Powered by: KPMG Regulatory Horizon
Quantifying regulatory pressure
Welcome to the KPMG Regulatory Barometer – measuring the impact of regulatory change.
The new KPMG Regulatory Barometer aims to help firms identify the key areas of pressure across the evolving UK and EU regulatory landscape and measure the impact of the likely change.
Financial services firms have to handle frequent regulatory updates from multiple sources and it can be difficult to distil the volume and complexity of regulatory change into a single view. The pandemic brought lasting impacts which provided regulators with new perspectives, and the ongoing conflict in Ukraine has brought further uncertainty. Alongside geopolitical concerns, worsening economic conditions with financial stability and cost of living implications, changing customer demands and behaviours, sustainability concerns, and use of new technologies are all influencing regulatory agendas.
The Barometer aims to:
- Offer a consolidated source of regulatory intelligence
- Assess the extent of regulatory pressure across key themes
- Provide a single metric to represent the size and complexity of the challenge
This edition identifies nine key regulatory themes and assigns them each a regulatory impact score based on attributes such as volume of updates, complexity and time to implementation. The theme scores are aggregated into an additional single metric to represent the level of regulatory pressure – over time, we will track these scores to gauge whether the relative pressure is rising, falling or remains constant.
Regulatory Impact Scores
Based on the volume of regulatory updates, the complexity of underlying rules and the challenges of implementation.
A sliding scale from Emergent through Developing then Implementing to Mature/BAU.
Our view of where key EU:UK regulation is likely to align or diverge.
The EU and the UK regulatory frameworks – alignment or divergence?
Almost two years on from the end of the Brexit transition period, authorities in the UK continue to consider where divergence from EU laws and regulations could be desirable.
Over time, the debate has shifted from the UK considering alignment and seeking equivalence, to now more systematically reviewing where different approaches could be beneficial.
The UK has started to put in place new mechanisms to review “onshored” regulations (through the European Scrutiny Committee), repeal onshored legislation, and introduce new rule-making powers for regulators in areas currently covered by retained EU law (through the Financial Services and Markets Bill). Divergence has started slowly, but is accelerating as the UK reviews onshored rules and the EU pushes ahead with its own agenda. This divergence will increase complexity for cross-border firms.
Across the nine themes identified in the Barometer, the EU and the UK remain aligned to different extents (and are starting from different places due to previous UK and EU Member State “gold-plating” and national rules).
We hope you find this edition of the Barometer useful – we welcome your feedback and will be adding new features in future issues.
Key regulatory themes and messages
For this first edition, the aggregate Impact Score is 6.9, with theme-specific scores ranging from 8.9 for ESG and Sustainable Finance to 5.3 for Governance. This aggregate score suggests a significant level of regulatory pressure when considered across of the key themes. The higher the score on the Barometer, the more oversight and resources firms need to devote to regulatory change, although this will depend to some extent on individual business models.
It is unsurprising that ESG and Sustainable Finance top the scores, due to the sheer volume of new and developing initiatives and the challenges of implementing detailed requirements very rapidly to support environmental policy targets. Next is Financial Resilience where there is significant long-term complexity in finalising Basel reforms, reviewing Solvency II and integrating climate risk.
The cross-cutting impacts of regulating Digital Finance across crypto assets, central bank digital currencies, AI and machine learning, platformisation and data all contribute to a relatively high score and reflect the fact that new rules are being debated but are not yet implemented. Some Operational Resilience policy is already in place, but extensive new requirements are either proposed or awaited for digital resilience and critical third party providers. FMIs are under increased scrutiny due their increasing complexity and growing systemic importance. Enhanced Customer Protection is being driven by a conscious shift towards outcomes-based regulation and the introduction of value for money considerations. The scores for developments impacting Capital Markets and the EU: UK Border reflect no new regulation but the review, evolution and divergence of existing rules. And the relatively low score for Governance is not due to the easing of regulatory requirements but to the relative maturity of those requirements.
For more detail on each of the key themes, click on the graphic or scroll down.
Delivering ESG and sustainable finance8.9
Maintaining financial resilience7.7
Regulating digital finance7.1
Strengthening operational resilience7.1
Developing financial infrastructure6.9
Enhancing customer protection6.6
Reviewing capital markets6.4
Redrawing the EU-UK border6.4
Reinforcing governance expectations5.3
Our scoring methodology
Our team of regulatory sector specialists start by identifying key regulatory topics across Financial Services in the UK and EU.
These topics are broken down into further sub-topics, then scored against three criteria:
- Volume: based on data extracted from our KPMG Regulatory Horizon platform indicating the number of significant regulatory announcements published over the past 6 months
- Complexity: based on factors such as intricacies of future requirements versus existing ones, consistency of expectations across jurisdictions and interactions with other regulations or standards
- Implementation: based on factors such as urgency of action required, potential implementation costs, resourcing challenges, and business risk
The sub-topic scores are aggregated to give an overarching topic score and rank.
In addition to the regulatory Impact Score at topic level, the Barometer provides a view on the maturity stage of regulation for each of the sub-topics. The sub-topic Maturity Indicators reflect a sliding scale:
- E = EMERGENT – regulatory or market concern identified. No formal action yet
- D = DEVELOPING – combination of consultation, drafting and/or some elements in implementation
- I = IMPLEMENTING – implementation of material regulations continues with others being refined
- M = MATURE/BAU – all relevant regulation(s) adopted or in force and consistently implemented
The Impact Scores, Maturity Indicators and commentary will be refreshed on a semi-annual basis to enable monitoring of the trajectory of regulation in each area.
Changes in score from edition to edition will show relative regulatory priorities and the trajectory of each regulatory topic.
Delivering ESG and
ESG (environmental, social and governance) concerns are the issues most discussed by regulators, industry and investors around the world. Commitments to reaching net zero, by governments and companies, are driving change across the economy in general and in financial services in particular. Stakeholders and investors are demanding greater transparency. And, in the global pursuit of a “just transition”, focus is expanding to areas such as nature and biodiversity, the circular economy and broader social impacts.
ESG considerations must be embedded across businesses and their value chain, with regulatory requirements a key driver of firms’ ESG strategy. The scope of regulatory rules, frameworks, standards, taxonomies and other guidance is vast and increasing, covering initiatives from corporate reporting to prudential disclosures, transition plans, risk frameworks and stress testing, product labels, ESG data and ratings, the development of carbon markets, stewardship, corporate due diligence and more. In the UK, the PRA led the way on the measurement and management of climate-related financial risk for banks and insurers, with the EU forging ahead on taxonomies, labels and definitions. Both are now gaining pace across the piece, with the UK seeking to position itself as the first net zero economy. In the US, from a slow start, regulatory developments have accelerated significantly under the Biden administration.
Climate-related financial risk
Climate-related risks have the potential to undermine the safety and soundness of both firms and the wider economy. Banks and insurers are required to embed consideration of sustainability factors into their risk frameworks and stress testing. Banks and insurers should understand their own and their clients’ exposures when determining their strategy and business model. Longer term changes to capital and solvency requirements are under consideration.
Taxonomies are expanding in both number and technical detail. The initial focus was on environmental objectives but proposals are now being developed in the EU for how best to reflect the “S”.
Reporting & disclosures
Requirements for corporate reporting and other ESG disclosures continue to expand. Regulators and standard-setters seek comparability and consistency, to provide investors and other stakeholders with the transparency they require, to minimise the risks of greenwashing, and where possible to harmonise global standards. The scope of reporting and disclosures will grow to incorporate social and nature-related risks.
Product labels and standards
Mandatory product labels are being developed, which will impact the use of current industry labelling frameworks across all sectors. Work continues on the EU Green Bond Standard and, the EU Ecolabel, and mandatory product labels will be developed in the UK.
Data and ratings
Regulated financial indices and benchmarks are developing, and there are calls for ESG data and rating providers to be regulated. Providers of ESG ratings and data should expect to come under increased regulatory scrutiny. Both ESMA and the FCA are looking at the way ratings agencies incorporate ESG factors into their methodologies.
With firms needing to deliver on their own or government net zero commitments, and present credible net zero transition plans, they are likely to turn to carbon markets as part of the solution. However, there is a patchwork of regulation and calls for greater consistency and transparency.
Portfolio management and advice
As well as being subject to the SFDR disclosure requirements, EU buy-side market participants now need to meet new requirements regarding the integration of sustainability risks and factors. EU MiFID firms need to consider clients’ sustainability preferences and, from November, new product governance obligations.
Considerations for firms
- Have we considered the full range of new regulations or amendments that will impact us directly or indirectly, and are we on track to update our approach to meet clients’ and supervisors’ expectations?
