Welcome to the latest edition of Gem Compliance’s monthly regulation newsletter. The aim of the newsletter is to present industry news in an easily digestible format. As such, not all sources of industry information and FCA publications (and no PRA publications unless specified) will be covered.
Therefore, clients and associates of Gem Compliance should periodically check the FCA’s and PRA’s websites for regulatory developments. We hope you find this newsletter useful and should you have any compliance queries or require advice on any of these topics, please do not hesitate to contact us.
Firstly we would like to wish all readers a Happy New Year and a prosperous 2020.
There have been some communications issued by the FCA during December although as ever, this has tailed off over the holiday period. However outside of this, the main changes last month were political ones. This included the election of a majority Conservative government from 13 December and following this, the vote to proceed with Brexit from 31 January and transition period to 31 December 2020. This is still subject to EU agreement but is anticipated to be proceeding in this direction.
At this stage it remains to be seen exactly what the regulatory landscape will look like after 31 January although this is likely to become clearer over the coming months. It is anticipated that through the transition period, this will be ‘business as usual’ given that EU legislation will continue to apply and that much of this will become enshrined as UK legislation as part of the transition process. But also in order for the UK to maintain a competitive position in financial services markets, at least ‘equivalence’ of EU regulation is likely to be the starting point for future regulation following the end of any transition period.
In other news, the rollout of SM&CR to all solo-regulated firms took place on 9th December. This includes updates to a number of relevant FCA forms including Form As and the introduction of some new forms.
The FCA has issued updated guidance regarding changes to the Money Laundering Regulations coming into force on 10 January 2020. These changes update the UK’s AML regime to incorporate international standards set by FATF and to transpose the EU’s 5th Money Laundering Directive. The guidance highlights some specific new areas that firms need to comply with including new additional high risk factors that firms should consider when assessing the need for enhanced due diligence and when considering seeking additional information and monitoring in some cases.
The latest version of the ICO’s newsletter can be found here. We are also aware that the ICO has written to a number of firms which are not yet on the ICO register as a fee payer, about fees not being paid. We understand this is an initiative of the ICO to ensure that firms that should register have done so. Readers are therefore encouraged to ensure that any UK legal entities in their group have reviewed whether they are deemed to be processing data and therefore should be registered or alternatively record internally why an entity may be exempt. Use of the ICO’s self-assessment tool is strongly advised where firms are unsure whether or not registration is required, or indeed to demonstrate that registration is not required.
The most recent PRA Digest (October 2019) has been published. The FCA’s board meeting minutes from October and November 2019 have been published. The meeting minutes for the most recent Board meetings can be found here when published.
The Bank of England (the Bank), Prudential Regulation Authority (PRA) and Financial Conduct Authority (FCA) have published a co-ordinated consultation process, including FCA consultation CP 19/32 on new requirements to strengthen operational resilience in the financial services sector.
The FCA had previously issued a discussion paper on this subject (DP 18/04) in July 2018. The aim was to increase firms’ investment in operational resilience where they provide important products and services, and that building operational resilience is in the public interest.
The FCA is now giving feedback on that discussion paper and also jointly consulting on new requirements (at SYSC 15A) on the firms it supervises to help strengthen operational resilience. It describes operational resilience as an outcome: the ability of firms and the financial sector as a whole to prevent, adapt, respond to, recover and learn from operational disruptions.
The FCA wants firms to consider the impact of disruption, which can come in many forms. For example, technology failures, cyber-related and other operational incidents, including those outside of a firm’s control, can all have an impact on the people and businesses (and financial markets) that rely on their products and business services.
The consultation outlines its views on example firms, and how this aligns with the FCA’s objectives. Annex 4 also gives useful guidance on current expectations for all firms in relation to operational resilience, reflecting Principles for Businesses, Threshold Conditions, and Senior Management Systems and Controls.
Operational disruptions and the unavailability of important business services that firms provide have the potential to cause wide-reaching harm to consumers and market integrity, threaten the viability of firms and cause instability in the financial system.
