Welcome to the latest edition of Gem Compliance’s monthly regulation newsletter. The aim of the newsletter is to present a summary of relevant industry news which has occurred during the month in an easily digestible format. As such, not all sources of industry information or FCA publications (and no PRA publications unless specified) may be included.
Clients and associates of Gem Compliance should periodically check the FCA’s, and where relevant, the PRA’s websites for regulatory developments. We hope you find this newsletter useful and should you have any feedback, compliance queries or require advice on any of these topics, please do not hesitate to contact us.
A lot happened in September but it was sad news of the Queen’s passing that probably stands out for most. King Charles automatically took the role of the new monarch as the UK entered a national period of mourning culminating in a bank holiday on which the Queen’s state funeral was held. There was much coming together and sharing of feelings and experiences, particularly in the long queues to see the Queen lying in state. FT Adviser published an article remembering the Queen in which it mentioned that, during an informal conversation with BoE officials, the Queen asked if “complacency” had contributed to the financial crisis and whether the then regulator, the Financial Services Authority (FSA), "did not have the teeth" to respond to the crisis.
Liz Truss became the new Prime Minister against a backdrop of high inflation, surging energy prices, increases to the Bank of England rate to 2.25%, the highest level since 2008, and the pound hitting its lowest level since the 2016 Brexit referendum. In response, the Government’s Autumn Statement was published in which, amongst other things, the government committed to bringing forward a deregulatory package to "unleash the potential of the UK financial services sector". This package will involve the revocation and replacement of certain financial services retained EU law. The bankers bonus cap and the 45% tax rate for higher earners were also scrapped. However, the markets responded adversely, which led the Government to make a u-turn and reinstate the 45% rate.
The amended MLRs came into force on 2nd September, which, amongst other things, introduces new rules for cryptoasset firms and requires regulated firms to collect proof of a trust’s registration with, or an excerpt from, the Trust Registration Service (TRS) register from the customer at the outset of the business relationship. The amended MLRs also expand Regulation 30A by introducing an ongoing requirement to report ‘material’ discrepancies in beneficial ownership information. However, a grace period is being applied until April 2023 to give time for firms to adjust and for Companies House reforms to take place.
The Retained EU Law (Revocation and Reform) Bill 2022-23 was introduced to Parliament on 22nd September. Clause 1 of the Bill specifies that retained EU law in EU-derived secondary legislation and retained direct EU legislation will expire on 31 December 2023 unless otherwise preserved. This clause will not, however, apply to the bulk of retained EU law relating to financial services.
Russian sanctions continue to evolve with the EU consulting on a new package of measures against Russia following Russia’s announcement of an immediate partial mobilisation of 300,000 reservists and threats to deploy nuclear weapons.
The FCA published its September regulation round-up highlighting new sector-based webinars (click here to register) and a new webpage on the Consumer Duty, which comes into force next year but with an initial deadline of end of October 2022 for boards to agree a plan for implementation. The FCA was due to hold its annual public meeting in September but postponed it to 12th October considering the death of Queen Elizabeth II.
Newsletter no. 174 has also been issued by the Financial Services Ombudsman.
The speech started by acknowledging the threat that financial crime imposes as the risks and threats are constantly evolving. The FCA expects financial crime to become even more rife as the cost of living crisis unfolds – more than seven in ten people say they have been targeted by scams in the past three months. The FCA believes that the best way to get ahead of this wave of financial crime is joined up action and intelligence.
The FCA wants to work with firms to tackle financial crime and to do so it wants to focus on the ‘force multiplier effect’. This involves professionals in firms scanning and being alert to red flags by using their human knowledge and instinct to interpret clues from conversations and customer behaviour. This also involves technology being used to identify unusual patterns of activity and information being shared with regulators and law enforcement. The FCA is contributing to this effort by driving improvements in firms’ controls and issuing warnings where it detects harm, flagging names on its warnings list more efficiently and driving its Scamsmart campaigns.
In its effort to drive improvements in firms’ controls, the regulator is sharing examples of good and bad controls, to educate firms and allow them to improve their response. A recent review of challenger banks found weaknesses in customer due diligence and insufficient rigour in dealing with transaction alerts. However, the review did identify some strengths including the use of data, tech, geolocation data to verify customer identity efficiently, and the advanced monitoring for fraud by reviewing customers who were using multiple devices to log into accounts.
Sarah Pritchard’s message to all firms is “Embed your financial crime checks in your systems from day one, but keep evolving as the threats evolve. Use the power of data and tech, and stay alert for situations in which you may need to recalibrate your defences and alerts”.
