[FinTech] Barbados launches Regulatory Sandbox

In Barbados, the Financial Services Commission  and the Central Bank have jointly created an important regulation: the Regulatory Sandbox Framework for the Financial Services Sector.

Sandbox Benefits

The no-fluff definition of a regulatory sandbox? A temporary observatory where regulators try to figure out whether a new financial product/service is fish or foul.

Let’s flesh that out a bit.

Where an entity wishes to introduce an innovative financial product or service in Barbados, it may not be immediately clear which regulatory requirements should be complied with. Why? Financial services are regulated by two separate entities: the Central Bank and the FSC. Broadly speaking, the Central Bank regulates banking-type institutions whereas the FSC regulates all other financial service providers (think: insurance companies, credit unions, pension funds etc).

Applying to and being accepted in the Sandbox allows the applicants some well needed regulatory breathing space. In this period, applicants do not need to comply with and be licensed under the regimes of either the FSC or the Central Bank.

Regulatory Review Panel

For the duration of the applicant company’s time in the Sandbox, governance oversight will be provided by the Regulatory Review Panel (RRP). The RRP will be comprised of no less than 3 persons (there is no upper limit on the number of appointees to the RRP). The Director of Finance and Economic Affairs, the Central Bank and the FSC will be responsible for the appointments to the RRP.

The RRP, among many other governance functions, will determine whether the applicant’s product or service should be regulated pursuant to the FSC’s regime or the Central Bank’s. Alternately, the RRP may conclude that the particular product/service being considered is so novel that entirely new legislation is required.

Key Beneficiaries

In practical terms, the kinds of financial products or services most likely to  benefit from sandboxing would be new technology-centric financial service providers a.k.a. FinTech companies. Most FinTech startups tend to focus on disrupting traditional models of operating and will typically employ a combination of novel processes, unconventional business models and innovative products. In doing so, FinTechs will – almost by definition – defy the existing regulatory frameworks which were conceived with the brick-and-mortar realm in mind.

FinTech companies are the primary targets of the Regulatory Sandbox
FinTech companies are the primary targets of the Regulatory Sandbox – Internationalbanker.com photo

More Information

The Sandbox was launched at the end of October 2018 and the main documentation can be found on the websites of both the FSC and the Central Bank.

[Presentation] Data Protection: What Service Providers Should Know – Bimtech Digital Forum 2018

I was one of the speakers at the Bimtech Digital Forum 2018. The forum focused on pertinent considerations for service sector entities participating in the digital economy. The forum was put on by the Barbados Coalition of Service Industries (BCSI) which is dedicated to the acceleration of service sector development and enhancing the export potential of service providers in Barbados.

My ‘power chat’ presentation focused on fundamental data protection considerations for entities in the Barbados services sector. During the presentation, some emphasis was placed on the General Data Protection Regulation (GDPR), key data protection principles and practical next steps for Barbadian service providers.

You can view a copy of my presentation here (.pdf).

 

Barbados Privacy Bill 2018 released for public comments til July 31, 2018

Barbados data protection Bill 2018
Barbados data protection Bill 2018

The Government of Barbados has released for comment, a 2018 draft of the Data Protection Bill (Mirror ). The draft bill is open for public input until July 31, 2018.

While the timing is somewhat short for a bill with such far reaching implications, I think its commendable that the bill is being opened up to input from all stakeholders, including civil society interests.

This is the second attempt by the Barbados Government to pass a comprehensive data protection bill. A prior iteration of the bill was initially tabled in 2005. However, meaningful progress in Parliament appeared to stall for the better part of the 13 years since.

On my initial scan, a few things jumped out at me which I mentioned in some tweets:

I will be reviewing the bill more closely over the coming weeks, with a view to submitting comments. If personal data protection is something you are interested in, I encourage you to submit comments, via e-mail to Commerce.Comments@barbados.gov.bb.

