Developing/
Implementing
8.5
Delivering ESG and
sustainable finance
The ESG policy agenda has moved on with publication of the UK Green Finance Strategy in March and the EU’s latest Sustainable Finance Package in June, both of which will impact the financial sector and regulatory expectations of firms.
Greenwashing concerns are paramount in regulatory and supervisory responses. As well as driving new disclosure requirements, regulators’ focus on preventing greenwashing is fuelling initiatives on taxonomies, product labels, ESG data and ratings, and corporate sustainability due diligence.
The sheer breadth of reporting and disclosure requirements presents significant challenges for firms, with key standards now finalised and the focus shifting to implementation and assurance. The completed TNFD framework reflects increasing focus on broader nature and biodiversity-related sustainability issues, and requirements for transition plans are ramping up.
Investment managers and financial advisers are increasingly expected to consider sustainability risks in their investment and advice processes, even when they do not offer or specifically advise on green products.
Regulatory developments on the management of climate and environment-related risk, including on potential capital treatments, have slowed for banks and insurers, but supervisory expectations are rising to reflect expected increases in maturity of risk management and governance approaches. Pension trustees are being asked to address gaps where they have failed to manage this risk adequately.
Overall, ESG and Sustainable Finance continues to have a very high regulatory impact score. The pressure on FS firms remains intense, due to expanding reporting and disclosure requirements, lower tolerances from supervisors where firms fail to meet expectations and growing momentum around nature and social impacts. Further changes are in the pipeline.
See also Reinforcing Governance Expectations for CSDDD and UK CGC.
Tackling greenwashing
The supervisory toolkit around greenwashing is expanding in line with continuing regulatory concerns. Greenwashing, the practice where sustainability-related statements, declarations, actions or communications do not clearly and fairly reflect the underlying sustainability profile of an entity, product or service, is driving a number of regulatory initiatives, with impacts at product, portfolio and firm level. Regulators and supervisors are sending clear messages that, without firm action, greenwashing could undermine the transition and result in poor consumer outcomes.
Read more
Reporting and disclosures
Sustainability-related regulatory and corporate reporting requirements continue to develop in both scope and granularity, with ongoing discussions across jurisdictions on how to make standards interoperable or at least complementary, to support harmonisation and reduce the burden on firms. New standards and tight deadlines will require significant coordination and data gathering efforts by firms.
Read more
Climate and environment-related financial risk for banks and insurers
Consideration of climate and environment-related risk is a key element of the BAU supervisory cycle, and regulators have set clear expectations and consequences for failing to act. Firms are expected to embed consideration of sustainability factors into their risk frameworks and stress testing. Longer term changes to capital and solvency requirements are still being considered.
Read more
ESG and markets
As financial services firms and the real economy transition to more sustainable business models, ESG-related mechanisms have expanded to support them. Carbon markets, which provide a vehicle for companies to trade carbon emission credits, need to be transparent and effective. Regulators in the UK and EU are also proposing formal regimes to ensure the transparency and appropriateness of ESG data and ratings.
Read more
Portfolio management and advice
EU buy-side market participants already need to integrate sustainability risks and factors in their business, understand client preferences, and take account of certain sustainability considerations within the product manufacturing and distribution process. ESMA guidelines adding detail to existing requirements will become effective from October. While similar requirements have not yet been adopted in the UK, the FCA has signalled plans to consult on sustainability preferences and has invited views on how sustainability can be further embedded in all areas of regulated firms’ business.
Read more
Considerations for firms
- Do we understand the extent of our own and our clients’ ESG exposures?
- Have we considered the full range of new regulations or amendments that will impact us directly or indirectly?
- Are we embedding our approaches to risk and disclosures in line with supervisory and other stakeholder expectations?
- Have we prepared a net zero transition plan in line with regulatory guidance/expectations? If not, do we have a robust plan to do so?
- Have we carried out a scoping and classification exercise of our investment products against proposed labelling and disclosure requirements?
Tackling greenwashing
The ESAs, in their June reports to the European Commission, identified an increase in the total number of potential greenwashing cases across all financial sectors and proposed a common understanding of greenwashing across banking, insurance and pensions and financial markets. Firms should be aware that greenwashing can occur intentionally or unintentionally and in relation to entities and products that are either within or outside the remit of the EU regulatory framework. The reports highlight how greenwashing can occur in each sector and considers current and future regulatory/supervisory approaches. Final reports are expected by end May 2024.
Taxonomies provide consistent definitions of what can be considered 'green' or sustainable. The EU Taxonomy technical screening criteria for climate mitigation and adaptation objectives have now been supplemented by draft criteria for the remaining four environmental objectives, which will apply from January 2024. Consultation on the UK Green Taxonomy is expected before the end of 2023. The UK is likely to follow the same structure as the EU but with UK-specific refinements, for example around the streamlining and usability of 'Do No Significant Harm' criteria (per the recent GTAG report). The UK Government has committed to a period of at least two years of voluntary disclosures before the introduction of any mandatory obligations.
In the EU, the SFDR is under review to ensure that it works consistently and effectively in parallel with other sustainability regulation. The ESAs have already consulted on changing the ‘level two’ requirements, but more significantly, the Commission is now gathering views on how the ‘level one’ requirements could be adjusted or fundamentally restructured - potentially resulting in the introduction of new product categories that align with the FCA’s SDR.
In the UK, the delayed SDR will be the primary tool to prevent greenwashing, with the general anti-greenwashing rule taking effect from late 2023, and requirements for product- and entity-level disclosures taking effect between 2024 and 2026. In addition, the FCA has proposed three product labels for wealth, fund and asset managers, with in-scope firms to label their products voluntarily if they meet the relevant criteria.
ESMA expects to finalise guidelines before the end of 2023 to ensure that fund names do not mislead consumers as to ESG characteristics, although it is not yet clear how this may be impacted by potential reforms to SFDR. ESMA is also conducting a common supervisory action to understand how asset managers are complying with sustainability requirements in practice. Work continues on the EU Green Bond Standard, but progress on the EU Ecolabel has been delayed while the SFDR is reviewed.
Reporting and disclosures
The ISSB’s IFRS S1 and S2 are now final and will be applicable from 1 January 2024. Although envisaged as global baseline standards, individual jurisdictions will decide whether and how to adopt them.
The UK Government plans to create UK Sustainability Disclosure Standards (UK SDS) by July 2024, based on the ISSB standards. In H1 2024 the FCA will consult on updating its TCFD-aligned disclosure requirements to reference IFRS S1 and S2. Further ISSB standards will follow, with biodiversity, human capital, and human rights proposed as focus areas for the next two years.
The European Commission has adopted the ESRS, which will underpin disclosures by companies subject to the EU’s CSRD. The first reporting in 2025 will capture the largest EU companies, with smaller companies and some non-EU companies potentially in-scope in subsequent years. The Commission has also clarified additional disclosure requirements for firms following publication of draft technical screening criteria for the remaining four environmental objectives of the EU Taxonomy.
TCFD, IFRS S2 and ESRS E1 include requirements for firms to disclose information about their transition plans, and the UK TPT’s final disclosure framework and implementation guidance is expected in October 2023. In H1 2024, the FCA will draw on TPT outputs to consult on guidance for listed companies’ transition plan disclosures.
The TNFD risk management and disclosure framework is now complete, providing recommendations and guidance for all market participants to use on a voluntary basis. Further clarification is awaited on how this will be integrated into other standards.
The BCBS will consult by the end of 2023 on integrating climate-related financial risks into the Pillar 3 disclosure framework. Pillar 3 ESG disclosures are already required for the largest EU banks and will be phased in until June 2024 for smaller firms. GAR disclosures will also apply in 2024 based on 2023 data. Banks may opt to disclose the BTAR from June 2024 with collection from counterparties on a voluntary basis.
TPR has been reviewing ESG disclosures from pension schemes and will share its findings with industry. Where trustees have not produced the correct disclosures, the TPR has the power to impose fines up to £50,000.
IOSCO has called for an effective global assurance framework for sustainability disclosures, to be developed by assurance and ethics standard-setters. A draft framework is expected by the end of 2023.
Climate and environment-related financial risk for banks and insurers
Banks must meet the ECB’s supervisory expectations, as set out in the Guidelines for Climate and Environmental Risk, by end-2024 at the latest. And the EBA is tasked with developing guidelines for banks to identify, measure, manage and report on ESG risks and develop quantifiable targets to monitor them and specific guidelines on climate-related stress testing.
The EBA has launched an industry survey to collect quantitative and qualitative data from credit institutions on their green loans and mortgages. EBA and EIOPA have jointly called for an increased uptake of natural catastrophe (NatCat) insurance. Only one quarter of EU climate related NatCat losses are currently insured, with supervisors flagging this as a potential risk to financial stability.
The European Commission has asked the ESAs to conduct a one-off climate risk scenario analysis to assess the resilience of the EU’s financial system. The exercise will cover severe but plausible scenarios in both benign and adverse macro financial environments, with results expected no later than Q1 2025.
Debate on the treatment of sustainability risks and their impact on capital requirements continues. The BoE has published a paper noting that further work is needed to assess whether there may be gaps in the capital regime, and in Europe the treatment of sustainability risks in Solvency II was a key point of contention in the European Parliament.
Momentum is growing around broader nature and biodiversity impacts – see also Reporting and disclosures for the latest on the TNFD. The NGFS has also published a Conceptual Framework which aims to help central banks and supervisors move towards an integrated assessment of climate and broader nature-related risks. The principles-based approach builds on previous work by the joint NGFS-INSPIRE Study Group on Biodiversity and Financial Stability.
ESG and markets
GHG emissions are a priority KPI for stakeholders and investors and will be reflected in firms’ net zero transition plans. Participation in carbon markets may be appropriate to help deliver on emission reduction commitments. However, there is currently a patchwork of regulation and calls for greater consistency and transparency in these markets. Although regulators have not yet identified any immediate issues, they are seeking to develop regulatory mechanisms that will ensure that markets remain effective. Meanwhile, the ICVCM, an independent industry body, has published 10 Core Carbon Principles addressing the integrity of carbon markets.
