Regulatory Round-up - Q2 2020
In this addition we cover:
- New prudential requirements for Investment firms
- Final Guidance on adequate financial resources (FG20/1)
- Extended deadline to certify staff under the Senior Managers Certification Regime (“SM&CR")
- RegData replacing Gabriel reporting system
- Extensions to regulatory reporting deadlines during coronavirus pandemic
- Absent Senior Managers and Appointed Representative’s Approved Persons can be covered for up to 36 weeks without approval
- EBA Guidelines on information and communication technology (“ICT") and Security Risk Management
- FCA plan permanent mini bond marketing ban
- ESMA consult on rules for Cloud arrangements
- ESMA Focus on European Fund Fees
- FCA’s Market Watch reminds firms of their market conduct obligations
- Pandemic Related Business Continuity Planning, Guidance, and Regulatory Relief
- Information investors want to see in coronavirus disclosures
- SEC issues alert focusing on common deficiencies found in investment managers
New prudential requirements for Investment firms +
The Financial Conduct Authority (“FCA”) has set out its initial views on a new prudential regime for UK Markets in Financial Instruments Directive (“MiFID”) investment firms in a discussion paper ("DP20/2") published on 23rd June 2020. This follows the publication of the Investment Firm Directive (“IFD”) and the Investment Firm Regulation (“IFR”) in the European Union’s Official Journal on 5th December 2019. EU member states will have to comply with IFD and IFR from 26th June 2021. As the UK has exited the EU it will not be implementing the IFD/IFR, but it will introduce UK specific rules intended to achieve the same overall outcome as the IFD/IFR.
The discussion paper sets out the details and the FCA’s views on IFD/IFR, including the following:
• Initial capital required for authorisation will increase for most firms. There are three new levels that are EUR 75K, EUR 150K and EUR 750K depending on a firm’s investment activities.
• Ongoing minimum capital requirements will be the higher of: the permanent minimum requirement (“PMR”), which is the same as the initial capital requirement for authorisation; a Fixed Overhead Requirement (“FOR”); and, for some firms, a requirement based on activities known as the K factor capital requirement (“KFR”).
• All MiFID investment firms, including Exempt CAD Firms, will have to calculate an FOR.
• The definitions of capital will change, including the number of deductions that apply.
• Adaption of the rules for the prudential consolidation of investment firm groups to the requirements of the IFD/IFR.
• Requirements for firms to monitor and control concentration risk, for example, they will have to calculate their exposure value for concentrated exposures in a trading book to a client.
• Basic liquidity requirements, based on holding liquid assets of at least one third of the FOR, will apply to all MiFID investment firms.
• MiFID investment firms themselves will be required to set “appropriate ratios” between the variable and the fixed component of total remuneration in their remuneration policies, which is contrasted with the fixed ratios approach under the Capital Requirement Regulation (“CRR”)/Capital Requirements Directive (“CRD”) regime.
• Replacing the existing Internal Capital Adequacy Assessment Process (“ICAAP”) with a new Internal Capital Risk Assessment (“ICARA”) process, which will be applicable to all MiFID investment firms, including Exempt CAD Firms.
The The FCA has welcomed comments on its proposals and firms that wish to do so must respond by 25 September 2020.
Portman continues to assess the FCA’s proposals and the effect these will have on MiFID investment firms which, in some instances, will be significant. Although some of the details regarding the UK regime have yet to be finalised, firms should begin to familiarise themselves with how the proposed changes could affect them.
Final Guidance on adequate financial resources +
The FCA has published its Final Guidance on why firms must maintain adequate financial resources as well as their approach and expectations of firms in this regard. Firms are required to maintain adequate financial resources to reduce the risk of market disruption, to give them a better chance to put things right if they go wrong and to reduce the risk of harm to consumers and the integrity of the financial system if they fail. If firms cannot compensate consumers when they fail these costs are transferred to other firms through the Financial Services Compensation Scheme Levy (“FSCS”) levy which is unfair.
The FCA expect all firms, even those not subject to detailed prudential rules, to carry out a risk based assessment of the adequacy of their financial resources considering the risks they pose to consumers and the integrity of the financial system. The FCA may ask firms to provide their own assessment of adequate financial resources and wind down planning to them for review. An FCA review of a firm’s assessment of adequate financial resources will consider the following:
• the firm’s risk management framework;
• appropriate/ adequate risk identification;
• risk materiality;
• adequacy of systems and controls;
• the use of stress testing;
• use of the risk assessment process in day to day decision making;
• adequacy of financial resources based on risk exposure; and
• comparing the assessments made by firms with similar business models against each other.
Where the FCA identifies weaknesses, it will expect improvements to the firm’s risk management framework, controls, wind down planning and/or require the firm to hold additional financial resources.
Portman will be working with all impacted firms to assist them in meeting this requirement. Firms must be mindful that the FCA can request details of their assessment.
