As 2022 draws to a close we look back at some regulatory initiatives taken by the UK Financial Conduct Authority (“FCA”) during Q4 2022 that are relevant to investment firms.

 

Section (1): Initiatives of relevance to all firms 

FCA systems: deployment of multi-factor authentication

 

On the 15^th December 2022 the FCA announced that users of Connect, Reg Data and Online Invoicing (Fees Portal) will be required to enter a one-time passcode each time they login.

For further information re: how to switch on multi-factor authentication please see here.

 

Insights from 2021 Cyber Coordination Groups published

On 8^th December 2021 the FCA published insights gained from quarterly Cyber Coordination Group meetings held with cyber security and technology risk leaders in 2021.

 

These insights cover:

 

• cyber threats and emerging trends;

 

• board engagement on cyber security; and

 

• development, security and operations.

Although not official guidance, it is worth circulating these insights with senior management and IT professionals within your organisation. This is because examples of general good practice are provided. If any of the good practices cited are relevant to your organisation and are in place (or adopted) this should strengthen your firm’s operational resilience – a key area of focus for the FCA at present.

Self-assessment questions for compliance officers and senior managers

 

• Have the findings from the 2021 Cyber Coordination Groups been circulated to senior managers and IT/cyber security staff within your organisation?

 

• Can your firm evidence the discussion of cyber security matters at board level?

 

Revisions made to Part I of the Joint Money Laundering Steering Group Guidance (November 2022)

 

Please note that the JMLSG has issued revisions various paragraphs and annexes to Part I of its Guidance which are available here. These are currently awaiting board approval.

The revisions primarily concern EDD measures that a firm must perform when it becomes aware that there is a business relationship with persons which have a “high-risk third country” nexus (including consideration of their beneficial owners and, in certain situations, the filing of “material discrepancy” reports to Companies House or the HMRC). This complements the UK’s list of high-risk countries in Schedule 3ZA of the Money Laundering Regulations (as amended by The Money Laundering and Terrorist Financing (Amendment) (High-Risk Countries) Regulations 2022).

 

Self-assessment questions for compliance officers and senior managers

 

• Has your Money Laundering Reporting Officer (“MLRO”) and AML and Onboarding Department reviewed the revisions to Part I and ensured they are reflected in the firm’s processes?

 

Section (2): Regulatory reporting initiatives

 

Market Watch 70: MiFIR reporting: check your references!

 

On 3^rd October 2022 the FCA published the 70^th edition of its Market Watch newsletter. This edition focused on Markets in Financial Instruments Regulation (“MiFIR”) transaction reporting and instrument reference data issues.

 

Transaction reporting feedback

 

The FCA provided figures re: how many firms had:

 

• made data extract requests via the Market Data Processor (“MDP”) between 2018-2021; and

 

• submitted breach notifications.

 

The FCA reported that:

 

• it had received variable levels of information in the breach reports that it had received;

 

• some firms had made “unhelpful” references to proprietary reporting systems or processes;

 

• some firms had continued to use national identifiers that were not first priority in Commission Delegated Regulation (EU) 2017/590 at Annex II. The FCA stated that this was particularly common in reports submitted by firms that service retail clients;

 

• where third country investment firms had UK branches they had taken a “variety” of approaches when executing;

 

• firms had been misusing the “INTC” reporting convention; and

 

• some firms were still using a market identifier code (“MIC”) when they have transmitted an order to an executing broker who then execute it on a trading venue. In this situation the transmitter should populate the field with “XOFF” because they are not directly accessing the trading venue.

 

The FCA stated that:

 

• where appointed representatives (“AR”) transmit orders to a principal firm for execution, the principal firm should be identified in relevant fields, not the AR;

 

• the full instrument name of instruments not admitted to trading or traded on a trading venue (e.g. contracts for difference, “CFDs”) should be used in transaction reports, e.g. “Vodafone CFD”;

 

• firms should not execute transactions with clients until their identifiers have been subjected to internal review and validation to check:

 

• • conformity of the format to the European Securities and Markets Authority’s (“ESMA”) Q&A on MiFIR data reporting;

 

• • that the identifier is not a duplicate of an identifier that already exists within a firm’s database; and

 

• • that a client’s rationale for not providing a first priority identifier is credible.

 

Self-assessment questions for compliance officers and senior managers

 

• When was the last time your firm downloaded an extract from MDP and performed a reconciliation using data produced by the firm’s own systems?

 

• When breach reporting does your firm take care to:

 

• • remove references to proprietary systems or processes?

 

• • Provide examples of how a field has been misreported and corrections made going forward?

 

• Is your firm using “XOFF” in transmission situations where it is not directly transacting on a trading venue?

 

• Does your firm seek to use first priority national identifiers wherever possible? Does it have a process for scrutinising the identifiers provided by clients?

 

Instrument reference data feedback

 

The FCA provided the following feedback for the benefit of trading venue (“TV”) operators and systematic internalisers (“SIs”):

 

• TVs and SIs should have processes to:

 

• • identify incomplete or inaccurate reference data;

 

• • review feedback files and warning messages;

 

• • promptly inform the FCA or any data errors and omissions using the relevant notification form;

 

•  SI should not submit instrument reference data for instruments:

 

• • admitted to, or traded on, a trading venue; or

 

• • for instruments without a listed underlying;

 

• TVs and SIs should only populate field 5 (“issuer or operator”) of their Commission Delegated Regulation (EU) 2017/585 (“CDR 2017/585”) reports with their own legal entity identifier (“LEI”);

 

• TVs and SIs should populate the termination date (field 12 CDR 2017/585) once an instrument has expired/matured;

 

• TVs should ensure they are populating field 4 CDR 2017/585 (“commodities or emission allowance derivative indicator”) with “false” where the underlying of an instrument does not fall within one of these categories; and

 

• Instrument reference data should be reported with ISO 10962 CFI Codes (field 3).

