Greg Kilminster
Head of Product - Content
CFTC and SEC carry out another sweep targeting off-channel communication
The Commodity Futures Trading Commission (CFTC) and the US Securities and Exchange Commission (SEC) have carried out another sweep targeting off-channel communication.
The SEC has imposed a collective civil penalty of $392.75 million on 26 broker-dealers. Concurrently, the CFTC has ordered three of these firms to collectively pay civil penalties amounting to $81 million.
It is worth noting that both the CFTC and SEC have offered reduced penalties to firms that self-reported. According to Gurbir S. Grewal, Director of the SEC’s Division of Enforcement, "Several firms in this group distinguished themselves by self-reporting prior to the staff’s investigation, highlighting the tangible benefits of proactive cooperation." Additionally, Ian McGinley, CFTC Director of Enforcement, stated, "Truist opted to self-report serious recordkeeping and supervisory failures to the Division of Enforcement, making it the only registrant to do so. By self-reporting, cooperating, remediating, and accepting accountability, Truist received a significantly reduced penalty. However, the CFTC's stance remains clear – non-compliance with fundamental recordkeeping and supervision requirements carries significant risk for registrants."
Firms affected by the SEC order include Ameriprise Financial Services, LLC; Edward D. Jones & Co., L.P.; LPL Financial LLC; Raymond James & Associates, Inc.; RBC Capital Markets, LLC; BNY Mellon Securities Corporation with Pershing LLC; TD Securities (USA) LLC with TD Private Client Wealth LLC and Epoch Investment Partners, Inc.; Osaic Services, Inc. with Osaic Wealth, Inc.; Piper Sandler & Co.; First Trust Portfolios L.P.; Apex Clearing Corporation; Cetera Advisor Networks LLC with Cetera Investment Services LLC; Great Point Capital, LLC; Hilltop Securities Inc.; P. Schoenfeld Asset Management LP; and Haitong International Securities (USA) Inc.
The CFTC orders impact Cowen and Company, Truist, and The Toronto Dominion Bank (TD Bank), with civil monetary penalties of $3 million, $3 million, and $75 million, respectively.
Click here to read the full RegInsight on CUBE’s RegPlatform
ECB announces update to guide to internal models
The European Central Bank (ECB) has announced an upcoming update of the ECB guide to internal models (the Guide).
Some context
The Guide, first published in October 2019, is a tool that helps banks and supervisors by transparently detailing the ECB’s understanding of regulatory requirements, ensuring consistency in the implementation of regulatory requirements, and supporting a harmonised supervisory assessment of internal models.
Key takeaways
The Guide's update, planned for 2025, will cover the revision of the Capital Requirements Regulation (CRR3), which will enter into force on 1 January 2025.
The next update of the Guide will primarily cover the following items:
- Credit risk: amendments/additions related to the application of the CRR3 and refinements to topics already included, all designed to ensure compliance with the revised regulation.
- Market risk: supervisory expectations related to the Fundamental Review of the Trading Book.
- All risk types: supervisory expectations on the use of machine learning techniques in internal models, with a special emphasis on credit risk.
Next steps
The ECB will host virtual round tables on selected topics during the fourth quarter of 2024. These meetings will inform banks of the main elements of the next revision and enable them to provide feedback for the ECB’s consideration before the revised Guide is published.
Click here to read the full RegInsight on CUBE’s RegPlatform
MAS partners with banks on quantum security initiative
The Monetary Authority of Singapore (MAS) has signed a Memorandum of Understanding (MoU) with four major banks—DBS, HSBC, OCBC, and UOB—as well as technology firms SPTel and SpeQtral, to explore the use of Quantum Key Distribution (QKD) in the financial services sector. This initiative aims to address the rising cybersecurity risks posed by advancements in quantum computing.
Quantum computing has the potential to disrupt existing cryptographic systems, posing a significant threat to the security of financial transactions. In response, MAS issued an advisory in February 2024, urging financial institutions to assess and mitigate these risks by engaging in proof-of-concept trials for quantum security solutions. Further support for such projects was provided through the launch of a quantum track under the Financial Sector Technology and Innovation Grant Scheme (FSTI 3.0).
The MoU formalises a collaborative framework for testing the viability of QKD technology in the financial sector. The participating organisations will focus on several key areas: conducting QKD proof-of-concept trials, validating the technology’s security features, and enhancing the technical competencies required for its adoption.
