFSA rulebook.

1.9 Application of these rules—branches

(1) Chapter 4 (Capital adequacy) does not apply to a Bank operating in the form of a branch in the AIFC, in so far as that Chapter would require the branch to hold Capital.

(2) However, the AFSA may require a branch to have Capital resources or to comply with any other Capital requirement if the AFSA considers it necessary or desirable to do so in the interest of effective supervision of the branch.

1.10 Requirement for policy also requires procedures and systems

In these rules, a requirement for a Bank to have a policy also requires such a firm to have the procedures, systems, processes, controls and limits needed to give effect to the policy.

1.11 Responsibility for principles

(1) A Bank’s Governing Body is responsible for the firm’s compliance with the

principles and requirements set out in these rules.

(2) The governing body must ensure that the firm’s senior management establishes and implements policies to give effect to these rules. The governing body must approve significant policies and any changes to them (other than formal changes) and must ensure that the policies are fully integrated with each other.

Note: The significant policies relate to the adequacy of capital and the management of various prudential risks faced by a Bank and group risk, as set out in the following Chapters.

(3) The governing body must review the firm’s significant policies from time to time, taking into account changed operating circumstances, market conditions, activities and risk profiles. The interval between reviews must be appropriate for the nature, scale and complexity of the Bank’s business, but must not be longer than 12 months.

(4) The governing body must ensure that the policies are made known to, and understood by, all relevant staff.

Chapter 2 Principles relating to Banking Business

2.1 Principle 1—Capital Adequacy

A Bank must have capital, of adequate amount and appropriate quality, for the nature, scale and complexity of its business and for its risk profile. A Bank must have appropriate risk management strategies that have been approved by the Bank's Governing Body. The Governing Body of the Bank must set its risk appetite to define the level of risk the Bank is willing to assume.

2.2 Principle 2—Credit Risk and Problem Assets

(1) A Bank must have an adequate credit risk management policy that takes into account the Bank’s risk tolerance, its risk profile and the market and macroeconomic conditions.

(2) A Bank must have comprehensive policies to identify, measure, evaluate, monitor, report and control or mitigate credit risk in a timely way.

(3) A Bank must have adequate policies for the early identification and management of problem assets, and the maintenance of adequate provisions and reserves.

2.3 Principle 3—Transactions with Related Parties

A Bank must enter into transactions with related parties on an arm’s-length basis in order to avoid conflicts of interest.

2.4 Principle 4—Concentration Risk

A Bank must have adequate policies to identify, measure, evaluate, manage and control or mitigate concentrations of risk in a timely way.

2.5 Principle 5—Market Risk

A Bank must have an adequate market risk management policy that takes into account the firm’s risk tolerance, its risk profile, the market and macroeconomic conditions and the risk of a significant deterioration in market liquidity. The firm must have adequate policies to identify, measure, evaluate, manage and control or mitigate market risk in a timely way.

2.6 Principle 6—Operational Risk

A Bank must have an adequate operational risk management policy that takes into account the firm’s risk tolerance, its risk profile and market and macroeconomic conditions. The firm must have adequate policies to identify, measure, evaluate, manage and control or mitigate operational risk in a timely way.

2.7 Principle 7— Interest Rate Risk in the Banking Book

A Bank must have an adequate management policy for interest rate risk in the banking book that takes into account the firm’s risk tolerance, its risk profile and the market and macroeconomic conditions. The firm must have policies to identify, measure, evaluate, manage and control or mitigate interest rate risk in the banking book on a timely basis.

2.8 Principle 8—Liquidity Risk

A Bank must have prudent and appropriate quantitative and qualitative liquidity requirements. The firm must have policies that enable the firm to comply with those requirements and to manage liquidity risk prudently.

2.9 Principle 9—Group Risk

A Bank must effectively manage risks arising from its membership in a group.

Chapter 3 Prudential Reporting Requirements

3.1 Introduction

(1) This Chapter sets out the prudential reporting requirements for a Bank.

(2) Prudential returns of a Bank must reflect its management accounts, financial statements and ancillary reports. A Bank’s returns, accounts, statements and reports must all be prepared using the same standards and practices, and must be easily reconcilable with one another.

(3) A return is referred to as a solo return if it reflects the individual Bank’s accounts,

statements and reports.

(4) A consolidated return means a return which reflects the accounts, statements and reports of a Bank consolidated with those of the other members of its Financial Group.

Note Financial Group is defined in Chapter 10 of BBR and is used for consolidated reporting instead of

‘corporate group’.

3.2 Information about Financial Group

(1) If directed by the AFSA, a Bank must give the AFSA the following information about its Financial Group:

(a) details about the entities in the group;

(b) the structure of the group;

(c) how the group is managed;

(d) any other information that the AFSA requires.

3.3 Financial Group risk

(1) If a Bank is part of a financial group, credit risk, market risk, operational risk, IRRBB and liquidity risk exposures (collectively referred to as prudential risk exposures) apply on a consolidated basis to the Bank and the other members that constitute its Financial Group.

(2) Preparing returns on a consolidated basis means including the financial effects and risk exposures arising from all the activities of all the members or entities forming part of the Bank’s Financial Group. Such returns are not restricted to just reflecting the financial activities or positions of the Bank.

Note: A Bank is required to have systems to enable it to calculate its financial group capital requirement and resources, according to rules in Chapter 10 of the BBR.

3.4 Preparing returns

(1) A Bank must prepare the prudential returns that it is required to prepare by a notice published by the AFSA on its own website. Such a notice may also require Banks to give other information to the AFSA.

(2) The Bank must give the return to the AFSA within the period stated in the notice.

(3) The AFSA may, by written notice:

(a) require a Bank to prepare additional prudential returns;

(b) exempt a Bank from a requirement to prepare annual, biannual, quarterly or monthly returns (or a particular return); or

(c) extend the period within which to give a return.

(4) An exemption may be subject to one or more conditions. The Bank availing the exemption must comply with any condition attached to an exemption.

(5) The Bank must prepare and submit its prudential returns in accordance with the AFSA’s instructions. Such instructions may require that the return be prepared or given through an electronic submission system.

(6) The instructions may be set out in these rules, in the return itself, in a separate document published by the AFSA on its own approved website or by written notice. These instructions, wherever or however they are given, are collectively referred to as instructions for preparing returns.

Note: Instructions may be in the form of formulae or blank spaces that the Bank are expected to use or fill in which would automatically compute the amounts to be reported.

3.5 Giving information

(1) The AFSA may, by written notice, require a Bank to provide information in addition to that required under these rules.

(2) A Bank must submit the required information to the AFSA in accordance with the AFSA’s instructions and within the period stated in the written notice seeking such information. The AFSA may extend the period for the submission of such information.

(3) The AFSA may exempt a Bank from giving information. The Bank must comply with any conditions attached to such an exemption.

3.6 Accounting standards

A Bank must prepare and maintain its financial accounts and prepare its financial statements in accordance with the International Financial Reporting Standards (IFRS).

3.7 Signing returns

(1) A prudential return must be signed by 2 individuals, who are Approved Individuals for the Bank and who occupy any of the Controlled Functions of Director, Senior Executive Officer or Finance Officer.

(2) If these Approved Individuals are not available or are unable to sign, the return must be signed by 1 or 2 of the individuals approved to exercise the following Controlled Functions:

(a) the Risk Manager function;

(b) the Compliance Officer function.

3.8 Obligation to notify the AFSA

(1) A Bank must notify the AFSA if it becomes aware, or has reasonable grounds to believe, that the Bank has breached, or is about to breach, a prudential requirement.

(2) In particular, the Bank must notify the AFSA as soon as practicable of:

(a) any breach or potential breach of its minimum capital requirement;

(b) any concern it has about its solvency or capital adequacy position;

(c) any indication of significant adverse change in the market price of, or trading volume of, the equity capital or other capital instruments of the Bank or those of its Financial Group (including pressure on the Bank to purchase its own equity or debt);

(d) any other significant adverse change in its capital; and

(e) any significant departure from its ICAAP.

(3) The Bank must also notify the AFSA of any measures planned or taken to deal with any real or potential breach or concerns related to its solvency or capital adequacy position.

Chapter 4 Capital Adequacy

4.1 Introduction

(1) This Chapter sets out capital adequacy requirements for a Bank.

(2) A Bank’s total Regulatory Capital is the sum of its tier 1 capital and tier 2 capital. The categories and elements of regulatory capital, as well as the limits, restrictions and adjustments to which they are subject are set out in this Chapter.

(3) Capital adequacy and capital management must be an integral part of a Bank’s overall governance and its bank-wide risk management process. Capital management must align the Bank’s risk appetite and risk profile with its capacity to absorb losses.

4.2 Application to branches

(1) This chapter does not apply to a Bank that is licensed to operate as a branch in the AIFC, insofar as this chapter would require the branch to hold capital.

(2) A branch is required to comply with the reporting requirements under this chapter. In relation to the branch’s ICAAP, the branch may rely on the ICAAP for the bank of which it is a part (if available), to demonstrate compliance.

4.3 Governing Body’s responsibilities

(1) A Bank’s governing body must consider, on a periodic basis, whether the minimum capital and liquidity resources required by these rules are adequate to ensure that there is no significant risk that the Bank’s liabilities cannot be met as they fall due. The Bank must take material and effective measures to obtain additional capital and liquidity resources if its governing body considers that the minimum requirements defined in these rules do not adequately reflect the risks of its business.

(2) The governing body is also responsible for:

(a) ensuring that capital management is part of the Bank’s enterprise-wide risk management framework and is aligned with its risk appetite and risk profile;

(b) ensuring that the Bank has, at all times, capital and liquidity resources of the kinds and amounts required by these rules;

(c) ensuring that the Bank has capital, of adequate amount and appropriate quality, for the nature, scale and complexity of its business and for its risk profile;

(d) ensuring that the amount of capital it has exceeds its minimum capital requirement, calculated according to these rules;

(e) reviewing the Bank’s annual ICAAP and approving it, including but not limited to

taking decisions to raise additional capital for the Bank; and

(f) monitoring the adequacy and appropriateness of the Bank’s systems and controls to ensure the Bank’s compliance with these rules.