The FCA is proposing that firms:
identify their important business services that if disrupted could cause harm to their consumers (retail and wholesale) or market integrity;
set impact tolerances for each important business service (i.e. thresholds for maximum tolerable disruption to help achieve consumer protection and market integrity);
identify and document the people, processes, technology, facilities and information that support important business services (mapping);
test their ability to remain within their impact tolerances through a range of severe but plausible disruption scenarios;
conduct lessons learnt exercises to identify, prioritise, and invest in their ability to respond and recover from disruptions as effectively as possible;
develop internal and external communications plans for when important business services are disrupted; and
create a self-assessment document.
The proposals are not intended to conflict with or supersede existing requirements to manage operational risk or business continuity planning, but rather aim to set new requirements that enhance operational resilience.
Delivering operational resilience requires firms to take decisive and effective actions, for example by replacing outdated or weak infrastructure, increasing systems’ capacity or addressing key person dependencies.
By addressing resilience gaps and building resilience, the FCA believes firms will become more capable of supplying their most important business services even during severe operational disruption.
The FCA is not proposing changes to the rules and guidance on outsourcing or third-party service provision. It expects that all firms remain responsible for the management of their outsourcing and third-party relationships. In an increasingly complex and fast changing business environment, the FCA wants the delivery of important business services by firms to be able to prevent, adapt, respond, recover and learn from disruptive operational incidents.
To achieve this outcome, firms need to consider their dependency on services supplied by third-parties and the resilience of these third-party services. This includes those third-parties typically outside the regulatory perimeter, where firms retain responsibility for the delivery of their regulated services, including any dependency on the third-party service provider.
This current consultation predominantly impacts:
banks;
building societies;
PRA-designated investment firms;
Solvency II firms;
Recognised Investment Exchanges;
FCA Enhanced scope SM&CR firms; and
entities authorised and registered under the Payment Services Regulations 2017 and Electronic Money Regulations 2011.
However, as normal, given FCA guidance and its general expectations on operational resilience, the FCA also recommends that all firms consider the proposals, and consider any key gaps as part of best practice.
The consultation is due to close on 3 April 2020 with a Policy Statement anticipated later in 2020. A link to the full consultation paper is shown here.
The new EU Directive on the protection of persons who report breaches of EU law came into force on 17 December 2019.
The Directive's purpose is to guarantee a high level of protection to persons who publicly disclose information on breaches which is acquired in the context of their work-related activities (referred to as 'reporting persons' or 'whistleblowers') across a wide range of sectors, including public procurement, financial services, money laundering, product and transport safety, nuclear safety, public health, consumer and data protection.
Member States have two years until 17 December 2021 to bring into force the requirements necessary to comply with the Directive.
The UK may have left the EU within this time frame and subject to the terms of transition, may not be required to implement the Directive in line with other ongoing EU members. However it is likely to be relevant in a number of ways:
it exceeds the current requirements relating to whistleblowing under UK law and may be regarded as best practice in any case. The UK All Party Parliamentary Group on Whistleblowing published its first report earlier in [EJ1] 2019, which included recommendations for revisions to the current law and the creation of an Independent Office of the Whistleblower. There may therefore be some momentum for change to the current UK laws;
it will be relevant for all companies with operations in continental Europe; and
it will need to be taken into account by companies which maintain a single global whistleblowing framework.
FCA authorised firms are already subject to the Financial Conduct Authority's (FCA) extensive rules on whistleblowing contained in SYSC Chapter 18 of the FCA Handbook. This article considers where the requirements of the Directive differ from and/or may impose additional obligations to the current requirements for financial services firms under UK law and the FCA’s whistleblowing requirements.
What the Directive says
In broad terms, the Directive:
requires the creation of safe channels for internal reporting by legal entities in the private and public sector, and for external reporting to competent authorities; and sets out the conditions under which public disclosures will be protected;
provides measures for protecting the confidentiality of whistleblowers;
provides measures for protecting whistleblowers, and those assisting whistleblowers, from retaliation. Workers, civil servants, the self-employed, shareholders, management, unpaid volunteers, contractors, sub-contractors and suppliers, former employees, and persons going through a recruitment process are all regarded as whistleblowers under the Directive;
sets out requirements for Member States to provide advice and support for whistleblowers, and training for public officials on how to deal with whistleblowing.