Click here to read the full RegInsight on CUBE’s RegPlatform
APRA highlights critical cyber resilience weaknesses in regulated entities
The Australian Prudential Regulation Authority (APRA) has written to all regulated entities in the banking, superannuation, and insurance sectors to provide further insights and guidance on common cyber control weaknesses.
In the letter, APRA detailed common cyber security weaknesses identified across various entities, with a focus on configuration management, privileged access management, and security testing. These weaknesses, if left unaddressed, could pose significant risks to the stability and integrity of financial institutions.
Key areas of concern
Configuration management: APRA observed that many IT assets lack a consistent baseline security configuration and are not regularly reassessed considering emerging vulnerabilities. Deviations from secure configurations and delays in addressing these gaps were highlighted as major concerns.
Privileged access management: The letter notes that many entities do not maintain accurate inventories of privileged accounts, nor do they rigorously control access to sensitive systems. Privileged access is sometimes granted without proper justification or time limits, and the strength of access credentials is often insufficient.
Security testing: APRA criticised the limited scope of security testing conducted by some entities, with repeated tests on the same IT assets while others remain unexamined. There were also concerns about inadequate oversight of security test results and the failure to follow up on findings.
APRA’s expectations
The letter makes clear that APRA expects all regulated entities to conduct thorough reviews of their control environments in line with the identified weaknesses. Any gaps that could materially affect an entity's risk profile or financial stability must be reported as a material security control weakness under CPS 234.
Entities are also encouraged to perform regular self-assessments based on the Prudential Practice Guide CPG 234 and to adopt mitigation strategies from recognised frameworks.
Click here to read the full RegInsight on CUBE’s RegPlatform
APRA's Margaret Cole issues stark warning to superannuation trustees
In a speech at the Conexus Institute Retirement Conference, Margaret Cole, Deputy Chair of the Australian Prudential Regulation Authority (APRA), joined her regulatory colleague from the Australian Securities and Investments Commission (ASIC) in warning superannuation trustees that they must improve their performance.
Urgency of the retirement wave
Cole highlighted the looming demographic shift, with three million Australians set to reach retirement age in the next decade. As assets in retirement products swell—exceeding $450 billion by March 2024—she stressed that the industry’s long-standing focus on accumulation must now pivot to a stronger emphasis on retirement strategies.
New accountability under FAR
Cole drew attention to the Financial Accountability Regime (FAR), which will take effect in March 2025. This new regulation requires trustees to appoint an accountable person responsible for member outcomes, particularly regarding retirement income strategies, thus heightening regulatory expectations and trustee accountability.
Addressing shortcomings in retirement strategies
Cole revisited last year’s thematic review of the retirement income covenant, which revealed significant shortcomings in trustees' preparedness to support retiring members. While some progress has been made, she expressed concern over the slow pace of change, particularly in establishing measurable success metrics for retirement strategies. She urged trustees to define clear outcomes and implement mechanisms to track progress, despite the challenges they face, such as limited member data and low engagement levels.
Integrating retirement strategies into business planning
Cole also highlighted APRA’s updated prudential standard, SPS 515, which now mandates the integration of retirement income strategies into broader business planning and performance reviews. This includes a requirement for trustees to conduct a thorough review of their retirement strategies every three years and annually assess the outcomes for members.
Supporting all member cohorts
A key concern for Cole was ensuring trustees support all members nearing retirement, regardless of their financial status or engagement level. She stressed that trustees remain responsible for members, even those receiving independent financial advice, and must ensure their strategies effectively cater to the diverse needs of their member base.
For the large cohort of disengaged members, particularly those invested in MySuper products, Cole emphasised the importance of simplifying access to information and promoting awareness of retirement-phase options. Failure to do so could leave these members disadvantaged at a critical time.
Encouraging innovation and collaboration
Cole closed by encouraging trustees to explore partnerships and innovations, such as collaborations with life insurers or outside companies, to better meet the needs of their members.
Finally, Cole reassured trustees that APRA and ASIC will continue to collaborate closely to improve outcomes in the superannuation sector. However, she made it clear that trustees themselves must act with urgency and commitment to enhance retirement outcomes for Australians.
Cole’s message was unequivocal: the superannuation industry must accelerate its efforts to support members in retirement, or risk falling short of regulatory and community expectations.
Click here to read the full RegInsight on CUBE’s RegPlatform