Enhancing customer protection
Whilst overarching regulatory themes are currently broadly aligned, there is divergence in the detail of how they are being delivered, creating challenges for firms seeking to adopt a consistent approach across the EU and UK. For example, product governance remains a key area of focus in both jurisdictions but through different lenses – in the UK via the more holistic Consumer Duty, and in the EU via ESMA’s updated MiFID II product governance guidelines.
Further divergence can be observed in the different pace at which the requirements are being developed and/or implemented. For example, the UK’s assessment of value requirement for authorised fund managers is now well established, but in the EU this is an emerging and increasing area of supervisory and policy focus. In time, the EU’s implementation of the potentially watered-down Retail Investment Strategy could lead to further divergence (compared with the UK’s Consumer Duty).
Growing capital markets
As the EU finalises the MiFIR review and the UK Wholesale Markets Review progresses, regulatory approaches have started to diverge. Differences are emerging in the detail, as seen with transparency requirements, and will require management by firms. However there has also been some convergence, with the EU replicating the UK’s designated reporters regime and with the UK likely to follow the EU’s lead in allowing the re-bundling of researching payments.
Both jurisdictions are looking to reduce the regulatory burden of listing rules to make their public markets more attractive. Both have contributed to international work to review fund liquidity management arrangements but, at national level differences have emerged, such as through the UK’s proposed changes on Money Market Funds and the EU’s incoming changes to liquidity management tools under AIFMD II.
Policy intentions around investment in private assets remain similar but have resulted in different outcomes (in the UK, the LTAF – and in the EU, revisions to the ELTIF). Looking ahead, loan-originating funds will be subject to a new regime in the EU. And it is to be seen whether the jurisdictions align on the timing of the move to T+1 settlement.
Delivering ESG and sustainable finance
2024 marks a significant shift from rule-writing to rule implementation, particularly for the firms that will be impacted by CSRD. Regulatory and supervisory initiatives linked to ESG and sustainable finance continue to have significant impacts for firms across financial services. Although political delays are resulting in loss of momentum on certain initiatives, and this is likely to be compounded by upcoming elections, firms are pressing ahead with the areas of work that have already been set out by regulators and are focused on potential business opportunities.
The volume and complexity of potential reporting and disclosure requirements present significant challenges. With the first wave of key standards now finalised, focus is shifting to implementation and developing the assurance landscape.
Regulatory approaches to the management of climate and environment-related risk, including potential capital treatments, are also still evolving, and supervisory expectations are rising to reflect anticipated increases in the maturity of risk management and governance practices.
ESG and Sustainable Finance therefore continues to have a very high regulatory impact score. The pressure on FS firms remains intense, due to expanding reporting and disclosure requirements, lower tolerance from supervisors where firms fail to meet expectations, and growing momentum around nature and social impacts. More than ever, firms will be expected to demonstrate and evidence their sustainability credentials and take concrete actions to prevent greenwashing, whether through detailed transition plans, disclosures or the adoption of product labels.
See Reinforcing Governance Expectations for more on the EU Corporate Sustainability Due Diligence Directive (CSDDD) and UK Corporate Governance Code.
Developing/
Implementing
8.4
Tackling greenwashing
Greenwashing concerns are paramount in regulatory and supervisory responses and the supervisory toolkit is expanding to reflect this. Regulators and supervisors are sending clear messages that, without appropriate action, greenwashing could undermine the transition and result in poor consumer outcomes. Firms should note that greenwashing can occur intentionally or unintentionally and in relation to entities and products that are within or outside the remit of existing regulatory frameworks.
Read more
Reporting and disclosures
Sustainability-related regulatory and corporate reporting requirements have moved from design to operationalisation. Discussions continue across jurisdictions on how to make standards interoperable or at least complementary, to support harmonisation and reduce the burden on firms. However, this will take time and, even where it can be achieved to some extent, the broad scope and granularity of requirements will require significant coordination and data gathering efforts.
Read more
Climate and environment-related financial risk for banks and insurers
Consideration of climate and environment-related risk is a key element of the BAU supervisory cycle, and regulators have set clear expectations and consequences for failing to act. Firms are expected to embed consideration of sustainability factors into their risk frameworks and stress testing. Longer term changes to capital and solvency requirements are still being considered.
Read more
ESG and markets
As financial services firms and the real economy transition to more sustainable business models, ESG-related mechanisms are expanding to support them. In areas such as carbon markets and ESG data and ratings, there is a mix of regulator and industry-led initiatives. Where formal regimes are absent or slow to develop, markets are tending towards voluntary self-regulation.
Read more
Portfolio management and advice
EU investment firms and fund managers already need to integrate sustainability risks and factors in their business, understand client preferences, and take account of certain sustainability considerations within the product manufacturing and distribution process. ESMA guidelines adding detail to existing requirements became effective from October 2023. While similar requirements have not been adopted in the UK, the FCA has convened an industry-led working group to support firms advising consumers on products that make claims about sustainability.
Read more
Considerations for firms
- Are we on track to deliver against our reporting and disclosure obligations?
- Are we embedding our approaches to risk and disclosures in line with supervisory and other stakeholder expectations?
- Do we have clarity around the extent of our sustainability commitments and a credible plan for delivering against them?
- Have we carried out a scoping and classification exercise of our investment products against labelling and disclosure requirements?
Tackling greenwashing
In 2023, the ESAs proposed a common understanding of greenwashing across banking, insurance and pensions , and financial markets – final reports considering future regulatory and supervisory approaches are expected by end-May. In December 2023, IOSCO also published a report on supervisory approaches to greenwashing, focused particularly on asset managers and the provision of ESG data and ratings. For more on ESG data and ratings see ESG and Markets.
Taxonomies provide consistent definitions of what can be considered ‘green’ or sustainable. Technical screening criteria for all six EU Taxonomy environmental objectives now apply, the last four as of 1 January. Consultation on the draft UK Green Taxonomy is now expected by the summer. The UK taxonomy has been positioned as ‘learning from’ the EU Taxonomy and the UK Government has committed to a period of at least two years of voluntary disclosures before any mandatory implementation.
The FCA has published its final rules for SDR and investment labels. The general anti-greenwashing rule will apply from 31 May alongside guidance that is yet to be finalised. Naming and marketing restrictions will take effect from December 2024 and requirements for product- and entity-level disclosures will apply between 2024 and 2026. The SDR will also introduce four voluntary product labels from 31 July, which will be available to in-scope fund managers where relevant criteria are met. The FCA is expected to consult imminently on requirements for UK firms providing portfolio management services, and in due course to extend the SDR to funds recognised under the Overseas Funds Regime.
The review of SFDR continues. It is not yet clear whether the ESAs’ proposed amendments to disclosure templates and other technical adjustments to the ‘level two’ requirements will be adopted by the European Commission. In parallel, the Commission has gathered views on how the ‘level one’ requirements could be adjusted or fundamentally restructured, which could result in the introduction of new product categories that align with the FCA’s SDR.
ESMA expects to publish final guidelines in Q2 2024 to prevent the misrepresentation of ESG characteristics in fund names - to be implemented once revisions to the AIFMD and UCITS directives have been agreed. ESMA is also conducting a common supervisory action to understand how asset managers are complying with sustainability requirements in practice.
Finally, the EBA has proposed a voluntary ‘green’ label for retail loans and mortgages, and the EU Green Bond Standard has been agreed, underpinned by the EU Taxonomy, also for voluntary application.
Reporting and disclosures
The greatest immediate area of pressure for many firms is likely to be the EU’s CSRD which became applicable on 1 January. The first wave of reporting against the 12 European Sustainability Reporting Standards (ESRS) is due in 2025, requiring significant work and investment. Many UK-based companies will be in-scope for reporting in 2026 and other companies, including non -EU parents will be captured in subsequent waves to 2028. The development of sector-specific ESRS and ESRS for non-EU parents has been extended by two years to June 2026.
The ISSB’s first two standards, IFRS S1 and IFRS S2, became applicable on 1 January. Although envisaged as global baseline standards, individual jurisdictions will decide whether and how to adopt them. Further standards will follow, with biodiversity, human capital and human rights proposed as focus areas for the next two years.
The UK Government has voiced support for the standards and plans to use them as the basis for creating UK Sustainability Disclosure Standards (UK SDS). Following the Government’s endorsement process, the FCA will consult on proposals to implement disclosure requirements referencing IFRS S1 and IFRS S2 for listed companies.
EFRAG’s December co-operation agreement with the TNFD to advance nature-related reporting was a significant milestone in the quest for interoperability across frameworks and in ensuring that nature and biodiversity are consistently embedded in reporting standards.
Transition plans are required under TCFD, IFRS S2 and ESRS E1. The UK TPT released its main disclosure framework in October 2023 and will publish sector-specific guidance in April. In the first half of 2024, the FCA will draw on TPT outputs to consult on guidance for listed companies’ transition plan disclosures.
Standard setters recognise the burden that new disclosures will place on firms and are taking steps to support them, for example launching Q&A platforms and mapping requirements across different regimes. Nonetheless, firms have a lot to do. Firms should also note regulators’ appetite to enforce reporting and disclosure requirements, as evidenced by ESMA’s consultation on the supervision of sustainability disclosures.
With increasing requirements for the assurance of sustainability reporting growing, IOSCO had called for an effective global assurance framework for sustainability disclosures, to be developed by assurance and ethics standard-setters. The IAASB recently closed its consultation on the International Standard on Sustainability Assurance (ISSA) 5000. Once approved, the ISSA 5000 will be the most comprehensive sustainability assurance standard available to all assurance practitioners, providing a principles-based standard suitable for both limited and reasonable assurance.
For prudential disclosures see Climate and environment-related financial risk for banks and insurers.
Climate and environment-related financial risk for banks and insurers
Supervisors continue to scrutinise firms’ abilities to manage and monitor climate and environment-related financial risks. An ECB report found that 90% of Euro area banks’ financing activities are misaligned with the EU’s climate objectives. The BCBS also observed that banks lacked the capacity to implement fully its principles for the effective management of climate-related financial risks within the first 12 months.
The ECB will step up its climate and nature-related work in 2024 and 2025, focusing on stress testing and scenarios, banking supervision, and risks stemming from nature-related losses. Banks must meet the expectations set out in the Guide on climate-related and environmental (C&E) risks by end-2024 at the latest, including integrating material C&E risks in line with the updated Guidelines on internal models. Meanwhile, the EBA is consulting on guidelines on the minimum standards and reference methodology to identify, measure, manage and monitor ESG risks. It has also launched an industry survey on classification methodologies for credit institutions’ exposures to ESG risks.
In 2024, the PRA plans to review SS3/19. UK regulators are also contributing to ‘first of its kind’ analysis of the financial risks posed by nature degradation and the erosion of ecosystem services to the real economy and financial sector. The report is expected in April.
Debate on the treatment of sustainability risks and their impact on capital requirements continues. The EBA has recommended enhancements to the Pillar 1 framework to capture ‘E’ and ‘S’ risks. The BCBS has concluded its consultation on the inclusion of climate-related financial risks in Pillar 3 disclosures. The proposed implementation date is 1 January 2026. Pillar 3 ESG disclosures are already required for the largest EU banks and will be phased in until June 2024 for smaller firms. GAR disclosures will also apply in 2024 based on 2023 data. Banks may opt to disclose the BTAR from June 2024 with collection from counterparties on a voluntary basis.