4.4 Systems and controls

(1) A Bank must have adequate systems and controls to allow it to calculate and monitor its minimum capital requirement.

(2) The systems and controls must be documented and must be appropriate for its risk profile and proportionate to the nature, scale and complexity of its business.

(3) The systems and controls employed by a Bank must include the ICAAP process which is defined in greater detail in a separate chapter of these BBR Rules.

(4) The systems and controls must enable the Bank to demonstrate, its compliance with the rules in this Chapter, at all times.

(5) The systems and controls of the Bank must enable it to manage available capital in anticipation of events or changes in market conditions.

(6) A Bank must have adequate and proportionate contingency plans to maintain or increase its capital in times of stress, whether idiosyncratic or systemic.

4.5 Use of internal models

A Bank must not use its internal models to calculate regulatory capital requirements and assess capital adequacy in accordance with the BBR rules or to achieve compliance with the BBR Rules.

4.6 References to particular currencies

In these BBR rules, the specification of an amount of money in a particular currency is also taken to specify the equivalent sum in any other currency at the relevant time.

Chapter 5 Credit Risk and Concentration Risk

PART 1. INTRODUCTION

1.1. Title

These Rules may be cited as the AIFC Financial Technology Rules (or AIFC FinTech Rules).

1.2. Commencement

These Rules commence on [TBD February] 2019.

1.3. Application

These Rules apply within the jurisdiction of the AIFC.

1.4. Interpretations

Words and expressions used in these Rules and interpretative provisions applying to these Rules are specified in the Glossary.

1.5. Administration of the Rules

These Rules are administered by the Chief FinTech Officer (hereinafter, the

“CFTO”) of the AFSA FinTech Office.

PART 2. FINTECH LAB

2.1. General introduction to FinTech Lab

2.1.1. The FinTech Lab is a regulatory environment within the AIFC that allows a Person to Test and/or Develop the FinTech Activities without immediately incurring full set of regulatory requirements envisaged under the AIFC acts for Regulated and Market Activities.

2.1.2. FinTech Lab is designed to deliver more effective competition in the interests of consumers by:

(a) reducing the time and, potentially, the cost of getting FinTech to market;

(b) enabling greater access to finance for innovators, including start-ups;

(c) allowing the AFSA to collaborate with the applicant to ensure that appropriate consumer protection safeguards are built into their FinTech Activities; and

(d) enabling more FinTech Activities to be Tested and/or Developed, thus, potentially introduced to the market.

2.1.3. Given that the FinTech Lab is a live environment, Testing and/or Developing the FinTech Activities in the FinTech Lab may result in financial loss or other risks to the FinTech Lab Participants, their customers and the financial system.

2.1.4. The FinTech Lab is not intended to create a risk‐free FinTech environment, rather incorporates appropriate safeguards to identify and manage potential risks that promotes the FinTech Activities, however, minimises the risks of poor customer outcomes posed by these FinTech Activities.

2.2. Testing the FinTech Activities

2.2.1. Eligibility Criteria

(a) The regime of Testing the FinTech Activities is a live environment which allows a Person to test the validity of the following types of activities in a cost-effective and time-bound manner, in close collaboration with the AFSA:

1. Financial Activities which are similar to those that are already being regulated in the AIFC, where:

i. a different technology or process is being applied; or

ii. the same technology is being applied differently; or

2. Financial Activities not regulated in the AIFC; or

3. Activities likely to be regulated in the AIFC as a financial or an ancillary service.

(b) The FinTech Activities specified in (a) above, should bring benefits to consumers, which may include, for example, improvement accessibility, efficiency, security and quality in the provision of financial services, promoting better risk management solutions and regulatory outcomes for the financial industry.

2.3. Developing the FinTech Activities

2.3.1 Eligibility Criteria

4. The regime of Developing the FinTech Activities is a live market environment in which a Person can engage into the activities that are currently regulated or not regulated by the AFSA without immediately incurring full set of regulatory requirements envisaged under the AIFC acts for Regulated and Market Activities.

5. The regime of Developing the FinTech Activities is tailored in the circumstances where:

(i) it is less clear whether the proposed FinTech Activity would have demand in Kazakhstani or regional market (test the waters), or

(ii) an applicant is a start-up that does not meet full-set of requirements for the regulated activities but seeks to deploy the FinTech Activities and comply with regulatory obligations gradually, or

(iii) an applicant holds a licence to operate the proposed FinTech Activity in other jurisdiction(s) which is not currently regulated by the AFSA.

6. For the purposes of 2.3.1(b), the FinTech Activities eligible for being Developed include those that fall under the Regulated and/or Market Activities specified in GEN Schedule 1 and/or Framework Regulations Schedule 3, and other non-regulated by AFSA activities.

2.4. Application process

2.4.1. General overview

(a) A Person seeking to Test and/or Develop the FinTech Activities within the FinTech Lab must qualify the eligibility criteria specified in 2.2.1. and 2.3.1. and satisfy the application requirements specified in 2.4.3(b) to get an authorisation.

(b) A Person may apply to the AFSA for a Licence authorising a Centre Participant to Test and/or Develop the FinTech Activities by:

(i) completing the pre-application and application form and filing such completed form with the AFSA accompanied by such documents as are specified in the form; and

(ii) providing such further information as the AFSA may require.

2.4.2. Pre-application form

(a) The pre-application form is designed to verify eligibility of a Person to Test and/or Develop the FinTech Activities within the FinTech Lab.

(b) The pre-application form is further designed to provide an insight to the AFSA regarding the proposed FinTech and to verify its suitability for support from the FinTech Lab as well as allows the applicant to familiarize with the AFSA’s approach in fostering innovation within the FinTech Lab.

(c) A Person must justify compliance with the eligibility criteria to proceed further with the application form.

2.4.3. Application form

(a) Once the AFSA is satisfied that the Person meets the edibility criteria, such Person can complete and submit an application form for obtaining a License to carry on a Testing and/or Developing the FinTech Activities.

(b) In assessing the application, the AFSA will consider whether:

(i) the Person has performed a rigorous due diligence on legal and regulatory requirements of AIFC for deploying the proposed FinTech Activities and understands them;

(ii) the Person has identified the risks discovered from the preliminary testing and the potential risks to financial industry and consumers that may arise from the Testing and/or Developing of the proposed FinTech Activities in the FinTech Lab, and has proposed appropriate safeguards to address the identified risks to the best of its ability;

(iii) the Person has the necessary financial and non-financial resources to support Testing and/or Developing the FinTech Activities in the FinTech Lab; and

(iv) the Person has prepared the business, testing and/or development plan(s).

(c) The AFSA reviews the application within up to 30 business days from the date of receipt and informs the applicant on authorisation decision within 3 business days.

(d) The procedures of assessing the application, terms and conditions of issuance of the License is defined by the AFSA.

(e) Nothing in these Rules prevents the Person whose application had been rejected to apply to the FinTech Lab again, provided that the reasons causing the rejection of application have been addressed or the different FinTech Activities or the same FinTech Activities under the different business model shall be proposed for being Tested and/or Developed by that Person.

2.5. Licence

2.5.1. General

(a) Person must not Test and/or Develop the FinTech Activities within the FinTech Lab unless it holds a License issued by the CFTO.

(b) A Licence issued by the CFTO, which can be subject to the set of conditions, serves as an authorisation of a Centre Participant to:

(i) Test the FinTech Activities within the FinTech Lab; and/or

(ii) Develop the FinTech Activities within the FinTech Lab.

(c) The Licence has effect for 2 years from the date of its issuance.

2.5.2. Extension, varying, withdrawal of the Licence

(a) The FinTech Lab Participant is entitled to apply to the AFSA to extend, vary or withdraw the Licence.

(b) The FinTech Lab Participant submits application for the Licence extension at least 2 months prior to the Licence expiration date.

(c) The FinTech Lab Participant is entitled to apply to the AFSA to extend the validity, to change the scope, to have a condition/restriction varied or withdrawn, or to have its Licence withdrawn by:

(i) filing the form with the AFSA accompanied by such documents as are specified in the form or as may be requested by the AFSA;

(ii) providing such further information as the AFSA may require.

(d) Each application for an extension, varying or withdraw of the Licence must be accompanied by the sufficient reasons behind such an application.

(e) In the case of withdrawal of the Licence, the FinTech Lab Participant follows the procedure specified in 2.5.3(d) of these Rules.

(f) The CFTO approves the extension, varying or withdrawal of the Licence on a case-by-case basis at his/her own discretion.

(g) The CFTO’s decision on the extension, varying or withdrawal of the Licence is final.

(h) The CFTO may vary the terms of the Licence on his/her own initiative and at his/her own discretion based on the progress of the FinTech Lab Participant in Testing and/or Developing the FinTech Activities.

2.5.3. Suspension, revocation of the Licence

(a) The CFTO may suspend the Licence based on an application of the FinTech Lab Participant.

(b) The CFTO is entitled to suspend or revoke all or some of the terms of the Licence or the full Licence at his/her own discretion.

(c) For the purposes of 2.5.3(b), the CFTO may exercise its power only if the CFTO:

(i) is satisfied that there is a breach, or likely breach of a provision of legislation administered by the AFSA; or there is a failure, or likely failure, to comply with any obligation to which the FinTech Lab Participant is subject under the Licence;

(ii) considers that the exercise of the power is necessary or desirable in the interests of the AIFC as the risks posed by the Tested and /or Developed FinTech Activities exceed the benefits to consumers or the financial system.