Extended deadline to certify staff under the Senior Managers & Certification Regime (“SM&CR”) +
The SM&CR, which went live on 9th December 2019, required all solo regulated firms to implement and adhere to the FCA’s rules on individual accountability.
Originally, firms had a transitional year until 9 December 2020 to assess all Certified Staff as fit and proper, issue certificates once certified and upload details of Certified Staff to the new “FCA Directory”. Given the significant effect of the coronavirus pandemic on many firms, the regulator has confirmed that it now intends to extend the deadline to 31 March 2021. The introduction of the Conduct Rules for those members of staff who are not Senior Managers or Certified Staff has also been delayed until 31 March 2021, so firms have until this date to train these members of staff.
While, the extension gives some comfort in delaying the implementation date, Portman advises firms, where possible, to continue to try to meet the original deadline of 9 December 2020.
RegData replacing Gabriel reporting system +
The FCA has confirmed that RegData will replace Gabriel as its new regulatory reporting system. According to the FCA, RegData will look similar to Gabriel but will provide more flexible technology to make it more user friendly.
Transition of firms onto the new system will be staggered, with the FCA intending to alert firms’ existing GABRIEL principal and associated users three weeks before their move date. Further reminders will be provided five days before and, then again, one day before the move date. Meanwhile, firms should continue to use Gabriel to provide regulatory data to the FCA.
Portman advises firms to review their user and contact details in Gabriel to make sure they receive FCA communications about the new system.
Extensions to regulatory reporting deadlines during coronavirus pandemic +
The FCA has extended the deadline for firms to submit some of their regulatory returns. Details of the returns covered and the new deadlines are set out on the FCA’s website.
Portman advises all firms to check which returns are covered. Firms should try to meet the usual deadlines, but the extensions give some comfort if further time is needed.
Absent Senior Managers and Appointed Representative’s Approved Persons can be covered for up to 36 weeks without approval +
The FCA has temporarily extended the period for which Senior Managers and Appointed Representatives’ (“ARs”) Approved Persons can be covered by another member of staff, without regulatory approval, from 12 weeks to 36 weeks in a consecutive 12 month period, provided the absence is due to coronavirus.
The change in the rules covers situations where staff are absent due to illness as well as where there is a delay in the recruitment of a replacement for a Senior Manager or an ARs Approved Person due to the pandemic. Firms can allocate the absent member of staff’s responsibilities, including Senior Manager prescribed responsibilities, to the person covering the role. Firms must notify the FCA to make use of the change in the rules, but this can be done as a precautionary measure in advance of the firm needing it.
Portman advises all firms to submit a notification to the FCA if they think they may need to make use of the extension. All firms must clearly document any changes to responsibilities internally, including Senior Manager prescribed responsibilities, so that everyone understands who is responsible for what. Firms should be aware that the FCA may request this documentation now or in the future.
EBA Guidelines on information and communication technology (“ICT”) and Security Risk Management +
The European Banking Authority (“EBA”) has published its final guidelines on ICT and security risk management for credit institutions, investment firms and payment service providers. The guidelines apply from 30 June 2020.
The FCA has said it will be flexible when supervising firms’ implementation of the guidelines given the ongoing coronavirus pandemic. However, the FCA has encouraged firms to focus on the following aspects of the guidelines: information security, ICT operations and business continuity.
The purpose of the guidelines is to address the vulnerability of firms to security attacks, including cyber attacks, due to increased digitization and close links between firms. The guidelines include requirements in the following areas:
• Governance: the establishment of sound internal governance and an internal control framework for ICT and security risks;
• ICT strategy: the alignment of the ICT strategy with the overall business;
• Third party providers: the establishment of effective risk mitigation measures when ICT services are outsourced;
• ICT operations security: the management of ICT operations based on documented and implemented processes and procedures;
• ICT project and change management: the implementation of a programme and/or a project governance process that defines roles, responsibilities, and accountabilities to effectively support the implementation of the ICT strategy; and
• Business continuity management: the : the establishment of sound business continuity management processes to maximize firms’ abilities to provide services on an ongoing basis and to limit losses because of severe business disruption.
Portman advises firms to review their information security, ICT operations and business continuity arrangements taking into account the EBA’s guidelines. Although the FCA has said it will show some flexibility in how it supervises firm’s implementation of the guidelines, operational resilience, including ICT and Security, remains a key priority for the regulator.
FCA plan permanent mini bond marketing ban +
A temporary ban on the marketing of mini bonds to retail investors has been in force since January. The FCA has confirmed that it now intends to make this ban permanent. The ban follows concerns that mini bonds were promoted to retail investors who did not understand the risks and could not afford the potential losses. The FCA has been under pressure to take action following several high profile mini bond scandals such as the failure of London Capital & Finance, which allegedly offered mini bonds to clients stating these were used to make loans to small businesses and promising 8% returns. The FCA suggest some changes to the current ban such as bringing listed bonds, that are like speculative products which are not traded regularly, within the scope of the ban.