The FCA has identified that criminals are targeting the crypto sector as a potential weak link therefore, it has set robust standards for crypto firms on anti-money laundering measures. The FCA confirmed that 37 firms have met these standards following its guidance and in order for them to keep their registration they are required to continue to meet those standards. In addition to this, the FCA ordered the closure of crypto ATMs that were operating without regulatory permission. Criminals are not only targeting new, high-tech offerings, as the FCA confirmed it saw criminals targeting the post office network to funnel criminal cash. The FCA worked with law enforcement, the NECC, industry and government partners to force the closure of these money laundering routes and change the system-wide controls.
The UK’s regulator is not taking a light approach to financial crime and has taken action by prosecuting major bank, NatWest, for money laundering system and control failures in 2021 when it was fined £264.8 million. NatWest is not the only firm to have been fined by the regulator for money laundering weaknesses, as ten other firms have been fined since 2018 – fines issued (including NatWest) totalled over £665m.
Ms Prichard highlighted the importance of thinking ahead and acting at pace, before threats increase exponentially. In anticipation of Russia’s invasion of Ukraine the FCA acted fast and, two days prior to the invasion, it informed firms of its expectations in the event of a war. Within two days of the invasion, the regulator reached out over 10,000 firms within retail banking, payments, cryproassets, wholesale banking, wealth management, insurance and asset management sectors. The FCA’s work on sanctions is ongoing and it is using data and intelligence to identify firms with potential weaknesses in controls, and then using data tools to test the effectiveness of those firms’ sanction screening systems. The FCA warns firms that if they use vendor solutions for their sanction screening processes, they need to make sure that solution is tailored and suitable for their customer and business profile.
The FCA is asking firms to plan how they will address the risks of the cost of living crisis. As the situation in the UK becomes increasingly difficult for customers, it is expected that there will be a rise in individuals being recruited to act as money mules, where they are asked to transfer money through their accounts by strangers in exchange for payment. The temptation for those in difficult circumstances is huge, as are the consequences. Ms Prichard asked attendees “have you asked what your firm is doing to calibrate your financial crime controls to changing risks in the cost of living crisis?” – this is something that all firms should be actively considering.
The threat of financial crime is never going to disappear which is why a whole system response is needed to effectively limit the threat. Crime spotting cannot be left to legal, compliance or other experts – financial crime controls must be implemented throughout all areas of a firm and staff should sufficiently trained on the matter.
The Wholesale Market Review, which the FCA and the Treasury have been conducting, identified that the pace at which technology and market structure have changed since the regulatory framework was introduced causes firms to be uncertain of the regulatory permissions they need. Therefore, a recommendation was made for guidance on the regulatory perimeter for trading venues and this Consultation paper (CP) addresses that recommendation.
The FCA makes it very clear that they are not modifying the perimeter, as this would require a legislative change. The purpose of the CP is to provide additional guidance to clarify the concept of a multilateral system and how this guidance should be applied to specific types of arrangements in financial markets.
The CP also seeks views on whether the trading venue regime can be made more proportionate for smaller firms, while maintaining high standards of market integrity. However, the FCA is not making any proposals at this stage.
In this CP, the FCA proposes new guidance for the Perimeter Guidance Manual (PERG), the section of the Handbook that provides guidance about where authorisation is required or exempt person status is available under primary legislation. The proposed guidance would clarify the definition of a multilateral system, and update Q and As on the application of the general guidance to specific types of arrangements. Currently, PERG 2 focuses on the scope of regulated activities under the Regulated Activities Order and PERG 13 provides guidance on the operation of a multilateral trading facility and an organised trading facility. The Market Conduct Sourcebook also contains relevant guidance on multilateral systems.
A multilateral system comprises the following main elements:
it has the characteristics of a trading system or facility;
it comprises multiple third-party buying and selling trading interests;
it allows trading interests to interact in the system; and
those trading interests are in financial instruments.
The FCA proposes to issue general guidance in PERG 13 on its interpretation of each of the 4 above points, which firms should have regard to when considering whether their activity requires authorisation as a trading venue.
The FCA is also proposing Q and As for PERG 13 on the application of the general guidance to:
Investment-based crowdfunding firms operating primary market platforms: The proposed guidance indicates that a crowdfunding platform in which the business funding interests of an issuer of shares, debentures or alternative debentures are matched with those of investors does not amount to a multilateral system.
Bulletin boards: The proposed guidance clarifies the demarcation between multilateral systems and bulletin boards.
Technology providers: The proposed guidance draws a distinction between general purpose communications systems and multilateral systems.
Voice brokers: The proposed guidance clarifies that arranging or executing client orders over the telephone without operating a trading system or facility does not constitute a multilateral system.