The long-standing review of Solvency II has included various sustainability-related proposals and led to EIOPA’s consultation on the prudential treatment of sustainability risks for insurers, exploring assets and their transition risk exposures, non-life underwriting and climate change adaptation, and social risks.
ESG and markets
GHG emissions are a priority KPI for stakeholders and investors and are reflected in firms’ net zero transition plans. Carbon markets, which provide a vehicle for companies to trade carbon emission credits to contribute to emission reduction commitments, need to be transparent and effective. Efforts are being launched to improve the integrity of the voluntary carbon markets. IOSCO is consulting on good practices for regulators to maintain the integrity and functioning of the markets. The ICVCM, an independent industry body, has developed Core Carbon Principles and an assessment framework to determine whether credits meet them. The VCMI is working separately to improve the quality of public-facing disclosures made by firms.
EU authorities have agreed a Carbon Border Adjustment Mechanism (CBAM), which will levy import charges on goods based on their carbon-intensity from 2026. A similar scheme will apply in the UK from 2027. EU institutions have also provisionally agreed a certification and verification scheme for credits linked to the removal of carbon from the atmosphere.
Regulators in the UK, EU and other markets are developing formal regimes to ensure the transparency and appropriateness of ESG data and ratings. The EU’s proposed regime will require ESG ratings providers to become authorised and to implement principles to prevent conflicts of interest with consulting or auditing parts of their business. In the UK, HMT has confirmed that it will bring ESG ratings within the regulatory perimeter. Japan, India and Singapore are developing their own approaches, meaning that firms operating internationally will have to navigate multiple regimes unless equivalence is granted. Meanwhile, an FCA-convened industry group has published a voluntary code of conduct for firms. For firms likely to be captured by the future UK regulatory regime, alignment with the code could provide a competitive head start.
Portfolio management and advice
EU UCITS management companies, AIFMs and MiFID investment firms are already required to integrate sustainability risks and sustainability factors into their investment processes, decision-making procedures and organisational structures, risk management, due diligence, resources and conflicts of interest management. Additionally, MiFID investment firms (investment managers and distributors) must incorporate ‘sustainability preferences’ into their investment advice and suitability processes and product governance frameworks.
ESMA’s guidelines regarding product governance, suitability and sustainability preferences have applied since October 2023. In 2024, ESMA will launch a CSA on the integration of sustainability in firms’ suitability assessment and product governance processes and procedures.
The FCA has not yet adopted similar sustainability requirements for UK firms. Having previously announced plans to consult on requiring financial advisers to incorporate sustainability matters and investor preferences when delivering investment advice, the FCA has softened its stance, acknowledging the need for a proportionate approach. It has convened an industry-led working group focused on building capability in sustainable finance across the financial advice sector. By the second half of 2024, the group will report on how the advice sector can be supported in delivering good practice. More broadly, having gathered views on how sustainability can be embedded within all regulated firms’ objectives, strategies, governance, incentives and staff competence, the FCA plans to publish a feedback statement in the first half of 2024.
Maintaining financial resilience
With continuing economic uncertainty and increasing geo-political fragmentation, prudential regulators and supervisors are seeking a balance between maintaining robust levels of financial resilience, addressing system-wide vulnerabilities, ensuring that firms are able to exit smoothly from the market, and promoting competitiveness in their respective jurisdictions.
Finalisation of the Basel III reforms, an Interim Capital Regime for smaller firms, new UK requirements for solvent exit planning, updated approaches to model risk management and intensifying supervisory scrutiny of risk data aggregation, regulatory reporting and governance all contribute to the increasing regulatory pressure for banks.
Revision of prudential regimes for insurers across the UK, Europe and globally are at different stages of progress, from implementation (SUK) to final development (EU Solvency II, ICS).
In addition to ongoing policy changes to the prudential framework for investment firms, the FCA has completed a supervisory review of IFPR implementation and identified financial resilience as a supervisory priority for several sectors.
Stress testing remains a key supervisory tool in monitoring vulnerabilities. Revisions are required to ensure that testing remains fit for purpose in a digital age and accurately reflects emerging risks. The Bank of England’s System Wide Exploratory Scenario (SWES) is the first exercise to take a broader view of system-wide dynamics, reflecting a growing focus on NBFIs, which now account for more than 50% of global financial markets.
The volume of initiatives and the need for firms, particularly banks and insurers, to take significant actions in the short term to deliver against multiple, complex regulatory requirements, coupled with intense supervisory scrutiny, results in an increase in regulatory pressure score. (For climate and environment-related financial risk for banks and insurers see Delivering ESG and Sustainable Finance).
Banks
Banks are facing into the demands of implementing the final Basel reforms, with some uncertainty persisting around timeframes and consistency of requirements across the UK, EU and US. Following bank failures in 2023, solvent exit has emerged as a priority, with credit and funding risks, wider risk management and governance, and regulatory reporting also high on the supervisory agenda. The establishment of regimes that are robust, yet proportionate, and which facilitate competitiveness, may increase the divergence between UK and EU approaches.
Read more
Insurers
Insurers need to review balance sheet, and operational and governance implications of changing prudential frameworks. Key pieces of regulatory change require firms’ immediate attention, notably the requirement for CFOs to attest to the benefits of the sufficiency of the fundamental spread and quality of the Matching Adjustment (MA). For Bulk Purchase Annuity (BPA) writers, PRA scrutiny of their Funded Reinsurance arrangements will only increase. The development of targeted resolution frameworks for insurers, in the UK and EU, is another significant area of focus, alongside the requirement for UK insurers to plan for solvent exit.
Read more
MiFID and MiFID-exempt firms
Supervisory work and policy amendments continue for investment firms under the UK and EU prudential regimes. Firms should continue to track the outputs of supervisory reviews, regulators’ changing expectations, and amendments to the frameworks.
Read more
Considerations for firms
- Have we assessed the balance sheet, operational and governance implications for new or recalibrated prudential frameworks?
- Can our risk management frameworks adequately respond to the increasingly unpredictable geopolitical environment?
- How are we tracking and managing potentially divergent requirements across jurisdictions?
- Are we confident that our model risk management governance and controls are aligned with the latest regulatory/supervisory guidance?
- Have we assessed the adequacy of our preparedness for market exit?
Banks
The BCBS continues to stress the need to complete the final Basel reforms as a matter of urgency and it will continue to monitor progress through its RCAP. EU co-legislators have confirmed that CRR3 will apply from 1 January 2025. The PRA has issued near-final ‘Basel 3.1’ policy for market, CVA, counterparty credit and operational risk. The second tranche of near-final policy, for credit risk, the output floor and disclosures, is expected in Q2. UK implementation will now run from 1 July 2025 to 1 January 2030. Model permission applications must be submitted to the PRA by 1 July 2024 for IMA and by 1 January 2025 for IRB. US ‘Basel III endgame’ requirements are still under discussion, with further delays increasingly likely. Local differences in application continue to fuel debate on the ‘level playing field’ and will add to the complexity for banks operating across borders.
The PRA’s focus on proportionality is driving a simpler approach for SDDTs, with final rules now published for liquidity and disclosure requirements and more clarity around the Interim Capital Regime. Consultation on simplifications to Pillar 2 and on buffer requirements for SDDTs and SDDT consolidation entities is expected in Q2. Implementation of the new framework will bring challenges, not least the decision for eligible SDDTs on whether to adopt Basel 3.1 or the new transitional capital regime before there is full visibility over the final simpler regime.
The ECB’s updated Guide to internal models includes revisions on climate-related risks, detailed requirements for common definitions of default, counterparty credit risk, default risk in the trading book and how to return to a standardised approach. PRA SS1/23 introduces five principles which will require banks to significantly revamp and upgrade their model risk management processes. As a first step, self-assessments must be completed by 17 May 2024 and available to the PRA on request. Further supervisory exercises may follow once the PRA starts to scrutinise the self-assessments.
UK banks and relevant third-country branches with trading activity that could affect the financial stability of the UK must meet the PRA’s requirements for identification of trading activity wind-down strategies by 3 March 2025. BAU solvent exit analysis and planning is proposed for smaller, non-systemic firms by October 2025.
Supervisory authorities will have low tolerance for poor risk controls or governance. The ECB is stepping up the intensity of its focus on BCBS 239 Risk data aggregation, risk reporting and credit and funding risk management. The PRA has also highlighted BCBS 239 compliance as a priority alongside focus on non-performing exposures, securitisation, internal ratings-based approach/hybrid models and regulatory reporting.
Legislation for UK Government proposals for near-term reforms and to the ring-fencing regime, to make it more flexible, proportionate and internationally competitive, was planned for early 2024, ‘subject to parliamentary time’. There are no actions for firms yet, but the proposals could result in banking groups without major investment banking operations being removed from the regime.
Insurers
Reforms to Solvency II continue to be a significant focus both in the UK and the EU. In the UK, Risk Margin reduction is now in place, freeing up capital. UK policymakers will be scrutinising whether this is directed towards UK infrastructure and transition to net zero – as per the intended objectives of the Solvency UK reforms. MA changes come into effect in June, improving investment flexibility at the edges but also introducing complex additional requirements, particularly around Senior Manager attestation. Final Solvency UK policy, published by the PRA in February, is a reminder to firms to start implementing system changes for reporting and to consider the impact of the revised approach to Internal Models and other components of the reform.
In Europe, the compromise level 1 text of Solvency II has been published and awaits European Parliament agreement. Key points include Risk Margin reduction to 4.75% (compared to 4% in the UK) and a sustainability pillar, although firms will need to wait for level 2 text to have the detail on crucial points such as the Volatility Adjustment.
The planning for smooth exit from market is another key theme. The introduction of a UK Insurance Resolution Regime (IRR) is awaiting Parliamentary time, while the European Insurance Recovery and Resolution Directive (IRRD) is progressing alongside the European Solvency II file. Meanwhile, the PRA is consulting on a requirement for almost all insurers to plan for a solvent exit for the first time.
From a supervisory perspective, the PRA is focusing on BPA firms’ use of funded reinsurance, with a granular new Supervisory Statement expected to come into force as early as Q2 2024. Life and general insurers are also facing revamped stress test exercises for 2025, with the PRA engaging with industry on its approach to publishing firm-level results for life insurers for the first time.
MiFID and MiFID-exempt firms
Having proceeded with changes to the IFPR regarding the own funds threshold requirement and group ICARA process (see CP 23/14), the FCA launched another consultation via CP 23/25 in December 2023. It proposed clarifying aspects of MIFIDPRU relating to the classification of firms as an SNI/Non-SNI, clarifying the approach for counterparty credit risk requirement calculations using notional amounts, the ICARA process for groups (around treatment of inter-group risk offsets), and IFPR disclosure for partnerships. Soon, the FCA is expected to launch a further consultation regarding ESG disclosures under the IFPR (under MIFIDPRU 8).
Specifically for personal investment firms (financial advisers), the FCA has proposed requiring them to set aside capital to cover potential redress liabilities and compensation costs before accounting provisions are required. The aim of the proposals is to make these firms more resilient and to reduce the burden on the FSCS and wider industry (see CP23/24).