- Do we understand the extent of our own and our clients’ ESG exposures?
The development of taxonomies is intended to create consistent definitions for what can be considered as environmentally (or, in future, socially) sustainable. From 1 January 2022, EU firms are required to consider their alignment with the first two environmental objectives (climate risk mitigation and adaptation) of the EU Taxonomy Regulation. Gas and nuclear will be included in the Taxonomy as transitional activities under the Complementary Climate Delegated Regulation which will come into force on 1 January 2023. Requirements for the remaining four environmental objectives are expected to apply from January 2023 although Level 2 rules have yet to be issued. The Platform for Sustainable Finance has issued its final report on an EU Social Taxonomy – this will be challenging to implement and no clear timeline has been set out. Work on a UK Green Taxonomy is underway, as announced under the Government’s Greening Finance Roadmap in October 2021. The UK taxonomy is likely to follow the EU in terms of structure and objectives but specific definitions and treatment of the economic activities covered may diverge. Consultation on the first two objectives is due imminently, with legislation targeted by the end of 2022. Legislation on the first two objectives was expected by the end of 2022 but may be delayed. Consultation/legislation on the remaining objectives will then follow.
Reporting & disclosures
Corporate reporting: The new International Sustainability Standards Board (ISSB) has published its first two exposure drafts, building on the TCFD recommendations and providing an IFRS-style framework. Further standards will follow. TCFD-aligned disclosures are now mandatory for the largest UK firms, for accounting periods beginning on or after 1 January 2022, and requirements will extend to smaller firms over time. The EU’s proposed Corporate Sustainability Reporting Directive is being finalised – from 2024 it will apply to companies already subject to the Non-Financial Reporting Directive (NFRD). From 2025 it will then apply to large companies not subject to the NFRD, and from 2026 to certain additional companies. In May, the European Financial Reporting Advisory Group (EFRAG) delivered draft European Sustainability Reporting Standards (cross-cutting and topical) which will underpin the CSRD. And in the US, the SEC has published proposals to enhance and standardise climate-related disclosures for investors. Firms operating in multiple jurisdictions will need to assess the extent of convergence/divergence of reporting requirements – noting that there may be some provisions which enable compliance with one set of requirements to fulfil respective requirements in another jurisdiction. Common points of discussion are around whether to apply double or single materiality, thresholds and proportionality for reporting, and reporting on Scope 1, 2 and 3 emissions.
Market and client disclosures: Following publication of the EBA’s Final Draft Implementing Technical Standards for Pillar 3 ESG disclosures, EU banks will start to make quantitative and qualitative disclosures from June 2022, with scope expanding to 2024 when they will also have to report on their green asset ratio (GAR) and banking taxonomy alignment ratio (BTAR). Buy-side firms’ implementation of EU SFDR continues, ahead of the Level 2 rules coming into force from January 2023. The FCA will consult further in the autumn on the new Sustainability Disclosure Requirements (SDR) for asset owners and asset managers. SDR will build on the FCA’s application of the TCFD recommendations and incorporate ISSB standards, but the FCA also recognises that many UK firms’ EU operations are impacted by EU SFDR.
Transition planning: From 2023, the largest UK companies will be required to have a net zero transition plan. The Transition Planning Taskforce has a two year mandate to develop a gold standard for transition plans – the FCA will be actively involved. The Glasgow Financial Alliance for Net Zero (GFANZ) and the ISSB are also preparing guidance. The UK’s expectations on transition plans are likely to drive similar requirements in other countries/regions.
Expanding scope: The Task Force for Nature-related Disclosures (TNFD) has issued a beta framework and guidance which will be iterated several times until publication of the final framework in 2023. Reporting and disclosure requirements (e.g. EBA Pillar 3 disclosures, ISSB etc.) will expand over time to include the “S”.
Product labels and standards
The final EU Green Bond Standard (EU GBS) is yet to be issued. ESMA welcomed the potential of the proposals to help channel investment flows towards more sustainable activities, but noted challenges in three key areas: the timing of implementing measures — so-called “level 2” deliverables, the functioning of third country regimes and the appropriateness of the resourcing and funding model provided for ESMA's supervision, taking into account the need for external verifiers for third country regimes. The legislative proposal for an EU Ecolabel has been delayed due to ongoing work on Level 2 rules under the EU Taxonomy Regulation and SFDR. Meanwhile, an increasing number of national regulators are expressing concerns about how investment products are being marketed and are taking action. In the UK, in addition to the new SDR, the FCA has proposed a set of mandatory product labels. Pan-European operators may also have to adopt the new UK labels for any products manufactured or marketed in the UK. Meanwhile, we may see further commentary from regulators about what is required for a product to fall within SFDR Articles 8 and 9.
Data and ratings
IOSCO has called for oversight of ESG ratings and data product providers and published 10 recommendations aiming to increase trust in ESG ratings and data across: possible regulatory and supervisory approaches, internal processes for ratings and data providers, use of ratings and data products and the interactions of ESG ratings and data product providers with entities subject to assessment such providers. The FCA contributed to IOSCO’s work and issued a Feedback Statement in June which supports bringing ESG data and ratings providers within its regulatory perimeter. ESMA’s call for evidence on the markets structure of ESG rating providers in the EU found an immature but growing market which, following several years of consolidation, has seen the emergence of a small number of large non-EU headquartered providers. ESMA’s work, together with a further targeted consultation by the EC will feed into the development of appropriate regulatory safeguards and potential supervisory approaches for ESG ratings providers, which, as in the UK, are currently outside the regulatory perimeter.
Regulators are monitoring EU carbon markets closely as firms try to meet net zero targets. ESMA published its final report in response to the European Commission’s request for analysis of the trading of emission allowances and emission allowance derivatives. ESMA found no abnormality in the functioning of the EU carbon market from a financial supervisory perspective, but put forward a number of policy recommendations to improve market transparency and monitoring. It also identified two possible courses of actions for the European Commission to consider regarding the introduction of position limits on carbon derivatives – potentially through the legislative framework – and centralised market monitoring of the carbon market at EU level. The EU Commission will continue to work closely with national authorities to monitor developments. The UK’s consultation on developing its ETS has closed – proposals included alignment of the UK ETS cap with the UK's net zero target, extending coverage to include the domestic maritime and waste sectors, bringing methane and other greenhouse gases within scope, and the introduction of a Carbon Border Adjustment Mechanism (CBAM). The EU CBAM is more advanced in its development, having been approved by the EU Commission in March 2022 for phasing-in from 2023 with charges applied from 2026.
Portfolio management and advice
Since August 2022, amendments to Level 2 requirements for EU UCITS Management Companies, AIFMs and MiFID investment firms require them to integrate sustainability risks and sustainability factors into their approach. Firms need to take account of them across various areas including decision-making procedures and organisational structures, risk management, due diligence, resources, and conflicts of interest. The new requirements make the link between the Principal Adverse Indicators (PAIs) under the SFDR and the due diligence requirements for UCITS Man Cos and AIFMs. For MiFID investment firms, the amendments also introduce the concept of “sustainability preferences” into the investment advice and suitability process, as well new product governance requirements on manufacturers and distributors (the latter will apply from November 2022). Firms need to consider clients’ sustainability preferences in addition to their risk tolerance, and apply them to investment objectives. In the context of these developments there are also proposed EU guidelines that build on the new requirements. ESMA finalised updated guidelines regarding suitability in September 2022 and is expected to publish revised product governance in Q3 2022 and Q1 2023 respectively.
The development of new or recalibrated rules was put on hold because of the pandemic, but regulators have swung back into action.
Prudential frameworks are being finalised, refined and expanded as regulators seek to maintain and build on the resilience built up since the Global Financial Crisis (GFC). The pandemic and geopolitical uncertainty as a result of Russia’s invasion of Ukraine have reinforced the need to maintain robust levels of capital and liquidity. Supervisors are focused on credit exposures and provisions which may not yet fully reflect COVID-19 impacts and are now compounded by economic conditions.
Financial firms were relatively resilient through the pandemic indicating that measures put in place after the GFC to boost financial resilience (together with decisive central bank and government actions) have been effective. However, the operating environment remains uncertain, and broad structural changes – such as an acceleration of digitalisation (see Regulating digital finance) could amplify challenges faced by individual firms as they recover from the impacts of COVID-19.
Against this backdrop, supervisors are focused on maintaining robust levels of financial resilience. Implementation of remaining framework elements will be completed (e.g. Basel 4) and existing requirements are under review (Solvency II). New frameworks will be introduced (e.g. resolution for insurers). Regulators are also focused on emerging and escalating areas of risk such as climate and cryptoassets and are considering how best to reflect these in prudential frameworks. Stress testing will play a key role in monitoring banks’ and insurers’ vulnerabilities.
