After the past few years that were full of surprises and dense in new regulatory initiatives, one could expect some respite. Unfortunately it seems that 2020 is not shaping that way: not only is the pace of new regulatory change not expected to materially slow down, but most Regulatory Bodies have moved to the next phase, i.e. whereby they will start assessing the impact of the past initiatives, the extent of their implementation and whether the outcomes expected have been achieved.
In addition the political agenda will bring its own uncertainties as the UK has left the European Union after 47 years of membership. Firms will have only a year to prepare for this new paradigm without much information as the negotiations between both parties are still in their infancy.
Predicting what topics that will flourish on the 2020 regulatory scene remains a challenge, hence some subject matters shall stay at the forefront of firms’ agenda.
- Financial Crime – AML/CFT
- Governance, Culture & Conduct
- Compliance function and beyond
- Operational resilience
- Political uncertainty, market fragmentation and new ESG liabilities
- Usual suspects
Deterring and preventing money laundering activities and financial crime overall remains a priority for most regulators & political circles. Several new initiatives have taken place recently in EU aimed at strengthening the existing regulatory framework (e.g. entry into force of the 5th AML Directive, Regulation (EU) 2019/2175 providing EBA with new supervisory and enforcement powers). The fight against money laundering and terrorist financing is an old theme, it seems however from the accumulation of recent scandals that the related regulatory requirements continue to be poorly understood. Too often, the approach adopted focuses on ensuring that KYC documentation is adequately collected without fully embracing the founding principles of an efficient and compliant program introduced by the 2012 FATF recommendations, i.e. whereby systems and controls are to be risk based.
Recent investigations have outlined that common denominators having allowed the recent failure were principally (i) Poor or no AML/CFT business wide risk assessment, (ii) Poor governance and lack of adequate oversight, (iii) Over reliance or under-reliance on automated systems, (iv) Grandfathering of dated procedures and (v) Insufficient training
Areas of focus:
- Integration & Oversight: Management accountability, AML/CFT Business Wide Risk Assessment
- Know Your Client: Use of new technologies, Client risk scoring/assessment
- Transaction Monitoring: Risk based controls, Clients & transaction profiles, Sanctions
Deontea Ltd has helped numerous organisations to review and assess the quality of their arrangements, build effective & proportionate AML/CFT frameworks or simply assist/support their compliance function or governing bodies by providing sound & expert advice. We can quality assess your systems and controls to ensure that you are fully compliant with your obligations whether you operate within the EU, in Switzerland and/or in the UK and propose remediation programs including training your staff to understand what Risk Based Approach means and how to apply it in their day to day activities.
Governance, Culture & Conduct
The weaknesses in corporate governance and conduct risk management within firms remain at the fore-front of the regulatory agenda. Incorrect conduct of firms leading to major consumer detriments and loss of confidence in the integrity of financial markets will continue to drive regulators actions & surveillance well into 2020. Whilst arrangements within the financial space (e.g. sales practices, PA dealings, conflicts of interest, regulatory arbitrage/avoidance) have until now been the sole focus of regulatory actions, the emergence of ethical, environmental and social expectations by the society have recently sifted that focus to also include the non-financial space (e.g. harassment, discrimination vs inclusion, “human capital” issues). Still too many firms believe that the old fashion “box ticking” exercise will suffice to demonstrate that senior management including board members are aware of their responsibilities, take full accountability for any improper behaviors and that the information is flowing throughout the organisation according to the governance framework in place. Lastly, the drive towards a greater ESG transparency (e.g. sustainable finance, balance sheet climate stress tests) will undoubtedly alter firms’ governance as reputational and business risks stemming from insufficient ESG consideration may jeopardise business dealings.
