Originally published 1st June 2017

Regulatory

FCA publishes its regulation round-up for May 2017

In this month's Regulation round-up [18.05.17], the FCA outlines its findings from the Assessing Suitability Review for the financial advice sector. The importance of the provision of suitable advice was a priority in the FCA's 2016/17 Business Plan. In their review the FCA assessed 1,142 individual pieces of advice from 656 firms against the suitability and disclosure rules in COBS. Although issues remain around disclosure, particularly initial disclosure, product disclosure and disclosure of suitability reports, the FCA's findings show that in 93.1% of cases suitable advice was provided which the FCA attributes to the RDR and the FCA's previous supervisory and enforcement activities and which will be a baseline from which the FCA expects the quality of suitability assessments to increase.

The FCA flags there will soon be important changes to advice and disclosure requirements because of MiFID II and PRIIPs which, in some cases, mean increased requirements for financial advisers, so firms must take the new requirements on board and make all changes necessary.  The FCA will repeat the review in 2019 based on advice given in 2018.

The FCA also reminds firms that need to apply for variations of permission following the implementation of MiFID II that they should submit their applications now so that they can continue in business from January 2018.

FCA creates new "Cyber Resilience" webpage

The FCA has published a Cyber Resilience webpage [18.05.2017] to help firms "become more resilient to cyber attacks, while ensuring that consumers are protected and market integrity is upheld." FCA advises firms to:

  • develop their 'security culture' encompassing the board and all employees;
  • protect their "information assets" , ie. hardware, software and people; and
  • evolve continually to meet new threats.

Firms should be reporting material cyber incidents under Principle 11. Examples of reportable incidents include those that:

  • cause significant loss of data, availability of, or control over a firm's IT;
  • impact on a large number of victims;
  • result in unauthorised access to, or malicious software being present on, a firm's information and communication systems.

The page links to a range of materials including The National Cyber Security Centre and FCA materials which include the FCA's speech given by Nausicaa Delfas [April 2017] on the current threat landscape

Financial Stability Board stocktake of efforts to strengthen governance frameworks

The FSB is assessing how governance frameworks reduce risks of misconduct. It published its report [23.05.17] "Stocktake of efforts to strengthen governance frameworks to mitigate misconduct risks" setting out three areas of further work, aiming to put together a "toolkit" for regulators and firms on:

  • Rolling bad apples: when employees dismissed for misconduct or leaving under suspicion of misconduct re-appear at another firm;
  • Responsibility mapping: where supervisory expectations are set for board members and other senior individuals FSB will look at how such responsibility mapping and related tools can mitigate against the  risk of misconduct - including by supervisory examination or enforcement focussing on the legal and regulatory requirements that apply to such individuals; and
  • Culture: can be a major influence on the governance framework so the FSB plans to explore how governance mechanisms such as escalation processes, training and non-financial incentives may mitigate against the risk of misconduct derived from the culture at firms.

FSB will keep in mind as it carries on this work, whether any other steps such as guidance would be useful.  The final report on their work will be published in March 2018.

EU Regulatory

ESMA consultation paper on money market fund rules

ESMA has published [24.05.17] its consultation paper on the new Money Market Fund Regulation (MMF). The CP contains ESMA's proposals on:

  • draft technical advice (TA): liquidity and credit quality requirements for assets received as part of a reverse repurchase; criteria for validating the credit quality assessment methodologies and for quantifying credit risk and the relative default risk of an issuer and the instrument in which the MMF invests; criteria to establish qualitative indicators on the instrument's issuer;
  • draft implementing technical standards (ITS): for a reporting template for MMF managers to send the required information to the MMF's competent authority; and
  • guidelines: on common reference parameters for scenarios to include in the stress tests MMF managers are to carry out.

Responses are to be provided by 7 August 2017.  ESMA will finalise the TA and ITS to submit to the Commission, and issue the guidelines by the end of 2017.

