FSB to Commence Review of Financial Stability Implications of FinTech
On March 28, 2019, the Chair of the Financial Stability Board (FSB), Randal Quarles announced that the policy body would undertake a review of the financial stability implications of FinTech as part of its 2019 Work Plan. While acknowledging the benefits of FinTech “to reduce economic inequality, increase financial inclusion, and boost economic growth, and … potentially reduce financial volatility and vulnerabilities,” Quarles also emphasized that it was necessary to examine and address vulnerabilities in the global financial system that FinTech might engender. Quarles did not go into substantive details about the scope and focus of the upcoming examination, but remarked that the FSB had already reviewed the consequences of large tech firms such as Amazon and Apple entering the financial services arena, as well as the expansion of decentralized, disintermediated financial technology phenomena such as crowd funding and lending platforms.
As the G20 financial policy body, proposals of the FSB are taken seriously by G20 members and often make their way into legislative developments across jurisdictions, such as the suite of shadow banking proposals they issued that led to the enactment of the SFTR, Money Markets Fund Regulation, and the STS Securitization Regulation with the EU for instance. As such, should the FSB promulgate recommendations following its review, the market can anticipate that the recommendations will make their way onto the statute books in the coming years.
Multiple U.S. Authorities and the UK FCA Announce Collective $1.1 Billion Fine for Financial Crime Breaches; Two Benchmark Manipulators Jailed
Less than six months after Société Generale were fined $1.3 billion by U.S. authorities for failings relating to financial crime, the FCA and multiple U.S. agencies have fined Standard Chartered (SC) $1.1 billion for failings in due diligence monitoring, systems, and controls. Of the $1.1 billion, $947 million will be paid to U.S. government agencies and $133 million to the FCA. Furthermore, the costly U.S. Deferred Prosecution Agreement with the New York Country District Attorney’s Office under which the bank is operating will be extended until 2021, the U.S. Department of Justice said.
The U.S. Treasury Department declared that SC had moved almost half a billion dollars in almost 10,000 transactions in breach of sanctions against countries including Iran, Myanmar, Sudan, and Syria. The FCA stated that it had “found significant shortcomings in SC’s own internal assessments of the adequacy of its AML controls, its approach towards identifying and mitigating material money laundering risks and its escalation of money laundering risks.” The conduct in question included taking a large sum of money in a suitcase from a client with inadequate diligence undertaken on the provenance of the funds; providing services to a client exporting dual-use equipment to over 75 countries, including several undergoing armed conflict; and failing to respond to multiple red flags raised against another customer.
In individual terms, the case saw the first instance of a banker pleading guilty to conspiracy to violate sanctions. Moreover, the New York Department of Financial Services stated that two senior compliance officers, one in the U.S. and one in the UK, “utterly failed to take steps to ensure transactions from Iran were blocked” and that “[a]nother manager in Standard Chartered was found to have advised an Iranian front company located in Dubai how to evade detection.” Based on these announcements, actions against individuals is likely.
The case demonstrates how regulators will collaborate internationally and impose fines for financial crime violations. With the exception of the enormous fines for conduct contributing to the Financial Crisis in 2008, fines for serious breaches of prudential and conduct regulation often extend to tens of millions of dollars, with rare conduct cases intruding into the hundreds of millions of dollars where, for instance, rigging of international markets is identified. However, multi-billion dollar fines are the all-but-exclusive domain for financial crime violations and this most recent case highlights the need for firms to employ rigorous KYC, AML, and CTF systems and controls.
Meanwhile, following earlier convictions, the UK Serious Fraud Office (SFO) has secured two further convictions for Euribor benchmark manipulation: one with a five year prison term; another for four years, as further detailed in a press release from the SFO, published March 28, 2019.
SEC Extends Compliance Date for the Recently Amended Rule 606 of Regulation NMS on the Disclosure of Order Handling Information
On April 24, 2019 the SEC issued a release, effective April 30, 2019, extending the compliance date for the recent amendments to Rule 606 of Regulation NMS on the disclosure of order handling information. In the release, the SEC cited the need “to give broker-dealers additional time to develop, program, and test for compliance with the new and amended requirements of the rule.” The compliance date remains May 20, 2019 for amendments to Rule 605, but broker-dealers will need to collect information under Rules 606(a) and 606(b) commencing September 30, 2019.
Alphabet Soup of EU Regulations to Get Technology Risk Regulatory Reboot
The EU’s banking, financial markets, and insurance regulators have provided joint advice to the European Commission proposing a harmonized, cross-sectoral taxonomy, framework, and set of reporting templates for Information and Communication Technology (ICT) risks, within the broader context of overall operation resilience and cybersecurity risks. Particular recommendations have been issued proposing harmonized and improved incident reporting mechanisms and measures governing management of third-party risks, such as cloud service providers, together with an oversight framework for monitoring critical service providers. The proposed measures would embed a harmonized principles-based regime across the key suite of cross-sectoral regulations including the GDPR, MIFID II, AIFMD, UCITS, CSRD, CRD IV, PSD 2, and Solvency II.