Portfolio managers operating internal matching systems: The proposed guidance sets out the circumstances where the execution of trading interests by a portfolio manager does not constitute a multilateral system.
Blocking onto trading venues: The proposed guidance indicates that where a firm operates a system for the purpose only of blocking trades onto a trading venue consistent with the intentions of the parties to the underlying transactions to trade on a trading venue, these arrangements do not amount to the operation of a multilateral system.
Where a firm does not operate a multilateral system, it will not require authorisation as a trading venue, but the activity and client types may lead some firms to choose to be authorised as service companies – the current definition was introduced by MiFID I in 2007. Therefore, the CP also proposes updates to this definition, so that it also refers to the current client categorisation terminology with respect to client limitation types.
Regarding the application/consideration of existing EU non-legislative material, the FCA is proposing that ESMA’s Q&As dealing with the trading venue perimeter – Q&As 7, 10, 11 and 12 in Section 5 of the ESMA Q&As on MiFID II and MiFIR market structures topics – should not form part of its supervisory expectations following the issuance of the final guidance.
The consultation period close on 11th November and the FCA will aim to publish a policy statement in Q2 2023.
CP22/17: Quarterly Consultation Paper No. 37. Amongst other things, this CP includes proposals to clarify the definition of a ‘significant SYSC firm’ and changes to PERG, CONC and MCOB to align with recent changes to the regulatory perimeter in respect of credit agreements entered into with high net worth borrowers.
CP22/19: Creation of a baseline financial resilience regulatory return. The FCA is proposing to replace the FCA Financial Resilience Survey with a regulatory return in order to reduce burden on firms and improve quality and consistency of data. The consultation closes on 2nd December 2022 and the FCA aims to publish a policy statement and final rules in Spring 2023.
Press Releases/Statements/News Stories
Rowanmoor Personal Pensions, an authorised Self-Invested Personal Pension (SIPP) operator, enters administration.
Gloucestershire Credit Union Limited enters administration
FCA warns of unauthorised claims management companies offering to write off debts, mainly mortgages, and get compensation for consumers from their lenders for a fee. The FCA reports that more fees may be added if the scheme fails, potentially leading to significant losses for those involved.
FCA published report announcing a range of proposed interventions to reform the multi-occupancy buildings insurance market. The FCA comments that since the Grenfell tragedy, leaseholders have faced a substantial increase in the cost of insurance. The FCA proposals are designed to give leaseholders greater protections from high prices and ensure the market operates better for them.
Updates
FCA updated its Attestations webpage for Q1 of FYE 2022/23 (April-June 2022)
FCA published data on the number of skilled person reports commissioned in Q1 of the 2022/23 FY (i.e. April – June 2022).
GI Multi-firm review: Assessing liquidity for orderly wind-down: good and poor practices from general insurance (GI) brokers. Whilst aimed at GI firms, the FCA has said all regulated firms should read this and consider whether changes are needed to their own arrangements.
FCA updated its webpage on its policy statement on insurance pricing practices (PS21/11) to add a section on the application of the Product Intervention and Product Governance sourcebook (PROD) to products distributed through distributors based outside the UK and intended for non-UK customers.
Other
FCA launches a series of TikTok adverts for its InvestSmart campaign, which are designed to drive consumers to its InvestSmart website where they can get information to make informed decisions.
Occasional paper No. 61: Robo-Advice for Borrower Repayment Decisions. This paper, which is summarised here, explains the results from a robo-advice experiment that asked consumers to make hypothetical borrower repayment decisions.
Letter to Repositories portfolio outlining the FCA’s views on risks of harm in the sector and the FCA’s expectations of firms in this portfolio.
Portfolio letter: the FCA’s supervision strategy for benchmark administrators
The Serious Fraud Office announces that a financial adviser accused of involvement in the Axiom fraud – a fraudulent scheme run by convicted investment manager, Timothy Schools, that claimed to provide loans to law firms pursuing no-win-no-fee cases, but which instead funded Schools’ lifestyle – is to face a retrial in March 2024 after jurors failed to reach a verdict after 30 hours of deliberation. The Axiom Fund secured over £100 million from approximately 500 investors.
Information Commissioner's (IC) fixed penalty notice (FPN), for failing to pay a data protection fee of £60, reduced on appeal from £600 to £200, due to the financial effects of the COVID-19 global pandemic.
