LEGAL CHALLENGES OF THE DIGITALIZATION OF BANKING: REGULATORY GAPS, LIABILITY, AND THE RECONFIGURATION OF FINANCIAL LAW
Keywords:
banking law; bank digitalization; financial regulation; cybersecurity; operational resilience; algorithmic accountability; third-party providers; comparative law; UzbekistanAbstract
This article examines the principal legal challenges arising from the digitalization of banking from a comparative and doctrinal perspective. It analyses how four jurisdictions — the United States, the European Union, Singapore, and Uzbekistan — address the regulatory perimeter problem, the allocation of liability for cyber incidents and algorithmic decisions, the supervisory treatment of cloud and other critical third-party providers, and the protection of consumers in instant and cross-border digital transactions. The findings demonstrate that, although substantive obligations on cybersecurity, customer authentication, and information disclosure converge across the surveyed regimes, the institutional and doctrinal architecture for addressing emerging risks diverges significantly. Uzbekistan, having reinforced its framework through Law No. ZRU-578 of 2019, Presidential Decree No. PP-381 of November 2023, and Central Bank Regulation No. 3513 of May 2024, has achieved meaningful substantive alignment with international standards. However, the regime lacks codified rules on the oversight of critical third-party providers comparable to the EU's Digital Operational Resilience Act, a framework for the legal accountability of automated decision-making analogous to the EU Artificial Intelligence Act, and a specialised dispute-resolution mechanism for digital-banking disputes. The article argues that the next reform cycle should consolidate the legal infrastructure for operational resilience, algorithmic accountability, and consumer redress.
References
1. Buckley R. P., Arner D. W., Zetzsche D. A., Selga E. "The Dark Side of Digital Financial Transformation: The New Risks of FinTech and the Rise of TechRisk" (2020) UNSW Law Research Paper.
2. Regulation (EU) 2022/2554 on digital operational resilience for the financial sector (DORA), [2022] OJ L 333/1.
3. Regulation (EU) 2024/1689 laying down harmonised rules on artificial intelligence (Artificial Intelligence Act), [2024] OJ L 1689.
4. Bank of England and Financial Conduct Authority, "Operational Resilience: Critical Third Parties to the UK Financial Sector" (Policy Statement, 2024).
5. Federal Reserve Board, "Supervisory Observations on Banking-as-a-Service Arrangements" (2024).
6. Legal500, "Digital Payments in Uzbekistan: Legal Reforms and Global Implications" (2024). https://www.legal500.com/developments/thought-leadership/digital-payments-in-uzbekistan-legal-reforms-and-global-implications/
7. Law of the Republic of Uzbekistan No. ZRU-578 "On Payments and Payment Systems" (1 November 2019). https://lex.uz/ru/docs/4575788
8. Presidential Decree of the Republic of Uzbekistan No. PP-381 of 30 November 2023.
9. Central Bank of the Republic of Uzbekistan, Regulation No. 3513 of 21 May 2024.
10. Interfax, "Uzbekistan Intends to Increase Share of Cashless Payments to 75% by 2030" (December 2025).
11. Law No. ZRU-578 (1 November 2019).
12. Presidential Decree No. PP-381 of 30 November 2023.
13. Central Bank Regulation No. 3513 of 21 May 2024.
14. Regulation (EU) 2022/2554 (DORA).
15. Regulation (EU) 2024/1689 (AI Act).
16. Regulation (EU) 2023/1114 on Markets in Crypto-Assets (MiCA), [2023] OJ L 150/40.
17. Bank of England and FCA, "Critical Third Parties Policy Statement" (2024).
18. Federal Reserve, FDIC, OCC, "Interagency Guidance on Third-Party Relationships: Risk Management" (2023).
19. Civil Code of the Republic of Uzbekistan, Part One (21 December 1995).
20. Regulation (EU) 2022/2554 (DORA), Articles 28–44.
21. Regulation (EU) 2024/1689 (AI Act), Annex III.
22. Regulation (EU) 2023/1114 (MiCA).
23. Norton Rose Fulbright, "PSD3 and PSR: From Provisional Agreement to 2026 Readiness" (2026).
24. Federal Reserve, FDIC, OCC, "Interagency Guidance on Third-Party Relationships" (2023).
25. Federal Reserve Board, "Supervisory Observations on Banking-as-a-Service Arrangements" (2024).
26. OCC, "Risk Management of Artificial Intelligence in National Banks" (Bulletin, 2024).
27. Monetary Authority of Singapore, Technology Risk Management Guidelines (revised 2021).
28. MAS-IMDA, Guidelines on Shared Responsibility Framework for Phishing Scams (effective 16 December 2024).
29. MAS, Principles to Promote Fairness, Ethics, Accountability and Transparency (FEAT) in the Use of Artificial Intelligence and Data Analytics in Singapore's Financial Sector (2018).
30. Law No. ZRU-578 (1 November 2019).
31. Presidential Decree No. PP-381 of 30 November 2023.
32. Central Bank Regulation No. 3513 of 21 May 2024.
33. Law of the Republic of Uzbekistan "On Personal Data" No. ZRU-547 (2 July 2019).
34. Central Bank Regulation No. 3513 of 21 May 2024.
35. Civil Code of the Republic of Uzbekistan, Part One (1995).
36. Interfax, "Uzbekistan Intends to Increase Share of Cashless Payments to 75% by 2030" (December 2025).
37. Zetzsche D. A., Buckley R. P., Arner D. W. "FinTech, BigTech and the Future of Banks" (2020) Review of Banking & Financial Law 40, 215–270.
38. Regulation (EU) 2022/2554 (DORA), Articles 28–44.
39. Bank of England and FCA, "Critical Third Parties Policy Statement" (2024).
40. Bank Service Company Act, 12 U.S.C. §§ 1861–1867b.
41. Central Bank Regulation No. 3513 of 21 May 2024.
42. Hacker P. "The European AI Act and the Regulation of High-Risk Credit-Scoring Systems" (2023) Common Market Law Review 60(5), 1351–1394.
43. Regulation (EU) 2024/1689 (AI Act).
44. MAS, FEAT Principles (2018).
45. Law of the Republic of Uzbekistan "On Personal Data" No. ZRU-547 (2 July 2019).
46. Directive (EU) 2015/2366 (PSD2), Article 73.
47. MAS-IMDA Guidelines on Shared Responsibility Framework (16 December 2024); Norton Rose Fulbright, "PSD3 and PSR" (2026).
48. Central Bank Regulation No. 3513 of 21 May 2024.
49. Law No. ZRU-578 (1 November 2019).
50. Presidential Decree No. PP-381 of 30 November 2023.
51. Central Bank Regulation No. 3513 of 21 May 2024.