(d) Upon revocation or withdrawal of the Licence, the FinTech Lab Participant must:

(i) immediately implement its exit strategy to cease the provision of the FinTech to new and existing customers;

(ii) provide notification to customers informing them of the cessation and their rights to redress, where relevant;

(iii) compensate any customers who had suffered the incurred financial losses from engaging with the FinTech Lab Participant pursuant the safeguards submitted by the FinTech Lab Participant while the application for authorisation;

(iv) ensure all the existing obligations to its customers must be fully fulfilled or addressed before exiting the FinTech Lab; and

(v) submit a final report to the AFSA on the actions taken pursuant the paragraph 2.7.3. of these Rules within 30 days after the revocation or withdrawal.

2.6. Waivers, conditions, restrictions

2.6.1. General

(a) The regime of Testing and/or Developing the FinTech Activities envisages the blank-sheet approach as the normal regulatory requirements applicable to the AIFC Participants, to whom the Framework Regulations apply, would initially not apply to the Person to carry on the Regulated Activity of Testing and / or Developing the FinTech Activities within the FinTech Lab.

(b) The AFSA may, on the application of a Person or its own initiative and by written notice, waive or modify the conditions, restrictions and/or requirements of the AIFC Regulations or Rules made thereunder, and define the appropriate boundary conditions at authorization and through different stages of Testing and / or Developing the FinTech Activities.

2.7. Reporting

2.7.1. Monitoring

(a) The FinTech Lab Participant is subject to the monitoring from the AFSA throughout the Licence validity period, whereby the FinTech Lab Participant submits the information on fulfilling of the testing and/or developing plan according to the paragraph 2.4.3(b)(iv) of these Rules.

(b) The FinTech Lab Participant must ensure proper maintenance of records during the Testing and/or Developing period to support reviews of the testing and/or developing plan by the AFSA.

2.7.2. Interim reports

(a) The FinTech Lab Participant must submit interim reports to the AFSA on the progress of fulfilment of the testing and/or developing plan, which may, without limitations, include information on the following:

(i) key performance indicators, key milestones and statistical information;

(ii) key issues arising as observed from fraud or operational incident reports; and

(iii) actions or steps taken to address the key issues referred to in (ii) above.

(b) The frequency and specific details for reporting, depends on duration, complexity, scale and risks associated with the Testing and/or Developing the FinTech Activities and shall be defined by AFSA.

2.7.3. Final report

(a) The FinTech Lab Participant must submit a final report containing the following information to the AFSA within 30 calendar days from the expiry, or the revocation, or withdrawal of the Licence:

(i) key outcomes, key findings of the Testing and/or Developing the FinTech Activities;

(ii) a full account of all incident reports and resolution of customer complaints (if any); and

(iii) in the case of a failed Test and/or Development – the lessons learnt from the Test and/or Development.

2.8. Miscellaneous

2.8.1. Upon expiry of the Licence’s validity, the legal and regulatory requirements which have been tailored, waived or modified by the AFSA will expire.

2.8.2. Unless the extension of the Licence is requested pursuant paragraph 2.5.2. of these Rules, or at such time as otherwise might be necessary and agreed by the CFTO, the FinTech Lab Participant will have to exit the FinTech Lab and choose to either:

(a) migrate to the full authorisation and supervisory regime under the AIFC regulatory framework and deploy its FinTech on a broader scale; or

(b) continue a business as a non-regulated activity under the commercial license obtained from the Registrar of Companies;

(c) employ an exit strategy and follow the procedure specified in paragraph 2.5.3(d).

2.8.3. Migration to full authorisation is possible provided that:

(a) both AFSA and the FinTech Lab Participant are satisfied that the intended Test and/or Development outcomes are achieved; and

(b) the FinTech Lab Participant can fully comply with the relevant legal and regulatory requirements envisaged under the AIFC acts to carry on the Regulated and/or Market Activities.

2.8.4. The FinTech Lab Participant may continue its business under the commercial licence obtained from the Registrar of Companies in certain circumstances when, for instance, the Tested and/or Developed FinTech Activities remain non-regulated by the AFSA, or when the intention of the FinTech Lab Participant or its financial/non-financial resources suggests continuing the business as a non-regulated by the AFSA activity.

2.8.5. The exit strategy of the FinTech Lab Participant may vary based on commercial needs, and may include the ceasing the business, or transferring the FinTech and engaged customers to the other authorised financial institution(s).

PART 3. THE AFSA FINTECH OFFICE

3.1. Overview

3.1.1. The FinTech Lab is administered by CFTO who has an office established within the framework of AFSA.

3.1.2. In exercising the CFTO’s functions, the CFTO must act in an independent way, even though the CFTO is an agent of the AFSA.

3.2. Objectives and functions

3.2.1. Objectives

(a) In exercising the CFTO’s functions, the CFTO acts in an independent and

non-biased way.

(b) The CFTO exercises the CFTO’s functions only in pursuit of the following CFTO’s objectives:

(i) to promote good practices and observance of the requirements of these Rules;

(ii) to pursue effectiveness and transparency in administering of these Rules.

3.2.2. Functions

(a) The CFTO has the functions given to the CFTO by or under the AIFC Acts, decisions of Governor and AFSA Executive Body.

(b) Without limiting the paragraph (a), the CFTO’s functions include the following:

(i) preparing draft rules, standards and codes of practice and submitting them to the AFSA Board Legislative Committee for consideration;

(ii) preparing and adopting non-binding guidance for the AIFC Participants, and advising the Board of Directors of the AFSA of any guidance adopted by the CFTO;

(iii) issuing or adopting the necessary forms, procedural guidance and other necessary documents pertinent to these Rules;

(iv) initiating and convening the AFSA Committee on authorisation of the FinTech Lab applicants;

(v) devising the tailored regulatory regime for the FinTech Lab Participant to Test and/or Develop the FinTech Activities within the FinTech Lab, including, without limitations, the following:

i. modify eligibility criteria on a case by case basis at his/her own discretion with due consideration of risks posed by the proposed FinTech; and/or

ii. impose waivers, conditions, restrictions and cancel and/or vary any waiver, condition, restriction; and/or

iii. impose such further waiver, condition, restriction as it may think fit; and/or

iv. issue an individual guidance subject to specific characteristics and risk(s) posed by the FinTech Activity; and/or

v. vary the applicable legislative requirements as the FinTech Lab Participant progress through different stages of Testing and/or Developing the FinTech Activities.

(vi) holding the signature right over various legal matters:

i. approve the form of the Licence and other application forms, make modifications thereto;

ii. issue of the Licence;

iii. modify, suspend or revoke the Licence at any time at his/her own discretion due to necessity to pursue one or more regulatory objective.

3.2.3. Other powers

(a) These Rules are not an exhaustive source of the CFTO’s policy on the exercise of its statutory powers and discretions. In discharge of its regulatory mandate, the CFTO is entitled to exercise other powers or functions which the CFTO considers necessary or desirable for or in connection with, or reasonably incidental to, the exercise of the CFTO’s functions, where it might be relevant to address any specific matter in FinTech.

(b) The CFTO may delegate all or any of the CFTO’s functions to any AFSA employee.

(c) The CFTO, and any delegate of the CFTO, is not liable to third parties for anything done or omitted to be done in the exercise or purported exercise of the CFTO’s functions (including any function delegated to the CFTO) under the AIFC Acts, decisions of Governor and AFSA Executive Body, except when it is established that such an action or omission was committed with unfair intentions and/or malicious intent and/or for the purpose of deliberate non-fulfillment or violation of his/her official duties.

PART A - INTRODUCTION

Comments to be addressed to:

R.Abdirassilov@aifc.kz

1.Scope and Purpose

1.1 This paper presents a proposed policy to be adopted by the Astana Financial Services Authority (the "AFSA") for the regulation of digital banking services in the Astana International Financial Services Centre (the "AIFC") (the "Framework").

1.2 Terms not defined herein have the meaning given to them in the AIFC Glossary.

1.3 The proposed Framework will aid the economic and social development of Kazakhstan by diversifying who provides banking services, what those banking services are and how Clients[1] use these services.

1.4 This will support the five-year programme for 'Digital Kazakhstan', which is seeking to improve the competitiveness of Kazakhstan’s economy and quality of life through the progressive development of the digital ecosystem. This programme also includes the development of financial technologies, non-cash payments and electronic commerce, as well as progressive regulations that create a vibrant environment to promote greater inclusion and innovation. The AFSA is being supported by and working with the European Bank of Reconstruction and Development (the "EBRD") in implementing aspects of the 'Digital Kazakhstan' programme within the AIFC. The AFSA and the EBRD are engaging consultants, such as Clifford Chance in this case, to assist it with this programme. The proposed Framework is a part of this programme.

1.5 The aim of the proposed Framework is to enhance and build on the existing regulatory framework in order to support the licensing of digital-only banks and to regulate banking services provided remotely (e.g. online; in a mobile app), in support of the introduction of "Open Banking".

1.6 The proposed Framework will provide regulatory certainty to Authorised Firms providing banking services, and to their Clients. It will also promote new and innovative ways for banking services to be provided in the AIFC. 

2. Background

2.1 Digital banking is transforming how banking services are provided around the world. It is expanding the ways that banking services can be offered, which is opening it up to clients that were previously under-served. This means that traditional banking products, such as accepting deposits and providing credit, do not need to be offered through physical branches, but can be provided remotely; for example, online or in a mobile app. Clients can therefore access more banking services in any location.

2.2 In addition, the concept of 'Open Banking' has gained traction over the past few years. This allows a client's banking data to be used not only by his or her own bank, but also by third party providers in order to enable the provision of new products and services which will benefit clients. It establishes a secure way for a wide variety of providers to access a client's banking information and receive improved financial services and other related services.

