February 2018: Regulatory Update

Share:

Share on facebook
Share on twitter
Share on linkedin

Copied!

MiFID II – The new era has started

After a year of clarification and research to decode and understand the complex new Directive, the revamped version of Europe’s Markets in Financial Instruments Directive (MiFID II) finally launched on the 3rd January 2018,. MiFIDII aims to strengthen protection for investors, prevent market abuse and conflicts of interest, increase transparency and re-establish consumer trust. The new rules now require ‘the I firms n the financial services system to introduce new expanded set of reports and controls. These reports mainly focus on:

  • moving dark pools into regulated markets;
  • improving impartiality of investment research (reducing conflicts of interest);
  • enhancing data reporting;
  • imposing non-discriminatory rules for the admission of financial instruments;
  • increasing transparency in costs for customers;
  • limiting speculation on commodity derivatives markets.

Click Here to read our full Mifid II explanation.

Who will be impacted?

Under the final MiFIDII rules, both banks and asset managers have new responsibilities and deliverables to ensure compliance with the enhanced requirements.

Fund distribution Chart

For Portfolio Management, MiFID II covers Asset Managers and Broker/Banks.

Asset Managers need to focus on inducement and research, execution and transaction reporting to be compliant, whilst for brokers and banks the obligation is limited to Execution and Reporting.

Fund service providers, such as Apex, that are delivering FA services are out of scope unless there is a requirement for provision of services to asset mangers that falls outside the regular FA service range.

