Out-Law Analysis | 11 Jan 2017 | 10:46 am | 11 min. read
While we will take a closer look at some of the most important issues below, common and recurring themes that firms will need to keep at the forefront of their business planning in 2017 include:
New legislation and regulation
Where implementation projects are not well underway, firms need to catch up now. There is a lot to get to grips with, and waiting for certainty from legislators and regulators will leave firms trailing.
Financial firms depend on technology as a tool for compliance, to combat financial crime and to provide services for clients. They should be on top of new developments and be able to utilise them within their businesses whilst at the same time ensuring that they are secure.
Systems and controls
Systems and controls are always an important feature of the regulatory landscape. The recast Markets in Financial Instruments Directive (MiFID II) and the Fourth Money Laundering Directive (4MLD) will require firms to develop and to overhaul their systems and processes to address everything from transaction reporting to relationships with retail customers; from risk management to cyber security.
Good customer outcomes
Firms will be expected to deliver appropriate products; to provide adequate information about those products and services; to promote competition; to protect vulnerable customers; to reduce costs; and to reduce costs and innovate in ways that benefit those customers.
Compliance and IT departments in particular will find this a very challenging year, and may need additional resourcing. While regulators may be prepared to be lenient in difficult circumstances, firms should not become complacent. Recent reports of penalties issues by the Financial Conduct Authority (FCA) in Q1-Q3 of 2016 being £18 million compared to £885m for the entire previous year do not tell the whole enforcement story. Firms are now becoming subject to a broader range of sanctions - including, for example, bars on taking on new business.
As an industry, financial services suffers from a negative public image while at the same time requiring country-wide support to get a viable deal from the Brexit negotiations. Firms are on a long road to change the way things get done, but need to recognise not only the need for integrity to be at the heart of their corporate culture but also to reassure a population beyond the walls of the City of London of that integrity.
Brexit remains the biggest 'known unknown' for the financial services industry. Assuming the Article 50 notice is served in March, the post-Brexit view should be clearer by September 2018.
Legally, much is possible, but the politics cannot be ignored. Any arrangements will need to work both at EU level, and for individual member states. Full access to the single market seems unlikely in the long term since the price would be submitting to free movement of labour and making a significant contribution to the EU budget, but may be workable as an interim solution.
We should assume that financial 'passports' under the single market directives will not survive. Equivalence is a patchwork of provisions riddled with gaps, bureaucratic in its application and potentially lost at short notice, so not exactly a robust safety net. Firms could set up business within an EU state and passport from there, as establishment requirements in some jurisdictions are relatively modest and services can be outsourced or delegated back to the UK under existing third country provisions. Some states will be more attractive than others, so firms must bear in mind the capacity of the more popular ones to deal with demand on infrastructure and their regulators' ability to cope with a surge of applications for authorisation.
It is worth remembering that the establishment of London as a hub for global financial services and innovation pre-dates the EU by centuries. The depth and breadth of expertise in the City and the UK as a whole is unique; and firms must be permitted to continue to operate within an environment that enables access to the best personnel from around the world, with the right to work and remain here. If the current bureaucracy surrounding employment-related immigration is not improved, the existing system could grind to a halt.
MiFID II is one of the most wide-ranging pieces of legislation affecting the financial services sector to be introduced since the financial crisis. It impacts on firms, their products and customers. It comes into effect on 3 January 2018, so we can expect to see HM Treasury, the FCA and the Prudential Regulation Authority (PRA) spending this year finessing the necessary changes to legislation, rulebooks and guidance.
Many firms are still not making enough progress in their preparations. MiFID II implementation must be a priority, especially as the effects of the directive start to hit in 2017. The first annual 'best execution' reports under RTS 28 will be submitted by April 2018, and firms must gather data and assess their best execution processes during 2017 without access to data from RTS 27 trading venue reports.
The European Securities and Markets Authority (ESMA) recognises that these first reports will be incomplete, but maintains that the information will be useful to investors and is standing resolute on this deadline. The FCA will be lenient - but only provided firms have made best efforts to prepare the reports.