The FCA published its final supervisory report on IFPR implementation, following on from its initial observations in February 2023. Although the FCA found most firms had engaged well with the new regime, it identified several areas for improvement, including around the group ICARA processes, internal intervention points, wind-down assessments, liquidity assessments, operational risk capital assessments and regulatory data submissions. Now that the FCA has finalised its IFPR implementation reviews, all firms will be expected to build the findings from these into their ICARA process.
The FCA has identified financial resilience as a priority in several of its portfolio letters, and to aide supervision, new prudential regulatory reporting requirements for certain non-MiFID firms commenced from January 2024.
With the EU having already adopted more detailed rules via several delegated regulations to supplement the IFD/IFR, the EBA and ESMA are expected to respond to the European Commission’s ‘call for advice’ on evaluating the EU rules and the IFD and IFR by the end of May 2024.
Regulating digital finance
Accelerated adoption of digital innovation in financial services continues. This is providing significant benefit to customers and service providers, but also introduces novel risks to consumer protection and, on a wider scale, to financial stability. After beginning somewhat tentatively, regulators are now pushing ahead more decisively with their proposed frameworks.
Distributed ledger technology could bring efficiency and reduce risk in trading lifecycle processes but could also potentially disintermediate incumbent players.
The uptake of cryptoassets requires regulators to determine whether they can be accounted for within existing regulatory frameworks, or whether new approaches are necessary. Central banks are also considering minting their own CBDCs to safeguard the traditional role of currency.
While some jurisdictions are pursuing prescriptive bespoke frameworks for AI, others are opting for more flexible principles-based approaches where they can lean heavily on existing structures.
The digitisation of data offers opportunities to improve and personalise consumer financial services. Regulators are supporting this through the development of Open Banking and Open Finance frameworks whilst simultaneously increasing their scrutiny of Big Tech firms who hold vast amounts of consumer data and continue to expand their presence within financial services. The challenge is to support innovation whilst still protecting customer data and ensuring that holders of data do not have an unfair competitive advantage.
And finally, on the frontier, regulators and policy makers are also beginning to consider the impact of innovations like quantum computing.
Since the H2 2023 Barometer, regulators are continuing to push ahead with their frameworks around digital finance, with some now even finalised and ready to be implemented. This has resulted in a slight increase in pressure for firms.
Crypto-assets and CBDCs
Regulators have continued to publish consultations on how to regulate the cryptoasset sector, while also beginning to move into the implementation phase. Some individual rules entered into force in late 2023, predominantly around financial crime and consumer promotions, and the first major overarching framework (MiCA) is set to apply from mid-2024. The development of CBDCs also continues, with the BoE entering the design phase and the ECB entering the preparatory phase of their respective projects.
Read more
Artificial intelligence and machine learning
Artificial intelligence and machine learning techniques can enable firms to offer better and more personalised products and services to consumers and improve operational efficiency and risk management. However, they can also pose new challenges for firms and regulators and amplify existing risks. Financial supervisors had already begun to issue individual ad-hoc guidelines and are now also working towards designing more comprehensive overarching plans. Some jurisdictions have chosen to pursue prescriptive bespoke frameworks, while others are opting for more flexible principles-based approaches that lean heavily on existing structures.
Read more
Platformisation, Big Tech in Finance
Over the past few years, several Big Tech players have entered the financial services arena and begun offering a variety of platform-based solutions directly to consumers, while also becoming critical third-party providers to traditional firms within the ecosystem. However, unlike traditional firms – which are designed to operate exclusively within the financial services domain – some Big Tech firms are choosing to develop and distribute financial products as part of their wider portfolio of existing activities. Policymakers and regulators are consequently having to examine whether the current regulatory framework is fit for purpose.
Read more
Data sharing and innovation
Open Banking is seen as a successful driver of innovative products and services for consumers. Regulators and policy makers are now embedding and refining the regime, and are advancing proposals that broaden the Open Banking principles of data sharing further to create an Open Finance framework.
Read more
Considerations for firms
- Are we developing a clear governance and control framework around the use of AI, including any elements which are provided by external parties or vendors?
- Have we accounted for the expected regulatory impacts of operating with any form of crypto-asset or wider use of distributed ledger technology?
- Have we considered how the diverging regulatory approaches for elements of digital finances will impact our global business footprint and strategy?
- Have we considered potential business model and strategy implications of a payments landscape that includes CBDCs?
- Does our business model consider the growing impact of BigTech companies competing more directly within the financial services ecosystem?
Crypto-assets and CBDCs
In the UK, two new rules went live in the second half of 2023, bringing cryptoassets within scope of both the Travel Rule and the Financial Promotions Order. As part of Phase 1 of the government’s approach, HMT and the financial regulators also published an update on their plans for fiat-backed stablecoins (FBS). The update proposes bringing these assets within UK regulated payment chains and adding the activities of issuance and custody of FBS into the RAO, thereby requiring firms to have full FCA authorisation. The proposals deviate significantly from current market practice (for example around retail redemption rights) and include a distinct regime for systemic entities. On Phase 2, for unbacked cryptoassets, HMT published a response to its consultation paper, confirming that the regulatory framework will mirror the one for traditional financial assets. Work on regulating staking will be accelerated due to consumer protection concerns.
In the EU, MiCA’s provisions for stablecoins will apply from end-June with the provisions for other service providers applying from end-December. As these deadlines approach, the EBA and ESMA have continued to develop several packages of supplementary Level 2 and 3 measures. The European Commission has also been tasked with producing a report by the end of the year on the potential regulation of DeFi and NFTs (which are currently not included in MiCA).
The ECB has now entered the preparatory phase for a digital euro, with a potential launch being possible by 2026. The BoE and HMT have published a response to their digital pound consultation and entered the design phase. Both projects continue to receive significant pushback from politicians and the public, predominantly in relation to privacy concerns and state overreach.
Artificial intelligence and machine learning
The EU has now reached political agreement on its prescriptive AI Act, with final rules expected in Q1 2024. This follows several months of technical negotiations and the addition of new provisions to account for general purpose systems and foundation models. Notably, the fines for non-compliance have also been increased compared to earlier versions of the Act. After the Act becomes law, there would be a grace period of two years, except for some high-risk security provisions, such as scraping of facial images. As a result, the EU looks set to be the first major jurisdiction to introduce an AI law. However, the cross-sectoral Act is not specific to financial services, and policymakers have recently acknowledged that it should be complemented by more guidance for the financial sector. The European Commission plans to work with the ESAs on this.
In comparison, the UK continues to pursue a more flexible and principles-based approach, with existing regulators being empowered to fold a set of principles into their remit. This ‘firmly pro-innovation’ stance was originally proposed in the government’s 2023 white paper and has now been reconfirmed in its response. Overall, the UK government and regulators continue to emphasise that they are in ‘no rush’ to write bespoke AI rules, instead planning to lean on the SMCR and the Consumer Duty. However, the response pledges extra support for regulators, in the form of money and guidance, and, for the first time, has acknowledged the likely need for future binding requirements on developers of the most advanced systems. Regulators, including the FCA and BoE, have been asked to publish their strategic approach to AI by the end of April.
Data sharing and innovation
Maintaining the UK’s position as a leader in Open Banking continues to be a priority for HMT, the CMA and the FCA. Over a year into its work, the cross-authority taskforce has made significant progress on many actions, including expanding Variable Recurring Payments (VRP) and improving data sharing. Aligned to this, the PSR issued proposals on changes to Faster Payments to enable the phased expansion of VRP to additional low-risk use cases. However, finalising the structure, governance, and funding of the future entity overseeing Open Banking has been delayed until Q1 2024, with the knock-on effect that the transition to the ‘future entity’ has been pushed back until Q2 2024.
The European Commission has made targeted amendments to the Open Banking framework in its PSD3 proposal to improve its functioning, remove obstacles to providing Open Banking services and improve customers’ control over their payment data, enabling new, innovative services to enter the market.
Building on the Open Banking framework, regulators are keen to develop Open Finance, to allow consumers and SMEs to access and share their data on a wider range of financial products with third-party providers. The Data Protection and Digital Information Bill is at an advanced stage in the UK Parliament. Once enacted, this will create a clearer regulatory environment for personal data that could help drive the adoption of Open Finance. While the legislative framework for Open Finance is being established, the FCA is keen for firms to use its regulatory sandbox to test out innovation both in Open Finance and digital identities.
Laying the groundwork for the delivery of Open Finance throughout the EU, the European Commission has set out a legislative proposal for financial data access (FIDA). FIDA would establish an Open Finance framework facilitating responsible access to individual and business customer data across a wide range of financial services.
Alongside these developments, the UK Government has been developing a framework for pension dashboards designed to help retail customers better track and understand the various pension pots they hold. Occupational pension schemes and FCA regulated pension providers must complete connection to the dashboards’ ecosystem by 31 October 2026. Amendments to the Regulated Activities Order, which governs the FCA’s perimeter, have also been laid in Parliament to bring Pensions Dashboard Service Operators (PDSO) in scope and therefore subject to FCA rules.
EIOPA is consulting on the principles of Open Insurance, but this is currently only designed as a theoretical use case.
Strengthening operational resilience
Regulatory authorities in the UK, EU and globally agree that a broad approach to operational resilience — incorporating equally important components such as people, processes, technology and information — is essential. In an increasingly digital and interconnected world, and with a proliferation of emerging vulnerabilities, operational resilience is paramount in minimising negative impacts on individual firms and their customers, as well as wider impacts on financial stability and the functioning of financial markets. Firms operating in multiple jurisdictions must ensure that they are meeting all relevant regulatory requirements.
UK and EU Regulators require firms to demonstrate end-to-end operational resilience in their most important business activities. Cyber and ICT resilience are fundamental and are driving new requirements, particularly in the EU. Strong governance and accountability are expected, as is robust testing of disruption scenarios, with firms encouraged to consider the possibility of multiple concurrent disruptions.
Operational resilience remains a key priority in supervisory work programmes as deadlines approach. The ESAs are focused on the implementation of DORA, including the development of regulatory technical standards. The BoE, PRA and FCA continue to assess progress against existing operational resilience policies.
Resilience expectations have extended to a wider range of participants operating in the financial sector. Regulators have progressed their work to develop policy and oversight approaches for critical third parties.
The regulatory pressure score has increased slightly, reflecting the challenges of implementing DORA by January 2025, meeting UK regulatory deadlines for firms and FMIs and additional requirements for critical third parties.
Enterprise-wide resilience
Principles and rules introduced in the last few years target enterprise-wide resilience. Regulators expect firms to map their most important business services from end to end, identify severe but plausible stress scenarios, and carry out testing to identify weaknesses. Firms must define the amount of disruption that they would be willing to tolerate and monitor and measure their ability to remain within these tolerances.
Read more
Digital resilience
Additional demands on systems, processes and data in financial markets have increased regulators’ focus on firms’ digital and ICT resilience. The EU’s DORA specifically addresses increasing threats from cyber-attacks and increasing reliance on digital technology. DORA is intended to harmonise ICT resilience requirements across the EU and will result in consequential amendments to other legislation. Given the broad scope of the Act, many firms will need to make structural and strategic changes.