Areas of focus:
- Governance: Oversight of controls & processes, Escalation & investigation procedures, Management Information framework, ESG transparency
- Conduct: Establish “what good looks like”, Oversight & controls including mitigating strategies, Training programs
- Culture – “Tone from the top” including “Tone from above”: Senior management accountability at all level of the organisation, Whistleblowing arrangements, Employees’ performance assessments, Surveillance tools
Deontea Ltd can provide expert advice & support firms in assessing the quality of their governance arrangements. It can help develop practical solutions that are paramount in preventing instances of misconduct to allow the design and implementation of a sound & effective governance program informed by a comprehensive mapping of regulatory obligations or requirements (e.g. Regulatory footprint).
Compliance function and beyond
The past 8 years have been particularly rich in regulatory initiatives in particular in EU where the entire regulatory framework has been reshaped. Compliance staff has been more than instrumental in permitting that transformation; hence it seems that the Compliance function has been omitted in that makeover. Indeed too often it still operates on the sidelines and is expected to keep on “ticking the boxes” instead of being effectively integrated in the business as a fully operational control function that monitors, advises and assists with extended responsibilities and obligations (e.g. MiFID II new requirements: Product Management, Complaint handling, Remuneration Policy). The scope and breath of new regulatory obligations requires more than ever to re-think in depth the way it operates including, but not limited to, (i) successfully embracing a risk based approach to ensure that adequate resources are channeled to where they are needed the most, (ii) ensuring that the function is truly integrated in the decision making process, and not only as a “nice to have recommendation” in relation among others to new business lines, changes in operating models, introduction of new products and (iii) re-thinking the breadth of knowledge, competence and skills compliance staff must have to be able to carry-out their duties (eclectic backgrounds not limited to solely legal qualifications). 2020 is expected to see several initiatives from regulators in that realm (e.g. recast ESMA Guidelines on certain aspects of the MiFID II compliance function requirements, AMF spot controls on outsourcing the control functions).
Areas of focus:
- Compliance Program: Regulatory Risk Assessment, Use of technology (RegTech solutions)
- Governance: Compliance Charter, Accountability
- Resources: Outsourcing, Training
Deontea Ltd by providing additional retained or ad-hoc resources can help in better integrating compliance into operational & business processes, formalise regulatory risk assessment to better inform compliance enhancements and priorities, support in adopting an holistic approach to regulatory requirements to mitigate the strain on a overextended resource environment and help ensuring that all stakeholders (internal & external) remain accountable to the firm’s standards of compliance.
At the same time that MiFID II/MiFIR implementing measures were being developed, the FCA has carried out a small informal thematic review to assess how certain stakeholders where managing their operational resilience to follow on several failure in rendering investment services due to technical disruptions. The findings were generally satisfactory, it appeared nevertheless that most firms had not considered in details what would be the consequences on their business if suddenly the services it relied on became unavailable temporarily or permanently; in details means among others having identified and selected an alternative, having conducted a proper due diligence, thought and tested any migration, designed emergency procedures, developed internal and external communications plans … etc. It may look as something belonging to the operational risk management, business continuity or outsourcing spaces, hence the issue is far wider reaching and requires a more thorough understanding of the different components supporting the important business services and of the dependencies they creates (e.g. outdated or weak infrastructure, insufficient systems’ capacity, key person dependencies, over reliance on third parties, insufficient or weak internal skills set for proper oversight). Too often a rapid implementation of new technological solutions, upgrading of existing systems or over reliance on external service providers have been the main drivers of operational failures. In a world where digital revolution requires firms to upgrade their core systems and/or adopt new ones, cyber vulnerabilities and various disruptions risks need to be fully understood to protect consumers, ensure market integrity and by extension their own viability.
Areas of focus:
- Integration & Oversight: Management accountability, Tolerance statements & acceptance, Management information
- Operational Management: Systems and controls mapping, Risk and impact assessment, Stress testing
- Control framework: Review of the policies & processes governing the identified risk areas, Monitoring, Third parties management
Deontea Ltd may help strengthening your operational resilience by providing a sound and expert regulatory oversight and or quality assessment of existing arrangements to help identifying potential weaknesses, issues not addressed or omitted, required controls or monitoring systems needed to strengthen your operational resilience. Technology and Outsourcing are not “quick fixes”: they have to be properly understood, managed and controlled.