Key differences under the Directive
Key differences compared to existing UK and/or FCA SYSC requirements include:
Applicability: The Directive applies to any organisation, whether private or public, big or small. Legal entities in the private sector with at least 50 workers will be required to adopt internal channels and procedures for whistleblower reporting. This requirement also applies to all legal entities in the public sector. Member States may exempt from this obligation municipalities with fewer than 10,000 inhabitants or fewer than 50 workers, and other entities with fewer than 50 workers. In contrast, the applicability of the FCA’s whistleblowing rules does not depend on the number of workers in a company.
Internal vs external reporting: Article 7 of the Directive provides that Member States shall encourage reporting through internal reporting channels before reporting through external reporting channels, where the breach can be addressed effectively internally and the reporting person considers that there is no risk of retaliation. In contrast, the FCA’s rules emphasise that whistleblowers must be informed that reporting to the FCA (or PRA) is not conditional on a report first being made using a firm’s internal arrangements.
Procedures for reporting and follow-up: Unlike SYSC 18, the Directive provides concrete timeframes for specific steps in the handling of a report: receipt of the report must be acknowledged within seven days, and “feedback” must be provided in a reasonable timeframe, “not exceeding three months from the acknowledgement of receipt”. “Feedback” and “Follow-up” are also specifically defined. The Directive clearly contemplates that investigations may be completed within three months of the report being made, which may be possible where the investigation is relatively straightforward and self-contained. However, it seems unlikely that this will be possible in all cases, particularly where the investigation is large and complex. In those circumstances, the feedback to the reporting person will need to address the action envisaged or taken as follow-up, and the grounds for that follow-up, as at the time that the feedback is given.
Records: Article 18 of the Directive provides that records should be made of reports made orally and of meetings held with the reporting person. The reporting person should be given the opportunity to check, rectify and agree the record by signing it. This may require a change to some firms’ current procedures.
Prohibition on retaliation: This prohibition is not new, but the Directive also expressly prohibits threats and attempts of retaliation, and sets out a long list of actions which may constitute retaliation, ranging from dismissal and demotion, to harm to a person’s reputation “particularly in social media”.
No liability for acquisition of, or access to, information: Whistleblowers will not incur liability for acquisition of, or access to, the information which is reported or publicly disclosed pursuant to the Directive, provided that the acquisition/access did not constitute a self-standing criminal offence.
Reversal of the burden of proof: In court proceedings relating to a detriment suffered by the whistleblower, if the whistleblower establishes that he/she made a report or public disclosure pursuant to the Directive, and suffered a detriment, it is presumed that the detriment was made in retaliation for the report or the public disclosure. The burden shifts to the person who has taken the detrimental measure to prove it was based on “duly justified grounds”.
Penalties: The Directive provides that Member States must provide for penalties to be available, including for retaliation and breach of confidentiality. In addition, penalties must be provided in respect of whistleblowers who knowingly report, or publicly disclose, false information.
Rights of the “person concerned”: The Directive notes that the rights of the "person concerned" (i.e. the subject of the whistleblowing report) should also be protected, including protection by Member States of the confidentiality of the person concerned and ensuring rights of defence in any subsequent legal proceedings. The Directive further provides that internal reporting channels must ensure that the confidentiality of the identity of the reporting person and any third party mentioned in the report is protected. Firms will need to ensure that their whistleblowing channels are set up to provide confidentiality not only as to the identity of the whistleblower, but also that of any third parties.
Steps UK financial institutions need to take
Although it’s just under two years before the potential implementation of the Directive, and may also depend upon the UK/FCA’s approach to implementation given this is a Directive and post Brexit, firms may need to start assessing the steps they need to take to prepare for its introduction, including:
mapping the provisions of the Directive against existing whistleblowing frameworks and deciding how to approach the implementation of the new requirements – this could, for example, be on a country-by-country basis or by incorporating updates to a global framework;
addressing practical considerations, such as assessing whether the firm can maintain confidentiality as to the identity of whistleblowers and third parties mentioned in whistleblowing reports; and, if not, considering how to adjust the handling of whistleblowing reports from at least those countries where the Directive will be in effect;
reinforcing the absolute prohibition on retaliation, with targeted and ongoing training of staff;
monitoring the impact of Brexit, in particular to see whether any of the Directive's provisions will be incorporated into UK law including whether any changes also go beyond the provisions of the Directive.