2.3 Over the past few years, an increasing number of jurisdictions have been putting in place the regulatory infrastructure to enable remote access through digital banking, and to develop 'Open Banking'. Against this background, the AIFC is seeking to put in place the proposed Framework so that Kazakhstan can benefit from these developments and become an attractive location for both local and international providers of such services.

[1]    As per the AFSA Glossary, "Clients" is a broad term including individuals, corporate and government bodies, which can be located within Kazakhstan or externally.

PART B – REGULATORY APPROACH

3. Overview and Scope of Activities

3.1 The proposed Framework is being developed by the AFSA as part of its plan to enhance regulatory policies aimed at facilitating the adoption of technological innovations in the AIFC.

3.2 In formulating the proposed Framework, it has been proposed to:

1. 3.2.1 develop a standalone regulatory framework for digital-only banks (please see Sections 5 to 8 below with respect to "Authorised Digital Banks" and "Authorised Digital Banks (Limited Licence)");
2. 3.2.2 offer a phased approach to full authorisation for digital-only banks to encourage new providers into the AIFC (i.e., to lower the barriers to entry into the banking market) (please see Section 8 below with respect to "Authorised Digital Banks (Limited Licence)");
3. 3.2.3 consider ways to access online banking;
4. 3.2.4 define new Regulated Services to permit 'Open Banking' activities;
5. 3.2.5 consider what additional infrastructure may need to be developed so that 'Open Banking' can operate fully; and
6. 3.2.6 put in place suitable safeguards that recognise and address the security and other challenges posed by digital banking.

3.3 Following various policy discussions, it has been decided to include provisions related to "Open Banking" in the separate Payment Services and Electronic Money Framework ("PSEM Framework").

4. Legislation

4.1 When developing the proposed digital banking framework, the starting point will be to review the existing AIFC Acts which apply to Banks generally. When conducting this review, the question in each case will be: should this rule apply to an Authorised Digital Bank and, if so, does the rule need to be modified in any way in respect of its application to Authorised Digital Banks. The acts to be reviewed are:

1. 4.1.1 AIFC Financial Services Framework Regulations (“FSFR”);
2. 4.1.2 AIFC General Rules (“GEN”);
3. 4.1.3 AIFC Conduct of Business (“COB”);
4. 4.1.4 AIFC Banking Business Prudential Rules ("BBR");
5. 4.1.5 AIFC Market Rules ("MAR");
6. 4.1.6 AIFC Anti-Money Laundering, Counter – Terrorist Financing and Sanctions Rules (“AML”);
7. 4.1.7 AIFC Fees Rules ("FEES"); and
8. 4.1.8 AIFC Glossary.

4.2 New rules for digital-only banks will also be drafted - the new AIFC Digital Bank Rules ("DBR").  

PART C – SUMMARY OF POLICY POSITIONS

5. Digital-Only Banks - Scope

5.1 Traditionally, banks have physical infrastructure through which they provide banking services to clients. For example, retail banks operate networks of branches where clients receive key banking services (e.g. open bank accounts) and they provide ATMs where clients can withdraw cash from their bank accounts (either through their own ATM network or through an agent bank's ATM network). 

5.2 The AIFC wants to establish a regulatory framework for digital-only banks. The aim of this is to enable Clients to receive banking services remotely, without the need for the physical infrastructure of traditional banks. In order to achieve this, there would need to be sufficient technological infrastructure (both at a network level and at a corporate/individual level) and technological literacy. Enabling Clients to receive banking services remotely would benefit them, as they would have immediate access to banking services wherever they are. Digital-only banks would also benefit from reduced operating costs.

5.3 Digital-only banks will need to be defined to distinguish them from traditional banks. We propose that the core concept of the definition is a bank which provides only digital banking services, and which has only limited physical infrastructure. For example, it could have a head office but no branch network. Digital kiosks and ATMs will be permitted in order to help attract Clients and assist with Client on-boarding and Client queries (such kiosks could be manned or unmanned).

5.4 Applicants would have their own application process (see Section 6 below) to become "Authorised Digital Banks", and their own rules, the DBR (see Section 7 below). Please also see Section 8 below where it is proposed that there is an intermediate step for "Authorised Digital Banks (Limited Licence)", where more limited rules would apply.

5.5 Authorised Digital Banks will come within the definition of Authorised Firms, as will Authorised Digital Banks (Limited Licence). We understand that under the Payment Services and Electronic Money ("PSEM") Policy Paper, certain Authorised Firms do not need separate authorisation to carry out the new payment services Regulated Activity; such Authorised Firms include those with permission to Accept Deposits, Provide Credit and Provide Money Services. Authorised Digital Banks with these permissions will not therefore require separate authorisation to provide payment services as a Regulated Activity.

5.6 There is then also a policy question around whether Authorised Digital Banks should be permitted to carry out the new Regulated Activity under the PSEM Framework of issuing electronic money. Our view is that Authorised Digital Banks should be permitted to do so on the basis that this would be consistent with the banking and payment services activities that Authorised Digital Banks are proposed to be able to carry out and supportive of the general objectives for the DBRs, of expanding the use of financial technology and non-cash payments within the AIFC.

5.7 Authorised Digital Banks would be limited to providing certain existing Regulated Activities set out in Schedule 1 (Regulated Activities) to the AIFC General Rules ("GEN")[1]. They would be allowed to carry out the following Regulated Activities:

1. 5.7.1 17. Accepting Deposits;
2. 5.7.2 18. Providing Credit; and
3. 5.7.3 26. Opening and Operating Bank Accounts.
4. They may then also carry out one or more of the following Regulated Activities:
5. 5.7.4 19. Advising on a Credit Facility; and/or
6. 5.7.5 21. Providing Money Services.

5.8 In addition, Authorised Digital Banks will be permitted to carry out the new Payment Services Regulated Activity, proposed as part of the PSEM Framework, including those activities introduced for "Open Banking". Further review will be required of the PSEM Framework, once drafted, to ensure that the DBRs and the PSEM Framework are consistent. Given the broad definition of Client in the AIFC Glossary, Authorised Digital Banks could not only provide these Regulated Activities and other non-regulated activities to corporates etc., but also to other banks or financial institutions. Authorised Digital Banks will also be able to accept limited deposits of up to USD 10,000 from Retail Clients, unlike other Banks in the AIFC.

5.9 Another issue is as to whether there should be any limit on an Authorised Digital Bank when providing credit to Retail Clients. Policy options for AFSA here include:

1. 5.9.1 allowing Authorised Digital Banks to provide unlimited credit to Retail Clients in the same way that an existing AFSA-authorised Bank would be permitted to;
2. 5.9.2 allowing Authorised Digital Banks to provide microloans of up to USD 10,000 only per Retail Client;
3. 5.9.3 allowing Authorised Digital Banks to provide microloans of up to USD 10,000 per Retail Client but permitting uncapped loans to Retail Clients where either:
4. (a)the funds for loans over the USD 10,000 cap are not derived from client deposits; or
5. (b)reasonable and proportionate security for the loan is taken by the Authorised Digital Bank.

5.10 In our view, there are pros and cons for each of these approaches, based on considerations including consumer protection, ease of implementation and enforcement and ensuring that Authorised Digital Banks are able to grow stable and sustainable businesses. Whilst capping the amount that can be loaned to each Retail Client may be an appropriate way of protecting consumers, allowing Authorised Digital Banks some flexibility to provide further credit to such customers, especially with additional protections, also seems worthwhile in order to support sustainable business growth.

5.11 The application process for becoming an Authorised Digital Bank will allow for an Authorised Firm that is not an Authorised Digital Bank to set up a subsidiary which is an Authorised Digital Bank, or itself become an Authorised Digital Bank, subject to meeting relevant criteria. The AFSA shall have discretion to accelerate the Authorised Digital Bank (Limited Licence) phase for an existing AFSA-authorised Bank wishing to become an Authorised Digital Bank or to establish a subsidiary which is an Authorised Digital Bank.

6.DIGITAL-ONLY banks – Applications

6.1 Applicants to become Authorised Digital Banks will have their own set of application forms. This will include choosing which of the Regulated Activities that are available to Authorised Digital Banks the applicant wishes to provide (see Section 5.5 above).

7. DIGITAL-ONLY banks - Rules

7.1 The AFSA wishes to make its regime attractive to digital-only banks. Part of its appeal will be to reduce unnecessary burdens in the application process. A key part of the work that an applicant will do is to assess the rules that will apply to it.

7.2 The AFSA will need some new rules for Authorised Digital Banks. These will be set out the DBR. In particular, the DBR will set out what defines an Authorised Digital Bank, the application process and any requirements specific to Authorised Digital Banks. The DBR will also do this for Authorised Digital Banks (Limited Licence) (see Section 8 below). As noted in Section 11, there are certain security and consumer protection provisions which should be put in place where banking and other services are provided remotely. As these will also be relevant to other Authorised Firms who provide such services remotely, these will not be included in the DBRs but may be issued as separate guidelines by the AIFC or be included in another AIFC Rulebook (e.g. in the AIFC General Rules or the rules to be drafted for the new PSEM Framework).

7.3 In addition, some existing AIFC Acts applicable to other types of firms will also apply to Authorised Digital Banks. Current rules which may need to apply to Authorised Digital Banks are contained in the following AIFC Acts:

1. 7.3.1 AIFC Financial Services Framework Regulations (“FSFR”);
2. 7.3.2 AIFC General Rules (“GEN”);
3. 7.3.3 AIFC Conduct of Business (“COB”)[2];
4. 7.3.4 AIFC Banking Business Prudential Rules ("BBR");
5. 7.3.5 AIFC Market Rules ("MAR")[3];
6. 7.3.6 AIFC Anti-Money Laundering, Counter-Terrorist Financing and Sanctions Rules (“AML”);
7. 7.3.7 AIFC Fees Rules ("FEES"); and
8. 7.3.8 AIFC Glossary.