ESMA updates Q&A on AIFMD and UCITS

ESMA published [06.04.17] updated Q&A on AIFMD and UCITS.  It added three responses to the following questions:

  • how AIFMs are to report the breakdown between retail and professional investors to National Competent Authorities on the reporting template for AIF-specific information, when the information is not available;
  • how an AIFM provides information on AIFs it intends to manage that are domiciled in another Member State in the programme of operations;
  • whether an AIF subject to the clearing obligation under Article 4(1) of EMIR can use the intragroup transactions exemption at article 4(2) of EMIR (the same question as applied to UCITS was also added to the UCITS Q&A).

City of London Law Society Regulatory Law Committee writes to FCA regarding ESMA Q&A on AIFMD

The CLLS Regulatory Committee has written a letter to the FCA [16.05.17] in relation to ESMA's response in its  AIFMD Q&A [updated 16.11.17] to new question 2 concerning Delegation. The question asks if an AIFM that does not itself perform the functions in Annex I of the AIFMD, whether it is released it from its responsibility to ensure compliance of the relevant function(s) with the AIFMD.  The Committee is concerned that ESMA's response is based on "an incorrect interpretation of the relevant provisions of AIFMD" which, in its view, "cuts directly across" the approach of the UK funds industry and is not supported by FCA's approach in its Handbook.  The Committee notes that the FCA rules and guidance clarify that an AIFM can only delegate services it is responsible for, and do not see any reason for the FCA to change fundamentally their existing rules which the CLLS Regulatory Committee consider are based on the "plainly correct reading" of the European legislation. 

Directive amending the shareholders rights directive published in the OJ

Directive (EU) 2017/8282 amending the shareholders rights directive (Directive 2007/36/EC) as regards the encouragement of long-term shareholder engagement has been published in the OJ [20.05.17]. Member States must bring in the laws and regulation necessary to comply with the new directive by 10 June 2019. There are a range of amendments to the shareholders rights directive concerning institutional investors, asset managers and proxy investors including:

  • that institutional investors and asset managers develop and publicly disclose an engagement policy to show how they integrate shareholder engagement in their investment strategy and disclose annually how it has been implemented;
  • requirements for institutional investors to disclose publicly specified information on their arrangements with any asset manager investing on its behalf - whether on a discretionary client-by-client basis or through a collective investment undertaking - and reciprocal disclosure by the asset manager to the institutional investor of how their investment strategy and its implementation complies with that arrangement and contributes to the medium to long-term performance of the institutional investor's assets or those of  the fund.

Fintech

ESMA speech on the adoption of RegTech

Patrick Armstrong, ESMA Senior Risk Analysis Officer, Innovation and Products Team spoke in London [16.05.17] about The Adoption of RegTech within the Financial Services Industry: Ten years from the Start of the 'Great Financial Crisis'. He talked about reasons for the current interest in RegTech; his view of the regulator's role to encourage digitalization of supervisory data; and the role of market participants.

Since the use of technology for compliance monitoring existed before 2007, Patrick Armstrong sees the current interest in doing so more as evolution than revolution. For financial institutions he drew parallels between the adoption of FinTech: the use of innovation for financial products and services, and RegTech: using technology to meet regulatory requirements. While technology assists firms to fulfil their regulatory requirements and regulators to monitor and supervise effectively there are risks:

  • disintermediation: in collaborating with RegTech firms, financial institutions cannot delegate their regulatory responsibilities but there is a risk their full oversight may not extend all the way down the value chain.  Established firms may have expertise in the form of compliance staff to understand their responsibilities but new entrants may not;
  • digital security: arguably increasingly centralized digital data brings increased risk of attack, theft and fraud. "We must develop mind-sets in which client data is viewed with the same level of security as that given to money placed in secure vaults" Armstrong said; and
  • migration risk - the "differential adoption of new technology": failure to "adapt to the newer digitalised infrastructures" may be both a business and compliance risk. In business terms it "may separate winners from losers in coming years"; and leave participants that do not adapt to more automated compliance  processes with platforms that do not work with the current regulatory framework.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances,