Now that the Markets in Financial Instruments Directive II (MiFID II) and General Data Protection Regulation (GDPR) are implemented, senior management in firms with EU clients is focusing on this. The lack of progress is causing uncertainty to the extent that affected firms are considering moving beyond hiring staff in their chosen EU base to deliberately not recruiting in the UK – even to fill vacancies. This applies to most if not all affected financial sectors. The split in City thinking between ‘mutual recognition’ (rather than passporting) and ‘equivalence’ is unhelpful. Firms’ project teams are frustrated by the lack of information.
Some interesting developments:
- The Bank of England has warned that a disorderly Brexit could lead to interest rates being kept artificially low, causing sterling devaluation.
- The UK Chancellor, Philip Hammond, has warned firms not to expect a bonfire of ‘red tape’ post Brexit. The UK should be the “safest and most transparent place to do business”.
- There seems to be some acceptance of the principle of asset management delegation, that investor assets can be managed for EU investors on a ‘back-to-back’ basis, and sub-managed by a UK entity – but the EU regulators will want knowledge and staff on the ground. (The French AMF said: “We do not question existing business models that rely on delegation.”)
- The pressure on obtaining Tier 2 (skilled person) visas under the UK immigration system has eased for financial services companies, given the government’s decision to exempt NHS staff from the quota (currently they account for 40% of Tier 2).
- The FCA’s 2018/19 Business Plan says that Brexit will be its primary focus. It plans to monitor the impact of the transitional arrangements on firms (expect questionnaires and questions during visits).
- There are millions of contracts which are at legal risk post-Brexit. UK companies may be unable to perform financial contracts if access is prevented. Examples are insurance policies, (around 30 million EU policy holders), pensions, medium and long-dated derivatives contracts and revolving credit facilities, custody agreements and prime brokerage contracts. Continuity laws will be needed if there is no access.
2. Senior Managers & Certification Regime
The FCA has issued two papers on the SMCR – one policy statement (PS18/14
) with near final rules, and one consultation paper (CP18/19
) on the new register for certified employees.
PS18/14 makes minor changes to the original FCA proposals in CP17/25. This is disappointing given the large number of responses to it. The only features of interest are: the FCA’s comments; the detail of the near-final rules (awaiting only a Brexit review); and the timing.
The FCA comments are well worth reading. They include information of interest to groups; enhanced firms; firms with chief operating officers; HR staff with regard to making criminal checks; and whoever reports breaches to the FCA.
SMCR will start for existing SMCR firms at the beginning of 2019; and for new SMCR firms in December 2019, although there is a 12-month transition window for certified staff. The FCA expects firms to start preparing now – and there is little sign of the encouraging oral statements at the time of the consultation paper that preparation should be proportionate to the size and complexity of the firm.
The FCA has listened to requests for a register for certified staff. It plans a ‘directory’ that will contain more information than the current Register for Approved Persons, such as role held, any regulatory sanctions, location of individual and whether there are mandatory qualifications. It should open in December for existing SMCR firms, although they have 12 months to complete data – firms new to SMCR start in December 2019 and also have 12 months to complete. There will not be a transfer of data from the existing Register (which will continue for senior managers) but there will be a link to historic information held on it to the public. The obligation on providing and maintaining the data is squarely on firms – the FCA will not check it.
3. FCA priorities
The 2018/19 Business Plan is important reading for senior managers of all regulated businesses. It sets out its priorities for the year. These include culture, particularly the SMCR (you may also note the Upper Tribunal’s criticism of the FCA for pursuing junior staff for LIBOR behaviour while not going after senior managers with vigour: “The senior people somehow manage to keep their fingerprints off the relevant documents sometimes”); encouraging the use of fintech and regtech by firms (including its impact on competition, use of big data, machine learning, algo trading and artificial intelligence); implementation of the recent Market Abuse rules (a paper on ‘Approach to market integrity’ will be published in 2018/19) and MiFID II rules by wholesale firms (there is an unexpected emphasis on conflicts of interest); financial crime prevention is still a top priority (it will publish a thematic review on the money laundering in the capital markets); and developing a new prudential capital regime for asset managers.
Underlying all this is the more assertive stand the FCA is taking on changing firms’ business models – for competition purposes. The asset management study and later new requirements is a good example. Would the FSA have ever addressed the level and disclosure of fees charged by managers? Private wealth management is another; and its promotion of fintech and regtech (eg, the ‘sandbox’ for testing new products).
The BoE and the FCA are working on exploring how artificial intelligence and machine learning could be used to make reading their rulebooks easier, reporting regulatory data quicker and the analysis of that data more efficient. This is part of a more general rethink of how the new financial developments should be regulated in the future. An example is the more streamlined approval process for new banks. This has been very long and sometimes difficult in the recent past.
There has been a big increase (33%) in the number of senior managers who are interviewed by former senior practitioners for the FCA in respect of their roles over the past year (183 in 2017). Is it anticipating the SMCR? The PRA routinely already interviews many senior managers and directors.
4. Cyber security developments include:
- UK Finance has warned firms that they need to change their cyber risk assessment and prevention policies as they adopt new technologies such as AI and blockchain – with a direct impact on possibly increasing prudential capital. Regulators also need to change how they assess firms’ policies. (“As firms adapt, so too must the regulatory principles under which they operate. This process should consider both how to achieve a consistent treatment internationally and also how capital charges could be evolved.”)
- GDPR forces firms to report a data breach to the regulator within 72 hours. Publicity internally and externally will follow, so communications teams must be prepared. There could also be heavy fines from the regulator (the Information Commissioner’s Office). Failure by a firm to conduct regular conduct risk assessments could be costly.
