PRECISE. PROVEN. PERFORMANCE. www.moorestephens.co.uk
Looking back, looking forward An overview of regulation change in 2016/2017
23 January 2017
Agenda
• Introduction
• Looking back at 2016
• Looking forward at 2017 – MiFID II, SM&CR, MLD4
• General Data Protection Regulation
• Insights from a Skilled Person
• Conclusion & questions
PRECISE. PROVEN. PERFORMANCE.
Colour palette for PowerPoint presentations
Primary Cyan
R0 G174 B239
Primary Black
R35 G31 B32
Secondary Red
R191 G49 B26
Secondary colour palette
Primary colour palette
Secondary Maroon
R163 G0 B70
Secondary Purple
R113 G20 B113
Secondary Deep Purple
R96 G82 B112
Secondary Light Purple
R147 G151 B203
Secondary Pastel Green
R122 G204 B200
Secondary Bottle Green
R0 G146 B143
Secondary Pastel Blue
R80 G200 B232
Secondary Blue
R79 G138 B190
Secondary Light Green
R169 G195 B152
Secondary Bright Green
R122 G193 B67
Secondary Deep Green
R109 G141 B36
Secondary Olive
R164 G148 B0
Secondary Bright Yellow
R235 G215 B35
Secondary Deep Yellow
R229 G181 B59
Secondary Ecru
R200 G177 B139
Secondary Light Blue
R195 G208 B228 Looking back at 2016
Lorraine Bay, Partner
FCA Business plan – 2016/17
Pension
Innovation and technology
Treatment of existing customers
Wholesale financial markets
Firms’ culture and governance
Advice
Financial crime and anti-money laundering
Themes during 2016
SMR MAR
Wealth Management
review
UCITS V Prudential concerns
Pensions
Consumer Credit
FAMR
What happened in 2016?
Prudential
• COREP thematic review
• Guidance on wind down planning
• CRD IV Pillar 2 summary & stress testing observations
Financial crime
• Market Abuse Regulations (MAR) in force from 3 July
2016
– Broader scope
– New offence
– STORs
• More AML & financial crime s.166s
What you should you have done in 2016?
Reviewed & tailored your risk framework & risk matrix
Read the wind down planning guide update
Read the FCA Pillar II & stress testing paper
Ensured consistency between your ICAAP, RRP & wind down plan.
Ensured it’s a document with active senior management engagement.
Conducted gap analysis of compliance with MAR
Ensured all your MAR Compliance documents up to date?
Implemented staff training for MAR’s requirements
Completed a VOP for P2P advising activity if not needed
PRECISE. PROVEN. PERFORMANCE.
Colour palette for PowerPoint presentations
Primary Cyan
R0 G174 B239
Primary Black
R35 G31 B32
Secondary Red
R191 G49 B26
Secondary colour palette
Primary colour palette
Secondary Maroon
R163 G0 B70
Secondary Purple
R113 G20 B113
Secondary Deep Purple
R96 G82 B112
Secondary Light Purple
R147 G151 B203
Secondary Pastel Green
R122 G204 B200
Secondary Bottle Green
R0 G146 B143
Secondary Pastel Blue
R80 G200 B232
Secondary Blue
R79 G138 B190
Secondary Light Green
R169 G195 B152
Secondary Bright Green
R122 G193 B67
Secondary Deep Green
R109 G141 B36
Secondary Olive
R164 G148 B0
Secondary Bright Yellow
R235 G215 B35
Secondary Deep Yellow
R229 G181 B59
Secondary Ecru
R200 G177 B139
Secondary Light Blue
R195 G208 B228 Looking forward at 2017 – MiFID II, SM&CR, MLD4 Giovanni Giro, Senior Manager
MiFID II
• The Directive (MiFID-2014/65/EU) – this revises and
expands the existing directive
• The Regulation, the Markets in Financial Instruments
Regulation (MiFIR-2014/600/EU) – this is a binding
legislative act, which directly applies across the EU
• ESMA delegated acts and Regulatory Technical Standards
To be implemented on 3 January 2018
Key areas
MiFID II
Commodity Derivatives
High Frequency
Trading
Conduct of Business
Market Structure
Organisation
Transparency and
Transaction Reporting
MiFID II – effects
• Extended scope
– More types of firms; new operators; additional investment types
• Increased focus on governance
– Management body under scrutiny; product governance
• Transparency
– Pre-trade and post-trade disclosures; costs and charges
• Transaction reporting
– Increased data reporting; near-real time
• Additional client protection
– Suitability and appropriateness; best execution
Organisation
• Additional organisation and governance requirements
• Prohibition on title transfer collateral agreement with retail
clients
• Remuneration to prevent conflicts of interest
• Management body to ensure corporate governance
arrangements are overseen and assessed regularly
• Induction and training for senior management
• Stress testing of products and services
Conduct of business
• Focus on suitability, appropriateness, conflicts of interest
• Enhanced requirements for the compliance function and
the handling of complaints
• Changes to rules on inducements for independent advisers
and portfolio managers
• The definition of ‘personal recommendation’ will only
exclude recommendations made to the public at large
• Telephone recording
• Best execution
Transparency and transaction reporting
• Clear information on all costs / charges for services and
products
• Pre-trade and post-trade transparency regime
• Increased data reporting extended to new products, new
data fields, near-real time submission
• Operators of trading venues to report transactions for firms
that are not subject to MiFIR
• Compatibility between MiFID II and EMIR reporting
Checklist MiFID II
Determine impact and allocate resource ahead of effective date
Are your activities and investments in scope?
