11. Juli 2019

Financial services update - July 2019

From new rules for P2P platforms, to recommendations on the UK's Suspicious Activity Reporting Regime, Taylor Wessing takes a look at the latest regulatory developments in the world of financial services.

Payment services

European Banking Authority publishes an Opinion on PSD2 and in particular, the elements of Strong Customer Authentication

The European Banking Authority (EBA) has published an Opinion on the elements of Strong Customer Authentication (SCA), which will legally apply from 14 September 2019. In particular, the EBA have provided a non-exhaustive list of the types of authentication which it has seen in the market and observed whether these are considered to be compliant with the SCA rules.

Whilst the EBA has reiterated the application date of SCA, it "acknowledges the complexity of the payments markets across the EU and the necessary changes… required to enable the issuer to apply SCA… which may be challenging and may lead to some actors in the payments chain not being ready."

The EBA therefore accepts that "on an exceptional basis and in order to avoid unintended negative consequences for some payment service users", national competent authorities may decide to work with payment service providers and relevant stakeholders to provide limited additional time to allow issuers to migrate to authentication approaches that are compliant with SCA (such as those described in the Opinion).

The European Commission has explained that it welcomes the clarifications in the Opinion and "calls on all market players to step up their efforts in the run-up to 14 September".

Revised payment services and e-money approach document from the FCA

The FCA has published the fourth version of "Our Approach", its payment services and e-money focused framework.

This updated document adds guidance on refused payment fees consulted on in CP 18/42, shedding further light on the categories of costs that may properly be considered when setting the level of fees.

This guidance forms new paragraphs 8.251 to 8.259, but the FCA disclaims that the document has not otherwise been reviewed or updated.

General financial services regulation

FCA publishes rules for peer-to-peer crowdfunding platforms

On 4 June 2019, the FCA published a Policy Statement setting out the final positions it has reached on the rules and guidance that apply to peer-to-peer (P2P) platforms. It also discusses existing rules that apply to investment-based crowdfunding platforms.

In summary, the FCA is:

introducing more explicit requirements to clarify what systems and controls these types of platforms need to have in place
applying marketing restrictions to P2P platforms (designed to protect less-experienced investors)
introducing appropriateness assessments (to assess an investor's knowledge and experience of P2P investments)
setting out the minimum information that these platforms need to provide to investors.

The new rules will apply to P2P platforms from 9 December 2019, with the exception of the rules relating to home finance products (which came into effect on 4 June 2019). The FCA plans to closely monitor the crowdfunding market as it continues to develop.

PRA annual report

The PRA has published its annual report for the year ended 28 February 2019. The PRA states that it is putting an increasing emphasis on emerging risks (including Brexit, cyber and climate) and that moving forward, it will be taking advantage of the opportunities afforded by technology in order to "supervise more effectively and efficiently".

Amongst other things, the report contains a review of the PRA's activities throughout 2018 to 2019, touching on:

enforcement
the PRA complaints scheme
independent expert reports of a regulated firm's activities.

Investment funds

European Securities and Markets Authority publishes updated Q&As

On 4 June 2019, European Securities and Markets Authority (ESMA) published an updated version of its Q&As on the Alternative Investment Fund Managers Directive (AIFMD) and an updated version of its Q&As on the application Undertakings for Collective Investment in Transferable Securities (UCITS) Directive.

The AIFMD Q&As relate to:

the distinction between depositary tasks and supporting tasks
depositary tasks entrusted to third parties
the performance and supervision of depositary tasks where there are branches in other member states
delegation by a depositary to another legal entity in the same group.

The UCITS Q&As relate to:

the Key Information Document for UCITS
ESMA's guidelines on UCITS issues, notification of UCITS
exchange of information between competent authorities
risk measurement and calculation of global exposure and counterparty risk for UCITS.

FCA launches formal investigation into the suspension of the LF Woodford Equity Income Fund

On 18 June 2019, the FCA published an open letter from Andrew Bailey (the FCA's Chief Executive) to Nicky Morgan MP (Chair of the Treasury), surrounding the suspension of Neil Woodford's flagship fund, LF Woodford Equity Income Fund (WEIF), which prevented investors from accessing their accounts for more than two weeks.

The letter explains that Link Fund Solutions (WEIF's fund manager) deemed the suspension necessary due to the risk that assets would have to be sold at prices below current values and that the resulting composition of WEIF's assets would be more illiquid than current values.

The letter also discusses the purpose of a suspension and the factors which dictate how long a suspension should be and at what point the FCA will intervene in a suspension.

Following this letter, Andrew Bailey faced enquiries from the Treasury Committee over the regulator's handling of the fund's gating at a hearing on 24 June 2019. He said that WEIF's managers were able to engage in "regulatory arbitrage" by exploiting gaps in the UCITS regulations and that "they were using the rules to the full, and they were not telling us they were doing that."

Financial crime

Final report of IOSCO Cyber Taskforce

On 18 June, 2019, the International Organisation of Securities Commissions (IOSCO) published the final report of its cyber taskforce.

The report seeks to promote sound cyber practices across all IOSCO members and provides an overview of three internationally-recognised cyber standards and frameworks used by IOSCO members, which the report refers to as "core standards".

These are:

The Committee on Payments and Market Infrastructures (CPMI) and IOSCP Guidance on cyber resilience for financial market infrastructures (FMIs).
The National Institute of Standards and Technology framework for improving critical infrastructure cybersecurity.

The report is designed to be used as a resource by regulators and to raise awareness of existing international cyber standards and frameworks, and to encourage the adoption of good practices to protect against cyber risk.

By highlighting the application of core standards by some IOSCO members, the taskforce hopes more members will review their own cyber standards against the core standards and where relevant, use the core standards as a model to further improve their cyber regimes.