- See the focus on firms’ cyber prevention policies in the FCA’s 2018/19 Business Plan described in point 3 earlier.
The onward adoption of fintech and regtech with the support of the regulator continues. Statistics abound but one telling one is that at least 30% of activities generally carried out by 60% of businesses will become automatable. However, job reductions have been offset by the rise of new types of jobs in financial services – IT and fintech being examples (the number of adverts for IT and engineering roles at banks in the EU have increased 11.4% since 2015 and accounted for 17% of bank job postings). One quote from a firm: “There are not an awful lot of reasons if you are a young tech millennial to be in London with the exception of, it is where the work is, and if the work drifts away, you might see quite a big impact.”
Machine learning, as in Google’s Deep Mind playing the game ‘Go’ against itself until it had learnt enough to defeat the human world champion, is being adopted by banks in particular who have also invested in fintech incubators to develop relevant services.
One popular approach is to augment AI with human decision-making. To quote a US data scientist: “AI is weak where humans need their full decision-making ability”. So, human asset managers may still be needed for active management.
6. Financial crime developments
- The next EU Money Laundering Directive (MLD5) is progressing. Proposed by the Commission, it is now under discussion in the EU Parliament. It addresses terrorist financing (post the Paris terror attacks) by increasing the transparency of financial transactions and legal entities. It will not start until 2019 at the earliest.
- The UK government has forced its overseas territories, such as the British Virgin Islands, to publish information on the beneficial owners of offshore companies registered there. Andrew Mitchell MP said that the UK’s overseas territories are “central to this nefarious activity [money laundering]”. This will make it easier for financial firms to conduct due diligence on customers.
- The new law on UK corporate entities not facilitating tax evasion anywhere requires firms to take reasonable steps to prevent this. The net is wide – agents are covered as well as employees. Some firms have responded by adopting a Board policy and training their staff and agents (including introducing brokers).
- The US sanctions against certain Russian oligarchs and companies they control continue to restrict UK firms’ customer relationships. For example, Rusal manufactures more than 10% of global aluminium.
- The FCA and the Insolvency Service are to share data to address corporate and financial misconduct and crime.
- The FCA has fined a bank (Canara Bank) nearly £900,000 and banned it from accepting deposits for 147 days for failing to maintain proper anti money laundering procedures for three and a half years. The problem was at all levels of the bank including senior management. They had been warned.
The Carillion debacle triggered the government’s review of the future of the audit regulator, the Financial Reporting Council (FRC); and indirectly raised questions about the purpose of company audits and even the possibility of disbandment of the Big 4 audit firms (Deloittes, Ernst & Young, KPMG, and PwC). The FRC has in turn heavily criticised KPMG for an unacceptable deterioration of its audit quality. Stephen Hadrill, the FRC’s CEO, has said: “At a time when public trust in business and in audit is in the spotlight, the Big 4 must improve the quality of their audits and do so quickly”. The review of the FRC is likely to be a turning point in auditing, with considerable consequences for audits – including their costs and Board representation letters.
8. Environmental, social and governance
The trend towards ESG investing continues by both wholesale and retail investors. Some developments:
- The lack of definition of ESG is troubling. Is it sufficient to avoid ‘toxic’ investments such as armaments and tobacco? Or should there be a positive duty to make ‘social good’ investments – perhaps with measurable impact? And since there is no agreed definition of ESG stocks, do you look at the total ‘score’ of all three factors or at them individually? So if an airline scores well in corporate governance and social factors, should it be failed because of a poor environmental result? And energy stocks? For example, when the UN applied its Principles for Responsible (PRI) Investment to its signatories, it found that 10% (185) failed to meet the minimum standards. Others criticise the PRI for lack of rigour.
- Global warming is becoming a major concern to Western governments as they struggle to meet their commitments under the Paris Accords. Mark Carney, governor of the BoE, has repeatedly warned banks to take this into account in their lending, eg, to coal mines, and the PRA is also concerned. These concerns apply to managers and investors too.
- The government is considering how to redress the gender balance in both Board appointments and senior management. The FCA has not yet pushed regulated firms on this but may do so in the future.
- The FCA has said that it will use the SMCR to take action on sexual harassment. This is implicitly covered in SMCR under the 'fitness and propriety' consideration.
9. Client assets
The Beaufort Securities failure has raised fears among investors that they cannot expect the return of their investments or cash without deductions being made for the costs of the professional firm brought in to wind up the firm’s business. PwC proposed to charge £100m for this role, reduced to £50m after protests from investors and perhaps the regulator. Only those clients whose assets were small enough to be protected (up to £50,000 against each Beaufort firm) will escape liability to contribute to these costs. The others with higher amounts of investments will contribute to PwC’s costs. This liability exists even if the investments are held with a nominee. Some retail clients are very unhappy about this, and want a review of the present position.
Some possibilities include the Financial Services Compensation Scheme (FSCS) carrying the whole cost of winding up firms in default (not popular because of the FSCS’s difficult financial position and the effective subsidy given to the investors by other firms through FSCS levies); requiring firms to insure against the possible risk and costs; creating a ‘captive’ insurance company under which firms underwrite the costs of other known firms (effectively requiring firms rejected by the captive to insure externally); and clients having their own direct account (not nominee account) with a custodian (ideal but difficult for retail clients to negotiate with a firm).
Views expressed in this update are those of the author alone and do not necessarily represent the views of the CISI.
This update is published in the Q3 2018 print edition of The Review. The print edition is available to all members who opt in to receive it, except student members. All eligible members who would like to receive future editions in the post should log in to MyCISI, click on My Account/Communications and set their preference to 'Yes'.