New rules are also currently being developed under the PSEM Framework, some of which (such as conduct of business rules) will also apply to Authorised Digital Banks when carrying out payment services; these rules will need to be considered when drafting the DBRs.

7.4 Whilst it would be simpler for Authorised Digital Banks to have all their rules in one place (e.g. no need to follow cross-references to other parts of the AIFC Acts), it would create a lengthy rulebook. In addition, care would need to be taken that any future updates are reflected, where relevant, in both the existing AIFC Acts and in the DBR. Instead, the DBR will set out only specific new rules applicable to Authorised Digital Banks or, existing rules which need to be modified when they apply to Authorised Digital Banks. It will also cross reference however to other existing rules in existing AIFC Acts which will apply to Authorised Digital Banks, to help make the DBR easier to follow, without setting out these existing rules in full.  

7.5 The BBR sets out detailed requirements for Banks, including principles relating to Banking Business, prudential reporting requirements, capital adequacy, credit risk and concentration risk, market risk, operational risk, interest rate risk in the Banking Book, liquidity risk, group risk, supervisory review and evaluation process and public disclosure requirements. It is understood that these will also apply in full to Authorised Digital Banks (but not for an Authorised Digital Banks (Limited Licence) as discussed in Section 8 below).  

7.6 Authorised Digital Banks will also require corporate governance rules. Currently, corporate governance rules for listed entities are set out in MAR and apply to a Reporting Entity, which is a Person who: (i) has Securities or Units admitted to an Official List; (ii) is the Fund Manager of a Listed Fund; or (iii) is declared by the AFSA to be a Reporting Entity. To the extent that an Authorised Digital Bank is a Reporting Entity, they will be subject to these rules, in the same way as other Banks under AFSA's current approach.

8. DIGITAL-ONLY Banks – Authorised Digital Bank (Limited licence)

8.1 In order to encourage new entrants to the banking sector, there will be an intermediary stage between applying for and becoming a full Authorised Digital Bank. This will allow applicants to provide limited Regulated Activities and to not be subject to the full set of rules for an Authorised Digital Bank. They are intended to be known as Authorised Digital Banks (Limited Licence). This is similar to the approach taken in Singapore and is designed to lower the barriers to entry to new entrants to the banking sector.

8.2 All applicants to become an Authorised Digital Bank must first become an Authorised Digital Bank (Limited Licence), until the AFSA have carried out an evaluation to check that the Authorised Digital Bank (Limited Licence) has satisfied certain conditions and can become an Authorised Digital Bank. The Authorised Digital Bank (Limited Licence) phase will be time limited period and an Authorised Digital Bank (Limited Licence) will be required to cease doing business in the AIFC if they fail to satisfy the AFSA's evaluation to become an Authorised Digital Bank within the required time period.

8.3 Limitations on an Authorised Digital Bank (Limited Licence) being considered include:

1. 8.3.1 when providing the Regulated Activities of Accepting Deposits and Providing Credit:
2. (a) no Deposits will be accepted from Retail Clients; and/or
3. (b) a cap on the Credit provided to each Retail Client of USD 10,000.;
4. 8.3.2 The BBR will apply in a reduced manner, such as lower capital requirements (e.g. USD 5 million[4]);
5. 8.3.3 Restrictions on holding safeguarded funds for Payment Institutions and Small Payment Institutions pursuant to any requirements under the PSEM Framework for safeguarded sums to be held with an authorised Bank.

Further rules could also not be applied or be applied in a reduced manner if that is required.

8.4 An Authorised Digital Banks (Limited Licence) will come within the definition of Authorised Firms and so be required to comply with other AIFC Acts applicable to Authorised Firms, subject to modifications set out in the DBR.  

8.5 We understand that under the PSEM Policy Paper, certain Authorised Firms do not need separate authorisation under the PSEM Regime, providing they have permission to carry out Regulated Activities such as Accepting Deposits. If an Authorised Digital Bank (Limited Licence) is an Authorised Firm with such permissions, this would ensure that they do not require separate authorisation when acting as payment service providers.

9.Access to Online banking

9.1 Clients want increased flexibility in how they access banking services. This means that they do not want to have to visit a physical branch to receive banking services. Clients want to be able to transfer funds, view their account balance and undertake other account activities wherever they are. In the AIFC, clients will want this regardless of whether they receive remote banking services from an existing Authorised Firm such as a Bank or, in the future, from an Authorised Digital Bank or Authorised Digital Bank (Limited Licence) (i.e. standards and processes around remote access to Regulated Activities should apply to all Authorised Firms).  

9.2 It is important that the Framework is suitably robust and technologically neutral in order for its rules and requirements to apply wherever relevant Regulated Activities are accessed remotely, regardless of what interface is used (e.g., web-page; mobile app; tablet; watch). In the past, some jurisdictions developed a standalone licensing regime for mobile banking. However, leading jurisdictions now rarely have a licensing regime exclusively for mobile banking. This is because they require a technologically neutral licensing regime which is flexible enough to permit banking services to be provided through a variety of interfaces and which therefore does not need to be constantly revised to take account of technological changes. Standards and processes around access and conduct of business are therefore required to ensure that any remote access to banking services is secure and safe for Clients.

9.3 In order to facilitate this, it is likely that certain security standards will need to be implemented in the AIFC in order to allow Clients to access banking services securely. Whilst certain specific security standards should be implemented as rules as discussed in Section 11 below (e.g. SCA (as defined in Section 11)), the AIFC may also wish to develop security guidelines as, for example, the European Banking Authority ("EBA") has done in the EU.[5] 

10.Open banking – API and other Standards

10.1 In order to be able to provide Account Information Services and/or Payment Initiation Services, Authorised Firms, such as Banks, will need to open up their application programming interfaces ("APIs") to share information securely with Authorised Firms providing Account Information Services and/or Payment Initiation Services.

10.2 APIs are codes and protocols which allow different applications to communicate with each other by deciding how different software components should interact. Open data API specifications are available publicly. These allow API providers, such as Banks, to develop API "endpoints" which can be accessed by Authorised Firms providing Account Information Services and/or Payment Initiation Services through building compatible online applications. Open data API specifications are crucial to ensuring the technological neutrality of the Framework, and to allowing the broadest pool of firms to provide Account Information Services and/or Payment Initiation Services.

10.3 The AFSA will need to decide how it wishes to control APIs. For example, in the UK, Open Banking Limited has set out certain API specifications which must be adhered to.[6] This helps ensure the widest possible access through the use of common standards. However, this is less about financial regulation and more about the technical standards and associated boundaries which the AFSA wishes to put in place to foster innovation and encourage new and existing Authorised Firms to provide Account Information Services and/or Payment Initiation Services.

10.4 Furthermore, using the example of the UK's Open Banking Limited, the AFSA may wish to put in place additional guidelines around security, customer experience and operations.[7] However, this is again less about financial regulation and more about the technical standards and associated boundaries which the AFSA may wish to put in place. As these requirements will apply more broadly than just to Authorised Digital Banks, AFSA's powers to issue such guidelines will be set out, if necessary, elsewhere in the AIFC Rules.

11. Security and Consumer Protection

11.1 Where any banking services take place remotely, there are inherent security risks. This is an issue for all Authorised Firms (including Authorised Digital Banks and Authorised Digital Banks (Limited Licence), regardless of whether they come within the definition of Authorised Firms). However, the Framework offers an opportunity to put in place requirements that will increase security and reduce fraud for all Clients.

11.2 One solution to this is to put in place security standards and processes which must be complied with if Clients:

1. 11.2.1 access Bank Accounts online;
2. 11.2.2 initiate an electronic payment transaction; or
3. 11.2.3 carry out any other action through a remote channel which may imply a risk of payment fraud.

This would therefore affect not just the new Regulated Activities of Account Information Services and Payment Initiation Services, but also existing Regulated Activities where these take place remotely (e.g. online or in a mobile app).

11.3 AFSA intends to follow the EU's approach, which is to require Authorised Firms to apply strong customer authentication ("SCA") where a client wishes to take any of the actions in Sections 11.2.1, 11.2.2 or 11.2.3. SCA would also apply to providers of Account Information Services and/or Payment Initiation Services. SCA requires authentication based on two or more independent elements from the following:

1. 11.3.1 'Knowledge Factor' – something only the Client knows (e.g. password);
2. 11.3.2 'Possession Factor' – something held only by the Client (e.g. card verification number); and/or
3. 11.3.3 'Inherence Factor' – something inherent to the Client (e.g. biometric fingerprint, facial recognition or voice recognition).

Given the importance of business-to-business services, the AFSA may wish to introduce specific exemptions for corporate Clients which either disapply SCA for them, or permit them to implement their own equivalent security processes (with equivalence to be determined by the AFSA).

11.4 Where any banking services are accessed online, there are also other factors which will be considered as part of the DBR drafting process, although these will also be applicable to other Authorised Firms carrying out business remotely. By way of example, please see the summary below.