CP 19/31: Consultation paper outlining proposals on how the FCA intend to extend SM&CR to benchmark administrators.
CP 19/33: Quarterly consultation paper, which covers proposals on a variety of matters including (amongst other things) clarification on the rules relating to FSCS claims against appointed representatives and principals, amendments to the Listing Rules, and changes to PERG regarding payment accounts under the Payment Services Directive.
Policy Statements
PS 19/28: Policy Statement relating to Proxy Advisers (Shareholders Rights) Regulations 2019 implementation and corresponding changes to DEPP and EG regulatory guides.
PS 19/29: Policy Statement on Investment Platforms, summarising feedback from CP 19/12 and setting out final rules in relation to making it easier for consumers to move from one investment platform to another without liquidating assets.
PS 19/30: Policy Statement on new rules on the extension of the remit of Independent Governance Committees (‘IGC’), which are the bodies that currently provide independent oversight of the value for money of workplace personal pensions in accumulation i.e. before pension saves are accessed.
Other
The FCA has issued Primary Market Bulletin no. 25 outlining its guidance on market issues including insider trading issues.
FCA issues a new form to be completed where MiFID investment firms are notifying the regulator of changes to the firm’s management body regarding non-SMF directors.
The FCA has welcomed the issue of the report, findings and recommendations by Sir Ross Cranston on the methodology and process used by the Lloyds Banking Group (‘LBG’) regarding the consequences of the fraud at HBOS Reading in relation to its customers. However it expressed disappointment that the consequences have still not yet been properly remediated by LBG and confirmed that these need to be addressed by LGB quickly. This followed an earlier second delay into the review which had been announced previously.
The Financial Services Regulatory Partners Phoenixing Group have met to discuss the progress which they have seen in tackling phoenixing in financial services since the group was launched in April this year. As a result of this, seven suspected phoenix firms have been prevented from gaining authorisation as a result of an anti-phonenixing operation launched by the FCA, including data sharing between other regulatory bodies.
It has been announced that the Financial Policy Committee (“FPC’) has set out initial findings of a joint review by the FCA and the Bank of England on open-ended investment funds and the risks posed by their liquidity mismatch.
The FCA has issued a podcast discussing the challenges and future opportunities for the Payments Sector.
FCA issues Handbook Notice 72 which includes certain rule changes effective from early 2020, arising from previous miscellaneous consultation papers.
The FCA has issued a table to provide the information required under Article 11 of the Insurance Distribution Directive (‘IDD’) which outlines certain FCA rules that apply to an incoming firm exercising passporting under the IDD and are therefore also considered to be generally good provisions.
The FCA has issued updated guidance on its expectations of firms who approve financial promotions on behalf of unauthorised firms.
The FCA has announced that it is banning the mass marketing of speculative mini-bonds to retail customers and is introducing the restriction (at COBS 4.14) without consultation. The restriction will come into force on 1 January 2020 and will last for 12 months whilst the FCA consults on permanent rules.
An independent review into the actions by regulators in relation to intervention of Interest Rate Hedging Products is now underway. Lead by John Swift QC, the Independent Reviewer is gathering information from a number of sources including inviting submissions by 31 January 2020 from interested parties.
The FCA has launched a Call for Input on the opportunities presented by ‘open finance’. Open finance builds on the principles of open banking, which relates to the sharing of customer data to provide new ways for customers and businesses to access(?) a wider range of products, with an option of extending the principles to a wider range of products.
Speech by Megan Butler, Executive Director of Supervision: Investment, Wholesale and Specialist, delivered at an Operational Resilience Forum in December (also relevant to the article on CP 19/32 above).
The FCA has secured a confiscation order totalling £291,070 against convicted fraudster, Mark Barry Starling. This follows the FCA prosecution in which Mr Starling was sentenced to 5 years imprisonment for defrauding investors with unauthorised investment schemes.