MiFID II impact assessment – key changes

TopicRequirementsPotential Impact
Corporate Governance and Market Access
Corporate Governance
  • Increased corporate governance and supervision to ensure senior management (directors and NED’s) are deemed to be appropriate, suitable and have adequate qualifications
  • Establishment of governance for the review and monitoring of policies, procedures, products, etc.
  • Monitored remuneration to avoid any conflict of interest
3rd Country market access
  • Firms might be required to set up a branch to continue serving retail investors in 3rd country[1]
  • Required registration with ESMA if actively servicing professional clients cross border
  • Analysis of marketing activities with regards to reversed solicitation services
  • Potential ESMA registration required
Protection of clients assets
  • MiFID II expects firms to put in place arrangements to safeguard client assets, ensuring the prevention of unauthorized use of its assets
  • Restrictions on security lending with retail investors (explicit consent is required)
  • Firms are to record clients consent to use assets
Record Keeping
  • Companies are to record any communication or conversation related to transactions, client orders and/or any intention that may result in a transaction.
  • Face to face meetings are also to be recorded.
  • Extended recording capabilities are required (for phone lines, emails, etc.)
  • Minutes should be taken
  • Client communications advising the communication and/or conversation is recorded
TopicRequirementsPotential Impact
Inducement Rule and Service Offering
Independent vs Non Independent advice
  • Firms are required to define themselves as either an independent or non independent advisor
  • The definition of investment advise remains unchanged, however MiFIDII has expanded the concept of “personal recommendations”
  • Development and marketing of a new advisory offering, depending on the type of advice
  • Revised contracts and mandates
  • Firms providing independent advise are required to assess a sufficient range of financial instruments and are not allowed to receive inducements
Inducements
  • – Introduction of a ban on retention of inducements with regards to portfolio management and firms providing independent advice
  • – Clients need to be informed about inducements in detail where applicable (allowed if the payment is for an enhancement of service quality and/or is not in conflict with professionalism and the client’s best interests)
  • Inducement calculation/ reporting system or process is required
  • Additional and specific disclosures, record keeping obligations and implementation and deployment of related policies and procedures
  • Custody, settlement, exchange and legal fees are not to be considered inducement
Remuneration
  • Remuneration now based on bot quantitative and qualitative achievements
  • The scope is to encourage responsible business conduct, fair treatment and avoid conflicts of interest
  • Put in place a remuneration policy and procedures
  • Ensure periodic review of the framework and quality of service provided
  • Review of contractual agreements
TopicRequirementsPotential Impact
Product Governance Provisions
Product approval and monitoring
  • Identification of the target market
  • Create an adequate distribution strategy
  • Deliver appropriate client outcome
  • Avoid conflicts of interest with the client (e.g. remuneration)
  • Act in the client’s best interest during all stages of product/service life-cycle.
  • Put in place an adequate distribution plan to ensure compatibility with targeted market
  • Implementation of product approval process
  • Deployment of monitoring process
Target Market
  • Allocation of the different products to a specific target market based on the individual client’s needs, characteristics and objectives
  • Put in place a compatible distribution process
  • Manufacturers to assess the target market based on needs and objectives of potential clients
Distribution Governance
  • Distribution suitability and distribution marketing to be defined and put in place to ensure correct servicing of the targeted market
  • Handling of third party products
  • Ensuring the proposed product and services are in line with the client’s profile
  • Ensuring the decision on products and services recommended to key clients is made without sales intervention
TopicRequirementsPotential Impact
Advisory Process
Client Information and reporting
  • Companies are now required to provide clients with enhanced investor protection through improved information reports (transparent and detailed), including product risk
  • Improved existing reporting and enhanced new reports will facilitate and ensure transparency in execution, cost calculations and overall, the client’s protection.
  • Enhanced MiFIDII information package
  • Adaptation of marketing materials
  • Review of the Conflict of Interest policy for investor protection (e.g. remuneration)
  • Amendment of client reports
  • Data availability and calculation of cost & charges (inducement reporting)
Product Suitability & Appropriateness
  • Obligation on investment adviser to provide suitability reports to retail investors prior any transaction
  • Annual review of client portfolio, target market of the fund and demographic
TopicRequirementsPotential Impact
Trading & Execution
Market structure
  • Regulation of all trading venues (introduction of Organised Trading Facility “OTF”)
  • Regulation of direct electronic market access
  • Extension of Systematic Internalise regime to non-equities
  • Increased pre-and post trade publication
  • Trading obligation in shares and certain derivatives
  • Implementation of rules to comply with trading obligations
  • Registration as SI or dealing below thresholds
  • Change in terms of service for trading venues
  • Compliance with direct electronic access provisions
Transaction reporting and recording
  • New transaction reporting now include an extended set of orders and transactions.
  • Obligation to provide “adequate” reports on services provided.
  • Increased number of reportable transactions and changes in data fields
  • Definition of reporting set-up
  • Pre and post trade transparency is being introduced to the fixed income market
  • Fixed income trades must be reported within 15 minutes
  • OTC transaction outside a trading venue must be made public through an Approved Publication Arrangement (APA)
  • Transaction in trading venue will be published by the venue (no change to MiFID I).
Best Execution
  • New obligation to ensure clients are provided with more transparent, simplified and concrete policies that explain how their orders will be executed.
  • Firms are obliged to take “all reasonable steps” to achieve the best possible results for their clients.
  • Policies must be reviewed annually at a minimum and in the case of a material change (including “order execution policy”)
  • Proof of compliance with the policies upon client request.
  • Portfolio Managers shall also provide adequate information about entities chosen for execution (publishing the top five investment firms in terms of trading volumes)

International News[2]

Ireland | DPC releases GDPR readiness template

The Data Protection Commissioner (‘DPC’) released, on 22 December 2017, a template to assist organizations comply with the General Data Protection Regulation (Regulation (EU) 2016/679) (‘GDPR’). In particular, the template aims to assist organizations in mapping the personal data held and processed, the lawful basis on which the data was collected, and the retention periods for each category of data. In addition, the template provides further detailed questions regarding data subject rights, accuracy, transparency requirements, data security, data breaches and international data transfers

Luxembourg: CNPD launches GDPR compliance tool

21st December 2017: The National Commission for Data Protection (‘CNPD’) launched the General Data Protection Regulation (Regulation (EU) 2016/679) (‘GDPR’) Compliance Support Tool (‘the Tool’). The purpose of the GDPR Compliance Support Tool is to provide an innovative and intuitive assistance to organisations enabling them to adequately evaluate their data protection compliance level. The tool will enable organisations not only to manage a processing register and all the other documents required to demonstrate their responsibility, but also to monitor the evolution of the maturity levels at their organization.