Following an IOSCO consultation on recommendations for regulators, EU authorities have agreed the principles for a Carbon Border Adjustment Mechanism (CBAM), which will levy import charges on goods based on their carbon-intensity from 2026 - the UK Government is investigating a similar proposal. The EU is also in the early stages of developing a certification and verification scheme for credits linked to the removal of carbon from the atmosphere.
There have been significant developments on ESG data and ratings in the EU, UK and other markets. ESMA’s proposal for a regulatory regime for ESG ratings providers would see firms requiring formal authorisation to provide their services to EU firms. They would also be forbidden from providing a number of other services, including consulting and audit services, a move which could have significant impacts on firms who have grown organically to meet market demand. In the UK, HMT is consulting on bringing ESG data and ratings firms within the regulatory perimeter, which would require firms to seek authorisation under the Regulatory Activities Order (RAO). At the same time, the FCA has tasked the IRSG with developing a principles-based voluntary code of conduct for firms. Further afield, Japan, India and Singapore are developing their own approaches, and firms operating internationally will have to navigate multiple regimes unless equivalence is granted.
Portfolio management and advice
Since 2022, EU UCITS Management Companies, AIFMs and MiFID investment firms have been required to integrate sustainability risks and sustainability factors into their investment processes, decision-making procedures and organisational structures, risk management, due diligence, resources and conflicts of interest management. Additionally, MiFID investment firms (investment managers and distributors) must incorporate ‘sustainability preferences’ into their investment advice and suitability processes and product governance frameworks. ESMA guidelines regarding product governance, suitability and sustainability preferences have been finalised and will apply from October. In the meantime, ESMA has published a call for evidence to understand better the evolution of the market, how firms apply the rules in practice, and the experience of investors. It will assess the responses along with EU regulators.
The FCA has not yet adopted similar sustainability requirements for UK firms. However, it announced plans to consult on rules for financial advisers to incorporate sustainability matters and investor preferences when delivering investment advice. And in its February discussion paper, it invited views on how sustainability can be embedded within regulated firms’ objectives, strategies, governance, incentives, and staff competence. Feedback to the paper will inform the FCA’s future regulatory approach.
Maintaining financial
resilience
With continuing economic uncertainty, including inflationary pressures and recent exits from the market, regulators and supervisors are focused on maintaining robust levels of financial resilience and looking ahead to escalating risks and system-wide vulnerabilities including climate and environmental risks and increasing digitalisation. Firms are expected to maintain appropriate levels of capital and liquidity in the face of evolving economic conditions, and to prioritise high quality data, risk management and governance.
Implementation timelines and requirements for remaining (e.g. Basel 4) or revised (e.g. Solvency II) framework elements are being clarified. Further frameworks are being developed, including resolution for insurers in the UK and EU and a prudential regime for smaller UK banks. Stress testing remains a key supervisory tool in monitoring banks’ and insurers’ vulnerabilities.
In addition to ongoing policy changes to the prudential framework for investment firms, the FCA has completed a supervisory review of IFPR implementation and identified financial resilience as a supervisory priority for several sectors.
The regulatory pressure score for financial resilience has increased reflecting significant impacts relating to the final Basel reforms, Solvency II, recovery and resolution for banks and insurers and the need to upskill on climate-related financial risk (see Delivering ESG and Sustainable Finance).
Banks
Banks must now implement the final Basel reforms, with potential jurisdictional differences adding to the complexity. Resolution frameworks and deposit insurance schemes are under scrutiny following recent bank failures. Credit and funding risks, wider risk management and governance (including around models) and regulatory reporting are also high on the regulatory agenda. The establishment of regimes that are robust, yet proportionate, and which facilitate competitiveness, may lead to increasing divergence between the UK and EU.
Read more
Insurers
Insurers need to consider implications of the upcoming changes to UK Solvency II and closely monitor discussions at European and global levels as prudential standards continue to evolve. The development of targeted resolution frameworks for insurers, in the UK and EU, is another significant area of focus. Finally, supervisory scrutiny remains high across life, GI and reinsurance.
Read more
Investment firms
Revised requirements for most investment firms (such as wholesale brokers, asset managers, and distributors) in the UK and the EU are now well embedded. The FCA’s stated priorities in portfolio letters and feedback on IFPR implementation show that firms should continue to monitor clarifications and amendments, prepare for new reporting requirements, review wind-down plans and incorporate supervisory feedback.
Read more
Considerations for firms
- Have we clearly mapped and implemented the requirements for new or recalibrated prudential frameworks?
- Have we considered how to track and manage potentially divergent requirements across jurisdictions?
- Given the likelihood of continuing market volatility, are our control frameworks sufficiently robust?
- Are we comfortable that we have robust governance and controls around internal models?
- Have we assessed the adequacy of our preparedness for market exit?
Banks
The 2023 EBA and BoE stress tests found banks to be resilient under adverse scenarios, and sufficiently capitalised to withstand further economic deterioration, but regulators cautioned that they may still be vulnerable to worsening conditions. Regulators also noted that the tests require updating to account fully for bank runs in the digital age, where online withdrawals and social media communication can rapidly amplify problems – as highlighted by recent bank failures.
Banks now have just over a year to start implementing the final Basel reforms (also known as Basel 4, Basel 3.1 or Basel III Endgame) in the EU and UK. Provisional agreement on the banking package to finalise the EU’s Basel implementation was reached on 27 June. The agreement needs to be confirmed by the Council and Parliament before adoption and many details are yet to be published. The PRA has consulted on UK requirements and final rules are expected in late 2023 or early 2024. The US issued its proposals in July. Differing approaches to internal models, proportionality and other local specificities are fuelling debate on the ‘level playing field’ and add to the complexity for banks operating across borders.
Banks are expected to comply with the PRA’s five model risk management principles by 17 May 2024. The ECB has also consulted on updates to its internal models guide and banks will need to plan for changes in areas such as model calibration, climate and environmental risks and IT implementation.
UK banks and relevant third-country branches with trading activity that could affect the financial stability of the UK must meet the PRA’s requirements for identification of trading activity wind-down strategies by 3 March 2025. The PRA has also proposed requirements for BAU solvent exit analysis and planning for smaller, non-systemic firms, to be in place by October 2025.
The UK Government is expected to consult shortly on a series of mid-term reforms to improve the functionality of the ring-fencing regime. This could result in banking groups without major investment banking operations being removed from the regime.
From a supervisory perspective, the ECB is addressing shortcomings in credit and funding risk management (including IRRBB and CSRBB), strengthening governance and risk data aggregation and reporting, and stepping up efforts on the management of C&E risks (see Delivering ESG and Sustainable Finance). Similarly, the PRA is focused on non-performing exposures, securitisation, stress testing, model risk management, the internal ratings-based approach/hybrid models and regulatory reporting.
Insurers
Reforms to Solvency II continue to be a significant focus both in the UK and the EU. The PRA has released the first of its major consultations on the review and is working towards a phased implementation of Solvency UK (SUK). Reforms to the Risk Margin will come at the end of the year, followed by changes for insurers with well-matched long-dated liabilities (‘Matching Adjustment’) in June 2024 and the remainder of the package by end of 2024. This approach will allow insurers to release capital towards productive investment earlier, consistent with the Government’s objectives for the review.
SUK represents a return to a UK style of policymaking, with a principles-based approach to areas such as Internal Model approvals and oversight. Firms new to insurance will benefit from a new optional Mobilisation regime, and UK branches of overseas firms are arguably the biggest beneficiaries of the review so far. The UK Government has also signalled an intention to introduce an Insurance Resolution Regime (IRR) to give the BoE, as Resolution Authority, stabilisation powers to assist with the exit of the largest firms and those with un-substitutable products. Separately, the PRA is expected to consult on its expectations for ease of exit planning for insurers more broadly.
In the EU, the European Parliament has now reached a position, and the revised Solvency II Directive can continue going through the usual EU legislative process, with negotiations between the European Parliament, European Commission and the Council. As in the UK, resolution is a key theme, with proposals for an IRRD, which aims to create a harmonised framework across Member States, progressing alongside the Solvency II revisions.
From a supervisory perspective, the PRA is focusing on firms’ risk management of reinsurance arrangements, particularly where life insurers transfer longevity risk on their annuity business or use funded reinsurance (transfer of both liability and asset risks). For general insurers, the PRA is looking at the risk management and governance around the impact of claims inflation. Finally, insurers can expect an announcement on the next insurance stress test later this year. Cross-cutting themes, including operational resilience and climate risk, are also a focus.
Investment firms
The FCA’s latest consultation invited views on further amendments to the IFPR. It proposed clarifications on various topics such as the own funds threshold requirement and the group ICARA process. The FCA also published its wide-ranging observations on IFPR implementation, identifying several areas for improvement. For firms opting-into a group ICARA process this included more granular expectations on assessments for each firm in the group. The FCA reiterated its focus on justifying key assumptions, the governance of the ICARA process and the robustness of wind-down plans, with gaps across wind-down plans being a notable theme. It also noted that weak systems and controls continue to lead to inaccurate or incomplete regulatory reporting.
Related to this point, the FCA finalised a new regulatory return for certain non-MiFID firms to formalise ad-hoc information gathering it has undertaken since the onset of the pandemic. Impacted firms will need to report from January 2024. The FCA has stated that it intends to review prudential requirements for some of these firms in 2023.
The FCA has also identified financial resilience as a supervisory priority for several sectors. For example, in its recent ‘portfolio letter’ addressed to wholesale brokers, the FCA noted that firms should have sufficient competence and expertise and should review the level of liquidity they hold to ensure it is commensurate with the risks. Financial resilience is also a stated supervisory priority in its latest portfolio letter for asset managers.
The EU continued to supplement the EU IFD/IFR regime. The EBA’s most recent standards relate to the own funds requirements as well as the prudential consolidation of an investment firm group, covering the consolidation scope, methods, and methodology.
