Introduction
This article rounds up some of key recent developments in UK and EU financial services. October has been a busy month. In this edition:
Some key themes which we are seeing;
FCA MarketWatch 80 regarding overseas clients;
The FMSB consultation on its statement of good practice for front office supervision of wholesale traded markets;
The Dear CEO letter to financial advisors and investment intermediaries;
The FCA review of payment firms’ implementation of the Consumer Duty;
An update on the final ITS for DORA;
Recent supervisory expectations regarding cloud outsourcing;
Amendments to the Payment Services Regulations;
Amendments to the CCIs legislation (which replaces PRIIPs);
An anticipated Court of Appeal judgment in BlueCrest v FCA;
The Digital Securities Sandbox opens for applications;
BCAP introduces new rules restricting broadcast ads for cryptoassets;
Companies House issues an approximate timetable for implementation of the ECCTA; and
A recent speech in Parliament regarding future corporate reporting changes.
If you’d like to discuss anything contained in this article, please contact us at tom.hine@cambitas.com.
Key Themes
First up, some key themes which we have identified in publications and in our own interactions with clients:
Regulated firms should be highly circumspect in responding to FCA questionnaires, and also take careful note of “Dear CEO” letters. Given its resource constraints, a common approach for the UK regulator in recent years has been to issue a “Dear CEO letter” with its expectations for a particular area or theme, and then follow it up with a questionnaire aimed at a cross-section of the relevant group. See for example the work the FCA has done recently on the Consumer Duty, and on financial advisors and intermediaries, both of which are referred to below. If you fail to take account of the Dear CEO letter, then it will be difficult to respond to the questionnaire adequately, and the consequences can be severe. The FCA is prepared to utilise the full range of its “regulatory tools”, including supervisory measures (such as OIREQs and VREQs), section 166 notices and investigation / enforcement. If you need help responding to a set of questions from the regulator, please contact us – it may save you a lot of time and money.
The same circumspection is necessary for enquiries from exchanges, who have regulatory powers over their members akin to the FCA. Exchanges such as ICE and the LME are currently very active in terms of audit activity. We recommend being careful regarding how you respond to such audits. It is prudent to get external advice early in the process, before an investigation starts. The investigation process rarely lasts less than two years, and frequently ends with a fine and remedial undertakings.
Operational resilience continues to be a key theme in regulatory communications. DORA comes into force on 17 January 2024, although the RTS have still not been completely finalised because of European wrangling. The supervisory authorities have called on financial entities (i.e. those subject to DORA) to speed up their implementation efforts. The ECB has also set out its expectations on cloud outsourcing, much of which aligns with DORA.
Changes to UK corporate law are coming in terms of the ECCTA and corporate reporting. A big change will be identity verification for directors. This is covered at the end of this note.
FCA Market Watch on Overseas Clients
In Market Watch 80, the FCA has set out some guidance regarding systems and controls to prevent financial crime. The guidance relates to arrangements when dealing for overseas clients operating aggregated accounts, where they do not have visibility of the ultimate beneficiary owners (UBOs). Under SYSC 6.1.1R, firms must have policies and procedures to ensure compliance with their regulatory obligations, including countering financial crime. The FCA’s concerns have arisen where a regulated firm offers leveraged equity products to clients based overseas, who themselves have underlying clients in aggregated accounts. It is often the case that the identities of the UBOs of these trades are not known to the UK firm executing their trades. The FCA call these accounts 'obfuscated overseas aggregated accounts' (OOAAs). The FCA has seen instances where firms terminate trading accounts for individual UBOs because of suspicions of market abuse (for example, multiple STORs being submitted), but then unknowingly transact trades for the same individual UBOs through OOAAs. The FCA suggests that firms should put in place extra systems and controls when onboarding and trading with OOAAs. These may include:
Informing OOAAs that they operate a zero-tolerance approach to market abuse;
Requiring OOAAs that execute for anonymised UBOs to provide information about their systems and controls to prevent market abuse;
Requiring trades for each UBOs to be given an identifier code, if identities are masked;
Ending relationships in a robust manner where appropriate.
Market Watch 80 was published on 9 October 2024 and is available here.