Read more
Third-Party Risk
Regulatory requirements and supervisory expectations around outsourcing and third-party risk management continue to expand in the EU and the UK, reflecting the growing reliance on, and stability risks posed by, critical third parties and more robust requirements for digital resilience. Significant progress has now been made on defining the parameters for bringing critical third-party providers within the regulatory perimeter in both jurisdictions. This is likely to require the providers to build out their regulatory compliance functions, however, the frameworks should make it easier, from a data collection point of view, for financial services firms to comply with their broader operational resilience requirements.
Read more
Considerations for firms
- Do we have a clear view of the resilience of our end-to-end processes for important or critical services, including third party dependencies?
- Have we understood, documented and tested our tolerance for disruptions and our ability to recover?
- Have we considered the impacts of increasing requirements around digital (including cyber) resilience and developed a clear route to implementation?
Enterprise-wide resilience
Regulators in the UK and EU agree on the need for firms to prioritise the resilience of their most critical services and operations and to minimise the effects of disruption on customers. In the UK, firms must now have identified and catalogued their important business services and defined impact tolerances for disruption to these services. The next major milestone, in March 2025, will be to demonstrate their ability to remain within impact tolerances when under stress. Strong governance and accountability are expected. UK regulators have emphasised that firms not formally under scope of the rules should consider them as good practice.
In the broad landscape of regulatory requirements, guidance and principles, some are more prescriptive than others, but all have the same intent – to maintain the integrity and stability of financial institutions and financial infrastructure and to protect customers from harm. With that in mind, a well thought out enterprise-wide resilience strategy should satisfy regulatory requirements and deliver against principles across multiple jurisdictions.
Digital resilience
DORA entered into force in January 2023 and must be applied by 17 January 2025. The first batch of draft RTS and ITS, developed by the Joint Committee of the ESAs, has been completed and covers ICT risk management frameworks, classification of ICT-related incidents, templates for the register of information, and specification of the policy on ICT services supporting critical or important functions performed by ICT TPPs. The second batch, including reporting of major ICT-related incidents and cyber threats, advanced testing based on threat-led penetration testing, and third-party ICT services is under consultation and expected to be finalised mid-2024.
DORA will impact a very wide range of financial entities in the EU. Critically, it will also apply to ICT third parties – for more see Third-Party Risk. It will have significant interactions with other regulations. NIS2, the new directive to strengthen cyber security in the EU, will align with sector-specific legislation set out in DORA for regulated entities. The CRD will require ICT business continuity and disaster recovery plans to comply with DORA. MiFID II will refer to DORA and include amended provisions relating to continuity and regularity in the performance of investment services and activities, resilience and sufficient capacity of trading systems, effective business continuity arrangements and risk management. Solvency II, UCITS, AIFMD, IORPD II and the Statutory Audits Directive will refer to DORA regarding management of ICT systems and tools. PSD2 authorisation rules will refer to DORA, although incident notification rules will exclude ICT-related incident notifications that DORA will harmonise.
The ECB’s 2024 first cyber risk stress test is underway and will assess how banks respond to and recover from a cyber attack. Banks were required to submit questionnaires and supporting evidence by 29 February. The ECB has clarified that the test is primarily a qualitative exercise and will not have a capital impact under Pillar 2 guidance. However, banks should expect insights to be used in the wider SREP process.
The annual CBEST thematic report, published by the BoE, PRA and FCA in December, identified gaps in multiple areas including identity and access management, network security, incident response and monitoring, data security, and staff awareness and training. Firms and FMIs are encouraged to use the report to enhance their cyber resilience strategies.
Third-Party Risk
Regulatory scrutiny of third-party relationships and risk management has intensified, reflecting concerns around concentration and other risks associated with outsourcing critical functions to potentially unregulated entities.
In the UK, the PRA’s 2021 policy on third party risk management introduced a holistic framework for managing outsourcing and third-party risk with specific requirements around governance, materiality, risk assessment, data security, and business continuity and exit planning. A corresponding policy statement for FMI outsourcing and third-party risk management was issued by the BoE in February 2023 and came into effect in February 2024.
FSMA 2023 empowered HMT to designate Critical Third Parties (CTPs) to the financial sector, and the BoE, PRA and FCA to regulate and supervise them. Following a joint discussion paper and survey in July 2022, the regulators are consulting until mid-March on proposals to oversee and strengthen the resilience of services provided by CTPs. The proposals would introduce six Fundamental Rules that would apply to all the services CTPs provide to UK-regulated firms and FMIs, and act as a general statement of their obligations under the proposed regime – these are broadly similar to the PRA Fundamental Rules or the FCA Principles for Business for regulated firms. In addition, there are eight Operational Risk and Resilience Requirements with which CTPs would be required to comply in relation to their material services. The proposals also include requirements for CTPs to provide certain information and assurance to regulators, and notification to regulators, firms and FMIs to which they provide services of any disruptions that may adversely impact those services. The BoE has stressed that the new regime for CTPs will ‘complement, but not replace, the responsibility of individual regulated firms and their senior management’. Firms will still be expected to meet relevant operational resilience requirements and manage the risks in their outsourcing and third party arrangements.
In the EU, DORA builds on the outsourcing Guidelines already issued by the EBA, ESMA and EIOPA, and empowers them to designate Critical ICT Third Party Providers through a new oversight framework. In February, two delegated acts were adopted under DORA on the designation of ICT TPPs as critical for financial entities and oversight fees for such providers. The designation will be based on qualitative and quantitative criteria including the potential systemic impacts of the third party and the firms it services, the extent to which the third party is relied upon, its substitutability etc. Third party service providers not designated as critical will also be able to opt into the oversight framework. Critical third-country ICT service providers to financial entities in the EU will be required to establish a subsidiary within the EU so that oversight can be properly implemented.
Developing/
implementing
7.0
The continuing and rapid evolution of the payments landscape and technology and its resulting impact on consumer behaviours and expectations poses benefits and challenges for providers and regulators alike.
In stark contrast to ten years ago when cash was king, consumers and businesses now make use of a wide variety of forms of digital payments and, whilst still essential for some, cash use is in decline. This is driving regulatory change to ensure there is an agile and flexible regime that supports innovation and competition, whilst simultaneously ensuring that payment systems are efficient and do not put consumers at risk or exclude them from access to products and services.
Regulators are considering the systems underpinning payments and looking at how to ensure markets work well. They are doing this with an eye on future market opportunities and developments such as Open Banking or the introduction of new forms of digital currency.
Whilst offering many consumer benefits, the increasing number of digital forms of payment has opened the door to new frauds and scams. Alive to the potential impact and scale of this issue, regulators are establishing a suite of rules to protect consumers and encouraging firms to consider making changes to reduce risk.
In both the UK and EU, there is strong understanding of the continued need for access to cash. Activity is underway to bolster existing measures, in an attempt to stem the decline of cash which may be detrimental to some consumers. Regulators are also seeking to understand the drivers for the continued use/need for cash with a focus on future solutions.
UK-regulated payment firms are also busy embedding the Consumer Duty and ensuring compliance now the implementation deadline has passed.
There is a slight increase in regulatory pressure around payments as implementation deadlines for anti-fraud measures come closer in the UK and the EU has agreed to require instant payments.
Developing/
implementing
7.0
Payment infrastructure and innovation
The payments infrastructure continues to develop to ensure that, as payments evolve, the systems underpinning them continue to be effective, efficient, secure and expand consumer choice. Work on the UK NPA and European Commission retail payments strategy is progressing, and in both jurisdictions work to renew payment systems is underway to ensure they remain resilient, flexible and innovative. The utility and importance of access to cash for UK and EU citizens continues to be recognised as a priority, with work in progress to protect access whilst simultaneously supporting a flourishing payments sector.
Read more
Consumer protection
Regulatory interventions to disrupt or prevent fraud and scams have had some impact, however instances remain stubbornly high and reducing them is a key priority for policy makers and regulators. In the UK 2024 will see the PSR advancing its package of measures to tackle authorised push payment (APP) scams with the extended Confirmation of Payee (CoP) regime and mandatory reimbursement of APP fraud victims coming into force, bolstered by further outputs from new scam data publication rules. The EU is following suit with its proposals in PSD3.
Read more
Competition/Access and Choice
Alongside ensuring faster, more secure, and more efficient payments, policy makers want to support innovation and competition in the payments industry and ensure that markets are functioning well. In the UK the government and regulator are keenly focused on fees in the card market.
Read more
Considerations for firms
- Do we have a payments modernisation programme in place in order to respond to the evolving payment and regulatory landscape?
- Have we considered potential business model and strategy implications of developments in Open Banking and Open Finance?
- Does our payments strategy reflect existing and emerging regulatory expectations on the provision of cash?
- Have we assessed the impact of new APP fraud and scam rules and any policy, process and technological changes required to ensure compliance by the deadline?
Payment infrastructure and innovation
Changes have been made to payment systems with Eurosystem’s successful launch of the T2 wholesale system, and the UK’s migration of CHAPS to ISO 20022. The latter, together with the introduction this year of a new core ledger and settlement engine for RTGS, mark significant milestones in the BoE’s RTGS renewal programme and will support the NPA. The BoE is also considering whether RTGS operating hours should be extended and widening access. The European Council and European Parliament have agreed the instant payments proposal which requires payment service providers to offer instant Euro payments and the European version of confirmation of payee, with phased implementation when the regulation comes into force.
The ECB is progressing work exploring how wholesale financial transactions recorded on DLT platforms could be settled in central bank money to ensure that developments keep pace with, and contribute to, digital innovation in wholesale and retail payments.
Enhancing cross-border payments to achieve faster, cheaper, more transparent and secure payments remains a priority. The Bank for International Settlements’ Committee on Payments and Market Infrastructures (CPMI) has published harmonised data requirements for more efficient processing of cross-border payments, welcomed in many jurisdictions and, the FSB continues work implementing the G20 Roadmap for enhancing cross-border payments. While progress has been made, the FSB highlights that further action is required to achieve targets. Consultations on proposals to promote the alignment and interoperability of data frameworks expected early in 2024.
In both the UK and EU there is continued recognition of the importance of access to cash for businesses and consumers as levels continue to fall. Enacting its new powers to ensure reasonable provision of cash access services under FSMA 2023, the FCA has issued proposals strengthening requirements for firms when planning changes to cash access. Rules are expected to be in force in Q3 2024. Developing its approach to wholesale cash distribution and its oversight, the BoE has published proposed codes of practice and guidance aimed at ensuring the UK’s wholesale cash market meets the needs of consumers and the wider economy for cash over the long term. The European Commission has introduced a legislative proposal on the legal tender of Euro banknotes and coins, to safeguard Euro cash as a means of payment. This includes requirements for Member States to monitor access to cash. Commission proposals in PSD3 also improve access to cash by allowing retailers to offer cash withdrawals without purchase and changing the scope of the licencing regime.
Consumer protection
2024 will see the PSR significantly advancing its consumer protection initiatives with nearly all CHAPS and Faster Payments covered by CoP from October 2024, and new rules for the mandatory reimbursement of APP scam victims coming into force on 7 October 2024. In advance of this milestone the PSRs will be carefully monitoring APP fraud performance data, collected under new rules brought in March 2023, to determine if increased transparency is improving the level of customer reimbursement and driving any innovation in firms own fraud prevention measures.