1. 11.4.1 Client on-boarding – If a Client is on-boarded remotely (e.g. by an Authorised Digital Bank), which documents it would need to provide and how (e.g. PDF copies of invoices as proof of address, passports etc.). Careful consideration needs to be given to Client due diligence that is done remotely. We understand that this will sit within the AIFC's (and/or Kazakhstan's) existing AML/CFT framework. Generally, jurisdictions do not have specific rules for remote Client due diligence. However, there may be some benefit in including some express requirements (e.g. a "selfie" video) where Client due diligence is done remotely.
2. 11.4.2 Cybersecurity – If Authorised Firms provide Regulated Activities online, what security measures they should put in place for their websites, mobile apps and other interfaces to prevent them succumbing to cyber-attacks and to Client data being stolen.
3. 11.4.3 Business recovery – As Clients will be relying upon a remote interface (e.g. online platform or mobile app), what back-up measures Authorised Firms must put in place in order to ensure continuity of service (e.g. servers in an alternative location; multiple data stores).
4. 11.4.4 Outsourcing – To what extent Authorised Firms will be permitted to outsource operational functions, and to the extent that they do, how the AFSA monitors that (e.g. requests to see draft contracts) and the continuing liability of Authorised Firms for outsourced functions. The AFSA may wish to develop guidelines around such outsourcing and what standards need to be adhered to.[8] Whilst we understand that drafting such guidelines are outside the scope of this project, these could be developed by the AFSA to complement the Framework.
5. 11.4.5 Client terms – If Client terms must contain any specific provisions (e.g. treatment of alleged unauthorised transactions; liability for unauthorised transactions; fees) and whether they would differ between Retail Clients and other Clients. However, this is not specific to banking services taking place remotely.
6. 11.4.6 Authorised status – Where and how Authorised Firms should set out their authorised status online.
7. 11.4.7 Consumer protection – Whether Authorised Firms are required to apply any particular security features to Retail Clients or, if security features apply to all Clients, can non-Retail Clients consent to disapply them. Also, whether a higher degree of liability should apply to Authorised Firms when they deal with Retail Clients. These are issues which go beyond just the Framework.
8. 11.4.8 Data protection – Where Authorised Firms provide Regulated Activities on a remote basis, data protection will clearly be important in a number of ways. For example, access to Clients' records, the sending and receiving of messages/instructions and how Authorised Firms use, store, access, move and ultimately dispose of Client data. The Client should be able to access its own data and move it elsewhere, including cross-border, if it so wishes. We understand that data protection will sit within the AIFC's existing data protection framework.

11.5 The AFSA would need to consider whether to take a prescriptive approach in such areas, or to set out certain areas where Authorised Firms need to provide policies and procedures to address these which satisfy the AFSA. By way of example, the EU has adopted a very prescriptive approach, as demonstrated in the EBA's 'Guidelines on the security measures for operational and security risks of payment services under PSD2'.

[1] We note that some of these activities, in particular providing Money Services and Opening and Operating Bank Accounts, may be amended as part of the introduction of the PSEM Framework and this will be taken into account as part of the drafting process, to ensure the PSEM Framework and DBRs are consistent.

[2]    Namely COB 2 (Client Classification), COB 3 (Communication with Clients and Financial Promotions), COB 4 (Key Information and Client Agreement), COB 7 (Conflicts of Interest), COB 15 (Complaints Handling and Dispute Resolution), COB 16 (Record Keeping and Internal Audit), COB 18 (Banks), Schedule 2 (Key Information and Content of Client Agreement) and Schedule 5 (Financial Promotions).

[3]    Namely MAR 2 (Governance of Reporting Entities), MAR 3 (Financial Reports), MAR 5 (Market Abuse), MAR 6 (Market Disclosure) and Schedule 3 (Corporate Governance Best Practice Standards).

[4]    Under Rule 4.10(a) BBR, the Base Capital Requirement of a Bank is USD 10 million. USD 5 million therefore seems a reasonable Base Capital Requirement for an Authorised Digital Bank (Limited Licence)

[5]https://eba.europa.eu/sites/default/documents/files/documents/10180/2060117/d53bf08f-990b-47ba-b36f-15c985064d47/Final%20report%20on%20EBA%20Guidelines%20on%20the%20security%20measures%20for%20operational%20and%20security%20risks%20under%20PSD2%20(EBA-GL-2017-17).pdf

[6]    https://standards.openbanking.org.uk/api-specifications/

[7]    https://standards.openbanking.org.uk/

[8]    For example, the EBA and the UK FCA have drafted guidelines to complement their regulatory regimes. https://eba.europa.eu/sites/default/documents/files/documents/10180/2551996/38c80601-f5d7-4855-8ba3-702423665479/EBA%20revised%20Guidelines%20on%20outsourcing%20arrangements.pdf?retry=1

https://www.fca.org.uk/publication/finalised-guidance/fg16-5.pdf

5. CUSTOMER RISK ASSESSMENT

5.1. Assessing customer AML risks

Conduct of the customer risk assessment

When undertaking a risk-based assessment of a customer under AML 5.1.1 a Relevant Person must:

(a)identify the customer, and any beneficial owner(s) and any person acting on behalf of a customer;

(b)obtain information on the purpose and intended nature of the business relationship;

(c)consider the type of customer, its ownership and control structure, and its beneficial ownership (if any);

(d)consider the nature of the customer's business relationship with the Relevant Person;

(e)consider the customer's country of origin, residence, nationality, place of incorporation or place of business;

(f)consider the relevant product, service or transaction;

(g)consider the beneficiary of a life insurance policy, where applicable; and

(h)consider the outputs of the business risk assessment under Chapter 5.

6. CUSTOMER DUE DILIGENCE

6.1. Undertaking Customer Due Diligence

Undertaking Simplified Due Diligence

A Relevant Person may undertake SDD in accordance with AML 8.1.1 by modifying the CDD under AML 6.3.1 for any customer it has assigned as low risk. Simplified measures should not be conducted whenever there is a suspicion of money laundering and/or terrorist financing.

6.2. Timing of Customer Due Diligence

Establishing a business relationship before Customer Due Diligence is complete

A Relevant Person may establish a business relationship with a customer before completing the verification required by AML 6.3.1 if the following conditions are met:

(a) deferral of the verification of the customer or beneficial owner is necessary in order not to interrupt the normal conduct of a business relationship;

(b) risk management procedures concerning the conditions under which a customer may utilise the business relationship prior to verification have been adopted and are in place; and there is little risk of money laundering occurring and any such risks identified can be effectively managed by the Relevant Person;

(c) in relation to a bank account opening, there are adequate safeguards in place to ensure that the account is not closed and transactions are not carried out by or on behalf of the account holder (including any payment from the account to the account holder) before verification has been completed; and

(d) subject to (c), the relevant verification is completed as soon as reasonably practicable and in any event, no later than 30 days after the establishment of a business relationship.

6.3. Undertaking Customer Due Diligence

Verification of obligations

In undertaking CDD required by AML 6.1.1, a Relevant Person must:

(a) verify the identity of the customer, and of any beneficial owner(s) and any person acting on behalf of a customer, including his authorisation to so act, based on original or properly certified documents, data or information issued by or obtained from a reliable and independent source;

(b) obtain information on the purpose and intended nature of the business relationship;

(c) understand the customer's sources of funds;

(d) understand the customer's sources of wealth; and

(e) undertake on-going due diligence of the customer business relationship under AML 6.4.1.

Customer obligation for life insurance

In complying with AML 6.3.1 for life insurance or other similar policies, a Relevant Person must:

(a) verify the identity of any named beneficiaries of the insurance policy; and

(b) verify the identity of the persons in any class of beneficiary, or where these are not identifiable, ensure that it obtains sufficient information to be able to verify the identity of such persons at the time of pay-out of the insurance policy;.

(c) if a beneficiary of the insurance policy who is a legal person or a legal arrangement presents a higher risk, take enhanced measures which should include reasonable measures to identify and verify the identity of the beneficial owner of the beneficiary, at the time of pay-out; and

(d) take reasonable measures to determine whether the beneficiaries of the insurance policy and/or, where required, the beneficial owner of the beneficiary, are PEPs, at the latest, at the time of the pay-out, and, in cases of higher risks, inform senior management before the pay-out of the policy proceeds, conduct enhanced scrutiny on the whole business relationship with the policyholder, and consider making a suspicious transaction report.

Guidance on identification and verification of beneficial owners

(a) In determining whether an individual meets the definition of a beneficial owner or controller, regard should be had to all the circumstances of the case.

(b) When identifying beneficial owners, a Relevant Person is expected to adopt a substantive (as opposed to form over substance) approach to CDD for legal persons. Adopting a substantive approach means focusing on the money laundering risks of the customer and the product/service and avoiding an approach which focusses purely on the legal form of an arrangement or sets fixed percentages at which beneficial owners are identified (or not).

(c) A Relevant Person should take all reasonable steps to establish and understand a corporate customer's legal ownership and control and to identify the beneficial owner. There are no explicit ownership or control thresholds in defining the beneficial owner because the applicable threshold to adopt will ultimately depend on the risks associated with the customer, and so a Relevant Person must adopt the RBA and pursue on reasonable grounds an approach which is proportionate to the risks identified. A Relevant Person should not set fixed thresholds for identifying the beneficial owner without objective and documented justification. An overly formal approach to defining the beneficial owner may result in a criminal "gaming" the system by always keeping his financial interest below the relevant threshold.

(d) In some circumstances no threshold should be used when identifying beneficial owners because it may be important to identify all underlying beneficial owners to ensure that they are not associated or connected in some way. This may be appropriate where there are a small number of investors in an account or fund, each with a significant financial holding and the customer- specific risks are higher. However, where the customer-specific risks are lower, a threshold can be appropriate. For example, for a low-risk corporate customer which, combined with a lower- risk product or service, a percentage threshold may be appropriate for identifying "control" of the legal person for the purposes of the definition of a beneficial owner.

(e) For a retail investment fund, which is widely-held and where the investors invest via pension contributions, the manager of the fund is not expected to look through to underlying investors where there are none with any material control or ownership levels in the fund. However, for a closely-held fund with a small number of investors, each with a large shareholding or other interest, a Relevant Person should identify and verify each of the beneficial owners, depending on the risks identified as part of its risk-based assessment of the customer.For a corporate health policy with defined benefits, a Relevant Person need not identify the beneficial owners.

(f) Where a Relevant Person carries out identification and verification in respect of actual and potential beneficial owners of a trust, this should include the trustee, settlor, the protector, the enforcer, beneficiaries, other persons with power to appoint or remove a trustee and any person entitled to receive a distribution, whether or not such person is a named beneficiary.