In connection with a proposed takeover involving the acquisition of seven authorised firms, the FCA issued a statement that it will likely require Link Fund Solutions Ltd (LFS), one of the firms being acquired and which managed the LF Woodford Equity Income Fund (WEIF), to pay a financial penalty and/or consumer redress for failing to manage the liquidity of the WEIF. The FCA has therefore decided to approve the acquiring firm’s (Dye and Durham’s) acquisition of LFS, subject to a condition to commit to make funds available to meet any shortfall within LFS in the amount available to cover any redress payments LFS may be required to make, which the FCA has indicated could be up to £306m. However, this amount doesn’t reflect any other amounts that may become due as a result of potential wrongdoing. In a further update, the FCA confirmed it has issued a draft Warning Notice to LFS proposing a penalty of £50m (before any discounts applied). The Warning Notice also refers to the estimated £306m redress payment LFS could be required to pay.
Paige Thompson, a former Amazon Web Services employee, who was convicted of seven counts of fraud in U.S. District Court for stealing personal data of millions people from more than two dozen entities including Capital One bank, from unsecured accounts stored on the tech giant’s cloud service, has been sentenced to time served and five years’ probation with location and computer monitoring. Although, Capital One responded to the hack quickly, it was fined $80m and settled customer lawsuits for $190m. Therefore, this case provides a wake-up call to all firms that believe they can solely rely on the security of their cloud service providers to mitigate associated cyber threats.
Malta-based Novum Bank has been fined €89K by the Financial Intelligence Analysis Unit and ordered to tighten up checks on clients after major shortcomings in AML processes were identified.
Ireland’s data privacy regulator has fined Instagram €405m for mishandling the personal information of 13-17 year olds. The regulator’s investigation began after a data scientist found that users, including those under 18, were switching to business accounts which displayed their contact information on their profiles in order to get statistics on ‘likes’ after Instagram removed this feature from personal accounts in some countries to help with mental health. Instagram is to appeal the fine.
Danske Bank fined €182m by the Central Bank of Ireland because its Dublin branch failed to update its transaction monitoring system after new rules came into force, which resulted in failure to properly monitor around 350,000 transactions for potential money laundering or terrorist financing for almost a decade.
It has been reported by a number of industry members/stakeholders that many firms are struggling with the cost and burden of compliance, with increasing amounts of regulation but compliance function headcount remaining flat. Thomson Reuters Regulatory Intelligence, which commissioned a report entitled “9-page report, Cost of Compliance 2022: Competing priorities” recorded 64,152 regulatory alerts (significant regulatory changes) across 190 countries in 2021 and 67,125 recorded in 2020. In comparison, the average number of alerts in the previous decade (2010-19) was just 33,954 a year.
It is reported that FCA CEO, Nikhil Rathi, has pushed back on a request by the Treasury Select Committee, in its ‘Future of Financial Services Regulation’ report, to focus more on financial inclusion. Mr Rathi is concerned that this “might risk increasing expectations that the FCA should step into to fix problems that it does to have the power to solve.” Subsequently, Economic Secretary to the Treasury, Richard Fuller, confirmed in a letter to the Economic Secretary to the Treasury that HMT does not intend to legislate the FCA on financial inclusion requirements.
The Financial Services and Markets Bill 2022/23 had its second reading in the House of Commons on 7th September 2022. During the debate, Richard Fuller, Economic Secretary to the Treasury (who was presenting the Bill for the government) confirmed the intention to introduce an intervention power to enable HMT to direct the regulators to make, amend or revoke rules where there are matters of significant public interest. He also confirmed that the government had no plans to merge the FCA and the PRA.
The PRA has published a consultation paper on changes to the regulatory regime for credit unions.
ESMA updates Q&A on the EU Market Abuse Regulation regarding two questions on the disclosure of inside information.
The UK’s National Crime Agency (NCA) has filed a Recovery Order with the High Court for almost £54m currently held in 2 Barclays accounts over concerns the money constitutes the proceeds of crime following internal investigations by the bank. Apparently, Barclays launched an investigation on the back of third-party intelligence and later ring-fenced the money due to the account holder’s “inability or unwillingness to provide information as to the provenance of the suspect funds in their account”.
Regulations that extended the definition of ‘relevant firms’ that have financial sanctions reporting obligations to cryptoasset exchange providers and custodian wallet providers, came into force on 30th August 2022. OFSI has updated chapter 5 of its general guidance accordingly.
Lloyd’s of London announces that cyber insurance policies issued after 31st March 2023 will be required to contain a suitable clause excluding liability for losses arising from any state backed cyber-attack, in accordance with specific requirements, in addition to any war exclusion.
RiskScreen publishes blog to assist asset managers in mitigating their financial crime risks. A report, outlining the AML risks faced by the sector and how automation can help mitigate them, can also be downloaded from the blog.
