Speedread 14 September edition

1. The Markets in Financial Instruments, Benchmarks and Financial Promotions (Amendment) (EU Exit) Regulations 2021 (Revised draft)

On 6 September 2021, HM Treasury published a revised draft of the Markets in Financial Instruments, Benchmarks and Financial Promotions (Amendment) (EU Exit) Regulations 2021 (draft Regulations). These Regulations were first published in July 2021. The Government stated that original version contained typographical errors.

The draft Regulations make amendments to Articles 35 and 36 of UK MiFIR, as well as to the Commission Delegated Regulation (EU) 2017/581 on clearing access in respect of trading venues and central counterparties. They remove the non-discriminatory access regime for exchange-traded derivatives. The draft Regulations also make consequential amendments to Commission Delegated Regulation (2020/1816) and Commission Delegated Regulation (2020/1818) in light of the coming into force of 3 delegated acts concerning EU Climate Transition Benchmarks, EU Paris-aligned Benchmarks and Sustainability-related Disclosures for Benchmarks.

The draft Regulations are expected to come into force on 13 October 2021.

2. PRA Dear CEO letter: thematic findings on the reliability of regulatory reporting

On 10 September 2021, the PRA published a Dear CEO letter, providing feedback to the findings from its review of firms' regulatory reporting. The PRA referred to a letter sent to firms in October 2019 reiterating its expectation that all banks and building societies submit complete, timely and accurate regulatory returns. Since that time, it has asked firms to demonstrate how they deliver regulatory reporting of appropriate quality and also commissioned a number of s166 skilled person reviews.

In the Dear CEO letter, the PRA stated that it was disappointed to find significant deficiencies in a number of firms' processes used to deliver accurate and reliable regulatory returns. The PRA reminded firms that it expects them to submit reliable and accurate regulatory returns and for the regulatory reporting process to receive no less rigour than financial reporting. The letter also set a number of PRA's material findings. These include, amongst others, the following:

• failures in senior accountability and ownership of the reporting process;
• failures in controls, including gaps in end-to-end processes for regulatory returns, such as insufficient controls around models;
• unsatisfactory reconciliation disciplines; and
• firms not prioritising investment in regulatory reporting, leading to reduced capacity and capability compared with financial reporting.

The PRA expected all banks, designated investment firms and building societies to consider the findings in the Dear CEO letter and any remediation work required.

As part of its ongoing focus on the integrity of regulatory reporting, the PRA confirmed that they will continue to use a range of available options including further skilled person reviews and enforcement powers at its disposal.

3. PRA publishes CP18/21 on Remuneration: Identification of material risk takers

On 8 September 2021, the PRA published CP18/21 on the identification of material risk takers (MRTs) for the purposes of the PRA's remuneration regime.

The PRA stated that the proposals in CP18/21 would result in:

• changes to the Remuneration Part of the PRA Rulebook, to insert the criteria for identifying MRTs and relevant definitions as set out in the MRT Regulation. The PRA proposed to make these insertions without substantive policy amendments and amended only as needed for consistency with PRA Rulebook style;
• updates to PRA's Supervisory Statement (SS2/17) 'Remuneration', to reflect the rule changes and the amended process for excluding an employee identified solely based on the quantitative criteria; and
• the revocation of the application of the onshored version of Commission Delegated Regulation (EU) No 604/2014 (2014 Regulatory Technical Standards) as regards PRA-regulated firms.

The PRA clarified that CP18/21 is relevant to banks, building societies, and PRA-designated investment firms, including third country branches. It is not relevant to credit unions or PRA-authorised insurers.

The consultation closes on Monday 8 November 2021. The PRA proposed that the implementation date for the changes resulting from CP18/21 would be from the first performance year starting after the publication of final rules, which, subject to the extent and nature of feedback received, is currently planned for Q4 2021.

4. HM Treasury: Consultation paper: Amendment to Section 48D of the Banking Act 2009

On 7 September 2021, HM Treasury issued a consultation paper concerning the current exemption from the Bank of England (BoE) bail-in powers of short-term liabilities owed to investment firms (as set out in Section 48D of the Banking Act 2009). This follows the Government's earlier consultation paper on the implementation of the Investment Firms Prudential Regime and Basel III for investment firms. As part of this consultation, the Government consulted on the UK resolution regime in the Banking Act 2009 and its applicability to FCA-investment firms. The Government confirmed that it would remove FCA regulated 730k investment firms from the scope of the UK resolution regime. As a result, the Government is required to make consequential amendments to primary and secondary legislation.

The bail-in stabilisation option empowers the BoE to cancel or modify the terms of contracts ("special bail-in provision") in a resolution scenario. Certain liabilities are excluded from the scope of the power to make special bail-in provisions and section 48B(8) of the Banking Act 2009 currently provides that the list of "excluded liabilities" which cannot be bailed-in includes "liabilities with an original maturity of less than 7 days owed to a credit institution or investment firm." The Government is proposing to amend the definition of "investment firm" in Section 48D to capture PRA-designated investment firms and FCA-regulated investment firms with permission to underwrite or deal on own account. This would mean that short-term liabilities owed to these firms will continue to be exempt from bail-in.