Regulating digital
finance
Accelerated adoption of digital innovation within financial services continues. This is providing significant benefit to customers and service providers, but also introduces novel risks to consumer protection and, on a wider scale, to financial stability. As a result, regulators are now taking much more deliberate steps to update their regulatory and legal frameworks.
The automation and streamlining of processes in the trade lifecycle could potentially disintermediate incumbent players. The line between retail and wholesale services is blurring as trading apps allow consumers to access products directly, without the need for middlemen or other gatekeepers. There are concerns that this ease of access is also leading to the gamification of financial services.
The uptake of crypto-assets requires regulators to determine whether they can be accounted for within existing regulatory frameworks, or whether new approaches are necessary. Central banks are also considering minting their own CBDCs to safeguard the traditional role of currency.
While some jurisdictions are pursuing prescriptive bespoke frameworks for AI, others are opting for more flexible principles-based approaches where they can lean heavily on existing structures.
As Big Tech firms continue to expand their presence within financial services, regulators are closely assessing the trade-off between benefits and harms, with particular scrutiny of their role as the gatekeepers of data. The challenge for regulators now is to support innovation whilst still protecting customer data and ensuring that holders of data do not have an unfair competitive advantage.
Since the H1 2023 Barometer, there has been a slight increase in pressure resulting from digital finance regulation. After a period of observation, regulators are now publishing comprehensive consultations on proposed frameworks, and engaging heavily with firms and other stakeholders on how proposals should be implemented. However, only a few of these have been finalised and are ready for firms to implement.
Crypto-assets and CBDCs
Regulators have published various consultations on how to regulate the crypto-assets sector and are now engaging closely with stakeholders to fine-tune proposals. At the same time, global standard setters are publishing non-binding recommendations, which they suggest are incorporated into these developing frameworks. The development of CBDCs continues, with a recent BIS survey showing that 93% of central banks are now considering issuing one.
Read more
Artificial intelligence and machine learning
Artificial intelligence and machine learning techniques can enable firms to offer better and more personalised products and services to consumers, improve operational efficiency and increase revenue. However, they can also pose new challenges for firms and regulators and amplify existing risks. Although financial supervisors had already begun to issue individual ad-hoc guidelines, they are now also working towards designing more comprehensive overarching plans. Some jurisdictions are choosing to pursue prescriptive bespoke frameworks, while others are opting for more flexible principles-based approaches where they lean heavily on existing structures.
Read more
Platformisation, Big Tech in Finance
Over the past few years, several Big Tech players have entered the financial services arena and begun offering a variety of platform-based solutions directly to consumers, while also becoming critical third-party providers to traditional firms within the ecosystem. However, unlike traditional firms – which are designed to operate exclusively within the financial services domain – some Big Tech firms are choosing to develop and distribute financial products as part of their wider portfolio of existing activities. Policymakers and regulators are consequently having to examine whether the current regulatory framework is fit for purpose.
Read more
Data sharing and innovation
Open Banking is seen as a successful driver of innovative products and services for consumers. Regulators and policy makers are now embedding and refining the regime and are advancing proposals that take the principles of data sharing contained within the initiative and broaden them further to create an Open Finance framework.
Read more
Considerations for firms
- Are we developing a clear governance and control framework around the use of AI, including any elements which are provided by external parties or vendors?
- Have we accounted for the expected regulatory impacts of operating with any form of crypto-asset or wider use of distributed ledger technology?
- Have we considered how the diverging regulatory approaches for elements of digital finances will impact our global business footprint and strategy?
- Have we considered potential business model and strategy implications of a payments landscape that includes CBDCs?
- Does our business model consider the growing impact of BigTech companies competing more directly within the financial services ecosystem?
Crypto-assets and CBDCs
The EU’s MiCA provisions for stablecoins are set to apply from mid-2024, and provisions for other service providers will apply from 2025. The EBA and ESMA are now consulting on corresponding RTS, ITS and Guidelines. During the CRR/CRD trilogues, negotiators also leveraged MiCA’s ‘risk buckets’ to agree a transitional regime for crypto capital charges, until the final BCBS standards are adopted in legislation.
In the UK, HMT has published several highly anticipated consultations. An overarching crypto framework proposes the creation of several crypto-assets regulated activities, mirroring equivalents in traditional finance. This would require all crypto-native firms to obtain full FCA authorisation – a step-change compared to the current AML requirements. HMT has also published proposals for a Digital Securities Sandbox which align closely to the EU’s pilot DLT regime. And, more detail is expected before the end of 2023 on how stablecoins will be brought within existing e-money and payment services regulation.
FCA rules applying the Financial Promotions Order to certain crypto-assets (as promised last year by HMT) will come into effect from October with an extension available for changes that require ‘greater technical development.
Global standard setters (including the FSB and IOSCO) have published a flurry of final recommendations on crypto-assets, having strengthened initial recommendations in light of recent market failures. Despite being non-binding, national regulators are being encouraged to incorporate these into their respective frameworks.
The European Commission has published draft legislation for the legal framework of a potential digital euro. Similarly, the BoE has published its first consultation on a digital pound and is now deeming it ‘likely’ that one will be needed. While acknowledging that it would seek to limit financial stability risks, the BoE noted that it would not protect any status quo structures.
Artificial intelligence and machine learning
The EU Parliament is fine-tuning proposals for the prescriptive AI Act, which classifies systems into four tiers of risk with increasing levels of requirements. These start with transparency and voluntary codes of conduct and escalate to ex-ante conformity assessments and ex-post quality and risk assessments and monitoring. The majority of the Act focuses on identified high-risk systems –while only three of these seem applicable to financial services, the list would be updated by the Commission on an ongoing basis. The Act also proposes to establish a new AI Board to oversee its application across the bloc.
In comparison, the UK is opting for a much more flexible and principles-based approach. The government’s pro-innovation March Whitepaper (updated in August) proposed to build on existing regimes and empower existing regulators to fold a set of five cross-cutting principles into their remit. It is therefore unlikely that UK financial regulators will intervene with new specific rules for AI. Rather, frameworks such as Consumer Duty and the SMCR will likely be leveraged to hold firms to account for the appropriate use of, and governance over, AI models. Suggestions have been made in the UK Parliament for the creation of a bespoke AI SMCR regime, rather than relying on existing defined roles, but this remains to be debated.
To act as a stopgap while formal regulation continues to mature, the EU-US Trade and Tech Council summit is planning to present a voluntary code of conduct to leaders of the G7 in the autumn. These non-binding standards are expected to focus on transparency, risk audits and other technical details for companies developing AI.
Data sharing and innovation
Maintaining the UK’s position as a leader in Open Banking continues to be a priority for HMT, the CMA and the FCA. One year into its work, the cross-authority taskforce has confirmed the principles underpinning the long-term regulatory framework, set out its vision for the open banking future entity, published a two-year roadmap of priorities, set up six dedicated workstreams to action them and developed principles for commercial frameworks for premium APIs. The European Commission has made targeted amendments to the Open Banking framework in its PSD3 proposal to improve its functioning, removing obstacles to providing Open Banking services and improving customers' control over their payment data, enabling new, innovative services to enter the market.
Building on the Open Banking framework, regulators are keen to develop Open Finance, to allow consumers and SMEs to access and share their data on a wider range of financial products with third-party providers. The Data Protection and Digital Information Bill is at an advanced stage in the UK Parliament. Once enacted, this will create a clearer regulatory environment for personal data that could help drive the adoption of Open Finance. Laying the groundwork for the delivery of open finance throughout the EU, the European Commission has set out a legislative proposal for a framework for financial data access (FIDA). FIDA would establish an Open Finance framework facilitating responsible access to individual and business customer data across a wide range of financial services.
The UK Government has also laid regulations in Parliament outlining a framework for pension dashboards designed to help retail customers better track and understand the various pension pots they hold. However, implementation has been delayed until 2026. EIOPA is consulting on the principles of Open Insurance, but this is currently only designed as a theoretical use case.
Strengthening operational
resilience
Operational resilience remains a key priority in regulators’ work programmes. The ESAs are focused on the implementation of DORA, including the development of regulatory technical standards. The BoE, PRA and FCA are assessing progress against existing operational resilience policies, developing new policy and oversight approaches for critical third parties, and monitoring cyber threats, and the BoE has extended outsourcing and third party risk management requirements to FMIs.
Regulatory authorities have realised that a broader approach to operational resilience — incorporating equally important components such as people, processes, technology and information — is needed. They recognise that inadequate operational resilience has the potential to affect not only individual firms and their customers, but in an increasingly digital and interconnected world, to cause rapid contagion, with significant impacts on wider financial stability and the functioning of financial markets.
Regulators require firms to demonstrate end-to-end operational resilience, including cyber and ICT resilience, in their key business activities, to prevent severe disruption and maintain financial stability. Strong governance and accountability are expected, as is robust testing of disruption scenarios. Firms must consider the possibility of multiple concurrent disruptions and the emergence of new threats and vulnerabilities, including extreme events arising from climate change, geopolitical events and bad actors.
Resilience expectations are extending to a wider range of participants operating in the financial sector. Cloud service providers and other critical third parties are under scrutiny, with regulators particularly concerned about concentration and other risks associated with outsourcing critical functions to potentially unregulated entities.
The regulatory pressure score for operational resilience remains high, due to the challenges of implementing DORA by January 2025, expanding requirements for FMIs and the expectation of further proposals for critical third parties.
Enterprise-wide resilience
Principles and rules introduced in the last few years target enterprise-wide resilience. Regulators expect firms to map their most important business services from end to end, identify severe but plausible stress scenarios, and carry out testing to identify weaknesses. Firms must define the amount of disruption that they would be willing to tolerate and to monitor and measure their ability to remain within these tolerances.
Read more
Digital resilience
Additional demands on systems, processes and data in financial markets have increased regulators’ focus on firms’ digital/ICT resilience. The EU’s DORA aims to address increasing threats from cyber-attacks and increasing reliance on digital technology. DORA is intended to harmonise ICT resilience requirements across the EU, with consequential amendments to other legislation. Given the broad scope of the Act, many firms will need to make structural and strategic changes.
