Tag: operational resilience
On 24 September 2020, the European Commission (“EC”) adopted a new Digital Finance Package, which it published together with a communication entitled “A Retail Payments Strategy for the EU” containing specific policy measures needed in relation to payment services given their key role among digital financial services. The European Parliament (“EP”) subsequently adopted a nonbinding resolution on the EC’s Digital Finance Package on 8 October 2020. Continue reading
Financial services regulators are expecting firms to prevent, respond to, recover and learn from operational disruption. As Christine Lagarde, President of the European Central Bank, has warned, a combined cyber attack on important banks could trigger financial instability.
In this webinar our experts in financial services, cyber and data security, data privacy, outsourcing and digital disruption, together with Deloitte’s Customer Breach Support team, share their experience of operational disruption.
Having initially delayed its planned consultation exercise to allow the financial services sector to focus on responding to Covid-19, the International Organization of Securities Commissions (IOSCO) subsequently found the pandemic a catalyst to proceed. Therefore, at the end of May, IOSCO launched its consultation on proposed updates to the 2005 Outsourcing Principles for Market Intermediaries and the 2009 Outsourcing Principles for Markets; feedback on the proposed new Outsourcing Principles (OPs) is requested on or before 1 October 2020. The decision to proceed reflects the acknowledgement that outsourcing is a key element for consideration when assessing operational resilience across the sector.
This post gives a high level summary of the consultation, with a link to our briefing that focuses in more detail on: the scope of application; IOSCO’s definition of outsourcing; intragroup arrangements; concentration risk; and access and audit rights. To provide additional context to IOSCO’s proposals, the associated briefing also catalogues relevant proposals and initiatives which are running concurrent to the consultation exercise.
On 7 April 2020, the FCA released its Business Plan for 2020/21. The FCA had planned to focus on the areas identified in its Sector Views published on 18 February 2020 (see our blog post here), but recognises that its work will be fundamentally reshaped by the impact of COVID-19.
Aware that the current circumstances create the need for it to both respond to change and initiate it, the FCA outlined plans for transforming fundamentally the way the FCA works and regulates, with a view to becoming a more efficient and effective regulator.
The Financial Conduct Authority (FCA) has issued a ‘Dear CEO’ letter (the letter) with an update on key issues in light of COVID-19 to firms providing services to retail investors. In addition to the measures it has taken with the Bank of England (BoE) and HM Treasury (HMT), the FCA has considered many requests for forbearance and regulatory adaptations from firms and trade associations, some of which are discussed further below. The FCA has implemented a “significant package of reprioritisation and deprioritisaion of regulatory work” to allow firms to concentrate on their COVID-19 response efforts and protecting their consumers and has indicated that it will continue to update its approach in response the crisis.
The FCA will generally look favourably on forbearance requests for changes which support firms and consumers (some of which it will have the power to make immediately; others which may require co-ordination between the FCA and other UK Government or European agencies), and will only consider requests where there is a genuine need to help consumers or which, for example, would support the FCA’s response to the crisis.
Next steps for firms:
- In light of the impact of COVID-19 on firms’ operational resilience, the FCA re-emphasised its expectations for firms to focus strongly on supporting and serving consumers and small businesses during this time. The FCA also expects firms to be actively managing their own financial resources/resilience (and in particular liquidity), with firms notifying the FCA immediately if they expect to face financial difficulties.
- Where firms are re-directing resources due to reduced levels of staff, they should have regard to the FCA’s strong focus on consumer protection. Firms should consider documenting how these decisions are made, with the aim of allocating resources to achieve consumers protection as far as possible during this time.
- Firms should keep up-to-date with developments by regularly checking the FCA’s website to ensure they are aware of the regulations and rules which continue to apply to them. Firms should also remain vigilant of scams which are increasingly prevalent during the COVID-19 crisis; both the FCA and National Crime Agency have released warnings on rising fraud levels and firms have a responsibility to ensure that consumers are protected.
- Firms may also wish to consider making use of dialogue between trade associations and the FCA where appropriate to raise prevalent operational challenges with the FCA.