Banks must now focus on implementation of the final Basel reforms (Basel 4 or Basel 3.1) over a multi-year period. Calls for proportionality and consideration of local specificities may result in regional variations, adding to the complexity for banks operating across borders. Resolution and leverage ratio frameworks for banks are largely complete, but will be subject to ongoing review and refinement. A proportionate prudential regime for smaller firms is being developed in the UK, to reduce regulatory burden and encourage competition. And model risk management practices are under scrutiny.
Insurers will need to monitor closely as discussions develop, at global, regional and national levels, on how solvency rules should be recalibrated. Regulators are also focusing on the development of targeted resolution frameworks.
Capital requirements for most MiFID investment firms have now changed in both the UK and the EU. These firms are no longer subject to rules that were predominantly designed for banks. The new prudential regimes have streamlined the previous requirements. All firms should have re-assessed their capital requirements and updated their reporting systems.
Considerations for firms
- Have we clearly mapped and implemented the requirements for new or recalibrated prudential frameworks?
- Have we considered how to manage potentially divergent requirements across jurisdictions?
The EU Commission has published its CRR3/CRD6 proposals to implement the final Basel reforms, though these remain subject to negotiation and adoption, with concerns raised by, among others, the ECB. The PRA’s consultation on UK implementation will be issued in Q4 2022 with final policy in 2023. The EU and UK are both expected to target implementation from 1 January 2025 with phasing in of the output floor to 2030. However, the prospect of differing requirements in different jurisdictions is a significant concern for globally active banks and could significantly increase the complexity of implementation.
Regulators in both the UK and EU are reviewing capital and liquidity buffers to understand better why banks were reluctant to use them during the pandemic and potentially make changes.
Recovery and Resolution frameworks are largely complete but continue to be refined and updated. The BoE’s first public statement on the resolvability of major UK banks (in June 2022 following submission of self-assessments in October 2021) noted significant progress in enhancing and embedding preparations for resolution, with banks in a fundamentally better place than at the start of the GFC, however, there is still more to do. Revisions to OCIR policy will come into effect on 1 January 2023 and end-state MREL requirements are being phased in – they are now in force for larger firms and will apply for mid-tier firms from 2023 with a transitional approach for the smallest firms. UK banks and relevant third country branches with trading activity that could affect the financial stability of the UK must meet the expectations of the PRA’s new policy on Trading activity wind-down (TWD) by 3 March 2025. The EU has reached provisional agreement on the “Daisy Chain” proposal (part of the 2021 Banking Package) to introduce targeted amendments to improve the resolvability of banks. Subject to adoption this would amend the CRR and may result in changes to the BRRD pending the outcome of the European Commission’s review, expected in 2022.
A new “strong and simple” regime for banks and building societies that are neither systemic nor internationally active (i.e. limit activities to providing standard lending or deposit banking products to UK customers) will be introduced in the UK. The initial consultation considered the definition of in-scope firms, with further consultations to follow in 2023 and 2024 on non-capital and capital-related aspects.
The PRA has identified weaknesses in model risk management (MRM) frameworks across development, testing, validation, change management, and governance. As a result, firms should expect increased focus on the effectiveness of their MRM practices and remediation actions. Work will continue with firms on their IRB model review processes and updating of IRB permissions. In response to increasing reliance on internal models and increasing sophistication of modelling techniques, the PRA is consulting on a new overarching supervisory framework setting out all its expectations, rules and requirements on model governance, model validation and general model risk management. The EU is more advanced in its work on internal models, with the ECB’s targeted review (TRIM) programme completing in 2021.
The European Commission adopted a legislative package on the Solvency II review on 22 September 2021, comprising: i) a legislative proposal for amendments to Solvency II Directive, ii) a legislative proposal for an Insurance Recovery and Resolution Directive (IRRD) and iii) a communication on the upcoming amendments to the Solvency II delegated acts and the issue of IGS minimum harmonisation. The European Council and European Parliament have both issued amendments to the Commission’s proposals. As part of the review of Solvency II, EIOPA will map where changes are needed to its guidelines and technical standards. Between 2022 and 2024 changes will be made to level 3 measures reflecting updates to the directive and delegated regulations, as well as amendments arising from experience. The IRRD aims to address the lack of harmonised processes at EU level and will create a framework based on prevention and preparation. Insurers and reinsurers will be required to develop pre-emptive recovery plans. National resolution authorities will be designated in each Member State with tools and powers to intervene at an early stage if a firm’s financial position is deteriorating.
In the UK, HMT has consulted on reforms to the UK version of Solvency II. It seeks to reform the calculation of the risk margin (leading to a substantial reduction for long-term life insurers of around 60-70%, and reduction by 30% for general insurers). The PRA also seeks to introduce a Credit Risk Premium as part of the calculation of the fundamental spread which is relevant to insurers using the matching adjustment. The Government also seeks to widen the scope of assets eligible for the matching adjustment to include infrastructure. The consultation also identifies a meaningful reduction in the current reporting and administration burden on firms.
Wealth and Asset Management
The UK and the EU have now introduced new prudential regimes for MiFID investment firms. These new rules replace the previous requirements under the Capital Requirements Directive and Capital Requirements Regulation.
Although there are differences between the UK and the EU approaches, the two frameworks will deliver similar overall outcomes and aim to introduce streamlined and bespoke capital requirements for investment firms.
In the EU, the Investment Firms Regulation (IFR) and Investment Firms Directive (IFD) introduced the new framework from June 2021. Over time, new guidelines are being introduced, for example regarding the SREP. In the UK, the Investment Firms Prudential Regime (IFPR) came into force in January 2022. Separately, over the course of 2021 the FCA stepped up its supervisory monitoring of firms’ financial resilience through its survey work.
Climate & capital frameworks
The PRA is considering whether changes need to be made to the capital framework to more accurately reflect climate-related risk. Existing ICAAP and ORSA frameworks are only partially adequate in capturing the effects of climate risk for regulatory capital purposes and the PRA has set out possible solutions including further add-ons for firms with significant weaknesses, amendments to frameworks or calculations and a system-wide capital buffer. In 2022, the PRA will determine whether capital changes are best enforced through modifications to internationally-driven or domestic Pillar 2 requirements and will determine what changes are required to insurers’ Solvency Capital Requirement (SCR) calculations. The EBA has issued a Discussion Paper on integrating environmental risks into the Pillar 1 capital framework. In future social risks may also be covered.
The pandemic has encouraged moves towards digital finance and the widening use of technology. However, regulators are attuned to the risks of new technologies and increased digitalisation as well as the benefits. They are considering how to adjust regulation for the digital world, including the trading and settlement of digital assets.
The trend in digitalisation – doing more things in a digital way rather than on paper or face-to-face – has accelerated rapidly. There has been an increase in online investment tools, and communications are becoming more immediate. Online descriptions of services and products can be dynamic and customised, and therefore more engaging and educative, but also more persuasive.
The digitalisation of client onboarding has increased, including digital know-your-customer (KYC) checks. The use of different forms of digital identity is spreading and regulators’ interest is increasing.
Fundamental building blocks underpinning all technologies and digitalisation are infrastructure and data. Firms need to ensure the integrity of databases, to have the expertise to store and analyse them, and to have in place good governance and controls. They also need to protect customers’ and market confidential data and to share them, to be able to deliver services more efficiently and across borders. This raises legal challenges, which regulators continue to debate.
New technologies bring new and emerging risks. Firms need to think innovatively about how to identify, measure and manage these risks, including the use of new techniques and tools.
Crypto-assets & CBDCs
The accelerating growth of crypto-assets and decentralised finance (DeFi) raises the concerns of financial regulators on issues of consumer protection, financial stability and monetary policy. However, regulators are encouraging innovation in the use of the underlying distributed ledger technology (DLT) in bring efficiencies to the infrastructure and operations of financial markets. Central banks are exploring the use of central bank digital currencies.
Artificial intelligence and machine learning
As more financial services are delivered digitally, more data is generated and artificial intelligence and machine learning techniques can be used to bring efficiency to firms’ processes, analyse large amounts of data, for example, to help in modelling, and personalise the delivery of services to customers. Financial Regulators have issued guidelines on its use but actual regulation could come from other areas of government as concerns around the use of AI is not confined to financial services.