Read more
Third-Party Risk
Regulatory guidance on outsourcing has been in place for some time, but expectations have grown in the EU and the UK, reflecting the growing reliance on and stability risks posed by critical third parties and more robust requirements for digital resilience. Specific rules are now being introduced to identify critical third party providers and bring them within the regulatory perimeter.
Read more
Considerations for firms
- Do we have a clear view of the resilience of our end to end processes for important or critical services, including third party dependencies?
- Have we understood, documented and tested our tolerance for disruptions and our ability to recover?
- Have we considered the impacts of increasing requirements around digital (including cyber) resilience and developed a clear route to implementation?
Enterprise-wide resilience
Operational resilience has been on the financial services’ regulatory agenda for many years, but it has often been addressed in a piecemeal and siloed way. In recent years, that has changed, with regulators looking to create joined-up policy and expecting firms to embed enterprise-wide resilience.
Regulators in the UK and EU agree on the need for firms to prioritise the resilience of their most critical services and operations and to minimise the effects of disruption on customers. In the UK, firms must now have identified and catalogued their important business services and defined impact tolerances for disruption to these services. The next major milestone, in March 2025, will be to demonstrate their ability to remain within impact tolerances when under stress. Strong governance and accountability are expected. UK regulators are emphasising that firms not formally under scope of the rules should consider them as good practice.
In the broad landscape of regulatory requirements, guidance and principles, some are more prescriptive than others, but all have the same intent - to maintain the integrity and stability of financial institutions and financial infrastructure and to protect customers from harm. With that in mind, a well thought out enterprise-wide resilience strategy should satisfy regulatory requirements and deliver against principles across multiple jurisdictions.
Digital resilience
DORA entered into force in January 2023 and must be applied by 17 January 2025. The Joint Committee of the ESAs launched the first consultation on its detailed policy packages on 19 June. The packages build on existing EU and international standards and comprises four draft RTS and one set of draft ITS, covering ICT risk management frameworks, classification of ICT-related incidents, templates for the register of information and specification of the policy on ICT services supporting critical or important functions performed by ICT TPPs. Further RTS and ITS will follow.
DORA will impact a very wide range of financial entities in the EU. Critically, it will also apply to ICT third parties – for more see Third-Party Risk. It will have significant interactions with other regulations. NIS2, the new directive to strengthen cyber security in the EU, will align with sector-specific legislation set out in DORA for regulated entities. The Capital Requirements Directive (CRD) will require ICT business continuity and disaster recovery plans to comply with DORA. MiFID II will refer to DORA and include amended provisions relating to continuity and regularity in the performance of investment services and activities, resilience and sufficient capacity of trading systems, effective business continuity arrangements and risk management. Solvency II, UCITS, AIFMD, IORPD II and the Statutory Audits Directive will refer to DORA regarding management of ICT systems and tools. PSD2 authorisation rules will refer to DORA, although incident notification rules will exclude ICT-related incident notifications that DORA will harmonise.
The ECB has announced that it will conduct a cyber risk stress test in 2024. The exercise is expected to begin on 2 January 2024, with banks needing to submit questionnaires and supporting evidence by 29 February 2024.
Third-Party Risk
Regulatory scrutiny of third-party relationships and risk management has intensified. In the UK, the PRA’s policy on third party risk management provided a holistic framework for managing outsourcing and third party risk with specific requirements around governance, materiality, risk assessment, data security, and business continuity and exit planning. In February, the BoE issued a corresponding Policy Statement on FMI outsourcing and third party risk management. FMIs must comply with the relevant supervisory statements and, for RPSOs and SSPs, the requirements of the Code of Practice, by 9 February 2024.
In the EU, DORA builds on the outsourcing Guidelines already issued by the EBA, ESMA and EIOPA to strengthen oversight and monitoring of third-party ICT.
Non-financial firms increasingly provide essential services to the financial sector giving rise to concerns about reliance on a small number of third party providers. DORA will empower the ESAs to designate Critical ICT Third Party Providers (CTPPs) through a new oversight framework. The designation will be based on qualitative and quantitative criteria including the potential systemic impacts of the third party and the firms it services, the extent to which the third party is relied upon, its substitutability etc. Third party service providers not designated as critical will also be able to opt into the oversight framework. Critical third-country ICT service providers to financial entities in the EU will be required to establish a subsidiary within the EU so that oversight can be properly implemented.
Similarly, in the UK, FSMA 2023 empowers HMT to designate Critical Third Parties (CTPs) and the regulators to regulate and supervise them. The BoE, PRA and FCA followed their July 2022 discussion paper on critical third parties to the financial sector with a survey, which closed in May and aimed to support analysis of the costs and benefits of a potential critical third party regime. A further consultation on the proposed requirements and expectations for CTPs is expected later in the year.
Developing/
implementing
6.8
The continuing and rapid evolution of the payments landscape and technology and its resulting impact on consumer behaviours and expectations poses benefits and challenges for providers and regulators alike.
In stark contrast to ten years ago when ‘cash was king’, consumers and businesses now make use of a wide variety of forms of digital payments and, whilst still essential for some, cash use is in decline. This is driving regulatory change to ensure there is an agile and flexible regime that supports innovation and competition, whilst simultaneously ensuring that payment systems are efficient and do not put consumers at risk or exclude them from access to products and services.
Regulators are considering the systems underpinning payments and looking at how to ensure markets work well. They are doing this with an eye on future market opportunities and developments such as Open Banking or the introduction of new forms of digital currency.
Whilst offering many consumer benefits, the increasing number of digital forms of payment has opened the door to new frauds and scams. Alive to the potential impact and scale of this issue, regulators are establishing a suite of rules to protect consumers and encouraging firms to consider making changes to reduce risk.
In both the UK and EU, there is strong understanding of the continued need for access to cash. Activity is underway to bolster existing measures, in an attempt to stem the decline of cash which may be detrimental to some consumers. Regulators are also seeking to understand the drivers for the continued use/need for cash with a focus on future solutions.
UK-regulated payment firms are also busy embedding the Consumer Duty and ensuring compliance now the implementation deadline has passed.
Payment infrastructure and innovation
The payments infrastructure continues to develop to ensure that, as payments evolve, the systems underpinning them continue to be effective, efficient, secure and expand consumer choice. Work on the UK NPA and European Commission retail payments strategy is progressing, and in both jurisdictions work to renew payment systems is underway to ensure they remain resilient, flexible and innovative. The utility and importance of access to cash for UK and EU citizens continues to be recognised as a priority, with work in progress to protect access whilst simultaneously supporting a flourishing payments sector.
Read more
Consumer protection
Regulatory interventions to disrupt or prevent fraud and scams have had some impact, however instances remain stubbornly high and reducing them is a key priority for policy makers and regulators. In the UK, with the extended CoP regime now in place, attention has turned to the fair treatment of scam victims through mandatory reimbursement and supporting infrastructure. The EU is following suit with its reforms to PSD2.
Read more
Competition/Access and Choice
Alongside ensuring faster, more secure, and more efficient payments, policy makers want to support innovation and competition in the payments industry and ensure that markets are functioning well. In the UK the government and regulator are keenly focused on fees in the card market.
Read more
Considerations for firms
- Do we have a payments’ modernisation programme in place in order to respond to the evolving payment and regulatory landscape?
- Have we considered potential business model and strategy implications of developments in Open Banking and Open Finance?
- Does our payments’ strategy reflect existing and emerging regulatory expectations on the provision of cash?
- Have we assessed the impact of new APP fraud and scam rules and any policy, process and technological changes required to ensure compliance?
Payment infrastructure and innovation
Changes have been made to payment systems with Eurosystem’s successful launch of the T2 wholesale system, and the UK’s migration of CHAPS to ISO 20022. The latter, together with confirmation of a new tariff framework for RTGS and CHAPS, mark significant milestones in the BoE's RTGS renewal programme and will support the NPA. The European Commission has proposed that instant Euro payments be available to consumers and businesses across the EU via the Instant Payments Regulation. The ECB is exploring how wholesale financial transactions recorded on DLT platforms could be settled in central bank money to ensure that developments keep pace with, and contribute to, digital innovation in wholesale and retail payments.
The UK Government recognised the potential emergence of systemically important firms in payment chains by confirming reforms to the BoE and PSR statutory perimeters. The Financial Stability Board (FSB) is continuing to implement the G20 Roadmap for enhancing cross-border payments.
In both the UK and EU there is continued recognition of the importance of access to cash for many businesses and consumers. The BoE and FCA are monitoring levels of cash use which are continuing to fall. This has resulted in new legislation enshrined in FSMA giving the FCA powers to ensure reasonable provision of cash access services. The BoE has also confirmed its approach to the supervision of the wholesale cash distribution market with the aim of ensuring that the UK’s wholesale cash market meets the needs of consumers and the wider economy for cash over the long term. The European Commission has introduced a legislative proposal on the legal tender of Euro banknotes and coins, to safeguard Euro cash as a means of payment. This includes requirements for Member States to monitor access to cash. Commission proposals in PSD3 also improve access to cash by allowing retailers to offer cash withdrawals without purchase and changing the scope of the licencing regime.
Consumer protection
In the UK, the PSR has advanced its consumer protection initiatives - confirming that nearly all CHAPS and Faster Payments will be covered by CoP from October 2024 and introducing scam data publication rules to improve reimbursement for APP scams victims.
Mitigating the risk of fraud and financial crime also forms a key part of the UK’s next phase of Open Banking, with Open Banking Limited (OBL) tasked with actions to combat financial crime such as Open Banking-based data-sharing in Faster Payments, a financial crime data collection framework and a transaction risk indicator benchmark for all in the Open Banking ecosystem.
Using powers granted by FSMA, the PSR has confirmed mandatory reimbursement requirements for victims of APP scams which are expected to come into force in 2024 and is consulting on the standard of care expected of consumers when executing payments and reimbursement limits.
In a similar vein, the European Commission proposes to introduce measures through the modernisation of PSD2 for greater data-sharing, improvements to the application of strong customer authentication, the introduction of a CoP style system and extending refund rights to some scam victims.