Governance and culture
Last summer, FCA director of supervision Jonathan Davidson delivered a speech in which he defined 'culture' as the typical, habitual behaviours and mindsets - the beliefs and values that people feel are important - that characterise a particular organisation: in other words, "the way things get done around here". Culture informs incentive schemes and rewards, and this is at the heart of the FCA's concerns surrounding governance and culture.
In 2017, the regulator will be looking at the application of the various governance and remuneration provisions to persuade firms that adopting the right mindsets will achieve the delivery of good outcomes for customers, market integrity and effective competition, and ensure their businesses are run properly and products developed and distributed appropriately. These provisions are contained in the fourth Capital Requirements Directive (CRD IV), the Alternative Investment Fund Managers Directive (AIFMD) and MiFID II, among others.
Boards and senior managers will bear the burden of meeting the FCA's expectations. The FCA will be consulting on the extension of the senior managers' and certification regime (SMCR) to an additional 60,000 firms. SMCR may also extend to in-house counsel, and apply conduct of business rules to all non-executive directors (NEDs).
SMCR originated from concerns over the prudential management of insurers, banks and large investment firms, so represents a sea change for the supervision of personnel in a large part of the financial services industry. Implementation will be challenging, and there is inevitably lobbying for the planned spring 2018 implementation to be pushed back.
Asset management market study
The FCA published an interim report on its study of the asset management industry last year, in which it identified weak price competition, queried the role of intermediaries and suggested reforms to promote competition. It is expected to publish a final report in the second quarter of this year, following industry feedback. The FCA's reforms are likely to have significant repercussions for asset managers, investment consultants, platforms, pension trustees and other service providers, while investment consultancy services will be subject to further FCA investigation.
We can expect to see FCA proposals for a governance framework to reinforce the existing 'best interest' rules, although this is now unlikely to go as far as enforcing a fiduciary duty between fund managers and investors. The FCA is also likely to unveil measures to increase clarity and consistency in authorised funds' fees and charges. This could include an 'all-in' fee, presented in pounds and pence, rather than as a percentage of volatile net asset value (NAV).
The FCA seems confident that any changes will be consistent with its work on dealer commissions and research payment accounts, and compatible with MiFID II. However, at a time when the deconstruction of costs and charges is prevalent, this is an interesting, even challenging proposal.
Protecting vulnerable customers
In its Mission Statement, the FCA stated its intention to bolster the protections offered to vulnerable customers. Existing protections vary across the Rulebook, and there is no single definition of a 'vulnerable customer'. The FCA has begun a 'ScamSmart' campaign to alert and inform investors about the risks of fraud and the FCA's blacklist of unauthorised firms.
Firms need to ensure that their management information (MI) systems are able to adequately identify their target markets so that customers are provided with appropriate services and products. Customers on low incomes, and retirees at risk of being targets of financial scams following the introduction of the pension freedoms, should already be identified as potentially vulnerable; but, crucially, firms must be able to demonstrate that they take account of issues like vulnerability, have considered which of their customers fall into this category and, where gaps are found in MI and reporting systems, fill those gaps.
Combatting financial crime
The fourth Money Laundering Directive (4MLD) goes live in June. The directive synchronises the EU's anti-money laundering regime with the global standards set by the Financial Action Task Force. It is deliberately less prescriptive, to encourage a risk-based, targeted and flexible application. The UK's Criminal Finances Bill, if passed in its current form, will grant wider powers to enforcement agencies to investigate money laundering and recover proceeds of crime. As financial crime becomes more technologically savvy, the mechanisms deployed to combat it need to keep up, so the EU is already considering amendments to 4MLD to incorporate pre-paid cards and virtual currencies.
Firms will have a lot to deal with under the new provisions. The FCA is keen that 'regtech' solutions, such as digital customer due diligence, are used. At the same time, solutions like these need to be resilient to cyber attack. The emphasis for firms is on updating or building new systems and controls, training staff and getting to grips with broader issues surrounding financial crime, including the identification of risks. The FCA will provide support, and encourage firms to continue testing their applications in its Regulatory Sandbox, over the course of the year.
EU and UK regulators seem keen to both encourage and supervise developments in the use of technology to provide advice.