(g) Where no natural person is identified as a beneficial owner, the relevant natural person who holds the position of senior managing official should be identified as such and verified.

6.4. Checking sanctions lists

6.5. Failure to conduct or complete Customer Due Diligence

Prohibitions

Where, in relation to any customer, a Relevant Person is unable to conduct or complete the requisite CDD in accordance with AML 6.3.1 it must, to the extent relevant:

(a) not carry out a transaction with or for the customer through a bank account or in cash;

(b) not open an account or otherwise provide a service;

(c) not otherwise establish a business relationship or carry out a transaction;

(d) terminate or suspend any existing business relationship with the customer;

(e) return any monies or assets received from the customer; and

(f) consider whether the inability to conduct or complete Customer Due Diligence necessitates the making of a Suspicious Activity Report (see Chapter 13).

A Relevant Person is prohibited from knowingly keeping anonymous accounts or accounts in obviously fictitious names.

PART A - INTRODUCTION

Comments to be addressed to:

R.Abdirassilov@aifc.kz

1.Scope and Purpose

1.1 This paper presents a proposed policy to be adopted by the Astana Financial Services Authority (the "AFSA") for the regulation of digital banking services in the Astana International Financial Services Centre (the "AIFC") (the "Framework").

1.2 Terms not defined herein have the meaning given to them in the AIFC Glossary.

1.3 The proposed Framework will aid the economic and social development of Kazakhstan by diversifying who provides banking services, what those banking services are and how Clients[1] use these services.

1.4 This will support the five-year programme for 'Digital Kazakhstan', which is seeking to improve the competitiveness of Kazakhstan’s economy and quality of life through the progressive development of the digital ecosystem. This programme also includes the development of financial technologies, non-cash payments and electronic commerce, as well as progressive regulations that create a vibrant environment to promote greater inclusion and innovation. The AFSA is being supported by and working with the European Bank of Reconstruction and Development (the "EBRD") in implementing aspects of the 'Digital Kazakhstan' programme within the AIFC. The AFSA and the EBRD are engaging consultants, such as Clifford Chance in this case, to assist it with this programme. The proposed Framework is a part of this programme.

1.5 The aim of the proposed Framework is to enhance and build on the existing regulatory framework in order to support the licensing of digital-only banks and to regulate banking services provided remotely (e.g. online; in a mobile app), in support of the introduction of "Open Banking".

1.6 The proposed Framework will provide regulatory certainty to Authorised Firms providing banking services, and to their Clients. It will also promote new and innovative ways for banking services to be provided in the AIFC. 

2. Background

2.1 Digital banking is transforming how banking services are provided around the world. It is expanding the ways that banking services can be offered, which is opening it up to clients that were previously under-served. This means that traditional banking products, such as accepting deposits and providing credit, do not need to be offered through physical branches, but can be provided remotely; for example, online or in a mobile app. Clients can therefore access more banking services in any location.

2.2 In addition, the concept of 'Open Banking' has gained traction over the past few years. This allows a client's banking data to be used not only by his or her own bank, but also by third party providers in order to enable the provision of new products and services which will benefit clients. It establishes a secure way for a wide variety of providers to access a client's banking information and receive improved financial services and other related services.

2.3 Over the past few years, an increasing number of jurisdictions have been putting in place the regulatory infrastructure to enable remote access through digital banking, and to develop 'Open Banking'. Against this background, the AIFC is seeking to put in place the proposed Framework so that Kazakhstan can benefit from these developments and become an attractive location for both local and international providers of such services.

[1]    As per the AFSA Glossary, "Clients" is a broad term including individuals, corporate and government bodies, which can be located within Kazakhstan or externally.

2. GUIDANCE ON KAZAKHSTAN CRIMINAL LAW

2.1. Kazakhstan criminal law

(a)Kazakhstan's criminal legislation, including the Criminal Code, applies to all Centre Participants and therefore Relevant Persons must be aware of their obligations in respect of the criminal law as well as these Rules. Relevant Kazakhstan criminal legislation includes the AML Law and the Criminal Code.

(b)Under Article 218 of the CriminalCode, a Person is criminally liable for the offence of money laundering if they knowingly receive, convert, conceal, possess, or use property representing the proceeds of criminal or administrative infractions of the law of Kazakhstan. The offence may be punished by a custodial sentence, confiscation of assets, and/or a fine.

4. THE RISK BASED APPROACH

4.1. Obligations of the Risk-Based Approach

Obligation to conduct business and customer risk assessment

In order to identify and assess the risks of money laundering and terrorist financing a Relevant Person must conduct a business risk assessment and must also conduct customer risk assessments in accordance with Chapter 5 and keep these assessments up to date.

The risks of money laundering and terrorist financing that may arise in relation to the development of new products and new business practices, including new delivery mechanisms, and the use of new or developing technologies for both new and pre-existing products must be identified and assessed by a Relevant Person prior to the launch or use of such products, practices and technologies.

4.3. Internal policies, controls and procedures

Requirements of policies, controls and procedures

The policies, controls and procedures adopted by a Relevant Person under AML 4.1.1 must be:

(a) proportionate to the nature, scale and complexity of the activities of the Relevant

Person’s business;

(b) comprised of, at minimum, organisation of the development and maintenance of the policies, procedures, systems and controls required by AML 4.1.1, risk management, customer identification, transaction monitoring and studying, employees training and awareness programs;

(c) approved by its senior management; and

(d) monitored, reviewed and updated regularly.

12. SANCTIONS

12.1. Relevant United Nations resolutions and sanctions

Sanctions systems and controls

A Relevant Person must establish and maintain effective systems and controls to ensure that on an on-going basis it is properly informed as to, and takes reasonable measures to comply with, relevant resolutions or sanctions issued by the United Nations Security Council or by the Republic of Kazakhstan. A Relevant Person must freeze without delay and without prior notice, the funds or other assets of designated persons and entities pursuant to relevant resolutions or sanctions issued by the United Nations Security Council or by the Republic of Kazakhstan.

Notification obligation

A Relevant Person must report to the Committee on financial monitoring of the Ministry of Finance of the Republic of Kazakhstan any assets frozen or actions taken in compliance with the prohibition requirements of the relevant resolutions or sanctions issued by the United Nations Security Council or by the Republic of Kazakhstan, including attempted transactions.

A Relevant Person must immediately notify the AFSA when it becomes aware that it is:

(a) carrying on or about to carry on an activity;

(b) holding or about to hold money or other assets; or

(c) undertaking or about to undertake any other business whether or not arising from or in connection with (a) or (b),

for or on behalf of a person, where such carrying on, holding or undertaking constitutes or may constitute a contravention of a relevant sanction or resolution issued by the United Nations Security Council.

13. MONEY LAUNDERING REPORTING OFFICER, SUSPICIOUS TRANSACTIONS AND TIPPING OFF

13.7. Reporting

A Relevant Person must complete the AFSA's AML Return form on an annual basis and submit such form to the AFSA within four 4 months of its financial year end.

Threshold Transactions Controls

A Relevant Person must establish and maintain procedures, systems and controls to monitor, detect and report transactions above defined thresholds in accordance with the AML Law.

Suspicious Activity Controls

A Relevant Person must establish and maintain policies, procedures, systems and controls to monitor and detect suspicious activity or transactions in relation to potential money laundering or terrorist financing.

Immunity from liability for disclosure of information relating to money laundering transactions

The disclosure by a Relevant Person to the competent authorities of information relating to money laundering/terrorist financing is not a breach of the obligation of secrecy or non- disclosure or (where applicable) of any enactment by which that obligation is imposed.

Employee reporting to MLRO

A Relevant Person must have policies, procedures, systems and controls to ensure that whenever any employee, acting in the ordinary course of his employment, either:

(a) knows;

(b) suspects; or

(c) has reasonable grounds for knowing or suspecting,

that a person is engaged in or attempting money laundering or terrorist financing, that employee promptly notifies the Relevant Person’s MLRO and provides the MLRO with all relevant information within the employee's knowledge.

14. GENERAL OBLIGATIONS

14.1. Training and Awareness

Training and Other Obligations

A Relevant Person must implement screening procedures to ensure high standards when hiring employees.

A Relevant Person must take appropriate measures to ensure that its employees:

(a) are made aware of the law relating to money laundering and terrorist financing;

(b) are regularly given training in how to recognise and deal with transactions and other activities which may be related to money laundering or terrorist financing;

(c) understand its policies, procedures, systems and controls related to money laundering and any changes to these;

(d) understand the types of activity that may constitute suspicious activity in the context of the business in which an employee is engaged and that may warrant a notification to the MLRO under AML 13.7.3;

(e) understand its arrangements regarding the making of a notification to the MLRO under AML 13.7.3;

(a) are aware of the prevailing techniques, methods and trends in money laundering relevant to the business of the Relevant Person;

(b) understand the risk of tipping-off and how to avoid informing a customer or potential customer that it is or may be the subject of a SAR;

(c) understand the roles and responsibilities of employees in combating money laundering, including the identity and responsibility of the Relevant Person’s MLRO and deputy, where applicable; and

(d) understand the relevant findings, recommendations, guidance, directives, resolutions, sanctions, notices or other conclusions described in Chapter 13.

Appropriate measures

In determining what measures are appropriate under AML 14.1.1 Relevant Person must take account of:

(a) the nature of its business;

(b) its size; and

(c) the nature and extent of the risks of money laundering and terrorist financing to which its business is subject.

The AFSA may impose additional training requirements in respect of all, or certain, relevant employees of a Relevant Person.

Chapter 5 Credit Risk

Chapter 4 Capital Adequacy

1. Introduction

1. The Astana Financial Services Authority (“AFSA”) has issued this Consultation Paper to invite public feedback and comments on the proposed amendments to the Astana International Financial Centre (“AIFC”) Companies Regulations on providing exemption to Private Companies relating to offer Securities by the way of private placement.