Portman advises all firms to review the products and services they offer and ensure they are in full compliance with the ban.
ESMA consult on rules for Cloud arrangements +
The European Securities and Markets Authority (“ESMA”) has consulted on draft guidelines for asset managers and funds that outsource to cloud service providers. Cloud outsourcing can create challenges in relation to data protection, information security and financial stability (given the potential impact of concentration risk because there are only a limited number of providers).
The proposed guidelines would:
• Set minimum contractual requirements to be included in agreements with cloud suppliers;
• Require extensive pre contract due diligence focusing on cyber risk, security, and ongoing supplier management;
• Require detailed exit strategies, access and audit rights and sub outsourcing;
• Build on existing outsourcing requirements in the revised Markets in Financial Instruments Directive (“MiFID II”), Alternative Investment Fund Managers Directive (“AIFMD”) and Undertakings for Collective Investment in Transferable Securities (“UCITS”) Directive; and
• Bring the outsourcing requirements in line with those that apply for banks and insurers.
A key change is that cloud outsourcing arrangements covered by the guidelines would expressly include delegation arrangements and arrangements between a firm and a third party, where that third party is not a cloud service provider but relies on a cloud service provider to perform a function it would otherwise carry out itself. This means indirect cloud outsourcing arrangements may be caught.
The consultation closes on 1 September 2020, with ESMA’s final guidelines expected Q4 2020/Q1 2021. Under the proposals, firms would have until 31 December 2022 to make any changes required to their existing outsourcing arrangements.
ESMA Focus on European Fund Fees +
ESMA held a Supervisory Briefing on costs in UCITS and Alternative Investment Funds (“AIFs”), which was published on 4 June 2020. The briefing aims to align the approach of European regulators to the supervision of fund costs. The Briefing outlines criteria for the assessment and supervision of UCITS management companies and AIFMs collectively “management companies”) obligation to prevent “undue costs” being charged to investors.
ESMA suggest that European regulators require management companies to develop a “pricing process” to document how they work out and review fund costs charged to investors. In practice, this will require an in depth cost analysis of each fund. Management companies will be required to prepare this at the initial launch for new funds and on an ongoing basis for all funds.
All costs charged to the fund, whether paid to the management companies, third parties or paid directly by investors (for example entry and exit costs), will need to be identified and quantified. The pricing process will need to include the following elements:
• Whether the costs are linked to a service provided in the investors’ best interest;
• Whether the costs are proportionate to market standards;
• Whether the fee structure is consistent with the characteristics of the fund;
• Whether the costs borne by the fund are sustainable;
• Whether the costs ensure equal treatment of investors;
• Whether there is any duplication of costs;
• Whether a cap on fees is applied and clearly disclosed to investors;
• Whether any performance fee calculation is compliant with ESMA’s “Guidelines on performance fees in UCITS and certain types of AIFs” (published in April 2020);
• Whether all costs are clearly disclosed to investors; and
• Whether the pricing process and all charged costs are based on reliable and documented data, so regulators can reproduce ex post the calculations made by the management company on a single portfolio level.
It remains to be seen what action, if any, the FCA will take on this matter following the UK’s decision to leave the EU.
FCA’s Market Watch reminds firms of their market conduct obligations +
The FCA published its Market Watch 63 newsletter in May 2020. This edition sets out the regulator’s expectations in relation to market conduct considering the increase in capital raising events and changes in working arrangements in response to the coronavirus pandemic.
The main elements of the publication are as follows:
• The FCA anticipates an increase in primary market activity because many issuers will need to seek additional capital. When this is combined with changes to working arrangements it is crucial that firms have the right controls around market abuse and managing conflicts of interest; and
• The FCA expects all firms to comply with all their obligations under the relevant regulations, including the Market Abuse Regulation (“MAR”), despite the operational challenges arising from the pandemic.
The FCA suggests that firms focus on:
• Appropriate identification and handling of inside information;
• Robust market surveillance and suspicious transaction and order reporting, taking into account changes in market conditions and changes in working arrangements;
• Meeting the transparency and short position covering requirements under the Short Selling Regulations;
• Identifying and managing conflicts of interest that may arise around capital raising events;
• Reviewing systems and controls to ensure they continue to mitigate the identified risks effectively. Common industry controls, such as a mandatory 2 week holiday for front office staff may be appropriate to minimise the risk of “rogue” traders. Requiring staff to attend refresher training on how they should be handling inside information may also be sensible for some firms;
• Ensuring appropriate controls around personal account dealing, including how firms manage conflicts of interest and the risk of market abuse, given the potentially increased risks of personal account dealing for staff working from home; and
• Reviewing controls around “wall crossings” so that inside information disclosed and received is strictly controlled to prevent the risk of unlawful disclosure and insider dealing.
