EU Benchmark Regulation:
From the 1st January 2018, a new EU Benchmark Regulation (“BMR”) will apply to financial markets. BMR introduces a common framework to ensure the accuracy and integrity of indices used as ‘benchmarks’ in financial instruments, financial contracts, or to measure the performance of investment funds in the Union. This Regulation thereby contributes to the proper functioning of the internal market whilst achieving a high level of consumer and investor protection (Art. 1 subject-matter).
Benchmarks and indices are vital tools for assessing the underlying price of financial instruments and contracts, as well as for measuring the performance of investment funds. The new BMR regulation will ensure that benchmarks are robust and reliable, whilst conflicts of interest in the setting process are minimized.
The FCA shared its intention of issuing a consultation paper on the Regulation regarding indices used as benchmarks in financial instruments and contracts; the outcome of which is expected immanently. The key issues addressed relate to scope, conduct requirements and extra-territorial implications (particularly in regards to Brexit).
Planned publication of the FCA’s consultation paper on the UK’s implementation of the BMR is due in the coming weeks. The regulatory timelines are very tight, especially in light of the close implementation deadlines for MiFID II (3rd January 2018).
What about Non-EU Benchmarks?
Particular challenges will be faced for EU firms referencing non-EU benchmarks in securities or derivatives, or using them in the management of investment funds. The Benchmarks of non-EU administrators may only be used in the EU whereby;
Supervised entities using these benchmarks will need to maintain written contingency plans.
Tax Fraud – Update:
The 4th Anti Money Laundering Directive (“AMLD”) now sees a new feature pertaining to Tax Crimes introduced into the Directive guidelines. This feature suggests that Crimes carried out in relation to direct and indirect taxes are now, for the first time in the EU, expressly considered by the Directive as predicate offences; however, there is still no harmonised definition of what a ‘Tax Crime would constitute under the 4th AMLD.
Revisions to the AMLD now ensure that EU member states are obliged to keep a central register of information on the ultimate “beneficial” owners of corporate and other legal entities, lowering the threshold for declaring beneficial ownership for passive corporate entities. This requirement will ensure that these structures are subject to greater transparency and scrutiny.
The central registers will be accessible to the following parties:
Access requests are only granted in case of a “legitimate interest“, which are:
Here is an example of local implementation (Luxembourg):
In conjunction with the implementation of the 4th AMLD in 1 January 2017, Luxembourg also introduced the concept of three types of tax fraud:
Money laundering offences have therefore been extended to include cases of “aggravated” tax fraud and tax evasion.
The art 506-1 of the Luxembourg Criminal Code has been updated to include and distinguish different types of tax frauds and the subsequent punishments/action taken:
The CSSF Circular 17/650 was amended to include a list of 21 fiscally relevant indicators. These shall raise awareness and are impacting other due diligence factors (client occupation, business scope, etc.).
Suspicion triggered by assessed indicators is sufficient for reporting to the local FIU and shall not lead the reporting entity to classify the tax fraud type.
What are the impacts?
In order to comply with the new Circular, Fund Administrators should update internal policies and procedures to include;
In order to implement the Circular in practice, the concept of a “Tax Compliance Policy” will need to be introduced and implemented: this will be complementary of the already existing Apex Group AML Policy and will include the tax offenses within the risk factors to be considered in the overall risk assessment.
Data Protection Impact Assessment:
In the context of the General Data Protection Regulation (GDPR), introduced in April 2017, the Data Protection Impact Assessment (DPIA) has become a mandatory requirement within fund industry as it is “likely to result in a high risk to the rights and freedom of natural persons”.
What is Data Protection Impact Assessment (DPIA)?
DPIA is a process designed to provide guidance and help to ensure that the fundamental rights of personal data and privacy protection are upheld. DPIA helps data controllers not only to comply with the GDPR requirements, it also demonstrates that appropriate measures are being taken to ensure compliance with Regulation and to mitigate or eliminate the risk identified.
When is DIPA applicable?
DPIA should be carried out in any instance where an activity could “likely result in high risk to the right and the freedom of a natural person” – taking in consideration nature, scope, context and purposes of the processing.
Art 29 of the Guidelines on DPIA includes some examples of activities that may incur in “higher risk”:
Given the above, where the type of data processing is likely to result in a high risk for the rights and freedom of individuals, data controllers shall carry out DPIA prior to the processing in order to assess the impact of the envisaged processing operations on the protection of personal data.
