On 24 September 2024, following an in-depth consultation with industry participants, the Office of the Superintendent of Financial Institutions (OSFI) and the Financial Consumer Agency of Canada (FCAC) published their findings concerning the use and adoption of artificial intelligence (AI) by federally regulated financial institutions. The report highlighted that a significant majority of financial institutions will adopt AI by 2026, and also set out a number of key risks that arise for financial institutions from AI usage. OSFI and FCAC emphasized the need for financial institutions to adopt a dynamic and responsive risk management system with respect to AI, and confirmed their commitment to work towards more specific best practices for industry participants.
The Ministry of Home Affairs introduced the Protection from Scams Bill for First Reading in Parliament on 11 November 2024. The Bill empowers the Police to issue Restriction Orders (ROs) to banks to restrict an individual’s banking transactions, if there is reasonable belief that the individual will make money transfers to scammers.
On 12 November 2024, the US Department of Justice Antitrust Division updated its Evaluation of Corporate Compliance Programs in Criminal Antitrust Investigations (ECCP). The additions include guidance such as using “managers at all levels” to “set the tone from the middle” by “demonstrating to employees the importance of compliance,” establishing policies that account for the use of “ephemeral messaging or non-company methods of communication,” applying “data analytics tools in . . . compliance and monitoring,” and involving compliance personnel in “the deployment of AI and other technologies to assess the risks they may pose.” Additionally, the ECCP now addresses its application to civil investigations.
In response to the persistent issue of fraud, the Fraud Crime Hazard Prevention Act (FCHPA) was passed by the Legislative Yuan and came into force on 31 July 2024. The FCHPA requires financial institutions, virtual asset service providers, telecom enterprises, online advertising platform operators, third-party payment service providers, e-commerce and online gaming companies to respectively take certain fraud prevention measures.
In September 2024, the Ministry of Digital Affairs (MODA) published the criteria of the online advertising platforms that would be subject to the FCHPA, designated four foreign online advertising platform operators that meet the criteria, and asking them to report their legal representative (can be a law firm) in Taiwan by 31 October 2024.
Telecommunications concessions and authorization holders and other companies that own or use telecommunications or broadcasting infrastructure must provide certain information to the Federal Telecommunications Institute through the National Information and Infrastructure System (Sistema Nacional de Información e Infraestructura (SNII)). The obligation to report such information is effective as of January 2025. The SNII is a database that will contain information on active infrastructure and means of transmission, passive infrastructure, rights of way and public and private sites used by operators providing telecommunications or broadcasting services.
Since the coming into force of Malaysia Cyber Security Act 2024 (“CSA”) on 26 August 2024, there have been substantial developments in the landscape in the past few months.
The Malaysian Communications and Multimedia Commission (MCMC) has announced that it is holding a public consultation on the draft Code of Conduct (Best Practice) for Internet Messaging Service Providers and Social Media Service Providers (“Draft Code of Conduct”).
The objective of the public consultation is to collect public opinion on the Draft Code of Conduct, which outlines the best practices for applications service provider class licence holders who offer Internet messaging and social media services in Malaysia to address harmful online content and other relevant conduct requirements.
EU Regulation 2024/1689 on Artificial Intelligence has the aim to introduce strict rules for the design, implementation and placing on the market of Artificial Intelligence systems, to be applied both to suppliers established in European territory and to suppliers established outside the European Union.
On 24 October 2024, the Monetary Authority of Singapore (MAS) and Infocomm Media Development Authority of Singapore (IMDA) announced that the Shared Responsibility Framework (SRF) for phishing scams will be implemented on 16 December 2024 via a set of guidelines. Under the SRF, financial institutions (FIs) and telecommunication operators are assigned duties to mitigate phishing scams. The MAS and IMDA expect responsible entities to bear any scam losses arising from failure to fulfill any of the relevant duties under the “waterfall” approach.
The European Council adopted the new Product Liability Directive on 10 October 2024, and it is now awaiting publication in the Official Journal of the European Union. From its entry into force, member states will have two years to transpose it into their national law. The new directive derogates Directive 85/374/CEE. Considering the current context in which digitalization and business models based on sustainability and the circular economy are booming, it was crucial to carry out an update of the rules governing the civil liability of manufacturers and other operators of defective products.