Mitigating the risk of fraud and financial crime forms a key part of the UK’s next phase of Open Banking, with Open Banking Limited (OBL) tasked with a key action to mitigate the risks of financial crime. Delivering on these actions OBL has produced a financial crime data collection framework and will undertake the first data collection via voluntary submission. In a similar vein, the European Commission proposes to introduce measures through PSD3 for greater data-sharing, improvements to the application of strong customer authentication, the introduction IBAN verification akin to the UK’s CoP system and extending refund rights to some scam victims.
The regulators are also seeking to protect consumers from harm by improving the clarity, transparency and content of consumer information. The UK government confirmed its intention to revoke the customer information requirements in the Payments Accounts Regulations 2015, handing over responsibility to the FCA under existing requirements. The European Commission has proposed measures under PSD3 to improve the transparency of statements and charges and protect customers from unjustified payment account termination.
Competition/Access and Choice
2024 will see further significant regulatory developments affecting the payments ecosystem. The primary recommendation of the Future of Payments Review, commissioned by HMT, is that the government develops a National Payments Vision and Strategy as the current payments landscape in the UK is many in-flight industry initiatives overseen by a multi-regulator environment, without a clear and agreed outcome or desired future state in the long term. Other recommendations include ones to improve consumer experience, exploit the potential of Open Banking, improve regulatory oversight and alignment and consider how government can better interact with BigTech. The UK government and regulators will be driving action to advance these recommendations this year.
UK politicians have been vocal in their concerns about the rise in cross-border interchange fees (CBIF) and the impact on UK businesses and consumers, believing these to be indicators that the market is not working well. Driven by this, and its own findings, the PSR is conducting two market reviews, one on scheme and processing fees and the second on CBIF. The PSR has published interim findings on CBIF concluding the market is not working well, provisionally proposing to cap CBIFs, either temporarily or permanently. The final report and proposed remedies are expected in H1 2024. To address concerns that the supply of card-acquiring services was not working well for merchants with a turnover of less than £50 million, the PSR has introduced new rules designed to help merchants understand the pricing elements of services, prompt shopping around and make switching easier.
EC proposals for PSD3 seek to improve competition in electronic payments further, for example through enhancements (direct or indirect) to non-bank PSPs access (direct or indirect) to payment systems. The European Commission has also put forward a Financial Data Access (FIDA) proposal, introducing a framework to support safe and secure access to a range of customers’ financial data thereby allowing the market to innovate to serve the needs of consumers.
Enhancing customer protection
The nature of products and services, how they are delivered, and communications with customers continue to evolve. The ongoing question for regulators about the optimal level of customer protection is set against uncertain economic conditions impacting the cost of living, the need to encourage greater private investment to aid economic recovery, and increasing digitalisation. If deployed well, generative AI has the potential to fundamentally enhance consumer protection – unfortunately, the reverse is also possible. Whilst all these factors remain important to regulators, and levels of scrutiny remain high, the shift from new policy to supervisory measures has resulted in a slight drop in regulatory pressure score.
Regulators continue to challenge firms on whether they are appropriately balancing their own commercial and operational considerations with the needs of end-customers, and how this is embedded throughout the firm, at all stages of the product lifecycle and customer journey. Firms must be able to demonstrate progressively how their culture, strategy, business model, product design and operating model deliver fair treatment to customers. This is increasingly being delivered through supervisory focus on product governance, assessment of outcomes and consideration of value for money/fair value.
Continuing economic uncertainty has further increased the number of vulnerable customers. Many customers will exhibit characteristics of vulnerability at specific points in their lives and they should be able to achieve outcomes that are as good as those of other customers. The increase in the level and sophistication of scams and fraud, which tend to have a greater impact on vulnerable customers, is another area of regulatory concern as, despite regular interventions, incidences remain high.
In the UK, the Consumer Duty has been implemented and firms continue to work towards fully embedding it in their operating models, as well as seeking to identify the commercial opportunities that it offers. The FCA is challenging firms to provide evidence of how they are delivering good outcomes. As FCA expectations evolve, it is likely that further finessing of systems, controls and, specifically, MI will be an ongoing focus, especially in the run up to the July 2024 board reporting deadline.
Outcomes-focused
Regulators are continuing to seek to move firms’ mindsets away from narrow rules-based compliance to a more holistic assessment of the impact of their conduct and the outcomes they are generating. This approach, with new rules under consideration or recently implemented, will have a material impact on firms’ cultures, strategies and operating models.
Read more
Vulnerable customers
Global economic factors impacting the cost of living continue to fuel regulatory focus on the fair treatment of vulnerable customers across all sectors. These factors, and increased regulatory scrutiny, are likely to have a material impact on firms’ existing processes, procedures, products and services as well as on training and development implications for their employees. Given the complexity that comes with considering the different types and interconnectedness of customer vulnerabilities, firms will need to consider broad conduct risks to mitigate any associated operational challenges.
Read more
Value for money
The implementation of the Consumer Duty in the UK introduced a requirement for all sectors to develop and apply a price and fair value framework to evaluate specifically whether products and services offer value as well as utility. This has already had an impact on the products and services offered by firms and their associated charges. Other regulators are expected to follow suit.
Read more
Product governance
Although product governance rules have existed for UK and EU firms since 2018, there is growing evidence that they are not being implemented or supervised effectively. Consultations on enhancements to and/or reinforcement of rules will result in firms needing to develop or embed their existing process and procedures further.
Read more
Considerations for firms
- How can we evidence (through our culture, strategy, propositions and operating model) that we balance our own commercial interests with delivering appropriate outcomes for our retail customers?
- Can we show how embedded indicators of vulnerability are identified, considered and evidenced across the product lifecycle, all stages of the customer journey and associated processes and procedures?
Outcomes-focused
The drive continues by UK and EU regulators to transition regulation and supervision to focus on customer outcomes. The FCA’s Consumer Duty is the most strident of the initiatives. Now that the rules have been in place for several months, firms are increasingly being challenged to demonstrate how they are meeting the enhanced expectations and evidencing good customer outcomes. The FCA has wasted no time in using the new rules to address sector-specific concerns across financial services – and this supervisory approach is likely to endure for the foreseeable future as the FCA makes good on its intent to be more assertive, data led and agile. Recent areas of focus include retained interest and ongoing advice charges.
With parallels to elements of the Consumer Duty, the EC’s proposed Retail Investment Strategy (RIS) has been subject to fierce debate and negotiations in the EU. It remains to be seen whether the bold initial proposals will materialise into regulatory change following final negotiations. Some member states are progressing their own initiatives, for example, the Central Bank of Ireland has published a consultation paper on modernising and strengthening its Consumer Protection Code. Addressing issues around conduct and culture is also a key feature of the IAIS’s roadmap and IOSCO’s work programme for 2023/24.
Wider EU and UK proposals also focus on improving customer understanding and the ability to compare products. In the UK, a review is underway to reassess the boundary between guidance and advice with a view to seeing if there is more that firms can, and should, do to help customers make better informed decisions. The FCA will also consult on a new disclosure framework to replace the PRIIPs regime in the first half of this year. The EU’s RIS includes proposals to simplify disclosures, standardise the presentation of certain important information and require the display of risk warnings. Work in the payments industry also reflects a strong consumer understanding theme (see Payments).
Vulnerable customers
Regulators continue to take action to protect vulnerable customers from the impacts of the cost-of-living crisis. They expect the number of customers classed as vulnerable to increase as the crisis continues and firms develop more holistic and embedded solutions for identifying them. This expectation is supported by the findings of the FCA’s latest financial lives survey.
The FCA has been conducting cross-sector engagement to ensure that firms are delivering good outcomes by appropriately supporting customers who are struggling financially. It has sought to ensure that firms are clear about the effect of its rules and the range of options to support consumers. There is likely to be further regulatory scrutiny and consideration of the need for additional interventions.
The FCA’s actions include updates to insurance-related aspects of previous guidance so that it applies more broadly and a consultation on strengthening protections for borrowers in financial difficulty. FCA work on the application of its vulnerable customers guidance and treatment of borrowers in financial difficulty has identified inconsistent practices and areas for improvement.
Following implementation of the Consumer Duty, the FCA has specific rules relating to vulnerable customers, providing it with a stronger supervisory toolkit which it seems keen to use. Supervisory findings indicate that more work is needed on the identification of vulnerable customers – for example, the FCA found that 49% of wealth managers and 69% of stockbrokers identified no vulnerable customers at all, even though 50% of the population is likely to be classed as vulnerable over their lifetime. The FCA has also recently published detailed supervisory findings on the treatment of vulnerable customers, identifying areas of good practice but also substantial areas for improvement.
In the EU, EIOPA’s latest Consumer Trends report cited the impact of the current macro-economic environment on consumers, particularly vulnerable groups, as its main cross-sectoral trend. The EBA issued final guidelines on the effective management of money laundering and terrorist financing risks when providing access to financial services which specifically consider impacts on the most vulnerable customers. With strong parallels to the FCA’s GI pricing practices requirements, EIOPA’s supervisory statement on inappropriate differential pricing practices also highlighted the disproportionate impact on vulnerable groups.
Value for money
\
UK and EU firms subject to MiFID and/or IDD are required to consider the appropriateness of cost within product governance arrangements alongside an overarching requirement to act in clients’ best interests.
Regulators increasingly want firms to think about whether the price a retail customer pays for a product is reasonable compared to the benefits received. This is being reviewed and formalised in several ways, for example through the FCA’s Consumer Duty, EIOPA’s framework for delivering better VfM for the unit-linked market and ESMA’s opinion regarding ‘undue costs’ in UCITS. In its latest Consumer Trends report, EIOPA flagged continuing issues relating to some products not being of high-quality, i.e. not offering VfM and/or having complex exclusions. In its application of IDD report, ESMA also highlighted its ongoing initiatives to address value for money risks in the unit-linked market and exclusions in insurance products related to risks arising from systemic events.
Although the EU RIS, which could potentially introduce price benchmarks and restrictions on inducements, is still being debated, a number of European countries have adopted national legislation to address risks relating to payment and receipt of the commissions component of value for money – for example, through capping commissions (Germany, Hungary and Lithuania) or enhanced disclosure (Iceland). In Norway, proposals have been published for a ban on inducement payments.
The FCA was quick to use the Consumer Duty to respond to concerns across sectors by challenging firms to provide evidence that supports existing market practices. For example, the FCA asked firms to supply their fair value assessment on retained interest, and it has challenged whether products offer appropriate utility and whether services that have been paid for are substantively delivered. In the case of GAP insurance, where the FCA was not convinced by the evidence supplied, it asked insurers to ‘voluntarily’ agree to temporarily cease selling it.
The FCA’s report on firms’ compliance with its general insurance pricing rules found examples of poor practices which illustrate the challenges firms are facing in implementing aspects of the Consumer Duty appropriately. Fund managers are continuing to work through the implications of the FCA’s second supervisory review of their annual ‘assessment of value’ reports, relating to rules introduced in 2019. The FCA found significant improvements, albeit from relatively low base, but noted that some firms were not able to support their assumptions and assessments with sufficient evidence. It is therefore continuing to seek further enhancements to the level of objectivity and robustness.