Political and regulatory uncertainty, market fragmentation and new ESG liabilities
The year to come is expected to foster additional uncertainties for firms operating within multiple jurisdictions. Brexit, regulatory divergence, ESG issues confusing the line between regulatory policies and social policies among others will create new areas of concerns that will have to be adequately managed to mitigate regulatory, legal and reputational risks. The re-assessment of all major regulatory frameworks implemented after the 2008 crisis will foster additional uncertainties as major financial centers (US or UK) are expected to take a route towards more principle based frameworks and as international co-operation is changing, driven by revised political priorities on trade fragmenting further already uneven rule books. Also, the wider debate about financial firms’ purpose and role in the society is just starting. Many regulators are already working on striking an adequate balance between the shareholders’ value and consumer needs but the debate is far from being closed: firms that fail to engage with this new paradigm may jeopardise their long term sustainability. Unfortunately political time is not the same as the business time and most firms generally tend to wait until the last moment to make strategic decisions in the hope of having all the elements to decide while others adopt a piecemeal and “just in time” approach. Both routes often lead to costly mistakes. Only a true cross-border approach, informed by a comprehensive holistic analysis of the applicable regulatory frameworks can provide organisations with the tools they need to make effective and appropriate strategic decisions.
Areas of focus:
- Brexit: Third country access, EU-UK FTA and regulatory divergence
- Regulatory developments: ESG requirements, ESAs new powers, Entry into force of LEFin and LSFin in Switzerland
- Regulatory frameworks re-assessment: EU Market infrastructure evaluation (e.g. Transparency rules, SIs and OTFs functioning, Trading obligation), MiFID II evaluation (Inducements, Investment research organisation, Client disclosures), inclusion of ESG considerations
Deontea Ltd can provide expert advice & support if you wish to understand the consequences of the UK leaving the European Union including the end of passporting rights and how the new equivalence regime is expected to operate. We propose a unique cross-border service as we do not rely on local expertise but provide a fully integrated service, tailored to your needs. You will work with someone who perfectly understands & knows the UK or Swiss regulatory frameworks but is also an expert in the EU regulatory framework.
The usual suspects
Most major regulatory frameworks that have been designed after the 2008 financial crisis are now operational and firms may believe that the main effort is behind them. Unfortunately, the most difficult work is starting now as it is time to assess the effectiveness of the arrangements implemented and carry-out any necessary remediation work where required. Regulators and in particular ESAs are planning various supervisory initiatives to ensure that all have been understood, adequately implemented and delivers the expected results. The ESAs’ use of their enhanced powers and the increased expectations on collaboration and information-sharing between national regulators will likely result in tightened supervisory procedures, additional information requests and new reporting obligations. Once again, the main investors’ protection themes stemming from MiFID II are the subject matters identified as needing further work. Many firms have struggled and are still struggling with the full consequences of those initiatives: ESMA (Strategic orientations for 2020/22) or AMF 2020 business plans makes clear that those areas will stay at the heart of the supervisory work in the years to come.
Areas of focus:
- Order execution: Effectiveness of implemented arrangements (including RTS 28 disclosures), PA dealings, Inducements
- Client Information (Cost & Charges & performance disclosures, Information of the firm & its services): Enhanced reviews and remediation
- Conflicts of interest (Product Governance, Remuneration, Sales practices): Evaluation of systems & controls in relation customer “best interest” including Appropriateness and Suitability, Evaluation of surveillance & monitoring arrangements including staff assessments
Deontea Ltd as a highly specialised regulatory & compliance partner can help you in auditing & gap analysing the implemented policies/procedures and arrangements to provide quality assurance and confirm full compliance with applicable regulations.