The regulatory bodies also published in tandem with the above advice, a separate joint advice, also to the European Commission, on the establishment of a harmonized cyber resilience testing framework for the EU financial sector. However, given the current divergence of cybersecurity maturity across and within financial sectors, a short-term focus on achieving a proportionate, minimum level of cyber resilience across sectors has been proposed, together with a voluntary EU wide coherent testing framework, working together with other relevant authorities, taking into account existing initiatives, and with a focus on Threat Lead Penetration Testing (TLPT). In the long term, the regulators aim to establish a cross-sector level of cybersecurity maturity and resilience through legislative enactments.
EU Resurrect Prospect of a Consolidated Tape for Equities
The EU Commissioner for European and Monetary Affairs, Valdis Dombrovskis, speaking at the European Parliament on April 2, 2019, confirmed that he had instructed ESMA to prioritize bringing into existence a consolidated tape for shares traded in the EU to resolve the consequences arising from the EU’s fragmented markets, which includes multiple exchanges and other trading venue types, many of which sell the same securities. The principle behind the consolidated tape is to provide a centralized feed of real-time trades and quotes across all venues to establish definitive prices. The announcement follows the publication of a report commissioned by an industry body representing EU exchanges which claims that the charges for market data by trading venues is fair, a matter contested by buy-side firms who are reliant on that data to obtain best execution for clients when executing transactions.
Seeking to emulate arrangements in the U.S. under Reg NMS, MIFID II lays out a regulatory framework for a consolidated tape that it was hoped/expected would be established by a private sector entity. However, half a decade after MIFID II was entered onto the EU’s Official Journal, no vendor has stepped forward and, as many in the market have anticipated, it appears that a public sector solution may now be under contemplation by ESMA. The work forms part of a much larger overall review by ESMA of how MIFID II is functioning. It was announced in late March 2019, that this overall review would be delayed by between six months and two years as a result of work Brexit has triggered. Nevertheless, Dombrovskis stated in Parliament that he was hoping for a report on a consolidated tape from ESMA by early 2020.
EIOPA Liberalizes Aspects of Solvency II Regime in Deployment of Proportionality Principle
EIOPA has published a supervisory statement on the application of the principle of proportionality to the solvency capital requirement (SCR) under the Solvency II EU prudential regime for the insurance sector. The statement seeks to facilitate regulatory convergence and avoid supervisory arbitrage of those overseeing firms’ SCR calculations. Specifically, EIOPA is seeking to encourage supervisors to undertake a proportionate approach, at entity level, to “immaterial SCR sub-modules” where a firm can demonstrate that the value of the sub-module calculation is immaterial to the overall basic SCR (BSCR). To benefit from the approach, the pattern of the SCR sub-module would need to be stable over the last three years and be consistent with the business model and the strategy of the firm “for the following years”. Supervisors would also need to conclude that a proportionate approach was justifiable given the nature and complexity of the risk in each individual case and finally, the firm in question would need to demonstrate that they have adequate risk management systems and processes to monitor any evolution of the risk. The statement provides further details on evaluating materiality, undertaking calculations, and the requirements necessary to comply with risk management and monitoring obligations, making it impactful for firms as much as for member state regulators.
Regulation Introducing New Pan-European Pension Products Due Imminently
As part of the EU’s Capital Markets Union initiative, on April 4, 2019, the European Parliament approved the European Commission’s proposed Regulation on pan-European personal pension products (PEPP). The regulation would open up the pensions market to competition from across the union, despite watered down portability measures within the text, which fell afoul of the trialogue process. In a nutshell, the regulation would produce a new product with standardized, comparable features facilitating cross-jurisdictional comparisons. The new pension products would also come with a robust suite of investor protection and transparency measures. The product comes in the form of a voluntary scheme for retirement saving that complements rather than replaces existing public and occupational pension schemes, alongside existing national private pension schemes. The regulation now only requires the approval of the European Council before it can be entered onto the Official Journal, after which it should enter into force 20 days later.
While in principle the regulation heralds a sea change for the pensions sector, it remains to be seen whether the product will be adopted and challenge the incumbent models that will continue in operation within individual Member States.
EU Announces Tough New Whistleblower Laws
In response to incidents such as the Panama Papers and Lux Leaks, the European Parliament, On April 16, 2019 adopted a directive that strengthens the protections for those disclosing information acquired in a work-related context relating to “harmful” activities and those in breach of EU law. The rule applies across sectors including financial services, money laundering, and consumer and data protection. The new rules will permit whistle-blowers to disclose information either internally or directly to national competent authorities and relevant EU institutions, bodies, offices, and agencies. Moreover, where no appropriate action is taken in response to the whistleblower’s disclosure, or where it is believed there is “imminent danger” to the public interest, or a risk of retaliation, the person may publicly disclose the relevant information without losing whistleblowing protections.