The consultation closes on 5 October 2021.

5. Jon Frensham v The Financial Conduct Authority: Upper Tribunal dismisses reference concerning FCA decision notice for non-financial misconduct

On 31 August 2021, the Upper Tribunal (Tax and Chancery Chamber) (the Tribunal) published a decision relating to Mr Jon Frensham. In its decision notice, the FCA considered that Mr Frensham is not a fit and proper person as he was convicted of attempting to meet a child following sexual grooming. The FCA decided to withdraw his approval to perform his senior management functions and made an order prohibiting him from performing any functions in relation to regulated activity.

Mr Frensham contended that the FCA wrongly applied the fitness and properness to the facts. In particular, he argued that the FCA allowed irrelevant considerations to affect its judgement and did not have sufficient or any regard to relevant factors including, amongst others,:

• Mr Frensham's conviction did not relate to his regulated activity;
• the conviction was not for an offence of dishonesty; and
• there are no indirect connections between the criminal offence and Mr Frensham's regulated activity, the criminal offence was being committed outside the professional sphere.

The Tribunal stated that this is the first time it has had to consider a case where the FCA is seeking a prohibition order against an individual based on that individual's conviction for an offence not involving dishonesty in circumstances where the behaviour concerned was unrelated to the individual's regulated activity. The Tribunal applied principles derived from cases relating to solicitors, as it considered they can by analogy be applied in the context of the activities the FCA regulates. Some of the key points in the Tribunal's decision are set out below.

• In matters touching on their professional standing there is an expectation that professionals may be held to a higher standard than those that would apply to those outside the profession.
• The need for public trust in the provision of professional services means that some scrutiny of a person's private affairs is permitted.
• With respect to the FCA's statutory objectives, the Tribunal does not consider an individual guilty of an offence would necessarily be in beach of the consumer protection objective, however, it would breach the integrity objective.
• The integrity objective embraces public confidence in the financial services industry and in that context whether there is a significant risk that consumer confidence will be impaired if it is known that a person guilty of an offence of this nature is allowed to work as a financial adviser.
• It is clear that a distinction is to be drawn between personal integrity and professional integrity. That does not mean that the two concepts must be treated as being entirely separate. The regulator concerned will have to consider whether in all the circumstances the failings of personal integrity also amount to failings of professional integrity.

No updates for this fortnight's edition of the FSS.

6. FCA publishes portfolio letter for loan-based Peer-to-Peer crowdfunding platforms

On 26 August 2021, the FCA issued a portfolio strategy letter, dated 25 May 2021, on loan-based Peer-to-Peer (P2P) crowdfunding platforms. In the letter, the FCA asked firms to take the appropriate action to ensure fair outcomes for consumers are delivered. The FCA also confirmed that it will intervene should it see failures in this regard.

The FCA set out the following key risks and expectations of firms.

• Secondary markets for loans, and associated risk management obligations. The FCA stated that COVID-19 has increased investor requests to sell their P2P loans, creating liquidity issues across the industry. Some platforms with discretionary models provide existing clients a way to exit their loans by using the platform's discretionary powers to transfer the loans to new clients. The FCA expected these platforms to have sound risk management frameworks and credit risk assessment capabilities. Where P2P platforms cannot comply with these requirements, the FCA stated that these firms need to suspend secondary trading and apply to the FCA to formalise this arrangement.

• Wind-down plans, their triggers and liquidity monitoring. The FCA reminded firms that liquid resources are critical for firm's survival and to help ensure that they can wind down in an orderly manner. It is expected by the FCA that funds directly relating to a firm's wind-down plan should be held in cash or another readily realisable form in a UK bank account under the firm's direct control. These funds, as stated by the FCA, should be available for use only once the decision to wind-down has been taken by the Board.

• Disclosure of loan performance during periods of loan forbearance and the use of contingency funds. The FCA set out its expectations concerning ongoing disclosures by firms to allow investors to access details of each P2P agreement they have entered into. In addition, the FCA reminded firms of the requirement to provide the risk warning in COBS 18.12.33 R to investors when they offer a contingency fund. The FCA confirmed that action will be taken where the regulator does not see an adequate disclosure of loan performance or the correct provision of information and warnings in relation to contingency funds.

• Unclear platform fees, charges and priority over recoveries. In this respect, the FCA is concerned that there is a lack of clarity for investors about platform fees and charges, and of the impact those fees and charges may have on recoveries by investors from borrowers in default. The FCA expected firms to ensure the information is set out in accordance with the relevant requirements. Firms are also expected to review their contractual arrangements to be sure they are compliant, and that investors understand their meaning and application.

7. FCA updates webpage on strong customer authentication

On 20 August 2021, the FCA updated its webpage on strong customer authentication (SCA) to: (a) confirm the extension of the due date for firms to implement strong customer authentication (SCA) for e-commerce transactions from 14 September 2021 to 14 March 2022; and (b) to provide an update on its approach to the European Banking Authority's (EBA) view on inherence for the purposes of SCA.