Transaction reporting and sufficient IT capability
Suitability and appropriateness arrangements
Remove 3rd party payments and TTCA with retail clients
Review policies (conflicts of interest, remuneration, best ex)
Update corporate governance arrangements
Training to management body and all staff
Senior Managers & Certification Regime
Responsibilities map Statement of
responsibilities
SM&CR
Senior Managers
Certification Regime
Material risk takers and Approved Persons
Conduct rules
All staff
Senior Managers Regime
• Responsibilities map describing structure, size and
complexity of the firm, including management
arrangements
• Governance arrangements to confirm individual
accountability
• Responsibilities map to reflect actual business and
governance
• Individual statement of responsibility from each senior
manager
To be extended to all FCA authorised firms
in 2018
Certification Regime
• Certification regime requires firms to assess the fitness
and propriety of staff in certain roles on inception and
annually
• Conduct rules
– Firms to inform all staff that they are subject to conduct rules;
– All relevant employees to be given training on conduct rules
that are specific to their role; and
– Notify the FCA of breaches on conduct rules.
Checklist SM&CR
Identify all Senior Managers to be appointed
Draft comprehensive responsibilities map
Review job descriptions
Ensure all functions and responsibilities can be allocated
Establish a culture of governance and code of conduct
Establish regular ‘fit and proper’ reviews
Assess impact of conduct risk
Training to future SMF and Certified Persons
4th Money Laundering Directive
Fourth Anti-Money Laundering Directive (MLD4)
Effective from 26 June 2015
EU Member States to implement by 26 June 2017
UK to update MLR and POCA
New JMLSG guidance
Key changes
Enhanced due diligence (‘EDD’)
Disapplication of EDD to be justified
Unusual transactions (> €10k)
Local Politically Exposed Persons (‘PEP’)
Central register of beneficial ownership
Emphasis on a risk-based approach
Expands beyond EU borders
Checklist MLD4
Run Gap analysis and plan implementation of changes
Financial crime prevention measures in place
Review client on-boarding, CDD and EDD procedures
Are your IT systems able to prevent cybercrime?
Establish risk based approach proportionate to your business
Extend MLD4 standards to group entities based overseas
Review financial crime risk appetite and risk assessment
Training to all staff
SM&CR
All firms
MiFID II
MLD 4 26 June 2017
3 January 2018
Early 2018?
Roadmap 2017/18
Organisation
Transparency
Business conduct Accountability
Conduct Risk
Governance
Due diligence
Cyber crime
UBO register
PRECISE. PROVEN. PERFORMANCE.
Colour palette for PowerPoint presentations
Primary Cyan
R0 G174 B239
Primary Black
R35 G31 B32
Secondary Red
R191 G49 B26
Secondary colour palette
Primary colour palette
Secondary Maroon
R163 G0 B70
Secondary Purple
R113 G20 B113
Secondary Deep Purple
R96 G82 B112
Secondary Light Purple
R147 G151 B203
Secondary Pastel Green
R122 G204 B200
Secondary Bottle Green
R0 G146 B143
Secondary Pastel Blue
R80 G200 B232
Secondary Blue
R79 G138 B190
Secondary Light Green
R169 G195 B152
Secondary Bright Green
R122 G193 B67
Secondary Deep Green
R109 G141 B36
Secondary Olive
R164 G148 B0
Secondary Bright Yellow
R235 G215 B35
Secondary Deep Yellow
R229 G181 B59
Secondary Ecru
R200 G177 B139
Secondary Light Blue
R195 G208 B228 General Data Protection Regulation Steve Williams, Partner
The European Union General Data
Protection Regulation (‘GDPR’)
• Replaces the UK Data Protection Act.
• Dubbed the “biggest shake up of data protection laws for 20
years” businesses around Europe will have until 25 May 2018 to
fully comply with the new regulation or face considerable fines.
• The GDPR is designed to strengthen and unify data protection
for individuals within the EU. Its primary objective is to give
citizens back control of their personal data, along with simplifying
the regulatory environment for international companies.
• Although a number of the principles seen in the UK DPA are
included within the GDPR and remain unchanged, there are a
number of significant changes that organisations need to be
aware of and start preparing for in advance of the 25 May 2018
enforcement date.
Five things you need to know
Fines of up to €20 million or 4% of global annual turnover
Places new obligations on data processors as well as controllers
New accountability structure
Privacy by design – privacy has to be embedded in change programmes
Mandatory notification within 72 hours of detecting a privacy breach
What you should be doing now
Conduct analysis against known GDPR requirements
Validate your information and cyber security
Review the information you hold and consents
Check your information supply chains (to make sure they are preparing)
Review policies, procedures and agreements
PRECISE. PROVEN. PERFORMANCE.