Platformisation, Big Tech in Finance
In the last few years there has been a notable entrance of big tech players into finance, offering a variety of platform-based services directly to consumers as well as becoming critical third party providers to traditional financial services firms. Unlike traditional financial services firms, which are designed to operate exclusively within the financial services domain, some big tech firms are choosing to develop and distribute financial products as part of their wider portfolio of existing activities. Policy makers and regulators are having to examine whether the currently regulatory framework is fit for purpose.
Data sharing and innovation
Open Banking is seen as a successful driver of innovative products and services for consumer. Regulators and policy makers now embedding and refining the regime and they are considering whether the principles of data sharing contained with the open banking initiative can be widened further into the sector to build an ‘Open Finance’ framework.
Considerations for firms
- Do we have a clear governance and control framework around the use of machine learning and AI?
- Have we considered potential future regulatory impacts of holding or operating with crypto-assets?
Crypto assets and CBDCs
Regulation is developing to bring crypto-assets within the regulatory perimeter. In the EU, the Markets In Crypto-assets (MICA) regulation will provide a regulatory and supervisory framework for stablecoins and unbacked cryptoassets. In the UK, HMT has confirmed that stablecoins will be regulated by amending e-money and payment services legislation. The FCA held an innovative ‘Crypto-sprint’ to gain industry input into crypto-asset regulation that will be consulted upon formally later in the year.
The second BCBS consultation on a prudential framework for crypto-assets continues to propose a conservative capital treatment. The PRA has already asked firms to consider how the existing prudential framework should be used to manage the risks associated with crypto-asset activity.
Regulators continue to warn consumers that these assets are not generally suitable as an investment or as a means of payment or exchange, and in the UK the financial promotions regime will be updated so that crypto-assets can only be promoted by authorised firm or after being approved by authorised firm.
However, firms are being encouraged to experiment using DLT in financial market infrastructure by a regulatory sandbox in the UK and the EU Pilot Regime.
The 2021 BIS survey showed most central banks are exploring CBDCs and that more than a half are developing or running concrete digital currency pilots. Many are exploring a CBDC ecosystem that involves private sector collaboration, particularly for customer facing activities, and interoperability with existing payment systems.
Artificial Intelligence and machine learning
Over the past year, a number of different regulators (IOSCO, EIOPA, BaFIN, BoE/FCA AI Public Private Forum) have issued guidelines and best practice on the use of AI in financial services. Common actions for firms fall into three main areas: data quality and governance – that data should be of sufficient quality to prevent biases and sufficiently broad to obtain logical results while still complying with data protection requirements; that models need to be designed so that they don’t reinforce biases, firms need to strive to use explainable and transparent AI models and all new models should be reviewed and signed-off; and that firms need to have a governance framework that allows for senior management oversight of the development, testing, deployment, monitoring and controls of AI and ML.
The BoE and the FCA will publish a joint Discussion Paper later in the year considering the appropriate role of regulators in supervising potential data and systemic risks which stem from firms' use of AI or machine learning systems.
The Artificial Intelligence Act proposed by the European Commission classifies AI activities into four tiers of risk with increasing levels of requirements, starting with transparency and voluntary codes of conducts, and escalating to ex-ante conformity assessments and ex-post quality and risk assessments and monitoring. Market participants’ feedback is that that there needs to be clarity on how the Act interacts with other cross-sectoral legislation such as GDPR and that it needs to be principles-based to future-proof requirements as the technology develops.
In the UK, the Office for AI (a collaboration between the DDCMS and BEIS), will set out a proposal for governing and regulating AI in a White Paper in 2022.
Platformisation, Big Tech in Finance
BigTech (technology conglomerates with extensive customer networks or platforms with core businesses in social media, telecommunications, internet search and e-commerce) can use the strong network effects and large amounts of consumer data they have to deliver tailored financial services and financial services to those underserved by traditional financial services. However, their expansion into financial services could happen very quickly and financial regulators are concerned this could cause risks to financial stability. This is compounded by the fact that although financial services offered by BigTechs may be subject to some activity-based regulations, BigTech firms themselves tend not be subject to comprehensive group regulations or oversight.
An area of particular concern to regulators is the provision of cloud services to financial services entities, where a strong dependence on only a few providers poses risks to the overall operational resilience of financial services – see more detail in Strengthening operational resilience.
Policy makers and regulators are considering how to manage these risks with a combination of entity- and activity-based regulation. The proposed EU Digital Services and Digital Market Acts contain targeted powers over platform providers and online gatekeepers. The draft UK Digital Markets, Competition and Consumer Bill would designate BigTech firms as having ‘Strategic Market Status’, obliging them to not abuse their dominant positions at the expense of consumers and other businesses.
The UK Financial Services & Markets Bill proposes to give rule-making and supervisory powers over critical third parties in the financial sector to the financial regulators.
Data sharing and innovation
In the UK, HMT, the CMA and the FCA want to build on the initial success of Open Banking and ensure it continues to support innovation and greater competition for consumers and businesses. They have outlined plans for the regulatory oversight framework of a successor body to the Open Banking Implementation Entity (OBIE) that will develop existing standards and deliver new proposals beyond those required under current regulations.
The European Commission is consulting on small changes to its Open Banking framework that would be implemented in a wider legislative proposal revising PSD2.
Building on the Open Banking framework, regulators are keen to develop ‘Open Finance’ that would allow consumers and SMEs to access and share their data on a wider range of financial products with third party providers. In the UK, the proposed Data Reform Bill will create a clearer regulatory environment for personal data that could help drive the adoption of Open Finance.
In the EU, the European Commission is consulting on how to develop open finance while retaining customer protection. The consultation also seeks views on the sharing of supervisory data for research and innovation and the possibility for financial institutions to exchange information and data to improve risk monitoring or compliance, while protecting data confidentiality.
The UK Government is also considering a framework for pension dashboards to allow easier access to pension information.
Regulators have long expected firms to manage operational risks and have in place business continuity and disaster recovery plans. However, operational resilience is now much broader than this and is becoming a key driver of investment and business strategy. Financial regulators view operational resilience for firms on an equal footing with, and as a key driver of, financial resilience and recognise that poor resilience has the potential to impact not only individual firms and wider financial stability, but also to cause significant customer detriment.
Regulators require firms to demonstrate end-to-end operational resilience (including cyber resilience) in their key business activities, to prevent severe disruption and maintain financial stability. Strong governance and accountability is expected, as is robust testing of disruption scenarios. Firms must consider the possibility of multiple concurrent disruptions and the emergence of new threats and vulnerabilities. Extreme events arising from climate change, from floods to wildfires to unexpected snowstorms, could impact physical operations and geopolitical events could challenge operating models. Regulatory authorities have realised that a broader approach to operational resilience — incorporating equally important components such as people, processes, technology and information — is needed. Underpinning all the regulatory initiatives is the common desire to create a financial services sector that is more resilient to disruption, hence reducing the potential for wider contagion, financial instability and harm to end-customers.
The EU and UK have set out clear expectations for regulated firms. However resilience expectations are now extending to a wider range of participants operating in the financial sector. For more on the operational resilience of FMIs see, Delivering Financial Infrastructure. Cloud service providers and critical third parties are under scrutiny.
Critical/important business services and impact testing
New rules highlight the importance of identifying severe but plausible tailored scenarios, and of performing stress-tests to reveal weaknesses in operating models. Firms are required to define the amount of disruption that they would be willing to tolerate and to monitor and measure their ability to remain within these tolerances.
Additional demands on systems, processes and data have increased regulators’ focus on firms’ technological resilience. The draft EU Digital Operational Resilience Regulation (DORA) proposes multiple measures to harmonise ICT resilience requirements, with consequential amendments to other legislation. Cyber security remains critical, particularly with accelerated adoption of technology and increasing sophistication of external bad actors.
Third Party Risk
Outsourcing policies have been in place for some time, but regulatory requirements are now expanding in the EU and the UK, reflecting the growing reliance on and stability risks posed by cloud and other Critical Third Party Providers (CTPPs). New types of firms are likely to be brought within the regulatory perimeter in order to mitigate these risks.
Considerations for firms
- Do we have a clear view of the resilience of our end to end processes for important or critical services, including third party dependencies?
- Have we understood, documented and tested our tolerance for disruptions and our ability to recover?
Critical services & impact testing
Regulators in both the UK and EU agree on the need for firms to prioritise the resilience of their most critical services and operations and to minimise the effects of disruption on customers. In the UK, the requirements set out by the PRA, BoE and FCA in 2021 will be implemented from March 2022 to March 2025. In-scope firms must identify and catalogue their important business services, define impact tolerances for disruption to these services and test whether they are able to remain within tolerance when under stress. Strong governance and accountability, service mapping, definition of impact tolerances and scenario testing are required to maintain financial stability and minimise harm to customers. For banks, national/regional authorities will be responsible for creating their own frameworks to deliver against the expectations for banks set out in the high level BCBS Principles for Operational Resilience.