 

Enforcement powers clarified under updates to Barbados Telecommunications Act

Enforcement powers under Barbados’ Telecommunications Act are now more expansive and clear-cut following recent amendments. The newly passed Telecommunications (Amendment) Act, 2018-10 expressly extends the circumstances in which various enforcement-related activities such as injunctions, search and seizure orders and the issue of warrants may occur. Prior to the amendment, invocation of enforcement powers was almost exclusively grounded in breaches of the Act. Following the amendment, action may now be taken for breaches of any rules, regulations and orders made pursuant to the Telecommunications Act.

If you’re interested in the details, I’ve listed the essence of the changes below.

  1. Previously, the relevant minister had the power to seek injunctive relief or seek damages (pecuniary penalty) only where a telecommunications rule was breached. Under the amendment, in addition to rules, breaches of regulations and orders will also attract injunctions and pecuniary penalties.
  2. Under the amended Act, investigative powers are now extended to a licence issued under either rules, regulations or orders made under the Act. Previously, investigations were limited to breaches of the Act or licences issues under it.
  3. Pursuant to the original Act, the powers to enter, seize and/or search by an authorised inspector were limited to suspected breaches of the Act or a licence issued under it. Under the new amendments, this power has been extended to licences granted under any rule, regulation or order made in accordance with the Act or any registration or authorisation done under the Act.
  4. Magistrates were previously issued with the power to issue search warrants on suspicion that a breach of the Act had happened or was impending. Post-amendment, the magistrate may also issue a search warrant where rules, regulations and orders have been or are about to be breached.
  5. Where anyone interferes with an inspector in the execution of duties, that person will be liable to prosecution if the inspector was performing duties under the Act or any regulations, rules or orders made under it. This power was previously limited to the performance of duties pursuant to the Act itself.

Published: The Why and How of Taking Privacy Seriously

I recently published an article with practical tips for businesses who wish to give serious consideration to privacy and protecting their customers’ data. My article appears in Vol 4 of the Exporter magazine which is published by the Barbados Coalition of Service Industries. This edition of the magazine’s theme is “ICT in a 21st Century Barbados.”

BCSI Exporter Magazine Vol 4 2017 Bartlett Morgan Privacy
BCSI Exporter Magazine Vol 4 2017 

Click here and navigate to page 21 for my article. While there,  do check out some of the other fascinating articles which cover a gamut of ICT related topics including implementing blockchain technology into financial product offerings in Barbados and ICT applications in coastal zone management.

Presentation: E-commerce and the Barbados Services Sector

A bit late with this one. Apologies.

In September 2017, I gave a presentation at a breakfast seminar put on by the Barbados Coalition of Service Industries. The seminar was focused on E-Commerce in Barbados and I was asked to consider legal implications.

My presentation touched on:

  1. Elements of an enabling e-commerce environment.
  2. Common barriers of e-trade + e- commerce.
  3. Opportunities for service sector firms through e-business in Barbados and other CARICOM states. 
  4. Best practices for service sector firms with successful e-commerce business models.
  5. Next steps in the advancement of e-commerce solutions.

See an excerpt which made the local news here.

Download a PDF copy of the presentation here.

Cyber security Report on Latin America and the Caribbean

Last Month, the Inter-American Development Bank, in association with the Organisation of American States, launched a publication titled: 

Cybersecurity: Are We Ready in Latin America and the Caribbean

image

According to the blurb on the website: 

The 2016 Cybersecurity Report is the result of the collaboration between the Inter-American Development Bank (IDB), the Organization of American States (OAS), and the Global Cyber Security Capacity Centre (GCSCC) at the University of Oxford. The report presents a complete picture and update on the status of cybersecurity (risks, challenges, and opportunities) of Latin America and the Caribbean countries.

Importantly, the report was the result of self-assessments by key stakeholders within each jurisdiction under review.

In respect of the key findings, a good summary comes from the preface by the current IADB President, Luis Alberto Moreno, who notes that:

The analysis of its 49 indicators shows that several countries in the region are vulnerable to potentially
devastating cyberattacks. Four out of five countries do not have cybersecurity strategies or critical infrastructure
protection plans. Two out of three do not count on command centers and cybersecurity control. The vast
majority of prosecutors lack the legal capacity to pursue cybercrime actions.