Portman advises all firms to review their systems and controls in relation to market conduct to ensure they remain appropriate. We remind firms that the FCA monitor the markets using a range of tools to identify behaviours which may constitute market abuse. The regulator may ask firms to provide further information about their activities and to explain how they meet their regulatory obligations at any time.
Pandemic Related Business Continuity Planning, Guidance, and Regulatory Relief +
On 9 March, the Financial Industry Regulatory Authority (“FINRA”) issued Regulatory Notice 20-08 reminding firms that, in light of coronavirus pandemic, they should be reviewing their business continuity plans (“BCPs”) to ensure that they are flexible enough to mitigate business risks arising from the pandemic. FINRA notes that BCPs should consider issues around pandemic preparedness; staff absences; remote working; travel and transportation limitations; technology interruptions or slowdowns; and emergency contacts.
The Regulatory Notice also gives guidance to firms on how to address a number of areas during the pandemic, including:
• Communicating with clients;
• Remote offices or telework arrangements;
• Cybersecurity controls;
• Regulatory filings and communicating with FINRA; and
• Qualification examinations.
Information investors want to see in coronavirus disclosures +
On 30 June, the SEC moderated a virtual roundtable to hear how investors viewed firms’ current disclosures in connection with the coronavirus pandemic as well as what information they would like to see going forward.
The discussions highlighted areas of concern amongst investors to be around liquidity, operational resilience and social issues.
In relation to liquidity, investors noted that previous disclosures had been ‘general’ and that they would prefer more specific, standardised information with particular mention given to items such as cash burn and inventory; days of cash on hand; drawdowns from credit lines that occurred during the quarter; and any impediments to drawdowns in the future. Further, investors noted that ‘forward looking’ information which considered a range of scenarios and possible outcomes would be helpful. In this regard, the SEC stated that firms would need to make clear the assumptions used for such scenarios as well as the implications if those assumptions turned out not to be true. It was noted that the SEC would not second guess forward looking statements made in good faith.
Discussions around operational resilience showed that investors were interested in how firms are managing the current environment, what lessons had been learnt, as well as what considerations had been made for the knock on effect of the pandemic and how firms would look, say, three years from now.
Finally, investors were also interested in disclosures regarding social issues, such as the recent social upheaval arising out of racial inequality and how firms were addressed these issues as well as addressing diversity in general.
SEC issues alert focusing on common deficiencies found in investment managers +
On 23 June, the Securities and Exchange Commission (“SEC”) and Office of Compliance Inspections and Examinations (“OCIE”) issued a Risk Alert setting out its expectations of investment managers in the areas of conflicts of interest; fees and expenses; and policies and procedures relating to Material Non Public Information (“MNPI”).
The alert follows OCIE’s recent examinations of investment managers in which it found common deficiencies in the above mentioned areas. In the alert, OCIE provides specific examples of bad practices found, as well as highlighting the fact that these are areas in which the SEC has taken enforcement action in the past and will continue to do so if these practices persist.
Examples of some of the bad practices highlighted in the alert include:
Conflicts of interest
Failures to give appropriate consideration to and/or providing inadequate disclosures around the conflicts arising from:
• Allocation of investments, amongst the investment manager’s clients. In particular, OCIE expressed concern around preferential treatment being given to new clients, higher paying fee clients or proprietary accounts to the detriment of other clients;
• Multiple clients investing in the same portfolio company, particularly where the clients were invested at different levels of a capital structure, such as one client owning debt and another client owning equity in a single portfolio company;
• Preferential liquidity rights given to select investors, the exercising of which could cause harm to other investors;
• The investment managers’ own interests in recommended investments; and
• Pre existing relationships with service providers, particularly where investment managers had financial incentives for its portfolio companies to use these service providers.
Fees and expenses
Inconsistent allocation of fees and expenses by investment managers as well as inadequate clarity around the roles of non employees of the investment manager providing services to its clients or the underlying portfolio companies and their compensation. Instances were also found where investment managers had failed to follow their disclosed valuation process for client assets, causing investors to be overcharged management fees and carried interest.
Policies and procedures relating to MNPI
Failures to establish, maintain, and enforce policies and procedures reasonably designed to prevent the misuse of MNPI. This included failures to address risks posed by employees interacting with insiders of publicly traded companies as well as outside consultants arranged by expert network firms. Further, OCIE found examples of failures to enforce provisions in code of ethics also designed to prevent the use of MNPI. This included a failure to enforce, or inconsistent use, of both restricted lists as well as the receipt of gifts and entertainment from third parties.
Portman advises firms to review their policies and procedures to ensure that they are in line with regulatory requirements and that, in practice, they are being appropriately followed by all members of staff.