FMSB consults on guidance on front office supervision of wholesale traded markets
The Financial Markets Standard Board (FMSB) is consulting on revisions to its Statement of Good Practice for Front Office Supervision of Wholesale Traded Markets. The consultation closes on 15 November 2024. The draft Statement of Good Practice for Front Office Supervision of Wholesale Traded Markets is available here.
The key changes relate to, amongst others, the supervision framework, roles and responsibilities, conflicts of interest, effectiveness of supervisors, and data and information.
Dear CEO Letter to Financial Advisers and Investment Intermediaries
The FCA has sent a “Dear CEO” letter to financial advisors and investment intermediaries. The letter, dated 7th October 2024, sets out the FCA’s expectations of firms providing financial advice or investment intermediation. Key points include:
Most new clients are placed into arrangements for ongoing advice. The FCA expects firms to consider carefully the relevance and costs of these services for all clients, and ensure the service is appropriate for the clients’ needs and circumstances. Firms must maintain records to ensure appropriate monitoring and demonstrate they are delivering good outcomes. The FCA intends to write to firms requesting information. As noted above, we would recommend your response to these questions is carefully considered, as poor responses will invite further scrutiny. Let us know if we can help with this.
Polluter pays: the FCA has seen firms fail, and redress be provided by the Financial Services Compensation Scheme (FSCS). The FCA expect firms to identify and meet any potential liabilities before it will cancel their authorisation. The FCA will consider past business reviews and deed polls to ensure liabilities to consumers are identified and met. Where firms are unable to meet their liabilities and accountable individuals seek to move to another firm, the FCA may question their fitness and propriety to hold a role that requires FCA approval.
Consolidation: the FCA has noted substantial consolidation in the financial advisory sector in recent years. The FCA expect firms always to notify it and seek approval on change of control. It also wants firms to place emphasis on the delivery of good outcomes, and make sure leadership, governance, oversight arrangements and controls are effective. Firms must undertake due diligence, and hold adequate financial resources at all times. Where acquisitions are funded by debt, the firm should have a credible plan to service the debt.
The Dear CEO letter is available here.
FCA Review of Consumer Duty for Payments Firms
The FCA has published its review into payment firms' implementation of the Consumer Duty. This follows a Dear CEO letter of 21 February 2023 on its expectations of payment firms, and then a review of 23 payment firms earlier this year. The firms included e-money issuers, merchant acquirers, money remitters and open banking firms. A number of the firms reviewed had only partially implemented the Consumer Duty and required significant work to comply with it.
Some of the key findings related to failures in clearly identifying the target market for their products and services and what good outcomes looked like for products and services, price and value, consumer understanding and consumer support. The FCA also had concerns about firms’ ability to monitor their agents, and about fair value assessments. It identified weaknesses in governance and management information. Firms should be demonstrating consideration of issues related to the Consumer Duty at Board and committee level, and providing detailed management information to SMFs on a regular basis.
See here for the FCA webpage.
DORA
The European Supervisory Authorities (ESAs) have issued an opinion disagreeing with the Commission's proposal to allow both EUID and LEIs as identifiers of ICT service providers in the DORA register. However, they also suggest changes to the draft ITS in case the Commission decides to proceed with the EUID option, and call on the Commission to adopt the ITS swiftly. The ESAs also state that financial entities should accelerate their implementation efforts so that they are ready to submit their registers of information in H1 2025. The press release published on 15 October 2024 is available here.
Supervisory expectations on cloud outsourcing
Elizabeth McCaul, Member of the Supervisory Board of the European Central Bank, gave a speech on 17 October 2024 at the KPMG Cloud Conference regarding cloud outsourcing. The ECB has published a draft Guide on cloud outsourcing in June 2024 and it intends to finalise this by the end of this year. When adopting cloud strategies, banks should retain full accountability for outsourced services. Roles and responsibilities regarding cloud outsourcing should be clearly defined, well understood and embedded in both internal policies and contractual agreements with cloud service providers. The requirements of DORA should be taken into account, which includes a thorough pre-outsourcing analysis, and appropriate IT security and data confidentiality measures. Regular audits, continuous monitoring of cloud service providers and robust exit strategies are essential.