With respect to (b), inherence is one of the three authentication elements of the SCA, alongside knowledge and possession. The EBA published their view of inherence in their June 2019 Opinion, which in summary include that:

• behavioural biometrics identifying the specific authorised user, such as iris scanning, fingerprint scanning, vein recognition, face and hand geometry, voice recognition, keystroke dynamics, the payer's heart-rate, the way the payer hold their device, all could constitute inherence; and
• the swiping path used by a payer would not constitute inherence but could constitute knowledge.

The FCA then consulted in CP21/3 on amending their Approach Document to reflect the EBA's view. In the updated webpage, the FCA stated that it recognises some firms are currently developing SCA solutions and requested the FCA's decision on this question as soon as possible. Having considered consultation responses, the FCA confirmed it has chosen not to incorporate the EBA's view of inherence in its Approach Document. The FCA stated that it will publish the rationale for this decision and a summary of consultation responses in its Policy Statement later this year. Firms are also reminded to ensure that any individual SCA inherence solution they use complies with regulatory requirements, including Article 8 of the FCA's Technical Standards for SCA.

8. FCA speech on the risks of token regulation

On 6 September 2021, the FCA published a speech by Charles Randell, Chair of the FCA and PSR, on the risks of token regulation. In his speech, Mr Randell highlighted the benefits of digital tokens, but warned careful thought is needed to create an effective regulatory regime for such. In considering regulating crypto, Mr Randell suggested that legislators need to consider 3 issues:

• how to make it harder for digital tokens to be used for financial crime;
• how to support useful innovation; and
• the extent to which consumers should be free to buy unregulated, purely speculative tokens and to take the responsibility for their decisions to do so.

As for now, Mr Randell believed there are two cases where regulators should have the powers to take action to reduce the potential harm to consumers from purely speculative tokens. These two cases are summarised below.

• Cryptoasset promotions – First there is the concern that consumers who buy speculative tokens believe that they are regulated. When combining this fact with the often misleading advertising techniques of some crypto businesses, Mr Randell believes there is a real risk of consumer confusion. Mr Randell gives a shout out to Kim Kardashian's recent Instagram post for her followers to join "the Ethereum Max Community", and that this may have been the financial promotion with the single biggest audience reach in history. Given the hype, it is absolutely imperative that any regulation of cryptoasset promotions requires the risks to be clearly highlighted and does not give the impression that the token itself is subject to regulatory supervision or has regulatory approval.
• Risk of contagion of the regulated business of authorised firms by unregulated activities in digital tokens – Mr Randell stated that it is essential that the boards of FCA authorised firms can show how they have addressed the conduct and prudential risks that unregulated activities in relation to digital tokens can pose to those firms.

Mr Randell concluded his speech by stating: "Good financial regulation supports innovation, productivity and economic growth. In regulating the online world, we need to strike the right balance between fostering innovation, providing an appropriate level of protection and allowing individuals freedom to take decisions for which they are responsible."

9. ECB's Opinion on a proposal for a regulation on digital operational resilience for the financial sector

On 26 August 2021, the European Central Bank's (ECB) Opinion on a proposal for a regulation on digital operational resilience for the financial sector (DORA) and the associated proposed amending Directive was published in the Official Journal. These legislative proposals were introduced by the European Commission in September 2021 and are making their way through the EU legislative process.

Alongside general observations, the ECB sets out observations in relation to: oversight and securities clearing and settlement; prudential supervisory aspects; and ICT risk management, incident reporting, operational resilience testing and ICT third-party risk.

Interesting points to note include the following:

• the EU legislative bodies should clarify the interplay between DORA and the regulatory technical standards supplementing the CSD Regulation;
• EU legislative bodies could consider providing a transitional regime to manage the period between the entry into force of DORA and the entry into force of associated regulatory technical standards, as some firms (including credit institutions) are already subject to rules on ICT risks that are applicable to specific sectors and are more detailed than DORA provisions;
• the ECB welcomes proposals laid out in DORA to harmonise incident reporting but care needs to be taken to ensure alignment between DORA and PSD2 (as well as EBA guidelines on major incident reporting) as there is a lack of clarity in relation to the incident notification process (the ECB states that there is a potential overlap between some of the incidents that need to be reported under DORA and the EBA Guidelines);
• the ECB considers the responsibility for and ownership of the remediation and the consequences of an incident should remain solely and clearly with the financial entity concerned (despite certain provisions in DORA) and feedback and guidance from competent authorities should be limited to high-level prudential feedback and guidance only; and
• the introduction of a broad set of key principles and an oversight framework to identify and manage ICT risks stemming from ICT third-party service providers is to be welcomed but is important that delegated acts setting out how to correctly identify and classify, inter alia, critical ICT third-party service providers are developed, and that the ECB is consulted prior to them being adopted.

Please refer to our previous Ashurst briefing for further information.

No updates included for this fortnight's edition of the FSS.