VfM for pension savers is also a key priority in TPR’s 2023/24 corporate plan. New asset allocation disclosure requirements came into force from October 2023 to increase transparency and to support members to make VfM comparisons. The TPR, FCA and DWP have published proposals for a Defined Contribution (DC) pension scheme VfM framework and the FCA will shortly consult on detailed rules for a new VfM framework for DC workplace pensions.
Product governance
MiFID and IDD introduced requirements for firms to develop and maintain a robust and objective product governance framework. Supervisory reviews of insurers in France, Belgium, Italy and Norway as well as a 2022 review by ESMA, have found that firms are not operating frameworks as effectively, or at sufficient levels of granularity, as they should. European regulators are therefore seeking to enhance and reinforce requirements such that they afford the envisaged degree of protection to consumers. For example, Germany’s BaFin has enhanced its product intervention measures to address potential consumer harm arising from the volatile futures markets by restricting firms from marketing or distributing certain products to retail consumers.
ESMA is expected to report this year on its common supervisory action review designed to assess whether marketing communications are fair, clear and non-misleading and how firms select their target audience, especially for riskier and more complex investment products. ESMA has also updated its product governance guidelines - these became effective in October 2023 (see Delivering ESG and Sustainable Finance). For investment funds in the UK and the EU, there is specific, ongoing focus on liquidity management, oversight by depositaries and value for money.
While a peer review on product oversight and governance (POG) found most EU supervisors to be aligned to IDD, EIOPA is seeking to build on existing foundations to strengthen POG supervision by issuing a set of recommended actions. Its second report on the application of the IDD found that clearer guidance, more effective supervision and improved compliance from firms is needed.
Despite challenges, regulators recognise the material positive impact of a well-designed regime to manage consumer protection effectively, as demonstrated by the Consumer Duty which expanded the requirement for a product governance framework to all regulated retail products and services across all sectors. However, implementation continues for firms. In February 2024, the FCA identified several areas for improvement under the Duty’s products and services outcome.
Developing/
Implementing
7.5
The capital markets in both the EU and the UK continue to undergo significant change.
The EU is now finalising mandatory reviews of the mass of regulation that was implemented post-financial crisis, such as MiFID II/MiFIR, and the UK is amending on-shored EU regulation to adapt it to the UK market. Both jurisdictions are looking to increase their attractiveness as destinations to raise capital for new and growing companies. New fund structures have also been introduced, and existing structures adjusted, as European jurisdictions compete for share of market growth and cater for investment in long-term assets. This is aimed at aiding economic recovery and growing national capital markets, although in some cases industry uptake has been slow.
Work to analyse potential financial stability vulnerabilities and develop policy solutions across the non-bank sector has resulted in new international guidelines and recommendations on liquidity management in open-ended funds. Regulators’ attention is now turning to potential risks associated with private assets and leverage.
The movement to T+1 settlement is adding to the initiatives testing how wholesale market participants can use technology to bring efficiencies and resilience to post-trade market infrastructure.
The small increase in regulatory impact score in this edition is a result of various factors. Whilst developments in listing regulation seek to streamline the existing requirements, the volume of changes relating to secondary markets, such as the move to T+1, are creating more pressure. In addition, the prospect of increased supervisory scrutiny and new requirements relating to private assets, and the finalisation of new fund liquidity risk management rules (e.g. within AIFMD II), mean that on balance the score has increased.
Developing/
Implementing
7.5
Primary public markets
In the EU and the UK, policymakers and market participants continue to be concerned about the size and strength of their capital markets. Measures are being put in place to reduce the regulatory burden of raising capital in the primary markets. Alongside these changes, initiatives are also being considered to increase the capital available to invest and the ease of access to information available on public companies.
Read more
Secondary Markets
When MiFID II/MIFIR came into force in 2018, it represented a comprehensive and profound reshaping of regulation for EU financial markets, products and services, and necessitated large regulatory change management projects within firms. Changes emerging from the EU MiFIR review and the UK Wholesale Markets review will not trigger such large-scale changes, but firms operating in both jurisdictions will need to manage any divergence carefully. Regulators have not relaxed their focus on market conduct.
Read more
Private markets
While policymakers and regulators are trying to encourage use of public markets and increase choice for retail investors, they are also monitoring the growth of private markets and considering ways to ensure its expansion encourages economic growth and does not impact financial stability.
Read more
Fund liquidity management
International regulatory bodies have published new guidelines and revised recommendations on open-ended funds. Meanwhile, supervisory work has been completed by national regulators and policy changes are now being finalised, such as through revisions to the EU’s AIFMD and UCITS frameworks. On money market funds, the FSB has taken stock of its members’ progress with implementing reforms. Whilst the European Commission concluded that no legislative changes are currently necessary in the EU, the UK authorities have consulted on potential amendments.
Read more
Market Infrastructure
The financial market infrastructure supporting post-trade processes is complex and interconnected. Regulators continue to focus on the operational and financial resilience of market infrastructure as well as examining whether technology could bring efficiencies and reduce risk.
Read more
Considerations for firms
- Are our regulatory monitoring and change processes set up to deal with diverging UK and EU capital markets regulation?
- Are we able to monitor adequately our risks of investing in private markets, including those relating to asset valuation?
- Have we reviewed our governance arrangements around fund liquidity risk management and the stress testing process?
- Are we investigating on new technology could improve our post trade processes?
Primary public markets
The European Council and Parliament have reached provisional agreement on the Listing Act package. It includes measures to streamline prospectuses, to address disproportionate requirements for issuers under the Market Abuse Regulation and allow the re-bundling of payments for research and execution of orders. A new directive on multiple-vote shares has also been provisionally agreed.
The European Single Access Point (ESAP) Regulation means that from July 2027, ESAP will offer free, user-friendly, centralised and digital access to financial and sustainability-related information on EU companies, including small companies, with the aim of encouraging more investment. However, frustration at the slow progress under the CMU Action plan is growing, with many important measures, such as the directive to harmonise insolvency practices across the EU, still under negotiation.
The FCA has proposed to replace the UK standard and premium listing share categories with a single listing category. The new Public Offers and Admissions to Trading regime has been created. The FCA is now considering feedback to its engagement papers on how it can adapt the on-shored EU Prospectus Regulation for the new regime and is likely to publish a consultation paper in summer 2024.
The UK government has accepted the recommendations of an independent review on investment research. Significantly, the recommendations suggest that the MiFID II unbundling rules should be reversed by allowing asset managers to combine research with execution charges – mirroring changes in the EU. The FCA will consult on new rules in H1 2024. Any changes to unbundling requirements will require operational changes in firms.
Despite these amendments, the UK government and market participants have agreed that changing the regulation around the operating of public offerings is not enough. Therefore, various initiatives have been introduced to encourage more investment in UK capital markets by UK pension funds – the Mansion House reforms. There have also been discussions around introducing a GB ISA to encourage retail investors to invest in the UK stock market. However, the authorities will need to consider how this would align with firms’ obligations under Consumer Duty and accepted good practice to have diversified investments.
Private markets
There has been large increase in the use of private credit and equity as an alternative source of financing for corporates, including those that might have otherwise found it difficult to secure finance through public markets or from banks. Policy makers and regulators are looking to manage the risks of this increase whilst trying to reap the benefits of private investment for economic growth.
The UK government plans to use the FMI sandbox introduced by FSMA 2023 to launch a Private Intermittent Securities and Capital Exchange System (PISCES ) – a new type of trading venue that would act as bridge between public and private markets and encourage firms to grow and stay in the UK.
Many of the UK’s largest defined contribution pension providers have agreed to the ‘Mansion House Compact’ with the objective of allocating at least 5% of their default funds to unlisted equities by 2030. And The Pensions Regulator published new private markets guidance to support trustees in considering the role of private market assets in delivering improved outcomes for savers.
To facilitate investment and increase choice for investors, regulators have also introduced new fund regimes focused on private assets. The EU’s revisions to the ELTIF regime are almost complete, but the European Commission has asked ESMA to revisit the proposed level two requirements to make them more proportionate (e.g. around notice periods and liquidity management tools). With the UK’s LTAF regime already extended to retail investors, the FCA confirmed that LTAFs will continue to benefit from FSCS coverage.
Meanwhile, the growth of private assets and potential risks have attracted regulators’ attention. In 2023, IOSCO published the findings of a thematic review on emerging risks in private finance, alongside proposed good practices for market participants in the context of leveraged loans and collateralised loan obligations. It will undertake follow-up work this year.
At national level, some regulators are already introducing new requirements for private asset fund managers. For example, the US SEC has adopted wide-ranging new rules to increase transparency and enhance investor protection. And the EU will introduce a new regime and requirements for loan-origination funds as part of revisions to the AIFMD, as well as enhancing reporting requirements for wider funds. The FCA is expected to consult on revisions to UK AIFMD this year. It has also announced plans to undertake a supervisory review of private asset fund managers' valuation practices, including the governance of valuation committees, personal accountability, and MI provided to boards and their oversight.
Secondary Markets
Firms will need to prepare for the various changes to non-financial regulatory reporting, including the divergence between EU and UK standards, that will be consulted upon and implemented in the next few years. EMIR refit changes require adjustments to regulatory reporting by end of April in the EU and September in the UK. Some initial MiFIR changes went live in the EU in January, with more from the FCA on equity trade reporting in April. The UK Designated Reporter regime will also go-live at end of April with the EU’s equivalent designated publishing entities register live from October. The FCA has proposed comprehensive changes on fixed income market transparency which should come into force in the second half of 2025, just before the UK bonds consolidated tape (CT) goes live. The FCA is commissioning a study on impact of a CT in equities, specifically focused on the inclusion of pre-trade data, while it has been agreed, as part of the MiFIR review, to exclude pre-trade data from the EU equities CT. ESMA is currently engaging with industry on the establishment of the EU CTs with the EU bond CT also expected to go live before the equities CT.
The European Commission has started to consult on changes to the non-equities transparency regimes resulting from the MiFIR review including whether ISINs or UPIs should be used as a derivatives identifier.
The FCA has published the final report of its wholesale data market study. Across the three markets studied – benchmarks, credit ratings data and market data vendor services – the FCA found areas where competition does not work well. However, it has ruled out significant intervention because of potential unintended consequences, such as on the availability and quality of data. Instead, it will look to make improvements as part of the ongoing reforms of onshored EU regulation to ensure wholesale data is provided on a transparent, fair and reasonable basis.
Away from market data, the FCA continues to highlight its expectations around firms’ implementation of the market abuse regulation and ESMA has launched a common supervisory action on assessing the effectiveness of pre-trade controls by firms using algorithmic trading techniques.
Fund liquidity management
The FSB and IOSCO have finalised their policy measures for open-ended funds. While IOSCO's new guidance on liquidity management tools is addressed directly to fund managers, the FSB’s revised financial stability recommendations are addressed to national regulators. This marks the end of the analysis and policymaking phase of international work on this topic that has been underway since the onset of the Covid-19 pandemic. National regulators will now consider next steps and how to progress their own additional initiatives. As part of a broader review, the European Commission plans to consult this year on macroprudential policies for non-banks.