When is a DPIA not applicable?
A DPIA is not required when the processing of data is not “likely to result in a high risk,” or the processing is very similar to another case for which DPIA has been already conducted for DIPA is also not required where the activity has a legal basis in the EU or Member State law, or where the processing is included on the optional list established by the supervisory authority of exempted processing operations.
Who is involved in this process?
Data Processor (on behalf of clients):
The data controller (on own behalf), with the DPO and the data processor(s):
Data Protection Officer (DPO):
Content of the DPIA:
The controller must assess the impact of the ‘in scope processing operations’ on the protection of personal data;
Non Compliance with the DPIA:
Non compliance with the DPIA might constitute a serious violation, subject to a fine up to €10 million or up to 2% of the organisation’s total worldwide turnover of the preceding financial year. Non compliance could also lead to:
FATCA and CRS – Extended Compliance Deadlines:
Similar to the first year of reporting under FATCA, some notification and reporting deadlines under CRS have also been pushed out. Malta extended its CRS deadline from 30 April 2017 to 30 June 2017. Both the British Virgin Islands and Cayman Islands extended their CRS notification deadline to 30 June 2017 and CRS reporting deadline to 31 July 2017. In Bermuda, the Ministry of Finance has set a registration deadline of 14 July 2017 and a reporting deadline of 30 August 2017. All reporting must be submitted via the Bermuda Tax Information Portal which is currently under development.
The Cayman Islands Automatic Exchange of Information (“AEOI”) Portal re-opened on the 16 May 2017 and is accepting FATCA XML Schema version 2.0 submissions, CRS notifications and variations to reporting obligations. CRS return submission functionality is anticipated to be available at the beginning of June 2017. Due to the portal being offline until mid-May then the Cayman Tax Authority also extended the deadline for US FATCA reporting until 31 July 2017 to bring it in line with the CRS deadline.
Registration obligations for Investment Managers and Investment Advisors in Cayman and Malta:
The scope of exemptions available under the CRS is much narrower than under FATCA. Entities that were classified as Non-Reporting FIs under Annex II of the Intergovernmental Agreements (IGAs) such as Investment Managers, Investment Advisors, General Partners etc. may now be classified as Reporting FIs for CRS purposes.
Investment Managers and Advisors that only provide investment advisory or management services will be regarded as not having any financial accounts and therefore, not required to report, as long as they meet the “solely because” test in the definition of a Financial Account under the CRS Regulations. They may however have a notification or registration obligation in their local jurisdiction and should review their classification to determine how CRS will impact them.
The Cayman Tax Authority requires that all Cayman FIs submit a notification to the Tax Information Authority by the 30 June this year. This applies to Investment Managers and Advisors however they can select the option that they ‘have no financial accounts’ so that it is not necessary to submit an annual return thereafter unless their circumstances change.
There is also an obligation on all Malta FIs to register with the Commissioner for the purposes of CRS. This registration is to be accomplished through the online registration process through the website of the Inland Revenue Department.
Additionally, the Sponsoring Entity and Sponsored Entity approach is not available under CRS therefore FIs that have availed of this option will need to notify and submit reports separately under CRS.
Luxembourg Introduces a Bill of Law to Implement the 4th Anti-Money Laundering and Terrorist Financing Directive:
On 26 April 2017, the Bill of Law n.7128 (Bill of Law) was introduced to the Chamber of Deputies: the scope is to implement into national legislation some provisions of the 4th AML Directive.
The Bill of Law will amend the Luxembourg legal framework to ensure:
Who is impacted?
The amount of cash payments, for which traders of goods shall implement the obligations of the AML Law, will be reduced from €15,000 to €10,000.
Risk based approach:
All professionals impacted by the AML Law shall:
Defined professional obligations:
The AML Law has included and defined specific obligations that the professional of the financial sector need to comply with. These are:
The AML Law refers to both Control Authorities and Self-regulatory bodies, which shall ensure:
Administrative sanctions: they can be up to €5,000,000 or 10% of the total annual turnover
Criminal sanctions: the fine can vary from €12,500 to €5,000,000 for the non-compliance with professional obligations.
 Official Journal of the European Union
FCA’s Consultation Paper
By clicking the button you confirming that you’re agree with our following Terms and Conditions