Key areas of focus:
In addition to the above, the FCA sets out in the letter its approach to a number of key issues to help firms manage their response to the crisis:
- Financial resilience – The FCA has already published guidance on financial resilience and prudential issues. Importantly, the FCA has clarified that government loans cannot be used to meet capital adequacy requirements as they do not meet the definition of capital. Firms therefore need to ensure that they have other appropriate funding available to meet their capital adequacy requirements, if necessary.
- Flexibility for client identity verification – Whilst firms must continue to comply with their obligations under the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (MLRs) to verify clients’ identities, they can be flexible with how they achieve this. The MLRs and Joint Money Laundering Steering Group guidance already provide that client identity verification can be carried out remotely, and outline appropriate safeguards and checks which firms can implement to assist with verification – some examples are given by the FCA. Firms can also consider seeking additional verifications once restrictions on movement are lifted.
- Flexibility over best execution reports – The FCA and the European Securities and Markets Authority (ESMA) have both published clarification for firms on best execution obligations in the current climate (the ESMA public statement is available here). The FCA expects firms to continue to meet their best execution obligations, including on client order handling, taking into account current market conditions when determining the relative importance of execution factors. Firms may wish to consider using different types or orders to execute client orders and manage risk during market volatility.
Following ESMA’s guidance, the FCA will not take enforcement action where a firm:
- does not publish its RTS 27 report by 1 April 2020, provided it is published no later than 30 June 2020; or
- does not publish RTS 28 and Article 65(6) reports, provided they are published by 30 June 2020.
- Flexibility over 10% depreciation notifications – Firms will not be required to inform investors in every instance where the value of their portfolio or leveraged position falls by 10% or more in value. Instead, until 1 October 2020, the FCA has confirmed that it will not take enforcement action provided that a firm:
- has issued at least one notification to retail clients within a current reporting period notifying them that their portfolio has decreased in value by at least 10%; and
- subsequently provides general market updates online, through other public channels, and/or generic, non-personalised client communications; or
- chooses to cease providing 10% depreciation reports for any professional clients.
In what is currently a highly volatile market, firms may wish to think about adopting this new approach which could ease the impact of repeated communications on consumers and the operational burden on themselves, or using email or phone calls to notify clients as opposed to written notifications.
- Pause on implementation of measures – The FCA’s policy statement on pension transfer advice has been delayed until Spring 2020 and follow-up work on assessing the suitability of retirement income advice has been paused. Rules on investment pathways and platform switching provisions have already been made; these have been referred to the FCA Board for further consideration. Ongoing work with firms providing defined benefit transfer advice will continue.
On 18 February, the FCA published its Sector Views for 2020. Described as its view of how the markets it regulates are performing, this “performance” is inevitably framed by its role as the UK’s conduct regulator. Sector Views also looks at how the financial environment is changing, through a range of different lenses – the FCA’s objectives, macroeconomics, the political environment, and societal and technological developments. Continue reading
On 20 January 2020, the Constitutional and Mainland Affairs Bureau (CMAB) together with the Privacy Commissioner for Personal Data (Privacy Commissioner), published a consultation paper raising important data protection issues and proposing possible amendments to the Personal Data (Privacy) Ordinance (Cap. 486) (PDPO), after having reviewed the existing data protection regime in Hong Kong. These include possibly introducing a mandatory data breach notification mechanism, requiring data users to specify a retention period for personal data collected, raising the sanctioning powers of the Privacy Commissioner as well as potentially making data processors more accountable.
** This post was updated on 17 March 2020 to reflect the FCA’s publication of information for firms on Coronavirus (Covid-19) response and further updated on 23 March 2020 to reflect the Bank of England’s press release regarding supervisory and prudential policy changes **
On 5 December 2019, the Bank of England (BoE), the Prudential Regulation Authority (PRA) and the Financial Conduct Authority (FCA) released a number of publications on operational resilience, marking the launch of a consultation phase which will inform how the UK authorities seek to embed the consideration of operational resilience into the regulatory framework.