The final text of the EU’s Digital Operational Resilience Act (DORA) is expected shortly and will attempt to streamline and harmonise the way financial entities and technology providers manage and mitigate technology risks. DORA will apply to a wide range of financial entities operating in the EU and interact with several existing regulations including CRD, MiFID II, Solvency II, UCITS and AIFMD. The legislative proposal was presented by the European Commission in September 2020, and a provisional agreement reached by the European Parliament and Council in May 2022, marking a major step in the journey to finalising the rules. Once the DORA proposal is formally adopted, it will be passed into law by each EU member state. Amendments are expected to increase alignment with industry considerations in ensuring that DORA is risk-based and proportionate. The implementation period has been extended from 12 to 24 months, and several Regulatory Technical Standards will need to be drafted to underpin the legislation, meaning that completion of DORA will still take a number of years.
Cyber events continue to present significant risk to service continuity. 79% of respondents to the Bank of England’s 2022 H1 Systemic Risk Survey cited the threat of cyber attacks in their top five risks. UK regulators will continue to conduct firm-specific CBEST penetration testing and will carry out a voluntary cyber stress test for systemic contributors in the end-to-end payments chain. They will also co-ordinate on longer term approaches to supervising cyber risk. In 2022, EIOPA will follow up on possible developments regarding a cyber-risk framework. In May 2022, political agreement was reached between the EU Parliament and Member States on measures for a high common level of cybersecurity across the Union (the NIS 2 Directive) proposed by the Commission in December 2020. The Commission has been consulting on its proposal for a Cyber Resilience Act. In the US, the SEC also released proposed rules for public company cybersecurity that would establish new requirements around cybersecurity risk management policies and procedures, incident reporting and disclosures.
Third Party Risk
Regulatory Scrutiny of third party relationships and risk management is increasing. The new PRA rules create a holistic framework for managing outsourcing and third party risk with specific requirements around governance, materiality, risk assessment, data security, and business continuity and exit planning. In the EU, DORA will build on the outsourcing Guidelines already issued by the ESAs (EBA, ESMA and EIOPA) to strengthen oversight and monitoring of third-party ICT.
The regulatory perimeter is expanding, with non-financial firms increasingly providing essential services to the financial sector. Concern continues to grow around the reliance of financial firms on a small number of third party providers. A joint BoE, PRA and FCA discussion paper proposes measures to enhance the oversight of systemic risks from Critical Third Party Providers (CTPPs) and implements the regulatory framework proposed by HMT in the Financial Services & Markets Bill. Under DORA, critical third-country ICT service providers to financial entities in the EU will be required to establish a subsidiary within the EU so that oversight can be properly implemented.
FMIs are going through a period of significant change as their importance across the financial services ecosystem grows. They have a critical role to play in making financial transactions more efficient and helping to manage risk in the system. Across the financial sector, the need for scale and efficiency has increased in FMIs and is likely to lead to opportunities for consolidation. Increasing use of technology assists with efficiency and scale but can increase cyber risk.
However, against this backdrop of opportunities, regulatory and supervisory scrutiny of FMIs is increasing due to the developing complexity and interconnectedness of markets and FMIs critical role in the smooth and stable functioning of markets and delivery of financial services.
Clearing Houses or central counterparties (CCPs) are now seen as an essential part of financial market infrastructure and generally worked well during the market disruption caused by the onset of the COVID pandemic. However regulators are still exploring the role of margin in the ‘dash for cash’. CCPs’ growing importance is also reflected by developments in stress testing and recovery and resolution regulations.
Market data (information on prices, bids, quotes, volumes of traded financial instruments and benchmarks and indices) is becoming increasingly important to financial market participants in informing trading and investment strategies and meeting regulatory and disclosure obligations. Many regulators are concerned about the cost, access and reliability of this data and are proposing amendments to existing regulation, considering new regulation and investigating competition issues. These changes could have impacts on the business models of both the data providers and consumers.
The payments infrastructure continues to evolve to keep pace with increasing digitalisation and the opportunities and risks this brings. In the UK, work continues on the delivery of a New Payments Architecture (NPA) and the renewal of the real time gross settlement (RTGS) service so that it remains fit for purpose in a digital age. Regulators and policymakers are examining ways to ensure that users are adequately protected when using payment systems and services. They are also keeping a keen eye on the continued need for access to cash.
Considerations for firms
- Is our organisation structured to deal with the increasing regulatory change and supervisory scrutiny in the FMI sector?
A joint workstream of the BCBS, CPMI and IOSCO continues to consider whether market participants were fully prepared for the margin calls they experienced at the onset of the COVID pandemic, their ability to liquidate assets to meet margin calls under stressed conditions, and the role of margining practices in amplifying the ‘dash for cash’. Volatility in the commodity markets following Russia's invasion of Ukraine prompted large margin calls and has further increased the regulatory focus on margin. ESMA is consulting on revision of the current calibration of the Anti-Procyclicality tools in the EMIR regulatory technical standards. CCPs and clearing members should expect greater supervisory scrutiny around their measures to limit pro-cyclicality and their operational management of margin and liquidity.
ESMA’s fourth CCP stress test addresses credit and concentration risks and, for the first time, covers operational risk. ESMA has also called for evidence on climate stress testing for CCPs. The BoE will conclude its first supervisory stress test of UK CCPs in 2022 and use the results to further develop its CCP supervisory stress testing framework.
Given the importance and interconnectedness of CCPs to financial stability, the FSB, again in coordination with CPMI and IOSCO, continues to review the sufficiency of the existing toolkit for CCP resolution, in particular in non-default loss scenarios. HMT, through the Financial Services & Markets Bill, will expand the UK resolution regime for CCPs to align it with the latest FSB guidance. ESMA has published its final report of regulatory technical standards and guidelines for implementation of the EU CCP Recovery and Resolution regime.
Regulatory frameworks that have been implemented in more established sectors, such as banking and insurance, are now being implemented or considered for CCPs. The BoE will be reviewing CCPs’ implementation of new UK operational resilience standards that came into force in April 2022. The BoE and HMT are considering how to implement the Senior Managers and Certification Regime for FMIs including CCPs.
Looking further ahead, CCPs are assessing the potential of new technologies, such as distributed ledger technology and cloud computing, to enhance the efficiency of IT processes and their integration into the wider market infrastructure. Regulators are likely to want CCPs to consider the operational and cyber resilience impacts of these new technologies, including oversight of critical third parties. They are also considering the role of CCPs in relation to crypto-assets.
Cross border access to CCPs is considered further in Redrawing the EU-UK border.
The FCA is concerned that that competition issues in the provision of market data may be leading to high pricing. This cost is either passed on to the end investor or limits access to data leading to less informed investment decisions by firms and consumers. The FCA is investigating whether high trading data costs and complex licensing terms and conditions are creating harm to users, in order to decide whether further guidance or policy action is needed. It will also carry out market studies on benchmarks and credit ratings provisions.
MiFID II/MiFIR set up the regulatory framework for consolidated tape of prices and volumes of financial instruments in the EU and this framework was also onshored in the UK post-Brexit. However, a consolidated tape has not emerged in either jurisdiction. As part of its November 2021 package of measures to promote growing retail participation in capital markets, the European Commission proposed a number of amendments to the MiFID II/MiFIR framework to encourage the emergence of a consolidated tape in the EU. HMT is amending legislation in the UK so that the FCA will be responsible for setting the requirements for the multiple competitive consolidated tape providers that HMT believes will deliver the best solution. Regulatory changes in both these areas could impact the business models of both data providers and consumers and is also likely to lead to changes in pre-and post trade data reporting formats and requirements.
For more information on ESG Data and Rating providers see Delivering sustainable finance.
There is continued activity in payments infrastructure, at both the low and high value ends of the spectrum. UK policymakers and regulators are seeking to establish a future-proofed payments infrastructure that is resilient, accessible, and functional with wide interoperability. The BoE continues its plans for the renewal of the RTGS service, moving to enhanced ISO 20022 for CHAPS payments (2023) with a new core settlement engine (2024). It is also proposing a new tariff framework for RTGS and CHAPS.