The regulators are also seeking to protect consumers from harm by improving the clarity, transparency and content of consumer information. The UK Government confirmed its intention to revoke the customer information requirements in the Payments Accounts Regulations 2015, handing over responsibility to the FCA under existing requirements. The European Commission has proposed measures under PSD3 to improve the transparency of statements and charges and protect customers from unjustified payment account termination.
Competition/Access and Choice
The UK Government’s Future of Payments review will consider how payments may be made in the future and will make recommendations on the steps needed to successfully deliver world leading retail payments and boost the competitiveness of UK fintech. The review will consider the most important retail payment journeys now and in the future, benchmark UK customer experience against other jurisdictions and examine the likelihood of current payment initiatives delivering world-leading payment journeys for UK consumers. HMT is considering responses to its call for input and is expected to publish its report and recommendations in Autumn 2023.
UK politicians have been vocal in their concerns about the rise in cross-border interchange fees and the impact on UK businesses and consumers, believing these to be indicators that the market is not working well. Driven by this, and its own findings, the PSR is conducting two market reviews, one on scheme and processing fees and the second on cross border interchange fees. The reviews will consider aspects such as profitability, competition dynamics and constraints. Interim findings are expected by the end of 2023, with any proposed remedies following in 2024.
To address concerns that the supply of card-acquiring services was not working well for merchants with a turnover of less than £50 million, the PSR has introduced new rules designed to help merchants understand the pricing elements of services, prompt shopping around and make switching easier.
European Commission proposals for PSD3 seek to improve competition in electronic payments further, for example through enhancements to non-bank PSPs access (direct or indirect) to payment systems. The Commission has also put forward a Financial Data Access (FIDA) proposal, introducing a framework to support safe and secure access to a range of customers’ financial data thereby allowing the market to innovate to serve the needs of consumers.
Enhancing customer
protection
The nature of products and services, how they are delivered, and communications with customers are changing. The perennial question for regulators about the optimal level of customer protection is now set against uncertain economic conditions impacting the cost of living, the need to encourage greater private investment to aid economic recovery, and increased digitalisation. These factors are driving an upward trend in the level of consumer protection rules being developed by regulators. Consequently, there has been an increase in the level of regulatory pressure score - up from 7.0 to 7.4.
Regulators are increasingly challenging firms on whether they are appropriately balancing their own commercial and operational considerations with the needs of end-customers and how this is embedded throughout the firm (and at all stages of the product lifecycle and customer journey).
Firms must be able to demonstrate progressively how their culture, strategy, business model, product design and operating model deliver fair treatment to all customers. Increasingly, this is being delivered through emerging regulation relating to product governance, assessment of outcomes and consideration of value for money/fair value.
Continuing economic uncertainty has increased the number of vulnerable customers and focused the attention of regulators. Many customers will exhibit characteristics of vulnerability at specific points in their lives and they should be able to achieve outcomes that are as good as those of other customers. The increase in the level and sophistication of scams and fraud, which tend to have a greater impact on vulnerable customers, is another area of concern as, in spite of regular regulatory interventions, incidences remain high.
The number of updates relating to customer protection remains high as regulators respond to the impacts of increasing cost of living pressures on customers. Notably, in the UK, the Consumer Duty has come into force for all open products and services. Although this key milestone has now passed, there is still a significant volume of day 2 activity that firms still need to complete to fully embed the Duty. Consequently, regulatory pressure and activity for firms remains high (notwithstanding the closed product delivery date of July 24). We have already seen the FCA challenge firms to provide the evidence of how they are delivering good outcomes, on topics such as passing on interest rate rises to savers appropriately. It is likely that further finessing of systems, controls and, specifically, MI is likely to be required in short order to fully align with the FCA’ s expectations.
Outcomes-focused
Regulators are seeking to move firms’ mindsets away from narrow rules-based compliance to a more holistic assessment of the impact of their conduct and the outcomes they are generating. This approach, with new rules under consultation or being implemented, will have a material impact on firms’ cultures, strategies and operating models.
Read more
Vulnerable customers
Global economic factors impacting the cost of living continue to fuel regulatory focus on the fair treatment of vulnerable customers across all sectors. These factors, and increased regulatory scrutiny, are likely to have a material impact on firms’ existing processes, procedures, products and services as well as on training and development implications for their employees. Given the complexity that comes with considering the different types and interconnectedness of customer vulnerabilities, firms will need to consider broad conduct risks to mitigate any associated operational challenges.
Read more
Value for money
The implementation of the Consumer Duty in the UK has introduced a requirement for all sectors to develop and apply a specific price and fair value framework to specifically evaluate whether products and services offer value as well as utility. This will have a material impact on the products and services offered by firms and their associated charges, and will reinforce how fairly customers are treated. Other regulators are expected to follow suit.
Read more
Product governance
Although product governance rules have existed for UK and EU firms since 2018, there is growing evidence that they are not being implemented or supervised effectively. Consultations on enhancements to and/or reinforcement of rules will result in firms needing to develop or embed their existing process and procedures further.
Read more
Considerations for firms
- Can we evidence (through our culture, strategy, product design and operating model) that we balance our own commercial interests with delivering appropriate outcomes for our retail customers?
- Can we show how embedded indicators of vulnerability are identified, accommodated and evidenced across the product lifecycle, all stages of the customer journey and associated processes and procedures?
Outcomes-focused
The drive continues by UK and EU regulators to transition regulation and supervision to focus on customer outcomes. The FCA’s Consumer Duty is the most strident of the initiatives. Now that the rules are in force, firms will be asked to demonstrate how they are meeting the enhanced expectations and evidencing good customer outcomes. The FCA has wasted no time in using the new rules to address concerns around savings account interest rates, signalling its intent to be more assertive and hold firms to account.
Showing strong parallels to elements of the Consumer Duty, in terms of ambition, the European Commission unveiled its Retail Investment Strategy (RIS) to deliver better outcomes for retail investors. The Central Bank of Ireland is currently considering next steps following last year’s discussion paper on strengthening consumer protections. Addressing issues around conduct and culture is a key feature of the IAIS’s roadmap and IOSCO’s work programme for 2023/24.
Both EU and UK proposals also focus on improving customer understanding and the ability to compare products. In the UK, a review is underway to reassess the boundary between guidance and advice with a view to seeing if there is more that firms can, and should, do to help customers make better informed decisions. The RIS includes proposals to simplify disclosures, standardise the presentation of certain important information and require the display of risk warnings. Work in the payments industry also reflects a strong consumer understanding theme (see Payments).
Vulnerable customers
Regulators continue to take action to protect vulnerable customers from the impacts of the cost-of-living crisis. They expect the number of customers classed as vulnerable to increase as the crisis continues and firms develop more holistic and embedded solutions for identifying them – this expectation is supported by the findings of the FCA’s latest financial lives survey. The FCA has been conducting cross-sector engagement to ensure that firms are delivering good outcomes by appropriately supporting customers who are struggling financially. Through updated guidance and firm correspondence, the FCA has sought to ensure that firms are clear about the effect of its rules and the range of options open to firms to support consumers. Actions include updates to insurance-related aspects of previous guidance so that it applies more broadly and a consultation on strengthening protections for borrowers in financial difficulty.
Recent FCA work on the application of its vulnerable customers guidance and treatment of borrowers in financial difficulty identified inconsistent practices and areas for improvement. Coupled with the ongoing economic pressures, this is likely to result in further regulatory scrutiny and consideration of the need for additional interventions. Following implementation of the Consumer Duty, the FCA now has specific rules relating to vulnerable customers, providing it with a stronger supervisory toolkit.
In the EU, EIOPA’s 2023 Consumer Trends report cited the impact of the current macro-economic environment on consumers, particularly vulnerable groups, as its main cross-sectoral trend. The EBA issued final guidelines on the effective management of money laundering and terrorist financing risks when providing access to financial services, which specifically consider impacts on the most vulnerable customers. With strong parallels to the FCA’s GI Pricing practices requirements, EIOPA’s supervisory statement on inappropriate differential pricing practices highlighted the disproportionate impact on vulnerable groups, which firms will need to focus on.
Value for money
For UK and EU firms subject to MiFID and/or IDD, there is a requirement to consider the appropriateness of cost within product governance arrangements as well as an overarching requirement to act in clients’ best interests. Until the Consumer Duty in the UK, there were no explicit cross-cutting rules about the consideration of value for money (VfM), although there were rules for specific sectors – for example, Authorised Fund Managers in the UK.
Regulators increasingly want firms to think about whether the price a retail customer pays for a product is reasonable compared to the benefits received. This is being reviewed and formalised in a number of ways, for example through the FCA’s Consumer Duty, EIOPA’s framework for delivering better VfM for the unit-linked market, ESMA's recent opinion regarding ‘undue costs’ in UCITS and European Commission proposals for a structured pricing process and benchmarks in its RIS. In its latest Consumer Trends report, EIOPA flags continuing issues relating to some products not being of high-quality, i.e. not offering VfM and/or having complex exclusions.
The FCA was quick to use the new Consumer Duty to respond to concerns about interest rate rises not being passed on to customers, asking firms to provide their fair value assessments for savings accounts.
The FCA’s report on firms’ compliance with its general insurance pricing rules found examples of poor practices which illustrate the challenges firms will face in implementing aspects of the Consumer Duty appropriately. The FCA’s second supervisory review of fund managers’ annual ‘assessments of value’ reports, relating to rules introduced in 2019, found significant improvements, albeit from relatively low base, but noted that some firms were not able to support their assumptions and assessments with sufficient evidence. The FCA is therefore seeking further enhancements to the level of objectivity and robustness.
VfM for savers is also a key priority in TPR’s 2023/24 corporate plan. The TPR, FCA and DWP have published proposals for a Defined Contribution (DC) pension schemes VfM framework.