In the EU, the AIFMD review has been finalised. In future, AIFMs and UCITS management companies will need to select at least two LMTs in addition to suspension – underpinned by supporting analysis, policies and procedures. They will also need to notify regulators when they activate/deactivate certain LMTs. ESMA will develop guidelines on the characteristics of LMTs and their selection and calibration. Separately, the European Commission has instructed ESMA to review the rules regarding eligible assets in UCITS. It is expected to publish a call for evidence in the first half of this year.
Following its 2021 policy recommendations, the FSB has reviewed its members’ progress on implementing MMF reforms to understand policy choices and common challenges. Overall, the FSB found that implementation has been inconsistent, and it therefore expects further action from national authorities. While the EU decided not to propose revisions to the EU MMF framework, the UK has consulted on potential changes to the UK MMF regime. The most notable proposals are to significantly increase the minimum proportion of highly liquid assets that all MMFs need to hold and, for certain MMFs, to remove thresholds that link liquidity levels with the need to impose liquidity management tools.
There have been no further supervisory communications regarding LDI managers and pension fund since April 2023, but regulators are expected to continue to monitor the sector.
More broadly, the FSB is considering how best to address potential financial stability risks from leverage in non-banks, and will deliver a progress update in July.
Market Infrastructure
European firms trading US financial instruments are preparing for May 2024 transition from T+2 to T+1 settlement in US and Canadian markets. An industry-led ‘Accelerated Settlement Taskforce’ is expected to recommend the UK also transitions to T+1 settlement in its interim report due out shortly. There continues to be debate on whether the UK should transition as soon as possible or align with an EU transition. ESMA has been tasked with producing a report by end 2024 on shortening the settlement cycle in the EU.
The EU CSDR review came into force and formalises that the mandatory buy-in regime shall only be used as measure of last resort if the number of settlements fails in the EU does not drop and starts to threaten financial stability.
Against the trend, there is likely to be a shrinking of the regulatory perimeter around benchmarks. The European Commission is proposing to reduce the scope of the EU Benchmarks Regulation so that it only covers significant benchmarks of both EU and third-country providers. Similarly, HMT has recently extended the transitional period for third-country benchmarks used in the UK to the end of 2030 and will consider the permanent scope of the UK benchmarks regime as it gets reviewed as part of the smarter regulatory framework process.
Tokenisation could bring efficiencies to post-trade processes and further reduce settlement times – regulators are encouraging its development with sandboxes and pilot regimes. There are also wider potential use cases, for example the tokenisation of fund units. An industry-led ‘blueprint’ (endorsed by the FCA) set out an approach that UK fund managers can follow to develop and pilot models within the existing regulatory framework. The CSSF has clarified that service providers in Luxembourg may use DLT to maintain a fund’s unit/shareholder register, and pilots have been completed in other countries.
CCPs and clearing members should continue to expect supervisory scrutiny around their operational management of margin and liquidity. At the international level, CPMI and IOSCO have proposed eight good practices on CCPs and clearing members variation margin processes and transparency. EMIR 3.0 contains requirements to increase transparency on margining models and reduce the likelihood of procyclical collateral haircuts. ESMA has proposed revised technical standards on anti-procyclicality margin measures.
Building on the CCP stress tests carried out in both EU and the UK, the BoE has launched a system wide exploratory scenario (SWES) to improve understanding of the behaviours of banks and non-banks, including CCPs during stressed market conditions. The exercise and final report will be concluded in late 2024.
Work continues at an international level on the sufficiency of the existing toolkit for CCP resolution, in particular during non-default loss scenarios. FSMA 2023 expands the UK’s resolution regime for CCPs to align with the latest FSB guidance. ESMA continues to consult on and publish regulatory technical standards and guidelines for implementation of the EU CCP Recovery and Resolution regime (CCPRRR). Cross-border access to CCPs is considered further in ‘Accessing Markets’.
Continued regulatory developments since the UK left the EU underline the need for firms working across all jurisdictions to monitor regulatory change and market access arrangements to pre-empt any potential disruption to their business and identify opportunities.
The first meeting of the Regulatory Forum between HMT and the European Commission took place in October 2023, signalling further progress in rebuilding the UK/EU relationship. More broadly, the UK Financial Services and Markets Act allowed the establishment of mutual recognition agreements (MRAs), resulting in the signing of a unique MRA between the UK and Switzerland.
However, cross-border access between the UK and the EU looks unlikely to improve in the short term and firms need to continue to ensure that they have sufficient substance and remain compliant with local access arrangements. To this end, the EU authorities have set out expectations regarding third country insurance branches, proposed changes to the requirements for banks and finalised new rules on delegation of portfolio management in the asset management sector.
Although the exact detail has yet to emerge, the provisional political agreement on EMIR 3.0 seems to require a smaller proportion of EU clearing to take place in EU CCPs than was first proposed by the European Commission.
Wider cross-border services remain under scrutiny, for example the EU’s focus on reinsurance arrangements. The PRA’s approach is one of ‘responsible openness’, and the UK review of Solvency II will benefit overseas insurers wishing to access the UK market. In the UK, the Temporary Permissions Regime for firms closed at the end of 2023. The Government and FCA have made significant progress on the Overseas Funds Regime and it should commence shortly.
The small decrease in regulatory pressure score over the last six months can be attributed to positive developments regarding the OFR, the agreement of the UK-Switzerland MRA and less onerous revisions to the EMIR clearing regime than had been expected.
Delegation of portfolio management
Following significant debate, the EU has agreed to enhance its rules for delegation under the UCITS Directive and the AIFMD and to introduce new reporting requirements. Asset managers should ensure their approach to delegation and ‘substance’ aligns with existing supervisory expectations and begin to prepare for the incoming changes.
Read more
Third country branches
Banks’, insurers’ and insurance brokers’ post-Brexit organisational structures continue to be scrutinised by supervisors in the EU, as they review the governance and substance of third country branches. In contrast, the UK is pursuing a more open approach, in line with the PRA and FCA’s new ‘competitiveness’ objective – but not without its own caveats.
Read more
Fund marketing and distribution
Significant progress has been made on cross-border market access for funds. The UK government has deemed the EEA UCITS regime as equivalent for the purposes of its Overseas Funds Regime (OFR), and the FCA has consulted on the details needed to operationalise it in practice. The OFR is therefore expected to commence after the FCA’s final rules are published in the first half of this year, and the government’s statutory instrument is finalised.
Read more
Regulated markets and clearing
The framework for cross-border clearing continues to evolve post the UK leaving the EU. A milestone has been reached with provisional political agreement on EMIR 3.0, which when finalised, will clarify the amount of clearing that EU firms will be required to do through EU CCPs. Meanwhile, the BoE has started to advise on CCP equivalence decisions and to recognise non-UK CCPs.
Read more
Cross-border provision of services
Cross-border services between the UK and the EU remain under regulatory scrutiny. In the insurance sector, this includes reinsurance, intra-group and other cross-border risk transfer arrangements. Whilst the UK-EU MoU, agreed in 2023 represented a positive step forward, improved market access between the two jurisdictions appears unlikely in the short term. On a positive note, the UK and Switzerland concluded negotiations on an MRA in December 2023 – it will now need to be ratified by both countries before it takes effect.
Read more
Considerations for firms
- Have we reviewed what ‘substance’ we have in each jurisdiction and whether it is sufficient to meet evolving supervisory expectations?
- Are we systematically monitoring regulatory developments regarding market access arrangements and their potential challenges and opportunities they provide for our business (e.g. for international growth, or cross-border balance sheet optimisation)?
Delegation of portfolio management
Following Brexit, the practice of delegation by EU fund management companies to third countries has been considered thoroughly and debated by EU authorities and regulators.
Given some of the more problematic proposals on delegation that were put forward during the negotiation process (e.g. for equivalence assessments), overall the industry will be relieved by the comparatively minor changes that have been agreed.
EU AIFMs and UCITS Management Companies will need to be able to demonstrate that delegates are selected with due care and are appropriately qualified and monitored. In addition, information will need to be provided to regulators, such as notifying regulators before delegating and an ongoing basis through regulatory reporting. This reporting will involve providing wide-ranging information to regulators such as on the extent of due diligence reviews and their findings, and the amount and percentage of assets which are subject to delegation arrangements. In addition, firms will need to have at least two dedicated FTEs responsible for managing the firm domiciled in the EU.
Third country branches
European supervisors continue to scrutinise whether insurers have appropriate substance in the EEA and are not disproportionately dependent on operations in third country (‘reverse’) branches. Insurance brokers are a particular focus. Under CRD6, a new harmonised authorisation regime for banks will change how both existing and new EU branches on non-EU firms are authorised and supervised. The final compromise text, published in December 2023, contained significant modifications and exemptions to the original proposals and an extended timeline (mid 2026 earliest) for compliance.
.
Conversely, the UK’s policy approach to cross-border market access and supervisory deference is one of ‘responsible openness’. The PRA is looking to increase the attractiveness of the UK wholesale and commercial insurance market by removing capital and reporting requirements for overseas branches as part of the UK review of Solvency II. From a supervisory perspective, it is alive to ensuring UK policyholders are adequately protected, including in case of resolution. The UK is also set to consult on a captives regime in spring 2024.
Fund marketing and distribution
The UK government has deemed countries in the EEA (including EU) to be equivalent under the UK's OFR. This important step means that EEA UCITS will be able to use a streamlined mechanism to market to UK retail customers. The OFR also provides a permanent replacement to the FCA's Temporary Marketing Permissions Regime for funds, which has been in place since Brexit.
This decision ends uncertainty on how EEA funds would access the UK post-Brexit. Notably, the government has stated that it plans to consult on extending the FCA's Sustainability Disclosure Requirements regime to funds in the OFR (these are currently out of scope of the SDR – see Delivering ESG and Sustainable Finance). It is also noteworthy that MMFs are out of scope of the equivalence decision while the FCA works through its consultation on reforms to the UK regime. A reciprocal access regime for UK retail funds marketing into the EU remains off the table.
Although the UK has decided against introducing value for money requirements as part of the OFR, EU funds are being indirectly impacted by the FCA’s Consumer Duty – where UK distributors may expect information to be provided by EU fund management companies about any fair value assessments performed on their funds in order to fulfil their own responsibilities.
Regulated markets and clearing
After many months of tense negotiation, provisional political agreement has been reached on EMIR 3.0. Although the exact detail has yet to be clarified, the threat of considerable amounts of EU clearing being forced from UK CCPs into EU CCPs has lessened. This has been welcomed by clearing members who were concerned that the significant splitting of clearing would lead to a loss of netting benefits and efficiencies, generating additional costs for market participants, alongside large repapering exercises. The agreement still requires that firms who are subject to the EMIR clearing obligation should hold at least one ‘active account’ at an EU CCP and regularly clear through it at least five trades in each of the most relevant subcategories per class of derivative contract, to be defined by ESMA. The European Commission also has a mandate to take further measures in two years’ time, if, following an assessment by ESMA, there are still risks to the EU due to its reliance on third country CCPs. It remains unclear whether the Commission will extend UK CCPs’ temporary equivalence, due to lapse in June 2025, or grant it permanently. Firms will need to monitor developments closely to understand how they will need to operationalise the requirements and reporting around ‘active accounts’.