The PSR and Pay.UK continue work on transforming the retail interbank payments network into the New Payments Architecture (NPA) to deliver enhancements to payment services and increase choice. In December 2021, the PSR published an updated regulatory framework for the NPA, designed to minimise risks in the NPA ecosystem (such as monopoly, horizontal competition and vertical competition risks), followed by new Directions which came into force in January 2022 imposing requirements on Pay.UK as the operator of Bacs and Faster Payments. The PSR is also continuing work to strengthen competition between providers of card-acquiring services as they compete more vigorously for merchant business.
Whilst there is a strong focus on electronic payments, there is also continued recognition that access to cash is vital for many consumers and businesses, and regulators are committed to ensuring that cash and its supporting infrastructure is protected. In a joint statement, the BoE and FCA outlined the work that they are doing in this area, including continued monitoring and the exploration of sustainable and appropriate solutions. The FCA is also consulting on updates to strengthen its guidance on branch and ATM closures or conversions. Legislation to protect access to cash is included in the Financial Services and Markets Bill. And the PSR has issued a rule to the LINK ATM network operator requiring them to maintain the broad geographic spread of the UK’s free-to-use cash machine network.
In the EU, the ECB has published a new framework for overseeing electronic payment instruments, schemes and arrangements (PISA). This is designed to replace the Eurosystem's current oversight approach for payment instruments and complement its oversight of payment systems. PISA will also complement EU regulations on crypto-assets (including stablecoins) and international standards for global stablecoins.
In response to market evolution, the European Commission has begun a comprehensive review, including a targeted consultation, of the application and impact of PSDII to assess whether legislation remains fit for purpose and is delivering on its main objectives.
Fighting the rising incidence of fraud and scams is a key priority in the payments sector. The UK Financial Services and Markets Bill includes legislation enabling the PSR to require banks to reimburse authorised push payment scam losses. The PSR also considers the widespread adoption of confirmation of payee in UK payments to be a key priority to prevent certain types of scams and misdirected payments, and introduced new rules in February 2022 allowing more Payment Service Providers to work together to ensure customers are protected by the name-checking service.
The Government and regulators are committed to maintaining the UK’s leadership in the field of Open Banking. In a joint statement, the CMA, FCA and PSR set out their expectations of the entity replacing the Open Banking Implementation Entity (OBIE) and announced the creation of a Joint Regulatory Oversight Committee (JROC) to provide regulatory oversight of the OBIE successor, led by the FCA and PSR . The first meeting of JROC was held in June 2022. The PSR is also pursuing HMT designation of Open Banking payments as a payment system under the 2013 Financial Services (Banking Reform) Act (FSBRA).
The nature of products and services, of how they are delivered, and of communications with customers is changing. The perennial question for regulators about the optimal level of customer protection is now set against challenging economic conditions impacting the cost of living, the need to encourage greater private investment to aid economic recovery, and the increased digitalisation. These factors are driving an upward trend in the level of consumer protection rules being developed by regulators.
Consequently, regulators are increasingly interested in how firms ensure that they are appropriately balancing their own commercial and operational considerations with the needs of end-customers. This interest has a particular focus on it being embedded throughout the firm and at all stages of a product lifecycle and customer journey.
Firms must be able to demonstrate how their culture, strategy, business model, product design and operating model deliver fair treatment to all their customers. We are increasingly seeing this take the form of emerging regulation relating to product governance, assessment of outcomes and value for money/fair value.
New fund structures are being introduced or existing structures adjusted, as European jurisdictions compete for share of market growth and cater for private investment in long-term assets to aid economic recovery. The uncertain economic environment has also increased the number of vulnerable customers and focused the attention of regulators. Many customers will exhibit characteristics of vulnerability at specific points in their lives and they should be able to achieve outcomes that are as good as those of other customers.
Regulators are seeking to move firms’ mindsets away from narrow rules-based compliance to a more holistic assessment of the outcomes that they are generating. This is a new approach, with new rules, under consultation or being implemented, which will have a material impact on firms’ culture, strategy and operating models.
Initially accelerated by the pandemic and now exacerbated by global economic factors impacting the cost of living, we are seeing an increased focus from regulators on developing specific rules relating to the fair treatment of vulnerable customers. This is likely to have a material impact on firms’ existing processes, procedures, product and services as well as on training and development implications for their employees. Associated documentation will also require enhancement.
Value for money
Across most jurisdictions, there is currently no specific regulatory requirement on value for money across all sectors. However, to help protect customers, some regulators are starting to consider whether or how to regulate price and value holistically. This will have a material impact on the products and services firms offer and associated charges, and will reinforce how fairly customers are treated.
Although product governance rules have existed for many European firms since 2018, there is mounting evidence that they are not being implemented or supervised effectively. Therefore, we are seeing consultations on enhancements to (and/or reinforcement of) the rules. This is likely to result in firms needing to develop further existing process and procedures.
Considerations for firms
- Can we evidence (through our culture, strategy, business model, product design and operating model) how we balance our own commercial interests with delivering appropriate outcomes for all our customers?
Focus on outcomes
We are seeing an increasing level of activity, including proposed and final rules, in both the UK and the EU which seek to transition regulation (and supervision) towards greater focus on the outcomes that are being generated for end retail customers. This is a conscious departure from the more traditional regulatory approach that assesses whether a firm complies with specific rules and has appropriate controls to mitigate non-compliance. Such a change requires a mindset shift for firms away from a legalistic and narrow interpretation towards a more subjective and judgement-based consideration of whether their actions deliver good outcomes and support individuals to pursue their financial objectives. This is particularly important as firms consider offering new funds and products that may stretch their existing capabilities. The UK FCA’s Consumer Duty is the most strident of the initiatives – final rules have been published and will come into effect from July 2023. The EC has published a call for evidence seeking to deliver better outcomes for retail investors in capital markets. Further afield, in the US, additional activity is anticipated following a damning report by the US CFPB highlighting a variety of consumer protection breaches during 2021.
The pandemic had a material impact on customers across all sectors of financial services. Regulators moved swiftly to offer additional protection and/or concessions to ease the financial impacts experienced by customers. The many and varied types of vulnerabilities (beyond the traditional narrow definition of physical vulnerabilities) has accelerated thinking about whether more needs to be done to require firms to proactively consider their approaches – both temporary and permanent. In the UK, the FCA has confirmed new guidance which reinforces the need for firms to have fully embedded the identification and treatment of vulnerable customers. The guidance expects consideration of vulnerability at every stage of the customer journey and by every department. Recent economic developments and impacts on the cost of living are re-emphasising the need to do more.
Value for money
For UK and EU firms subject to MiFID and/or IDD, there is a requirement to consider the appropriateness of cost within product governance arrangements as well as an overarching requirement to act in client’s best interests. However, there are currently no explicit cross-cutting rules about consideration of value for money (although there are rules for specific sectors – for example, Authorised Fund Managers in the UK). However, during the pandemic, regulators encouraged firms to consider whether the exceptional circumstances impacted a product’s or service’s utility. This thinking is being developed into consultation papers which would formalise consideration of whether solutions offer value for money in a specific way – for example, EIOPA has set out a framework for delivering better value for money in a consumer-centric way. ESMA has also completed its common supervisory action on costs and fees for investment funds, noting that continued supervisory attention is needed.
MiFID and IDD brought in requirements for firms to develop and maintain a robust and objective product governance framework. Although these requirements have been in place since 2018, supervisory reviews by a number of EU regulators have routinely found that firms are not operating the frameworks as effectively as they should. This is leading to a number of European regulators seeking to enhance/reinforce the requirements such that they afford an appropriate degree of protection to consumers. For example, BaFin is consulting on product intervention measures to address potential consumer harm arising from the volatile futures market. Under the proposed measures, firms would be restricted from marketing or distributing certain products to retail consumers. The EU is also updating its product governance guidelines (see Delivering Sustainable Finance – ESG). Further afield, the Financial Consumer Agency of Canada has published new guidelines which require institutions to implement policies to ensure that they offer and sell products and services appropriate to consumers. For investment funds in the UK and the EU, there is a specific focus on liquidity management, oversight by depositaries, and value for money.
The capital markets in both the EU and the UK are undergoing a period of significant change. The UK leaving the EU has changed the structure and concentration of the market as firms have needed to move operations into the EU. The EU is now undertaking mandatory reviews of the mass of regulation that was implemented post-financial crisis, such as MiFID/MiFIR, and the UK is reviewing on-shored EU regulation to adapt it to the UK market. Both jurisdictions are looking to raise their attractiveness as destinations to raise capital for new and growing companies, by reviewing listings and prospectus regulation.
Concerns linger from the market events of March 2020 and regulators are determined that lessons should be learned. Work to analyse vulnerabilities in non-banks continues, with a particular international focus on liquidity management in open-ended funds. At the same time, the implications of the war in Ukraine have posed new regulatory challenges for market participants.