Product governance
MiFID and IDD introduced requirements for firms to develop and maintain a robust and objective product governance framework. Supervisory reviews in the EU, including a review by ESMA last year, have routinely found that firms are not operating frameworks as effectively, or at sufficient granularity, as they should. European regulators are therefore seeking to enhance and reinforce requirements such that they afford the envisaged degree of protection to consumers. For example, BaFin has enhanced its product intervention measures to address potential consumer harm arising from the volatile futures market by restricting firms from marketing or distributing certain products to retail consumers. ESMA has launched a common supervision action review designed to get regulators to assess whether marketing communications are fair, clear and non-misleading and how firms select their target audience, especially for riskier and more complex investment products. The EU has also updated its product governance guidelines (see Delivering ESG and Sustainable Finance). For investment funds in the UK and the EU, there is specific focus on liquidity management, oversight by depositaries, and value for money.
While a recent EIOPA peer review on product oversight and governance (POG) found most EU supervisors to be aligned to IDD, EIOPA is seeking to build on the existing foundations to strengthen POG supervision by issuing a set of recommended actions.
Despite challenges, regulators recognise the material positive impact of a well-designed regime to effectively manage consumer protection, as demonstrated by the Consumer Duty which has expanded the requirement for a product governance framework to all regulated retail products and services across all sectors.
Developing/
Implementing
6.5
The capital markets in both the EU and the UK are undergoing a period of significant change. The UK leaving the EU has changed the structure and concentration of the market as firms have needed to move operations into the EU.
The EU is now finalising mandatory reviews of the mass of regulation that was implemented post-financial crisis, such as MiFID II/MiFIR, and the UK is amending on-shored EU regulation to adapt it to the UK market. Both jurisdictions are looking to raise their attractiveness as destinations to raise capital for new and growing companies, by amending listings and prospectus regulation. New fund structures have also been introduced and existing structures adjusted, as European jurisdictions compete for share of market growth and cater for private investment in long-term assets to aid economic recovery and grow national capital markets.
Work to analyse potential financial stability vulnerabilities and develop policy solutions across the non-bank sector has progressed to the policymaking stage, with a particular international focus on liquidity management in open-ended funds. In the meantime, market volatility and challenges for liability-driven investment strategies have further heightened regulatory scrutiny.
LIBOR transition was completed with the cessation of USD LIBOR in mid-2023. Wholesale market participants are now looking ahead to see how technology can assist in bring efficiencies and resilience to post-trade market infrastructure.
The increase in regulatory impact score in this edition reflects the need for firms to implement amended requirements, over the next year, that have arisen from the recent reviews of secondary market regulation. Differences in the requirements between the UK and the EU contribute to this increase. Divergence of regulation is continuing with the reviews of primary market legislation.
Growing the capital markets
Regulatory reforms in both the EU and the UK are looking to increase the size of the capital markets, by reducing the regulatory burden in the primary markets to encourage wider participation in the ownership of public companies. In parallel, efforts continue to ‘democratise investment’ and increase participation in private markets.
Read more
Secondary Markets
When MiFID II/MIFIR came into force in 2018, it represented a comprehensive and profound reshaping of regulation for EU financial markets, products and services, and necessitated large regulatory change management projects within firms. Changes emerging from the EU MiFIR review and the UK Wholesale Markets review will not trigger such large-scale changes, but firms operating in both jurisdictions will need to carefully manage any divergence.
Read more
Fund liquidity management
International regulatory bodies have progressed from the analysis phase to policy consultations on open-ended funds. Meanwhile, supervisory work has been completed by national regulators and policy changes are being contemplated. On money market funds, the FSB plans to take stock of its members’ progress with reforms by the end of the year. Whilst the EC concluded that no legislative changes are currently necessary in the EU, the UK authorities plan to consult on potential amendments. And, more broadly, expectations have been raised further for LDI managers and trustees.
Read more
Market Infrastructure
The financial market infrastructure supporting post-trade processes is complex and interconnected. Regulators continue to focus on the operational and financial resilience of market infrastructure as well as examining whether technology could bring efficiencies and reduce risk. There is also concern that competition is not working effectively in some parts of the infrastructure.
Read more
Considerations for firms
- Are our regulatory monitoring and change processes set up to deal with diverging UK and EU capital markets regulation?
- Have we reviewed our governance arrangements around fund liquidity risk management and the stress testing process?
- Are we investigating on new technology could improve our post trade processes?
Growing the capital markets
The EC’s December 2022 proposals to take forward the CMU action plan continue to be negotiated. The proposals include an attempt to harmonise insolvency practices across the EU, amendments to the Prospectus and Market Abuse Regulations, the introduction of a Listings Act, and a new directive on multiple-vote shares.
Taking forward recommendations from Lord Hill's UK Listing Review, the FCA has proposed to replace standard and premium listing share categories with a single listing category. The UK Government is in the process of creating the new Public Offers and Admissions to Trading regime, which will adapt the on-shored EU Prospectus Regulation. Ahead of this, the FCA is seeking views, through a series of engagement papers, on how it might make changes to the rules.
The UK Government has accepted the recommendations of an independent review of investment research. Significantly, these suggest that the MiFID II unbundling rules should be reversed by allowing asset managers to combine research with execution charges. The FCA will consider the recommendations and will consult on new rules to be made in H1 2024.
The UK Government also plans to introduce an intermittent wholesale market trading venue that would act as bridge between public and private markets.
Regulators have continued to adjust fund regimes to contribute to investment in illiquid assets and increase choice. The FCA broadened the distribution of the LTAF to retail investors, and HMT consulted on introducing a new fund structure – the ‘Reserved Investment Fund’, an unauthorised contractual scheme vehicle. The EU had already concluded its review of the ELTIF Regulation, followed by an ESMA consultation on draft RTS to set out more detailed requirements on specific topics, such as ELTIFs’ redemption arrangements. In Switzerland, the planned Limited Qualified Investor Fund regime is expected to be available for fund launches in the first quarter of 2024.
More broadly, there are continued efforts to enhance the stewardship of companies and increase transparency. Ahead of a potential review by the EC, ESMA and the EBA completed an assessment of the implementation of SRD2, finding that certain improvements could be made. And in the UK, the industry-led Vote Reporting Group published a consultation to build consensus on a voluntary vote reporting template for asset managers to capture fund and mandate level votes.
Secondary Markets
FSMA 2023 has enacted key amendments to UK MiFIR/MiFID II as consulted upon by HMT through the Wholesale Markets Review. These include easing restrictions on where market participants can trade (with removal of the share trading obligation and the double volume cap) and aligning the derivatives trading obligation with the EMIR clearing obligation. Also emerging from the Wholesale Market Review are changes, now finalised by the FCA, to the equity transparency regime, including the introduction of a Designated Reporter Regime. Further consultations are expected this year on fixed income market transparency and the commodities derivatives regime. The FCA’s consultation on a UK consolidated tape for bonds sets out a framework where trading venues will be required to send the bond data for free to an FCA authorised and supervised CT provider. A slightly different model is being considered for an equity tape.
Meanwhile, in the EU, agreement has been reached on the MiFIR review, although technical detail has yet to emerge. An updated framework for EU consolidated tapes and a general ban of payment for order flow (PFOF) have been agreed.
Firms will need to implement divergent changes to MiFIR transparency requirements in each jurisdiction, in addition to changes to EMIR reporting required by the EMIR Refit at the end of April 2024 in the EU and the end of September 2024 in the UK.
Fund liquidity management
Fund managers can expect an evolution of the requirements relating to OEF liquidity risk management and liquidity management tools. The FSB and IOSCO followed their analytical work with policy proposals in July. IOSCO consulted on guidance to support greater and more consistent use of LMTs, including a standardised list of LMTs, guidance on how dilution adjustments should be calculated and more detail on governance and disclosure frameworks. The FSB consulted on amending its 2017 recommendations, including changes to reduce structural liquidity mismatch by grouping funds into categories with associated requirements, and to increase the availability and use of LMTs. Specifically for ETFs, IOSCO published good practices to support its principles.
In the meantime, the FCA invited views on clarifying its expectations regarding investment due diligence, eligible assets, fund liquidity stress testing and liquidity management tools. It also completed a supervisory review, finding that improvements are needed. In the EU, the AIFMD review is close to being finalised, and will have policy implications that aim to increase and align the availability of LMTs. The EC has instructed ESMA to review the rules regarding eligible assets in UCITS. And the ESRB has issued its own policy options to address risks in corporate bond and property funds.
Meanwhile, several EU regulators have undertaken policy or supervisory work at national level on liquidity management. On a related topic, ESMA completed a common supervisory action on asset valuation in UCITS and AIFs and found room for improvement.
Following its 2021 policy recommendations, the FSB is now taking stock of members’ progress on implementing MMF reforms to understand policy choices and common challenges. It will publish its findings by the end of the year. In July, an EC report found that EU rules have strengthened the EU MMF regulatory framework, therefore it is not proposing revisions to the legislation at this stage. The UK authorities, however, are expected to consult on potential changes to the UK MMF regime later this year.
Separately, regulators have further heightened their expectations of LDI managers and pension fund trustees. In April 2023, the FCA and TPR built on their previous communications by publishing recommendations and guidance. Notably, the FCA stated that its expectations extend beyond LDI managers to ‘other market participants, including asset managers’ where they face similar types of risks.
More broadly, the FSB has published policy recommendations on leverage for authorities to consider, and IOSCO has completed a thematic review of private assets, indicating an increasing focus on this sector.
Market Infrastructure
The LIBOR transition was completed in June 2023 with the cessation of USD LIBOR and market participants are now turning their attention to the May 2024 transition from T+2 to T+1 settlement in US and Canadian markets. European firms trading US financial instruments will need to consider the impact on their operations. An industry led ‘Accelerated Settlement Taskforce’ has been formed to recommend an approach for the UK with an interim report expected by end 2024. ESMA has been tasked with producing a report by end 2024 on shortening the settlement cycle in the EU.
Political agreement has been reached on the EU CSDR review which formalises use of the mandatory buy-in regime as a measure of last resort.