2. The proposed amendments are set out in Annex A to this Paper.

3. This Consultation Paper may be of interest to individuals, legal entities, financial organisations and investors who are interested in doing business in the AIFC.

4. All comments should be in writing and sent to the address or email specified below. If sending your comments by email, please use “Consultation Paper No 6” in the subject line. You may, if relevant, identify the organisation you represent when providing your comments.

5. The AFSA reserves the right to publish, including on its website, any comments you provide, unless you expressly request otherwise. Comments supported by reasoning and evidence will be given more weight by the AFSA.

6. The deadline for providing comments on the proposals is 20 July 2018. Once we receive your comments, we shall consider if any refinements are required to the proposed amendments.

7. Comments to be addressed to:

Consultation Paper No 6 Innovation Policy Division

Astana Financial Services Authority (AFSA)

8 Kunayev Street, Building B, Astana, Kazakhstan or emailed to: Fintech.Consultation@afsa.kz

Tel: +7 (7172) 647260

2. Background

1. On May 25, 2018, issued his Consultation Paper #4 to invite public feedback and comments on the proposed amendments to the Astana International Financial Centre (“AIFC”) Regulations and Rules on regulation of Virtual Currencies, facilities offering trading of Virtual Currencies, and regimes for alternative sources of funding for businesses (“Proposed Framework”).

2. The Proposed Framework involves amendments to the AIFC’s legislation to extend the current exempt offering regime for the offer of Securities by way of placement. The current edition of the AIFC Companies Regulation does not allow Private Companies to use these regimes.

3. Therefore, the AFSA is proposing amendments to the AIFC Companies Regulations on providing exemptions to Private Companies relating to offer Securities by the way of private placement.

3. Annex A

AIFC COMPANIES REGULATIONS

In this Appendix, a blue font and underlining indicates new text and strikethrough indicates deleted text, unless otherwise indicated.

PART 7: PRIVATE COMPANIES AND PUBLIC COMPANIES

CHAPTER 4–PROHIBITION OF PUBLIC OFFERS BY PRIVATE COMPANIES

50. Prohibition of public offers by Private Companies

(1) A Private Company must not:

(a) make an offer of its Securities to the public; or

(b) allot or agree to allot its Securities to any Person with a view to the Securities being offered to the public.

…

(3) A Private Company does not Contravene subsection (1) if it:

(a) acts in good faith under arrangements under which it is to re-register as a Public Company before the Securities are allotted; or

(b) undertakes, as part of the terms of the offer, to re-register as a Public Company within 6 months after the day the offer is first made, and the undertaking is complied with.; or

(c) offers Securities by way of placement as provided in Rules made by the AFSA.

1. Introduction

1. The Astana Financial Services Authority (“AFSA”) has issued this Consultation Paper to invite public feedback and comments on the proposed amendments to the Order of The Governor of the AIFC on Financial Services Exempt from Corporate Income Tax on providing relief from corporate income tax for Participants of the AIFC Fintech Regulatory Sandbox (“the Sandbox”).

2. The proposed amendments are set out in Annex A to this Paper.

3. This Consultation Paper may be of interest to individuals, legal entities, financial technology firms, investors and consulting firms who are interested in doing business in the AIFC and the Sandbox.

4. All comments should be in writing and sent to the address or email specified below. If sending your comments by email, please use “Consultation Paper No 7” in the subject line. You may, if relevant, identify the organisation you represent when providing your comments.

5. The AFSA reserves the right to publish, including on its website, any comments you provide, unless you expressly request otherwise. Comments supported by reasoning and evidence will be given more weight by the AFSA.

6. The deadline for providing comments on the proposals is 28 July 2018. Once we receive your comments, we shall consider if any refinements are required to the proposed amendments.

7. Comments to be addressed to:

Consultation Paper No 7 Innovation Policy Division

Astana Financial Services Authority (AFSA)

8 Kunayev Street, Building B, Astana, Kazakhstan or emailed to: Fintech.Consultation@afsa.kz

Tel: +7 (7172) 647260

2. Background

1. In accordance to the latest changes to the Constitutional Statute of the Republic of Kazakhstan “On the Astana International Financial Center”, the development of financial technologies (“FinTech”) and innovation projects are one of the key pillars of the AIFC.

2. As part of development of financial technologies in the AIFC, the Astana Financial Services Authority (“AFSA”) deployed the FinTech Regulatory Sandbox, a framework that allows FinTech startups and other innovators to conduct live experiments in a controlled environment under a regulator's supervision.

3. The AIFC is positioned as a jurisdiction with tax free regimes for financial service providers. Given that the Sandbox is designed for firms that are looking to apply technology in an innovative way to provide financial services that are or likely to be regulated by AFSA, it is proposed to provide relief from corporate income tax for Participants of the Sandbox.

3. Annex A

ORDER OF THE GOVERNOR OF THE AIFC ON FINANCIAL SERVICES EXEMPT FROM CORPORATE INCOME TAX

In this Appendix, a blue font and underlining indicates new text and strikethrough indicates deleted text, unless otherwise indicated.

Order of the Governor of the Astana International Financial Centre on Financial Services Exempt from Corporate Income Tax

In accordance with subparagraph 5 of paragraph 3 of article 6 of the Constitutional Statute of the Republic of Kazakhstan On the Astana International Financial Centre and paragraph 9 of article 3 of The Structure of the Bodies of the Astana International Financial Centre, adopted by the Resolution of the Management Council on May 26, 2016 No. 20-27/1814, as amended by the Resolution of the Management Council, the Amendments and Supplementations to the Structure of the Bodies of the Astana International Financial Centre, adopted on October 9, 2017 No. 17-61-6.2, the Governor of the Astana International Financial Centre (AIFC) ORDERS:

1. In the event a Centre Participant carries on any service specified in Schedule 1, the Centre Participant shall not be liable for corporate income tax imposed by the Tax Code of the Republic of Kazakhstan on income or capital resulting from that

service provided the service is carried on in full compliance with the AIFC Regulations and Rules.

2. The list of financial services that are exempt from corporate income tax is specified in Schedule 1 hereof.

3. This order comes into effect from the date of its signing.

AIFC Governor К. Kelimbetov

Schedule 1: The List of Financial Services that are Exempt from Corporate Income Tax

(a) A Regulated Activity listed in Schedule 1 of the AIFC General Rules (GEN).

(b) A Market Activity listed in Schedule 3 of the AIFC Financial Services Framework Regulations (FSFR).

(c) A financial services activity specified in an AIFC FinTech Regulatory Sandbox Permission issued pursuant to the AIFC FinTech Regulatory Sandbox Guidance.

Introduction

1. The Astana Financial Services Authority (AFSA) has issued this Consultation Paper to invite public comments on the proposed amendments to the AIFC Regulations and Rules which aim at updating and modernising the legal framework to meet the current needs of business and provide the flexibility needed for companies to operate in an evolving business environment

2. The proposals in this Consultation Paper will be of interest to current and potential AIFC Participants who are interested in doing business in the AIFC.

3. All comments should be in writing and sent to the address or email specified below. If sending your comments by email, please use “Consultation Paper AFSA-P-CE-2019-0009” in the subject line. You may, if relevant, identify the organisation you represent when providing your comments. The AFSA reserves the right to publish, including onits website, any comments you provide, unless you expressly request otherwise. Comments supported by reasoning and evidence will be given more weight by the AFSA.

4. The deadline for providing comments on the proposals is 25 October 2019. Once we receive your comments, we shall consider if any refinements are required to the proposals.

5. Comments to be addressed by: post: Policy and Strategy Division

Astana Financial Services Authority (AFSA)

55/17 Mangilik El avenue, block C3.2, Nur-Sultan, Kazakhstan or emailed to: consultation@afsa.kz

Tel: +7 7172 613626

6. The remainder of this Consultation Paper contains the following:

(a) background to the proposals;

(b) the key element of the proposed amendments;

(c) Annex 1: Draft of proposed amendments to AIFC Regulations;

(d) Annex 2: Draft of proposed amendments to AIFC Rules.

Background

The Astana Financial Services Authority ("AFSA") proposes to make amendments to the AIFC Acts which aim at updating and modernising the legal framework to meet the current needs of business and provide the flexibility needed for companies to operate in an evolving business environment. Additionally, the proposed amendments aim to make a positive contribution to the AIFC Development Strategy, in particular by improving the ease of doing business.

The key aspect of the proposal is to introduce an option for Private Companies and partnerships to keep information in the Register kept by the Registrar rather than in their own statutory books. The election of this option will decrease the administrative burden on the AIFC Participants. The relevant registers include the: register of Shareholders, register of Directors and Secretaries (if applicable), register of ultimate beneficial owners (UBOs), register of Partners, and the register of Members. This is modelled based on the practice of the United Kingdom.

It is proposed to amend each of the following AIFC Acts:

1) AIFC Companies Regulations

2) AIFC Limited Partnership Regulations

3) AIFC Companies Rules

4) AIFC General Partnership Rules

5) AIFC Limited Liability Partnership Rules

6) AIFC Fees Rules

KEY ELEMENT OF THE PROPOSED AMENDMENTS

The key aspects of the proposal is to introduce an option for Private Companies and partnerships to keep information in the Register kept by the Registrar rather than in their own statutory books. The election of this option will decrease the administrative burden on the AIFC Participants. The relevant registers include the: register of Shareholders, register of Directors and Secretaries (if applicable), register of ultimate beneficial owners (UBOs), register of Partners, and the register of Members. This is modelled based on the practice of the United Kingdom.

Question

Do you have any concerns related to the proposed amendments to AIFC Rules and Regulations? If so, what are they, and how should they be addressed?

Annex 1

Proposed amendments to AIFC Regulations

Annex 2

Proposed amendments to AIFC Rules