The first hurdle in the transition away from LIBOR to risk-free rates has been cleared, with a relatively smooth switch in the non-USD markets at the end of 2021, but there is still more to do. Wholesale market participants are also looking ahead to see how technology can help assist the markets in moving towards T+1 settlement, tokenisation, digitisation of data, and greater retail participation.
MiFID II/MiFIR review
When MiFID II/MIFIR came into force in 2018, it represented a comprehensive and profound reshaping of how EU financial markets, products and services were regulated and necessitated large regulatory change management projects within firms. The EU review of the legislation and the UK Wholesale Markets review are unlikely to initiate such large-scale changes but firms working in both jurisdictions will need to carefully manage the likely divergence.
Fund liquidity management
The repercussions of the March 2020 “dash for cash” for open-ended funds in general, and money market funds (MMFs) in particular, are still being considered by policymakers. In the meantime, the financial market implications of the war in Ukraine have underlined the need for fund managers to have sufficient expertise, resources and plans to respond quickly to unexpected developments and meet regulators’ expectations in a robust manner.
Regulatory reforms in both the EU and the UK are looking to reduce the regulatory burden in the primary markets to encourage wider participation in the ownership of public companies as well and improve the quality of information investors receive.
The majority of LIBOR settings ceased at the end of 2021. The FSB noted that the absence of any significant market disruption was a testament to the magnitude of market participants’ efforts and the level of attention from the regulators and industry bodies to support the transition to risk-free-rates. However, firms still need to transition away from the widely used USD LIBOR by mid-2023 and phase out the use of synthetic LIBOR.
Considerations for firms
- Are our regulatory monitoring and change processes set up to deal with diverging UK and EU capital markets regulation?
- Have we critically analysed our experience during the 2020 market stress and reassessed our liquidity risk management framework for each of the funds we manage?
HMT, following consultation, will be taking forward reforms to UK MiFID II. It has prioritised two areas: easing restrictions on where market participants can trade, with removal of the share trading obligation and the double volume cap, and reducing and simplifying the regulatory burden of the regime. Changes to take this forward include recalibrating the pre-and post-trade reporting regimes, changing the Systematic Internaliser calculation from a complex quantitative to a qualitative one and simplifying the commodities derivatives regime. HMT is also committed to supporting the emergence of a consolidated tape of prices and volumes which is consistent with the EC’s proposals for the MiFIR review (see more in the Data regulation section in Redrawing the EU:UK border).
The European Commission’s MiFIR review proposals include changing the double volume cap to a single volume cap, banning payment for order flow to try to improve best execution for investors and similar changes to the pre-and post trade reporting regimes.
The EU and UK proposals will both require legislative changes and amendments to technical standards/the rule book. The Commission's proposals are now being debated and negotiated by the European Parliament and the Council. HMT has included the UK legislative changes in the Financial Services and Markets Bill. ESMA and the FCA will issue further consultations on the technical standards/rule book changes over the next few months. The timing of all these changes is likely to be spread over the next year.
A wider MiFID II review proposal is expected in the near future, and is likely to cover investor protection obligations.
The differences in the proposals may further complicate the operating environment for firms. To plan effectively for the probable change needed to systems (and possibly business models), firms working in both jurisdictions will need to keep track of developments as the proposals are finalised.
Fund liquidity management
Liquidity management approaches and tools remain in the regulatory spotlight. MMF reform has progressed most quickly and following finalisation of the FSB’s proposals last autumn, consultation and discussion papers have now been published in the EU, UK and US. Open-ended funds more broadly have been subject to a longer debate – reviews by the FSB and IOSCO are due to conclude this year but outcomes are less certain. The regulation of exchange-traded funds (ETFs) has also been revisited by IOSCO, but no fundamental changes have been proposed (only good practices to address differences across jurisdictions). As well as tracking longer term regulatory developments, fund managers need to respond quickly to new and unexpected challenges. Russia’s invasion of Ukraine impacted markets and funds with exposure to Russian, Belarussian and Ukrainian assets. UK and EU supervisors have therefore been reiterating their expectations and considering additional options and guidance in this context (for example, the use of side pockets).
The European Commission is consulting on a proposed Listing Act with the aim of simplifying listing requirements to make public capital markets more attractive for EU companies and facilitate access to capital for SMEs. The consultation also reviews the impact of other regulations such as MAR and MiFID II on the listing process and the appropriateness of the current listing regime when considering an IPO via a Special Purpose Acquisition Companies (SPACs). The Commission will also be undertaking post-implementation reviews of the Prospectus and Transparency Directives.
In the UK, HMT and the FCA are implementing the recommendations of Lord Hill’s UK Listing Review and the Kalifa Review of UK Fintech.
The FCA has made changes to the listing regime to remove some of the barriers while still protecting market integrity. The FCA is still considering the feedback provided on the listing regime’s purpose and structure and is expected to lay out next steps shortly. HMT will alter the UK Prospectus Regulation so that prospectuses are not always needed for securities to be admitted to trading on UK markets, for secondary listing and where they have been listed overseas. Once these reforms been implemented the UK prospectus and public offerings regime will significantly diverge from the current EU regime. The reforms should offer companies raising capital in the UK more flexibility. The results of the HMT commission Secondary Captial Raising Review are also likely to prompt further changes to the regulatory framework to make secondary capital raising easier, and more efficient and a Digitisation Taskforce has been established to drive forward the modernisation of the UK’s shareholding framework.
From 1 January 2022, 24 of the 35 LIBOR settings, relating to specific currencies and time periods, are no longer available. Six sterling and yen LIBOR settings will continue for the duration of 2022 in a synthetic form based on risk free rates – the FCA is seeking market participants views on the timing of the winding down of GBP synthetic LIBOR. Regulators will continue to monitor firms wind-down of legacy LIBOR books, likely reviewing for unfair treatment of customers and impact on markets. Firms also need to be prepared to discuss with regulators their preparations for the end of the US LIBOR in June 2023 and evidence that they have ceased new use of US dollar LIBOR. Regulators expect firms to use the most robust alternative reference rates to LIBOR and expect any firm considering the use of credit-sensitive rates to assess the risks carefully. In the US, a federal LIBOR law was enacted on 15 March 2022 providing a solution for legacy contracts that have no workable fallbacks and a safe harbour for lenders who choose SOFR in relevant contracts.
Approaching two years since the end of the post-Brexit transition period, the commercial and operational implications of the new EU-UK border continue to evolve for financial services firms.
Negative impacts to financial markets were avoided at the end of the transition period, in large part due to the preparations undertaken by regulators and market participants. However, regulatory developments since the UK left the EU underline that firms working in the EU, the UK and elsewhere need to continue to monitor regulatory change in both jurisdictions in order to pre-empt disruption to their business and remain compliant.
Governments and regulators continue to work through the implications of the new arrangements, including adapting existing regulatory frameworks and responsibilities. Firms need to be aware of the potential for regulatory divergence and track developments, particularly across fast-growing areas such as sustainable finance.
Outside the EU, the UK is negotiating a Mutual Recognition Agreement (MRA) for financial services with Switzerland to allow the UK and Switzerland to defer to each other in regulation and supervision of firms undertaking cross border financial services. The UK Financial Services & Markets Bill will legislate to allow an MRA framework, as the UK hopes, in the future, to enter into MRAs with other jurisdictions.
Delegation of portfolio management
Following recommendations from ESMA, towards the end of 2021 the European Commission set out proposals to clarify the delegation rules within the AIFMD and the UCITS Directive. Asset managers should continue to factor the ongoing debate on delegation and ‘substance’ into their thinking.
Fund marketing and distribution
Amid a trend of jurisdictions introducing new or amended fund structures, questions remain around cross-border market access. While existing EU funds can continue to market in the UK if they are registered under the Temporary Marketing Permissions Regime, the final framework for the UK’s Overseas Funds Regime is still to be operationalised. The details may determine how firms structure their operations.
Regulated markets and clearing
EU firms’ ability to access services in third countries and the corresponding regulatory treatment continues to evolve. The Commission has extended equivalence for UK CCPs until June 2025, amended its 2021 equivalence decision for US CCPs and recognised exchanges supervised by the SEC as equivalent to EU regulated markets.
In the absence of equivalence determinations, cross border access to professional clients remains largely the responsibility of national regulators. For the banking industry this may change under proposed amendments. More broadly, EU authorities continue to focus on reverse solicitation and ‘substance’ in EU entities. In the UK, regulators are working through applications from firms in the Temporary Permissions Regime (TPR). Looking ahead, the overseas market access framework in the UK is currently being reviewed by HMT.