Tokenisation could bring efficiencies to post trade processes and further reduce settlement times – regulators are encouraging its development with sandboxes and pilot regimes. As part of its review of the asset management regulatory framework, the FCA invited views on whether changes are needed to enable the tokenisation of fund units and investment in tokenised assets. It will consider feedback as part of its broader approach to potential changes to the regime.
CCPs and clearing members should continue to expect supervisory scrutiny around their operational management of margin and liquidity. The EC EMIR 3.0 proposal aims to increase transparency on margining models and reduce the likelihood of procyclical collateral haircuts. ESMA has proposed revised technical standards on anti-procyclicality margin measures.
Building on the CCP stress tests carried out in both EU and the UK, the BoE has launched a system wide exploratory scenario (SWES) to improve understanding of the behaviours of banks and non-banks, including CCPs during stressed market conditions. The exercise and report will be concluded in 2024.
Work continues at an international level on the sufficiency of the existing toolkit for CCP resolution, in particular during non-default loss scenarios. FSMA 2023 expands the UK’s resolution regime for CCPs to align with the latest FSB guidance. ESMA continues to consult on and publish regulatory technical standards and guidelines for implementation of the EU CCP Recovery and Resolution regime (CCPRRR). Cross-border access to CCPs is considered further in ‘Accessing Markets’.
The FCA is halfway through its wholesale data market study and has concerns about the market power of large and established firms. The study has highlighted commercial practices that could increase complexity and reduce transparency in pricing and contractual terms in the markets for benchmarks, credit ratings data and market data vendor services.
For more information on ESG Data and Rating providers see Delivering ESG and Sustainable Finance.
Regulatory developments since the UK left the EU underline the need for firms working across all jurisdictions to continue to monitor regulatory change and market access arrangements to pre-empt any potential disruption to their business.
The agreement of the Windsor Framework paved the way for a UK/EU Memorandum of Understanding on financial services, including the establishment of a Regulatory Forum between HMT and the EC – its first meeting is expected to take place in the autumn. However, cross-border access looks unlikely to improve in the short term and firms need to focus on ensuring that they have sufficient substance and remain compliant with local access arrangements. To this end, the EU authorities have set out expectations regarding third country insurance branches and proposed changes to the requirements for banks. In the asset management sector, delegation of portfolio management from the EU to third countries looks set to continue, but the EU has enhanced its rules.
Debate continues on the EC’s proposal to require a proportion of EU clearing to take place in EU CCPs. And wider cross-border services remain under scrutiny – for example the focus on reinsurance arrangements. Conversely, the PRA’s approach is one of ‘responsible openness’, and the UK review of Solvency II is expected to significantly benefit overseas insurers wishing to access the UK market.
In the UK, the Temporary Permissions Regime is coming to an end, requiring EU firms in the regime to either become authorised or be placed in run off. For funds, further details are still awaited on the UK’s Overseas Funds Regime which will replace the Temporary Marketing Permissions Regime. More broadly, the UK FSMA has allowed the establishment of MRA frameworks.
The very small increase in the regulatory pressure score over the last six months can be attributed to regulatory focus on the provision of cross-border services and revised expectations regarding third country branches.
Delegation of portfolio management
Following significant debate, the EU co-legislators have provisionally agreed on proposals to enhance the delegation rules and to introduce new requirements. Once the final rules are published, asset managers should ensure their approach to delegation and ‘substance’ aligns with existing expectations and considers the incoming changes. In the meantime, this topic remains a supervisory area of focus.
Read more
Third country branches
Banks’, insurers’ and insurance brokers’ post-Brexit organisational structures continue to be scrutinised by supervisors in the EU, as they review the governance and substance of third country branches. In contrast, the UK is pursuing a more open approach, in line with the PRA and FCA’s new ‘competitiveness’ objective – but not without its own caveats.
Read more
Fund marketing and distribution
As the UK and the EU introduce new or amended fund structures, and significant new regulations regarding ESG and investor protection, questions remain around cross-border market access for funds. Existing EU funds can continue to market in the UK if they are registered under the Temporary Marketing Permissions Regime whilst consultations on the final framework for the UK’s future Overseas Funds Regime are still awaited. The details of the regime may determine how firms structure their operations.
Read more
Regulated markets and clearing
EU firms’ ability to access services in third countries and the corresponding regulatory treatment continues to evolve. Although the European Commission previously extended equivalence for UK CCPs until June 2025, the framework for permanent access is being strongly debated as part of EMIR 3.0 negotiations. Meanwhile, the BoE has started to advise on CCP equivalence decisions and to recognise non-UK CCPs.
Read more
Cross-border provision of services
Cross-border services remain under regulatory scrutiny. In the insurance sector, this includes reinsurance arrangements and risk management around insurance transfers. More broadly, whilst the UK/EU MoU represents a positive step forward, improved market access appears unlikely in the short term. Meanwhile, the UK Government is seeking to establish MRA frameworks and is reviewing its overseas access framework, while UK regulators wind down the Temporary Permissions Regime.
Read more
Considerations for firms
- Have we reviewed what “substance” we have in each jurisdiction and whether it is sufficient to meet evolving supervisory expectations?
- Are we systematically monitoring regulatory developments regarding market access arrangements and their potential impact on our business?
Delegation of portfolio management
Following Brexit, the practice of delegation by EU fund management companies to third countries has been thoroughly considered and debated by EU authorities and regulators. In July, the European Parliament and Council reached provisional agreement on the Commission’s proposals to amend the AIFMD and aspects of the UCITS Directive, including changes to increase transparency around the rules governing delegation arrangements. There were differences in opinion over whether proposed amendments on delegation went far enough. The revised approach looks set to allow delegation to continue to third countries, including the UK, but ‘subject to reinforced supervision and preserving market integrity’, including new reporting requirements.
In parallel, regulators have clarified their expectations and undertaken supervisory reviews. ESMA previously published findings from its assessment of the Brexit relocation process, which ‘put into question’ whether adequate activities have relocated into the EU and whether relocated firms are autonomous and independent - suggesting substance and governance in EU entities may need to be enhanced further. The review also concluded that none of the assessed regulators had performed a comprehensive review of delegation arrangements. And in a letter to fund management companies, the Central Bank of Ireland concluded that there is ‘more work to be done’ regarding substance and resources.
Third country branches
EIOPA has updated its expectations on substance and governance arrangements for insurers and brokers with a ‘reverse’ third country branch (including the UK). EEA firms need to have appropriate substance in the EEA and should not be disproportionately dependent on operations in third country branches. EIOPA seems to be particularly focused on insurance brokers.
Conversely, the UK’s approach to cross-border market access and supervisory deference is one of ‘responsible openness’. It is looking to increase the attractiveness of the UK wholesale and commercial insurance market by removing capital and reporting requirements for overseas branches as part of the UK review of Solvency II.
Proposals for amendments to the prudential framework under the 2021 EU banking package could potentially impact non-EU banks doing business in the EU. In a bid to harmonise national requirements at EU level, new provisions under the CRD would tier third country branches (TCBs) based on their size and impose new obligations for authorisation, minimum regulatory and reporting requirements and supervision. All existing TCBs would require reauthorisation – a 12-month transitional period following the 18-month transposition period for the amendments is proposed. Political agreement on the banking package was reached at the end of June, but details are yet to be made public.
Fund marketing and distribution
In the UK, the Overseas Fund Regime is yet to be fully operationalised following delays, but the FCA is expected to consult on proposals in the near future. The details of the regime will determine the conditions and requirements under which equivalent funds can market to retail customers in the UK – for example, whether they would need to meet aspects of the Consumer Duty, perform an assessment of value, or whether they would be able to make use of a sustainable label in certain circumstances (see Delivering ESG and Sustainable Finance). A reciprocal access regime for UK funds marketing into the EU is not on the table.
In the meantime, EU funds already registered under the FCA’s Temporary Marketing Permissions Regime can continue to access the UK market. The FCA previously clarified that EU UCITS in the regime need to continue to produce disclosures for UK investors in the current format, even though the EU’s UCITS disclosure requirements changed in January 2023. Some EU funds in the regime are being indirectly affected by UK regulations such as the Consumer Duty – where UK distributors may expect information to be provided by EU fund management companies about any fair value assessments performed on their funds.
Regulated markets and clearing
The EC has extended equivalence for UK central counterparties (CCPs) until June 2025. However, in December 2022, in reaction to the continued dominance of UK CCPs in European clearing, the Commission proposed to amend EMIR (via EMIR 3.0) to require all EU market participants to hold active accounts at EU CCPs for clearing at least a portion of certain systemic derivatives contracts. ESMA will be tasked with specifying the level of clearing to be done through EU accounts. The proposal also simplifies the procedures in EMIR for EU CCPs to follow when launching new products and changing risk models, aiming to make EU CCPs more attractive. Clearing members are concerned that the proposal to have mandatory EU CCP active accounts will cause splitting of books that will lead to a loss of netting benefits and efficiencies which will generate additional costs for market participants. Compromises suggested in negotiations include a phased in approach to the active accounts’ requirements.
The BoE has confirmed its approach, under on-shored EMIR, to ‘tiering’ non-UK CCPs based on the level of risk they could pose to UK financial stability, with Tier 2 CCPs subject to direct UK supervision and regulation. However, even Tier 2 CCPs can apply for specific regulatory provisions to be granted ‘comparable compliance’, with the UK then deferring its supervision in these areas to a CCP’s home authority. The BoE has started to recognise some non-UK CCPs. It has also assessed that its relationship with the CFTC (including an MoU) allows it to place reliance on the CFTC’s supervision and oversight of incoming US CCPs.
Cross-border provision of services
Following changes to FSMA, the UK is in MRA negotiations with Switzerland to allow both countries to defer to each other in regulation and supervision of firms undertaking cross-border financial services. It is also still working on putting together a new relationship framework for Gibraltar (the Gibraltar Access Regime). A new MoU on financial services signals progress on enhancing supervisory cooperation with the EU post-Brexit.
