CUBE RegNews: 13th September

Greg Kilminster

Greg Kilminster

Head of Product - Content

FCA issues policy statement on new financial promotions gateway


The Financial Conduct Authority has published PS23/13, which confirms the regulator’s new policy on introducing a gateway for firms who approve financial promotions. The new gateway is created by FSMA 2023 and requires authorised firms to ‘pass through’ before being able to approve financial promotions for unauthorised firms. Once the gateway comes into effect, all authorised persons that want to approve financial promotions will need to apply to the FCA for permission to do so. Applications are needed between 6th November 2023 and 6th February 2024.


The s21 gateway and accompanying approach to firms that apply are designed to address harm and regulatory gaps where a financial promotion is within the FCA’s remit, but is communicated by an unauthorised person. The regulator expects this framework to produce a higher degree of compliance with financial promotions rules, leading to a generally raised standard of these promotions.


This new regime comes into effect on 7th February 2024, after which any authorised person which has not applied for permission to approve during the application period will be subject to the new financial promotion requirement and will be unable to approve financial promotions.


Click here to read the full RegInsight on CUBE’s RegPlatform


SEC speech on AI benefits to compliance


In a speech delivered at the North American Securities Administrators Association (NASAA) meeting, SEC Commissioner Mark T Uyeda highlighted the pivotal role of artificial intelligence (AI) in revolutionising investor protection for the digital age.


The speech underscored the importance of regulators actively collaborating with financial firms to comprehend and oversee the implementation of new technologies, emphasising the need for roundtables, advisory committees, and consultations with industry experts.


Drawing parallels between historical innovations like stock ticker machines and the current utilisation of AI, the Commissioner stressed that the introduction of new technologies should not be feared but embraced. He argued that regulatory bodies must develop the necessary technological expertise to adapt existing securities laws and regulations effectively.


Uyeda stressed too the advantage of state securities regulators who often detect issues faster due to their close engagement with retail investors. He called for increased coordination between the SEC and state regulators to protect investors effectively.


Turning the spotlight on AI, Uyeda explained its various applications in the financial industry, including machine learning, natural language processing, and robotic process automation. He highlighted how AI can lower operational costs for financial firms and enhance accessibility for investors, potentially reducing the cost of investment advice and improving services tailored to individual clients.


The speech also touched on the compliance benefits of AI, as firms can use AI to detect signs of fraud and monitor data more effectively. Regulators, too, can benefit from AI in reviewing large volumes of data, assisting in policymaking decisions, and preventing fraudulent activities from slipping through the cracks. 

While acknowledging the risks associated with AI, Uyeda emphasised a thoughtful approach to mitigate these risks rather than prohibiting innovation. He cited Steve Jobs: “innovation is the ability to see change as an opportunity — not as a threat.”


Uyeda’s speech highlighted the transformative potential of AI in modernising investor protection and called for regulatory bodies to embrace these technologies while prudently addressing associated risks.


Click here to read the full RegInsight on CUBE’s RegPlatform


SEC charges Virtu Americas for internal barrier breach


The Securities and Exchange Commission (SEC) has charged broker-dealer Virtu Americas LLC and its parent company, Virtu Financial Inc (collectively, Virtu), with making materially false and misleading statements and omissions regarding information barriers to prevent the misuse of sensitive customer information.


The SEC’s complaint alleges that Virtu Americas and its affiliates operated two businesses that it purported to have walled off from each other: an order execution service for large institutional customers, and a proprietary trading business. However, the complaint alleges that Virtu Americas failed to safeguard a database that contained all post-trade information generated from customer orders routed to, and executed by, Virtu Americas. This database was accessible to practically anyone at Virtu Americas and its affiliates, including their proprietary traders, through two sets of widely known and frequently shared generic usernames and passwords.


The SEC’s complaint further alleges that Virtu Americas misled customers about the existence and adequacy of information barriers to prevent the misuse of customer information. In some instances, Virtu overstated the controls, barriers and processes it had in place to secure its institutional customers’ post-execution trade data, and in others falsely represented to those customers that only employees with a need to see such information could do so.


Gurbir S Grewal, Director of the SEC’s Division of Enforcement noted: . “Today’s enforcement action not only holds Virtu accountable for its failings, but also sends a strong message to firms that they must do much more than use shared, generic usernames and passwords to protect against and prevent the misuse of material nonpublic information.”


The SEC’s complaint seeks injunctive relief, disgorgement of ill-gotten gains, civil penalties, and an order requiring Virtu Americas to implement and maintain adequate information barriers to prevent the misuse of customer information.


Click here to read the full RegInsight on CUBE’s RegPlatform


Compliance deficiencies identified in NASAA research


The North American Securities Administrators Association (NASAA) has released its findings from the data it sources every two years from state security examiners.


Ranked by the number of deficiencies, registration (430), books and records (323), and supervision and compliance (409 were listed as the most frequent shortcomings. Contracts (234) and fees (121) rounded out the top five leading areas of deficiencies identified by examiners. Towards the bottom, custody, financial matters, advertising and cybersecurity had around fifty or fewer violations each and cybersecurity came last with 29.


Click here to read the full RegInsight on CUBE’s RegPlatform