Considerations for firms
- Have we reviewed what “substance” we have in each jurisdiction and whether it is sufficient to meet evolving supervisory expectations?
- Are we monitoring regulatory developments regarding market access arrangements and their potential impact on our business?
Delegation of portfolio management
Delegation by EU fund management companies to third countries continues to be considered by EU authorities. Since ESMA’s opinion on ‘substance’ for EU entities, national EU regulators have clarified their expectations and undertaken supervisory reviews. The European Commission has set out proposals to clarify aspects of the current delegation regime under both the AIFMD and UCITS Directive. The Commission noted that the delegation regime allows for efficient portfolio management, access to expertise, and has contributed to the success of EU fund and manager labels. However, in order to address certain inconsistencies, the Commission has proposed various changes, including notifications regarding delegated activity, justifying delegation based on objective reasons, minimum substance requirements and regular ESMA peer reviews. Asset managers will need to continue to monitor developments.
Fund marketing and distribution
In the UK, the Overseas Fund Regime moves ever closer, but the regime is yet to be fully operationalised by HMT and the FCA. Following the conclusion of HMT’s consultation and the subsequent finalisation of the 2021 Financial Services Act, in February 2022 relevant sections of the Act were brought into force. However, more work is needed to activate the regime and complete any equivalence determinations. In the meantime, EU funds already registered under the FCA’s Temporary Marketing Permissions Regime can continue to access the UK market. The FCA has clarified that these funds will need to continue to produce disclosures for UK investors in the current format, even after the EU’s disclosure requirements change in January 2023. In the EU, ESMA responded to the Commission regarding the use of cross-border reverse solicitation, noting that most regulators do not gather readily available information on the use of reverse solicitation.
Regulated markets and clearing
In February 2022, the European Commission extended equivalence for UK central counterparties (CCPs) until June 2025, providing certainty to market participants. At the same time, the Commission launched a consultation and a call for evidence on ways to expand central clearing activities in the EU and improve the attractiveness of EU CCPs in order to reduce the EU's overreliance on systemic third country CCPs. The BoE has confirmed its approach (under on-shored EMIR) to ‘tiering’ non-UK CCPs based on the level of risk they could pose to UK financial stability, with Tier 2 CCPs subject to direct UK supervision and regulation. However, even Tier 2 CCPs can apply for specific regulatory provisions to be granted ‘comparable compliance’, with the UK then deferring its supervision in these areas to the CCPs’ home authorities. In April 2022, the Commission adopted a decision to recognise a number of US exchanges supervised by the SEC as equivalent to EU regulated markets (allowing derivatives traded on these exchanges to be treated as exchange-traded under EU law). The Commission also amended its previous equivalence decision for US CCPs to cover certain additional products. In the meantime, ESMA has continued to progress applications from US CCPs for recognition. In June 2022, it announced it had recognised two additional US CCPs as “Tier 1” CCPs under EMIR.
Proposals to reform the EU banking prudential framework (under CRR and CRD) could potentially impact non-EU firms doing business in the EU. More broadly, in the absence of equivalence, firms remain reliant on national regulators’ individual cross border access regimes for professional clients. This requires firms having a detailed understanding of arrangements in specific member states. Authorities are looking to better understand the role of certain practices (such as reverse solicitation in the EU), and EU supervisors continue to review whether EU entities have sufficient ‘substance’.
Supervisors continue to reinforce the need for good corporate governance. This is particularly heightened since the widespread move to hybrid and remote working which has changed firms’ practices and introduced new challenges to both governance frameworks and operations.
Good governance enables the clear identification of fit and proper senior managers, supports the performance of their roles and responsibilities and allows them to be held accountable. Regulators are therefore re-asserting the importance of robust governance arrangements in the interests of market stability and investor protection.
Regulators are increasingly recognising that good diversity and inclusion (D&I) practices reduce risk for regulated firms by reducing “groupthink”, and they are calling out pay gaps and lack of diversity among firms’ boards and senior management.
The significant volume of new ESG requirements and developments in digital finance will require boards to implement and oversee robust regulatory transformation programs with clear designation of accountability across all three lines of defence.
There is a growing recognition of the powerful roles that culture can play in a firm. Regulators are identifying that, in many instances of poor conduct, deep-set cultural issues have been present and that firms with healthy cultures are less prone to misconduct. An assessment of culture, coupled with other regulatory initiatives can give deeper insights into whether firms operate and are governed in line with regulatory and wider societal expectations.
Initially driven by a response to the GFC, a number of regulators implemented regimes, starting in the banking sector, that required firms to allocate accountability for senior management functions to specific individuals. The rationale was two-fold: to drive up standards within firms as individuals take greater ownership and to simplify supervisory/enforcement action by regulators where individuals are dishonest and/or negligent. These regimes are now expanding in scope across financial services and being introduced in more jurisdictions.
Oversight of a firm’s business and regulated activities by its Board remains a key regulatory theme, particularly since the widespread shift to hybrid and remote working. As noted in our chapter on Strengthening Operational Resilience, third party risk management remains important. In the WAM sector, supervisors are also scrutinising fund governance arrangements and associated oversight capabilities.
Diversity & Inclusion
Regulators are increasingly recognising that good D&I practices reduce risk for regulated firms by reducing “groupthink”. Following the lead of regulators such as the Central Bank of Ireland, the UK, the FCA, PRA and Bank of England are now seeking to accelerate the pace of meaningful change on diversity and inclusion across sectors.
Considerations for firms
- Are our existing governance arrangements keeping pace with regulators’ evolving expectations and incoming requirements?
Although regulators don’t prescribe what a firm’s culture should be exactly, supervisors view poor culture as a driver of harm. In response, they are aiming to address poor conduct and culture through day to day supervision (as seen in some of the FCA’s portfolio letters) as well as through newer, broader proposals. In the UK, the FCA’s proposed Consumer Duty seeks to bring about a more consumer-focused approach with outcomes that set expectations for firms’ cultures and behaviours. Similarly, the proposed EU Corporate Sustainability Due Diligence Directive will establish a duty to identify, bring to an end, prevent, mitigate and account for negative human rights and environmental impacts in a company’s own operations, its subsidiaries and its value chains. It will also introduce duties for directors of in-scope EU companies, including setting up and overseeing the implementation of due diligence processes and integrating due diligence into corporate strategy.
The UK Government and regulators are expanding the scope of the UK Senior Management and Certification Regime to CCPs and CSDs and considering whether to expand it further to credit rating agencies and exchanges. The continued focus on full implementation and use of the regime is shown by the regulators consistently assigning relevant senior managers to be responsible for remediation work in their ‘Dear CEO’ letters.
In the EU, the ECB is showing an increased focus on ‘fit and proper’ assessments of ‘senior managers’ and the EBA and ESMA have updated their joint guidelines on the assessment of the suitability of members of the management body and key function holders.
Other jurisdictions are taking forward the implementation of their accountability regimes with developments in Ireland, Singapore, Hong Kong and Australia. Firms working across these jurisdictions face challenges in mapping the interaction and overlaps in their governance structures.
The shift to remote and hybrid working has led to opportunities and challenges for all companies including regulated firms. Supervisors have also been considering their expectations in this context. In addition to setting out specific expectations regarding market abuse controls, the FCA has published general expectations for how firms operate their business and engage with the FCA and for notification requirements in the context of hybrid working. In the WAM sector, regulators continue to scrutinise fund governance and oversight. For example, in both the UK and the EU, regulators have reviewed the capabilities of third party fund management companies and investment managers. Depositary oversight is also a priority, most recently as set out in the FCA’s March 2022 portfolio letter and in ESMA’s planned 2022 discretionary peer review of depositary obligations, which was set out in ESMA’s annual work programme.
Diversity & Inclusion
Having consulted on changing the listing rules for company boards and executive committees in 2021, the FCA issued a Policy Statement in April 2022 mandating targets and disclosures for standard and premium issuers. In July 2021, the FCA, PRA and Bank of England published a Discussion Paper on improving diversity and inclusion in regulated firms. More is expected on this topic including a consultation in autumn 2022 and final policy in 2023. The FCA has cautioned that firms that do not embrace diversity of thought will struggle to serve the needs of a diverse customer base and manage risks effectively.
In the EU, the ECB consulted on revising its guide to fit and proper assessments and published an updated document that includes taking gender diversity into account as an element of collective suitability. Separately, the EBA published its final guidance on benchmarking the gender pay gap (including data collection from 2022). More broadly, the European Commission put forward proposals in 2021 on pay transparency.