Whilst the Joint Committee of the three European Supervisory Authorities (ESAs) is considering the introduction of a unified definition of advice across banking, insurance and investment firms to remove what is perceived as a barrier to the development of automated advice, the UK government is amending the Regulated Activities Order to include a personal recommendation in its definition to bring it into line with MiFID early in 2017.
Following a recommendation in the Financial Advice Market Review (FAMR) final report, published in March last year, the FCA set up the Advice Unit as part of its Project Innovate initiative. The Advice Unit assists, and provides regulatory guidance to, eligible firms that are developing lower cost robo-advice services, while also sharing insights with the industry. Firms wishing to be considered for the second round of this initiative can apply between 3 January and 3 February 2017.
The FCA and HM Treasury will also develop indicators to monitor the development of the advice market, to be tracked on an annual basis beginning in the first quarter of 2017. This should give firms more clarity on regulatory expectations in relation to robo-advice so they can develop their own tailored solutions.
FAMR also presents issues and opportunities for platform providers.
The post-implementation review of the FCA's crowdfunding rules revealed anxiety amongst loan-based crowdfunding firms that are trying to compete with mainstream lenders in the face of more regulation, particularly in relation to product disclosure, and increased costs of compliance.
The FCA is particularly concerned about the pooling of credit risk for investors in which the lines are blurred between loan-based crowdfunding and asset management, so that business is conducted under an inappropriate regulatory regime. The FCA is looking to minimise the risk of this regulatory arbitrage, so firms should brace themselves for more stringent regulation in the next few years. For now, firms need to delineate their crowdfunding operations from any asset management functions and ensure the appropriate rules are complied with.
The FCA is proposing to complete the post-implementation review and determine whether further consultation on regulatory reform is needed in the summer of 2017.
Data and technology
As investors become more sophisticated the demands for online/digital/mobile solutions are increasing – in turn, creating challenges for security, accessibility and harmonisation across the EU. The second Payment Services Directive (PSD2), which will be fully in force by 13 January 2018, will further drive competition in this space allowing a wider range of smaller fintech providers to offer innovative and competitive payment services which will challenge the current orthodoxy.
Requirements for firms under PSD2 will include: the publication of a leaflet setting out consumer rights and obligations under PSD2; compliance with the Data Protection Directives; incident management procedures; and strong customer authentication systems where a customer accesses their account or initiates a payment transaction. There will be a lot of reading courtesy of the European Banking Authority (EBA); including final draft regulatory technical standards (RTSs) on strong customer authentication by 13 January 2017 and guidelines on the establishment, implementation and monitoring of security measures by 13 July 2017.
The FCA's response to the fintech revolution is the 'regulatory sandbox', which "allows businesses to test innovative products, services, business models and delivery mechanisms in a live environment". The sandbox garnered strong interest across a range of areas, including e-money, digital currency, semi-automated advice tools, blockchain solutions for payments, and micro-savings apps. Firms in the sandbox ranged from large multi-national banks to small fintech companies. Its success in 2016 has led to a second round of applications, which closes in January 2017. It is anticipated that as the drive for innovative solutions gathers pace, the use of the sandbox will increase.
Blockchain technology seems poised to enter the mainstream of financial services in 2017. The FCA is adding a number of blockchain start-ups to its sandbox and key fintech players such as SETL are driving industry change. The year of blockchain will be kickstarted by London Blockchain Week in January where, in addition to the Hackathon, UNICEF will present Donercoin, a blockchain solution to digitise global aid.
The Packaged Retail and Insurance-based Investment Products (PRIIPs) Regulation has been postponed for implementation until 3 January 2018, essentially because the RTSs were not fit for purpose. The three ESAs responsible for PRIIPs have failed to reach an agreement on proposed amendments to the directive, casting doubt over whether they can meet their February 2017 deadline.
PRIIPs applies to non-UCITS retail schemes (NURS funds), qualified investor schemes (QIS funds), unregulated funds, investment trusts, insurance-based unit-linked or with-profits policies, derivatives, structured investment products and deposits, certain special purpose vehicle (SPV) securities and certain annuities. It is a broad church. It is not surprising that the legislators are struggling to create rules to provide information on the risks, costs and other features of such an array of investments.