 

Self-assessment questions for compliance officers and senior managers

 

• Does your entity have a process for identifying and correcting incorrect reference data that includes the prompt notification of the FCA where issues are identified?

 

• Is your entity making the correct submissions in the fields cited by the FCA?

 

Section (3): Initiatives relevant to firms handling inside information

Market Watch 71: are your insider lists accurate, complete and controlled?

 

In this edition of Market Watch, the FCA provides feedback on follow up work that it has conducted into advisory firms’ maintenance of insider lists. The feedback reminds firms to:

 

• include personal information in insider lists, using national identification numbers in the priority prescribed by Article 6 of Commission Delegated Regulation (EU) 2017/590 at Annex II;

 

• ensure their insider lists remain accurate; and

 

• continue the trend in the reduction of insider lists to those persons who have a demonstrable business need to have access to inside information.

 

Self-assessment questions for compliance officers and senior managers

 

• Is access to your insider lists strictly limited to those who require it for business purposes?

 

• Do your insider lists include all personal information required in the templates to Annex I to Implementing Regulation (EU) 2016/347?

 

• Do your insider lists include the details of contractors to whom inside information is provided?

 

• How much access to your insider lists to non-deal team employees really need?

 

• Is the regular maintenance of your insider lists a core component of your control programme?

 

Section (4): Initiatives relevant to firms offering services to retail clients

Deadline to implement changes to the UK PRIIPS regime will pass on 31^st December 2022

 

In March 2022 the FCA published PS22/2 finalising changes to the scope rules and amendments to Regulatory Technical Standards applying to Packaged Retail and Insurance-based Investment Products (“PRIIPs”). The deadline for implementing the changes outlined in PS22/2 has now passed.

A reminder for those firms engaged in FX trading:

“FX forwards. FX Forwards, and FX Swaps, are derivatives. As outlined in FS 19/01, and explained on our website, we [the FCA] consider that derivatives, if offered to retail investors, would fall within the definition of PRIIPs.”

 

Self-assessment questions for compliance officers and senior managers

 

• If your firm is involved in the provision of PRIIPS to retail clients can you demonstrate that you have implemented the changes outlined in PS22/2, where relevant?

 

FCA publishes findings of research conducted into the gamification of trading apps

 

Hot on the heels of the Netflix series Eat the Rich: The Gamestop Saga (2022) on 7^th December 2022 the FCA released the findings of research it had conducted into the gamification of trading apps. We thought this warranted an article of its own which can be found here.

 

Enhanced financial promotions regime for high-risk investments enters into force

 

On 1^st December 2022 the first tranche of new rules governing the promotion of high-risk investments entered into force. The first tranche covered required risk warnings.

Attention now turns to the implementation of the second, and final, tranche of rules that are set to enter into force on 1^st February 2023. Quick recap, these will:

 

• ban incentives to invest, e.g. “refer a friend” or “new joiner” bonuses;

 

• introduce a minimum 24 hour cooling off period in connection with the issuance of direct offer financial promotions;

 

• introduce requirements to install personalised risk warning pop ups;

 

• require clients to evidence that they meet the criteria stipulated on self-declaration forms;

 

• boost appropriateness test requirements to prevent “gaming” by investors; and

 

• require COBS 4 approvers to:

 

• • state their name and date of approval on the face of a financial promotion;

 

• • self-assess their competence and expertise to approve financial promotions in relation to the financial products or service to which a campaign relates, before agreeing to approve it;

 

• • take reasonable steps to monitor approved financial promotions on an ongoing basis, for the entire lifetime of the promotion, to ensure it remains compliant with the rules;

 

• • obtain quarterly attestations of “no material change” from the issuer; and

 

• • take steps to identify, prevent or manage conflicts of interest in relation to approved activity.

 

Self-assessment questions for compliance officers and senior managers

 

• Can you demonstrate that you have assessed whether any of your firm’s activities are in-scope of the new financial promotion regime pertaining to high-risk investments?

 

• If in scope has your firm:

 

• • updated its risk warnings?

 

• • devised a plan, and started implementing, the changes that will be required from 1^st February 2023?

Section (5): Initiatives relevant to firms that have appointed representatives

 

New rules making principals more responsible for their appointed representatives (“ARs”) come into force

 

On 8^th December 2022 the new rules strengthening the AR regime announced in PS22/11 by the FCA entered into force. The new regime kicked off with a Section 165 request for principal firms. This request was set to all principal firms with oversight of ARs and Introducer Appointed Representatives (“IARs”) between 8^th – 12^th December 2022. Principal firms have until 28^th February 2023 to respond.

Self-assessment questions for compliance officers and senior managers

 

• If your firm acts as a principal to ARs and/or IARs, are you confident that the Section 165 is “in hand”? Has the board obtained, or been provided with, confirmation that the request has been fulfilled, or will be fulfilled, by the deadline?

 

• If you believe your firm should have received a Section 165 request but has not, have you asked the FCA to send you a request by emailing Firm Queries?

 

About C&G

C&G’s consultants have deep, C-suite level, experience and knowledge of  regulation and compliance in UK and international financial markets. If you have any queries about the contents of this circular, please contact us.