In the meantime, considerable focus remains on services being provided from third countries, particularly insurers’ cross-border risk transfers. EIOPA is concerned with the robustness of contracts under stress conditions where the third country may present a risk from a legal or compliance perspective. The PRA’s focus is on the changing nature of the life insurance market - the significant expansion of Bulk Purchase Annuities and the emergence of funded reinsurance (transfer of both asset and liability risk) to a limited number of relatively new and/or specialised reinsurers. Reading between the lines, the PRA appears to be concerned that overseas regulatory regimes may not be tailored to UK annuity risk and that capital would be better directed towards UK productive investment. Such supervisory distrust is not only cross-border, but also starting to seep into the discussions about the future of the EU Single Market – with the desirability of national-level levers a point of contention within the EU Solvency II review.
Cross-border access looks unlikely to improve in the short term and firms need remain reliant on national regulators’ individual cross-border access regimes to access professional clients. This requires firms to have a detailed understanding of arrangements in specific member states – which vary widely.
For EU firms providing services in the UK, the Temporary Permissions Regime will close at the end of 2023. Firms that did not apply for authorisation or subsequently withdrew their application will have entered the Financial Services Contracts Regime, allowing them up to 15 years to run-off existing contracts of insurance and five years for all other contracts. In the case of CCPs, the BoE Temporary Recognition Regime was previously extended until 31 December 2024.
Reinforcing governance
expectations
Supervisors continue to reinforce the need for good corporate governance in response to specific regulatory failings within firms and broader sectoral issues. Effective governance arrangements also come under heightened attention during economically difficult times and volatile markets.
Good governance enables the clear identification of fit and proper senior managers, supports the performance of their roles and responsibilities and allows them to be held accountable. Regulators are therefore re-asserting the importance of robust governance arrangements in the interests of both market stability and investor protection.
Regulators increasingly recognise the positive impact of diversity, equity and inclusion (DEI) practices in reducing risk for regulated firms by helping to eliminate groupthink and creating stronger alignment between employees at all levels and the customers they serve. The implementation of the Consumer Duty in the UK is designed to create a cultural change in how firms think and behave towards retail customers. Regulators are calling out pay gaps and lack of diversity among firms’ boards and senior management. They are also focused on helping firms recognise the interconnectedness of accountability, culture, DEI and, when coupled with effective corporate governance, the transformative effect it can have.
The significant volume of new ESG requirements and developments in digital finance will require boards to implement and oversee robust regulatory transformation programs with clear designation of accountability across all three lines of defence.
Most governance arrangements are well established. The incremental change in score is attributable to the increase in volume of communications relating to diversity, equity and inclusion. New purpose rules are expected in the short to medium term – which are anticipated to drive significant change.
Culture
There is growing recognition of the powerful roles that culture can play in a firm. Regulators are identifying that, in many instances of poor conduct, deep-set cultural issues have been present and that firms with healthy cultures are less prone to misconduct. An assessment of culture, coupled with other regulatory initiatives can give deeper insights into whether firms operate and are governed in line with regulatory and wider societal expectations.
Read more
Accountability
Initially driven by a response to the GFC, a number of regulators implemented regimes, starting in the banking sector, that required firms to allocate accountability for senior management functions to specific individuals. The rationale was two-fold: to drive up standards within firms as individuals took greater ownership and to simplify supervisory/enforcement action by regulators where individuals were dishonest and/or negligent. These regimes are now expanding in scope across financial services and being introduced in more jurisdictions.
Read more
Oversight, including AML/CFT controls
Oversight of a firm’s business and regulated activities by its board and senior management remains a key regulatory theme, particularly given the volatile markets and difficult economic conditions of the last year. In the wealth and asset management sector, supervisors are also scrutinising fund governance arrangements and associated oversight capabilities. Focus is needed to ensure adequate oversight of AML controls as supervision and regulation in this area continues to be strengthened.
Read more
Considerations for firms
- Are our existing governance arrangements and associated record keeping developing in line with regulators’ evolving expectations and incoming requirements?
- Given the rapid pace of developing fraud and scam risks, do we continue to have adequate assurance that our AML controls remain robust and proportionate?
- As a firm, how do we assess and, critically, evidence that we have an appropriate culture (including diversity, equality and inclusion factors) and that it is embedded throughout the organisation?
Culture
Although regulators do not prescribe what a firm’s culture should be exactly, supervisors view poor culture as a driver of harm. In response, they are aiming to address poor conduct and culture through day-to-day supervision, as seen in some of the FCA’s portfolio letters, as well as through newer, broader proposals. The UK Consumer Duty seeks to bring about a more consumer-focused approach with outcomes that set expectations for firms’ cultures and behaviours. The culture and ethics within firms also continues to feature in the work programmes of EIOPA, EBA and ESMA.
In the UK, the PRA and FCA have published consultation papers designed to drive change on DEI in regulated firms. The FCA has cautioned that firms that do not embrace diversity of thought will struggle to serve the needs of a diverse customer base and manage risks effectively. It has published findings from a multi-firm diversity and inclusion review to encourage further industry action and inform the future supervisory approach.
In the EU, the ECB has consulted on revising its guide to fit and proper assessments and published an updated document that includes taking gender diversity into account as an element of collective suitability.
In its 2023-2024 Roadmap, the IAIS highlighted its intention to continue work to help insurance supervisors further understand the benefits of DEI and the connection between promoting DEI and their supervisory mandates. Similarly, ESMA’s 2023 work programme notes that it will work on ways to strengthen its approach to diversity and inclusion, through a variety of initiatives aimed at fostering a culture where diversity is regarded as a source of enrichment, innovation and creativity, and where inclusion is promoted by managers and all staff.
Accountability
As part of the Edinburgh Reforms, the UK Government called for evidence on the Senior Management and Certification Regime’s effectiveness, scope, proportionality and on potential improvements. The outcome of this is awaited, alongside a PRA and FCA review of the regime. Meanwhile, FSMA 2023 expanded the scope of the SMCR to CCPs and CSDs and allows HMT to further extend the regime to CRAs and RIEs if it determines that to be appropriate following consultation with industry. UK regulators consistently assign relevant senior managers to be responsible for remediation work in their Dear CEO letters and have called out the SMCR as a possible way to regulate the use of AI, demonstrating continued focus on full implementation and use of the regime.
In the EU, the ECB is increasing its focus on ‘fit and proper’ assessments for senior managers, and the EBA and ESMA have updated their joint guidelines on the assessment of the suitability of members of the management body and key function holders.
The UKCGC emphasizes the importance of integrating environmental, social, and governance (ESG) issues into broader governance practices and daily operations, thus normalising ESG as a critical leadership topic.
The proposed EU Corporate Sustainability Due Diligence Directive will establish a duty to identify, bring to an end, prevent, mitigate and account for negative human rights and environmental impacts in a company’s own operations, its subsidiaries and its value chains. Directors may also be required to ensure their business activities align with the climate change goals of the Paris agreement.
Other jurisdictions are taking forward the implementation of their accountability regimes with developments in Ireland, Singapore, Australia and Hong Kong, SAR (China). Firms working across these jurisdictions face challenges in mapping the interaction and overlaps in their governance structures.
Oversight, including AML/CFT controls
Supervisors expect boards and senior management to have clear oversight of the financial, operational and conduct risks to their firms and understand how risks are being impacted by the changing external environment. Where costs are being reduced, the control environment should be maintained at a sufficient level.
Regulators continue to impose fines on firms for failure to have adequate oversight of anti-money laundering (AML) systems and controls, indicating that some firms have more to do to fully embed internal controls. Regulations also continue to develop.
In the EU, negotiations on the AML/CFT Regulation and the ‘new’ sixth AML directive have reached trilogue stage. The package of rules will establish a new AML Authority and enlarge and strengthen the existing framework. This will include extending AML/CFT rules to the crypto-asset sector, in particular implementing the FATF ‘travel rule’ which brings the transparency required in crypto-asset transfers in line with wire transfers. However, the fact that the UK and EU have diverging implementation timelines (1 September 2023 for the former and 30 December 2024 for the latter) and levels of stringency for the crypto travel rule, may lead to enforcement difficulties.
More broadly, Switzerland is working on a new law concerning the transparency of legal entities and the identification of beneficial owners.
In the UK, The Economic Crime and Corporate Transparency Bill is in the final stages of consideration in Parliament. The powers from this Bill, alongside the government’s Economic Crime Plan 2, aim to strengthen the UK’s supervisory regime, with increased information sharing between partners and greater government oversight to ensure effectiveness and compliance with Money Laundering Regulations. The UK Government has taken action to improve transparency and protect customers from unjustified payment account termination. Work is also underway, commissioned by FSMA, to review the treatment of politically exposed persons (PEPs) and their families.
Regulating digital finance
Significant progress has been made – in the EU and UK – on firming up regulatory proposals for digital finance. The EU has consistently been a ‘first mover’, publishing initial frameworks, including MiCA, the AI Act and the legal framework for a digital euro, well in advance of the UK’s equivalents. Although both jurisdictions are trending towards similar outcomes, the EU proposals are typically more prescriptive and granular. The UK, on the other hand, is hoping to leverage a principles-based approach and, as far as possible, weave changes into existing regulatory frameworks.
Accessing markets
Regulation is clearly diverging, which may have implications for any EU/UK market access arrangements arising in the long term, particularly if they are based on equivalence. The newly agreed UK/EU MOU aims to enhance supervisory cooperation but, in the short-term, improved market access arrangements remain off the table. In the meantime, both the EU and UK continue to focus on similar themes - cross-border services, third country branches and their ‘substance’, delegation arrangements. The FCA will shortly set out more detail on its Overseas Funds Regime, however no equivalent access mechanism will be available in the EU. For now, the EU has granted UK CCPs temporary equivalence, on a time-limited basis while it builds out its clearing infrastructure. Whilst the UK continues to take an open approach, the EU’s proposed reforms to rules for third country bank branches could tighten further. Similarly, the EU is scrutinising insurers’ ‘reverse branch’ arrangements for evidence of EU substance and ‘supervisability’, and the UK is set to streamline third country branch capital and reporting requirements significantly as part of its Solvency II review.
H2 2023