IFA Nick King has been jailed for over six years after being found guilty of stealing more than £600,000 from his own family. Family members had entrusted him to invest money for them but instead, used the money to fund a lavish lifestyle for himself. Mr King forged paperwork to hide the theft and pretend that the investments were performing well.
The Bank of England has fined Citigroup around £44m (a record fine) for failing to provide accurate regulatory returns over a four-year period.
An office manager at UK investment house DH Private Equity has been jailed for more than four years after being found guilty of misappropriating more than £2.7m from her employer.
The High Court has handed down its first compensation order for a sum of over £500k, against Kevin Eagling, following a directors disqualification order for the maximum period of 15 years earlier in 2019.
The FCA has fined Kevin Gorman, a former Managing Director at Braemar Shipping Services, £45,000 for failing to notify personal trades in his capacity as a person discharging managerial responsibility (PDMRS) at Braemar, a listed entity.
The First-tier Tribunal has upheld a fine of £91,000 imposed on Hall and Hanley by the Claims Management Regulator (‘CMR’), the former regulator for claims management companies. The firm, whose business focused on claims for mis-sold payment protection insurance, had appealed against the decision which related to data breaches and unauthorised copying of client signatures. The claim was heard within the FCA since it has taken over the functions of the CMR.
The FCA has fined Professional Personal Claims Limited (“PPC’), a claims management company, £70,000 for misleading consumers through its website and printed materials. PPC’s websites and printed materials prominently used the logos of five major banks which it was considered was liable to mislead consumers into believing that they were submitting redress claims directly to the bank rather than dealing with a third party.
FCA secures confiscation order of a total of £5m against Dharam Prakash Gopee for acting as an illegal money lender. He was also ordered to pay compensation to consumers.
Three individuals have been acquitted of conspiracy to make corrupt payments in relation to payments made to a South Korean public official between 2002 and 2015. Following this, reporting restrictions were lifted on the Deferred Prosecution Agreement between the Serious Fraud Office (‘SFO’) and Guralp Systems Ltd, (connected with those three individuals) where the firm agreed to pay a sum of over £2m to the SFO to the Consolidated Fund in respect of gross profits arising from such payments.
It is reported that Grant Thornton has been fined £422,550 by the Financial Reporting Council (“FRC’) for errors in an audit of an unnamed listed company in 2016.
Lloyds of London has been censured by the PRA after its whistleblowing hotline for staff was not working for over a year and had failed to produce the annual whistleblowing report required by the regulator
With the Brexit deadline extended until 31st January 2020, the FCA continues to update its ‘Preparing your firm for Brexit’ webpage. This now includes a separate overview published on the FCA’s views on what a transition period may look like. FCA & Regulation
It has been announced that Andrew Bailey, currently CEO of the FCA, will take over the role of governor of the Bank of England once Mark Carney retires from that role in March.
Administrators of the failed SIPP provider, Berkeley Burke, have warned that the firm was facing claims of around £158m when it collapsed, which will now need to be covered by the FSCS.
According to Debbie Gupta, the FCA’s director of life insurance and financial advice, IFAs may be prioritising their own commercial interests over that of the clients as they are failing to demonstrate to the FCA that they understand their clients’ needs, particularly around defined benefits pension transfers.
The FCA has met with firms that had expressed interest in engaging with the FCA (when responding to a survey on improvements to GABRIEL) on a new data collection platform.
Complaints Commissioner upholds a complaint against the FCA regarding its handling of a complaint relating to statutory deadlines for considering an application.
It is reported that the FCA has contacted investment platforms regarding the suspension of the M&G property fund, with the regulator asking about firm’s communication strategies. The FCA has taken a more proactive approach to how platforms deal with fund suspensions in recent months following the suspension of the Woodford Equity Income fund earlier in the year.
In the meantime, Hargreaves Lansdown has denied reports that it is the subject of an FCA investigation into multi-manager funds with positions in funds run by Neil Woodford.