Mauritius | Data Protection Act published in Government Gazette

23 December 2017: The Data Protection Act 2017 (‘the Act’) was published in the Mauritius Government Gazette following the passing of the Act by the Mauritian Assembly and the assent of the President. The Act will repeal the Data Protection Act 2004 and seeks to align Mauritius’ data protection framework with international standards (GDPR), to strengthen the control and individual autonomy of data subjects over their personal data. The Act will come into operation as soon as a date is fixed by proclamation.

UK | ICO issues advice for organizations on Meltdown and Spectre

5 January 2018: The ICO issued an official blog post providing information on how organisations should respond to the security flaws known as ‘Meltdown’ and ‘Spectre’ found in processors designed by Intel Corporation, Advanced Micro Devices, Inc. and Arm Holdings. Alternatively, an attacker could steal credentials or encryption keys that would allow them to access personal data stored elsewhere. Considering that ‘GDPR will be coming in to effect on May 25 this year, there may be some circumstances where organisations could be held liable for a breach of security that relates to measures, such as patches, which should have been undertaken proactively (Privacy by design).

The ICO’s intention is to help organisation understand that taking care of the basics will ultimately protect them from potential attacks, and therefore potential loss of data. After the recent gap discovered, the ICO also issued a recommendation to organisations, suggesting that they determine which of their systems are vulnerable, test and apply patches as a matter of urgency. Failure to patch known vulnerabilities is a factor that the ICO takes into account when determining whether a breach of the seventh principle of the Data Protection Act 1998 is serious enough to warrant a civil monetary penalty. The blog focuses on the role of the ‘data controller’, reiterating the fact that if such security vulnerabilities are exploited on a system that is processing personal data, that personal data could be compromised and therefore the company would be in breach of the regulation.

USA | The US joins the APEC Privacy Recognition for Processors System

29 December 2017: The International Trade Administration announced that the United States (‘US’) had joined the Asia-Pacific Economic Cooperation (‘APEC’) Privacy Recognition for Processors System (‘the PRP System’), becoming the first economy to offer APEC Privacy Trustmark to Data Processors.

Under the PRP System, data processors can obtain a certification to show their commitment to consumer privacy protection in order to enhance transparency and trust, “facilitating partnerships with multinational economies in the digital ecosystem.” Certification can be obtained following a review of a business’ data privacy policies and practices to verify compliance with the PRP System’s baseline security and accountability standards for data protection.

Expanded implementation of the PRP System across the APEC region, with the participation of extra countries in the project, will assist US companies in evaluating whether prospective international business partners are committed to effective consumer privacy protections.

Together with the APEC Cross-Border Privacy Rules (CBPR) system for data controllers, PRP will strengthen consumer privacy protection and trust across the Asia Pacific region, while also facilitating trade by minimising barriers to the cross-border flow of information.

Footnotes:

[1] The term “third country” refers to jurisdictions outside the EU and “third country firms” refers to entities incorporated outside the EU, whether they do, or seek to do, business by way of a branch established in the EU, or on a cross-border basis – i.e. providing services to persons in one jurisdiction from a place of business in another jurisdiction without any establishment in the client’s jurisdiction

[2] Source: DataGuidance 2018

Share:

Share on facebook
Share on twitter
Share on linkedin

Get in touch with our team

Submit your query

Cookie control
This website uses cookies so that we can make your experience better. If you wish to change your cookie settings please refer to our Privacy Policy. Otherwise we will assume you’re OK to continue. Privacy Policy