A Court in Croatia has detained five people on suspicion of defrauding Croatia’s main oil and gas company, INA, of $133m by reselling INA’s gas abroad for 10 times the price and keeping the difference. Funds of $108m, that were deposited in numerous accounts and open investment funds, have been frozen and related investments into real estate blocked.
Effectiveness of Russian sanctions called into question as the wife of Putin’s spokesman, a sanctioned individual, posts videos of herself online while claiming to be on holiday in Greece.
Some provisions of the amended MLRs came into force in September. The rest will come into force in April 2023.
Frozen Assets Reporting Notice for 2022 published by OFSI.
JMLSG consults on revisions to Part 1 of its guidance to take account of amendments to the MLRs regarding high-risk third country enhanced due diligence, trusts, and proliferation financing.
The Economic Crime and Corporate Transparency Bill 2022 was published on 22nd September, which amongst other things: increases the Registrar’s powers so that it becomes a more active gatekeeper over company creation and a custodian of more reliable data concerning companies; introduces ID verification requirements for all new and existing registered officers and PSCs (persons with significant control); and introduces powers to enable cryptoassets to be more quickly and easily seized and recovered.
It is reported that the first known case of a non-fungible token (NFT) being used in terrorism has come to light. The article also reports that analysts involved in the identification of 3 NFTs from the same creator said “this could be a sign that terrorist groups may be using the emerging technology to spread their message and test new funding strategies”.
Pinsent Masons reports that the heads of the Serious Fraud Office and the Crown Prosecution Service have called for the expansion of existing ‘failure to prevent’ corporate crime offences to cover wider economic crime and fraud specifically.
House of Commons Library publishes research briefing providing a summary explanation of the proposed changes to the current UK data protection regime.
Call for Information from UK Home Office suggests stricter cybersecurity requirements involving “secure-by-default principles’ could be written into UK law. The title for the proposed measures is Cyber Duty to Protect, which indicates the measures will place greater responsibility on organisations to protect personal accounts and data.
Terms of Reference of the Digital Regulation Cooperation Forum (DRCF) published.
Co-Operative bank ordered to refund early repayment charge to customers after experiencing delays porting their mortgage.
The FOS rules that an authorised firm is responsible for advice given to two investors over 15 years ago by an Appointed Representative (AR) and by a self-employed adviser, respectively, both of whom were acquired separately by the authorised firm several years after the advice was given. The total compensation the FOS has ordered the authorised firm to pay the two investors is reported to be at least £310K.
FSCS confirms it is investigating claims against Rowanmoor after the SIPP firm, which is reported to operate approximately 4,800 pensions with assets under administration of £1.4bn, entered administration at the end of August. The firm’s insolvency is said to be the result of a FOS ruling in January, which was treated as a sample case for hundreds of other complaints concerning the firm’s due diligence, that found Rowanmoor had failed to verify the integrity of an introducer firm it worked with on hundreds of high-risk Sipp investments. It is reported that the FSCS expects hundreds of complaints to be passed to it from the FOS, which leaves many wondering whether the FSCS will breach the cap on the investments FSCS class for compensation requiring contributions from other classes.
The Financial Ombudsman Service (FOS) published its quarterly complaints data on financial products and services for April to June 2022 (the first quarter of this financial year), together with a related webpage. The FOS highlights trends in complaints received regarding frauds and scams and unregulated collective investment schemes and comments that, although the volume of complaints has returned to more normal levels since the pandemic, it expects the worsening economic environment to lead to an increase in complaint numbers.
The FOS has also published its complaints data for individual businesses for H1 2022.
Complaints Commissioner (CC) publishes final report on a complaint to the FCA in which he describes the complainant’s experience over nine months as involving “delays, poor customer service, departments working in silos, and failure to resolve the complaint.” The FCA blamed unforeseeable technical errors for the delays. The CC has upheld the complaint and has recommended the FCA do the same, in full, and confirm to the complainant the actions it has taken to ensure the technical errors are not repeated. The CC has also recommended that the FCA updates him in 6 months on whether the technical issues have been resolved.
Office of Tax Simplification issues Call for Evidence to employers and employees and some self-employed people to help identify the emerging trends in hybrid and distance working in the UK and across borders, and any pressures they put on existing tax rules and guidance.
The Scottish Conservatives have withdrawn a job offer after information came to light indicating that the individual may have lied on his CV. Apparently, the offer had been made after two rounds of interviews.
This newsletter contains generic information and has been generated for professional clients and associates of Gem Compliance Consulting Limited only and should not be regarded as advice. We will not be liable for loss, however caused by parties acting on the information contained herein.