Following the introduction of the FCA’s SM&CR for solo-regulated firms, concerns have been raised regarding the risk of misinformation or confusion for consumers given that thousands of customer facing advisers (CF30s) have been de-registered on the FCA’s register.
Credit Suisse has launched a fresh enquiry into claims it spied on a member of the staff, human resources boss Peter Goerke, following the revelation that it had its former wealth boss tailed following his recruitment by rival UBS.
It is reported that an audio feed of the Bank of England’s press conferences was leaked before being officially broadcast, giving an unfair advantage to high speed traders, often on behalf of hedge funds. Traders could make huge gains on small market movements before the rest of the market received the same information.
The FCA has been criticised for delaying a consultation on banning platforms from exits fees until Q1 2020. The consultation was due to be published before the end of 2019 and was initially focusing on platforms but in March 2019, the FCA announced it was extending the scope to include any firms which provide a ‘platform comparable service’, such as life companies and fund managers.
During 2019, the FCA and Bank of England issued 51 skilled person reports under s. 166 of FSMA, which was a rise of 16%. The rise is attributed to an increase in financial crime and money laundering activities being conducted.
The FSCS has issued its regular News Outlook publication summarising related issues that have occurred since the last publication in April 2019.
The FSCS has confirmed it is expecting claims to rise 58% following the collapse of firms including SVS Securities, and that it may need to impose a supplementary levy of £46m on relevant firms for this and other claims, including a number of SIPP operators.
As referenced in the introduction, revised Money Laundering Regulations are coming into force on 10 January 2020 reflecting the transposition in the UK of the 5th Money Laundering Directive. A link to the relevant legislation (The Money Laundering and Terrorist Financing (Amendment) Regulations 2019) and an explanatory note from the Government on the changes are also provided here.
In the case of Vneshprombank LLC v Georgy Bedzhamov, the Court of Appeal has reconfirmed its approach to ascertaining the ‘ordinary living expenses’ allowance that it permitted where an assets freezing injunction is in place.
It is reported that the Serious Fraud Office (‘SFO’) has begun an investigation into Glencore, the listed mining and commodities trading firm, over suspicions of bribery. The SFO has said that it is examining the conduct of business by the Glencore group of companies, its officials, employees, agents and associated persons.
The European Payments Council issued its 2019 Payment Threats and Fraud Trends Annual Report.
David Lewis, FATF Executive Secretary made the keynote speech at the 7th International Money Laundering and Compliance Conference on 10th December with the message that stopping money laundering is about stopping the harm caused by serious crime.
Hedge fund manager, Crispin Odey is amongst investors targeted in a London surveillance investigation related to German payments group Wirecard. According to a Financial Times investigation, the former Libyan intelligence chief, Rami El Obeidi – reported to be a Wirecard shareholder - funded the investigation to identify if the fintech’s shares were being manipulated.
Former footballer, Danny Murphy has lost a £1m tax avoidance battle with Coutts. The claim related to money lent to him by Coutts for investment in a film investment scheme which was later clamped down on by the HMRC resulting in large tax bills. Mr Murphy claimed Coutts was liable for the loss but was unsuccessful in his claim.
The British Medical Association (BMA) has requested an urgent meeting with chancellor Sajid Javid over scrapping the tapered annual allowance which has been causing a pension crisis in the NHS.
It is reported that tax advisers are preparing for legislative reforms that will see HMRC extend existing IR35 legislation that currently taxes public sector consultants and contractors as full-time employees, to the private sector from April 2020.
FOS has issued its Annual Plan and Budget for 2020/2021. This includes the proposal to increase case fees from £550 to £650.
Former England Newcastle football star Alan Shearer has obtained a £100,000 pay-out via the High Court, after it was ruled that his financial adviser had given him negligent pensions advice.
According to a whistleblower, pension complaints have not been looked at by FOS for over seven months with other complex cases taking longer following a restructure which has left the service in disarray. It was also reported that around 15k of other general (non PPI) complaints have been with the FOS for over a year. FOS has refuted the claims.
This newsletter contains generic information and has been generated for professional clients and associates of Gem Compliance Consulting Limited only and should not be regarded as advice. We will not be liable for loss, however caused by parties acting on the information contained herein.