The Taskforce plans to consider using sector-wide organisational surveys as part of the next phase of its work, to gain a better understanding of where the gaps lie.

Law Commission report on the SARs Regime

On 18 June, 2019, the Law Commission published its final report, entitled Anti-Money Laundering: the SARs Regime. The report examined the current flaws in the making of suspicious activity reports (SARs), which it described as being voluminous and often of low quality.

The Report makes 19 recommendations, of which the following are the most significant:

The establishment of an advisory Board, tasked with overseeing the drafting of guidance, measurement of the effectiveness of the regime and to advise the Secretary of State on way to improve it.
Retention of the consent regime, subject to amendments to improve effectiveness.
Statutory Guidance on a number of key legislative concepts, underpinning the reporting regime to assist with compliance. These would include guidance on suspicion, appropriate consent, and what may amount to a "reasonable excuse".
An exemption from the disclose offences to allow ringfencing of suspected criminal property by a credit or financial institution, which would allow transactions in the course of business to continue, provided the property is identified and protected and the transaction is carried out with the intention of preserving criminal property. Statutory Guidance will be provided.
A standardised form for the submission of SARs.

The Government will now consider the report and decide whether or not to carry out the recommendations.

Banking

European Central Bank speech on the importance of culture and governance for good banking

On 20 June 2019, the European Central Bank (ECB) published a speech, delivered by ECB Supervisory Board Chair Andrea Enria, on the importance of culture and governance for good banking.

In the speech, Mr Enria focuses on the progress made by the banking sector in the last few years to improve governance, conduct and culture, However, he says that more needs to be done, with considerable effort being necessary to achieve a permanent change in mindset.

The key points are as follows:

Mr Enria believes that the Board is the "last line of defence in the battle against flawed decision-making". Board members must be free of conflicts of interest and must have the right experience, as well as keeping up with new developments.
The first line of defence, formed by the business areas themselves (the frontline), is where there is most need for a cultural shift – but where there is most need for improvement at many banks.
Banks have to ensure that their compliance functions can do a good job. Although compliance has started to be taken much more seriously over the past few years, there is still much room for improvement.
Compensation schemes are important, but banks are still falling short of the ECB's expectations.

UK Finance principles for exiting a customer

On 4 June 2019, UK Finance published "Principles for Exiting a Customer".

The principles outline the approach that a bank should adopt when communicating a decision to a customer that it cannot offer, or continue with, the provision of its service. It is important for the bank to engage with its customer, before taking an exit decision.

The principles do acknowledge, however, that it may not always be appropriate or permissible for a bank to engage in a dialogue to explain its reasoning. Such situations may include a breach of terms and conditions (including fraud), abusive or threatening behaviour to colleagues, and directions from regulators, the government, police and other authorities.

The principles also consider the importance of the bank engaging with its customer following an exit decision. They state that (amongst other matters), the bank should:

Ensure its decisions that affect the customer have been reviewed by a person with sufficient authority before they are communicated to the customer.
Ensure its decisions take account of financial inclusion and vulnerability considerations.
Tailor its communications with the customer, including setting out its reasoning clearly, so far as is feasible and permissible.
Endeavour to identify for the customer, so far as is feasible and appropriate, alternative ways for them to access services.
Endeavour to provide an appropriate period of time for the customer to make alternative arrangement.
Identify for the customer how representations or an appeal can be made against a final decision.

In every case, the bank must always ensure that the customer is treated fairly.

Enforcement and investigations

FCA fines Bank of Scotland for failing to report fraud suspicions at HBOS, Reading

On 21 June 2019, the FCA published the final notice (dated 20 June 2019) that was issued to the Bank of Scotland (BOS). BOS was fined £45.5 million for failing to disclose information about its suspicions relating to fraud.

The FCA found that BOS had failed to be open and co-operative with the FSA and failed to disclose information in relation to their suspicions that fraud may have happened within the Reading-based impaired assets (IAR) team of Halifax Bank of Scotland (HBOS). This was in breach of Principle 11 of the FCA's Principles for Businesses.

In early 2017, BOS discovered a serious control breakdown in IAR. The IAR's regional director had been sanctioning limits and additional lending facilities beyond the scope of their authority. This had remained undetected for at least three years.

By May 2007, BOS had identified suspicious conduct, including suspicions of fraud and knew that the impact of these breaches would result in substantial losses.

The FCA viewed the failings as particularly serious for reasons, which included the following:

The suspicions related to potentially serious misconduct. Following police investigation, staff at HBOS and another firm were convicted of serious criminal offences.
When issues arise, the FCA expects firms to conduct thorough investigations to understand what has transpired, and to make full inquiry into matters that raise suspicions of possible misconduct.
The FSA specifically told BOS that it wished to be updated about any fraud that may have occurred and BOS confirmed that it would do so. If BOS had communicated its suspicions to the FSA in May 2007, the criminal misconduct could have been identified much earlier.

The Bank of England annual whistleblowing disclosures report: 1 April 2018 to 31 March 2019

On 6 June 2019, the Bank of England (BoE) published its annual report under the Prescribed Persons (Reports on Disclosures of Information) Regulations 2017.

The report covers the period for 1 April 2018 to 31 March 2019 and summarises the whistleblowing disclosures received by the BoE and the PRA. The report states that the BoE and the PRA have received 160 disclosures, of which 128 were qualifying disclosures, which have been the subject of supervisory consideration.

Four cases (including three cases considered by the PRA, which originated from the FCA) have been referred to the BoE's enforcement litigation division and 24 cases have been referred to the FCA. The report states that 13 disclosures were of "significant value" and contributed to the discharge of regulatory activity.

The remaining cases were either not immediately actionable, did not meet current regulatory risk thresholds, were of little value or are still under assessment.