Colour palette for PowerPoint presentations
Primary Cyan
R0 G174 B239
Primary Black
R35 G31 B32
Secondary Red
R191 G49 B26
Secondary colour palette
Primary colour palette
Secondary Maroon
R163 G0 B70
Secondary Purple
R113 G20 B113
Secondary Deep Purple
R96 G82 B112
Secondary Light Purple
R147 G151 B203
Secondary Pastel Green
R122 G204 B200
Secondary Bottle Green
R0 G146 B143
Secondary Pastel Blue
R80 G200 B232
Secondary Blue
R79 G138 B190
Secondary Light Green
R169 G195 B152
Secondary Bright Green
R122 G193 B67
Secondary Deep Green
R109 G141 B36
Secondary Olive
R164 G148 B0
Secondary Bright Yellow
R235 G215 B35
Secondary Deep Yellow
R229 G181 B59
Secondary Ecru
R200 G177 B139
Secondary Light Blue
R195 G208 B228 Insights from a Skilled Person
Andrew Jacobs, Director
Source of regulatory intelligence
Regulatory Insight
Consultation with regulators
Invitation to roundtable sessions
Attending industry events
Published industry
information
Collaborations with other
professional firms
S166 reviews
Aim of the session
• Provide insights into
some of the discreet areas
which the regulator
focusses on
• Inform your strategy for
managing risk and
prioritising regulatory
change
• Give you clarity on where
to focus
Inception of a business relationship
Risk management
and compliance
Governance and
oversight
Business Model
Inception of a business relationship
• Client / customer on-boarding
• Know your client / know your business
– Suitability
– Appropriateness
– Client classification
– Due diligence on corporate entities and third parties
• Understanding the risks presented by each client
– Source of funds / wealth
– Nature of relationship
– Risk assessment
– Receiver of remittances / payments of any nature
Risk management and compliance
• Three lines of defence
– Responsibilities of each line of defence – clarity
– Independence and robustness of each line of defence
– Tailoring of policies and procedures
• Compliance monitoring
– Transactions monitoring and customer behaviours
– Ongoing review of KYC and risk assessments
– MI from the second line
– Resourcing of compliance teams
– Review of threshold conditions
– Accuracy of regulatory reporting
Governance and oversight
• Governance structures and key individuals
– Clarity of governance structure – apportionment & oversight
– Effectiveness and accountability of committees / groups
– Clarity on terms of reference
– Suitability of role holders to perform their functions – at all
levels
– Effectiveness and Independence of NEDs
• Outsourcing
– Oversight and documentation GDPR
• Cohesion of control framework
– How well your controls fit your business
– Responsiveness to FCA intelligence
Business model
• Conduct and culture
• Approach towards risk management
– Risk Appetite, Risk Statement and Risk Assessment
• Financial prudence and risk management
– ICAAP – Risk Management document
– Correlation between risk and stresses noted in ICAAP, wind-down
plan & Recovery / Resolution plan
– SREP visit considerations
• Senior Managers and Certification Regime (SM&CR)
– Business structure
• Europe
– Brexit and ESMA
Closing thoughts
“People think that focus
means saying yes to the
things that you’ve got to focus
on. But that’s not what it
means at all. It means saying
no to the hindered other good
ideas that there are. You have
to pick carefully.”
Steve Jobs
“Deciding what not to do is as
important as deciding what to
do”
FOCUS
PRECISE. PROVEN. PERFORMANCE.
Colour palette for PowerPoint presentations
Primary Cyan
R0 G174 B239
Primary Black
R35 G31 B32
Secondary Red
R191 G49 B26
Secondary colour palette
Primary colour palette
Secondary Maroon
R163 G0 B70
Secondary Purple
R113 G20 B113
Secondary Deep Purple
R96 G82 B112
Secondary Light Purple
R147 G151 B203
Secondary Pastel Green
R122 G204 B200
Secondary Bottle Green
R0 G146 B143
Secondary Pastel Blue
R80 G200 B232
Secondary Blue
R79 G138 B190
Secondary Light Green
R169 G195 B152
Secondary Bright Green
R122 G193 B67
Secondary Deep Green
R109 G141 B36
Secondary Olive
R164 G148 B0
Secondary Bright Yellow
R235 G215 B35
Secondary Deep Yellow
R229 G181 B59
Secondary Ecru
R200 G177 B139
Secondary Light Blue
R195 G208 B228 Conclusion
Lorraine Bay, Partner
Future events
• 25 January – Privacy, information & cyber security
• 22 February – MiFID II seminar
• 29 March – SMR seminar
• 26 April – FCA business plan
Helping to keep up-to-date
• Financial Insight – our quarterly newsletter
• E-alerts – subscribe via [email protected]
• Regular seminars
• Follow us on Twitter: @MSFinSec
• Visit our website:
www.moorestephens.co.uk/sectors/financial-services