The speech is available here.
The Payment Services (Amendment) Regulations 2024
The Payment Services (Amendment) Regulations 2024 were published on 9 October 2024 along with an explanatory memorandum. The Regulations come into force on 30 October 2024. The Regulations grant powers to payment services providers to slow certain payments where there are reasonable grounds to suspect fraud or dishonesty.
The draft Consumer Composite Investments (Designated Activities) Regulations 2024
The draft Consumer Composite Investments (Designated Activities) Regulations 2024 were published on 10 October 2024 along with a draft explanatory memorandum. The draft Regulations replace assimilated law relating to PRIIPs, establishing a new legislative framework for the regulation of Consumer Composite Investments (CCIs), formerly PRIIPs.
Court of Appeal Blue Crest Case
The Court of Appeal has published its judgment in the BlueCrest v FCA case. The Court gave a wide interpretation of the FCA’s power to issue a s.55L FSMA own initiative requirement (OIREQ) power. This power can be used to oblige a firm to pay redress, even without the criteria contained in other FSMA redress provisions being met (such as breach of duty, loss, causation or actionability). The Court also established a new test for when the FCA can amend its case before the Upper Tribunal. This potentially means that the FCA could materially change its case after an Upper Tribunal referral.
Digital Securities Sandbox opens for applications
Applications are now open for the Digital Securities Sandbox (DSS). The Financial Services and Markets Act (FSMA) 2023 gave the Treasury the power to create financial market infrastructure (FMI) sandboxes. These were intended to promote innovation by allowing for experimentation with novel market infrastructure models within a live, regulated environment. The Digital Securities Sandbox (DSS) is the first FMI sandbox to be created under those powers. The DSS will be operational until December 2028 but can be extended by the Government.
BCAP introduces new rules restricting broadcast ads for qualifying cryptoassets
The Broadcast Committee of Advertising Practice (BCAP) has introduced a new rule that explicitly bans advertisements for fungible and transferable cryptoasset products from being broadcast to mainstream, non-specialist audiences on TV and radio. The press release published on 27 September 2024 is available here.
ECCTA
Companies House has announced its transition plan as it plans to reform following the introduction of the Economic Crime and Corporate Transparency Act 2023. One of the major changes is that directors and Persons with Significant Control (or PSCs) will need to have their identity verified.
During the spring of 2025, Companies House will begin approving authorised corporate service providers (or ACSPs). The ACSPs will undertake identity verification services. From autumn 2025, identity verification will be obligatory on incorporation for new directors and new PSCs. This will also start a 12-month transition period for existing directors and PSCs to complete identity checks. The transition period will be complete by the end of 2026, and Companies House will take action against those who have failed to complete identity checks where required to do so.
Secondary legislation will be needed to implement the changes, and therefore the precise timeline is dependent on the parliamentary timetable.
The Companies House Changes to UK company law website details the changes and what customers and/or their agents need to do and by when.
UK Corporate Reporting Changes
The Secretary of State for Business and Trade (Jonathan Reynolds) recently outlined plans for corporate reporting reforms in a written statement to Parliament.
Company size thresholds and redundant reporting requirements
There will be changes in legislation by the end of 2024 to eliminate “redundant reporting requirements" from the directors' report and directors' remuneration report. It will also increase the monetary size thresholds for determining micro-entities and small and medium-sized companies by 50%.
Non-financial reporting review
The Government plans to consult next year on the UK's non-financial reporting framework. This will involve consideration of whether a company will need 500 rather than 250 employees to be determined as “medium-sized”, and whether to exempt medium-sized companies from needing to prepare a strategic report. These proposals were recently subject to consultation.
Other
The Government's also plans to look at updating shareholder communication and rules on virtual AGMs.
See here for the written statement to Parliament.
About Cambitas
Cambitas offers legal and consultancy services in the areas of financial markets regulation, enforcement, corporate and commercial law and ESG. Our advice is pragmatic, commercial, and shaped by our many years’ experience of working in-house and in regulatory positions.
For more information, see www.cambitas.com.
If you’d like to discuss any of the above, or need assistance on any of the areas we cover, please contact tom.hine@cambitas.com.
Commenti