 

Among the more interesting aspects of the report is the model developed to assess the state of cybersecurity in LAC. The report applies what they describe as a “Cybersecurity Capability Maturity Model” (CMM). The CMM is based on a model developed by the

Global Cyber
Security Capacity Centre
at Oxford University and has five designations: startup; formative; established; strategic; and dyamic.  After analysing each country’s situation, that country is graded using the CMM designations in respect of 49 specific indicators. In turn, the 59 indicators were grouped into five broad categories:  

  1. National Cybersecurity Policy
    and Strategy (Policy and Strategy); 
  2. Cyber Culture and Society
    (Culture and Society); 
  3. Cybersecurity Education, Training and
    Skills (Education); 
  4. Legal and Regulatory Frameworks (Legal
    Frameworks); and 
  5. Standards, Organizations and Technologies
    (Technologies).
image

From a Caribbean perspective, the report is very comprehensive. All 12 Commonwealth Caribbean Countries and 14 CARICOM-party states overall (Haiti and Suriname are also included) are covered in the report. For context, 32 Latin America and Caribbean countries were surveyed in total.

To my mind, the biggest value of this report for Caribbean states is the quick diagnosis it provides of the weak area(s) in various states. This understanding should significantly assist in determining which areas should be prioritised by governments in the region and, by extension, where scarce state resources should be directed. Similarly, it should also be useful to civil society actors and organisations in determining which cybersecurity and ICT issues need flagging and actioning the most in their respective territories.

Implicit in the foregoing, is another important purpose that this report serves: it underscored the nuanced challenges we face from jurisdiction to jurisdiction in respect of not just cybersecurity but ICT issues generally. By extension, the findings confirm that the one-size-fits-all-in-the-region approach to analysing and addressing challenges is woefully outdated.

You can directly download the report as a pdf (English | Español

Also, I should mention that the IADB has shared the dataset that was mined to create the report. If you are interested in sifting through the data yourself

(and have the time), you can grab it here.

Formation of an Internet Society Chapter in Barbados (ISOC-BB)

After recent discussions with members of the local internet governance community in Barbados, a decision has been taken to take active steps towards the formation of an Internet Society Chapter in Barbados. 

What Is the Internet Society?

The Internet Society (ISOC) is an international, non-profit organization founded in 1992 to provide leadership in Internet related standards, education, and policy. The mission of ISOC is “to promote the open development, evolution and use of the Internet for the benefit of all people throughout the world.”

image

The Internet Society website.


How will an ISOC Chapter benefit Barbados?

Today, people in Barbados use the Internet to purchase critical goods and services; to make and maintain connections with business prospects, family members and friends; to pay taxes and manage money. We socialise via the Internet and also use it to entertain ourselves. The Internet is no longer just a curiosity, it is a necessity. 

As with all necessities of life, structures need to be put in place to safeguard its continued availability and proper functioning. By raising awareness and championing appropriate future-facing policies, we believe that an ISOC Chapter will further the proper development of the Internet in Barbados.

What will an ISOC Barbados Chapter do?

We propose to undertake two main pillars of activity: 

  1. Organising events and activities which will bring together various stakeholders to discuss ideas and share perspectives; and
  2. Determining and championing public policy perspectives in relation to the use and development of the Internet which the Chapter’s members believe will redound to the benefit of Barbados and Barbadians.


How will ISOC Membership benefit you?

From the ISOC website

“As an Internet Society Chapter member, you can benefit in a number of ways. 

Whether you’re trying to find a job, expand your business, stay abreast of the latest trends, build your professional network, or just connect with those who share your passion for the Internet, an Internet Society Chapter is the ideal forum.

If you want to make a difference in your community by helping to advance the Internet Society’s mission, a Chapter is the perfect vehicle.

If you want to develop your communications, management, and leadership skills, volunteering for a Chapter creates great opportunities to stretch yourself (and get a high level of visibility among prospective employers or customers).”


How can you help?

At this initial stage, two objectives are of critical importance: building membership and charting the course forward. 

To become a member is a simple two stage process: 

  1. Sign up to be a member of the Internet Society
  2. Plug your details into the Barbados Chapter sign-up sheet

Thereafter we will be looking to poll the membership in the coming weeks for ideas on our overall mission and the specific projects we may wish to pursue.