The BoE has previously confirmed its approach, under on-shored EMIR, to ‘tiering’ non-UK CCPs based on the level of risk they could pose to UK financial stability, with Tier 2 CCPs subject to direct UK supervision and regulation. However, even Tier 2 CCPs can apply for specific regulatory provisions to be granted ‘comparable compliance’, with the UK then deferring its supervision in these areas to a CCP’s home authority. The BoE has started to recognise some non-UK CCPs. It has also assessed that its relationship with the CFTC (including an MoU) allows it to place reliance on the CFTC’s supervision and oversight of incoming US CCPs.
Cross-border provision of services
While market access for services between the UK and the EU remains stalled (see more below), the UK and Switzerland have negotiated an MRA to enhance regulatory cooperation and facilitate cross-border financial services to institutional and certain high net worth clients. The agreement could bring new opportunities for the insurance and private banking/wealth management sectors and bring regulatory certainty to other financial sectors.
Whilst the MRA is noteworthy in its own right, the way it has been achieved is also interesting. Rather than taking a traditional, technical equivalence-based approach, as championed by the EU, the agreement is based on broad recognition of outcomes and deference, underpinned by close regulatory cooperation and information sharing. Once ratified, it will grant new market access, establish recognition-based commitments and formalise aspects of the status quo. Separately, the UK government continues to work on putting together a new relationship framework for Gibraltar (the Gibraltar Access Regime).
Following the agreement of an MoU on financial services between the UK and the EU, the first meeting of the associated financial regulatory forum took place in October 2023, signalling further progress on enhancing supervisory cooperation post-Brexit.
However, considerable focus remains on services being provided from third countries, particularly insurers’ cross-border risk transfers. In particular, there is increasing interest in the changing nature of the life insurance market from policymakers around the world, including the specific characteristics of PE-backed insurers. The PRA is especially concerned with the volume of transfers of Bulk Purchase Annuities (BPA) to life insurers, and the funded reinsurance arrangements (transfer of both asset and liability risk) to a limited number of relatively new and/or specialised reinsurers. Reading between the lines, the PRA appears to be concerned that overseas regulatory regimes may not be tailored to UK annuity risk and that capital would be better directed towards UK productive investment. Such supervisory distrust is not only cross-border, but seeping into the discussions about the future of the EU Single Market – with the desirability of national-level levers a point of contention within the EU Solvency II review.
UK/EU cross-border access looks unlikely to improve in the short term and firms remain reliant on national regulators’ individual cross-border access regimes to access professional clients. This requires firms to have a detailed understanding of arrangements in specific member states, which vary widely.
For EU firms providing services in the UK, the Temporary Permissions Regime was wound down at the end of 2023. Firms that did not apply for authorisation or subsequently withdrew their application entered the Financial Services Contracts Regime, allowing them up to 15 years to run-off existing contracts of insurance and five years for all other contracts. In the case of CCPs, the BoE Temporary Recognition Regime was previously extended until the end of this year.
Reinforcing governance expectations
Supervisors continue to reinforce the need for good corporate governance in response to specific regulatory failings within firms, failures of banks in the US and Europe in 2023, and broader sectoral issues. Governance arrangements also tend to come under heightened scrutiny during times of economic difficulty and market volatility.
Expectations on governance are woven throughout policy and regulatory files and are often placed at both executive and board level. A general pattern is emerging in the UK, of setting out granular, blanket expectations for boards, as seen in recent revisions to the UK Corporate Governance Code, which can start to blur the line between executive responsibility and board stewardship.
The UK Consumer Duty is intended to create a cultural shift in how firms think about and behave towards retail customers. Regulators are calling out pay gaps and lack of diversity across firms’ boards and senior management, and strengthening enforcement action for non-financial misconduct. They are also focused on helping firms recognise the interconnectedness of accountability, culture, DEI and the transformative effect that effective corporate governance can have.
Reforms across the board, including ESG, Solvency UK, Consumer Duty and Funded Reinsurance, are requiring firms to designate clear accountability across all three lines of defence. Finally, focus on firms’ implementation of AML controls continues to grow with measures taken to harmonise and strengthen regulation.
Although most regulatory frameworks for governance are well established, the significant uptick in regulatory pressure score is due to an increase in expectations and expansion of remits in some cases coupled with increasing supervisory focus across all jurisdictions. There is also increasing potential for enforcement actions.
Culture
There is growing recognition of the powerful role that culture can play in a firm. Regulators have identified that, in many instances of poor conduct, deep-set cultural issues have been present and that firms with healthy cultures are less prone to misconduct. They also note that diversity and inclusion can contribute to a positive culture. An assessment of culture, coupled with other regulatory initiatives can provide deeper insights into whether firms operate and are governed in line with regulatory and wider societal expectations.
Read more
Accountability, governance and controls
The original accountability regimes have now been in force for over eight years and their effectiveness is being reviewed. They are now expanding in scope across financial services and being introduced in more jurisdictions. Oversight of a firm’s business and regulated activities by its board and senior management remains a key regulatory theme, particularly given the volatile markets and difficult economic conditions of the last year.
Read more
AML/CFT
As supervision and regulation in this area continues to be strengthened, firms need to ensure adequate oversight of AML controls. They must also effectively implement the growing number of sanctions. The current challenge is the need to balance increasingly complex global regulation with a drive to deliver better customer experience, including faster payments, as well as reducing costs given economic environment.
Read more
Considerations for firms
- Does our board have the required skillset and sufficient support to provide robust oversight in an increasing number of technical areas, as required by regulators?
- Is there a gap between our current diversity and inclusion strategy and regulators’ proposed expectations?
- Can we use technology more effectively to ensure that AML and sanctions controls remain robust, and proportionate but also agile enough to meet new requirements?
- As a firm, how do we assess and, critically, evidence that we have an appropriate culture (including diversity, equality and inclusion factors) and that it is embedded throughout the organisation?
Culture
Although regulators do not prescribe what a firm’s culture should be exactly, supervisors view poor culture as a driver of harm. In response, they are aiming to address poor conduct and culture through day-to-day supervision, as seen in some of the FCA’s portfolio letters, as well as through newer, broader proposals. The UK Consumer Duty seeks to bring about a more consumer-focused approach with outcomes that set expectations for firms’ cultures and behaviours. The culture and ethics within firms also continue to feature in the work programmes of EIOPA, EBA and ESMA.
The PRA and FCA are consulting jointly on boosting diversity and inclusion in regulated firms. The proposals include obligations to develop a diversity and inclusion strategy setting out how the firm will meet its objectives and goals, collect, report and disclose data against certain characteristics, and set targets to address under-representation. The FCA has cautioned that firms that do not embrace diversity of thought will struggle to serve the needs of a diverse customer base and manage risks effectively.
The FCA is particularly focused on non-financial misconduct and proposes to include it explicitly within conduct rules and fit and proper assessments. It would require firms in the wholesale insurance market to submit information on incidents of non-financial misconduct and would pursue bans and fines for Senior Managers who fail to act with integrity.
In the EU, the ECB continues to make efforts to collect data on remuneration and the gender pay gap across EU banks.
Accountability, governance and controls
As part of the Edinburgh Reforms, the UK Government called for evidence on the Senior Management and Certification Regime’s effectiveness, scope, and proportionality, and on potential improvements. The outcome of this is awaited, alongside a PRA and FCA review of the regime. Meanwhile, FSMA 2023 expanded the scope of the SMCR to CCPs and CSDs and allows HMT to extend the regime to CRAs and RIEs if this is determined appropriate following consultation with industry. UK regulators consistently assign relevant senior managers to be responsible for remediation work in their Dear CEO letters and have called out the SMCR as a possible way to regulate the use of AI, demonstrating continued focus on full implementation and use of the regime.
Supervisors expect boards and senior management to have clear oversight of the financial, operational and conduct risks to their firms and understand how risks are impacted by the changing external environment. Under the Consumer Duty, boards must review and approve an assessment of whether the firm is delivering good customer outcomes on an annual basis. Regulators are starting to require board approval of technical aspects on topics such as Funded Reinsurance, irrespective of the materiality of these types of transactions to a firm’s business model.
HMT has set out a package of measures to address the findings of its call for evidence on pension trustees’ skills, capability and culture. These include establishing a trustee register, updates to guidance and consideration of mandatory trustee accreditation. TPR’s new general code, delivering one set of clear, consistent expectations for pension scheme governance and administration, is expected to come into force on 27 March, and from April its new market oversight function will have strong focus on trusteeship.
While not specific to financial services, the updated UK Corporate Governance Code will require boards to not only monitor a company’s risk management and internal control framework but also explain how they have measured its effectiveness through a declaration in their annual reports.
The ECB is increasing its focus on ‘fit and proper’ assessments for senior managers, and the EBA and ESMA have updated their joint guidelines on the assessment of the suitability of members of the management body and key function holders. Similarly, Ireland’s CBI recently went live with updates to its fitness and propriety regime to further enhance its Individual Accountability Framework. Acceleration of the effective remediation of shortcomings in governance is one of the ECB’s supervisory priorities for the next two years, encompassing not only the functioning of banks’ management bodies, but also their risk data aggregation and reporting capabilities.
EU member states have approved final proposals for the EU Corporate Sustainability Due Diligence Directive, which establishes formal requirements to adopt human rights and environmental due diligence policies and implement relevant processes in risk management systems. Compromises have been made, including changes to applicability thresholds and removal of the requirement for certain companies to align transition planning with financial incentives.
Efforts continue to enhance the stewardship of companies and increase transparency. Ahead of a review by the EC, ESMA and the EBA completed an assessment of the implementation of SRD2, finding that certain improvements could be made. And in the UK, the FRC is reviewing the Stewardship Code with a view to publishing a revised Code in early 2025. Separately, the industry-led Vote Reporting Group has consulted on a voluntary vote reporting template for asset managers to capture fund and mandate level votes.
Oversight, including AML/CFT controls
In the EU, provisional agreement has been reached on the AML/CFT Regulation and the ‘new’ sixth AML directive. The package of rules will establish a new AML Authority, to be hosted in Frankfurt, and harmonise and strengthen the existing framework with measures including greater access to beneficial owners’ registers. AML/CFT rules will be extended to the cryptoasset sector, implementing the FATF ‘travel rule’ which brings the transparency required in cryptoasset transfers in line with wire transfers. However, the fact that the UK and EU have diverging implementation timelines (1 September 2023 for the former and 30 December 2024 for the latter) and levels of stringency for the crypto travel rule adds to the complexity for firms.
More broadly, Switzerland is working on a new law concerning the transparency of legal entities and the identification of beneficial owners.
In the UK, The Economic Crime and Corporate Transparency Act has been agreed, which alongside the government’s Economic Crime Plan 2, aims to strengthen the UK’s supervisory regime, with increased information sharing between partners and greater government oversight to ensure effectiveness and compliance with Money Laundering Regulations.
The FCA has identified four areas that need collaborative effort to ‘shift the dial decisively’ on reducing and preventing financial crime – data & technology, collaboration (including from technology companies and social media platforms against scams), consumer awareness and measuring effectiveness of actions – and has posed questions for boards to consider in this area. It has also identified the prevention of financial crime as a supervisory priority for certain sectors, such as wealth management.
The UK Government has taken action to improve transparency and protect customers from unjustified payment account termination or ‘debanking’. The FCA is reviewing firms’ arrangements for dealing with politically exposed persons (PEPs) and their families.