The law expressly prohibits reprisals and introduces safeguards to prevent retaliation, intimidation, demotions and suspensions. Those assisting whistleblowers, including colleagues, relatives, and third parties, will also be protected by the new rules. Moreover, whistleblowers must be furnished with free, comprehensive, independent information and advice on procedures and remedies, as well as legal aid during any proceedings. Additionally, during legal proceedings, whistleblowers may be entitled to financial and psychological support.
Similar measures already exist domestically in a number of member states including France, Ireland, and the UK. The new measures will ensure such measures apply across the Union. The law now needs to be approved by EU ministers, who have previously signaled their approval. Once published in the Official Journal, member states will have two years to implement the rules.
EU Launches New Blockchain Association
As part of its Digital Single Market initiative, on April 3, 2019 the EU announced the creation of an International Association of Trusted Blockchain Applications (INATBA) in a press release. On its website, the European Commission states that “INATBA brings together industry, startups and SMEs, policy makers, international organizations, regulators, civil society and standard setting bodies to support blockchain and Distributed Ledger Technology (DLT) to be mainstreamed and scaled-up across multiple sectors….To unlock the full transformational potential and harness the benefits of blockchain and DLT for businesses, the public sector and society at large, INATBA aims to develop a framework that promotes public and private sector collaboration, regulatory convergence, legal predictability and ensures the system’s integrity and transparency.” This represents an effort by EU authorities to get ahead of the curve on emergent technology developments in the financial sector and harness them for common objectives in the interests of individuals and the wider EU business community.
France Adopts the PACTE Bill, Establishing First Legal Framework for ICO Regulation
On April 11, 2019 the Pacte Draft bill (Action Plan for Business Growth and Transformation) was finally adopted by the French National Assembly. Following final enactment, the law will frame fundraising via the issuance of virtual ICO-Initial Coin Offering tokens and digital assets services providers (DASP), making the AMF one of the first regulators to regulate ICOs. This law, if enacted, will give issuers the possibility to ask for an optional visa delivered by the French Autorité des Marchés Financiers (AMF) to support their ICOs, if they meet specified listing requirements. These requirements will ensure a degree of transparency and strengthen investor protection. Visas will remain optional and issuers will still be able to propose ICOs without a visa, but will prevented from promoting to the public during the origination process. Thereafter the AMF will publish and maintain a list of ICOs that have received a visa.
FCA Considering Overhaul of its Principles for Business to Boost Consumer Protection
On April 23, 2019, 18 months after the FCA published a discussion paper on the need to impose a formal Duty of Care on investment firms as part of its broader investor protection obligations, the FCA published a feedback statement. The statement emphasizes that the majority of respondents, from across the FCA’s stakeholder base, considered that levels of harm to consumers remained too high and that there needed to be changes in the regulatory rules to provide enhanced investor protection. In response the FCA has committed to review the current regulatory framework including analysis of its principles-based approach in the broader context of authorizations, supervision, and enforcement activities. It will also consider reviewing and enhancing its principles of business to strengthen and clarify firms’ duties to consumers and whether a potential private right of action for principles breaches or a statutory Duty of Care should be established. In its press release, the FCA stated that the review “will form an important part of the FCA’s business plan priority for 2019/20 to consider the future of regulation following the FCA’s mission and as the UK leaves the EU. The FCA will undertake further work to examine these options and will outline next steps in the autumn, seeking detailed views on specific options for change.”
UK Government Announces ARGA as an Empowered Replacement of the Financial Reporting Council
As part of its ongoing response to Carillion’s collapse, on March 11, 2019 the UK government announced it would replace the Financial Reporting Council (FRC), which regulates auditors, accountants, and actuaries and is responsible for oversight of corporate governance and company reporting in the UK and Ireland. The new independent regulator will be called the Audit, Reporting and Governance Authority (ARGA). The decision flows from the Kingman Review of the FRC, which held that for a multiplicity of reasons, the body was not fit for purpose. Several of the more straightforward Kingman recommendations will be implemented immediately including an increase in the number of corporate reporting reviews, an extension of corporate reporting reviews to cover a company’s entire annual report and accounts, a reduction in the volume of guidance published by the regulator and a review of long-term viability statements, which may be abolished if a method cannot be established to make them effective.
The government also announced a consultation on several of the other Kingman recommendations including the proposed strategic objectives and duties of ARGA, whether it should undertake responsibility for the UK Corporate Governance and Stewardship Codes and whether to appoint inspectors to investigate a company where public interest issues arise. Finally, the government committed to consulting in the future on the remaining, longer term recommendations in the Kingman Review not already addressed in its announcement. Responses to the initial consultation will be accepted up until June 11, 2019.
While not exclusively related to financial regulation, the steps will involve the introduction of regulatory measures that will govern and impact the conduct and operations of financial institutions in terms of their company reporting, risk management and corporate governance and potentially expose heads of firms to liability that previously were largely in the domain of the theoretical, but which may suddenly become imminent.